On 10/01/11 22:15, Jonathan Tripathy wrote:
If a guest maliciously added a vlan tag, wouldn’t it still remain in the frame, however be "double-tagged" by the outgoing physical port? Even still though, this probably isn't an issue, provided that all upstream switches are configured correctly.
I don't believe that this is an issue. And 802.1ad double tag won't be recognised so it will either be dropped by the switch or dropped by the outgoing NIC on the bridge. Short of constructing frames by hand, though, I'm not sure how you would go about adding an 802.1ad vlan tag on top of an 802.1q vlan tag.
jch -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
