From patchwork Sun Dec 30 09:21:47 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amos Kong X-Patchwork-Id: 208736 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 6A0BF2C00B1 for ; Sun, 30 Dec 2012 20:22:49 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753735Ab2L3JWm (ORCPT ); Sun, 30 Dec 2012 04:22:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:38239 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753733Ab2L3JWl (ORCPT ); Sun, 30 Dec 2012 04:22:41 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id qBU9Lrul003831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 30 Dec 2012 04:21:53 -0500 Received: from t430s.redhat.com (vpn1-113-109.nay.redhat.com [10.66.113.109]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id qBU9LnWW031856; Sun, 30 Dec 2012 04:21:50 -0500 From: akong@redhat.com To: netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, kaber@trash.net Subject: [PATCH] net: fix checking boundary of valid vlan id Date: Sun, 30 Dec 2012 17:21:47 +0800 Message-Id: <1356859307-26205-1-git-send-email-akong@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Amos Kong According to IEEE 802.1Q, 4096 is not a valid vlan id, 4095 is reserved. Signed-off-by: Amos Kong --- net/bridge/netfilter/ebt_vlan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index eae67bf..5bdebc3 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c @@ -121,8 +121,8 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par) * if_vlan.h: VLAN_N_VID 4096. */ if (GET_BITMASK(EBT_VLAN_ID)) { if (!!info->id) { /* if id!=0 => check vid range */ - if (info->id > VLAN_N_VID) { - pr_debug("id %d is out of range (1-4096)\n", + if (info->id >= VLAN_N_VID - 1) { + pr_debug("id %d is out of range (1-4094)\n", info->id); return -EINVAL; }