| Message ID | 25c62e93aa077bed97f2bc7ba1845c15169b8c54.1553617724.git.sd@queasysnail.net |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] vrf: prevent adding upper devices | expand |
On 3/26/19 11:22 AM, Sabrina Dubroca wrote: > VRF devices don't work with upper devices. Currently, it's possible to > add a VRF device to a bridge or team, and to create macvlan, macsec, or > ipvlan devices on top of a VRF (bond and vlan are prevented respectively > by the lack of an ndo_set_mac_address op and the NETIF_F_VLAN_CHALLENGED > feature flag). > > Fix this by setting the IFF_NO_RX_HANDLER flag (introduced in commit > f5426250a6ec ("net: introduce IFF_NO_RX_HANDLER")). > > Cc: David Ahern <dsahern@gmail.com> > Fixes: 193125dbd8eb ("net: Introduce VRF device driver") > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > --- > drivers/net/vrf.c | 1 + > 1 file changed, 1 insertion(+) > Acked-by: David Ahern <dsahern@gmail.com> Thanks for diving into this.
From: Sabrina Dubroca <sd@queasysnail.net> Date: Tue, 26 Mar 2019 18:22:16 +0100 > VRF devices don't work with upper devices. Currently, it's possible to > add a VRF device to a bridge or team, and to create macvlan, macsec, or > ipvlan devices on top of a VRF (bond and vlan are prevented respectively > by the lack of an ndo_set_mac_address op and the NETIF_F_VLAN_CHALLENGED > feature flag). > > Fix this by setting the IFF_NO_RX_HANDLER flag (introduced in commit > f5426250a6ec ("net: introduce IFF_NO_RX_HANDLER")). > > Cc: David Ahern <dsahern@gmail.com> > Fixes: 193125dbd8eb ("net: Introduce VRF device driver") > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Applied and queued up for -stable, thanks.
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 7c1430ed0244..6d1a1abbed27 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -1273,6 +1273,7 @@ static void vrf_setup(struct net_device *dev) /* default to no qdisc; user can add if desired */ dev->priv_flags |= IFF_NO_QUEUE; + dev->priv_flags |= IFF_NO_RX_HANDLER; dev->min_mtu = 0; dev->max_mtu = 0;
VRF devices don't work with upper devices. Currently, it's possible to add a VRF device to a bridge or team, and to create macvlan, macsec, or ipvlan devices on top of a VRF (bond and vlan are prevented respectively by the lack of an ndo_set_mac_address op and the NETIF_F_VLAN_CHALLENGED feature flag). Fix this by setting the IFF_NO_RX_HANDLER flag (introduced in commit f5426250a6ec ("net: introduce IFF_NO_RX_HANDLER")). Cc: David Ahern <dsahern@gmail.com> Fixes: 193125dbd8eb ("net: Introduce VRF device driver") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- drivers/net/vrf.c | 1 + 1 file changed, 1 insertion(+)