Bug#859941: [systemd] systemd-networkd: bridge vlan: does not remove vlan 1

[Timo Weingärtner]

Package: systemd
Version: 232-22
Severity: important

When adding a port to a VLAN-enabled bridge VLAN 1 is not removed.
That leads to information leakage from VLAN 1 to other VLANs and IPv6 
misconfiguration (via RAdv).
In my use case the other end is a VM whose interface is created by libvirt, 
but that does not seem to make a difference, so I use a veth device here.


Timo

Configuration:

/etc/systemd/network/00-test.network:
----8<----8<----8<----
[Match]
Name=test

[Link]
ARP=false

[Network]
Bridge=br

[BridgeVLAN]
VLAN=2
EgressUntagged=2
PVID=2
----8<----8<----8<----

/etc/systemd/network/00-br.netdev:
----8<----8<----8<----
[NetDev]
Kind=bridge
Name=br

[Bridge]
VLANFiltering=true
STP=false
----8<----8<----8<----

/etc/systemd/network/00-br.network:
----8<----8<----8<----
[Match]
Name=br

[Link]
ARP=false

[Network]
IPv6AcceptRA=false
----8<----8<----8<----

Steps to reproduce:

----8<----8<----8<----
# ip link add type veth peer name test
# bridge vlan show dev test
port    vlan ids
test     1 Egress Untagged
         2 PVID Egress Untagged
----8<----8<----8<----

Expected result:

----8<----8<----8<----
# bridge vlan show dev test
port    vlan ids
test     2 PVID Egress Untagged
----8<----8<----8<----



--- System information. ---
Architecture: amd64
Kernel:       Linux 4.9.0-2-amd64

Debian Release: 9.0
  900 testing         deb.debian.org 

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers