Am 11.03.2015 um 09:10 schrieb Dietmar Maurer: >> Just for the record. >> >> Kernel 2.6.32 does not have this problem as it does not forward tagged >> frames in bridges. >> >> With Kernel 3.10 this behaviour changes to people building their >> security based on the behaviour of 2.6.32. They get unsecure by changing >> the kernel. > > Interesting. Do you know which patch changed that behavior? And is there a way > to > switch back to the old behavior? >
It's the vlan support and vlan filtering series. For example: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=8580e2117c06ac0c97a561219eaab6dab968ea3f https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=204177f3f30c2dbd2db0aa62b5e9cf9029786450 https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=0d5501c1c828fb97d02af50aa9d2b1a5498b94e4 and may be others. The old behaviour can be restored by enabling vlan_filtering on the bridge. Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
