diff options
author | David Gwynne <dlg@cvs.openbsd.org> | 2018-04-19 22:31:26 +0000 |
---|---|---|
committer | David Gwynne <dlg@cvs.openbsd.org> | 2018-04-19 22:31:26 +0000 |
commit | 31f0fa96d0969964be882066f7d4eda26d6e40d1 (patch) | |
tree | c6bc2c1095e1bdb652e007e5d07e505934c4a2ef | |
parent | 8a7e48be93732bc5dd175abc4124b25a44d3c871 (diff) |
when adding span ports, restrict them to ether and mplstunnel interfaces.
this is the same check that's done when adding normal members to
the bridge. it prevents things like gif(4) being added to the bridge,
which in turn prevents panics when shoving ethernet packets down a
layer 3 interface.
reported and tested by jasper@
-rw-r--r-- | sys/net/if_bridge.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index a12919dd660..6374fa20495 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.307 2018/02/19 08:59:52 mpi Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.308 2018/04/19 22:31:25 dlg Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -361,6 +361,11 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) error = ENOENT; break; } + if (ifs->if_type != IFT_ETHER && + ifs->if_type != IFT_MPLSTUNNEL) { + error = EINVAL; + break; + } if (ifs->if_bridgeport != NULL) { error = EBUSY; break; |