summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2018-04-19 22:31:26 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2018-04-19 22:31:26 +0000
commit31f0fa96d0969964be882066f7d4eda26d6e40d1 (patch)
treec6bc2c1095e1bdb652e007e5d07e505934c4a2ef
parent8a7e48be93732bc5dd175abc4124b25a44d3c871 (diff)
when adding span ports, restrict them to ether and mplstunnel interfaces.
this is the same check that's done when adding normal members to the bridge. it prevents things like gif(4) being added to the bridge, which in turn prevents panics when shoving ethernet packets down a layer 3 interface. reported and tested by jasper@
-rw-r--r--sys/net/if_bridge.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index a12919dd660..6374fa20495 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_bridge.c,v 1.307 2018/02/19 08:59:52 mpi Exp $ */
+/* $OpenBSD: if_bridge.c,v 1.308 2018/04/19 22:31:25 dlg Exp $ */
/*
* Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
@@ -361,6 +361,11 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
error = ENOENT;
break;
}
+ if (ifs->if_type != IFT_ETHER &&
+ ifs->if_type != IFT_MPLSTUNNEL) {
+ error = EINVAL;
+ break;
+ }
if (ifs->if_bridgeport != NULL) {
error = EBUSY;
break;