Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f42c7405fd
linux-stable/drivers/net/vxlan
History
David Bauer f58f45c1e5 vxlan: drop packets from invalid src-address 
The VXLAN driver currently does not check if the inner layer2
source-address is valid.

In case source-address snooping/learning is enabled, a entry in the FDB
for the invalid address is created with the layer3 address of the tunnel
endpoint.

If the frame happens to have a non-unicast address set, all this
non-unicast traffic is subsequently not flooded to the tunnel network
but sent to the learnt host in the FDB. To make matters worse, this FDB
entry does not expire.

Apply the same filtering for packets as it is done for bridges. This not
only drops these invalid packets but avoids them from being learnt into
the FDB.

Fixes: d342894c5d ("vxlan: virtual extensible lan")
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-04-19 12:54:33 +01:00
..
Makefile vxlan: mdb: Add MDB control path support 2023-03-17 08:05:49 +00:00
vxlan_core.c vxlan: drop packets from invalid src-address 2024-04-19 12:54:33 +01:00
vxlan_mdb.c vxlan: mdb: Add MDB bulk deletion support 2023-12-20 11:27:21 +00:00
vxlan_multicast.c vxlan: vni filtering support on collect metadata device 2022-03-01 08:38:02 +00:00
vxlan_private.h vxlan: mdb: Add MDB bulk deletion support 2023-12-20 11:27:21 +00:00
vxlan_vnifilter.c vxlan: vnifilter: Use GFP_KERNEL instead of GFP_ATOMIC 2023-08-22 10:58:45 -07:00