From: Brent Cook <bcook@breakingpoint.com>
To: "Michał Mirosław" <mirqus@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>, Phil Karn <karn@ka9q.net>,
richard -rw- weinberger <richard.weinberger@gmail.com>,
<kaber@trash.net>, <netdev@vger.kernel.org>
Subject: Re: Off-by-one error in net/8021q/vlan.c
Date: Mon, 21 Feb 2011 13:26:00 -0600 [thread overview]
Message-ID: <201102211326.00255.bcook@breakingpoint.com> (raw)
In-Reply-To: <AANLkTimrQy6gU8d86m2jM4arMS0rOvEQmn2m-KTE4sx9@mail.gmail.com>
On Wednesday 16 February 2011 12:41:34 Michał Mirosław wrote:
> 2011/2/16 Eric Dumazet <eric.dumazet@gmail.com>:
> > Le mercredi 16 février 2011 à 08:28 -0800, Phil Karn a écrit :
> >> On 2/16/11 8:10 AM, richard -rw- weinberger wrote:
> >> > On Wed, Feb 16, 2011 at 4:58 PM, Phil Karn <karn@ka9q.net> wrote:
> >> >> On 2/16/11 4:51 AM, richard -rw- weinberger wrote:
> >> >>> On Wed, Feb 16, 2011 at 11:58 AM, Phil Karn <karn@ka9q.net> wrote:
> >> >>>> The range check on vlan_id in register_vlan_device is off by one, and it
> >> >>>> prevents the creation of a vlan interface for vlan ID 4095. (OSX allows
> >> >>>> this, I checked.)
> >> >>>
> >> >>> Then OSX should fix their code. 4095 is reserved.
> >> >> If it's reserved, then it's up to the user to reserve it.
> >> > No.
> >> > See:
> >> > http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf
> >> Well, then I guess we all know better than the user. That's the Windows
> >> Way...no, wait, I thought this is Linux.
> >>
> >> The fact is that I did encounter a misconfigured switch using vlan 4095,
> >> and because of this off-by-one error I was unable to talk to it and fix it.
> >>
> >> I was hoping I wouldn't have to patch every new kernel I install.
> > You can use an OSX gateway ;)
> >
> > If we allow ID 4095, then some users will complain we violate rules.
> >
> > Really you cannot push this patch in official kernel only to ease your
> > life ;)
>
> The idea is that you don't have to use ID 4095 and if you don't -
> nothing's broken by just allowing it. The same goes with ID 0 - it's
> defined to be 802.1p packet, but people do use it as normal VLAN
> (especially with hardware that can cope with only small number of
> VLANs at once).
>
> Allowing it but with a big fat warning in logs is even better: "You
> want your network broken? Sure, can do, but you have been warned."
>
On the other end of the spectrum, vconfig warns for vlan 1:
bcook@bcook-box:~$ sudo vconfig add eth0 1
Added VLAN with VID == 1 to IF -:eth0:-
WARNING: VLAN 1 does not work with many switches,
consider another number if you have problems.
bcook@bcook-box:~$ sudo vconfig add eth0 4095
ERROR: trying to add VLAN #4095 to IF -:eth0:- error: Numerical result out of range
next prev parent reply other threads:[~2011-02-21 19:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-16 10:58 Off-by-one error in net/8021q/vlan.c Phil Karn
2011-02-16 12:51 ` richard -rw- weinberger
2011-02-16 13:22 ` Patrick McHardy
2011-02-16 15:58 ` Phil Karn
2011-02-16 16:10 ` richard -rw- weinberger
2011-02-16 16:28 ` Phil Karn
2011-02-16 16:35 ` richard -rw- weinberger
2011-02-16 16:39 ` Eric Dumazet
2011-02-16 18:41 ` Michał Mirosław
2011-02-21 19:26 ` Brent Cook [this message]
2011-02-21 21:47 ` Phil Karn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201102211326.00255.bcook@breakingpoint.com \
--to=bcook@breakingpoint.com \
--cc=eric.dumazet@gmail.com \
--cc=kaber@trash.net \
--cc=karn@ka9q.net \
--cc=mirqus@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=richard.weinberger@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.