From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "John Dykstra" <john.dykstra1@gmail.com>,
"Ilpo Järvinen" <ilpo.jarvinen@helsinki.fi>,
Netdev <netdev@vger.kernel.org>,
bugme-daemon@bugzilla.kernel.org,
"Andrew Morton" <akpm@linux-foundation.org>,
Speedster <speedster@haveacry.com>,
"Stephen Hemminger" <shemminger@vyatta.com>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [Bugme-new] [Bug 12327] New: Intermittent TCP issues with => 2.6.27
Date: Mon, 12 Jan 2009 06:30:08 +0100 [thread overview]
Message-ID: <496AD560.4060009@trash.net> (raw)
In-Reply-To: <20090109120455.GB12486@gondor.apana.org.au>
Herbert Xu wrote:
> bridge: Disable PPPOE/VLAN processing by default
>
> The PPPOE/VLAN processing code in the bridge netfilter is broken
> by design. The VLAN tag and the PPPOE session ID are an integral
> part of the packet flow information, yet they're completely
> ignored by the bridge netfilter. This is potentially a security
> hole as it treats all VLANs and PPPOE sessions as the same.
>
> What's more, it's actually broken for PPPOE as the bridge netfilter
> tries to trim the packets to the IP length without adjusting the
> PPPOE header (and adjusting the PPPOE header isn't much better
> since the PPPOE peer may require the padding to be present).
>
> Therefore we should disable this by default.
>
> It does mean that people relying on this feature may lose networking
> depending on how their bridge netfilter rules are configured.
> However, IMHO the problems this code causes are serious enough to
> warrant this.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
A good reason to disable this crap :)
Applied, thanks.
next prev parent reply other threads:[~2009-01-12 5:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <e7c4531f0901081558n429f7275w717774dbe9ccd895@mail.gmail.com>
2009-01-09 3:14 ` [Bugme-new] [Bug 12327] New: Intermittent TCP issues with => 2.6.27 Herbert Xu
2009-01-09 11:55 ` Herbert Xu
2009-01-09 12:04 ` Herbert Xu
2009-01-12 5:30 ` Patrick McHardy [this message]
2009-01-13 10:50 ` Speedster
2009-03-06 10:39 ` Dean Holland
2009-03-25 13:26 ` Ilpo Järvinen
2009-01-12 5:27 ` Patrick McHardy
2009-01-12 5:25 ` Patrick McHardy
[not found] <bug-12327-10286@http.bugzilla.kernel.org/>
2008-12-30 5:41 ` Andrew Morton
2008-12-31 20:32 ` Ilpo Järvinen
2008-12-31 23:22 ` Speedster
2009-01-02 8:34 ` Herbert Xu
2009-01-05 11:19 ` Speedster
2009-01-06 19:10 ` Ilpo Järvinen
2009-01-06 21:19 ` Speedster
2009-01-07 4:17 ` Herbert Xu
2009-01-07 13:49 ` Speedster
2009-01-08 3:07 ` Herbert Xu
2009-01-08 13:13 ` Ilpo Järvinen
2009-01-08 15:04 ` Speedster
2009-01-08 16:37 ` Stephen Hemminger
2009-01-08 19:39 ` Ilpo Järvinen
2009-01-08 19:54 ` Stephen Hemminger
2009-01-08 21:54 ` Herbert Xu
2009-01-09 0:14 ` John Dykstra
2009-01-09 0:30 ` John Dykstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=496AD560.4060009@trash.net \
--to=kaber@trash.net \
--cc=akpm@linux-foundation.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=ilpo.jarvinen@helsinki.fi \
--cc=john.dykstra1@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
--cc=speedster@haveacry.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.