From: John Haxby <john.haxby@oracle.com>
To: Jonathan Tripathy <jonnyt@abpni.co.uk>
Cc: netfilter@vger.kernel.org
Subject: Re: VLANs
Date: Tue, 11 Jan 2011 10:42:46 +0000 [thread overview]
Message-ID: <4D2C3426.3000202@oracle.com> (raw)
In-Reply-To: <4D2B84F0.6030300@abpni.co.uk>
On 10/01/11 22:15, Jonathan Tripathy wrote:
> If a guest maliciously added a vlan tag, wouldn’t it still remain in
> the frame, however be "double-tagged" by the outgoing physical port?
> Even still though, this probably isn't an issue, provided that all
> upstream switches are configured correctly.
I don't believe that this is an issue. And 802.1ad double tag won't be
recognised so it will either be dropped by the switch or dropped by the
outgoing NIC on the bridge. Short of constructing frames by hand,
though, I'm not sure how you would go about adding an 802.1ad vlan tag
on top of an 802.1q vlan tag.
jch
next prev parent reply other threads:[~2011-01-11 10:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-10 17:42 VLANs Jonathan Tripathy
2011-01-10 21:33 ` VLANs John Haxby
2011-01-10 22:15 ` VLANs Jonathan Tripathy
2011-01-11 8:19 ` VLANs Thomas Berg
2011-01-11 10:26 ` VLANs Jonathan Tripathy
2011-01-11 10:42 ` John Haxby [this message]
2011-01-11 10:57 ` VLANs Jonathan Tripathy
[not found] ` <4D2C47DB.10702@oracle.com>
2011-01-11 12:24 ` VLANs Jonathan Tripathy
2011-01-11 12:48 ` VLANs John Haxby
2011-01-11 12:52 ` VLANs Jonathan Tripathy
2011-01-11 17:12 ` VLANs John Haxby
2011-01-11 17:15 ` VLANs Jonathan Tripathy
2011-01-11 17:21 ` VLANs John Haxby
-- strict thread matches above, loose matches on Subject: below --
2011-01-05 12:12 VLANs Jonathan Tripathy
2011-01-06 7:32 ` VLANs John Haxby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D2C3426.3000202@oracle.com \
--to=john.haxby@oracle.com \
--cc=jonnyt@abpni.co.uk \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox