Bug#859941: [systemd] systemd-networkd: bridge vlan: does not remove vlan 1
Timo Weingärtner
tiwe at debian.org
Sun Apr 9 14:13:14 BST 2017
Package: systemd
Version: 232-22
Severity: important
When adding a port to a VLAN-enabled bridge VLAN 1 is not removed.
That leads to information leakage from VLAN 1 to other VLANs and IPv6
misconfiguration (via RAdv).
In my use case the other end is a VM whose interface is created by libvirt,
but that does not seem to make a difference, so I use a veth device here.
Timo
Configuration:
/etc/systemd/network/00-test.network:
----8<----8<----8<----
[Match]
Name=test
[Link]
ARP=false
[Network]
Bridge=br
[BridgeVLAN]
VLAN=2
EgressUntagged=2
PVID=2
----8<----8<----8<----
/etc/systemd/network/00-br.netdev:
----8<----8<----8<----
[NetDev]
Kind=bridge
Name=br
[Bridge]
VLANFiltering=true
STP=false
----8<----8<----8<----
/etc/systemd/network/00-br.network:
----8<----8<----8<----
[Match]
Name=br
[Link]
ARP=false
[Network]
IPv6AcceptRA=false
----8<----8<----8<----
Steps to reproduce:
----8<----8<----8<----
# ip link add type veth peer name test
# bridge vlan show dev test
port vlan ids
test 1 Egress Untagged
2 PVID Egress Untagged
----8<----8<----8<----
Expected result:
----8<----8<----8<----
# bridge vlan show dev test
port vlan ids
test 2 PVID Egress Untagged
----8<----8<----8<----
--- System information. ---
Architecture: amd64
Kernel: Linux 4.9.0-2-amd64
Debian Release: 9.0
900 testing deb.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20170409/b9a7d38d/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list