From owner-cvs-all@FreeBSD.ORG Mon Feb 5 12:43:36 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7663916A401; Mon, 5 Feb 2007 12:43:35 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.freebsd.org (Postfix) with ESMTP id EBF5D13C49D; Mon, 5 Feb 2007 12:43:34 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.4/8.13.3) with ESMTP id l15ChWB7003789 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Feb 2007 15:43:33 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.4/8.13.1/Submit) id l15ChWc1003788; Mon, 5 Feb 2007 15:43:32 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 5 Feb 2007 15:43:32 +0300 From: Gleb Smirnoff To: Bruce M Simpson Message-ID: <20070205124332.GG1621@FreeBSD.org> References: <200702030257.l132vkfT089439@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200702030257.l132vkfT089439@repoman.freebsd.org> User-Agent: Mutt/1.5.6i Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net if_tap.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2007 12:43:36 -0000 On Sat, Feb 03, 2007 at 02:57:46AM +0000, Bruce M Simpson wrote: B> bms 2007-02-03 02:57:46 UTC B> B> FreeBSD src repository B> B> Modified files: B> sys/net if_tap.c B> Log: B> Drop unicast Ethernet frames not destined for the configured address B> of a tap(4) instance, if IFF_PROMISC is not set. B> B> In tap(4), we should emulate the effect IFF_PROMISC would have on B> hardware, otherwise we risk introducing layer 2 loops if tap(4) is B> used with bridges. This means not even bpf(4) gets to see them. B> B> This patch has been tested in a variety of situations. Multicast and B> broadcast frames are correctly allowed through. I have observed this B> behaviour causing problems with multiple QEMU instances hosted on B> the same FreeBSD machine. B> B> The checks in in ether_demux() [if_ethersubr.c, rev 1.222, line 638] B> are insufficient to prevent this bug from occurring, as ifp->if_vlantrunk B> will always be NULL for the non-vlan case. btw, we have a strange situation with handling off non-broadcast frames not destined to us in general. In a case, when we have generic Ethernet in promisc, and received foreign packets (on a hub, or a buggy switch), they are forwarded to ether_demux() and to upper layers respectively. Isn't this incorrect? Moreover, in case of promisc + net.inet.ip.forwarding=1 our box will resend all the received foreign packets :( What do you think about checking that (ether_dhost == ours || BCAST || MCAST) before sending packet to ether_demux? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE