Date: Fri, 10 May 2013 16:28:42 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: chip@2bithacker.net Cc: freebsd-net@FreeBSD.org Subject: Re: gre and MONITOR Message-ID: <20130510.162842.1050661389388959145.hrs@allbsd.org> In-Reply-To: <20130508155446.GB95890@2bithacker.net> References: <20130508155446.GB95890@2bithacker.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart0(Fri_May_10_16_28_42_2013_758)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Fri_May_10_16_28_42_2013_496)--" Content-Transfer-Encoding: 7bit ----Next_Part(Fri_May_10_16_28_42_2013_496)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Chip Marshall <chip@2bithacker.net> wrote in <20130508155446.GB95890@2bithacker.net>: ch> It appears the MONITOR flag doesn't work on gre interfaces. ch> ch> I have a GRE tunnel set up between a FreeBSD 8.2-RELEASE box and a ch> Juniper router. ch> ch> Config on the FreeBSD end: ch> ch> gre0: flags=4b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST,MONITOR> metric 0 mtu 1476 ch> tunnel inet 10.162.163.133 --> 10.162.163.131 ch> inet6 fe80::20c:29ff:fe9f:de64%gre0 prefixlen 64 scopeid 0x6 ch> inet 10.200.0.2 --> 10.200.0.1 netmask 0xfffffffc ch> nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ch> ch> Config on the Juniper end: ch> ch> tunnel { ch> source 10.162.163.131; ch> destination 10.162.163.133; ch> } ch> family inet { ch> address 10.200.0.1/30; ch> } ch> ch> And from the Juniper, I am able to ping the 10.200.0.2 IP on the ch> FreeBSD end of the GRE tunnel. As I understand it, this shouldn't ch> happen with the MONITOR flag there, right? The attached patch should fix this. Can you try it? -- Hiroki ----Next_Part(Fri_May_10_16_28_42_2013_496)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="gre_monitor-20130510-1.diff" Index: sys/net/if_gre.c =================================================================== --- sys/net/if_gre.c (revision 250243) +++ sys/net/if_gre.c (working copy) @@ -341,6 +341,12 @@ if (bpf_peers_present(ifp->if_bpf)) bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); + if ((ifp->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + error = ENETDOWN; + goto end; + } + m->m_flags &= ~(M_BCAST|M_MCAST); if (sc->g_proto == IPPROTO_MOBILE) { Index: sys/netinet/ip_gre.c =================================================================== --- sys/netinet/ip_gre.c (revision 250243) +++ sys/netinet/ip_gre.c (working copy) @@ -205,6 +205,11 @@ bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m); } + if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + return(NULL); + } + m->m_pkthdr.rcvif = GRE2IFP(sc); netisr_queue(isr, m); @@ -287,6 +292,11 @@ bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m); } + if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + return; + } + m->m_pkthdr.rcvif = GRE2IFP(sc); netisr_queue(NETISR_IP, m); ----Next_Part(Fri_May_10_16_28_42_2013_496)---- ----Security_Multipart0(Fri_May_10_16_28_42_2013_758)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlGMoaoACgkQTyzT2CeTzy1JHgCgtZ+Q5wvReZchhVvmgFKoZz4h hrAAoNuzFRP6XClkmWX8MOUaTgtC9BvH =RRDz -----END PGP SIGNATURE----- ----Security_Multipart0(Fri_May_10_16_28_42_2013_758)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130510.162842.1050661389388959145.hrs>