Commit 29170f9d authored by Thomas Markwalder's avatar Thomas Markwalder
Browse files

[v4_1_esv] Linux packet handling ignores VLAN packets sent to physical interface

    Merges in rt37415.
parent 4da835df
......@@ -171,6 +171,16 @@ by Eric Young (eay@cryptsoft.com).
Thanks to Jiri Popelka at Red Hat for the bug report and patch.
[ISC-Bugs #37084]
- Modified linux packet handling such that packets received via VLAN are now
seen only by the VLAN interface. Prior to this, such packets were seen by
both the VLAN interface and its parent (physical) interface, causing the
server to respond to both. Note this remains an issue for non-Linux OSs.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #37415]
[ISC-Bugs #37133]
[ISC-Bugs #36668]
[ISC-Bugs #36652]
Changes since 4.1-ESV-R10rc1
- None
......
......@@ -4,7 +4,8 @@
Support Services in Vancouver, B.C. */
/*
* Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2014-2015 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1996-2003 by Internet Software Consortium
*
......@@ -376,14 +377,32 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
#ifdef PACKET_AUXDATA
{
/* Determine if checksum is valid for use. It may not be if checksum
offloading is enabled on the interface. */
/* Use auxiliary packet data to:
*
* a. Weed out extraneous VLAN-tagged packets - If the NIC driver is
* handling VLAN encapsulation (i.e. stripping/adding VLAN tags),
* then an inbound VLAN packet will be seen twice: Once by
* the parent interface (e.g. eth0) with a VLAN tag != 0; and once
* by the vlan interface (e.g. eth0.n) with a VLAN tag of 0 (i.e none).
* We want to discard the packet sent to the parent and thus respond
* only over the vlan interface. (Drivers for Intel PRO/1000 series
* NICs perform VLAN encapsulation, while drivers for PCnet series
* do not, for example. The linux kernel makes stripped vlan info
* visible to user space via CMSG/auxdata, this appears to not be
* true for BSD OSs.)
*
* b. Determine if checksum is valid for use. It may not be if
* checksum offloading is enabled on the interface. */
struct cmsghdr *cmsg;
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_PACKET &&
cmsg->cmsg_type == PACKET_AUXDATA) {
struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
/* Discard packets with stripped vlan id */
if (aux->tp_vlan_tci != 0)
return 0;
csum_ready = ((aux->tp_status & TP_STATUS_CSUMNOTREADY)
? 0 : 1);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment