ether_demux does not handle frames with embedded vlan tags
    rozhuk.im at gmail.com 
    rozhuk.im at gmail.com
       
    Tue Oct 18 23:38:14 UTC 2011
    
    
  
> ether_demux currently assumes that all vlan-tagged packets that it
> sees have had the vlan stripped out and the M_VLAN tag is set, so it
> never checks the ether type for a vlan.  However ng_ether_rcv_upper
> currently does not guarantee that this is the case(and there may be
> other code paths where this is also true).  Does anybody have any
> strong feelings as to where the fix should go?  Making ether_demux
> handle it is guaranteed to catch all cases but it does add a bit more
> overhead to check for a vlan tag at each stage.
In what cases vlan-tagged packet can be received by ng_ether_rcv_upper ?
Another side of vlan and netgraph implementation problem is in: PR 152141
http://lists.freebsd.org/pipermail/freebsd-net/2011-February/027964.html
Tagget packet -> ether_input --> (M_VLANTAG set) --> ng_ether.lower -->
ng_bridge --> ng_ether.lower --> ether_output_frame --> ifp->if_transmit
Untagged packet may be transmitted.
ng_ether.lower and ether_output_frame does not check: is M_VLANTAG handled
by iface driver
IMHO ether_output_frame should do this check.
	/*
 	 * If underlying interface can not do VLAN tag insertion itself
 	 * then attach a packet tag that holds it.
 	 */
 	if ((m->m_flags & M_VLANTAG) &&
 	    (ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
 		m = ether_vlanencap(m, m->m_pkthdr.ether_vtag);
 		if (m == NULL) {
 			ifp->if_oerrors++;
 			return (ENOBUFS);
 		}
 		m->m_flags &= ~M_VLANTAG;
 	}
(from if_bridge.c)
 
--
Rozhuk Ivan
    
    
More information about the freebsd-net
mailing list