On Sat, Feb 03, 2007 at 02:57:46AM +0000, Bruce M Simpson wrote: B> bms 2007-02-03 02:57:46 UTC B> B> FreeBSD src repository B> B> Modified files: B> sys/net if_tap.c B> Log: B> Drop unicast Ethernet frames not destined for the configured address B> of a tap(4) instance, if IFF_PROMISC is not set. B> B> In tap(4), we should emulate the effect IFF_PROMISC would have on B> hardware, otherwise we risk introducing layer 2 loops if tap(4) is B> used with bridges. This means not even bpf(4) gets to see them. B> B> This patch has been tested in a variety of situations. Multicast and B> broadcast frames are correctly allowed through. I have observed this B> behaviour causing problems with multiple QEMU instances hosted on B> the same FreeBSD machine. B> B> The checks in in ether_demux() [if_ethersubr.c, rev 1.222, line 638] B> are insufficient to prevent this bug from occurring, as ifp->if_vlantrunk B> will always be NULL for the non-vlan case.
btw, we have a strange situation with handling off non-broadcast frames not destined to us in general. In a case, when we have generic Ethernet in promisc, and received foreign packets (on a hub, or a buggy switch), they are forwarded to ether_demux() and to upper layers respectively. Isn't this incorrect? Moreover, in case of promisc + net.inet.ip.forwarding=1 our box will resend all the received foreign packets :( What do you think about checking that (ether_dhost == ours || BCAST || MCAST) before sending packet to ether_demux? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
