On 2013/01/17 00:56, Claudio Jeker wrote:
> On Thu, Jan 17, 2013 at 12:40:32AM +0100, Marco Pfatschbacher wrote:
> > On Wed, Jan 16, 2013 at 10:56:25PM +0000, Stuart Henderson wrote:
> > > Daemons which send LLDP advertisements (e.g. ladvd and lldpd) need to
> > > send frames on trunk member ports in order that the individual port can
> > > be identified to the switch; currently there is a blanket restriction
> > > on sending via these ports, the following diff changes this to permit
> > > AF_UNSPEC and pseudo_AF_HDRCMPLT as suggested by Sten Spans (ladvd
> > > author).
> > >
> > > Comments? OK?
> >
> > Hmm, that feels a bit too unrestrictive.
> > I remember a cisco that was utterly confused when it received
> > STP on its trunkports.
> > I wonder if there's sth in the standard about extra traffic
> > on the trunkports.
> >
> > OTOH, if reyk@ only added the check as an extra safety net,
> > I'm fine with this.
> >
>
> We could also check for the PACKET_TAG_DLT on the mbuf so we limit sending
> on the trunk ports to bpf only. IMO bpf is one of those tools that give
> you enough rope to do cool shit but also to hang yourself so that should
> be OK.
Ah yes, that probably makes more sense:
Index: if_ethersubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.152
diff -u -p -r1.152 if_ethersubr.c
--- if_ethersubr.c 5 Oct 2012 17:17:04 -0000 1.152
+++ if_ethersubr.c 17 Jan 2013 00:16:11 -0000
@@ -227,7 +227,9 @@ ether_output(ifp0, m0, dst, rt0)
#endif
#if NTRUNK > 0
- if (ifp->if_type == IFT_IEEE8023ADLAG)
+ /* restrict transmission on trunk members to bpf only */
+ if (ifp->if_type == IFT_IEEE8023ADLAG &&
+ (m_tag_find(m, PACKET_TAG_DLT, NULL) == NULL))
senderr(EBUSY);
#endif
