On 01/01/16(Fri) 22:55, Stefan Fritsch wrote: > Hi, > > by default, the ether_input() checks the destination MAC address of > incoming unicast packets only if the interface is in promiscous mode. If > not, it is assumed that the NIC filters unicast packets reliably. > Unfortunately, for virtio-net this is not the case. There, unicast > filtering is only best effort, and (depending on configuration) if the > bridge on the VM host does unicast flodding, unicast packets that are not > for the VM guest may still be delivered to the VM guest. This is a rather > annoying problem because it can cause pf to send RST packets to foreign > connections. (Kudos to mpf@ for debugging this). > > There are two possible approaches to fix this problem. Either make the > vio(4) driver filter out unicast packets that are not for the local MAC, > which would involve duplicating quite a bit of code from ether_input() in > vio(4). Or, and I would prefer this, allow the driver to tell > ether_input() that it needs to check the MAC always, and not only if the > interface is in promiscous mode. > > This could be done with a new flag. There seem to be three possible places > where this flag could be put: > > * ifnet.if_flags > This is a short and there is no free bit. But the IFF_NOTRAILERS bit has > become unused recently and could be recycled. > > * ifnet.if_xflags > An int, lots of free bits. But comment says 'extra softnet flags' > > * if_data.ifi_capabilities > An u_int32_t, lots of free bits. > > > In the diff below, I went with the first choice because the new > IFF_NOMACFILTER > is somewhat similar to IFF_SIMPLEX and because the the check can then be > nicely folded into the existing check for IFF_PROMISC. > > I would welcome any comments, suggestions for a better flag name, OKs, ...
If it's acceptable performance-wise to do the check unconditionally I believe that's the way to go. If not I'm a bit afraid of introducing a flag/capability for a single driver. Do you know if any other driver could use it?
