diff options
author | Thomas Markwalder <tmark@isc.org> | 2015-01-08 07:43:42 -0500 |
---|---|---|
committer | Thomas Markwalder <tmark@isc.org> | 2015-01-08 07:43:42 -0500 |
commit | 9d20107ee3eed7856f7d06eb41ee9b8942168688 (patch) | |
tree | ff61672f06bbed971e03466b796b2c33b0b6ff32 | |
parent | 8658a14bf55cfd07291a1733b0d7f41159ad9def (diff) | |
download | isc-dhcp-9d20107ee3eed7856f7d06eb41ee9b8942168688.tar.gz |
[v4_2] Linux packet handling ignores VLAN packets sent to physical interface
Merges in rt37415.
-rw-r--r-- | RELNOTES | 10 | ||||
-rw-r--r-- | common/lpf.c | 25 |
2 files changed, 32 insertions, 3 deletions
@@ -176,6 +176,16 @@ by Eric Young (eay@cryptsoft.com). Thanks to Jiri Popelka at Red Hat for the bug report and patch. [ISC-Bugs #37084] +- Modified linux packet handling such that packets received via VLAN are now + seen only by the VLAN interface. Prior to this, such packets were seen by + both the VLAN interface and its parent (physical) interface, causing the + server to respond to both. Note this remains an issue for non-Linux OSs. + Thanks to Jiri Popelka at Red Hat for the patch. + [ISC-Bugs #37415] + [ISC-Bugs #37133] + [ISC-Bugs #36668] + [ISC-Bugs #36652] + Changes since 4.2.7rc1 - None diff --git a/common/lpf.c b/common/lpf.c index a5d5294b..4ee430e2 100644 --- a/common/lpf.c +++ b/common/lpf.c @@ -4,7 +4,8 @@ Support Services in Vancouver, B.C. */ /* - * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2014-2015 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 1996-2003 by Internet Software Consortium * @@ -379,14 +380,32 @@ ssize_t receive_packet (interface, buf, len, from, hfrom) #ifdef PACKET_AUXDATA { - /* Determine if checksum is valid for use. It may not be if checksum - offloading is enabled on the interface. */ + /* Use auxiliary packet data to: + * + * a. Weed out extraneous VLAN-tagged packets - If the NIC driver is + * handling VLAN encapsulation (i.e. stripping/adding VLAN tags), + * then an inbound VLAN packet will be seen twice: Once by + * the parent interface (e.g. eth0) with a VLAN tag != 0; and once + * by the vlan interface (e.g. eth0.n) with a VLAN tag of 0 (i.e none). + * We want to discard the packet sent to the parent and thus respond + * only over the vlan interface. (Drivers for Intel PRO/1000 series + * NICs perform VLAN encapsulation, while drivers for PCnet series + * do not, for example. The linux kernel makes stripped vlan info + * visible to user space via CMSG/auxdata, this appears to not be + * true for BSD OSs.) + * + * b. Determine if checksum is valid for use. It may not be if + * checksum offloading is enabled on the interface. */ struct cmsghdr *cmsg; for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { if (cmsg->cmsg_level == SOL_PACKET && cmsg->cmsg_type == PACKET_AUXDATA) { struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg); + /* Discard packets with stripped vlan id */ + if (aux->tp_vlan_tci != 0) + return 0; + csum_ready = ((aux->tp_status & TP_STATUS_CSUMNOTREADY) ? 0 : 1); } |