Date: Fri, 20 Dec 2002 18:48:49 +0100 (CET) From: Dan Lukes <dan@obluda.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/46405: [PATCH] Bad VLAN handling on NIC's with VLAN hardware support Message-ID: <200212201748.gBKHmn9s006509@obluda.cz>
next in thread | raw e-mail | index | archive | help
>Number: 46405
>Category: kern
>Synopsis: [PATCH] Bad VLAN handling on NIC's with VLAN hardware support
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 20 09:50:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 4.7-STABLE i386 and FreeBSD 5.0-CURRENT
>Organization:
Obludarium
>Environment:
System: FreeBSD 4.7-STABLE
System: FreeBSD 5.0-CURRENT
On 4:
src/sys/net/if_vlan.c,v 1.15.2.12 2002/04/04 05:51:55 luigi Exp
On 5:
src/sys/net/if_vlan.c,v 1.44 2002/11/14 23:43:16 sam Exp
An NIC with hardware support for VLANs (using vlan_input_tag routine
on 4 or MTAG_VLAN_TAG on 5)
>Description:
The TAG_CONTROL_INFO word on front of VLAN packet contain not only
the 12 bites of VLAN tag, but also 3 bites of priority and 1 bite CFI.
The driver pass unmodified TAG to vlan driver (either thru
vlan_input_tag call or via mbuf's MTAG_VLAN_TAG).
VLAN driver doesn't strip the CFI and priority bits from tag, so it
fail to match correponding vlan unless all priority bits and CFI are zero.
The packet with non-zero priority is dropped.
>How-To-Repeat:
See hardware configuration above. Then send a vlan packet with
non-zero priority bit to FreeBSD's NIC (for example from CISCO 2950 sends
some)
We also should think about special VLAN ID "zero" - the FreeBSD
can't correctly process them for now. It problem is not covered by patches
presented bellow.
>Fix:
Extract the VLAN ID only bits from tag on vlan_input(_tag) routine.
On STABLE:
*** if_vlan.c.ORIG Tue Apr 9 10:46:12 2002
--- if_vlan.c Fri Dec 20 18:17:28 2002
***************
*** 420,425 ****
--- 420,426 ----
{
struct ifvlan *ifv;
+ t = EVL_VLANOFTAG(t);
/*
* Fake up a header and send the packet to the physical interface's
* bpf tap if active.
On CURRENT:
*** if_vlan.c.ORIG Mon Nov 18 11:39:41 2002
--- if_vlan.c Fri Dec 20 18:15:56 2002
***************
*** 394,400 ****
* Packet is tagged, m contains a normal
* Ethernet frame; the tag is stored out-of-band.
*/
! tag = *(u_int*)(mtag+1);
m_tag_delete(m, mtag);
} else {
switch (ifp->if_type) {
--- 394,400 ----
* Packet is tagged, m contains a normal
* Ethernet frame; the tag is stored out-of-band.
*/
! tag = EVL_VLANOFTAG(*(u_int*)(mtag+1));
m_tag_delete(m, mtag);
} else {
switch (ifp->if_type) {
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212201748.gBKHmn9s006509>