Date: Fri, 10 May 2013 16:28:42 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: chip@2bithacker.net Cc: freebsd-net@FreeBSD.org Subject: Re: gre and MONITOR Message-ID: <20130510.162842.1050661389388959145.hrs@allbsd.org> In-Reply-To: <20130508155446.GB95890@2bithacker.net> References: <20130508155446.GB95890@2bithacker.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart0(Fri_May_10_16_28_42_2013_758)--
Content-Type: Multipart/Mixed;
boundary="--Next_Part(Fri_May_10_16_28_42_2013_496)--"
Content-Transfer-Encoding: 7bit
----Next_Part(Fri_May_10_16_28_42_2013_496)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Chip Marshall <chip@2bithacker.net> wrote
in <20130508155446.GB95890@2bithacker.net>:
ch> It appears the MONITOR flag doesn't work on gre interfaces.
ch>
ch> I have a GRE tunnel set up between a FreeBSD 8.2-RELEASE box and a
ch> Juniper router.
ch>
ch> Config on the FreeBSD end:
ch>
ch> gre0: flags=4b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST,MONITOR> metric 0 mtu 1476
ch> tunnel inet 10.162.163.133 --> 10.162.163.131
ch> inet6 fe80::20c:29ff:fe9f:de64%gre0 prefixlen 64 scopeid 0x6
ch> inet 10.200.0.2 --> 10.200.0.1 netmask 0xfffffffc
ch> nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
ch>
ch> Config on the Juniper end:
ch>
ch> tunnel {
ch> source 10.162.163.131;
ch> destination 10.162.163.133;
ch> }
ch> family inet {
ch> address 10.200.0.1/30;
ch> }
ch>
ch> And from the Juniper, I am able to ping the 10.200.0.2 IP on the
ch> FreeBSD end of the GRE tunnel. As I understand it, this shouldn't
ch> happen with the MONITOR flag there, right?
The attached patch should fix this. Can you try it?
-- Hiroki
----Next_Part(Fri_May_10_16_28_42_2013_496)--
Content-Type: Text/X-Patch; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="gre_monitor-20130510-1.diff"
Index: sys/net/if_gre.c
===================================================================
--- sys/net/if_gre.c (revision 250243)
+++ sys/net/if_gre.c (working copy)
@@ -341,6 +341,12 @@
if (bpf_peers_present(ifp->if_bpf))
bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);
+ if ((ifp->if_flags & IFF_MONITOR) != 0) {
+ m_freem(m);
+ error = ENETDOWN;
+ goto end;
+ }
+
m->m_flags &= ~(M_BCAST|M_MCAST);
if (sc->g_proto == IPPROTO_MOBILE) {
Index: sys/netinet/ip_gre.c
===================================================================
--- sys/netinet/ip_gre.c (revision 250243)
+++ sys/netinet/ip_gre.c (working copy)
@@ -205,6 +205,11 @@
bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m);
}
+ if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) {
+ m_freem(m);
+ return(NULL);
+ }
+
m->m_pkthdr.rcvif = GRE2IFP(sc);
netisr_queue(isr, m);
@@ -287,6 +292,11 @@
bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m);
}
+ if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) {
+ m_freem(m);
+ return;
+ }
+
m->m_pkthdr.rcvif = GRE2IFP(sc);
netisr_queue(NETISR_IP, m);
----Next_Part(Fri_May_10_16_28_42_2013_496)----
----Security_Multipart0(Fri_May_10_16_28_42_2013_758)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)
iEYEABECAAYFAlGMoaoACgkQTyzT2CeTzy1JHgCgtZ+Q5wvReZchhVvmgFKoZz4h
hrAAoNuzFRP6XClkmWX8MOUaTgtC9BvH
=RRDz
-----END PGP SIGNATURE-----
----Security_Multipart0(Fri_May_10_16_28_42_2013_758)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130510.162842.1050661389388959145.hrs>