From owner-freebsd-net@FreeBSD.ORG Fri May 10 07:29:42 2013 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 81D833C5 for ; Fri, 10 May 2013 07:29:42 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) by mx1.freebsd.org (Postfix) with ESMTP id E125462C for ; Fri, 10 May 2013 07:29:41 +0000 (UTC) Received: from alph.d.allbsd.org (p2175-ipbf701funabasi.chiba.ocn.ne.jp [122.25.209.175]) (authenticated bits=128) by mail.allbsd.org (8.14.5/8.14.5) with ESMTP id r4A7THxv062773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 May 2013 16:29:28 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0) by alph.d.allbsd.org (8.14.5/8.14.5) with ESMTP id r4A7TFs7080289; Fri, 10 May 2013 16:29:17 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Fri, 10 May 2013 16:28:42 +0900 (JST) Message-Id: <20130510.162842.1050661389388959145.hrs@allbsd.org> To: chip@2bithacker.net Subject: Re: gre and MONITOR From: Hiroki Sato In-Reply-To: <20130508155446.GB95890@2bithacker.net> References: <20130508155446.GB95890@2bithacker.net> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Fri_May_10_16_28_42_2013_758)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (mail.allbsd.org [133.31.130.32]); Fri, 10 May 2013 16:29:28 +0900 (JST) X-Spam-Status: No, score=-93.8 required=13.0 tests=CONTENT_TYPE_PRESENT, FAKEDWORD_ZERO,ONLY1HOPDIRECT,QENCPTR1,RCVD_IN_PBL,SAMEHELOBY2HOP, TO_NO_BRKTS_PCNT,USER_IN_WHITELIST autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gatekeeper.allbsd.org Cc: freebsd-net@FreeBSD.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2013 07:29:42 -0000 ----Security_Multipart0(Fri_May_10_16_28_42_2013_758)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Fri_May_10_16_28_42_2013_496)--" Content-Transfer-Encoding: 7bit ----Next_Part(Fri_May_10_16_28_42_2013_496)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Chip Marshall wrote in <20130508155446.GB95890@2bithacker.net>: ch> It appears the MONITOR flag doesn't work on gre interfaces. ch> ch> I have a GRE tunnel set up between a FreeBSD 8.2-RELEASE box and a ch> Juniper router. ch> ch> Config on the FreeBSD end: ch> ch> gre0: flags=4b051 metric 0 mtu 1476 ch> tunnel inet 10.162.163.133 --> 10.162.163.131 ch> inet6 fe80::20c:29ff:fe9f:de64%gre0 prefixlen 64 scopeid 0x6 ch> inet 10.200.0.2 --> 10.200.0.1 netmask 0xfffffffc ch> nd6 options=3 ch> ch> Config on the Juniper end: ch> ch> tunnel { ch> source 10.162.163.131; ch> destination 10.162.163.133; ch> } ch> family inet { ch> address 10.200.0.1/30; ch> } ch> ch> And from the Juniper, I am able to ping the 10.200.0.2 IP on the ch> FreeBSD end of the GRE tunnel. As I understand it, this shouldn't ch> happen with the MONITOR flag there, right? The attached patch should fix this. Can you try it? -- Hiroki ----Next_Part(Fri_May_10_16_28_42_2013_496)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="gre_monitor-20130510-1.diff" Index: sys/net/if_gre.c =================================================================== --- sys/net/if_gre.c (revision 250243) +++ sys/net/if_gre.c (working copy) @@ -341,6 +341,12 @@ if (bpf_peers_present(ifp->if_bpf)) bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); + if ((ifp->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + error = ENETDOWN; + goto end; + } + m->m_flags &= ~(M_BCAST|M_MCAST); if (sc->g_proto == IPPROTO_MOBILE) { Index: sys/netinet/ip_gre.c =================================================================== --- sys/netinet/ip_gre.c (revision 250243) +++ sys/netinet/ip_gre.c (working copy) @@ -205,6 +205,11 @@ bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m); } + if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + return(NULL); + } + m->m_pkthdr.rcvif = GRE2IFP(sc); netisr_queue(isr, m); @@ -287,6 +292,11 @@ bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m); } + if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) { + m_freem(m); + return; + } + m->m_pkthdr.rcvif = GRE2IFP(sc); netisr_queue(NETISR_IP, m); ----Next_Part(Fri_May_10_16_28_42_2013_496)---- ----Security_Multipart0(Fri_May_10_16_28_42_2013_758)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlGMoaoACgkQTyzT2CeTzy1JHgCgtZ+Q5wvReZchhVvmgFKoZz4h hrAAoNuzFRP6XClkmWX8MOUaTgtC9BvH =RRDz -----END PGP SIGNATURE----- ----Security_Multipart0(Fri_May_10_16_28_42_2013_758)----