Date: Sun, 5 Dec 1999 19:45:39 -0500 (EST) From: csg@waterspout.com To: FreeBSD-gnats-submit@freebsd.org Cc: ajk@waterspout.com, freebsd-net@freebsd.org Subject: Bug in Hardware VLAN Tag Support Message-ID: <19991206004539.A36069E@dustdevil.waterspout.com>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users
>Originator: C. Stephen Gunn
>Organization: Waterspout Communications, Inc.
>Confidential: no
>Synopsis: Bug in Hardware VLAN Tag Support
>Severity: non-critical
>Priority: medium
>Category: kern
>Release: FreeBSD 3.3-STABLE i386
>Class: sw-bug
>Environment:
FreeBSD 4.0-CURRENT. This doesn't apply to FreeBSD 3-STABLE (yet)
since VLAN's are completely broken in stable with the ti0 device.
>Description:
sys/net/if_vlan.c contains support for ethernet hardware that
support tagged VLANs in hardware. Currently (AFAIK) only the "ti"
driver written by Bill Paul has support for these features.
Apparently, when the ethernet driver detects a tagged frame from the
hardware, it passes the frame, along with the tag to vlan_input_tag()
instead of the normal vlan_input() call from inside ether_input().
The problem arrises in an attempt to log errors on the parent device.
vlan_input_tag() walks the list of vlan devices, looking for a matching
and tries to log the error on the parent device if appropriately.
Unfortunatly, the current code incorrectly assumes that all vlans
are configured, and/or associated with a parent device. If you
receive a frame for a VLAN that's not in the list, you walk off
the end of the list. Boom.
>How-To-Repeat:
1. Setup a host with multiple VLAN's on an 802.1Q trunk to the machine,
with a ti0 ethernet interface.
2. Configure some but not all of the vlan interfaces:
# ifconfig <parent-device> up
# ifconfig vlan0 vlandev <parent-device> vlan <tag-number 1>
# ifconfig vlan1 vlandev <parent-device> vlan <tag-number 2>
3. Wait for traffic on an as-of-yet unconfigured vlan number.
4. Watch your machine crashdump..
>Fix:
This patch modifies vlan_input_tag to return -1 in the event of an
error so the parent device can maintain its counters for us.
- BEGIN PATCH -----------------------------------------------------------------
Index: pci/if_ti.c
===================================================================
RCS file: /usr/local/share/cvs/FreeBSD/src/sys/pci/if_ti.c,v
retrieving revision 1.24
diff -u -r1.24 if_ti.c
--- if_ti.c 1999/09/23 03:32:54 1.24
+++ if_ti.c 1999/12/05 22:28:44
@@ -1887,7 +1887,8 @@
* to vlan_input() instead of ether_input().
*/
if (have_tag) {
- vlan_input_tag(eh, m, vlan_tag);
+ if (vlan_input_tag(eh, m, vlan_tag) < 0)
+ ifp->if_data.ifi_noproto++;
have_tag = vlan_tag = 0;
continue;
}
Index: if_vlan.c
===================================================================
RCS file: /usr/local/share/cvs/FreeBSD/src/sys/net/if_vlan.c,v
retrieving revision 1.10
diff -u -r1.10 if_vlan.c
--- if_vlan.c 1999/09/25 12:05:57 1.10
+++ if_vlan.c 1999/12/06 00:17:05
@@ -272,7 +272,7 @@
return;
}
-void
+int
vlan_input_tag(struct ether_header *eh, struct mbuf *m, u_int16_t t)
{
int i;
@@ -284,10 +284,9 @@
break;
}
- if (i >= NVLAN || (ifv->ifv_if.if_flags & IFF_UP) == 0) {
- m_freem(m);
- ifv->ifv_p->if_data.ifi_noproto++;
- return;
+ if (i >= NVLAN) {
+ m_free(m);
+ return -1; /* So the parent can take note */
}
/*
@@ -312,7 +311,7 @@
}
ifv->ifv_if.if_ipackets++;
ether_input(&ifv->ifv_if, eh, m);
- return;
+ return 0;
}
int
Index: if_vlan_var.h
===================================================================
RCS file: /usr/local/share/cvs/FreeBSD/src/sys/net/if_vlan_var.h,v
retrieving revision 1.3
diff -u -r1.3 if_vlan_var.h
--- if_vlan_var.h 1999/08/28 00:48:24 1.3
+++ if_vlan_var.h 1999/12/05 22:19:22
@@ -85,7 +85,7 @@
/* shared with if_ethersubr.c: */
extern u_int vlan_proto;
extern int vlan_input(struct ether_header *eh, struct mbuf *m);
-extern void vlan_input_tag(struct ether_header *eh,
+extern int vlan_input_tag(struct ether_header *eh,
struct mbuf *m, u_int16_t t);
#endif
- END PATCH -------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991206004539.A36069E>