RFC 5227 section 1.1 states that for a DaD ARP probe the sender hardware
address must match the hardware address of the interface sending the
packet.
We can now verify this by checking the mbuf tag PACKET_TAG_ETHERNET_SRC.
This fixes an obsure issue where an old router was sending out bogus
ARP probes.
Thanks to Ryo Shimizu <ryo@nerv.org> for the re-implementation.
The BSD networking stack is designed around passing a mbuf down the chain
and each layer removes the part it's interested in before passing it to
the next. This makes it easy for each layer to do it's work,
but non trivial to work backwards.
As such we now store a pointer to the Senders Hardware address in the
mbuf packet header so that protocols can perform any required validation.
Exception: Not in kern_pmf.c, for the kind of silly reason that it
avoids having kern_pmf.c refer to symbols defined only in net; this
avoids a pain in the rump.
Exception: Not in kern_pmf.c, for the kind of silly reason that it
avoids having kern_pmf.c refer to symbols defined only in net; this
avoids a pain in the rump.
Definitions related to slowprotocols are duplicated between
agr/ieee8023ad_slowprotocols.h and lagg/if_lagg_lacp.h
Therefore, the contents are moved to added file.
Note: currently, there are just LACP and Marker protocol,
however slowprotocols is independent of them.
example etype 0x88CA (TIPC (Transparent Inter Process Communication,)
or 0x893A (IEEE 1905).
Classify them as dropped like Linux does (FreeBSD just ignores them). From RVP.
to link-state change hook
The callback is registered in every vlan I/F even if the parent
interface is the same. Therefore it is not needed to search the
vlan I/F by the parent interface unlike the previous callback.
agr(4) and lagg(4) can not be used on the same interface so that
if_agrprivate and if_lagg are not used at the same time.
For resolve this wasteful, if_lagg is used in not only lagg(4)
but also agr(4).
After this modification, if_lagg has 3 states:
1. if_lagg == NULL
- Both agr(4) and lagg(4) are not running on the interface
2. if_lagg != NULL && ifp->if_type != IFT_IEEE8023ADLAG
- agr(4) is running on the I/F
3. if_lagg != NULL && ifp->if_type == IFT_IEEE8023ADLAG
- lagg(4) is running on the I/F
this provides the correct source mac address for the packets.
there are routers out there that cache the source mac during
nd and then subsequently bypass/miss packet filters on carp
interfaces as they send to the parent interface mac instead of the
correct carp interface mac.
warnings:
1. this one: add a void * cast (which I think is the least intrusive)
2. add pragmas to elide the warning
3. add intermediate inline conversion functions
4. change the called function prototypes, adding unused arguments and
converting some of the pointer arguments to void *.
5. make the functions varyadic (which defeats the purpose of checking)
6. pass command line flags to elide the warning
I did try 3 and 4 and I was not pleased with the result (sys_ptrace_common.c)
(3) added too much code and defines, and (4) made the regular use clumsy.
First proposed by jmcneill in 2017 and modified by me.
How to use:
- Set callback function:
ether_set_vlan_cb(struct ethercom *, ether_vlancb_t)
- Callback. This function is called when a vlan is attached/detached to the
parent interface:
int (*ether_vlancb_t)(struct ethercom *ec, uint16_t vlanid, bool set);
- ifconfig(8)
ifconfig ixg0 [-]vlan-hwfilter
Note that ETHERCAP_VLAN_HWFILTER is set by default on ixg(4) because
the PF driver usually enable "all block" filter by default.
sys/net/if_ethersubr.c if we can.
- Add ec_ifmedia into struct ethercom.
- ec_mii in struct ethercom is kept and used as it is. It might be used in
future. Note that some Ethernet drivers which _DOESN'T_ use mii(4) use
ec_mii for keeping the if_media. Those should be changed in future.
IFF_ALLMULTI is set/unset to if_flags via if_mcast_op. To avoid data races on
if_flags, IFNET_LOCK was added for if_mcast_op. Unfortunately it produces
a deadlock so we want to remove added IFNET_LOCK by avoiding the data races by
another approach.
This fix introduces ec_flags to struct ethercom and stores IFF_ALLMULTI to it.
ec_flags is protected by ETHER_LOCK and thus IFNET_LOCK is no longer necessary
for if_mcast_op. Note that the fix is applied only to MP-safe drivers that
the data races matter.
In the kernel, IFF_ALLMULTI is set by a driver and used by the driver itself.
So changing the storing place doesn't break anything. One exception is
ioctl(SIOCGIFFLAGS); we have to include IFF_ALLMULTI in a result if needed to
export the flag as well as before.
A upcoming commit will remove IFNET_LOCK.
PR kern/54189
roy