Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: xennet input processing and mac filtering
gdt%lexort.com@localhost (Greg Troxel) writes:
>Manuel Bouyer <bouyer%antioche.eu.org@localhost> writes:
>> I think the frontend code assumes that ether_input() will do the filtering,
>> and maybe this has changed since the frontend was written
>I was also thinking this has changed.
ether_input did (and still does) check if the packet is neither
multi-/broadcast nor for its own address and then marks the packets
as M_PROMISC.
if ((m->m_flags & (M_BCAST|M_MCAST)) == 0 &&
(ifp->if_flags & IFF_PROMISC) != 0 &&
memcmp(LLADDR(ifp->if_sadl), eh->ether_dhost,
ETHER_ADDR_LEN) != 0) {
m->m_flags |= M_PROMISC;
}
If M_PROMISC is set, the packet filter is skipped (?) and if it isn't
consumed by agr(4), vlan(4), carp(4) or pppoe(4), then the packet
is dropped later.
But the check above only takes place when the interface is
in promiscous mode. Without promiscous mode, the code assumes
that all packets are actually for the machine.
The code is almost unchanged since it was added in netbsd-1-6.
In netbsd-1-5 we had a slightly different check with a similar
result:
if (eh->ether_dhost[0] & 1) {
if (bcmp((caddr_t)etherbroadcastaddr, (caddr_t)eh->ether_dhost,
sizeof(etherbroadcastaddr)) == 0)
m->m_flags |= M_BCAST;
else
m->m_flags |= M_MCAST;
ifp->if_imcasts++;
} else if ((ifp->if_flags & IFF_PROMISC) != 0 &&
memcmp(LLADDR(ifp->if_sadl), eh->ether_dhost,
ETHER_ADDR_LEN) != 0) {
m_freem(m);
return;
}
In netbsd-1-4 and earlier there was no such check.
Home |
Main Index |
Thread Index |
Old Index