ether_demux does not handle frames with embedded vlan tags
Juli Mallett
jmallett at FreeBSD.org
Wed Oct 19 22:18:34 UTC 2011
On Wed, Oct 19, 2011 at 14:47, Ryan Stone <rysto32 at gmail.com> wrote:
> On Wed, Oct 19, 2011 at 3:30 PM, Juli Mallett <jmallett at freebsd.org> wrote:
>> Why should the requirements for the Netgraph path be any different to
>> the non-Netgraph path? If drivers must ensure that frames that reach
>> ether_demux have had their VLAN tags stripped, so should Netgraph
>> things that act like drivers. So why don't you move that logic into
>> ether_demux from the ether_input path, or have Netgraph use the
>> ether_input path?
>
> Netgraph can't use the ether_input path because ether_input passes the
> packet to the lower hook. It also passes the packet to things like
> carp or if_bridge if necessary. I'm not sure whether it is intended
> behaviour that the upper hook bypasses carp and if_bridge.
>
> if_bridge also depends on the vlan stripping behaviour, so vlan
> stripping cannot be moved to ether_demux without re-implementing it in
> bridge_input.
This seems like a good argument for a flag like M_SKIPFIREWALL (or
whatever it's called these days) that says that the packet was
injected by an upper layer (in general, not just netgraph), which in
the netgraph case could skip the lower filter. That would be
considerably more consistent with how other Ethernet devices work,
which would be an improvement over the current short-circuit to
ether_demux.
More information about the freebsd-net
mailing list