[master] Linux packet handling ignores VLAN packets sent to physical interface

    Merges in rt37415.

diff --git a/RELNOTES b/RELNOTES
index 0f155986e0ab84c9896c63bea2748bf49b10d963..19747e4a49e694600524efbd85c819f2f124a0f8 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -215,6 +215,19 @@ by Eric Young (eay@cryptsoft.com).
   Thanks to Jiri Popelka at Red Hat for the bug report and patch.
   [ISC-Bugs #37084]
 
+- Corrected linux packet handling which was causing packets received via VLAN
+  to be seen by both the VLAN interface and its parent interface.
+
+- Modified linux packet handling such that packets received via VLAN are now
+  seen only by the VLAN interface. Prior to this, such packets were seen by
+  both the VLAN interface and its parent (physical) interface, causing the
+  server to respond to both.  Note this remains an issue for non-Linux OSs.
+  Thanks to Jiri Popelka at Red Hat for the patch.
+  [ISC-Bugs #37415]
+  [ISC-Bugs #37133]
+  [ISC-Bugs #36668]
+  [ISC-Bugs #36652]
+
                        Changes since 4.3.1b1
 
 - Modify the linux and openwrt dhclient scripts to process information

diff --git a/common/lpf.c b/common/lpf.c
index 99937e6cb794e3ea5776a829c02329f7fc87d098..37cb99eb6cfcc19862fc6455e4376d1c4f71b359 100644 (file)
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -4,7 +4,8 @@
    Support Services in Vancouver, B.C. */
 
 /*
- * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2014-2015 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
@@ -385,14 +386,32 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
 
 #ifdef PACKET_AUXDATA
        {
-       /*  Determine if checksum is valid for use. It may not be if checksum
-           offloading is enabled on the interface.  */
+       /*  Use auxiliary packet data to:
+        *
+        *  a. Weed out extraneous VLAN-tagged packets - If the NIC driver is
+        *  handling VLAN encapsulation (i.e. stripping/adding VLAN tags),
+        *  then an inbound VLAN packet will be seen twice: Once by
+        *  the parent interface (e.g. eth0) with a VLAN tag != 0; and once
+        *  by the vlan interface (e.g. eth0.n) with a VLAN tag of 0 (i.e none).
+        *  We want to discard the packet sent to the parent and thus respond
+        *  only over the vlan interface.  (Drivers for Intel PRO/1000 series
+        *  NICs perform VLAN encapsulation, while drivers for PCnet series
+        *  do not, for example. The linux kernel makes stripped vlan info
+        *  visible to user space via CMSG/auxdata, this appears to not be
+        *  true for BSD OSs.)
+        *
+        *  b. Determine if checksum is valid for use. It may not be if
+        *  checksum offloading is enabled on the interface.  */
        struct cmsghdr *cmsg;
 
        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
                if (cmsg->cmsg_level == SOL_PACKET &&
                    cmsg->cmsg_type == PACKET_AUXDATA) {
                        struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
+                       /* Discard packets with stripped vlan id */
+                       if (aux->tp_vlan_tci != 0)
+                               return 0;
+
                        csum_ready = ((aux->tp_status & TP_STATUS_CSUMNOTREADY)
                                      ? 0 : 1);
                }