On Fri, Jul 06, 2012 at 09:51:12PM -0400, Ed Maste wrote:
> A packet received by em0 is intercepted by BPF and delivered to Open
> vSwitch via libpcap. Open vSwitch delivers it to the tap device, and
> the stack then gets copies from both em0 and br0. This can be addressed
> by a firewall rule to discard packets received by em0 so that they don't
> make it beyond the BPF call.
>
> It isn't clear to me though why the Linux userspace mode does not behave
> the same way though. I had a (very) brief look at the way PF_PACKET is
> handled in Linux and it seemed like the packet would still be passed up
> the stack -- there must be something else that I'm missing.
Linux appears to have a special case such that a packet will never be
delivered back to the socket from which it originates via the network
tap interface, see dev_queue_xmit_nit() in net/core/dev.c:
/*
* Support routine. Sends outgoing frames to any network
* taps currently in use.
*/
static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
{
struct packet_type *ptype;
struct sk_buff *skb2 = NULL;
struct packet_type *pt_prev = NULL;
rcu_read_lock();
list_for_each_entry_rcu(ptype, &ptype_all, list) {
/* Never send packets back to the socket
* they originated from - MvS (miqu...@drinkel.ow.org)
*/
if ((ptype->dev == dev || !ptype->dev) &&
(ptype->af_packet_priv == NULL ||
(struct sock *)ptype->af_packet_priv != skb->sk)) {
if (pt_prev) {
deliver_skb(skb2, pt_prev, skb->dev);
pt_prev = ptype;
continue;
}
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
