Re: gre and MONITOR

Fri, 10 May 2013 00:29:51 -0700 

Chip Marshall <c...@2bithacker.net> wrote
  in <20130508155446.gb95...@2bithacker.net>:

ch> It appears the MONITOR flag doesn't work on gre interfaces.
ch>
ch> I have a GRE tunnel set up between a FreeBSD 8.2-RELEASE box and a
ch> Juniper router.
ch>
ch> Config on the FreeBSD end:
ch>
ch> gre0: flags=4b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST,MONITOR> 
metric 0 mtu 1476
ch>     tunnel inet 10.162.163.133 --> 10.162.163.131
ch>     inet6 fe80::20c:29ff:fe9f:de64%gre0 prefixlen 64 scopeid 0x6
ch>     inet 10.200.0.2 --> 10.200.0.1 netmask 0xfffffffc
ch>     nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
ch>
ch> Config on the Juniper end:
ch>
ch> tunnel {
ch>     source 10.162.163.131;
ch>     destination 10.162.163.133;
ch> }
ch> family inet {
ch>     address 10.200.0.1/30;
ch> }
ch>
ch> And from the Juniper, I am able to ping the 10.200.0.2 IP on the
ch> FreeBSD end of the GRE tunnel. As I understand it, this shouldn't
ch> happen with the MONITOR flag there, right?

 The attached patch should fix this.  Can you try it?

-- Hiroki

Index: sys/net/if_gre.c
===================================================================
--- sys/net/if_gre.c	(revision 250243)
+++ sys/net/if_gre.c	(working copy)
@@ -341,6 +341,12 @@
 	if (bpf_peers_present(ifp->if_bpf))
 		bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);

+	if ((ifp->if_flags & IFF_MONITOR) != 0) {
+		m_freem(m);
+		error = ENETDOWN;
+		goto end;
+	}
+
 	m->m_flags &= ~(M_BCAST|M_MCAST);

 	if (sc->g_proto == IPPROTO_MOBILE) {
Index: sys/netinet/ip_gre.c
===================================================================
--- sys/netinet/ip_gre.c	(revision 250243)
+++ sys/netinet/ip_gre.c	(working copy)
@@ -205,6 +205,11 @@
 		bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m);
 	}

+	if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) {
+		m_freem(m);
+		return(NULL);
+	}
+
 	m->m_pkthdr.rcvif = GRE2IFP(sc);

 	netisr_queue(isr, m);
@@ -287,6 +292,11 @@
 		bpf_mtap2(GRE2IFP(sc)->if_bpf, &af, sizeof(af), m);
 	}

+	if ((GRE2IFP(sc)->if_flags & IFF_MONITOR) != 0) {
+		m_freem(m);
+		return;
+	}
+
 	m->m_pkthdr.rcvif = GRE2IFP(sc);

 	netisr_queue(NETISR_IP, m);

Attachment: pgpS5aZdWhiT5.pgp
Description: PGP signature

Reply via email to