From nobody@FreeBSD.org  Mon Sep  7 22:30:19 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BD8951065679
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Sep 2009 22:30:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id AD1978FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  7 Sep 2009 22:30:19 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n87MUJwW075680
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 7 Sep 2009 22:30:19 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n87MUJEC075679;
	Mon, 7 Sep 2009 22:30:19 GMT
	(envelope-from nobody)
Message-Id: <200909072230.n87MUJEC075679@www.freebsd.org>
Date: Mon, 7 Sep 2009 22:30:19 GMT
From: Sten Spans <sten@blinkenlights.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: lagg port bpf-writes blocked
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         138620
>Category:       kern
>Synopsis:       [lagg] [patch] lagg port bpf-writes blocked
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    emaste
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 07 22:40:01 UTC 2009
>Closed-Date:    Sat May 26 19:25:43 UTC 2012
>Last-Modified:  Sat May 26 19:25:43 UTC 2012
>Originator:     Sten Spans
>Release:        8.0-BETA4
>Organization:
>Environment:
FreeBSD towel.blinkenlights.nl 8.0-BETA4 FreeBSD 8.0-BETA4 #0: Sun Sep  6 04:44:31 UTC 2009     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
I have an application which sends link-layer advertisements on physical
interfaces. This daemon also informs switches about lacp settings via LLDP.

Because this daemon sends link-layer advertisements it needs to transmit
on physical interfaces. However the lagg driver blocks bpf-writes on
member interfaces, which makes it impossible for my software to do what
it needs to do.

The load-balancing / failover algorithms implemented by lagg make it
impossible to send on all physical interfaces via the parent lagg
interface.  Please note that the bridge driver on FreeBSD doesn't
implement the same restrictions.

Please consider allowing bpf-writes via lagg_port_output for the people
who know what they're doing. In general allowing pseudo_AF_HDRCMPLT
should be a reasonable 
compromise.
>How-To-Repeat:
ifconfig lagg0 create up
ifconfig tap0 create up
ifconfig lagg0 laggport tap0
ifconfig tap1 create up
ifconfig lagg0 laggport tap1

child_send: starting loop with interface lagg0
child_send: fetching tap1 media details
netif_media: media detection not supported on tap1
child_send: building LLDP packet for tap1
child_send: sending LLDP packet (225 bytes) on tap1
master_send: only -1 bytes written: Device busy
child_send: fetching tap0 media details
netif_media: media detection not supported on tap0
child_send: building LLDP packet for tap0
child_send: sending LLDP packet (225 bytes) on tap0
master_send: only -1 bytes written: Device busy
>Fix:


Patch attached with submission follows:

--- if_lagg.c.orig	2009-09-08 00:17:17.000000000 +0200
+++ if_lagg.c	2009-09-08 00:18:22.000000000 +0200
@@ -702,6 +702,7 @@
 
 	switch (dst->sa_family) {
 		case pseudo_AF_HDRCMPLT:
+			return ((*lp->lp_output)(ifp, m, dst, rt0));
 		case AF_UNSPEC:
 			eh = (struct ether_header *)dst->sa_data;
 			type = eh->ether_type;


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Sep 8 18:02:22 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=138620 

From: Ed Maste <emaste@freebsd.org>
To: <bug-followup@freebsd.org>, <sten@blinkenlights.nl>
Cc:  
Subject: kern/138620 [patch] Sysctl for direct BPF writes to lagg child ports
Date: Tue, 1 May 2012 13:08:01 -0400

 --jRHKVT23PllUwdXP
 Content-Type: text/plain; charset="us-ascii"
 Content-Disposition: inline
 
 The attached patch adds a sysctl to enable or disable the behaviour
 you're looking for (direct BPF writes to the underlying lagg child
 ports).  I intend to commit it shortly after review / test.
 
 --jRHKVT23PllUwdXP
 Content-Type: text/plain; charset="us-ascii"
 Content-Disposition: attachment; filename="if_lagg.c.diff"
 
 Index: if_lagg.c
 ===================================================================
 --- if_lagg.c	(revision 234896)
 +++ if_lagg.c	(working copy)
 @@ -177,6 +177,10 @@
  SYSCTL_INT(_net_link_lagg, OID_AUTO, default_use_flowid, CTLFLAG_RW,
      &def_use_flowid, 0,
      "Default setting for using flow id for load sharing");
 +static int lagg_tx_child = 0; /* Direct tx to child interface */
 +SYSCTL_INT(_net_link_lagg, OID_AUTO, lagg_tx_child, CTLFLAG_RW,
 +    &lagg_tx_child, 0,
 +    "Allow direct writes to child ports (e.g. via BPF)");
  
  static int
  lagg_modevent(module_t mod, int type, void *data)
 @@ -764,6 +768,9 @@
  	return (EINVAL);
  }
  
 +/*
 + * For direct output to child ports.
 + */
  static int
  lagg_port_output(struct ifnet *ifp, struct mbuf *m,
  	struct sockaddr *dst, struct route *ro)
 @@ -775,6 +782,8 @@
  	switch (dst->sa_family) {
  		case pseudo_AF_HDRCMPLT:
  		case AF_UNSPEC:
 +			if (lagg_tx_child)
 +				goto sendit;
  			eh = (struct ether_header *)dst->sa_data;
  			type = eh->ether_type;
  			break;
 @@ -786,12 +795,15 @@
  	 */
  	switch (ntohs(type)) {
  		case ETHERTYPE_PAE:	/* EAPOL PAE/802.1x */
 -			return ((*lp->lp_output)(ifp, m, dst, ro));
 +			goto sendit;
  	}
  
  	/* drop any other frames */
  	m_freem(m);
  	return (EBUSY);
 +
 +sendit:
 +	return ((*lp->lp_output)(ifp, m, dst, ro));
  }
  
  static void
 
 --jRHKVT23PllUwdXP--
State-Changed-From-To: open->patched 
State-Changed-By: emaste 
State-Changed-When: Thu May 3 01:41:29 UTC 2012 
State-Changed-Why:  
Committed revision 234936. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=138620 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/138620: commit references a PR
Date: Thu,  3 May 2012 01:41:22 +0000 (UTC)

 Author: emaste
 Date: Thu May  3 01:41:12 2012
 New Revision: 234936
 URL: http://svn.freebsd.org/changeset/base/234936
 
 Log:
   Relax restriction on direct tx to child ports
   
   Lagg(4) restricts the type of packet that may be sent directly to a child
   port, to avoid undesired output from accidental misconfiguration.
   Previously only ETHERTYPE_PAE was permitted.
   
   BPF writes to a lagg(4) child port are presumably intentional, so just
   allow them, while still blocking other packets that should take the
   aggregation path.
   
   PR:		kern/138620
   Approved by:	thompsa@
 
 Modified:
   head/sys/net/if_lagg.c
 
 Modified: head/sys/net/if_lagg.c
 ==============================================================================
 --- head/sys/net/if_lagg.c	Wed May  2 21:50:13 2012	(r234935)
 +++ head/sys/net/if_lagg.c	Thu May  3 01:41:12 2012	(r234936)
 @@ -764,28 +764,18 @@ fallback:
  	return (EINVAL);
  }
  
 +/*
 + * For direct output to child ports.
 + */
  static int
  lagg_port_output(struct ifnet *ifp, struct mbuf *m,
  	struct sockaddr *dst, struct route *ro)
  {
  	struct lagg_port *lp = ifp->if_lagg;
 -	struct ether_header *eh;
 -	short type = 0;
  
  	switch (dst->sa_family) {
  		case pseudo_AF_HDRCMPLT:
  		case AF_UNSPEC:
 -			eh = (struct ether_header *)dst->sa_data;
 -			type = eh->ether_type;
 -			break;
 -	}
 -
 -	/*
 -	 * Only allow ethernet types required to initiate or maintain the link,
 -	 * aggregated frames take a different path.
 -	 */
 -	switch (ntohs(type)) {
 -		case ETHERTYPE_PAE:	/* EAPOL PAE/802.1x */
  			return ((*lp->lp_output)(ifp, m, dst, ro));
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: Sten Spans <sten@blinkenlights.nl>
To: Ed Maste <emaste@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/138620 [patch] Sysctl for direct BPF writes to lagg child
 ports
Date: Thu, 3 May 2012 09:57:04 +0200 (CEST)

 On Tue, 1 May 2012, Ed Maste wrote:
 
 > The attached patch adds a sysctl to enable or disable the behaviour
 > you're looking for (direct BPF writes to the underlying lagg child
 > ports).  I intend to commit it shortly after review / test.
 
 Awesome, I'll try testing it this weekend.
 
 -- 
 Sten Spans
 
 "There is a crack in everything, that's how the light gets in."
 Leonard Cohen - Anthem

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/138620: commit references a PR
Date: Sat, 26 May 2012 08:44:36 +0000 (UTC)

 Author: thompsa
 Date: Sat May 26 08:44:26 2012
 New Revision: 236074
 URL: http://svn.freebsd.org/changeset/base/236074
 
 Log:
   MFC r234936 (emaste)
   
    Relax restriction on direct tx to child ports
   
    Lagg(4) restricts the type of packet that may be sent directly to a child
    port, to avoid undesired output from accidental misconfiguration.
    Previously only ETHERTYPE_PAE was permitted.
   
    BPF writes to a lagg(4) child port are presumably intentional, so just
    allow them, while still blocking other packets that should take the
    aggregation path.
   
   PR:		kern/138620
 
 Modified:
   stable/9/sys/net/if_lagg.c
 Directory Properties:
   stable/9/sys/   (props changed)
   stable/9/sys/amd64/include/xen/   (props changed)
   stable/9/sys/boot/   (props changed)
   stable/9/sys/boot/i386/efi/   (props changed)
   stable/9/sys/boot/ia64/efi/   (props changed)
   stable/9/sys/boot/ia64/ski/   (props changed)
   stable/9/sys/boot/powerpc/boot1.chrp/   (props changed)
   stable/9/sys/boot/powerpc/ofw/   (props changed)
   stable/9/sys/cddl/contrib/opensolaris/   (props changed)
   stable/9/sys/conf/   (props changed)
   stable/9/sys/contrib/dev/acpica/   (props changed)
   stable/9/sys/contrib/octeon-sdk/   (props changed)
   stable/9/sys/contrib/pf/   (props changed)
   stable/9/sys/contrib/x86emu/   (props changed)
   stable/9/sys/dev/   (props changed)
   stable/9/sys/dev/e1000/   (props changed)
   stable/9/sys/dev/ixgbe/   (props changed)
   stable/9/sys/fs/   (props changed)
   stable/9/sys/fs/ntfs/   (props changed)
   stable/9/sys/modules/   (props changed)
 
 Modified: stable/9/sys/net/if_lagg.c
 ==============================================================================
 --- stable/9/sys/net/if_lagg.c	Sat May 26 08:43:51 2012	(r236073)
 +++ stable/9/sys/net/if_lagg.c	Sat May 26 08:44:26 2012	(r236074)
 @@ -764,28 +764,18 @@ fallback:
  	return (EINVAL);
  }
  
 +/*
 + * For direct output to child ports.
 + */
  static int
  lagg_port_output(struct ifnet *ifp, struct mbuf *m,
  	struct sockaddr *dst, struct route *ro)
  {
  	struct lagg_port *lp = ifp->if_lagg;
 -	struct ether_header *eh;
 -	short type = 0;
  
  	switch (dst->sa_family) {
  		case pseudo_AF_HDRCMPLT:
  		case AF_UNSPEC:
 -			eh = (struct ether_header *)dst->sa_data;
 -			type = eh->ether_type;
 -			break;
 -	}
 -
 -	/*
 -	 * Only allow ethernet types required to initiate or maintain the link,
 -	 * aggregated frames take a different path.
 -	 */
 -	switch (ntohs(type)) {
 -		case ETHERTYPE_PAE:	/* EAPOL PAE/802.1x */
  			return ((*lp->lp_output)(ifp, m, dst, ro));
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/138620: commit references a PR
Date: Sat, 26 May 2012 08:45:03 +0000 (UTC)

 Author: thompsa
 Date: Sat May 26 08:44:50 2012
 New Revision: 236075
 URL: http://svn.freebsd.org/changeset/base/236075
 
 Log:
   MFC r234936 (emaste)
   
    Relax restriction on direct tx to child ports
   
    Lagg(4) restricts the type of packet that may be sent directly to a child
    port, to avoid undesired output from accidental misconfiguration.
    Previously only ETHERTYPE_PAE was permitted.
   
    BPF writes to a lagg(4) child port are presumably intentional, so just
    allow them, while still blocking other packets that should take the
    aggregation path.
   
   PR:		kern/138620
 
 Modified:
   stable/8/sys/net/if_lagg.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/boot/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
   stable/8/sys/dev/e1000/   (props changed)
 
 Modified: stable/8/sys/net/if_lagg.c
 ==============================================================================
 --- stable/8/sys/net/if_lagg.c	Sat May 26 08:44:26 2012	(r236074)
 +++ stable/8/sys/net/if_lagg.c	Sat May 26 08:44:50 2012	(r236075)
 @@ -756,28 +756,18 @@ fallback:
  	return (EINVAL);
  }
  
 +/*
 + * For direct output to child ports.
 + */
  static int
  lagg_port_output(struct ifnet *ifp, struct mbuf *m,
  	struct sockaddr *dst, struct route *ro)
  {
  	struct lagg_port *lp = ifp->if_lagg;
 -	struct ether_header *eh;
 -	short type = 0;
  
  	switch (dst->sa_family) {
  		case pseudo_AF_HDRCMPLT:
  		case AF_UNSPEC:
 -			eh = (struct ether_header *)dst->sa_data;
 -			type = eh->ether_type;
 -			break;
 -	}
 -
 -	/*
 -	 * Only allow ethernet types required to initiate or maintain the link,
 -	 * aggregated frames take a different path.
 -	 */
 -	switch (ntohs(type)) {
 -		case ETHERTYPE_PAE:	/* EAPOL PAE/802.1x */
  			return ((*lp->lp_output)(ifp, m, dst, ro));
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: thompsa 
State-Changed-When: Sat May 26 19:25:03 UTC 2012 
State-Changed-Why:  
MFC complete, thanks for the PR. 


Responsible-Changed-From-To: freebsd-net->emaste 
Responsible-Changed-By: thompsa 
Responsible-Changed-When: Sat May 26 19:25:03 UTC 2012 
Responsible-Changed-Why:  
MFC complete, thanks for the PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=138620 
>Unformatted:
