VirtualBox

Changeset 36089 in vbox


Ignore:
Timestamp:
Feb 25, 2011 3:32:02 PM (14 years ago)
Author:
vboxsync
Message:

SrvIntNetR0.cpp: Addressed the allow-network promiscuous mode policy issue wrt related trunk traffic.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Network/SrvIntNetR0.cpp

    r36087 r36089  
    7272    /** The MAC address of this entry. */
    7373    RTMAC                   MacAddr;
    74     /** Is it promiscuous.
    75      * Shadows INTNETIF::fPromiscuousEff.  */
     74    /** Is it is effectively promiscuous mode. */
    7675    bool                    fPromiscuousEff;
    7776    /** Is it promiscuous and should it see unrelated trunk traffic. */
     
    102101    /** Table entries. */
    103102    PINTNETMACTABENTRY      paEntries;
     103
     104    /** The number of interface entries currently in promicuous mode. */
     105    uint32_t                cPromiscuousEntries;
     106    /** The number of interface entries currently in promicuous mode that
     107     * shall not see unrelated trunk traffic. */
     108    uint32_t                cPromiscuousNoTrunkEntries;
    104109
    105110    /** The host MAC address (reported). */
     
    224229    /** Set if the INTNET::MacAddr member has been explicitly set. */
    225230    bool                    fMacSet;
    226     /** Set if the interface is in promiscuous mode.
    227      * This is shadowed by INTNETMACTABENTRY::fPromiscuous. */
    228     bool                    fPromiscuousEff;
    229231    /** Tracks the desired promiscuous setting of the interface. */
    230232    bool                    fPromiscuousReal;
     
    14751477    }
    14761478
     1479    /* Network only promicuous mode ifs should see related trunk traffic. */
     1480    if (   cExactHits
     1481        && fSrc
     1482        && pNetwork->MacTab.cPromiscuousNoTrunkEntries)
     1483    {
     1484        iIfMac = pTab->cEntries;
     1485        while (iIfMac-- > 0)
     1486        {
     1487            if (   pTab->paEntries[iIfMac].fActive
     1488                && pTab->paEntries[iIfMac].fPromiscuousEff
     1489                && !pTab->paEntries[iIfMac].fPromiscuousSeeTrunk)
     1490            {
     1491                PINTNETIF pIf = pTab->paEntries[iIfMac].pIf;        AssertPtr(pIf); Assert(pIf->pNetwork == pNetwork);
     1492                if (intnetR0IfAddrCacheLookup(&pIf->aAddrCache[enmL3AddrType], pL3Addr, cbL3Addr) < 0)
     1493                {
     1494                    uint32_t iIfDst = pDstTab->cIfs++;
     1495                    pDstTab->aIfs[iIfDst].pIf            = pIf;
     1496                    pDstTab->aIfs[iIfDst].fReplaceDstMac = false;
     1497                    intnetR0BusyIncIf(pIf);
     1498                }
     1499            }
     1500        }
     1501    }
     1502
    14771503    /* Does it match the host, or is the host promiscuous? */
    14781504    if (pTab->fHostActive)
     
    16231649        }
    16241650    }
    1625     /** @todo Interfaces with fPromiscuousEff && !fPromiscuousSeeTrunk needs to
    1626      *        be added if there are exact matches and fSrc != 0.  This means
    1627      *        we need to count interfaces in this state to avoid traversing
    1628      *        the table a second time for no good reason. */
     1651
     1652    /* Network only promicuous mode ifs should see related trunk traffic. */
     1653    if (   cExactHits
     1654        && fSrc
     1655        && pNetwork->MacTab.cPromiscuousNoTrunkEntries)
     1656    {
     1657        iIfMac = pTab->cEntries;
     1658        while (iIfMac-- > 0)
     1659        {
     1660            if (   pTab->paEntries[iIfMac].fPromiscuousEff
     1661                && !pTab->paEntries[iIfMac].fPromiscuousSeeTrunk
     1662                && pTab->paEntries[iIfMac].fActive
     1663                && !intnetR0AreMacAddrsEqual(&pTab->paEntries[iIfMac].MacAddr, pDstAddr)
     1664                && !intnetR0IsMacAddrDummy(&pTab->paEntries[iIfMac].MacAddr) )
     1665            {
     1666                PINTNETIF pIf    = pTab->paEntries[iIfMac].pIf;     AssertPtr(pIf); Assert(pIf->pNetwork == pNetwork);
     1667                uint32_t  iIfDst = pDstTab->cIfs++;
     1668                pDstTab->aIfs[iIfDst].pIf            = pIf;
     1669                pDstTab->aIfs[iIfDst].fReplaceDstMac = false;
     1670                intnetR0BusyIncIf(pIf);
     1671            }
     1672        }
     1673    }
    16291674
    16301675    /* Does it match the host, or is the host promiscuous? */
     
    36643709                                      && (pIf->fOpenFlags  & INTNET_OPEN_FLAGS_IF_PROMISC_ALLOW)
    36653710                                      && (pNetwork->fFlags & INTNET_OPEN_FLAGS_PROMISC_ALLOW_CLIENTS);
    3666             Log(("IntNetR0IfSetPromiscuousMode: hIf=%RX32: Changed from %d (%d) -> %d (%d)\n",
    3667                  hIf, !fPromiscuous, pIf->fPromiscuousEff, !!fPromiscuous, fPromiscuousEff));
     3711            Log(("IntNetR0IfSetPromiscuousMode: hIf=%RX32: Changed from %d -> %d (%d)\n",
     3712                 hIf, !fPromiscuous, !!fPromiscuous, fPromiscuousEff));
    36683713
    36693714            pIf->fPromiscuousReal = fPromiscuous;
    3670             pIf->fPromiscuousEff  = fPromiscuousEff;
    36713715
    36723716            PINTNETMACTABENTRY pEntry = intnetR0NetworkFindMacAddrEntry(pNetwork, pIf); Assert(pEntry);
    36733717            if (RT_LIKELY(pEntry))
    36743718            {
     3719                if (pEntry->fPromiscuousEff)
     3720                {
     3721                    pNetwork->MacTab.cPromiscuousEntries--;
     3722                    if (!pEntry->fPromiscuousSeeTrunk)
     3723                        pNetwork->MacTab.cPromiscuousNoTrunkEntries--;
     3724                    Assert(pNetwork->MacTab.cPromiscuousEntries        < pNetwork->MacTab.cEntries);
     3725                    Assert(pNetwork->MacTab.cPromiscuousNoTrunkEntries < pNetwork->MacTab.cEntries);
     3726                }
     3727
    36753728                pEntry->fPromiscuousEff      = fPromiscuousEff;
    36763729                pEntry->fPromiscuousSeeTrunk = fPromiscuousEff
    36773730                                            && (pIf->fOpenFlags & INTNET_OPEN_FLAGS_IF_PROMISC_SEE_TRUNK);
     3731
     3732                if (pEntry->fPromiscuousEff)
     3733                {
     3734                    pNetwork->MacTab.cPromiscuousEntries++;
     3735                    if (!pEntry->fPromiscuousSeeTrunk)
     3736                        pNetwork->MacTab.cPromiscuousNoTrunkEntries++;
     3737                }
     3738                Assert(pNetwork->MacTab.cPromiscuousEntries        <= pNetwork->MacTab.cEntries);
     3739                Assert(pNetwork->MacTab.cPromiscuousNoTrunkEntries <= pNetwork->MacTab.cEntries);
    36783740            }
    36793741        }
     
    42364298            if (pNetwork->MacTab.paEntries[iIf].pIf == pIf)
    42374299            {
     4300                if (pNetwork->MacTab.paEntries[iIf].fPromiscuousEff)
     4301                {
     4302                    pNetwork->MacTab.cPromiscuousEntries--;
     4303                    if (!pNetwork->MacTab.paEntries[iIf].fPromiscuousSeeTrunk)
     4304                        pNetwork->MacTab.cPromiscuousNoTrunkEntries--;
     4305                }
     4306                Assert(pNetwork->MacTab.cPromiscuousEntries        < pNetwork->MacTab.cEntries);
     4307                Assert(pNetwork->MacTab.cPromiscuousNoTrunkEntries < pNetwork->MacTab.cEntries);
     4308
    42384309                if (iIf + 1 < pNetwork->MacTab.cEntries)
    42394310                    memmove(&pNetwork->MacTab.paEntries[iIf],
     
    42584329            pNetwork->fMinFlags = fMinFlags;
    42594330        }
     4331
    42604332        PINTNETTRUNKIF pTrunk = pNetwork->MacTab.pTrunk;
    42614333
     
    44024474    memset(&pIf->MacAddr, 0xff, sizeof(pIf->MacAddr)); /* broadcast */
    44034475    //pIf->fMacSet          = false;
    4404     //pIf->fPromiscuousEff  = false;
    44054476    //pIf->fPromiscuousReal = false;
    44064477    //pIf->fActive          = false;
     
    53515422        if ((fOldNetFlags ^ fNetFlags) & INTNET_OPEN_FLAGS_PROMISC_ALLOW_CLIENTS)
    53525423        {
     5424            pNetwork->MacTab.cPromiscuousEntries        = 0;
     5425            pNetwork->MacTab.cPromiscuousNoTrunkEntries = 0;
     5426
    53535427            uint32_t iIf = pNetwork->MacTab.cEntries;
    53545428            while (iIf-- > 0)
     
    53615435                    bool fPromiscuousEff = (fNetFlags & INTNET_OPEN_FLAGS_PROMISC_ALLOW_CLIENTS)
    53625436                                        && (pIf2->fOpenFlags & INTNET_OPEN_FLAGS_IF_PROMISC_ALLOW);
    5363                     pIf2->fPromiscuousEff        = fPromiscuousEff;
    53645437                    pEntry->fPromiscuousEff      = fPromiscuousEff;
    53655438                    pEntry->fPromiscuousSeeTrunk = fPromiscuousEff
    53665439                                                && (pIf2->fOpenFlags & INTNET_OPEN_FLAGS_IF_PROMISC_SEE_TRUNK);
     5440
     5441                    if (pEntry->fPromiscuousEff)
     5442                    {
     5443                        pNetwork->MacTab.cPromiscuousEntries++;
     5444                        if (!pEntry->fPromiscuousSeeTrunk)
     5445                            pNetwork->MacTab.cPromiscuousNoTrunkEntries++;
     5446                    }
    53675447                }
    53685448            }
     
    55415621    pNetwork->MacTab.cEntries               = 0;
    55425622    pNetwork->MacTab.cEntriesAllocated      = INTNET_GROW_DSTTAB_SIZE;
     5623    //pNetwork->MacTab.cPromiscuousEntries  = 0;
     5624    //pNetwork->MacTab.cPromiscuousNoTrunkEntries = 0;
    55435625    pNetwork->MacTab.paEntries              = NULL;
    55445626    pNetwork->MacTab.fHostPromiscuousReal   = false;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette