diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2008-10-16 14:23:36 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2008-10-16 14:23:36 +0000 |
| commit | c91b18e8c5d97391d9843ce0d18600f7eadb6519 (patch) | |
| tree | 297ca7d8ef1d004ad1ef4f6b9c28b34cbc8e5238 /sys/net | |
| parent | be2bde20765059788da4f53cbbda7ab9b0b9e126 (diff) | |
Drop promiscuously received packets if the vlan interface is not in
promiscuous mode itself. Closes PR 5012. With claudio@.
ok claudio@, henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_vlan.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c index fc1fe501f17..c2f48b5b5e3 100644 --- a/sys/net/if_vlan.c +++ b/sys/net/if_vlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vlan.c,v 1.74 2008/09/02 17:35:16 chl Exp $ */ +/* $OpenBSD: if_vlan.c,v 1.75 2008/10/16 14:23:35 naddy Exp $ */ /* * Copyright 1998 Massachusetts Institute of Technology @@ -315,6 +315,21 @@ vlan_input(eh, m) bpf_mtap_hdr(ifv->ifv_if.if_bpf, (char *)eh, ETHER_HDR_LEN, m, BPF_DIRECTION_IN); #endif + + /* + * Drop promiscuously received packets if we are not in + * promiscuous mode. + */ + if ((m->m_flags & (M_BCAST|M_MCAST)) == 0 && + (ifp->if_flags & IFF_PROMISC) && + (ifv->ifv_if.if_flags & IFF_PROMISC) == 0) { + struct arpcom *ac = &ifv->ifv_ac; + if (bcmp(ac->ac_enaddr, eh->ether_dhost, ETHER_ADDR_LEN)) { + m_freem(m); + return (0); + } + } + ifv->ifv_if.if_ipackets++; ether_input(&ifv->ifv_if, eh, m); |