[vbox-dev] [PATCH] demonstration patch for host-only networking packet direction

Ed Maste emaste at freebsd.org
Wed Sep 12 20:21:37 GMT 2012 

 On 7 September 2012 15:38, Aleksey Ilyushin
<aleksey.ilyushin at oracle.com> wrote:
> There is an unfortunate side effect in your patch -- the packets not intended for the host will be delivered to it even if a vboxnetX interface is not in the promiscuous mode.

Ahh, fair enough - my work has all been with BPF for tap / inject so I
explicitly wanted all packets.

That said, it looks like this will work by accident, because of the
following code in FreeBSD's ether_input_internal:

/*
 * If the frame received was not for our MAC address, set the
 * M_PROMISC flag on the mbuf chain. The frame may need to
 * be seen by the rest of the Ethernet input path in case of
 * re-entry (e.g. bridge, vlan, netgraph) but should not be
 * seen by upper protocol layers.
 */
if (!ETHER_IS_MULTICAST(eh->ether_dhost) &&
    bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0)
        m->m_flags |= M_PROMISC;

So the input path will actually check the MAC address against the
interface's and set the promisc flag on the packet if it doesn't
match, so the higher layer protocol will re-do the check and drop
packets not for the interface.

I could of course introduce a similar case in vboxNetFltPortOsXmit in
case the code to protect against future changes in FreeBSD, but is
there a better way to solve the underlying issue?

-Ed

> On Sep 4, 2012, at 5:34 PM, Ed Maste wrote:
>
>> On 30 August 2012 14:54, Ed Maste <emaste at freebsd.org> wrote:
>>> ...
>>> It appears that VirtualBox calls vboxNetFltPortOsXmit with fDst set to
>>> INTNETTRUNKDIR_HOST if the MAC address matches that of the vboxnet
>>> interface, or INTNETTRUNKDIR_WIRE otherwise.  To me this seems
>>> undesirable in the case of a host-only network, where there really is
>>> no 'wire' and all packets ought to be destined to/from the host.
>>>
>>> I could implement something in the FreeBSD VBoxNetFlt and VBoxNetAdp
>>> drivers for this, but it seems like it's a general issue.  Should
>>> VirtualBox always set fDst to INTNETTRUNKDIR_HOST for host-only
>>> interfaces?
>>
>> Here's a quick hacky patch that demonstrates the change in behaviour.
>> It does fix the issue I originally encountered.
>>
>>
>>
>> diff --git a/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFltInternal.h
>> b/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFltInternal.h
>> index 90182a9..a01e060 100644
>> --- a/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFltInternal.h
>> +++ b/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFltInternal.h
>> @@ -237,6 +237,8 @@ typedef struct VBOXNETFLTINS
>>             struct task tskout;
>>             /** The MAC address of the interface. */
>>             RTMAC MacAddr;
>> +            /** Host-only flag. */
>> +            int host_only;
>>             /** @} */
>> # elif defined(RT_OS_WINDOWS)
>>             /** @name Windows instance data.
>> diff --git a/src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c
>> b/src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c
>> index 2912d76..b100bb4 100644
>> --- a/src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c
>> +++ b/src/VBox/HostDrivers/VBoxNetFlt/freebsd/VBoxNetFlt-freebsd.c
>> @@ -524,6 +524,14 @@ int vboxNetFltPortOsXmit(PVBOXNETFLTINS pThis,
>> void *pvIfData, PINTNETSG pSG, ui
>>     ifp = ASMAtomicUoReadPtrT(&pThis->u.s.ifp, struct ifnet *);
>>     VBOXCURVNET_SET(ifp->if_vnet);
>>
>> +    /* XXX Don't send to wire for host-only interface - see the thread at
>> +     * https://www.virtualbox.org/pipermail/vbox-dev/2012-August/005316.html
>> +     */
>> +    if ((fDst & INTNETTRUNKDIR_WIRE) && pThis->u.s.host_only)
>> +    {
>> +        fDst = INTNETTRUNKDIR_HOST;
>> +    }
>> +
>>     if (fDst & INTNETTRUNKDIR_WIRE)
>>     {
>>         m = vboxNetFltFreeBSDSGMBufFromSG(pThis, pSG);
>> @@ -587,6 +595,7 @@ int vboxNetFltOsInitInstance(PVBOXNETFLTINS pThis,
>> void *pvContext)
>>     ifp = ifunit(pThis->szName);
>>     if (ifp == NULL)
>>         return VERR_INTNET_FLT_IF_NOT_FOUND;
>> +    pThis->u.s.host_only = !strncmp(pThis->szName, "vboxnet", 7);
>>
>>     /* Create a new netgraph node for this instance */
>>     if (ng_make_node_common(&ng_vboxnetflt_typestruct, &node) != 0)
>>
>> _______________________________________________
>> vbox-dev mailing list
>> vbox-dev at virtualbox.org
>> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev

More information about the vbox-dev mailing list