dhclient: support VID 0 (no vlan) decapsulation

fichtner · fichtner · commit bf0e9caf2a47 · 2021-06-10T10:38:37.000+02:00
VLAN ID 0 is supposed to be interpreted as having no VLAN with a bit of priority on the side, but the kernel is not able to decapsulate this on the fly so dhclient needs to take care of it. This is similar to the VLAN ID send use case where we latch on to a parent interface in order to be able to serve responses with the correct VLAN priority. Patch is inspired by the pfSense proposal below, but the filter was rewritten for minimal impact. PR: #114 See also: pfsense/FreeBSD-src#9
diff --git a/sbin/dhclient/bpf.c b/sbin/dhclient/bpf.c
@@ -5,7 +5,7 @@
 /*-
  * SPDX-License-Identifier: BSD-3-Clause
  *
- * Copyright (c) 2018 Franco Fichtner <franco@opnsense.org>
+ * Copyright (c) 2018-2021 Franco Fichtner <franco@opnsense.org>
  * Copyright (c) 1995, 1996, 1998, 1999
  * The Internet Software Consortium.    All rights reserved.
  *
@@ -203,20 +203,41 @@ if_register_send(struct interface_info *info)
  * constant offsets used in if_register_send to patch the BPF program!
  */
 static struct bpf_insn dhcp_bpf_filter[] = {
+	/* Set packet index for IP packet... */
+	BPF_STMT(BPF_LDX + BPF_W + BPF_IMM, 0),
+
+	/* Test whether this is a VLAN packet... */
+	BPF_STMT(BPF_LD + BPF_H + BPF_IND, 12),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_VLAN, 0, 4),
+
+	/* Test whether it has a VID of 0 */
+	BPF_STMT(BPF_LD + BPF_H + BPF_IND, 14),
+	BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0xfff),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 0, 1),
+
+	/* Correct the packet index for VLAN... */
+	BPF_STMT(BPF_LDX + BPF_W + BPF_IMM, 4),
+
 	/* Make sure this is an IP packet... */
-	BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
-	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8),
+	BPF_STMT(BPF_LD + BPF_H + BPF_IND, 12),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 14),
 
 	/* Make sure it's a UDP packet... */
-	BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23),
-	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6),
+	BPF_STMT(BPF_LD + BPF_B + BPF_IND, 23),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 12),
 
 	/* Make sure this isn't a fragment... */
-	BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20),
-	BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0),
+	BPF_STMT(BPF_LD + BPF_H + BPF_IND, 20),
+	BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 10, 0),
 
 	/* Get the IP header length... */
+	BPF_STMT(BPF_MISC + BPF_TXA, 0),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 0, 2),
 	BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14),
+	BPF_JUMP(BPF_JMP + BPF_JA, 1, 0, 0),
+	BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 18),
+	BPF_STMT(BPF_ALU + BPF_ADD + BPF_X, 0),
+	BPF_STMT(BPF_MISC + BPF_TAX, 0),
 
 	/* Make sure it's to the right port... */
 	BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16),
@@ -279,7 +300,7 @@ if_register_receive(struct interface_info *info)
 	 * XXX: changes to filter program may require changes to the
 	 * insn number(s) used below!
 	 */
-	dhcp_bpf_filter[8].k = LOCAL_PORT;
+	dhcp_bpf_filter[21].k = LOCAL_PORT;
 
 	if (ioctl(info->rfdesc, BIOCSETF, &p) < 0)
 		error("Can't install packet filter program: %m");
diff --git a/sbin/dhclient/packet.c b/sbin/dhclient/packet.c
@@ -167,7 +167,8 @@ decode_hw_header(unsigned char *buf, int bufix, struct hardware *from)
 	from->htype = ARPHRD_ETHER;
 	from->hlen = sizeof(eh.ether_shost);
 
-	return (sizeof(eh));
+	return (sizeof(eh) + (ntohs(eh.ether_type) == ETHERTYPE_VLAN ?
+	    ETHER_VLAN_ENCAP_LEN : 0));
 }
 
 ssize_t

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,8 @@ decode_hw_header(unsigned char buf, int bufix, struct hardware from)`
`167`	`167`	`from->htype = ARPHRD_ETHER;`
`168`	`168`	`from->hlen = sizeof(eh.ether_shost);`
`169`	`169`
`170`		`- return (sizeof(eh));`
	`170`	`+ return (sizeof(eh) + (ntohs(eh.ether_type) == ETHERTYPE_VLAN ?`
	`171`	`+ ETHER_VLAN_ENCAP_LEN : 0));`
`171`	`172`	`}`
`172`	`173`
`173`	`174`	`ssize_t`