[Openvpn-devel] [PATCH 6/9] vlan: Restrict broadcasts to the sender's VLAN.

Wed, 31 Mar 2010 21:58:48 +0000 

This patch enhances openvpn's internal packet routing to restrict broadcast
packets to destinations with a matching VID.

I.e. broadcasts from client to client or from tap interface to clients are now
filtered based on whether the client belongs to the correct VLAN id.
---
 multi.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/multi.c b/multi.c
index 96644e5..822ae29 100644
--- a/multi.c
+++ b/multi.c
@@ -1759,7 +1759,8 @@ static void
 multi_bcast (struct multi_context *m,
             const struct buffer *buf,
             const struct multi_instance *sender_instance,
-            const struct mroute_addr *sender_addr)
+            const struct mroute_addr *sender_addr,
+            int16_t vid)
 {
   struct hash_iterator hi;
   struct hash_element *he;
@@ -1804,6 +1805,8 @@ multi_bcast (struct multi_context *m,
                    }
                }
 #endif
+             if (vid != 0 && vid != mi->context.options.vlan_tag)
+               continue;
              multi_add_mbuf (m, mi, mb);
            }
        }
@@ -1997,7 +2000,7 @@ multi_process_incoming_link (struct multi_context *m, 
struct multi_instance *ins
                  if (mroute_flags & MROUTE_EXTRACT_MCAST)
                    {
                      /* for now, treat multicast as broadcast */
-                     multi_bcast (m, &c->c2.to_tun, m->pending, NULL);
+                     multi_bcast (m, &c->c2.to_tun, m->pending, NULL, 0);
                    }
                  else /* possible client to client routing */
                    {
@@ -2063,7 +2066,7 @@ multi_process_incoming_link (struct multi_context *m, 
struct multi_instance *ins
                        {
                          if (mroute_flags & 
(MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
                            {
-                             multi_bcast (m, &c->c2.to_tun, m->pending, NULL);
+                             multi_bcast (m, &c->c2.to_tun, m->pending, NULL, 
vid);
                            }
                          else /* try client-to-client routing */
                            {
@@ -2258,9 +2261,9 @@ multi_process_incoming_tun (struct multi_context *m, 
const unsigned int mpp_flag
            {
              /* for now, treat multicast as broadcast */
 #ifdef ENABLE_PF
-             multi_bcast (m, &m->top.c2.buf, NULL, e2);
+             multi_bcast (m, &m->top.c2.buf, NULL, e2, vid);
 #else
-             multi_bcast (m, &m->top.c2.buf, NULL, NULL);
+             multi_bcast (m, &m->top.c2.buf, NULL, NULL, vid);
 #endif
            }
          else
@@ -2429,7 +2432,7 @@ gremlin_flood_clients (struct multi_context *m)
        ASSERT (buf_write_u8 (&buf, get_random () & 0xFF));

       for (i = 0; i < parm.n_packets; ++i)
-       multi_bcast (m, &buf, NULL, NULL);
+       multi_bcast (m, &buf, NULL, NULL, 0);

       gc_free (&gc);
     }
-- 
1.7.0

Reply via email to