util: fail attempts to use same mac address for guest and tap

This patch is in response to: https://bugzilla.redhat.com/show_bug.cgi?id=798467 If a guest's tap device is created using the same MAC address the guest uses for its own network card (which connects to the tap device), the Linux kernel will log the following message and traffic will not pass: kernel: vnet9: received packet with own address as source address This patch disallows MAC addresses with a first byte of 0xFE, but only in the case that the MAC address is used for a guest interface that's connected by way of a standard tap device. (In other words, the validation is done at runtime at the same place the MAC address is modified for the tap device, rather than when mac address is parsed, the idea being that it is then we know for sure the address will be problematic.)

util: fail attempts to use same mac address for guest and tap
This patch is in response to: https://bugzilla.redhat.com/show_bug.cgi?id=798467 If a guest's tap device is created using the same MAC address the guest uses for its own network card (which connects to the tap device), the Linux kernel will log the following message and traffic will not pass: kernel: vnet9: received packet with own address as source address This patch disallows MAC addresses with a first byte of 0xFE, but only in the case that the MAC address is used for a guest interface that's connected by way of a standard tap device. (In other words, the validation is done at runtime at the same place the MAC address is modified for the tap device, rather than when mac address is parsed, the idea being that it is then we know for sure the address will be problematic.)
5d571045 · Laine Stump · d675a922 · 5d571045
隐藏空白更改
内联并排

Showing with 20 addition and 2 deletion

src/util/virnetdevtap.c src/util/virnetdevtap.c +20 -2

未找到文件。
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
 /*
- * Copyright (C) 2007-2011 Red Hat, Inc.
+ * Copyright (C) 2007-2012 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -45,6 +45,10 @@
 #define VIR_FROM_THIS VIR_FROM_NONE
+#define virNetDevTapError(code, ...)                    \
+    virReportErrorHelper(VIR_FROM_NONE, code, __FILE__, \
+                         __FUNCTION__, __LINE__, __VA_ARGS__)
 /**
 * virNetDevProbeVnetHdr:
 * @tapfd: a tun/tap file descriptor
@@ -294,8 +298,22 @@ int virNetDevTapCreateInBridgePort(const char *brname,
     * device before we set our static MAC.
     */
    memcpy(tapmac, macaddr, VIR_MAC_BUFLEN);
-    if (!(flags & VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE))
+    if (!(flags & VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE)) {
+        if (macaddr[0] == 0xFE) {
+            /* For normal use, the tap device's MAC address cannot
+             * match the MAC address used by the guest. This results
+             * in "received packet on vnetX with own address as source
+             * address" error logs from the kernel.
+             */
+            virNetDevTapError(VIR_ERR_CONFIG_UNSUPPORTED,
+                              "Unable to use MAC address starting with "
+                              "reserved value 0xFE - '%02X:%02X:%02X:%02X:%02X:%02X' - ",
+                              macaddr[0], macaddr[1], macaddr[2],
+                              macaddr[3], macaddr[4], macaddr[5]);
+            goto error;
+        }
        tapmac[0] = 0xFE; /* Discourage bridge from using TAP dev MAC */
+    }
    if (virNetDevSetMAC(*ifname, tapmac) < 0)
        goto error;