1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
2
3 /*-
4 * SPDX-License-Identifier: BSD-4-Clause
5 *
6 * Copyright 2001 Wasabi Systems, Inc.
7 * All rights reserved.
8 *
9 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 * must display the following acknowledgement:
21 * This product includes software developed for the NetBSD Project by
22 * Wasabi Systems, Inc.
23 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
24 * or promote products derived from this software without specific prior
25 * written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 * POSSIBILITY OF SUCH DAMAGE.
38 */
39
40 /*
41 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
42 * All rights reserved.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
54 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
55 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
56 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
57 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
58 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
59 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
62 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
63 * POSSIBILITY OF SUCH DAMAGE.
64 *
65 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
66 */
67
68 /*
69 * Network interface bridge support.
70 *
71 * TODO:
72 *
73 * - Currently only supports Ethernet-like interfaces (Ethernet,
74 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
75 * to bridge other types of interfaces (maybe consider
76 * heterogeneous bridges).
77 */
78
79 #include "opt_inet.h"
80 #include "opt_inet6.h"
81
82 #define EXTERR_CATEGORY EXTERR_CAT_BRIDGE
83
84 #include <sys/param.h>
85 #include <sys/ctype.h> /* string functions */
86 #include <sys/eventhandler.h>
87 #include <sys/exterrvar.h>
88 #include <sys/jail.h>
89 #include <sys/kernel.h>
90 #include <sys/lock.h>
91 #include <sys/malloc.h>
92 #include <sys/mbuf.h>
93 #include <sys/module.h>
94 #include <sys/mutex.h>
95 #include <sys/priv.h>
96 #include <sys/proc.h>
97 #include <sys/protosw.h>
98 #include <sys/random.h>
99 #include <sys/systm.h>
100 #include <sys/socket.h> /* for net/if.h */
101 #include <sys/sockio.h>
102 #include <sys/syslog.h>
103 #include <sys/sysctl.h>
104 #include <sys/time.h>
105
106 #include <vm/uma.h>
107
108 #include <net/bpf.h>
109 #include <net/if.h>
110 #include <net/if_clone.h>
111 #include <net/if_dl.h>
112 #include <net/if_types.h>
113 #include <net/if_var.h>
114 #include <net/if_private.h>
115 #include <net/pfil.h>
116 #include <net/vnet.h>
117
118 #include <netinet/in.h>
119 #include <netinet/in_systm.h>
120 #include <netinet/in_var.h>
121 #include <netinet/ip.h>
122 #include <netinet/ip_var.h>
123 #ifdef INET6
124 #include <netinet/ip6.h>
125 #include <netinet6/ip6_var.h>
126 #include <netinet6/in6_ifattach.h>
127 #endif
128 #if defined(INET) || defined(INET6)
129 #include <netinet/ip_carp.h>
130 #endif
131 #include <machine/in_cksum.h>
132 #include <netinet/if_ether.h>
133 #include <net/bridgestp.h>
134 #include <net/if_bridgevar.h>
135 #include <net/if_llc.h>
136 #include <net/if_vlan_var.h>
137
138 #include <net/route.h>
139
140 /*
141 * At various points in the code we need to know if we're hooked into the INET
142 * and/or INET6 pfil. Define some macros to do that based on which IP versions
143 * are enabled in the kernel. This avoids littering the rest of the code with
144 * #ifnet INET6 to avoid referencing V_inet6_pfil_head.
145 */
146 #ifdef INET6
147 #define PFIL_HOOKED_IN_INET6 PFIL_HOOKED_IN(V_inet6_pfil_head)
148 #define PFIL_HOOKED_OUT_INET6 PFIL_HOOKED_OUT(V_inet6_pfil_head)
149 #else
150 #define PFIL_HOOKED_IN_INET6 false
151 #define PFIL_HOOKED_OUT_INET6 false
152 #endif
153
154 #ifdef INET
155 #define PFIL_HOOKED_IN_INET PFIL_HOOKED_IN(V_inet_pfil_head)
156 #define PFIL_HOOKED_OUT_INET PFIL_HOOKED_OUT(V_inet_pfil_head)
157 #else
158 #define PFIL_HOOKED_IN_INET false
159 #define PFIL_HOOKED_OUT_INET false
160 #endif
161
162 #define PFIL_HOOKED_IN_46 (PFIL_HOOKED_IN_INET6 || PFIL_HOOKED_IN_INET)
163 #define PFIL_HOOKED_OUT_46 (PFIL_HOOKED_OUT_INET6 || PFIL_HOOKED_OUT_INET)
164
165 /*
166 * Size of the route hash table. Must be a power of two.
167 */
168 #ifndef BRIDGE_RTHASH_SIZE
169 #define BRIDGE_RTHASH_SIZE 1024
170 #endif
171
172 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
173
174 /*
175 * Default maximum number of addresses to cache.
176 */
177 #ifndef BRIDGE_RTABLE_MAX
178 #define BRIDGE_RTABLE_MAX 2000
179 #endif
180
181 /*
182 * Timeout (in seconds) for entries learned dynamically.
183 */
184 #ifndef BRIDGE_RTABLE_TIMEOUT
185 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
186 #endif
187
188 /*
189 * Number of seconds between walks of the route list.
190 */
191 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
192 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
193 #endif
194
195 /*
196 * List of capabilities to possibly mask on the member interface.
197 */
198 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM|\
199 IFCAP_TXCSUM_IPV6|IFCAP_MEXTPG)
200
201 /*
202 * List of capabilities to strip
203 */
204 #define BRIDGE_IFCAPS_STRIP IFCAP_LRO
205
206 /*
207 * Bridge locking
208 *
209 * The bridge relies heavily on the epoch(9) system to protect its data
210 * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we
211 * must ensure there is only one writer at a time.
212 *
213 * That is: for read accesses we only need to be in NET_EPOCH, but for write
214 * accesses we must hold:
215 *
216 * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes
217 * - BRIDGE_LOCK, for any other change
218 *
219 * The BRIDGE_LOCK is a sleepable lock, because it is held across ioctl()
220 * calls to bridge member interfaces and these ioctl()s can sleep.
221 * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes
222 * required while we're in NET_EPOCH and then we're not allowed to sleep.
223 */
224 #define BRIDGE_LOCK_INIT(_sc) do { \
225 sx_init(&(_sc)->sc_sx, "if_bridge"); \
226 mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \
227 } while (0)
228 #define BRIDGE_LOCK_DESTROY(_sc) do { \
229 sx_destroy(&(_sc)->sc_sx); \
230 mtx_destroy(&(_sc)->sc_rt_mtx); \
231 } while (0)
232 #define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx)
233 #define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx)
234 #define BRIDGE_LOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_XLOCKED)
235 #define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
236 MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx))
237 #define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED)
238 #define BRIDGE_RT_LOCK(_sc) mtx_lock(&(_sc)->sc_rt_mtx)
239 #define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx)
240 #define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED)
241 #define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
242 MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx))
243
244 struct bridge_softc;
245
246 /*
247 * Bridge interface list entry.
248 */
249 struct bridge_iflist {
250 CK_LIST_ENTRY(bridge_iflist) bif_next;
251 struct ifnet *bif_ifp; /* member if */
252 struct bridge_softc *bif_sc; /* parent bridge */
253 struct bstp_port bif_stp; /* STP state */
254 uint32_t bif_flags; /* member if flags */
255 int bif_savedcaps; /* saved capabilities */
256 uint32_t bif_addrmax; /* max # of addresses */
257 uint32_t bif_addrcnt; /* cur. # of addresses */
258 uint32_t bif_addrexceeded;/* # of address violations */
259 struct epoch_context bif_epoch_ctx;
260 ether_vlanid_t bif_pvid; /* port vlan id */
261 ifbvlan_set_t bif_vlan_set; /* if allowed tagged vlans */
262 };
263
264 /*
265 * Bridge route node.
266 */
267 struct bridge_rtnode {
268 CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
269 CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
270 struct bridge_iflist *brt_dst; /* destination if */
271 unsigned long brt_expire; /* expiration time */
272 uint8_t brt_flags; /* address flags */
273 uint8_t brt_addr[ETHER_ADDR_LEN];
274 ether_vlanid_t brt_vlan; /* vlan id */
275 struct vnet *brt_vnet;
276 struct epoch_context brt_epoch_ctx;
277 };
278 #define brt_ifp brt_dst->bif_ifp
279
280 /*
281 * Software state for each bridge.
282 */
283 struct bridge_softc {
284 struct ifnet *sc_ifp; /* make this an interface */
285 LIST_ENTRY(bridge_softc) sc_list;
286 struct sx sc_sx;
287 struct mtx sc_rt_mtx;
288 uint32_t sc_brtmax; /* max # of addresses */
289 uint32_t sc_brtcnt; /* cur. # of addresses */
290 uint32_t sc_brttimeout; /* rt timeout in seconds */
291 struct callout sc_brcallout; /* bridge callout */
292 CK_LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
293 CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
294 CK_LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
295 uint32_t sc_rthash_key; /* key for hash */
296 CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
297 struct bstp_state sc_stp; /* STP state */
298 uint32_t sc_brtexceeded; /* # of cache drops */
299 struct ifnet *sc_ifaddr; /* member mac copied from */
300 struct ether_addr sc_defaddr; /* Default MAC address */
301 if_input_fn_t sc_if_input; /* Saved copy of if_input */
302 struct epoch_context sc_epoch_ctx;
303 };
304
305 VNET_DEFINE_STATIC(struct sx, bridge_list_sx);
306 #define V_bridge_list_sx VNET(bridge_list_sx)
307 static eventhandler_tag bridge_detach_cookie;
308
309 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
310
311 VNET_DEFINE_STATIC(uma_zone_t, bridge_rtnode_zone);
312 #define V_bridge_rtnode_zone VNET(bridge_rtnode_zone)
313
314 static int bridge_clone_create(struct if_clone *, char *, size_t,
315 struct ifc_data *, struct ifnet **);
316 static int bridge_clone_destroy(struct if_clone *, struct ifnet *, uint32_t);
317
318 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
319 static void bridge_mutecaps(struct bridge_softc *);
320 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *,
321 int);
322 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
323 static void bridge_init(void *);
324 static void bridge_dummynet(struct mbuf *, struct ifnet *);
325 static bool bridge_same(const void *, const void *);
326 static void *bridge_get_softc(struct ifnet *);
327 static void bridge_stop(struct ifnet *, int);
328 static int bridge_transmit(struct ifnet *, struct mbuf *);
329 #ifdef ALTQ
330 static void bridge_altq_start(if_t);
331 static int bridge_altq_transmit(if_t, struct mbuf *);
332 #endif
333 static void bridge_qflush(struct ifnet *);
334 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
335 static void bridge_inject(struct ifnet *, struct mbuf *);
336 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
337 struct rtentry *);
338 static int bridge_enqueue(struct bridge_softc *, struct ifnet *,
339 struct mbuf *, struct bridge_iflist *);
340 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
341
342 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *,
343 struct mbuf *m);
344 static bool bridge_member_ifaddrs(void);
345 static void bridge_timer(void *);
346
347 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
348 struct mbuf *, int);
349 static void bridge_span(struct bridge_softc *, struct mbuf *);
350
351 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
352 ether_vlanid_t, struct bridge_iflist *, int, uint8_t);
353 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *,
354 ether_vlanid_t);
355 static void bridge_rttrim(struct bridge_softc *);
356 static void bridge_rtage(struct bridge_softc *);
357 static void bridge_rtflush(struct bridge_softc *, int);
358 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *,
359 ether_vlanid_t);
360 static bool bridge_vfilter_in(const struct bridge_iflist *, struct mbuf *);
361 static bool bridge_vfilter_out(const struct bridge_iflist *,
362 const struct mbuf *);
363
364 static void bridge_rtable_init(struct bridge_softc *);
365 static void bridge_rtable_fini(struct bridge_softc *);
366
367 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
368 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
369 const uint8_t *, ether_vlanid_t);
370 static int bridge_rtnode_insert(struct bridge_softc *,
371 struct bridge_rtnode *);
372 static void bridge_rtnode_destroy(struct bridge_softc *,
373 struct bridge_rtnode *);
374 static void bridge_rtable_expire(struct ifnet *, int);
375 static void bridge_state_change(struct ifnet *, int);
376
377 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
378 const char *name);
379 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
380 struct ifnet *ifp);
381 static void bridge_delete_member(struct bridge_softc *,
382 struct bridge_iflist *, int);
383 static void bridge_delete_span(struct bridge_softc *,
384 struct bridge_iflist *);
385
386 static int bridge_ioctl_add(struct bridge_softc *, void *);
387 static int bridge_ioctl_del(struct bridge_softc *, void *);
388 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
389 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
390 static int bridge_ioctl_scache(struct bridge_softc *, void *);
391 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
392 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
393 static int bridge_ioctl_rts(struct bridge_softc *, void *);
394 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
395 static int bridge_ioctl_sto(struct bridge_softc *, void *);
396 static int bridge_ioctl_gto(struct bridge_softc *, void *);
397 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
398 static int bridge_ioctl_flush(struct bridge_softc *, void *);
399 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
400 static int bridge_ioctl_spri(struct bridge_softc *, void *);
401 static int bridge_ioctl_ght(struct bridge_softc *, void *);
402 static int bridge_ioctl_sht(struct bridge_softc *, void *);
403 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
404 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
405 static int bridge_ioctl_gma(struct bridge_softc *, void *);
406 static int bridge_ioctl_sma(struct bridge_softc *, void *);
407 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
408 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
409 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *);
410 static int bridge_ioctl_sifpvid(struct bridge_softc *, void *);
411 static int bridge_ioctl_sifvlanset(struct bridge_softc *, void *);
412 static int bridge_ioctl_gifvlanset(struct bridge_softc *, void *);
413 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
414 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
415 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
416 static int bridge_ioctl_grte(struct bridge_softc *, void *);
417 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
418 static int bridge_ioctl_sproto(struct bridge_softc *, void *);
419 static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
420 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
421 int);
422 #ifdef INET
423 static int bridge_ip_checkbasic(struct mbuf **mp);
424 static int bridge_fragment(struct ifnet *, struct mbuf **mp,
425 struct ether_header *, int, struct llc *);
426 #endif /* INET */
427 #ifdef INET6
428 static int bridge_ip6_checkbasic(struct mbuf **mp);
429 #endif /* INET6 */
430 static void bridge_linkstate(struct ifnet *ifp);
431 static void bridge_linkcheck(struct bridge_softc *sc);
432
433 /*
434 * Use the "null" value from IEEE 802.1Q-2014 Table 9-2
435 * to indicate untagged frames.
436 */
437 #define VLANTAGOF(_m) \
438 ((_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : DOT1Q_VID_NULL)
439
440 static struct bstp_cb_ops bridge_ops = {
441 .bcb_state = bridge_state_change,
442 .bcb_rtage = bridge_rtable_expire
443 };
444
445 SYSCTL_DECL(_net_link);
446 static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
447 "Bridge");
448
449 /* only pass IP[46] packets when pfil is enabled */
450 VNET_DEFINE_STATIC(int, pfil_onlyip) = 1;
451 #define V_pfil_onlyip VNET(pfil_onlyip)
452 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip,
453 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_onlyip), 0,
454 "Only pass IP packets when pfil is enabled");
455
456 /* run pfil hooks on the bridge interface */
457 VNET_DEFINE_STATIC(int, pfil_bridge) = 0;
458 #define V_pfil_bridge VNET(pfil_bridge)
459 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge,
460 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_bridge), 0,
461 "Packet filter on the bridge interface");
462
463 /* layer2 filter with ipfw */
464 VNET_DEFINE_STATIC(int, pfil_ipfw);
465 #define V_pfil_ipfw VNET(pfil_ipfw)
466
467 /* layer2 ARP filter with ipfw */
468 VNET_DEFINE_STATIC(int, pfil_ipfw_arp);
469 #define V_pfil_ipfw_arp VNET(pfil_ipfw_arp)
470 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp,
471 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_ipfw_arp), 0,
472 "Filter ARP packets through IPFW layer2");
473
474 /* run pfil hooks on the member interface */
475 VNET_DEFINE_STATIC(int, pfil_member) = 0;
476 #define V_pfil_member VNET(pfil_member)
477 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member,
478 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_member), 0,
479 "Packet filter on the member interface");
480
481 /* run pfil hooks on the physical interface for locally destined packets */
482 VNET_DEFINE_STATIC(int, pfil_local_phys);
483 #define V_pfil_local_phys VNET(pfil_local_phys)
484 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys,
485 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_local_phys), 0,
486 "Packet filter on the physical interface for locally destined packets");
487
488 /* log STP state changes */
489 VNET_DEFINE_STATIC(int, log_stp);
490 #define V_log_stp VNET(log_stp)
491 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp,
492 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(log_stp), 0,
493 "Log STP state changes");
494
495 /* share MAC with first bridge member */
496 VNET_DEFINE_STATIC(int, bridge_inherit_mac);
497 #define V_bridge_inherit_mac VNET(bridge_inherit_mac)
498 SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac,
499 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(bridge_inherit_mac), 0,
500 "Inherit MAC address from the first bridge member");
501
502 VNET_DEFINE_STATIC(int, allow_llz_overlap) = 0;
503 #define V_allow_llz_overlap VNET(allow_llz_overlap)
504 SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap,
505 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0,
506 "Allow overlap of link-local scope "
507 "zones of a bridge interface and the member interfaces");
508
509 /* log MAC address port flapping */
510 VNET_DEFINE_STATIC(bool, log_mac_flap) = true;
511 #define V_log_mac_flap VNET(log_mac_flap)
512 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap,
513 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(log_mac_flap), true,
514 "Log MAC address port flapping");
515
516 /* allow IP addresses on bridge members */
517 VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
518 #define V_member_ifaddrs VNET(member_ifaddrs)
519 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
520 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
521 "Allow layer 3 addresses on bridge members");
522
523 static bool
bridge_member_ifaddrs(void)524 bridge_member_ifaddrs(void)
525 {
526 return (V_member_ifaddrs);
527 }
528
529 VNET_DEFINE_STATIC(int, log_interval) = 5;
530 VNET_DEFINE_STATIC(int, log_count) = 0;
531 VNET_DEFINE_STATIC(struct timeval, log_last) = { 0 };
532
533 #define V_log_interval VNET(log_interval)
534 #define V_log_count VNET(log_count)
535 #define V_log_last VNET(log_last)
536
537 struct bridge_control {
538 int (*bc_func)(struct bridge_softc *, void *);
539 int bc_argsize;
540 int bc_flags;
541 };
542
543 #define BC_F_COPYIN 0x01 /* copy arguments in */
544 #define BC_F_COPYOUT 0x02 /* copy arguments out */
545 #define BC_F_SUSER 0x04 /* do super-user check */
546
547 static const struct bridge_control bridge_control_table[] = {
548 { bridge_ioctl_add, sizeof(struct ifbreq),
549 BC_F_COPYIN|BC_F_SUSER },
550 { bridge_ioctl_del, sizeof(struct ifbreq),
551 BC_F_COPYIN|BC_F_SUSER },
552
553 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
554 BC_F_COPYIN|BC_F_COPYOUT },
555 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
556 BC_F_COPYIN|BC_F_SUSER },
557
558 { bridge_ioctl_scache, sizeof(struct ifbrparam),
559 BC_F_COPYIN|BC_F_SUSER },
560 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
561 BC_F_COPYOUT },
562
563 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
564 BC_F_COPYIN|BC_F_COPYOUT },
565 { bridge_ioctl_rts, sizeof(struct ifbaconf),
566 BC_F_COPYIN|BC_F_COPYOUT },
567
568 { bridge_ioctl_saddr, sizeof(struct ifbareq),
569 BC_F_COPYIN|BC_F_SUSER },
570
571 { bridge_ioctl_sto, sizeof(struct ifbrparam),
572 BC_F_COPYIN|BC_F_SUSER },
573 { bridge_ioctl_gto, sizeof(struct ifbrparam),
574 BC_F_COPYOUT },
575
576 { bridge_ioctl_daddr, sizeof(struct ifbareq),
577 BC_F_COPYIN|BC_F_SUSER },
578
579 { bridge_ioctl_flush, sizeof(struct ifbreq),
580 BC_F_COPYIN|BC_F_SUSER },
581
582 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
583 BC_F_COPYOUT },
584 { bridge_ioctl_spri, sizeof(struct ifbrparam),
585 BC_F_COPYIN|BC_F_SUSER },
586
587 { bridge_ioctl_ght, sizeof(struct ifbrparam),
588 BC_F_COPYOUT },
589 { bridge_ioctl_sht, sizeof(struct ifbrparam),
590 BC_F_COPYIN|BC_F_SUSER },
591
592 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
593 BC_F_COPYOUT },
594 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
595 BC_F_COPYIN|BC_F_SUSER },
596
597 { bridge_ioctl_gma, sizeof(struct ifbrparam),
598 BC_F_COPYOUT },
599 { bridge_ioctl_sma, sizeof(struct ifbrparam),
600 BC_F_COPYIN|BC_F_SUSER },
601
602 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
603 BC_F_COPYIN|BC_F_SUSER },
604
605 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
606 BC_F_COPYIN|BC_F_SUSER },
607
608 { bridge_ioctl_addspan, sizeof(struct ifbreq),
609 BC_F_COPYIN|BC_F_SUSER },
610 { bridge_ioctl_delspan, sizeof(struct ifbreq),
611 BC_F_COPYIN|BC_F_SUSER },
612
613 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
614 BC_F_COPYOUT },
615
616 { bridge_ioctl_grte, sizeof(struct ifbrparam),
617 BC_F_COPYOUT },
618
619 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
620 BC_F_COPYIN|BC_F_COPYOUT },
621
622 { bridge_ioctl_sproto, sizeof(struct ifbrparam),
623 BC_F_COPYIN|BC_F_SUSER },
624
625 { bridge_ioctl_stxhc, sizeof(struct ifbrparam),
626 BC_F_COPYIN|BC_F_SUSER },
627
628 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq),
629 BC_F_COPYIN|BC_F_SUSER },
630
631 { bridge_ioctl_sifpvid, sizeof(struct ifbreq),
632 BC_F_COPYIN|BC_F_SUSER },
633
634 { bridge_ioctl_sifvlanset, sizeof(struct ifbif_vlan_req),
635 BC_F_COPYIN|BC_F_SUSER },
636
637 { bridge_ioctl_gifvlanset, sizeof(struct ifbif_vlan_req),
638 BC_F_COPYIN|BC_F_COPYOUT },
639 };
640 static const int bridge_control_table_size = nitems(bridge_control_table);
641
642 VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list) =
643 LIST_HEAD_INITIALIZER();
644 #define V_bridge_list VNET(bridge_list)
645 #define BRIDGE_LIST_LOCK_INIT(x) sx_init(&V_bridge_list_sx, \
646 "if_bridge list")
647 #define BRIDGE_LIST_LOCK_DESTROY(x) sx_destroy(&V_bridge_list_sx)
648 #define BRIDGE_LIST_LOCK(x) sx_xlock(&V_bridge_list_sx)
649 #define BRIDGE_LIST_UNLOCK(x) sx_xunlock(&V_bridge_list_sx)
650
651 VNET_DEFINE_STATIC(struct if_clone *, bridge_cloner);
652 #define V_bridge_cloner VNET(bridge_cloner)
653
654 static const char bridge_name[] = "bridge";
655
656 static void
vnet_bridge_init(const void * unused __unused)657 vnet_bridge_init(const void *unused __unused)
658 {
659
660 V_bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
661 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
662 UMA_ALIGN_PTR, 0);
663 BRIDGE_LIST_LOCK_INIT();
664
665 struct if_clone_addreq req = {
666 .create_f = bridge_clone_create,
667 .destroy_f = bridge_clone_destroy,
668 .flags = IFC_F_AUTOUNIT,
669 };
670 V_bridge_cloner = ifc_attach_cloner(bridge_name, &req);
671 }
672 VNET_SYSINIT(vnet_bridge_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
673 vnet_bridge_init, NULL);
674
675 static void
vnet_bridge_uninit(const void * unused __unused)676 vnet_bridge_uninit(const void *unused __unused)
677 {
678
679 ifc_detach_cloner(V_bridge_cloner);
680 V_bridge_cloner = NULL;
681 BRIDGE_LIST_LOCK_DESTROY();
682
683 /* Callbacks may use the UMA zone. */
684 NET_EPOCH_DRAIN_CALLBACKS();
685
686 uma_zdestroy(V_bridge_rtnode_zone);
687 }
688 VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY,
689 vnet_bridge_uninit, NULL);
690
691 static int
bridge_modevent(module_t mod,int type,void * data)692 bridge_modevent(module_t mod, int type, void *data)
693 {
694
695 switch (type) {
696 case MOD_LOAD:
697 bridge_dn_p = bridge_dummynet;
698 bridge_same_p = bridge_same;
699 bridge_get_softc_p = bridge_get_softc;
700 bridge_member_ifaddrs_p = bridge_member_ifaddrs;
701 bridge_detach_cookie = EVENTHANDLER_REGISTER(
702 ifnet_departure_event, bridge_ifdetach, NULL,
703 EVENTHANDLER_PRI_ANY);
704 break;
705 case MOD_UNLOAD:
706 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
707 bridge_detach_cookie);
708 bridge_dn_p = NULL;
709 bridge_same_p = NULL;
710 bridge_get_softc_p = NULL;
711 bridge_member_ifaddrs_p = NULL;
712 break;
713 default:
714 return (EOPNOTSUPP);
715 }
716 return (0);
717 }
718
719 static moduledata_t bridge_mod = {
720 "if_bridge",
721 bridge_modevent,
722 0
723 };
724
725 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
726 MODULE_VERSION(if_bridge, 1);
727 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
728
729 /*
730 * handler for net.link.bridge.ipfw
731 */
732 static int
sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)733 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
734 {
735 int enable = V_pfil_ipfw;
736 int error;
737
738 error = sysctl_handle_int(oidp, &enable, 0, req);
739 enable &= 1;
740
741 if (enable != V_pfil_ipfw) {
742 V_pfil_ipfw = enable;
743
744 /*
745 * Disable pfil so that ipfw doesnt run twice, if the user
746 * really wants both then they can re-enable pfil_bridge and/or
747 * pfil_member. Also allow non-ip packets as ipfw can filter by
748 * layer2 type.
749 */
750 if (V_pfil_ipfw) {
751 V_pfil_onlyip = 0;
752 V_pfil_bridge = 0;
753 V_pfil_member = 0;
754 }
755 }
756
757 return (error);
758 }
759 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw,
760 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_VNET | CTLFLAG_NEEDGIANT,
761 &VNET_NAME(pfil_ipfw), 0, &sysctl_pfil_ipfw, "I",
762 "Layer2 filter with IPFW");
763
764 #ifdef VIMAGE
765 static void
bridge_reassign(struct ifnet * ifp,struct vnet * newvnet,char * arg)766 bridge_reassign(struct ifnet *ifp, struct vnet *newvnet, char *arg)
767 {
768 struct bridge_softc *sc = ifp->if_softc;
769 struct bridge_iflist *bif;
770
771 BRIDGE_LOCK(sc);
772
773 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
774 bridge_delete_member(sc, bif, 0);
775
776 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
777 bridge_delete_span(sc, bif);
778 }
779
780 BRIDGE_UNLOCK(sc);
781
782 ether_reassign(ifp, newvnet, arg);
783 }
784 #endif
785
786 /*
787 * bridge_get_softc:
788 *
789 * Return the bridge softc for an ifnet.
790 */
791 static void *
bridge_get_softc(struct ifnet * ifp)792 bridge_get_softc(struct ifnet *ifp)
793 {
794 struct bridge_iflist *bif;
795
796 NET_EPOCH_ASSERT();
797
798 bif = ifp->if_bridge;
799 if (bif == NULL)
800 return (NULL);
801 return (bif->bif_sc);
802 }
803
804 /*
805 * bridge_same:
806 *
807 * Return true if two interfaces are in the same bridge. This is only used by
808 * bridgestp via bridge_same_p.
809 */
810 static bool
bridge_same(const void * bifap,const void * bifbp)811 bridge_same(const void *bifap, const void *bifbp)
812 {
813 const struct bridge_iflist *bifa = bifap, *bifb = bifbp;
814
815 NET_EPOCH_ASSERT();
816
817 if (bifa == NULL || bifb == NULL)
818 return (false);
819
820 return (bifa->bif_sc == bifb->bif_sc);
821 }
822
823 /*
824 * bridge_clone_create:
825 *
826 * Create a new bridge instance.
827 */
828 static int
bridge_clone_create(struct if_clone * ifc,char * name,size_t len,struct ifc_data * ifd,struct ifnet ** ifpp)829 bridge_clone_create(struct if_clone *ifc, char *name, size_t len,
830 struct ifc_data *ifd, struct ifnet **ifpp)
831 {
832 struct bridge_softc *sc;
833 struct ifnet *ifp;
834
835 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
836 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
837
838 BRIDGE_LOCK_INIT(sc);
839 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
840 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
841
842 /* Initialize our routing table. */
843 bridge_rtable_init(sc);
844
845 callout_init_mtx(&sc->sc_brcallout, &sc->sc_rt_mtx, 0);
846
847 CK_LIST_INIT(&sc->sc_iflist);
848 CK_LIST_INIT(&sc->sc_spanlist);
849
850 ifp->if_softc = sc;
851 if_initname(ifp, bridge_name, ifd->unit);
852 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
853 ifp->if_capabilities = ifp->if_capenable = IFCAP_VLAN_HWTAGGING;
854 ifp->if_ioctl = bridge_ioctl;
855 #ifdef ALTQ
856 ifp->if_start = bridge_altq_start;
857 ifp->if_transmit = bridge_altq_transmit;
858 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
859 ifp->if_snd.ifq_drv_maxlen = 0;
860 IFQ_SET_READY(&ifp->if_snd);
861 #else
862 ifp->if_transmit = bridge_transmit;
863 #endif
864 ifp->if_qflush = bridge_qflush;
865 ifp->if_init = bridge_init;
866 ifp->if_type = IFT_BRIDGE;
867
868 ether_gen_addr(ifp, &sc->sc_defaddr);
869
870 bstp_attach(&sc->sc_stp, &bridge_ops);
871 ether_ifattach(ifp, sc->sc_defaddr.octet);
872 /* Now undo some of the damage... */
873 ifp->if_baudrate = 0;
874 #ifdef VIMAGE
875 ifp->if_reassign = bridge_reassign;
876 #endif
877 sc->sc_if_input = ifp->if_input; /* ether_input */
878 ifp->if_input = bridge_inject;
879
880 /*
881 * Allow BRIDGE_INPUT() to pass in packets originating from the bridge
882 * itself via bridge_inject(). This is required for netmap but
883 * otherwise has no effect.
884 */
885 ifp->if_bridge_input = bridge_input;
886
887 BRIDGE_LIST_LOCK();
888 LIST_INSERT_HEAD(&V_bridge_list, sc, sc_list);
889 BRIDGE_LIST_UNLOCK();
890 *ifpp = ifp;
891
892 return (0);
893 }
894
895 static void
bridge_clone_destroy_cb(struct epoch_context * ctx)896 bridge_clone_destroy_cb(struct epoch_context *ctx)
897 {
898 struct bridge_softc *sc;
899
900 sc = __containerof(ctx, struct bridge_softc, sc_epoch_ctx);
901
902 BRIDGE_LOCK_DESTROY(sc);
903 free(sc, M_DEVBUF);
904 }
905
906 /*
907 * bridge_clone_destroy:
908 *
909 * Destroy a bridge instance.
910 */
911 static int
bridge_clone_destroy(struct if_clone * ifc,struct ifnet * ifp,uint32_t flags)912 bridge_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags)
913 {
914 struct bridge_softc *sc = ifp->if_softc;
915 struct bridge_iflist *bif;
916 struct epoch_tracker et;
917
918 BRIDGE_LOCK(sc);
919
920 bridge_stop(ifp, 1);
921 ifp->if_flags &= ~IFF_UP;
922
923 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
924 bridge_delete_member(sc, bif, 0);
925
926 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
927 bridge_delete_span(sc, bif);
928 }
929
930 /* Tear down the routing table. */
931 bridge_rtable_fini(sc);
932
933 BRIDGE_UNLOCK(sc);
934
935 NET_EPOCH_ENTER(et);
936
937 callout_drain(&sc->sc_brcallout);
938
939 BRIDGE_LIST_LOCK();
940 LIST_REMOVE(sc, sc_list);
941 BRIDGE_LIST_UNLOCK();
942
943 bstp_detach(&sc->sc_stp);
944 #ifdef ALTQ
945 IFQ_PURGE(&ifp->if_snd);
946 #endif
947 NET_EPOCH_EXIT(et);
948
949 ether_ifdetach(ifp);
950 if_free(ifp);
951
952 NET_EPOCH_CALL(bridge_clone_destroy_cb, &sc->sc_epoch_ctx);
953
954 return (0);
955 }
956
957 /*
958 * bridge_ioctl:
959 *
960 * Handle a control request from the operator.
961 */
962 static int
bridge_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)963 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
964 {
965 struct bridge_softc *sc = ifp->if_softc;
966 struct ifreq *ifr = (struct ifreq *)data;
967 struct bridge_iflist *bif;
968 struct thread *td = curthread;
969 union {
970 struct ifbreq ifbreq;
971 struct ifbifconf ifbifconf;
972 struct ifbareq ifbareq;
973 struct ifbaconf ifbaconf;
974 struct ifbrparam ifbrparam;
975 struct ifbropreq ifbropreq;
976 struct ifbif_vlan_req ifvlanreq;
977 } args;
978 struct ifdrv *ifd = (struct ifdrv *) data;
979 const struct bridge_control *bc;
980 int error = 0, oldmtu;
981
982 BRIDGE_LOCK(sc);
983
984 switch (cmd) {
985 case SIOCADDMULTI:
986 case SIOCDELMULTI:
987 break;
988
989 case SIOCGDRVSPEC:
990 case SIOCSDRVSPEC:
991 if (ifd->ifd_cmd >= bridge_control_table_size) {
992 error = EXTERROR(EINVAL, "Invalid control command");
993 break;
994 }
995 bc = &bridge_control_table[ifd->ifd_cmd];
996
997 if (cmd == SIOCGDRVSPEC &&
998 (bc->bc_flags & BC_F_COPYOUT) == 0) {
999 error = EXTERROR(EINVAL,
1000 "Inappropriate ioctl for command "
1001 "(expected SIOCSDRVSPEC)");
1002 break;
1003 }
1004 else if (cmd == SIOCSDRVSPEC &&
1005 (bc->bc_flags & BC_F_COPYOUT) != 0) {
1006 error = EXTERROR(EINVAL,
1007 "Inappropriate ioctl for command "
1008 "(expected SIOCGDRVSPEC)");
1009 break;
1010 }
1011
1012 if (bc->bc_flags & BC_F_SUSER) {
1013 error = priv_check(td, PRIV_NET_BRIDGE);
1014 if (error) {
1015 EXTERROR(error, "PRIV_NET_BRIDGE required");
1016 break;
1017 }
1018 }
1019
1020 if (ifd->ifd_len != bc->bc_argsize ||
1021 ifd->ifd_len > sizeof(args)) {
1022 error = EXTERROR(EINVAL, "Invalid argument size");
1023 break;
1024 }
1025
1026 bzero(&args, sizeof(args));
1027 if (bc->bc_flags & BC_F_COPYIN) {
1028 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
1029 if (error)
1030 break;
1031 }
1032
1033 oldmtu = ifp->if_mtu;
1034 error = (*bc->bc_func)(sc, &args);
1035 if (error)
1036 break;
1037
1038 /*
1039 * Bridge MTU may change during addition of the first port.
1040 * If it did, do network layer specific procedure.
1041 */
1042 if (ifp->if_mtu != oldmtu)
1043 if_notifymtu(ifp);
1044
1045 if (bc->bc_flags & BC_F_COPYOUT)
1046 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
1047
1048 break;
1049
1050 case SIOCSIFFLAGS:
1051 if (!(ifp->if_flags & IFF_UP) &&
1052 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1053 /*
1054 * If interface is marked down and it is running,
1055 * then stop and disable it.
1056 */
1057 bridge_stop(ifp, 1);
1058 } else if ((ifp->if_flags & IFF_UP) &&
1059 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1060 /*
1061 * If interface is marked up and it is stopped, then
1062 * start it.
1063 */
1064 BRIDGE_UNLOCK(sc);
1065 (*ifp->if_init)(sc);
1066 BRIDGE_LOCK(sc);
1067 }
1068 break;
1069
1070 case SIOCSIFMTU:
1071 oldmtu = sc->sc_ifp->if_mtu;
1072
1073 if (ifr->ifr_mtu < IF_MINMTU) {
1074 error = EXTERROR(EINVAL,
1075 "Requested MTU is lower than IF_MINMTU");
1076 break;
1077 }
1078 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1079 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1080 break;
1081 }
1082 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1083 error = (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1084 SIOCSIFMTU, (caddr_t)ifr);
1085 if (error != 0) {
1086 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1087 " member %s\n", sc->sc_ifp->if_xname,
1088 ifr->ifr_mtu,
1089 bif->bif_ifp->if_xname);
1090 error = EINVAL;
1091 break;
1092 }
1093 }
1094 if (error) {
1095 /* Restore the previous MTU on all member interfaces. */
1096 ifr->ifr_mtu = oldmtu;
1097 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1098 (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1099 SIOCSIFMTU, (caddr_t)ifr);
1100 }
1101 EXTERROR(error,
1102 "Failed to set MTU on member interface");
1103 } else {
1104 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1105 }
1106 break;
1107 default:
1108 /*
1109 * drop the lock as ether_ioctl() will call bridge_start() and
1110 * cause the lock to be recursed.
1111 */
1112 BRIDGE_UNLOCK(sc);
1113 error = ether_ioctl(ifp, cmd, data);
1114 BRIDGE_LOCK(sc);
1115 break;
1116 }
1117
1118 BRIDGE_UNLOCK(sc);
1119
1120 return (error);
1121 }
1122
1123 /*
1124 * bridge_mutecaps:
1125 *
1126 * Clear or restore unwanted capabilities on the member interface
1127 */
1128 static void
bridge_mutecaps(struct bridge_softc * sc)1129 bridge_mutecaps(struct bridge_softc *sc)
1130 {
1131 struct bridge_iflist *bif;
1132 int enabled, mask;
1133
1134 BRIDGE_LOCK_ASSERT(sc);
1135
1136 /* Initial bitmask of capabilities to test */
1137 mask = BRIDGE_IFCAPS_MASK;
1138
1139 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1140 /* Every member must support it or it's disabled */
1141 mask &= bif->bif_savedcaps;
1142 }
1143
1144 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1145 enabled = bif->bif_ifp->if_capenable;
1146 enabled &= ~BRIDGE_IFCAPS_STRIP;
1147 /* Strip off mask bits and enable them again if allowed */
1148 enabled &= ~BRIDGE_IFCAPS_MASK;
1149 enabled |= mask;
1150 bridge_set_ifcap(sc, bif, enabled);
1151 }
1152 }
1153
1154 static void
bridge_set_ifcap(struct bridge_softc * sc,struct bridge_iflist * bif,int set)1155 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set)
1156 {
1157 struct ifnet *ifp = bif->bif_ifp;
1158 struct ifreq ifr;
1159 int error, mask, stuck;
1160
1161 bzero(&ifr, sizeof(ifr));
1162 ifr.ifr_reqcap = set;
1163
1164 if (ifp->if_capenable != set) {
1165 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
1166 if (error)
1167 if_printf(sc->sc_ifp,
1168 "error setting capabilities on %s: %d\n",
1169 ifp->if_xname, error);
1170 mask = BRIDGE_IFCAPS_MASK | BRIDGE_IFCAPS_STRIP;
1171 stuck = ifp->if_capenable & mask & ~set;
1172 if (stuck != 0)
1173 if_printf(sc->sc_ifp,
1174 "can't disable some capabilities on %s: 0x%x\n",
1175 ifp->if_xname, stuck);
1176 }
1177 }
1178
1179 /*
1180 * bridge_lookup_member:
1181 *
1182 * Lookup a bridge member interface.
1183 */
1184 static struct bridge_iflist *
bridge_lookup_member(struct bridge_softc * sc,const char * name)1185 bridge_lookup_member(struct bridge_softc *sc, const char *name)
1186 {
1187 struct bridge_iflist *bif;
1188 struct ifnet *ifp;
1189
1190 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1191
1192 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1193 ifp = bif->bif_ifp;
1194 if (strcmp(ifp->if_xname, name) == 0)
1195 return (bif);
1196 }
1197
1198 return (NULL);
1199 }
1200
1201 /*
1202 * bridge_lookup_member_if:
1203 *
1204 * Lookup a bridge member interface by ifnet*.
1205 */
1206 static struct bridge_iflist *
bridge_lookup_member_if(struct bridge_softc * sc,struct ifnet * member_ifp)1207 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
1208 {
1209 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1210 return (member_ifp->if_bridge);
1211 }
1212
1213 static void
bridge_delete_member_cb(struct epoch_context * ctx)1214 bridge_delete_member_cb(struct epoch_context *ctx)
1215 {
1216 struct bridge_iflist *bif;
1217
1218 bif = __containerof(ctx, struct bridge_iflist, bif_epoch_ctx);
1219
1220 free(bif, M_DEVBUF);
1221 }
1222
1223 /*
1224 * bridge_delete_member:
1225 *
1226 * Delete the specified member interface.
1227 */
1228 static void
bridge_delete_member(struct bridge_softc * sc,struct bridge_iflist * bif,int gone)1229 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
1230 int gone)
1231 {
1232 struct ifnet *ifs = bif->bif_ifp;
1233 struct ifnet *fif = NULL;
1234 struct bridge_iflist *bifl;
1235
1236 BRIDGE_LOCK_ASSERT(sc);
1237
1238 if (bif->bif_flags & IFBIF_STP)
1239 bstp_disable(&bif->bif_stp);
1240
1241 ifs->if_bridge = NULL;
1242 CK_LIST_REMOVE(bif, bif_next);
1243
1244 /*
1245 * If removing the interface that gave the bridge its mac address, set
1246 * the mac address of the bridge to the address of the next member, or
1247 * to its default address if no members are left.
1248 */
1249 if (V_bridge_inherit_mac && sc->sc_ifaddr == ifs) {
1250 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1251 bcopy(&sc->sc_defaddr,
1252 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1253 sc->sc_ifaddr = NULL;
1254 } else {
1255 bifl = CK_LIST_FIRST(&sc->sc_iflist);
1256 fif = bifl->bif_ifp;
1257 bcopy(IF_LLADDR(fif),
1258 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1259 sc->sc_ifaddr = fif;
1260 }
1261 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1262 }
1263
1264 bridge_linkcheck(sc);
1265 bridge_mutecaps(sc); /* recalcuate now this interface is removed */
1266 BRIDGE_RT_LOCK(sc);
1267 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
1268 BRIDGE_RT_UNLOCK(sc);
1269 KASSERT(bif->bif_addrcnt == 0,
1270 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt));
1271
1272 ifs->if_bridge_output = NULL;
1273 ifs->if_bridge_input = NULL;
1274 ifs->if_bridge_linkstate = NULL;
1275 if (!gone) {
1276 switch (ifs->if_type) {
1277 case IFT_ETHER:
1278 case IFT_L2VLAN:
1279 /*
1280 * Take the interface out of promiscuous mode, but only
1281 * if it was promiscuous in the first place. It might
1282 * not be if we're in the bridge_ioctl_add() error path.
1283 */
1284 if (ifs->if_flags & IFF_PROMISC)
1285 (void) ifpromisc(ifs, 0);
1286 break;
1287
1288 case IFT_GIF:
1289 break;
1290
1291 default:
1292 #ifdef DIAGNOSTIC
1293 panic("bridge_delete_member: impossible");
1294 #endif
1295 break;
1296 }
1297 /* Re-enable any interface capabilities */
1298 bridge_set_ifcap(sc, bif, bif->bif_savedcaps);
1299 }
1300 bstp_destroy(&bif->bif_stp); /* prepare to free */
1301
1302 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1303 }
1304
1305 /*
1306 * bridge_delete_span:
1307 *
1308 * Delete the specified span interface.
1309 */
1310 static void
bridge_delete_span(struct bridge_softc * sc,struct bridge_iflist * bif)1311 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
1312 {
1313 BRIDGE_LOCK_ASSERT(sc);
1314
1315 KASSERT(bif->bif_ifp->if_bridge == NULL,
1316 ("%s: not a span interface", __func__));
1317
1318 CK_LIST_REMOVE(bif, bif_next);
1319
1320 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1321 }
1322
1323 static int
bridge_ioctl_add(struct bridge_softc * sc,void * arg)1324 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
1325 {
1326 struct ifbreq *req = arg;
1327 struct bridge_iflist *bif = NULL;
1328 struct ifnet *ifs;
1329 int error = 0;
1330
1331 ifs = ifunit(req->ifbr_ifsname);
1332 if (ifs == NULL)
1333 return (EXTERROR(ENOENT, "No such interface",
1334 req->ifbr_ifsname));
1335 if (ifs->if_ioctl == NULL) /* must be supported */
1336 return (EXTERROR(EINVAL, "Interface must support ioctl(2)"));
1337
1338 /*
1339 * If the new interface is a vlan(4), it could be a bridge SVI.
1340 * Don't allow such things to be added to bridges.
1341 */
1342 if (ifs->if_type == IFT_L2VLAN) {
1343 struct ifnet *parent;
1344 struct epoch_tracker et;
1345 bool is_bridge;
1346
1347 /*
1348 * Entering NET_EPOCH with BRIDGE_LOCK held, but this is okay
1349 * since we don't sleep here.
1350 */
1351 NET_EPOCH_ENTER(et);
1352 parent = VLAN_TRUNKDEV(ifs);
1353 is_bridge = (parent != NULL && parent->if_type == IFT_BRIDGE);
1354 NET_EPOCH_EXIT(et);
1355
1356 if (is_bridge)
1357 return (EXTERROR(EINVAL,
1358 "Bridge SVI cannot be added to a bridge"));
1359 }
1360
1361 /* If it's in the span list, it can't be a member. */
1362 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1363 if (ifs == bif->bif_ifp)
1364 return (EXTERROR(EBUSY,
1365 "Span interface cannot be a member"));
1366
1367 if (ifs->if_bridge) {
1368 struct bridge_iflist *sbif = ifs->if_bridge;
1369 if (sbif->bif_sc == sc)
1370 return (EXTERROR(EEXIST,
1371 "Interface is already a member of this bridge"));
1372
1373 return (EXTERROR(EBUSY,
1374 "Interface is already a member of another bridge"));
1375 }
1376
1377 switch (ifs->if_type) {
1378 case IFT_ETHER:
1379 case IFT_L2VLAN:
1380 case IFT_GIF:
1381 /* permitted interface types */
1382 break;
1383 default:
1384 return (EXTERROR(EINVAL, "Unsupported interface type"));
1385 }
1386
1387 #ifdef INET6
1388 /*
1389 * Two valid inet6 addresses with link-local scope must not be
1390 * on the parent interface and the member interfaces at the
1391 * same time. This restriction is needed to prevent violation
1392 * of link-local scope zone. Attempts to add a member
1393 * interface which has inet6 addresses when the parent has
1394 * inet6 triggers removal of all inet6 addresses on the member
1395 * interface.
1396 */
1397
1398 /* Check if the parent interface has a link-local scope addr. */
1399 if (V_allow_llz_overlap == 0 &&
1400 in6ifa_llaonifp(sc->sc_ifp) != NULL) {
1401 /*
1402 * If any, remove all inet6 addresses from the member
1403 * interfaces.
1404 */
1405 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1406 if (in6ifa_llaonifp(bif->bif_ifp)) {
1407 in6_ifdetach(bif->bif_ifp);
1408 if_printf(sc->sc_ifp,
1409 "IPv6 addresses on %s have been removed "
1410 "before adding it as a member to prevent "
1411 "IPv6 address scope violation.\n",
1412 bif->bif_ifp->if_xname);
1413 }
1414 }
1415 if (in6ifa_llaonifp(ifs)) {
1416 in6_ifdetach(ifs);
1417 if_printf(sc->sc_ifp,
1418 "IPv6 addresses on %s have been removed "
1419 "before adding it as a member to prevent "
1420 "IPv6 address scope violation.\n",
1421 ifs->if_xname);
1422 }
1423 }
1424 #endif
1425
1426 /*
1427 * If member_ifaddrs is disabled, do not allow an interface with
1428 * assigned IP addresses to be added to a bridge.
1429 */
1430 if (!V_member_ifaddrs) {
1431 struct ifaddr *ifa;
1432
1433 CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
1434 #ifdef INET
1435 if (ifa->ifa_addr->sa_family == AF_INET)
1436 return (EXTERROR(EINVAL,
1437 "Member interface may not have "
1438 "an IPv4 address configured"));
1439 #endif
1440 #ifdef INET6
1441 if (ifa->ifa_addr->sa_family == AF_INET6)
1442 return (EXTERROR(EINVAL,
1443 "Member interface may not have "
1444 "an IPv6 address configured"));
1445 #endif
1446 }
1447 }
1448
1449 /* Allow the first Ethernet member to define the MTU */
1450 if (CK_LIST_EMPTY(&sc->sc_iflist))
1451 sc->sc_ifp->if_mtu = ifs->if_mtu;
1452 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
1453 struct ifreq ifr;
1454
1455 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s",
1456 ifs->if_xname);
1457 ifr.ifr_mtu = sc->sc_ifp->if_mtu;
1458
1459 error = (*ifs->if_ioctl)(ifs,
1460 SIOCSIFMTU, (caddr_t)&ifr);
1461 if (error != 0) {
1462 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1463 " new member %s\n", sc->sc_ifp->if_xname,
1464 ifr.ifr_mtu,
1465 ifs->if_xname);
1466 return (EXTERROR(EINVAL,
1467 "Failed to set MTU on new member"));
1468 }
1469 }
1470
1471 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1472 if (bif == NULL)
1473 return (ENOMEM);
1474
1475 bif->bif_sc = sc;
1476 bif->bif_ifp = ifs;
1477 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
1478 bif->bif_savedcaps = ifs->if_capenable;
1479
1480 /*
1481 * Assign the interface's MAC address to the bridge if it's the first
1482 * member and the MAC address of the bridge has not been changed from
1483 * the default randomly generated one.
1484 */
1485 if (V_bridge_inherit_mac && CK_LIST_EMPTY(&sc->sc_iflist) &&
1486 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr.octet, ETHER_ADDR_LEN)) {
1487 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1488 sc->sc_ifaddr = ifs;
1489 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1490 }
1491
1492 ifs->if_bridge = bif;
1493 ifs->if_bridge_output = bridge_output;
1494 ifs->if_bridge_input = bridge_input;
1495 ifs->if_bridge_linkstate = bridge_linkstate;
1496 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp);
1497 /*
1498 * XXX: XLOCK HERE!?!
1499 *
1500 * NOTE: insert_***HEAD*** should be safe for the traversals.
1501 */
1502 CK_LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
1503
1504 /* Set interface capabilities to the intersection set of all members */
1505 bridge_mutecaps(sc);
1506 bridge_linkcheck(sc);
1507
1508 /* Place the interface into promiscuous mode */
1509 switch (ifs->if_type) {
1510 case IFT_ETHER:
1511 case IFT_L2VLAN:
1512 error = ifpromisc(ifs, 1);
1513 break;
1514 }
1515
1516 if (error)
1517 bridge_delete_member(sc, bif, 0);
1518 return (error);
1519 }
1520
1521 static int
bridge_ioctl_del(struct bridge_softc * sc,void * arg)1522 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
1523 {
1524 struct ifbreq *req = arg;
1525 struct bridge_iflist *bif;
1526
1527 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1528 if (bif == NULL)
1529 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1530
1531 bridge_delete_member(sc, bif, 0);
1532
1533 return (0);
1534 }
1535
1536 static int
bridge_ioctl_gifflags(struct bridge_softc * sc,void * arg)1537 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
1538 {
1539 struct ifbreq *req = arg;
1540 struct bridge_iflist *bif;
1541 struct bstp_port *bp;
1542
1543 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1544 if (bif == NULL)
1545 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1546
1547 bp = &bif->bif_stp;
1548 req->ifbr_ifsflags = bif->bif_flags;
1549 req->ifbr_state = bp->bp_state;
1550 req->ifbr_priority = bp->bp_priority;
1551 req->ifbr_path_cost = bp->bp_path_cost;
1552 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1553 req->ifbr_proto = bp->bp_protover;
1554 req->ifbr_role = bp->bp_role;
1555 req->ifbr_stpflags = bp->bp_flags;
1556 req->ifbr_addrcnt = bif->bif_addrcnt;
1557 req->ifbr_addrmax = bif->bif_addrmax;
1558 req->ifbr_addrexceeded = bif->bif_addrexceeded;
1559 req->ifbr_pvid = bif->bif_pvid;
1560
1561 /* Copy STP state options as flags */
1562 if (bp->bp_operedge)
1563 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE;
1564 if (bp->bp_flags & BSTP_PORT_AUTOEDGE)
1565 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE;
1566 if (bp->bp_ptp_link)
1567 req->ifbr_ifsflags |= IFBIF_BSTP_PTP;
1568 if (bp->bp_flags & BSTP_PORT_AUTOPTP)
1569 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP;
1570 if (bp->bp_flags & BSTP_PORT_ADMEDGE)
1571 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE;
1572 if (bp->bp_flags & BSTP_PORT_ADMCOST)
1573 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST;
1574 return (0);
1575 }
1576
1577 static int
bridge_ioctl_sifflags(struct bridge_softc * sc,void * arg)1578 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1579 {
1580 struct epoch_tracker et;
1581 struct ifbreq *req = arg;
1582 struct bridge_iflist *bif;
1583 struct bstp_port *bp;
1584 int error;
1585
1586 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1587 if (bif == NULL)
1588 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1589 bp = &bif->bif_stp;
1590
1591 if (req->ifbr_ifsflags & IFBIF_SPAN)
1592 /* SPAN is readonly */
1593 return (EXTERROR(EINVAL, "Span interface cannot be modified"));
1594
1595 NET_EPOCH_ENTER(et);
1596
1597 if (req->ifbr_ifsflags & IFBIF_STP) {
1598 if ((bif->bif_flags & IFBIF_STP) == 0) {
1599 error = bstp_enable(&bif->bif_stp);
1600 if (error) {
1601 NET_EPOCH_EXIT(et);
1602 return (EXTERROR(error,
1603 "Failed to enable STP"));
1604 }
1605 }
1606 } else {
1607 if ((bif->bif_flags & IFBIF_STP) != 0)
1608 bstp_disable(&bif->bif_stp);
1609 }
1610
1611 /* Pass on STP flags */
1612 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0);
1613 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0);
1614 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0);
1615 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0);
1616
1617 /* Save the bits relating to the bridge */
1618 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK;
1619
1620 NET_EPOCH_EXIT(et);
1621
1622 return (0);
1623 }
1624
1625 static int
bridge_ioctl_scache(struct bridge_softc * sc,void * arg)1626 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1627 {
1628 struct ifbrparam *param = arg;
1629
1630 sc->sc_brtmax = param->ifbrp_csize;
1631 bridge_rttrim(sc);
1632
1633 return (0);
1634 }
1635
1636 static int
bridge_ioctl_gcache(struct bridge_softc * sc,void * arg)1637 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1638 {
1639 struct ifbrparam *param = arg;
1640
1641 param->ifbrp_csize = sc->sc_brtmax;
1642
1643 return (0);
1644 }
1645
1646 static int
bridge_ioctl_gifs(struct bridge_softc * sc,void * arg)1647 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1648 {
1649 struct ifbifconf *bifc = arg;
1650 struct bridge_iflist *bif;
1651 struct ifbreq breq;
1652 char *buf, *outbuf;
1653 int count, buflen, len, error = 0;
1654
1655 count = 0;
1656 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1657 count++;
1658 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1659 count++;
1660
1661 buflen = sizeof(breq) * count;
1662 if (bifc->ifbic_len == 0) {
1663 bifc->ifbic_len = buflen;
1664 return (0);
1665 }
1666 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1667 if (outbuf == NULL)
1668 return (ENOMEM);
1669
1670 count = 0;
1671 buf = outbuf;
1672 len = min(bifc->ifbic_len, buflen);
1673 bzero(&breq, sizeof(breq));
1674 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1675 if (len < sizeof(breq))
1676 break;
1677
1678 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1679 sizeof(breq.ifbr_ifsname));
1680 /* Fill in the ifbreq structure */
1681 error = bridge_ioctl_gifflags(sc, &breq);
1682 if (error)
1683 break;
1684 memcpy(buf, &breq, sizeof(breq));
1685 count++;
1686 buf += sizeof(breq);
1687 len -= sizeof(breq);
1688 }
1689 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1690 if (len < sizeof(breq))
1691 break;
1692
1693 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1694 sizeof(breq.ifbr_ifsname));
1695 breq.ifbr_ifsflags = bif->bif_flags;
1696 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1697 memcpy(buf, &breq, sizeof(breq));
1698 count++;
1699 buf += sizeof(breq);
1700 len -= sizeof(breq);
1701 }
1702
1703 bifc->ifbic_len = sizeof(breq) * count;
1704 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len);
1705 free(outbuf, M_TEMP);
1706 return (error);
1707 }
1708
1709 static int
bridge_ioctl_rts(struct bridge_softc * sc,void * arg)1710 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1711 {
1712 struct ifbaconf *bac = arg;
1713 struct bridge_rtnode *brt;
1714 struct ifbareq bareq;
1715 char *buf, *outbuf;
1716 int count, buflen, len, error = 0;
1717
1718 if (bac->ifbac_len == 0)
1719 return (0);
1720
1721 count = 0;
1722 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list)
1723 count++;
1724 buflen = sizeof(bareq) * count;
1725
1726 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1727 if (outbuf == NULL)
1728 return (ENOMEM);
1729
1730 count = 0;
1731 buf = outbuf;
1732 len = min(bac->ifbac_len, buflen);
1733 bzero(&bareq, sizeof(bareq));
1734 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1735 if (len < sizeof(bareq))
1736 goto out;
1737 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1738 sizeof(bareq.ifba_ifsname));
1739 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1740 bareq.ifba_vlan = brt->brt_vlan;
1741 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1742 time_uptime < brt->brt_expire)
1743 bareq.ifba_expire = brt->brt_expire - time_uptime;
1744 else
1745 bareq.ifba_expire = 0;
1746 bareq.ifba_flags = brt->brt_flags;
1747
1748 memcpy(buf, &bareq, sizeof(bareq));
1749 count++;
1750 buf += sizeof(bareq);
1751 len -= sizeof(bareq);
1752 }
1753 out:
1754 bac->ifbac_len = sizeof(bareq) * count;
1755 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len);
1756 free(outbuf, M_TEMP);
1757 return (error);
1758 }
1759
1760 static int
bridge_ioctl_saddr(struct bridge_softc * sc,void * arg)1761 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1762 {
1763 struct ifbareq *req = arg;
1764 struct bridge_iflist *bif;
1765 struct epoch_tracker et;
1766 int error;
1767
1768 NET_EPOCH_ENTER(et);
1769 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1770 if (bif == NULL) {
1771 NET_EPOCH_EXIT(et);
1772 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1773 }
1774
1775 /* bridge_rtupdate() may acquire the lock. */
1776 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1,
1777 req->ifba_flags);
1778 NET_EPOCH_EXIT(et);
1779
1780 return (error);
1781 }
1782
1783 static int
bridge_ioctl_sto(struct bridge_softc * sc,void * arg)1784 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1785 {
1786 struct ifbrparam *param = arg;
1787
1788 sc->sc_brttimeout = param->ifbrp_ctime;
1789 return (0);
1790 }
1791
1792 static int
bridge_ioctl_gto(struct bridge_softc * sc,void * arg)1793 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1794 {
1795 struct ifbrparam *param = arg;
1796
1797 param->ifbrp_ctime = sc->sc_brttimeout;
1798 return (0);
1799 }
1800
1801 static int
bridge_ioctl_daddr(struct bridge_softc * sc,void * arg)1802 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1803 {
1804 struct ifbareq *req = arg;
1805 int vlan = req->ifba_vlan;
1806
1807 /* Userspace uses '0' to mean 'any vlan' */
1808 if (vlan == 0)
1809 vlan = DOT1Q_VID_RSVD_IMPL;
1810
1811 return (bridge_rtdaddr(sc, req->ifba_dst, vlan));
1812 }
1813
1814 static int
bridge_ioctl_flush(struct bridge_softc * sc,void * arg)1815 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1816 {
1817 struct ifbreq *req = arg;
1818
1819 BRIDGE_RT_LOCK(sc);
1820 bridge_rtflush(sc, req->ifbr_ifsflags);
1821 BRIDGE_RT_UNLOCK(sc);
1822
1823 return (0);
1824 }
1825
1826 static int
bridge_ioctl_gpri(struct bridge_softc * sc,void * arg)1827 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1828 {
1829 struct ifbrparam *param = arg;
1830 struct bstp_state *bs = &sc->sc_stp;
1831
1832 param->ifbrp_prio = bs->bs_bridge_priority;
1833 return (0);
1834 }
1835
1836 static int
bridge_ioctl_spri(struct bridge_softc * sc,void * arg)1837 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1838 {
1839 struct ifbrparam *param = arg;
1840
1841 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio));
1842 }
1843
1844 static int
bridge_ioctl_ght(struct bridge_softc * sc,void * arg)1845 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1846 {
1847 struct ifbrparam *param = arg;
1848 struct bstp_state *bs = &sc->sc_stp;
1849
1850 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8;
1851 return (0);
1852 }
1853
1854 static int
bridge_ioctl_sht(struct bridge_softc * sc,void * arg)1855 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1856 {
1857 struct ifbrparam *param = arg;
1858
1859 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime));
1860 }
1861
1862 static int
bridge_ioctl_gfd(struct bridge_softc * sc,void * arg)1863 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1864 {
1865 struct ifbrparam *param = arg;
1866 struct bstp_state *bs = &sc->sc_stp;
1867
1868 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8;
1869 return (0);
1870 }
1871
1872 static int
bridge_ioctl_sfd(struct bridge_softc * sc,void * arg)1873 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1874 {
1875 struct ifbrparam *param = arg;
1876
1877 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay));
1878 }
1879
1880 static int
bridge_ioctl_gma(struct bridge_softc * sc,void * arg)1881 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1882 {
1883 struct ifbrparam *param = arg;
1884 struct bstp_state *bs = &sc->sc_stp;
1885
1886 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1887 return (0);
1888 }
1889
1890 static int
bridge_ioctl_sma(struct bridge_softc * sc,void * arg)1891 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1892 {
1893 struct ifbrparam *param = arg;
1894
1895 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage));
1896 }
1897
1898 static int
bridge_ioctl_sifprio(struct bridge_softc * sc,void * arg)1899 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1900 {
1901 struct ifbreq *req = arg;
1902 struct bridge_iflist *bif;
1903
1904 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1905 if (bif == NULL)
1906 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1907
1908 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority));
1909 }
1910
1911 static int
bridge_ioctl_sifcost(struct bridge_softc * sc,void * arg)1912 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1913 {
1914 struct ifbreq *req = arg;
1915 struct bridge_iflist *bif;
1916
1917 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1918 if (bif == NULL)
1919 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1920
1921 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost));
1922 }
1923
1924 static int
bridge_ioctl_sifmaxaddr(struct bridge_softc * sc,void * arg)1925 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg)
1926 {
1927 struct ifbreq *req = arg;
1928 struct bridge_iflist *bif;
1929
1930 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1931 if (bif == NULL)
1932 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1933
1934 bif->bif_addrmax = req->ifbr_addrmax;
1935 return (0);
1936 }
1937
1938 static int
bridge_ioctl_sifpvid(struct bridge_softc * sc,void * arg)1939 bridge_ioctl_sifpvid(struct bridge_softc *sc, void *arg)
1940 {
1941 struct ifbreq *req = arg;
1942 struct bridge_iflist *bif;
1943
1944 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1945 if (bif == NULL)
1946 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1947
1948 if (req->ifbr_pvid > DOT1Q_VID_MAX)
1949 return (EXTERROR(EINVAL, "Invalid VLAN ID"));
1950
1951 if (req->ifbr_pvid != DOT1Q_VID_NULL)
1952 bif->bif_flags |= IFBIF_VLANFILTER;
1953 bif->bif_pvid = req->ifbr_pvid;
1954 return (0);
1955 }
1956
1957 static int
bridge_ioctl_sifvlanset(struct bridge_softc * sc,void * arg)1958 bridge_ioctl_sifvlanset(struct bridge_softc *sc, void *arg)
1959 {
1960 struct ifbif_vlan_req *req = arg;
1961 struct bridge_iflist *bif;
1962
1963 bif = bridge_lookup_member(sc, req->bv_ifname);
1964 if (bif == NULL)
1965 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
1966
1967 /* Reject invalid VIDs. */
1968 if (BRVLAN_TEST(&req->bv_set, DOT1Q_VID_NULL) ||
1969 BRVLAN_TEST(&req->bv_set, DOT1Q_VID_RSVD_IMPL))
1970 return (EXTERROR(EINVAL, "Invalid VLAN ID in set"));
1971
1972 switch (req->bv_op) {
1973 /* Replace the existing vlan set with the new set */
1974 case BRDG_VLAN_OP_SET:
1975 BIT_COPY(BRVLAN_SETSIZE, &req->bv_set, &bif->bif_vlan_set);
1976 break;
1977
1978 /* Modify the existing vlan set to add the given vlans */
1979 case BRDG_VLAN_OP_ADD:
1980 BIT_OR(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
1981 break;
1982
1983 /* Modify the existing vlan set to remove the given vlans */
1984 case BRDG_VLAN_OP_DEL:
1985 BIT_ANDNOT(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
1986 break;
1987
1988 /* Invalid or unknown operation */
1989 default:
1990 return (EXTERROR(EINVAL,
1991 "Unsupported BRDGSIFVLANSET operation"));
1992 }
1993
1994 /*
1995 * The only reason to modify the VLAN access list is to use VLAN
1996 * filtering on this interface, so enable it automatically.
1997 */
1998 bif->bif_flags |= IFBIF_VLANFILTER;
1999
2000 return (0);
2001 }
2002
2003 static int
bridge_ioctl_gifvlanset(struct bridge_softc * sc,void * arg)2004 bridge_ioctl_gifvlanset(struct bridge_softc *sc, void *arg)
2005 {
2006 struct ifbif_vlan_req *req = arg;
2007 struct bridge_iflist *bif;
2008
2009 bif = bridge_lookup_member(sc, req->bv_ifname);
2010 if (bif == NULL)
2011 return (EXTERROR(ENOENT, "Interface is not a bridge member"));
2012
2013 BIT_COPY(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
2014 return (0);
2015 }
2016
2017 static int
bridge_ioctl_addspan(struct bridge_softc * sc,void * arg)2018 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
2019 {
2020 struct ifbreq *req = arg;
2021 struct bridge_iflist *bif = NULL;
2022 struct ifnet *ifs;
2023
2024 ifs = ifunit(req->ifbr_ifsname);
2025 if (ifs == NULL)
2026 return (EXTERROR(ENOENT, "No such interface"));
2027
2028 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2029 if (ifs == bif->bif_ifp)
2030 return (EXTERROR(EBUSY,
2031 "Interface is already a span port"));
2032
2033 if (ifs->if_bridge != NULL)
2034 return (EXTERROR(EEXIST,
2035 "Interface is already a bridge member"));
2036
2037 switch (ifs->if_type) {
2038 case IFT_ETHER:
2039 case IFT_GIF:
2040 case IFT_L2VLAN:
2041 break;
2042 default:
2043 return (EXTERROR(EINVAL, "Unsupported interface type"));
2044 }
2045
2046 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
2047 if (bif == NULL)
2048 return (ENOMEM);
2049
2050 bif->bif_ifp = ifs;
2051 bif->bif_flags = IFBIF_SPAN;
2052
2053 CK_LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
2054
2055 return (0);
2056 }
2057
2058 static int
bridge_ioctl_delspan(struct bridge_softc * sc,void * arg)2059 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
2060 {
2061 struct ifbreq *req = arg;
2062 struct bridge_iflist *bif;
2063 struct ifnet *ifs;
2064
2065 ifs = ifunit(req->ifbr_ifsname);
2066 if (ifs == NULL)
2067 return (EXTERROR(ENOENT, "No such interface"));
2068
2069 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2070 if (ifs == bif->bif_ifp)
2071 break;
2072
2073 if (bif == NULL)
2074 return (EXTERROR(ENOENT, "Interface is not a span port"));
2075
2076 bridge_delete_span(sc, bif);
2077
2078 return (0);
2079 }
2080
2081 static int
bridge_ioctl_gbparam(struct bridge_softc * sc,void * arg)2082 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
2083 {
2084 struct ifbropreq *req = arg;
2085 struct bstp_state *bs = &sc->sc_stp;
2086 struct bstp_port *root_port;
2087
2088 req->ifbop_maxage = bs->bs_bridge_max_age >> 8;
2089 req->ifbop_hellotime = bs->bs_bridge_htime >> 8;
2090 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8;
2091
2092 root_port = bs->bs_root_port;
2093 if (root_port == NULL)
2094 req->ifbop_root_port = 0;
2095 else
2096 req->ifbop_root_port = root_port->bp_ifp->if_index;
2097
2098 req->ifbop_holdcount = bs->bs_txholdcount;
2099 req->ifbop_priority = bs->bs_bridge_priority;
2100 req->ifbop_protocol = bs->bs_protover;
2101 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost;
2102 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id;
2103 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id;
2104 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id;
2105 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec;
2106 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec;
2107
2108 return (0);
2109 }
2110
2111 static int
bridge_ioctl_grte(struct bridge_softc * sc,void * arg)2112 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
2113 {
2114 struct ifbrparam *param = arg;
2115
2116 param->ifbrp_cexceeded = sc->sc_brtexceeded;
2117 return (0);
2118 }
2119
2120 static int
bridge_ioctl_gifsstp(struct bridge_softc * sc,void * arg)2121 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
2122 {
2123 struct ifbpstpconf *bifstp = arg;
2124 struct bridge_iflist *bif;
2125 struct bstp_port *bp;
2126 struct ifbpstpreq bpreq;
2127 char *buf, *outbuf;
2128 int count, buflen, len, error = 0;
2129
2130 count = 0;
2131 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2132 if ((bif->bif_flags & IFBIF_STP) != 0)
2133 count++;
2134 }
2135
2136 buflen = sizeof(bpreq) * count;
2137 if (bifstp->ifbpstp_len == 0) {
2138 bifstp->ifbpstp_len = buflen;
2139 return (0);
2140 }
2141
2142 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
2143 if (outbuf == NULL)
2144 return (ENOMEM);
2145
2146 count = 0;
2147 buf = outbuf;
2148 len = min(bifstp->ifbpstp_len, buflen);
2149 bzero(&bpreq, sizeof(bpreq));
2150 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2151 if (len < sizeof(bpreq))
2152 break;
2153
2154 if ((bif->bif_flags & IFBIF_STP) == 0)
2155 continue;
2156
2157 bp = &bif->bif_stp;
2158 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff;
2159 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions;
2160 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost;
2161 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id;
2162 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id;
2163 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id;
2164
2165 memcpy(buf, &bpreq, sizeof(bpreq));
2166 count++;
2167 buf += sizeof(bpreq);
2168 len -= sizeof(bpreq);
2169 }
2170
2171 bifstp->ifbpstp_len = sizeof(bpreq) * count;
2172 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len);
2173 free(outbuf, M_TEMP);
2174 return (error);
2175 }
2176
2177 static int
bridge_ioctl_sproto(struct bridge_softc * sc,void * arg)2178 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg)
2179 {
2180 struct ifbrparam *param = arg;
2181
2182 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto));
2183 }
2184
2185 static int
bridge_ioctl_stxhc(struct bridge_softc * sc,void * arg)2186 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg)
2187 {
2188 struct ifbrparam *param = arg;
2189
2190 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc));
2191 }
2192
2193 /*
2194 * bridge_ifdetach:
2195 *
2196 * Detach an interface from a bridge. Called when a member
2197 * interface is detaching.
2198 */
2199 static void
bridge_ifdetach(void * arg __unused,struct ifnet * ifp)2200 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
2201 {
2202 struct bridge_iflist *bif = ifp->if_bridge;
2203 struct bridge_softc *sc = NULL;
2204
2205 if (bif)
2206 sc = bif->bif_sc;
2207
2208 if (ifp->if_flags & IFF_RENAMING)
2209 return;
2210 if (V_bridge_cloner == NULL) {
2211 /*
2212 * This detach handler can be called after
2213 * vnet_bridge_uninit(). Just return in that case.
2214 */
2215 return;
2216 }
2217 /* Check if the interface is a bridge member */
2218 if (sc != NULL) {
2219 BRIDGE_LOCK(sc);
2220 bridge_delete_member(sc, bif, 1);
2221 BRIDGE_UNLOCK(sc);
2222 return;
2223 }
2224
2225 /* Check if the interface is a span port */
2226 BRIDGE_LIST_LOCK();
2227 LIST_FOREACH(sc, &V_bridge_list, sc_list) {
2228 BRIDGE_LOCK(sc);
2229 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2230 if (ifp == bif->bif_ifp) {
2231 bridge_delete_span(sc, bif);
2232 break;
2233 }
2234
2235 BRIDGE_UNLOCK(sc);
2236 }
2237 BRIDGE_LIST_UNLOCK();
2238 }
2239
2240 /*
2241 * bridge_init:
2242 *
2243 * Initialize a bridge interface.
2244 */
2245 static void
bridge_init(void * xsc)2246 bridge_init(void *xsc)
2247 {
2248 struct bridge_softc *sc = (struct bridge_softc *)xsc;
2249 struct ifnet *ifp = sc->sc_ifp;
2250
2251 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2252 return;
2253
2254 BRIDGE_LOCK(sc);
2255 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
2256 bridge_timer, sc);
2257
2258 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2259 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
2260
2261 BRIDGE_UNLOCK(sc);
2262 }
2263
2264 /*
2265 * bridge_stop:
2266 *
2267 * Stop the bridge interface.
2268 */
2269 static void
bridge_stop(struct ifnet * ifp,int disable)2270 bridge_stop(struct ifnet *ifp, int disable)
2271 {
2272 struct bridge_softc *sc = ifp->if_softc;
2273
2274 BRIDGE_LOCK_ASSERT(sc);
2275
2276 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2277 return;
2278
2279 BRIDGE_RT_LOCK(sc);
2280 callout_stop(&sc->sc_brcallout);
2281
2282 bstp_stop(&sc->sc_stp);
2283
2284 bridge_rtflush(sc, IFBF_FLUSHDYN);
2285 BRIDGE_RT_UNLOCK(sc);
2286
2287 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
2288 }
2289
2290 /*
2291 * bridge_enqueue:
2292 *
2293 * Enqueue a packet on a bridge member interface.
2294 *
2295 */
2296 static int
bridge_enqueue(struct bridge_softc * sc,struct ifnet * dst_ifp,struct mbuf * m,struct bridge_iflist * bif)2297 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m,
2298 struct bridge_iflist *bif)
2299 {
2300 int len, err = 0;
2301 short mflags;
2302 struct mbuf *m0;
2303
2304 /*
2305 * Find the bridge member port this packet is being sent on, if the
2306 * caller didn't already provide it.
2307 */
2308 if (bif == NULL)
2309 bif = bridge_lookup_member_if(sc, dst_ifp);
2310 if (bif == NULL) {
2311 /* Perhaps the interface was removed from the bridge */
2312 m_freem(m);
2313 return (EINVAL);
2314 }
2315
2316 /* We may be sending a fragment so traverse the mbuf */
2317 for (; m; m = m0) {
2318 m0 = m->m_nextpkt;
2319 m->m_nextpkt = NULL;
2320 len = m->m_pkthdr.len;
2321 mflags = m->m_flags;
2322
2323 /*
2324 * If VLAN filtering is enabled, and the native VLAN ID of the
2325 * outgoing interface matches the VLAN ID of the frame, remove
2326 * the VLAN header.
2327 */
2328 if ((bif->bif_flags & IFBIF_VLANFILTER) &&
2329 bif->bif_pvid != DOT1Q_VID_NULL &&
2330 VLANTAGOF(m) == bif->bif_pvid) {
2331 m->m_flags &= ~M_VLANTAG;
2332 m->m_pkthdr.ether_vtag = 0;
2333 }
2334
2335 /*
2336 * If underlying interface can not do VLAN tag insertion itself
2337 * then attach a packet tag that holds it.
2338 */
2339 if ((m->m_flags & M_VLANTAG) &&
2340 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
2341 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag);
2342 if (m == NULL) {
2343 if_printf(dst_ifp,
2344 "unable to prepend VLAN header\n");
2345 if_inc_counter(dst_ifp, IFCOUNTER_OERRORS, 1);
2346 continue;
2347 }
2348 m->m_flags &= ~M_VLANTAG;
2349 }
2350
2351 M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */
2352 if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
2353 int n;
2354
2355 for (m = m0, n = 1; m != NULL; m = m0, n++) {
2356 m0 = m->m_nextpkt;
2357 m_freem(m);
2358 }
2359 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, n);
2360 break;
2361 }
2362
2363 if_inc_counter(sc->sc_ifp, IFCOUNTER_OPACKETS, 1);
2364 if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, len);
2365 if (mflags & M_MCAST)
2366 if_inc_counter(sc->sc_ifp, IFCOUNTER_OMCASTS, 1);
2367 }
2368
2369 return (err);
2370 }
2371
2372 /*
2373 * bridge_dummynet:
2374 *
2375 * Receive a queued packet from dummynet and pass it on to the output
2376 * interface.
2377 *
2378 * The mbuf has the Ethernet header already attached.
2379 */
2380 static void
bridge_dummynet(struct mbuf * m,struct ifnet * ifp)2381 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
2382 {
2383 struct bridge_iflist *bif = ifp->if_bridge;
2384 struct bridge_softc *sc = NULL;
2385
2386 if (bif)
2387 sc = bif->bif_sc;
2388
2389 /*
2390 * The packet didnt originate from a member interface. This should only
2391 * ever happen if a member interface is removed while packets are
2392 * queued for it.
2393 */
2394 if (sc == NULL) {
2395 m_freem(m);
2396 return;
2397 }
2398
2399 if (PFIL_HOOKED_OUT_46) {
2400 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
2401 return;
2402 if (m == NULL)
2403 return;
2404 }
2405
2406 bridge_enqueue(sc, ifp, m, NULL);
2407 }
2408
2409 /*
2410 * bridge_output:
2411 *
2412 * Send output from a bridge member interface. This
2413 * performs the bridging function for locally originated
2414 * packets.
2415 *
2416 * The mbuf has the Ethernet header already attached. We must
2417 * enqueue or free the mbuf before returning.
2418 */
2419 static int
bridge_output(struct ifnet * ifp,struct mbuf * m,struct sockaddr * sa,struct rtentry * rt)2420 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
2421 struct rtentry *rt)
2422 {
2423 struct ether_header *eh;
2424 struct bridge_iflist *sbif;
2425 struct ifnet *bifp, *dst_if;
2426 struct bridge_softc *sc;
2427 ether_vlanid_t vlan;
2428
2429 NET_EPOCH_ASSERT();
2430
2431 if (m->m_len < ETHER_HDR_LEN) {
2432 m = m_pullup(m, ETHER_HDR_LEN);
2433 if (m == NULL)
2434 return (0);
2435 }
2436
2437 sbif = ifp->if_bridge;
2438 sc = sbif->bif_sc;
2439 bifp = sc->sc_ifp;
2440
2441 eh = mtod(m, struct ether_header *);
2442 vlan = VLANTAGOF(m);
2443
2444 /*
2445 * If bridge is down, but the original output interface is up,
2446 * go ahead and send out that interface. Otherwise, the packet
2447 * is dropped below.
2448 */
2449 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2450 dst_if = ifp;
2451 goto sendunicast;
2452 }
2453
2454 /*
2455 * If the packet is a multicast, or we don't know a better way to
2456 * get there, send to all interfaces.
2457 */
2458 if (ETHER_IS_MULTICAST(eh->ether_dhost))
2459 dst_if = NULL;
2460 else
2461 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan);
2462 /* Tap any traffic not passing back out the originating interface */
2463 if (dst_if != ifp)
2464 ETHER_BPF_MTAP(bifp, m);
2465 if (dst_if == NULL) {
2466 struct bridge_iflist *bif;
2467 struct mbuf *mc;
2468 int used = 0;
2469
2470 bridge_span(sc, m);
2471
2472 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2473 dst_if = bif->bif_ifp;
2474
2475 if (dst_if->if_type == IFT_GIF)
2476 continue;
2477 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2478 continue;
2479
2480 /*
2481 * If this is not the original output interface,
2482 * and the interface is participating in spanning
2483 * tree, make sure the port is in a state that
2484 * allows forwarding.
2485 */
2486 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) &&
2487 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2488 continue;
2489
2490 if (CK_LIST_NEXT(bif, bif_next) == NULL) {
2491 used = 1;
2492 mc = m;
2493 } else {
2494 mc = m_dup(m, M_NOWAIT);
2495 if (mc == NULL) {
2496 if_inc_counter(bifp, IFCOUNTER_OERRORS, 1);
2497 continue;
2498 }
2499 }
2500
2501 bridge_enqueue(sc, dst_if, mc, bif);
2502 }
2503 if (used == 0)
2504 m_freem(m);
2505 return (0);
2506 }
2507
2508 sendunicast:
2509 /*
2510 * XXX Spanning tree consideration here?
2511 */
2512
2513 bridge_span(sc, m);
2514 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2515 m_freem(m);
2516 return (0);
2517 }
2518
2519 bridge_enqueue(sc, dst_if, m, NULL);
2520 return (0);
2521 }
2522
2523 /*
2524 * bridge_transmit:
2525 *
2526 * Do output on a bridge.
2527 *
2528 */
2529 static int
bridge_transmit(struct ifnet * ifp,struct mbuf * m)2530 bridge_transmit(struct ifnet *ifp, struct mbuf *m)
2531 {
2532 struct bridge_softc *sc;
2533 struct ether_header *eh;
2534 struct ifnet *dst_if;
2535 int error = 0;
2536 ether_vlanid_t vlan;
2537
2538 sc = ifp->if_softc;
2539
2540 ETHER_BPF_MTAP(ifp, m);
2541
2542 eh = mtod(m, struct ether_header *);
2543 vlan = VLANTAGOF(m);
2544
2545 if (((m->m_flags & (M_BCAST|M_MCAST)) == 0) &&
2546 (dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan)) != NULL) {
2547 error = bridge_enqueue(sc, dst_if, m, NULL);
2548 } else
2549 bridge_broadcast(sc, ifp, m, 0);
2550
2551 return (error);
2552 }
2553
2554 #ifdef ALTQ
2555 static void
bridge_altq_start(if_t ifp)2556 bridge_altq_start(if_t ifp)
2557 {
2558 struct ifaltq *ifq = &ifp->if_snd;
2559 struct mbuf *m;
2560
2561 IFQ_LOCK(ifq);
2562 IFQ_DEQUEUE_NOLOCK(ifq, m);
2563 while (m != NULL) {
2564 bridge_transmit(ifp, m);
2565 IFQ_DEQUEUE_NOLOCK(ifq, m);
2566 }
2567 IFQ_UNLOCK(ifq);
2568 }
2569
2570 static int
bridge_altq_transmit(if_t ifp,struct mbuf * m)2571 bridge_altq_transmit(if_t ifp, struct mbuf *m)
2572 {
2573 int err;
2574
2575 if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
2576 IFQ_ENQUEUE(&ifp->if_snd, m, err);
2577 if (err == 0)
2578 bridge_altq_start(ifp);
2579 } else
2580 err = bridge_transmit(ifp, m);
2581
2582 return (err);
2583 }
2584 #endif /* ALTQ */
2585
2586 /*
2587 * The ifp->if_qflush entry point for if_bridge(4) is no-op.
2588 */
2589 static void
bridge_qflush(struct ifnet * ifp __unused)2590 bridge_qflush(struct ifnet *ifp __unused)
2591 {
2592 }
2593
2594 /*
2595 * bridge_forward:
2596 *
2597 * The forwarding function of the bridge.
2598 *
2599 * NOTE: Releases the lock on return.
2600 */
2601 static void
bridge_forward(struct bridge_softc * sc,struct bridge_iflist * sbif,struct mbuf * m)2602 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif,
2603 struct mbuf *m)
2604 {
2605 struct bridge_iflist *dbif;
2606 struct ifnet *src_if, *dst_if, *ifp;
2607 struct ether_header *eh;
2608 uint8_t *dst;
2609 int error;
2610 ether_vlanid_t vlan;
2611
2612 NET_EPOCH_ASSERT();
2613
2614 src_if = m->m_pkthdr.rcvif;
2615 ifp = sc->sc_ifp;
2616 vlan = VLANTAGOF(m);
2617
2618 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
2619 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2620
2621 if ((sbif->bif_flags & IFBIF_STP) &&
2622 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2623 goto drop;
2624
2625 eh = mtod(m, struct ether_header *);
2626 dst = eh->ether_dhost;
2627
2628 /* If the interface is learning, record the address. */
2629 if (sbif->bif_flags & IFBIF_LEARNING) {
2630 error = bridge_rtupdate(sc, eh->ether_shost, vlan,
2631 sbif, 0, IFBAF_DYNAMIC);
2632 /*
2633 * If the interface has addresses limits then deny any source
2634 * that is not in the cache.
2635 */
2636 if (error && sbif->bif_addrmax)
2637 goto drop;
2638 }
2639
2640 if ((sbif->bif_flags & IFBIF_STP) != 0 &&
2641 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING)
2642 goto drop;
2643
2644 #ifdef DEV_NETMAP
2645 /*
2646 * Hand the packet to netmap only if it wasn't injected by netmap
2647 * itself.
2648 */
2649 if ((m->m_flags & M_BRIDGE_INJECT) == 0 &&
2650 (if_getcapenable(ifp) & IFCAP_NETMAP) != 0) {
2651 ifp->if_input(ifp, m);
2652 return;
2653 }
2654 m->m_flags &= ~M_BRIDGE_INJECT;
2655 #endif
2656
2657 /*
2658 * At this point, the port either doesn't participate
2659 * in spanning tree or it is in the forwarding state.
2660 */
2661
2662 /*
2663 * If the packet is unicast, destined for someone on
2664 * "this" side of the bridge, drop it.
2665 */
2666 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
2667 dst_if = bridge_rtlookup(sc, dst, vlan);
2668 if (src_if == dst_if)
2669 goto drop;
2670 } else {
2671 /*
2672 * Check if its a reserved multicast address, any address
2673 * listed in 802.1D section 7.12.6 may not be forwarded by the
2674 * bridge.
2675 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F
2676 */
2677 if (dst[0] == 0x01 && dst[1] == 0x80 &&
2678 dst[2] == 0xc2 && dst[3] == 0x00 &&
2679 dst[4] == 0x00 && dst[5] <= 0x0f)
2680 goto drop;
2681
2682 /* ...forward it to all interfaces. */
2683 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
2684 dst_if = NULL;
2685 }
2686
2687 /*
2688 * If we have a destination interface which is a member of our bridge,
2689 * OR this is a unicast packet, push it through the bpf(4) machinery.
2690 * For broadcast or multicast packets, don't bother because it will
2691 * be reinjected into ether_input. We do this before we pass the packets
2692 * through the pfil(9) framework, as it is possible that pfil(9) will
2693 * drop the packet, or possibly modify it, making it difficult to debug
2694 * firewall issues on the bridge.
2695 */
2696 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
2697 ETHER_BPF_MTAP(ifp, m);
2698
2699 /* run the packet filter */
2700 if (PFIL_HOOKED_IN_46) {
2701 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
2702 return;
2703 if (m == NULL)
2704 return;
2705 }
2706
2707 if (dst_if == NULL) {
2708 bridge_broadcast(sc, src_if, m, 1);
2709 return;
2710 }
2711
2712 /*
2713 * At this point, we're dealing with a unicast frame
2714 * going to a different interface.
2715 */
2716 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2717 goto drop;
2718
2719 dbif = bridge_lookup_member_if(sc, dst_if);
2720 if (dbif == NULL)
2721 /* Not a member of the bridge (anymore?) */
2722 goto drop;
2723
2724 /* Private segments can not talk to each other */
2725 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)
2726 goto drop;
2727
2728 /* Do VLAN filtering. */
2729 if (!bridge_vfilter_out(dbif, m))
2730 goto drop;
2731
2732 if ((dbif->bif_flags & IFBIF_STP) &&
2733 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2734 goto drop;
2735
2736 if (PFIL_HOOKED_OUT_46) {
2737 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0)
2738 return;
2739 if (m == NULL)
2740 return;
2741 }
2742
2743 bridge_enqueue(sc, dst_if, m, dbif);
2744 return;
2745
2746 drop:
2747 m_freem(m);
2748 }
2749
2750 /*
2751 * bridge_input:
2752 *
2753 * Receive input from a member interface. Queue the packet for
2754 * bridging if it is not for us.
2755 */
2756 static struct mbuf *
bridge_input(struct ifnet * ifp,struct mbuf * m)2757 bridge_input(struct ifnet *ifp, struct mbuf *m)
2758 {
2759 struct bridge_softc *sc = NULL;
2760 struct bridge_iflist *bif, *bif2;
2761 struct ifnet *bifp;
2762 struct ether_header *eh;
2763 struct mbuf *mc, *mc2;
2764 ether_vlanid_t vlan;
2765 int error;
2766
2767 NET_EPOCH_ASSERT();
2768
2769 eh = mtod(m, struct ether_header *);
2770 vlan = VLANTAGOF(m);
2771
2772 bif = ifp->if_bridge;
2773 if (bif)
2774 sc = bif->bif_sc;
2775
2776 if (sc == NULL) {
2777 /*
2778 * This packet originated from the bridge itself, so it must
2779 * have been transmitted by netmap. Derive the "source"
2780 * interface from the source address and drop the packet if the
2781 * source address isn't known.
2782 */
2783 KASSERT((m->m_flags & M_BRIDGE_INJECT) != 0,
2784 ("%s: ifnet %p missing a bridge softc", __func__, ifp));
2785 sc = if_getsoftc(ifp);
2786 ifp = bridge_rtlookup(sc, eh->ether_shost, vlan);
2787 if (ifp == NULL) {
2788 if_inc_counter(sc->sc_ifp, IFCOUNTER_IERRORS, 1);
2789 m_freem(m);
2790 return (NULL);
2791 }
2792 m->m_pkthdr.rcvif = ifp;
2793 }
2794 bifp = sc->sc_ifp;
2795 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2796 return (m);
2797
2798 /*
2799 * Implement support for bridge monitoring. If this flag has been
2800 * set on this interface, discard the packet once we push it through
2801 * the bpf(4) machinery, but before we do, increment the byte and
2802 * packet counters associated with this interface.
2803 */
2804 if ((bifp->if_flags & IFF_MONITOR) != 0) {
2805 m->m_pkthdr.rcvif = bifp;
2806 ETHER_BPF_MTAP(bifp, m);
2807 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1);
2808 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2809 m_freem(m);
2810 return (NULL);
2811 }
2812
2813 /* Do VLAN filtering. */
2814 if (!bridge_vfilter_in(bif, m)) {
2815 if_inc_counter(sc->sc_ifp, IFCOUNTER_IERRORS, 1);
2816 m_freem(m);
2817 return (NULL);
2818 }
2819 /* bridge_vfilter_in() may add a tag */
2820 vlan = VLANTAGOF(m);
2821
2822 bridge_span(sc, m);
2823
2824 if (m->m_flags & (M_BCAST|M_MCAST)) {
2825 /* Tap off 802.1D packets; they do not get forwarded. */
2826 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2827 ETHER_ADDR_LEN) == 0) {
2828 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */
2829 return (NULL);
2830 }
2831
2832 if ((bif->bif_flags & IFBIF_STP) &&
2833 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2834 return (m);
2835 }
2836
2837 /*
2838 * Make a deep copy of the packet and enqueue the copy
2839 * for bridge processing; return the original packet for
2840 * local processing.
2841 */
2842 mc = m_dup(m, M_NOWAIT);
2843 if (mc == NULL) {
2844 return (m);
2845 }
2846
2847 /* Perform the bridge forwarding function with the copy. */
2848 bridge_forward(sc, bif, mc);
2849
2850 #ifdef DEV_NETMAP
2851 /*
2852 * If netmap is enabled and has not already seen this packet,
2853 * then it will be consumed by bridge_forward().
2854 */
2855 if ((if_getcapenable(bifp) & IFCAP_NETMAP) != 0 &&
2856 (m->m_flags & M_BRIDGE_INJECT) == 0) {
2857 m_freem(m);
2858 return (NULL);
2859 }
2860 #endif
2861
2862 /*
2863 * Reinject the mbuf as arriving on the bridge so we have a
2864 * chance at claiming multicast packets. We can not loop back
2865 * here from ether_input as a bridge is never a member of a
2866 * bridge.
2867 */
2868 KASSERT(bifp->if_bridge == NULL,
2869 ("loop created in bridge_input"));
2870 mc2 = m_dup(m, M_NOWAIT);
2871 if (mc2 != NULL) {
2872 /* Keep the layer3 header aligned */
2873 int i = min(mc2->m_pkthdr.len, max_protohdr);
2874 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2875 }
2876 if (mc2 != NULL) {
2877 mc2->m_pkthdr.rcvif = bifp;
2878 mc2->m_flags &= ~M_BRIDGE_INJECT;
2879 sc->sc_if_input(bifp, mc2);
2880 }
2881
2882 /* Return the original packet for local processing. */
2883 return (m);
2884 }
2885
2886 if ((bif->bif_flags & IFBIF_STP) &&
2887 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2888 return (m);
2889 }
2890
2891 #if defined(INET) || defined(INET6)
2892 #define CARP_CHECK_WE_ARE_DST(iface) \
2893 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_dhost))
2894 #define CARP_CHECK_WE_ARE_SRC(iface) \
2895 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_shost))
2896 #else
2897 #define CARP_CHECK_WE_ARE_DST(iface) false
2898 #define CARP_CHECK_WE_ARE_SRC(iface) false
2899 #endif
2900
2901 #ifdef DEV_NETMAP
2902 #define GRAB_FOR_NETMAP(ifp, m) do { \
2903 if ((if_getcapenable(ifp) & IFCAP_NETMAP) != 0 && \
2904 ((m)->m_flags & M_BRIDGE_INJECT) == 0) { \
2905 (ifp)->if_input(ifp, m); \
2906 return (NULL); \
2907 } \
2908 } while (0)
2909 #else
2910 #define GRAB_FOR_NETMAP(ifp, m)
2911 #endif
2912
2913 #define GRAB_OUR_PACKETS(iface) \
2914 if ((iface)->if_type == IFT_GIF) \
2915 continue; \
2916 /* It is destined for us. */ \
2917 if (memcmp(IF_LLADDR(iface), eh->ether_dhost, ETHER_ADDR_LEN) == 0 || \
2918 CARP_CHECK_WE_ARE_DST(iface)) { \
2919 if (bif->bif_flags & IFBIF_LEARNING) { \
2920 error = bridge_rtupdate(sc, eh->ether_shost, \
2921 vlan, bif, 0, IFBAF_DYNAMIC); \
2922 if (error && bif->bif_addrmax) { \
2923 m_freem(m); \
2924 return (NULL); \
2925 } \
2926 } \
2927 m->m_pkthdr.rcvif = iface; \
2928 if ((iface) == ifp) { \
2929 /* Skip bridge processing... src == dest */ \
2930 return (m); \
2931 } \
2932 /* It's passing over or to the bridge, locally. */ \
2933 ETHER_BPF_MTAP(bifp, m); \
2934 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); \
2935 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);\
2936 /* Hand the packet over to netmap if necessary. */ \
2937 GRAB_FOR_NETMAP(bifp, m); \
2938 /* Filter on the physical interface. */ \
2939 if (V_pfil_local_phys && PFIL_HOOKED_IN_46) { \
2940 if (bridge_pfil(&m, NULL, ifp, \
2941 PFIL_IN) != 0 || m == NULL) { \
2942 return (NULL); \
2943 } \
2944 } \
2945 if ((iface) != bifp) \
2946 ETHER_BPF_MTAP(iface, m); \
2947 /* Pass tagged packets to if_vlan, if it's loaded */ \
2948 if (VLANTAGOF(m) != 0) { \
2949 if (bifp->if_vlantrunk == NULL) { \
2950 m_freem(m); \
2951 return (NULL); \
2952 } \
2953 (*vlan_input_p)(bifp, m); \
2954 return (NULL); \
2955 } \
2956 return (m); \
2957 } \
2958 \
2959 /* We just received a packet that we sent out. */ \
2960 if (memcmp(IF_LLADDR(iface), eh->ether_shost, ETHER_ADDR_LEN) == 0 || \
2961 CARP_CHECK_WE_ARE_SRC(iface)) { \
2962 m_freem(m); \
2963 return (NULL); \
2964 }
2965
2966 /*
2967 * Unicast. Make sure it's not for the bridge.
2968 */
2969 do { GRAB_OUR_PACKETS(bifp) } while (0);
2970
2971 /*
2972 * Check the interface the packet arrived on. For tagged frames,
2973 * we need to do this even if member_ifaddrs is disabled because
2974 * vlan(4) might need to handle the traffic.
2975 */
2976 if (V_member_ifaddrs || (vlan && ifp->if_vlantrunk))
2977 do { GRAB_OUR_PACKETS(ifp) } while (0);
2978
2979 /*
2980 * We only need to check other members interface if member_ifaddrs
2981 * is enabled; otherwise we should have never traffic destined for
2982 * a member's lladdr.
2983 */
2984 if (V_member_ifaddrs) {
2985 CK_LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) {
2986 GRAB_OUR_PACKETS(bif2->bif_ifp)
2987 }
2988 }
2989
2990 #undef CARP_CHECK_WE_ARE_DST
2991 #undef CARP_CHECK_WE_ARE_SRC
2992 #undef GRAB_FOR_NETMAP
2993 #undef GRAB_OUR_PACKETS
2994
2995 /* Perform the bridge forwarding function. */
2996 bridge_forward(sc, bif, m);
2997
2998 return (NULL);
2999 }
3000
3001 /*
3002 * Inject a packet back into the host ethernet stack. This will generally only
3003 * be used by netmap when an application writes to the host TX ring. The
3004 * M_BRIDGE_INJECT flag ensures that the packet is re-routed to the bridge
3005 * interface after ethernet processing.
3006 */
3007 static void
bridge_inject(struct ifnet * ifp,struct mbuf * m)3008 bridge_inject(struct ifnet *ifp, struct mbuf *m)
3009 {
3010 struct bridge_softc *sc;
3011
3012 if (ifp->if_type == IFT_L2VLAN) {
3013 /*
3014 * vlan(4) gives us the vlan ifnet, so we need to get the
3015 * bridge softc to get a pointer to ether_input to send the
3016 * packet to.
3017 */
3018 struct ifnet *bifp = NULL;
3019
3020 if (vlan_trunkdev_p == NULL) {
3021 m_freem(m);
3022 return;
3023 }
3024
3025 bifp = vlan_trunkdev_p(ifp);
3026 if (bifp == NULL) {
3027 m_freem(m);
3028 return;
3029 }
3030
3031 sc = if_getsoftc(bifp);
3032 sc->sc_if_input(ifp, m);
3033 return;
3034 }
3035
3036 KASSERT((if_getcapenable(ifp) & IFCAP_NETMAP) != 0,
3037 ("%s: iface %s is not running in netmap mode",
3038 __func__, if_name(ifp)));
3039 KASSERT((m->m_flags & M_BRIDGE_INJECT) == 0,
3040 ("%s: mbuf %p has M_BRIDGE_INJECT set", __func__, m));
3041
3042 m->m_flags |= M_BRIDGE_INJECT;
3043 sc = if_getsoftc(ifp);
3044 sc->sc_if_input(ifp, m);
3045 }
3046
3047 /*
3048 * bridge_broadcast:
3049 *
3050 * Send a frame to all interfaces that are members of
3051 * the bridge, except for the one on which the packet
3052 * arrived.
3053 *
3054 * NOTE: Releases the lock on return.
3055 */
3056 static void
bridge_broadcast(struct bridge_softc * sc,struct ifnet * src_if,struct mbuf * m,int runfilt)3057 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
3058 struct mbuf *m, int runfilt)
3059 {
3060 struct bridge_iflist *dbif, *sbif;
3061 struct mbuf *mc;
3062 struct ifnet *dst_if;
3063 int used = 0, i;
3064
3065 NET_EPOCH_ASSERT();
3066
3067 sbif = bridge_lookup_member_if(sc, src_if);
3068
3069 /* Filter on the bridge interface before broadcasting */
3070 if (runfilt && PFIL_HOOKED_OUT_46) {
3071 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
3072 return;
3073 if (m == NULL)
3074 return;
3075 }
3076
3077 CK_LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) {
3078 dst_if = dbif->bif_ifp;
3079 if (dst_if == src_if)
3080 continue;
3081
3082 /* Private segments can not talk to each other */
3083 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE))
3084 continue;
3085
3086 /* Do VLAN filtering. */
3087 if (!bridge_vfilter_out(dbif, m))
3088 continue;
3089
3090 if ((dbif->bif_flags & IFBIF_STP) &&
3091 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
3092 continue;
3093
3094 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 &&
3095 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
3096 continue;
3097
3098 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
3099 continue;
3100
3101 if (CK_LIST_NEXT(dbif, bif_next) == NULL) {
3102 mc = m;
3103 used = 1;
3104 } else {
3105 mc = m_dup(m, M_NOWAIT);
3106 if (mc == NULL) {
3107 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3108 continue;
3109 }
3110 }
3111
3112 /*
3113 * Filter on the output interface. Pass a NULL bridge interface
3114 * pointer so we do not redundantly filter on the bridge for
3115 * each interface we broadcast on.
3116 */
3117 if (runfilt && PFIL_HOOKED_OUT_46) {
3118 if (used == 0) {
3119 /* Keep the layer3 header aligned */
3120 i = min(mc->m_pkthdr.len, max_protohdr);
3121 mc = m_copyup(mc, i, ETHER_ALIGN);
3122 if (mc == NULL) {
3123 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3124 continue;
3125 }
3126 }
3127 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
3128 continue;
3129 if (mc == NULL)
3130 continue;
3131 }
3132
3133 bridge_enqueue(sc, dst_if, mc, dbif);
3134 }
3135 if (used == 0)
3136 m_freem(m);
3137 }
3138
3139 /*
3140 * bridge_span:
3141 *
3142 * Duplicate a packet out one or more interfaces that are in span mode,
3143 * the original mbuf is unmodified.
3144 */
3145 static void
bridge_span(struct bridge_softc * sc,struct mbuf * m)3146 bridge_span(struct bridge_softc *sc, struct mbuf *m)
3147 {
3148 struct bridge_iflist *bif;
3149 struct ifnet *dst_if;
3150 struct mbuf *mc;
3151
3152 NET_EPOCH_ASSERT();
3153
3154 if (CK_LIST_EMPTY(&sc->sc_spanlist))
3155 return;
3156
3157 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
3158 dst_if = bif->bif_ifp;
3159
3160 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
3161 continue;
3162
3163 mc = m_dup(m, M_NOWAIT);
3164 if (mc == NULL) {
3165 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3166 continue;
3167 }
3168
3169 bridge_enqueue(sc, dst_if, mc, bif);
3170 }
3171 }
3172
3173 /*
3174 * Incoming VLAN filtering. Given a frame and the member interface it was
3175 * received on, decide whether the port configuration allows it.
3176 */
3177 static bool
bridge_vfilter_in(const struct bridge_iflist * sbif,struct mbuf * m)3178 bridge_vfilter_in(const struct bridge_iflist *sbif, struct mbuf *m)
3179 {
3180 ether_vlanid_t vlan;
3181
3182 vlan = VLANTAGOF(m);
3183 /* Make sure the vlan id is reasonable. */
3184 if (vlan > DOT1Q_VID_MAX)
3185 return (false);
3186
3187 /* If VLAN filtering isn't enabled, pass everything. */
3188 if ((sbif->bif_flags & IFBIF_VLANFILTER) == 0)
3189 return (true);
3190
3191 if (vlan == DOT1Q_VID_NULL) {
3192 /*
3193 * The frame doesn't have a tag. If the interface does not
3194 * have an untagged vlan configured, drop the frame.
3195 */
3196 if (sbif->bif_pvid == DOT1Q_VID_NULL)
3197 return (false);
3198
3199 /*
3200 * Otherwise, insert a new tag based on the interface's
3201 * untagged vlan id.
3202 */
3203 m->m_pkthdr.ether_vtag = sbif->bif_pvid;
3204 m->m_flags |= M_VLANTAG;
3205 } else {
3206 /*
3207 * The frame has a tag, so check it matches the interface's
3208 * vlan access list. We explicitly do not accept tagged
3209 * frames for the untagged vlan id here (unless it's also
3210 * in the access list).
3211 */
3212 if (!BRVLAN_TEST(&sbif->bif_vlan_set, vlan))
3213 return (false);
3214 }
3215
3216 /* Accept the frame. */
3217 return (true);
3218 }
3219
3220 /*
3221 * Outgoing VLAN filtering. Given a frame, its vlan, and the member interface
3222 * we intend to send it to, decide whether the port configuration allows it to
3223 * be sent.
3224 */
3225 static bool
bridge_vfilter_out(const struct bridge_iflist * dbif,const struct mbuf * m)3226 bridge_vfilter_out(const struct bridge_iflist *dbif, const struct mbuf *m)
3227 {
3228 struct ether_header *eh;
3229 ether_vlanid_t vlan;
3230
3231 NET_EPOCH_ASSERT();
3232
3233 /* If VLAN filtering isn't enabled, pass everything. */
3234 if ((dbif->bif_flags & IFBIF_VLANFILTER) == 0)
3235 return (true);
3236
3237 vlan = VLANTAGOF(m);
3238
3239 /*
3240 * Always allow untagged 802.1D STP frames, even if they would
3241 * otherwise be dropped. This is required for STP to work on
3242 * a filtering bridge.
3243 *
3244 * Tagged STP (Cisco PVST+) is a non-standard extension, so
3245 * handle those frames via the normal filtering path.
3246 */
3247 eh = mtod(m, struct ether_header *);
3248 if (vlan == DOT1Q_VID_NULL &&
3249 memcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN) == 0)
3250 return (true);
3251
3252 /*
3253 * If the frame wasn't assigned to a vlan at ingress, drop it.
3254 * We can't forward these frames to filtering ports because we
3255 * don't know what VLAN they're supposed to be in.
3256 */
3257 if (vlan == DOT1Q_VID_NULL)
3258 return (false);
3259
3260 /*
3261 * If the frame's vlan matches the interfaces's untagged vlan,
3262 * allow it.
3263 */
3264 if (vlan == dbif->bif_pvid)
3265 return (true);
3266
3267 /*
3268 * If the frame's vlan is on the interface's tagged access list,
3269 * allow it.
3270 */
3271 if (BRVLAN_TEST(&dbif->bif_vlan_set, vlan))
3272 return (true);
3273
3274 /* The frame was not permitted, so drop it. */
3275 return (false);
3276 }
3277
3278 /*
3279 * bridge_rtupdate:
3280 *
3281 * Add a bridge routing entry.
3282 */
3283 static int
bridge_rtupdate(struct bridge_softc * sc,const uint8_t * dst,ether_vlanid_t vlan,struct bridge_iflist * bif,int setflags,uint8_t flags)3284 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
3285 ether_vlanid_t vlan, struct bridge_iflist *bif,
3286 int setflags, uint8_t flags)
3287 {
3288 struct bridge_rtnode *brt;
3289 struct bridge_iflist *obif;
3290 int error;
3291
3292 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
3293
3294 /* Check the source address is valid and not multicast. */
3295 if (ETHER_IS_MULTICAST(dst))
3296 return (EXTERROR(EINVAL, "Multicast address not permitted"));
3297 if (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
3298 dst[3] == 0 && dst[4] == 0 && dst[5] == 0)
3299 return (EXTERROR(EINVAL, "Zero address not permitted"));
3300
3301 /*
3302 * A route for this destination might already exist. If so,
3303 * update it, otherwise create a new one.
3304 */
3305 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) {
3306 BRIDGE_RT_LOCK(sc);
3307
3308 /* Check again, now that we have the lock. There could have
3309 * been a race and we only want to insert this once. */
3310 if (bridge_rtnode_lookup(sc, dst, vlan) != NULL) {
3311 BRIDGE_RT_UNLOCK(sc);
3312 return (0);
3313 }
3314
3315 if (sc->sc_brtcnt >= sc->sc_brtmax) {
3316 sc->sc_brtexceeded++;
3317 BRIDGE_RT_UNLOCK(sc);
3318 return (EXTERROR(ENOSPC, "Address table is full"));
3319 }
3320 /* Check per interface address limits (if enabled) */
3321 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) {
3322 bif->bif_addrexceeded++;
3323 BRIDGE_RT_UNLOCK(sc);
3324 return (EXTERROR(ENOSPC,
3325 "Interface address limit exceeded"));
3326 }
3327
3328 /*
3329 * Allocate a new bridge forwarding node, and
3330 * initialize the expiration time and Ethernet
3331 * address.
3332 */
3333 brt = uma_zalloc(V_bridge_rtnode_zone, M_NOWAIT | M_ZERO);
3334 if (brt == NULL) {
3335 BRIDGE_RT_UNLOCK(sc);
3336 return (EXTERROR(ENOMEM,
3337 "Cannot allocate address node"));
3338 }
3339 brt->brt_vnet = curvnet;
3340
3341 if (bif->bif_flags & IFBIF_STICKY)
3342 brt->brt_flags = IFBAF_STICKY;
3343 else
3344 brt->brt_flags = IFBAF_DYNAMIC;
3345
3346 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
3347 brt->brt_vlan = vlan;
3348
3349 brt->brt_dst = bif;
3350 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
3351 uma_zfree(V_bridge_rtnode_zone, brt);
3352 BRIDGE_RT_UNLOCK(sc);
3353 return (error);
3354 }
3355 bif->bif_addrcnt++;
3356
3357 BRIDGE_RT_UNLOCK(sc);
3358 }
3359
3360 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
3361 (obif = brt->brt_dst) != bif) {
3362 MPASS(obif != NULL);
3363
3364 BRIDGE_RT_LOCK(sc);
3365 brt->brt_dst->bif_addrcnt--;
3366 brt->brt_dst = bif;
3367 brt->brt_dst->bif_addrcnt++;
3368 BRIDGE_RT_UNLOCK(sc);
3369
3370 if (V_log_mac_flap &&
3371 ppsratecheck(&V_log_last, &V_log_count, V_log_interval)) {
3372 log(LOG_NOTICE,
3373 "%s: mac address %6D vlan %d moved from %s to %s\n",
3374 sc->sc_ifp->if_xname,
3375 &brt->brt_addr[0], ":",
3376 brt->brt_vlan,
3377 obif->bif_ifp->if_xname,
3378 bif->bif_ifp->if_xname);
3379 }
3380 }
3381
3382 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3383 brt->brt_expire = time_uptime + sc->sc_brttimeout;
3384 if (setflags)
3385 brt->brt_flags = flags;
3386
3387 return (0);
3388 }
3389
3390 /*
3391 * bridge_rtlookup:
3392 *
3393 * Lookup the destination interface for an address.
3394 */
3395 static struct ifnet *
bridge_rtlookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3396 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr,
3397 ether_vlanid_t vlan)
3398 {
3399 struct bridge_rtnode *brt;
3400
3401 NET_EPOCH_ASSERT();
3402
3403 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL)
3404 return (NULL);
3405
3406 return (brt->brt_ifp);
3407 }
3408
3409 /*
3410 * bridge_rttrim:
3411 *
3412 * Trim the routine table so that we have a number
3413 * of routing entries less than or equal to the
3414 * maximum number.
3415 */
3416 static void
bridge_rttrim(struct bridge_softc * sc)3417 bridge_rttrim(struct bridge_softc *sc)
3418 {
3419 struct bridge_rtnode *brt, *nbrt;
3420
3421 NET_EPOCH_ASSERT();
3422 BRIDGE_RT_LOCK_ASSERT(sc);
3423
3424 /* Make sure we actually need to do this. */
3425 if (sc->sc_brtcnt <= sc->sc_brtmax)
3426 return;
3427
3428 /* Force an aging cycle; this might trim enough addresses. */
3429 bridge_rtage(sc);
3430 if (sc->sc_brtcnt <= sc->sc_brtmax)
3431 return;
3432
3433 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3434 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3435 bridge_rtnode_destroy(sc, brt);
3436 if (sc->sc_brtcnt <= sc->sc_brtmax)
3437 return;
3438 }
3439 }
3440 }
3441
3442 /*
3443 * bridge_timer:
3444 *
3445 * Aging timer for the bridge.
3446 */
3447 static void
bridge_timer(void * arg)3448 bridge_timer(void *arg)
3449 {
3450 struct bridge_softc *sc = arg;
3451
3452 BRIDGE_RT_LOCK_ASSERT(sc);
3453
3454 /* Destruction of rtnodes requires a proper vnet context */
3455 CURVNET_SET(sc->sc_ifp->if_vnet);
3456 bridge_rtage(sc);
3457
3458 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
3459 callout_reset(&sc->sc_brcallout,
3460 bridge_rtable_prune_period * hz, bridge_timer, sc);
3461 CURVNET_RESTORE();
3462 }
3463
3464 /*
3465 * bridge_rtage:
3466 *
3467 * Perform an aging cycle.
3468 */
3469 static void
bridge_rtage(struct bridge_softc * sc)3470 bridge_rtage(struct bridge_softc *sc)
3471 {
3472 struct bridge_rtnode *brt, *nbrt;
3473
3474 BRIDGE_RT_LOCK_ASSERT(sc);
3475
3476 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3477 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3478 if (time_uptime >= brt->brt_expire)
3479 bridge_rtnode_destroy(sc, brt);
3480 }
3481 }
3482 }
3483
3484 /*
3485 * bridge_rtflush:
3486 *
3487 * Remove all dynamic addresses from the bridge.
3488 */
3489 static void
bridge_rtflush(struct bridge_softc * sc,int full)3490 bridge_rtflush(struct bridge_softc *sc, int full)
3491 {
3492 struct bridge_rtnode *brt, *nbrt;
3493
3494 BRIDGE_RT_LOCK_ASSERT(sc);
3495
3496 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3497 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3498 bridge_rtnode_destroy(sc, brt);
3499 }
3500 }
3501
3502 /*
3503 * bridge_rtdaddr:
3504 *
3505 * Remove an address from the table.
3506 */
3507 static int
bridge_rtdaddr(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3508 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr,
3509 ether_vlanid_t vlan)
3510 {
3511 struct bridge_rtnode *brt;
3512 int found = 0;
3513
3514 BRIDGE_RT_LOCK(sc);
3515
3516 /*
3517 * If vlan is DOT1Q_VID_RSVD_IMPL then we want to delete for all vlans
3518 * so the lookup may return more than one.
3519 */
3520 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) {
3521 bridge_rtnode_destroy(sc, brt);
3522 found = 1;
3523 }
3524
3525 BRIDGE_RT_UNLOCK(sc);
3526
3527 return (found ? 0 : ENOENT);
3528 }
3529
3530 /*
3531 * bridge_rtdelete:
3532 *
3533 * Delete routes to a speicifc member interface.
3534 */
3535 static void
bridge_rtdelete(struct bridge_softc * sc,struct ifnet * ifp,int full)3536 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
3537 {
3538 struct bridge_rtnode *brt, *nbrt;
3539
3540 BRIDGE_RT_LOCK_ASSERT(sc);
3541
3542 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3543 if (brt->brt_ifp == ifp && (full ||
3544 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
3545 bridge_rtnode_destroy(sc, brt);
3546 }
3547 }
3548
3549 /*
3550 * bridge_rtable_init:
3551 *
3552 * Initialize the route table for this bridge.
3553 */
3554 static void
bridge_rtable_init(struct bridge_softc * sc)3555 bridge_rtable_init(struct bridge_softc *sc)
3556 {
3557 int i;
3558
3559 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
3560 M_DEVBUF, M_WAITOK);
3561
3562 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
3563 CK_LIST_INIT(&sc->sc_rthash[i]);
3564
3565 sc->sc_rthash_key = arc4random();
3566 CK_LIST_INIT(&sc->sc_rtlist);
3567 }
3568
3569 /*
3570 * bridge_rtable_fini:
3571 *
3572 * Deconstruct the route table for this bridge.
3573 */
3574 static void
bridge_rtable_fini(struct bridge_softc * sc)3575 bridge_rtable_fini(struct bridge_softc *sc)
3576 {
3577
3578 KASSERT(sc->sc_brtcnt == 0,
3579 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt));
3580 free(sc->sc_rthash, M_DEVBUF);
3581 }
3582
3583 /*
3584 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
3585 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
3586 */
3587 #define mix(a, b, c) \
3588 do { \
3589 a -= b; a -= c; a ^= (c >> 13); \
3590 b -= c; b -= a; b ^= (a << 8); \
3591 c -= a; c -= b; c ^= (b >> 13); \
3592 a -= b; a -= c; a ^= (c >> 12); \
3593 b -= c; b -= a; b ^= (a << 16); \
3594 c -= a; c -= b; c ^= (b >> 5); \
3595 a -= b; a -= c; a ^= (c >> 3); \
3596 b -= c; b -= a; b ^= (a << 10); \
3597 c -= a; c -= b; c ^= (b >> 15); \
3598 } while (/*CONSTCOND*/0)
3599
3600 static __inline uint32_t
bridge_rthash(struct bridge_softc * sc,const uint8_t * addr)3601 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
3602 {
3603 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
3604
3605 b += addr[5] << 8;
3606 b += addr[4];
3607 a += addr[3] << 24;
3608 a += addr[2] << 16;
3609 a += addr[1] << 8;
3610 a += addr[0];
3611
3612 mix(a, b, c);
3613
3614 return (c & BRIDGE_RTHASH_MASK);
3615 }
3616
3617 #undef mix
3618
3619 static int
bridge_rtnode_addr_cmp(const uint8_t * a,const uint8_t * b)3620 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
3621 {
3622 int i, d;
3623
3624 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
3625 d = ((int)a[i]) - ((int)b[i]);
3626 }
3627
3628 return (d);
3629 }
3630
3631 /*
3632 * bridge_rtnode_lookup:
3633 *
3634 * Look up a bridge route node for the specified destination. Compare the
3635 * vlan id or if zero then just return the first match.
3636 */
3637 static struct bridge_rtnode *
bridge_rtnode_lookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3638 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr,
3639 ether_vlanid_t vlan)
3640 {
3641 struct bridge_rtnode *brt;
3642 uint32_t hash;
3643 int dir;
3644
3645 BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(sc);
3646
3647 hash = bridge_rthash(sc, addr);
3648 CK_LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
3649 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
3650 if (dir == 0 && (brt->brt_vlan == vlan || vlan == DOT1Q_VID_RSVD_IMPL))
3651 return (brt);
3652 if (dir > 0)
3653 return (NULL);
3654 }
3655
3656 return (NULL);
3657 }
3658
3659 /*
3660 * bridge_rtnode_insert:
3661 *
3662 * Insert the specified bridge node into the route table. We
3663 * assume the entry is not already in the table.
3664 */
3665 static int
bridge_rtnode_insert(struct bridge_softc * sc,struct bridge_rtnode * brt)3666 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
3667 {
3668 struct bridge_rtnode *lbrt;
3669 uint32_t hash;
3670 int dir;
3671
3672 BRIDGE_RT_LOCK_ASSERT(sc);
3673
3674 hash = bridge_rthash(sc, brt->brt_addr);
3675
3676 lbrt = CK_LIST_FIRST(&sc->sc_rthash[hash]);
3677 if (lbrt == NULL) {
3678 CK_LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
3679 goto out;
3680 }
3681
3682 do {
3683 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
3684 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan)
3685 return (EXTERROR(EEXIST, "Address already exists"));
3686 if (dir > 0) {
3687 CK_LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
3688 goto out;
3689 }
3690 if (CK_LIST_NEXT(lbrt, brt_hash) == NULL) {
3691 CK_LIST_INSERT_AFTER(lbrt, brt, brt_hash);
3692 goto out;
3693 }
3694 lbrt = CK_LIST_NEXT(lbrt, brt_hash);
3695 } while (lbrt != NULL);
3696
3697 #ifdef DIAGNOSTIC
3698 panic("bridge_rtnode_insert: impossible");
3699 #endif
3700
3701 out:
3702 CK_LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
3703 sc->sc_brtcnt++;
3704
3705 return (0);
3706 }
3707
3708 static void
bridge_rtnode_destroy_cb(struct epoch_context * ctx)3709 bridge_rtnode_destroy_cb(struct epoch_context *ctx)
3710 {
3711 struct bridge_rtnode *brt;
3712
3713 brt = __containerof(ctx, struct bridge_rtnode, brt_epoch_ctx);
3714
3715 CURVNET_SET(brt->brt_vnet);
3716 uma_zfree(V_bridge_rtnode_zone, brt);
3717 CURVNET_RESTORE();
3718 }
3719
3720 /*
3721 * bridge_rtnode_destroy:
3722 *
3723 * Destroy a bridge rtnode.
3724 */
3725 static void
bridge_rtnode_destroy(struct bridge_softc * sc,struct bridge_rtnode * brt)3726 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
3727 {
3728 BRIDGE_RT_LOCK_ASSERT(sc);
3729
3730 CK_LIST_REMOVE(brt, brt_hash);
3731
3732 CK_LIST_REMOVE(brt, brt_list);
3733 sc->sc_brtcnt--;
3734 brt->brt_dst->bif_addrcnt--;
3735
3736 NET_EPOCH_CALL(bridge_rtnode_destroy_cb, &brt->brt_epoch_ctx);
3737 }
3738
3739 /*
3740 * bridge_rtable_expire:
3741 *
3742 * Set the expiry time for all routes on an interface.
3743 */
3744 static void
bridge_rtable_expire(struct ifnet * ifp,int age)3745 bridge_rtable_expire(struct ifnet *ifp, int age)
3746 {
3747 struct bridge_iflist *bif = NULL;
3748 struct bridge_softc *sc = NULL;
3749 struct bridge_rtnode *brt;
3750
3751 CURVNET_SET(ifp->if_vnet);
3752
3753 bif = ifp->if_bridge;
3754 if (bif)
3755 sc = bif->bif_sc;
3756 MPASS(sc != NULL);
3757 BRIDGE_RT_LOCK(sc);
3758
3759 /*
3760 * If the age is zero then flush, otherwise set all the expiry times to
3761 * age for the interface
3762 */
3763 if (age == 0)
3764 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
3765 else {
3766 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
3767 /* Cap the expiry time to 'age' */
3768 if (brt->brt_ifp == ifp &&
3769 brt->brt_expire > time_uptime + age &&
3770 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3771 brt->brt_expire = time_uptime + age;
3772 }
3773 }
3774 BRIDGE_RT_UNLOCK(sc);
3775 CURVNET_RESTORE();
3776 }
3777
3778 /*
3779 * bridge_state_change:
3780 *
3781 * Callback from the bridgestp code when a port changes states.
3782 */
3783 static void
bridge_state_change(struct ifnet * ifp,int state)3784 bridge_state_change(struct ifnet *ifp, int state)
3785 {
3786 struct bridge_iflist *bif = ifp->if_bridge;
3787 struct bridge_softc *sc = bif->bif_sc;
3788 static const char *stpstates[] = {
3789 "disabled",
3790 "listening",
3791 "learning",
3792 "forwarding",
3793 "blocking",
3794 "discarding"
3795 };
3796
3797 CURVNET_SET(ifp->if_vnet);
3798 if (V_log_stp)
3799 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
3800 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
3801 CURVNET_RESTORE();
3802 }
3803
3804 /*
3805 * Send bridge packets through pfil if they are one of the types pfil can deal
3806 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
3807 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
3808 * that interface.
3809 */
3810 static int
bridge_pfil(struct mbuf ** mp,struct ifnet * bifp,struct ifnet * ifp,int dir)3811 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
3812 {
3813 int snap, error, i;
3814 struct ether_header *eh1, eh2;
3815 struct llc llc1;
3816 u_int16_t ether_type;
3817 pfil_return_t rv;
3818 #ifdef INET
3819 struct ip *ip = NULL;
3820 int hlen = 0;
3821 #endif
3822
3823 snap = 0;
3824 error = -1; /* Default error if not error == 0 */
3825
3826 #if 0
3827 /* we may return with the IP fields swapped, ensure its not shared */
3828 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
3829 #endif
3830
3831 if (V_pfil_bridge == 0 && V_pfil_member == 0 && V_pfil_ipfw == 0)
3832 return (0); /* filtering is disabled */
3833
3834 i = min((*mp)->m_pkthdr.len, max_protohdr);
3835 if ((*mp)->m_len < i) {
3836 *mp = m_pullup(*mp, i);
3837 if (*mp == NULL) {
3838 printf("%s: m_pullup failed\n", __func__);
3839 return (-1);
3840 }
3841 }
3842
3843 eh1 = mtod(*mp, struct ether_header *);
3844 ether_type = ntohs(eh1->ether_type);
3845
3846 /*
3847 * Check for SNAP/LLC.
3848 */
3849 if (ether_type < ETHERMTU) {
3850 struct llc *llc2 = (struct llc *)(eh1 + 1);
3851
3852 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
3853 llc2->llc_dsap == LLC_SNAP_LSAP &&
3854 llc2->llc_ssap == LLC_SNAP_LSAP &&
3855 llc2->llc_control == LLC_UI) {
3856 ether_type = htons(llc2->llc_un.type_snap.ether_type);
3857 snap = 1;
3858 }
3859 }
3860
3861 /*
3862 * If we're trying to filter bridge traffic, only look at traffic for
3863 * protocols available in the kernel (IPv4 and/or IPv6) to avoid
3864 * passing traffic for an unsupported protocol to the filter. This is
3865 * lame since if we really wanted, say, an AppleTalk filter, we are
3866 * hosed, but of course we don't have an AppleTalk filter to begin
3867 * with. (Note that since pfil doesn't understand ARP it will pass
3868 * *ALL* ARP traffic.)
3869 */
3870 switch (ether_type) {
3871 #ifdef INET
3872 case ETHERTYPE_ARP:
3873 case ETHERTYPE_REVARP:
3874 if (V_pfil_ipfw_arp == 0)
3875 return (0); /* Automatically pass */
3876
3877 /* FALLTHROUGH */
3878 case ETHERTYPE_IP:
3879 #endif
3880 #ifdef INET6
3881 case ETHERTYPE_IPV6:
3882 #endif /* INET6 */
3883 break;
3884
3885 default:
3886 /*
3887 * We get here if the packet isn't from a supported
3888 * protocol. Check to see if the user wants to pass
3889 * non-IP packets, these will not be checked by pfil(9)
3890 * and passed unconditionally so the default is to
3891 * drop.
3892 */
3893 if (V_pfil_onlyip)
3894 goto bad;
3895 }
3896
3897 /* Run the packet through pfil before stripping link headers */
3898 if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 &&
3899 dir == PFIL_OUT && ifp != NULL) {
3900 switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) {
3901 case PFIL_DROPPED:
3902 return (EACCES);
3903 case PFIL_CONSUMED:
3904 return (0);
3905 }
3906 }
3907
3908 /* Strip off the Ethernet header and keep a copy. */
3909 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
3910 m_adj(*mp, ETHER_HDR_LEN);
3911
3912 /* Strip off snap header, if present */
3913 if (snap) {
3914 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
3915 m_adj(*mp, sizeof(struct llc));
3916 }
3917
3918 /*
3919 * Check the IP header for alignment and errors
3920 */
3921 if (dir == PFIL_IN) {
3922 switch (ether_type) {
3923 #ifdef INET
3924 case ETHERTYPE_IP:
3925 error = bridge_ip_checkbasic(mp);
3926 break;
3927 #endif
3928 #ifdef INET6
3929 case ETHERTYPE_IPV6:
3930 error = bridge_ip6_checkbasic(mp);
3931 break;
3932 #endif /* INET6 */
3933 default:
3934 error = 0;
3935 }
3936 if (error)
3937 goto bad;
3938 }
3939
3940 error = 0;
3941
3942 /*
3943 * Run the packet through pfil
3944 */
3945 rv = PFIL_PASS;
3946 switch (ether_type) {
3947 #ifdef INET
3948 case ETHERTYPE_IP:
3949 /*
3950 * Run pfil on the member interface and the bridge, both can
3951 * be skipped by clearing pfil_member or pfil_bridge.
3952 *
3953 * Keep the order:
3954 * in_if -> bridge_if -> out_if
3955 */
3956 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
3957 pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) !=
3958 PFIL_PASS)
3959 break;
3960
3961 if (V_pfil_member && ifp != NULL) {
3962 rv = (dir == PFIL_OUT) ?
3963 pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) :
3964 pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL);
3965 if (rv != PFIL_PASS)
3966 break;
3967 }
3968
3969 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
3970 pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) !=
3971 PFIL_PASS)
3972 break;
3973
3974 /* check if we need to fragment the packet */
3975 /* bridge_fragment generates a mbuf chain of packets */
3976 /* that already include eth headers */
3977 if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) {
3978 i = (*mp)->m_pkthdr.len;
3979 if (i > ifp->if_mtu) {
3980 error = bridge_fragment(ifp, mp, &eh2, snap,
3981 &llc1);
3982 return (error);
3983 }
3984 }
3985
3986 /* Recalculate the ip checksum. */
3987 ip = mtod(*mp, struct ip *);
3988 hlen = ip->ip_hl << 2;
3989 if (hlen < sizeof(struct ip))
3990 goto bad;
3991 if (hlen > (*mp)->m_len) {
3992 if ((*mp = m_pullup(*mp, hlen)) == NULL)
3993 goto bad;
3994 ip = mtod(*mp, struct ip *);
3995 if (ip == NULL)
3996 goto bad;
3997 }
3998 ip->ip_sum = 0;
3999 if (hlen == sizeof(struct ip))
4000 ip->ip_sum = in_cksum_hdr(ip);
4001 else
4002 ip->ip_sum = in_cksum(*mp, hlen);
4003
4004 break;
4005 #endif /* INET */
4006 #ifdef INET6
4007 case ETHERTYPE_IPV6:
4008 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
4009 pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) !=
4010 PFIL_PASS)
4011 break;
4012
4013 if (V_pfil_member && ifp != NULL) {
4014 rv = (dir == PFIL_OUT) ?
4015 pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) :
4016 pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL);
4017 if (rv != PFIL_PASS)
4018 break;
4019 }
4020
4021 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
4022 pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) !=
4023 PFIL_PASS)
4024 break;
4025 break;
4026 #endif
4027 }
4028
4029 switch (rv) {
4030 case PFIL_CONSUMED:
4031 return (0);
4032 case PFIL_DROPPED:
4033 return (EACCES);
4034 default:
4035 break;
4036 }
4037
4038 error = -1;
4039
4040 /*
4041 * Finally, put everything back the way it was and return
4042 */
4043 if (snap) {
4044 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT);
4045 if (*mp == NULL)
4046 return (error);
4047 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
4048 }
4049
4050 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT);
4051 if (*mp == NULL)
4052 return (error);
4053 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
4054
4055 return (0);
4056
4057 bad:
4058 m_freem(*mp);
4059 *mp = NULL;
4060 return (error);
4061 }
4062
4063 #ifdef INET
4064 /*
4065 * Perform basic checks on header size since
4066 * pfil assumes ip_input has already processed
4067 * it for it. Cut-and-pasted from ip_input.c.
4068 * Given how simple the IPv6 version is,
4069 * does the IPv4 version really need to be
4070 * this complicated?
4071 *
4072 * XXX Should we update ipstat here, or not?
4073 * XXX Right now we update ipstat but not
4074 * XXX csum_counter.
4075 */
4076 static int
bridge_ip_checkbasic(struct mbuf ** mp)4077 bridge_ip_checkbasic(struct mbuf **mp)
4078 {
4079 struct mbuf *m = *mp;
4080 struct ip *ip;
4081 int len, hlen;
4082 u_short sum;
4083
4084 if (*mp == NULL)
4085 return (-1);
4086
4087 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
4088 if ((m = m_copyup(m, sizeof(struct ip),
4089 (max_linkhdr + 3) & ~3)) == NULL) {
4090 /* XXXJRT new stat, please */
4091 KMOD_IPSTAT_INC(ips_toosmall);
4092 goto bad;
4093 }
4094 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
4095 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
4096 KMOD_IPSTAT_INC(ips_toosmall);
4097 goto bad;
4098 }
4099 }
4100 ip = mtod(m, struct ip *);
4101 if (ip == NULL) goto bad;
4102
4103 if (ip->ip_v != IPVERSION) {
4104 KMOD_IPSTAT_INC(ips_badvers);
4105 goto bad;
4106 }
4107 hlen = ip->ip_hl << 2;
4108 if (hlen < sizeof(struct ip)) { /* minimum header length */
4109 KMOD_IPSTAT_INC(ips_badhlen);
4110 goto bad;
4111 }
4112 if (hlen > m->m_len) {
4113 if ((m = m_pullup(m, hlen)) == NULL) {
4114 KMOD_IPSTAT_INC(ips_badhlen);
4115 goto bad;
4116 }
4117 ip = mtod(m, struct ip *);
4118 if (ip == NULL) goto bad;
4119 }
4120
4121 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
4122 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
4123 } else {
4124 if (hlen == sizeof(struct ip)) {
4125 sum = in_cksum_hdr(ip);
4126 } else {
4127 sum = in_cksum(m, hlen);
4128 }
4129 }
4130 if (sum) {
4131 KMOD_IPSTAT_INC(ips_badsum);
4132 goto bad;
4133 }
4134
4135 /* Retrieve the packet length. */
4136 len = ntohs(ip->ip_len);
4137
4138 /*
4139 * Check for additional length bogosity
4140 */
4141 if (len < hlen) {
4142 KMOD_IPSTAT_INC(ips_badlen);
4143 goto bad;
4144 }
4145
4146 /*
4147 * Check that the amount of data in the buffers
4148 * is as at least much as the IP header would have us expect.
4149 * Drop packet if shorter than we expect.
4150 */
4151 if (m->m_pkthdr.len < len) {
4152 KMOD_IPSTAT_INC(ips_tooshort);
4153 goto bad;
4154 }
4155
4156 /* Checks out, proceed */
4157 *mp = m;
4158 return (0);
4159
4160 bad:
4161 *mp = m;
4162 return (-1);
4163 }
4164 #endif /* INET */
4165
4166 #ifdef INET6
4167 /*
4168 * Same as above, but for IPv6.
4169 * Cut-and-pasted from ip6_input.c.
4170 * XXX Should we update ip6stat, or not?
4171 */
4172 static int
bridge_ip6_checkbasic(struct mbuf ** mp)4173 bridge_ip6_checkbasic(struct mbuf **mp)
4174 {
4175 struct mbuf *m = *mp;
4176 struct ip6_hdr *ip6;
4177
4178 /*
4179 * If the IPv6 header is not aligned, slurp it up into a new
4180 * mbuf with space for link headers, in the event we forward
4181 * it. Otherwise, if it is aligned, make sure the entire base
4182 * IPv6 header is in the first mbuf of the chain.
4183 */
4184 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
4185 struct ifnet *inifp = m->m_pkthdr.rcvif;
4186 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
4187 (max_linkhdr + 3) & ~3)) == NULL) {
4188 /* XXXJRT new stat, please */
4189 IP6STAT_INC(ip6s_toosmall);
4190 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
4191 goto bad;
4192 }
4193 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
4194 struct ifnet *inifp = m->m_pkthdr.rcvif;
4195 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
4196 IP6STAT_INC(ip6s_toosmall);
4197 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
4198 goto bad;
4199 }
4200 }
4201
4202 ip6 = mtod(m, struct ip6_hdr *);
4203
4204 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
4205 IP6STAT_INC(ip6s_badvers);
4206 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
4207 goto bad;
4208 }
4209
4210 /* Checks out, proceed */
4211 *mp = m;
4212 return (0);
4213
4214 bad:
4215 *mp = m;
4216 return (-1);
4217 }
4218 #endif /* INET6 */
4219
4220 #ifdef INET
4221 /*
4222 * bridge_fragment:
4223 *
4224 * Fragment mbuf chain in multiple packets and prepend ethernet header.
4225 */
4226 static int
bridge_fragment(struct ifnet * ifp,struct mbuf ** mp,struct ether_header * eh,int snap,struct llc * llc)4227 bridge_fragment(struct ifnet *ifp, struct mbuf **mp, struct ether_header *eh,
4228 int snap, struct llc *llc)
4229 {
4230 struct mbuf *m = *mp, *nextpkt = NULL, *mprev = NULL, *mcur = NULL;
4231 struct ip *ip;
4232 int error = -1;
4233
4234 if (m->m_len < sizeof(struct ip) &&
4235 (m = m_pullup(m, sizeof(struct ip))) == NULL)
4236 goto dropit;
4237 ip = mtod(m, struct ip *);
4238
4239 m->m_pkthdr.csum_flags |= CSUM_IP;
4240 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist);
4241 if (error)
4242 goto dropit;
4243
4244 /*
4245 * Walk the chain and re-add the Ethernet header for
4246 * each mbuf packet.
4247 */
4248 for (mcur = m; mcur; mcur = mcur->m_nextpkt) {
4249 nextpkt = mcur->m_nextpkt;
4250 mcur->m_nextpkt = NULL;
4251 if (snap) {
4252 M_PREPEND(mcur, sizeof(struct llc), M_NOWAIT);
4253 if (mcur == NULL) {
4254 error = ENOBUFS;
4255 if (mprev != NULL)
4256 mprev->m_nextpkt = nextpkt;
4257 goto dropit;
4258 }
4259 bcopy(llc, mtod(mcur, caddr_t),sizeof(struct llc));
4260 }
4261
4262 M_PREPEND(mcur, ETHER_HDR_LEN, M_NOWAIT);
4263 if (mcur == NULL) {
4264 error = ENOBUFS;
4265 if (mprev != NULL)
4266 mprev->m_nextpkt = nextpkt;
4267 goto dropit;
4268 }
4269 bcopy(eh, mtod(mcur, caddr_t), ETHER_HDR_LEN);
4270
4271 /*
4272 * The previous two M_PREPEND could have inserted one or two
4273 * mbufs in front so we have to update the previous packet's
4274 * m_nextpkt.
4275 */
4276 mcur->m_nextpkt = nextpkt;
4277 if (mprev != NULL)
4278 mprev->m_nextpkt = mcur;
4279 else {
4280 /* The first mbuf in the original chain needs to be
4281 * updated. */
4282 *mp = mcur;
4283 }
4284 mprev = mcur;
4285 }
4286
4287 KMOD_IPSTAT_INC(ips_fragmented);
4288 return (error);
4289
4290 dropit:
4291 for (mcur = *mp; mcur; mcur = m) { /* droping the full packet chain */
4292 m = mcur->m_nextpkt;
4293 m_freem(mcur);
4294 }
4295 return (error);
4296 }
4297 #endif /* INET */
4298
4299 static void
bridge_linkstate(struct ifnet * ifp)4300 bridge_linkstate(struct ifnet *ifp)
4301 {
4302 struct bridge_softc *sc = NULL;
4303 struct bridge_iflist *bif;
4304 struct epoch_tracker et;
4305
4306 NET_EPOCH_ENTER(et);
4307
4308 bif = ifp->if_bridge;
4309 if (bif)
4310 sc = bif->bif_sc;
4311
4312 if (sc != NULL) {
4313 bridge_linkcheck(sc);
4314 bstp_linkstate(&bif->bif_stp);
4315 }
4316
4317 NET_EPOCH_EXIT(et);
4318 }
4319
4320 static void
bridge_linkcheck(struct bridge_softc * sc)4321 bridge_linkcheck(struct bridge_softc *sc)
4322 {
4323 struct bridge_iflist *bif;
4324 int new_link, hasls;
4325
4326 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
4327
4328 new_link = LINK_STATE_DOWN;
4329 hasls = 0;
4330 /* Our link is considered up if at least one of our ports is active */
4331 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
4332 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE)
4333 hasls++;
4334 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) {
4335 new_link = LINK_STATE_UP;
4336 break;
4337 }
4338 }
4339 if (!CK_LIST_EMPTY(&sc->sc_iflist) && !hasls) {
4340 /* If no interfaces support link-state then we default to up */
4341 new_link = LINK_STATE_UP;
4342 }
4343 if_link_state_change(sc->sc_ifp, new_link);
4344 }
4345