1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
2
3 /*-
4 * SPDX-License-Identifier: BSD-4-Clause
5 *
6 * Copyright 2001 Wasabi Systems, Inc.
7 * All rights reserved.
8 *
9 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 * must display the following acknowledgement:
21 * This product includes software developed for the NetBSD Project by
22 * Wasabi Systems, Inc.
23 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
24 * or promote products derived from this software without specific prior
25 * written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 * POSSIBILITY OF SUCH DAMAGE.
38 */
39
40 /*
41 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
42 * All rights reserved.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
54 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
55 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
56 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
57 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
58 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
59 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
62 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
63 * POSSIBILITY OF SUCH DAMAGE.
64 *
65 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
66 */
67
68 /*
69 * Network interface bridge support.
70 *
71 * TODO:
72 *
73 * - Currently only supports Ethernet-like interfaces (Ethernet,
74 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
75 * to bridge other types of interfaces (maybe consider
76 * heterogeneous bridges).
77 */
78
79 #include <sys/cdefs.h>
80 #include "opt_inet.h"
81 #include "opt_inet6.h"
82
83 #include <sys/param.h>
84 #include <sys/eventhandler.h>
85 #include <sys/mbuf.h>
86 #include <sys/malloc.h>
87 #include <sys/protosw.h>
88 #include <sys/systm.h>
89 #include <sys/jail.h>
90 #include <sys/time.h>
91 #include <sys/socket.h> /* for net/if.h */
92 #include <sys/sockio.h>
93 #include <sys/ctype.h> /* string functions */
94 #include <sys/kernel.h>
95 #include <sys/random.h>
96 #include <sys/syslog.h>
97 #include <sys/sysctl.h>
98 #include <vm/uma.h>
99 #include <sys/module.h>
100 #include <sys/priv.h>
101 #include <sys/proc.h>
102 #include <sys/lock.h>
103 #include <sys/mutex.h>
104
105 #include <net/bpf.h>
106 #include <net/if.h>
107 #include <net/if_clone.h>
108 #include <net/if_dl.h>
109 #include <net/if_types.h>
110 #include <net/if_var.h>
111 #include <net/if_private.h>
112 #include <net/pfil.h>
113 #include <net/vnet.h>
114
115 #include <netinet/in.h>
116 #include <netinet/in_systm.h>
117 #include <netinet/in_var.h>
118 #include <netinet/ip.h>
119 #include <netinet/ip_var.h>
120 #ifdef INET6
121 #include <netinet/ip6.h>
122 #include <netinet6/ip6_var.h>
123 #include <netinet6/in6_ifattach.h>
124 #endif
125 #if defined(INET) || defined(INET6)
126 #include <netinet/ip_carp.h>
127 #endif
128 #include <machine/in_cksum.h>
129 #include <netinet/if_ether.h>
130 #include <net/bridgestp.h>
131 #include <net/if_bridgevar.h>
132 #include <net/if_llc.h>
133 #include <net/if_vlan_var.h>
134
135 #include <net/route.h>
136
137 /*
138 * At various points in the code we need to know if we're hooked into the INET
139 * and/or INET6 pfil. Define some macros to do that based on which IP versions
140 * are enabled in the kernel. This avoids littering the rest of the code with
141 * #ifnet INET6 to avoid referencing V_inet6_pfil_head.
142 */
143 #ifdef INET6
144 #define PFIL_HOOKED_IN_INET6 PFIL_HOOKED_IN(V_inet6_pfil_head)
145 #define PFIL_HOOKED_OUT_INET6 PFIL_HOOKED_OUT(V_inet6_pfil_head)
146 #else
147 #define PFIL_HOOKED_IN_INET6 false
148 #define PFIL_HOOKED_OUT_INET6 false
149 #endif
150
151 #ifdef INET
152 #define PFIL_HOOKED_IN_INET PFIL_HOOKED_IN(V_inet_pfil_head)
153 #define PFIL_HOOKED_OUT_INET PFIL_HOOKED_OUT(V_inet_pfil_head)
154 #else
155 #define PFIL_HOOKED_IN_INET false
156 #define PFIL_HOOKED_OUT_INET false
157 #endif
158
159 #define PFIL_HOOKED_IN_46 (PFIL_HOOKED_IN_INET6 || PFIL_HOOKED_IN_INET)
160 #define PFIL_HOOKED_OUT_46 (PFIL_HOOKED_OUT_INET6 || PFIL_HOOKED_OUT_INET)
161
162 /*
163 * Size of the route hash table. Must be a power of two.
164 */
165 #ifndef BRIDGE_RTHASH_SIZE
166 #define BRIDGE_RTHASH_SIZE 1024
167 #endif
168
169 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
170
171 /*
172 * Default maximum number of addresses to cache.
173 */
174 #ifndef BRIDGE_RTABLE_MAX
175 #define BRIDGE_RTABLE_MAX 2000
176 #endif
177
178 /*
179 * Timeout (in seconds) for entries learned dynamically.
180 */
181 #ifndef BRIDGE_RTABLE_TIMEOUT
182 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
183 #endif
184
185 /*
186 * Number of seconds between walks of the route list.
187 */
188 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
189 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
190 #endif
191
192 /*
193 * List of capabilities to possibly mask on the member interface.
194 */
195 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM|\
196 IFCAP_TXCSUM_IPV6|IFCAP_MEXTPG)
197
198 /*
199 * List of capabilities to strip
200 */
201 #define BRIDGE_IFCAPS_STRIP IFCAP_LRO
202
203 /*
204 * Bridge locking
205 *
206 * The bridge relies heavily on the epoch(9) system to protect its data
207 * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we
208 * must ensure there is only one writer at a time.
209 *
210 * That is: for read accesses we only need to be in NET_EPOCH, but for write
211 * accesses we must hold:
212 *
213 * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes
214 * - BRIDGE_LOCK, for any other change
215 *
216 * The BRIDGE_LOCK is a sleepable lock, because it is held across ioctl()
217 * calls to bridge member interfaces and these ioctl()s can sleep.
218 * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes
219 * required while we're in NET_EPOCH and then we're not allowed to sleep.
220 */
221 #define BRIDGE_LOCK_INIT(_sc) do { \
222 sx_init(&(_sc)->sc_sx, "if_bridge"); \
223 mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \
224 } while (0)
225 #define BRIDGE_LOCK_DESTROY(_sc) do { \
226 sx_destroy(&(_sc)->sc_sx); \
227 mtx_destroy(&(_sc)->sc_rt_mtx); \
228 } while (0)
229 #define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx)
230 #define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx)
231 #define BRIDGE_LOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_XLOCKED)
232 #define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
233 MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx))
234 #define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED)
235 #define BRIDGE_RT_LOCK(_sc) mtx_lock(&(_sc)->sc_rt_mtx)
236 #define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx)
237 #define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED)
238 #define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
239 MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx))
240
241 struct bridge_softc;
242
243 /*
244 * Bridge interface list entry.
245 */
246 struct bridge_iflist {
247 CK_LIST_ENTRY(bridge_iflist) bif_next;
248 struct ifnet *bif_ifp; /* member if */
249 struct bridge_softc *bif_sc; /* parent bridge */
250 struct bstp_port bif_stp; /* STP state */
251 uint32_t bif_flags; /* member if flags */
252 int bif_savedcaps; /* saved capabilities */
253 uint32_t bif_addrmax; /* max # of addresses */
254 uint32_t bif_addrcnt; /* cur. # of addresses */
255 uint32_t bif_addrexceeded;/* # of address violations */
256 struct epoch_context bif_epoch_ctx;
257 };
258
259 /*
260 * Bridge route node.
261 */
262 struct bridge_rtnode {
263 CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
264 CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
265 struct bridge_iflist *brt_dst; /* destination if */
266 unsigned long brt_expire; /* expiration time */
267 uint8_t brt_flags; /* address flags */
268 uint8_t brt_addr[ETHER_ADDR_LEN];
269 ether_vlanid_t brt_vlan; /* vlan id */
270 struct vnet *brt_vnet;
271 struct epoch_context brt_epoch_ctx;
272 };
273 #define brt_ifp brt_dst->bif_ifp
274
275 /*
276 * Software state for each bridge.
277 */
278 struct bridge_softc {
279 struct ifnet *sc_ifp; /* make this an interface */
280 LIST_ENTRY(bridge_softc) sc_list;
281 struct sx sc_sx;
282 struct mtx sc_rt_mtx;
283 uint32_t sc_brtmax; /* max # of addresses */
284 uint32_t sc_brtcnt; /* cur. # of addresses */
285 uint32_t sc_brttimeout; /* rt timeout in seconds */
286 struct callout sc_brcallout; /* bridge callout */
287 CK_LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
288 CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
289 CK_LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
290 uint32_t sc_rthash_key; /* key for hash */
291 CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
292 struct bstp_state sc_stp; /* STP state */
293 uint32_t sc_brtexceeded; /* # of cache drops */
294 struct ifnet *sc_ifaddr; /* member mac copied from */
295 struct ether_addr sc_defaddr; /* Default MAC address */
296 if_input_fn_t sc_if_input; /* Saved copy of if_input */
297 struct epoch_context sc_epoch_ctx;
298 };
299
300 VNET_DEFINE_STATIC(struct sx, bridge_list_sx);
301 #define V_bridge_list_sx VNET(bridge_list_sx)
302 static eventhandler_tag bridge_detach_cookie;
303
304 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
305
306 VNET_DEFINE_STATIC(uma_zone_t, bridge_rtnode_zone);
307 #define V_bridge_rtnode_zone VNET(bridge_rtnode_zone)
308
309 static int bridge_clone_create(struct if_clone *, char *, size_t,
310 struct ifc_data *, struct ifnet **);
311 static int bridge_clone_destroy(struct if_clone *, struct ifnet *, uint32_t);
312
313 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
314 static void bridge_mutecaps(struct bridge_softc *);
315 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *,
316 int);
317 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
318 static void bridge_init(void *);
319 static void bridge_dummynet(struct mbuf *, struct ifnet *);
320 static bool bridge_same(const void *, const void *);
321 static void *bridge_get_softc(struct ifnet *);
322 static void bridge_stop(struct ifnet *, int);
323 static int bridge_transmit(struct ifnet *, struct mbuf *);
324 #ifdef ALTQ
325 static void bridge_altq_start(if_t);
326 static int bridge_altq_transmit(if_t, struct mbuf *);
327 #endif
328 static void bridge_qflush(struct ifnet *);
329 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
330 static void bridge_inject(struct ifnet *, struct mbuf *);
331 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
332 struct rtentry *);
333 static int bridge_enqueue(struct bridge_softc *, struct ifnet *,
334 struct mbuf *);
335 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
336
337 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *,
338 struct mbuf *m);
339 static bool bridge_member_ifaddrs(void);
340
341 static void bridge_timer(void *);
342
343 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
344 struct mbuf *, int);
345 static void bridge_span(struct bridge_softc *, struct mbuf *);
346
347 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
348 ether_vlanid_t, struct bridge_iflist *, int, uint8_t);
349 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *,
350 ether_vlanid_t);
351 static void bridge_rttrim(struct bridge_softc *);
352 static void bridge_rtage(struct bridge_softc *);
353 static void bridge_rtflush(struct bridge_softc *, int);
354 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *,
355 ether_vlanid_t);
356
357 static void bridge_rtable_init(struct bridge_softc *);
358 static void bridge_rtable_fini(struct bridge_softc *);
359
360 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
361 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
362 const uint8_t *, ether_vlanid_t);
363 static int bridge_rtnode_insert(struct bridge_softc *,
364 struct bridge_rtnode *);
365 static void bridge_rtnode_destroy(struct bridge_softc *,
366 struct bridge_rtnode *);
367 static void bridge_rtable_expire(struct ifnet *, int);
368 static void bridge_state_change(struct ifnet *, int);
369
370 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
371 const char *name);
372 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
373 struct ifnet *ifp);
374 static void bridge_delete_member(struct bridge_softc *,
375 struct bridge_iflist *, int);
376 static void bridge_delete_span(struct bridge_softc *,
377 struct bridge_iflist *);
378
379 static int bridge_ioctl_add(struct bridge_softc *, void *);
380 static int bridge_ioctl_del(struct bridge_softc *, void *);
381 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
382 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
383 static int bridge_ioctl_scache(struct bridge_softc *, void *);
384 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
385 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
386 static int bridge_ioctl_rts(struct bridge_softc *, void *);
387 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
388 static int bridge_ioctl_sto(struct bridge_softc *, void *);
389 static int bridge_ioctl_gto(struct bridge_softc *, void *);
390 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
391 static int bridge_ioctl_flush(struct bridge_softc *, void *);
392 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
393 static int bridge_ioctl_spri(struct bridge_softc *, void *);
394 static int bridge_ioctl_ght(struct bridge_softc *, void *);
395 static int bridge_ioctl_sht(struct bridge_softc *, void *);
396 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
397 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
398 static int bridge_ioctl_gma(struct bridge_softc *, void *);
399 static int bridge_ioctl_sma(struct bridge_softc *, void *);
400 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
401 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
402 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *);
403 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
404 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
405 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
406 static int bridge_ioctl_grte(struct bridge_softc *, void *);
407 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
408 static int bridge_ioctl_sproto(struct bridge_softc *, void *);
409 static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
410 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
411 int);
412 #ifdef INET
413 static int bridge_ip_checkbasic(struct mbuf **mp);
414 static int bridge_fragment(struct ifnet *, struct mbuf **mp,
415 struct ether_header *, int, struct llc *);
416 #endif /* INET */
417 #ifdef INET6
418 static int bridge_ip6_checkbasic(struct mbuf **mp);
419 #endif /* INET6 */
420 static void bridge_linkstate(struct ifnet *ifp);
421 static void bridge_linkcheck(struct bridge_softc *sc);
422
423 /*
424 * Use the "null" value from IEEE 802.1Q-2014 Table 9-2
425 * to indicate untagged frames.
426 */
427 #define VLANTAGOF(_m) \
428 ((_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : DOT1Q_VID_NULL)
429
430 static struct bstp_cb_ops bridge_ops = {
431 .bcb_state = bridge_state_change,
432 .bcb_rtage = bridge_rtable_expire
433 };
434
435 SYSCTL_DECL(_net_link);
436 static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
437 "Bridge");
438
439 /* only pass IP[46] packets when pfil is enabled */
440 VNET_DEFINE_STATIC(int, pfil_onlyip) = 1;
441 #define V_pfil_onlyip VNET(pfil_onlyip)
442 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip,
443 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_onlyip), 0,
444 "Only pass IP packets when pfil is enabled");
445
446 /* run pfil hooks on the bridge interface */
447 VNET_DEFINE_STATIC(int, pfil_bridge) = 0;
448 #define V_pfil_bridge VNET(pfil_bridge)
449 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge,
450 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_bridge), 0,
451 "Packet filter on the bridge interface");
452
453 /* layer2 filter with ipfw */
454 VNET_DEFINE_STATIC(int, pfil_ipfw);
455 #define V_pfil_ipfw VNET(pfil_ipfw)
456
457 /* layer2 ARP filter with ipfw */
458 VNET_DEFINE_STATIC(int, pfil_ipfw_arp);
459 #define V_pfil_ipfw_arp VNET(pfil_ipfw_arp)
460 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp,
461 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_ipfw_arp), 0,
462 "Filter ARP packets through IPFW layer2");
463
464 /* run pfil hooks on the member interface */
465 VNET_DEFINE_STATIC(int, pfil_member) = 0;
466 #define V_pfil_member VNET(pfil_member)
467 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member,
468 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_member), 0,
469 "Packet filter on the member interface");
470
471 /* run pfil hooks on the physical interface for locally destined packets */
472 VNET_DEFINE_STATIC(int, pfil_local_phys);
473 #define V_pfil_local_phys VNET(pfil_local_phys)
474 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys,
475 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_local_phys), 0,
476 "Packet filter on the physical interface for locally destined packets");
477
478 /* log STP state changes */
479 VNET_DEFINE_STATIC(int, log_stp);
480 #define V_log_stp VNET(log_stp)
481 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp,
482 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(log_stp), 0,
483 "Log STP state changes");
484
485 /* share MAC with first bridge member */
486 VNET_DEFINE_STATIC(int, bridge_inherit_mac);
487 #define V_bridge_inherit_mac VNET(bridge_inherit_mac)
488 SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac,
489 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(bridge_inherit_mac), 0,
490 "Inherit MAC address from the first bridge member");
491
492 VNET_DEFINE_STATIC(int, allow_llz_overlap) = 0;
493 #define V_allow_llz_overlap VNET(allow_llz_overlap)
494 SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap,
495 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0,
496 "Allow overlap of link-local scope "
497 "zones of a bridge interface and the member interfaces");
498
499 /* log MAC address port flapping */
500 VNET_DEFINE_STATIC(bool, log_mac_flap) = true;
501 #define V_log_mac_flap VNET(log_mac_flap)
502 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap,
503 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(log_mac_flap), true,
504 "Log MAC address port flapping");
505
506 /* allow IP addresses on bridge members */
507 VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
508 #define V_member_ifaddrs VNET(member_ifaddrs)
509 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
510 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
511 "Allow layer 3 addresses on bridge members");
512
513 static bool
bridge_member_ifaddrs(void)514 bridge_member_ifaddrs(void)
515 {
516 return (V_member_ifaddrs);
517 }
518
519 VNET_DEFINE_STATIC(int, log_interval) = 5;
520 VNET_DEFINE_STATIC(int, log_count) = 0;
521 VNET_DEFINE_STATIC(struct timeval, log_last) = { 0 };
522
523 #define V_log_interval VNET(log_interval)
524 #define V_log_count VNET(log_count)
525 #define V_log_last VNET(log_last)
526
527 struct bridge_control {
528 int (*bc_func)(struct bridge_softc *, void *);
529 int bc_argsize;
530 int bc_flags;
531 };
532
533 #define BC_F_COPYIN 0x01 /* copy arguments in */
534 #define BC_F_COPYOUT 0x02 /* copy arguments out */
535 #define BC_F_SUSER 0x04 /* do super-user check */
536
537 static const struct bridge_control bridge_control_table[] = {
538 { bridge_ioctl_add, sizeof(struct ifbreq),
539 BC_F_COPYIN|BC_F_SUSER },
540 { bridge_ioctl_del, sizeof(struct ifbreq),
541 BC_F_COPYIN|BC_F_SUSER },
542
543 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
544 BC_F_COPYIN|BC_F_COPYOUT },
545 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
546 BC_F_COPYIN|BC_F_SUSER },
547
548 { bridge_ioctl_scache, sizeof(struct ifbrparam),
549 BC_F_COPYIN|BC_F_SUSER },
550 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
551 BC_F_COPYOUT },
552
553 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
554 BC_F_COPYIN|BC_F_COPYOUT },
555 { bridge_ioctl_rts, sizeof(struct ifbaconf),
556 BC_F_COPYIN|BC_F_COPYOUT },
557
558 { bridge_ioctl_saddr, sizeof(struct ifbareq),
559 BC_F_COPYIN|BC_F_SUSER },
560
561 { bridge_ioctl_sto, sizeof(struct ifbrparam),
562 BC_F_COPYIN|BC_F_SUSER },
563 { bridge_ioctl_gto, sizeof(struct ifbrparam),
564 BC_F_COPYOUT },
565
566 { bridge_ioctl_daddr, sizeof(struct ifbareq),
567 BC_F_COPYIN|BC_F_SUSER },
568
569 { bridge_ioctl_flush, sizeof(struct ifbreq),
570 BC_F_COPYIN|BC_F_SUSER },
571
572 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
573 BC_F_COPYOUT },
574 { bridge_ioctl_spri, sizeof(struct ifbrparam),
575 BC_F_COPYIN|BC_F_SUSER },
576
577 { bridge_ioctl_ght, sizeof(struct ifbrparam),
578 BC_F_COPYOUT },
579 { bridge_ioctl_sht, sizeof(struct ifbrparam),
580 BC_F_COPYIN|BC_F_SUSER },
581
582 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
583 BC_F_COPYOUT },
584 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
585 BC_F_COPYIN|BC_F_SUSER },
586
587 { bridge_ioctl_gma, sizeof(struct ifbrparam),
588 BC_F_COPYOUT },
589 { bridge_ioctl_sma, sizeof(struct ifbrparam),
590 BC_F_COPYIN|BC_F_SUSER },
591
592 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
593 BC_F_COPYIN|BC_F_SUSER },
594
595 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
596 BC_F_COPYIN|BC_F_SUSER },
597
598 { bridge_ioctl_addspan, sizeof(struct ifbreq),
599 BC_F_COPYIN|BC_F_SUSER },
600 { bridge_ioctl_delspan, sizeof(struct ifbreq),
601 BC_F_COPYIN|BC_F_SUSER },
602
603 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
604 BC_F_COPYOUT },
605
606 { bridge_ioctl_grte, sizeof(struct ifbrparam),
607 BC_F_COPYOUT },
608
609 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
610 BC_F_COPYIN|BC_F_COPYOUT },
611
612 { bridge_ioctl_sproto, sizeof(struct ifbrparam),
613 BC_F_COPYIN|BC_F_SUSER },
614
615 { bridge_ioctl_stxhc, sizeof(struct ifbrparam),
616 BC_F_COPYIN|BC_F_SUSER },
617
618 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq),
619 BC_F_COPYIN|BC_F_SUSER },
620
621 };
622 static const int bridge_control_table_size = nitems(bridge_control_table);
623
624 VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list) =
625 LIST_HEAD_INITIALIZER();
626 #define V_bridge_list VNET(bridge_list)
627 #define BRIDGE_LIST_LOCK_INIT(x) sx_init(&V_bridge_list_sx, \
628 "if_bridge list")
629 #define BRIDGE_LIST_LOCK_DESTROY(x) sx_destroy(&V_bridge_list_sx)
630 #define BRIDGE_LIST_LOCK(x) sx_xlock(&V_bridge_list_sx)
631 #define BRIDGE_LIST_UNLOCK(x) sx_xunlock(&V_bridge_list_sx)
632
633 VNET_DEFINE_STATIC(struct if_clone *, bridge_cloner);
634 #define V_bridge_cloner VNET(bridge_cloner)
635
636 static const char bridge_name[] = "bridge";
637
638 static void
vnet_bridge_init(const void * unused __unused)639 vnet_bridge_init(const void *unused __unused)
640 {
641
642 V_bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
643 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
644 UMA_ALIGN_PTR, 0);
645 BRIDGE_LIST_LOCK_INIT();
646
647 struct if_clone_addreq req = {
648 .create_f = bridge_clone_create,
649 .destroy_f = bridge_clone_destroy,
650 .flags = IFC_F_AUTOUNIT,
651 };
652 V_bridge_cloner = ifc_attach_cloner(bridge_name, &req);
653 }
654 VNET_SYSINIT(vnet_bridge_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
655 vnet_bridge_init, NULL);
656
657 static void
vnet_bridge_uninit(const void * unused __unused)658 vnet_bridge_uninit(const void *unused __unused)
659 {
660
661 ifc_detach_cloner(V_bridge_cloner);
662 V_bridge_cloner = NULL;
663 BRIDGE_LIST_LOCK_DESTROY();
664
665 /* Callbacks may use the UMA zone. */
666 NET_EPOCH_DRAIN_CALLBACKS();
667
668 uma_zdestroy(V_bridge_rtnode_zone);
669 }
670 VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY,
671 vnet_bridge_uninit, NULL);
672
673 static int
bridge_modevent(module_t mod,int type,void * data)674 bridge_modevent(module_t mod, int type, void *data)
675 {
676
677 switch (type) {
678 case MOD_LOAD:
679 bridge_dn_p = bridge_dummynet;
680 bridge_same_p = bridge_same;
681 bridge_get_softc_p = bridge_get_softc;
682 bridge_member_ifaddrs_p = bridge_member_ifaddrs;
683 bridge_detach_cookie = EVENTHANDLER_REGISTER(
684 ifnet_departure_event, bridge_ifdetach, NULL,
685 EVENTHANDLER_PRI_ANY);
686 break;
687 case MOD_UNLOAD:
688 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
689 bridge_detach_cookie);
690 bridge_dn_p = NULL;
691 bridge_same_p = NULL;
692 bridge_get_softc_p = NULL;
693 bridge_member_ifaddrs_p = NULL;
694 break;
695 default:
696 return (EOPNOTSUPP);
697 }
698 return (0);
699 }
700
701 static moduledata_t bridge_mod = {
702 "if_bridge",
703 bridge_modevent,
704 0
705 };
706
707 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
708 MODULE_VERSION(if_bridge, 1);
709 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
710
711 /*
712 * handler for net.link.bridge.ipfw
713 */
714 static int
sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)715 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
716 {
717 int enable = V_pfil_ipfw;
718 int error;
719
720 error = sysctl_handle_int(oidp, &enable, 0, req);
721 enable &= 1;
722
723 if (enable != V_pfil_ipfw) {
724 V_pfil_ipfw = enable;
725
726 /*
727 * Disable pfil so that ipfw doesnt run twice, if the user
728 * really wants both then they can re-enable pfil_bridge and/or
729 * pfil_member. Also allow non-ip packets as ipfw can filter by
730 * layer2 type.
731 */
732 if (V_pfil_ipfw) {
733 V_pfil_onlyip = 0;
734 V_pfil_bridge = 0;
735 V_pfil_member = 0;
736 }
737 }
738
739 return (error);
740 }
741 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw,
742 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_VNET | CTLFLAG_NEEDGIANT,
743 &VNET_NAME(pfil_ipfw), 0, &sysctl_pfil_ipfw, "I",
744 "Layer2 filter with IPFW");
745
746 #ifdef VIMAGE
747 static void
bridge_reassign(struct ifnet * ifp,struct vnet * newvnet,char * arg)748 bridge_reassign(struct ifnet *ifp, struct vnet *newvnet, char *arg)
749 {
750 struct bridge_softc *sc = ifp->if_softc;
751 struct bridge_iflist *bif;
752
753 BRIDGE_LOCK(sc);
754
755 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
756 bridge_delete_member(sc, bif, 0);
757
758 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
759 bridge_delete_span(sc, bif);
760 }
761
762 BRIDGE_UNLOCK(sc);
763
764 ether_reassign(ifp, newvnet, arg);
765 }
766 #endif
767
768 /*
769 * bridge_get_softc:
770 *
771 * Return the bridge softc for an ifnet.
772 */
773 static void *
bridge_get_softc(struct ifnet * ifp)774 bridge_get_softc(struct ifnet *ifp)
775 {
776 struct bridge_iflist *bif;
777
778 NET_EPOCH_ASSERT();
779
780 bif = ifp->if_bridge;
781 if (bif == NULL)
782 return (NULL);
783 return (bif->bif_sc);
784 }
785
786 /*
787 * bridge_same:
788 *
789 * Return true if two interfaces are in the same bridge. This is only used by
790 * bridgestp via bridge_same_p.
791 */
792 static bool
bridge_same(const void * bifap,const void * bifbp)793 bridge_same(const void *bifap, const void *bifbp)
794 {
795 const struct bridge_iflist *bifa = bifap, *bifb = bifbp;
796
797 NET_EPOCH_ASSERT();
798
799 if (bifa == NULL || bifb == NULL)
800 return (false);
801
802 return (bifa->bif_sc == bifb->bif_sc);
803 }
804
805 /*
806 * bridge_clone_create:
807 *
808 * Create a new bridge instance.
809 */
810 static int
bridge_clone_create(struct if_clone * ifc,char * name,size_t len,struct ifc_data * ifd,struct ifnet ** ifpp)811 bridge_clone_create(struct if_clone *ifc, char *name, size_t len,
812 struct ifc_data *ifd, struct ifnet **ifpp)
813 {
814 struct bridge_softc *sc;
815 struct ifnet *ifp;
816
817 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
818 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
819
820 BRIDGE_LOCK_INIT(sc);
821 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
822 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
823
824 /* Initialize our routing table. */
825 bridge_rtable_init(sc);
826
827 callout_init_mtx(&sc->sc_brcallout, &sc->sc_rt_mtx, 0);
828
829 CK_LIST_INIT(&sc->sc_iflist);
830 CK_LIST_INIT(&sc->sc_spanlist);
831
832 ifp->if_softc = sc;
833 if_initname(ifp, bridge_name, ifd->unit);
834 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
835 ifp->if_ioctl = bridge_ioctl;
836 #ifdef ALTQ
837 ifp->if_start = bridge_altq_start;
838 ifp->if_transmit = bridge_altq_transmit;
839 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
840 ifp->if_snd.ifq_drv_maxlen = 0;
841 IFQ_SET_READY(&ifp->if_snd);
842 #else
843 ifp->if_transmit = bridge_transmit;
844 #endif
845 ifp->if_qflush = bridge_qflush;
846 ifp->if_init = bridge_init;
847 ifp->if_type = IFT_BRIDGE;
848
849 ether_gen_addr(ifp, &sc->sc_defaddr);
850
851 bstp_attach(&sc->sc_stp, &bridge_ops);
852 ether_ifattach(ifp, sc->sc_defaddr.octet);
853 /* Now undo some of the damage... */
854 ifp->if_baudrate = 0;
855 #ifdef VIMAGE
856 ifp->if_reassign = bridge_reassign;
857 #endif
858 sc->sc_if_input = ifp->if_input; /* ether_input */
859 ifp->if_input = bridge_inject;
860
861 /*
862 * Allow BRIDGE_INPUT() to pass in packets originating from the bridge
863 * itself via bridge_inject(). This is required for netmap but
864 * otherwise has no effect.
865 */
866 ifp->if_bridge_input = bridge_input;
867
868 BRIDGE_LIST_LOCK();
869 LIST_INSERT_HEAD(&V_bridge_list, sc, sc_list);
870 BRIDGE_LIST_UNLOCK();
871 *ifpp = ifp;
872
873 return (0);
874 }
875
876 static void
bridge_clone_destroy_cb(struct epoch_context * ctx)877 bridge_clone_destroy_cb(struct epoch_context *ctx)
878 {
879 struct bridge_softc *sc;
880
881 sc = __containerof(ctx, struct bridge_softc, sc_epoch_ctx);
882
883 BRIDGE_LOCK_DESTROY(sc);
884 free(sc, M_DEVBUF);
885 }
886
887 /*
888 * bridge_clone_destroy:
889 *
890 * Destroy a bridge instance.
891 */
892 static int
bridge_clone_destroy(struct if_clone * ifc,struct ifnet * ifp,uint32_t flags)893 bridge_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags)
894 {
895 struct bridge_softc *sc = ifp->if_softc;
896 struct bridge_iflist *bif;
897 struct epoch_tracker et;
898
899 BRIDGE_LOCK(sc);
900
901 bridge_stop(ifp, 1);
902 ifp->if_flags &= ~IFF_UP;
903
904 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
905 bridge_delete_member(sc, bif, 0);
906
907 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
908 bridge_delete_span(sc, bif);
909 }
910
911 /* Tear down the routing table. */
912 bridge_rtable_fini(sc);
913
914 BRIDGE_UNLOCK(sc);
915
916 NET_EPOCH_ENTER(et);
917
918 callout_drain(&sc->sc_brcallout);
919
920 BRIDGE_LIST_LOCK();
921 LIST_REMOVE(sc, sc_list);
922 BRIDGE_LIST_UNLOCK();
923
924 bstp_detach(&sc->sc_stp);
925 #ifdef ALTQ
926 IFQ_PURGE(&ifp->if_snd);
927 #endif
928 NET_EPOCH_EXIT(et);
929
930 ether_ifdetach(ifp);
931 if_free(ifp);
932
933 NET_EPOCH_CALL(bridge_clone_destroy_cb, &sc->sc_epoch_ctx);
934
935 return (0);
936 }
937
938 /*
939 * bridge_ioctl:
940 *
941 * Handle a control request from the operator.
942 */
943 static int
bridge_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)944 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
945 {
946 struct bridge_softc *sc = ifp->if_softc;
947 struct ifreq *ifr = (struct ifreq *)data;
948 struct bridge_iflist *bif;
949 struct thread *td = curthread;
950 union {
951 struct ifbreq ifbreq;
952 struct ifbifconf ifbifconf;
953 struct ifbareq ifbareq;
954 struct ifbaconf ifbaconf;
955 struct ifbrparam ifbrparam;
956 struct ifbropreq ifbropreq;
957 } args;
958 struct ifdrv *ifd = (struct ifdrv *) data;
959 const struct bridge_control *bc;
960 int error = 0, oldmtu;
961
962 BRIDGE_LOCK(sc);
963
964 switch (cmd) {
965 case SIOCADDMULTI:
966 case SIOCDELMULTI:
967 break;
968
969 case SIOCGDRVSPEC:
970 case SIOCSDRVSPEC:
971 if (ifd->ifd_cmd >= bridge_control_table_size) {
972 error = EINVAL;
973 break;
974 }
975 bc = &bridge_control_table[ifd->ifd_cmd];
976
977 if (cmd == SIOCGDRVSPEC &&
978 (bc->bc_flags & BC_F_COPYOUT) == 0) {
979 error = EINVAL;
980 break;
981 }
982 else if (cmd == SIOCSDRVSPEC &&
983 (bc->bc_flags & BC_F_COPYOUT) != 0) {
984 error = EINVAL;
985 break;
986 }
987
988 if (bc->bc_flags & BC_F_SUSER) {
989 error = priv_check(td, PRIV_NET_BRIDGE);
990 if (error)
991 break;
992 }
993
994 if (ifd->ifd_len != bc->bc_argsize ||
995 ifd->ifd_len > sizeof(args)) {
996 error = EINVAL;
997 break;
998 }
999
1000 bzero(&args, sizeof(args));
1001 if (bc->bc_flags & BC_F_COPYIN) {
1002 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
1003 if (error)
1004 break;
1005 }
1006
1007 oldmtu = ifp->if_mtu;
1008 error = (*bc->bc_func)(sc, &args);
1009 if (error)
1010 break;
1011
1012 /*
1013 * Bridge MTU may change during addition of the first port.
1014 * If it did, do network layer specific procedure.
1015 */
1016 if (ifp->if_mtu != oldmtu)
1017 if_notifymtu(ifp);
1018
1019 if (bc->bc_flags & BC_F_COPYOUT)
1020 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
1021
1022 break;
1023
1024 case SIOCSIFFLAGS:
1025 if (!(ifp->if_flags & IFF_UP) &&
1026 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1027 /*
1028 * If interface is marked down and it is running,
1029 * then stop and disable it.
1030 */
1031 bridge_stop(ifp, 1);
1032 } else if ((ifp->if_flags & IFF_UP) &&
1033 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1034 /*
1035 * If interface is marked up and it is stopped, then
1036 * start it.
1037 */
1038 BRIDGE_UNLOCK(sc);
1039 (*ifp->if_init)(sc);
1040 BRIDGE_LOCK(sc);
1041 }
1042 break;
1043
1044 case SIOCSIFMTU:
1045 oldmtu = sc->sc_ifp->if_mtu;
1046
1047 if (ifr->ifr_mtu < IF_MINMTU) {
1048 error = EINVAL;
1049 break;
1050 }
1051 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1052 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1053 break;
1054 }
1055 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1056 error = (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1057 SIOCSIFMTU, (caddr_t)ifr);
1058 if (error != 0) {
1059 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1060 " member %s\n", sc->sc_ifp->if_xname,
1061 ifr->ifr_mtu,
1062 bif->bif_ifp->if_xname);
1063 error = EINVAL;
1064 break;
1065 }
1066 }
1067 if (error) {
1068 /* Restore the previous MTU on all member interfaces. */
1069 ifr->ifr_mtu = oldmtu;
1070 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1071 (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1072 SIOCSIFMTU, (caddr_t)ifr);
1073 }
1074 } else {
1075 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1076 }
1077 break;
1078 default:
1079 /*
1080 * drop the lock as ether_ioctl() will call bridge_start() and
1081 * cause the lock to be recursed.
1082 */
1083 BRIDGE_UNLOCK(sc);
1084 error = ether_ioctl(ifp, cmd, data);
1085 BRIDGE_LOCK(sc);
1086 break;
1087 }
1088
1089 BRIDGE_UNLOCK(sc);
1090
1091 return (error);
1092 }
1093
1094 /*
1095 * bridge_mutecaps:
1096 *
1097 * Clear or restore unwanted capabilities on the member interface
1098 */
1099 static void
bridge_mutecaps(struct bridge_softc * sc)1100 bridge_mutecaps(struct bridge_softc *sc)
1101 {
1102 struct bridge_iflist *bif;
1103 int enabled, mask;
1104
1105 BRIDGE_LOCK_ASSERT(sc);
1106
1107 /* Initial bitmask of capabilities to test */
1108 mask = BRIDGE_IFCAPS_MASK;
1109
1110 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1111 /* Every member must support it or its disabled */
1112 mask &= bif->bif_savedcaps;
1113 }
1114
1115 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1116 enabled = bif->bif_ifp->if_capenable;
1117 enabled &= ~BRIDGE_IFCAPS_STRIP;
1118 /* strip off mask bits and enable them again if allowed */
1119 enabled &= ~BRIDGE_IFCAPS_MASK;
1120 enabled |= mask;
1121 bridge_set_ifcap(sc, bif, enabled);
1122 }
1123 }
1124
1125 static void
bridge_set_ifcap(struct bridge_softc * sc,struct bridge_iflist * bif,int set)1126 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set)
1127 {
1128 struct ifnet *ifp = bif->bif_ifp;
1129 struct ifreq ifr;
1130 int error, mask, stuck;
1131
1132 bzero(&ifr, sizeof(ifr));
1133 ifr.ifr_reqcap = set;
1134
1135 if (ifp->if_capenable != set) {
1136 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
1137 if (error)
1138 if_printf(sc->sc_ifp,
1139 "error setting capabilities on %s: %d\n",
1140 ifp->if_xname, error);
1141 mask = BRIDGE_IFCAPS_MASK | BRIDGE_IFCAPS_STRIP;
1142 stuck = ifp->if_capenable & mask & ~set;
1143 if (stuck != 0)
1144 if_printf(sc->sc_ifp,
1145 "can't disable some capabilities on %s: 0x%x\n",
1146 ifp->if_xname, stuck);
1147 }
1148 }
1149
1150 /*
1151 * bridge_lookup_member:
1152 *
1153 * Lookup a bridge member interface.
1154 */
1155 static struct bridge_iflist *
bridge_lookup_member(struct bridge_softc * sc,const char * name)1156 bridge_lookup_member(struct bridge_softc *sc, const char *name)
1157 {
1158 struct bridge_iflist *bif;
1159 struct ifnet *ifp;
1160
1161 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1162
1163 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1164 ifp = bif->bif_ifp;
1165 if (strcmp(ifp->if_xname, name) == 0)
1166 return (bif);
1167 }
1168
1169 return (NULL);
1170 }
1171
1172 /*
1173 * bridge_lookup_member_if:
1174 *
1175 * Lookup a bridge member interface by ifnet*.
1176 */
1177 static struct bridge_iflist *
bridge_lookup_member_if(struct bridge_softc * sc,struct ifnet * member_ifp)1178 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
1179 {
1180 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1181 return (member_ifp->if_bridge);
1182 }
1183
1184 static void
bridge_delete_member_cb(struct epoch_context * ctx)1185 bridge_delete_member_cb(struct epoch_context *ctx)
1186 {
1187 struct bridge_iflist *bif;
1188
1189 bif = __containerof(ctx, struct bridge_iflist, bif_epoch_ctx);
1190
1191 free(bif, M_DEVBUF);
1192 }
1193
1194 /*
1195 * bridge_delete_member:
1196 *
1197 * Delete the specified member interface.
1198 */
1199 static void
bridge_delete_member(struct bridge_softc * sc,struct bridge_iflist * bif,int gone)1200 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
1201 int gone)
1202 {
1203 struct ifnet *ifs = bif->bif_ifp;
1204 struct ifnet *fif = NULL;
1205 struct bridge_iflist *bifl;
1206
1207 BRIDGE_LOCK_ASSERT(sc);
1208
1209 if (bif->bif_flags & IFBIF_STP)
1210 bstp_disable(&bif->bif_stp);
1211
1212 ifs->if_bridge = NULL;
1213 CK_LIST_REMOVE(bif, bif_next);
1214
1215 /*
1216 * If removing the interface that gave the bridge its mac address, set
1217 * the mac address of the bridge to the address of the next member, or
1218 * to its default address if no members are left.
1219 */
1220 if (V_bridge_inherit_mac && sc->sc_ifaddr == ifs) {
1221 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1222 bcopy(&sc->sc_defaddr,
1223 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1224 sc->sc_ifaddr = NULL;
1225 } else {
1226 bifl = CK_LIST_FIRST(&sc->sc_iflist);
1227 fif = bifl->bif_ifp;
1228 bcopy(IF_LLADDR(fif),
1229 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1230 sc->sc_ifaddr = fif;
1231 }
1232 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1233 }
1234
1235 bridge_linkcheck(sc);
1236 bridge_mutecaps(sc); /* recalcuate now this interface is removed */
1237 BRIDGE_RT_LOCK(sc);
1238 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
1239 BRIDGE_RT_UNLOCK(sc);
1240 KASSERT(bif->bif_addrcnt == 0,
1241 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt));
1242
1243 ifs->if_bridge_output = NULL;
1244 ifs->if_bridge_input = NULL;
1245 ifs->if_bridge_linkstate = NULL;
1246 if (!gone) {
1247 switch (ifs->if_type) {
1248 case IFT_ETHER:
1249 case IFT_L2VLAN:
1250 /*
1251 * Take the interface out of promiscuous mode, but only
1252 * if it was promiscuous in the first place. It might
1253 * not be if we're in the bridge_ioctl_add() error path.
1254 */
1255 if (ifs->if_flags & IFF_PROMISC)
1256 (void) ifpromisc(ifs, 0);
1257 break;
1258
1259 case IFT_GIF:
1260 break;
1261
1262 default:
1263 #ifdef DIAGNOSTIC
1264 panic("bridge_delete_member: impossible");
1265 #endif
1266 break;
1267 }
1268 /* reneable any interface capabilities */
1269 bridge_set_ifcap(sc, bif, bif->bif_savedcaps);
1270 }
1271 bstp_destroy(&bif->bif_stp); /* prepare to free */
1272
1273 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1274 }
1275
1276 /*
1277 * bridge_delete_span:
1278 *
1279 * Delete the specified span interface.
1280 */
1281 static void
bridge_delete_span(struct bridge_softc * sc,struct bridge_iflist * bif)1282 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
1283 {
1284 BRIDGE_LOCK_ASSERT(sc);
1285
1286 KASSERT(bif->bif_ifp->if_bridge == NULL,
1287 ("%s: not a span interface", __func__));
1288
1289 CK_LIST_REMOVE(bif, bif_next);
1290
1291 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1292 }
1293
1294 static int
bridge_ioctl_add(struct bridge_softc * sc,void * arg)1295 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
1296 {
1297 struct ifbreq *req = arg;
1298 struct bridge_iflist *bif = NULL;
1299 struct ifnet *ifs;
1300 int error = 0;
1301
1302 ifs = ifunit(req->ifbr_ifsname);
1303 if (ifs == NULL)
1304 return (ENOENT);
1305 if (ifs->if_ioctl == NULL) /* must be supported */
1306 return (EINVAL);
1307
1308 /* If it's in the span list, it can't be a member. */
1309 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1310 if (ifs == bif->bif_ifp)
1311 return (EBUSY);
1312
1313 if (ifs->if_bridge) {
1314 struct bridge_iflist *sbif = ifs->if_bridge;
1315 if (sbif->bif_sc == sc)
1316 return (EEXIST);
1317
1318 return (EBUSY);
1319 }
1320
1321 switch (ifs->if_type) {
1322 case IFT_ETHER:
1323 case IFT_L2VLAN:
1324 case IFT_GIF:
1325 /* permitted interface types */
1326 break;
1327 default:
1328 return (EINVAL);
1329 }
1330
1331 #ifdef INET6
1332 /*
1333 * Two valid inet6 addresses with link-local scope must not be
1334 * on the parent interface and the member interfaces at the
1335 * same time. This restriction is needed to prevent violation
1336 * of link-local scope zone. Attempts to add a member
1337 * interface which has inet6 addresses when the parent has
1338 * inet6 triggers removal of all inet6 addresses on the member
1339 * interface.
1340 */
1341
1342 /* Check if the parent interface has a link-local scope addr. */
1343 if (V_allow_llz_overlap == 0 &&
1344 in6ifa_llaonifp(sc->sc_ifp) != NULL) {
1345 /*
1346 * If any, remove all inet6 addresses from the member
1347 * interfaces.
1348 */
1349 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1350 if (in6ifa_llaonifp(bif->bif_ifp)) {
1351 in6_ifdetach(bif->bif_ifp);
1352 if_printf(sc->sc_ifp,
1353 "IPv6 addresses on %s have been removed "
1354 "before adding it as a member to prevent "
1355 "IPv6 address scope violation.\n",
1356 bif->bif_ifp->if_xname);
1357 }
1358 }
1359 if (in6ifa_llaonifp(ifs)) {
1360 in6_ifdetach(ifs);
1361 if_printf(sc->sc_ifp,
1362 "IPv6 addresses on %s have been removed "
1363 "before adding it as a member to prevent "
1364 "IPv6 address scope violation.\n",
1365 ifs->if_xname);
1366 }
1367 }
1368 #endif
1369
1370 /*
1371 * If member_ifaddrs is disabled, do not allow an interface with
1372 * assigned IP addresses to be added to a bridge.
1373 */
1374 if (!V_member_ifaddrs) {
1375 struct ifaddr *ifa;
1376
1377 CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
1378 #ifdef INET
1379 if (ifa->ifa_addr->sa_family == AF_INET)
1380 return (EINVAL);
1381 #endif
1382 #ifdef INET6
1383 if (ifa->ifa_addr->sa_family == AF_INET6)
1384 return (EINVAL);
1385 #endif
1386 }
1387 }
1388
1389 /* Allow the first Ethernet member to define the MTU */
1390 if (CK_LIST_EMPTY(&sc->sc_iflist))
1391 sc->sc_ifp->if_mtu = ifs->if_mtu;
1392 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
1393 struct ifreq ifr;
1394
1395 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s",
1396 ifs->if_xname);
1397 ifr.ifr_mtu = sc->sc_ifp->if_mtu;
1398
1399 error = (*ifs->if_ioctl)(ifs,
1400 SIOCSIFMTU, (caddr_t)&ifr);
1401 if (error != 0) {
1402 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1403 " new member %s\n", sc->sc_ifp->if_xname,
1404 ifr.ifr_mtu,
1405 ifs->if_xname);
1406 return (EINVAL);
1407 }
1408 }
1409
1410 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1411 if (bif == NULL)
1412 return (ENOMEM);
1413
1414 bif->bif_sc = sc;
1415 bif->bif_ifp = ifs;
1416 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
1417 bif->bif_savedcaps = ifs->if_capenable;
1418
1419 /*
1420 * Assign the interface's MAC address to the bridge if it's the first
1421 * member and the MAC address of the bridge has not been changed from
1422 * the default randomly generated one.
1423 */
1424 if (V_bridge_inherit_mac && CK_LIST_EMPTY(&sc->sc_iflist) &&
1425 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr.octet, ETHER_ADDR_LEN)) {
1426 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1427 sc->sc_ifaddr = ifs;
1428 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1429 }
1430
1431 ifs->if_bridge = bif;
1432 ifs->if_bridge_output = bridge_output;
1433 ifs->if_bridge_input = bridge_input;
1434 ifs->if_bridge_linkstate = bridge_linkstate;
1435 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp);
1436 /*
1437 * XXX: XLOCK HERE!?!
1438 *
1439 * NOTE: insert_***HEAD*** should be safe for the traversals.
1440 */
1441 CK_LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
1442
1443 /* Set interface capabilities to the intersection set of all members */
1444 bridge_mutecaps(sc);
1445 bridge_linkcheck(sc);
1446
1447 /* Place the interface into promiscuous mode */
1448 switch (ifs->if_type) {
1449 case IFT_ETHER:
1450 case IFT_L2VLAN:
1451 error = ifpromisc(ifs, 1);
1452 break;
1453 }
1454
1455 if (error)
1456 bridge_delete_member(sc, bif, 0);
1457 return (error);
1458 }
1459
1460 static int
bridge_ioctl_del(struct bridge_softc * sc,void * arg)1461 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
1462 {
1463 struct ifbreq *req = arg;
1464 struct bridge_iflist *bif;
1465
1466 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1467 if (bif == NULL)
1468 return (ENOENT);
1469
1470 bridge_delete_member(sc, bif, 0);
1471
1472 return (0);
1473 }
1474
1475 static int
bridge_ioctl_gifflags(struct bridge_softc * sc,void * arg)1476 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
1477 {
1478 struct ifbreq *req = arg;
1479 struct bridge_iflist *bif;
1480 struct bstp_port *bp;
1481
1482 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1483 if (bif == NULL)
1484 return (ENOENT);
1485
1486 bp = &bif->bif_stp;
1487 req->ifbr_ifsflags = bif->bif_flags;
1488 req->ifbr_state = bp->bp_state;
1489 req->ifbr_priority = bp->bp_priority;
1490 req->ifbr_path_cost = bp->bp_path_cost;
1491 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1492 req->ifbr_proto = bp->bp_protover;
1493 req->ifbr_role = bp->bp_role;
1494 req->ifbr_stpflags = bp->bp_flags;
1495 req->ifbr_addrcnt = bif->bif_addrcnt;
1496 req->ifbr_addrmax = bif->bif_addrmax;
1497 req->ifbr_addrexceeded = bif->bif_addrexceeded;
1498
1499 /* Copy STP state options as flags */
1500 if (bp->bp_operedge)
1501 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE;
1502 if (bp->bp_flags & BSTP_PORT_AUTOEDGE)
1503 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE;
1504 if (bp->bp_ptp_link)
1505 req->ifbr_ifsflags |= IFBIF_BSTP_PTP;
1506 if (bp->bp_flags & BSTP_PORT_AUTOPTP)
1507 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP;
1508 if (bp->bp_flags & BSTP_PORT_ADMEDGE)
1509 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE;
1510 if (bp->bp_flags & BSTP_PORT_ADMCOST)
1511 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST;
1512 return (0);
1513 }
1514
1515 static int
bridge_ioctl_sifflags(struct bridge_softc * sc,void * arg)1516 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1517 {
1518 struct epoch_tracker et;
1519 struct ifbreq *req = arg;
1520 struct bridge_iflist *bif;
1521 struct bstp_port *bp;
1522 int error;
1523
1524 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1525 if (bif == NULL)
1526 return (ENOENT);
1527 bp = &bif->bif_stp;
1528
1529 if (req->ifbr_ifsflags & IFBIF_SPAN)
1530 /* SPAN is readonly */
1531 return (EINVAL);
1532
1533 NET_EPOCH_ENTER(et);
1534
1535 if (req->ifbr_ifsflags & IFBIF_STP) {
1536 if ((bif->bif_flags & IFBIF_STP) == 0) {
1537 error = bstp_enable(&bif->bif_stp);
1538 if (error) {
1539 NET_EPOCH_EXIT(et);
1540 return (error);
1541 }
1542 }
1543 } else {
1544 if ((bif->bif_flags & IFBIF_STP) != 0)
1545 bstp_disable(&bif->bif_stp);
1546 }
1547
1548 /* Pass on STP flags */
1549 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0);
1550 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0);
1551 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0);
1552 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0);
1553
1554 /* Save the bits relating to the bridge */
1555 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK;
1556
1557 NET_EPOCH_EXIT(et);
1558
1559 return (0);
1560 }
1561
1562 static int
bridge_ioctl_scache(struct bridge_softc * sc,void * arg)1563 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1564 {
1565 struct ifbrparam *param = arg;
1566
1567 sc->sc_brtmax = param->ifbrp_csize;
1568 bridge_rttrim(sc);
1569
1570 return (0);
1571 }
1572
1573 static int
bridge_ioctl_gcache(struct bridge_softc * sc,void * arg)1574 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1575 {
1576 struct ifbrparam *param = arg;
1577
1578 param->ifbrp_csize = sc->sc_brtmax;
1579
1580 return (0);
1581 }
1582
1583 static int
bridge_ioctl_gifs(struct bridge_softc * sc,void * arg)1584 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1585 {
1586 struct ifbifconf *bifc = arg;
1587 struct bridge_iflist *bif;
1588 struct ifbreq breq;
1589 char *buf, *outbuf;
1590 int count, buflen, len, error = 0;
1591
1592 count = 0;
1593 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1594 count++;
1595 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1596 count++;
1597
1598 buflen = sizeof(breq) * count;
1599 if (bifc->ifbic_len == 0) {
1600 bifc->ifbic_len = buflen;
1601 return (0);
1602 }
1603 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1604 if (outbuf == NULL)
1605 return (ENOMEM);
1606
1607 count = 0;
1608 buf = outbuf;
1609 len = min(bifc->ifbic_len, buflen);
1610 bzero(&breq, sizeof(breq));
1611 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1612 if (len < sizeof(breq))
1613 break;
1614
1615 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1616 sizeof(breq.ifbr_ifsname));
1617 /* Fill in the ifbreq structure */
1618 error = bridge_ioctl_gifflags(sc, &breq);
1619 if (error)
1620 break;
1621 memcpy(buf, &breq, sizeof(breq));
1622 count++;
1623 buf += sizeof(breq);
1624 len -= sizeof(breq);
1625 }
1626 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1627 if (len < sizeof(breq))
1628 break;
1629
1630 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1631 sizeof(breq.ifbr_ifsname));
1632 breq.ifbr_ifsflags = bif->bif_flags;
1633 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1634 memcpy(buf, &breq, sizeof(breq));
1635 count++;
1636 buf += sizeof(breq);
1637 len -= sizeof(breq);
1638 }
1639
1640 bifc->ifbic_len = sizeof(breq) * count;
1641 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len);
1642 free(outbuf, M_TEMP);
1643 return (error);
1644 }
1645
1646 static int
bridge_ioctl_rts(struct bridge_softc * sc,void * arg)1647 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1648 {
1649 struct ifbaconf *bac = arg;
1650 struct bridge_rtnode *brt;
1651 struct ifbareq bareq;
1652 char *buf, *outbuf;
1653 int count, buflen, len, error = 0;
1654
1655 if (bac->ifbac_len == 0)
1656 return (0);
1657
1658 count = 0;
1659 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list)
1660 count++;
1661 buflen = sizeof(bareq) * count;
1662
1663 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1664 if (outbuf == NULL)
1665 return (ENOMEM);
1666
1667 count = 0;
1668 buf = outbuf;
1669 len = min(bac->ifbac_len, buflen);
1670 bzero(&bareq, sizeof(bareq));
1671 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1672 if (len < sizeof(bareq))
1673 goto out;
1674 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1675 sizeof(bareq.ifba_ifsname));
1676 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1677 bareq.ifba_vlan = brt->brt_vlan;
1678 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1679 time_uptime < brt->brt_expire)
1680 bareq.ifba_expire = brt->brt_expire - time_uptime;
1681 else
1682 bareq.ifba_expire = 0;
1683 bareq.ifba_flags = brt->brt_flags;
1684
1685 memcpy(buf, &bareq, sizeof(bareq));
1686 count++;
1687 buf += sizeof(bareq);
1688 len -= sizeof(bareq);
1689 }
1690 out:
1691 bac->ifbac_len = sizeof(bareq) * count;
1692 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len);
1693 free(outbuf, M_TEMP);
1694 return (error);
1695 }
1696
1697 static int
bridge_ioctl_saddr(struct bridge_softc * sc,void * arg)1698 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1699 {
1700 struct ifbareq *req = arg;
1701 struct bridge_iflist *bif;
1702 struct epoch_tracker et;
1703 int error;
1704
1705 NET_EPOCH_ENTER(et);
1706 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1707 if (bif == NULL) {
1708 NET_EPOCH_EXIT(et);
1709 return (ENOENT);
1710 }
1711
1712 /* bridge_rtupdate() may acquire the lock. */
1713 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1,
1714 req->ifba_flags);
1715 NET_EPOCH_EXIT(et);
1716
1717 return (error);
1718 }
1719
1720 static int
bridge_ioctl_sto(struct bridge_softc * sc,void * arg)1721 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1722 {
1723 struct ifbrparam *param = arg;
1724
1725 sc->sc_brttimeout = param->ifbrp_ctime;
1726 return (0);
1727 }
1728
1729 static int
bridge_ioctl_gto(struct bridge_softc * sc,void * arg)1730 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1731 {
1732 struct ifbrparam *param = arg;
1733
1734 param->ifbrp_ctime = sc->sc_brttimeout;
1735 return (0);
1736 }
1737
1738 static int
bridge_ioctl_daddr(struct bridge_softc * sc,void * arg)1739 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1740 {
1741 struct ifbareq *req = arg;
1742 int vlan = req->ifba_vlan;
1743
1744 /* Userspace uses '0' to mean 'any vlan' */
1745 if (vlan == 0)
1746 vlan = DOT1Q_VID_RSVD_IMPL;
1747
1748 return (bridge_rtdaddr(sc, req->ifba_dst, vlan));
1749 }
1750
1751 static int
bridge_ioctl_flush(struct bridge_softc * sc,void * arg)1752 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1753 {
1754 struct ifbreq *req = arg;
1755
1756 BRIDGE_RT_LOCK(sc);
1757 bridge_rtflush(sc, req->ifbr_ifsflags);
1758 BRIDGE_RT_UNLOCK(sc);
1759
1760 return (0);
1761 }
1762
1763 static int
bridge_ioctl_gpri(struct bridge_softc * sc,void * arg)1764 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1765 {
1766 struct ifbrparam *param = arg;
1767 struct bstp_state *bs = &sc->sc_stp;
1768
1769 param->ifbrp_prio = bs->bs_bridge_priority;
1770 return (0);
1771 }
1772
1773 static int
bridge_ioctl_spri(struct bridge_softc * sc,void * arg)1774 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1775 {
1776 struct ifbrparam *param = arg;
1777
1778 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio));
1779 }
1780
1781 static int
bridge_ioctl_ght(struct bridge_softc * sc,void * arg)1782 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1783 {
1784 struct ifbrparam *param = arg;
1785 struct bstp_state *bs = &sc->sc_stp;
1786
1787 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8;
1788 return (0);
1789 }
1790
1791 static int
bridge_ioctl_sht(struct bridge_softc * sc,void * arg)1792 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1793 {
1794 struct ifbrparam *param = arg;
1795
1796 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime));
1797 }
1798
1799 static int
bridge_ioctl_gfd(struct bridge_softc * sc,void * arg)1800 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1801 {
1802 struct ifbrparam *param = arg;
1803 struct bstp_state *bs = &sc->sc_stp;
1804
1805 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8;
1806 return (0);
1807 }
1808
1809 static int
bridge_ioctl_sfd(struct bridge_softc * sc,void * arg)1810 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1811 {
1812 struct ifbrparam *param = arg;
1813
1814 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay));
1815 }
1816
1817 static int
bridge_ioctl_gma(struct bridge_softc * sc,void * arg)1818 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1819 {
1820 struct ifbrparam *param = arg;
1821 struct bstp_state *bs = &sc->sc_stp;
1822
1823 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1824 return (0);
1825 }
1826
1827 static int
bridge_ioctl_sma(struct bridge_softc * sc,void * arg)1828 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1829 {
1830 struct ifbrparam *param = arg;
1831
1832 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage));
1833 }
1834
1835 static int
bridge_ioctl_sifprio(struct bridge_softc * sc,void * arg)1836 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1837 {
1838 struct ifbreq *req = arg;
1839 struct bridge_iflist *bif;
1840
1841 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1842 if (bif == NULL)
1843 return (ENOENT);
1844
1845 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority));
1846 }
1847
1848 static int
bridge_ioctl_sifcost(struct bridge_softc * sc,void * arg)1849 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1850 {
1851 struct ifbreq *req = arg;
1852 struct bridge_iflist *bif;
1853
1854 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1855 if (bif == NULL)
1856 return (ENOENT);
1857
1858 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost));
1859 }
1860
1861 static int
bridge_ioctl_sifmaxaddr(struct bridge_softc * sc,void * arg)1862 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg)
1863 {
1864 struct ifbreq *req = arg;
1865 struct bridge_iflist *bif;
1866
1867 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1868 if (bif == NULL)
1869 return (ENOENT);
1870
1871 bif->bif_addrmax = req->ifbr_addrmax;
1872 return (0);
1873 }
1874
1875 static int
bridge_ioctl_addspan(struct bridge_softc * sc,void * arg)1876 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1877 {
1878 struct ifbreq *req = arg;
1879 struct bridge_iflist *bif = NULL;
1880 struct ifnet *ifs;
1881
1882 ifs = ifunit(req->ifbr_ifsname);
1883 if (ifs == NULL)
1884 return (ENOENT);
1885
1886 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1887 if (ifs == bif->bif_ifp)
1888 return (EBUSY);
1889
1890 if (ifs->if_bridge != NULL)
1891 return (EBUSY);
1892
1893 switch (ifs->if_type) {
1894 case IFT_ETHER:
1895 case IFT_GIF:
1896 case IFT_L2VLAN:
1897 break;
1898 default:
1899 return (EINVAL);
1900 }
1901
1902 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1903 if (bif == NULL)
1904 return (ENOMEM);
1905
1906 bif->bif_ifp = ifs;
1907 bif->bif_flags = IFBIF_SPAN;
1908
1909 CK_LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1910
1911 return (0);
1912 }
1913
1914 static int
bridge_ioctl_delspan(struct bridge_softc * sc,void * arg)1915 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1916 {
1917 struct ifbreq *req = arg;
1918 struct bridge_iflist *bif;
1919 struct ifnet *ifs;
1920
1921 ifs = ifunit(req->ifbr_ifsname);
1922 if (ifs == NULL)
1923 return (ENOENT);
1924
1925 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1926 if (ifs == bif->bif_ifp)
1927 break;
1928
1929 if (bif == NULL)
1930 return (ENOENT);
1931
1932 bridge_delete_span(sc, bif);
1933
1934 return (0);
1935 }
1936
1937 static int
bridge_ioctl_gbparam(struct bridge_softc * sc,void * arg)1938 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
1939 {
1940 struct ifbropreq *req = arg;
1941 struct bstp_state *bs = &sc->sc_stp;
1942 struct bstp_port *root_port;
1943
1944 req->ifbop_maxage = bs->bs_bridge_max_age >> 8;
1945 req->ifbop_hellotime = bs->bs_bridge_htime >> 8;
1946 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8;
1947
1948 root_port = bs->bs_root_port;
1949 if (root_port == NULL)
1950 req->ifbop_root_port = 0;
1951 else
1952 req->ifbop_root_port = root_port->bp_ifp->if_index;
1953
1954 req->ifbop_holdcount = bs->bs_txholdcount;
1955 req->ifbop_priority = bs->bs_bridge_priority;
1956 req->ifbop_protocol = bs->bs_protover;
1957 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost;
1958 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id;
1959 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id;
1960 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id;
1961 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec;
1962 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec;
1963
1964 return (0);
1965 }
1966
1967 static int
bridge_ioctl_grte(struct bridge_softc * sc,void * arg)1968 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
1969 {
1970 struct ifbrparam *param = arg;
1971
1972 param->ifbrp_cexceeded = sc->sc_brtexceeded;
1973 return (0);
1974 }
1975
1976 static int
bridge_ioctl_gifsstp(struct bridge_softc * sc,void * arg)1977 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
1978 {
1979 struct ifbpstpconf *bifstp = arg;
1980 struct bridge_iflist *bif;
1981 struct bstp_port *bp;
1982 struct ifbpstpreq bpreq;
1983 char *buf, *outbuf;
1984 int count, buflen, len, error = 0;
1985
1986 count = 0;
1987 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1988 if ((bif->bif_flags & IFBIF_STP) != 0)
1989 count++;
1990 }
1991
1992 buflen = sizeof(bpreq) * count;
1993 if (bifstp->ifbpstp_len == 0) {
1994 bifstp->ifbpstp_len = buflen;
1995 return (0);
1996 }
1997
1998 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1999 if (outbuf == NULL)
2000 return (ENOMEM);
2001
2002 count = 0;
2003 buf = outbuf;
2004 len = min(bifstp->ifbpstp_len, buflen);
2005 bzero(&bpreq, sizeof(bpreq));
2006 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2007 if (len < sizeof(bpreq))
2008 break;
2009
2010 if ((bif->bif_flags & IFBIF_STP) == 0)
2011 continue;
2012
2013 bp = &bif->bif_stp;
2014 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff;
2015 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions;
2016 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost;
2017 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id;
2018 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id;
2019 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id;
2020
2021 memcpy(buf, &bpreq, sizeof(bpreq));
2022 count++;
2023 buf += sizeof(bpreq);
2024 len -= sizeof(bpreq);
2025 }
2026
2027 bifstp->ifbpstp_len = sizeof(bpreq) * count;
2028 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len);
2029 free(outbuf, M_TEMP);
2030 return (error);
2031 }
2032
2033 static int
bridge_ioctl_sproto(struct bridge_softc * sc,void * arg)2034 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg)
2035 {
2036 struct ifbrparam *param = arg;
2037
2038 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto));
2039 }
2040
2041 static int
bridge_ioctl_stxhc(struct bridge_softc * sc,void * arg)2042 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg)
2043 {
2044 struct ifbrparam *param = arg;
2045
2046 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc));
2047 }
2048
2049 /*
2050 * bridge_ifdetach:
2051 *
2052 * Detach an interface from a bridge. Called when a member
2053 * interface is detaching.
2054 */
2055 static void
bridge_ifdetach(void * arg __unused,struct ifnet * ifp)2056 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
2057 {
2058 struct bridge_iflist *bif = ifp->if_bridge;
2059 struct bridge_softc *sc = NULL;
2060
2061 if (bif)
2062 sc = bif->bif_sc;
2063
2064 if (ifp->if_flags & IFF_RENAMING)
2065 return;
2066 if (V_bridge_cloner == NULL) {
2067 /*
2068 * This detach handler can be called after
2069 * vnet_bridge_uninit(). Just return in that case.
2070 */
2071 return;
2072 }
2073 /* Check if the interface is a bridge member */
2074 if (sc != NULL) {
2075 BRIDGE_LOCK(sc);
2076 bridge_delete_member(sc, bif, 1);
2077 BRIDGE_UNLOCK(sc);
2078 return;
2079 }
2080
2081 /* Check if the interface is a span port */
2082 BRIDGE_LIST_LOCK();
2083 LIST_FOREACH(sc, &V_bridge_list, sc_list) {
2084 BRIDGE_LOCK(sc);
2085 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2086 if (ifp == bif->bif_ifp) {
2087 bridge_delete_span(sc, bif);
2088 break;
2089 }
2090
2091 BRIDGE_UNLOCK(sc);
2092 }
2093 BRIDGE_LIST_UNLOCK();
2094 }
2095
2096 /*
2097 * bridge_init:
2098 *
2099 * Initialize a bridge interface.
2100 */
2101 static void
bridge_init(void * xsc)2102 bridge_init(void *xsc)
2103 {
2104 struct bridge_softc *sc = (struct bridge_softc *)xsc;
2105 struct ifnet *ifp = sc->sc_ifp;
2106
2107 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2108 return;
2109
2110 BRIDGE_LOCK(sc);
2111 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
2112 bridge_timer, sc);
2113
2114 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2115 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
2116
2117 BRIDGE_UNLOCK(sc);
2118 }
2119
2120 /*
2121 * bridge_stop:
2122 *
2123 * Stop the bridge interface.
2124 */
2125 static void
bridge_stop(struct ifnet * ifp,int disable)2126 bridge_stop(struct ifnet *ifp, int disable)
2127 {
2128 struct bridge_softc *sc = ifp->if_softc;
2129
2130 BRIDGE_LOCK_ASSERT(sc);
2131
2132 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2133 return;
2134
2135 BRIDGE_RT_LOCK(sc);
2136 callout_stop(&sc->sc_brcallout);
2137
2138 bstp_stop(&sc->sc_stp);
2139
2140 bridge_rtflush(sc, IFBF_FLUSHDYN);
2141 BRIDGE_RT_UNLOCK(sc);
2142
2143 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
2144 }
2145
2146 /*
2147 * bridge_enqueue:
2148 *
2149 * Enqueue a packet on a bridge member interface.
2150 *
2151 */
2152 static int
bridge_enqueue(struct bridge_softc * sc,struct ifnet * dst_ifp,struct mbuf * m)2153 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
2154 {
2155 int len, err = 0;
2156 short mflags;
2157 struct mbuf *m0;
2158
2159 /* We may be sending a fragment so traverse the mbuf */
2160 for (; m; m = m0) {
2161 m0 = m->m_nextpkt;
2162 m->m_nextpkt = NULL;
2163 len = m->m_pkthdr.len;
2164 mflags = m->m_flags;
2165
2166 /*
2167 * If underlying interface can not do VLAN tag insertion itself
2168 * then attach a packet tag that holds it.
2169 */
2170 if ((m->m_flags & M_VLANTAG) &&
2171 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
2172 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag);
2173 if (m == NULL) {
2174 if_printf(dst_ifp,
2175 "unable to prepend VLAN header\n");
2176 if_inc_counter(dst_ifp, IFCOUNTER_OERRORS, 1);
2177 continue;
2178 }
2179 m->m_flags &= ~M_VLANTAG;
2180 }
2181
2182 M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */
2183 if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
2184 int n;
2185
2186 for (m = m0, n = 1; m != NULL; m = m0, n++) {
2187 m0 = m->m_nextpkt;
2188 m_freem(m);
2189 }
2190 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, n);
2191 break;
2192 }
2193
2194 if_inc_counter(sc->sc_ifp, IFCOUNTER_OPACKETS, 1);
2195 if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, len);
2196 if (mflags & M_MCAST)
2197 if_inc_counter(sc->sc_ifp, IFCOUNTER_OMCASTS, 1);
2198 }
2199
2200 return (err);
2201 }
2202
2203 /*
2204 * bridge_dummynet:
2205 *
2206 * Receive a queued packet from dummynet and pass it on to the output
2207 * interface.
2208 *
2209 * The mbuf has the Ethernet header already attached.
2210 */
2211 static void
bridge_dummynet(struct mbuf * m,struct ifnet * ifp)2212 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
2213 {
2214 struct bridge_iflist *bif = ifp->if_bridge;
2215 struct bridge_softc *sc = NULL;
2216
2217 if (bif)
2218 sc = bif->bif_sc;
2219
2220 /*
2221 * The packet didnt originate from a member interface. This should only
2222 * ever happen if a member interface is removed while packets are
2223 * queued for it.
2224 */
2225 if (sc == NULL) {
2226 m_freem(m);
2227 return;
2228 }
2229
2230 if (PFIL_HOOKED_OUT_46) {
2231 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
2232 return;
2233 if (m == NULL)
2234 return;
2235 }
2236
2237 bridge_enqueue(sc, ifp, m);
2238 }
2239
2240 /*
2241 * bridge_output:
2242 *
2243 * Send output from a bridge member interface. This
2244 * performs the bridging function for locally originated
2245 * packets.
2246 *
2247 * The mbuf has the Ethernet header already attached. We must
2248 * enqueue or free the mbuf before returning.
2249 */
2250 static int
bridge_output(struct ifnet * ifp,struct mbuf * m,struct sockaddr * sa,struct rtentry * rt)2251 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
2252 struct rtentry *rt)
2253 {
2254 struct ether_header *eh;
2255 struct bridge_iflist *sbif;
2256 struct ifnet *bifp, *dst_if;
2257 struct bridge_softc *sc;
2258 ether_vlanid_t vlan;
2259
2260 NET_EPOCH_ASSERT();
2261
2262 if (m->m_len < ETHER_HDR_LEN) {
2263 m = m_pullup(m, ETHER_HDR_LEN);
2264 if (m == NULL)
2265 return (0);
2266 }
2267
2268 sbif = ifp->if_bridge;
2269 sc = sbif->bif_sc;
2270 bifp = sc->sc_ifp;
2271
2272 eh = mtod(m, struct ether_header *);
2273 vlan = VLANTAGOF(m);
2274
2275 /*
2276 * If bridge is down, but the original output interface is up,
2277 * go ahead and send out that interface. Otherwise, the packet
2278 * is dropped below.
2279 */
2280 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2281 dst_if = ifp;
2282 goto sendunicast;
2283 }
2284
2285 /*
2286 * If the packet is a multicast, or we don't know a better way to
2287 * get there, send to all interfaces.
2288 */
2289 if (ETHER_IS_MULTICAST(eh->ether_dhost))
2290 dst_if = NULL;
2291 else
2292 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan);
2293 /* Tap any traffic not passing back out the originating interface */
2294 if (dst_if != ifp)
2295 ETHER_BPF_MTAP(bifp, m);
2296 if (dst_if == NULL) {
2297 struct bridge_iflist *bif;
2298 struct mbuf *mc;
2299 int used = 0;
2300
2301 bridge_span(sc, m);
2302
2303 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2304 dst_if = bif->bif_ifp;
2305
2306 if (dst_if->if_type == IFT_GIF)
2307 continue;
2308 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2309 continue;
2310
2311 /*
2312 * If this is not the original output interface,
2313 * and the interface is participating in spanning
2314 * tree, make sure the port is in a state that
2315 * allows forwarding.
2316 */
2317 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) &&
2318 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2319 continue;
2320
2321 if (CK_LIST_NEXT(bif, bif_next) == NULL) {
2322 used = 1;
2323 mc = m;
2324 } else {
2325 mc = m_dup(m, M_NOWAIT);
2326 if (mc == NULL) {
2327 if_inc_counter(bifp, IFCOUNTER_OERRORS, 1);
2328 continue;
2329 }
2330 }
2331
2332 bridge_enqueue(sc, dst_if, mc);
2333 }
2334 if (used == 0)
2335 m_freem(m);
2336 return (0);
2337 }
2338
2339 sendunicast:
2340 /*
2341 * XXX Spanning tree consideration here?
2342 */
2343
2344 bridge_span(sc, m);
2345 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2346 m_freem(m);
2347 return (0);
2348 }
2349
2350 bridge_enqueue(sc, dst_if, m);
2351 return (0);
2352 }
2353
2354 /*
2355 * bridge_transmit:
2356 *
2357 * Do output on a bridge.
2358 *
2359 */
2360 static int
bridge_transmit(struct ifnet * ifp,struct mbuf * m)2361 bridge_transmit(struct ifnet *ifp, struct mbuf *m)
2362 {
2363 struct bridge_softc *sc;
2364 struct ether_header *eh;
2365 struct ifnet *dst_if;
2366 int error = 0;
2367
2368 sc = ifp->if_softc;
2369
2370 ETHER_BPF_MTAP(ifp, m);
2371
2372 eh = mtod(m, struct ether_header *);
2373
2374 if (((m->m_flags & (M_BCAST|M_MCAST)) == 0) &&
2375 (dst_if = bridge_rtlookup(sc, eh->ether_dhost, DOT1Q_VID_NULL)) !=
2376 NULL) {
2377 error = bridge_enqueue(sc, dst_if, m);
2378 } else
2379 bridge_broadcast(sc, ifp, m, 0);
2380
2381 return (error);
2382 }
2383
2384 #ifdef ALTQ
2385 static void
bridge_altq_start(if_t ifp)2386 bridge_altq_start(if_t ifp)
2387 {
2388 struct ifaltq *ifq = &ifp->if_snd;
2389 struct mbuf *m;
2390
2391 IFQ_LOCK(ifq);
2392 IFQ_DEQUEUE_NOLOCK(ifq, m);
2393 while (m != NULL) {
2394 bridge_transmit(ifp, m);
2395 IFQ_DEQUEUE_NOLOCK(ifq, m);
2396 }
2397 IFQ_UNLOCK(ifq);
2398 }
2399
2400 static int
bridge_altq_transmit(if_t ifp,struct mbuf * m)2401 bridge_altq_transmit(if_t ifp, struct mbuf *m)
2402 {
2403 int err;
2404
2405 if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
2406 IFQ_ENQUEUE(&ifp->if_snd, m, err);
2407 if (err == 0)
2408 bridge_altq_start(ifp);
2409 } else
2410 err = bridge_transmit(ifp, m);
2411
2412 return (err);
2413 }
2414 #endif /* ALTQ */
2415
2416 /*
2417 * The ifp->if_qflush entry point for if_bridge(4) is no-op.
2418 */
2419 static void
bridge_qflush(struct ifnet * ifp __unused)2420 bridge_qflush(struct ifnet *ifp __unused)
2421 {
2422 }
2423
2424 /*
2425 * bridge_forward:
2426 *
2427 * The forwarding function of the bridge.
2428 *
2429 * NOTE: Releases the lock on return.
2430 */
2431 static void
bridge_forward(struct bridge_softc * sc,struct bridge_iflist * sbif,struct mbuf * m)2432 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif,
2433 struct mbuf *m)
2434 {
2435 struct bridge_iflist *dbif;
2436 struct ifnet *src_if, *dst_if, *ifp;
2437 struct ether_header *eh;
2438 uint16_t vlan;
2439 uint8_t *dst;
2440 int error;
2441
2442 NET_EPOCH_ASSERT();
2443
2444 src_if = m->m_pkthdr.rcvif;
2445 ifp = sc->sc_ifp;
2446
2447 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
2448 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2449 vlan = VLANTAGOF(m);
2450
2451 if ((sbif->bif_flags & IFBIF_STP) &&
2452 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2453 goto drop;
2454
2455 eh = mtod(m, struct ether_header *);
2456 dst = eh->ether_dhost;
2457
2458 /* If the interface is learning, record the address. */
2459 if (sbif->bif_flags & IFBIF_LEARNING) {
2460 error = bridge_rtupdate(sc, eh->ether_shost, vlan,
2461 sbif, 0, IFBAF_DYNAMIC);
2462 /*
2463 * If the interface has addresses limits then deny any source
2464 * that is not in the cache.
2465 */
2466 if (error && sbif->bif_addrmax)
2467 goto drop;
2468 }
2469
2470 if ((sbif->bif_flags & IFBIF_STP) != 0 &&
2471 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING)
2472 goto drop;
2473
2474 #ifdef DEV_NETMAP
2475 /*
2476 * Hand the packet to netmap only if it wasn't injected by netmap
2477 * itself.
2478 */
2479 if ((m->m_flags & M_BRIDGE_INJECT) == 0 &&
2480 (if_getcapenable(ifp) & IFCAP_NETMAP) != 0) {
2481 ifp->if_input(ifp, m);
2482 return;
2483 }
2484 m->m_flags &= ~M_BRIDGE_INJECT;
2485 #endif
2486
2487 /*
2488 * At this point, the port either doesn't participate
2489 * in spanning tree or it is in the forwarding state.
2490 */
2491
2492 /*
2493 * If the packet is unicast, destined for someone on
2494 * "this" side of the bridge, drop it.
2495 */
2496 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
2497 dst_if = bridge_rtlookup(sc, dst, vlan);
2498 if (src_if == dst_if)
2499 goto drop;
2500 } else {
2501 /*
2502 * Check if its a reserved multicast address, any address
2503 * listed in 802.1D section 7.12.6 may not be forwarded by the
2504 * bridge.
2505 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F
2506 */
2507 if (dst[0] == 0x01 && dst[1] == 0x80 &&
2508 dst[2] == 0xc2 && dst[3] == 0x00 &&
2509 dst[4] == 0x00 && dst[5] <= 0x0f)
2510 goto drop;
2511
2512 /* ...forward it to all interfaces. */
2513 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
2514 dst_if = NULL;
2515 }
2516
2517 /*
2518 * If we have a destination interface which is a member of our bridge,
2519 * OR this is a unicast packet, push it through the bpf(4) machinery.
2520 * For broadcast or multicast packets, don't bother because it will
2521 * be reinjected into ether_input. We do this before we pass the packets
2522 * through the pfil(9) framework, as it is possible that pfil(9) will
2523 * drop the packet, or possibly modify it, making it difficult to debug
2524 * firewall issues on the bridge.
2525 */
2526 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
2527 ETHER_BPF_MTAP(ifp, m);
2528
2529 /* run the packet filter */
2530 if (PFIL_HOOKED_IN_46) {
2531 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
2532 return;
2533 if (m == NULL)
2534 return;
2535 }
2536
2537 if (dst_if == NULL) {
2538 bridge_broadcast(sc, src_if, m, 1);
2539 return;
2540 }
2541
2542 /*
2543 * At this point, we're dealing with a unicast frame
2544 * going to a different interface.
2545 */
2546 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2547 goto drop;
2548
2549 dbif = bridge_lookup_member_if(sc, dst_if);
2550 if (dbif == NULL)
2551 /* Not a member of the bridge (anymore?) */
2552 goto drop;
2553
2554 /* Private segments can not talk to each other */
2555 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)
2556 goto drop;
2557
2558 if ((dbif->bif_flags & IFBIF_STP) &&
2559 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2560 goto drop;
2561
2562 if (PFIL_HOOKED_OUT_46) {
2563 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0)
2564 return;
2565 if (m == NULL)
2566 return;
2567 }
2568
2569 bridge_enqueue(sc, dst_if, m);
2570 return;
2571
2572 drop:
2573 m_freem(m);
2574 }
2575
2576 /*
2577 * bridge_input:
2578 *
2579 * Receive input from a member interface. Queue the packet for
2580 * bridging if it is not for us.
2581 */
2582 static struct mbuf *
bridge_input(struct ifnet * ifp,struct mbuf * m)2583 bridge_input(struct ifnet *ifp, struct mbuf *m)
2584 {
2585 struct bridge_softc *sc = NULL;
2586 struct bridge_iflist *bif, *bif2;
2587 struct ifnet *bifp;
2588 struct ether_header *eh;
2589 struct mbuf *mc, *mc2;
2590 ether_vlanid_t vlan;
2591 int error;
2592
2593 NET_EPOCH_ASSERT();
2594
2595 eh = mtod(m, struct ether_header *);
2596 vlan = VLANTAGOF(m);
2597
2598 bif = ifp->if_bridge;
2599 if (bif)
2600 sc = bif->bif_sc;
2601
2602 if (sc == NULL) {
2603 /*
2604 * This packet originated from the bridge itself, so it must
2605 * have been transmitted by netmap. Derive the "source"
2606 * interface from the source address and drop the packet if the
2607 * source address isn't known.
2608 */
2609 KASSERT((m->m_flags & M_BRIDGE_INJECT) != 0,
2610 ("%s: ifnet %p missing a bridge softc", __func__, ifp));
2611 sc = if_getsoftc(ifp);
2612 ifp = bridge_rtlookup(sc, eh->ether_shost, vlan);
2613 if (ifp == NULL) {
2614 if_inc_counter(sc->sc_ifp, IFCOUNTER_IERRORS, 1);
2615 m_freem(m);
2616 return (NULL);
2617 }
2618 m->m_pkthdr.rcvif = ifp;
2619 }
2620 bifp = sc->sc_ifp;
2621 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2622 return (m);
2623
2624 /*
2625 * Implement support for bridge monitoring. If this flag has been
2626 * set on this interface, discard the packet once we push it through
2627 * the bpf(4) machinery, but before we do, increment the byte and
2628 * packet counters associated with this interface.
2629 */
2630 if ((bifp->if_flags & IFF_MONITOR) != 0) {
2631 m->m_pkthdr.rcvif = bifp;
2632 ETHER_BPF_MTAP(bifp, m);
2633 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1);
2634 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2635 m_freem(m);
2636 return (NULL);
2637 }
2638
2639 bridge_span(sc, m);
2640
2641 if (m->m_flags & (M_BCAST|M_MCAST)) {
2642 /* Tap off 802.1D packets; they do not get forwarded. */
2643 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2644 ETHER_ADDR_LEN) == 0) {
2645 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */
2646 return (NULL);
2647 }
2648
2649 if ((bif->bif_flags & IFBIF_STP) &&
2650 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2651 return (m);
2652 }
2653
2654 /*
2655 * Make a deep copy of the packet and enqueue the copy
2656 * for bridge processing; return the original packet for
2657 * local processing.
2658 */
2659 mc = m_dup(m, M_NOWAIT);
2660 if (mc == NULL) {
2661 return (m);
2662 }
2663
2664 /* Perform the bridge forwarding function with the copy. */
2665 bridge_forward(sc, bif, mc);
2666
2667 #ifdef DEV_NETMAP
2668 /*
2669 * If netmap is enabled and has not already seen this packet,
2670 * then it will be consumed by bridge_forward().
2671 */
2672 if ((if_getcapenable(bifp) & IFCAP_NETMAP) != 0 &&
2673 (m->m_flags & M_BRIDGE_INJECT) == 0) {
2674 m_freem(m);
2675 return (NULL);
2676 }
2677 #endif
2678
2679 /*
2680 * Reinject the mbuf as arriving on the bridge so we have a
2681 * chance at claiming multicast packets. We can not loop back
2682 * here from ether_input as a bridge is never a member of a
2683 * bridge.
2684 */
2685 KASSERT(bifp->if_bridge == NULL,
2686 ("loop created in bridge_input"));
2687 mc2 = m_dup(m, M_NOWAIT);
2688 if (mc2 != NULL) {
2689 /* Keep the layer3 header aligned */
2690 int i = min(mc2->m_pkthdr.len, max_protohdr);
2691 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2692 }
2693 if (mc2 != NULL) {
2694 mc2->m_pkthdr.rcvif = bifp;
2695 mc2->m_flags &= ~M_BRIDGE_INJECT;
2696 sc->sc_if_input(bifp, mc2);
2697 }
2698
2699 /* Return the original packet for local processing. */
2700 return (m);
2701 }
2702
2703 if ((bif->bif_flags & IFBIF_STP) &&
2704 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2705 return (m);
2706 }
2707
2708 #if defined(INET) || defined(INET6)
2709 #define CARP_CHECK_WE_ARE_DST(iface) \
2710 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_dhost))
2711 #define CARP_CHECK_WE_ARE_SRC(iface) \
2712 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_shost))
2713 #else
2714 #define CARP_CHECK_WE_ARE_DST(iface) false
2715 #define CARP_CHECK_WE_ARE_SRC(iface) false
2716 #endif
2717
2718 #ifdef DEV_NETMAP
2719 #define GRAB_FOR_NETMAP(ifp, m) do { \
2720 if ((if_getcapenable(ifp) & IFCAP_NETMAP) != 0 && \
2721 ((m)->m_flags & M_BRIDGE_INJECT) == 0) { \
2722 (ifp)->if_input(ifp, m); \
2723 return (NULL); \
2724 } \
2725 } while (0)
2726 #else
2727 #define GRAB_FOR_NETMAP(ifp, m)
2728 #endif
2729
2730 #define GRAB_OUR_PACKETS(iface) \
2731 if ((iface)->if_type == IFT_GIF) \
2732 continue; \
2733 /* It is destined for us. */ \
2734 if (memcmp(IF_LLADDR(iface), eh->ether_dhost, ETHER_ADDR_LEN) == 0 || \
2735 CARP_CHECK_WE_ARE_DST(iface)) { \
2736 if (bif->bif_flags & IFBIF_LEARNING) { \
2737 error = bridge_rtupdate(sc, eh->ether_shost, \
2738 vlan, bif, 0, IFBAF_DYNAMIC); \
2739 if (error && bif->bif_addrmax) { \
2740 m_freem(m); \
2741 return (NULL); \
2742 } \
2743 } \
2744 m->m_pkthdr.rcvif = iface; \
2745 if ((iface) == ifp) { \
2746 /* Skip bridge processing... src == dest */ \
2747 return (m); \
2748 } \
2749 /* It's passing over or to the bridge, locally. */ \
2750 ETHER_BPF_MTAP(bifp, m); \
2751 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); \
2752 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);\
2753 /* Hand the packet over to netmap if necessary. */ \
2754 GRAB_FOR_NETMAP(bifp, m); \
2755 /* Filter on the physical interface. */ \
2756 if (V_pfil_local_phys && PFIL_HOOKED_IN_46) { \
2757 if (bridge_pfil(&m, NULL, ifp, \
2758 PFIL_IN) != 0 || m == NULL) { \
2759 return (NULL); \
2760 } \
2761 } \
2762 if ((iface) != bifp) \
2763 ETHER_BPF_MTAP(iface, m); \
2764 return (m); \
2765 } \
2766 \
2767 /* We just received a packet that we sent out. */ \
2768 if (memcmp(IF_LLADDR(iface), eh->ether_shost, ETHER_ADDR_LEN) == 0 || \
2769 CARP_CHECK_WE_ARE_SRC(iface)) { \
2770 m_freem(m); \
2771 return (NULL); \
2772 }
2773
2774 /*
2775 * Unicast. Make sure it's not for the bridge.
2776 */
2777 do { GRAB_OUR_PACKETS(bifp) } while (0);
2778
2779 /*
2780 * Check the interface the packet arrived on. For tagged frames,
2781 * we need to do this even if member_ifaddrs is disabled because
2782 * vlan(4) might need to handle the traffic.
2783 */
2784 if (V_member_ifaddrs || (vlan && ifp->if_vlantrunk))
2785 do { GRAB_OUR_PACKETS(ifp) } while (0);
2786
2787 /*
2788 * We only need to check other members interface if member_ifaddrs
2789 * is enabled; otherwise we should have never traffic destined for
2790 * a member's lladdr.
2791 */
2792 if (V_member_ifaddrs) {
2793 CK_LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) {
2794 GRAB_OUR_PACKETS(bif2->bif_ifp)
2795 }
2796 }
2797
2798 #undef CARP_CHECK_WE_ARE_DST
2799 #undef CARP_CHECK_WE_ARE_SRC
2800 #undef GRAB_FOR_NETMAP
2801 #undef GRAB_OUR_PACKETS
2802
2803 /* Perform the bridge forwarding function. */
2804 bridge_forward(sc, bif, m);
2805
2806 return (NULL);
2807 }
2808
2809 /*
2810 * Inject a packet back into the host ethernet stack. This will generally only
2811 * be used by netmap when an application writes to the host TX ring. The
2812 * M_BRIDGE_INJECT flag ensures that the packet is re-routed to the bridge
2813 * interface after ethernet processing.
2814 */
2815 static void
bridge_inject(struct ifnet * ifp,struct mbuf * m)2816 bridge_inject(struct ifnet *ifp, struct mbuf *m)
2817 {
2818 struct bridge_softc *sc;
2819
2820 KASSERT((if_getcapenable(ifp) & IFCAP_NETMAP) != 0,
2821 ("%s: iface %s is not running in netmap mode",
2822 __func__, if_name(ifp)));
2823 KASSERT((m->m_flags & M_BRIDGE_INJECT) == 0,
2824 ("%s: mbuf %p has M_BRIDGE_INJECT set", __func__, m));
2825
2826 m->m_flags |= M_BRIDGE_INJECT;
2827 sc = if_getsoftc(ifp);
2828 sc->sc_if_input(ifp, m);
2829 }
2830
2831 /*
2832 * bridge_broadcast:
2833 *
2834 * Send a frame to all interfaces that are members of
2835 * the bridge, except for the one on which the packet
2836 * arrived.
2837 *
2838 * NOTE: Releases the lock on return.
2839 */
2840 static void
bridge_broadcast(struct bridge_softc * sc,struct ifnet * src_if,struct mbuf * m,int runfilt)2841 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2842 struct mbuf *m, int runfilt)
2843 {
2844 struct bridge_iflist *dbif, *sbif;
2845 struct mbuf *mc;
2846 struct ifnet *dst_if;
2847 int used = 0, i;
2848
2849 NET_EPOCH_ASSERT();
2850
2851 sbif = bridge_lookup_member_if(sc, src_if);
2852
2853 /* Filter on the bridge interface before broadcasting */
2854 if (runfilt && PFIL_HOOKED_OUT_46) {
2855 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2856 return;
2857 if (m == NULL)
2858 return;
2859 }
2860
2861 CK_LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) {
2862 dst_if = dbif->bif_ifp;
2863 if (dst_if == src_if)
2864 continue;
2865
2866 /* Private segments can not talk to each other */
2867 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE))
2868 continue;
2869
2870 if ((dbif->bif_flags & IFBIF_STP) &&
2871 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2872 continue;
2873
2874 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 &&
2875 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2876 continue;
2877
2878 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2879 continue;
2880
2881 if (CK_LIST_NEXT(dbif, bif_next) == NULL) {
2882 mc = m;
2883 used = 1;
2884 } else {
2885 mc = m_dup(m, M_NOWAIT);
2886 if (mc == NULL) {
2887 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
2888 continue;
2889 }
2890 }
2891
2892 /*
2893 * Filter on the output interface. Pass a NULL bridge interface
2894 * pointer so we do not redundantly filter on the bridge for
2895 * each interface we broadcast on.
2896 */
2897 if (runfilt && PFIL_HOOKED_OUT_46) {
2898 if (used == 0) {
2899 /* Keep the layer3 header aligned */
2900 i = min(mc->m_pkthdr.len, max_protohdr);
2901 mc = m_copyup(mc, i, ETHER_ALIGN);
2902 if (mc == NULL) {
2903 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
2904 continue;
2905 }
2906 }
2907 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2908 continue;
2909 if (mc == NULL)
2910 continue;
2911 }
2912
2913 bridge_enqueue(sc, dst_if, mc);
2914 }
2915 if (used == 0)
2916 m_freem(m);
2917 }
2918
2919 /*
2920 * bridge_span:
2921 *
2922 * Duplicate a packet out one or more interfaces that are in span mode,
2923 * the original mbuf is unmodified.
2924 */
2925 static void
bridge_span(struct bridge_softc * sc,struct mbuf * m)2926 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2927 {
2928 struct bridge_iflist *bif;
2929 struct ifnet *dst_if;
2930 struct mbuf *mc;
2931
2932 NET_EPOCH_ASSERT();
2933
2934 if (CK_LIST_EMPTY(&sc->sc_spanlist))
2935 return;
2936
2937 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2938 dst_if = bif->bif_ifp;
2939
2940 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2941 continue;
2942
2943 mc = m_dup(m, M_NOWAIT);
2944 if (mc == NULL) {
2945 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
2946 continue;
2947 }
2948
2949 bridge_enqueue(sc, dst_if, mc);
2950 }
2951 }
2952
2953 /*
2954 * bridge_rtupdate:
2955 *
2956 * Add a bridge routing entry.
2957 */
2958 static int
bridge_rtupdate(struct bridge_softc * sc,const uint8_t * dst,ether_vlanid_t vlan,struct bridge_iflist * bif,int setflags,uint8_t flags)2959 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
2960 ether_vlanid_t vlan, struct bridge_iflist *bif,
2961 int setflags, uint8_t flags)
2962 {
2963 struct bridge_rtnode *brt;
2964 struct bridge_iflist *obif;
2965 int error;
2966
2967 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
2968
2969 /* Check the source address is valid and not multicast. */
2970 if (ETHER_IS_MULTICAST(dst) ||
2971 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
2972 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0)
2973 return (EINVAL);
2974
2975 /*
2976 * A route for this destination might already exist. If so,
2977 * update it, otherwise create a new one.
2978 */
2979 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) {
2980 BRIDGE_RT_LOCK(sc);
2981
2982 /* Check again, now that we have the lock. There could have
2983 * been a race and we only want to insert this once. */
2984 if (bridge_rtnode_lookup(sc, dst, vlan) != NULL) {
2985 BRIDGE_RT_UNLOCK(sc);
2986 return (0);
2987 }
2988
2989 if (sc->sc_brtcnt >= sc->sc_brtmax) {
2990 sc->sc_brtexceeded++;
2991 BRIDGE_RT_UNLOCK(sc);
2992 return (ENOSPC);
2993 }
2994 /* Check per interface address limits (if enabled) */
2995 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) {
2996 bif->bif_addrexceeded++;
2997 BRIDGE_RT_UNLOCK(sc);
2998 return (ENOSPC);
2999 }
3000
3001 /*
3002 * Allocate a new bridge forwarding node, and
3003 * initialize the expiration time and Ethernet
3004 * address.
3005 */
3006 brt = uma_zalloc(V_bridge_rtnode_zone, M_NOWAIT | M_ZERO);
3007 if (brt == NULL) {
3008 BRIDGE_RT_UNLOCK(sc);
3009 return (ENOMEM);
3010 }
3011 brt->brt_vnet = curvnet;
3012
3013 if (bif->bif_flags & IFBIF_STICKY)
3014 brt->brt_flags = IFBAF_STICKY;
3015 else
3016 brt->brt_flags = IFBAF_DYNAMIC;
3017
3018 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
3019 brt->brt_vlan = vlan;
3020
3021 brt->brt_dst = bif;
3022 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
3023 uma_zfree(V_bridge_rtnode_zone, brt);
3024 BRIDGE_RT_UNLOCK(sc);
3025 return (error);
3026 }
3027 bif->bif_addrcnt++;
3028
3029 BRIDGE_RT_UNLOCK(sc);
3030 }
3031
3032 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
3033 (obif = brt->brt_dst) != bif) {
3034 MPASS(obif != NULL);
3035
3036 BRIDGE_RT_LOCK(sc);
3037 brt->brt_dst->bif_addrcnt--;
3038 brt->brt_dst = bif;
3039 brt->brt_dst->bif_addrcnt++;
3040 BRIDGE_RT_UNLOCK(sc);
3041
3042 if (V_log_mac_flap &&
3043 ppsratecheck(&V_log_last, &V_log_count, V_log_interval)) {
3044 log(LOG_NOTICE,
3045 "%s: mac address %6D vlan %d moved from %s to %s\n",
3046 sc->sc_ifp->if_xname,
3047 &brt->brt_addr[0], ":",
3048 brt->brt_vlan,
3049 obif->bif_ifp->if_xname,
3050 bif->bif_ifp->if_xname);
3051 }
3052 }
3053
3054 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3055 brt->brt_expire = time_uptime + sc->sc_brttimeout;
3056 if (setflags)
3057 brt->brt_flags = flags;
3058
3059 return (0);
3060 }
3061
3062 /*
3063 * bridge_rtlookup:
3064 *
3065 * Lookup the destination interface for an address.
3066 */
3067 static struct ifnet *
bridge_rtlookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3068 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr,
3069 ether_vlanid_t vlan)
3070 {
3071 struct bridge_rtnode *brt;
3072
3073 NET_EPOCH_ASSERT();
3074
3075 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL)
3076 return (NULL);
3077
3078 return (brt->brt_ifp);
3079 }
3080
3081 /*
3082 * bridge_rttrim:
3083 *
3084 * Trim the routine table so that we have a number
3085 * of routing entries less than or equal to the
3086 * maximum number.
3087 */
3088 static void
bridge_rttrim(struct bridge_softc * sc)3089 bridge_rttrim(struct bridge_softc *sc)
3090 {
3091 struct bridge_rtnode *brt, *nbrt;
3092
3093 NET_EPOCH_ASSERT();
3094 BRIDGE_RT_LOCK_ASSERT(sc);
3095
3096 /* Make sure we actually need to do this. */
3097 if (sc->sc_brtcnt <= sc->sc_brtmax)
3098 return;
3099
3100 /* Force an aging cycle; this might trim enough addresses. */
3101 bridge_rtage(sc);
3102 if (sc->sc_brtcnt <= sc->sc_brtmax)
3103 return;
3104
3105 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3106 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3107 bridge_rtnode_destroy(sc, brt);
3108 if (sc->sc_brtcnt <= sc->sc_brtmax)
3109 return;
3110 }
3111 }
3112 }
3113
3114 /*
3115 * bridge_timer:
3116 *
3117 * Aging timer for the bridge.
3118 */
3119 static void
bridge_timer(void * arg)3120 bridge_timer(void *arg)
3121 {
3122 struct bridge_softc *sc = arg;
3123
3124 BRIDGE_RT_LOCK_ASSERT(sc);
3125
3126 /* Destruction of rtnodes requires a proper vnet context */
3127 CURVNET_SET(sc->sc_ifp->if_vnet);
3128 bridge_rtage(sc);
3129
3130 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
3131 callout_reset(&sc->sc_brcallout,
3132 bridge_rtable_prune_period * hz, bridge_timer, sc);
3133 CURVNET_RESTORE();
3134 }
3135
3136 /*
3137 * bridge_rtage:
3138 *
3139 * Perform an aging cycle.
3140 */
3141 static void
bridge_rtage(struct bridge_softc * sc)3142 bridge_rtage(struct bridge_softc *sc)
3143 {
3144 struct bridge_rtnode *brt, *nbrt;
3145
3146 BRIDGE_RT_LOCK_ASSERT(sc);
3147
3148 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3149 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3150 if (time_uptime >= brt->brt_expire)
3151 bridge_rtnode_destroy(sc, brt);
3152 }
3153 }
3154 }
3155
3156 /*
3157 * bridge_rtflush:
3158 *
3159 * Remove all dynamic addresses from the bridge.
3160 */
3161 static void
bridge_rtflush(struct bridge_softc * sc,int full)3162 bridge_rtflush(struct bridge_softc *sc, int full)
3163 {
3164 struct bridge_rtnode *brt, *nbrt;
3165
3166 BRIDGE_RT_LOCK_ASSERT(sc);
3167
3168 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3169 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3170 bridge_rtnode_destroy(sc, brt);
3171 }
3172 }
3173
3174 /*
3175 * bridge_rtdaddr:
3176 *
3177 * Remove an address from the table.
3178 */
3179 static int
bridge_rtdaddr(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3180 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr,
3181 ether_vlanid_t vlan)
3182 {
3183 struct bridge_rtnode *brt;
3184 int found = 0;
3185
3186 BRIDGE_RT_LOCK(sc);
3187
3188 /*
3189 * If vlan is DOT1Q_VID_RSVD_IMPL then we want to delete for all vlans
3190 * so the lookup may return more than one.
3191 */
3192 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) {
3193 bridge_rtnode_destroy(sc, brt);
3194 found = 1;
3195 }
3196
3197 BRIDGE_RT_UNLOCK(sc);
3198
3199 return (found ? 0 : ENOENT);
3200 }
3201
3202 /*
3203 * bridge_rtdelete:
3204 *
3205 * Delete routes to a speicifc member interface.
3206 */
3207 static void
bridge_rtdelete(struct bridge_softc * sc,struct ifnet * ifp,int full)3208 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
3209 {
3210 struct bridge_rtnode *brt, *nbrt;
3211
3212 BRIDGE_RT_LOCK_ASSERT(sc);
3213
3214 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3215 if (brt->brt_ifp == ifp && (full ||
3216 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
3217 bridge_rtnode_destroy(sc, brt);
3218 }
3219 }
3220
3221 /*
3222 * bridge_rtable_init:
3223 *
3224 * Initialize the route table for this bridge.
3225 */
3226 static void
bridge_rtable_init(struct bridge_softc * sc)3227 bridge_rtable_init(struct bridge_softc *sc)
3228 {
3229 int i;
3230
3231 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
3232 M_DEVBUF, M_WAITOK);
3233
3234 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
3235 CK_LIST_INIT(&sc->sc_rthash[i]);
3236
3237 sc->sc_rthash_key = arc4random();
3238 CK_LIST_INIT(&sc->sc_rtlist);
3239 }
3240
3241 /*
3242 * bridge_rtable_fini:
3243 *
3244 * Deconstruct the route table for this bridge.
3245 */
3246 static void
bridge_rtable_fini(struct bridge_softc * sc)3247 bridge_rtable_fini(struct bridge_softc *sc)
3248 {
3249
3250 KASSERT(sc->sc_brtcnt == 0,
3251 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt));
3252 free(sc->sc_rthash, M_DEVBUF);
3253 }
3254
3255 /*
3256 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
3257 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
3258 */
3259 #define mix(a, b, c) \
3260 do { \
3261 a -= b; a -= c; a ^= (c >> 13); \
3262 b -= c; b -= a; b ^= (a << 8); \
3263 c -= a; c -= b; c ^= (b >> 13); \
3264 a -= b; a -= c; a ^= (c >> 12); \
3265 b -= c; b -= a; b ^= (a << 16); \
3266 c -= a; c -= b; c ^= (b >> 5); \
3267 a -= b; a -= c; a ^= (c >> 3); \
3268 b -= c; b -= a; b ^= (a << 10); \
3269 c -= a; c -= b; c ^= (b >> 15); \
3270 } while (/*CONSTCOND*/0)
3271
3272 static __inline uint32_t
bridge_rthash(struct bridge_softc * sc,const uint8_t * addr)3273 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
3274 {
3275 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
3276
3277 b += addr[5] << 8;
3278 b += addr[4];
3279 a += addr[3] << 24;
3280 a += addr[2] << 16;
3281 a += addr[1] << 8;
3282 a += addr[0];
3283
3284 mix(a, b, c);
3285
3286 return (c & BRIDGE_RTHASH_MASK);
3287 }
3288
3289 #undef mix
3290
3291 static int
bridge_rtnode_addr_cmp(const uint8_t * a,const uint8_t * b)3292 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
3293 {
3294 int i, d;
3295
3296 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
3297 d = ((int)a[i]) - ((int)b[i]);
3298 }
3299
3300 return (d);
3301 }
3302
3303 /*
3304 * bridge_rtnode_lookup:
3305 *
3306 * Look up a bridge route node for the specified destination. Compare the
3307 * vlan id or if zero then just return the first match.
3308 */
3309 static struct bridge_rtnode *
bridge_rtnode_lookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3310 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr,
3311 ether_vlanid_t vlan)
3312 {
3313 struct bridge_rtnode *brt;
3314 uint32_t hash;
3315 int dir;
3316
3317 BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(sc);
3318
3319 hash = bridge_rthash(sc, addr);
3320 CK_LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
3321 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
3322 if (dir == 0 && (brt->brt_vlan == vlan || vlan == DOT1Q_VID_RSVD_IMPL))
3323 return (brt);
3324 if (dir > 0)
3325 return (NULL);
3326 }
3327
3328 return (NULL);
3329 }
3330
3331 /*
3332 * bridge_rtnode_insert:
3333 *
3334 * Insert the specified bridge node into the route table. We
3335 * assume the entry is not already in the table.
3336 */
3337 static int
bridge_rtnode_insert(struct bridge_softc * sc,struct bridge_rtnode * brt)3338 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
3339 {
3340 struct bridge_rtnode *lbrt;
3341 uint32_t hash;
3342 int dir;
3343
3344 BRIDGE_RT_LOCK_ASSERT(sc);
3345
3346 hash = bridge_rthash(sc, brt->brt_addr);
3347
3348 lbrt = CK_LIST_FIRST(&sc->sc_rthash[hash]);
3349 if (lbrt == NULL) {
3350 CK_LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
3351 goto out;
3352 }
3353
3354 do {
3355 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
3356 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan)
3357 return (EEXIST);
3358 if (dir > 0) {
3359 CK_LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
3360 goto out;
3361 }
3362 if (CK_LIST_NEXT(lbrt, brt_hash) == NULL) {
3363 CK_LIST_INSERT_AFTER(lbrt, brt, brt_hash);
3364 goto out;
3365 }
3366 lbrt = CK_LIST_NEXT(lbrt, brt_hash);
3367 } while (lbrt != NULL);
3368
3369 #ifdef DIAGNOSTIC
3370 panic("bridge_rtnode_insert: impossible");
3371 #endif
3372
3373 out:
3374 CK_LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
3375 sc->sc_brtcnt++;
3376
3377 return (0);
3378 }
3379
3380 static void
bridge_rtnode_destroy_cb(struct epoch_context * ctx)3381 bridge_rtnode_destroy_cb(struct epoch_context *ctx)
3382 {
3383 struct bridge_rtnode *brt;
3384
3385 brt = __containerof(ctx, struct bridge_rtnode, brt_epoch_ctx);
3386
3387 CURVNET_SET(brt->brt_vnet);
3388 uma_zfree(V_bridge_rtnode_zone, brt);
3389 CURVNET_RESTORE();
3390 }
3391
3392 /*
3393 * bridge_rtnode_destroy:
3394 *
3395 * Destroy a bridge rtnode.
3396 */
3397 static void
bridge_rtnode_destroy(struct bridge_softc * sc,struct bridge_rtnode * brt)3398 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
3399 {
3400 BRIDGE_RT_LOCK_ASSERT(sc);
3401
3402 CK_LIST_REMOVE(brt, brt_hash);
3403
3404 CK_LIST_REMOVE(brt, brt_list);
3405 sc->sc_brtcnt--;
3406 brt->brt_dst->bif_addrcnt--;
3407
3408 NET_EPOCH_CALL(bridge_rtnode_destroy_cb, &brt->brt_epoch_ctx);
3409 }
3410
3411 /*
3412 * bridge_rtable_expire:
3413 *
3414 * Set the expiry time for all routes on an interface.
3415 */
3416 static void
bridge_rtable_expire(struct ifnet * ifp,int age)3417 bridge_rtable_expire(struct ifnet *ifp, int age)
3418 {
3419 struct bridge_iflist *bif = NULL;
3420 struct bridge_softc *sc = NULL;
3421 struct bridge_rtnode *brt;
3422
3423 CURVNET_SET(ifp->if_vnet);
3424
3425 bif = ifp->if_bridge;
3426 if (bif)
3427 sc = bif->bif_sc;
3428 MPASS(sc != NULL);
3429 BRIDGE_RT_LOCK(sc);
3430
3431 /*
3432 * If the age is zero then flush, otherwise set all the expiry times to
3433 * age for the interface
3434 */
3435 if (age == 0)
3436 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
3437 else {
3438 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
3439 /* Cap the expiry time to 'age' */
3440 if (brt->brt_ifp == ifp &&
3441 brt->brt_expire > time_uptime + age &&
3442 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3443 brt->brt_expire = time_uptime + age;
3444 }
3445 }
3446 BRIDGE_RT_UNLOCK(sc);
3447 CURVNET_RESTORE();
3448 }
3449
3450 /*
3451 * bridge_state_change:
3452 *
3453 * Callback from the bridgestp code when a port changes states.
3454 */
3455 static void
bridge_state_change(struct ifnet * ifp,int state)3456 bridge_state_change(struct ifnet *ifp, int state)
3457 {
3458 struct bridge_iflist *bif = ifp->if_bridge;
3459 struct bridge_softc *sc = bif->bif_sc;
3460 static const char *stpstates[] = {
3461 "disabled",
3462 "listening",
3463 "learning",
3464 "forwarding",
3465 "blocking",
3466 "discarding"
3467 };
3468
3469 CURVNET_SET(ifp->if_vnet);
3470 if (V_log_stp)
3471 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
3472 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
3473 CURVNET_RESTORE();
3474 }
3475
3476 /*
3477 * Send bridge packets through pfil if they are one of the types pfil can deal
3478 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
3479 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
3480 * that interface.
3481 */
3482 static int
bridge_pfil(struct mbuf ** mp,struct ifnet * bifp,struct ifnet * ifp,int dir)3483 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
3484 {
3485 int snap, error, i;
3486 struct ether_header *eh1, eh2;
3487 struct llc llc1;
3488 u_int16_t ether_type;
3489 pfil_return_t rv;
3490 #ifdef INET
3491 struct ip *ip = NULL;
3492 int hlen = 0;
3493 #endif
3494
3495 snap = 0;
3496 error = -1; /* Default error if not error == 0 */
3497
3498 #if 0
3499 /* we may return with the IP fields swapped, ensure its not shared */
3500 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
3501 #endif
3502
3503 if (V_pfil_bridge == 0 && V_pfil_member == 0 && V_pfil_ipfw == 0)
3504 return (0); /* filtering is disabled */
3505
3506 i = min((*mp)->m_pkthdr.len, max_protohdr);
3507 if ((*mp)->m_len < i) {
3508 *mp = m_pullup(*mp, i);
3509 if (*mp == NULL) {
3510 printf("%s: m_pullup failed\n", __func__);
3511 return (-1);
3512 }
3513 }
3514
3515 eh1 = mtod(*mp, struct ether_header *);
3516 ether_type = ntohs(eh1->ether_type);
3517
3518 /*
3519 * Check for SNAP/LLC.
3520 */
3521 if (ether_type < ETHERMTU) {
3522 struct llc *llc2 = (struct llc *)(eh1 + 1);
3523
3524 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
3525 llc2->llc_dsap == LLC_SNAP_LSAP &&
3526 llc2->llc_ssap == LLC_SNAP_LSAP &&
3527 llc2->llc_control == LLC_UI) {
3528 ether_type = htons(llc2->llc_un.type_snap.ether_type);
3529 snap = 1;
3530 }
3531 }
3532
3533 /*
3534 * If we're trying to filter bridge traffic, only look at traffic for
3535 * protocols available in the kernel (IPv4 and/or IPv6) to avoid
3536 * passing traffic for an unsupported protocol to the filter. This is
3537 * lame since if we really wanted, say, an AppleTalk filter, we are
3538 * hosed, but of course we don't have an AppleTalk filter to begin
3539 * with. (Note that since pfil doesn't understand ARP it will pass
3540 * *ALL* ARP traffic.)
3541 */
3542 switch (ether_type) {
3543 #ifdef INET
3544 case ETHERTYPE_ARP:
3545 case ETHERTYPE_REVARP:
3546 if (V_pfil_ipfw_arp == 0)
3547 return (0); /* Automatically pass */
3548
3549 /* FALLTHROUGH */
3550 case ETHERTYPE_IP:
3551 #endif
3552 #ifdef INET6
3553 case ETHERTYPE_IPV6:
3554 #endif /* INET6 */
3555 break;
3556
3557 default:
3558 /*
3559 * We get here if the packet isn't from a supported
3560 * protocol. Check to see if the user wants to pass
3561 * non-IP packets, these will not be checked by pfil(9)
3562 * and passed unconditionally so the default is to
3563 * drop.
3564 */
3565 if (V_pfil_onlyip)
3566 goto bad;
3567 }
3568
3569 /* Run the packet through pfil before stripping link headers */
3570 if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 &&
3571 dir == PFIL_OUT && ifp != NULL) {
3572 switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) {
3573 case PFIL_DROPPED:
3574 return (EACCES);
3575 case PFIL_CONSUMED:
3576 return (0);
3577 }
3578 }
3579
3580 /* Strip off the Ethernet header and keep a copy. */
3581 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
3582 m_adj(*mp, ETHER_HDR_LEN);
3583
3584 /* Strip off snap header, if present */
3585 if (snap) {
3586 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
3587 m_adj(*mp, sizeof(struct llc));
3588 }
3589
3590 /*
3591 * Check the IP header for alignment and errors
3592 */
3593 if (dir == PFIL_IN) {
3594 switch (ether_type) {
3595 #ifdef INET
3596 case ETHERTYPE_IP:
3597 error = bridge_ip_checkbasic(mp);
3598 break;
3599 #endif
3600 #ifdef INET6
3601 case ETHERTYPE_IPV6:
3602 error = bridge_ip6_checkbasic(mp);
3603 break;
3604 #endif /* INET6 */
3605 default:
3606 error = 0;
3607 }
3608 if (error)
3609 goto bad;
3610 }
3611
3612 error = 0;
3613
3614 /*
3615 * Run the packet through pfil
3616 */
3617 rv = PFIL_PASS;
3618 switch (ether_type) {
3619 #ifdef INET
3620 case ETHERTYPE_IP:
3621 /*
3622 * Run pfil on the member interface and the bridge, both can
3623 * be skipped by clearing pfil_member or pfil_bridge.
3624 *
3625 * Keep the order:
3626 * in_if -> bridge_if -> out_if
3627 */
3628 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
3629 pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) !=
3630 PFIL_PASS)
3631 break;
3632
3633 if (V_pfil_member && ifp != NULL) {
3634 rv = (dir == PFIL_OUT) ?
3635 pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) :
3636 pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL);
3637 if (rv != PFIL_PASS)
3638 break;
3639 }
3640
3641 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
3642 pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) !=
3643 PFIL_PASS)
3644 break;
3645
3646 /* check if we need to fragment the packet */
3647 /* bridge_fragment generates a mbuf chain of packets */
3648 /* that already include eth headers */
3649 if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) {
3650 i = (*mp)->m_pkthdr.len;
3651 if (i > ifp->if_mtu) {
3652 error = bridge_fragment(ifp, mp, &eh2, snap,
3653 &llc1);
3654 return (error);
3655 }
3656 }
3657
3658 /* Recalculate the ip checksum. */
3659 ip = mtod(*mp, struct ip *);
3660 hlen = ip->ip_hl << 2;
3661 if (hlen < sizeof(struct ip))
3662 goto bad;
3663 if (hlen > (*mp)->m_len) {
3664 if ((*mp = m_pullup(*mp, hlen)) == NULL)
3665 goto bad;
3666 ip = mtod(*mp, struct ip *);
3667 if (ip == NULL)
3668 goto bad;
3669 }
3670 ip->ip_sum = 0;
3671 if (hlen == sizeof(struct ip))
3672 ip->ip_sum = in_cksum_hdr(ip);
3673 else
3674 ip->ip_sum = in_cksum(*mp, hlen);
3675
3676 break;
3677 #endif /* INET */
3678 #ifdef INET6
3679 case ETHERTYPE_IPV6:
3680 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
3681 pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) !=
3682 PFIL_PASS)
3683 break;
3684
3685 if (V_pfil_member && ifp != NULL) {
3686 rv = (dir == PFIL_OUT) ?
3687 pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) :
3688 pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL);
3689 if (rv != PFIL_PASS)
3690 break;
3691 }
3692
3693 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
3694 pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) !=
3695 PFIL_PASS)
3696 break;
3697 break;
3698 #endif
3699 }
3700
3701 switch (rv) {
3702 case PFIL_CONSUMED:
3703 return (0);
3704 case PFIL_DROPPED:
3705 return (EACCES);
3706 default:
3707 break;
3708 }
3709
3710 error = -1;
3711
3712 /*
3713 * Finally, put everything back the way it was and return
3714 */
3715 if (snap) {
3716 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT);
3717 if (*mp == NULL)
3718 return (error);
3719 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
3720 }
3721
3722 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT);
3723 if (*mp == NULL)
3724 return (error);
3725 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
3726
3727 return (0);
3728
3729 bad:
3730 m_freem(*mp);
3731 *mp = NULL;
3732 return (error);
3733 }
3734
3735 #ifdef INET
3736 /*
3737 * Perform basic checks on header size since
3738 * pfil assumes ip_input has already processed
3739 * it for it. Cut-and-pasted from ip_input.c.
3740 * Given how simple the IPv6 version is,
3741 * does the IPv4 version really need to be
3742 * this complicated?
3743 *
3744 * XXX Should we update ipstat here, or not?
3745 * XXX Right now we update ipstat but not
3746 * XXX csum_counter.
3747 */
3748 static int
bridge_ip_checkbasic(struct mbuf ** mp)3749 bridge_ip_checkbasic(struct mbuf **mp)
3750 {
3751 struct mbuf *m = *mp;
3752 struct ip *ip;
3753 int len, hlen;
3754 u_short sum;
3755
3756 if (*mp == NULL)
3757 return (-1);
3758
3759 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3760 if ((m = m_copyup(m, sizeof(struct ip),
3761 (max_linkhdr + 3) & ~3)) == NULL) {
3762 /* XXXJRT new stat, please */
3763 KMOD_IPSTAT_INC(ips_toosmall);
3764 goto bad;
3765 }
3766 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
3767 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
3768 KMOD_IPSTAT_INC(ips_toosmall);
3769 goto bad;
3770 }
3771 }
3772 ip = mtod(m, struct ip *);
3773 if (ip == NULL) goto bad;
3774
3775 if (ip->ip_v != IPVERSION) {
3776 KMOD_IPSTAT_INC(ips_badvers);
3777 goto bad;
3778 }
3779 hlen = ip->ip_hl << 2;
3780 if (hlen < sizeof(struct ip)) { /* minimum header length */
3781 KMOD_IPSTAT_INC(ips_badhlen);
3782 goto bad;
3783 }
3784 if (hlen > m->m_len) {
3785 if ((m = m_pullup(m, hlen)) == NULL) {
3786 KMOD_IPSTAT_INC(ips_badhlen);
3787 goto bad;
3788 }
3789 ip = mtod(m, struct ip *);
3790 if (ip == NULL) goto bad;
3791 }
3792
3793 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
3794 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
3795 } else {
3796 if (hlen == sizeof(struct ip)) {
3797 sum = in_cksum_hdr(ip);
3798 } else {
3799 sum = in_cksum(m, hlen);
3800 }
3801 }
3802 if (sum) {
3803 KMOD_IPSTAT_INC(ips_badsum);
3804 goto bad;
3805 }
3806
3807 /* Retrieve the packet length. */
3808 len = ntohs(ip->ip_len);
3809
3810 /*
3811 * Check for additional length bogosity
3812 */
3813 if (len < hlen) {
3814 KMOD_IPSTAT_INC(ips_badlen);
3815 goto bad;
3816 }
3817
3818 /*
3819 * Check that the amount of data in the buffers
3820 * is as at least much as the IP header would have us expect.
3821 * Drop packet if shorter than we expect.
3822 */
3823 if (m->m_pkthdr.len < len) {
3824 KMOD_IPSTAT_INC(ips_tooshort);
3825 goto bad;
3826 }
3827
3828 /* Checks out, proceed */
3829 *mp = m;
3830 return (0);
3831
3832 bad:
3833 *mp = m;
3834 return (-1);
3835 }
3836 #endif /* INET */
3837
3838 #ifdef INET6
3839 /*
3840 * Same as above, but for IPv6.
3841 * Cut-and-pasted from ip6_input.c.
3842 * XXX Should we update ip6stat, or not?
3843 */
3844 static int
bridge_ip6_checkbasic(struct mbuf ** mp)3845 bridge_ip6_checkbasic(struct mbuf **mp)
3846 {
3847 struct mbuf *m = *mp;
3848 struct ip6_hdr *ip6;
3849
3850 /*
3851 * If the IPv6 header is not aligned, slurp it up into a new
3852 * mbuf with space for link headers, in the event we forward
3853 * it. Otherwise, if it is aligned, make sure the entire base
3854 * IPv6 header is in the first mbuf of the chain.
3855 */
3856 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3857 struct ifnet *inifp = m->m_pkthdr.rcvif;
3858 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
3859 (max_linkhdr + 3) & ~3)) == NULL) {
3860 /* XXXJRT new stat, please */
3861 IP6STAT_INC(ip6s_toosmall);
3862 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3863 goto bad;
3864 }
3865 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
3866 struct ifnet *inifp = m->m_pkthdr.rcvif;
3867 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
3868 IP6STAT_INC(ip6s_toosmall);
3869 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3870 goto bad;
3871 }
3872 }
3873
3874 ip6 = mtod(m, struct ip6_hdr *);
3875
3876 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
3877 IP6STAT_INC(ip6s_badvers);
3878 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
3879 goto bad;
3880 }
3881
3882 /* Checks out, proceed */
3883 *mp = m;
3884 return (0);
3885
3886 bad:
3887 *mp = m;
3888 return (-1);
3889 }
3890 #endif /* INET6 */
3891
3892 #ifdef INET
3893 /*
3894 * bridge_fragment:
3895 *
3896 * Fragment mbuf chain in multiple packets and prepend ethernet header.
3897 */
3898 static int
bridge_fragment(struct ifnet * ifp,struct mbuf ** mp,struct ether_header * eh,int snap,struct llc * llc)3899 bridge_fragment(struct ifnet *ifp, struct mbuf **mp, struct ether_header *eh,
3900 int snap, struct llc *llc)
3901 {
3902 struct mbuf *m = *mp, *nextpkt = NULL, *mprev = NULL, *mcur = NULL;
3903 struct ip *ip;
3904 int error = -1;
3905
3906 if (m->m_len < sizeof(struct ip) &&
3907 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3908 goto dropit;
3909 ip = mtod(m, struct ip *);
3910
3911 m->m_pkthdr.csum_flags |= CSUM_IP;
3912 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist);
3913 if (error)
3914 goto dropit;
3915
3916 /*
3917 * Walk the chain and re-add the Ethernet header for
3918 * each mbuf packet.
3919 */
3920 for (mcur = m; mcur; mcur = mcur->m_nextpkt) {
3921 nextpkt = mcur->m_nextpkt;
3922 mcur->m_nextpkt = NULL;
3923 if (snap) {
3924 M_PREPEND(mcur, sizeof(struct llc), M_NOWAIT);
3925 if (mcur == NULL) {
3926 error = ENOBUFS;
3927 if (mprev != NULL)
3928 mprev->m_nextpkt = nextpkt;
3929 goto dropit;
3930 }
3931 bcopy(llc, mtod(mcur, caddr_t),sizeof(struct llc));
3932 }
3933
3934 M_PREPEND(mcur, ETHER_HDR_LEN, M_NOWAIT);
3935 if (mcur == NULL) {
3936 error = ENOBUFS;
3937 if (mprev != NULL)
3938 mprev->m_nextpkt = nextpkt;
3939 goto dropit;
3940 }
3941 bcopy(eh, mtod(mcur, caddr_t), ETHER_HDR_LEN);
3942
3943 /*
3944 * The previous two M_PREPEND could have inserted one or two
3945 * mbufs in front so we have to update the previous packet's
3946 * m_nextpkt.
3947 */
3948 mcur->m_nextpkt = nextpkt;
3949 if (mprev != NULL)
3950 mprev->m_nextpkt = mcur;
3951 else {
3952 /* The first mbuf in the original chain needs to be
3953 * updated. */
3954 *mp = mcur;
3955 }
3956 mprev = mcur;
3957 }
3958
3959 KMOD_IPSTAT_INC(ips_fragmented);
3960 return (error);
3961
3962 dropit:
3963 for (mcur = *mp; mcur; mcur = m) { /* droping the full packet chain */
3964 m = mcur->m_nextpkt;
3965 m_freem(mcur);
3966 }
3967 return (error);
3968 }
3969 #endif /* INET */
3970
3971 static void
bridge_linkstate(struct ifnet * ifp)3972 bridge_linkstate(struct ifnet *ifp)
3973 {
3974 struct bridge_softc *sc = NULL;
3975 struct bridge_iflist *bif;
3976 struct epoch_tracker et;
3977
3978 NET_EPOCH_ENTER(et);
3979
3980 bif = ifp->if_bridge;
3981 if (bif)
3982 sc = bif->bif_sc;
3983
3984 if (sc != NULL) {
3985 bridge_linkcheck(sc);
3986 bstp_linkstate(&bif->bif_stp);
3987 }
3988
3989 NET_EPOCH_EXIT(et);
3990 }
3991
3992 static void
bridge_linkcheck(struct bridge_softc * sc)3993 bridge_linkcheck(struct bridge_softc *sc)
3994 {
3995 struct bridge_iflist *bif;
3996 int new_link, hasls;
3997
3998 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
3999
4000 new_link = LINK_STATE_DOWN;
4001 hasls = 0;
4002 /* Our link is considered up if at least one of our ports is active */
4003 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
4004 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE)
4005 hasls++;
4006 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) {
4007 new_link = LINK_STATE_UP;
4008 break;
4009 }
4010 }
4011 if (!CK_LIST_EMPTY(&sc->sc_iflist) && !hasls) {
4012 /* If no interfaces support link-state then we default to up */
4013 new_link = LINK_STATE_UP;
4014 }
4015 if_link_state_change(sc->sc_ifp, new_link);
4016 }
4017