1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
2
3 /*-
4 * SPDX-License-Identifier: BSD-4-Clause
5 *
6 * Copyright 2001 Wasabi Systems, Inc.
7 * All rights reserved.
8 *
9 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 * must display the following acknowledgement:
21 * This product includes software developed for the NetBSD Project by
22 * Wasabi Systems, Inc.
23 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
24 * or promote products derived from this software without specific prior
25 * written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 * POSSIBILITY OF SUCH DAMAGE.
38 */
39
40 /*
41 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
42 * All rights reserved.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
54 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
55 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
56 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
57 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
58 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
59 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
62 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
63 * POSSIBILITY OF SUCH DAMAGE.
64 *
65 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
66 */
67
68 /*
69 * Network interface bridge support.
70 *
71 * TODO:
72 *
73 * - Currently only supports Ethernet-like interfaces (Ethernet,
74 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
75 * to bridge other types of interfaces (maybe consider
76 * heterogeneous bridges).
77 */
78
79 #include <sys/cdefs.h>
80 #include "opt_inet.h"
81 #include "opt_inet6.h"
82
83 #include <sys/param.h>
84 #include <sys/eventhandler.h>
85 #include <sys/mbuf.h>
86 #include <sys/malloc.h>
87 #include <sys/protosw.h>
88 #include <sys/systm.h>
89 #include <sys/jail.h>
90 #include <sys/time.h>
91 #include <sys/socket.h> /* for net/if.h */
92 #include <sys/sockio.h>
93 #include <sys/ctype.h> /* string functions */
94 #include <sys/kernel.h>
95 #include <sys/random.h>
96 #include <sys/syslog.h>
97 #include <sys/sysctl.h>
98 #include <vm/uma.h>
99 #include <sys/module.h>
100 #include <sys/priv.h>
101 #include <sys/proc.h>
102 #include <sys/lock.h>
103 #include <sys/mutex.h>
104
105 #include <net/bpf.h>
106 #include <net/if.h>
107 #include <net/if_clone.h>
108 #include <net/if_dl.h>
109 #include <net/if_types.h>
110 #include <net/if_var.h>
111 #include <net/if_private.h>
112 #include <net/pfil.h>
113 #include <net/vnet.h>
114
115 #include <netinet/in.h>
116 #include <netinet/in_systm.h>
117 #include <netinet/in_var.h>
118 #include <netinet/ip.h>
119 #include <netinet/ip_var.h>
120 #ifdef INET6
121 #include <netinet/ip6.h>
122 #include <netinet6/ip6_var.h>
123 #include <netinet6/in6_ifattach.h>
124 #endif
125 #if defined(INET) || defined(INET6)
126 #include <netinet/ip_carp.h>
127 #endif
128 #include <machine/in_cksum.h>
129 #include <netinet/if_ether.h>
130 #include <net/bridgestp.h>
131 #include <net/if_bridgevar.h>
132 #include <net/if_llc.h>
133 #include <net/if_vlan_var.h>
134
135 #include <net/route.h>
136
137 /*
138 * At various points in the code we need to know if we're hooked into the INET
139 * and/or INET6 pfil. Define some macros to do that based on which IP versions
140 * are enabled in the kernel. This avoids littering the rest of the code with
141 * #ifnet INET6 to avoid referencing V_inet6_pfil_head.
142 */
143 #ifdef INET6
144 #define PFIL_HOOKED_IN_INET6 PFIL_HOOKED_IN(V_inet6_pfil_head)
145 #define PFIL_HOOKED_OUT_INET6 PFIL_HOOKED_OUT(V_inet6_pfil_head)
146 #else
147 #define PFIL_HOOKED_IN_INET6 false
148 #define PFIL_HOOKED_OUT_INET6 false
149 #endif
150
151 #ifdef INET
152 #define PFIL_HOOKED_IN_INET PFIL_HOOKED_IN(V_inet_pfil_head)
153 #define PFIL_HOOKED_OUT_INET PFIL_HOOKED_OUT(V_inet_pfil_head)
154 #else
155 #define PFIL_HOOKED_IN_INET false
156 #define PFIL_HOOKED_OUT_INET false
157 #endif
158
159 #define PFIL_HOOKED_IN_46 (PFIL_HOOKED_IN_INET6 || PFIL_HOOKED_IN_INET)
160 #define PFIL_HOOKED_OUT_46 (PFIL_HOOKED_OUT_INET6 || PFIL_HOOKED_OUT_INET)
161
162 /*
163 * Size of the route hash table. Must be a power of two.
164 */
165 #ifndef BRIDGE_RTHASH_SIZE
166 #define BRIDGE_RTHASH_SIZE 1024
167 #endif
168
169 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
170
171 /*
172 * Default maximum number of addresses to cache.
173 */
174 #ifndef BRIDGE_RTABLE_MAX
175 #define BRIDGE_RTABLE_MAX 2000
176 #endif
177
178 /*
179 * Timeout (in seconds) for entries learned dynamically.
180 */
181 #ifndef BRIDGE_RTABLE_TIMEOUT
182 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
183 #endif
184
185 /*
186 * Number of seconds between walks of the route list.
187 */
188 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
189 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
190 #endif
191
192 /*
193 * List of capabilities to possibly mask on the member interface.
194 */
195 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM|\
196 IFCAP_TXCSUM_IPV6|IFCAP_MEXTPG)
197
198 /*
199 * List of capabilities to strip
200 */
201 #define BRIDGE_IFCAPS_STRIP IFCAP_LRO
202
203 /*
204 * Bridge locking
205 *
206 * The bridge relies heavily on the epoch(9) system to protect its data
207 * structures. This means we can safely use CK_LISTs while in NET_EPOCH, but we
208 * must ensure there is only one writer at a time.
209 *
210 * That is: for read accesses we only need to be in NET_EPOCH, but for write
211 * accesses we must hold:
212 *
213 * - BRIDGE_RT_LOCK, for any change to bridge_rtnodes
214 * - BRIDGE_LOCK, for any other change
215 *
216 * The BRIDGE_LOCK is a sleepable lock, because it is held across ioctl()
217 * calls to bridge member interfaces and these ioctl()s can sleep.
218 * The BRIDGE_RT_LOCK is a non-sleepable mutex, because it is sometimes
219 * required while we're in NET_EPOCH and then we're not allowed to sleep.
220 */
221 #define BRIDGE_LOCK_INIT(_sc) do { \
222 sx_init(&(_sc)->sc_sx, "if_bridge"); \
223 mtx_init(&(_sc)->sc_rt_mtx, "if_bridge rt", NULL, MTX_DEF); \
224 } while (0)
225 #define BRIDGE_LOCK_DESTROY(_sc) do { \
226 sx_destroy(&(_sc)->sc_sx); \
227 mtx_destroy(&(_sc)->sc_rt_mtx); \
228 } while (0)
229 #define BRIDGE_LOCK(_sc) sx_xlock(&(_sc)->sc_sx)
230 #define BRIDGE_UNLOCK(_sc) sx_xunlock(&(_sc)->sc_sx)
231 #define BRIDGE_LOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_XLOCKED)
232 #define BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
233 MPASS(in_epoch(net_epoch_preempt) || sx_xlocked(&(_sc)->sc_sx))
234 #define BRIDGE_UNLOCK_ASSERT(_sc) sx_assert(&(_sc)->sc_sx, SX_UNLOCKED)
235 #define BRIDGE_RT_LOCK(_sc) mtx_lock(&(_sc)->sc_rt_mtx)
236 #define BRIDGE_RT_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_rt_mtx)
237 #define BRIDGE_RT_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_rt_mtx, MA_OWNED)
238 #define BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(_sc) \
239 MPASS(in_epoch(net_epoch_preempt) || mtx_owned(&(_sc)->sc_rt_mtx))
240
241 struct bridge_softc;
242
243 /*
244 * Bridge interface list entry.
245 */
246 struct bridge_iflist {
247 CK_LIST_ENTRY(bridge_iflist) bif_next;
248 struct ifnet *bif_ifp; /* member if */
249 struct bridge_softc *bif_sc; /* parent bridge */
250 struct bstp_port bif_stp; /* STP state */
251 uint32_t bif_flags; /* member if flags */
252 int bif_savedcaps; /* saved capabilities */
253 uint32_t bif_addrmax; /* max # of addresses */
254 uint32_t bif_addrcnt; /* cur. # of addresses */
255 uint32_t bif_addrexceeded;/* # of address violations */
256 struct epoch_context bif_epoch_ctx;
257 ether_vlanid_t bif_untagged; /* untagged vlan id */
258 ifbvlan_set_t bif_vlan_set; /* allowed tagged vlans */
259 };
260
261 /*
262 * Bridge route node.
263 */
264 struct bridge_rtnode {
265 CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
266 CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
267 struct bridge_iflist *brt_dst; /* destination if */
268 unsigned long brt_expire; /* expiration time */
269 uint8_t brt_flags; /* address flags */
270 uint8_t brt_addr[ETHER_ADDR_LEN];
271 ether_vlanid_t brt_vlan; /* vlan id */
272 struct vnet *brt_vnet;
273 struct epoch_context brt_epoch_ctx;
274 };
275 #define brt_ifp brt_dst->bif_ifp
276
277 /*
278 * Software state for each bridge.
279 */
280 struct bridge_softc {
281 struct ifnet *sc_ifp; /* make this an interface */
282 LIST_ENTRY(bridge_softc) sc_list;
283 struct sx sc_sx;
284 struct mtx sc_rt_mtx;
285 uint32_t sc_brtmax; /* max # of addresses */
286 uint32_t sc_brtcnt; /* cur. # of addresses */
287 uint32_t sc_brttimeout; /* rt timeout in seconds */
288 struct callout sc_brcallout; /* bridge callout */
289 CK_LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
290 CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
291 CK_LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
292 uint32_t sc_rthash_key; /* key for hash */
293 CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
294 struct bstp_state sc_stp; /* STP state */
295 uint32_t sc_brtexceeded; /* # of cache drops */
296 struct ifnet *sc_ifaddr; /* member mac copied from */
297 struct ether_addr sc_defaddr; /* Default MAC address */
298 if_input_fn_t sc_if_input; /* Saved copy of if_input */
299 struct epoch_context sc_epoch_ctx;
300 };
301
302 VNET_DEFINE_STATIC(struct sx, bridge_list_sx);
303 #define V_bridge_list_sx VNET(bridge_list_sx)
304 static eventhandler_tag bridge_detach_cookie;
305
306 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
307
308 VNET_DEFINE_STATIC(uma_zone_t, bridge_rtnode_zone);
309 #define V_bridge_rtnode_zone VNET(bridge_rtnode_zone)
310
311 static int bridge_clone_create(struct if_clone *, char *, size_t,
312 struct ifc_data *, struct ifnet **);
313 static int bridge_clone_destroy(struct if_clone *, struct ifnet *, uint32_t);
314
315 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
316 static void bridge_mutecaps(struct bridge_softc *);
317 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *,
318 int);
319 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
320 static void bridge_init(void *);
321 static void bridge_dummynet(struct mbuf *, struct ifnet *);
322 static bool bridge_same(const void *, const void *);
323 static void *bridge_get_softc(struct ifnet *);
324 static void bridge_stop(struct ifnet *, int);
325 static int bridge_transmit(struct ifnet *, struct mbuf *);
326 #ifdef ALTQ
327 static void bridge_altq_start(if_t);
328 static int bridge_altq_transmit(if_t, struct mbuf *);
329 #endif
330 static void bridge_qflush(struct ifnet *);
331 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
332 static void bridge_inject(struct ifnet *, struct mbuf *);
333 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
334 struct rtentry *);
335 static int bridge_enqueue(struct bridge_softc *, struct ifnet *,
336 struct mbuf *, struct bridge_iflist *);
337 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
338
339 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *,
340 struct mbuf *m);
341 static bool bridge_member_ifaddrs(void);
342 static void bridge_timer(void *);
343
344 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
345 struct mbuf *, int);
346 static void bridge_span(struct bridge_softc *, struct mbuf *);
347
348 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
349 ether_vlanid_t, struct bridge_iflist *, int, uint8_t);
350 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *,
351 ether_vlanid_t);
352 static void bridge_rttrim(struct bridge_softc *);
353 static void bridge_rtage(struct bridge_softc *);
354 static void bridge_rtflush(struct bridge_softc *, int);
355 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *,
356 ether_vlanid_t);
357 static bool bridge_vfilter_in(const struct bridge_iflist *, struct mbuf *);
358 static bool bridge_vfilter_out(const struct bridge_iflist *,
359 const struct mbuf *);
360
361 static void bridge_rtable_init(struct bridge_softc *);
362 static void bridge_rtable_fini(struct bridge_softc *);
363
364 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
365 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
366 const uint8_t *, ether_vlanid_t);
367 static int bridge_rtnode_insert(struct bridge_softc *,
368 struct bridge_rtnode *);
369 static void bridge_rtnode_destroy(struct bridge_softc *,
370 struct bridge_rtnode *);
371 static void bridge_rtable_expire(struct ifnet *, int);
372 static void bridge_state_change(struct ifnet *, int);
373
374 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
375 const char *name);
376 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
377 struct ifnet *ifp);
378 static void bridge_delete_member(struct bridge_softc *,
379 struct bridge_iflist *, int);
380 static void bridge_delete_span(struct bridge_softc *,
381 struct bridge_iflist *);
382
383 static int bridge_ioctl_add(struct bridge_softc *, void *);
384 static int bridge_ioctl_del(struct bridge_softc *, void *);
385 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
386 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
387 static int bridge_ioctl_scache(struct bridge_softc *, void *);
388 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
389 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
390 static int bridge_ioctl_rts(struct bridge_softc *, void *);
391 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
392 static int bridge_ioctl_sto(struct bridge_softc *, void *);
393 static int bridge_ioctl_gto(struct bridge_softc *, void *);
394 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
395 static int bridge_ioctl_flush(struct bridge_softc *, void *);
396 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
397 static int bridge_ioctl_spri(struct bridge_softc *, void *);
398 static int bridge_ioctl_ght(struct bridge_softc *, void *);
399 static int bridge_ioctl_sht(struct bridge_softc *, void *);
400 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
401 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
402 static int bridge_ioctl_gma(struct bridge_softc *, void *);
403 static int bridge_ioctl_sma(struct bridge_softc *, void *);
404 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
405 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
406 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *);
407 static int bridge_ioctl_sifuntagged(struct bridge_softc *, void *);
408 static int bridge_ioctl_sifvlanset(struct bridge_softc *, void *);
409 static int bridge_ioctl_gifvlanset(struct bridge_softc *, void *);
410 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
411 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
412 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
413 static int bridge_ioctl_grte(struct bridge_softc *, void *);
414 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
415 static int bridge_ioctl_sproto(struct bridge_softc *, void *);
416 static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
417 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
418 int);
419 #ifdef INET
420 static int bridge_ip_checkbasic(struct mbuf **mp);
421 static int bridge_fragment(struct ifnet *, struct mbuf **mp,
422 struct ether_header *, int, struct llc *);
423 #endif /* INET */
424 #ifdef INET6
425 static int bridge_ip6_checkbasic(struct mbuf **mp);
426 #endif /* INET6 */
427 static void bridge_linkstate(struct ifnet *ifp);
428 static void bridge_linkcheck(struct bridge_softc *sc);
429
430 /*
431 * Use the "null" value from IEEE 802.1Q-2014 Table 9-2
432 * to indicate untagged frames.
433 */
434 #define VLANTAGOF(_m) \
435 ((_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : DOT1Q_VID_NULL)
436
437 static struct bstp_cb_ops bridge_ops = {
438 .bcb_state = bridge_state_change,
439 .bcb_rtage = bridge_rtable_expire
440 };
441
442 SYSCTL_DECL(_net_link);
443 static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
444 "Bridge");
445
446 /* only pass IP[46] packets when pfil is enabled */
447 VNET_DEFINE_STATIC(int, pfil_onlyip) = 1;
448 #define V_pfil_onlyip VNET(pfil_onlyip)
449 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip,
450 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_onlyip), 0,
451 "Only pass IP packets when pfil is enabled");
452
453 /* run pfil hooks on the bridge interface */
454 VNET_DEFINE_STATIC(int, pfil_bridge) = 0;
455 #define V_pfil_bridge VNET(pfil_bridge)
456 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge,
457 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_bridge), 0,
458 "Packet filter on the bridge interface");
459
460 /* layer2 filter with ipfw */
461 VNET_DEFINE_STATIC(int, pfil_ipfw);
462 #define V_pfil_ipfw VNET(pfil_ipfw)
463
464 /* layer2 ARP filter with ipfw */
465 VNET_DEFINE_STATIC(int, pfil_ipfw_arp);
466 #define V_pfil_ipfw_arp VNET(pfil_ipfw_arp)
467 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp,
468 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_ipfw_arp), 0,
469 "Filter ARP packets through IPFW layer2");
470
471 /* run pfil hooks on the member interface */
472 VNET_DEFINE_STATIC(int, pfil_member) = 0;
473 #define V_pfil_member VNET(pfil_member)
474 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member,
475 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_member), 0,
476 "Packet filter on the member interface");
477
478 /* run pfil hooks on the physical interface for locally destined packets */
479 VNET_DEFINE_STATIC(int, pfil_local_phys);
480 #define V_pfil_local_phys VNET(pfil_local_phys)
481 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys,
482 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_local_phys), 0,
483 "Packet filter on the physical interface for locally destined packets");
484
485 /* log STP state changes */
486 VNET_DEFINE_STATIC(int, log_stp);
487 #define V_log_stp VNET(log_stp)
488 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp,
489 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(log_stp), 0,
490 "Log STP state changes");
491
492 /* share MAC with first bridge member */
493 VNET_DEFINE_STATIC(int, bridge_inherit_mac);
494 #define V_bridge_inherit_mac VNET(bridge_inherit_mac)
495 SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac,
496 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(bridge_inherit_mac), 0,
497 "Inherit MAC address from the first bridge member");
498
499 VNET_DEFINE_STATIC(int, allow_llz_overlap) = 0;
500 #define V_allow_llz_overlap VNET(allow_llz_overlap)
501 SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap,
502 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0,
503 "Allow overlap of link-local scope "
504 "zones of a bridge interface and the member interfaces");
505
506 /* log MAC address port flapping */
507 VNET_DEFINE_STATIC(bool, log_mac_flap) = true;
508 #define V_log_mac_flap VNET(log_mac_flap)
509 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap,
510 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(log_mac_flap), true,
511 "Log MAC address port flapping");
512
513 /* allow IP addresses on bridge members */
514 VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
515 #define V_member_ifaddrs VNET(member_ifaddrs)
516 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
517 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
518 "Allow layer 3 addresses on bridge members");
519
520 static bool
bridge_member_ifaddrs(void)521 bridge_member_ifaddrs(void)
522 {
523 return (V_member_ifaddrs);
524 }
525
526 VNET_DEFINE_STATIC(int, log_interval) = 5;
527 VNET_DEFINE_STATIC(int, log_count) = 0;
528 VNET_DEFINE_STATIC(struct timeval, log_last) = { 0 };
529
530 #define V_log_interval VNET(log_interval)
531 #define V_log_count VNET(log_count)
532 #define V_log_last VNET(log_last)
533
534 struct bridge_control {
535 int (*bc_func)(struct bridge_softc *, void *);
536 int bc_argsize;
537 int bc_flags;
538 };
539
540 #define BC_F_COPYIN 0x01 /* copy arguments in */
541 #define BC_F_COPYOUT 0x02 /* copy arguments out */
542 #define BC_F_SUSER 0x04 /* do super-user check */
543
544 static const struct bridge_control bridge_control_table[] = {
545 { bridge_ioctl_add, sizeof(struct ifbreq),
546 BC_F_COPYIN|BC_F_SUSER },
547 { bridge_ioctl_del, sizeof(struct ifbreq),
548 BC_F_COPYIN|BC_F_SUSER },
549
550 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
551 BC_F_COPYIN|BC_F_COPYOUT },
552 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
553 BC_F_COPYIN|BC_F_SUSER },
554
555 { bridge_ioctl_scache, sizeof(struct ifbrparam),
556 BC_F_COPYIN|BC_F_SUSER },
557 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
558 BC_F_COPYOUT },
559
560 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
561 BC_F_COPYIN|BC_F_COPYOUT },
562 { bridge_ioctl_rts, sizeof(struct ifbaconf),
563 BC_F_COPYIN|BC_F_COPYOUT },
564
565 { bridge_ioctl_saddr, sizeof(struct ifbareq),
566 BC_F_COPYIN|BC_F_SUSER },
567
568 { bridge_ioctl_sto, sizeof(struct ifbrparam),
569 BC_F_COPYIN|BC_F_SUSER },
570 { bridge_ioctl_gto, sizeof(struct ifbrparam),
571 BC_F_COPYOUT },
572
573 { bridge_ioctl_daddr, sizeof(struct ifbareq),
574 BC_F_COPYIN|BC_F_SUSER },
575
576 { bridge_ioctl_flush, sizeof(struct ifbreq),
577 BC_F_COPYIN|BC_F_SUSER },
578
579 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
580 BC_F_COPYOUT },
581 { bridge_ioctl_spri, sizeof(struct ifbrparam),
582 BC_F_COPYIN|BC_F_SUSER },
583
584 { bridge_ioctl_ght, sizeof(struct ifbrparam),
585 BC_F_COPYOUT },
586 { bridge_ioctl_sht, sizeof(struct ifbrparam),
587 BC_F_COPYIN|BC_F_SUSER },
588
589 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
590 BC_F_COPYOUT },
591 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
592 BC_F_COPYIN|BC_F_SUSER },
593
594 { bridge_ioctl_gma, sizeof(struct ifbrparam),
595 BC_F_COPYOUT },
596 { bridge_ioctl_sma, sizeof(struct ifbrparam),
597 BC_F_COPYIN|BC_F_SUSER },
598
599 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
600 BC_F_COPYIN|BC_F_SUSER },
601
602 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
603 BC_F_COPYIN|BC_F_SUSER },
604
605 { bridge_ioctl_addspan, sizeof(struct ifbreq),
606 BC_F_COPYIN|BC_F_SUSER },
607 { bridge_ioctl_delspan, sizeof(struct ifbreq),
608 BC_F_COPYIN|BC_F_SUSER },
609
610 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
611 BC_F_COPYOUT },
612
613 { bridge_ioctl_grte, sizeof(struct ifbrparam),
614 BC_F_COPYOUT },
615
616 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
617 BC_F_COPYIN|BC_F_COPYOUT },
618
619 { bridge_ioctl_sproto, sizeof(struct ifbrparam),
620 BC_F_COPYIN|BC_F_SUSER },
621
622 { bridge_ioctl_stxhc, sizeof(struct ifbrparam),
623 BC_F_COPYIN|BC_F_SUSER },
624
625 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq),
626 BC_F_COPYIN|BC_F_SUSER },
627
628 { bridge_ioctl_sifuntagged, sizeof(struct ifbreq),
629 BC_F_COPYIN|BC_F_SUSER },
630
631 { bridge_ioctl_sifvlanset, sizeof(struct ifbif_vlan_req),
632 BC_F_COPYIN|BC_F_SUSER },
633
634 { bridge_ioctl_gifvlanset, sizeof(struct ifbif_vlan_req),
635 BC_F_COPYIN|BC_F_COPYOUT },
636 };
637 static const int bridge_control_table_size = nitems(bridge_control_table);
638
639 VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list) =
640 LIST_HEAD_INITIALIZER();
641 #define V_bridge_list VNET(bridge_list)
642 #define BRIDGE_LIST_LOCK_INIT(x) sx_init(&V_bridge_list_sx, \
643 "if_bridge list")
644 #define BRIDGE_LIST_LOCK_DESTROY(x) sx_destroy(&V_bridge_list_sx)
645 #define BRIDGE_LIST_LOCK(x) sx_xlock(&V_bridge_list_sx)
646 #define BRIDGE_LIST_UNLOCK(x) sx_xunlock(&V_bridge_list_sx)
647
648 VNET_DEFINE_STATIC(struct if_clone *, bridge_cloner);
649 #define V_bridge_cloner VNET(bridge_cloner)
650
651 static const char bridge_name[] = "bridge";
652
653 static void
vnet_bridge_init(const void * unused __unused)654 vnet_bridge_init(const void *unused __unused)
655 {
656
657 V_bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
658 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
659 UMA_ALIGN_PTR, 0);
660 BRIDGE_LIST_LOCK_INIT();
661
662 struct if_clone_addreq req = {
663 .create_f = bridge_clone_create,
664 .destroy_f = bridge_clone_destroy,
665 .flags = IFC_F_AUTOUNIT,
666 };
667 V_bridge_cloner = ifc_attach_cloner(bridge_name, &req);
668 }
669 VNET_SYSINIT(vnet_bridge_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
670 vnet_bridge_init, NULL);
671
672 static void
vnet_bridge_uninit(const void * unused __unused)673 vnet_bridge_uninit(const void *unused __unused)
674 {
675
676 ifc_detach_cloner(V_bridge_cloner);
677 V_bridge_cloner = NULL;
678 BRIDGE_LIST_LOCK_DESTROY();
679
680 /* Callbacks may use the UMA zone. */
681 NET_EPOCH_DRAIN_CALLBACKS();
682
683 uma_zdestroy(V_bridge_rtnode_zone);
684 }
685 VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY,
686 vnet_bridge_uninit, NULL);
687
688 static int
bridge_modevent(module_t mod,int type,void * data)689 bridge_modevent(module_t mod, int type, void *data)
690 {
691
692 switch (type) {
693 case MOD_LOAD:
694 bridge_dn_p = bridge_dummynet;
695 bridge_same_p = bridge_same;
696 bridge_get_softc_p = bridge_get_softc;
697 bridge_member_ifaddrs_p = bridge_member_ifaddrs;
698 bridge_detach_cookie = EVENTHANDLER_REGISTER(
699 ifnet_departure_event, bridge_ifdetach, NULL,
700 EVENTHANDLER_PRI_ANY);
701 break;
702 case MOD_UNLOAD:
703 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
704 bridge_detach_cookie);
705 bridge_dn_p = NULL;
706 bridge_same_p = NULL;
707 bridge_get_softc_p = NULL;
708 bridge_member_ifaddrs_p = NULL;
709 break;
710 default:
711 return (EOPNOTSUPP);
712 }
713 return (0);
714 }
715
716 static moduledata_t bridge_mod = {
717 "if_bridge",
718 bridge_modevent,
719 0
720 };
721
722 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
723 MODULE_VERSION(if_bridge, 1);
724 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
725
726 /*
727 * handler for net.link.bridge.ipfw
728 */
729 static int
sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)730 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
731 {
732 int enable = V_pfil_ipfw;
733 int error;
734
735 error = sysctl_handle_int(oidp, &enable, 0, req);
736 enable &= 1;
737
738 if (enable != V_pfil_ipfw) {
739 V_pfil_ipfw = enable;
740
741 /*
742 * Disable pfil so that ipfw doesnt run twice, if the user
743 * really wants both then they can re-enable pfil_bridge and/or
744 * pfil_member. Also allow non-ip packets as ipfw can filter by
745 * layer2 type.
746 */
747 if (V_pfil_ipfw) {
748 V_pfil_onlyip = 0;
749 V_pfil_bridge = 0;
750 V_pfil_member = 0;
751 }
752 }
753
754 return (error);
755 }
756 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw,
757 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_VNET | CTLFLAG_NEEDGIANT,
758 &VNET_NAME(pfil_ipfw), 0, &sysctl_pfil_ipfw, "I",
759 "Layer2 filter with IPFW");
760
761 #ifdef VIMAGE
762 static void
bridge_reassign(struct ifnet * ifp,struct vnet * newvnet,char * arg)763 bridge_reassign(struct ifnet *ifp, struct vnet *newvnet, char *arg)
764 {
765 struct bridge_softc *sc = ifp->if_softc;
766 struct bridge_iflist *bif;
767
768 BRIDGE_LOCK(sc);
769
770 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
771 bridge_delete_member(sc, bif, 0);
772
773 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
774 bridge_delete_span(sc, bif);
775 }
776
777 BRIDGE_UNLOCK(sc);
778
779 ether_reassign(ifp, newvnet, arg);
780 }
781 #endif
782
783 /*
784 * bridge_get_softc:
785 *
786 * Return the bridge softc for an ifnet.
787 */
788 static void *
bridge_get_softc(struct ifnet * ifp)789 bridge_get_softc(struct ifnet *ifp)
790 {
791 struct bridge_iflist *bif;
792
793 NET_EPOCH_ASSERT();
794
795 bif = ifp->if_bridge;
796 if (bif == NULL)
797 return (NULL);
798 return (bif->bif_sc);
799 }
800
801 /*
802 * bridge_same:
803 *
804 * Return true if two interfaces are in the same bridge. This is only used by
805 * bridgestp via bridge_same_p.
806 */
807 static bool
bridge_same(const void * bifap,const void * bifbp)808 bridge_same(const void *bifap, const void *bifbp)
809 {
810 const struct bridge_iflist *bifa = bifap, *bifb = bifbp;
811
812 NET_EPOCH_ASSERT();
813
814 if (bifa == NULL || bifb == NULL)
815 return (false);
816
817 return (bifa->bif_sc == bifb->bif_sc);
818 }
819
820 /*
821 * bridge_clone_create:
822 *
823 * Create a new bridge instance.
824 */
825 static int
bridge_clone_create(struct if_clone * ifc,char * name,size_t len,struct ifc_data * ifd,struct ifnet ** ifpp)826 bridge_clone_create(struct if_clone *ifc, char *name, size_t len,
827 struct ifc_data *ifd, struct ifnet **ifpp)
828 {
829 struct bridge_softc *sc;
830 struct ifnet *ifp;
831
832 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
833 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
834
835 BRIDGE_LOCK_INIT(sc);
836 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
837 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
838
839 /* Initialize our routing table. */
840 bridge_rtable_init(sc);
841
842 callout_init_mtx(&sc->sc_brcallout, &sc->sc_rt_mtx, 0);
843
844 CK_LIST_INIT(&sc->sc_iflist);
845 CK_LIST_INIT(&sc->sc_spanlist);
846
847 ifp->if_softc = sc;
848 if_initname(ifp, bridge_name, ifd->unit);
849 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
850 ifp->if_capabilities = ifp->if_capenable = IFCAP_VLAN_HWTAGGING;
851 ifp->if_ioctl = bridge_ioctl;
852 #ifdef ALTQ
853 ifp->if_start = bridge_altq_start;
854 ifp->if_transmit = bridge_altq_transmit;
855 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
856 ifp->if_snd.ifq_drv_maxlen = 0;
857 IFQ_SET_READY(&ifp->if_snd);
858 #else
859 ifp->if_transmit = bridge_transmit;
860 #endif
861 ifp->if_qflush = bridge_qflush;
862 ifp->if_init = bridge_init;
863 ifp->if_type = IFT_BRIDGE;
864
865 ether_gen_addr(ifp, &sc->sc_defaddr);
866
867 bstp_attach(&sc->sc_stp, &bridge_ops);
868 ether_ifattach(ifp, sc->sc_defaddr.octet);
869 /* Now undo some of the damage... */
870 ifp->if_baudrate = 0;
871 #ifdef VIMAGE
872 ifp->if_reassign = bridge_reassign;
873 #endif
874 sc->sc_if_input = ifp->if_input; /* ether_input */
875 ifp->if_input = bridge_inject;
876
877 /*
878 * Allow BRIDGE_INPUT() to pass in packets originating from the bridge
879 * itself via bridge_inject(). This is required for netmap but
880 * otherwise has no effect.
881 */
882 ifp->if_bridge_input = bridge_input;
883
884 BRIDGE_LIST_LOCK();
885 LIST_INSERT_HEAD(&V_bridge_list, sc, sc_list);
886 BRIDGE_LIST_UNLOCK();
887 *ifpp = ifp;
888
889 return (0);
890 }
891
892 static void
bridge_clone_destroy_cb(struct epoch_context * ctx)893 bridge_clone_destroy_cb(struct epoch_context *ctx)
894 {
895 struct bridge_softc *sc;
896
897 sc = __containerof(ctx, struct bridge_softc, sc_epoch_ctx);
898
899 BRIDGE_LOCK_DESTROY(sc);
900 free(sc, M_DEVBUF);
901 }
902
903 /*
904 * bridge_clone_destroy:
905 *
906 * Destroy a bridge instance.
907 */
908 static int
bridge_clone_destroy(struct if_clone * ifc,struct ifnet * ifp,uint32_t flags)909 bridge_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags)
910 {
911 struct bridge_softc *sc = ifp->if_softc;
912 struct bridge_iflist *bif;
913 struct epoch_tracker et;
914
915 BRIDGE_LOCK(sc);
916
917 bridge_stop(ifp, 1);
918 ifp->if_flags &= ~IFF_UP;
919
920 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL)
921 bridge_delete_member(sc, bif, 0);
922
923 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) {
924 bridge_delete_span(sc, bif);
925 }
926
927 /* Tear down the routing table. */
928 bridge_rtable_fini(sc);
929
930 BRIDGE_UNLOCK(sc);
931
932 NET_EPOCH_ENTER(et);
933
934 callout_drain(&sc->sc_brcallout);
935
936 BRIDGE_LIST_LOCK();
937 LIST_REMOVE(sc, sc_list);
938 BRIDGE_LIST_UNLOCK();
939
940 bstp_detach(&sc->sc_stp);
941 #ifdef ALTQ
942 IFQ_PURGE(&ifp->if_snd);
943 #endif
944 NET_EPOCH_EXIT(et);
945
946 ether_ifdetach(ifp);
947 if_free(ifp);
948
949 NET_EPOCH_CALL(bridge_clone_destroy_cb, &sc->sc_epoch_ctx);
950
951 return (0);
952 }
953
954 /*
955 * bridge_ioctl:
956 *
957 * Handle a control request from the operator.
958 */
959 static int
bridge_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)960 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
961 {
962 struct bridge_softc *sc = ifp->if_softc;
963 struct ifreq *ifr = (struct ifreq *)data;
964 struct bridge_iflist *bif;
965 struct thread *td = curthread;
966 union {
967 struct ifbreq ifbreq;
968 struct ifbifconf ifbifconf;
969 struct ifbareq ifbareq;
970 struct ifbaconf ifbaconf;
971 struct ifbrparam ifbrparam;
972 struct ifbropreq ifbropreq;
973 struct ifbif_vlan_req ifvlanreq;
974 } args;
975 struct ifdrv *ifd = (struct ifdrv *) data;
976 const struct bridge_control *bc;
977 int error = 0, oldmtu;
978
979 BRIDGE_LOCK(sc);
980
981 switch (cmd) {
982 case SIOCADDMULTI:
983 case SIOCDELMULTI:
984 break;
985
986 case SIOCGDRVSPEC:
987 case SIOCSDRVSPEC:
988 if (ifd->ifd_cmd >= bridge_control_table_size) {
989 error = EINVAL;
990 break;
991 }
992 bc = &bridge_control_table[ifd->ifd_cmd];
993
994 if (cmd == SIOCGDRVSPEC &&
995 (bc->bc_flags & BC_F_COPYOUT) == 0) {
996 error = EINVAL;
997 break;
998 }
999 else if (cmd == SIOCSDRVSPEC &&
1000 (bc->bc_flags & BC_F_COPYOUT) != 0) {
1001 error = EINVAL;
1002 break;
1003 }
1004
1005 if (bc->bc_flags & BC_F_SUSER) {
1006 error = priv_check(td, PRIV_NET_BRIDGE);
1007 if (error)
1008 break;
1009 }
1010
1011 if (ifd->ifd_len != bc->bc_argsize ||
1012 ifd->ifd_len > sizeof(args)) {
1013 error = EINVAL;
1014 break;
1015 }
1016
1017 bzero(&args, sizeof(args));
1018 if (bc->bc_flags & BC_F_COPYIN) {
1019 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
1020 if (error)
1021 break;
1022 }
1023
1024 oldmtu = ifp->if_mtu;
1025 error = (*bc->bc_func)(sc, &args);
1026 if (error)
1027 break;
1028
1029 /*
1030 * Bridge MTU may change during addition of the first port.
1031 * If it did, do network layer specific procedure.
1032 */
1033 if (ifp->if_mtu != oldmtu)
1034 if_notifymtu(ifp);
1035
1036 if (bc->bc_flags & BC_F_COPYOUT)
1037 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
1038
1039 break;
1040
1041 case SIOCSIFFLAGS:
1042 if (!(ifp->if_flags & IFF_UP) &&
1043 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1044 /*
1045 * If interface is marked down and it is running,
1046 * then stop and disable it.
1047 */
1048 bridge_stop(ifp, 1);
1049 } else if ((ifp->if_flags & IFF_UP) &&
1050 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1051 /*
1052 * If interface is marked up and it is stopped, then
1053 * start it.
1054 */
1055 BRIDGE_UNLOCK(sc);
1056 (*ifp->if_init)(sc);
1057 BRIDGE_LOCK(sc);
1058 }
1059 break;
1060
1061 case SIOCSIFMTU:
1062 oldmtu = sc->sc_ifp->if_mtu;
1063
1064 if (ifr->ifr_mtu < IF_MINMTU) {
1065 error = EINVAL;
1066 break;
1067 }
1068 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1069 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1070 break;
1071 }
1072 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1073 error = (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1074 SIOCSIFMTU, (caddr_t)ifr);
1075 if (error != 0) {
1076 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1077 " member %s\n", sc->sc_ifp->if_xname,
1078 ifr->ifr_mtu,
1079 bif->bif_ifp->if_xname);
1080 error = EINVAL;
1081 break;
1082 }
1083 }
1084 if (error) {
1085 /* Restore the previous MTU on all member interfaces. */
1086 ifr->ifr_mtu = oldmtu;
1087 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1088 (*bif->bif_ifp->if_ioctl)(bif->bif_ifp,
1089 SIOCSIFMTU, (caddr_t)ifr);
1090 }
1091 } else {
1092 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
1093 }
1094 break;
1095 default:
1096 /*
1097 * drop the lock as ether_ioctl() will call bridge_start() and
1098 * cause the lock to be recursed.
1099 */
1100 BRIDGE_UNLOCK(sc);
1101 error = ether_ioctl(ifp, cmd, data);
1102 BRIDGE_LOCK(sc);
1103 break;
1104 }
1105
1106 BRIDGE_UNLOCK(sc);
1107
1108 return (error);
1109 }
1110
1111 /*
1112 * bridge_mutecaps:
1113 *
1114 * Clear or restore unwanted capabilities on the member interface
1115 */
1116 static void
bridge_mutecaps(struct bridge_softc * sc)1117 bridge_mutecaps(struct bridge_softc *sc)
1118 {
1119 struct bridge_iflist *bif;
1120 int enabled, mask;
1121
1122 BRIDGE_LOCK_ASSERT(sc);
1123
1124 /* Initial bitmask of capabilities to test */
1125 mask = BRIDGE_IFCAPS_MASK;
1126
1127 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1128 /* Every member must support it or its disabled */
1129 mask &= bif->bif_savedcaps;
1130 }
1131
1132 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1133 enabled = bif->bif_ifp->if_capenable;
1134 enabled &= ~BRIDGE_IFCAPS_STRIP;
1135 /* strip off mask bits and enable them again if allowed */
1136 enabled &= ~BRIDGE_IFCAPS_MASK;
1137 enabled |= mask;
1138 bridge_set_ifcap(sc, bif, enabled);
1139 }
1140 }
1141
1142 static void
bridge_set_ifcap(struct bridge_softc * sc,struct bridge_iflist * bif,int set)1143 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set)
1144 {
1145 struct ifnet *ifp = bif->bif_ifp;
1146 struct ifreq ifr;
1147 int error, mask, stuck;
1148
1149 bzero(&ifr, sizeof(ifr));
1150 ifr.ifr_reqcap = set;
1151
1152 if (ifp->if_capenable != set) {
1153 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
1154 if (error)
1155 if_printf(sc->sc_ifp,
1156 "error setting capabilities on %s: %d\n",
1157 ifp->if_xname, error);
1158 mask = BRIDGE_IFCAPS_MASK | BRIDGE_IFCAPS_STRIP;
1159 stuck = ifp->if_capenable & mask & ~set;
1160 if (stuck != 0)
1161 if_printf(sc->sc_ifp,
1162 "can't disable some capabilities on %s: 0x%x\n",
1163 ifp->if_xname, stuck);
1164 }
1165 }
1166
1167 /*
1168 * bridge_lookup_member:
1169 *
1170 * Lookup a bridge member interface.
1171 */
1172 static struct bridge_iflist *
bridge_lookup_member(struct bridge_softc * sc,const char * name)1173 bridge_lookup_member(struct bridge_softc *sc, const char *name)
1174 {
1175 struct bridge_iflist *bif;
1176 struct ifnet *ifp;
1177
1178 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1179
1180 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1181 ifp = bif->bif_ifp;
1182 if (strcmp(ifp->if_xname, name) == 0)
1183 return (bif);
1184 }
1185
1186 return (NULL);
1187 }
1188
1189 /*
1190 * bridge_lookup_member_if:
1191 *
1192 * Lookup a bridge member interface by ifnet*.
1193 */
1194 static struct bridge_iflist *
bridge_lookup_member_if(struct bridge_softc * sc,struct ifnet * member_ifp)1195 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
1196 {
1197 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
1198 return (member_ifp->if_bridge);
1199 }
1200
1201 static void
bridge_delete_member_cb(struct epoch_context * ctx)1202 bridge_delete_member_cb(struct epoch_context *ctx)
1203 {
1204 struct bridge_iflist *bif;
1205
1206 bif = __containerof(ctx, struct bridge_iflist, bif_epoch_ctx);
1207
1208 free(bif, M_DEVBUF);
1209 }
1210
1211 /*
1212 * bridge_delete_member:
1213 *
1214 * Delete the specified member interface.
1215 */
1216 static void
bridge_delete_member(struct bridge_softc * sc,struct bridge_iflist * bif,int gone)1217 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
1218 int gone)
1219 {
1220 struct ifnet *ifs = bif->bif_ifp;
1221 struct ifnet *fif = NULL;
1222 struct bridge_iflist *bifl;
1223
1224 BRIDGE_LOCK_ASSERT(sc);
1225
1226 if (bif->bif_flags & IFBIF_STP)
1227 bstp_disable(&bif->bif_stp);
1228
1229 ifs->if_bridge = NULL;
1230 CK_LIST_REMOVE(bif, bif_next);
1231
1232 /*
1233 * If removing the interface that gave the bridge its mac address, set
1234 * the mac address of the bridge to the address of the next member, or
1235 * to its default address if no members are left.
1236 */
1237 if (V_bridge_inherit_mac && sc->sc_ifaddr == ifs) {
1238 if (CK_LIST_EMPTY(&sc->sc_iflist)) {
1239 bcopy(&sc->sc_defaddr,
1240 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1241 sc->sc_ifaddr = NULL;
1242 } else {
1243 bifl = CK_LIST_FIRST(&sc->sc_iflist);
1244 fif = bifl->bif_ifp;
1245 bcopy(IF_LLADDR(fif),
1246 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1247 sc->sc_ifaddr = fif;
1248 }
1249 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1250 }
1251
1252 bridge_linkcheck(sc);
1253 bridge_mutecaps(sc); /* recalcuate now this interface is removed */
1254 BRIDGE_RT_LOCK(sc);
1255 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
1256 BRIDGE_RT_UNLOCK(sc);
1257 KASSERT(bif->bif_addrcnt == 0,
1258 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt));
1259
1260 ifs->if_bridge_output = NULL;
1261 ifs->if_bridge_input = NULL;
1262 ifs->if_bridge_linkstate = NULL;
1263 if (!gone) {
1264 switch (ifs->if_type) {
1265 case IFT_ETHER:
1266 case IFT_L2VLAN:
1267 /*
1268 * Take the interface out of promiscuous mode, but only
1269 * if it was promiscuous in the first place. It might
1270 * not be if we're in the bridge_ioctl_add() error path.
1271 */
1272 if (ifs->if_flags & IFF_PROMISC)
1273 (void) ifpromisc(ifs, 0);
1274 break;
1275
1276 case IFT_GIF:
1277 break;
1278
1279 default:
1280 #ifdef DIAGNOSTIC
1281 panic("bridge_delete_member: impossible");
1282 #endif
1283 break;
1284 }
1285 /* reneable any interface capabilities */
1286 bridge_set_ifcap(sc, bif, bif->bif_savedcaps);
1287 }
1288 bstp_destroy(&bif->bif_stp); /* prepare to free */
1289
1290 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1291 }
1292
1293 /*
1294 * bridge_delete_span:
1295 *
1296 * Delete the specified span interface.
1297 */
1298 static void
bridge_delete_span(struct bridge_softc * sc,struct bridge_iflist * bif)1299 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
1300 {
1301 BRIDGE_LOCK_ASSERT(sc);
1302
1303 KASSERT(bif->bif_ifp->if_bridge == NULL,
1304 ("%s: not a span interface", __func__));
1305
1306 CK_LIST_REMOVE(bif, bif_next);
1307
1308 NET_EPOCH_CALL(bridge_delete_member_cb, &bif->bif_epoch_ctx);
1309 }
1310
1311 static int
bridge_ioctl_add(struct bridge_softc * sc,void * arg)1312 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
1313 {
1314 struct ifbreq *req = arg;
1315 struct bridge_iflist *bif = NULL;
1316 struct ifnet *ifs;
1317 int error = 0;
1318
1319 ifs = ifunit(req->ifbr_ifsname);
1320 if (ifs == NULL)
1321 return (ENOENT);
1322 if (ifs->if_ioctl == NULL) /* must be supported */
1323 return (EINVAL);
1324
1325 /* If it's in the span list, it can't be a member. */
1326 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1327 if (ifs == bif->bif_ifp)
1328 return (EBUSY);
1329
1330 if (ifs->if_bridge) {
1331 struct bridge_iflist *sbif = ifs->if_bridge;
1332 if (sbif->bif_sc == sc)
1333 return (EEXIST);
1334
1335 return (EBUSY);
1336 }
1337
1338 switch (ifs->if_type) {
1339 case IFT_ETHER:
1340 case IFT_L2VLAN:
1341 case IFT_GIF:
1342 /* permitted interface types */
1343 break;
1344 default:
1345 return (EINVAL);
1346 }
1347
1348 #ifdef INET6
1349 /*
1350 * Two valid inet6 addresses with link-local scope must not be
1351 * on the parent interface and the member interfaces at the
1352 * same time. This restriction is needed to prevent violation
1353 * of link-local scope zone. Attempts to add a member
1354 * interface which has inet6 addresses when the parent has
1355 * inet6 triggers removal of all inet6 addresses on the member
1356 * interface.
1357 */
1358
1359 /* Check if the parent interface has a link-local scope addr. */
1360 if (V_allow_llz_overlap == 0 &&
1361 in6ifa_llaonifp(sc->sc_ifp) != NULL) {
1362 /*
1363 * If any, remove all inet6 addresses from the member
1364 * interfaces.
1365 */
1366 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1367 if (in6ifa_llaonifp(bif->bif_ifp)) {
1368 in6_ifdetach(bif->bif_ifp);
1369 if_printf(sc->sc_ifp,
1370 "IPv6 addresses on %s have been removed "
1371 "before adding it as a member to prevent "
1372 "IPv6 address scope violation.\n",
1373 bif->bif_ifp->if_xname);
1374 }
1375 }
1376 if (in6ifa_llaonifp(ifs)) {
1377 in6_ifdetach(ifs);
1378 if_printf(sc->sc_ifp,
1379 "IPv6 addresses on %s have been removed "
1380 "before adding it as a member to prevent "
1381 "IPv6 address scope violation.\n",
1382 ifs->if_xname);
1383 }
1384 }
1385 #endif
1386
1387 /*
1388 * If member_ifaddrs is disabled, do not allow an interface with
1389 * assigned IP addresses to be added to a bridge.
1390 */
1391 if (!V_member_ifaddrs) {
1392 struct ifaddr *ifa;
1393
1394 CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
1395 #ifdef INET
1396 if (ifa->ifa_addr->sa_family == AF_INET)
1397 return (EINVAL);
1398 #endif
1399 #ifdef INET6
1400 if (ifa->ifa_addr->sa_family == AF_INET6)
1401 return (EINVAL);
1402 #endif
1403 }
1404 }
1405
1406 /* Allow the first Ethernet member to define the MTU */
1407 if (CK_LIST_EMPTY(&sc->sc_iflist))
1408 sc->sc_ifp->if_mtu = ifs->if_mtu;
1409 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
1410 struct ifreq ifr;
1411
1412 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s",
1413 ifs->if_xname);
1414 ifr.ifr_mtu = sc->sc_ifp->if_mtu;
1415
1416 error = (*ifs->if_ioctl)(ifs,
1417 SIOCSIFMTU, (caddr_t)&ifr);
1418 if (error != 0) {
1419 log(LOG_NOTICE, "%s: invalid MTU: %u for"
1420 " new member %s\n", sc->sc_ifp->if_xname,
1421 ifr.ifr_mtu,
1422 ifs->if_xname);
1423 return (EINVAL);
1424 }
1425 }
1426
1427 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1428 if (bif == NULL)
1429 return (ENOMEM);
1430
1431 bif->bif_sc = sc;
1432 bif->bif_ifp = ifs;
1433 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
1434 bif->bif_savedcaps = ifs->if_capenable;
1435
1436 /*
1437 * Assign the interface's MAC address to the bridge if it's the first
1438 * member and the MAC address of the bridge has not been changed from
1439 * the default randomly generated one.
1440 */
1441 if (V_bridge_inherit_mac && CK_LIST_EMPTY(&sc->sc_iflist) &&
1442 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr.octet, ETHER_ADDR_LEN)) {
1443 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1444 sc->sc_ifaddr = ifs;
1445 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1446 }
1447
1448 ifs->if_bridge = bif;
1449 ifs->if_bridge_output = bridge_output;
1450 ifs->if_bridge_input = bridge_input;
1451 ifs->if_bridge_linkstate = bridge_linkstate;
1452 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp);
1453 /*
1454 * XXX: XLOCK HERE!?!
1455 *
1456 * NOTE: insert_***HEAD*** should be safe for the traversals.
1457 */
1458 CK_LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
1459
1460 /* Set interface capabilities to the intersection set of all members */
1461 bridge_mutecaps(sc);
1462 bridge_linkcheck(sc);
1463
1464 /* Place the interface into promiscuous mode */
1465 switch (ifs->if_type) {
1466 case IFT_ETHER:
1467 case IFT_L2VLAN:
1468 error = ifpromisc(ifs, 1);
1469 break;
1470 }
1471
1472 if (error)
1473 bridge_delete_member(sc, bif, 0);
1474 return (error);
1475 }
1476
1477 static int
bridge_ioctl_del(struct bridge_softc * sc,void * arg)1478 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
1479 {
1480 struct ifbreq *req = arg;
1481 struct bridge_iflist *bif;
1482
1483 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1484 if (bif == NULL)
1485 return (ENOENT);
1486
1487 bridge_delete_member(sc, bif, 0);
1488
1489 return (0);
1490 }
1491
1492 static int
bridge_ioctl_gifflags(struct bridge_softc * sc,void * arg)1493 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
1494 {
1495 struct ifbreq *req = arg;
1496 struct bridge_iflist *bif;
1497 struct bstp_port *bp;
1498
1499 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1500 if (bif == NULL)
1501 return (ENOENT);
1502
1503 bp = &bif->bif_stp;
1504 req->ifbr_ifsflags = bif->bif_flags;
1505 req->ifbr_state = bp->bp_state;
1506 req->ifbr_priority = bp->bp_priority;
1507 req->ifbr_path_cost = bp->bp_path_cost;
1508 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1509 req->ifbr_proto = bp->bp_protover;
1510 req->ifbr_role = bp->bp_role;
1511 req->ifbr_stpflags = bp->bp_flags;
1512 req->ifbr_addrcnt = bif->bif_addrcnt;
1513 req->ifbr_addrmax = bif->bif_addrmax;
1514 req->ifbr_addrexceeded = bif->bif_addrexceeded;
1515 req->ifbr_untagged = bif->bif_untagged;
1516
1517 /* Copy STP state options as flags */
1518 if (bp->bp_operedge)
1519 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE;
1520 if (bp->bp_flags & BSTP_PORT_AUTOEDGE)
1521 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE;
1522 if (bp->bp_ptp_link)
1523 req->ifbr_ifsflags |= IFBIF_BSTP_PTP;
1524 if (bp->bp_flags & BSTP_PORT_AUTOPTP)
1525 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP;
1526 if (bp->bp_flags & BSTP_PORT_ADMEDGE)
1527 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE;
1528 if (bp->bp_flags & BSTP_PORT_ADMCOST)
1529 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST;
1530 return (0);
1531 }
1532
1533 static int
bridge_ioctl_sifflags(struct bridge_softc * sc,void * arg)1534 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1535 {
1536 struct epoch_tracker et;
1537 struct ifbreq *req = arg;
1538 struct bridge_iflist *bif;
1539 struct bstp_port *bp;
1540 int error;
1541
1542 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1543 if (bif == NULL)
1544 return (ENOENT);
1545 bp = &bif->bif_stp;
1546
1547 if (req->ifbr_ifsflags & IFBIF_SPAN)
1548 /* SPAN is readonly */
1549 return (EINVAL);
1550
1551 NET_EPOCH_ENTER(et);
1552
1553 if (req->ifbr_ifsflags & IFBIF_STP) {
1554 if ((bif->bif_flags & IFBIF_STP) == 0) {
1555 error = bstp_enable(&bif->bif_stp);
1556 if (error) {
1557 NET_EPOCH_EXIT(et);
1558 return (error);
1559 }
1560 }
1561 } else {
1562 if ((bif->bif_flags & IFBIF_STP) != 0)
1563 bstp_disable(&bif->bif_stp);
1564 }
1565
1566 /* Pass on STP flags */
1567 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0);
1568 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0);
1569 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0);
1570 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0);
1571
1572 /* Save the bits relating to the bridge */
1573 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK;
1574
1575 NET_EPOCH_EXIT(et);
1576
1577 return (0);
1578 }
1579
1580 static int
bridge_ioctl_scache(struct bridge_softc * sc,void * arg)1581 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1582 {
1583 struct ifbrparam *param = arg;
1584
1585 sc->sc_brtmax = param->ifbrp_csize;
1586 bridge_rttrim(sc);
1587
1588 return (0);
1589 }
1590
1591 static int
bridge_ioctl_gcache(struct bridge_softc * sc,void * arg)1592 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1593 {
1594 struct ifbrparam *param = arg;
1595
1596 param->ifbrp_csize = sc->sc_brtmax;
1597
1598 return (0);
1599 }
1600
1601 static int
bridge_ioctl_gifs(struct bridge_softc * sc,void * arg)1602 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1603 {
1604 struct ifbifconf *bifc = arg;
1605 struct bridge_iflist *bif;
1606 struct ifbreq breq;
1607 char *buf, *outbuf;
1608 int count, buflen, len, error = 0;
1609
1610 count = 0;
1611 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1612 count++;
1613 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1614 count++;
1615
1616 buflen = sizeof(breq) * count;
1617 if (bifc->ifbic_len == 0) {
1618 bifc->ifbic_len = buflen;
1619 return (0);
1620 }
1621 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1622 if (outbuf == NULL)
1623 return (ENOMEM);
1624
1625 count = 0;
1626 buf = outbuf;
1627 len = min(bifc->ifbic_len, buflen);
1628 bzero(&breq, sizeof(breq));
1629 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1630 if (len < sizeof(breq))
1631 break;
1632
1633 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1634 sizeof(breq.ifbr_ifsname));
1635 /* Fill in the ifbreq structure */
1636 error = bridge_ioctl_gifflags(sc, &breq);
1637 if (error)
1638 break;
1639 memcpy(buf, &breq, sizeof(breq));
1640 count++;
1641 buf += sizeof(breq);
1642 len -= sizeof(breq);
1643 }
1644 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1645 if (len < sizeof(breq))
1646 break;
1647
1648 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1649 sizeof(breq.ifbr_ifsname));
1650 breq.ifbr_ifsflags = bif->bif_flags;
1651 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1652 memcpy(buf, &breq, sizeof(breq));
1653 count++;
1654 buf += sizeof(breq);
1655 len -= sizeof(breq);
1656 }
1657
1658 bifc->ifbic_len = sizeof(breq) * count;
1659 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len);
1660 free(outbuf, M_TEMP);
1661 return (error);
1662 }
1663
1664 static int
bridge_ioctl_rts(struct bridge_softc * sc,void * arg)1665 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1666 {
1667 struct ifbaconf *bac = arg;
1668 struct bridge_rtnode *brt;
1669 struct ifbareq bareq;
1670 char *buf, *outbuf;
1671 int count, buflen, len, error = 0;
1672
1673 if (bac->ifbac_len == 0)
1674 return (0);
1675
1676 count = 0;
1677 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list)
1678 count++;
1679 buflen = sizeof(bareq) * count;
1680
1681 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
1682 if (outbuf == NULL)
1683 return (ENOMEM);
1684
1685 count = 0;
1686 buf = outbuf;
1687 len = min(bac->ifbac_len, buflen);
1688 bzero(&bareq, sizeof(bareq));
1689 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1690 if (len < sizeof(bareq))
1691 goto out;
1692 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1693 sizeof(bareq.ifba_ifsname));
1694 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1695 bareq.ifba_vlan = brt->brt_vlan;
1696 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1697 time_uptime < brt->brt_expire)
1698 bareq.ifba_expire = brt->brt_expire - time_uptime;
1699 else
1700 bareq.ifba_expire = 0;
1701 bareq.ifba_flags = brt->brt_flags;
1702
1703 memcpy(buf, &bareq, sizeof(bareq));
1704 count++;
1705 buf += sizeof(bareq);
1706 len -= sizeof(bareq);
1707 }
1708 out:
1709 bac->ifbac_len = sizeof(bareq) * count;
1710 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len);
1711 free(outbuf, M_TEMP);
1712 return (error);
1713 }
1714
1715 static int
bridge_ioctl_saddr(struct bridge_softc * sc,void * arg)1716 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1717 {
1718 struct ifbareq *req = arg;
1719 struct bridge_iflist *bif;
1720 struct epoch_tracker et;
1721 int error;
1722
1723 NET_EPOCH_ENTER(et);
1724 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1725 if (bif == NULL) {
1726 NET_EPOCH_EXIT(et);
1727 return (ENOENT);
1728 }
1729
1730 /* bridge_rtupdate() may acquire the lock. */
1731 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1,
1732 req->ifba_flags);
1733 NET_EPOCH_EXIT(et);
1734
1735 return (error);
1736 }
1737
1738 static int
bridge_ioctl_sto(struct bridge_softc * sc,void * arg)1739 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1740 {
1741 struct ifbrparam *param = arg;
1742
1743 sc->sc_brttimeout = param->ifbrp_ctime;
1744 return (0);
1745 }
1746
1747 static int
bridge_ioctl_gto(struct bridge_softc * sc,void * arg)1748 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1749 {
1750 struct ifbrparam *param = arg;
1751
1752 param->ifbrp_ctime = sc->sc_brttimeout;
1753 return (0);
1754 }
1755
1756 static int
bridge_ioctl_daddr(struct bridge_softc * sc,void * arg)1757 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1758 {
1759 struct ifbareq *req = arg;
1760 int vlan = req->ifba_vlan;
1761
1762 /* Userspace uses '0' to mean 'any vlan' */
1763 if (vlan == 0)
1764 vlan = DOT1Q_VID_RSVD_IMPL;
1765
1766 return (bridge_rtdaddr(sc, req->ifba_dst, vlan));
1767 }
1768
1769 static int
bridge_ioctl_flush(struct bridge_softc * sc,void * arg)1770 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1771 {
1772 struct ifbreq *req = arg;
1773
1774 BRIDGE_RT_LOCK(sc);
1775 bridge_rtflush(sc, req->ifbr_ifsflags);
1776 BRIDGE_RT_UNLOCK(sc);
1777
1778 return (0);
1779 }
1780
1781 static int
bridge_ioctl_gpri(struct bridge_softc * sc,void * arg)1782 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1783 {
1784 struct ifbrparam *param = arg;
1785 struct bstp_state *bs = &sc->sc_stp;
1786
1787 param->ifbrp_prio = bs->bs_bridge_priority;
1788 return (0);
1789 }
1790
1791 static int
bridge_ioctl_spri(struct bridge_softc * sc,void * arg)1792 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1793 {
1794 struct ifbrparam *param = arg;
1795
1796 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio));
1797 }
1798
1799 static int
bridge_ioctl_ght(struct bridge_softc * sc,void * arg)1800 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1801 {
1802 struct ifbrparam *param = arg;
1803 struct bstp_state *bs = &sc->sc_stp;
1804
1805 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8;
1806 return (0);
1807 }
1808
1809 static int
bridge_ioctl_sht(struct bridge_softc * sc,void * arg)1810 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1811 {
1812 struct ifbrparam *param = arg;
1813
1814 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime));
1815 }
1816
1817 static int
bridge_ioctl_gfd(struct bridge_softc * sc,void * arg)1818 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1819 {
1820 struct ifbrparam *param = arg;
1821 struct bstp_state *bs = &sc->sc_stp;
1822
1823 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8;
1824 return (0);
1825 }
1826
1827 static int
bridge_ioctl_sfd(struct bridge_softc * sc,void * arg)1828 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1829 {
1830 struct ifbrparam *param = arg;
1831
1832 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay));
1833 }
1834
1835 static int
bridge_ioctl_gma(struct bridge_softc * sc,void * arg)1836 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1837 {
1838 struct ifbrparam *param = arg;
1839 struct bstp_state *bs = &sc->sc_stp;
1840
1841 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1842 return (0);
1843 }
1844
1845 static int
bridge_ioctl_sma(struct bridge_softc * sc,void * arg)1846 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1847 {
1848 struct ifbrparam *param = arg;
1849
1850 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage));
1851 }
1852
1853 static int
bridge_ioctl_sifprio(struct bridge_softc * sc,void * arg)1854 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1855 {
1856 struct ifbreq *req = arg;
1857 struct bridge_iflist *bif;
1858
1859 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1860 if (bif == NULL)
1861 return (ENOENT);
1862
1863 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority));
1864 }
1865
1866 static int
bridge_ioctl_sifcost(struct bridge_softc * sc,void * arg)1867 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1868 {
1869 struct ifbreq *req = arg;
1870 struct bridge_iflist *bif;
1871
1872 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1873 if (bif == NULL)
1874 return (ENOENT);
1875
1876 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost));
1877 }
1878
1879 static int
bridge_ioctl_sifmaxaddr(struct bridge_softc * sc,void * arg)1880 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg)
1881 {
1882 struct ifbreq *req = arg;
1883 struct bridge_iflist *bif;
1884
1885 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1886 if (bif == NULL)
1887 return (ENOENT);
1888
1889 bif->bif_addrmax = req->ifbr_addrmax;
1890 return (0);
1891 }
1892
1893 static int
bridge_ioctl_sifuntagged(struct bridge_softc * sc,void * arg)1894 bridge_ioctl_sifuntagged(struct bridge_softc *sc, void *arg)
1895 {
1896 struct ifbreq *req = arg;
1897 struct bridge_iflist *bif;
1898
1899 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1900 if (bif == NULL)
1901 return (ENOENT);
1902
1903 if (req->ifbr_untagged > DOT1Q_VID_MAX)
1904 return (EINVAL);
1905
1906 if (req->ifbr_untagged != DOT1Q_VID_NULL)
1907 bif->bif_flags |= IFBIF_VLANFILTER;
1908 bif->bif_untagged = req->ifbr_untagged;
1909 return (0);
1910 }
1911
1912 static int
bridge_ioctl_sifvlanset(struct bridge_softc * sc,void * arg)1913 bridge_ioctl_sifvlanset(struct bridge_softc *sc, void *arg)
1914 {
1915 struct ifbif_vlan_req *req = arg;
1916 struct bridge_iflist *bif;
1917
1918 bif = bridge_lookup_member(sc, req->bv_ifname);
1919 if (bif == NULL)
1920 return (ENOENT);
1921
1922 /* Reject invalid VIDs. */
1923 if (BRVLAN_TEST(&req->bv_set, DOT1Q_VID_NULL) ||
1924 BRVLAN_TEST(&req->bv_set, DOT1Q_VID_RSVD_IMPL))
1925 return (EINVAL);
1926
1927 switch (req->bv_op) {
1928 /* Replace the existing vlan set with the new set */
1929 case BRDG_VLAN_OP_SET:
1930 BIT_COPY(BRVLAN_SETSIZE, &req->bv_set, &bif->bif_vlan_set);
1931 break;
1932
1933 /* Modify the existing vlan set to add the given vlans */
1934 case BRDG_VLAN_OP_ADD:
1935 BIT_OR(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
1936 break;
1937
1938 /* Modify the existing vlan set to remove the given vlans */
1939 case BRDG_VLAN_OP_DEL:
1940 BIT_ANDNOT(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
1941 break;
1942
1943 /* Invalid or unknown operation */
1944 default:
1945 return (EINVAL);
1946 }
1947
1948 /*
1949 * The only reason to modify the VLAN access list is to use VLAN
1950 * filtering on this interface, so enable it automatically.
1951 */
1952 bif->bif_flags |= IFBIF_VLANFILTER;
1953
1954 return (0);
1955 }
1956
1957 static int
bridge_ioctl_gifvlanset(struct bridge_softc * sc,void * arg)1958 bridge_ioctl_gifvlanset(struct bridge_softc *sc, void *arg)
1959 {
1960 struct ifbif_vlan_req *req = arg;
1961 struct bridge_iflist *bif;
1962
1963 bif = bridge_lookup_member(sc, req->bv_ifname);
1964 if (bif == NULL)
1965 return (ENOENT);
1966
1967 BIT_COPY(BRVLAN_SETSIZE, &bif->bif_vlan_set, &req->bv_set);
1968 return (0);
1969 }
1970
1971 static int
bridge_ioctl_addspan(struct bridge_softc * sc,void * arg)1972 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1973 {
1974 struct ifbreq *req = arg;
1975 struct bridge_iflist *bif = NULL;
1976 struct ifnet *ifs;
1977
1978 ifs = ifunit(req->ifbr_ifsname);
1979 if (ifs == NULL)
1980 return (ENOENT);
1981
1982 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1983 if (ifs == bif->bif_ifp)
1984 return (EBUSY);
1985
1986 if (ifs->if_bridge != NULL)
1987 return (EBUSY);
1988
1989 switch (ifs->if_type) {
1990 case IFT_ETHER:
1991 case IFT_GIF:
1992 case IFT_L2VLAN:
1993 break;
1994 default:
1995 return (EINVAL);
1996 }
1997
1998 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1999 if (bif == NULL)
2000 return (ENOMEM);
2001
2002 bif->bif_ifp = ifs;
2003 bif->bif_flags = IFBIF_SPAN;
2004
2005 CK_LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
2006
2007 return (0);
2008 }
2009
2010 static int
bridge_ioctl_delspan(struct bridge_softc * sc,void * arg)2011 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
2012 {
2013 struct ifbreq *req = arg;
2014 struct bridge_iflist *bif;
2015 struct ifnet *ifs;
2016
2017 ifs = ifunit(req->ifbr_ifsname);
2018 if (ifs == NULL)
2019 return (ENOENT);
2020
2021 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2022 if (ifs == bif->bif_ifp)
2023 break;
2024
2025 if (bif == NULL)
2026 return (ENOENT);
2027
2028 bridge_delete_span(sc, bif);
2029
2030 return (0);
2031 }
2032
2033 static int
bridge_ioctl_gbparam(struct bridge_softc * sc,void * arg)2034 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
2035 {
2036 struct ifbropreq *req = arg;
2037 struct bstp_state *bs = &sc->sc_stp;
2038 struct bstp_port *root_port;
2039
2040 req->ifbop_maxage = bs->bs_bridge_max_age >> 8;
2041 req->ifbop_hellotime = bs->bs_bridge_htime >> 8;
2042 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8;
2043
2044 root_port = bs->bs_root_port;
2045 if (root_port == NULL)
2046 req->ifbop_root_port = 0;
2047 else
2048 req->ifbop_root_port = root_port->bp_ifp->if_index;
2049
2050 req->ifbop_holdcount = bs->bs_txholdcount;
2051 req->ifbop_priority = bs->bs_bridge_priority;
2052 req->ifbop_protocol = bs->bs_protover;
2053 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost;
2054 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id;
2055 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id;
2056 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id;
2057 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec;
2058 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec;
2059
2060 return (0);
2061 }
2062
2063 static int
bridge_ioctl_grte(struct bridge_softc * sc,void * arg)2064 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
2065 {
2066 struct ifbrparam *param = arg;
2067
2068 param->ifbrp_cexceeded = sc->sc_brtexceeded;
2069 return (0);
2070 }
2071
2072 static int
bridge_ioctl_gifsstp(struct bridge_softc * sc,void * arg)2073 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
2074 {
2075 struct ifbpstpconf *bifstp = arg;
2076 struct bridge_iflist *bif;
2077 struct bstp_port *bp;
2078 struct ifbpstpreq bpreq;
2079 char *buf, *outbuf;
2080 int count, buflen, len, error = 0;
2081
2082 count = 0;
2083 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2084 if ((bif->bif_flags & IFBIF_STP) != 0)
2085 count++;
2086 }
2087
2088 buflen = sizeof(bpreq) * count;
2089 if (bifstp->ifbpstp_len == 0) {
2090 bifstp->ifbpstp_len = buflen;
2091 return (0);
2092 }
2093
2094 outbuf = malloc(buflen, M_TEMP, M_NOWAIT | M_ZERO);
2095 if (outbuf == NULL)
2096 return (ENOMEM);
2097
2098 count = 0;
2099 buf = outbuf;
2100 len = min(bifstp->ifbpstp_len, buflen);
2101 bzero(&bpreq, sizeof(bpreq));
2102 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2103 if (len < sizeof(bpreq))
2104 break;
2105
2106 if ((bif->bif_flags & IFBIF_STP) == 0)
2107 continue;
2108
2109 bp = &bif->bif_stp;
2110 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff;
2111 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions;
2112 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost;
2113 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id;
2114 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id;
2115 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id;
2116
2117 memcpy(buf, &bpreq, sizeof(bpreq));
2118 count++;
2119 buf += sizeof(bpreq);
2120 len -= sizeof(bpreq);
2121 }
2122
2123 bifstp->ifbpstp_len = sizeof(bpreq) * count;
2124 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len);
2125 free(outbuf, M_TEMP);
2126 return (error);
2127 }
2128
2129 static int
bridge_ioctl_sproto(struct bridge_softc * sc,void * arg)2130 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg)
2131 {
2132 struct ifbrparam *param = arg;
2133
2134 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto));
2135 }
2136
2137 static int
bridge_ioctl_stxhc(struct bridge_softc * sc,void * arg)2138 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg)
2139 {
2140 struct ifbrparam *param = arg;
2141
2142 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc));
2143 }
2144
2145 /*
2146 * bridge_ifdetach:
2147 *
2148 * Detach an interface from a bridge. Called when a member
2149 * interface is detaching.
2150 */
2151 static void
bridge_ifdetach(void * arg __unused,struct ifnet * ifp)2152 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
2153 {
2154 struct bridge_iflist *bif = ifp->if_bridge;
2155 struct bridge_softc *sc = NULL;
2156
2157 if (bif)
2158 sc = bif->bif_sc;
2159
2160 if (ifp->if_flags & IFF_RENAMING)
2161 return;
2162 if (V_bridge_cloner == NULL) {
2163 /*
2164 * This detach handler can be called after
2165 * vnet_bridge_uninit(). Just return in that case.
2166 */
2167 return;
2168 }
2169 /* Check if the interface is a bridge member */
2170 if (sc != NULL) {
2171 BRIDGE_LOCK(sc);
2172 bridge_delete_member(sc, bif, 1);
2173 BRIDGE_UNLOCK(sc);
2174 return;
2175 }
2176
2177 /* Check if the interface is a span port */
2178 BRIDGE_LIST_LOCK();
2179 LIST_FOREACH(sc, &V_bridge_list, sc_list) {
2180 BRIDGE_LOCK(sc);
2181 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
2182 if (ifp == bif->bif_ifp) {
2183 bridge_delete_span(sc, bif);
2184 break;
2185 }
2186
2187 BRIDGE_UNLOCK(sc);
2188 }
2189 BRIDGE_LIST_UNLOCK();
2190 }
2191
2192 /*
2193 * bridge_init:
2194 *
2195 * Initialize a bridge interface.
2196 */
2197 static void
bridge_init(void * xsc)2198 bridge_init(void *xsc)
2199 {
2200 struct bridge_softc *sc = (struct bridge_softc *)xsc;
2201 struct ifnet *ifp = sc->sc_ifp;
2202
2203 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2204 return;
2205
2206 BRIDGE_LOCK(sc);
2207 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
2208 bridge_timer, sc);
2209
2210 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2211 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
2212
2213 BRIDGE_UNLOCK(sc);
2214 }
2215
2216 /*
2217 * bridge_stop:
2218 *
2219 * Stop the bridge interface.
2220 */
2221 static void
bridge_stop(struct ifnet * ifp,int disable)2222 bridge_stop(struct ifnet *ifp, int disable)
2223 {
2224 struct bridge_softc *sc = ifp->if_softc;
2225
2226 BRIDGE_LOCK_ASSERT(sc);
2227
2228 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2229 return;
2230
2231 BRIDGE_RT_LOCK(sc);
2232 callout_stop(&sc->sc_brcallout);
2233
2234 bstp_stop(&sc->sc_stp);
2235
2236 bridge_rtflush(sc, IFBF_FLUSHDYN);
2237 BRIDGE_RT_UNLOCK(sc);
2238
2239 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
2240 }
2241
2242 /*
2243 * bridge_enqueue:
2244 *
2245 * Enqueue a packet on a bridge member interface.
2246 *
2247 */
2248 static int
bridge_enqueue(struct bridge_softc * sc,struct ifnet * dst_ifp,struct mbuf * m,struct bridge_iflist * bif)2249 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m,
2250 struct bridge_iflist *bif)
2251 {
2252 int len, err = 0;
2253 short mflags;
2254 struct mbuf *m0;
2255
2256 /*
2257 * Find the bridge member port this packet is being sent on, if the
2258 * caller didn't already provide it.
2259 */
2260 if (bif == NULL)
2261 bif = bridge_lookup_member_if(sc, dst_ifp);
2262 if (bif == NULL) {
2263 /* Perhaps the interface was removed from the bridge */
2264 m_freem(m);
2265 return (EINVAL);
2266 }
2267
2268 /* We may be sending a fragment so traverse the mbuf */
2269 for (; m; m = m0) {
2270 m0 = m->m_nextpkt;
2271 m->m_nextpkt = NULL;
2272 len = m->m_pkthdr.len;
2273 mflags = m->m_flags;
2274
2275 /*
2276 * If VLAN filtering is enabled, and the native VLAN ID of the
2277 * outgoing interface matches the VLAN ID of the frame, remove
2278 * the VLAN header.
2279 */
2280 if ((bif->bif_flags & IFBIF_VLANFILTER) &&
2281 bif->bif_untagged != DOT1Q_VID_NULL &&
2282 VLANTAGOF(m) == bif->bif_untagged) {
2283 m->m_flags &= ~M_VLANTAG;
2284 m->m_pkthdr.ether_vtag = 0;
2285 }
2286
2287 /*
2288 * If underlying interface can not do VLAN tag insertion itself
2289 * then attach a packet tag that holds it.
2290 */
2291 if ((m->m_flags & M_VLANTAG) &&
2292 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
2293 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag);
2294 if (m == NULL) {
2295 if_printf(dst_ifp,
2296 "unable to prepend VLAN header\n");
2297 if_inc_counter(dst_ifp, IFCOUNTER_OERRORS, 1);
2298 continue;
2299 }
2300 m->m_flags &= ~M_VLANTAG;
2301 }
2302
2303 M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */
2304 if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
2305 int n;
2306
2307 for (m = m0, n = 1; m != NULL; m = m0, n++) {
2308 m0 = m->m_nextpkt;
2309 m_freem(m);
2310 }
2311 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, n);
2312 break;
2313 }
2314
2315 if_inc_counter(sc->sc_ifp, IFCOUNTER_OPACKETS, 1);
2316 if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, len);
2317 if (mflags & M_MCAST)
2318 if_inc_counter(sc->sc_ifp, IFCOUNTER_OMCASTS, 1);
2319 }
2320
2321 return (err);
2322 }
2323
2324 /*
2325 * bridge_dummynet:
2326 *
2327 * Receive a queued packet from dummynet and pass it on to the output
2328 * interface.
2329 *
2330 * The mbuf has the Ethernet header already attached.
2331 */
2332 static void
bridge_dummynet(struct mbuf * m,struct ifnet * ifp)2333 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
2334 {
2335 struct bridge_iflist *bif = ifp->if_bridge;
2336 struct bridge_softc *sc = NULL;
2337
2338 if (bif)
2339 sc = bif->bif_sc;
2340
2341 /*
2342 * The packet didnt originate from a member interface. This should only
2343 * ever happen if a member interface is removed while packets are
2344 * queued for it.
2345 */
2346 if (sc == NULL) {
2347 m_freem(m);
2348 return;
2349 }
2350
2351 if (PFIL_HOOKED_OUT_46) {
2352 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
2353 return;
2354 if (m == NULL)
2355 return;
2356 }
2357
2358 bridge_enqueue(sc, ifp, m, NULL);
2359 }
2360
2361 /*
2362 * bridge_output:
2363 *
2364 * Send output from a bridge member interface. This
2365 * performs the bridging function for locally originated
2366 * packets.
2367 *
2368 * The mbuf has the Ethernet header already attached. We must
2369 * enqueue or free the mbuf before returning.
2370 */
2371 static int
bridge_output(struct ifnet * ifp,struct mbuf * m,struct sockaddr * sa,struct rtentry * rt)2372 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
2373 struct rtentry *rt)
2374 {
2375 struct ether_header *eh;
2376 struct bridge_iflist *sbif;
2377 struct ifnet *bifp, *dst_if;
2378 struct bridge_softc *sc;
2379 ether_vlanid_t vlan;
2380
2381 NET_EPOCH_ASSERT();
2382
2383 if (m->m_len < ETHER_HDR_LEN) {
2384 m = m_pullup(m, ETHER_HDR_LEN);
2385 if (m == NULL)
2386 return (0);
2387 }
2388
2389 sbif = ifp->if_bridge;
2390 sc = sbif->bif_sc;
2391 bifp = sc->sc_ifp;
2392
2393 eh = mtod(m, struct ether_header *);
2394 vlan = VLANTAGOF(m);
2395
2396 /*
2397 * If bridge is down, but the original output interface is up,
2398 * go ahead and send out that interface. Otherwise, the packet
2399 * is dropped below.
2400 */
2401 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2402 dst_if = ifp;
2403 goto sendunicast;
2404 }
2405
2406 /*
2407 * If the packet is a multicast, or we don't know a better way to
2408 * get there, send to all interfaces.
2409 */
2410 if (ETHER_IS_MULTICAST(eh->ether_dhost))
2411 dst_if = NULL;
2412 else
2413 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan);
2414 /* Tap any traffic not passing back out the originating interface */
2415 if (dst_if != ifp)
2416 ETHER_BPF_MTAP(bifp, m);
2417 if (dst_if == NULL) {
2418 struct bridge_iflist *bif;
2419 struct mbuf *mc;
2420 int used = 0;
2421
2422 bridge_span(sc, m);
2423
2424 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2425 dst_if = bif->bif_ifp;
2426
2427 if (dst_if->if_type == IFT_GIF)
2428 continue;
2429 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2430 continue;
2431
2432 /*
2433 * If this is not the original output interface,
2434 * and the interface is participating in spanning
2435 * tree, make sure the port is in a state that
2436 * allows forwarding.
2437 */
2438 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) &&
2439 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2440 continue;
2441
2442 if (CK_LIST_NEXT(bif, bif_next) == NULL) {
2443 used = 1;
2444 mc = m;
2445 } else {
2446 mc = m_dup(m, M_NOWAIT);
2447 if (mc == NULL) {
2448 if_inc_counter(bifp, IFCOUNTER_OERRORS, 1);
2449 continue;
2450 }
2451 }
2452
2453 bridge_enqueue(sc, dst_if, mc, bif);
2454 }
2455 if (used == 0)
2456 m_freem(m);
2457 return (0);
2458 }
2459
2460 sendunicast:
2461 /*
2462 * XXX Spanning tree consideration here?
2463 */
2464
2465 bridge_span(sc, m);
2466 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2467 m_freem(m);
2468 return (0);
2469 }
2470
2471 bridge_enqueue(sc, dst_if, m, NULL);
2472 return (0);
2473 }
2474
2475 /*
2476 * bridge_transmit:
2477 *
2478 * Do output on a bridge.
2479 *
2480 */
2481 static int
bridge_transmit(struct ifnet * ifp,struct mbuf * m)2482 bridge_transmit(struct ifnet *ifp, struct mbuf *m)
2483 {
2484 struct bridge_softc *sc;
2485 struct ether_header *eh;
2486 struct ifnet *dst_if;
2487 int error = 0;
2488 ether_vlanid_t vlan;
2489
2490 sc = ifp->if_softc;
2491
2492 ETHER_BPF_MTAP(ifp, m);
2493
2494 eh = mtod(m, struct ether_header *);
2495 vlan = VLANTAGOF(m);
2496
2497 if (((m->m_flags & (M_BCAST|M_MCAST)) == 0) &&
2498 (dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan)) != NULL) {
2499 error = bridge_enqueue(sc, dst_if, m, NULL);
2500 } else
2501 bridge_broadcast(sc, ifp, m, 0);
2502
2503 return (error);
2504 }
2505
2506 #ifdef ALTQ
2507 static void
bridge_altq_start(if_t ifp)2508 bridge_altq_start(if_t ifp)
2509 {
2510 struct ifaltq *ifq = &ifp->if_snd;
2511 struct mbuf *m;
2512
2513 IFQ_LOCK(ifq);
2514 IFQ_DEQUEUE_NOLOCK(ifq, m);
2515 while (m != NULL) {
2516 bridge_transmit(ifp, m);
2517 IFQ_DEQUEUE_NOLOCK(ifq, m);
2518 }
2519 IFQ_UNLOCK(ifq);
2520 }
2521
2522 static int
bridge_altq_transmit(if_t ifp,struct mbuf * m)2523 bridge_altq_transmit(if_t ifp, struct mbuf *m)
2524 {
2525 int err;
2526
2527 if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
2528 IFQ_ENQUEUE(&ifp->if_snd, m, err);
2529 if (err == 0)
2530 bridge_altq_start(ifp);
2531 } else
2532 err = bridge_transmit(ifp, m);
2533
2534 return (err);
2535 }
2536 #endif /* ALTQ */
2537
2538 /*
2539 * The ifp->if_qflush entry point for if_bridge(4) is no-op.
2540 */
2541 static void
bridge_qflush(struct ifnet * ifp __unused)2542 bridge_qflush(struct ifnet *ifp __unused)
2543 {
2544 }
2545
2546 /*
2547 * bridge_forward:
2548 *
2549 * The forwarding function of the bridge.
2550 *
2551 * NOTE: Releases the lock on return.
2552 */
2553 static void
bridge_forward(struct bridge_softc * sc,struct bridge_iflist * sbif,struct mbuf * m)2554 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif,
2555 struct mbuf *m)
2556 {
2557 struct bridge_iflist *dbif;
2558 struct ifnet *src_if, *dst_if, *ifp;
2559 struct ether_header *eh;
2560 uint8_t *dst;
2561 int error;
2562 ether_vlanid_t vlan;
2563
2564 NET_EPOCH_ASSERT();
2565
2566 src_if = m->m_pkthdr.rcvif;
2567 ifp = sc->sc_ifp;
2568 vlan = VLANTAGOF(m);
2569
2570 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
2571 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2572
2573 if ((sbif->bif_flags & IFBIF_STP) &&
2574 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2575 goto drop;
2576
2577 eh = mtod(m, struct ether_header *);
2578 dst = eh->ether_dhost;
2579
2580 /* If the interface is learning, record the address. */
2581 if (sbif->bif_flags & IFBIF_LEARNING) {
2582 error = bridge_rtupdate(sc, eh->ether_shost, vlan,
2583 sbif, 0, IFBAF_DYNAMIC);
2584 /*
2585 * If the interface has addresses limits then deny any source
2586 * that is not in the cache.
2587 */
2588 if (error && sbif->bif_addrmax)
2589 goto drop;
2590 }
2591
2592 if ((sbif->bif_flags & IFBIF_STP) != 0 &&
2593 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING)
2594 goto drop;
2595
2596 #ifdef DEV_NETMAP
2597 /*
2598 * Hand the packet to netmap only if it wasn't injected by netmap
2599 * itself.
2600 */
2601 if ((m->m_flags & M_BRIDGE_INJECT) == 0 &&
2602 (if_getcapenable(ifp) & IFCAP_NETMAP) != 0) {
2603 ifp->if_input(ifp, m);
2604 return;
2605 }
2606 m->m_flags &= ~M_BRIDGE_INJECT;
2607 #endif
2608
2609 /*
2610 * At this point, the port either doesn't participate
2611 * in spanning tree or it is in the forwarding state.
2612 */
2613
2614 /*
2615 * If the packet is unicast, destined for someone on
2616 * "this" side of the bridge, drop it.
2617 */
2618 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
2619 dst_if = bridge_rtlookup(sc, dst, vlan);
2620 if (src_if == dst_if)
2621 goto drop;
2622 } else {
2623 /*
2624 * Check if its a reserved multicast address, any address
2625 * listed in 802.1D section 7.12.6 may not be forwarded by the
2626 * bridge.
2627 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F
2628 */
2629 if (dst[0] == 0x01 && dst[1] == 0x80 &&
2630 dst[2] == 0xc2 && dst[3] == 0x00 &&
2631 dst[4] == 0x00 && dst[5] <= 0x0f)
2632 goto drop;
2633
2634 /* ...forward it to all interfaces. */
2635 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
2636 dst_if = NULL;
2637 }
2638
2639 /*
2640 * If we have a destination interface which is a member of our bridge,
2641 * OR this is a unicast packet, push it through the bpf(4) machinery.
2642 * For broadcast or multicast packets, don't bother because it will
2643 * be reinjected into ether_input. We do this before we pass the packets
2644 * through the pfil(9) framework, as it is possible that pfil(9) will
2645 * drop the packet, or possibly modify it, making it difficult to debug
2646 * firewall issues on the bridge.
2647 */
2648 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
2649 ETHER_BPF_MTAP(ifp, m);
2650
2651 /* run the packet filter */
2652 if (PFIL_HOOKED_IN_46) {
2653 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
2654 return;
2655 if (m == NULL)
2656 return;
2657 }
2658
2659 if (dst_if == NULL) {
2660 bridge_broadcast(sc, src_if, m, 1);
2661 return;
2662 }
2663
2664 /*
2665 * At this point, we're dealing with a unicast frame
2666 * going to a different interface.
2667 */
2668 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2669 goto drop;
2670
2671 dbif = bridge_lookup_member_if(sc, dst_if);
2672 if (dbif == NULL)
2673 /* Not a member of the bridge (anymore?) */
2674 goto drop;
2675
2676 /* Private segments can not talk to each other */
2677 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)
2678 goto drop;
2679
2680 /* Do VLAN filtering. */
2681 if (!bridge_vfilter_out(dbif, m))
2682 goto drop;
2683
2684 if ((dbif->bif_flags & IFBIF_STP) &&
2685 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2686 goto drop;
2687
2688 if (PFIL_HOOKED_OUT_46) {
2689 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0)
2690 return;
2691 if (m == NULL)
2692 return;
2693 }
2694
2695 bridge_enqueue(sc, dst_if, m, dbif);
2696 return;
2697
2698 drop:
2699 m_freem(m);
2700 }
2701
2702 /*
2703 * bridge_input:
2704 *
2705 * Receive input from a member interface. Queue the packet for
2706 * bridging if it is not for us.
2707 */
2708 static struct mbuf *
bridge_input(struct ifnet * ifp,struct mbuf * m)2709 bridge_input(struct ifnet *ifp, struct mbuf *m)
2710 {
2711 struct bridge_softc *sc = NULL;
2712 struct bridge_iflist *bif, *bif2;
2713 struct ifnet *bifp;
2714 struct ether_header *eh;
2715 struct mbuf *mc, *mc2;
2716 ether_vlanid_t vlan;
2717 int error;
2718
2719 NET_EPOCH_ASSERT();
2720
2721 eh = mtod(m, struct ether_header *);
2722 vlan = VLANTAGOF(m);
2723
2724 bif = ifp->if_bridge;
2725 if (bif)
2726 sc = bif->bif_sc;
2727
2728 if (sc == NULL) {
2729 /*
2730 * This packet originated from the bridge itself, so it must
2731 * have been transmitted by netmap. Derive the "source"
2732 * interface from the source address and drop the packet if the
2733 * source address isn't known.
2734 */
2735 KASSERT((m->m_flags & M_BRIDGE_INJECT) != 0,
2736 ("%s: ifnet %p missing a bridge softc", __func__, ifp));
2737 sc = if_getsoftc(ifp);
2738 ifp = bridge_rtlookup(sc, eh->ether_shost, vlan);
2739 if (ifp == NULL) {
2740 if_inc_counter(sc->sc_ifp, IFCOUNTER_IERRORS, 1);
2741 m_freem(m);
2742 return (NULL);
2743 }
2744 m->m_pkthdr.rcvif = ifp;
2745 }
2746 bifp = sc->sc_ifp;
2747 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2748 return (m);
2749
2750 /*
2751 * Implement support for bridge monitoring. If this flag has been
2752 * set on this interface, discard the packet once we push it through
2753 * the bpf(4) machinery, but before we do, increment the byte and
2754 * packet counters associated with this interface.
2755 */
2756 if ((bifp->if_flags & IFF_MONITOR) != 0) {
2757 m->m_pkthdr.rcvif = bifp;
2758 ETHER_BPF_MTAP(bifp, m);
2759 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1);
2760 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
2761 m_freem(m);
2762 return (NULL);
2763 }
2764
2765 /* Do VLAN filtering. */
2766 if (!bridge_vfilter_in(bif, m)) {
2767 if_inc_counter(sc->sc_ifp, IFCOUNTER_IERRORS, 1);
2768 m_freem(m);
2769 return (NULL);
2770 }
2771 /* bridge_vfilter_in() may add a tag */
2772 vlan = VLANTAGOF(m);
2773
2774 bridge_span(sc, m);
2775
2776 if (m->m_flags & (M_BCAST|M_MCAST)) {
2777 /* Tap off 802.1D packets; they do not get forwarded. */
2778 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2779 ETHER_ADDR_LEN) == 0) {
2780 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */
2781 return (NULL);
2782 }
2783
2784 if ((bif->bif_flags & IFBIF_STP) &&
2785 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2786 return (m);
2787 }
2788
2789 /*
2790 * Make a deep copy of the packet and enqueue the copy
2791 * for bridge processing; return the original packet for
2792 * local processing.
2793 */
2794 mc = m_dup(m, M_NOWAIT);
2795 if (mc == NULL) {
2796 return (m);
2797 }
2798
2799 /* Perform the bridge forwarding function with the copy. */
2800 bridge_forward(sc, bif, mc);
2801
2802 #ifdef DEV_NETMAP
2803 /*
2804 * If netmap is enabled and has not already seen this packet,
2805 * then it will be consumed by bridge_forward().
2806 */
2807 if ((if_getcapenable(bifp) & IFCAP_NETMAP) != 0 &&
2808 (m->m_flags & M_BRIDGE_INJECT) == 0) {
2809 m_freem(m);
2810 return (NULL);
2811 }
2812 #endif
2813
2814 /*
2815 * Reinject the mbuf as arriving on the bridge so we have a
2816 * chance at claiming multicast packets. We can not loop back
2817 * here from ether_input as a bridge is never a member of a
2818 * bridge.
2819 */
2820 KASSERT(bifp->if_bridge == NULL,
2821 ("loop created in bridge_input"));
2822 mc2 = m_dup(m, M_NOWAIT);
2823 if (mc2 != NULL) {
2824 /* Keep the layer3 header aligned */
2825 int i = min(mc2->m_pkthdr.len, max_protohdr);
2826 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2827 }
2828 if (mc2 != NULL) {
2829 mc2->m_pkthdr.rcvif = bifp;
2830 mc2->m_flags &= ~M_BRIDGE_INJECT;
2831 sc->sc_if_input(bifp, mc2);
2832 }
2833
2834 /* Return the original packet for local processing. */
2835 return (m);
2836 }
2837
2838 if ((bif->bif_flags & IFBIF_STP) &&
2839 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2840 return (m);
2841 }
2842
2843 #if defined(INET) || defined(INET6)
2844 #define CARP_CHECK_WE_ARE_DST(iface) \
2845 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_dhost))
2846 #define CARP_CHECK_WE_ARE_SRC(iface) \
2847 ((iface)->if_carp && (*carp_forus_p)((iface), eh->ether_shost))
2848 #else
2849 #define CARP_CHECK_WE_ARE_DST(iface) false
2850 #define CARP_CHECK_WE_ARE_SRC(iface) false
2851 #endif
2852
2853 #ifdef DEV_NETMAP
2854 #define GRAB_FOR_NETMAP(ifp, m) do { \
2855 if ((if_getcapenable(ifp) & IFCAP_NETMAP) != 0 && \
2856 ((m)->m_flags & M_BRIDGE_INJECT) == 0) { \
2857 (ifp)->if_input(ifp, m); \
2858 return (NULL); \
2859 } \
2860 } while (0)
2861 #else
2862 #define GRAB_FOR_NETMAP(ifp, m)
2863 #endif
2864
2865 #define GRAB_OUR_PACKETS(iface) \
2866 if ((iface)->if_type == IFT_GIF) \
2867 continue; \
2868 /* It is destined for us. */ \
2869 if (memcmp(IF_LLADDR(iface), eh->ether_dhost, ETHER_ADDR_LEN) == 0 || \
2870 CARP_CHECK_WE_ARE_DST(iface)) { \
2871 if (bif->bif_flags & IFBIF_LEARNING) { \
2872 error = bridge_rtupdate(sc, eh->ether_shost, \
2873 vlan, bif, 0, IFBAF_DYNAMIC); \
2874 if (error && bif->bif_addrmax) { \
2875 m_freem(m); \
2876 return (NULL); \
2877 } \
2878 } \
2879 m->m_pkthdr.rcvif = iface; \
2880 if ((iface) == ifp) { \
2881 /* Skip bridge processing... src == dest */ \
2882 return (m); \
2883 } \
2884 /* It's passing over or to the bridge, locally. */ \
2885 ETHER_BPF_MTAP(bifp, m); \
2886 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); \
2887 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);\
2888 /* Hand the packet over to netmap if necessary. */ \
2889 GRAB_FOR_NETMAP(bifp, m); \
2890 /* Filter on the physical interface. */ \
2891 if (V_pfil_local_phys && PFIL_HOOKED_IN_46) { \
2892 if (bridge_pfil(&m, NULL, ifp, \
2893 PFIL_IN) != 0 || m == NULL) { \
2894 return (NULL); \
2895 } \
2896 } \
2897 if ((iface) != bifp) \
2898 ETHER_BPF_MTAP(iface, m); \
2899 /* Pass tagged packets to if_vlan, if it's loaded */ \
2900 if (VLANTAGOF(m) != 0) { \
2901 if (bifp->if_vlantrunk == NULL) { \
2902 m_freem(m); \
2903 return (NULL); \
2904 } \
2905 (*vlan_input_p)(bifp, m); \
2906 return (NULL); \
2907 } \
2908 return (m); \
2909 } \
2910 \
2911 /* We just received a packet that we sent out. */ \
2912 if (memcmp(IF_LLADDR(iface), eh->ether_shost, ETHER_ADDR_LEN) == 0 || \
2913 CARP_CHECK_WE_ARE_SRC(iface)) { \
2914 m_freem(m); \
2915 return (NULL); \
2916 }
2917
2918 /*
2919 * Unicast. Make sure it's not for the bridge.
2920 */
2921 do { GRAB_OUR_PACKETS(bifp) } while (0);
2922
2923 /*
2924 * Check the interface the packet arrived on. For tagged frames,
2925 * we need to do this even if member_ifaddrs is disabled because
2926 * vlan(4) might need to handle the traffic.
2927 */
2928 if (V_member_ifaddrs || (vlan && ifp->if_vlantrunk))
2929 do { GRAB_OUR_PACKETS(ifp) } while (0);
2930
2931 /*
2932 * We only need to check other members interface if member_ifaddrs
2933 * is enabled; otherwise we should have never traffic destined for
2934 * a member's lladdr.
2935 */
2936 if (V_member_ifaddrs) {
2937 CK_LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) {
2938 GRAB_OUR_PACKETS(bif2->bif_ifp)
2939 }
2940 }
2941
2942 #undef CARP_CHECK_WE_ARE_DST
2943 #undef CARP_CHECK_WE_ARE_SRC
2944 #undef GRAB_FOR_NETMAP
2945 #undef GRAB_OUR_PACKETS
2946
2947 /* Perform the bridge forwarding function. */
2948 bridge_forward(sc, bif, m);
2949
2950 return (NULL);
2951 }
2952
2953 /*
2954 * Inject a packet back into the host ethernet stack. This will generally only
2955 * be used by netmap when an application writes to the host TX ring. The
2956 * M_BRIDGE_INJECT flag ensures that the packet is re-routed to the bridge
2957 * interface after ethernet processing.
2958 */
2959 static void
bridge_inject(struct ifnet * ifp,struct mbuf * m)2960 bridge_inject(struct ifnet *ifp, struct mbuf *m)
2961 {
2962 struct bridge_softc *sc;
2963
2964 if (ifp->if_type == IFT_L2VLAN) {
2965 /*
2966 * vlan(4) gives us the vlan ifnet, so we need to get the
2967 * bridge softc to get a pointer to ether_input to send the
2968 * packet to.
2969 */
2970 struct ifnet *bifp = NULL;
2971
2972 if (vlan_trunkdev_p == NULL) {
2973 m_freem(m);
2974 return;
2975 }
2976
2977 bifp = vlan_trunkdev_p(ifp);
2978 if (bifp == NULL) {
2979 m_freem(m);
2980 return;
2981 }
2982
2983 sc = if_getsoftc(bifp);
2984 sc->sc_if_input(ifp, m);
2985 return;
2986 }
2987
2988 KASSERT((if_getcapenable(ifp) & IFCAP_NETMAP) != 0,
2989 ("%s: iface %s is not running in netmap mode",
2990 __func__, if_name(ifp)));
2991 KASSERT((m->m_flags & M_BRIDGE_INJECT) == 0,
2992 ("%s: mbuf %p has M_BRIDGE_INJECT set", __func__, m));
2993
2994 m->m_flags |= M_BRIDGE_INJECT;
2995 sc = if_getsoftc(ifp);
2996 sc->sc_if_input(ifp, m);
2997 }
2998
2999 /*
3000 * bridge_broadcast:
3001 *
3002 * Send a frame to all interfaces that are members of
3003 * the bridge, except for the one on which the packet
3004 * arrived.
3005 *
3006 * NOTE: Releases the lock on return.
3007 */
3008 static void
bridge_broadcast(struct bridge_softc * sc,struct ifnet * src_if,struct mbuf * m,int runfilt)3009 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
3010 struct mbuf *m, int runfilt)
3011 {
3012 struct bridge_iflist *dbif, *sbif;
3013 struct mbuf *mc;
3014 struct ifnet *dst_if;
3015 int used = 0, i;
3016
3017 NET_EPOCH_ASSERT();
3018
3019 sbif = bridge_lookup_member_if(sc, src_if);
3020
3021 /* Filter on the bridge interface before broadcasting */
3022 if (runfilt && PFIL_HOOKED_OUT_46) {
3023 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
3024 return;
3025 if (m == NULL)
3026 return;
3027 }
3028
3029 CK_LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) {
3030 dst_if = dbif->bif_ifp;
3031 if (dst_if == src_if)
3032 continue;
3033
3034 /* Private segments can not talk to each other */
3035 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE))
3036 continue;
3037
3038 /* Do VLAN filtering. */
3039 if (!bridge_vfilter_out(dbif, m))
3040 continue;
3041
3042 if ((dbif->bif_flags & IFBIF_STP) &&
3043 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
3044 continue;
3045
3046 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 &&
3047 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
3048 continue;
3049
3050 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
3051 continue;
3052
3053 if (CK_LIST_NEXT(dbif, bif_next) == NULL) {
3054 mc = m;
3055 used = 1;
3056 } else {
3057 mc = m_dup(m, M_NOWAIT);
3058 if (mc == NULL) {
3059 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3060 continue;
3061 }
3062 }
3063
3064 /*
3065 * Filter on the output interface. Pass a NULL bridge interface
3066 * pointer so we do not redundantly filter on the bridge for
3067 * each interface we broadcast on.
3068 */
3069 if (runfilt && PFIL_HOOKED_OUT_46) {
3070 if (used == 0) {
3071 /* Keep the layer3 header aligned */
3072 i = min(mc->m_pkthdr.len, max_protohdr);
3073 mc = m_copyup(mc, i, ETHER_ALIGN);
3074 if (mc == NULL) {
3075 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3076 continue;
3077 }
3078 }
3079 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
3080 continue;
3081 if (mc == NULL)
3082 continue;
3083 }
3084
3085 bridge_enqueue(sc, dst_if, mc, dbif);
3086 }
3087 if (used == 0)
3088 m_freem(m);
3089 }
3090
3091 /*
3092 * bridge_span:
3093 *
3094 * Duplicate a packet out one or more interfaces that are in span mode,
3095 * the original mbuf is unmodified.
3096 */
3097 static void
bridge_span(struct bridge_softc * sc,struct mbuf * m)3098 bridge_span(struct bridge_softc *sc, struct mbuf *m)
3099 {
3100 struct bridge_iflist *bif;
3101 struct ifnet *dst_if;
3102 struct mbuf *mc;
3103
3104 NET_EPOCH_ASSERT();
3105
3106 if (CK_LIST_EMPTY(&sc->sc_spanlist))
3107 return;
3108
3109 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
3110 dst_if = bif->bif_ifp;
3111
3112 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
3113 continue;
3114
3115 mc = m_dup(m, M_NOWAIT);
3116 if (mc == NULL) {
3117 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3118 continue;
3119 }
3120
3121 bridge_enqueue(sc, dst_if, mc, bif);
3122 }
3123 }
3124
3125 /*
3126 * Incoming VLAN filtering. Given a frame and the member interface it was
3127 * received on, decide whether the port configuration allows it.
3128 */
3129 static bool
bridge_vfilter_in(const struct bridge_iflist * sbif,struct mbuf * m)3130 bridge_vfilter_in(const struct bridge_iflist *sbif, struct mbuf *m)
3131 {
3132 ether_vlanid_t vlan;
3133
3134 vlan = VLANTAGOF(m);
3135 /* Make sure the vlan id is reasonable. */
3136 if (vlan > DOT1Q_VID_MAX)
3137 return (false);
3138
3139 /* If VLAN filtering isn't enabled, pass everything. */
3140 if ((sbif->bif_flags & IFBIF_VLANFILTER) == 0)
3141 return (true);
3142
3143 if (vlan == DOT1Q_VID_NULL) {
3144 /*
3145 * The frame doesn't have a tag. If the interface does not
3146 * have an untagged vlan configured, drop the frame.
3147 */
3148 if (sbif->bif_untagged == DOT1Q_VID_NULL)
3149 return (false);
3150
3151 /*
3152 * Otherwise, insert a new tag based on the interface's
3153 * untagged vlan id.
3154 */
3155 m->m_pkthdr.ether_vtag = sbif->bif_untagged;
3156 m->m_flags |= M_VLANTAG;
3157 } else {
3158 /*
3159 * The frame has a tag, so check it matches the interface's
3160 * vlan access list. We explicitly do not accept tagged
3161 * frames for the untagged vlan id here (unless it's also
3162 * in the access list).
3163 */
3164 if (!BRVLAN_TEST(&sbif->bif_vlan_set, vlan))
3165 return (false);
3166 }
3167
3168 /* Accept the frame. */
3169 return (true);
3170 }
3171
3172 /*
3173 * Outgoing VLAN filtering. Given a frame, its vlan, and the member interface
3174 * we intend to send it to, decide whether the port configuration allows it to
3175 * be sent.
3176 */
3177 static bool
bridge_vfilter_out(const struct bridge_iflist * dbif,const struct mbuf * m)3178 bridge_vfilter_out(const struct bridge_iflist *dbif, const struct mbuf *m)
3179 {
3180 struct ether_header *eh;
3181 ether_vlanid_t vlan;
3182
3183 NET_EPOCH_ASSERT();
3184
3185 /* If VLAN filtering isn't enabled, pass everything. */
3186 if ((dbif->bif_flags & IFBIF_VLANFILTER) == 0)
3187 return (true);
3188
3189 vlan = VLANTAGOF(m);
3190
3191 /*
3192 * Always allow untagged 802.1D STP frames, even if they would
3193 * otherwise be dropped. This is required for STP to work on
3194 * a filtering bridge.
3195 *
3196 * Tagged STP (Cisco PVST+) is a non-standard extension, so
3197 * handle those frames via the normal filtering path.
3198 */
3199 eh = mtod(m, struct ether_header *);
3200 if (vlan == DOT1Q_VID_NULL &&
3201 memcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN) == 0)
3202 return (true);
3203
3204 /*
3205 * If the frame wasn't assigned to a vlan at ingress, drop it.
3206 * We can't forward these frames to filtering ports because we
3207 * don't know what VLAN they're supposed to be in.
3208 */
3209 if (vlan == DOT1Q_VID_NULL)
3210 return (false);
3211
3212 /*
3213 * If the frame's vlan matches the interfaces's untagged vlan,
3214 * allow it.
3215 */
3216 if (vlan == dbif->bif_untagged)
3217 return (true);
3218
3219 /*
3220 * If the frame's vlan is on the interface's tagged access list,
3221 * allow it.
3222 */
3223 if (BRVLAN_TEST(&dbif->bif_vlan_set, vlan))
3224 return (true);
3225
3226 /* The frame was not permitted, so drop it. */
3227 return (false);
3228 }
3229
3230 /*
3231 * bridge_rtupdate:
3232 *
3233 * Add a bridge routing entry.
3234 */
3235 static int
bridge_rtupdate(struct bridge_softc * sc,const uint8_t * dst,ether_vlanid_t vlan,struct bridge_iflist * bif,int setflags,uint8_t flags)3236 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
3237 ether_vlanid_t vlan, struct bridge_iflist *bif,
3238 int setflags, uint8_t flags)
3239 {
3240 struct bridge_rtnode *brt;
3241 struct bridge_iflist *obif;
3242 int error;
3243
3244 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
3245
3246 /* Check the source address is valid and not multicast. */
3247 if (ETHER_IS_MULTICAST(dst) ||
3248 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
3249 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0)
3250 return (EINVAL);
3251
3252 /*
3253 * A route for this destination might already exist. If so,
3254 * update it, otherwise create a new one.
3255 */
3256 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) {
3257 BRIDGE_RT_LOCK(sc);
3258
3259 /* Check again, now that we have the lock. There could have
3260 * been a race and we only want to insert this once. */
3261 if (bridge_rtnode_lookup(sc, dst, vlan) != NULL) {
3262 BRIDGE_RT_UNLOCK(sc);
3263 return (0);
3264 }
3265
3266 if (sc->sc_brtcnt >= sc->sc_brtmax) {
3267 sc->sc_brtexceeded++;
3268 BRIDGE_RT_UNLOCK(sc);
3269 return (ENOSPC);
3270 }
3271 /* Check per interface address limits (if enabled) */
3272 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) {
3273 bif->bif_addrexceeded++;
3274 BRIDGE_RT_UNLOCK(sc);
3275 return (ENOSPC);
3276 }
3277
3278 /*
3279 * Allocate a new bridge forwarding node, and
3280 * initialize the expiration time and Ethernet
3281 * address.
3282 */
3283 brt = uma_zalloc(V_bridge_rtnode_zone, M_NOWAIT | M_ZERO);
3284 if (brt == NULL) {
3285 BRIDGE_RT_UNLOCK(sc);
3286 return (ENOMEM);
3287 }
3288 brt->brt_vnet = curvnet;
3289
3290 if (bif->bif_flags & IFBIF_STICKY)
3291 brt->brt_flags = IFBAF_STICKY;
3292 else
3293 brt->brt_flags = IFBAF_DYNAMIC;
3294
3295 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
3296 brt->brt_vlan = vlan;
3297
3298 brt->brt_dst = bif;
3299 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
3300 uma_zfree(V_bridge_rtnode_zone, brt);
3301 BRIDGE_RT_UNLOCK(sc);
3302 return (error);
3303 }
3304 bif->bif_addrcnt++;
3305
3306 BRIDGE_RT_UNLOCK(sc);
3307 }
3308
3309 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
3310 (obif = brt->brt_dst) != bif) {
3311 MPASS(obif != NULL);
3312
3313 BRIDGE_RT_LOCK(sc);
3314 brt->brt_dst->bif_addrcnt--;
3315 brt->brt_dst = bif;
3316 brt->brt_dst->bif_addrcnt++;
3317 BRIDGE_RT_UNLOCK(sc);
3318
3319 if (V_log_mac_flap &&
3320 ppsratecheck(&V_log_last, &V_log_count, V_log_interval)) {
3321 log(LOG_NOTICE,
3322 "%s: mac address %6D vlan %d moved from %s to %s\n",
3323 sc->sc_ifp->if_xname,
3324 &brt->brt_addr[0], ":",
3325 brt->brt_vlan,
3326 obif->bif_ifp->if_xname,
3327 bif->bif_ifp->if_xname);
3328 }
3329 }
3330
3331 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3332 brt->brt_expire = time_uptime + sc->sc_brttimeout;
3333 if (setflags)
3334 brt->brt_flags = flags;
3335
3336 return (0);
3337 }
3338
3339 /*
3340 * bridge_rtlookup:
3341 *
3342 * Lookup the destination interface for an address.
3343 */
3344 static struct ifnet *
bridge_rtlookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3345 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr,
3346 ether_vlanid_t vlan)
3347 {
3348 struct bridge_rtnode *brt;
3349
3350 NET_EPOCH_ASSERT();
3351
3352 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL)
3353 return (NULL);
3354
3355 return (brt->brt_ifp);
3356 }
3357
3358 /*
3359 * bridge_rttrim:
3360 *
3361 * Trim the routine table so that we have a number
3362 * of routing entries less than or equal to the
3363 * maximum number.
3364 */
3365 static void
bridge_rttrim(struct bridge_softc * sc)3366 bridge_rttrim(struct bridge_softc *sc)
3367 {
3368 struct bridge_rtnode *brt, *nbrt;
3369
3370 NET_EPOCH_ASSERT();
3371 BRIDGE_RT_LOCK_ASSERT(sc);
3372
3373 /* Make sure we actually need to do this. */
3374 if (sc->sc_brtcnt <= sc->sc_brtmax)
3375 return;
3376
3377 /* Force an aging cycle; this might trim enough addresses. */
3378 bridge_rtage(sc);
3379 if (sc->sc_brtcnt <= sc->sc_brtmax)
3380 return;
3381
3382 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3383 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3384 bridge_rtnode_destroy(sc, brt);
3385 if (sc->sc_brtcnt <= sc->sc_brtmax)
3386 return;
3387 }
3388 }
3389 }
3390
3391 /*
3392 * bridge_timer:
3393 *
3394 * Aging timer for the bridge.
3395 */
3396 static void
bridge_timer(void * arg)3397 bridge_timer(void *arg)
3398 {
3399 struct bridge_softc *sc = arg;
3400
3401 BRIDGE_RT_LOCK_ASSERT(sc);
3402
3403 /* Destruction of rtnodes requires a proper vnet context */
3404 CURVNET_SET(sc->sc_ifp->if_vnet);
3405 bridge_rtage(sc);
3406
3407 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
3408 callout_reset(&sc->sc_brcallout,
3409 bridge_rtable_prune_period * hz, bridge_timer, sc);
3410 CURVNET_RESTORE();
3411 }
3412
3413 /*
3414 * bridge_rtage:
3415 *
3416 * Perform an aging cycle.
3417 */
3418 static void
bridge_rtage(struct bridge_softc * sc)3419 bridge_rtage(struct bridge_softc *sc)
3420 {
3421 struct bridge_rtnode *brt, *nbrt;
3422
3423 BRIDGE_RT_LOCK_ASSERT(sc);
3424
3425 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3426 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
3427 if (time_uptime >= brt->brt_expire)
3428 bridge_rtnode_destroy(sc, brt);
3429 }
3430 }
3431 }
3432
3433 /*
3434 * bridge_rtflush:
3435 *
3436 * Remove all dynamic addresses from the bridge.
3437 */
3438 static void
bridge_rtflush(struct bridge_softc * sc,int full)3439 bridge_rtflush(struct bridge_softc *sc, int full)
3440 {
3441 struct bridge_rtnode *brt, *nbrt;
3442
3443 BRIDGE_RT_LOCK_ASSERT(sc);
3444
3445 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3446 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3447 bridge_rtnode_destroy(sc, brt);
3448 }
3449 }
3450
3451 /*
3452 * bridge_rtdaddr:
3453 *
3454 * Remove an address from the table.
3455 */
3456 static int
bridge_rtdaddr(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3457 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr,
3458 ether_vlanid_t vlan)
3459 {
3460 struct bridge_rtnode *brt;
3461 int found = 0;
3462
3463 BRIDGE_RT_LOCK(sc);
3464
3465 /*
3466 * If vlan is DOT1Q_VID_RSVD_IMPL then we want to delete for all vlans
3467 * so the lookup may return more than one.
3468 */
3469 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) {
3470 bridge_rtnode_destroy(sc, brt);
3471 found = 1;
3472 }
3473
3474 BRIDGE_RT_UNLOCK(sc);
3475
3476 return (found ? 0 : ENOENT);
3477 }
3478
3479 /*
3480 * bridge_rtdelete:
3481 *
3482 * Delete routes to a speicifc member interface.
3483 */
3484 static void
bridge_rtdelete(struct bridge_softc * sc,struct ifnet * ifp,int full)3485 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
3486 {
3487 struct bridge_rtnode *brt, *nbrt;
3488
3489 BRIDGE_RT_LOCK_ASSERT(sc);
3490
3491 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
3492 if (brt->brt_ifp == ifp && (full ||
3493 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
3494 bridge_rtnode_destroy(sc, brt);
3495 }
3496 }
3497
3498 /*
3499 * bridge_rtable_init:
3500 *
3501 * Initialize the route table for this bridge.
3502 */
3503 static void
bridge_rtable_init(struct bridge_softc * sc)3504 bridge_rtable_init(struct bridge_softc *sc)
3505 {
3506 int i;
3507
3508 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
3509 M_DEVBUF, M_WAITOK);
3510
3511 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
3512 CK_LIST_INIT(&sc->sc_rthash[i]);
3513
3514 sc->sc_rthash_key = arc4random();
3515 CK_LIST_INIT(&sc->sc_rtlist);
3516 }
3517
3518 /*
3519 * bridge_rtable_fini:
3520 *
3521 * Deconstruct the route table for this bridge.
3522 */
3523 static void
bridge_rtable_fini(struct bridge_softc * sc)3524 bridge_rtable_fini(struct bridge_softc *sc)
3525 {
3526
3527 KASSERT(sc->sc_brtcnt == 0,
3528 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt));
3529 free(sc->sc_rthash, M_DEVBUF);
3530 }
3531
3532 /*
3533 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
3534 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
3535 */
3536 #define mix(a, b, c) \
3537 do { \
3538 a -= b; a -= c; a ^= (c >> 13); \
3539 b -= c; b -= a; b ^= (a << 8); \
3540 c -= a; c -= b; c ^= (b >> 13); \
3541 a -= b; a -= c; a ^= (c >> 12); \
3542 b -= c; b -= a; b ^= (a << 16); \
3543 c -= a; c -= b; c ^= (b >> 5); \
3544 a -= b; a -= c; a ^= (c >> 3); \
3545 b -= c; b -= a; b ^= (a << 10); \
3546 c -= a; c -= b; c ^= (b >> 15); \
3547 } while (/*CONSTCOND*/0)
3548
3549 static __inline uint32_t
bridge_rthash(struct bridge_softc * sc,const uint8_t * addr)3550 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
3551 {
3552 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
3553
3554 b += addr[5] << 8;
3555 b += addr[4];
3556 a += addr[3] << 24;
3557 a += addr[2] << 16;
3558 a += addr[1] << 8;
3559 a += addr[0];
3560
3561 mix(a, b, c);
3562
3563 return (c & BRIDGE_RTHASH_MASK);
3564 }
3565
3566 #undef mix
3567
3568 static int
bridge_rtnode_addr_cmp(const uint8_t * a,const uint8_t * b)3569 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
3570 {
3571 int i, d;
3572
3573 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
3574 d = ((int)a[i]) - ((int)b[i]);
3575 }
3576
3577 return (d);
3578 }
3579
3580 /*
3581 * bridge_rtnode_lookup:
3582 *
3583 * Look up a bridge route node for the specified destination. Compare the
3584 * vlan id or if zero then just return the first match.
3585 */
3586 static struct bridge_rtnode *
bridge_rtnode_lookup(struct bridge_softc * sc,const uint8_t * addr,ether_vlanid_t vlan)3587 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr,
3588 ether_vlanid_t vlan)
3589 {
3590 struct bridge_rtnode *brt;
3591 uint32_t hash;
3592 int dir;
3593
3594 BRIDGE_RT_LOCK_OR_NET_EPOCH_ASSERT(sc);
3595
3596 hash = bridge_rthash(sc, addr);
3597 CK_LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
3598 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
3599 if (dir == 0 && (brt->brt_vlan == vlan || vlan == DOT1Q_VID_RSVD_IMPL))
3600 return (brt);
3601 if (dir > 0)
3602 return (NULL);
3603 }
3604
3605 return (NULL);
3606 }
3607
3608 /*
3609 * bridge_rtnode_insert:
3610 *
3611 * Insert the specified bridge node into the route table. We
3612 * assume the entry is not already in the table.
3613 */
3614 static int
bridge_rtnode_insert(struct bridge_softc * sc,struct bridge_rtnode * brt)3615 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
3616 {
3617 struct bridge_rtnode *lbrt;
3618 uint32_t hash;
3619 int dir;
3620
3621 BRIDGE_RT_LOCK_ASSERT(sc);
3622
3623 hash = bridge_rthash(sc, brt->brt_addr);
3624
3625 lbrt = CK_LIST_FIRST(&sc->sc_rthash[hash]);
3626 if (lbrt == NULL) {
3627 CK_LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
3628 goto out;
3629 }
3630
3631 do {
3632 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
3633 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan)
3634 return (EEXIST);
3635 if (dir > 0) {
3636 CK_LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
3637 goto out;
3638 }
3639 if (CK_LIST_NEXT(lbrt, brt_hash) == NULL) {
3640 CK_LIST_INSERT_AFTER(lbrt, brt, brt_hash);
3641 goto out;
3642 }
3643 lbrt = CK_LIST_NEXT(lbrt, brt_hash);
3644 } while (lbrt != NULL);
3645
3646 #ifdef DIAGNOSTIC
3647 panic("bridge_rtnode_insert: impossible");
3648 #endif
3649
3650 out:
3651 CK_LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
3652 sc->sc_brtcnt++;
3653
3654 return (0);
3655 }
3656
3657 static void
bridge_rtnode_destroy_cb(struct epoch_context * ctx)3658 bridge_rtnode_destroy_cb(struct epoch_context *ctx)
3659 {
3660 struct bridge_rtnode *brt;
3661
3662 brt = __containerof(ctx, struct bridge_rtnode, brt_epoch_ctx);
3663
3664 CURVNET_SET(brt->brt_vnet);
3665 uma_zfree(V_bridge_rtnode_zone, brt);
3666 CURVNET_RESTORE();
3667 }
3668
3669 /*
3670 * bridge_rtnode_destroy:
3671 *
3672 * Destroy a bridge rtnode.
3673 */
3674 static void
bridge_rtnode_destroy(struct bridge_softc * sc,struct bridge_rtnode * brt)3675 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
3676 {
3677 BRIDGE_RT_LOCK_ASSERT(sc);
3678
3679 CK_LIST_REMOVE(brt, brt_hash);
3680
3681 CK_LIST_REMOVE(brt, brt_list);
3682 sc->sc_brtcnt--;
3683 brt->brt_dst->bif_addrcnt--;
3684
3685 NET_EPOCH_CALL(bridge_rtnode_destroy_cb, &brt->brt_epoch_ctx);
3686 }
3687
3688 /*
3689 * bridge_rtable_expire:
3690 *
3691 * Set the expiry time for all routes on an interface.
3692 */
3693 static void
bridge_rtable_expire(struct ifnet * ifp,int age)3694 bridge_rtable_expire(struct ifnet *ifp, int age)
3695 {
3696 struct bridge_iflist *bif = NULL;
3697 struct bridge_softc *sc = NULL;
3698 struct bridge_rtnode *brt;
3699
3700 CURVNET_SET(ifp->if_vnet);
3701
3702 bif = ifp->if_bridge;
3703 if (bif)
3704 sc = bif->bif_sc;
3705 MPASS(sc != NULL);
3706 BRIDGE_RT_LOCK(sc);
3707
3708 /*
3709 * If the age is zero then flush, otherwise set all the expiry times to
3710 * age for the interface
3711 */
3712 if (age == 0)
3713 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
3714 else {
3715 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
3716 /* Cap the expiry time to 'age' */
3717 if (brt->brt_ifp == ifp &&
3718 brt->brt_expire > time_uptime + age &&
3719 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
3720 brt->brt_expire = time_uptime + age;
3721 }
3722 }
3723 BRIDGE_RT_UNLOCK(sc);
3724 CURVNET_RESTORE();
3725 }
3726
3727 /*
3728 * bridge_state_change:
3729 *
3730 * Callback from the bridgestp code when a port changes states.
3731 */
3732 static void
bridge_state_change(struct ifnet * ifp,int state)3733 bridge_state_change(struct ifnet *ifp, int state)
3734 {
3735 struct bridge_iflist *bif = ifp->if_bridge;
3736 struct bridge_softc *sc = bif->bif_sc;
3737 static const char *stpstates[] = {
3738 "disabled",
3739 "listening",
3740 "learning",
3741 "forwarding",
3742 "blocking",
3743 "discarding"
3744 };
3745
3746 CURVNET_SET(ifp->if_vnet);
3747 if (V_log_stp)
3748 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
3749 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
3750 CURVNET_RESTORE();
3751 }
3752
3753 /*
3754 * Send bridge packets through pfil if they are one of the types pfil can deal
3755 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
3756 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
3757 * that interface.
3758 */
3759 static int
bridge_pfil(struct mbuf ** mp,struct ifnet * bifp,struct ifnet * ifp,int dir)3760 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
3761 {
3762 int snap, error, i;
3763 struct ether_header *eh1, eh2;
3764 struct llc llc1;
3765 u_int16_t ether_type;
3766 pfil_return_t rv;
3767 #ifdef INET
3768 struct ip *ip = NULL;
3769 int hlen = 0;
3770 #endif
3771
3772 snap = 0;
3773 error = -1; /* Default error if not error == 0 */
3774
3775 #if 0
3776 /* we may return with the IP fields swapped, ensure its not shared */
3777 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
3778 #endif
3779
3780 if (V_pfil_bridge == 0 && V_pfil_member == 0 && V_pfil_ipfw == 0)
3781 return (0); /* filtering is disabled */
3782
3783 i = min((*mp)->m_pkthdr.len, max_protohdr);
3784 if ((*mp)->m_len < i) {
3785 *mp = m_pullup(*mp, i);
3786 if (*mp == NULL) {
3787 printf("%s: m_pullup failed\n", __func__);
3788 return (-1);
3789 }
3790 }
3791
3792 eh1 = mtod(*mp, struct ether_header *);
3793 ether_type = ntohs(eh1->ether_type);
3794
3795 /*
3796 * Check for SNAP/LLC.
3797 */
3798 if (ether_type < ETHERMTU) {
3799 struct llc *llc2 = (struct llc *)(eh1 + 1);
3800
3801 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
3802 llc2->llc_dsap == LLC_SNAP_LSAP &&
3803 llc2->llc_ssap == LLC_SNAP_LSAP &&
3804 llc2->llc_control == LLC_UI) {
3805 ether_type = htons(llc2->llc_un.type_snap.ether_type);
3806 snap = 1;
3807 }
3808 }
3809
3810 /*
3811 * If we're trying to filter bridge traffic, only look at traffic for
3812 * protocols available in the kernel (IPv4 and/or IPv6) to avoid
3813 * passing traffic for an unsupported protocol to the filter. This is
3814 * lame since if we really wanted, say, an AppleTalk filter, we are
3815 * hosed, but of course we don't have an AppleTalk filter to begin
3816 * with. (Note that since pfil doesn't understand ARP it will pass
3817 * *ALL* ARP traffic.)
3818 */
3819 switch (ether_type) {
3820 #ifdef INET
3821 case ETHERTYPE_ARP:
3822 case ETHERTYPE_REVARP:
3823 if (V_pfil_ipfw_arp == 0)
3824 return (0); /* Automatically pass */
3825
3826 /* FALLTHROUGH */
3827 case ETHERTYPE_IP:
3828 #endif
3829 #ifdef INET6
3830 case ETHERTYPE_IPV6:
3831 #endif /* INET6 */
3832 break;
3833
3834 default:
3835 /*
3836 * We get here if the packet isn't from a supported
3837 * protocol. Check to see if the user wants to pass
3838 * non-IP packets, these will not be checked by pfil(9)
3839 * and passed unconditionally so the default is to
3840 * drop.
3841 */
3842 if (V_pfil_onlyip)
3843 goto bad;
3844 }
3845
3846 /* Run the packet through pfil before stripping link headers */
3847 if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 &&
3848 dir == PFIL_OUT && ifp != NULL) {
3849 switch (pfil_mbuf_out(V_link_pfil_head, mp, ifp, NULL)) {
3850 case PFIL_DROPPED:
3851 return (EACCES);
3852 case PFIL_CONSUMED:
3853 return (0);
3854 }
3855 }
3856
3857 /* Strip off the Ethernet header and keep a copy. */
3858 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
3859 m_adj(*mp, ETHER_HDR_LEN);
3860
3861 /* Strip off snap header, if present */
3862 if (snap) {
3863 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
3864 m_adj(*mp, sizeof(struct llc));
3865 }
3866
3867 /*
3868 * Check the IP header for alignment and errors
3869 */
3870 if (dir == PFIL_IN) {
3871 switch (ether_type) {
3872 #ifdef INET
3873 case ETHERTYPE_IP:
3874 error = bridge_ip_checkbasic(mp);
3875 break;
3876 #endif
3877 #ifdef INET6
3878 case ETHERTYPE_IPV6:
3879 error = bridge_ip6_checkbasic(mp);
3880 break;
3881 #endif /* INET6 */
3882 default:
3883 error = 0;
3884 }
3885 if (error)
3886 goto bad;
3887 }
3888
3889 error = 0;
3890
3891 /*
3892 * Run the packet through pfil
3893 */
3894 rv = PFIL_PASS;
3895 switch (ether_type) {
3896 #ifdef INET
3897 case ETHERTYPE_IP:
3898 /*
3899 * Run pfil on the member interface and the bridge, both can
3900 * be skipped by clearing pfil_member or pfil_bridge.
3901 *
3902 * Keep the order:
3903 * in_if -> bridge_if -> out_if
3904 */
3905 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
3906 pfil_mbuf_out(V_inet_pfil_head, mp, bifp, NULL)) !=
3907 PFIL_PASS)
3908 break;
3909
3910 if (V_pfil_member && ifp != NULL) {
3911 rv = (dir == PFIL_OUT) ?
3912 pfil_mbuf_out(V_inet_pfil_head, mp, ifp, NULL) :
3913 pfil_mbuf_in(V_inet_pfil_head, mp, ifp, NULL);
3914 if (rv != PFIL_PASS)
3915 break;
3916 }
3917
3918 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
3919 pfil_mbuf_in(V_inet_pfil_head, mp, bifp, NULL)) !=
3920 PFIL_PASS)
3921 break;
3922
3923 /* check if we need to fragment the packet */
3924 /* bridge_fragment generates a mbuf chain of packets */
3925 /* that already include eth headers */
3926 if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) {
3927 i = (*mp)->m_pkthdr.len;
3928 if (i > ifp->if_mtu) {
3929 error = bridge_fragment(ifp, mp, &eh2, snap,
3930 &llc1);
3931 return (error);
3932 }
3933 }
3934
3935 /* Recalculate the ip checksum. */
3936 ip = mtod(*mp, struct ip *);
3937 hlen = ip->ip_hl << 2;
3938 if (hlen < sizeof(struct ip))
3939 goto bad;
3940 if (hlen > (*mp)->m_len) {
3941 if ((*mp = m_pullup(*mp, hlen)) == NULL)
3942 goto bad;
3943 ip = mtod(*mp, struct ip *);
3944 if (ip == NULL)
3945 goto bad;
3946 }
3947 ip->ip_sum = 0;
3948 if (hlen == sizeof(struct ip))
3949 ip->ip_sum = in_cksum_hdr(ip);
3950 else
3951 ip->ip_sum = in_cksum(*mp, hlen);
3952
3953 break;
3954 #endif /* INET */
3955 #ifdef INET6
3956 case ETHERTYPE_IPV6:
3957 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
3958 pfil_mbuf_out(V_inet6_pfil_head, mp, bifp, NULL)) !=
3959 PFIL_PASS)
3960 break;
3961
3962 if (V_pfil_member && ifp != NULL) {
3963 rv = (dir == PFIL_OUT) ?
3964 pfil_mbuf_out(V_inet6_pfil_head, mp, ifp, NULL) :
3965 pfil_mbuf_in(V_inet6_pfil_head, mp, ifp, NULL);
3966 if (rv != PFIL_PASS)
3967 break;
3968 }
3969
3970 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv =
3971 pfil_mbuf_in(V_inet6_pfil_head, mp, bifp, NULL)) !=
3972 PFIL_PASS)
3973 break;
3974 break;
3975 #endif
3976 }
3977
3978 switch (rv) {
3979 case PFIL_CONSUMED:
3980 return (0);
3981 case PFIL_DROPPED:
3982 return (EACCES);
3983 default:
3984 break;
3985 }
3986
3987 error = -1;
3988
3989 /*
3990 * Finally, put everything back the way it was and return
3991 */
3992 if (snap) {
3993 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT);
3994 if (*mp == NULL)
3995 return (error);
3996 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
3997 }
3998
3999 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT);
4000 if (*mp == NULL)
4001 return (error);
4002 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
4003
4004 return (0);
4005
4006 bad:
4007 m_freem(*mp);
4008 *mp = NULL;
4009 return (error);
4010 }
4011
4012 #ifdef INET
4013 /*
4014 * Perform basic checks on header size since
4015 * pfil assumes ip_input has already processed
4016 * it for it. Cut-and-pasted from ip_input.c.
4017 * Given how simple the IPv6 version is,
4018 * does the IPv4 version really need to be
4019 * this complicated?
4020 *
4021 * XXX Should we update ipstat here, or not?
4022 * XXX Right now we update ipstat but not
4023 * XXX csum_counter.
4024 */
4025 static int
bridge_ip_checkbasic(struct mbuf ** mp)4026 bridge_ip_checkbasic(struct mbuf **mp)
4027 {
4028 struct mbuf *m = *mp;
4029 struct ip *ip;
4030 int len, hlen;
4031 u_short sum;
4032
4033 if (*mp == NULL)
4034 return (-1);
4035
4036 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
4037 if ((m = m_copyup(m, sizeof(struct ip),
4038 (max_linkhdr + 3) & ~3)) == NULL) {
4039 /* XXXJRT new stat, please */
4040 KMOD_IPSTAT_INC(ips_toosmall);
4041 goto bad;
4042 }
4043 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
4044 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
4045 KMOD_IPSTAT_INC(ips_toosmall);
4046 goto bad;
4047 }
4048 }
4049 ip = mtod(m, struct ip *);
4050 if (ip == NULL) goto bad;
4051
4052 if (ip->ip_v != IPVERSION) {
4053 KMOD_IPSTAT_INC(ips_badvers);
4054 goto bad;
4055 }
4056 hlen = ip->ip_hl << 2;
4057 if (hlen < sizeof(struct ip)) { /* minimum header length */
4058 KMOD_IPSTAT_INC(ips_badhlen);
4059 goto bad;
4060 }
4061 if (hlen > m->m_len) {
4062 if ((m = m_pullup(m, hlen)) == NULL) {
4063 KMOD_IPSTAT_INC(ips_badhlen);
4064 goto bad;
4065 }
4066 ip = mtod(m, struct ip *);
4067 if (ip == NULL) goto bad;
4068 }
4069
4070 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
4071 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
4072 } else {
4073 if (hlen == sizeof(struct ip)) {
4074 sum = in_cksum_hdr(ip);
4075 } else {
4076 sum = in_cksum(m, hlen);
4077 }
4078 }
4079 if (sum) {
4080 KMOD_IPSTAT_INC(ips_badsum);
4081 goto bad;
4082 }
4083
4084 /* Retrieve the packet length. */
4085 len = ntohs(ip->ip_len);
4086
4087 /*
4088 * Check for additional length bogosity
4089 */
4090 if (len < hlen) {
4091 KMOD_IPSTAT_INC(ips_badlen);
4092 goto bad;
4093 }
4094
4095 /*
4096 * Check that the amount of data in the buffers
4097 * is as at least much as the IP header would have us expect.
4098 * Drop packet if shorter than we expect.
4099 */
4100 if (m->m_pkthdr.len < len) {
4101 KMOD_IPSTAT_INC(ips_tooshort);
4102 goto bad;
4103 }
4104
4105 /* Checks out, proceed */
4106 *mp = m;
4107 return (0);
4108
4109 bad:
4110 *mp = m;
4111 return (-1);
4112 }
4113 #endif /* INET */
4114
4115 #ifdef INET6
4116 /*
4117 * Same as above, but for IPv6.
4118 * Cut-and-pasted from ip6_input.c.
4119 * XXX Should we update ip6stat, or not?
4120 */
4121 static int
bridge_ip6_checkbasic(struct mbuf ** mp)4122 bridge_ip6_checkbasic(struct mbuf **mp)
4123 {
4124 struct mbuf *m = *mp;
4125 struct ip6_hdr *ip6;
4126
4127 /*
4128 * If the IPv6 header is not aligned, slurp it up into a new
4129 * mbuf with space for link headers, in the event we forward
4130 * it. Otherwise, if it is aligned, make sure the entire base
4131 * IPv6 header is in the first mbuf of the chain.
4132 */
4133 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
4134 struct ifnet *inifp = m->m_pkthdr.rcvif;
4135 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
4136 (max_linkhdr + 3) & ~3)) == NULL) {
4137 /* XXXJRT new stat, please */
4138 IP6STAT_INC(ip6s_toosmall);
4139 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
4140 goto bad;
4141 }
4142 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
4143 struct ifnet *inifp = m->m_pkthdr.rcvif;
4144 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
4145 IP6STAT_INC(ip6s_toosmall);
4146 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
4147 goto bad;
4148 }
4149 }
4150
4151 ip6 = mtod(m, struct ip6_hdr *);
4152
4153 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
4154 IP6STAT_INC(ip6s_badvers);
4155 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
4156 goto bad;
4157 }
4158
4159 /* Checks out, proceed */
4160 *mp = m;
4161 return (0);
4162
4163 bad:
4164 *mp = m;
4165 return (-1);
4166 }
4167 #endif /* INET6 */
4168
4169 #ifdef INET
4170 /*
4171 * bridge_fragment:
4172 *
4173 * Fragment mbuf chain in multiple packets and prepend ethernet header.
4174 */
4175 static int
bridge_fragment(struct ifnet * ifp,struct mbuf ** mp,struct ether_header * eh,int snap,struct llc * llc)4176 bridge_fragment(struct ifnet *ifp, struct mbuf **mp, struct ether_header *eh,
4177 int snap, struct llc *llc)
4178 {
4179 struct mbuf *m = *mp, *nextpkt = NULL, *mprev = NULL, *mcur = NULL;
4180 struct ip *ip;
4181 int error = -1;
4182
4183 if (m->m_len < sizeof(struct ip) &&
4184 (m = m_pullup(m, sizeof(struct ip))) == NULL)
4185 goto dropit;
4186 ip = mtod(m, struct ip *);
4187
4188 m->m_pkthdr.csum_flags |= CSUM_IP;
4189 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist);
4190 if (error)
4191 goto dropit;
4192
4193 /*
4194 * Walk the chain and re-add the Ethernet header for
4195 * each mbuf packet.
4196 */
4197 for (mcur = m; mcur; mcur = mcur->m_nextpkt) {
4198 nextpkt = mcur->m_nextpkt;
4199 mcur->m_nextpkt = NULL;
4200 if (snap) {
4201 M_PREPEND(mcur, sizeof(struct llc), M_NOWAIT);
4202 if (mcur == NULL) {
4203 error = ENOBUFS;
4204 if (mprev != NULL)
4205 mprev->m_nextpkt = nextpkt;
4206 goto dropit;
4207 }
4208 bcopy(llc, mtod(mcur, caddr_t),sizeof(struct llc));
4209 }
4210
4211 M_PREPEND(mcur, ETHER_HDR_LEN, M_NOWAIT);
4212 if (mcur == NULL) {
4213 error = ENOBUFS;
4214 if (mprev != NULL)
4215 mprev->m_nextpkt = nextpkt;
4216 goto dropit;
4217 }
4218 bcopy(eh, mtod(mcur, caddr_t), ETHER_HDR_LEN);
4219
4220 /*
4221 * The previous two M_PREPEND could have inserted one or two
4222 * mbufs in front so we have to update the previous packet's
4223 * m_nextpkt.
4224 */
4225 mcur->m_nextpkt = nextpkt;
4226 if (mprev != NULL)
4227 mprev->m_nextpkt = mcur;
4228 else {
4229 /* The first mbuf in the original chain needs to be
4230 * updated. */
4231 *mp = mcur;
4232 }
4233 mprev = mcur;
4234 }
4235
4236 KMOD_IPSTAT_INC(ips_fragmented);
4237 return (error);
4238
4239 dropit:
4240 for (mcur = *mp; mcur; mcur = m) { /* droping the full packet chain */
4241 m = mcur->m_nextpkt;
4242 m_freem(mcur);
4243 }
4244 return (error);
4245 }
4246 #endif /* INET */
4247
4248 static void
bridge_linkstate(struct ifnet * ifp)4249 bridge_linkstate(struct ifnet *ifp)
4250 {
4251 struct bridge_softc *sc = NULL;
4252 struct bridge_iflist *bif;
4253 struct epoch_tracker et;
4254
4255 NET_EPOCH_ENTER(et);
4256
4257 bif = ifp->if_bridge;
4258 if (bif)
4259 sc = bif->bif_sc;
4260
4261 if (sc != NULL) {
4262 bridge_linkcheck(sc);
4263 bstp_linkstate(&bif->bif_stp);
4264 }
4265
4266 NET_EPOCH_EXIT(et);
4267 }
4268
4269 static void
bridge_linkcheck(struct bridge_softc * sc)4270 bridge_linkcheck(struct bridge_softc *sc)
4271 {
4272 struct bridge_iflist *bif;
4273 int new_link, hasls;
4274
4275 BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc);
4276
4277 new_link = LINK_STATE_DOWN;
4278 hasls = 0;
4279 /* Our link is considered up if at least one of our ports is active */
4280 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
4281 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE)
4282 hasls++;
4283 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) {
4284 new_link = LINK_STATE_UP;
4285 break;
4286 }
4287 }
4288 if (!CK_LIST_EMPTY(&sc->sc_iflist) && !hasls) {
4289 /* If no interfaces support link-state then we default to up */
4290 new_link = LINK_STATE_UP;
4291 }
4292 if_link_state_change(sc->sc_ifp, new_link);
4293 }
4294