1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/priv.h> 105 #include <sys/proc.h> 106 #include <sys/lock.h> 107 #include <sys/mutex.h> 108 109 #include <net/bpf.h> 110 #include <net/if.h> 111 #include <net/if_clone.h> 112 #include <net/if_dl.h> 113 #include <net/if_types.h> 114 #include <net/if_var.h> 115 #include <net/pfil.h> 116 117 #include <netinet/in.h> /* for struct arpcom */ 118 #include <netinet/in_systm.h> 119 #include <netinet/in_var.h> 120 #include <netinet/ip.h> 121 #include <netinet/ip_var.h> 122 #ifdef INET6 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 #endif 126 #ifdef DEV_CARP 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> /* for struct arpcom */ 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 135 #include <net/route.h> 136 #include <netinet/ip_fw.h> 137 #include <netinet/ip_dummynet.h> 138 139 /* 140 * Size of the route hash table. Must be a power of two. 141 */ 142 #ifndef BRIDGE_RTHASH_SIZE 143 #define BRIDGE_RTHASH_SIZE 1024 144 #endif 145 146 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 147 148 /* 149 * Maximum number of addresses to cache. 150 */ 151 #ifndef BRIDGE_RTABLE_MAX 152 #define BRIDGE_RTABLE_MAX 100 153 #endif 154 155 /* 156 * Timeout (in seconds) for entries learned dynamically. 157 */ 158 #ifndef BRIDGE_RTABLE_TIMEOUT 159 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 160 #endif 161 162 /* 163 * Number of seconds between walks of the route list. 164 */ 165 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 166 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 167 #endif 168 169 /* 170 * List of capabilities to mask on the member interface. 171 */ 172 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 173 174 /* 175 * Bridge interface list entry. 176 */ 177 struct bridge_iflist { 178 LIST_ENTRY(bridge_iflist) bif_next; 179 struct ifnet *bif_ifp; /* member if */ 180 struct bstp_port bif_stp; /* STP state */ 181 uint32_t bif_flags; /* member if flags */ 182 int bif_mutecap; /* member muted caps */ 183 }; 184 185 /* 186 * Bridge route node. 187 */ 188 struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct ifnet *brt_ifp; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195 }; 196 197 /* 198 * Software state for each bridge. 199 */ 200 struct bridge_softc { 201 struct ifnet *sc_ifp; /* make this an interface */ 202 LIST_ENTRY(bridge_softc) sc_list; 203 struct mtx sc_mtx; 204 struct cv sc_cv; 205 uint32_t sc_brtmax; /* max # of addresses */ 206 uint32_t sc_brtcnt; /* cur. # of addresses */ 207 uint32_t sc_brttimeout; /* rt timeout in seconds */ 208 struct callout sc_brcallout; /* bridge callout */ 209 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 210 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 211 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 212 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 213 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 214 uint32_t sc_rthash_key; /* key for hash */ 215 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 216 struct bstp_state sc_stp; /* STP state */ 217 uint32_t sc_brtexceeded; /* # of cache drops */ 218 }; 219 220 static struct mtx bridge_list_mtx; 221 eventhandler_tag bridge_detach_cookie = NULL; 222 223 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 224 225 uma_zone_t bridge_rtnode_zone; 226 227 static int bridge_clone_create(struct if_clone *, int, caddr_t); 228 static void bridge_clone_destroy(struct ifnet *); 229 230 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 231 static void bridge_mutecaps(struct bridge_iflist *, int); 232 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 233 static void bridge_init(void *); 234 static void bridge_dummynet(struct mbuf *, struct ifnet *); 235 static void bridge_stop(struct ifnet *, int); 236 static void bridge_start(struct ifnet *); 237 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 238 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 239 struct rtentry *); 240 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 241 struct mbuf *); 242 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 243 244 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 245 246 static void bridge_timer(void *); 247 248 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 249 struct mbuf *, int); 250 static void bridge_span(struct bridge_softc *, struct mbuf *); 251 252 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 253 struct bridge_iflist *, int, uint8_t); 254 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 255 static void bridge_rttrim(struct bridge_softc *); 256 static void bridge_rtage(struct bridge_softc *); 257 static void bridge_rtflush(struct bridge_softc *, int); 258 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 259 260 static int bridge_rtable_init(struct bridge_softc *); 261 static void bridge_rtable_fini(struct bridge_softc *); 262 263 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 264 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 265 const uint8_t *); 266 static int bridge_rtnode_insert(struct bridge_softc *, 267 struct bridge_rtnode *); 268 static void bridge_rtnode_destroy(struct bridge_softc *, 269 struct bridge_rtnode *); 270 static void bridge_rtable_expire(struct ifnet *, int); 271 static void bridge_state_change(struct ifnet *, int); 272 273 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 274 const char *name); 275 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 276 struct ifnet *ifp); 277 static void bridge_delete_member(struct bridge_softc *, 278 struct bridge_iflist *, int); 279 static void bridge_delete_span(struct bridge_softc *, 280 struct bridge_iflist *); 281 282 static int bridge_ioctl_add(struct bridge_softc *, void *); 283 static int bridge_ioctl_del(struct bridge_softc *, void *); 284 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 285 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 286 static int bridge_ioctl_scache(struct bridge_softc *, void *); 287 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 288 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 289 static int bridge_ioctl_rts(struct bridge_softc *, void *); 290 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 291 static int bridge_ioctl_sto(struct bridge_softc *, void *); 292 static int bridge_ioctl_gto(struct bridge_softc *, void *); 293 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 294 static int bridge_ioctl_flush(struct bridge_softc *, void *); 295 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 296 static int bridge_ioctl_spri(struct bridge_softc *, void *); 297 static int bridge_ioctl_ght(struct bridge_softc *, void *); 298 static int bridge_ioctl_sht(struct bridge_softc *, void *); 299 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 300 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 301 static int bridge_ioctl_gma(struct bridge_softc *, void *); 302 static int bridge_ioctl_sma(struct bridge_softc *, void *); 303 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 304 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 305 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 306 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 307 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 308 static int bridge_ioctl_grte(struct bridge_softc *, void *); 309 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 310 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 311 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 312 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 313 int); 314 static int bridge_ip_checkbasic(struct mbuf **mp); 315 #ifdef INET6 316 static int bridge_ip6_checkbasic(struct mbuf **mp); 317 #endif /* INET6 */ 318 static int bridge_fragment(struct ifnet *, struct mbuf *, 319 struct ether_header *, int, struct llc *); 320 321 static struct bstp_cb_ops bridge_ops = { 322 .bcb_state = bridge_state_change, 323 .bcb_rtage = bridge_rtable_expire 324 }; 325 326 SYSCTL_DECL(_net_link); 327 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 328 329 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 330 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 331 static int pfil_member = 1; /* run pfil hooks on the member interface */ 332 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 333 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 334 static int log_stp = 0; /* log STP state changes */ 335 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 336 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 337 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 338 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 339 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 340 &pfil_bridge, 0, "Packet filter on the bridge interface"); 341 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 342 &pfil_member, 0, "Packet filter on the member interface"); 343 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 344 &log_stp, 0, "Log STP state changes"); 345 346 struct bridge_control { 347 int (*bc_func)(struct bridge_softc *, void *); 348 int bc_argsize; 349 int bc_flags; 350 }; 351 352 #define BC_F_COPYIN 0x01 /* copy arguments in */ 353 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 354 #define BC_F_SUSER 0x04 /* do super-user check */ 355 356 const struct bridge_control bridge_control_table[] = { 357 { bridge_ioctl_add, sizeof(struct ifbreq), 358 BC_F_COPYIN|BC_F_SUSER }, 359 { bridge_ioctl_del, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_SUSER }, 361 362 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 363 BC_F_COPYIN|BC_F_COPYOUT }, 364 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 365 BC_F_COPYIN|BC_F_SUSER }, 366 367 { bridge_ioctl_scache, sizeof(struct ifbrparam), 368 BC_F_COPYIN|BC_F_SUSER }, 369 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 370 BC_F_COPYOUT }, 371 372 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 373 BC_F_COPYIN|BC_F_COPYOUT }, 374 { bridge_ioctl_rts, sizeof(struct ifbaconf), 375 BC_F_COPYIN|BC_F_COPYOUT }, 376 377 { bridge_ioctl_saddr, sizeof(struct ifbareq), 378 BC_F_COPYIN|BC_F_SUSER }, 379 380 { bridge_ioctl_sto, sizeof(struct ifbrparam), 381 BC_F_COPYIN|BC_F_SUSER }, 382 { bridge_ioctl_gto, sizeof(struct ifbrparam), 383 BC_F_COPYOUT }, 384 385 { bridge_ioctl_daddr, sizeof(struct ifbareq), 386 BC_F_COPYIN|BC_F_SUSER }, 387 388 { bridge_ioctl_flush, sizeof(struct ifbreq), 389 BC_F_COPYIN|BC_F_SUSER }, 390 391 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 392 BC_F_COPYOUT }, 393 { bridge_ioctl_spri, sizeof(struct ifbrparam), 394 BC_F_COPYIN|BC_F_SUSER }, 395 396 { bridge_ioctl_ght, sizeof(struct ifbrparam), 397 BC_F_COPYOUT }, 398 { bridge_ioctl_sht, sizeof(struct ifbrparam), 399 BC_F_COPYIN|BC_F_SUSER }, 400 401 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 402 BC_F_COPYOUT }, 403 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 404 BC_F_COPYIN|BC_F_SUSER }, 405 406 { bridge_ioctl_gma, sizeof(struct ifbrparam), 407 BC_F_COPYOUT }, 408 { bridge_ioctl_sma, sizeof(struct ifbrparam), 409 BC_F_COPYIN|BC_F_SUSER }, 410 411 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 415 BC_F_COPYIN|BC_F_SUSER }, 416 417 { bridge_ioctl_addspan, sizeof(struct ifbreq), 418 BC_F_COPYIN|BC_F_SUSER }, 419 { bridge_ioctl_delspan, sizeof(struct ifbreq), 420 BC_F_COPYIN|BC_F_SUSER }, 421 422 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 423 BC_F_COPYOUT }, 424 425 { bridge_ioctl_grte, sizeof(struct ifbrparam), 426 BC_F_COPYOUT }, 427 428 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 429 BC_F_COPYIN|BC_F_COPYOUT }, 430 431 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 432 BC_F_COPYIN|BC_F_SUSER }, 433 434 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 435 BC_F_COPYIN|BC_F_SUSER }, 436 }; 437 const int bridge_control_table_size = 438 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 439 440 LIST_HEAD(, bridge_softc) bridge_list; 441 442 IFC_SIMPLE_DECLARE(bridge, 0); 443 444 static int 445 bridge_modevent(module_t mod, int type, void *data) 446 { 447 448 switch (type) { 449 case MOD_LOAD: 450 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 451 if_clone_attach(&bridge_cloner); 452 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 453 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 454 UMA_ALIGN_PTR, 0); 455 LIST_INIT(&bridge_list); 456 bridge_input_p = bridge_input; 457 bridge_output_p = bridge_output; 458 bridge_dn_p = bridge_dummynet; 459 bridge_detach_cookie = EVENTHANDLER_REGISTER( 460 ifnet_departure_event, bridge_ifdetach, NULL, 461 EVENTHANDLER_PRI_ANY); 462 break; 463 case MOD_UNLOAD: 464 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 465 bridge_detach_cookie); 466 if_clone_detach(&bridge_cloner); 467 uma_zdestroy(bridge_rtnode_zone); 468 bridge_input_p = NULL; 469 bridge_output_p = NULL; 470 bridge_dn_p = NULL; 471 mtx_destroy(&bridge_list_mtx); 472 break; 473 default: 474 return (EOPNOTSUPP); 475 } 476 return (0); 477 } 478 479 static moduledata_t bridge_mod = { 480 "if_bridge", 481 bridge_modevent, 482 0 483 }; 484 485 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 486 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 487 488 /* 489 * handler for net.link.bridge.pfil_ipfw 490 */ 491 static int 492 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 493 { 494 int enable = pfil_ipfw; 495 int error; 496 497 error = sysctl_handle_int(oidp, &enable, 0, req); 498 enable = (enable) ? 1 : 0; 499 500 if (enable != pfil_ipfw) { 501 pfil_ipfw = enable; 502 503 /* 504 * Disable pfil so that ipfw doesnt run twice, if the user 505 * really wants both then they can re-enable pfil_bridge and/or 506 * pfil_member. Also allow non-ip packets as ipfw can filter by 507 * layer2 type. 508 */ 509 if (pfil_ipfw) { 510 pfil_onlyip = 0; 511 pfil_bridge = 0; 512 pfil_member = 0; 513 } 514 } 515 516 return (error); 517 } 518 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 519 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 520 521 /* 522 * bridge_clone_create: 523 * 524 * Create a new bridge instance. 525 */ 526 static int 527 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 528 { 529 struct bridge_softc *sc, *sc2; 530 struct ifnet *bifp, *ifp; 531 u_char eaddr[6]; 532 int retry; 533 534 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 535 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 536 if (ifp == NULL) { 537 free(sc, M_DEVBUF); 538 return (ENOSPC); 539 } 540 541 BRIDGE_LOCK_INIT(sc); 542 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 543 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 544 545 /* Initialize our routing table. */ 546 bridge_rtable_init(sc); 547 548 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 549 550 LIST_INIT(&sc->sc_iflist); 551 LIST_INIT(&sc->sc_spanlist); 552 553 ifp->if_softc = sc; 554 if_initname(ifp, ifc->ifc_name, unit); 555 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 556 ifp->if_ioctl = bridge_ioctl; 557 ifp->if_start = bridge_start; 558 ifp->if_init = bridge_init; 559 ifp->if_type = IFT_BRIDGE; 560 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 561 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 562 IFQ_SET_READY(&ifp->if_snd); 563 564 /* 565 * Generate a random ethernet address with a locally administered 566 * address. 567 * 568 * Since we are using random ethernet addresses for the bridge, it is 569 * possible that we might have address collisions, so make sure that 570 * this hardware address isn't already in use on another bridge. 571 */ 572 for (retry = 1; retry != 0;) { 573 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 574 eaddr[0] &= ~1; /* clear multicast bit */ 575 eaddr[0] |= 2; /* set the LAA bit */ 576 retry = 0; 577 mtx_lock(&bridge_list_mtx); 578 LIST_FOREACH(sc2, &bridge_list, sc_list) { 579 bifp = sc2->sc_ifp; 580 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 581 retry = 1; 582 } 583 mtx_unlock(&bridge_list_mtx); 584 } 585 586 bstp_attach(&sc->sc_stp, &bridge_ops); 587 ether_ifattach(ifp, eaddr); 588 /* Now undo some of the damage... */ 589 ifp->if_baudrate = 0; 590 ifp->if_type = IFT_BRIDGE; 591 592 mtx_lock(&bridge_list_mtx); 593 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 594 mtx_unlock(&bridge_list_mtx); 595 596 return (0); 597 } 598 599 /* 600 * bridge_clone_destroy: 601 * 602 * Destroy a bridge instance. 603 */ 604 static void 605 bridge_clone_destroy(struct ifnet *ifp) 606 { 607 struct bridge_softc *sc = ifp->if_softc; 608 struct bridge_iflist *bif; 609 610 BRIDGE_LOCK(sc); 611 612 bridge_stop(ifp, 1); 613 ifp->if_flags &= ~IFF_UP; 614 615 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 616 bridge_delete_member(sc, bif, 0); 617 618 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 619 bridge_delete_span(sc, bif); 620 } 621 622 BRIDGE_UNLOCK(sc); 623 624 callout_drain(&sc->sc_brcallout); 625 626 mtx_lock(&bridge_list_mtx); 627 LIST_REMOVE(sc, sc_list); 628 mtx_unlock(&bridge_list_mtx); 629 630 bstp_detach(&sc->sc_stp); 631 ether_ifdetach(ifp); 632 if_free_type(ifp, IFT_ETHER); 633 634 /* Tear down the routing table. */ 635 bridge_rtable_fini(sc); 636 637 BRIDGE_LOCK_DESTROY(sc); 638 free(sc, M_DEVBUF); 639 } 640 641 /* 642 * bridge_ioctl: 643 * 644 * Handle a control request from the operator. 645 */ 646 static int 647 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 648 { 649 struct bridge_softc *sc = ifp->if_softc; 650 struct thread *td = curthread; 651 union { 652 struct ifbreq ifbreq; 653 struct ifbifconf ifbifconf; 654 struct ifbareq ifbareq; 655 struct ifbaconf ifbaconf; 656 struct ifbrparam ifbrparam; 657 struct ifbropreq ifbropreq; 658 } args; 659 struct ifdrv *ifd = (struct ifdrv *) data; 660 const struct bridge_control *bc; 661 int error = 0; 662 663 BRIDGE_LOCK(sc); 664 665 switch (cmd) { 666 667 case SIOCADDMULTI: 668 case SIOCDELMULTI: 669 break; 670 671 case SIOCGDRVSPEC: 672 case SIOCSDRVSPEC: 673 if (ifd->ifd_cmd >= bridge_control_table_size) { 674 error = EINVAL; 675 break; 676 } 677 bc = &bridge_control_table[ifd->ifd_cmd]; 678 679 if (cmd == SIOCGDRVSPEC && 680 (bc->bc_flags & BC_F_COPYOUT) == 0) { 681 error = EINVAL; 682 break; 683 } 684 else if (cmd == SIOCSDRVSPEC && 685 (bc->bc_flags & BC_F_COPYOUT) != 0) { 686 error = EINVAL; 687 break; 688 } 689 690 if (bc->bc_flags & BC_F_SUSER) { 691 error = priv_check(td, PRIV_NET_BRIDGE); 692 if (error) 693 break; 694 } 695 696 if (ifd->ifd_len != bc->bc_argsize || 697 ifd->ifd_len > sizeof(args)) { 698 error = EINVAL; 699 break; 700 } 701 702 bzero(&args, sizeof(args)); 703 if (bc->bc_flags & BC_F_COPYIN) { 704 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 705 if (error) 706 break; 707 } 708 709 error = (*bc->bc_func)(sc, &args); 710 if (error) 711 break; 712 713 if (bc->bc_flags & BC_F_COPYOUT) 714 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 715 716 break; 717 718 case SIOCSIFFLAGS: 719 if (!(ifp->if_flags & IFF_UP) && 720 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 721 /* 722 * If interface is marked down and it is running, 723 * then stop and disable it. 724 */ 725 bridge_stop(ifp, 1); 726 } else if ((ifp->if_flags & IFF_UP) && 727 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 728 /* 729 * If interface is marked up and it is stopped, then 730 * start it. 731 */ 732 BRIDGE_UNLOCK(sc); 733 (*ifp->if_init)(sc); 734 } 735 break; 736 737 case SIOCSIFMTU: 738 /* Do not allow the MTU to be changed on the bridge */ 739 error = EINVAL; 740 break; 741 742 default: 743 /* 744 * drop the lock as ether_ioctl() will call bridge_start() and 745 * cause the lock to be recursed. 746 */ 747 BRIDGE_UNLOCK(sc); 748 error = ether_ioctl(ifp, cmd, data); 749 break; 750 } 751 752 if (BRIDGE_LOCKED(sc)) 753 BRIDGE_UNLOCK(sc); 754 755 return (error); 756 } 757 758 /* 759 * bridge_mutecaps: 760 * 761 * Clear or restore unwanted capabilities on the member interface 762 */ 763 static void 764 bridge_mutecaps(struct bridge_iflist *bif, int mute) 765 { 766 struct ifnet *ifp = bif->bif_ifp; 767 struct ifreq ifr; 768 int error; 769 770 if (ifp->if_ioctl == NULL) 771 return; 772 773 bzero(&ifr, sizeof(ifr)); 774 ifr.ifr_reqcap = ifp->if_capenable; 775 776 if (mute) { 777 /* mask off and save capabilities */ 778 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 779 if (bif->bif_mutecap != 0) 780 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 781 } else 782 /* restore muted capabilities */ 783 ifr.ifr_reqcap |= bif->bif_mutecap; 784 785 786 if (bif->bif_mutecap != 0) { 787 IFF_LOCKGIANT(ifp); 788 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 789 IFF_UNLOCKGIANT(ifp); 790 } 791 } 792 793 /* 794 * bridge_lookup_member: 795 * 796 * Lookup a bridge member interface. 797 */ 798 static struct bridge_iflist * 799 bridge_lookup_member(struct bridge_softc *sc, const char *name) 800 { 801 struct bridge_iflist *bif; 802 struct ifnet *ifp; 803 804 BRIDGE_LOCK_ASSERT(sc); 805 806 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 807 ifp = bif->bif_ifp; 808 if (strcmp(ifp->if_xname, name) == 0) 809 return (bif); 810 } 811 812 return (NULL); 813 } 814 815 /* 816 * bridge_lookup_member_if: 817 * 818 * Lookup a bridge member interface by ifnet*. 819 */ 820 static struct bridge_iflist * 821 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 822 { 823 struct bridge_iflist *bif; 824 825 BRIDGE_LOCK_ASSERT(sc); 826 827 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 828 if (bif->bif_ifp == member_ifp) 829 return (bif); 830 } 831 832 return (NULL); 833 } 834 835 /* 836 * bridge_delete_member: 837 * 838 * Delete the specified member interface. 839 */ 840 static void 841 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 842 int gone) 843 { 844 struct ifnet *ifs = bif->bif_ifp; 845 846 BRIDGE_LOCK_ASSERT(sc); 847 848 if (!gone) { 849 switch (ifs->if_type) { 850 case IFT_ETHER: 851 case IFT_L2VLAN: 852 /* 853 * Take the interface out of promiscuous mode. 854 */ 855 (void) ifpromisc(ifs, 0); 856 bridge_mutecaps(bif, 0); 857 break; 858 859 case IFT_GIF: 860 break; 861 862 default: 863 #ifdef DIAGNOSTIC 864 panic("bridge_delete_member: impossible"); 865 #endif 866 break; 867 } 868 } 869 870 if (bif->bif_flags & IFBIF_STP) 871 bstp_disable(&bif->bif_stp); 872 873 ifs->if_bridge = NULL; 874 BRIDGE_XLOCK(sc); 875 LIST_REMOVE(bif, bif_next); 876 BRIDGE_XDROP(sc); 877 878 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 879 880 BRIDGE_UNLOCK(sc); 881 bstp_destroy(&bif->bif_stp); /* prepare to free */ 882 BRIDGE_LOCK(sc); 883 free(bif, M_DEVBUF); 884 } 885 886 /* 887 * bridge_delete_span: 888 * 889 * Delete the specified span interface. 890 */ 891 static void 892 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 893 { 894 BRIDGE_LOCK_ASSERT(sc); 895 896 KASSERT(bif->bif_ifp->if_bridge == NULL, 897 ("%s: not a span interface", __func__)); 898 899 LIST_REMOVE(bif, bif_next); 900 free(bif, M_DEVBUF); 901 } 902 903 static int 904 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 905 { 906 struct ifbreq *req = arg; 907 struct bridge_iflist *bif = NULL; 908 struct ifnet *ifs; 909 int error = 0; 910 911 ifs = ifunit(req->ifbr_ifsname); 912 if (ifs == NULL) 913 return (ENOENT); 914 915 /* If it's in the span list, it can't be a member. */ 916 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 917 if (ifs == bif->bif_ifp) 918 return (EBUSY); 919 920 /* Allow the first Ethernet member to define the MTU */ 921 if (ifs->if_type != IFT_GIF) { 922 if (LIST_EMPTY(&sc->sc_iflist)) 923 sc->sc_ifp->if_mtu = ifs->if_mtu; 924 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 925 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 926 ifs->if_xname); 927 return (EINVAL); 928 } 929 } 930 931 if (ifs->if_bridge == sc) 932 return (EEXIST); 933 934 if (ifs->if_bridge != NULL) 935 return (EBUSY); 936 937 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 938 if (bif == NULL) 939 return (ENOMEM); 940 941 bif->bif_ifp = ifs; 942 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 943 944 switch (ifs->if_type) { 945 case IFT_ETHER: 946 case IFT_L2VLAN: 947 /* 948 * Place the interface into promiscuous mode. 949 */ 950 error = ifpromisc(ifs, 1); 951 if (error) 952 goto out; 953 954 bridge_mutecaps(bif, 1); 955 break; 956 957 case IFT_GIF: 958 break; 959 960 default: 961 error = EINVAL; 962 goto out; 963 } 964 965 ifs->if_bridge = sc; 966 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 967 /* 968 * XXX: XLOCK HERE!?! 969 * 970 * NOTE: insert_***HEAD*** should be safe for the traversals. 971 */ 972 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 973 974 out: 975 if (error) { 976 if (bif != NULL) 977 free(bif, M_DEVBUF); 978 } 979 return (error); 980 } 981 982 static int 983 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 984 { 985 struct ifbreq *req = arg; 986 struct bridge_iflist *bif; 987 988 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 989 if (bif == NULL) 990 return (ENOENT); 991 992 bridge_delete_member(sc, bif, 0); 993 994 return (0); 995 } 996 997 static int 998 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 999 { 1000 struct ifbreq *req = arg; 1001 struct bridge_iflist *bif; 1002 struct bstp_port *bp; 1003 1004 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1005 if (bif == NULL) 1006 return (ENOENT); 1007 1008 bp = &bif->bif_stp; 1009 req->ifbr_ifsflags = bif->bif_flags; 1010 req->ifbr_state = bp->bp_state; 1011 req->ifbr_priority = bp->bp_priority; 1012 req->ifbr_path_cost = bp->bp_path_cost; 1013 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1014 req->ifbr_proto = bp->bp_protover; 1015 req->ifbr_role = bp->bp_role; 1016 req->ifbr_stpflags = bp->bp_flags; 1017 1018 /* Copy STP state options as flags */ 1019 if (bp->bp_operedge) 1020 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1021 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1022 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1023 if (bp->bp_ptp_link) 1024 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1025 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1026 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1027 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1028 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1029 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1030 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1031 return (0); 1032 } 1033 1034 static int 1035 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1036 { 1037 struct ifbreq *req = arg; 1038 struct bridge_iflist *bif; 1039 struct bstp_port *bp; 1040 int error; 1041 1042 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1043 if (bif == NULL) 1044 return (ENOENT); 1045 bp = &bif->bif_stp; 1046 1047 if (req->ifbr_ifsflags & IFBIF_SPAN) 1048 /* SPAN is readonly */ 1049 return (EINVAL); 1050 1051 if (req->ifbr_ifsflags & IFBIF_STP) { 1052 if ((bif->bif_flags & IFBIF_STP) == 0) { 1053 error = bstp_enable(&bif->bif_stp); 1054 if (error) 1055 return (error); 1056 } 1057 } else { 1058 if ((bif->bif_flags & IFBIF_STP) != 0) 1059 bstp_disable(&bif->bif_stp); 1060 } 1061 1062 /* Pass on STP flags */ 1063 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1064 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1065 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1066 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1067 1068 /* Save the bits relating to the bridge */ 1069 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1070 1071 return (0); 1072 } 1073 1074 static int 1075 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1076 { 1077 struct ifbrparam *param = arg; 1078 1079 sc->sc_brtmax = param->ifbrp_csize; 1080 bridge_rttrim(sc); 1081 1082 return (0); 1083 } 1084 1085 static int 1086 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1087 { 1088 struct ifbrparam *param = arg; 1089 1090 param->ifbrp_csize = sc->sc_brtmax; 1091 1092 return (0); 1093 } 1094 1095 static int 1096 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1097 { 1098 struct ifbifconf *bifc = arg; 1099 struct bridge_iflist *bif; 1100 struct ifbreq breq; 1101 int count, len, error = 0; 1102 1103 count = 0; 1104 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1105 count++; 1106 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1107 count++; 1108 1109 if (bifc->ifbic_len == 0) { 1110 bifc->ifbic_len = sizeof(breq) * count; 1111 return (0); 1112 } 1113 1114 count = 0; 1115 len = bifc->ifbic_len; 1116 bzero(&breq, sizeof(breq)); 1117 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1118 if (len < sizeof(breq)) 1119 break; 1120 1121 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1122 sizeof(breq.ifbr_ifsname)); 1123 /* Fill in the ifbreq structure */ 1124 error = bridge_ioctl_gifflags(sc, &breq); 1125 if (error) 1126 break; 1127 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1128 if (error) 1129 break; 1130 count++; 1131 len -= sizeof(breq); 1132 } 1133 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1134 if (len < sizeof(breq)) 1135 break; 1136 1137 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1138 sizeof(breq.ifbr_ifsname)); 1139 breq.ifbr_ifsflags = bif->bif_flags; 1140 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1141 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1142 if (error) 1143 break; 1144 count++; 1145 len -= sizeof(breq); 1146 } 1147 1148 bifc->ifbic_len = sizeof(breq) * count; 1149 return (error); 1150 } 1151 1152 static int 1153 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1154 { 1155 struct ifbaconf *bac = arg; 1156 struct bridge_rtnode *brt; 1157 struct ifbareq bareq; 1158 int count = 0, error = 0, len; 1159 1160 if (bac->ifbac_len == 0) 1161 return (0); 1162 1163 len = bac->ifbac_len; 1164 bzero(&bareq, sizeof(bareq)); 1165 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1166 if (len < sizeof(bareq)) 1167 goto out; 1168 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1169 sizeof(bareq.ifba_ifsname)); 1170 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1171 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1172 time_uptime < brt->brt_expire) 1173 bareq.ifba_expire = brt->brt_expire - time_uptime; 1174 else 1175 bareq.ifba_expire = 0; 1176 bareq.ifba_flags = brt->brt_flags; 1177 1178 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1179 if (error) 1180 goto out; 1181 count++; 1182 len -= sizeof(bareq); 1183 } 1184 out: 1185 bac->ifbac_len = sizeof(bareq) * count; 1186 return (error); 1187 } 1188 1189 static int 1190 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1191 { 1192 struct ifbareq *req = arg; 1193 struct bridge_iflist *bif; 1194 int error; 1195 1196 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1197 if (bif == NULL) 1198 return (ENOENT); 1199 1200 error = bridge_rtupdate(sc, req->ifba_dst, bif, 1, 1201 req->ifba_flags); 1202 1203 return (error); 1204 } 1205 1206 static int 1207 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1208 { 1209 struct ifbrparam *param = arg; 1210 1211 sc->sc_brttimeout = param->ifbrp_ctime; 1212 return (0); 1213 } 1214 1215 static int 1216 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1217 { 1218 struct ifbrparam *param = arg; 1219 1220 param->ifbrp_ctime = sc->sc_brttimeout; 1221 return (0); 1222 } 1223 1224 static int 1225 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1226 { 1227 struct ifbareq *req = arg; 1228 1229 return (bridge_rtdaddr(sc, req->ifba_dst)); 1230 } 1231 1232 static int 1233 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1234 { 1235 struct ifbreq *req = arg; 1236 1237 bridge_rtflush(sc, req->ifbr_ifsflags); 1238 return (0); 1239 } 1240 1241 static int 1242 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1243 { 1244 struct ifbrparam *param = arg; 1245 struct bstp_state *bs = &sc->sc_stp; 1246 1247 param->ifbrp_prio = bs->bs_bridge_priority; 1248 return (0); 1249 } 1250 1251 static int 1252 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1253 { 1254 struct ifbrparam *param = arg; 1255 1256 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1257 } 1258 1259 static int 1260 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1261 { 1262 struct ifbrparam *param = arg; 1263 struct bstp_state *bs = &sc->sc_stp; 1264 1265 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1266 return (0); 1267 } 1268 1269 static int 1270 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1271 { 1272 struct ifbrparam *param = arg; 1273 1274 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1275 } 1276 1277 static int 1278 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1279 { 1280 struct ifbrparam *param = arg; 1281 struct bstp_state *bs = &sc->sc_stp; 1282 1283 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1284 return (0); 1285 } 1286 1287 static int 1288 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1289 { 1290 struct ifbrparam *param = arg; 1291 1292 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1293 } 1294 1295 static int 1296 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1297 { 1298 struct ifbrparam *param = arg; 1299 struct bstp_state *bs = &sc->sc_stp; 1300 1301 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1302 return (0); 1303 } 1304 1305 static int 1306 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1307 { 1308 struct ifbrparam *param = arg; 1309 1310 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1311 } 1312 1313 static int 1314 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1315 { 1316 struct ifbreq *req = arg; 1317 struct bridge_iflist *bif; 1318 1319 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1320 if (bif == NULL) 1321 return (ENOENT); 1322 1323 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1324 } 1325 1326 static int 1327 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1328 { 1329 struct ifbreq *req = arg; 1330 struct bridge_iflist *bif; 1331 1332 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1333 if (bif == NULL) 1334 return (ENOENT); 1335 1336 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1337 } 1338 1339 static int 1340 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1341 { 1342 struct ifbreq *req = arg; 1343 struct bridge_iflist *bif = NULL; 1344 struct ifnet *ifs; 1345 1346 ifs = ifunit(req->ifbr_ifsname); 1347 if (ifs == NULL) 1348 return (ENOENT); 1349 1350 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1351 if (ifs == bif->bif_ifp) 1352 return (EBUSY); 1353 1354 if (ifs->if_bridge != NULL) 1355 return (EBUSY); 1356 1357 switch (ifs->if_type) { 1358 case IFT_ETHER: 1359 case IFT_GIF: 1360 case IFT_L2VLAN: 1361 break; 1362 default: 1363 return (EINVAL); 1364 } 1365 1366 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1367 if (bif == NULL) 1368 return (ENOMEM); 1369 1370 bif->bif_ifp = ifs; 1371 bif->bif_flags = IFBIF_SPAN; 1372 1373 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1374 1375 return (0); 1376 } 1377 1378 static int 1379 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1380 { 1381 struct ifbreq *req = arg; 1382 struct bridge_iflist *bif; 1383 struct ifnet *ifs; 1384 1385 ifs = ifunit(req->ifbr_ifsname); 1386 if (ifs == NULL) 1387 return (ENOENT); 1388 1389 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1390 if (ifs == bif->bif_ifp) 1391 break; 1392 1393 if (bif == NULL) 1394 return (ENOENT); 1395 1396 bridge_delete_span(sc, bif); 1397 1398 return (0); 1399 } 1400 1401 static int 1402 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1403 { 1404 struct ifbropreq *req = arg; 1405 struct bstp_state *bs = &sc->sc_stp; 1406 struct bstp_port *root_port; 1407 1408 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1409 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1410 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1411 1412 root_port = bs->bs_root_port; 1413 if (root_port == NULL) 1414 req->ifbop_root_port = 0; 1415 else 1416 req->ifbop_root_port = root_port->bp_ifp->if_index; 1417 1418 req->ifbop_holdcount = bs->bs_txholdcount; 1419 req->ifbop_priority = bs->bs_bridge_priority; 1420 req->ifbop_protocol = bs->bs_protover; 1421 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1422 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1423 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1424 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1425 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1426 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1427 1428 return (0); 1429 } 1430 1431 static int 1432 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1433 { 1434 struct ifbrparam *param = arg; 1435 1436 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1437 return (0); 1438 } 1439 1440 static int 1441 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1442 { 1443 struct ifbpstpconf *bifstp = arg; 1444 struct bridge_iflist *bif; 1445 struct bstp_port *bp; 1446 struct ifbpstpreq bpreq; 1447 int count, len, error = 0; 1448 1449 count = 0; 1450 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1451 if ((bif->bif_flags & IFBIF_STP) != 0) 1452 count++; 1453 } 1454 1455 if (bifstp->ifbpstp_len == 0) { 1456 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1457 return (0); 1458 } 1459 1460 count = 0; 1461 len = bifstp->ifbpstp_len; 1462 bzero(&bpreq, sizeof(bpreq)); 1463 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1464 if (len < sizeof(bpreq)) 1465 break; 1466 1467 if ((bif->bif_flags & IFBIF_STP) == 0) 1468 continue; 1469 1470 bp = &bif->bif_stp; 1471 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1472 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1473 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1474 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1475 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1476 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1477 1478 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1479 sizeof(bpreq)); 1480 if (error != 0) 1481 break; 1482 1483 count++; 1484 len -= sizeof(bpreq); 1485 } 1486 1487 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1488 return (error); 1489 } 1490 1491 static int 1492 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1493 { 1494 struct ifbrparam *param = arg; 1495 1496 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1497 } 1498 1499 static int 1500 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1501 { 1502 struct ifbrparam *param = arg; 1503 1504 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1505 } 1506 1507 /* 1508 * bridge_ifdetach: 1509 * 1510 * Detach an interface from a bridge. Called when a member 1511 * interface is detaching. 1512 */ 1513 static void 1514 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1515 { 1516 struct bridge_softc *sc = ifp->if_bridge; 1517 struct bridge_iflist *bif; 1518 1519 /* Check if the interface is a bridge member */ 1520 if (sc != NULL) { 1521 BRIDGE_LOCK(sc); 1522 1523 bif = bridge_lookup_member_if(sc, ifp); 1524 if (bif != NULL) 1525 bridge_delete_member(sc, bif, 1); 1526 1527 BRIDGE_UNLOCK(sc); 1528 return; 1529 } 1530 1531 /* Check if the interface is a span port */ 1532 mtx_lock(&bridge_list_mtx); 1533 LIST_FOREACH(sc, &bridge_list, sc_list) { 1534 BRIDGE_LOCK(sc); 1535 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1536 if (ifp == bif->bif_ifp) { 1537 bridge_delete_span(sc, bif); 1538 break; 1539 } 1540 1541 BRIDGE_UNLOCK(sc); 1542 } 1543 mtx_unlock(&bridge_list_mtx); 1544 } 1545 1546 /* 1547 * bridge_init: 1548 * 1549 * Initialize a bridge interface. 1550 */ 1551 static void 1552 bridge_init(void *xsc) 1553 { 1554 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1555 struct ifnet *ifp = sc->sc_ifp; 1556 1557 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1558 return; 1559 1560 BRIDGE_LOCK(sc); 1561 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1562 bridge_timer, sc); 1563 1564 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1565 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1566 1567 BRIDGE_UNLOCK(sc); 1568 } 1569 1570 /* 1571 * bridge_stop: 1572 * 1573 * Stop the bridge interface. 1574 */ 1575 static void 1576 bridge_stop(struct ifnet *ifp, int disable) 1577 { 1578 struct bridge_softc *sc = ifp->if_softc; 1579 1580 BRIDGE_LOCK_ASSERT(sc); 1581 1582 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1583 return; 1584 1585 callout_stop(&sc->sc_brcallout); 1586 bstp_stop(&sc->sc_stp); 1587 1588 bridge_rtflush(sc, IFBF_FLUSHDYN); 1589 1590 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1591 } 1592 1593 /* 1594 * bridge_enqueue: 1595 * 1596 * Enqueue a packet on a bridge member interface. 1597 * 1598 */ 1599 static void 1600 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1601 { 1602 int len, err = 0; 1603 short mflags; 1604 struct mbuf *m0; 1605 1606 len = m->m_pkthdr.len; 1607 mflags = m->m_flags; 1608 1609 /* We may be sending a fragment so traverse the mbuf */ 1610 for (; m; m = m0) { 1611 m0 = m->m_nextpkt; 1612 m->m_nextpkt = NULL; 1613 1614 if (err == 0) 1615 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1616 } 1617 1618 if (err == 0) { 1619 1620 sc->sc_ifp->if_opackets++; 1621 sc->sc_ifp->if_obytes += len; 1622 1623 dst_ifp->if_obytes += len; 1624 1625 if (mflags & M_MCAST) { 1626 sc->sc_ifp->if_omcasts++; 1627 dst_ifp->if_omcasts++; 1628 } 1629 } 1630 1631 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1632 (*dst_ifp->if_start)(dst_ifp); 1633 } 1634 1635 /* 1636 * bridge_dummynet: 1637 * 1638 * Receive a queued packet from dummynet and pass it on to the output 1639 * interface. 1640 * 1641 * The mbuf has the Ethernet header already attached. 1642 */ 1643 static void 1644 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1645 { 1646 struct bridge_softc *sc; 1647 1648 sc = ifp->if_bridge; 1649 1650 /* 1651 * The packet didnt originate from a member interface. This should only 1652 * ever happen if a member interface is removed while packets are 1653 * queued for it. 1654 */ 1655 if (sc == NULL) { 1656 m_freem(m); 1657 return; 1658 } 1659 1660 if (PFIL_HOOKED(&inet_pfil_hook) 1661 #ifdef INET6 1662 || PFIL_HOOKED(&inet6_pfil_hook) 1663 #endif 1664 ) { 1665 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1666 return; 1667 if (m == NULL) 1668 return; 1669 } 1670 1671 bridge_enqueue(sc, ifp, m); 1672 } 1673 1674 /* 1675 * bridge_output: 1676 * 1677 * Send output from a bridge member interface. This 1678 * performs the bridging function for locally originated 1679 * packets. 1680 * 1681 * The mbuf has the Ethernet header already attached. We must 1682 * enqueue or free the mbuf before returning. 1683 */ 1684 static int 1685 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1686 struct rtentry *rt) 1687 { 1688 struct ether_header *eh; 1689 struct ifnet *dst_if; 1690 struct bridge_softc *sc; 1691 1692 if (m->m_len < ETHER_HDR_LEN) { 1693 m = m_pullup(m, ETHER_HDR_LEN); 1694 if (m == NULL) 1695 return (0); 1696 } 1697 1698 eh = mtod(m, struct ether_header *); 1699 sc = ifp->if_bridge; 1700 1701 BRIDGE_LOCK(sc); 1702 1703 /* 1704 * If bridge is down, but the original output interface is up, 1705 * go ahead and send out that interface. Otherwise, the packet 1706 * is dropped below. 1707 */ 1708 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1709 dst_if = ifp; 1710 goto sendunicast; 1711 } 1712 1713 /* 1714 * If the packet is a multicast, or we don't know a better way to 1715 * get there, send to all interfaces. 1716 */ 1717 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1718 dst_if = NULL; 1719 else 1720 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1721 if (dst_if == NULL) { 1722 struct bridge_iflist *bif; 1723 struct mbuf *mc; 1724 int error = 0, used = 0; 1725 1726 bridge_span(sc, m); 1727 1728 BRIDGE_LOCK2REF(sc, error); 1729 if (error) { 1730 m_freem(m); 1731 return (0); 1732 } 1733 1734 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1735 dst_if = bif->bif_ifp; 1736 1737 if (dst_if->if_type == IFT_GIF) 1738 continue; 1739 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1740 continue; 1741 1742 /* 1743 * If this is not the original output interface, 1744 * and the interface is participating in spanning 1745 * tree, make sure the port is in a state that 1746 * allows forwarding. 1747 */ 1748 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1749 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1750 continue; 1751 1752 if (LIST_NEXT(bif, bif_next) == NULL) { 1753 used = 1; 1754 mc = m; 1755 } else { 1756 mc = m_copypacket(m, M_DONTWAIT); 1757 if (mc == NULL) { 1758 sc->sc_ifp->if_oerrors++; 1759 continue; 1760 } 1761 } 1762 1763 bridge_enqueue(sc, dst_if, mc); 1764 } 1765 if (used == 0) 1766 m_freem(m); 1767 BRIDGE_UNREF(sc); 1768 return (0); 1769 } 1770 1771 sendunicast: 1772 /* 1773 * XXX Spanning tree consideration here? 1774 */ 1775 1776 bridge_span(sc, m); 1777 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1778 m_freem(m); 1779 BRIDGE_UNLOCK(sc); 1780 return (0); 1781 } 1782 1783 BRIDGE_UNLOCK(sc); 1784 bridge_enqueue(sc, dst_if, m); 1785 return (0); 1786 } 1787 1788 /* 1789 * bridge_start: 1790 * 1791 * Start output on a bridge. 1792 * 1793 */ 1794 static void 1795 bridge_start(struct ifnet *ifp) 1796 { 1797 struct bridge_softc *sc; 1798 struct mbuf *m; 1799 struct ether_header *eh; 1800 struct ifnet *dst_if; 1801 1802 sc = ifp->if_softc; 1803 1804 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1805 for (;;) { 1806 IFQ_DEQUEUE(&ifp->if_snd, m); 1807 if (m == 0) 1808 break; 1809 BPF_MTAP(ifp, m); 1810 1811 eh = mtod(m, struct ether_header *); 1812 dst_if = NULL; 1813 1814 BRIDGE_LOCK(sc); 1815 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1816 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1817 } 1818 1819 if (dst_if == NULL) 1820 bridge_broadcast(sc, ifp, m, 0); 1821 else { 1822 BRIDGE_UNLOCK(sc); 1823 bridge_enqueue(sc, dst_if, m); 1824 } 1825 } 1826 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1827 } 1828 1829 /* 1830 * bridge_forward: 1831 * 1832 * The forwarding function of the bridge. 1833 * 1834 * NOTE: Releases the lock on return. 1835 */ 1836 static void 1837 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1838 { 1839 struct bridge_iflist *bif; 1840 struct ifnet *src_if, *dst_if, *ifp; 1841 struct ether_header *eh; 1842 1843 src_if = m->m_pkthdr.rcvif; 1844 ifp = sc->sc_ifp; 1845 1846 sc->sc_ifp->if_ipackets++; 1847 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1848 1849 /* 1850 * Look up the bridge_iflist. 1851 */ 1852 bif = bridge_lookup_member_if(sc, src_if); 1853 if (bif == NULL) { 1854 /* Interface is not a bridge member (anymore?) */ 1855 BRIDGE_UNLOCK(sc); 1856 m_freem(m); 1857 return; 1858 } 1859 1860 if ((bif->bif_flags & IFBIF_STP) && 1861 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1862 BRIDGE_UNLOCK(sc); 1863 m_freem(m); 1864 return; 1865 } 1866 1867 eh = mtod(m, struct ether_header *); 1868 1869 /* 1870 * If the interface is learning, and the source 1871 * address is valid and not multicast, record 1872 * the address. 1873 */ 1874 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1875 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1876 (eh->ether_shost[0] == 0 && 1877 eh->ether_shost[1] == 0 && 1878 eh->ether_shost[2] == 0 && 1879 eh->ether_shost[3] == 0 && 1880 eh->ether_shost[4] == 0 && 1881 eh->ether_shost[5] == 0) == 0) { 1882 (void) bridge_rtupdate(sc, eh->ether_shost, 1883 bif, 0, IFBAF_DYNAMIC); 1884 } 1885 1886 if ((bif->bif_flags & IFBIF_STP) != 0 && 1887 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1888 m_freem(m); 1889 BRIDGE_UNLOCK(sc); 1890 return; 1891 } 1892 1893 /* 1894 * At this point, the port either doesn't participate 1895 * in spanning tree or it is in the forwarding state. 1896 */ 1897 1898 /* 1899 * If the packet is unicast, destined for someone on 1900 * "this" side of the bridge, drop it. 1901 */ 1902 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1903 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1904 if (src_if == dst_if) { 1905 BRIDGE_UNLOCK(sc); 1906 m_freem(m); 1907 return; 1908 } 1909 } else { 1910 /* ...forward it to all interfaces. */ 1911 sc->sc_ifp->if_imcasts++; 1912 dst_if = NULL; 1913 } 1914 1915 /* 1916 * If we have a destination interface which is a member of our bridge, 1917 * OR this is a unicast packet, push it through the bpf(4) machinery. 1918 * For broadcast or multicast packets, don't bother because it will 1919 * be reinjected into ether_input. We do this before we pass the packets 1920 * through the pfil(9) framework, as it is possible that pfil(9) will 1921 * drop the packet, or possibly modify it, making it difficult to debug 1922 * firewall issues on the bridge. 1923 */ 1924 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1925 BPF_MTAP(ifp, m); 1926 1927 /* run the packet filter */ 1928 if (PFIL_HOOKED(&inet_pfil_hook) 1929 #ifdef INET6 1930 || PFIL_HOOKED(&inet6_pfil_hook) 1931 #endif 1932 ) { 1933 BRIDGE_UNLOCK(sc); 1934 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1935 return; 1936 if (m == NULL) 1937 return; 1938 BRIDGE_LOCK(sc); 1939 } 1940 1941 if (dst_if == NULL) { 1942 bridge_broadcast(sc, src_if, m, 1); 1943 return; 1944 } 1945 1946 /* 1947 * At this point, we're dealing with a unicast frame 1948 * going to a different interface. 1949 */ 1950 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1951 BRIDGE_UNLOCK(sc); 1952 m_freem(m); 1953 return; 1954 } 1955 bif = bridge_lookup_member_if(sc, dst_if); 1956 if (bif == NULL) { 1957 /* Not a member of the bridge (anymore?) */ 1958 BRIDGE_UNLOCK(sc); 1959 m_freem(m); 1960 return; 1961 } 1962 1963 if ((bif->bif_flags & IFBIF_STP) && 1964 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1965 BRIDGE_UNLOCK(sc); 1966 m_freem(m); 1967 return; 1968 } 1969 1970 BRIDGE_UNLOCK(sc); 1971 1972 if (PFIL_HOOKED(&inet_pfil_hook) 1973 #ifdef INET6 1974 || PFIL_HOOKED(&inet6_pfil_hook) 1975 #endif 1976 ) { 1977 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1978 return; 1979 if (m == NULL) 1980 return; 1981 } 1982 1983 bridge_enqueue(sc, dst_if, m); 1984 } 1985 1986 /* 1987 * bridge_input: 1988 * 1989 * Receive input from a member interface. Queue the packet for 1990 * bridging if it is not for us. 1991 */ 1992 static struct mbuf * 1993 bridge_input(struct ifnet *ifp, struct mbuf *m) 1994 { 1995 struct bridge_softc *sc = ifp->if_bridge; 1996 struct bridge_iflist *bif, *bif2; 1997 struct ifnet *bifp; 1998 struct ether_header *eh; 1999 struct mbuf *mc, *mc2; 2000 2001 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2002 return (m); 2003 2004 bifp = sc->sc_ifp; 2005 2006 /* 2007 * Implement support for bridge monitoring. If this flag has been 2008 * set on this interface, discard the packet once we push it through 2009 * the bpf(4) machinery, but before we do, increment the byte and 2010 * packet counters associated with this interface. 2011 */ 2012 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2013 m->m_pkthdr.rcvif = bifp; 2014 BPF_MTAP(bifp, m); 2015 bifp->if_ipackets++; 2016 bifp->if_ibytes += m->m_pkthdr.len; 2017 m_freem(m); 2018 return (NULL); 2019 } 2020 BRIDGE_LOCK(sc); 2021 bif = bridge_lookup_member_if(sc, ifp); 2022 if (bif == NULL) { 2023 BRIDGE_UNLOCK(sc); 2024 return (m); 2025 } 2026 2027 eh = mtod(m, struct ether_header *); 2028 2029 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2030 ETHER_ADDR_LEN) == 0) { 2031 /* 2032 * If the packet is for us, set the packets source as the 2033 * bridge, and return the packet back to ether_input for 2034 * local processing. 2035 */ 2036 2037 /* Note where to send the reply to */ 2038 if (bif->bif_flags & IFBIF_LEARNING) 2039 (void) bridge_rtupdate(sc, 2040 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2041 2042 /* Mark the packet as arriving on the bridge interface */ 2043 m->m_pkthdr.rcvif = bifp; 2044 BPF_MTAP(bifp, m); 2045 bifp->if_ipackets++; 2046 2047 BRIDGE_UNLOCK(sc); 2048 return (m); 2049 } 2050 2051 bridge_span(sc, m); 2052 2053 if (m->m_flags & (M_BCAST|M_MCAST)) { 2054 /* Tap off 802.1D packets; they do not get forwarded. */ 2055 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2056 ETHER_ADDR_LEN) == 0) { 2057 m = bstp_input(&bif->bif_stp, ifp, m); 2058 if (m == NULL) { 2059 BRIDGE_UNLOCK(sc); 2060 return (NULL); 2061 } 2062 } 2063 2064 if ((bif->bif_flags & IFBIF_STP) && 2065 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2066 BRIDGE_UNLOCK(sc); 2067 return (m); 2068 } 2069 2070 /* 2071 * Make a deep copy of the packet and enqueue the copy 2072 * for bridge processing; return the original packet for 2073 * local processing. 2074 */ 2075 mc = m_dup(m, M_DONTWAIT); 2076 if (mc == NULL) { 2077 BRIDGE_UNLOCK(sc); 2078 return (m); 2079 } 2080 2081 /* Perform the bridge forwarding function with the copy. */ 2082 bridge_forward(sc, mc); 2083 2084 /* 2085 * Reinject the mbuf as arriving on the bridge so we have a 2086 * chance at claiming multicast packets. We can not loop back 2087 * here from ether_input as a bridge is never a member of a 2088 * bridge. 2089 */ 2090 KASSERT(bifp->if_bridge == NULL, 2091 ("loop created in bridge_input")); 2092 mc2 = m_dup(m, M_DONTWAIT); 2093 if (mc2 != NULL) { 2094 /* Keep the layer3 header aligned */ 2095 int i = min(mc2->m_pkthdr.len, max_protohdr); 2096 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2097 } 2098 if (mc2 != NULL) { 2099 mc2->m_pkthdr.rcvif = bifp; 2100 (*bifp->if_input)(bifp, mc2); 2101 } 2102 2103 /* Return the original packet for local processing. */ 2104 return (m); 2105 } 2106 2107 if ((bif->bif_flags & IFBIF_STP) && 2108 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2109 BRIDGE_UNLOCK(sc); 2110 return (m); 2111 } 2112 2113 #ifdef DEV_CARP 2114 # define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2115 || ((iface)->if_carp \ 2116 && carp_forus((iface)->if_carp, eh->ether_dhost)) 2117 # define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2118 || ((iface)->if_carp \ 2119 && carp_forus((iface)->if_carp, eh->ether_shost)) 2120 #else 2121 # define OR_CARP_CHECK_WE_ARE_DST(iface) 2122 # define OR_CARP_CHECK_WE_ARE_SRC(iface) 2123 #endif 2124 2125 #define GRAB_OUR_PACKETS(iface) \ 2126 if ((iface)->if_type == IFT_GIF) \ 2127 continue; \ 2128 /* It is destined for us. */ \ 2129 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2130 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2131 ) { \ 2132 if (bif->bif_flags & IFBIF_LEARNING) \ 2133 (void) bridge_rtupdate(sc, \ 2134 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); \ 2135 m->m_pkthdr.rcvif = iface; \ 2136 BRIDGE_UNLOCK(sc); \ 2137 return (m); \ 2138 } \ 2139 \ 2140 /* We just received a packet that we sent out. */ \ 2141 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2142 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2143 ) { \ 2144 BRIDGE_UNLOCK(sc); \ 2145 m_freem(m); \ 2146 return (NULL); \ 2147 } 2148 2149 /* 2150 * Unicast. Make sure it's not for us. 2151 * 2152 * Give a chance for ifp at first priority. This will help when the 2153 * packet comes through the interface like VLAN's with the same MACs 2154 * on several interfaces from the same bridge. This also will save 2155 * some CPU cycles in case the destination interface and the input 2156 * interface (eq ifp) are the same. 2157 */ 2158 do { GRAB_OUR_PACKETS(ifp) } while (0); 2159 2160 /* Now check the all bridge members. */ 2161 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2162 GRAB_OUR_PACKETS(bif2->bif_ifp) 2163 } 2164 2165 #undef OR_CARP_CHECK_WE_ARE_DST 2166 #undef OR_CARP_CHECK_WE_ARE_SRC 2167 #undef GRAB_OUR_PACKETS 2168 2169 /* Perform the bridge forwarding function. */ 2170 bridge_forward(sc, m); 2171 2172 return (NULL); 2173 } 2174 2175 /* 2176 * bridge_broadcast: 2177 * 2178 * Send a frame to all interfaces that are members of 2179 * the bridge, except for the one on which the packet 2180 * arrived. 2181 * 2182 * NOTE: Releases the lock on return. 2183 */ 2184 static void 2185 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2186 struct mbuf *m, int runfilt) 2187 { 2188 struct bridge_iflist *bif; 2189 struct mbuf *mc; 2190 struct ifnet *dst_if; 2191 int error = 0, used = 0, i; 2192 2193 BRIDGE_LOCK2REF(sc, error); 2194 if (error) { 2195 m_freem(m); 2196 return; 2197 } 2198 2199 /* Filter on the bridge interface before broadcasting */ 2200 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2201 #ifdef INET6 2202 || PFIL_HOOKED(&inet6_pfil_hook) 2203 #endif 2204 )) { 2205 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2206 goto out; 2207 if (m == NULL) 2208 goto out; 2209 } 2210 2211 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2212 dst_if = bif->bif_ifp; 2213 if (dst_if == src_if) 2214 continue; 2215 2216 if ((bif->bif_flags & IFBIF_STP) && 2217 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2218 continue; 2219 2220 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2221 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2222 continue; 2223 2224 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2225 continue; 2226 2227 if (LIST_NEXT(bif, bif_next) == NULL) { 2228 mc = m; 2229 used = 1; 2230 } else { 2231 mc = m_dup(m, M_DONTWAIT); 2232 if (mc == NULL) { 2233 sc->sc_ifp->if_oerrors++; 2234 continue; 2235 } 2236 } 2237 2238 /* 2239 * Filter on the output interface. Pass a NULL bridge interface 2240 * pointer so we do not redundantly filter on the bridge for 2241 * each interface we broadcast on. 2242 */ 2243 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2244 #ifdef INET6 2245 || PFIL_HOOKED(&inet6_pfil_hook) 2246 #endif 2247 )) { 2248 if (used == 0) { 2249 /* Keep the layer3 header aligned */ 2250 i = min(mc->m_pkthdr.len, max_protohdr); 2251 mc = m_copyup(mc, i, ETHER_ALIGN); 2252 if (mc == NULL) { 2253 sc->sc_ifp->if_oerrors++; 2254 continue; 2255 } 2256 } 2257 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2258 continue; 2259 if (mc == NULL) 2260 continue; 2261 } 2262 2263 bridge_enqueue(sc, dst_if, mc); 2264 } 2265 if (used == 0) 2266 m_freem(m); 2267 2268 out: 2269 BRIDGE_UNREF(sc); 2270 } 2271 2272 /* 2273 * bridge_span: 2274 * 2275 * Duplicate a packet out one or more interfaces that are in span mode, 2276 * the original mbuf is unmodified. 2277 */ 2278 static void 2279 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2280 { 2281 struct bridge_iflist *bif; 2282 struct ifnet *dst_if; 2283 struct mbuf *mc; 2284 2285 if (LIST_EMPTY(&sc->sc_spanlist)) 2286 return; 2287 2288 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2289 dst_if = bif->bif_ifp; 2290 2291 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2292 continue; 2293 2294 mc = m_copypacket(m, M_DONTWAIT); 2295 if (mc == NULL) { 2296 sc->sc_ifp->if_oerrors++; 2297 continue; 2298 } 2299 2300 bridge_enqueue(sc, dst_if, mc); 2301 } 2302 } 2303 2304 /* 2305 * bridge_rtupdate: 2306 * 2307 * Add a bridge routing entry. 2308 */ 2309 static int 2310 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2311 struct bridge_iflist *bif, int setflags, uint8_t flags) 2312 { 2313 struct bridge_rtnode *brt; 2314 struct ifnet *dst_if = bif->bif_ifp; 2315 int error; 2316 2317 BRIDGE_LOCK_ASSERT(sc); 2318 2319 /* 2320 * A route for this destination might already exist. If so, 2321 * update it, otherwise create a new one. 2322 */ 2323 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2324 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2325 sc->sc_brtexceeded++; 2326 return (ENOSPC); 2327 } 2328 2329 /* 2330 * Allocate a new bridge forwarding node, and 2331 * initialize the expiration time and Ethernet 2332 * address. 2333 */ 2334 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2335 if (brt == NULL) 2336 return (ENOMEM); 2337 2338 if (bif->bif_flags & IFBIF_STICKY) 2339 brt->brt_flags = IFBAF_STICKY; 2340 else 2341 brt->brt_flags = IFBAF_DYNAMIC; 2342 2343 brt->brt_ifp = dst_if; 2344 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2345 2346 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2347 uma_zfree(bridge_rtnode_zone, brt); 2348 return (error); 2349 } 2350 } 2351 2352 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2353 brt->brt_ifp = dst_if; 2354 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2355 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2356 if (setflags) 2357 brt->brt_flags = flags; 2358 2359 return (0); 2360 } 2361 2362 /* 2363 * bridge_rtlookup: 2364 * 2365 * Lookup the destination interface for an address. 2366 */ 2367 static struct ifnet * 2368 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2369 { 2370 struct bridge_rtnode *brt; 2371 2372 BRIDGE_LOCK_ASSERT(sc); 2373 2374 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2375 return (NULL); 2376 2377 return (brt->brt_ifp); 2378 } 2379 2380 /* 2381 * bridge_rttrim: 2382 * 2383 * Trim the routine table so that we have a number 2384 * of routing entries less than or equal to the 2385 * maximum number. 2386 */ 2387 static void 2388 bridge_rttrim(struct bridge_softc *sc) 2389 { 2390 struct bridge_rtnode *brt, *nbrt; 2391 2392 BRIDGE_LOCK_ASSERT(sc); 2393 2394 /* Make sure we actually need to do this. */ 2395 if (sc->sc_brtcnt <= sc->sc_brtmax) 2396 return; 2397 2398 /* Force an aging cycle; this might trim enough addresses. */ 2399 bridge_rtage(sc); 2400 if (sc->sc_brtcnt <= sc->sc_brtmax) 2401 return; 2402 2403 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2404 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2405 bridge_rtnode_destroy(sc, brt); 2406 if (sc->sc_brtcnt <= sc->sc_brtmax) 2407 return; 2408 } 2409 } 2410 } 2411 2412 /* 2413 * bridge_timer: 2414 * 2415 * Aging timer for the bridge. 2416 */ 2417 static void 2418 bridge_timer(void *arg) 2419 { 2420 struct bridge_softc *sc = arg; 2421 2422 BRIDGE_LOCK_ASSERT(sc); 2423 2424 bridge_rtage(sc); 2425 2426 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2427 callout_reset(&sc->sc_brcallout, 2428 bridge_rtable_prune_period * hz, bridge_timer, sc); 2429 } 2430 2431 /* 2432 * bridge_rtage: 2433 * 2434 * Perform an aging cycle. 2435 */ 2436 static void 2437 bridge_rtage(struct bridge_softc *sc) 2438 { 2439 struct bridge_rtnode *brt, *nbrt; 2440 2441 BRIDGE_LOCK_ASSERT(sc); 2442 2443 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2444 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2445 if (time_uptime >= brt->brt_expire) 2446 bridge_rtnode_destroy(sc, brt); 2447 } 2448 } 2449 } 2450 2451 /* 2452 * bridge_rtflush: 2453 * 2454 * Remove all dynamic addresses from the bridge. 2455 */ 2456 static void 2457 bridge_rtflush(struct bridge_softc *sc, int full) 2458 { 2459 struct bridge_rtnode *brt, *nbrt; 2460 2461 BRIDGE_LOCK_ASSERT(sc); 2462 2463 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2464 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2465 bridge_rtnode_destroy(sc, brt); 2466 } 2467 } 2468 2469 /* 2470 * bridge_rtdaddr: 2471 * 2472 * Remove an address from the table. 2473 */ 2474 static int 2475 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2476 { 2477 struct bridge_rtnode *brt; 2478 2479 BRIDGE_LOCK_ASSERT(sc); 2480 2481 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2482 return (ENOENT); 2483 2484 bridge_rtnode_destroy(sc, brt); 2485 return (0); 2486 } 2487 2488 /* 2489 * bridge_rtdelete: 2490 * 2491 * Delete routes to a speicifc member interface. 2492 */ 2493 static void 2494 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2495 { 2496 struct bridge_rtnode *brt, *nbrt; 2497 2498 BRIDGE_LOCK_ASSERT(sc); 2499 2500 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2501 if (brt->brt_ifp == ifp && (full || 2502 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2503 bridge_rtnode_destroy(sc, brt); 2504 } 2505 } 2506 2507 /* 2508 * bridge_rtable_init: 2509 * 2510 * Initialize the route table for this bridge. 2511 */ 2512 static int 2513 bridge_rtable_init(struct bridge_softc *sc) 2514 { 2515 int i; 2516 2517 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2518 M_DEVBUF, M_NOWAIT); 2519 if (sc->sc_rthash == NULL) 2520 return (ENOMEM); 2521 2522 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2523 LIST_INIT(&sc->sc_rthash[i]); 2524 2525 sc->sc_rthash_key = arc4random(); 2526 2527 LIST_INIT(&sc->sc_rtlist); 2528 2529 return (0); 2530 } 2531 2532 /* 2533 * bridge_rtable_fini: 2534 * 2535 * Deconstruct the route table for this bridge. 2536 */ 2537 static void 2538 bridge_rtable_fini(struct bridge_softc *sc) 2539 { 2540 2541 free(sc->sc_rthash, M_DEVBUF); 2542 } 2543 2544 /* 2545 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2546 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2547 */ 2548 #define mix(a, b, c) \ 2549 do { \ 2550 a -= b; a -= c; a ^= (c >> 13); \ 2551 b -= c; b -= a; b ^= (a << 8); \ 2552 c -= a; c -= b; c ^= (b >> 13); \ 2553 a -= b; a -= c; a ^= (c >> 12); \ 2554 b -= c; b -= a; b ^= (a << 16); \ 2555 c -= a; c -= b; c ^= (b >> 5); \ 2556 a -= b; a -= c; a ^= (c >> 3); \ 2557 b -= c; b -= a; b ^= (a << 10); \ 2558 c -= a; c -= b; c ^= (b >> 15); \ 2559 } while (/*CONSTCOND*/0) 2560 2561 static __inline uint32_t 2562 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2563 { 2564 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2565 2566 b += addr[5] << 8; 2567 b += addr[4]; 2568 a += addr[3] << 24; 2569 a += addr[2] << 16; 2570 a += addr[1] << 8; 2571 a += addr[0]; 2572 2573 mix(a, b, c); 2574 2575 return (c & BRIDGE_RTHASH_MASK); 2576 } 2577 2578 #undef mix 2579 2580 static int 2581 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2582 { 2583 int i, d; 2584 2585 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2586 d = ((int)a[i]) - ((int)b[i]); 2587 } 2588 2589 return (d); 2590 } 2591 2592 /* 2593 * bridge_rtnode_lookup: 2594 * 2595 * Look up a bridge route node for the specified destination. 2596 */ 2597 static struct bridge_rtnode * 2598 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2599 { 2600 struct bridge_rtnode *brt; 2601 uint32_t hash; 2602 int dir; 2603 2604 BRIDGE_LOCK_ASSERT(sc); 2605 2606 hash = bridge_rthash(sc, addr); 2607 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2608 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2609 if (dir == 0) 2610 return (brt); 2611 if (dir > 0) 2612 return (NULL); 2613 } 2614 2615 return (NULL); 2616 } 2617 2618 /* 2619 * bridge_rtnode_insert: 2620 * 2621 * Insert the specified bridge node into the route table. We 2622 * assume the entry is not already in the table. 2623 */ 2624 static int 2625 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2626 { 2627 struct bridge_rtnode *lbrt; 2628 uint32_t hash; 2629 int dir; 2630 2631 BRIDGE_LOCK_ASSERT(sc); 2632 2633 hash = bridge_rthash(sc, brt->brt_addr); 2634 2635 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2636 if (lbrt == NULL) { 2637 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2638 goto out; 2639 } 2640 2641 do { 2642 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2643 if (dir == 0) 2644 return (EEXIST); 2645 if (dir > 0) { 2646 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2647 goto out; 2648 } 2649 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2650 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2651 goto out; 2652 } 2653 lbrt = LIST_NEXT(lbrt, brt_hash); 2654 } while (lbrt != NULL); 2655 2656 #ifdef DIAGNOSTIC 2657 panic("bridge_rtnode_insert: impossible"); 2658 #endif 2659 2660 out: 2661 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2662 sc->sc_brtcnt++; 2663 2664 return (0); 2665 } 2666 2667 /* 2668 * bridge_rtnode_destroy: 2669 * 2670 * Destroy a bridge rtnode. 2671 */ 2672 static void 2673 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2674 { 2675 BRIDGE_LOCK_ASSERT(sc); 2676 2677 LIST_REMOVE(brt, brt_hash); 2678 2679 LIST_REMOVE(brt, brt_list); 2680 sc->sc_brtcnt--; 2681 uma_zfree(bridge_rtnode_zone, brt); 2682 } 2683 2684 /* 2685 * bridge_rtable_expire: 2686 * 2687 * Set the expiry time for all routes on an interface. 2688 */ 2689 static void 2690 bridge_rtable_expire(struct ifnet *ifp, int age) 2691 { 2692 struct bridge_softc *sc = ifp->if_bridge; 2693 struct bridge_rtnode *brt; 2694 2695 BRIDGE_LOCK(sc); 2696 2697 /* 2698 * If the age is zero then flush, otherwise set all the expiry times to 2699 * age for the interface 2700 */ 2701 if (age == 0) 2702 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2703 else { 2704 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2705 /* Cap the expiry time to 'age' */ 2706 if (brt->brt_ifp == ifp && 2707 brt->brt_expire > time_uptime + age && 2708 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2709 brt->brt_expire = time_uptime + age; 2710 } 2711 } 2712 BRIDGE_UNLOCK(sc); 2713 } 2714 2715 /* 2716 * bridge_state_change: 2717 * 2718 * Callback from the bridgestp code when a port changes states. 2719 */ 2720 static void 2721 bridge_state_change(struct ifnet *ifp, int state) 2722 { 2723 struct bridge_softc *sc = ifp->if_bridge; 2724 static const char *stpstates[] = { 2725 "disabled", 2726 "listening", 2727 "learning", 2728 "forwarding", 2729 "blocking", 2730 "discarding" 2731 }; 2732 2733 if (log_stp) 2734 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2735 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2736 } 2737 2738 /* 2739 * Send bridge packets through pfil if they are one of the types pfil can deal 2740 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2741 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2742 * that interface. 2743 */ 2744 static int 2745 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2746 { 2747 int snap, error, i, hlen; 2748 struct ether_header *eh1, eh2; 2749 struct ip_fw_args args; 2750 struct ip *ip; 2751 struct llc llc1; 2752 u_int16_t ether_type; 2753 2754 snap = 0; 2755 error = -1; /* Default error if not error == 0 */ 2756 2757 /* we may return with the IP fields swapped, ensure its not shared */ 2758 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2759 2760 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2761 return (0); /* filtering is disabled */ 2762 2763 i = min((*mp)->m_pkthdr.len, max_protohdr); 2764 if ((*mp)->m_len < i) { 2765 *mp = m_pullup(*mp, i); 2766 if (*mp == NULL) { 2767 printf("%s: m_pullup failed\n", __func__); 2768 return (-1); 2769 } 2770 } 2771 2772 eh1 = mtod(*mp, struct ether_header *); 2773 ether_type = ntohs(eh1->ether_type); 2774 2775 /* 2776 * Check for SNAP/LLC. 2777 */ 2778 if (ether_type < ETHERMTU) { 2779 struct llc *llc2 = (struct llc *)(eh1 + 1); 2780 2781 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2782 llc2->llc_dsap == LLC_SNAP_LSAP && 2783 llc2->llc_ssap == LLC_SNAP_LSAP && 2784 llc2->llc_control == LLC_UI) { 2785 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2786 snap = 1; 2787 } 2788 } 2789 2790 /* 2791 * If we're trying to filter bridge traffic, don't look at anything 2792 * other than IP and ARP traffic. If the filter doesn't understand 2793 * IPv6, don't allow IPv6 through the bridge either. This is lame 2794 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2795 * but of course we don't have an AppleTalk filter to begin with. 2796 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2797 * ARP traffic.) 2798 */ 2799 switch (ether_type) { 2800 case ETHERTYPE_ARP: 2801 case ETHERTYPE_REVARP: 2802 if (pfil_ipfw_arp == 0) 2803 return (0); /* Automatically pass */ 2804 break; 2805 2806 case ETHERTYPE_IP: 2807 #ifdef INET6 2808 case ETHERTYPE_IPV6: 2809 #endif /* INET6 */ 2810 break; 2811 default: 2812 /* 2813 * Check to see if the user wants to pass non-ip 2814 * packets, these will not be checked by pfil(9) and 2815 * passed unconditionally so the default is to drop. 2816 */ 2817 if (pfil_onlyip) 2818 goto bad; 2819 } 2820 2821 /* Strip off the Ethernet header and keep a copy. */ 2822 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2823 m_adj(*mp, ETHER_HDR_LEN); 2824 2825 /* Strip off snap header, if present */ 2826 if (snap) { 2827 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2828 m_adj(*mp, sizeof(struct llc)); 2829 } 2830 2831 /* 2832 * Check the IP header for alignment and errors 2833 */ 2834 if (dir == PFIL_IN) { 2835 switch (ether_type) { 2836 case ETHERTYPE_IP: 2837 error = bridge_ip_checkbasic(mp); 2838 break; 2839 #ifdef INET6 2840 case ETHERTYPE_IPV6: 2841 error = bridge_ip6_checkbasic(mp); 2842 break; 2843 #endif /* INET6 */ 2844 default: 2845 error = 0; 2846 } 2847 if (error) 2848 goto bad; 2849 } 2850 2851 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2852 error = -1; 2853 args.rule = ip_dn_claim_rule(*mp); 2854 if (args.rule != NULL && fw_one_pass) 2855 goto ipfwpass; /* packet already partially processed */ 2856 2857 args.m = *mp; 2858 args.oif = ifp; 2859 args.next_hop = NULL; 2860 args.eh = &eh2; 2861 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2862 i = ip_fw_chk_ptr(&args); 2863 *mp = args.m; 2864 2865 if (*mp == NULL) 2866 return (error); 2867 2868 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2869 2870 /* put the Ethernet header back on */ 2871 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2872 if (*mp == NULL) 2873 return (error); 2874 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2875 2876 /* 2877 * Pass the pkt to dummynet, which consumes it. The 2878 * packet will return to us via bridge_dummynet(). 2879 */ 2880 args.oif = ifp; 2881 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2882 return (error); 2883 } 2884 2885 if (i != IP_FW_PASS) /* drop */ 2886 goto bad; 2887 } 2888 2889 ipfwpass: 2890 error = 0; 2891 2892 /* 2893 * Run the packet through pfil 2894 */ 2895 switch (ether_type) { 2896 case ETHERTYPE_IP: 2897 /* 2898 * before calling the firewall, swap fields the same as 2899 * IP does. here we assume the header is contiguous 2900 */ 2901 ip = mtod(*mp, struct ip *); 2902 2903 ip->ip_len = ntohs(ip->ip_len); 2904 ip->ip_off = ntohs(ip->ip_off); 2905 2906 /* 2907 * Run pfil on the member interface and the bridge, both can 2908 * be skipped by clearing pfil_member or pfil_bridge. 2909 * 2910 * Keep the order: 2911 * in_if -> bridge_if -> out_if 2912 */ 2913 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2914 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2915 dir, NULL); 2916 2917 if (*mp == NULL || error != 0) /* filter may consume */ 2918 break; 2919 2920 if (pfil_member && ifp != NULL) 2921 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2922 dir, NULL); 2923 2924 if (*mp == NULL || error != 0) /* filter may consume */ 2925 break; 2926 2927 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2928 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2929 dir, NULL); 2930 2931 if (*mp == NULL || error != 0) /* filter may consume */ 2932 break; 2933 2934 /* check if we need to fragment the packet */ 2935 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2936 i = (*mp)->m_pkthdr.len; 2937 if (i > ifp->if_mtu) { 2938 error = bridge_fragment(ifp, *mp, &eh2, snap, 2939 &llc1); 2940 return (error); 2941 } 2942 } 2943 2944 /* Recalculate the ip checksum and restore byte ordering */ 2945 ip = mtod(*mp, struct ip *); 2946 hlen = ip->ip_hl << 2; 2947 if (hlen < sizeof(struct ip)) 2948 goto bad; 2949 if (hlen > (*mp)->m_len) { 2950 if ((*mp = m_pullup(*mp, hlen)) == 0) 2951 goto bad; 2952 ip = mtod(*mp, struct ip *); 2953 if (ip == NULL) 2954 goto bad; 2955 } 2956 ip->ip_len = htons(ip->ip_len); 2957 ip->ip_off = htons(ip->ip_off); 2958 ip->ip_sum = 0; 2959 if (hlen == sizeof(struct ip)) 2960 ip->ip_sum = in_cksum_hdr(ip); 2961 else 2962 ip->ip_sum = in_cksum(*mp, hlen); 2963 2964 break; 2965 #ifdef INET6 2966 case ETHERTYPE_IPV6: 2967 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2968 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2969 dir, NULL); 2970 2971 if (*mp == NULL || error != 0) /* filter may consume */ 2972 break; 2973 2974 if (pfil_member && ifp != NULL) 2975 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2976 dir, NULL); 2977 2978 if (*mp == NULL || error != 0) /* filter may consume */ 2979 break; 2980 2981 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2982 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2983 dir, NULL); 2984 break; 2985 #endif 2986 default: 2987 error = 0; 2988 break; 2989 } 2990 2991 if (*mp == NULL) 2992 return (error); 2993 if (error != 0) 2994 goto bad; 2995 2996 error = -1; 2997 2998 /* 2999 * Finally, put everything back the way it was and return 3000 */ 3001 if (snap) { 3002 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3003 if (*mp == NULL) 3004 return (error); 3005 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3006 } 3007 3008 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3009 if (*mp == NULL) 3010 return (error); 3011 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3012 3013 return (0); 3014 3015 bad: 3016 m_freem(*mp); 3017 *mp = NULL; 3018 return (error); 3019 } 3020 3021 /* 3022 * Perform basic checks on header size since 3023 * pfil assumes ip_input has already processed 3024 * it for it. Cut-and-pasted from ip_input.c. 3025 * Given how simple the IPv6 version is, 3026 * does the IPv4 version really need to be 3027 * this complicated? 3028 * 3029 * XXX Should we update ipstat here, or not? 3030 * XXX Right now we update ipstat but not 3031 * XXX csum_counter. 3032 */ 3033 static int 3034 bridge_ip_checkbasic(struct mbuf **mp) 3035 { 3036 struct mbuf *m = *mp; 3037 struct ip *ip; 3038 int len, hlen; 3039 u_short sum; 3040 3041 if (*mp == NULL) 3042 return (-1); 3043 3044 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3045 if ((m = m_copyup(m, sizeof(struct ip), 3046 (max_linkhdr + 3) & ~3)) == NULL) { 3047 /* XXXJRT new stat, please */ 3048 ipstat.ips_toosmall++; 3049 goto bad; 3050 } 3051 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3052 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3053 ipstat.ips_toosmall++; 3054 goto bad; 3055 } 3056 } 3057 ip = mtod(m, struct ip *); 3058 if (ip == NULL) goto bad; 3059 3060 if (ip->ip_v != IPVERSION) { 3061 ipstat.ips_badvers++; 3062 goto bad; 3063 } 3064 hlen = ip->ip_hl << 2; 3065 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3066 ipstat.ips_badhlen++; 3067 goto bad; 3068 } 3069 if (hlen > m->m_len) { 3070 if ((m = m_pullup(m, hlen)) == 0) { 3071 ipstat.ips_badhlen++; 3072 goto bad; 3073 } 3074 ip = mtod(m, struct ip *); 3075 if (ip == NULL) goto bad; 3076 } 3077 3078 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3079 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3080 } else { 3081 if (hlen == sizeof(struct ip)) { 3082 sum = in_cksum_hdr(ip); 3083 } else { 3084 sum = in_cksum(m, hlen); 3085 } 3086 } 3087 if (sum) { 3088 ipstat.ips_badsum++; 3089 goto bad; 3090 } 3091 3092 /* Retrieve the packet length. */ 3093 len = ntohs(ip->ip_len); 3094 3095 /* 3096 * Check for additional length bogosity 3097 */ 3098 if (len < hlen) { 3099 ipstat.ips_badlen++; 3100 goto bad; 3101 } 3102 3103 /* 3104 * Check that the amount of data in the buffers 3105 * is as at least much as the IP header would have us expect. 3106 * Drop packet if shorter than we expect. 3107 */ 3108 if (m->m_pkthdr.len < len) { 3109 ipstat.ips_tooshort++; 3110 goto bad; 3111 } 3112 3113 /* Checks out, proceed */ 3114 *mp = m; 3115 return (0); 3116 3117 bad: 3118 *mp = m; 3119 return (-1); 3120 } 3121 3122 #ifdef INET6 3123 /* 3124 * Same as above, but for IPv6. 3125 * Cut-and-pasted from ip6_input.c. 3126 * XXX Should we update ip6stat, or not? 3127 */ 3128 static int 3129 bridge_ip6_checkbasic(struct mbuf **mp) 3130 { 3131 struct mbuf *m = *mp; 3132 struct ip6_hdr *ip6; 3133 3134 /* 3135 * If the IPv6 header is not aligned, slurp it up into a new 3136 * mbuf with space for link headers, in the event we forward 3137 * it. Otherwise, if it is aligned, make sure the entire base 3138 * IPv6 header is in the first mbuf of the chain. 3139 */ 3140 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3141 struct ifnet *inifp = m->m_pkthdr.rcvif; 3142 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3143 (max_linkhdr + 3) & ~3)) == NULL) { 3144 /* XXXJRT new stat, please */ 3145 ip6stat.ip6s_toosmall++; 3146 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3147 goto bad; 3148 } 3149 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3150 struct ifnet *inifp = m->m_pkthdr.rcvif; 3151 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3152 ip6stat.ip6s_toosmall++; 3153 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3154 goto bad; 3155 } 3156 } 3157 3158 ip6 = mtod(m, struct ip6_hdr *); 3159 3160 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3161 ip6stat.ip6s_badvers++; 3162 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3163 goto bad; 3164 } 3165 3166 /* Checks out, proceed */ 3167 *mp = m; 3168 return (0); 3169 3170 bad: 3171 *mp = m; 3172 return (-1); 3173 } 3174 #endif /* INET6 */ 3175 3176 /* 3177 * bridge_fragment: 3178 * 3179 * Return a fragmented mbuf chain. 3180 */ 3181 static int 3182 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3183 int snap, struct llc *llc) 3184 { 3185 struct mbuf *m0; 3186 struct ip *ip; 3187 int error = -1; 3188 3189 if (m->m_len < sizeof(struct ip) && 3190 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3191 goto out; 3192 ip = mtod(m, struct ip *); 3193 3194 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3195 CSUM_DELAY_IP); 3196 if (error) 3197 goto out; 3198 3199 /* walk the chain and re-add the Ethernet header */ 3200 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3201 if (error == 0) { 3202 if (snap) { 3203 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3204 if (m0 == NULL) { 3205 error = ENOBUFS; 3206 continue; 3207 } 3208 bcopy(llc, mtod(m0, caddr_t), 3209 sizeof(struct llc)); 3210 } 3211 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3212 if (m0 == NULL) { 3213 error = ENOBUFS; 3214 continue; 3215 } 3216 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3217 } else 3218 m_freem(m); 3219 } 3220 3221 if (error == 0) 3222 ipstat.ips_fragmented++; 3223 3224 return (error); 3225 3226 out: 3227 if (m != NULL) 3228 m_freem(m); 3229 return (error); 3230 } 3231