1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/priv.h> 105 #include <sys/proc.h> 106 #include <sys/lock.h> 107 #include <sys/mutex.h> 108 109 #include <net/bpf.h> 110 #include <net/if.h> 111 #include <net/if_clone.h> 112 #include <net/if_dl.h> 113 #include <net/if_types.h> 114 #include <net/if_var.h> 115 #include <net/pfil.h> 116 117 #include <netinet/in.h> /* for struct arpcom */ 118 #include <netinet/in_systm.h> 119 #include <netinet/in_var.h> 120 #include <netinet/ip.h> 121 #include <netinet/ip_var.h> 122 #ifdef INET6 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 #endif 126 #ifdef DEV_CARP 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> /* for struct arpcom */ 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 #include <net/if_vlan_var.h> 135 136 #include <net/route.h> 137 #include <netinet/ip_fw.h> 138 #include <netinet/ip_dummynet.h> 139 140 /* 141 * Size of the route hash table. Must be a power of two. 142 */ 143 #ifndef BRIDGE_RTHASH_SIZE 144 #define BRIDGE_RTHASH_SIZE 1024 145 #endif 146 147 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 148 149 /* 150 * Maximum number of addresses to cache. 151 */ 152 #ifndef BRIDGE_RTABLE_MAX 153 #define BRIDGE_RTABLE_MAX 100 154 #endif 155 156 /* 157 * Timeout (in seconds) for entries learned dynamically. 158 */ 159 #ifndef BRIDGE_RTABLE_TIMEOUT 160 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 161 #endif 162 163 /* 164 * Number of seconds between walks of the route list. 165 */ 166 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 167 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 168 #endif 169 170 /* 171 * List of capabilities to mask on the member interface. 172 */ 173 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 174 175 /* 176 * Bridge interface list entry. 177 */ 178 struct bridge_iflist { 179 LIST_ENTRY(bridge_iflist) bif_next; 180 struct ifnet *bif_ifp; /* member if */ 181 struct bstp_port bif_stp; /* STP state */ 182 uint32_t bif_flags; /* member if flags */ 183 int bif_mutecap; /* member muted caps */ 184 }; 185 186 /* 187 * Bridge route node. 188 */ 189 struct bridge_rtnode { 190 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 191 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 192 struct ifnet *brt_ifp; /* destination if */ 193 unsigned long brt_expire; /* expiration time */ 194 uint8_t brt_flags; /* address flags */ 195 uint8_t brt_addr[ETHER_ADDR_LEN]; 196 uint16_t brt_vlan; /* vlan id */ 197 }; 198 199 /* 200 * Software state for each bridge. 201 */ 202 struct bridge_softc { 203 struct ifnet *sc_ifp; /* make this an interface */ 204 LIST_ENTRY(bridge_softc) sc_list; 205 struct mtx sc_mtx; 206 struct cv sc_cv; 207 uint32_t sc_brtmax; /* max # of addresses */ 208 uint32_t sc_brtcnt; /* cur. # of addresses */ 209 uint32_t sc_brttimeout; /* rt timeout in seconds */ 210 struct callout sc_brcallout; /* bridge callout */ 211 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 212 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 213 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 214 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 215 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 216 uint32_t sc_rthash_key; /* key for hash */ 217 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 218 struct bstp_state sc_stp; /* STP state */ 219 uint32_t sc_brtexceeded; /* # of cache drops */ 220 }; 221 222 static struct mtx bridge_list_mtx; 223 eventhandler_tag bridge_detach_cookie = NULL; 224 225 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 226 227 uma_zone_t bridge_rtnode_zone; 228 229 static int bridge_clone_create(struct if_clone *, int, caddr_t); 230 static void bridge_clone_destroy(struct ifnet *); 231 232 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 233 static void bridge_mutecaps(struct bridge_iflist *, int); 234 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 235 static void bridge_init(void *); 236 static void bridge_dummynet(struct mbuf *, struct ifnet *); 237 static void bridge_stop(struct ifnet *, int); 238 static void bridge_start(struct ifnet *); 239 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 240 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 241 struct rtentry *); 242 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 243 struct mbuf *); 244 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 245 246 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 247 248 static void bridge_timer(void *); 249 250 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 251 struct mbuf *, int); 252 static void bridge_span(struct bridge_softc *, struct mbuf *); 253 254 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 255 uint16_t, struct bridge_iflist *, int, uint8_t); 256 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 257 uint16_t); 258 static void bridge_rttrim(struct bridge_softc *); 259 static void bridge_rtage(struct bridge_softc *); 260 static void bridge_rtflush(struct bridge_softc *, int); 261 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 262 uint16_t); 263 264 static int bridge_rtable_init(struct bridge_softc *); 265 static void bridge_rtable_fini(struct bridge_softc *); 266 267 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 268 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 269 const uint8_t *, uint16_t); 270 static int bridge_rtnode_insert(struct bridge_softc *, 271 struct bridge_rtnode *); 272 static void bridge_rtnode_destroy(struct bridge_softc *, 273 struct bridge_rtnode *); 274 static void bridge_rtable_expire(struct ifnet *, int); 275 static void bridge_state_change(struct ifnet *, int); 276 277 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 278 const char *name); 279 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 280 struct ifnet *ifp); 281 static void bridge_delete_member(struct bridge_softc *, 282 struct bridge_iflist *, int); 283 static void bridge_delete_span(struct bridge_softc *, 284 struct bridge_iflist *); 285 286 static int bridge_ioctl_add(struct bridge_softc *, void *); 287 static int bridge_ioctl_del(struct bridge_softc *, void *); 288 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 289 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 290 static int bridge_ioctl_scache(struct bridge_softc *, void *); 291 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 292 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 293 static int bridge_ioctl_rts(struct bridge_softc *, void *); 294 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 295 static int bridge_ioctl_sto(struct bridge_softc *, void *); 296 static int bridge_ioctl_gto(struct bridge_softc *, void *); 297 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 298 static int bridge_ioctl_flush(struct bridge_softc *, void *); 299 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 300 static int bridge_ioctl_spri(struct bridge_softc *, void *); 301 static int bridge_ioctl_ght(struct bridge_softc *, void *); 302 static int bridge_ioctl_sht(struct bridge_softc *, void *); 303 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 304 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 305 static int bridge_ioctl_gma(struct bridge_softc *, void *); 306 static int bridge_ioctl_sma(struct bridge_softc *, void *); 307 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 308 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 309 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 310 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 311 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 312 static int bridge_ioctl_grte(struct bridge_softc *, void *); 313 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 314 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 315 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 316 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 317 int); 318 static int bridge_ip_checkbasic(struct mbuf **mp); 319 #ifdef INET6 320 static int bridge_ip6_checkbasic(struct mbuf **mp); 321 #endif /* INET6 */ 322 static int bridge_fragment(struct ifnet *, struct mbuf *, 323 struct ether_header *, int, struct llc *); 324 325 /* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 326 #define VLANTAGOF(_m) \ 327 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 328 329 static struct bstp_cb_ops bridge_ops = { 330 .bcb_state = bridge_state_change, 331 .bcb_rtage = bridge_rtable_expire 332 }; 333 334 SYSCTL_DECL(_net_link); 335 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 336 337 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 338 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 339 static int pfil_member = 1; /* run pfil hooks on the member interface */ 340 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 341 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 342 static int log_stp = 0; /* log STP state changes */ 343 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 344 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 345 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 346 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 347 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 348 &pfil_bridge, 0, "Packet filter on the bridge interface"); 349 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 350 &pfil_member, 0, "Packet filter on the member interface"); 351 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 352 &log_stp, 0, "Log STP state changes"); 353 354 struct bridge_control { 355 int (*bc_func)(struct bridge_softc *, void *); 356 int bc_argsize; 357 int bc_flags; 358 }; 359 360 #define BC_F_COPYIN 0x01 /* copy arguments in */ 361 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 362 #define BC_F_SUSER 0x04 /* do super-user check */ 363 364 const struct bridge_control bridge_control_table[] = { 365 { bridge_ioctl_add, sizeof(struct ifbreq), 366 BC_F_COPYIN|BC_F_SUSER }, 367 { bridge_ioctl_del, sizeof(struct ifbreq), 368 BC_F_COPYIN|BC_F_SUSER }, 369 370 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 371 BC_F_COPYIN|BC_F_COPYOUT }, 372 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 373 BC_F_COPYIN|BC_F_SUSER }, 374 375 { bridge_ioctl_scache, sizeof(struct ifbrparam), 376 BC_F_COPYIN|BC_F_SUSER }, 377 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 378 BC_F_COPYOUT }, 379 380 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 381 BC_F_COPYIN|BC_F_COPYOUT }, 382 { bridge_ioctl_rts, sizeof(struct ifbaconf), 383 BC_F_COPYIN|BC_F_COPYOUT }, 384 385 { bridge_ioctl_saddr, sizeof(struct ifbareq), 386 BC_F_COPYIN|BC_F_SUSER }, 387 388 { bridge_ioctl_sto, sizeof(struct ifbrparam), 389 BC_F_COPYIN|BC_F_SUSER }, 390 { bridge_ioctl_gto, sizeof(struct ifbrparam), 391 BC_F_COPYOUT }, 392 393 { bridge_ioctl_daddr, sizeof(struct ifbareq), 394 BC_F_COPYIN|BC_F_SUSER }, 395 396 { bridge_ioctl_flush, sizeof(struct ifbreq), 397 BC_F_COPYIN|BC_F_SUSER }, 398 399 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 400 BC_F_COPYOUT }, 401 { bridge_ioctl_spri, sizeof(struct ifbrparam), 402 BC_F_COPYIN|BC_F_SUSER }, 403 404 { bridge_ioctl_ght, sizeof(struct ifbrparam), 405 BC_F_COPYOUT }, 406 { bridge_ioctl_sht, sizeof(struct ifbrparam), 407 BC_F_COPYIN|BC_F_SUSER }, 408 409 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 410 BC_F_COPYOUT }, 411 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_gma, sizeof(struct ifbrparam), 415 BC_F_COPYOUT }, 416 { bridge_ioctl_sma, sizeof(struct ifbrparam), 417 BC_F_COPYIN|BC_F_SUSER }, 418 419 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 420 BC_F_COPYIN|BC_F_SUSER }, 421 422 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 423 BC_F_COPYIN|BC_F_SUSER }, 424 425 { bridge_ioctl_addspan, sizeof(struct ifbreq), 426 BC_F_COPYIN|BC_F_SUSER }, 427 { bridge_ioctl_delspan, sizeof(struct ifbreq), 428 BC_F_COPYIN|BC_F_SUSER }, 429 430 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 431 BC_F_COPYOUT }, 432 433 { bridge_ioctl_grte, sizeof(struct ifbrparam), 434 BC_F_COPYOUT }, 435 436 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 437 BC_F_COPYIN|BC_F_COPYOUT }, 438 439 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 440 BC_F_COPYIN|BC_F_SUSER }, 441 442 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 443 BC_F_COPYIN|BC_F_SUSER }, 444 }; 445 const int bridge_control_table_size = 446 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 447 448 LIST_HEAD(, bridge_softc) bridge_list; 449 450 IFC_SIMPLE_DECLARE(bridge, 0); 451 452 static int 453 bridge_modevent(module_t mod, int type, void *data) 454 { 455 456 switch (type) { 457 case MOD_LOAD: 458 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 459 if_clone_attach(&bridge_cloner); 460 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 461 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 462 UMA_ALIGN_PTR, 0); 463 LIST_INIT(&bridge_list); 464 bridge_input_p = bridge_input; 465 bridge_output_p = bridge_output; 466 bridge_dn_p = bridge_dummynet; 467 bridge_detach_cookie = EVENTHANDLER_REGISTER( 468 ifnet_departure_event, bridge_ifdetach, NULL, 469 EVENTHANDLER_PRI_ANY); 470 break; 471 case MOD_UNLOAD: 472 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 473 bridge_detach_cookie); 474 if_clone_detach(&bridge_cloner); 475 uma_zdestroy(bridge_rtnode_zone); 476 bridge_input_p = NULL; 477 bridge_output_p = NULL; 478 bridge_dn_p = NULL; 479 mtx_destroy(&bridge_list_mtx); 480 break; 481 default: 482 return (EOPNOTSUPP); 483 } 484 return (0); 485 } 486 487 static moduledata_t bridge_mod = { 488 "if_bridge", 489 bridge_modevent, 490 0 491 }; 492 493 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 494 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 495 496 /* 497 * handler for net.link.bridge.pfil_ipfw 498 */ 499 static int 500 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 501 { 502 int enable = pfil_ipfw; 503 int error; 504 505 error = sysctl_handle_int(oidp, &enable, 0, req); 506 enable = (enable) ? 1 : 0; 507 508 if (enable != pfil_ipfw) { 509 pfil_ipfw = enable; 510 511 /* 512 * Disable pfil so that ipfw doesnt run twice, if the user 513 * really wants both then they can re-enable pfil_bridge and/or 514 * pfil_member. Also allow non-ip packets as ipfw can filter by 515 * layer2 type. 516 */ 517 if (pfil_ipfw) { 518 pfil_onlyip = 0; 519 pfil_bridge = 0; 520 pfil_member = 0; 521 } 522 } 523 524 return (error); 525 } 526 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 527 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 528 529 /* 530 * bridge_clone_create: 531 * 532 * Create a new bridge instance. 533 */ 534 static int 535 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 536 { 537 struct bridge_softc *sc, *sc2; 538 struct ifnet *bifp, *ifp; 539 u_char eaddr[6]; 540 int retry; 541 542 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 543 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 544 if (ifp == NULL) { 545 free(sc, M_DEVBUF); 546 return (ENOSPC); 547 } 548 549 BRIDGE_LOCK_INIT(sc); 550 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 551 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 552 553 /* Initialize our routing table. */ 554 bridge_rtable_init(sc); 555 556 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 557 558 LIST_INIT(&sc->sc_iflist); 559 LIST_INIT(&sc->sc_spanlist); 560 561 ifp->if_softc = sc; 562 if_initname(ifp, ifc->ifc_name, unit); 563 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 564 ifp->if_ioctl = bridge_ioctl; 565 ifp->if_start = bridge_start; 566 ifp->if_init = bridge_init; 567 ifp->if_type = IFT_BRIDGE; 568 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 569 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 570 IFQ_SET_READY(&ifp->if_snd); 571 572 /* 573 * Generate a random ethernet address with a locally administered 574 * address. 575 * 576 * Since we are using random ethernet addresses for the bridge, it is 577 * possible that we might have address collisions, so make sure that 578 * this hardware address isn't already in use on another bridge. 579 */ 580 for (retry = 1; retry != 0;) { 581 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 582 eaddr[0] &= ~1; /* clear multicast bit */ 583 eaddr[0] |= 2; /* set the LAA bit */ 584 retry = 0; 585 mtx_lock(&bridge_list_mtx); 586 LIST_FOREACH(sc2, &bridge_list, sc_list) { 587 bifp = sc2->sc_ifp; 588 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 589 retry = 1; 590 } 591 mtx_unlock(&bridge_list_mtx); 592 } 593 594 bstp_attach(&sc->sc_stp, &bridge_ops); 595 ether_ifattach(ifp, eaddr); 596 /* Now undo some of the damage... */ 597 ifp->if_baudrate = 0; 598 ifp->if_type = IFT_BRIDGE; 599 600 mtx_lock(&bridge_list_mtx); 601 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 602 mtx_unlock(&bridge_list_mtx); 603 604 return (0); 605 } 606 607 /* 608 * bridge_clone_destroy: 609 * 610 * Destroy a bridge instance. 611 */ 612 static void 613 bridge_clone_destroy(struct ifnet *ifp) 614 { 615 struct bridge_softc *sc = ifp->if_softc; 616 struct bridge_iflist *bif; 617 618 BRIDGE_LOCK(sc); 619 620 bridge_stop(ifp, 1); 621 ifp->if_flags &= ~IFF_UP; 622 623 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 624 bridge_delete_member(sc, bif, 0); 625 626 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 627 bridge_delete_span(sc, bif); 628 } 629 630 BRIDGE_UNLOCK(sc); 631 632 callout_drain(&sc->sc_brcallout); 633 634 mtx_lock(&bridge_list_mtx); 635 LIST_REMOVE(sc, sc_list); 636 mtx_unlock(&bridge_list_mtx); 637 638 bstp_detach(&sc->sc_stp); 639 ether_ifdetach(ifp); 640 if_free_type(ifp, IFT_ETHER); 641 642 /* Tear down the routing table. */ 643 bridge_rtable_fini(sc); 644 645 BRIDGE_LOCK_DESTROY(sc); 646 free(sc, M_DEVBUF); 647 } 648 649 /* 650 * bridge_ioctl: 651 * 652 * Handle a control request from the operator. 653 */ 654 static int 655 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 656 { 657 struct bridge_softc *sc = ifp->if_softc; 658 struct thread *td = curthread; 659 union { 660 struct ifbreq ifbreq; 661 struct ifbifconf ifbifconf; 662 struct ifbareq ifbareq; 663 struct ifbaconf ifbaconf; 664 struct ifbrparam ifbrparam; 665 struct ifbropreq ifbropreq; 666 } args; 667 struct ifdrv *ifd = (struct ifdrv *) data; 668 const struct bridge_control *bc; 669 int error = 0; 670 671 BRIDGE_LOCK(sc); 672 673 switch (cmd) { 674 675 case SIOCADDMULTI: 676 case SIOCDELMULTI: 677 break; 678 679 case SIOCGDRVSPEC: 680 case SIOCSDRVSPEC: 681 if (ifd->ifd_cmd >= bridge_control_table_size) { 682 error = EINVAL; 683 break; 684 } 685 bc = &bridge_control_table[ifd->ifd_cmd]; 686 687 if (cmd == SIOCGDRVSPEC && 688 (bc->bc_flags & BC_F_COPYOUT) == 0) { 689 error = EINVAL; 690 break; 691 } 692 else if (cmd == SIOCSDRVSPEC && 693 (bc->bc_flags & BC_F_COPYOUT) != 0) { 694 error = EINVAL; 695 break; 696 } 697 698 if (bc->bc_flags & BC_F_SUSER) { 699 error = priv_check(td, PRIV_NET_BRIDGE); 700 if (error) 701 break; 702 } 703 704 if (ifd->ifd_len != bc->bc_argsize || 705 ifd->ifd_len > sizeof(args)) { 706 error = EINVAL; 707 break; 708 } 709 710 bzero(&args, sizeof(args)); 711 if (bc->bc_flags & BC_F_COPYIN) { 712 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 713 if (error) 714 break; 715 } 716 717 error = (*bc->bc_func)(sc, &args); 718 if (error) 719 break; 720 721 if (bc->bc_flags & BC_F_COPYOUT) 722 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 723 724 break; 725 726 case SIOCSIFFLAGS: 727 if (!(ifp->if_flags & IFF_UP) && 728 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 729 /* 730 * If interface is marked down and it is running, 731 * then stop and disable it. 732 */ 733 bridge_stop(ifp, 1); 734 } else if ((ifp->if_flags & IFF_UP) && 735 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 736 /* 737 * If interface is marked up and it is stopped, then 738 * start it. 739 */ 740 BRIDGE_UNLOCK(sc); 741 (*ifp->if_init)(sc); 742 } 743 break; 744 745 case SIOCSIFMTU: 746 /* Do not allow the MTU to be changed on the bridge */ 747 error = EINVAL; 748 break; 749 750 default: 751 /* 752 * drop the lock as ether_ioctl() will call bridge_start() and 753 * cause the lock to be recursed. 754 */ 755 BRIDGE_UNLOCK(sc); 756 error = ether_ioctl(ifp, cmd, data); 757 break; 758 } 759 760 if (BRIDGE_LOCKED(sc)) 761 BRIDGE_UNLOCK(sc); 762 763 return (error); 764 } 765 766 /* 767 * bridge_mutecaps: 768 * 769 * Clear or restore unwanted capabilities on the member interface 770 */ 771 static void 772 bridge_mutecaps(struct bridge_iflist *bif, int mute) 773 { 774 struct ifnet *ifp = bif->bif_ifp; 775 struct ifreq ifr; 776 int error; 777 778 if (ifp->if_ioctl == NULL) 779 return; 780 781 bzero(&ifr, sizeof(ifr)); 782 ifr.ifr_reqcap = ifp->if_capenable; 783 784 if (mute) { 785 /* mask off and save capabilities */ 786 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 787 if (bif->bif_mutecap != 0) 788 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 789 } else 790 /* restore muted capabilities */ 791 ifr.ifr_reqcap |= bif->bif_mutecap; 792 793 794 if (bif->bif_mutecap != 0) { 795 IFF_LOCKGIANT(ifp); 796 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 797 IFF_UNLOCKGIANT(ifp); 798 } 799 } 800 801 /* 802 * bridge_lookup_member: 803 * 804 * Lookup a bridge member interface. 805 */ 806 static struct bridge_iflist * 807 bridge_lookup_member(struct bridge_softc *sc, const char *name) 808 { 809 struct bridge_iflist *bif; 810 struct ifnet *ifp; 811 812 BRIDGE_LOCK_ASSERT(sc); 813 814 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 815 ifp = bif->bif_ifp; 816 if (strcmp(ifp->if_xname, name) == 0) 817 return (bif); 818 } 819 820 return (NULL); 821 } 822 823 /* 824 * bridge_lookup_member_if: 825 * 826 * Lookup a bridge member interface by ifnet*. 827 */ 828 static struct bridge_iflist * 829 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 830 { 831 struct bridge_iflist *bif; 832 833 BRIDGE_LOCK_ASSERT(sc); 834 835 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 836 if (bif->bif_ifp == member_ifp) 837 return (bif); 838 } 839 840 return (NULL); 841 } 842 843 /* 844 * bridge_delete_member: 845 * 846 * Delete the specified member interface. 847 */ 848 static void 849 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 850 int gone) 851 { 852 struct ifnet *ifs = bif->bif_ifp; 853 854 BRIDGE_LOCK_ASSERT(sc); 855 856 if (!gone) { 857 switch (ifs->if_type) { 858 case IFT_ETHER: 859 case IFT_L2VLAN: 860 /* 861 * Take the interface out of promiscuous mode. 862 */ 863 (void) ifpromisc(ifs, 0); 864 bridge_mutecaps(bif, 0); 865 break; 866 867 case IFT_GIF: 868 break; 869 870 default: 871 #ifdef DIAGNOSTIC 872 panic("bridge_delete_member: impossible"); 873 #endif 874 break; 875 } 876 } 877 878 if (bif->bif_flags & IFBIF_STP) 879 bstp_disable(&bif->bif_stp); 880 881 ifs->if_bridge = NULL; 882 BRIDGE_XLOCK(sc); 883 LIST_REMOVE(bif, bif_next); 884 BRIDGE_XDROP(sc); 885 886 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 887 888 BRIDGE_UNLOCK(sc); 889 bstp_destroy(&bif->bif_stp); /* prepare to free */ 890 BRIDGE_LOCK(sc); 891 free(bif, M_DEVBUF); 892 } 893 894 /* 895 * bridge_delete_span: 896 * 897 * Delete the specified span interface. 898 */ 899 static void 900 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 901 { 902 BRIDGE_LOCK_ASSERT(sc); 903 904 KASSERT(bif->bif_ifp->if_bridge == NULL, 905 ("%s: not a span interface", __func__)); 906 907 LIST_REMOVE(bif, bif_next); 908 free(bif, M_DEVBUF); 909 } 910 911 static int 912 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 913 { 914 struct ifbreq *req = arg; 915 struct bridge_iflist *bif = NULL; 916 struct ifnet *ifs; 917 int error = 0; 918 919 ifs = ifunit(req->ifbr_ifsname); 920 if (ifs == NULL) 921 return (ENOENT); 922 923 /* If it's in the span list, it can't be a member. */ 924 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 925 if (ifs == bif->bif_ifp) 926 return (EBUSY); 927 928 /* Allow the first Ethernet member to define the MTU */ 929 if (ifs->if_type != IFT_GIF) { 930 if (LIST_EMPTY(&sc->sc_iflist)) 931 sc->sc_ifp->if_mtu = ifs->if_mtu; 932 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 933 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 934 ifs->if_xname); 935 return (EINVAL); 936 } 937 } 938 939 if (ifs->if_bridge == sc) 940 return (EEXIST); 941 942 if (ifs->if_bridge != NULL) 943 return (EBUSY); 944 945 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 946 if (bif == NULL) 947 return (ENOMEM); 948 949 bif->bif_ifp = ifs; 950 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 951 952 switch (ifs->if_type) { 953 case IFT_ETHER: 954 case IFT_L2VLAN: 955 /* 956 * Place the interface into promiscuous mode. 957 */ 958 error = ifpromisc(ifs, 1); 959 if (error) 960 goto out; 961 962 bridge_mutecaps(bif, 1); 963 break; 964 965 case IFT_GIF: 966 break; 967 968 default: 969 error = EINVAL; 970 goto out; 971 } 972 973 ifs->if_bridge = sc; 974 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 975 /* 976 * XXX: XLOCK HERE!?! 977 * 978 * NOTE: insert_***HEAD*** should be safe for the traversals. 979 */ 980 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 981 982 out: 983 if (error) { 984 if (bif != NULL) 985 free(bif, M_DEVBUF); 986 } 987 return (error); 988 } 989 990 static int 991 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 992 { 993 struct ifbreq *req = arg; 994 struct bridge_iflist *bif; 995 996 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 997 if (bif == NULL) 998 return (ENOENT); 999 1000 bridge_delete_member(sc, bif, 0); 1001 1002 return (0); 1003 } 1004 1005 static int 1006 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1007 { 1008 struct ifbreq *req = arg; 1009 struct bridge_iflist *bif; 1010 struct bstp_port *bp; 1011 1012 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1013 if (bif == NULL) 1014 return (ENOENT); 1015 1016 bp = &bif->bif_stp; 1017 req->ifbr_ifsflags = bif->bif_flags; 1018 req->ifbr_state = bp->bp_state; 1019 req->ifbr_priority = bp->bp_priority; 1020 req->ifbr_path_cost = bp->bp_path_cost; 1021 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1022 req->ifbr_proto = bp->bp_protover; 1023 req->ifbr_role = bp->bp_role; 1024 req->ifbr_stpflags = bp->bp_flags; 1025 1026 /* Copy STP state options as flags */ 1027 if (bp->bp_operedge) 1028 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1029 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1030 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1031 if (bp->bp_ptp_link) 1032 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1033 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1034 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1035 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1036 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1037 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1038 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1039 return (0); 1040 } 1041 1042 static int 1043 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1044 { 1045 struct ifbreq *req = arg; 1046 struct bridge_iflist *bif; 1047 struct bstp_port *bp; 1048 int error; 1049 1050 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1051 if (bif == NULL) 1052 return (ENOENT); 1053 bp = &bif->bif_stp; 1054 1055 if (req->ifbr_ifsflags & IFBIF_SPAN) 1056 /* SPAN is readonly */ 1057 return (EINVAL); 1058 1059 if (req->ifbr_ifsflags & IFBIF_STP) { 1060 if ((bif->bif_flags & IFBIF_STP) == 0) { 1061 error = bstp_enable(&bif->bif_stp); 1062 if (error) 1063 return (error); 1064 } 1065 } else { 1066 if ((bif->bif_flags & IFBIF_STP) != 0) 1067 bstp_disable(&bif->bif_stp); 1068 } 1069 1070 /* Pass on STP flags */ 1071 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1072 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1073 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1074 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1075 1076 /* Save the bits relating to the bridge */ 1077 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1078 1079 return (0); 1080 } 1081 1082 static int 1083 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1084 { 1085 struct ifbrparam *param = arg; 1086 1087 sc->sc_brtmax = param->ifbrp_csize; 1088 bridge_rttrim(sc); 1089 1090 return (0); 1091 } 1092 1093 static int 1094 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1095 { 1096 struct ifbrparam *param = arg; 1097 1098 param->ifbrp_csize = sc->sc_brtmax; 1099 1100 return (0); 1101 } 1102 1103 static int 1104 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1105 { 1106 struct ifbifconf *bifc = arg; 1107 struct bridge_iflist *bif; 1108 struct ifbreq breq; 1109 int count, len, error = 0; 1110 1111 count = 0; 1112 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1113 count++; 1114 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1115 count++; 1116 1117 if (bifc->ifbic_len == 0) { 1118 bifc->ifbic_len = sizeof(breq) * count; 1119 return (0); 1120 } 1121 1122 count = 0; 1123 len = bifc->ifbic_len; 1124 bzero(&breq, sizeof(breq)); 1125 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1126 if (len < sizeof(breq)) 1127 break; 1128 1129 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1130 sizeof(breq.ifbr_ifsname)); 1131 /* Fill in the ifbreq structure */ 1132 error = bridge_ioctl_gifflags(sc, &breq); 1133 if (error) 1134 break; 1135 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1136 if (error) 1137 break; 1138 count++; 1139 len -= sizeof(breq); 1140 } 1141 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1142 if (len < sizeof(breq)) 1143 break; 1144 1145 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1146 sizeof(breq.ifbr_ifsname)); 1147 breq.ifbr_ifsflags = bif->bif_flags; 1148 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1149 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1150 if (error) 1151 break; 1152 count++; 1153 len -= sizeof(breq); 1154 } 1155 1156 bifc->ifbic_len = sizeof(breq) * count; 1157 return (error); 1158 } 1159 1160 static int 1161 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1162 { 1163 struct ifbaconf *bac = arg; 1164 struct bridge_rtnode *brt; 1165 struct ifbareq bareq; 1166 int count = 0, error = 0, len; 1167 1168 if (bac->ifbac_len == 0) 1169 return (0); 1170 1171 len = bac->ifbac_len; 1172 bzero(&bareq, sizeof(bareq)); 1173 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1174 if (len < sizeof(bareq)) 1175 goto out; 1176 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1177 sizeof(bareq.ifba_ifsname)); 1178 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1179 bareq.ifba_vlan = brt->brt_vlan; 1180 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1181 time_uptime < brt->brt_expire) 1182 bareq.ifba_expire = brt->brt_expire - time_uptime; 1183 else 1184 bareq.ifba_expire = 0; 1185 bareq.ifba_flags = brt->brt_flags; 1186 1187 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1188 if (error) 1189 goto out; 1190 count++; 1191 len -= sizeof(bareq); 1192 } 1193 out: 1194 bac->ifbac_len = sizeof(bareq) * count; 1195 return (error); 1196 } 1197 1198 static int 1199 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1200 { 1201 struct ifbareq *req = arg; 1202 struct bridge_iflist *bif; 1203 int error; 1204 1205 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1206 if (bif == NULL) 1207 return (ENOENT); 1208 1209 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1210 req->ifba_flags); 1211 1212 return (error); 1213 } 1214 1215 static int 1216 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1217 { 1218 struct ifbrparam *param = arg; 1219 1220 sc->sc_brttimeout = param->ifbrp_ctime; 1221 return (0); 1222 } 1223 1224 static int 1225 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1226 { 1227 struct ifbrparam *param = arg; 1228 1229 param->ifbrp_ctime = sc->sc_brttimeout; 1230 return (0); 1231 } 1232 1233 static int 1234 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1235 { 1236 struct ifbareq *req = arg; 1237 1238 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1239 } 1240 1241 static int 1242 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1243 { 1244 struct ifbreq *req = arg; 1245 1246 bridge_rtflush(sc, req->ifbr_ifsflags); 1247 return (0); 1248 } 1249 1250 static int 1251 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1252 { 1253 struct ifbrparam *param = arg; 1254 struct bstp_state *bs = &sc->sc_stp; 1255 1256 param->ifbrp_prio = bs->bs_bridge_priority; 1257 return (0); 1258 } 1259 1260 static int 1261 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1262 { 1263 struct ifbrparam *param = arg; 1264 1265 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1266 } 1267 1268 static int 1269 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1270 { 1271 struct ifbrparam *param = arg; 1272 struct bstp_state *bs = &sc->sc_stp; 1273 1274 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1275 return (0); 1276 } 1277 1278 static int 1279 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1280 { 1281 struct ifbrparam *param = arg; 1282 1283 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1284 } 1285 1286 static int 1287 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1288 { 1289 struct ifbrparam *param = arg; 1290 struct bstp_state *bs = &sc->sc_stp; 1291 1292 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1293 return (0); 1294 } 1295 1296 static int 1297 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1298 { 1299 struct ifbrparam *param = arg; 1300 1301 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1302 } 1303 1304 static int 1305 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1306 { 1307 struct ifbrparam *param = arg; 1308 struct bstp_state *bs = &sc->sc_stp; 1309 1310 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1311 return (0); 1312 } 1313 1314 static int 1315 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1316 { 1317 struct ifbrparam *param = arg; 1318 1319 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1320 } 1321 1322 static int 1323 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1324 { 1325 struct ifbreq *req = arg; 1326 struct bridge_iflist *bif; 1327 1328 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1329 if (bif == NULL) 1330 return (ENOENT); 1331 1332 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1333 } 1334 1335 static int 1336 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1337 { 1338 struct ifbreq *req = arg; 1339 struct bridge_iflist *bif; 1340 1341 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1342 if (bif == NULL) 1343 return (ENOENT); 1344 1345 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1346 } 1347 1348 static int 1349 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1350 { 1351 struct ifbreq *req = arg; 1352 struct bridge_iflist *bif = NULL; 1353 struct ifnet *ifs; 1354 1355 ifs = ifunit(req->ifbr_ifsname); 1356 if (ifs == NULL) 1357 return (ENOENT); 1358 1359 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1360 if (ifs == bif->bif_ifp) 1361 return (EBUSY); 1362 1363 if (ifs->if_bridge != NULL) 1364 return (EBUSY); 1365 1366 switch (ifs->if_type) { 1367 case IFT_ETHER: 1368 case IFT_GIF: 1369 case IFT_L2VLAN: 1370 break; 1371 default: 1372 return (EINVAL); 1373 } 1374 1375 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1376 if (bif == NULL) 1377 return (ENOMEM); 1378 1379 bif->bif_ifp = ifs; 1380 bif->bif_flags = IFBIF_SPAN; 1381 1382 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1383 1384 return (0); 1385 } 1386 1387 static int 1388 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1389 { 1390 struct ifbreq *req = arg; 1391 struct bridge_iflist *bif; 1392 struct ifnet *ifs; 1393 1394 ifs = ifunit(req->ifbr_ifsname); 1395 if (ifs == NULL) 1396 return (ENOENT); 1397 1398 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1399 if (ifs == bif->bif_ifp) 1400 break; 1401 1402 if (bif == NULL) 1403 return (ENOENT); 1404 1405 bridge_delete_span(sc, bif); 1406 1407 return (0); 1408 } 1409 1410 static int 1411 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1412 { 1413 struct ifbropreq *req = arg; 1414 struct bstp_state *bs = &sc->sc_stp; 1415 struct bstp_port *root_port; 1416 1417 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1418 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1419 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1420 1421 root_port = bs->bs_root_port; 1422 if (root_port == NULL) 1423 req->ifbop_root_port = 0; 1424 else 1425 req->ifbop_root_port = root_port->bp_ifp->if_index; 1426 1427 req->ifbop_holdcount = bs->bs_txholdcount; 1428 req->ifbop_priority = bs->bs_bridge_priority; 1429 req->ifbop_protocol = bs->bs_protover; 1430 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1431 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1432 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1433 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1434 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1435 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1436 1437 return (0); 1438 } 1439 1440 static int 1441 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1442 { 1443 struct ifbrparam *param = arg; 1444 1445 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1446 return (0); 1447 } 1448 1449 static int 1450 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1451 { 1452 struct ifbpstpconf *bifstp = arg; 1453 struct bridge_iflist *bif; 1454 struct bstp_port *bp; 1455 struct ifbpstpreq bpreq; 1456 int count, len, error = 0; 1457 1458 count = 0; 1459 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1460 if ((bif->bif_flags & IFBIF_STP) != 0) 1461 count++; 1462 } 1463 1464 if (bifstp->ifbpstp_len == 0) { 1465 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1466 return (0); 1467 } 1468 1469 count = 0; 1470 len = bifstp->ifbpstp_len; 1471 bzero(&bpreq, sizeof(bpreq)); 1472 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1473 if (len < sizeof(bpreq)) 1474 break; 1475 1476 if ((bif->bif_flags & IFBIF_STP) == 0) 1477 continue; 1478 1479 bp = &bif->bif_stp; 1480 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1481 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1482 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1483 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1484 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1485 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1486 1487 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1488 sizeof(bpreq)); 1489 if (error != 0) 1490 break; 1491 1492 count++; 1493 len -= sizeof(bpreq); 1494 } 1495 1496 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1497 return (error); 1498 } 1499 1500 static int 1501 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1502 { 1503 struct ifbrparam *param = arg; 1504 1505 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1506 } 1507 1508 static int 1509 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1510 { 1511 struct ifbrparam *param = arg; 1512 1513 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1514 } 1515 1516 /* 1517 * bridge_ifdetach: 1518 * 1519 * Detach an interface from a bridge. Called when a member 1520 * interface is detaching. 1521 */ 1522 static void 1523 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1524 { 1525 struct bridge_softc *sc = ifp->if_bridge; 1526 struct bridge_iflist *bif; 1527 1528 /* Check if the interface is a bridge member */ 1529 if (sc != NULL) { 1530 BRIDGE_LOCK(sc); 1531 1532 bif = bridge_lookup_member_if(sc, ifp); 1533 if (bif != NULL) 1534 bridge_delete_member(sc, bif, 1); 1535 1536 BRIDGE_UNLOCK(sc); 1537 return; 1538 } 1539 1540 /* Check if the interface is a span port */ 1541 mtx_lock(&bridge_list_mtx); 1542 LIST_FOREACH(sc, &bridge_list, sc_list) { 1543 BRIDGE_LOCK(sc); 1544 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1545 if (ifp == bif->bif_ifp) { 1546 bridge_delete_span(sc, bif); 1547 break; 1548 } 1549 1550 BRIDGE_UNLOCK(sc); 1551 } 1552 mtx_unlock(&bridge_list_mtx); 1553 } 1554 1555 /* 1556 * bridge_init: 1557 * 1558 * Initialize a bridge interface. 1559 */ 1560 static void 1561 bridge_init(void *xsc) 1562 { 1563 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1564 struct ifnet *ifp = sc->sc_ifp; 1565 1566 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1567 return; 1568 1569 BRIDGE_LOCK(sc); 1570 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1571 bridge_timer, sc); 1572 1573 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1574 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1575 1576 BRIDGE_UNLOCK(sc); 1577 } 1578 1579 /* 1580 * bridge_stop: 1581 * 1582 * Stop the bridge interface. 1583 */ 1584 static void 1585 bridge_stop(struct ifnet *ifp, int disable) 1586 { 1587 struct bridge_softc *sc = ifp->if_softc; 1588 1589 BRIDGE_LOCK_ASSERT(sc); 1590 1591 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1592 return; 1593 1594 callout_stop(&sc->sc_brcallout); 1595 bstp_stop(&sc->sc_stp); 1596 1597 bridge_rtflush(sc, IFBF_FLUSHDYN); 1598 1599 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1600 } 1601 1602 /* 1603 * bridge_enqueue: 1604 * 1605 * Enqueue a packet on a bridge member interface. 1606 * 1607 */ 1608 static void 1609 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1610 { 1611 int len, err = 0; 1612 short mflags; 1613 struct mbuf *m0; 1614 1615 len = m->m_pkthdr.len; 1616 mflags = m->m_flags; 1617 1618 /* We may be sending a fragment so traverse the mbuf */ 1619 for (; m; m = m0) { 1620 m0 = m->m_nextpkt; 1621 m->m_nextpkt = NULL; 1622 1623 if (err == 0) 1624 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1625 } 1626 1627 if (err == 0) { 1628 1629 sc->sc_ifp->if_opackets++; 1630 sc->sc_ifp->if_obytes += len; 1631 1632 dst_ifp->if_obytes += len; 1633 1634 if (mflags & M_MCAST) { 1635 sc->sc_ifp->if_omcasts++; 1636 dst_ifp->if_omcasts++; 1637 } 1638 } 1639 1640 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1641 (*dst_ifp->if_start)(dst_ifp); 1642 } 1643 1644 /* 1645 * bridge_dummynet: 1646 * 1647 * Receive a queued packet from dummynet and pass it on to the output 1648 * interface. 1649 * 1650 * The mbuf has the Ethernet header already attached. 1651 */ 1652 static void 1653 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1654 { 1655 struct bridge_softc *sc; 1656 1657 sc = ifp->if_bridge; 1658 1659 /* 1660 * The packet didnt originate from a member interface. This should only 1661 * ever happen if a member interface is removed while packets are 1662 * queued for it. 1663 */ 1664 if (sc == NULL) { 1665 m_freem(m); 1666 return; 1667 } 1668 1669 if (PFIL_HOOKED(&inet_pfil_hook) 1670 #ifdef INET6 1671 || PFIL_HOOKED(&inet6_pfil_hook) 1672 #endif 1673 ) { 1674 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1675 return; 1676 if (m == NULL) 1677 return; 1678 } 1679 1680 bridge_enqueue(sc, ifp, m); 1681 } 1682 1683 /* 1684 * bridge_output: 1685 * 1686 * Send output from a bridge member interface. This 1687 * performs the bridging function for locally originated 1688 * packets. 1689 * 1690 * The mbuf has the Ethernet header already attached. We must 1691 * enqueue or free the mbuf before returning. 1692 */ 1693 static int 1694 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1695 struct rtentry *rt) 1696 { 1697 struct ether_header *eh; 1698 struct ifnet *dst_if; 1699 struct bridge_softc *sc; 1700 uint16_t vlan; 1701 1702 if (m->m_len < ETHER_HDR_LEN) { 1703 m = m_pullup(m, ETHER_HDR_LEN); 1704 if (m == NULL) 1705 return (0); 1706 } 1707 1708 eh = mtod(m, struct ether_header *); 1709 sc = ifp->if_bridge; 1710 vlan = VLANTAGOF(m); 1711 1712 BRIDGE_LOCK(sc); 1713 1714 /* 1715 * If bridge is down, but the original output interface is up, 1716 * go ahead and send out that interface. Otherwise, the packet 1717 * is dropped below. 1718 */ 1719 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1720 dst_if = ifp; 1721 goto sendunicast; 1722 } 1723 1724 /* 1725 * If the packet is a multicast, or we don't know a better way to 1726 * get there, send to all interfaces. 1727 */ 1728 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1729 dst_if = NULL; 1730 else 1731 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1732 if (dst_if == NULL) { 1733 struct bridge_iflist *bif; 1734 struct mbuf *mc; 1735 int error = 0, used = 0; 1736 1737 bridge_span(sc, m); 1738 1739 BRIDGE_LOCK2REF(sc, error); 1740 if (error) { 1741 m_freem(m); 1742 return (0); 1743 } 1744 1745 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1746 dst_if = bif->bif_ifp; 1747 1748 if (dst_if->if_type == IFT_GIF) 1749 continue; 1750 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1751 continue; 1752 1753 /* 1754 * If this is not the original output interface, 1755 * and the interface is participating in spanning 1756 * tree, make sure the port is in a state that 1757 * allows forwarding. 1758 */ 1759 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1760 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1761 continue; 1762 1763 if (LIST_NEXT(bif, bif_next) == NULL) { 1764 used = 1; 1765 mc = m; 1766 } else { 1767 mc = m_copypacket(m, M_DONTWAIT); 1768 if (mc == NULL) { 1769 sc->sc_ifp->if_oerrors++; 1770 continue; 1771 } 1772 } 1773 1774 bridge_enqueue(sc, dst_if, mc); 1775 } 1776 if (used == 0) 1777 m_freem(m); 1778 BRIDGE_UNREF(sc); 1779 return (0); 1780 } 1781 1782 sendunicast: 1783 /* 1784 * XXX Spanning tree consideration here? 1785 */ 1786 1787 bridge_span(sc, m); 1788 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1789 m_freem(m); 1790 BRIDGE_UNLOCK(sc); 1791 return (0); 1792 } 1793 1794 BRIDGE_UNLOCK(sc); 1795 bridge_enqueue(sc, dst_if, m); 1796 return (0); 1797 } 1798 1799 /* 1800 * bridge_start: 1801 * 1802 * Start output on a bridge. 1803 * 1804 */ 1805 static void 1806 bridge_start(struct ifnet *ifp) 1807 { 1808 struct bridge_softc *sc; 1809 struct mbuf *m; 1810 struct ether_header *eh; 1811 struct ifnet *dst_if; 1812 1813 sc = ifp->if_softc; 1814 1815 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1816 for (;;) { 1817 IFQ_DEQUEUE(&ifp->if_snd, m); 1818 if (m == 0) 1819 break; 1820 BPF_MTAP(ifp, m); 1821 1822 eh = mtod(m, struct ether_header *); 1823 dst_if = NULL; 1824 1825 BRIDGE_LOCK(sc); 1826 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1827 dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1); 1828 } 1829 1830 if (dst_if == NULL) 1831 bridge_broadcast(sc, ifp, m, 0); 1832 else { 1833 BRIDGE_UNLOCK(sc); 1834 bridge_enqueue(sc, dst_if, m); 1835 } 1836 } 1837 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1838 } 1839 1840 /* 1841 * bridge_forward: 1842 * 1843 * The forwarding function of the bridge. 1844 * 1845 * NOTE: Releases the lock on return. 1846 */ 1847 static void 1848 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1849 { 1850 struct bridge_iflist *bif; 1851 struct ifnet *src_if, *dst_if, *ifp; 1852 struct ether_header *eh; 1853 uint16_t vlan; 1854 1855 src_if = m->m_pkthdr.rcvif; 1856 ifp = sc->sc_ifp; 1857 1858 sc->sc_ifp->if_ipackets++; 1859 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1860 vlan = VLANTAGOF(m); 1861 1862 /* 1863 * Look up the bridge_iflist. 1864 */ 1865 bif = bridge_lookup_member_if(sc, src_if); 1866 if (bif == NULL) { 1867 /* Interface is not a bridge member (anymore?) */ 1868 BRIDGE_UNLOCK(sc); 1869 m_freem(m); 1870 return; 1871 } 1872 1873 if ((bif->bif_flags & IFBIF_STP) && 1874 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1875 BRIDGE_UNLOCK(sc); 1876 m_freem(m); 1877 return; 1878 } 1879 1880 eh = mtod(m, struct ether_header *); 1881 1882 /* 1883 * If the interface is learning, and the source 1884 * address is valid and not multicast, record 1885 * the address. 1886 */ 1887 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1888 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1889 (eh->ether_shost[0] == 0 && 1890 eh->ether_shost[1] == 0 && 1891 eh->ether_shost[2] == 0 && 1892 eh->ether_shost[3] == 0 && 1893 eh->ether_shost[4] == 0 && 1894 eh->ether_shost[5] == 0) == 0) { 1895 (void) bridge_rtupdate(sc, eh->ether_shost, vlan, 1896 bif, 0, IFBAF_DYNAMIC); 1897 } 1898 1899 if ((bif->bif_flags & IFBIF_STP) != 0 && 1900 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1901 m_freem(m); 1902 BRIDGE_UNLOCK(sc); 1903 return; 1904 } 1905 1906 /* 1907 * At this point, the port either doesn't participate 1908 * in spanning tree or it is in the forwarding state. 1909 */ 1910 1911 /* 1912 * If the packet is unicast, destined for someone on 1913 * "this" side of the bridge, drop it. 1914 */ 1915 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1916 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1917 if (src_if == dst_if) { 1918 BRIDGE_UNLOCK(sc); 1919 m_freem(m); 1920 return; 1921 } 1922 } else { 1923 /* ...forward it to all interfaces. */ 1924 sc->sc_ifp->if_imcasts++; 1925 dst_if = NULL; 1926 } 1927 1928 /* 1929 * If we have a destination interface which is a member of our bridge, 1930 * OR this is a unicast packet, push it through the bpf(4) machinery. 1931 * For broadcast or multicast packets, don't bother because it will 1932 * be reinjected into ether_input. We do this before we pass the packets 1933 * through the pfil(9) framework, as it is possible that pfil(9) will 1934 * drop the packet, or possibly modify it, making it difficult to debug 1935 * firewall issues on the bridge. 1936 */ 1937 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1938 BPF_MTAP(ifp, m); 1939 1940 /* run the packet filter */ 1941 if (PFIL_HOOKED(&inet_pfil_hook) 1942 #ifdef INET6 1943 || PFIL_HOOKED(&inet6_pfil_hook) 1944 #endif 1945 ) { 1946 BRIDGE_UNLOCK(sc); 1947 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1948 return; 1949 if (m == NULL) 1950 return; 1951 BRIDGE_LOCK(sc); 1952 } 1953 1954 if (dst_if == NULL) { 1955 bridge_broadcast(sc, src_if, m, 1); 1956 return; 1957 } 1958 1959 /* 1960 * At this point, we're dealing with a unicast frame 1961 * going to a different interface. 1962 */ 1963 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1964 BRIDGE_UNLOCK(sc); 1965 m_freem(m); 1966 return; 1967 } 1968 bif = bridge_lookup_member_if(sc, dst_if); 1969 if (bif == NULL) { 1970 /* Not a member of the bridge (anymore?) */ 1971 BRIDGE_UNLOCK(sc); 1972 m_freem(m); 1973 return; 1974 } 1975 1976 if ((bif->bif_flags & IFBIF_STP) && 1977 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1978 BRIDGE_UNLOCK(sc); 1979 m_freem(m); 1980 return; 1981 } 1982 1983 BRIDGE_UNLOCK(sc); 1984 1985 if (PFIL_HOOKED(&inet_pfil_hook) 1986 #ifdef INET6 1987 || PFIL_HOOKED(&inet6_pfil_hook) 1988 #endif 1989 ) { 1990 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1991 return; 1992 if (m == NULL) 1993 return; 1994 } 1995 1996 bridge_enqueue(sc, dst_if, m); 1997 } 1998 1999 /* 2000 * bridge_input: 2001 * 2002 * Receive input from a member interface. Queue the packet for 2003 * bridging if it is not for us. 2004 */ 2005 static struct mbuf * 2006 bridge_input(struct ifnet *ifp, struct mbuf *m) 2007 { 2008 struct bridge_softc *sc = ifp->if_bridge; 2009 struct bridge_iflist *bif, *bif2; 2010 struct ifnet *bifp; 2011 struct ether_header *eh; 2012 struct mbuf *mc, *mc2; 2013 uint16_t vlan; 2014 2015 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2016 return (m); 2017 2018 bifp = sc->sc_ifp; 2019 vlan = VLANTAGOF(m); 2020 2021 /* 2022 * Implement support for bridge monitoring. If this flag has been 2023 * set on this interface, discard the packet once we push it through 2024 * the bpf(4) machinery, but before we do, increment the byte and 2025 * packet counters associated with this interface. 2026 */ 2027 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2028 m->m_pkthdr.rcvif = bifp; 2029 BPF_MTAP(bifp, m); 2030 bifp->if_ipackets++; 2031 bifp->if_ibytes += m->m_pkthdr.len; 2032 m_freem(m); 2033 return (NULL); 2034 } 2035 BRIDGE_LOCK(sc); 2036 bif = bridge_lookup_member_if(sc, ifp); 2037 if (bif == NULL) { 2038 BRIDGE_UNLOCK(sc); 2039 return (m); 2040 } 2041 2042 eh = mtod(m, struct ether_header *); 2043 2044 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2045 ETHER_ADDR_LEN) == 0) { 2046 /* 2047 * If the packet is for us, set the packets source as the 2048 * bridge, and return the packet back to ether_input for 2049 * local processing. 2050 */ 2051 2052 /* Note where to send the reply to */ 2053 if (bif->bif_flags & IFBIF_LEARNING) 2054 (void) bridge_rtupdate(sc, 2055 eh->ether_shost, vlan, bif, 0, IFBAF_DYNAMIC); 2056 2057 /* Mark the packet as arriving on the bridge interface */ 2058 m->m_pkthdr.rcvif = bifp; 2059 BPF_MTAP(bifp, m); 2060 bifp->if_ipackets++; 2061 2062 BRIDGE_UNLOCK(sc); 2063 return (m); 2064 } 2065 2066 bridge_span(sc, m); 2067 2068 if (m->m_flags & (M_BCAST|M_MCAST)) { 2069 /* Tap off 802.1D packets; they do not get forwarded. */ 2070 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2071 ETHER_ADDR_LEN) == 0) { 2072 m = bstp_input(&bif->bif_stp, ifp, m); 2073 if (m == NULL) { 2074 BRIDGE_UNLOCK(sc); 2075 return (NULL); 2076 } 2077 } 2078 2079 if ((bif->bif_flags & IFBIF_STP) && 2080 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2081 BRIDGE_UNLOCK(sc); 2082 return (m); 2083 } 2084 2085 /* 2086 * Make a deep copy of the packet and enqueue the copy 2087 * for bridge processing; return the original packet for 2088 * local processing. 2089 */ 2090 mc = m_dup(m, M_DONTWAIT); 2091 if (mc == NULL) { 2092 BRIDGE_UNLOCK(sc); 2093 return (m); 2094 } 2095 2096 /* Perform the bridge forwarding function with the copy. */ 2097 bridge_forward(sc, mc); 2098 2099 /* 2100 * Reinject the mbuf as arriving on the bridge so we have a 2101 * chance at claiming multicast packets. We can not loop back 2102 * here from ether_input as a bridge is never a member of a 2103 * bridge. 2104 */ 2105 KASSERT(bifp->if_bridge == NULL, 2106 ("loop created in bridge_input")); 2107 mc2 = m_dup(m, M_DONTWAIT); 2108 if (mc2 != NULL) { 2109 /* Keep the layer3 header aligned */ 2110 int i = min(mc2->m_pkthdr.len, max_protohdr); 2111 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2112 } 2113 if (mc2 != NULL) { 2114 mc2->m_pkthdr.rcvif = bifp; 2115 (*bifp->if_input)(bifp, mc2); 2116 } 2117 2118 /* Return the original packet for local processing. */ 2119 return (m); 2120 } 2121 2122 if ((bif->bif_flags & IFBIF_STP) && 2123 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2124 BRIDGE_UNLOCK(sc); 2125 return (m); 2126 } 2127 2128 #ifdef DEV_CARP 2129 # define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2130 || ((iface)->if_carp \ 2131 && carp_forus((iface)->if_carp, eh->ether_dhost)) 2132 # define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2133 || ((iface)->if_carp \ 2134 && carp_forus((iface)->if_carp, eh->ether_shost)) 2135 #else 2136 # define OR_CARP_CHECK_WE_ARE_DST(iface) 2137 # define OR_CARP_CHECK_WE_ARE_SRC(iface) 2138 #endif 2139 2140 #define GRAB_OUR_PACKETS(iface) \ 2141 if ((iface)->if_type == IFT_GIF) \ 2142 continue; \ 2143 /* It is destined for us. */ \ 2144 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2145 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2146 ) { \ 2147 if (bif->bif_flags & IFBIF_LEARNING) \ 2148 (void) bridge_rtupdate(sc, eh->ether_shost, \ 2149 vlan, bif, 0, IFBAF_DYNAMIC); \ 2150 m->m_pkthdr.rcvif = iface; \ 2151 BRIDGE_UNLOCK(sc); \ 2152 return (m); \ 2153 } \ 2154 \ 2155 /* We just received a packet that we sent out. */ \ 2156 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2157 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2158 ) { \ 2159 BRIDGE_UNLOCK(sc); \ 2160 m_freem(m); \ 2161 return (NULL); \ 2162 } 2163 2164 /* 2165 * Unicast. Make sure it's not for us. 2166 * 2167 * Give a chance for ifp at first priority. This will help when the 2168 * packet comes through the interface like VLAN's with the same MACs 2169 * on several interfaces from the same bridge. This also will save 2170 * some CPU cycles in case the destination interface and the input 2171 * interface (eq ifp) are the same. 2172 */ 2173 do { GRAB_OUR_PACKETS(ifp) } while (0); 2174 2175 /* Now check the all bridge members. */ 2176 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2177 GRAB_OUR_PACKETS(bif2->bif_ifp) 2178 } 2179 2180 #undef OR_CARP_CHECK_WE_ARE_DST 2181 #undef OR_CARP_CHECK_WE_ARE_SRC 2182 #undef GRAB_OUR_PACKETS 2183 2184 /* Perform the bridge forwarding function. */ 2185 bridge_forward(sc, m); 2186 2187 return (NULL); 2188 } 2189 2190 /* 2191 * bridge_broadcast: 2192 * 2193 * Send a frame to all interfaces that are members of 2194 * the bridge, except for the one on which the packet 2195 * arrived. 2196 * 2197 * NOTE: Releases the lock on return. 2198 */ 2199 static void 2200 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2201 struct mbuf *m, int runfilt) 2202 { 2203 struct bridge_iflist *bif; 2204 struct mbuf *mc; 2205 struct ifnet *dst_if; 2206 int error = 0, used = 0, i; 2207 2208 BRIDGE_LOCK2REF(sc, error); 2209 if (error) { 2210 m_freem(m); 2211 return; 2212 } 2213 2214 /* Filter on the bridge interface before broadcasting */ 2215 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2216 #ifdef INET6 2217 || PFIL_HOOKED(&inet6_pfil_hook) 2218 #endif 2219 )) { 2220 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2221 goto out; 2222 if (m == NULL) 2223 goto out; 2224 } 2225 2226 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2227 dst_if = bif->bif_ifp; 2228 if (dst_if == src_if) 2229 continue; 2230 2231 if ((bif->bif_flags & IFBIF_STP) && 2232 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2233 continue; 2234 2235 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2236 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2237 continue; 2238 2239 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2240 continue; 2241 2242 if (LIST_NEXT(bif, bif_next) == NULL) { 2243 mc = m; 2244 used = 1; 2245 } else { 2246 mc = m_dup(m, M_DONTWAIT); 2247 if (mc == NULL) { 2248 sc->sc_ifp->if_oerrors++; 2249 continue; 2250 } 2251 } 2252 2253 /* 2254 * Filter on the output interface. Pass a NULL bridge interface 2255 * pointer so we do not redundantly filter on the bridge for 2256 * each interface we broadcast on. 2257 */ 2258 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2259 #ifdef INET6 2260 || PFIL_HOOKED(&inet6_pfil_hook) 2261 #endif 2262 )) { 2263 if (used == 0) { 2264 /* Keep the layer3 header aligned */ 2265 i = min(mc->m_pkthdr.len, max_protohdr); 2266 mc = m_copyup(mc, i, ETHER_ALIGN); 2267 if (mc == NULL) { 2268 sc->sc_ifp->if_oerrors++; 2269 continue; 2270 } 2271 } 2272 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2273 continue; 2274 if (mc == NULL) 2275 continue; 2276 } 2277 2278 bridge_enqueue(sc, dst_if, mc); 2279 } 2280 if (used == 0) 2281 m_freem(m); 2282 2283 out: 2284 BRIDGE_UNREF(sc); 2285 } 2286 2287 /* 2288 * bridge_span: 2289 * 2290 * Duplicate a packet out one or more interfaces that are in span mode, 2291 * the original mbuf is unmodified. 2292 */ 2293 static void 2294 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2295 { 2296 struct bridge_iflist *bif; 2297 struct ifnet *dst_if; 2298 struct mbuf *mc; 2299 2300 if (LIST_EMPTY(&sc->sc_spanlist)) 2301 return; 2302 2303 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2304 dst_if = bif->bif_ifp; 2305 2306 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2307 continue; 2308 2309 mc = m_copypacket(m, M_DONTWAIT); 2310 if (mc == NULL) { 2311 sc->sc_ifp->if_oerrors++; 2312 continue; 2313 } 2314 2315 bridge_enqueue(sc, dst_if, mc); 2316 } 2317 } 2318 2319 /* 2320 * bridge_rtupdate: 2321 * 2322 * Add a bridge routing entry. 2323 */ 2324 static int 2325 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2326 struct bridge_iflist *bif, int setflags, uint8_t flags) 2327 { 2328 struct bridge_rtnode *brt; 2329 struct ifnet *dst_if = bif->bif_ifp; 2330 int error; 2331 2332 BRIDGE_LOCK_ASSERT(sc); 2333 2334 /* 802.1p frames map to vlan 1 */ 2335 if (vlan == 0) 2336 vlan = 1; 2337 2338 /* 2339 * A route for this destination might already exist. If so, 2340 * update it, otherwise create a new one. 2341 */ 2342 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2343 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2344 sc->sc_brtexceeded++; 2345 return (ENOSPC); 2346 } 2347 2348 /* 2349 * Allocate a new bridge forwarding node, and 2350 * initialize the expiration time and Ethernet 2351 * address. 2352 */ 2353 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2354 if (brt == NULL) 2355 return (ENOMEM); 2356 2357 if (bif->bif_flags & IFBIF_STICKY) 2358 brt->brt_flags = IFBAF_STICKY; 2359 else 2360 brt->brt_flags = IFBAF_DYNAMIC; 2361 2362 brt->brt_ifp = dst_if; 2363 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2364 brt->brt_vlan = vlan; 2365 2366 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2367 uma_zfree(bridge_rtnode_zone, brt); 2368 return (error); 2369 } 2370 } 2371 2372 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2373 brt->brt_ifp = dst_if; 2374 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2375 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2376 if (setflags) 2377 brt->brt_flags = flags; 2378 2379 return (0); 2380 } 2381 2382 /* 2383 * bridge_rtlookup: 2384 * 2385 * Lookup the destination interface for an address. 2386 */ 2387 static struct ifnet * 2388 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2389 { 2390 struct bridge_rtnode *brt; 2391 2392 BRIDGE_LOCK_ASSERT(sc); 2393 2394 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2395 return (NULL); 2396 2397 return (brt->brt_ifp); 2398 } 2399 2400 /* 2401 * bridge_rttrim: 2402 * 2403 * Trim the routine table so that we have a number 2404 * of routing entries less than or equal to the 2405 * maximum number. 2406 */ 2407 static void 2408 bridge_rttrim(struct bridge_softc *sc) 2409 { 2410 struct bridge_rtnode *brt, *nbrt; 2411 2412 BRIDGE_LOCK_ASSERT(sc); 2413 2414 /* Make sure we actually need to do this. */ 2415 if (sc->sc_brtcnt <= sc->sc_brtmax) 2416 return; 2417 2418 /* Force an aging cycle; this might trim enough addresses. */ 2419 bridge_rtage(sc); 2420 if (sc->sc_brtcnt <= sc->sc_brtmax) 2421 return; 2422 2423 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2424 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2425 bridge_rtnode_destroy(sc, brt); 2426 if (sc->sc_brtcnt <= sc->sc_brtmax) 2427 return; 2428 } 2429 } 2430 } 2431 2432 /* 2433 * bridge_timer: 2434 * 2435 * Aging timer for the bridge. 2436 */ 2437 static void 2438 bridge_timer(void *arg) 2439 { 2440 struct bridge_softc *sc = arg; 2441 2442 BRIDGE_LOCK_ASSERT(sc); 2443 2444 bridge_rtage(sc); 2445 2446 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2447 callout_reset(&sc->sc_brcallout, 2448 bridge_rtable_prune_period * hz, bridge_timer, sc); 2449 } 2450 2451 /* 2452 * bridge_rtage: 2453 * 2454 * Perform an aging cycle. 2455 */ 2456 static void 2457 bridge_rtage(struct bridge_softc *sc) 2458 { 2459 struct bridge_rtnode *brt, *nbrt; 2460 2461 BRIDGE_LOCK_ASSERT(sc); 2462 2463 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2464 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2465 if (time_uptime >= brt->brt_expire) 2466 bridge_rtnode_destroy(sc, brt); 2467 } 2468 } 2469 } 2470 2471 /* 2472 * bridge_rtflush: 2473 * 2474 * Remove all dynamic addresses from the bridge. 2475 */ 2476 static void 2477 bridge_rtflush(struct bridge_softc *sc, int full) 2478 { 2479 struct bridge_rtnode *brt, *nbrt; 2480 2481 BRIDGE_LOCK_ASSERT(sc); 2482 2483 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2484 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2485 bridge_rtnode_destroy(sc, brt); 2486 } 2487 } 2488 2489 /* 2490 * bridge_rtdaddr: 2491 * 2492 * Remove an address from the table. 2493 */ 2494 static int 2495 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2496 { 2497 struct bridge_rtnode *brt; 2498 int found = 0; 2499 2500 BRIDGE_LOCK_ASSERT(sc); 2501 2502 /* 2503 * If vlan is zero then we want to delete for all vlans so the lookup 2504 * may return more than one. 2505 */ 2506 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2507 bridge_rtnode_destroy(sc, brt); 2508 found = 1; 2509 } 2510 2511 return (found ? 0 : ENOENT); 2512 } 2513 2514 /* 2515 * bridge_rtdelete: 2516 * 2517 * Delete routes to a speicifc member interface. 2518 */ 2519 static void 2520 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2521 { 2522 struct bridge_rtnode *brt, *nbrt; 2523 2524 BRIDGE_LOCK_ASSERT(sc); 2525 2526 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2527 if (brt->brt_ifp == ifp && (full || 2528 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2529 bridge_rtnode_destroy(sc, brt); 2530 } 2531 } 2532 2533 /* 2534 * bridge_rtable_init: 2535 * 2536 * Initialize the route table for this bridge. 2537 */ 2538 static int 2539 bridge_rtable_init(struct bridge_softc *sc) 2540 { 2541 int i; 2542 2543 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2544 M_DEVBUF, M_NOWAIT); 2545 if (sc->sc_rthash == NULL) 2546 return (ENOMEM); 2547 2548 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2549 LIST_INIT(&sc->sc_rthash[i]); 2550 2551 sc->sc_rthash_key = arc4random(); 2552 2553 LIST_INIT(&sc->sc_rtlist); 2554 2555 return (0); 2556 } 2557 2558 /* 2559 * bridge_rtable_fini: 2560 * 2561 * Deconstruct the route table for this bridge. 2562 */ 2563 static void 2564 bridge_rtable_fini(struct bridge_softc *sc) 2565 { 2566 2567 free(sc->sc_rthash, M_DEVBUF); 2568 } 2569 2570 /* 2571 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2572 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2573 */ 2574 #define mix(a, b, c) \ 2575 do { \ 2576 a -= b; a -= c; a ^= (c >> 13); \ 2577 b -= c; b -= a; b ^= (a << 8); \ 2578 c -= a; c -= b; c ^= (b >> 13); \ 2579 a -= b; a -= c; a ^= (c >> 12); \ 2580 b -= c; b -= a; b ^= (a << 16); \ 2581 c -= a; c -= b; c ^= (b >> 5); \ 2582 a -= b; a -= c; a ^= (c >> 3); \ 2583 b -= c; b -= a; b ^= (a << 10); \ 2584 c -= a; c -= b; c ^= (b >> 15); \ 2585 } while (/*CONSTCOND*/0) 2586 2587 static __inline uint32_t 2588 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2589 { 2590 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2591 2592 b += addr[5] << 8; 2593 b += addr[4]; 2594 a += addr[3] << 24; 2595 a += addr[2] << 16; 2596 a += addr[1] << 8; 2597 a += addr[0]; 2598 2599 mix(a, b, c); 2600 2601 return (c & BRIDGE_RTHASH_MASK); 2602 } 2603 2604 #undef mix 2605 2606 static int 2607 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2608 { 2609 int i, d; 2610 2611 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2612 d = ((int)a[i]) - ((int)b[i]); 2613 } 2614 2615 return (d); 2616 } 2617 2618 /* 2619 * bridge_rtnode_lookup: 2620 * 2621 * Look up a bridge route node for the specified destination. Compare the 2622 * vlan id or if zero then just return the first match. 2623 */ 2624 static struct bridge_rtnode * 2625 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2626 { 2627 struct bridge_rtnode *brt; 2628 uint32_t hash; 2629 int dir; 2630 2631 BRIDGE_LOCK_ASSERT(sc); 2632 2633 hash = bridge_rthash(sc, addr); 2634 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2635 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2636 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 2637 return (brt); 2638 if (dir > 0) 2639 return (NULL); 2640 } 2641 2642 return (NULL); 2643 } 2644 2645 /* 2646 * bridge_rtnode_insert: 2647 * 2648 * Insert the specified bridge node into the route table. We 2649 * assume the entry is not already in the table. 2650 */ 2651 static int 2652 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2653 { 2654 struct bridge_rtnode *lbrt; 2655 uint32_t hash; 2656 int dir; 2657 2658 BRIDGE_LOCK_ASSERT(sc); 2659 2660 hash = bridge_rthash(sc, brt->brt_addr); 2661 2662 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2663 if (lbrt == NULL) { 2664 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2665 goto out; 2666 } 2667 2668 do { 2669 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2670 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 2671 return (EEXIST); 2672 if (dir > 0) { 2673 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2674 goto out; 2675 } 2676 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2677 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2678 goto out; 2679 } 2680 lbrt = LIST_NEXT(lbrt, brt_hash); 2681 } while (lbrt != NULL); 2682 2683 #ifdef DIAGNOSTIC 2684 panic("bridge_rtnode_insert: impossible"); 2685 #endif 2686 2687 out: 2688 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2689 sc->sc_brtcnt++; 2690 2691 return (0); 2692 } 2693 2694 /* 2695 * bridge_rtnode_destroy: 2696 * 2697 * Destroy a bridge rtnode. 2698 */ 2699 static void 2700 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2701 { 2702 BRIDGE_LOCK_ASSERT(sc); 2703 2704 LIST_REMOVE(brt, brt_hash); 2705 2706 LIST_REMOVE(brt, brt_list); 2707 sc->sc_brtcnt--; 2708 uma_zfree(bridge_rtnode_zone, brt); 2709 } 2710 2711 /* 2712 * bridge_rtable_expire: 2713 * 2714 * Set the expiry time for all routes on an interface. 2715 */ 2716 static void 2717 bridge_rtable_expire(struct ifnet *ifp, int age) 2718 { 2719 struct bridge_softc *sc = ifp->if_bridge; 2720 struct bridge_rtnode *brt; 2721 2722 BRIDGE_LOCK(sc); 2723 2724 /* 2725 * If the age is zero then flush, otherwise set all the expiry times to 2726 * age for the interface 2727 */ 2728 if (age == 0) 2729 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2730 else { 2731 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2732 /* Cap the expiry time to 'age' */ 2733 if (brt->brt_ifp == ifp && 2734 brt->brt_expire > time_uptime + age && 2735 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2736 brt->brt_expire = time_uptime + age; 2737 } 2738 } 2739 BRIDGE_UNLOCK(sc); 2740 } 2741 2742 /* 2743 * bridge_state_change: 2744 * 2745 * Callback from the bridgestp code when a port changes states. 2746 */ 2747 static void 2748 bridge_state_change(struct ifnet *ifp, int state) 2749 { 2750 struct bridge_softc *sc = ifp->if_bridge; 2751 static const char *stpstates[] = { 2752 "disabled", 2753 "listening", 2754 "learning", 2755 "forwarding", 2756 "blocking", 2757 "discarding" 2758 }; 2759 2760 if (log_stp) 2761 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2762 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2763 } 2764 2765 /* 2766 * Send bridge packets through pfil if they are one of the types pfil can deal 2767 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2768 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2769 * that interface. 2770 */ 2771 static int 2772 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2773 { 2774 int snap, error, i, hlen; 2775 struct ether_header *eh1, eh2; 2776 struct ip_fw_args args; 2777 struct ip *ip; 2778 struct llc llc1; 2779 u_int16_t ether_type; 2780 2781 snap = 0; 2782 error = -1; /* Default error if not error == 0 */ 2783 2784 #if 0 2785 /* we may return with the IP fields swapped, ensure its not shared */ 2786 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2787 #endif 2788 2789 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2790 return (0); /* filtering is disabled */ 2791 2792 i = min((*mp)->m_pkthdr.len, max_protohdr); 2793 if ((*mp)->m_len < i) { 2794 *mp = m_pullup(*mp, i); 2795 if (*mp == NULL) { 2796 printf("%s: m_pullup failed\n", __func__); 2797 return (-1); 2798 } 2799 } 2800 2801 eh1 = mtod(*mp, struct ether_header *); 2802 ether_type = ntohs(eh1->ether_type); 2803 2804 /* 2805 * Check for SNAP/LLC. 2806 */ 2807 if (ether_type < ETHERMTU) { 2808 struct llc *llc2 = (struct llc *)(eh1 + 1); 2809 2810 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2811 llc2->llc_dsap == LLC_SNAP_LSAP && 2812 llc2->llc_ssap == LLC_SNAP_LSAP && 2813 llc2->llc_control == LLC_UI) { 2814 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2815 snap = 1; 2816 } 2817 } 2818 2819 /* 2820 * If we're trying to filter bridge traffic, don't look at anything 2821 * other than IP and ARP traffic. If the filter doesn't understand 2822 * IPv6, don't allow IPv6 through the bridge either. This is lame 2823 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2824 * but of course we don't have an AppleTalk filter to begin with. 2825 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2826 * ARP traffic.) 2827 */ 2828 switch (ether_type) { 2829 case ETHERTYPE_ARP: 2830 case ETHERTYPE_REVARP: 2831 if (pfil_ipfw_arp == 0) 2832 return (0); /* Automatically pass */ 2833 break; 2834 2835 case ETHERTYPE_IP: 2836 #ifdef INET6 2837 case ETHERTYPE_IPV6: 2838 #endif /* INET6 */ 2839 break; 2840 default: 2841 /* 2842 * Check to see if the user wants to pass non-ip 2843 * packets, these will not be checked by pfil(9) and 2844 * passed unconditionally so the default is to drop. 2845 */ 2846 if (pfil_onlyip) 2847 goto bad; 2848 } 2849 2850 /* Strip off the Ethernet header and keep a copy. */ 2851 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2852 m_adj(*mp, ETHER_HDR_LEN); 2853 2854 /* Strip off snap header, if present */ 2855 if (snap) { 2856 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2857 m_adj(*mp, sizeof(struct llc)); 2858 } 2859 2860 /* 2861 * Check the IP header for alignment and errors 2862 */ 2863 if (dir == PFIL_IN) { 2864 switch (ether_type) { 2865 case ETHERTYPE_IP: 2866 error = bridge_ip_checkbasic(mp); 2867 break; 2868 #ifdef INET6 2869 case ETHERTYPE_IPV6: 2870 error = bridge_ip6_checkbasic(mp); 2871 break; 2872 #endif /* INET6 */ 2873 default: 2874 error = 0; 2875 } 2876 if (error) 2877 goto bad; 2878 } 2879 2880 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2881 error = -1; 2882 args.rule = ip_dn_claim_rule(*mp); 2883 if (args.rule != NULL && fw_one_pass) 2884 goto ipfwpass; /* packet already partially processed */ 2885 2886 args.m = *mp; 2887 args.oif = ifp; 2888 args.next_hop = NULL; 2889 args.eh = &eh2; 2890 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2891 i = ip_fw_chk_ptr(&args); 2892 *mp = args.m; 2893 2894 if (*mp == NULL) 2895 return (error); 2896 2897 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2898 2899 /* put the Ethernet header back on */ 2900 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2901 if (*mp == NULL) 2902 return (error); 2903 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2904 2905 /* 2906 * Pass the pkt to dummynet, which consumes it. The 2907 * packet will return to us via bridge_dummynet(). 2908 */ 2909 args.oif = ifp; 2910 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2911 return (error); 2912 } 2913 2914 if (i != IP_FW_PASS) /* drop */ 2915 goto bad; 2916 } 2917 2918 ipfwpass: 2919 error = 0; 2920 2921 /* 2922 * Run the packet through pfil 2923 */ 2924 switch (ether_type) { 2925 case ETHERTYPE_IP: 2926 /* 2927 * before calling the firewall, swap fields the same as 2928 * IP does. here we assume the header is contiguous 2929 */ 2930 ip = mtod(*mp, struct ip *); 2931 2932 ip->ip_len = ntohs(ip->ip_len); 2933 ip->ip_off = ntohs(ip->ip_off); 2934 2935 /* 2936 * Run pfil on the member interface and the bridge, both can 2937 * be skipped by clearing pfil_member or pfil_bridge. 2938 * 2939 * Keep the order: 2940 * in_if -> bridge_if -> out_if 2941 */ 2942 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2943 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2944 dir, NULL); 2945 2946 if (*mp == NULL || error != 0) /* filter may consume */ 2947 break; 2948 2949 if (pfil_member && ifp != NULL) 2950 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2951 dir, NULL); 2952 2953 if (*mp == NULL || error != 0) /* filter may consume */ 2954 break; 2955 2956 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2957 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2958 dir, NULL); 2959 2960 if (*mp == NULL || error != 0) /* filter may consume */ 2961 break; 2962 2963 /* check if we need to fragment the packet */ 2964 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2965 i = (*mp)->m_pkthdr.len; 2966 if (i > ifp->if_mtu) { 2967 error = bridge_fragment(ifp, *mp, &eh2, snap, 2968 &llc1); 2969 return (error); 2970 } 2971 } 2972 2973 /* Recalculate the ip checksum and restore byte ordering */ 2974 ip = mtod(*mp, struct ip *); 2975 hlen = ip->ip_hl << 2; 2976 if (hlen < sizeof(struct ip)) 2977 goto bad; 2978 if (hlen > (*mp)->m_len) { 2979 if ((*mp = m_pullup(*mp, hlen)) == 0) 2980 goto bad; 2981 ip = mtod(*mp, struct ip *); 2982 if (ip == NULL) 2983 goto bad; 2984 } 2985 ip->ip_len = htons(ip->ip_len); 2986 ip->ip_off = htons(ip->ip_off); 2987 ip->ip_sum = 0; 2988 if (hlen == sizeof(struct ip)) 2989 ip->ip_sum = in_cksum_hdr(ip); 2990 else 2991 ip->ip_sum = in_cksum(*mp, hlen); 2992 2993 break; 2994 #ifdef INET6 2995 case ETHERTYPE_IPV6: 2996 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2997 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2998 dir, NULL); 2999 3000 if (*mp == NULL || error != 0) /* filter may consume */ 3001 break; 3002 3003 if (pfil_member && ifp != NULL) 3004 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 3005 dir, NULL); 3006 3007 if (*mp == NULL || error != 0) /* filter may consume */ 3008 break; 3009 3010 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3011 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 3012 dir, NULL); 3013 break; 3014 #endif 3015 default: 3016 error = 0; 3017 break; 3018 } 3019 3020 if (*mp == NULL) 3021 return (error); 3022 if (error != 0) 3023 goto bad; 3024 3025 error = -1; 3026 3027 /* 3028 * Finally, put everything back the way it was and return 3029 */ 3030 if (snap) { 3031 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3032 if (*mp == NULL) 3033 return (error); 3034 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3035 } 3036 3037 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3038 if (*mp == NULL) 3039 return (error); 3040 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3041 3042 return (0); 3043 3044 bad: 3045 m_freem(*mp); 3046 *mp = NULL; 3047 return (error); 3048 } 3049 3050 /* 3051 * Perform basic checks on header size since 3052 * pfil assumes ip_input has already processed 3053 * it for it. Cut-and-pasted from ip_input.c. 3054 * Given how simple the IPv6 version is, 3055 * does the IPv4 version really need to be 3056 * this complicated? 3057 * 3058 * XXX Should we update ipstat here, or not? 3059 * XXX Right now we update ipstat but not 3060 * XXX csum_counter. 3061 */ 3062 static int 3063 bridge_ip_checkbasic(struct mbuf **mp) 3064 { 3065 struct mbuf *m = *mp; 3066 struct ip *ip; 3067 int len, hlen; 3068 u_short sum; 3069 3070 if (*mp == NULL) 3071 return (-1); 3072 3073 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3074 if ((m = m_copyup(m, sizeof(struct ip), 3075 (max_linkhdr + 3) & ~3)) == NULL) { 3076 /* XXXJRT new stat, please */ 3077 ipstat.ips_toosmall++; 3078 goto bad; 3079 } 3080 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3081 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3082 ipstat.ips_toosmall++; 3083 goto bad; 3084 } 3085 } 3086 ip = mtod(m, struct ip *); 3087 if (ip == NULL) goto bad; 3088 3089 if (ip->ip_v != IPVERSION) { 3090 ipstat.ips_badvers++; 3091 goto bad; 3092 } 3093 hlen = ip->ip_hl << 2; 3094 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3095 ipstat.ips_badhlen++; 3096 goto bad; 3097 } 3098 if (hlen > m->m_len) { 3099 if ((m = m_pullup(m, hlen)) == 0) { 3100 ipstat.ips_badhlen++; 3101 goto bad; 3102 } 3103 ip = mtod(m, struct ip *); 3104 if (ip == NULL) goto bad; 3105 } 3106 3107 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3108 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3109 } else { 3110 if (hlen == sizeof(struct ip)) { 3111 sum = in_cksum_hdr(ip); 3112 } else { 3113 sum = in_cksum(m, hlen); 3114 } 3115 } 3116 if (sum) { 3117 ipstat.ips_badsum++; 3118 goto bad; 3119 } 3120 3121 /* Retrieve the packet length. */ 3122 len = ntohs(ip->ip_len); 3123 3124 /* 3125 * Check for additional length bogosity 3126 */ 3127 if (len < hlen) { 3128 ipstat.ips_badlen++; 3129 goto bad; 3130 } 3131 3132 /* 3133 * Check that the amount of data in the buffers 3134 * is as at least much as the IP header would have us expect. 3135 * Drop packet if shorter than we expect. 3136 */ 3137 if (m->m_pkthdr.len < len) { 3138 ipstat.ips_tooshort++; 3139 goto bad; 3140 } 3141 3142 /* Checks out, proceed */ 3143 *mp = m; 3144 return (0); 3145 3146 bad: 3147 *mp = m; 3148 return (-1); 3149 } 3150 3151 #ifdef INET6 3152 /* 3153 * Same as above, but for IPv6. 3154 * Cut-and-pasted from ip6_input.c. 3155 * XXX Should we update ip6stat, or not? 3156 */ 3157 static int 3158 bridge_ip6_checkbasic(struct mbuf **mp) 3159 { 3160 struct mbuf *m = *mp; 3161 struct ip6_hdr *ip6; 3162 3163 /* 3164 * If the IPv6 header is not aligned, slurp it up into a new 3165 * mbuf with space for link headers, in the event we forward 3166 * it. Otherwise, if it is aligned, make sure the entire base 3167 * IPv6 header is in the first mbuf of the chain. 3168 */ 3169 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3170 struct ifnet *inifp = m->m_pkthdr.rcvif; 3171 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3172 (max_linkhdr + 3) & ~3)) == NULL) { 3173 /* XXXJRT new stat, please */ 3174 ip6stat.ip6s_toosmall++; 3175 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3176 goto bad; 3177 } 3178 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3179 struct ifnet *inifp = m->m_pkthdr.rcvif; 3180 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3181 ip6stat.ip6s_toosmall++; 3182 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3183 goto bad; 3184 } 3185 } 3186 3187 ip6 = mtod(m, struct ip6_hdr *); 3188 3189 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3190 ip6stat.ip6s_badvers++; 3191 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3192 goto bad; 3193 } 3194 3195 /* Checks out, proceed */ 3196 *mp = m; 3197 return (0); 3198 3199 bad: 3200 *mp = m; 3201 return (-1); 3202 } 3203 #endif /* INET6 */ 3204 3205 /* 3206 * bridge_fragment: 3207 * 3208 * Return a fragmented mbuf chain. 3209 */ 3210 static int 3211 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3212 int snap, struct llc *llc) 3213 { 3214 struct mbuf *m0; 3215 struct ip *ip; 3216 int error = -1; 3217 3218 if (m->m_len < sizeof(struct ip) && 3219 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3220 goto out; 3221 ip = mtod(m, struct ip *); 3222 3223 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3224 CSUM_DELAY_IP); 3225 if (error) 3226 goto out; 3227 3228 /* walk the chain and re-add the Ethernet header */ 3229 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3230 if (error == 0) { 3231 if (snap) { 3232 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3233 if (m0 == NULL) { 3234 error = ENOBUFS; 3235 continue; 3236 } 3237 bcopy(llc, mtod(m0, caddr_t), 3238 sizeof(struct llc)); 3239 } 3240 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3241 if (m0 == NULL) { 3242 error = ENOBUFS; 3243 continue; 3244 } 3245 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3246 } else 3247 m_freem(m); 3248 } 3249 3250 if (error == 0) 3251 ipstat.ips_fragmented++; 3252 3253 return (error); 3254 3255 out: 3256 if (m != NULL) 3257 m_freem(m); 3258 return (error); 3259 } 3260