1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/priv.h> 105 #include <sys/proc.h> 106 #include <sys/lock.h> 107 #include <sys/mutex.h> 108 109 #include <net/bpf.h> 110 #include <net/if.h> 111 #include <net/if_clone.h> 112 #include <net/if_dl.h> 113 #include <net/if_types.h> 114 #include <net/if_var.h> 115 #include <net/pfil.h> 116 117 #include <netinet/in.h> /* for struct arpcom */ 118 #include <netinet/in_systm.h> 119 #include <netinet/in_var.h> 120 #include <netinet/ip.h> 121 #include <netinet/ip_var.h> 122 #ifdef INET6 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 #endif 126 #ifdef DEV_CARP 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> /* for struct arpcom */ 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 135 #include <net/route.h> 136 #include <netinet/ip_fw.h> 137 #include <netinet/ip_dummynet.h> 138 139 /* 140 * Size of the route hash table. Must be a power of two. 141 */ 142 #ifndef BRIDGE_RTHASH_SIZE 143 #define BRIDGE_RTHASH_SIZE 1024 144 #endif 145 146 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 147 148 /* 149 * Maximum number of addresses to cache. 150 */ 151 #ifndef BRIDGE_RTABLE_MAX 152 #define BRIDGE_RTABLE_MAX 100 153 #endif 154 155 /* 156 * Timeout (in seconds) for entries learned dynamically. 157 */ 158 #ifndef BRIDGE_RTABLE_TIMEOUT 159 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 160 #endif 161 162 /* 163 * Number of seconds between walks of the route list. 164 */ 165 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 166 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 167 #endif 168 169 /* 170 * List of capabilities to mask on the member interface. 171 */ 172 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 173 174 /* 175 * Bridge interface list entry. 176 */ 177 struct bridge_iflist { 178 LIST_ENTRY(bridge_iflist) bif_next; 179 struct ifnet *bif_ifp; /* member if */ 180 struct bstp_port bif_stp; /* STP state */ 181 uint32_t bif_flags; /* member if flags */ 182 int bif_mutecap; /* member muted caps */ 183 }; 184 185 /* 186 * Bridge route node. 187 */ 188 struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct ifnet *brt_ifp; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195 }; 196 197 /* 198 * Software state for each bridge. 199 */ 200 struct bridge_softc { 201 struct ifnet *sc_ifp; /* make this an interface */ 202 LIST_ENTRY(bridge_softc) sc_list; 203 struct mtx sc_mtx; 204 struct cv sc_cv; 205 uint32_t sc_brtmax; /* max # of addresses */ 206 uint32_t sc_brtcnt; /* cur. # of addresses */ 207 uint32_t sc_brttimeout; /* rt timeout in seconds */ 208 struct callout sc_brcallout; /* bridge callout */ 209 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 210 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 211 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 212 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 213 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 214 uint32_t sc_rthash_key; /* key for hash */ 215 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 216 struct bstp_state sc_stp; /* STP state */ 217 uint32_t sc_brtexceeded; /* # of cache drops */ 218 }; 219 220 static struct mtx bridge_list_mtx; 221 eventhandler_tag bridge_detach_cookie = NULL; 222 223 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 224 225 uma_zone_t bridge_rtnode_zone; 226 227 static int bridge_clone_create(struct if_clone *, int, caddr_t); 228 static void bridge_clone_destroy(struct ifnet *); 229 230 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 231 static void bridge_mutecaps(struct bridge_iflist *, int); 232 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 233 static void bridge_init(void *); 234 static void bridge_dummynet(struct mbuf *, struct ifnet *); 235 static void bridge_stop(struct ifnet *, int); 236 static void bridge_start(struct ifnet *); 237 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 238 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 239 struct rtentry *); 240 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 241 struct mbuf *); 242 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 243 244 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 245 246 static void bridge_timer(void *); 247 248 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 249 struct mbuf *, int); 250 static void bridge_span(struct bridge_softc *, struct mbuf *); 251 252 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 253 struct bridge_iflist *, int, uint8_t); 254 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 255 static void bridge_rttrim(struct bridge_softc *); 256 static void bridge_rtage(struct bridge_softc *); 257 static void bridge_rtflush(struct bridge_softc *, int); 258 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 259 260 static int bridge_rtable_init(struct bridge_softc *); 261 static void bridge_rtable_fini(struct bridge_softc *); 262 263 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 264 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 265 const uint8_t *); 266 static int bridge_rtnode_insert(struct bridge_softc *, 267 struct bridge_rtnode *); 268 static void bridge_rtnode_destroy(struct bridge_softc *, 269 struct bridge_rtnode *); 270 static void bridge_rtable_expire(struct ifnet *, int); 271 static void bridge_state_change(struct ifnet *, int); 272 273 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 274 const char *name); 275 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 276 struct ifnet *ifp); 277 static void bridge_delete_member(struct bridge_softc *, 278 struct bridge_iflist *, int); 279 static void bridge_delete_span(struct bridge_softc *, 280 struct bridge_iflist *); 281 282 static int bridge_ioctl_add(struct bridge_softc *, void *); 283 static int bridge_ioctl_del(struct bridge_softc *, void *); 284 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 285 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 286 static int bridge_ioctl_scache(struct bridge_softc *, void *); 287 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 288 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 289 static int bridge_ioctl_rts(struct bridge_softc *, void *); 290 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 291 static int bridge_ioctl_sto(struct bridge_softc *, void *); 292 static int bridge_ioctl_gto(struct bridge_softc *, void *); 293 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 294 static int bridge_ioctl_flush(struct bridge_softc *, void *); 295 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 296 static int bridge_ioctl_spri(struct bridge_softc *, void *); 297 static int bridge_ioctl_ght(struct bridge_softc *, void *); 298 static int bridge_ioctl_sht(struct bridge_softc *, void *); 299 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 300 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 301 static int bridge_ioctl_gma(struct bridge_softc *, void *); 302 static int bridge_ioctl_sma(struct bridge_softc *, void *); 303 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 304 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 305 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 306 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 307 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 308 static int bridge_ioctl_grte(struct bridge_softc *, void *); 309 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 310 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 311 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 312 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 313 int); 314 static int bridge_ip_checkbasic(struct mbuf **mp); 315 #ifdef INET6 316 static int bridge_ip6_checkbasic(struct mbuf **mp); 317 #endif /* INET6 */ 318 static int bridge_fragment(struct ifnet *, struct mbuf *, 319 struct ether_header *, int, struct llc *); 320 321 SYSCTL_DECL(_net_link); 322 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 323 324 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 325 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 326 static int pfil_member = 1; /* run pfil hooks on the member interface */ 327 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 328 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 329 static int log_stp = 0; /* log STP state changes */ 330 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 331 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 332 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 333 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 334 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 335 &pfil_bridge, 0, "Packet filter on the bridge interface"); 336 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 337 &pfil_member, 0, "Packet filter on the member interface"); 338 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 339 &log_stp, 0, "Log STP state changes"); 340 341 struct bridge_control { 342 int (*bc_func)(struct bridge_softc *, void *); 343 int bc_argsize; 344 int bc_flags; 345 }; 346 347 #define BC_F_COPYIN 0x01 /* copy arguments in */ 348 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 349 #define BC_F_SUSER 0x04 /* do super-user check */ 350 351 const struct bridge_control bridge_control_table[] = { 352 { bridge_ioctl_add, sizeof(struct ifbreq), 353 BC_F_COPYIN|BC_F_SUSER }, 354 { bridge_ioctl_del, sizeof(struct ifbreq), 355 BC_F_COPYIN|BC_F_SUSER }, 356 357 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 358 BC_F_COPYIN|BC_F_COPYOUT }, 359 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_SUSER }, 361 362 { bridge_ioctl_scache, sizeof(struct ifbrparam), 363 BC_F_COPYIN|BC_F_SUSER }, 364 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 365 BC_F_COPYOUT }, 366 367 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 368 BC_F_COPYIN|BC_F_COPYOUT }, 369 { bridge_ioctl_rts, sizeof(struct ifbaconf), 370 BC_F_COPYIN|BC_F_COPYOUT }, 371 372 { bridge_ioctl_saddr, sizeof(struct ifbareq), 373 BC_F_COPYIN|BC_F_SUSER }, 374 375 { bridge_ioctl_sto, sizeof(struct ifbrparam), 376 BC_F_COPYIN|BC_F_SUSER }, 377 { bridge_ioctl_gto, sizeof(struct ifbrparam), 378 BC_F_COPYOUT }, 379 380 { bridge_ioctl_daddr, sizeof(struct ifbareq), 381 BC_F_COPYIN|BC_F_SUSER }, 382 383 { bridge_ioctl_flush, sizeof(struct ifbreq), 384 BC_F_COPYIN|BC_F_SUSER }, 385 386 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 387 BC_F_COPYOUT }, 388 { bridge_ioctl_spri, sizeof(struct ifbrparam), 389 BC_F_COPYIN|BC_F_SUSER }, 390 391 { bridge_ioctl_ght, sizeof(struct ifbrparam), 392 BC_F_COPYOUT }, 393 { bridge_ioctl_sht, sizeof(struct ifbrparam), 394 BC_F_COPYIN|BC_F_SUSER }, 395 396 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 397 BC_F_COPYOUT }, 398 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 399 BC_F_COPYIN|BC_F_SUSER }, 400 401 { bridge_ioctl_gma, sizeof(struct ifbrparam), 402 BC_F_COPYOUT }, 403 { bridge_ioctl_sma, sizeof(struct ifbrparam), 404 BC_F_COPYIN|BC_F_SUSER }, 405 406 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 407 BC_F_COPYIN|BC_F_SUSER }, 408 409 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 410 BC_F_COPYIN|BC_F_SUSER }, 411 412 { bridge_ioctl_addspan, sizeof(struct ifbreq), 413 BC_F_COPYIN|BC_F_SUSER }, 414 { bridge_ioctl_delspan, sizeof(struct ifbreq), 415 BC_F_COPYIN|BC_F_SUSER }, 416 417 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 418 BC_F_COPYOUT }, 419 420 { bridge_ioctl_grte, sizeof(struct ifbrparam), 421 BC_F_COPYOUT }, 422 423 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 424 BC_F_COPYIN|BC_F_COPYOUT }, 425 426 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 427 BC_F_COPYIN|BC_F_SUSER }, 428 429 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 430 BC_F_COPYIN|BC_F_SUSER }, 431 }; 432 const int bridge_control_table_size = 433 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 434 435 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 436 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 437 438 LIST_HEAD(, bridge_softc) bridge_list; 439 440 IFC_SIMPLE_DECLARE(bridge, 0); 441 442 static int 443 bridge_modevent(module_t mod, int type, void *data) 444 { 445 446 switch (type) { 447 case MOD_LOAD: 448 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 449 if_clone_attach(&bridge_cloner); 450 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 451 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 452 UMA_ALIGN_PTR, 0); 453 LIST_INIT(&bridge_list); 454 bridge_input_p = bridge_input; 455 bridge_output_p = bridge_output; 456 bridge_dn_p = bridge_dummynet; 457 bstp_linkstate_p = bstp_linkstate; 458 bridge_detach_cookie = EVENTHANDLER_REGISTER( 459 ifnet_departure_event, bridge_ifdetach, NULL, 460 EVENTHANDLER_PRI_ANY); 461 break; 462 case MOD_UNLOAD: 463 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 464 bridge_detach_cookie); 465 if_clone_detach(&bridge_cloner); 466 uma_zdestroy(bridge_rtnode_zone); 467 bridge_input_p = NULL; 468 bridge_output_p = NULL; 469 bridge_dn_p = NULL; 470 bstp_linkstate_p = NULL; 471 mtx_destroy(&bridge_list_mtx); 472 break; 473 default: 474 return (EOPNOTSUPP); 475 } 476 return (0); 477 } 478 479 static moduledata_t bridge_mod = { 480 "if_bridge", 481 bridge_modevent, 482 0 483 }; 484 485 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 486 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 487 488 /* 489 * handler for net.link.bridge.pfil_ipfw 490 */ 491 static int 492 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 493 { 494 int enable = pfil_ipfw; 495 int error; 496 497 error = sysctl_handle_int(oidp, &enable, 0, req); 498 enable = (enable) ? 1 : 0; 499 500 if (enable != pfil_ipfw) { 501 pfil_ipfw = enable; 502 503 /* 504 * Disable pfil so that ipfw doesnt run twice, if the user 505 * really wants both then they can re-enable pfil_bridge and/or 506 * pfil_member. Also allow non-ip packets as ipfw can filter by 507 * layer2 type. 508 */ 509 if (pfil_ipfw) { 510 pfil_onlyip = 0; 511 pfil_bridge = 0; 512 pfil_member = 0; 513 } 514 } 515 516 return (error); 517 } 518 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 519 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 520 521 /* 522 * bridge_clone_create: 523 * 524 * Create a new bridge instance. 525 */ 526 static int 527 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 528 { 529 struct bridge_softc *sc, *sc2; 530 struct ifnet *bifp, *ifp; 531 u_char eaddr[6]; 532 int retry; 533 534 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 535 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 536 if (ifp == NULL) { 537 free(sc, M_DEVBUF); 538 return (ENOSPC); 539 } 540 541 BRIDGE_LOCK_INIT(sc); 542 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 543 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 544 545 /* Initialize our routing table. */ 546 bridge_rtable_init(sc); 547 548 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 549 550 LIST_INIT(&sc->sc_iflist); 551 LIST_INIT(&sc->sc_spanlist); 552 553 ifp->if_softc = sc; 554 if_initname(ifp, ifc->ifc_name, unit); 555 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 556 ifp->if_ioctl = bridge_ioctl; 557 ifp->if_start = bridge_start; 558 ifp->if_init = bridge_init; 559 ifp->if_type = IFT_BRIDGE; 560 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 561 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 562 IFQ_SET_READY(&ifp->if_snd); 563 564 /* 565 * Generate a random ethernet address with a locally administered 566 * address. 567 * 568 * Since we are using random ethernet addresses for the bridge, it is 569 * possible that we might have address collisions, so make sure that 570 * this hardware address isn't already in use on another bridge. 571 */ 572 for (retry = 1; retry != 0;) { 573 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 574 eaddr[0] &= ~1; /* clear multicast bit */ 575 eaddr[0] |= 2; /* set the LAA bit */ 576 retry = 0; 577 mtx_lock(&bridge_list_mtx); 578 LIST_FOREACH(sc2, &bridge_list, sc_list) { 579 bifp = sc2->sc_ifp; 580 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 581 retry = 1; 582 } 583 mtx_unlock(&bridge_list_mtx); 584 } 585 586 bstp_attach(&sc->sc_stp, bridge_state_change, bridge_rtable_expire); 587 ether_ifattach(ifp, eaddr); 588 /* Now undo some of the damage... */ 589 ifp->if_baudrate = 0; 590 ifp->if_type = IFT_BRIDGE; 591 592 mtx_lock(&bridge_list_mtx); 593 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 594 mtx_unlock(&bridge_list_mtx); 595 596 return (0); 597 } 598 599 /* 600 * bridge_clone_destroy: 601 * 602 * Destroy a bridge instance. 603 */ 604 static void 605 bridge_clone_destroy(struct ifnet *ifp) 606 { 607 struct bridge_softc *sc = ifp->if_softc; 608 struct bridge_iflist *bif; 609 610 BRIDGE_LOCK(sc); 611 612 bridge_stop(ifp, 1); 613 ifp->if_flags &= ~IFF_UP; 614 615 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 616 bridge_delete_member(sc, bif, 0); 617 618 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 619 bridge_delete_span(sc, bif); 620 } 621 622 BRIDGE_UNLOCK(sc); 623 624 callout_drain(&sc->sc_brcallout); 625 626 mtx_lock(&bridge_list_mtx); 627 LIST_REMOVE(sc, sc_list); 628 mtx_unlock(&bridge_list_mtx); 629 630 bstp_detach(&sc->sc_stp); 631 ether_ifdetach(ifp); 632 if_free_type(ifp, IFT_ETHER); 633 634 /* Tear down the routing table. */ 635 bridge_rtable_fini(sc); 636 637 BRIDGE_LOCK_DESTROY(sc); 638 free(sc, M_DEVBUF); 639 } 640 641 /* 642 * bridge_ioctl: 643 * 644 * Handle a control request from the operator. 645 */ 646 static int 647 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 648 { 649 struct bridge_softc *sc = ifp->if_softc; 650 struct thread *td = curthread; 651 union { 652 struct ifbreq ifbreq; 653 struct ifbifconf ifbifconf; 654 struct ifbareq ifbareq; 655 struct ifbaconf ifbaconf; 656 struct ifbrparam ifbrparam; 657 struct ifbropreq ifbropreq; 658 } args; 659 struct ifdrv *ifd = (struct ifdrv *) data; 660 const struct bridge_control *bc; 661 int error = 0; 662 663 BRIDGE_LOCK(sc); 664 665 switch (cmd) { 666 667 case SIOCADDMULTI: 668 case SIOCDELMULTI: 669 break; 670 671 case SIOCGDRVSPEC: 672 case SIOCSDRVSPEC: 673 if (ifd->ifd_cmd >= bridge_control_table_size) { 674 error = EINVAL; 675 break; 676 } 677 bc = &bridge_control_table[ifd->ifd_cmd]; 678 679 if (cmd == SIOCGDRVSPEC && 680 (bc->bc_flags & BC_F_COPYOUT) == 0) { 681 error = EINVAL; 682 break; 683 } 684 else if (cmd == SIOCSDRVSPEC && 685 (bc->bc_flags & BC_F_COPYOUT) != 0) { 686 error = EINVAL; 687 break; 688 } 689 690 if (bc->bc_flags & BC_F_SUSER) { 691 error = priv_check(td, PRIV_NET_BRIDGE); 692 if (error) 693 break; 694 } 695 696 if (ifd->ifd_len != bc->bc_argsize || 697 ifd->ifd_len > sizeof(args)) { 698 error = EINVAL; 699 break; 700 } 701 702 bzero(&args, sizeof(args)); 703 if (bc->bc_flags & BC_F_COPYIN) { 704 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 705 if (error) 706 break; 707 } 708 709 error = (*bc->bc_func)(sc, &args); 710 if (error) 711 break; 712 713 if (bc->bc_flags & BC_F_COPYOUT) 714 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 715 716 break; 717 718 case SIOCSIFFLAGS: 719 if (!(ifp->if_flags & IFF_UP) && 720 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 721 /* 722 * If interface is marked down and it is running, 723 * then stop and disable it. 724 */ 725 bridge_stop(ifp, 1); 726 } else if ((ifp->if_flags & IFF_UP) && 727 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 728 /* 729 * If interface is marked up and it is stopped, then 730 * start it. 731 */ 732 BRIDGE_UNLOCK(sc); 733 (*ifp->if_init)(sc); 734 } 735 break; 736 737 case SIOCSIFMTU: 738 /* Do not allow the MTU to be changed on the bridge */ 739 error = EINVAL; 740 break; 741 742 default: 743 /* 744 * drop the lock as ether_ioctl() will call bridge_start() and 745 * cause the lock to be recursed. 746 */ 747 BRIDGE_UNLOCK(sc); 748 error = ether_ioctl(ifp, cmd, data); 749 break; 750 } 751 752 if (BRIDGE_LOCKED(sc)) 753 BRIDGE_UNLOCK(sc); 754 755 return (error); 756 } 757 758 /* 759 * bridge_mutecaps: 760 * 761 * Clear or restore unwanted capabilities on the member interface 762 */ 763 static void 764 bridge_mutecaps(struct bridge_iflist *bif, int mute) 765 { 766 struct ifnet *ifp = bif->bif_ifp; 767 struct ifreq ifr; 768 int error; 769 770 if (ifp->if_ioctl == NULL) 771 return; 772 773 bzero(&ifr, sizeof(ifr)); 774 ifr.ifr_reqcap = ifp->if_capenable; 775 776 if (mute) { 777 /* mask off and save capabilities */ 778 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 779 if (bif->bif_mutecap != 0) 780 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 781 } else 782 /* restore muted capabilities */ 783 ifr.ifr_reqcap |= bif->bif_mutecap; 784 785 786 if (bif->bif_mutecap != 0) { 787 IFF_LOCKGIANT(ifp); 788 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 789 IFF_UNLOCKGIANT(ifp); 790 } 791 } 792 793 /* 794 * bridge_lookup_member: 795 * 796 * Lookup a bridge member interface. 797 */ 798 static struct bridge_iflist * 799 bridge_lookup_member(struct bridge_softc *sc, const char *name) 800 { 801 struct bridge_iflist *bif; 802 struct ifnet *ifp; 803 804 BRIDGE_LOCK_ASSERT(sc); 805 806 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 807 ifp = bif->bif_ifp; 808 if (strcmp(ifp->if_xname, name) == 0) 809 return (bif); 810 } 811 812 return (NULL); 813 } 814 815 /* 816 * bridge_lookup_member_if: 817 * 818 * Lookup a bridge member interface by ifnet*. 819 */ 820 static struct bridge_iflist * 821 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 822 { 823 struct bridge_iflist *bif; 824 825 BRIDGE_LOCK_ASSERT(sc); 826 827 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 828 if (bif->bif_ifp == member_ifp) 829 return (bif); 830 } 831 832 return (NULL); 833 } 834 835 /* 836 * bridge_delete_member: 837 * 838 * Delete the specified member interface. 839 */ 840 static void 841 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 842 int gone) 843 { 844 struct ifnet *ifs = bif->bif_ifp; 845 846 BRIDGE_LOCK_ASSERT(sc); 847 848 if (!gone) { 849 switch (ifs->if_type) { 850 case IFT_ETHER: 851 case IFT_L2VLAN: 852 /* 853 * Take the interface out of promiscuous mode. 854 */ 855 (void) ifpromisc(ifs, 0); 856 bridge_mutecaps(bif, 0); 857 break; 858 859 case IFT_GIF: 860 break; 861 862 default: 863 #ifdef DIAGNOSTIC 864 panic("bridge_delete_member: impossible"); 865 #endif 866 break; 867 } 868 } 869 870 if (bif->bif_flags & IFBIF_STP) 871 bstp_disable(&bif->bif_stp); 872 873 ifs->if_bridge = NULL; 874 BRIDGE_XLOCK(sc); 875 LIST_REMOVE(bif, bif_next); 876 BRIDGE_XDROP(sc); 877 878 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 879 880 BRIDGE_UNLOCK(sc); 881 bstp_destroy(&bif->bif_stp); /* prepare to free */ 882 BRIDGE_LOCK(sc); 883 free(bif, M_DEVBUF); 884 } 885 886 /* 887 * bridge_delete_span: 888 * 889 * Delete the specified span interface. 890 */ 891 static void 892 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 893 { 894 BRIDGE_LOCK_ASSERT(sc); 895 896 KASSERT(bif->bif_ifp->if_bridge == NULL, 897 ("%s: not a span interface", __func__)); 898 899 LIST_REMOVE(bif, bif_next); 900 free(bif, M_DEVBUF); 901 } 902 903 static int 904 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 905 { 906 struct ifbreq *req = arg; 907 struct bridge_iflist *bif = NULL; 908 struct ifnet *ifs; 909 int error = 0; 910 911 ifs = ifunit(req->ifbr_ifsname); 912 if (ifs == NULL) 913 return (ENOENT); 914 915 /* If it's in the span list, it can't be a member. */ 916 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 917 if (ifs == bif->bif_ifp) 918 return (EBUSY); 919 920 /* Allow the first Ethernet member to define the MTU */ 921 if (ifs->if_type != IFT_GIF) { 922 if (LIST_EMPTY(&sc->sc_iflist)) 923 sc->sc_ifp->if_mtu = ifs->if_mtu; 924 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 925 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 926 ifs->if_xname); 927 return (EINVAL); 928 } 929 } 930 931 if (ifs->if_bridge == sc) 932 return (EEXIST); 933 934 if (ifs->if_bridge != NULL) 935 return (EBUSY); 936 937 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 938 if (bif == NULL) 939 return (ENOMEM); 940 941 bif->bif_ifp = ifs; 942 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 943 944 switch (ifs->if_type) { 945 case IFT_ETHER: 946 case IFT_L2VLAN: 947 /* 948 * Place the interface into promiscuous mode. 949 */ 950 error = ifpromisc(ifs, 1); 951 if (error) 952 goto out; 953 954 bridge_mutecaps(bif, 1); 955 break; 956 957 case IFT_GIF: 958 break; 959 960 default: 961 error = EINVAL; 962 goto out; 963 } 964 965 ifs->if_bridge = sc; 966 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 967 /* 968 * XXX: XLOCK HERE!?! 969 * 970 * NOTE: insert_***HEAD*** should be safe for the traversals. 971 */ 972 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 973 974 out: 975 if (error) { 976 if (bif != NULL) 977 free(bif, M_DEVBUF); 978 } 979 return (error); 980 } 981 982 static int 983 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 984 { 985 struct ifbreq *req = arg; 986 struct bridge_iflist *bif; 987 988 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 989 if (bif == NULL) 990 return (ENOENT); 991 992 bridge_delete_member(sc, bif, 0); 993 994 return (0); 995 } 996 997 static int 998 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 999 { 1000 struct ifbreq *req = arg; 1001 struct bridge_iflist *bif; 1002 struct bstp_port *bp; 1003 1004 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1005 if (bif == NULL) 1006 return (ENOENT); 1007 1008 bp = &bif->bif_stp; 1009 req->ifbr_ifsflags = bif->bif_flags; 1010 req->ifbr_state = bp->bp_state; 1011 req->ifbr_priority = bp->bp_priority; 1012 req->ifbr_path_cost = bp->bp_path_cost; 1013 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1014 req->ifbr_proto = bp->bp_protover; 1015 req->ifbr_role = bp->bp_role; 1016 req->ifbr_stpflags = bp->bp_flags; 1017 1018 /* Copy STP state options as flags */ 1019 if (bp->bp_operedge) 1020 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1021 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1022 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1023 if (bp->bp_ptp_link) 1024 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1025 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1026 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1027 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1028 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1029 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1030 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1031 return (0); 1032 } 1033 1034 static int 1035 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1036 { 1037 struct ifbreq *req = arg; 1038 struct bridge_iflist *bif; 1039 struct bstp_port *bp; 1040 int error; 1041 1042 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1043 if (bif == NULL) 1044 return (ENOENT); 1045 bp = &bif->bif_stp; 1046 1047 if (req->ifbr_ifsflags & IFBIF_SPAN) 1048 /* SPAN is readonly */ 1049 return (EINVAL); 1050 1051 if (req->ifbr_ifsflags & IFBIF_STP) { 1052 if ((bif->bif_flags & IFBIF_STP) == 0) { 1053 error = bstp_enable(&bif->bif_stp); 1054 if (error) 1055 return (error); 1056 } 1057 } else { 1058 if ((bif->bif_flags & IFBIF_STP) != 0) 1059 bstp_disable(&bif->bif_stp); 1060 } 1061 1062 /* Pass on STP flags */ 1063 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1064 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1065 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1066 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1067 1068 /* Save the bits relating to the bridge */ 1069 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1070 1071 return (0); 1072 } 1073 1074 static int 1075 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1076 { 1077 struct ifbrparam *param = arg; 1078 1079 sc->sc_brtmax = param->ifbrp_csize; 1080 bridge_rttrim(sc); 1081 1082 return (0); 1083 } 1084 1085 static int 1086 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1087 { 1088 struct ifbrparam *param = arg; 1089 1090 param->ifbrp_csize = sc->sc_brtmax; 1091 1092 return (0); 1093 } 1094 1095 static int 1096 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1097 { 1098 struct ifbifconf *bifc = arg; 1099 struct bridge_iflist *bif; 1100 struct ifbreq breq; 1101 int count, len, error = 0; 1102 1103 count = 0; 1104 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1105 count++; 1106 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1107 count++; 1108 1109 if (bifc->ifbic_len == 0) { 1110 bifc->ifbic_len = sizeof(breq) * count; 1111 return (0); 1112 } 1113 1114 count = 0; 1115 len = bifc->ifbic_len; 1116 bzero(&breq, sizeof(breq)); 1117 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1118 if (len < sizeof(breq)) 1119 break; 1120 1121 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1122 sizeof(breq.ifbr_ifsname)); 1123 /* Fill in the ifbreq structure */ 1124 error = bridge_ioctl_gifflags(sc, &breq); 1125 if (error) 1126 break; 1127 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1128 if (error) 1129 break; 1130 count++; 1131 len -= sizeof(breq); 1132 } 1133 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1134 if (len < sizeof(breq)) 1135 break; 1136 1137 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1138 sizeof(breq.ifbr_ifsname)); 1139 breq.ifbr_ifsflags = bif->bif_flags; 1140 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1141 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1142 if (error) 1143 break; 1144 count++; 1145 len -= sizeof(breq); 1146 } 1147 1148 bifc->ifbic_len = sizeof(breq) * count; 1149 return (error); 1150 } 1151 1152 static int 1153 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1154 { 1155 struct ifbaconf *bac = arg; 1156 struct bridge_rtnode *brt; 1157 struct ifbareq bareq; 1158 int count = 0, error = 0, len; 1159 1160 if (bac->ifbac_len == 0) 1161 return (0); 1162 1163 len = bac->ifbac_len; 1164 bzero(&bareq, sizeof(bareq)); 1165 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1166 if (len < sizeof(bareq)) 1167 goto out; 1168 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1169 sizeof(bareq.ifba_ifsname)); 1170 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1171 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1172 time_uptime < brt->brt_expire) 1173 bareq.ifba_expire = brt->brt_expire - time_uptime; 1174 else 1175 bareq.ifba_expire = 0; 1176 bareq.ifba_flags = brt->brt_flags; 1177 1178 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1179 if (error) 1180 goto out; 1181 count++; 1182 len -= sizeof(bareq); 1183 } 1184 out: 1185 bac->ifbac_len = sizeof(bareq) * count; 1186 return (error); 1187 } 1188 1189 static int 1190 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1191 { 1192 struct ifbareq *req = arg; 1193 struct bridge_iflist *bif; 1194 int error; 1195 1196 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1197 if (bif == NULL) 1198 return (ENOENT); 1199 1200 error = bridge_rtupdate(sc, req->ifba_dst, bif, 1, 1201 req->ifba_flags); 1202 1203 return (error); 1204 } 1205 1206 static int 1207 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1208 { 1209 struct ifbrparam *param = arg; 1210 1211 sc->sc_brttimeout = param->ifbrp_ctime; 1212 return (0); 1213 } 1214 1215 static int 1216 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1217 { 1218 struct ifbrparam *param = arg; 1219 1220 param->ifbrp_ctime = sc->sc_brttimeout; 1221 return (0); 1222 } 1223 1224 static int 1225 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1226 { 1227 struct ifbareq *req = arg; 1228 1229 return (bridge_rtdaddr(sc, req->ifba_dst)); 1230 } 1231 1232 static int 1233 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1234 { 1235 struct ifbreq *req = arg; 1236 1237 bridge_rtflush(sc, req->ifbr_ifsflags); 1238 return (0); 1239 } 1240 1241 static int 1242 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1243 { 1244 struct ifbrparam *param = arg; 1245 struct bstp_state *bs = &sc->sc_stp; 1246 1247 param->ifbrp_prio = bs->bs_bridge_priority; 1248 return (0); 1249 } 1250 1251 static int 1252 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1253 { 1254 struct ifbrparam *param = arg; 1255 1256 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1257 } 1258 1259 static int 1260 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1261 { 1262 struct ifbrparam *param = arg; 1263 struct bstp_state *bs = &sc->sc_stp; 1264 1265 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1266 return (0); 1267 } 1268 1269 static int 1270 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1271 { 1272 struct ifbrparam *param = arg; 1273 1274 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1275 } 1276 1277 static int 1278 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1279 { 1280 struct ifbrparam *param = arg; 1281 struct bstp_state *bs = &sc->sc_stp; 1282 1283 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1284 return (0); 1285 } 1286 1287 static int 1288 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1289 { 1290 struct ifbrparam *param = arg; 1291 1292 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1293 } 1294 1295 static int 1296 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1297 { 1298 struct ifbrparam *param = arg; 1299 struct bstp_state *bs = &sc->sc_stp; 1300 1301 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1302 return (0); 1303 } 1304 1305 static int 1306 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1307 { 1308 struct ifbrparam *param = arg; 1309 1310 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1311 } 1312 1313 static int 1314 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1315 { 1316 struct ifbreq *req = arg; 1317 struct bridge_iflist *bif; 1318 1319 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1320 if (bif == NULL) 1321 return (ENOENT); 1322 1323 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1324 } 1325 1326 static int 1327 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1328 { 1329 struct ifbreq *req = arg; 1330 struct bridge_iflist *bif; 1331 1332 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1333 if (bif == NULL) 1334 return (ENOENT); 1335 1336 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1337 } 1338 1339 static int 1340 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1341 { 1342 struct ifbreq *req = arg; 1343 struct bridge_iflist *bif = NULL; 1344 struct ifnet *ifs; 1345 1346 ifs = ifunit(req->ifbr_ifsname); 1347 if (ifs == NULL) 1348 return (ENOENT); 1349 1350 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1351 if (ifs == bif->bif_ifp) 1352 return (EBUSY); 1353 1354 if (ifs->if_bridge != NULL) 1355 return (EBUSY); 1356 1357 switch (ifs->if_type) { 1358 case IFT_ETHER: 1359 case IFT_GIF: 1360 case IFT_L2VLAN: 1361 break; 1362 default: 1363 return (EINVAL); 1364 } 1365 1366 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1367 if (bif == NULL) 1368 return (ENOMEM); 1369 1370 bif->bif_ifp = ifs; 1371 bif->bif_flags = IFBIF_SPAN; 1372 1373 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1374 1375 return (0); 1376 } 1377 1378 static int 1379 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1380 { 1381 struct ifbreq *req = arg; 1382 struct bridge_iflist *bif; 1383 struct ifnet *ifs; 1384 1385 ifs = ifunit(req->ifbr_ifsname); 1386 if (ifs == NULL) 1387 return (ENOENT); 1388 1389 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1390 if (ifs == bif->bif_ifp) 1391 break; 1392 1393 if (bif == NULL) 1394 return (ENOENT); 1395 1396 bridge_delete_span(sc, bif); 1397 1398 return (0); 1399 } 1400 1401 static int 1402 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1403 { 1404 struct ifbropreq *req = arg; 1405 struct bstp_state *bs = &sc->sc_stp; 1406 struct bstp_port *root_port; 1407 1408 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1409 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1410 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1411 1412 root_port = bs->bs_root_port; 1413 if (root_port == NULL) 1414 req->ifbop_root_port = 0; 1415 else 1416 req->ifbop_root_port = root_port->bp_ifp->if_index; 1417 1418 req->ifbop_holdcount = bs->bs_txholdcount; 1419 req->ifbop_priority = bs->bs_bridge_priority; 1420 req->ifbop_protocol = bs->bs_protover; 1421 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1422 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1423 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1424 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1425 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1426 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1427 1428 return (0); 1429 } 1430 1431 static int 1432 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1433 { 1434 struct ifbrparam *param = arg; 1435 1436 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1437 return (0); 1438 } 1439 1440 static int 1441 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1442 { 1443 struct ifbpstpconf *bifstp = arg; 1444 struct bridge_iflist *bif; 1445 struct bstp_port *bp; 1446 struct ifbpstpreq bpreq; 1447 int count, len, error = 0; 1448 1449 count = 0; 1450 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1451 if ((bif->bif_flags & IFBIF_STP) != 0) 1452 count++; 1453 } 1454 1455 if (bifstp->ifbpstp_len == 0) { 1456 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1457 return (0); 1458 } 1459 1460 count = 0; 1461 len = bifstp->ifbpstp_len; 1462 bzero(&bpreq, sizeof(bpreq)); 1463 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1464 if (len < sizeof(bpreq)) 1465 break; 1466 1467 if ((bif->bif_flags & IFBIF_STP) == 0) 1468 continue; 1469 1470 bp = &bif->bif_stp; 1471 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1472 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1473 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1474 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1475 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1476 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1477 1478 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1479 sizeof(bpreq)); 1480 if (error != 0) 1481 break; 1482 1483 count++; 1484 len -= sizeof(bpreq); 1485 } 1486 1487 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1488 return (error); 1489 } 1490 1491 static int 1492 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1493 { 1494 struct ifbrparam *param = arg; 1495 1496 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1497 } 1498 1499 static int 1500 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1501 { 1502 struct ifbrparam *param = arg; 1503 1504 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1505 } 1506 1507 /* 1508 * bridge_ifdetach: 1509 * 1510 * Detach an interface from a bridge. Called when a member 1511 * interface is detaching. 1512 */ 1513 static void 1514 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1515 { 1516 struct bridge_softc *sc = ifp->if_bridge; 1517 struct bridge_iflist *bif; 1518 1519 /* Check if the interface is a bridge member */ 1520 if (sc != NULL) { 1521 BRIDGE_LOCK(sc); 1522 1523 bif = bridge_lookup_member_if(sc, ifp); 1524 if (bif != NULL) 1525 bridge_delete_member(sc, bif, 1); 1526 1527 BRIDGE_UNLOCK(sc); 1528 return; 1529 } 1530 1531 /* Check if the interface is a span port */ 1532 mtx_lock(&bridge_list_mtx); 1533 LIST_FOREACH(sc, &bridge_list, sc_list) { 1534 BRIDGE_LOCK(sc); 1535 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1536 if (ifp == bif->bif_ifp) { 1537 bridge_delete_span(sc, bif); 1538 break; 1539 } 1540 1541 BRIDGE_UNLOCK(sc); 1542 } 1543 mtx_unlock(&bridge_list_mtx); 1544 } 1545 1546 /* 1547 * bridge_init: 1548 * 1549 * Initialize a bridge interface. 1550 */ 1551 static void 1552 bridge_init(void *xsc) 1553 { 1554 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1555 struct ifnet *ifp = sc->sc_ifp; 1556 1557 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1558 return; 1559 1560 BRIDGE_LOCK(sc); 1561 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1562 bridge_timer, sc); 1563 1564 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1565 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1566 1567 BRIDGE_UNLOCK(sc); 1568 } 1569 1570 /* 1571 * bridge_stop: 1572 * 1573 * Stop the bridge interface. 1574 */ 1575 static void 1576 bridge_stop(struct ifnet *ifp, int disable) 1577 { 1578 struct bridge_softc *sc = ifp->if_softc; 1579 1580 BRIDGE_LOCK_ASSERT(sc); 1581 1582 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1583 return; 1584 1585 callout_stop(&sc->sc_brcallout); 1586 bstp_stop(&sc->sc_stp); 1587 1588 bridge_rtflush(sc, IFBF_FLUSHDYN); 1589 1590 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1591 } 1592 1593 /* 1594 * bridge_enqueue: 1595 * 1596 * Enqueue a packet on a bridge member interface. 1597 * 1598 */ 1599 static void 1600 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1601 { 1602 int len, err = 0; 1603 short mflags; 1604 struct mbuf *m0; 1605 1606 len = m->m_pkthdr.len; 1607 mflags = m->m_flags; 1608 1609 /* We may be sending a fragment so traverse the mbuf */ 1610 for (; m; m = m0) { 1611 m0 = m->m_nextpkt; 1612 m->m_nextpkt = NULL; 1613 1614 if (err == 0) 1615 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1616 } 1617 1618 if (err == 0) { 1619 1620 sc->sc_ifp->if_opackets++; 1621 sc->sc_ifp->if_obytes += len; 1622 1623 dst_ifp->if_obytes += len; 1624 1625 if (mflags & M_MCAST) { 1626 sc->sc_ifp->if_omcasts++; 1627 dst_ifp->if_omcasts++; 1628 } 1629 } 1630 1631 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1632 (*dst_ifp->if_start)(dst_ifp); 1633 } 1634 1635 /* 1636 * bridge_dummynet: 1637 * 1638 * Receive a queued packet from dummynet and pass it on to the output 1639 * interface. 1640 * 1641 * The mbuf has the Ethernet header already attached. 1642 */ 1643 static void 1644 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1645 { 1646 struct bridge_softc *sc; 1647 1648 sc = ifp->if_bridge; 1649 1650 /* 1651 * The packet didnt originate from a member interface. This should only 1652 * ever happen if a member interface is removed while packets are 1653 * queued for it. 1654 */ 1655 if (sc == NULL) { 1656 m_freem(m); 1657 return; 1658 } 1659 1660 if (PFIL_HOOKED(&inet_pfil_hook) 1661 #ifdef INET6 1662 || PFIL_HOOKED(&inet6_pfil_hook) 1663 #endif 1664 ) { 1665 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1666 return; 1667 if (m == NULL) 1668 return; 1669 } 1670 1671 bridge_enqueue(sc, ifp, m); 1672 } 1673 1674 /* 1675 * bridge_output: 1676 * 1677 * Send output from a bridge member interface. This 1678 * performs the bridging function for locally originated 1679 * packets. 1680 * 1681 * The mbuf has the Ethernet header already attached. We must 1682 * enqueue or free the mbuf before returning. 1683 */ 1684 static int 1685 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1686 struct rtentry *rt) 1687 { 1688 struct ether_header *eh; 1689 struct ifnet *dst_if; 1690 struct bridge_softc *sc; 1691 1692 if (m->m_len < ETHER_HDR_LEN) { 1693 m = m_pullup(m, ETHER_HDR_LEN); 1694 if (m == NULL) 1695 return (0); 1696 } 1697 1698 eh = mtod(m, struct ether_header *); 1699 sc = ifp->if_bridge; 1700 1701 BRIDGE_LOCK(sc); 1702 1703 /* 1704 * If bridge is down, but the original output interface is up, 1705 * go ahead and send out that interface. Otherwise, the packet 1706 * is dropped below. 1707 */ 1708 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1709 dst_if = ifp; 1710 goto sendunicast; 1711 } 1712 1713 /* 1714 * If the packet is a multicast, or we don't know a better way to 1715 * get there, send to all interfaces. 1716 */ 1717 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1718 dst_if = NULL; 1719 else 1720 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1721 if (dst_if == NULL) { 1722 struct bridge_iflist *bif; 1723 struct mbuf *mc; 1724 int error = 0, used = 0; 1725 1726 bridge_span(sc, m); 1727 1728 BRIDGE_LOCK2REF(sc, error); 1729 if (error) { 1730 m_freem(m); 1731 return (0); 1732 } 1733 1734 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1735 dst_if = bif->bif_ifp; 1736 1737 if (dst_if->if_type == IFT_GIF) 1738 continue; 1739 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1740 continue; 1741 1742 /* 1743 * If this is not the original output interface, 1744 * and the interface is participating in spanning 1745 * tree, make sure the port is in a state that 1746 * allows forwarding. 1747 */ 1748 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1749 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1750 continue; 1751 1752 if (LIST_NEXT(bif, bif_next) == NULL) { 1753 used = 1; 1754 mc = m; 1755 } else { 1756 mc = m_copypacket(m, M_DONTWAIT); 1757 if (mc == NULL) { 1758 sc->sc_ifp->if_oerrors++; 1759 continue; 1760 } 1761 } 1762 1763 bridge_enqueue(sc, dst_if, mc); 1764 } 1765 if (used == 0) 1766 m_freem(m); 1767 BRIDGE_UNREF(sc); 1768 return (0); 1769 } 1770 1771 sendunicast: 1772 /* 1773 * XXX Spanning tree consideration here? 1774 */ 1775 1776 bridge_span(sc, m); 1777 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1778 m_freem(m); 1779 BRIDGE_UNLOCK(sc); 1780 return (0); 1781 } 1782 1783 BRIDGE_UNLOCK(sc); 1784 bridge_enqueue(sc, dst_if, m); 1785 return (0); 1786 } 1787 1788 /* 1789 * bridge_start: 1790 * 1791 * Start output on a bridge. 1792 * 1793 */ 1794 static void 1795 bridge_start(struct ifnet *ifp) 1796 { 1797 struct bridge_softc *sc; 1798 struct mbuf *m; 1799 struct ether_header *eh; 1800 struct ifnet *dst_if; 1801 1802 sc = ifp->if_softc; 1803 1804 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1805 for (;;) { 1806 IFQ_DEQUEUE(&ifp->if_snd, m); 1807 if (m == 0) 1808 break; 1809 BPF_MTAP(ifp, m); 1810 1811 eh = mtod(m, struct ether_header *); 1812 dst_if = NULL; 1813 1814 BRIDGE_LOCK(sc); 1815 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1816 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1817 } 1818 1819 if (dst_if == NULL) 1820 bridge_broadcast(sc, ifp, m, 0); 1821 else { 1822 BRIDGE_UNLOCK(sc); 1823 bridge_enqueue(sc, dst_if, m); 1824 } 1825 } 1826 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1827 } 1828 1829 /* 1830 * bridge_forward: 1831 * 1832 * The forwarding function of the bridge. 1833 * 1834 * NOTE: Releases the lock on return. 1835 */ 1836 static void 1837 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1838 { 1839 struct bridge_iflist *bif; 1840 struct ifnet *src_if, *dst_if, *ifp; 1841 struct ether_header *eh; 1842 1843 src_if = m->m_pkthdr.rcvif; 1844 ifp = sc->sc_ifp; 1845 1846 sc->sc_ifp->if_ipackets++; 1847 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1848 1849 /* 1850 * Look up the bridge_iflist. 1851 */ 1852 bif = bridge_lookup_member_if(sc, src_if); 1853 if (bif == NULL) { 1854 /* Interface is not a bridge member (anymore?) */ 1855 BRIDGE_UNLOCK(sc); 1856 m_freem(m); 1857 return; 1858 } 1859 1860 if ((bif->bif_flags & IFBIF_STP) && 1861 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1862 BRIDGE_UNLOCK(sc); 1863 m_freem(m); 1864 return; 1865 } 1866 1867 eh = mtod(m, struct ether_header *); 1868 1869 /* 1870 * If the interface is learning, and the source 1871 * address is valid and not multicast, record 1872 * the address. 1873 */ 1874 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1875 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1876 (eh->ether_shost[0] == 0 && 1877 eh->ether_shost[1] == 0 && 1878 eh->ether_shost[2] == 0 && 1879 eh->ether_shost[3] == 0 && 1880 eh->ether_shost[4] == 0 && 1881 eh->ether_shost[5] == 0) == 0) { 1882 (void) bridge_rtupdate(sc, eh->ether_shost, 1883 bif, 0, IFBAF_DYNAMIC); 1884 } 1885 1886 if ((bif->bif_flags & IFBIF_STP) != 0 && 1887 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1888 m_freem(m); 1889 BRIDGE_UNLOCK(sc); 1890 return; 1891 } 1892 1893 /* 1894 * At this point, the port either doesn't participate 1895 * in spanning tree or it is in the forwarding state. 1896 */ 1897 1898 /* 1899 * If the packet is unicast, destined for someone on 1900 * "this" side of the bridge, drop it. 1901 */ 1902 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1903 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1904 if (src_if == dst_if) { 1905 BRIDGE_UNLOCK(sc); 1906 m_freem(m); 1907 return; 1908 } 1909 } else { 1910 /* ...forward it to all interfaces. */ 1911 sc->sc_ifp->if_imcasts++; 1912 dst_if = NULL; 1913 } 1914 1915 /* 1916 * If we have a destination interface which is a member of our bridge, 1917 * OR this is a unicast packet, push it through the bpf(4) machinery. 1918 * For broadcast or multicast packets, don't bother because it will 1919 * be reinjected into ether_input. We do this before we pass the packets 1920 * through the pfil(9) framework, as it is possible that pfil(9) will 1921 * drop the packet, or possibly modify it, making it difficult to debug 1922 * firewall issues on the bridge. 1923 */ 1924 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1925 BPF_MTAP(ifp, m); 1926 1927 /* run the packet filter */ 1928 if (PFIL_HOOKED(&inet_pfil_hook) 1929 #ifdef INET6 1930 || PFIL_HOOKED(&inet6_pfil_hook) 1931 #endif 1932 ) { 1933 BRIDGE_UNLOCK(sc); 1934 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1935 return; 1936 if (m == NULL) 1937 return; 1938 BRIDGE_LOCK(sc); 1939 } 1940 1941 if (dst_if == NULL) { 1942 bridge_broadcast(sc, src_if, m, 1); 1943 return; 1944 } 1945 1946 /* 1947 * At this point, we're dealing with a unicast frame 1948 * going to a different interface. 1949 */ 1950 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1951 BRIDGE_UNLOCK(sc); 1952 m_freem(m); 1953 return; 1954 } 1955 bif = bridge_lookup_member_if(sc, dst_if); 1956 if (bif == NULL) { 1957 /* Not a member of the bridge (anymore?) */ 1958 BRIDGE_UNLOCK(sc); 1959 m_freem(m); 1960 return; 1961 } 1962 1963 if ((bif->bif_flags & IFBIF_STP) && 1964 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1965 BRIDGE_UNLOCK(sc); 1966 m_freem(m); 1967 return; 1968 } 1969 1970 BRIDGE_UNLOCK(sc); 1971 1972 if (PFIL_HOOKED(&inet_pfil_hook) 1973 #ifdef INET6 1974 || PFIL_HOOKED(&inet6_pfil_hook) 1975 #endif 1976 ) { 1977 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1978 return; 1979 if (m == NULL) 1980 return; 1981 } 1982 1983 bridge_enqueue(sc, dst_if, m); 1984 } 1985 1986 /* 1987 * bridge_input: 1988 * 1989 * Receive input from a member interface. Queue the packet for 1990 * bridging if it is not for us. 1991 */ 1992 static struct mbuf * 1993 bridge_input(struct ifnet *ifp, struct mbuf *m) 1994 { 1995 struct bridge_softc *sc = ifp->if_bridge; 1996 struct bridge_iflist *bif, *bif2; 1997 struct ifnet *bifp; 1998 struct ether_header *eh; 1999 struct mbuf *mc, *mc2; 2000 2001 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2002 return (m); 2003 2004 bifp = sc->sc_ifp; 2005 2006 /* 2007 * Implement support for bridge monitoring. If this flag has been 2008 * set on this interface, discard the packet once we push it through 2009 * the bpf(4) machinery, but before we do, increment the byte and 2010 * packet counters associated with this interface. 2011 */ 2012 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2013 m->m_pkthdr.rcvif = bifp; 2014 BPF_MTAP(bifp, m); 2015 bifp->if_ipackets++; 2016 bifp->if_ibytes += m->m_pkthdr.len; 2017 m_freem(m); 2018 return (NULL); 2019 } 2020 BRIDGE_LOCK(sc); 2021 bif = bridge_lookup_member_if(sc, ifp); 2022 if (bif == NULL) { 2023 BRIDGE_UNLOCK(sc); 2024 return (m); 2025 } 2026 2027 eh = mtod(m, struct ether_header *); 2028 2029 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2030 ETHER_ADDR_LEN) == 0) { 2031 /* 2032 * If the packet is for us, set the packets source as the 2033 * bridge, and return the packet back to ether_input for 2034 * local processing. 2035 */ 2036 2037 /* Note where to send the reply to */ 2038 if (bif->bif_flags & IFBIF_LEARNING) 2039 (void) bridge_rtupdate(sc, 2040 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2041 2042 /* Mark the packet as arriving on the bridge interface */ 2043 m->m_pkthdr.rcvif = bifp; 2044 BPF_MTAP(bifp, m); 2045 bifp->if_ipackets++; 2046 2047 BRIDGE_UNLOCK(sc); 2048 return (m); 2049 } 2050 2051 bridge_span(sc, m); 2052 2053 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 2054 /* Tap off 802.1D packets; they do not get forwarded. */ 2055 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2056 ETHER_ADDR_LEN) == 0) { 2057 m = bstp_input(&bif->bif_stp, ifp, m); 2058 if (m == NULL) { 2059 BRIDGE_UNLOCK(sc); 2060 return (NULL); 2061 } 2062 } 2063 2064 if ((bif->bif_flags & IFBIF_STP) && 2065 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2066 BRIDGE_UNLOCK(sc); 2067 return (m); 2068 } 2069 2070 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 2071 sizeof(etherbroadcastaddr)) == 0) 2072 m->m_flags |= M_BCAST; 2073 else 2074 m->m_flags |= M_MCAST; 2075 2076 /* 2077 * Make a deep copy of the packet and enqueue the copy 2078 * for bridge processing; return the original packet for 2079 * local processing. 2080 */ 2081 mc = m_dup(m, M_DONTWAIT); 2082 if (mc == NULL) { 2083 BRIDGE_UNLOCK(sc); 2084 return (m); 2085 } 2086 2087 /* Perform the bridge forwarding function with the copy. */ 2088 bridge_forward(sc, mc); 2089 2090 /* 2091 * Reinject the mbuf as arriving on the bridge so we have a 2092 * chance at claiming multicast packets. We can not loop back 2093 * here from ether_input as a bridge is never a member of a 2094 * bridge. 2095 */ 2096 KASSERT(bifp->if_bridge == NULL, 2097 ("loop created in bridge_input")); 2098 mc2 = m_dup(m, M_DONTWAIT); 2099 if (mc2 != NULL) { 2100 /* Keep the layer3 header aligned */ 2101 int i = min(mc2->m_pkthdr.len, max_protohdr); 2102 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2103 } 2104 if (mc2 != NULL) { 2105 mc2->m_pkthdr.rcvif = bifp; 2106 (*bifp->if_input)(bifp, mc2); 2107 } 2108 2109 /* Return the original packet for local processing. */ 2110 return (m); 2111 } 2112 2113 if ((bif->bif_flags & IFBIF_STP) && 2114 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2115 BRIDGE_UNLOCK(sc); 2116 return (m); 2117 } 2118 2119 /* 2120 * Unicast. Make sure it's not for us. 2121 */ 2122 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2123 if (bif2->bif_ifp->if_type == IFT_GIF) 2124 continue; 2125 /* It is destined for us. */ 2126 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_dhost, 2127 ETHER_ADDR_LEN) == 0 2128 #ifdef DEV_CARP 2129 || (bif2->bif_ifp->if_carp 2130 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_dhost)) 2131 #endif 2132 ) { 2133 if (bif->bif_flags & IFBIF_LEARNING) 2134 (void) bridge_rtupdate(sc, 2135 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2136 m->m_pkthdr.rcvif = bif2->bif_ifp; 2137 BRIDGE_UNLOCK(sc); 2138 return (m); 2139 } 2140 2141 /* We just received a packet that we sent out. */ 2142 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_shost, 2143 ETHER_ADDR_LEN) == 0 2144 #ifdef DEV_CARP 2145 || (bif2->bif_ifp->if_carp 2146 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_shost)) 2147 #endif 2148 ) { 2149 BRIDGE_UNLOCK(sc); 2150 m_freem(m); 2151 return (NULL); 2152 } 2153 } 2154 2155 /* Perform the bridge forwarding function. */ 2156 bridge_forward(sc, m); 2157 2158 return (NULL); 2159 } 2160 2161 /* 2162 * bridge_broadcast: 2163 * 2164 * Send a frame to all interfaces that are members of 2165 * the bridge, except for the one on which the packet 2166 * arrived. 2167 * 2168 * NOTE: Releases the lock on return. 2169 */ 2170 static void 2171 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2172 struct mbuf *m, int runfilt) 2173 { 2174 struct bridge_iflist *bif; 2175 struct mbuf *mc; 2176 struct ifnet *dst_if; 2177 int error = 0, used = 0, i; 2178 2179 BRIDGE_LOCK2REF(sc, error); 2180 if (error) { 2181 m_freem(m); 2182 return; 2183 } 2184 2185 /* Filter on the bridge interface before broadcasting */ 2186 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2187 #ifdef INET6 2188 || PFIL_HOOKED(&inet6_pfil_hook) 2189 #endif 2190 )) { 2191 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2192 goto out; 2193 if (m == NULL) 2194 goto out; 2195 } 2196 2197 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2198 dst_if = bif->bif_ifp; 2199 if (dst_if == src_if) 2200 continue; 2201 2202 if ((bif->bif_flags & IFBIF_STP) && 2203 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2204 continue; 2205 2206 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2207 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2208 continue; 2209 2210 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2211 continue; 2212 2213 if (LIST_NEXT(bif, bif_next) == NULL) { 2214 mc = m; 2215 used = 1; 2216 } else { 2217 mc = m_dup(m, M_DONTWAIT); 2218 if (mc == NULL) { 2219 sc->sc_ifp->if_oerrors++; 2220 continue; 2221 } 2222 } 2223 2224 /* 2225 * Filter on the output interface. Pass a NULL bridge interface 2226 * pointer so we do not redundantly filter on the bridge for 2227 * each interface we broadcast on. 2228 */ 2229 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2230 #ifdef INET6 2231 || PFIL_HOOKED(&inet6_pfil_hook) 2232 #endif 2233 )) { 2234 if (used == 0) { 2235 /* Keep the layer3 header aligned */ 2236 i = min(mc->m_pkthdr.len, max_protohdr); 2237 mc = m_copyup(mc, i, ETHER_ALIGN); 2238 if (mc == NULL) { 2239 sc->sc_ifp->if_oerrors++; 2240 continue; 2241 } 2242 } 2243 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2244 continue; 2245 if (mc == NULL) 2246 continue; 2247 } 2248 2249 bridge_enqueue(sc, dst_if, mc); 2250 } 2251 if (used == 0) 2252 m_freem(m); 2253 2254 out: 2255 BRIDGE_UNREF(sc); 2256 } 2257 2258 /* 2259 * bridge_span: 2260 * 2261 * Duplicate a packet out one or more interfaces that are in span mode, 2262 * the original mbuf is unmodified. 2263 */ 2264 static void 2265 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2266 { 2267 struct bridge_iflist *bif; 2268 struct ifnet *dst_if; 2269 struct mbuf *mc; 2270 2271 if (LIST_EMPTY(&sc->sc_spanlist)) 2272 return; 2273 2274 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2275 dst_if = bif->bif_ifp; 2276 2277 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2278 continue; 2279 2280 mc = m_copypacket(m, M_DONTWAIT); 2281 if (mc == NULL) { 2282 sc->sc_ifp->if_oerrors++; 2283 continue; 2284 } 2285 2286 bridge_enqueue(sc, dst_if, mc); 2287 } 2288 } 2289 2290 /* 2291 * bridge_rtupdate: 2292 * 2293 * Add a bridge routing entry. 2294 */ 2295 static int 2296 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2297 struct bridge_iflist *bif, int setflags, uint8_t flags) 2298 { 2299 struct bridge_rtnode *brt; 2300 struct ifnet *dst_if = bif->bif_ifp; 2301 int error; 2302 2303 BRIDGE_LOCK_ASSERT(sc); 2304 2305 /* 2306 * A route for this destination might already exist. If so, 2307 * update it, otherwise create a new one. 2308 */ 2309 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2310 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2311 sc->sc_brtexceeded++; 2312 return (ENOSPC); 2313 } 2314 2315 /* 2316 * Allocate a new bridge forwarding node, and 2317 * initialize the expiration time and Ethernet 2318 * address. 2319 */ 2320 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2321 if (brt == NULL) 2322 return (ENOMEM); 2323 2324 if (bif->bif_flags & IFBIF_STICKY) 2325 brt->brt_flags = IFBAF_STICKY; 2326 else 2327 brt->brt_flags = IFBAF_DYNAMIC; 2328 2329 brt->brt_ifp = dst_if; 2330 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2331 2332 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2333 uma_zfree(bridge_rtnode_zone, brt); 2334 return (error); 2335 } 2336 } 2337 2338 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2339 brt->brt_ifp = dst_if; 2340 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2341 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2342 if (setflags) 2343 brt->brt_flags = flags; 2344 2345 return (0); 2346 } 2347 2348 /* 2349 * bridge_rtlookup: 2350 * 2351 * Lookup the destination interface for an address. 2352 */ 2353 static struct ifnet * 2354 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2355 { 2356 struct bridge_rtnode *brt; 2357 2358 BRIDGE_LOCK_ASSERT(sc); 2359 2360 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2361 return (NULL); 2362 2363 return (brt->brt_ifp); 2364 } 2365 2366 /* 2367 * bridge_rttrim: 2368 * 2369 * Trim the routine table so that we have a number 2370 * of routing entries less than or equal to the 2371 * maximum number. 2372 */ 2373 static void 2374 bridge_rttrim(struct bridge_softc *sc) 2375 { 2376 struct bridge_rtnode *brt, *nbrt; 2377 2378 BRIDGE_LOCK_ASSERT(sc); 2379 2380 /* Make sure we actually need to do this. */ 2381 if (sc->sc_brtcnt <= sc->sc_brtmax) 2382 return; 2383 2384 /* Force an aging cycle; this might trim enough addresses. */ 2385 bridge_rtage(sc); 2386 if (sc->sc_brtcnt <= sc->sc_brtmax) 2387 return; 2388 2389 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2390 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2391 bridge_rtnode_destroy(sc, brt); 2392 if (sc->sc_brtcnt <= sc->sc_brtmax) 2393 return; 2394 } 2395 } 2396 } 2397 2398 /* 2399 * bridge_timer: 2400 * 2401 * Aging timer for the bridge. 2402 */ 2403 static void 2404 bridge_timer(void *arg) 2405 { 2406 struct bridge_softc *sc = arg; 2407 2408 BRIDGE_LOCK_ASSERT(sc); 2409 2410 bridge_rtage(sc); 2411 2412 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2413 callout_reset(&sc->sc_brcallout, 2414 bridge_rtable_prune_period * hz, bridge_timer, sc); 2415 } 2416 2417 /* 2418 * bridge_rtage: 2419 * 2420 * Perform an aging cycle. 2421 */ 2422 static void 2423 bridge_rtage(struct bridge_softc *sc) 2424 { 2425 struct bridge_rtnode *brt, *nbrt; 2426 2427 BRIDGE_LOCK_ASSERT(sc); 2428 2429 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2430 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2431 if (time_uptime >= brt->brt_expire) 2432 bridge_rtnode_destroy(sc, brt); 2433 } 2434 } 2435 } 2436 2437 /* 2438 * bridge_rtflush: 2439 * 2440 * Remove all dynamic addresses from the bridge. 2441 */ 2442 static void 2443 bridge_rtflush(struct bridge_softc *sc, int full) 2444 { 2445 struct bridge_rtnode *brt, *nbrt; 2446 2447 BRIDGE_LOCK_ASSERT(sc); 2448 2449 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2450 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2451 bridge_rtnode_destroy(sc, brt); 2452 } 2453 } 2454 2455 /* 2456 * bridge_rtdaddr: 2457 * 2458 * Remove an address from the table. 2459 */ 2460 static int 2461 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2462 { 2463 struct bridge_rtnode *brt; 2464 2465 BRIDGE_LOCK_ASSERT(sc); 2466 2467 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2468 return (ENOENT); 2469 2470 bridge_rtnode_destroy(sc, brt); 2471 return (0); 2472 } 2473 2474 /* 2475 * bridge_rtdelete: 2476 * 2477 * Delete routes to a speicifc member interface. 2478 */ 2479 static void 2480 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2481 { 2482 struct bridge_rtnode *brt, *nbrt; 2483 2484 BRIDGE_LOCK_ASSERT(sc); 2485 2486 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2487 if (brt->brt_ifp == ifp && (full || 2488 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2489 bridge_rtnode_destroy(sc, brt); 2490 } 2491 } 2492 2493 /* 2494 * bridge_rtable_init: 2495 * 2496 * Initialize the route table for this bridge. 2497 */ 2498 static int 2499 bridge_rtable_init(struct bridge_softc *sc) 2500 { 2501 int i; 2502 2503 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2504 M_DEVBUF, M_NOWAIT); 2505 if (sc->sc_rthash == NULL) 2506 return (ENOMEM); 2507 2508 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2509 LIST_INIT(&sc->sc_rthash[i]); 2510 2511 sc->sc_rthash_key = arc4random(); 2512 2513 LIST_INIT(&sc->sc_rtlist); 2514 2515 return (0); 2516 } 2517 2518 /* 2519 * bridge_rtable_fini: 2520 * 2521 * Deconstruct the route table for this bridge. 2522 */ 2523 static void 2524 bridge_rtable_fini(struct bridge_softc *sc) 2525 { 2526 2527 free(sc->sc_rthash, M_DEVBUF); 2528 } 2529 2530 /* 2531 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2532 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2533 */ 2534 #define mix(a, b, c) \ 2535 do { \ 2536 a -= b; a -= c; a ^= (c >> 13); \ 2537 b -= c; b -= a; b ^= (a << 8); \ 2538 c -= a; c -= b; c ^= (b >> 13); \ 2539 a -= b; a -= c; a ^= (c >> 12); \ 2540 b -= c; b -= a; b ^= (a << 16); \ 2541 c -= a; c -= b; c ^= (b >> 5); \ 2542 a -= b; a -= c; a ^= (c >> 3); \ 2543 b -= c; b -= a; b ^= (a << 10); \ 2544 c -= a; c -= b; c ^= (b >> 15); \ 2545 } while (/*CONSTCOND*/0) 2546 2547 static __inline uint32_t 2548 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2549 { 2550 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2551 2552 b += addr[5] << 8; 2553 b += addr[4]; 2554 a += addr[3] << 24; 2555 a += addr[2] << 16; 2556 a += addr[1] << 8; 2557 a += addr[0]; 2558 2559 mix(a, b, c); 2560 2561 return (c & BRIDGE_RTHASH_MASK); 2562 } 2563 2564 #undef mix 2565 2566 static int 2567 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2568 { 2569 int i, d; 2570 2571 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2572 d = ((int)a[i]) - ((int)b[i]); 2573 } 2574 2575 return (d); 2576 } 2577 2578 /* 2579 * bridge_rtnode_lookup: 2580 * 2581 * Look up a bridge route node for the specified destination. 2582 */ 2583 static struct bridge_rtnode * 2584 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2585 { 2586 struct bridge_rtnode *brt; 2587 uint32_t hash; 2588 int dir; 2589 2590 BRIDGE_LOCK_ASSERT(sc); 2591 2592 hash = bridge_rthash(sc, addr); 2593 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2594 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2595 if (dir == 0) 2596 return (brt); 2597 if (dir > 0) 2598 return (NULL); 2599 } 2600 2601 return (NULL); 2602 } 2603 2604 /* 2605 * bridge_rtnode_insert: 2606 * 2607 * Insert the specified bridge node into the route table. We 2608 * assume the entry is not already in the table. 2609 */ 2610 static int 2611 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2612 { 2613 struct bridge_rtnode *lbrt; 2614 uint32_t hash; 2615 int dir; 2616 2617 BRIDGE_LOCK_ASSERT(sc); 2618 2619 hash = bridge_rthash(sc, brt->brt_addr); 2620 2621 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2622 if (lbrt == NULL) { 2623 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2624 goto out; 2625 } 2626 2627 do { 2628 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2629 if (dir == 0) 2630 return (EEXIST); 2631 if (dir > 0) { 2632 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2633 goto out; 2634 } 2635 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2636 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2637 goto out; 2638 } 2639 lbrt = LIST_NEXT(lbrt, brt_hash); 2640 } while (lbrt != NULL); 2641 2642 #ifdef DIAGNOSTIC 2643 panic("bridge_rtnode_insert: impossible"); 2644 #endif 2645 2646 out: 2647 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2648 sc->sc_brtcnt++; 2649 2650 return (0); 2651 } 2652 2653 /* 2654 * bridge_rtnode_destroy: 2655 * 2656 * Destroy a bridge rtnode. 2657 */ 2658 static void 2659 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2660 { 2661 BRIDGE_LOCK_ASSERT(sc); 2662 2663 LIST_REMOVE(brt, brt_hash); 2664 2665 LIST_REMOVE(brt, brt_list); 2666 sc->sc_brtcnt--; 2667 uma_zfree(bridge_rtnode_zone, brt); 2668 } 2669 2670 /* 2671 * bridge_rtable_expire: 2672 * 2673 * Set the expiry time for all routes on an interface. 2674 */ 2675 static void 2676 bridge_rtable_expire(struct ifnet *ifp, int age) 2677 { 2678 struct bridge_softc *sc = ifp->if_bridge; 2679 struct bridge_rtnode *brt; 2680 2681 BRIDGE_LOCK(sc); 2682 2683 /* 2684 * If the age is zero then flush, otherwise set all the expiry times to 2685 * age for the interface 2686 */ 2687 if (age == 0) 2688 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2689 else { 2690 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2691 /* Cap the expiry time to 'age' */ 2692 if (brt->brt_ifp == ifp && 2693 brt->brt_expire > time_uptime + age && 2694 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2695 brt->brt_expire = time_uptime + age; 2696 } 2697 } 2698 BRIDGE_UNLOCK(sc); 2699 } 2700 2701 /* 2702 * bridge_state_change: 2703 * 2704 * Callback from the bridgestp code when a port changes states. 2705 */ 2706 static void 2707 bridge_state_change(struct ifnet *ifp, int state) 2708 { 2709 struct bridge_softc *sc = ifp->if_bridge; 2710 static const char *stpstates[] = { 2711 "disabled", 2712 "listening", 2713 "learning", 2714 "forwarding", 2715 "blocking", 2716 "discarding" 2717 }; 2718 2719 if (log_stp) 2720 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2721 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2722 } 2723 2724 /* 2725 * Send bridge packets through pfil if they are one of the types pfil can deal 2726 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2727 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2728 * that interface. 2729 */ 2730 static int 2731 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2732 { 2733 int snap, error, i, hlen; 2734 struct ether_header *eh1, eh2; 2735 struct ip_fw_args args; 2736 struct ip *ip; 2737 struct llc llc1; 2738 u_int16_t ether_type; 2739 2740 snap = 0; 2741 error = -1; /* Default error if not error == 0 */ 2742 2743 /* we may return with the IP fields swapped, ensure its not shared */ 2744 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2745 2746 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2747 return (0); /* filtering is disabled */ 2748 2749 i = min((*mp)->m_pkthdr.len, max_protohdr); 2750 if ((*mp)->m_len < i) { 2751 *mp = m_pullup(*mp, i); 2752 if (*mp == NULL) { 2753 printf("%s: m_pullup failed\n", __func__); 2754 return (-1); 2755 } 2756 } 2757 2758 eh1 = mtod(*mp, struct ether_header *); 2759 ether_type = ntohs(eh1->ether_type); 2760 2761 /* 2762 * Check for SNAP/LLC. 2763 */ 2764 if (ether_type < ETHERMTU) { 2765 struct llc *llc2 = (struct llc *)(eh1 + 1); 2766 2767 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2768 llc2->llc_dsap == LLC_SNAP_LSAP && 2769 llc2->llc_ssap == LLC_SNAP_LSAP && 2770 llc2->llc_control == LLC_UI) { 2771 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2772 snap = 1; 2773 } 2774 } 2775 2776 /* 2777 * If we're trying to filter bridge traffic, don't look at anything 2778 * other than IP and ARP traffic. If the filter doesn't understand 2779 * IPv6, don't allow IPv6 through the bridge either. This is lame 2780 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2781 * but of course we don't have an AppleTalk filter to begin with. 2782 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2783 * ARP traffic.) 2784 */ 2785 switch (ether_type) { 2786 case ETHERTYPE_ARP: 2787 case ETHERTYPE_REVARP: 2788 if (pfil_ipfw_arp == 0) 2789 return (0); /* Automatically pass */ 2790 break; 2791 2792 case ETHERTYPE_IP: 2793 #ifdef INET6 2794 case ETHERTYPE_IPV6: 2795 #endif /* INET6 */ 2796 break; 2797 default: 2798 /* 2799 * Check to see if the user wants to pass non-ip 2800 * packets, these will not be checked by pfil(9) and 2801 * passed unconditionally so the default is to drop. 2802 */ 2803 if (pfil_onlyip) 2804 goto bad; 2805 } 2806 2807 /* Strip off the Ethernet header and keep a copy. */ 2808 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2809 m_adj(*mp, ETHER_HDR_LEN); 2810 2811 /* Strip off snap header, if present */ 2812 if (snap) { 2813 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2814 m_adj(*mp, sizeof(struct llc)); 2815 } 2816 2817 /* 2818 * Check the IP header for alignment and errors 2819 */ 2820 if (dir == PFIL_IN) { 2821 switch (ether_type) { 2822 case ETHERTYPE_IP: 2823 error = bridge_ip_checkbasic(mp); 2824 break; 2825 #ifdef INET6 2826 case ETHERTYPE_IPV6: 2827 error = bridge_ip6_checkbasic(mp); 2828 break; 2829 #endif /* INET6 */ 2830 default: 2831 error = 0; 2832 } 2833 if (error) 2834 goto bad; 2835 } 2836 2837 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2838 error = -1; 2839 args.rule = ip_dn_claim_rule(*mp); 2840 if (args.rule != NULL && fw_one_pass) 2841 goto ipfwpass; /* packet already partially processed */ 2842 2843 args.m = *mp; 2844 args.oif = ifp; 2845 args.next_hop = NULL; 2846 args.eh = &eh2; 2847 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2848 i = ip_fw_chk_ptr(&args); 2849 *mp = args.m; 2850 2851 if (*mp == NULL) 2852 return (error); 2853 2854 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2855 2856 /* put the Ethernet header back on */ 2857 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2858 if (*mp == NULL) 2859 return (error); 2860 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2861 2862 /* 2863 * Pass the pkt to dummynet, which consumes it. The 2864 * packet will return to us via bridge_dummynet(). 2865 */ 2866 args.oif = ifp; 2867 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2868 return (error); 2869 } 2870 2871 if (i != IP_FW_PASS) /* drop */ 2872 goto bad; 2873 } 2874 2875 ipfwpass: 2876 error = 0; 2877 2878 /* 2879 * Run the packet through pfil 2880 */ 2881 switch (ether_type) { 2882 case ETHERTYPE_IP: 2883 /* 2884 * before calling the firewall, swap fields the same as 2885 * IP does. here we assume the header is contiguous 2886 */ 2887 ip = mtod(*mp, struct ip *); 2888 2889 ip->ip_len = ntohs(ip->ip_len); 2890 ip->ip_off = ntohs(ip->ip_off); 2891 2892 /* 2893 * Run pfil on the member interface and the bridge, both can 2894 * be skipped by clearing pfil_member or pfil_bridge. 2895 * 2896 * Keep the order: 2897 * in_if -> bridge_if -> out_if 2898 */ 2899 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2900 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2901 dir, NULL); 2902 2903 if (*mp == NULL || error != 0) /* filter may consume */ 2904 break; 2905 2906 if (pfil_member && ifp != NULL) 2907 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2908 dir, NULL); 2909 2910 if (*mp == NULL || error != 0) /* filter may consume */ 2911 break; 2912 2913 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2914 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2915 dir, NULL); 2916 2917 if (*mp == NULL || error != 0) /* filter may consume */ 2918 break; 2919 2920 /* check if we need to fragment the packet */ 2921 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2922 i = (*mp)->m_pkthdr.len; 2923 if (i > ifp->if_mtu) { 2924 error = bridge_fragment(ifp, *mp, &eh2, snap, 2925 &llc1); 2926 return (error); 2927 } 2928 } 2929 2930 /* Recalculate the ip checksum and restore byte ordering */ 2931 ip = mtod(*mp, struct ip *); 2932 hlen = ip->ip_hl << 2; 2933 if (hlen < sizeof(struct ip)) 2934 goto bad; 2935 if (hlen > (*mp)->m_len) { 2936 if ((*mp = m_pullup(*mp, hlen)) == 0) 2937 goto bad; 2938 ip = mtod(*mp, struct ip *); 2939 if (ip == NULL) 2940 goto bad; 2941 } 2942 ip->ip_len = htons(ip->ip_len); 2943 ip->ip_off = htons(ip->ip_off); 2944 ip->ip_sum = 0; 2945 if (hlen == sizeof(struct ip)) 2946 ip->ip_sum = in_cksum_hdr(ip); 2947 else 2948 ip->ip_sum = in_cksum(*mp, hlen); 2949 2950 break; 2951 #ifdef INET6 2952 case ETHERTYPE_IPV6: 2953 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2954 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2955 dir, NULL); 2956 2957 if (*mp == NULL || error != 0) /* filter may consume */ 2958 break; 2959 2960 if (pfil_member && ifp != NULL) 2961 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2962 dir, NULL); 2963 2964 if (*mp == NULL || error != 0) /* filter may consume */ 2965 break; 2966 2967 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2968 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2969 dir, NULL); 2970 break; 2971 #endif 2972 default: 2973 error = 0; 2974 break; 2975 } 2976 2977 if (*mp == NULL) 2978 return (error); 2979 if (error != 0) 2980 goto bad; 2981 2982 error = -1; 2983 2984 /* 2985 * Finally, put everything back the way it was and return 2986 */ 2987 if (snap) { 2988 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2989 if (*mp == NULL) 2990 return (error); 2991 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2992 } 2993 2994 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2995 if (*mp == NULL) 2996 return (error); 2997 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2998 2999 return (0); 3000 3001 bad: 3002 m_freem(*mp); 3003 *mp = NULL; 3004 return (error); 3005 } 3006 3007 /* 3008 * Perform basic checks on header size since 3009 * pfil assumes ip_input has already processed 3010 * it for it. Cut-and-pasted from ip_input.c. 3011 * Given how simple the IPv6 version is, 3012 * does the IPv4 version really need to be 3013 * this complicated? 3014 * 3015 * XXX Should we update ipstat here, or not? 3016 * XXX Right now we update ipstat but not 3017 * XXX csum_counter. 3018 */ 3019 static int 3020 bridge_ip_checkbasic(struct mbuf **mp) 3021 { 3022 struct mbuf *m = *mp; 3023 struct ip *ip; 3024 int len, hlen; 3025 u_short sum; 3026 3027 if (*mp == NULL) 3028 return (-1); 3029 3030 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3031 if ((m = m_copyup(m, sizeof(struct ip), 3032 (max_linkhdr + 3) & ~3)) == NULL) { 3033 /* XXXJRT new stat, please */ 3034 ipstat.ips_toosmall++; 3035 goto bad; 3036 } 3037 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3038 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3039 ipstat.ips_toosmall++; 3040 goto bad; 3041 } 3042 } 3043 ip = mtod(m, struct ip *); 3044 if (ip == NULL) goto bad; 3045 3046 if (ip->ip_v != IPVERSION) { 3047 ipstat.ips_badvers++; 3048 goto bad; 3049 } 3050 hlen = ip->ip_hl << 2; 3051 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3052 ipstat.ips_badhlen++; 3053 goto bad; 3054 } 3055 if (hlen > m->m_len) { 3056 if ((m = m_pullup(m, hlen)) == 0) { 3057 ipstat.ips_badhlen++; 3058 goto bad; 3059 } 3060 ip = mtod(m, struct ip *); 3061 if (ip == NULL) goto bad; 3062 } 3063 3064 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3065 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3066 } else { 3067 if (hlen == sizeof(struct ip)) { 3068 sum = in_cksum_hdr(ip); 3069 } else { 3070 sum = in_cksum(m, hlen); 3071 } 3072 } 3073 if (sum) { 3074 ipstat.ips_badsum++; 3075 goto bad; 3076 } 3077 3078 /* Retrieve the packet length. */ 3079 len = ntohs(ip->ip_len); 3080 3081 /* 3082 * Check for additional length bogosity 3083 */ 3084 if (len < hlen) { 3085 ipstat.ips_badlen++; 3086 goto bad; 3087 } 3088 3089 /* 3090 * Check that the amount of data in the buffers 3091 * is as at least much as the IP header would have us expect. 3092 * Drop packet if shorter than we expect. 3093 */ 3094 if (m->m_pkthdr.len < len) { 3095 ipstat.ips_tooshort++; 3096 goto bad; 3097 } 3098 3099 /* Checks out, proceed */ 3100 *mp = m; 3101 return (0); 3102 3103 bad: 3104 *mp = m; 3105 return (-1); 3106 } 3107 3108 #ifdef INET6 3109 /* 3110 * Same as above, but for IPv6. 3111 * Cut-and-pasted from ip6_input.c. 3112 * XXX Should we update ip6stat, or not? 3113 */ 3114 static int 3115 bridge_ip6_checkbasic(struct mbuf **mp) 3116 { 3117 struct mbuf *m = *mp; 3118 struct ip6_hdr *ip6; 3119 3120 /* 3121 * If the IPv6 header is not aligned, slurp it up into a new 3122 * mbuf with space for link headers, in the event we forward 3123 * it. Otherwise, if it is aligned, make sure the entire base 3124 * IPv6 header is in the first mbuf of the chain. 3125 */ 3126 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3127 struct ifnet *inifp = m->m_pkthdr.rcvif; 3128 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3129 (max_linkhdr + 3) & ~3)) == NULL) { 3130 /* XXXJRT new stat, please */ 3131 ip6stat.ip6s_toosmall++; 3132 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3133 goto bad; 3134 } 3135 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3136 struct ifnet *inifp = m->m_pkthdr.rcvif; 3137 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3138 ip6stat.ip6s_toosmall++; 3139 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3140 goto bad; 3141 } 3142 } 3143 3144 ip6 = mtod(m, struct ip6_hdr *); 3145 3146 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3147 ip6stat.ip6s_badvers++; 3148 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3149 goto bad; 3150 } 3151 3152 /* Checks out, proceed */ 3153 *mp = m; 3154 return (0); 3155 3156 bad: 3157 *mp = m; 3158 return (-1); 3159 } 3160 #endif /* INET6 */ 3161 3162 /* 3163 * bridge_fragment: 3164 * 3165 * Return a fragmented mbuf chain. 3166 */ 3167 static int 3168 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3169 int snap, struct llc *llc) 3170 { 3171 struct mbuf *m0; 3172 struct ip *ip; 3173 int error = -1; 3174 3175 if (m->m_len < sizeof(struct ip) && 3176 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3177 goto out; 3178 ip = mtod(m, struct ip *); 3179 3180 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3181 CSUM_DELAY_IP); 3182 if (error) 3183 goto out; 3184 3185 /* walk the chain and re-add the Ethernet header */ 3186 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3187 if (error == 0) { 3188 if (snap) { 3189 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3190 if (m0 == NULL) { 3191 error = ENOBUFS; 3192 continue; 3193 } 3194 bcopy(llc, mtod(m0, caddr_t), 3195 sizeof(struct llc)); 3196 } 3197 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3198 if (m0 == NULL) { 3199 error = ENOBUFS; 3200 continue; 3201 } 3202 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3203 } else 3204 m_freem(m); 3205 } 3206 3207 if (error == 0) 3208 ipstat.ips_fragmented++; 3209 3210 return (error); 3211 3212 out: 3213 if (m != NULL) 3214 m_freem(m); 3215 return (error); 3216 } 3217