1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/priv.h> 105 #include <sys/proc.h> 106 #include <sys/lock.h> 107 #include <sys/mutex.h> 108 109 #include <net/bpf.h> 110 #include <net/if.h> 111 #include <net/if_clone.h> 112 #include <net/if_dl.h> 113 #include <net/if_types.h> 114 #include <net/if_var.h> 115 #include <net/pfil.h> 116 117 #include <netinet/in.h> /* for struct arpcom */ 118 #include <netinet/in_systm.h> 119 #include <netinet/in_var.h> 120 #include <netinet/ip.h> 121 #include <netinet/ip_var.h> 122 #ifdef INET6 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 #endif 126 #ifdef DEV_CARP 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> /* for struct arpcom */ 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 135 #include <net/route.h> 136 #include <netinet/ip_fw.h> 137 #include <netinet/ip_dummynet.h> 138 139 /* 140 * Size of the route hash table. Must be a power of two. 141 */ 142 #ifndef BRIDGE_RTHASH_SIZE 143 #define BRIDGE_RTHASH_SIZE 1024 144 #endif 145 146 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 147 148 /* 149 * Maximum number of addresses to cache. 150 */ 151 #ifndef BRIDGE_RTABLE_MAX 152 #define BRIDGE_RTABLE_MAX 100 153 #endif 154 155 /* 156 * Timeout (in seconds) for entries learned dynamically. 157 */ 158 #ifndef BRIDGE_RTABLE_TIMEOUT 159 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 160 #endif 161 162 /* 163 * Number of seconds between walks of the route list. 164 */ 165 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 166 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 167 #endif 168 169 /* 170 * List of capabilities to mask on the member interface. 171 */ 172 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 173 174 /* 175 * Bridge interface list entry. 176 */ 177 struct bridge_iflist { 178 LIST_ENTRY(bridge_iflist) bif_next; 179 struct ifnet *bif_ifp; /* member if */ 180 struct bstp_port bif_stp; /* STP state */ 181 uint32_t bif_flags; /* member if flags */ 182 int bif_mutecap; /* member muted caps */ 183 }; 184 185 /* 186 * Bridge route node. 187 */ 188 struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct ifnet *brt_ifp; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195 }; 196 197 /* 198 * Software state for each bridge. 199 */ 200 struct bridge_softc { 201 struct ifnet *sc_ifp; /* make this an interface */ 202 LIST_ENTRY(bridge_softc) sc_list; 203 struct mtx sc_mtx; 204 struct cv sc_cv; 205 uint32_t sc_brtmax; /* max # of addresses */ 206 uint32_t sc_brtcnt; /* cur. # of addresses */ 207 uint32_t sc_brttimeout; /* rt timeout in seconds */ 208 struct callout sc_brcallout; /* bridge callout */ 209 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 210 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 211 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 212 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 213 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 214 uint32_t sc_rthash_key; /* key for hash */ 215 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 216 struct bstp_state sc_stp; /* STP state */ 217 uint32_t sc_brtexceeded; /* # of cache drops */ 218 }; 219 220 static struct mtx bridge_list_mtx; 221 eventhandler_tag bridge_detach_cookie = NULL; 222 223 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 224 225 uma_zone_t bridge_rtnode_zone; 226 227 static int bridge_clone_create(struct if_clone *, int, caddr_t); 228 static void bridge_clone_destroy(struct ifnet *); 229 230 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 231 static void bridge_mutecaps(struct bridge_iflist *, int); 232 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 233 static void bridge_init(void *); 234 static void bridge_dummynet(struct mbuf *, struct ifnet *); 235 static void bridge_stop(struct ifnet *, int); 236 static void bridge_start(struct ifnet *); 237 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 238 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 239 struct rtentry *); 240 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 241 struct mbuf *); 242 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 243 244 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 245 246 static void bridge_timer(void *); 247 248 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 249 struct mbuf *, int); 250 static void bridge_span(struct bridge_softc *, struct mbuf *); 251 252 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 253 struct bridge_iflist *, int, uint8_t); 254 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 255 static void bridge_rttrim(struct bridge_softc *); 256 static void bridge_rtage(struct bridge_softc *); 257 static void bridge_rtflush(struct bridge_softc *, int); 258 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 259 260 static int bridge_rtable_init(struct bridge_softc *); 261 static void bridge_rtable_fini(struct bridge_softc *); 262 263 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 264 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 265 const uint8_t *); 266 static int bridge_rtnode_insert(struct bridge_softc *, 267 struct bridge_rtnode *); 268 static void bridge_rtnode_destroy(struct bridge_softc *, 269 struct bridge_rtnode *); 270 static void bridge_rtable_expire(struct ifnet *, int); 271 static void bridge_state_change(struct ifnet *, int); 272 273 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 274 const char *name); 275 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 276 struct ifnet *ifp); 277 static void bridge_delete_member(struct bridge_softc *, 278 struct bridge_iflist *, int); 279 static void bridge_delete_span(struct bridge_softc *, 280 struct bridge_iflist *); 281 282 static int bridge_ioctl_add(struct bridge_softc *, void *); 283 static int bridge_ioctl_del(struct bridge_softc *, void *); 284 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 285 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 286 static int bridge_ioctl_scache(struct bridge_softc *, void *); 287 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 288 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 289 static int bridge_ioctl_rts(struct bridge_softc *, void *); 290 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 291 static int bridge_ioctl_sto(struct bridge_softc *, void *); 292 static int bridge_ioctl_gto(struct bridge_softc *, void *); 293 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 294 static int bridge_ioctl_flush(struct bridge_softc *, void *); 295 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 296 static int bridge_ioctl_spri(struct bridge_softc *, void *); 297 static int bridge_ioctl_ght(struct bridge_softc *, void *); 298 static int bridge_ioctl_sht(struct bridge_softc *, void *); 299 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 300 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 301 static int bridge_ioctl_gma(struct bridge_softc *, void *); 302 static int bridge_ioctl_sma(struct bridge_softc *, void *); 303 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 304 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 305 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 306 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 307 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 308 static int bridge_ioctl_grte(struct bridge_softc *, void *); 309 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 310 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 311 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 312 static int bridge_ioctl_sedge(struct bridge_softc *, void *); 313 static int bridge_ioctl_saedge(struct bridge_softc *, void *); 314 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 315 int); 316 static int bridge_ip_checkbasic(struct mbuf **mp); 317 #ifdef INET6 318 static int bridge_ip6_checkbasic(struct mbuf **mp); 319 #endif /* INET6 */ 320 static int bridge_fragment(struct ifnet *, struct mbuf *, 321 struct ether_header *, int, struct llc *); 322 323 SYSCTL_DECL(_net_link); 324 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 325 326 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 327 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 328 static int pfil_member = 1; /* run pfil hooks on the member interface */ 329 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 330 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 331 static int log_stp = 0; /* log STP state changes */ 332 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 333 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 334 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 335 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 336 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 337 &pfil_bridge, 0, "Packet filter on the bridge interface"); 338 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 339 &pfil_member, 0, "Packet filter on the member interface"); 340 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 341 &log_stp, 0, "Log STP state changes"); 342 343 struct bridge_control { 344 int (*bc_func)(struct bridge_softc *, void *); 345 int bc_argsize; 346 int bc_flags; 347 }; 348 349 #define BC_F_COPYIN 0x01 /* copy arguments in */ 350 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 351 #define BC_F_SUSER 0x04 /* do super-user check */ 352 353 const struct bridge_control bridge_control_table[] = { 354 { bridge_ioctl_add, sizeof(struct ifbreq), 355 BC_F_COPYIN|BC_F_SUSER }, 356 { bridge_ioctl_del, sizeof(struct ifbreq), 357 BC_F_COPYIN|BC_F_SUSER }, 358 359 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_COPYOUT }, 361 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 362 BC_F_COPYIN|BC_F_SUSER }, 363 364 { bridge_ioctl_scache, sizeof(struct ifbrparam), 365 BC_F_COPYIN|BC_F_SUSER }, 366 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 367 BC_F_COPYOUT }, 368 369 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 370 BC_F_COPYIN|BC_F_COPYOUT }, 371 { bridge_ioctl_rts, sizeof(struct ifbaconf), 372 BC_F_COPYIN|BC_F_COPYOUT }, 373 374 { bridge_ioctl_saddr, sizeof(struct ifbareq), 375 BC_F_COPYIN|BC_F_SUSER }, 376 377 { bridge_ioctl_sto, sizeof(struct ifbrparam), 378 BC_F_COPYIN|BC_F_SUSER }, 379 { bridge_ioctl_gto, sizeof(struct ifbrparam), 380 BC_F_COPYOUT }, 381 382 { bridge_ioctl_daddr, sizeof(struct ifbareq), 383 BC_F_COPYIN|BC_F_SUSER }, 384 385 { bridge_ioctl_flush, sizeof(struct ifbreq), 386 BC_F_COPYIN|BC_F_SUSER }, 387 388 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 389 BC_F_COPYOUT }, 390 { bridge_ioctl_spri, sizeof(struct ifbrparam), 391 BC_F_COPYIN|BC_F_SUSER }, 392 393 { bridge_ioctl_ght, sizeof(struct ifbrparam), 394 BC_F_COPYOUT }, 395 { bridge_ioctl_sht, sizeof(struct ifbrparam), 396 BC_F_COPYIN|BC_F_SUSER }, 397 398 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 399 BC_F_COPYOUT }, 400 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 401 BC_F_COPYIN|BC_F_SUSER }, 402 403 { bridge_ioctl_gma, sizeof(struct ifbrparam), 404 BC_F_COPYOUT }, 405 { bridge_ioctl_sma, sizeof(struct ifbrparam), 406 BC_F_COPYIN|BC_F_SUSER }, 407 408 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 409 BC_F_COPYIN|BC_F_SUSER }, 410 411 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_addspan, sizeof(struct ifbreq), 415 BC_F_COPYIN|BC_F_SUSER }, 416 { bridge_ioctl_delspan, sizeof(struct ifbreq), 417 BC_F_COPYIN|BC_F_SUSER }, 418 419 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 420 BC_F_COPYOUT }, 421 422 { bridge_ioctl_grte, sizeof(struct ifbrparam), 423 BC_F_COPYOUT }, 424 425 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 426 BC_F_COPYOUT }, 427 428 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 429 BC_F_COPYIN|BC_F_SUSER }, 430 431 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 432 BC_F_COPYIN|BC_F_SUSER }, 433 434 { bridge_ioctl_sedge, sizeof(struct ifbreq), 435 BC_F_COPYIN|BC_F_SUSER }, 436 437 { bridge_ioctl_saedge, sizeof(struct ifbreq), 438 BC_F_COPYIN|BC_F_SUSER }, 439 }; 440 const int bridge_control_table_size = 441 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 442 443 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 444 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 445 446 LIST_HEAD(, bridge_softc) bridge_list; 447 448 IFC_SIMPLE_DECLARE(bridge, 0); 449 450 static int 451 bridge_modevent(module_t mod, int type, void *data) 452 { 453 454 switch (type) { 455 case MOD_LOAD: 456 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 457 if_clone_attach(&bridge_cloner); 458 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 459 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 460 UMA_ALIGN_PTR, 0); 461 LIST_INIT(&bridge_list); 462 bridge_input_p = bridge_input; 463 bridge_output_p = bridge_output; 464 bridge_dn_p = bridge_dummynet; 465 bstp_linkstate_p = bstp_linkstate; 466 bridge_detach_cookie = EVENTHANDLER_REGISTER( 467 ifnet_departure_event, bridge_ifdetach, NULL, 468 EVENTHANDLER_PRI_ANY); 469 break; 470 case MOD_UNLOAD: 471 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 472 bridge_detach_cookie); 473 if_clone_detach(&bridge_cloner); 474 uma_zdestroy(bridge_rtnode_zone); 475 bridge_input_p = NULL; 476 bridge_output_p = NULL; 477 bridge_dn_p = NULL; 478 bstp_linkstate_p = NULL; 479 mtx_destroy(&bridge_list_mtx); 480 break; 481 default: 482 return (EOPNOTSUPP); 483 } 484 return (0); 485 } 486 487 static moduledata_t bridge_mod = { 488 "if_bridge", 489 bridge_modevent, 490 0 491 }; 492 493 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 494 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 495 496 /* 497 * handler for net.link.bridge.pfil_ipfw 498 */ 499 static int 500 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 501 { 502 int enable = pfil_ipfw; 503 int error; 504 505 error = sysctl_handle_int(oidp, &enable, 0, req); 506 enable = (enable) ? 1 : 0; 507 508 if (enable != pfil_ipfw) { 509 pfil_ipfw = enable; 510 511 /* 512 * Disable pfil so that ipfw doesnt run twice, if the user 513 * really wants both then they can re-enable pfil_bridge and/or 514 * pfil_member. Also allow non-ip packets as ipfw can filter by 515 * layer2 type. 516 */ 517 if (pfil_ipfw) { 518 pfil_onlyip = 0; 519 pfil_bridge = 0; 520 pfil_member = 0; 521 } 522 } 523 524 return (error); 525 } 526 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 527 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 528 529 /* 530 * bridge_clone_create: 531 * 532 * Create a new bridge instance. 533 */ 534 static int 535 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 536 { 537 struct bridge_softc *sc, *sc2; 538 struct ifnet *bifp, *ifp; 539 u_char eaddr[6]; 540 int retry; 541 542 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 543 BRIDGE_LOCK_INIT(sc); 544 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 545 if (ifp == NULL) { 546 free(sc, M_DEVBUF); 547 return (ENOSPC); 548 } 549 550 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 551 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 552 553 /* Initialize our routing table. */ 554 bridge_rtable_init(sc); 555 556 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 557 558 LIST_INIT(&sc->sc_iflist); 559 LIST_INIT(&sc->sc_spanlist); 560 561 ifp->if_softc = sc; 562 if_initname(ifp, ifc->ifc_name, unit); 563 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 564 ifp->if_ioctl = bridge_ioctl; 565 ifp->if_start = bridge_start; 566 ifp->if_init = bridge_init; 567 ifp->if_type = IFT_BRIDGE; 568 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 569 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 570 IFQ_SET_READY(&ifp->if_snd); 571 572 /* 573 * Generate a random ethernet address with a locally administered 574 * address. 575 * 576 * Since we are using random ethernet addresses for the bridge, it is 577 * possible that we might have address collisions, so make sure that 578 * this hardware address isn't already in use on another bridge. 579 */ 580 for (retry = 1; retry != 0;) { 581 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 582 eaddr[0] &= ~1; /* clear multicast bit */ 583 eaddr[0] |= 2; /* set the LAA bit */ 584 retry = 0; 585 mtx_lock(&bridge_list_mtx); 586 LIST_FOREACH(sc2, &bridge_list, sc_list) { 587 bifp = sc2->sc_ifp; 588 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 589 retry = 1; 590 } 591 mtx_unlock(&bridge_list_mtx); 592 } 593 594 bstp_attach(&sc->sc_stp, bridge_state_change, bridge_rtable_expire); 595 ether_ifattach(ifp, eaddr); 596 /* Now undo some of the damage... */ 597 ifp->if_baudrate = 0; 598 ifp->if_type = IFT_BRIDGE; 599 600 mtx_lock(&bridge_list_mtx); 601 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 602 mtx_unlock(&bridge_list_mtx); 603 604 return (0); 605 } 606 607 /* 608 * bridge_clone_destroy: 609 * 610 * Destroy a bridge instance. 611 */ 612 static void 613 bridge_clone_destroy(struct ifnet *ifp) 614 { 615 struct bridge_softc *sc = ifp->if_softc; 616 struct bridge_iflist *bif; 617 618 BRIDGE_LOCK(sc); 619 620 bridge_stop(ifp, 1); 621 ifp->if_flags &= ~IFF_UP; 622 623 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 624 bridge_delete_member(sc, bif, 0); 625 626 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 627 bridge_delete_span(sc, bif); 628 } 629 630 BRIDGE_UNLOCK(sc); 631 632 callout_drain(&sc->sc_brcallout); 633 634 mtx_lock(&bridge_list_mtx); 635 LIST_REMOVE(sc, sc_list); 636 mtx_unlock(&bridge_list_mtx); 637 638 bstp_detach(&sc->sc_stp); 639 ether_ifdetach(ifp); 640 if_free_type(ifp, IFT_ETHER); 641 642 /* Tear down the routing table. */ 643 bridge_rtable_fini(sc); 644 645 BRIDGE_LOCK_DESTROY(sc); 646 free(sc, M_DEVBUF); 647 } 648 649 /* 650 * bridge_ioctl: 651 * 652 * Handle a control request from the operator. 653 */ 654 static int 655 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 656 { 657 struct bridge_softc *sc = ifp->if_softc; 658 struct thread *td = curthread; 659 union { 660 struct ifbreq ifbreq; 661 struct ifbifconf ifbifconf; 662 struct ifbareq ifbareq; 663 struct ifbaconf ifbaconf; 664 struct ifbrparam ifbrparam; 665 } args; 666 struct ifdrv *ifd = (struct ifdrv *) data; 667 const struct bridge_control *bc; 668 int error = 0; 669 670 BRIDGE_LOCK(sc); 671 672 switch (cmd) { 673 674 case SIOCADDMULTI: 675 case SIOCDELMULTI: 676 break; 677 678 case SIOCGDRVSPEC: 679 case SIOCSDRVSPEC: 680 if (ifd->ifd_cmd >= bridge_control_table_size) { 681 error = EINVAL; 682 break; 683 } 684 bc = &bridge_control_table[ifd->ifd_cmd]; 685 686 if (cmd == SIOCGDRVSPEC && 687 (bc->bc_flags & BC_F_COPYOUT) == 0) { 688 error = EINVAL; 689 break; 690 } 691 else if (cmd == SIOCSDRVSPEC && 692 (bc->bc_flags & BC_F_COPYOUT) != 0) { 693 error = EINVAL; 694 break; 695 } 696 697 if (bc->bc_flags & BC_F_SUSER) { 698 error = priv_check(td, PRIV_NET_BRIDGE); 699 if (error) 700 break; 701 } 702 703 if (ifd->ifd_len != bc->bc_argsize || 704 ifd->ifd_len > sizeof(args)) { 705 error = EINVAL; 706 break; 707 } 708 709 bzero(&args, sizeof(args)); 710 if (bc->bc_flags & BC_F_COPYIN) { 711 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 712 if (error) 713 break; 714 } 715 716 error = (*bc->bc_func)(sc, &args); 717 if (error) 718 break; 719 720 if (bc->bc_flags & BC_F_COPYOUT) 721 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 722 723 break; 724 725 case SIOCSIFFLAGS: 726 if (!(ifp->if_flags & IFF_UP) && 727 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 728 /* 729 * If interface is marked down and it is running, 730 * then stop and disable it. 731 */ 732 bridge_stop(ifp, 1); 733 } else if ((ifp->if_flags & IFF_UP) && 734 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 735 /* 736 * If interface is marked up and it is stopped, then 737 * start it. 738 */ 739 BRIDGE_UNLOCK(sc); 740 (*ifp->if_init)(sc); 741 } 742 break; 743 744 case SIOCSIFMTU: 745 /* Do not allow the MTU to be changed on the bridge */ 746 error = EINVAL; 747 break; 748 749 default: 750 /* 751 * drop the lock as ether_ioctl() will call bridge_start() and 752 * cause the lock to be recursed. 753 */ 754 BRIDGE_UNLOCK(sc); 755 error = ether_ioctl(ifp, cmd, data); 756 break; 757 } 758 759 if (BRIDGE_LOCKED(sc)) 760 BRIDGE_UNLOCK(sc); 761 762 return (error); 763 } 764 765 /* 766 * bridge_mutecaps: 767 * 768 * Clear or restore unwanted capabilities on the member interface 769 */ 770 static void 771 bridge_mutecaps(struct bridge_iflist *bif, int mute) 772 { 773 struct ifnet *ifp = bif->bif_ifp; 774 struct ifreq ifr; 775 int error; 776 777 if (ifp->if_ioctl == NULL) 778 return; 779 780 bzero(&ifr, sizeof(ifr)); 781 ifr.ifr_reqcap = ifp->if_capenable; 782 783 if (mute) { 784 /* mask off and save capabilities */ 785 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 786 if (bif->bif_mutecap != 0) 787 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 788 } else 789 /* restore muted capabilities */ 790 ifr.ifr_reqcap |= bif->bif_mutecap; 791 792 793 if (bif->bif_mutecap != 0) { 794 IFF_LOCKGIANT(ifp); 795 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 796 IFF_UNLOCKGIANT(ifp); 797 } 798 } 799 800 /* 801 * bridge_lookup_member: 802 * 803 * Lookup a bridge member interface. 804 */ 805 static struct bridge_iflist * 806 bridge_lookup_member(struct bridge_softc *sc, const char *name) 807 { 808 struct bridge_iflist *bif; 809 struct ifnet *ifp; 810 811 BRIDGE_LOCK_ASSERT(sc); 812 813 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 814 ifp = bif->bif_ifp; 815 if (strcmp(ifp->if_xname, name) == 0) 816 return (bif); 817 } 818 819 return (NULL); 820 } 821 822 /* 823 * bridge_lookup_member_if: 824 * 825 * Lookup a bridge member interface by ifnet*. 826 */ 827 static struct bridge_iflist * 828 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 829 { 830 struct bridge_iflist *bif; 831 832 BRIDGE_LOCK_ASSERT(sc); 833 834 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 835 if (bif->bif_ifp == member_ifp) 836 return (bif); 837 } 838 839 return (NULL); 840 } 841 842 /* 843 * bridge_delete_member: 844 * 845 * Delete the specified member interface. 846 */ 847 static void 848 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 849 int gone) 850 { 851 struct ifnet *ifs = bif->bif_ifp; 852 853 BRIDGE_LOCK_ASSERT(sc); 854 855 if (!gone) { 856 switch (ifs->if_type) { 857 case IFT_ETHER: 858 case IFT_L2VLAN: 859 /* 860 * Take the interface out of promiscuous mode. 861 */ 862 (void) ifpromisc(ifs, 0); 863 bridge_mutecaps(bif, 0); 864 break; 865 866 case IFT_GIF: 867 break; 868 869 default: 870 #ifdef DIAGNOSTIC 871 panic("bridge_delete_member: impossible"); 872 #endif 873 break; 874 } 875 } 876 877 if (bif->bif_flags & IFBIF_STP) 878 bstp_delete(&bif->bif_stp); 879 880 ifs->if_bridge = NULL; 881 BRIDGE_XLOCK(sc); 882 LIST_REMOVE(bif, bif_next); 883 BRIDGE_XDROP(sc); 884 885 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 886 887 BRIDGE_UNLOCK(sc); 888 bstp_drain(&bif->bif_stp); /* prepare to free */ 889 BRIDGE_LOCK(sc); 890 free(bif, M_DEVBUF); 891 } 892 893 /* 894 * bridge_delete_span: 895 * 896 * Delete the specified span interface. 897 */ 898 static void 899 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 900 { 901 BRIDGE_LOCK_ASSERT(sc); 902 903 KASSERT(bif->bif_ifp->if_bridge == NULL, 904 ("%s: not a span interface", __func__)); 905 906 LIST_REMOVE(bif, bif_next); 907 free(bif, M_DEVBUF); 908 } 909 910 static int 911 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 912 { 913 struct ifbreq *req = arg; 914 struct bridge_iflist *bif = NULL; 915 struct ifnet *ifs; 916 int error = 0; 917 918 ifs = ifunit(req->ifbr_ifsname); 919 if (ifs == NULL) 920 return (ENOENT); 921 922 /* If it's in the span list, it can't be a member. */ 923 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 924 if (ifs == bif->bif_ifp) 925 return (EBUSY); 926 927 /* Allow the first Ethernet member to define the MTU */ 928 if (ifs->if_type != IFT_GIF) { 929 if (LIST_EMPTY(&sc->sc_iflist)) 930 sc->sc_ifp->if_mtu = ifs->if_mtu; 931 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 932 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 933 ifs->if_xname); 934 return (EINVAL); 935 } 936 } 937 938 if (ifs->if_bridge == sc) 939 return (EEXIST); 940 941 if (ifs->if_bridge != NULL) 942 return (EBUSY); 943 944 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 945 if (bif == NULL) 946 return (ENOMEM); 947 948 bif->bif_ifp = ifs; 949 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 950 951 switch (ifs->if_type) { 952 case IFT_ETHER: 953 case IFT_L2VLAN: 954 /* 955 * Place the interface into promiscuous mode. 956 */ 957 error = ifpromisc(ifs, 1); 958 if (error) 959 goto out; 960 961 bridge_mutecaps(bif, 1); 962 break; 963 964 case IFT_GIF: 965 break; 966 967 default: 968 error = EINVAL; 969 goto out; 970 } 971 972 ifs->if_bridge = sc; 973 /* 974 * XXX: XLOCK HERE!?! 975 * 976 * NOTE: insert_***HEAD*** should be safe for the traversals. 977 */ 978 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 979 980 out: 981 if (error) { 982 if (bif != NULL) 983 free(bif, M_DEVBUF); 984 } 985 return (error); 986 } 987 988 static int 989 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 990 { 991 struct ifbreq *req = arg; 992 struct bridge_iflist *bif; 993 994 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 995 if (bif == NULL) 996 return (ENOENT); 997 998 bridge_delete_member(sc, bif, 0); 999 1000 return (0); 1001 } 1002 1003 static int 1004 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1005 { 1006 struct ifbreq *req = arg; 1007 struct bridge_iflist *bif; 1008 struct bstp_port *bp; 1009 1010 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1011 if (bif == NULL) 1012 return (ENOENT); 1013 1014 bp = &bif->bif_stp; 1015 req->ifbr_ifsflags = bif->bif_flags; 1016 req->ifbr_state = bp->bp_state; 1017 req->ifbr_priority = bp->bp_priority; 1018 req->ifbr_path_cost = bp->bp_path_cost; 1019 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1020 req->ifbr_proto = bp->bp_protover; 1021 req->ifbr_role = bp->bp_role; 1022 req->ifbr_stpflags = bp->bp_flags; 1023 req->ifbr_edge = bp->bp_operedge; 1024 req->ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1 : 0; 1025 req->ifbr_p2p = bp->bp_p2p_link; 1026 1027 return (0); 1028 } 1029 1030 static int 1031 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1032 { 1033 struct ifbreq *req = arg; 1034 struct bridge_iflist *bif; 1035 int error; 1036 1037 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1038 if (bif == NULL) 1039 return (ENOENT); 1040 1041 if (req->ifbr_ifsflags & IFBIF_SPAN) 1042 /* SPAN is readonly */ 1043 return (EINVAL); 1044 1045 if (req->ifbr_ifsflags & IFBIF_STP) { 1046 if ((bif->bif_flags & IFBIF_STP) == 0) { 1047 error = bstp_add(&sc->sc_stp, &bif->bif_stp, 1048 bif->bif_ifp); 1049 if (error) 1050 return (error); 1051 } 1052 } else { 1053 if ((bif->bif_flags & IFBIF_STP) != 0) 1054 bstp_delete(&bif->bif_stp); 1055 } 1056 1057 bif->bif_flags = req->ifbr_ifsflags; 1058 1059 return (0); 1060 } 1061 1062 static int 1063 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1064 { 1065 struct ifbrparam *param = arg; 1066 1067 sc->sc_brtmax = param->ifbrp_csize; 1068 bridge_rttrim(sc); 1069 1070 return (0); 1071 } 1072 1073 static int 1074 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1075 { 1076 struct ifbrparam *param = arg; 1077 1078 param->ifbrp_csize = sc->sc_brtmax; 1079 1080 return (0); 1081 } 1082 1083 static int 1084 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1085 { 1086 struct ifbifconf *bifc = arg; 1087 struct bridge_iflist *bif; 1088 struct bstp_port *bp; 1089 struct ifbreq breq; 1090 int count, len, error = 0; 1091 1092 count = 0; 1093 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1094 count++; 1095 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1096 count++; 1097 1098 if (bifc->ifbic_len == 0) { 1099 bifc->ifbic_len = sizeof(breq) * count; 1100 return (0); 1101 } 1102 1103 count = 0; 1104 len = bifc->ifbic_len; 1105 bzero(&breq, sizeof(breq)); 1106 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1107 if (len < sizeof(breq)) 1108 break; 1109 1110 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1111 sizeof(breq.ifbr_ifsname)); 1112 bp = &bif->bif_stp; 1113 breq.ifbr_ifsflags = bif->bif_flags; 1114 breq.ifbr_state = bp->bp_state; 1115 breq.ifbr_priority = bp->bp_priority; 1116 breq.ifbr_path_cost = bp->bp_path_cost; 1117 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1118 breq.ifbr_proto = bp->bp_protover; 1119 breq.ifbr_role = bp->bp_role; 1120 breq.ifbr_stpflags = bp->bp_flags; 1121 breq.ifbr_edge = bp->bp_operedge; 1122 breq.ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1:0; 1123 breq.ifbr_p2p = bp->bp_p2p_link; 1124 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1125 if (error) 1126 break; 1127 count++; 1128 len -= sizeof(breq); 1129 } 1130 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1131 if (len < sizeof(breq)) 1132 break; 1133 1134 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1135 sizeof(breq.ifbr_ifsname)); 1136 breq.ifbr_ifsflags = bif->bif_flags; 1137 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1138 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1139 if (error) 1140 break; 1141 count++; 1142 len -= sizeof(breq); 1143 } 1144 1145 bifc->ifbic_len = sizeof(breq) * count; 1146 return (error); 1147 } 1148 1149 static int 1150 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1151 { 1152 struct ifbaconf *bac = arg; 1153 struct bridge_rtnode *brt; 1154 struct ifbareq bareq; 1155 int count = 0, error = 0, len; 1156 1157 if (bac->ifbac_len == 0) 1158 return (0); 1159 1160 len = bac->ifbac_len; 1161 bzero(&bareq, sizeof(bareq)); 1162 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1163 if (len < sizeof(bareq)) 1164 goto out; 1165 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1166 sizeof(bareq.ifba_ifsname)); 1167 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1168 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1169 time_uptime < brt->brt_expire) 1170 bareq.ifba_expire = brt->brt_expire - time_uptime; 1171 else 1172 bareq.ifba_expire = 0; 1173 bareq.ifba_flags = brt->brt_flags; 1174 1175 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1176 if (error) 1177 goto out; 1178 count++; 1179 len -= sizeof(bareq); 1180 } 1181 out: 1182 bac->ifbac_len = sizeof(bareq) * count; 1183 return (error); 1184 } 1185 1186 static int 1187 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1188 { 1189 struct ifbareq *req = arg; 1190 struct bridge_iflist *bif; 1191 int error; 1192 1193 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1194 if (bif == NULL) 1195 return (ENOENT); 1196 1197 error = bridge_rtupdate(sc, req->ifba_dst, bif, 1, 1198 req->ifba_flags); 1199 1200 return (error); 1201 } 1202 1203 static int 1204 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1205 { 1206 struct ifbrparam *param = arg; 1207 1208 sc->sc_brttimeout = param->ifbrp_ctime; 1209 return (0); 1210 } 1211 1212 static int 1213 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1214 { 1215 struct ifbrparam *param = arg; 1216 1217 param->ifbrp_ctime = sc->sc_brttimeout; 1218 return (0); 1219 } 1220 1221 static int 1222 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1223 { 1224 struct ifbareq *req = arg; 1225 1226 return (bridge_rtdaddr(sc, req->ifba_dst)); 1227 } 1228 1229 static int 1230 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1231 { 1232 struct ifbreq *req = arg; 1233 1234 bridge_rtflush(sc, req->ifbr_ifsflags); 1235 return (0); 1236 } 1237 1238 static int 1239 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1240 { 1241 struct ifbrparam *param = arg; 1242 struct bstp_state *bs = &sc->sc_stp; 1243 1244 param->ifbrp_prio = bs->bs_bridge_priority; 1245 return (0); 1246 } 1247 1248 static int 1249 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1250 { 1251 struct ifbrparam *param = arg; 1252 1253 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1254 } 1255 1256 static int 1257 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1258 { 1259 struct ifbrparam *param = arg; 1260 struct bstp_state *bs = &sc->sc_stp; 1261 1262 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1263 return (0); 1264 } 1265 1266 static int 1267 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1268 { 1269 struct ifbrparam *param = arg; 1270 1271 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1272 } 1273 1274 static int 1275 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1276 { 1277 struct ifbrparam *param = arg; 1278 struct bstp_state *bs = &sc->sc_stp; 1279 1280 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1281 return (0); 1282 } 1283 1284 static int 1285 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1286 { 1287 struct ifbrparam *param = arg; 1288 1289 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1290 } 1291 1292 static int 1293 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1294 { 1295 struct ifbrparam *param = arg; 1296 struct bstp_state *bs = &sc->sc_stp; 1297 1298 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1299 return (0); 1300 } 1301 1302 static int 1303 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1304 { 1305 struct ifbrparam *param = arg; 1306 1307 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1308 } 1309 1310 static int 1311 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1312 { 1313 struct ifbreq *req = arg; 1314 struct bridge_iflist *bif; 1315 1316 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1317 if (bif == NULL) 1318 return (ENOENT); 1319 1320 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1321 } 1322 1323 static int 1324 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1325 { 1326 struct ifbreq *req = arg; 1327 struct bridge_iflist *bif; 1328 1329 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1330 if (bif == NULL) 1331 return (ENOENT); 1332 1333 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1334 } 1335 1336 static int 1337 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1338 { 1339 struct ifbreq *req = arg; 1340 struct bridge_iflist *bif = NULL; 1341 struct ifnet *ifs; 1342 1343 ifs = ifunit(req->ifbr_ifsname); 1344 if (ifs == NULL) 1345 return (ENOENT); 1346 1347 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1348 if (ifs == bif->bif_ifp) 1349 return (EBUSY); 1350 1351 if (ifs->if_bridge != NULL) 1352 return (EBUSY); 1353 1354 switch (ifs->if_type) { 1355 case IFT_ETHER: 1356 case IFT_GIF: 1357 case IFT_L2VLAN: 1358 break; 1359 default: 1360 return (EINVAL); 1361 } 1362 1363 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1364 if (bif == NULL) 1365 return (ENOMEM); 1366 1367 bif->bif_ifp = ifs; 1368 bif->bif_flags = IFBIF_SPAN; 1369 1370 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1371 1372 return (0); 1373 } 1374 1375 static int 1376 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1377 { 1378 struct ifbreq *req = arg; 1379 struct bridge_iflist *bif; 1380 struct ifnet *ifs; 1381 1382 ifs = ifunit(req->ifbr_ifsname); 1383 if (ifs == NULL) 1384 return (ENOENT); 1385 1386 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1387 if (ifs == bif->bif_ifp) 1388 break; 1389 1390 if (bif == NULL) 1391 return (ENOENT); 1392 1393 bridge_delete_span(sc, bif); 1394 1395 return (0); 1396 } 1397 1398 static int 1399 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1400 { 1401 struct ifbropreq *req = arg; 1402 struct bstp_state *bs = &sc->sc_stp; 1403 struct bstp_port *root_port; 1404 1405 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1406 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1407 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1408 1409 root_port = bs->bs_root_port; 1410 if (root_port == NULL) 1411 req->ifbop_root_port = 0; 1412 else 1413 req->ifbop_root_port = root_port->bp_ifp->if_index; 1414 1415 req->ifbop_holdcount = bs->bs_txholdcount; 1416 req->ifbop_priority = bs->bs_bridge_priority; 1417 req->ifbop_protocol = bs->bs_protover; 1418 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1419 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1420 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1421 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1422 1423 return (0); 1424 } 1425 1426 static int 1427 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1428 { 1429 struct ifbrparam *param = arg; 1430 1431 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1432 return (0); 1433 } 1434 1435 static int 1436 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1437 { 1438 struct ifbpstpconf *bifstp = arg; 1439 struct bridge_iflist *bif; 1440 struct bstp_port *bp; 1441 struct ifbpstpreq bpreq; 1442 int count, len, error = 0; 1443 1444 count = 0; 1445 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1446 if ((bif->bif_flags & IFBIF_STP) != 0) 1447 count++; 1448 } 1449 1450 if (bifstp->ifbpstp_len == 0) { 1451 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1452 return (0); 1453 } 1454 1455 count = 0; 1456 len = bifstp->ifbpstp_len; 1457 bzero(&bpreq, sizeof(bpreq)); 1458 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1459 if (len < sizeof(bpreq)) 1460 break; 1461 1462 if ((bif->bif_flags & IFBIF_STP) == 0) 1463 continue; 1464 1465 bp = &bif->bif_stp; 1466 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1467 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1468 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1469 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1470 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1471 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1472 1473 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1474 sizeof(bpreq)); 1475 if (error != 0) 1476 break; 1477 1478 count++; 1479 len -= sizeof(bpreq); 1480 } 1481 1482 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1483 return (error); 1484 } 1485 1486 static int 1487 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1488 { 1489 struct ifbrparam *param = arg; 1490 1491 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1492 } 1493 1494 static int 1495 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1496 { 1497 struct ifbrparam *param = arg; 1498 1499 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1500 } 1501 1502 static int 1503 bridge_ioctl_sedge(struct bridge_softc *sc, void *arg) 1504 { 1505 struct ifbreq *req = arg; 1506 struct bridge_iflist *bif; 1507 1508 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1509 if (bif == NULL) 1510 return (ENOENT); 1511 1512 return (bstp_set_edge(&bif->bif_stp, req->ifbr_edge)); 1513 } 1514 1515 static int 1516 bridge_ioctl_saedge(struct bridge_softc *sc, void *arg) 1517 { 1518 struct ifbreq *req = arg; 1519 struct bridge_iflist *bif; 1520 1521 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1522 if (bif == NULL) 1523 return (ENOENT); 1524 1525 return (bstp_set_autoedge(&bif->bif_stp, req->ifbr_autoedge)); 1526 } 1527 1528 /* 1529 * bridge_ifdetach: 1530 * 1531 * Detach an interface from a bridge. Called when a member 1532 * interface is detaching. 1533 */ 1534 static void 1535 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1536 { 1537 struct bridge_softc *sc = ifp->if_bridge; 1538 struct bridge_iflist *bif; 1539 1540 /* Check if the interface is a bridge member */ 1541 if (sc != NULL) { 1542 BRIDGE_LOCK(sc); 1543 1544 bif = bridge_lookup_member_if(sc, ifp); 1545 if (bif != NULL) 1546 bridge_delete_member(sc, bif, 1); 1547 1548 BRIDGE_UNLOCK(sc); 1549 return; 1550 } 1551 1552 /* Check if the interface is a span port */ 1553 mtx_lock(&bridge_list_mtx); 1554 LIST_FOREACH(sc, &bridge_list, sc_list) { 1555 BRIDGE_LOCK(sc); 1556 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1557 if (ifp == bif->bif_ifp) { 1558 bridge_delete_span(sc, bif); 1559 break; 1560 } 1561 1562 BRIDGE_UNLOCK(sc); 1563 } 1564 mtx_unlock(&bridge_list_mtx); 1565 } 1566 1567 /* 1568 * bridge_init: 1569 * 1570 * Initialize a bridge interface. 1571 */ 1572 static void 1573 bridge_init(void *xsc) 1574 { 1575 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1576 struct ifnet *ifp = sc->sc_ifp; 1577 1578 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1579 return; 1580 1581 BRIDGE_LOCK(sc); 1582 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1583 bridge_timer, sc); 1584 1585 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1586 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1587 1588 BRIDGE_UNLOCK(sc); 1589 } 1590 1591 /* 1592 * bridge_stop: 1593 * 1594 * Stop the bridge interface. 1595 */ 1596 static void 1597 bridge_stop(struct ifnet *ifp, int disable) 1598 { 1599 struct bridge_softc *sc = ifp->if_softc; 1600 1601 BRIDGE_LOCK_ASSERT(sc); 1602 1603 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1604 return; 1605 1606 callout_stop(&sc->sc_brcallout); 1607 bstp_stop(&sc->sc_stp); 1608 1609 bridge_rtflush(sc, IFBF_FLUSHDYN); 1610 1611 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1612 } 1613 1614 /* 1615 * bridge_enqueue: 1616 * 1617 * Enqueue a packet on a bridge member interface. 1618 * 1619 */ 1620 static void 1621 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1622 { 1623 int len, err = 0; 1624 short mflags; 1625 struct mbuf *m0; 1626 1627 len = m->m_pkthdr.len; 1628 mflags = m->m_flags; 1629 1630 /* We may be sending a fragment so traverse the mbuf */ 1631 for (; m; m = m0) { 1632 m0 = m->m_nextpkt; 1633 m->m_nextpkt = NULL; 1634 1635 if (err == 0) 1636 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1637 } 1638 1639 if (err == 0) { 1640 1641 sc->sc_ifp->if_opackets++; 1642 sc->sc_ifp->if_obytes += len; 1643 1644 dst_ifp->if_obytes += len; 1645 1646 if (mflags & M_MCAST) { 1647 sc->sc_ifp->if_omcasts++; 1648 dst_ifp->if_omcasts++; 1649 } 1650 } 1651 1652 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1653 (*dst_ifp->if_start)(dst_ifp); 1654 } 1655 1656 /* 1657 * bridge_dummynet: 1658 * 1659 * Receive a queued packet from dummynet and pass it on to the output 1660 * interface. 1661 * 1662 * The mbuf has the Ethernet header already attached. 1663 */ 1664 static void 1665 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1666 { 1667 struct bridge_softc *sc; 1668 1669 sc = ifp->if_bridge; 1670 1671 /* 1672 * The packet didnt originate from a member interface. This should only 1673 * ever happen if a member interface is removed while packets are 1674 * queued for it. 1675 */ 1676 if (sc == NULL) { 1677 m_freem(m); 1678 return; 1679 } 1680 1681 if (PFIL_HOOKED(&inet_pfil_hook) 1682 #ifdef INET6 1683 || PFIL_HOOKED(&inet6_pfil_hook) 1684 #endif 1685 ) { 1686 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1687 return; 1688 if (m == NULL) 1689 return; 1690 } 1691 1692 bridge_enqueue(sc, ifp, m); 1693 } 1694 1695 /* 1696 * bridge_output: 1697 * 1698 * Send output from a bridge member interface. This 1699 * performs the bridging function for locally originated 1700 * packets. 1701 * 1702 * The mbuf has the Ethernet header already attached. We must 1703 * enqueue or free the mbuf before returning. 1704 */ 1705 static int 1706 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1707 struct rtentry *rt) 1708 { 1709 struct ether_header *eh; 1710 struct ifnet *dst_if; 1711 struct bridge_softc *sc; 1712 1713 if (m->m_len < ETHER_HDR_LEN) { 1714 m = m_pullup(m, ETHER_HDR_LEN); 1715 if (m == NULL) 1716 return (0); 1717 } 1718 1719 eh = mtod(m, struct ether_header *); 1720 sc = ifp->if_bridge; 1721 1722 BRIDGE_LOCK(sc); 1723 1724 /* 1725 * If bridge is down, but the original output interface is up, 1726 * go ahead and send out that interface. Otherwise, the packet 1727 * is dropped below. 1728 */ 1729 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1730 dst_if = ifp; 1731 goto sendunicast; 1732 } 1733 1734 /* 1735 * If the packet is a multicast, or we don't know a better way to 1736 * get there, send to all interfaces. 1737 */ 1738 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1739 dst_if = NULL; 1740 else 1741 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1742 if (dst_if == NULL) { 1743 struct bridge_iflist *bif; 1744 struct mbuf *mc; 1745 int error = 0, used = 0; 1746 1747 bridge_span(sc, m); 1748 1749 BRIDGE_LOCK2REF(sc, error); 1750 if (error) { 1751 m_freem(m); 1752 return (0); 1753 } 1754 1755 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1756 dst_if = bif->bif_ifp; 1757 1758 if (dst_if->if_type == IFT_GIF) 1759 continue; 1760 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1761 continue; 1762 1763 /* 1764 * If this is not the original output interface, 1765 * and the interface is participating in spanning 1766 * tree, make sure the port is in a state that 1767 * allows forwarding. 1768 */ 1769 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1770 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1771 continue; 1772 1773 if (LIST_NEXT(bif, bif_next) == NULL) { 1774 used = 1; 1775 mc = m; 1776 } else { 1777 mc = m_copypacket(m, M_DONTWAIT); 1778 if (mc == NULL) { 1779 sc->sc_ifp->if_oerrors++; 1780 continue; 1781 } 1782 } 1783 1784 bridge_enqueue(sc, dst_if, mc); 1785 } 1786 if (used == 0) 1787 m_freem(m); 1788 BRIDGE_UNREF(sc); 1789 return (0); 1790 } 1791 1792 sendunicast: 1793 /* 1794 * XXX Spanning tree consideration here? 1795 */ 1796 1797 bridge_span(sc, m); 1798 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1799 m_freem(m); 1800 BRIDGE_UNLOCK(sc); 1801 return (0); 1802 } 1803 1804 BRIDGE_UNLOCK(sc); 1805 bridge_enqueue(sc, dst_if, m); 1806 return (0); 1807 } 1808 1809 /* 1810 * bridge_start: 1811 * 1812 * Start output on a bridge. 1813 * 1814 */ 1815 static void 1816 bridge_start(struct ifnet *ifp) 1817 { 1818 struct bridge_softc *sc; 1819 struct mbuf *m; 1820 struct ether_header *eh; 1821 struct ifnet *dst_if; 1822 1823 sc = ifp->if_softc; 1824 1825 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1826 for (;;) { 1827 IFQ_DEQUEUE(&ifp->if_snd, m); 1828 if (m == 0) 1829 break; 1830 BPF_MTAP(ifp, m); 1831 1832 eh = mtod(m, struct ether_header *); 1833 dst_if = NULL; 1834 1835 BRIDGE_LOCK(sc); 1836 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1837 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1838 } 1839 1840 if (dst_if == NULL) 1841 bridge_broadcast(sc, ifp, m, 0); 1842 else { 1843 BRIDGE_UNLOCK(sc); 1844 bridge_enqueue(sc, dst_if, m); 1845 } 1846 } 1847 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1848 } 1849 1850 /* 1851 * bridge_forward: 1852 * 1853 * The forwarding function of the bridge. 1854 * 1855 * NOTE: Releases the lock on return. 1856 */ 1857 static void 1858 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1859 { 1860 struct bridge_iflist *bif; 1861 struct ifnet *src_if, *dst_if, *ifp; 1862 struct ether_header *eh; 1863 1864 src_if = m->m_pkthdr.rcvif; 1865 ifp = sc->sc_ifp; 1866 1867 sc->sc_ifp->if_ipackets++; 1868 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1869 1870 /* 1871 * Look up the bridge_iflist. 1872 */ 1873 bif = bridge_lookup_member_if(sc, src_if); 1874 if (bif == NULL) { 1875 /* Interface is not a bridge member (anymore?) */ 1876 BRIDGE_UNLOCK(sc); 1877 m_freem(m); 1878 return; 1879 } 1880 1881 if ((bif->bif_flags & IFBIF_STP) && 1882 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1883 BRIDGE_UNLOCK(sc); 1884 m_freem(m); 1885 return; 1886 } 1887 1888 eh = mtod(m, struct ether_header *); 1889 1890 /* 1891 * If the interface is learning, and the source 1892 * address is valid and not multicast, record 1893 * the address. 1894 */ 1895 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1896 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1897 (eh->ether_shost[0] == 0 && 1898 eh->ether_shost[1] == 0 && 1899 eh->ether_shost[2] == 0 && 1900 eh->ether_shost[3] == 0 && 1901 eh->ether_shost[4] == 0 && 1902 eh->ether_shost[5] == 0) == 0) { 1903 (void) bridge_rtupdate(sc, eh->ether_shost, 1904 bif, 0, IFBAF_DYNAMIC); 1905 } 1906 1907 if ((bif->bif_flags & IFBIF_STP) != 0 && 1908 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1909 m_freem(m); 1910 BRIDGE_UNLOCK(sc); 1911 return; 1912 } 1913 1914 /* 1915 * At this point, the port either doesn't participate 1916 * in spanning tree or it is in the forwarding state. 1917 */ 1918 1919 /* 1920 * If the packet is unicast, destined for someone on 1921 * "this" side of the bridge, drop it. 1922 */ 1923 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1924 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1925 if (src_if == dst_if) { 1926 BRIDGE_UNLOCK(sc); 1927 m_freem(m); 1928 return; 1929 } 1930 } else { 1931 /* ...forward it to all interfaces. */ 1932 sc->sc_ifp->if_imcasts++; 1933 dst_if = NULL; 1934 } 1935 1936 /* 1937 * If we have a destination interface which is a member of our bridge, 1938 * OR this is a unicast packet, push it through the bpf(4) machinery. 1939 * For broadcast or multicast packets, don't bother because it will 1940 * be reinjected into ether_input. We do this before we pass the packets 1941 * through the pfil(9) framework, as it is possible that pfil(9) will 1942 * drop the packet, or possibly modify it, making it difficult to debug 1943 * firewall issues on the bridge. 1944 */ 1945 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1946 BPF_MTAP(ifp, m); 1947 1948 /* run the packet filter */ 1949 if (PFIL_HOOKED(&inet_pfil_hook) 1950 #ifdef INET6 1951 || PFIL_HOOKED(&inet6_pfil_hook) 1952 #endif 1953 ) { 1954 BRIDGE_UNLOCK(sc); 1955 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1956 return; 1957 if (m == NULL) 1958 return; 1959 BRIDGE_LOCK(sc); 1960 } 1961 1962 if (dst_if == NULL) { 1963 bridge_broadcast(sc, src_if, m, 1); 1964 return; 1965 } 1966 1967 /* 1968 * At this point, we're dealing with a unicast frame 1969 * going to a different interface. 1970 */ 1971 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1972 BRIDGE_UNLOCK(sc); 1973 m_freem(m); 1974 return; 1975 } 1976 bif = bridge_lookup_member_if(sc, dst_if); 1977 if (bif == NULL) { 1978 /* Not a member of the bridge (anymore?) */ 1979 BRIDGE_UNLOCK(sc); 1980 m_freem(m); 1981 return; 1982 } 1983 1984 if ((bif->bif_flags & IFBIF_STP) && 1985 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1986 BRIDGE_UNLOCK(sc); 1987 m_freem(m); 1988 return; 1989 } 1990 1991 BRIDGE_UNLOCK(sc); 1992 1993 if (PFIL_HOOKED(&inet_pfil_hook) 1994 #ifdef INET6 1995 || PFIL_HOOKED(&inet6_pfil_hook) 1996 #endif 1997 ) { 1998 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1999 return; 2000 if (m == NULL) 2001 return; 2002 } 2003 2004 bridge_enqueue(sc, dst_if, m); 2005 } 2006 2007 /* 2008 * bridge_input: 2009 * 2010 * Receive input from a member interface. Queue the packet for 2011 * bridging if it is not for us. 2012 */ 2013 static struct mbuf * 2014 bridge_input(struct ifnet *ifp, struct mbuf *m) 2015 { 2016 struct bridge_softc *sc = ifp->if_bridge; 2017 struct bridge_iflist *bif, *bif2; 2018 struct ifnet *bifp; 2019 struct ether_header *eh; 2020 struct mbuf *mc, *mc2; 2021 2022 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2023 return (m); 2024 2025 bifp = sc->sc_ifp; 2026 2027 /* 2028 * Implement support for bridge monitoring. If this flag has been 2029 * set on this interface, discard the packet once we push it through 2030 * the bpf(4) machinery, but before we do, increment the byte and 2031 * packet counters associated with this interface. 2032 */ 2033 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2034 m->m_pkthdr.rcvif = bifp; 2035 BPF_MTAP(bifp, m); 2036 bifp->if_ipackets++; 2037 bifp->if_ibytes += m->m_pkthdr.len; 2038 m_freem(m); 2039 return (NULL); 2040 } 2041 BRIDGE_LOCK(sc); 2042 bif = bridge_lookup_member_if(sc, ifp); 2043 if (bif == NULL) { 2044 BRIDGE_UNLOCK(sc); 2045 return (m); 2046 } 2047 2048 eh = mtod(m, struct ether_header *); 2049 2050 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2051 ETHER_ADDR_LEN) == 0) { 2052 /* 2053 * If the packet is for us, set the packets source as the 2054 * bridge, and return the packet back to ether_input for 2055 * local processing. 2056 */ 2057 2058 /* Note where to send the reply to */ 2059 if (bif->bif_flags & IFBIF_LEARNING) 2060 (void) bridge_rtupdate(sc, 2061 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2062 2063 /* Mark the packet as arriving on the bridge interface */ 2064 m->m_pkthdr.rcvif = bifp; 2065 BPF_MTAP(bifp, m); 2066 bifp->if_ipackets++; 2067 2068 BRIDGE_UNLOCK(sc); 2069 return (m); 2070 } 2071 2072 bridge_span(sc, m); 2073 2074 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 2075 /* Tap off 802.1D packets; they do not get forwarded. */ 2076 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2077 ETHER_ADDR_LEN) == 0) { 2078 m = bstp_input(&bif->bif_stp, ifp, m); 2079 if (m == NULL) { 2080 BRIDGE_UNLOCK(sc); 2081 return (NULL); 2082 } 2083 } 2084 2085 if ((bif->bif_flags & IFBIF_STP) && 2086 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2087 BRIDGE_UNLOCK(sc); 2088 return (m); 2089 } 2090 2091 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 2092 sizeof(etherbroadcastaddr)) == 0) 2093 m->m_flags |= M_BCAST; 2094 else 2095 m->m_flags |= M_MCAST; 2096 2097 /* 2098 * Make a deep copy of the packet and enqueue the copy 2099 * for bridge processing; return the original packet for 2100 * local processing. 2101 */ 2102 mc = m_dup(m, M_DONTWAIT); 2103 if (mc == NULL) { 2104 BRIDGE_UNLOCK(sc); 2105 return (m); 2106 } 2107 2108 /* Perform the bridge forwarding function with the copy. */ 2109 bridge_forward(sc, mc); 2110 2111 /* 2112 * Reinject the mbuf as arriving on the bridge so we have a 2113 * chance at claiming multicast packets. We can not loop back 2114 * here from ether_input as a bridge is never a member of a 2115 * bridge. 2116 */ 2117 KASSERT(bifp->if_bridge == NULL, 2118 ("loop created in bridge_input")); 2119 mc2 = m_dup(m, M_DONTWAIT); 2120 if (mc2 != NULL) { 2121 /* Keep the layer3 header aligned */ 2122 int i = min(mc2->m_pkthdr.len, max_protohdr); 2123 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2124 } 2125 if (mc2 != NULL) { 2126 mc2->m_pkthdr.rcvif = bifp; 2127 (*bifp->if_input)(bifp, mc2); 2128 } 2129 2130 /* Return the original packet for local processing. */ 2131 return (m); 2132 } 2133 2134 if ((bif->bif_flags & IFBIF_STP) && 2135 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2136 BRIDGE_UNLOCK(sc); 2137 return (m); 2138 } 2139 2140 /* 2141 * Unicast. Make sure it's not for us. 2142 */ 2143 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2144 if (bif2->bif_ifp->if_type == IFT_GIF) 2145 continue; 2146 /* It is destined for us. */ 2147 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_dhost, 2148 ETHER_ADDR_LEN) == 0 2149 #ifdef DEV_CARP 2150 || (bif2->bif_ifp->if_carp 2151 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_dhost)) 2152 #endif 2153 ) { 2154 if (bif->bif_flags & IFBIF_LEARNING) 2155 (void) bridge_rtupdate(sc, 2156 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2157 m->m_pkthdr.rcvif = bif2->bif_ifp; 2158 BRIDGE_UNLOCK(sc); 2159 return (m); 2160 } 2161 2162 /* We just received a packet that we sent out. */ 2163 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_shost, 2164 ETHER_ADDR_LEN) == 0 2165 #ifdef DEV_CARP 2166 || (bif2->bif_ifp->if_carp 2167 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_shost)) 2168 #endif 2169 ) { 2170 BRIDGE_UNLOCK(sc); 2171 m_freem(m); 2172 return (NULL); 2173 } 2174 } 2175 2176 /* Perform the bridge forwarding function. */ 2177 bridge_forward(sc, m); 2178 2179 return (NULL); 2180 } 2181 2182 /* 2183 * bridge_broadcast: 2184 * 2185 * Send a frame to all interfaces that are members of 2186 * the bridge, except for the one on which the packet 2187 * arrived. 2188 * 2189 * NOTE: Releases the lock on return. 2190 */ 2191 static void 2192 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2193 struct mbuf *m, int runfilt) 2194 { 2195 struct bridge_iflist *bif; 2196 struct mbuf *mc; 2197 struct ifnet *dst_if; 2198 int error = 0, used = 0, i; 2199 2200 BRIDGE_LOCK2REF(sc, error); 2201 if (error) { 2202 m_freem(m); 2203 return; 2204 } 2205 2206 /* Filter on the bridge interface before broadcasting */ 2207 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2208 #ifdef INET6 2209 || PFIL_HOOKED(&inet6_pfil_hook) 2210 #endif 2211 )) { 2212 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2213 goto out; 2214 if (m == NULL) 2215 goto out; 2216 } 2217 2218 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2219 dst_if = bif->bif_ifp; 2220 if (dst_if == src_if) 2221 continue; 2222 2223 if ((bif->bif_flags & IFBIF_STP) && 2224 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2225 continue; 2226 2227 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2228 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2229 continue; 2230 2231 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2232 continue; 2233 2234 if (LIST_NEXT(bif, bif_next) == NULL) { 2235 mc = m; 2236 used = 1; 2237 } else { 2238 mc = m_dup(m, M_DONTWAIT); 2239 if (mc == NULL) { 2240 sc->sc_ifp->if_oerrors++; 2241 continue; 2242 } 2243 } 2244 2245 /* 2246 * Filter on the output interface. Pass a NULL bridge interface 2247 * pointer so we do not redundantly filter on the bridge for 2248 * each interface we broadcast on. 2249 */ 2250 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2251 #ifdef INET6 2252 || PFIL_HOOKED(&inet6_pfil_hook) 2253 #endif 2254 )) { 2255 if (used == 0) { 2256 /* Keep the layer3 header aligned */ 2257 i = min(mc->m_pkthdr.len, max_protohdr); 2258 mc = m_copyup(mc, i, ETHER_ALIGN); 2259 if (mc == NULL) { 2260 sc->sc_ifp->if_oerrors++; 2261 continue; 2262 } 2263 } 2264 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2265 continue; 2266 if (mc == NULL) 2267 continue; 2268 } 2269 2270 bridge_enqueue(sc, dst_if, mc); 2271 } 2272 if (used == 0) 2273 m_freem(m); 2274 2275 out: 2276 BRIDGE_UNREF(sc); 2277 } 2278 2279 /* 2280 * bridge_span: 2281 * 2282 * Duplicate a packet out one or more interfaces that are in span mode, 2283 * the original mbuf is unmodified. 2284 */ 2285 static void 2286 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2287 { 2288 struct bridge_iflist *bif; 2289 struct ifnet *dst_if; 2290 struct mbuf *mc; 2291 2292 if (LIST_EMPTY(&sc->sc_spanlist)) 2293 return; 2294 2295 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2296 dst_if = bif->bif_ifp; 2297 2298 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2299 continue; 2300 2301 mc = m_copypacket(m, M_DONTWAIT); 2302 if (mc == NULL) { 2303 sc->sc_ifp->if_oerrors++; 2304 continue; 2305 } 2306 2307 bridge_enqueue(sc, dst_if, mc); 2308 } 2309 } 2310 2311 /* 2312 * bridge_rtupdate: 2313 * 2314 * Add a bridge routing entry. 2315 */ 2316 static int 2317 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2318 struct bridge_iflist *bif, int setflags, uint8_t flags) 2319 { 2320 struct bridge_rtnode *brt; 2321 struct ifnet *dst_if = bif->bif_ifp; 2322 int error; 2323 2324 BRIDGE_LOCK_ASSERT(sc); 2325 2326 /* 2327 * A route for this destination might already exist. If so, 2328 * update it, otherwise create a new one. 2329 */ 2330 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2331 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2332 sc->sc_brtexceeded++; 2333 return (ENOSPC); 2334 } 2335 2336 /* 2337 * Allocate a new bridge forwarding node, and 2338 * initialize the expiration time and Ethernet 2339 * address. 2340 */ 2341 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2342 if (brt == NULL) 2343 return (ENOMEM); 2344 2345 if (bif->bif_flags & IFBIF_STICKY) 2346 brt->brt_flags = IFBAF_STICKY; 2347 else 2348 brt->brt_flags = IFBAF_DYNAMIC; 2349 2350 brt->brt_ifp = dst_if; 2351 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2352 2353 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2354 uma_zfree(bridge_rtnode_zone, brt); 2355 return (error); 2356 } 2357 } 2358 2359 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2360 brt->brt_ifp = dst_if; 2361 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2362 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2363 if (setflags) 2364 brt->brt_flags = flags; 2365 2366 return (0); 2367 } 2368 2369 /* 2370 * bridge_rtlookup: 2371 * 2372 * Lookup the destination interface for an address. 2373 */ 2374 static struct ifnet * 2375 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2376 { 2377 struct bridge_rtnode *brt; 2378 2379 BRIDGE_LOCK_ASSERT(sc); 2380 2381 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2382 return (NULL); 2383 2384 return (brt->brt_ifp); 2385 } 2386 2387 /* 2388 * bridge_rttrim: 2389 * 2390 * Trim the routine table so that we have a number 2391 * of routing entries less than or equal to the 2392 * maximum number. 2393 */ 2394 static void 2395 bridge_rttrim(struct bridge_softc *sc) 2396 { 2397 struct bridge_rtnode *brt, *nbrt; 2398 2399 BRIDGE_LOCK_ASSERT(sc); 2400 2401 /* Make sure we actually need to do this. */ 2402 if (sc->sc_brtcnt <= sc->sc_brtmax) 2403 return; 2404 2405 /* Force an aging cycle; this might trim enough addresses. */ 2406 bridge_rtage(sc); 2407 if (sc->sc_brtcnt <= sc->sc_brtmax) 2408 return; 2409 2410 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2411 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2412 bridge_rtnode_destroy(sc, brt); 2413 if (sc->sc_brtcnt <= sc->sc_brtmax) 2414 return; 2415 } 2416 } 2417 } 2418 2419 /* 2420 * bridge_timer: 2421 * 2422 * Aging timer for the bridge. 2423 */ 2424 static void 2425 bridge_timer(void *arg) 2426 { 2427 struct bridge_softc *sc = arg; 2428 2429 BRIDGE_LOCK_ASSERT(sc); 2430 2431 bridge_rtage(sc); 2432 2433 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2434 callout_reset(&sc->sc_brcallout, 2435 bridge_rtable_prune_period * hz, bridge_timer, sc); 2436 } 2437 2438 /* 2439 * bridge_rtage: 2440 * 2441 * Perform an aging cycle. 2442 */ 2443 static void 2444 bridge_rtage(struct bridge_softc *sc) 2445 { 2446 struct bridge_rtnode *brt, *nbrt; 2447 2448 BRIDGE_LOCK_ASSERT(sc); 2449 2450 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2451 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2452 if (time_uptime >= brt->brt_expire) 2453 bridge_rtnode_destroy(sc, brt); 2454 } 2455 } 2456 } 2457 2458 /* 2459 * bridge_rtflush: 2460 * 2461 * Remove all dynamic addresses from the bridge. 2462 */ 2463 static void 2464 bridge_rtflush(struct bridge_softc *sc, int full) 2465 { 2466 struct bridge_rtnode *brt, *nbrt; 2467 2468 BRIDGE_LOCK_ASSERT(sc); 2469 2470 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2471 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2472 bridge_rtnode_destroy(sc, brt); 2473 } 2474 } 2475 2476 /* 2477 * bridge_rtdaddr: 2478 * 2479 * Remove an address from the table. 2480 */ 2481 static int 2482 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2483 { 2484 struct bridge_rtnode *brt; 2485 2486 BRIDGE_LOCK_ASSERT(sc); 2487 2488 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2489 return (ENOENT); 2490 2491 bridge_rtnode_destroy(sc, brt); 2492 return (0); 2493 } 2494 2495 /* 2496 * bridge_rtdelete: 2497 * 2498 * Delete routes to a speicifc member interface. 2499 */ 2500 static void 2501 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2502 { 2503 struct bridge_rtnode *brt, *nbrt; 2504 2505 BRIDGE_LOCK_ASSERT(sc); 2506 2507 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2508 if (brt->brt_ifp == ifp && (full || 2509 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2510 bridge_rtnode_destroy(sc, brt); 2511 } 2512 } 2513 2514 /* 2515 * bridge_rtable_init: 2516 * 2517 * Initialize the route table for this bridge. 2518 */ 2519 static int 2520 bridge_rtable_init(struct bridge_softc *sc) 2521 { 2522 int i; 2523 2524 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2525 M_DEVBUF, M_NOWAIT); 2526 if (sc->sc_rthash == NULL) 2527 return (ENOMEM); 2528 2529 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2530 LIST_INIT(&sc->sc_rthash[i]); 2531 2532 sc->sc_rthash_key = arc4random(); 2533 2534 LIST_INIT(&sc->sc_rtlist); 2535 2536 return (0); 2537 } 2538 2539 /* 2540 * bridge_rtable_fini: 2541 * 2542 * Deconstruct the route table for this bridge. 2543 */ 2544 static void 2545 bridge_rtable_fini(struct bridge_softc *sc) 2546 { 2547 2548 free(sc->sc_rthash, M_DEVBUF); 2549 } 2550 2551 /* 2552 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2553 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2554 */ 2555 #define mix(a, b, c) \ 2556 do { \ 2557 a -= b; a -= c; a ^= (c >> 13); \ 2558 b -= c; b -= a; b ^= (a << 8); \ 2559 c -= a; c -= b; c ^= (b >> 13); \ 2560 a -= b; a -= c; a ^= (c >> 12); \ 2561 b -= c; b -= a; b ^= (a << 16); \ 2562 c -= a; c -= b; c ^= (b >> 5); \ 2563 a -= b; a -= c; a ^= (c >> 3); \ 2564 b -= c; b -= a; b ^= (a << 10); \ 2565 c -= a; c -= b; c ^= (b >> 15); \ 2566 } while (/*CONSTCOND*/0) 2567 2568 static __inline uint32_t 2569 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2570 { 2571 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2572 2573 b += addr[5] << 8; 2574 b += addr[4]; 2575 a += addr[3] << 24; 2576 a += addr[2] << 16; 2577 a += addr[1] << 8; 2578 a += addr[0]; 2579 2580 mix(a, b, c); 2581 2582 return (c & BRIDGE_RTHASH_MASK); 2583 } 2584 2585 #undef mix 2586 2587 static int 2588 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2589 { 2590 int i, d; 2591 2592 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2593 d = ((int)a[i]) - ((int)b[i]); 2594 } 2595 2596 return (d); 2597 } 2598 2599 /* 2600 * bridge_rtnode_lookup: 2601 * 2602 * Look up a bridge route node for the specified destination. 2603 */ 2604 static struct bridge_rtnode * 2605 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2606 { 2607 struct bridge_rtnode *brt; 2608 uint32_t hash; 2609 int dir; 2610 2611 BRIDGE_LOCK_ASSERT(sc); 2612 2613 hash = bridge_rthash(sc, addr); 2614 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2615 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2616 if (dir == 0) 2617 return (brt); 2618 if (dir > 0) 2619 return (NULL); 2620 } 2621 2622 return (NULL); 2623 } 2624 2625 /* 2626 * bridge_rtnode_insert: 2627 * 2628 * Insert the specified bridge node into the route table. We 2629 * assume the entry is not already in the table. 2630 */ 2631 static int 2632 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2633 { 2634 struct bridge_rtnode *lbrt; 2635 uint32_t hash; 2636 int dir; 2637 2638 BRIDGE_LOCK_ASSERT(sc); 2639 2640 hash = bridge_rthash(sc, brt->brt_addr); 2641 2642 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2643 if (lbrt == NULL) { 2644 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2645 goto out; 2646 } 2647 2648 do { 2649 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2650 if (dir == 0) 2651 return (EEXIST); 2652 if (dir > 0) { 2653 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2654 goto out; 2655 } 2656 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2657 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2658 goto out; 2659 } 2660 lbrt = LIST_NEXT(lbrt, brt_hash); 2661 } while (lbrt != NULL); 2662 2663 #ifdef DIAGNOSTIC 2664 panic("bridge_rtnode_insert: impossible"); 2665 #endif 2666 2667 out: 2668 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2669 sc->sc_brtcnt++; 2670 2671 return (0); 2672 } 2673 2674 /* 2675 * bridge_rtnode_destroy: 2676 * 2677 * Destroy a bridge rtnode. 2678 */ 2679 static void 2680 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2681 { 2682 BRIDGE_LOCK_ASSERT(sc); 2683 2684 LIST_REMOVE(brt, brt_hash); 2685 2686 LIST_REMOVE(brt, brt_list); 2687 sc->sc_brtcnt--; 2688 uma_zfree(bridge_rtnode_zone, brt); 2689 } 2690 2691 /* 2692 * bridge_rtable_expire: 2693 * 2694 * Set the expiry time for all routes on an interface. 2695 */ 2696 static void 2697 bridge_rtable_expire(struct ifnet *ifp, int age) 2698 { 2699 struct bridge_softc *sc = ifp->if_bridge; 2700 struct bridge_rtnode *brt; 2701 2702 BRIDGE_LOCK(sc); 2703 2704 /* 2705 * If the age is zero then flush, otherwise set all the expiry times to 2706 * age for the interface 2707 */ 2708 if (age == 0) 2709 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2710 else { 2711 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2712 /* Cap the expiry time to 'age' */ 2713 if (brt->brt_ifp == ifp && 2714 brt->brt_expire > time_uptime + age && 2715 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2716 brt->brt_expire = time_uptime + age; 2717 } 2718 } 2719 BRIDGE_UNLOCK(sc); 2720 } 2721 2722 /* 2723 * bridge_state_change: 2724 * 2725 * Callback from the bridgestp code when a port changes states. 2726 */ 2727 static void 2728 bridge_state_change(struct ifnet *ifp, int state) 2729 { 2730 struct bridge_softc *sc = ifp->if_bridge; 2731 static const char *stpstates[] = { 2732 "disabled", 2733 "listening", 2734 "learning", 2735 "forwarding", 2736 "blocking", 2737 "discarding" 2738 }; 2739 2740 if (log_stp) 2741 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2742 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2743 } 2744 2745 /* 2746 * Send bridge packets through pfil if they are one of the types pfil can deal 2747 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2748 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2749 * that interface. 2750 */ 2751 static int 2752 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2753 { 2754 int snap, error, i, hlen; 2755 struct ether_header *eh1, eh2; 2756 struct ip_fw_args args; 2757 struct ip *ip; 2758 struct llc llc1; 2759 u_int16_t ether_type; 2760 2761 snap = 0; 2762 error = -1; /* Default error if not error == 0 */ 2763 2764 /* we may return with the IP fields swapped, ensure its not shared */ 2765 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2766 2767 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2768 return (0); /* filtering is disabled */ 2769 2770 i = min((*mp)->m_pkthdr.len, max_protohdr); 2771 if ((*mp)->m_len < i) { 2772 *mp = m_pullup(*mp, i); 2773 if (*mp == NULL) { 2774 printf("%s: m_pullup failed\n", __func__); 2775 return (-1); 2776 } 2777 } 2778 2779 eh1 = mtod(*mp, struct ether_header *); 2780 ether_type = ntohs(eh1->ether_type); 2781 2782 /* 2783 * Check for SNAP/LLC. 2784 */ 2785 if (ether_type < ETHERMTU) { 2786 struct llc *llc2 = (struct llc *)(eh1 + 1); 2787 2788 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2789 llc2->llc_dsap == LLC_SNAP_LSAP && 2790 llc2->llc_ssap == LLC_SNAP_LSAP && 2791 llc2->llc_control == LLC_UI) { 2792 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2793 snap = 1; 2794 } 2795 } 2796 2797 /* 2798 * If we're trying to filter bridge traffic, don't look at anything 2799 * other than IP and ARP traffic. If the filter doesn't understand 2800 * IPv6, don't allow IPv6 through the bridge either. This is lame 2801 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2802 * but of course we don't have an AppleTalk filter to begin with. 2803 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2804 * ARP traffic.) 2805 */ 2806 switch (ether_type) { 2807 case ETHERTYPE_ARP: 2808 case ETHERTYPE_REVARP: 2809 if (pfil_ipfw_arp == 0) 2810 return (0); /* Automatically pass */ 2811 break; 2812 2813 case ETHERTYPE_IP: 2814 #ifdef INET6 2815 case ETHERTYPE_IPV6: 2816 #endif /* INET6 */ 2817 break; 2818 default: 2819 /* 2820 * Check to see if the user wants to pass non-ip 2821 * packets, these will not be checked by pfil(9) and 2822 * passed unconditionally so the default is to drop. 2823 */ 2824 if (pfil_onlyip) 2825 goto bad; 2826 } 2827 2828 /* Strip off the Ethernet header and keep a copy. */ 2829 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2830 m_adj(*mp, ETHER_HDR_LEN); 2831 2832 /* Strip off snap header, if present */ 2833 if (snap) { 2834 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2835 m_adj(*mp, sizeof(struct llc)); 2836 } 2837 2838 /* 2839 * Check the IP header for alignment and errors 2840 */ 2841 if (dir == PFIL_IN) { 2842 switch (ether_type) { 2843 case ETHERTYPE_IP: 2844 error = bridge_ip_checkbasic(mp); 2845 break; 2846 #ifdef INET6 2847 case ETHERTYPE_IPV6: 2848 error = bridge_ip6_checkbasic(mp); 2849 break; 2850 #endif /* INET6 */ 2851 default: 2852 error = 0; 2853 } 2854 if (error) 2855 goto bad; 2856 } 2857 2858 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2859 error = -1; 2860 args.rule = ip_dn_claim_rule(*mp); 2861 if (args.rule != NULL && fw_one_pass) 2862 goto ipfwpass; /* packet already partially processed */ 2863 2864 args.m = *mp; 2865 args.oif = ifp; 2866 args.next_hop = NULL; 2867 args.eh = &eh2; 2868 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2869 i = ip_fw_chk_ptr(&args); 2870 *mp = args.m; 2871 2872 if (*mp == NULL) 2873 return (error); 2874 2875 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2876 2877 /* put the Ethernet header back on */ 2878 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2879 if (*mp == NULL) 2880 return (error); 2881 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2882 2883 /* 2884 * Pass the pkt to dummynet, which consumes it. The 2885 * packet will return to us via bridge_dummynet(). 2886 */ 2887 args.oif = ifp; 2888 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2889 return (error); 2890 } 2891 2892 if (i != IP_FW_PASS) /* drop */ 2893 goto bad; 2894 } 2895 2896 ipfwpass: 2897 error = 0; 2898 2899 /* 2900 * Run the packet through pfil 2901 */ 2902 switch (ether_type) { 2903 case ETHERTYPE_IP: 2904 /* 2905 * before calling the firewall, swap fields the same as 2906 * IP does. here we assume the header is contiguous 2907 */ 2908 ip = mtod(*mp, struct ip *); 2909 2910 ip->ip_len = ntohs(ip->ip_len); 2911 ip->ip_off = ntohs(ip->ip_off); 2912 2913 /* 2914 * Run pfil on the member interface and the bridge, both can 2915 * be skipped by clearing pfil_member or pfil_bridge. 2916 * 2917 * Keep the order: 2918 * in_if -> bridge_if -> out_if 2919 */ 2920 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2921 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2922 dir, NULL); 2923 2924 if (*mp == NULL || error != 0) /* filter may consume */ 2925 break; 2926 2927 if (pfil_member && ifp != NULL) 2928 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2929 dir, NULL); 2930 2931 if (*mp == NULL || error != 0) /* filter may consume */ 2932 break; 2933 2934 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2935 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2936 dir, NULL); 2937 2938 if (*mp == NULL || error != 0) /* filter may consume */ 2939 break; 2940 2941 /* check if we need to fragment the packet */ 2942 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2943 i = (*mp)->m_pkthdr.len; 2944 if (i > ifp->if_mtu) { 2945 error = bridge_fragment(ifp, *mp, &eh2, snap, 2946 &llc1); 2947 return (error); 2948 } 2949 } 2950 2951 /* Recalculate the ip checksum and restore byte ordering */ 2952 ip = mtod(*mp, struct ip *); 2953 hlen = ip->ip_hl << 2; 2954 if (hlen < sizeof(struct ip)) 2955 goto bad; 2956 if (hlen > (*mp)->m_len) { 2957 if ((*mp = m_pullup(*mp, hlen)) == 0) 2958 goto bad; 2959 ip = mtod(*mp, struct ip *); 2960 if (ip == NULL) 2961 goto bad; 2962 } 2963 ip->ip_len = htons(ip->ip_len); 2964 ip->ip_off = htons(ip->ip_off); 2965 ip->ip_sum = 0; 2966 if (hlen == sizeof(struct ip)) 2967 ip->ip_sum = in_cksum_hdr(ip); 2968 else 2969 ip->ip_sum = in_cksum(*mp, hlen); 2970 2971 break; 2972 #ifdef INET6 2973 case ETHERTYPE_IPV6: 2974 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2975 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2976 dir, NULL); 2977 2978 if (*mp == NULL || error != 0) /* filter may consume */ 2979 break; 2980 2981 if (pfil_member && ifp != NULL) 2982 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2983 dir, NULL); 2984 2985 if (*mp == NULL || error != 0) /* filter may consume */ 2986 break; 2987 2988 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2989 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2990 dir, NULL); 2991 break; 2992 #endif 2993 default: 2994 error = 0; 2995 break; 2996 } 2997 2998 if (*mp == NULL) 2999 return (error); 3000 if (error != 0) 3001 goto bad; 3002 3003 error = -1; 3004 3005 /* 3006 * Finally, put everything back the way it was and return 3007 */ 3008 if (snap) { 3009 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3010 if (*mp == NULL) 3011 return (error); 3012 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3013 } 3014 3015 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3016 if (*mp == NULL) 3017 return (error); 3018 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3019 3020 return (0); 3021 3022 bad: 3023 m_freem(*mp); 3024 *mp = NULL; 3025 return (error); 3026 } 3027 3028 /* 3029 * Perform basic checks on header size since 3030 * pfil assumes ip_input has already processed 3031 * it for it. Cut-and-pasted from ip_input.c. 3032 * Given how simple the IPv6 version is, 3033 * does the IPv4 version really need to be 3034 * this complicated? 3035 * 3036 * XXX Should we update ipstat here, or not? 3037 * XXX Right now we update ipstat but not 3038 * XXX csum_counter. 3039 */ 3040 static int 3041 bridge_ip_checkbasic(struct mbuf **mp) 3042 { 3043 struct mbuf *m = *mp; 3044 struct ip *ip; 3045 int len, hlen; 3046 u_short sum; 3047 3048 if (*mp == NULL) 3049 return (-1); 3050 3051 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3052 if ((m = m_copyup(m, sizeof(struct ip), 3053 (max_linkhdr + 3) & ~3)) == NULL) { 3054 /* XXXJRT new stat, please */ 3055 ipstat.ips_toosmall++; 3056 goto bad; 3057 } 3058 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3059 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3060 ipstat.ips_toosmall++; 3061 goto bad; 3062 } 3063 } 3064 ip = mtod(m, struct ip *); 3065 if (ip == NULL) goto bad; 3066 3067 if (ip->ip_v != IPVERSION) { 3068 ipstat.ips_badvers++; 3069 goto bad; 3070 } 3071 hlen = ip->ip_hl << 2; 3072 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3073 ipstat.ips_badhlen++; 3074 goto bad; 3075 } 3076 if (hlen > m->m_len) { 3077 if ((m = m_pullup(m, hlen)) == 0) { 3078 ipstat.ips_badhlen++; 3079 goto bad; 3080 } 3081 ip = mtod(m, struct ip *); 3082 if (ip == NULL) goto bad; 3083 } 3084 3085 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3086 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3087 } else { 3088 if (hlen == sizeof(struct ip)) { 3089 sum = in_cksum_hdr(ip); 3090 } else { 3091 sum = in_cksum(m, hlen); 3092 } 3093 } 3094 if (sum) { 3095 ipstat.ips_badsum++; 3096 goto bad; 3097 } 3098 3099 /* Retrieve the packet length. */ 3100 len = ntohs(ip->ip_len); 3101 3102 /* 3103 * Check for additional length bogosity 3104 */ 3105 if (len < hlen) { 3106 ipstat.ips_badlen++; 3107 goto bad; 3108 } 3109 3110 /* 3111 * Check that the amount of data in the buffers 3112 * is as at least much as the IP header would have us expect. 3113 * Drop packet if shorter than we expect. 3114 */ 3115 if (m->m_pkthdr.len < len) { 3116 ipstat.ips_tooshort++; 3117 goto bad; 3118 } 3119 3120 /* Checks out, proceed */ 3121 *mp = m; 3122 return (0); 3123 3124 bad: 3125 *mp = m; 3126 return (-1); 3127 } 3128 3129 #ifdef INET6 3130 /* 3131 * Same as above, but for IPv6. 3132 * Cut-and-pasted from ip6_input.c. 3133 * XXX Should we update ip6stat, or not? 3134 */ 3135 static int 3136 bridge_ip6_checkbasic(struct mbuf **mp) 3137 { 3138 struct mbuf *m = *mp; 3139 struct ip6_hdr *ip6; 3140 3141 /* 3142 * If the IPv6 header is not aligned, slurp it up into a new 3143 * mbuf with space for link headers, in the event we forward 3144 * it. Otherwise, if it is aligned, make sure the entire base 3145 * IPv6 header is in the first mbuf of the chain. 3146 */ 3147 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3148 struct ifnet *inifp = m->m_pkthdr.rcvif; 3149 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3150 (max_linkhdr + 3) & ~3)) == NULL) { 3151 /* XXXJRT new stat, please */ 3152 ip6stat.ip6s_toosmall++; 3153 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3154 goto bad; 3155 } 3156 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3157 struct ifnet *inifp = m->m_pkthdr.rcvif; 3158 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3159 ip6stat.ip6s_toosmall++; 3160 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3161 goto bad; 3162 } 3163 } 3164 3165 ip6 = mtod(m, struct ip6_hdr *); 3166 3167 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3168 ip6stat.ip6s_badvers++; 3169 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3170 goto bad; 3171 } 3172 3173 /* Checks out, proceed */ 3174 *mp = m; 3175 return (0); 3176 3177 bad: 3178 *mp = m; 3179 return (-1); 3180 } 3181 #endif /* INET6 */ 3182 3183 /* 3184 * bridge_fragment: 3185 * 3186 * Return a fragmented mbuf chain. 3187 */ 3188 static int 3189 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3190 int snap, struct llc *llc) 3191 { 3192 struct mbuf *m0; 3193 struct ip *ip; 3194 int error = -1; 3195 3196 if (m->m_len < sizeof(struct ip) && 3197 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3198 goto out; 3199 ip = mtod(m, struct ip *); 3200 3201 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3202 CSUM_DELAY_IP); 3203 if (error) 3204 goto out; 3205 3206 /* walk the chain and re-add the Ethernet header */ 3207 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3208 if (error == 0) { 3209 if (snap) { 3210 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3211 if (m0 == NULL) { 3212 error = ENOBUFS; 3213 continue; 3214 } 3215 bcopy(llc, mtod(m0, caddr_t), 3216 sizeof(struct llc)); 3217 } 3218 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3219 if (m0 == NULL) { 3220 error = ENOBUFS; 3221 continue; 3222 } 3223 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3224 } else 3225 m_freem(m); 3226 } 3227 3228 if (error == 0) 3229 ipstat.ips_fragmented++; 3230 3231 return (error); 3232 3233 out: 3234 if (m != NULL) 3235 m_freem(m); 3236 return (error); 3237 } 3238