1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 51 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 52 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 53 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 54 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 55 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 56 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 57 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 60 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 61 * POSSIBILITY OF SUCH DAMAGE. 62 * 63 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 64 */ 65 66 /* 67 * Network interface bridge support. 68 * 69 * TODO: 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77 #include <sys/cdefs.h> 78 __FBSDID("$FreeBSD$"); 79 80 #include "opt_inet.h" 81 #include "opt_inet6.h" 82 #include "opt_carp.h" 83 84 #include <sys/param.h> 85 #include <sys/mbuf.h> 86 #include <sys/malloc.h> 87 #include <sys/protosw.h> 88 #include <sys/systm.h> 89 #include <sys/time.h> 90 #include <sys/socket.h> /* for net/if.h */ 91 #include <sys/sockio.h> 92 #include <sys/ctype.h> /* string functions */ 93 #include <sys/kernel.h> 94 #include <sys/random.h> 95 #include <sys/syslog.h> 96 #include <sys/sysctl.h> 97 #include <vm/uma.h> 98 #include <sys/module.h> 99 #include <sys/priv.h> 100 #include <sys/proc.h> 101 #include <sys/lock.h> 102 #include <sys/mutex.h> 103 #include <sys/vimage.h> 104 105 #include <net/bpf.h> 106 #include <net/if.h> 107 #include <net/if_clone.h> 108 #include <net/if_dl.h> 109 #include <net/if_types.h> 110 #include <net/if_var.h> 111 #include <net/pfil.h> 112 113 #include <netinet/in.h> /* for struct arpcom */ 114 #include <netinet/in_systm.h> 115 #include <netinet/in_var.h> 116 #include <netinet/ip.h> 117 #include <netinet/ip_var.h> 118 #ifdef INET6 119 #include <netinet/ip6.h> 120 #include <netinet6/ip6_var.h> 121 #endif 122 #ifdef DEV_CARP 123 #include <netinet/ip_carp.h> 124 #endif 125 #include <machine/in_cksum.h> 126 #include <netinet/if_ether.h> /* for struct arpcom */ 127 #include <net/bridgestp.h> 128 #include <net/if_bridgevar.h> 129 #include <net/if_llc.h> 130 #include <net/if_vlan_var.h> 131 132 #include <net/route.h> 133 #include <netinet/ip_fw.h> 134 #include <netinet/ip_dummynet.h> 135 136 /* 137 * Size of the route hash table. Must be a power of two. 138 */ 139 #ifndef BRIDGE_RTHASH_SIZE 140 #define BRIDGE_RTHASH_SIZE 1024 141 #endif 142 143 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 144 145 /* 146 * Maximum number of addresses to cache. 147 */ 148 #ifndef BRIDGE_RTABLE_MAX 149 #define BRIDGE_RTABLE_MAX 100 150 #endif 151 152 /* 153 * Timeout (in seconds) for entries learned dynamically. 154 */ 155 #ifndef BRIDGE_RTABLE_TIMEOUT 156 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 157 #endif 158 159 /* 160 * Number of seconds between walks of the route list. 161 */ 162 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 163 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 164 #endif 165 166 /* 167 * List of capabilities to possibly mask on the member interface. 168 */ 169 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM) 170 171 /* 172 * Bridge interface list entry. 173 */ 174 struct bridge_iflist { 175 LIST_ENTRY(bridge_iflist) bif_next; 176 struct ifnet *bif_ifp; /* member if */ 177 struct bstp_port bif_stp; /* STP state */ 178 uint32_t bif_flags; /* member if flags */ 179 int bif_savedcaps; /* saved capabilities */ 180 uint32_t bif_addrmax; /* max # of addresses */ 181 uint32_t bif_addrcnt; /* cur. # of addresses */ 182 uint32_t bif_addrexceeded;/* # of address violations */ 183 }; 184 185 /* 186 * Bridge route node. 187 */ 188 struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct bridge_iflist *brt_dst; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195 uint16_t brt_vlan; /* vlan id */ 196 }; 197 #define brt_ifp brt_dst->bif_ifp 198 199 /* 200 * Software state for each bridge. 201 */ 202 struct bridge_softc { 203 struct ifnet *sc_ifp; /* make this an interface */ 204 LIST_ENTRY(bridge_softc) sc_list; 205 struct mtx sc_mtx; 206 struct cv sc_cv; 207 uint32_t sc_brtmax; /* max # of addresses */ 208 uint32_t sc_brtcnt; /* cur. # of addresses */ 209 uint32_t sc_brttimeout; /* rt timeout in seconds */ 210 struct callout sc_brcallout; /* bridge callout */ 211 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 212 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 213 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 214 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 215 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 216 uint32_t sc_rthash_key; /* key for hash */ 217 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 218 struct bstp_state sc_stp; /* STP state */ 219 uint32_t sc_brtexceeded; /* # of cache drops */ 220 u_char sc_defaddr[6]; /* Default MAC address */ 221 }; 222 223 static struct mtx bridge_list_mtx; 224 eventhandler_tag bridge_detach_cookie = NULL; 225 226 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 227 228 uma_zone_t bridge_rtnode_zone; 229 230 static int bridge_clone_create(struct if_clone *, int, caddr_t); 231 static void bridge_clone_destroy(struct ifnet *); 232 233 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 234 static void bridge_mutecaps(struct bridge_softc *); 235 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *, 236 int); 237 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 238 static void bridge_init(void *); 239 static void bridge_dummynet(struct mbuf *, struct ifnet *); 240 static void bridge_stop(struct ifnet *, int); 241 static void bridge_start(struct ifnet *); 242 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 243 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 244 struct rtentry *); 245 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 246 struct mbuf *); 247 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 248 249 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *, 250 struct mbuf *m); 251 252 static void bridge_timer(void *); 253 254 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 255 struct mbuf *, int); 256 static void bridge_span(struct bridge_softc *, struct mbuf *); 257 258 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 259 uint16_t, struct bridge_iflist *, int, uint8_t); 260 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 261 uint16_t); 262 static void bridge_rttrim(struct bridge_softc *); 263 static void bridge_rtage(struct bridge_softc *); 264 static void bridge_rtflush(struct bridge_softc *, int); 265 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 266 uint16_t); 267 268 static int bridge_rtable_init(struct bridge_softc *); 269 static void bridge_rtable_fini(struct bridge_softc *); 270 271 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 272 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 273 const uint8_t *, uint16_t); 274 static int bridge_rtnode_insert(struct bridge_softc *, 275 struct bridge_rtnode *); 276 static void bridge_rtnode_destroy(struct bridge_softc *, 277 struct bridge_rtnode *); 278 static void bridge_rtable_expire(struct ifnet *, int); 279 static void bridge_state_change(struct ifnet *, int); 280 281 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 282 const char *name); 283 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 284 struct ifnet *ifp); 285 static void bridge_delete_member(struct bridge_softc *, 286 struct bridge_iflist *, int); 287 static void bridge_delete_span(struct bridge_softc *, 288 struct bridge_iflist *); 289 290 static int bridge_ioctl_add(struct bridge_softc *, void *); 291 static int bridge_ioctl_del(struct bridge_softc *, void *); 292 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 293 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 294 static int bridge_ioctl_scache(struct bridge_softc *, void *); 295 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 296 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 297 static int bridge_ioctl_rts(struct bridge_softc *, void *); 298 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 299 static int bridge_ioctl_sto(struct bridge_softc *, void *); 300 static int bridge_ioctl_gto(struct bridge_softc *, void *); 301 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 302 static int bridge_ioctl_flush(struct bridge_softc *, void *); 303 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 304 static int bridge_ioctl_spri(struct bridge_softc *, void *); 305 static int bridge_ioctl_ght(struct bridge_softc *, void *); 306 static int bridge_ioctl_sht(struct bridge_softc *, void *); 307 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 308 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 309 static int bridge_ioctl_gma(struct bridge_softc *, void *); 310 static int bridge_ioctl_sma(struct bridge_softc *, void *); 311 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 312 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 313 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *); 314 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 315 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 316 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 317 static int bridge_ioctl_grte(struct bridge_softc *, void *); 318 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 319 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 320 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 321 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 322 int); 323 static int bridge_ip_checkbasic(struct mbuf **mp); 324 #ifdef INET6 325 static int bridge_ip6_checkbasic(struct mbuf **mp); 326 #endif /* INET6 */ 327 static int bridge_fragment(struct ifnet *, struct mbuf *, 328 struct ether_header *, int, struct llc *); 329 330 /* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 331 #define VLANTAGOF(_m) \ 332 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 333 334 static struct bstp_cb_ops bridge_ops = { 335 .bcb_state = bridge_state_change, 336 .bcb_rtage = bridge_rtable_expire 337 }; 338 339 SYSCTL_DECL(_net_link); 340 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 341 342 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 343 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 344 static int pfil_member = 1; /* run pfil hooks on the member interface */ 345 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 346 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 347 static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for 348 locally destined packets */ 349 static int log_stp = 0; /* log STP state changes */ 350 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 351 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 352 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 353 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 354 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 355 &pfil_bridge, 0, "Packet filter on the bridge interface"); 356 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 357 &pfil_member, 0, "Packet filter on the member interface"); 358 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, CTLFLAG_RW, 359 &pfil_local_phys, 0, 360 "Packet filter on the physical interface for locally destined packets"); 361 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 362 &log_stp, 0, "Log STP state changes"); 363 364 struct bridge_control { 365 int (*bc_func)(struct bridge_softc *, void *); 366 int bc_argsize; 367 int bc_flags; 368 }; 369 370 #define BC_F_COPYIN 0x01 /* copy arguments in */ 371 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 372 #define BC_F_SUSER 0x04 /* do super-user check */ 373 374 const struct bridge_control bridge_control_table[] = { 375 { bridge_ioctl_add, sizeof(struct ifbreq), 376 BC_F_COPYIN|BC_F_SUSER }, 377 { bridge_ioctl_del, sizeof(struct ifbreq), 378 BC_F_COPYIN|BC_F_SUSER }, 379 380 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 381 BC_F_COPYIN|BC_F_COPYOUT }, 382 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 383 BC_F_COPYIN|BC_F_SUSER }, 384 385 { bridge_ioctl_scache, sizeof(struct ifbrparam), 386 BC_F_COPYIN|BC_F_SUSER }, 387 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 388 BC_F_COPYOUT }, 389 390 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 391 BC_F_COPYIN|BC_F_COPYOUT }, 392 { bridge_ioctl_rts, sizeof(struct ifbaconf), 393 BC_F_COPYIN|BC_F_COPYOUT }, 394 395 { bridge_ioctl_saddr, sizeof(struct ifbareq), 396 BC_F_COPYIN|BC_F_SUSER }, 397 398 { bridge_ioctl_sto, sizeof(struct ifbrparam), 399 BC_F_COPYIN|BC_F_SUSER }, 400 { bridge_ioctl_gto, sizeof(struct ifbrparam), 401 BC_F_COPYOUT }, 402 403 { bridge_ioctl_daddr, sizeof(struct ifbareq), 404 BC_F_COPYIN|BC_F_SUSER }, 405 406 { bridge_ioctl_flush, sizeof(struct ifbreq), 407 BC_F_COPYIN|BC_F_SUSER }, 408 409 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 410 BC_F_COPYOUT }, 411 { bridge_ioctl_spri, sizeof(struct ifbrparam), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_ght, sizeof(struct ifbrparam), 415 BC_F_COPYOUT }, 416 { bridge_ioctl_sht, sizeof(struct ifbrparam), 417 BC_F_COPYIN|BC_F_SUSER }, 418 419 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 420 BC_F_COPYOUT }, 421 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 422 BC_F_COPYIN|BC_F_SUSER }, 423 424 { bridge_ioctl_gma, sizeof(struct ifbrparam), 425 BC_F_COPYOUT }, 426 { bridge_ioctl_sma, sizeof(struct ifbrparam), 427 BC_F_COPYIN|BC_F_SUSER }, 428 429 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 430 BC_F_COPYIN|BC_F_SUSER }, 431 432 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 433 BC_F_COPYIN|BC_F_SUSER }, 434 435 { bridge_ioctl_addspan, sizeof(struct ifbreq), 436 BC_F_COPYIN|BC_F_SUSER }, 437 { bridge_ioctl_delspan, sizeof(struct ifbreq), 438 BC_F_COPYIN|BC_F_SUSER }, 439 440 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 441 BC_F_COPYOUT }, 442 443 { bridge_ioctl_grte, sizeof(struct ifbrparam), 444 BC_F_COPYOUT }, 445 446 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 447 BC_F_COPYIN|BC_F_COPYOUT }, 448 449 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 450 BC_F_COPYIN|BC_F_SUSER }, 451 452 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 453 BC_F_COPYIN|BC_F_SUSER }, 454 455 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq), 456 BC_F_COPYIN|BC_F_SUSER }, 457 458 }; 459 const int bridge_control_table_size = 460 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 461 462 LIST_HEAD(, bridge_softc) bridge_list; 463 464 IFC_SIMPLE_DECLARE(bridge, 0); 465 466 static int 467 bridge_modevent(module_t mod, int type, void *data) 468 { 469 470 switch (type) { 471 case MOD_LOAD: 472 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 473 if_clone_attach(&bridge_cloner); 474 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 475 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 476 UMA_ALIGN_PTR, 0); 477 LIST_INIT(&bridge_list); 478 bridge_input_p = bridge_input; 479 bridge_output_p = bridge_output; 480 bridge_dn_p = bridge_dummynet; 481 bridge_detach_cookie = EVENTHANDLER_REGISTER( 482 ifnet_departure_event, bridge_ifdetach, NULL, 483 EVENTHANDLER_PRI_ANY); 484 break; 485 case MOD_UNLOAD: 486 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 487 bridge_detach_cookie); 488 if_clone_detach(&bridge_cloner); 489 uma_zdestroy(bridge_rtnode_zone); 490 bridge_input_p = NULL; 491 bridge_output_p = NULL; 492 bridge_dn_p = NULL; 493 mtx_destroy(&bridge_list_mtx); 494 break; 495 default: 496 return (EOPNOTSUPP); 497 } 498 return (0); 499 } 500 501 static moduledata_t bridge_mod = { 502 "if_bridge", 503 bridge_modevent, 504 0 505 }; 506 507 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 508 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 509 510 /* 511 * handler for net.link.bridge.pfil_ipfw 512 */ 513 static int 514 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 515 { 516 int enable = pfil_ipfw; 517 int error; 518 519 error = sysctl_handle_int(oidp, &enable, 0, req); 520 enable = (enable) ? 1 : 0; 521 522 if (enable != pfil_ipfw) { 523 pfil_ipfw = enable; 524 525 /* 526 * Disable pfil so that ipfw doesnt run twice, if the user 527 * really wants both then they can re-enable pfil_bridge and/or 528 * pfil_member. Also allow non-ip packets as ipfw can filter by 529 * layer2 type. 530 */ 531 if (pfil_ipfw) { 532 pfil_onlyip = 0; 533 pfil_bridge = 0; 534 pfil_member = 0; 535 } 536 } 537 538 return (error); 539 } 540 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 541 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 542 543 /* 544 * bridge_clone_create: 545 * 546 * Create a new bridge instance. 547 */ 548 static int 549 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 550 { 551 struct bridge_softc *sc, *sc2; 552 struct ifnet *bifp, *ifp; 553 int retry; 554 555 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 556 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 557 if (ifp == NULL) { 558 free(sc, M_DEVBUF); 559 return (ENOSPC); 560 } 561 562 BRIDGE_LOCK_INIT(sc); 563 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 564 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 565 566 /* Initialize our routing table. */ 567 bridge_rtable_init(sc); 568 569 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 570 571 LIST_INIT(&sc->sc_iflist); 572 LIST_INIT(&sc->sc_spanlist); 573 574 ifp->if_softc = sc; 575 if_initname(ifp, ifc->ifc_name, unit); 576 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 577 ifp->if_ioctl = bridge_ioctl; 578 ifp->if_start = bridge_start; 579 ifp->if_init = bridge_init; 580 ifp->if_type = IFT_BRIDGE; 581 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 582 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 583 IFQ_SET_READY(&ifp->if_snd); 584 585 /* 586 * Generate a random ethernet address with a locally administered 587 * address. 588 * 589 * Since we are using random ethernet addresses for the bridge, it is 590 * possible that we might have address collisions, so make sure that 591 * this hardware address isn't already in use on another bridge. 592 */ 593 for (retry = 1; retry != 0;) { 594 arc4rand(sc->sc_defaddr, ETHER_ADDR_LEN, 1); 595 sc->sc_defaddr[0] &= ~1; /* clear multicast bit */ 596 sc->sc_defaddr[0] |= 2; /* set the LAA bit */ 597 retry = 0; 598 mtx_lock(&bridge_list_mtx); 599 LIST_FOREACH(sc2, &bridge_list, sc_list) { 600 bifp = sc2->sc_ifp; 601 if (memcmp(sc->sc_defaddr, 602 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 603 retry = 1; 604 } 605 mtx_unlock(&bridge_list_mtx); 606 } 607 608 bstp_attach(&sc->sc_stp, &bridge_ops); 609 ether_ifattach(ifp, sc->sc_defaddr); 610 /* Now undo some of the damage... */ 611 ifp->if_baudrate = 0; 612 ifp->if_type = IFT_BRIDGE; 613 614 mtx_lock(&bridge_list_mtx); 615 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 616 mtx_unlock(&bridge_list_mtx); 617 618 return (0); 619 } 620 621 /* 622 * bridge_clone_destroy: 623 * 624 * Destroy a bridge instance. 625 */ 626 static void 627 bridge_clone_destroy(struct ifnet *ifp) 628 { 629 struct bridge_softc *sc = ifp->if_softc; 630 struct bridge_iflist *bif; 631 632 BRIDGE_LOCK(sc); 633 634 bridge_stop(ifp, 1); 635 ifp->if_flags &= ~IFF_UP; 636 637 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 638 bridge_delete_member(sc, bif, 0); 639 640 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 641 bridge_delete_span(sc, bif); 642 } 643 644 BRIDGE_UNLOCK(sc); 645 646 callout_drain(&sc->sc_brcallout); 647 648 mtx_lock(&bridge_list_mtx); 649 LIST_REMOVE(sc, sc_list); 650 mtx_unlock(&bridge_list_mtx); 651 652 bstp_detach(&sc->sc_stp); 653 ether_ifdetach(ifp); 654 if_free_type(ifp, IFT_ETHER); 655 656 /* Tear down the routing table. */ 657 bridge_rtable_fini(sc); 658 659 BRIDGE_LOCK_DESTROY(sc); 660 free(sc, M_DEVBUF); 661 } 662 663 /* 664 * bridge_ioctl: 665 * 666 * Handle a control request from the operator. 667 */ 668 static int 669 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 670 { 671 struct bridge_softc *sc = ifp->if_softc; 672 struct thread *td = curthread; 673 union { 674 struct ifbreq ifbreq; 675 struct ifbifconf ifbifconf; 676 struct ifbareq ifbareq; 677 struct ifbaconf ifbaconf; 678 struct ifbrparam ifbrparam; 679 struct ifbropreq ifbropreq; 680 } args; 681 struct ifdrv *ifd = (struct ifdrv *) data; 682 const struct bridge_control *bc; 683 int error = 0; 684 685 switch (cmd) { 686 687 case SIOCADDMULTI: 688 case SIOCDELMULTI: 689 break; 690 691 case SIOCGDRVSPEC: 692 case SIOCSDRVSPEC: 693 if (ifd->ifd_cmd >= bridge_control_table_size) { 694 error = EINVAL; 695 break; 696 } 697 bc = &bridge_control_table[ifd->ifd_cmd]; 698 699 if (cmd == SIOCGDRVSPEC && 700 (bc->bc_flags & BC_F_COPYOUT) == 0) { 701 error = EINVAL; 702 break; 703 } 704 else if (cmd == SIOCSDRVSPEC && 705 (bc->bc_flags & BC_F_COPYOUT) != 0) { 706 error = EINVAL; 707 break; 708 } 709 710 if (bc->bc_flags & BC_F_SUSER) { 711 error = priv_check(td, PRIV_NET_BRIDGE); 712 if (error) 713 break; 714 } 715 716 if (ifd->ifd_len != bc->bc_argsize || 717 ifd->ifd_len > sizeof(args)) { 718 error = EINVAL; 719 break; 720 } 721 722 bzero(&args, sizeof(args)); 723 if (bc->bc_flags & BC_F_COPYIN) { 724 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 725 if (error) 726 break; 727 } 728 729 BRIDGE_LOCK(sc); 730 error = (*bc->bc_func)(sc, &args); 731 BRIDGE_UNLOCK(sc); 732 if (error) 733 break; 734 735 if (bc->bc_flags & BC_F_COPYOUT) 736 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 737 738 break; 739 740 case SIOCSIFFLAGS: 741 if (!(ifp->if_flags & IFF_UP) && 742 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 743 /* 744 * If interface is marked down and it is running, 745 * then stop and disable it. 746 */ 747 BRIDGE_LOCK(sc); 748 bridge_stop(ifp, 1); 749 BRIDGE_UNLOCK(sc); 750 } else if ((ifp->if_flags & IFF_UP) && 751 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 752 /* 753 * If interface is marked up and it is stopped, then 754 * start it. 755 */ 756 (*ifp->if_init)(sc); 757 } 758 break; 759 760 case SIOCSIFMTU: 761 /* Do not allow the MTU to be changed on the bridge */ 762 error = EINVAL; 763 break; 764 765 default: 766 /* 767 * drop the lock as ether_ioctl() will call bridge_start() and 768 * cause the lock to be recursed. 769 */ 770 error = ether_ioctl(ifp, cmd, data); 771 break; 772 } 773 774 return (error); 775 } 776 777 /* 778 * bridge_mutecaps: 779 * 780 * Clear or restore unwanted capabilities on the member interface 781 */ 782 static void 783 bridge_mutecaps(struct bridge_softc *sc) 784 { 785 struct bridge_iflist *bif; 786 int enabled, mask; 787 788 /* Initial bitmask of capabilities to test */ 789 mask = BRIDGE_IFCAPS_MASK; 790 791 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 792 /* Every member must support it or its disabled */ 793 mask &= bif->bif_savedcaps; 794 } 795 796 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 797 enabled = bif->bif_ifp->if_capenable; 798 /* strip off mask bits and enable them again if allowed */ 799 enabled &= ~BRIDGE_IFCAPS_MASK; 800 enabled |= mask; 801 /* 802 * Receive offload can only be enabled if all members also 803 * support send offload. 804 */ 805 if ((enabled & IFCAP_TSO) == 0) 806 enabled &= ~IFCAP_LRO; 807 808 bridge_set_ifcap(sc, bif, enabled); 809 } 810 811 } 812 813 static void 814 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set) 815 { 816 struct ifnet *ifp = bif->bif_ifp; 817 struct ifreq ifr; 818 int error; 819 820 bzero(&ifr, sizeof(ifr)); 821 ifr.ifr_reqcap = set; 822 823 if (ifp->if_capenable != set) { 824 IFF_LOCKGIANT(ifp); 825 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 826 IFF_UNLOCKGIANT(ifp); 827 if (error) 828 if_printf(sc->sc_ifp, 829 "error setting interface capabilities on %s\n", 830 ifp->if_xname); 831 } 832 } 833 834 /* 835 * bridge_lookup_member: 836 * 837 * Lookup a bridge member interface. 838 */ 839 static struct bridge_iflist * 840 bridge_lookup_member(struct bridge_softc *sc, const char *name) 841 { 842 struct bridge_iflist *bif; 843 struct ifnet *ifp; 844 845 BRIDGE_LOCK_ASSERT(sc); 846 847 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 848 ifp = bif->bif_ifp; 849 if (strcmp(ifp->if_xname, name) == 0) 850 return (bif); 851 } 852 853 return (NULL); 854 } 855 856 /* 857 * bridge_lookup_member_if: 858 * 859 * Lookup a bridge member interface by ifnet*. 860 */ 861 static struct bridge_iflist * 862 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 863 { 864 struct bridge_iflist *bif; 865 866 BRIDGE_LOCK_ASSERT(sc); 867 868 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 869 if (bif->bif_ifp == member_ifp) 870 return (bif); 871 } 872 873 return (NULL); 874 } 875 876 /* 877 * bridge_delete_member: 878 * 879 * Delete the specified member interface. 880 */ 881 static void 882 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 883 int gone) 884 { 885 struct ifnet *ifs = bif->bif_ifp; 886 struct ifnet *fif = NULL; 887 888 BRIDGE_LOCK_ASSERT(sc); 889 890 if (!gone) { 891 switch (ifs->if_type) { 892 case IFT_ETHER: 893 case IFT_L2VLAN: 894 /* 895 * Take the interface out of promiscuous mode. 896 */ 897 (void) ifpromisc(ifs, 0); 898 break; 899 900 case IFT_GIF: 901 break; 902 903 default: 904 #ifdef DIAGNOSTIC 905 panic("bridge_delete_member: impossible"); 906 #endif 907 break; 908 } 909 /* reneable any interface capabilities */ 910 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 911 } 912 913 if (bif->bif_flags & IFBIF_STP) 914 bstp_disable(&bif->bif_stp); 915 916 ifs->if_bridge = NULL; 917 BRIDGE_XLOCK(sc); 918 LIST_REMOVE(bif, bif_next); 919 BRIDGE_XDROP(sc); 920 921 /* 922 * If removing the interface that gave the bridge its mac address, set 923 * the mac address of the bridge to the address of the next member, or 924 * to its default address if no members are left. 925 */ 926 if (!memcmp(IF_LLADDR(sc->sc_ifp), IF_LLADDR(ifs), ETHER_ADDR_LEN)) { 927 if (LIST_EMPTY(&sc->sc_iflist)) 928 bcopy(sc->sc_defaddr, 929 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 930 else { 931 fif = LIST_FIRST(&sc->sc_iflist)->bif_ifp; 932 bcopy(IF_LLADDR(fif), 933 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 934 } 935 } 936 937 bridge_mutecaps(sc); /* recalcuate now this interface is removed */ 938 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 939 KASSERT(bif->bif_addrcnt == 0, 940 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt)); 941 942 BRIDGE_UNLOCK(sc); 943 bstp_destroy(&bif->bif_stp); /* prepare to free */ 944 BRIDGE_LOCK(sc); 945 free(bif, M_DEVBUF); 946 } 947 948 /* 949 * bridge_delete_span: 950 * 951 * Delete the specified span interface. 952 */ 953 static void 954 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 955 { 956 BRIDGE_LOCK_ASSERT(sc); 957 958 KASSERT(bif->bif_ifp->if_bridge == NULL, 959 ("%s: not a span interface", __func__)); 960 961 LIST_REMOVE(bif, bif_next); 962 free(bif, M_DEVBUF); 963 } 964 965 static int 966 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 967 { 968 struct ifbreq *req = arg; 969 struct bridge_iflist *bif = NULL; 970 struct ifnet *ifs; 971 int error = 0; 972 973 ifs = ifunit(req->ifbr_ifsname); 974 if (ifs == NULL) 975 return (ENOENT); 976 if (ifs->if_ioctl == NULL) /* must be supported */ 977 return (EINVAL); 978 979 /* If it's in the span list, it can't be a member. */ 980 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 981 if (ifs == bif->bif_ifp) 982 return (EBUSY); 983 984 /* Allow the first Ethernet member to define the MTU */ 985 if (ifs->if_type != IFT_GIF) { 986 if (LIST_EMPTY(&sc->sc_iflist)) 987 sc->sc_ifp->if_mtu = ifs->if_mtu; 988 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 989 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 990 ifs->if_xname); 991 return (EINVAL); 992 } 993 } 994 995 if (ifs->if_bridge == sc) 996 return (EEXIST); 997 998 if (ifs->if_bridge != NULL) 999 return (EBUSY); 1000 1001 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1002 if (bif == NULL) 1003 return (ENOMEM); 1004 1005 bif->bif_ifp = ifs; 1006 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 1007 bif->bif_savedcaps = ifs->if_capenable; 1008 1009 switch (ifs->if_type) { 1010 case IFT_ETHER: 1011 case IFT_L2VLAN: 1012 /* 1013 * Place the interface into promiscuous mode. 1014 */ 1015 error = ifpromisc(ifs, 1); 1016 if (error) 1017 goto out; 1018 break; 1019 1020 case IFT_GIF: 1021 break; 1022 1023 default: 1024 error = EINVAL; 1025 goto out; 1026 } 1027 1028 /* 1029 * Assign the interface's MAC address to the bridge if it's the first 1030 * member and the MAC address of the bridge has not been changed from 1031 * the default randomly generated one. 1032 */ 1033 if (LIST_EMPTY(&sc->sc_iflist) && 1034 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN)) 1035 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1036 1037 ifs->if_bridge = sc; 1038 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 1039 /* 1040 * XXX: XLOCK HERE!?! 1041 * 1042 * NOTE: insert_***HEAD*** should be safe for the traversals. 1043 */ 1044 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 1045 1046 /* Set interface capabilities to the intersection set of all members */ 1047 bridge_mutecaps(sc); 1048 out: 1049 if (error) { 1050 if (bif != NULL) 1051 free(bif, M_DEVBUF); 1052 } 1053 return (error); 1054 } 1055 1056 static int 1057 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1058 { 1059 struct ifbreq *req = arg; 1060 struct bridge_iflist *bif; 1061 1062 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1063 if (bif == NULL) 1064 return (ENOENT); 1065 1066 bridge_delete_member(sc, bif, 0); 1067 1068 return (0); 1069 } 1070 1071 static int 1072 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1073 { 1074 struct ifbreq *req = arg; 1075 struct bridge_iflist *bif; 1076 struct bstp_port *bp; 1077 1078 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1079 if (bif == NULL) 1080 return (ENOENT); 1081 1082 bp = &bif->bif_stp; 1083 req->ifbr_ifsflags = bif->bif_flags; 1084 req->ifbr_state = bp->bp_state; 1085 req->ifbr_priority = bp->bp_priority; 1086 req->ifbr_path_cost = bp->bp_path_cost; 1087 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1088 req->ifbr_proto = bp->bp_protover; 1089 req->ifbr_role = bp->bp_role; 1090 req->ifbr_stpflags = bp->bp_flags; 1091 req->ifbr_addrcnt = bif->bif_addrcnt; 1092 req->ifbr_addrmax = bif->bif_addrmax; 1093 req->ifbr_addrexceeded = bif->bif_addrexceeded; 1094 1095 /* Copy STP state options as flags */ 1096 if (bp->bp_operedge) 1097 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1098 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1099 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1100 if (bp->bp_ptp_link) 1101 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1102 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1103 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1104 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1105 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1106 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1107 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1108 return (0); 1109 } 1110 1111 static int 1112 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1113 { 1114 struct ifbreq *req = arg; 1115 struct bridge_iflist *bif; 1116 struct bstp_port *bp; 1117 int error; 1118 1119 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1120 if (bif == NULL) 1121 return (ENOENT); 1122 bp = &bif->bif_stp; 1123 1124 if (req->ifbr_ifsflags & IFBIF_SPAN) 1125 /* SPAN is readonly */ 1126 return (EINVAL); 1127 1128 if (req->ifbr_ifsflags & IFBIF_STP) { 1129 if ((bif->bif_flags & IFBIF_STP) == 0) { 1130 error = bstp_enable(&bif->bif_stp); 1131 if (error) 1132 return (error); 1133 } 1134 } else { 1135 if ((bif->bif_flags & IFBIF_STP) != 0) 1136 bstp_disable(&bif->bif_stp); 1137 } 1138 1139 /* Pass on STP flags */ 1140 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1141 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1142 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1143 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1144 1145 /* Save the bits relating to the bridge */ 1146 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1147 1148 return (0); 1149 } 1150 1151 static int 1152 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1153 { 1154 struct ifbrparam *param = arg; 1155 1156 sc->sc_brtmax = param->ifbrp_csize; 1157 bridge_rttrim(sc); 1158 1159 return (0); 1160 } 1161 1162 static int 1163 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1164 { 1165 struct ifbrparam *param = arg; 1166 1167 param->ifbrp_csize = sc->sc_brtmax; 1168 1169 return (0); 1170 } 1171 1172 static int 1173 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1174 { 1175 struct ifbifconf *bifc = arg; 1176 struct bridge_iflist *bif; 1177 struct ifbreq breq; 1178 char *buf, *outbuf; 1179 int count, buflen, len, error = 0; 1180 1181 count = 0; 1182 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1183 count++; 1184 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1185 count++; 1186 1187 buflen = sizeof(breq) * count; 1188 if (bifc->ifbic_len == 0) { 1189 bifc->ifbic_len = buflen; 1190 return (0); 1191 } 1192 BRIDGE_UNLOCK(sc); 1193 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1194 BRIDGE_LOCK(sc); 1195 1196 count = 0; 1197 buf = outbuf; 1198 len = min(bifc->ifbic_len, buflen); 1199 bzero(&breq, sizeof(breq)); 1200 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1201 if (len < sizeof(breq)) 1202 break; 1203 1204 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1205 sizeof(breq.ifbr_ifsname)); 1206 /* Fill in the ifbreq structure */ 1207 error = bridge_ioctl_gifflags(sc, &breq); 1208 if (error) 1209 break; 1210 memcpy(buf, &breq, sizeof(breq)); 1211 count++; 1212 buf += sizeof(breq); 1213 len -= sizeof(breq); 1214 } 1215 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1216 if (len < sizeof(breq)) 1217 break; 1218 1219 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1220 sizeof(breq.ifbr_ifsname)); 1221 breq.ifbr_ifsflags = bif->bif_flags; 1222 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1223 memcpy(buf, &breq, sizeof(breq)); 1224 count++; 1225 buf += sizeof(breq); 1226 len -= sizeof(breq); 1227 } 1228 1229 BRIDGE_UNLOCK(sc); 1230 bifc->ifbic_len = sizeof(breq) * count; 1231 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len); 1232 BRIDGE_LOCK(sc); 1233 free(outbuf, M_TEMP); 1234 return (error); 1235 } 1236 1237 static int 1238 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1239 { 1240 struct ifbaconf *bac = arg; 1241 struct bridge_rtnode *brt; 1242 struct ifbareq bareq; 1243 char *buf, *outbuf; 1244 int count, buflen, len, error = 0; 1245 1246 if (bac->ifbac_len == 0) 1247 return (0); 1248 1249 count = 0; 1250 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) 1251 count++; 1252 buflen = sizeof(bareq) * count; 1253 1254 BRIDGE_UNLOCK(sc); 1255 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1256 BRIDGE_LOCK(sc); 1257 1258 count = 0; 1259 buf = outbuf; 1260 len = min(bac->ifbac_len, buflen); 1261 bzero(&bareq, sizeof(bareq)); 1262 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1263 if (len < sizeof(bareq)) 1264 goto out; 1265 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1266 sizeof(bareq.ifba_ifsname)); 1267 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1268 bareq.ifba_vlan = brt->brt_vlan; 1269 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1270 time_uptime < brt->brt_expire) 1271 bareq.ifba_expire = brt->brt_expire - time_uptime; 1272 else 1273 bareq.ifba_expire = 0; 1274 bareq.ifba_flags = brt->brt_flags; 1275 1276 memcpy(buf, &bareq, sizeof(bareq)); 1277 count++; 1278 buf += sizeof(bareq); 1279 len -= sizeof(bareq); 1280 } 1281 out: 1282 BRIDGE_UNLOCK(sc); 1283 bac->ifbac_len = sizeof(bareq) * count; 1284 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len); 1285 BRIDGE_LOCK(sc); 1286 free(outbuf, M_TEMP); 1287 return (error); 1288 } 1289 1290 static int 1291 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1292 { 1293 struct ifbareq *req = arg; 1294 struct bridge_iflist *bif; 1295 int error; 1296 1297 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1298 if (bif == NULL) 1299 return (ENOENT); 1300 1301 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1302 req->ifba_flags); 1303 1304 return (error); 1305 } 1306 1307 static int 1308 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1309 { 1310 struct ifbrparam *param = arg; 1311 1312 sc->sc_brttimeout = param->ifbrp_ctime; 1313 return (0); 1314 } 1315 1316 static int 1317 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1318 { 1319 struct ifbrparam *param = arg; 1320 1321 param->ifbrp_ctime = sc->sc_brttimeout; 1322 return (0); 1323 } 1324 1325 static int 1326 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1327 { 1328 struct ifbareq *req = arg; 1329 1330 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1331 } 1332 1333 static int 1334 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1335 { 1336 struct ifbreq *req = arg; 1337 1338 bridge_rtflush(sc, req->ifbr_ifsflags); 1339 return (0); 1340 } 1341 1342 static int 1343 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1344 { 1345 struct ifbrparam *param = arg; 1346 struct bstp_state *bs = &sc->sc_stp; 1347 1348 param->ifbrp_prio = bs->bs_bridge_priority; 1349 return (0); 1350 } 1351 1352 static int 1353 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1354 { 1355 struct ifbrparam *param = arg; 1356 1357 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1358 } 1359 1360 static int 1361 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1362 { 1363 struct ifbrparam *param = arg; 1364 struct bstp_state *bs = &sc->sc_stp; 1365 1366 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1367 return (0); 1368 } 1369 1370 static int 1371 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1372 { 1373 struct ifbrparam *param = arg; 1374 1375 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1376 } 1377 1378 static int 1379 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1380 { 1381 struct ifbrparam *param = arg; 1382 struct bstp_state *bs = &sc->sc_stp; 1383 1384 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1385 return (0); 1386 } 1387 1388 static int 1389 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1390 { 1391 struct ifbrparam *param = arg; 1392 1393 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1394 } 1395 1396 static int 1397 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1398 { 1399 struct ifbrparam *param = arg; 1400 struct bstp_state *bs = &sc->sc_stp; 1401 1402 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1403 return (0); 1404 } 1405 1406 static int 1407 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1408 { 1409 struct ifbrparam *param = arg; 1410 1411 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1412 } 1413 1414 static int 1415 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1416 { 1417 struct ifbreq *req = arg; 1418 struct bridge_iflist *bif; 1419 1420 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1421 if (bif == NULL) 1422 return (ENOENT); 1423 1424 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1425 } 1426 1427 static int 1428 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1429 { 1430 struct ifbreq *req = arg; 1431 struct bridge_iflist *bif; 1432 1433 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1434 if (bif == NULL) 1435 return (ENOENT); 1436 1437 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1438 } 1439 1440 static int 1441 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg) 1442 { 1443 struct ifbreq *req = arg; 1444 struct bridge_iflist *bif; 1445 1446 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1447 if (bif == NULL) 1448 return (ENOENT); 1449 1450 bif->bif_addrmax = req->ifbr_addrmax; 1451 return (0); 1452 } 1453 1454 static int 1455 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1456 { 1457 struct ifbreq *req = arg; 1458 struct bridge_iflist *bif = NULL; 1459 struct ifnet *ifs; 1460 1461 ifs = ifunit(req->ifbr_ifsname); 1462 if (ifs == NULL) 1463 return (ENOENT); 1464 1465 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1466 if (ifs == bif->bif_ifp) 1467 return (EBUSY); 1468 1469 if (ifs->if_bridge != NULL) 1470 return (EBUSY); 1471 1472 switch (ifs->if_type) { 1473 case IFT_ETHER: 1474 case IFT_GIF: 1475 case IFT_L2VLAN: 1476 break; 1477 default: 1478 return (EINVAL); 1479 } 1480 1481 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1482 if (bif == NULL) 1483 return (ENOMEM); 1484 1485 bif->bif_ifp = ifs; 1486 bif->bif_flags = IFBIF_SPAN; 1487 1488 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1489 1490 return (0); 1491 } 1492 1493 static int 1494 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1495 { 1496 struct ifbreq *req = arg; 1497 struct bridge_iflist *bif; 1498 struct ifnet *ifs; 1499 1500 ifs = ifunit(req->ifbr_ifsname); 1501 if (ifs == NULL) 1502 return (ENOENT); 1503 1504 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1505 if (ifs == bif->bif_ifp) 1506 break; 1507 1508 if (bif == NULL) 1509 return (ENOENT); 1510 1511 bridge_delete_span(sc, bif); 1512 1513 return (0); 1514 } 1515 1516 static int 1517 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1518 { 1519 struct ifbropreq *req = arg; 1520 struct bstp_state *bs = &sc->sc_stp; 1521 struct bstp_port *root_port; 1522 1523 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1524 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1525 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1526 1527 root_port = bs->bs_root_port; 1528 if (root_port == NULL) 1529 req->ifbop_root_port = 0; 1530 else 1531 req->ifbop_root_port = root_port->bp_ifp->if_index; 1532 1533 req->ifbop_holdcount = bs->bs_txholdcount; 1534 req->ifbop_priority = bs->bs_bridge_priority; 1535 req->ifbop_protocol = bs->bs_protover; 1536 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1537 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1538 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1539 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1540 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1541 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1542 1543 return (0); 1544 } 1545 1546 static int 1547 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1548 { 1549 struct ifbrparam *param = arg; 1550 1551 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1552 return (0); 1553 } 1554 1555 static int 1556 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1557 { 1558 struct ifbpstpconf *bifstp = arg; 1559 struct bridge_iflist *bif; 1560 struct bstp_port *bp; 1561 struct ifbpstpreq bpreq; 1562 char *buf, *outbuf; 1563 int count, buflen, len, error = 0; 1564 1565 count = 0; 1566 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1567 if ((bif->bif_flags & IFBIF_STP) != 0) 1568 count++; 1569 } 1570 1571 buflen = sizeof(bpreq) * count; 1572 if (bifstp->ifbpstp_len == 0) { 1573 bifstp->ifbpstp_len = buflen; 1574 return (0); 1575 } 1576 1577 BRIDGE_UNLOCK(sc); 1578 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1579 BRIDGE_LOCK(sc); 1580 1581 count = 0; 1582 buf = outbuf; 1583 len = min(bifstp->ifbpstp_len, buflen); 1584 bzero(&bpreq, sizeof(bpreq)); 1585 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1586 if (len < sizeof(bpreq)) 1587 break; 1588 1589 if ((bif->bif_flags & IFBIF_STP) == 0) 1590 continue; 1591 1592 bp = &bif->bif_stp; 1593 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1594 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1595 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1596 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1597 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1598 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1599 1600 memcpy(buf, &bpreq, sizeof(bpreq)); 1601 count++; 1602 buf += sizeof(bpreq); 1603 len -= sizeof(bpreq); 1604 } 1605 1606 BRIDGE_UNLOCK(sc); 1607 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1608 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len); 1609 BRIDGE_LOCK(sc); 1610 free(outbuf, M_TEMP); 1611 return (error); 1612 } 1613 1614 static int 1615 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1616 { 1617 struct ifbrparam *param = arg; 1618 1619 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1620 } 1621 1622 static int 1623 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1624 { 1625 struct ifbrparam *param = arg; 1626 1627 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1628 } 1629 1630 /* 1631 * bridge_ifdetach: 1632 * 1633 * Detach an interface from a bridge. Called when a member 1634 * interface is detaching. 1635 */ 1636 static void 1637 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1638 { 1639 struct bridge_softc *sc = ifp->if_bridge; 1640 struct bridge_iflist *bif; 1641 1642 /* Check if the interface is a bridge member */ 1643 if (sc != NULL) { 1644 BRIDGE_LOCK(sc); 1645 1646 bif = bridge_lookup_member_if(sc, ifp); 1647 if (bif != NULL) 1648 bridge_delete_member(sc, bif, 1); 1649 1650 BRIDGE_UNLOCK(sc); 1651 return; 1652 } 1653 1654 /* Check if the interface is a span port */ 1655 mtx_lock(&bridge_list_mtx); 1656 LIST_FOREACH(sc, &bridge_list, sc_list) { 1657 BRIDGE_LOCK(sc); 1658 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1659 if (ifp == bif->bif_ifp) { 1660 bridge_delete_span(sc, bif); 1661 break; 1662 } 1663 1664 BRIDGE_UNLOCK(sc); 1665 } 1666 mtx_unlock(&bridge_list_mtx); 1667 } 1668 1669 /* 1670 * bridge_init: 1671 * 1672 * Initialize a bridge interface. 1673 */ 1674 static void 1675 bridge_init(void *xsc) 1676 { 1677 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1678 struct ifnet *ifp = sc->sc_ifp; 1679 1680 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1681 return; 1682 1683 BRIDGE_LOCK(sc); 1684 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1685 bridge_timer, sc); 1686 1687 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1688 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1689 1690 BRIDGE_UNLOCK(sc); 1691 } 1692 1693 /* 1694 * bridge_stop: 1695 * 1696 * Stop the bridge interface. 1697 */ 1698 static void 1699 bridge_stop(struct ifnet *ifp, int disable) 1700 { 1701 struct bridge_softc *sc = ifp->if_softc; 1702 1703 BRIDGE_LOCK_ASSERT(sc); 1704 1705 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1706 return; 1707 1708 callout_stop(&sc->sc_brcallout); 1709 bstp_stop(&sc->sc_stp); 1710 1711 bridge_rtflush(sc, IFBF_FLUSHDYN); 1712 1713 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1714 } 1715 1716 /* 1717 * bridge_enqueue: 1718 * 1719 * Enqueue a packet on a bridge member interface. 1720 * 1721 */ 1722 static void 1723 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1724 { 1725 int len, err = 0; 1726 short mflags; 1727 struct mbuf *m0; 1728 1729 len = m->m_pkthdr.len; 1730 mflags = m->m_flags; 1731 1732 /* We may be sending a fragment so traverse the mbuf */ 1733 for (; m; m = m0) { 1734 m0 = m->m_nextpkt; 1735 m->m_nextpkt = NULL; 1736 1737 /* 1738 * If underlying interface can not do VLAN tag insertion itself 1739 * then attach a packet tag that holds it. 1740 */ 1741 if ((m->m_flags & M_VLANTAG) && 1742 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) { 1743 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag); 1744 if (m == NULL) { 1745 if_printf(dst_ifp, 1746 "unable to prepend VLAN header\n"); 1747 dst_ifp->if_oerrors++; 1748 continue; 1749 } 1750 m->m_flags &= ~M_VLANTAG; 1751 } 1752 1753 if (err == 0) 1754 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1755 } 1756 1757 if (err == 0) { 1758 1759 sc->sc_ifp->if_opackets++; 1760 sc->sc_ifp->if_obytes += len; 1761 1762 dst_ifp->if_obytes += len; 1763 1764 if (mflags & M_MCAST) { 1765 sc->sc_ifp->if_omcasts++; 1766 dst_ifp->if_omcasts++; 1767 } 1768 } 1769 1770 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1771 (*dst_ifp->if_start)(dst_ifp); 1772 } 1773 1774 /* 1775 * bridge_dummynet: 1776 * 1777 * Receive a queued packet from dummynet and pass it on to the output 1778 * interface. 1779 * 1780 * The mbuf has the Ethernet header already attached. 1781 */ 1782 static void 1783 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1784 { 1785 struct bridge_softc *sc; 1786 1787 sc = ifp->if_bridge; 1788 1789 /* 1790 * The packet didnt originate from a member interface. This should only 1791 * ever happen if a member interface is removed while packets are 1792 * queued for it. 1793 */ 1794 if (sc == NULL) { 1795 m_freem(m); 1796 return; 1797 } 1798 1799 if (PFIL_HOOKED(&inet_pfil_hook) 1800 #ifdef INET6 1801 || PFIL_HOOKED(&inet6_pfil_hook) 1802 #endif 1803 ) { 1804 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1805 return; 1806 if (m == NULL) 1807 return; 1808 } 1809 1810 bridge_enqueue(sc, ifp, m); 1811 } 1812 1813 /* 1814 * bridge_output: 1815 * 1816 * Send output from a bridge member interface. This 1817 * performs the bridging function for locally originated 1818 * packets. 1819 * 1820 * The mbuf has the Ethernet header already attached. We must 1821 * enqueue or free the mbuf before returning. 1822 */ 1823 static int 1824 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1825 struct rtentry *rt) 1826 { 1827 struct ether_header *eh; 1828 struct ifnet *dst_if; 1829 struct bridge_softc *sc; 1830 uint16_t vlan; 1831 1832 if (m->m_len < ETHER_HDR_LEN) { 1833 m = m_pullup(m, ETHER_HDR_LEN); 1834 if (m == NULL) 1835 return (0); 1836 } 1837 1838 eh = mtod(m, struct ether_header *); 1839 sc = ifp->if_bridge; 1840 vlan = VLANTAGOF(m); 1841 1842 BRIDGE_LOCK(sc); 1843 1844 /* 1845 * If bridge is down, but the original output interface is up, 1846 * go ahead and send out that interface. Otherwise, the packet 1847 * is dropped below. 1848 */ 1849 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1850 dst_if = ifp; 1851 goto sendunicast; 1852 } 1853 1854 /* 1855 * If the packet is a multicast, or we don't know a better way to 1856 * get there, send to all interfaces. 1857 */ 1858 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1859 dst_if = NULL; 1860 else 1861 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1862 if (dst_if == NULL) { 1863 struct bridge_iflist *bif; 1864 struct mbuf *mc; 1865 int error = 0, used = 0; 1866 1867 bridge_span(sc, m); 1868 1869 BRIDGE_LOCK2REF(sc, error); 1870 if (error) { 1871 m_freem(m); 1872 return (0); 1873 } 1874 1875 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1876 dst_if = bif->bif_ifp; 1877 1878 if (dst_if->if_type == IFT_GIF) 1879 continue; 1880 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1881 continue; 1882 1883 /* 1884 * If this is not the original output interface, 1885 * and the interface is participating in spanning 1886 * tree, make sure the port is in a state that 1887 * allows forwarding. 1888 */ 1889 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1890 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1891 continue; 1892 1893 if (LIST_NEXT(bif, bif_next) == NULL) { 1894 used = 1; 1895 mc = m; 1896 } else { 1897 mc = m_copypacket(m, M_DONTWAIT); 1898 if (mc == NULL) { 1899 sc->sc_ifp->if_oerrors++; 1900 continue; 1901 } 1902 } 1903 1904 bridge_enqueue(sc, dst_if, mc); 1905 } 1906 if (used == 0) 1907 m_freem(m); 1908 BRIDGE_UNREF(sc); 1909 return (0); 1910 } 1911 1912 sendunicast: 1913 /* 1914 * XXX Spanning tree consideration here? 1915 */ 1916 1917 bridge_span(sc, m); 1918 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1919 m_freem(m); 1920 BRIDGE_UNLOCK(sc); 1921 return (0); 1922 } 1923 1924 BRIDGE_UNLOCK(sc); 1925 bridge_enqueue(sc, dst_if, m); 1926 return (0); 1927 } 1928 1929 /* 1930 * bridge_start: 1931 * 1932 * Start output on a bridge. 1933 * 1934 */ 1935 static void 1936 bridge_start(struct ifnet *ifp) 1937 { 1938 struct bridge_softc *sc; 1939 struct mbuf *m; 1940 struct ether_header *eh; 1941 struct ifnet *dst_if; 1942 1943 sc = ifp->if_softc; 1944 1945 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1946 for (;;) { 1947 IFQ_DEQUEUE(&ifp->if_snd, m); 1948 if (m == 0) 1949 break; 1950 ETHER_BPF_MTAP(ifp, m); 1951 1952 eh = mtod(m, struct ether_header *); 1953 dst_if = NULL; 1954 1955 BRIDGE_LOCK(sc); 1956 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1957 dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1); 1958 } 1959 1960 if (dst_if == NULL) 1961 bridge_broadcast(sc, ifp, m, 0); 1962 else { 1963 BRIDGE_UNLOCK(sc); 1964 bridge_enqueue(sc, dst_if, m); 1965 } 1966 } 1967 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1968 } 1969 1970 /* 1971 * bridge_forward: 1972 * 1973 * The forwarding function of the bridge. 1974 * 1975 * NOTE: Releases the lock on return. 1976 */ 1977 static void 1978 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif, 1979 struct mbuf *m) 1980 { 1981 struct bridge_iflist *dbif; 1982 struct ifnet *src_if, *dst_if, *ifp; 1983 struct ether_header *eh; 1984 uint16_t vlan; 1985 uint8_t *dst; 1986 int error; 1987 1988 src_if = m->m_pkthdr.rcvif; 1989 ifp = sc->sc_ifp; 1990 1991 ifp->if_ipackets++; 1992 ifp->if_ibytes += m->m_pkthdr.len; 1993 vlan = VLANTAGOF(m); 1994 1995 if ((sbif->bif_flags & IFBIF_STP) && 1996 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1997 goto drop; 1998 1999 eh = mtod(m, struct ether_header *); 2000 dst = eh->ether_dhost; 2001 2002 /* If the interface is learning, record the address. */ 2003 if (sbif->bif_flags & IFBIF_LEARNING) { 2004 error = bridge_rtupdate(sc, eh->ether_shost, vlan, 2005 sbif, 0, IFBAF_DYNAMIC); 2006 /* 2007 * If the interface has addresses limits then deny any source 2008 * that is not in the cache. 2009 */ 2010 if (error && sbif->bif_addrmax) 2011 goto drop; 2012 } 2013 2014 if ((sbif->bif_flags & IFBIF_STP) != 0 && 2015 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) 2016 goto drop; 2017 2018 /* 2019 * At this point, the port either doesn't participate 2020 * in spanning tree or it is in the forwarding state. 2021 */ 2022 2023 /* 2024 * If the packet is unicast, destined for someone on 2025 * "this" side of the bridge, drop it. 2026 */ 2027 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2028 dst_if = bridge_rtlookup(sc, dst, vlan); 2029 if (src_if == dst_if) 2030 goto drop; 2031 } else { 2032 /* 2033 * Check if its a reserved multicast address, any address 2034 * listed in 802.1D section 7.12.6 may not be forwarded by the 2035 * bridge. 2036 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F 2037 */ 2038 if (dst[0] == 0x01 && dst[1] == 0x80 && 2039 dst[2] == 0xc2 && dst[3] == 0x00 && 2040 dst[4] == 0x00 && dst[5] <= 0x0f) 2041 goto drop; 2042 2043 /* ...forward it to all interfaces. */ 2044 ifp->if_imcasts++; 2045 dst_if = NULL; 2046 } 2047 2048 /* 2049 * If we have a destination interface which is a member of our bridge, 2050 * OR this is a unicast packet, push it through the bpf(4) machinery. 2051 * For broadcast or multicast packets, don't bother because it will 2052 * be reinjected into ether_input. We do this before we pass the packets 2053 * through the pfil(9) framework, as it is possible that pfil(9) will 2054 * drop the packet, or possibly modify it, making it difficult to debug 2055 * firewall issues on the bridge. 2056 */ 2057 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 2058 ETHER_BPF_MTAP(ifp, m); 2059 2060 /* run the packet filter */ 2061 if (PFIL_HOOKED(&inet_pfil_hook) 2062 #ifdef INET6 2063 || PFIL_HOOKED(&inet6_pfil_hook) 2064 #endif 2065 ) { 2066 BRIDGE_UNLOCK(sc); 2067 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2068 return; 2069 if (m == NULL) 2070 return; 2071 BRIDGE_LOCK(sc); 2072 } 2073 2074 if (dst_if == NULL) { 2075 bridge_broadcast(sc, src_if, m, 1); 2076 return; 2077 } 2078 2079 /* 2080 * At this point, we're dealing with a unicast frame 2081 * going to a different interface. 2082 */ 2083 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2084 goto drop; 2085 2086 dbif = bridge_lookup_member_if(sc, dst_if); 2087 if (dbif == NULL) 2088 /* Not a member of the bridge (anymore?) */ 2089 goto drop; 2090 2091 /* Private segments can not talk to each other */ 2092 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE) 2093 goto drop; 2094 2095 if ((dbif->bif_flags & IFBIF_STP) && 2096 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2097 goto drop; 2098 2099 BRIDGE_UNLOCK(sc); 2100 2101 if (PFIL_HOOKED(&inet_pfil_hook) 2102 #ifdef INET6 2103 || PFIL_HOOKED(&inet6_pfil_hook) 2104 #endif 2105 ) { 2106 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2107 return; 2108 if (m == NULL) 2109 return; 2110 } 2111 2112 bridge_enqueue(sc, dst_if, m); 2113 return; 2114 2115 drop: 2116 BRIDGE_UNLOCK(sc); 2117 m_freem(m); 2118 } 2119 2120 /* 2121 * bridge_input: 2122 * 2123 * Receive input from a member interface. Queue the packet for 2124 * bridging if it is not for us. 2125 */ 2126 static struct mbuf * 2127 bridge_input(struct ifnet *ifp, struct mbuf *m) 2128 { 2129 struct bridge_softc *sc = ifp->if_bridge; 2130 struct bridge_iflist *bif, *bif2; 2131 struct ifnet *bifp; 2132 struct ether_header *eh; 2133 struct mbuf *mc, *mc2; 2134 uint16_t vlan; 2135 int error; 2136 2137 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2138 return (m); 2139 2140 bifp = sc->sc_ifp; 2141 vlan = VLANTAGOF(m); 2142 2143 /* 2144 * Implement support for bridge monitoring. If this flag has been 2145 * set on this interface, discard the packet once we push it through 2146 * the bpf(4) machinery, but before we do, increment the byte and 2147 * packet counters associated with this interface. 2148 */ 2149 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2150 m->m_pkthdr.rcvif = bifp; 2151 ETHER_BPF_MTAP(bifp, m); 2152 bifp->if_ipackets++; 2153 bifp->if_ibytes += m->m_pkthdr.len; 2154 m_freem(m); 2155 return (NULL); 2156 } 2157 BRIDGE_LOCK(sc); 2158 bif = bridge_lookup_member_if(sc, ifp); 2159 if (bif == NULL) { 2160 BRIDGE_UNLOCK(sc); 2161 return (m); 2162 } 2163 2164 eh = mtod(m, struct ether_header *); 2165 2166 bridge_span(sc, m); 2167 2168 if (m->m_flags & (M_BCAST|M_MCAST)) { 2169 /* Tap off 802.1D packets; they do not get forwarded. */ 2170 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2171 ETHER_ADDR_LEN) == 0) { 2172 m = bstp_input(&bif->bif_stp, ifp, m); 2173 if (m == NULL) { 2174 BRIDGE_UNLOCK(sc); 2175 return (NULL); 2176 } 2177 } 2178 2179 if ((bif->bif_flags & IFBIF_STP) && 2180 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2181 BRIDGE_UNLOCK(sc); 2182 return (m); 2183 } 2184 2185 /* 2186 * Make a deep copy of the packet and enqueue the copy 2187 * for bridge processing; return the original packet for 2188 * local processing. 2189 */ 2190 mc = m_dup(m, M_DONTWAIT); 2191 if (mc == NULL) { 2192 BRIDGE_UNLOCK(sc); 2193 return (m); 2194 } 2195 2196 /* Perform the bridge forwarding function with the copy. */ 2197 bridge_forward(sc, bif, mc); 2198 2199 /* 2200 * Reinject the mbuf as arriving on the bridge so we have a 2201 * chance at claiming multicast packets. We can not loop back 2202 * here from ether_input as a bridge is never a member of a 2203 * bridge. 2204 */ 2205 KASSERT(bifp->if_bridge == NULL, 2206 ("loop created in bridge_input")); 2207 mc2 = m_dup(m, M_DONTWAIT); 2208 if (mc2 != NULL) { 2209 /* Keep the layer3 header aligned */ 2210 int i = min(mc2->m_pkthdr.len, max_protohdr); 2211 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2212 } 2213 if (mc2 != NULL) { 2214 mc2->m_pkthdr.rcvif = bifp; 2215 (*bifp->if_input)(bifp, mc2); 2216 } 2217 2218 /* Return the original packet for local processing. */ 2219 return (m); 2220 } 2221 2222 if ((bif->bif_flags & IFBIF_STP) && 2223 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2224 BRIDGE_UNLOCK(sc); 2225 return (m); 2226 } 2227 2228 #ifdef DEV_CARP 2229 # define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2230 || ((iface)->if_carp \ 2231 && carp_forus((iface)->if_carp, eh->ether_dhost)) 2232 # define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2233 || ((iface)->if_carp \ 2234 && carp_forus((iface)->if_carp, eh->ether_shost)) 2235 #else 2236 # define OR_CARP_CHECK_WE_ARE_DST(iface) 2237 # define OR_CARP_CHECK_WE_ARE_SRC(iface) 2238 #endif 2239 2240 #ifdef INET6 2241 # define OR_PFIL_HOOKED_INET6 \ 2242 || PFIL_HOOKED(&inet6_pfil_hook) 2243 #else 2244 # define OR_PFIL_HOOKED_INET6 2245 #endif 2246 2247 #define GRAB_OUR_PACKETS(iface) \ 2248 if ((iface)->if_type == IFT_GIF) \ 2249 continue; \ 2250 /* It is destined for us. */ \ 2251 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2252 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2253 ) { \ 2254 if ((iface)->if_type == IFT_BRIDGE) { \ 2255 ETHER_BPF_MTAP(iface, m); \ 2256 iface->if_ipackets++; \ 2257 /* Filter on the physical interface. */ \ 2258 if (pfil_local_phys && \ 2259 (PFIL_HOOKED(&inet_pfil_hook) \ 2260 OR_PFIL_HOOKED_INET6)) { \ 2261 if (bridge_pfil(&m, NULL, ifp, \ 2262 PFIL_IN) != 0 || m == NULL) { \ 2263 BRIDGE_UNLOCK(sc); \ 2264 return (NULL); \ 2265 } \ 2266 } \ 2267 } \ 2268 if (bif->bif_flags & IFBIF_LEARNING) { \ 2269 error = bridge_rtupdate(sc, eh->ether_shost, \ 2270 vlan, bif, 0, IFBAF_DYNAMIC); \ 2271 if (error && bif->bif_addrmax) { \ 2272 BRIDGE_UNLOCK(sc); \ 2273 m_freem(m); \ 2274 return (NULL); \ 2275 } \ 2276 } \ 2277 m->m_pkthdr.rcvif = iface; \ 2278 BRIDGE_UNLOCK(sc); \ 2279 return (m); \ 2280 } \ 2281 \ 2282 /* We just received a packet that we sent out. */ \ 2283 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2284 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2285 ) { \ 2286 BRIDGE_UNLOCK(sc); \ 2287 m_freem(m); \ 2288 return (NULL); \ 2289 } 2290 2291 /* 2292 * Unicast. Make sure it's not for the bridge. 2293 */ 2294 do { GRAB_OUR_PACKETS(bifp) } while (0); 2295 2296 /* 2297 * Give a chance for ifp at first priority. This will help when the 2298 * packet comes through the interface like VLAN's with the same MACs 2299 * on several interfaces from the same bridge. This also will save 2300 * some CPU cycles in case the destination interface and the input 2301 * interface (eq ifp) are the same. 2302 */ 2303 do { GRAB_OUR_PACKETS(ifp) } while (0); 2304 2305 /* Now check the all bridge members. */ 2306 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2307 GRAB_OUR_PACKETS(bif2->bif_ifp) 2308 } 2309 2310 #undef OR_CARP_CHECK_WE_ARE_DST 2311 #undef OR_CARP_CHECK_WE_ARE_SRC 2312 #undef OR_PFIL_HOOKED_INET6 2313 #undef GRAB_OUR_PACKETS 2314 2315 /* Perform the bridge forwarding function. */ 2316 bridge_forward(sc, bif, m); 2317 2318 return (NULL); 2319 } 2320 2321 /* 2322 * bridge_broadcast: 2323 * 2324 * Send a frame to all interfaces that are members of 2325 * the bridge, except for the one on which the packet 2326 * arrived. 2327 * 2328 * NOTE: Releases the lock on return. 2329 */ 2330 static void 2331 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2332 struct mbuf *m, int runfilt) 2333 { 2334 struct bridge_iflist *dbif, *sbif; 2335 struct mbuf *mc; 2336 struct ifnet *dst_if; 2337 int error = 0, used = 0, i; 2338 2339 sbif = bridge_lookup_member_if(sc, src_if); 2340 2341 BRIDGE_LOCK2REF(sc, error); 2342 if (error) { 2343 m_freem(m); 2344 return; 2345 } 2346 2347 /* Filter on the bridge interface before broadcasting */ 2348 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2349 #ifdef INET6 2350 || PFIL_HOOKED(&inet6_pfil_hook) 2351 #endif 2352 )) { 2353 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2354 goto out; 2355 if (m == NULL) 2356 goto out; 2357 } 2358 2359 LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) { 2360 dst_if = dbif->bif_ifp; 2361 if (dst_if == src_if) 2362 continue; 2363 2364 /* Private segments can not talk to each other */ 2365 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)) 2366 continue; 2367 2368 if ((dbif->bif_flags & IFBIF_STP) && 2369 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2370 continue; 2371 2372 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 && 2373 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2374 continue; 2375 2376 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2377 continue; 2378 2379 if (LIST_NEXT(dbif, bif_next) == NULL) { 2380 mc = m; 2381 used = 1; 2382 } else { 2383 mc = m_dup(m, M_DONTWAIT); 2384 if (mc == NULL) { 2385 sc->sc_ifp->if_oerrors++; 2386 continue; 2387 } 2388 } 2389 2390 /* 2391 * Filter on the output interface. Pass a NULL bridge interface 2392 * pointer so we do not redundantly filter on the bridge for 2393 * each interface we broadcast on. 2394 */ 2395 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2396 #ifdef INET6 2397 || PFIL_HOOKED(&inet6_pfil_hook) 2398 #endif 2399 )) { 2400 if (used == 0) { 2401 /* Keep the layer3 header aligned */ 2402 i = min(mc->m_pkthdr.len, max_protohdr); 2403 mc = m_copyup(mc, i, ETHER_ALIGN); 2404 if (mc == NULL) { 2405 sc->sc_ifp->if_oerrors++; 2406 continue; 2407 } 2408 } 2409 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2410 continue; 2411 if (mc == NULL) 2412 continue; 2413 } 2414 2415 bridge_enqueue(sc, dst_if, mc); 2416 } 2417 if (used == 0) 2418 m_freem(m); 2419 2420 out: 2421 BRIDGE_UNREF(sc); 2422 } 2423 2424 /* 2425 * bridge_span: 2426 * 2427 * Duplicate a packet out one or more interfaces that are in span mode, 2428 * the original mbuf is unmodified. 2429 */ 2430 static void 2431 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2432 { 2433 struct bridge_iflist *bif; 2434 struct ifnet *dst_if; 2435 struct mbuf *mc; 2436 2437 if (LIST_EMPTY(&sc->sc_spanlist)) 2438 return; 2439 2440 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2441 dst_if = bif->bif_ifp; 2442 2443 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2444 continue; 2445 2446 mc = m_copypacket(m, M_DONTWAIT); 2447 if (mc == NULL) { 2448 sc->sc_ifp->if_oerrors++; 2449 continue; 2450 } 2451 2452 bridge_enqueue(sc, dst_if, mc); 2453 } 2454 } 2455 2456 /* 2457 * bridge_rtupdate: 2458 * 2459 * Add a bridge routing entry. 2460 */ 2461 static int 2462 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2463 struct bridge_iflist *bif, int setflags, uint8_t flags) 2464 { 2465 struct bridge_rtnode *brt; 2466 int error; 2467 2468 BRIDGE_LOCK_ASSERT(sc); 2469 2470 /* Check the source address is valid and not multicast. */ 2471 if (ETHER_IS_MULTICAST(dst) || 2472 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 && 2473 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0) 2474 return (EINVAL); 2475 2476 /* 802.1p frames map to vlan 1 */ 2477 if (vlan == 0) 2478 vlan = 1; 2479 2480 /* 2481 * A route for this destination might already exist. If so, 2482 * update it, otherwise create a new one. 2483 */ 2484 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2485 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2486 sc->sc_brtexceeded++; 2487 return (ENOSPC); 2488 } 2489 /* Check per interface address limits (if enabled) */ 2490 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) { 2491 bif->bif_addrexceeded++; 2492 return (ENOSPC); 2493 } 2494 2495 /* 2496 * Allocate a new bridge forwarding node, and 2497 * initialize the expiration time and Ethernet 2498 * address. 2499 */ 2500 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2501 if (brt == NULL) 2502 return (ENOMEM); 2503 2504 if (bif->bif_flags & IFBIF_STICKY) 2505 brt->brt_flags = IFBAF_STICKY; 2506 else 2507 brt->brt_flags = IFBAF_DYNAMIC; 2508 2509 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2510 brt->brt_vlan = vlan; 2511 2512 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2513 uma_zfree(bridge_rtnode_zone, brt); 2514 return (error); 2515 } 2516 brt->brt_dst = bif; 2517 bif->bif_addrcnt++; 2518 } 2519 2520 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2521 brt->brt_dst != bif) { 2522 brt->brt_dst->bif_addrcnt--; 2523 brt->brt_dst = bif; 2524 brt->brt_dst->bif_addrcnt++; 2525 } 2526 2527 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2528 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2529 if (setflags) 2530 brt->brt_flags = flags; 2531 2532 return (0); 2533 } 2534 2535 /* 2536 * bridge_rtlookup: 2537 * 2538 * Lookup the destination interface for an address. 2539 */ 2540 static struct ifnet * 2541 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2542 { 2543 struct bridge_rtnode *brt; 2544 2545 BRIDGE_LOCK_ASSERT(sc); 2546 2547 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2548 return (NULL); 2549 2550 return (brt->brt_ifp); 2551 } 2552 2553 /* 2554 * bridge_rttrim: 2555 * 2556 * Trim the routine table so that we have a number 2557 * of routing entries less than or equal to the 2558 * maximum number. 2559 */ 2560 static void 2561 bridge_rttrim(struct bridge_softc *sc) 2562 { 2563 struct bridge_rtnode *brt, *nbrt; 2564 2565 BRIDGE_LOCK_ASSERT(sc); 2566 2567 /* Make sure we actually need to do this. */ 2568 if (sc->sc_brtcnt <= sc->sc_brtmax) 2569 return; 2570 2571 /* Force an aging cycle; this might trim enough addresses. */ 2572 bridge_rtage(sc); 2573 if (sc->sc_brtcnt <= sc->sc_brtmax) 2574 return; 2575 2576 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2577 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2578 bridge_rtnode_destroy(sc, brt); 2579 if (sc->sc_brtcnt <= sc->sc_brtmax) 2580 return; 2581 } 2582 } 2583 } 2584 2585 /* 2586 * bridge_timer: 2587 * 2588 * Aging timer for the bridge. 2589 */ 2590 static void 2591 bridge_timer(void *arg) 2592 { 2593 struct bridge_softc *sc = arg; 2594 2595 BRIDGE_LOCK_ASSERT(sc); 2596 2597 bridge_rtage(sc); 2598 2599 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2600 callout_reset(&sc->sc_brcallout, 2601 bridge_rtable_prune_period * hz, bridge_timer, sc); 2602 } 2603 2604 /* 2605 * bridge_rtage: 2606 * 2607 * Perform an aging cycle. 2608 */ 2609 static void 2610 bridge_rtage(struct bridge_softc *sc) 2611 { 2612 struct bridge_rtnode *brt, *nbrt; 2613 2614 BRIDGE_LOCK_ASSERT(sc); 2615 2616 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2617 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2618 if (time_uptime >= brt->brt_expire) 2619 bridge_rtnode_destroy(sc, brt); 2620 } 2621 } 2622 } 2623 2624 /* 2625 * bridge_rtflush: 2626 * 2627 * Remove all dynamic addresses from the bridge. 2628 */ 2629 static void 2630 bridge_rtflush(struct bridge_softc *sc, int full) 2631 { 2632 struct bridge_rtnode *brt, *nbrt; 2633 2634 BRIDGE_LOCK_ASSERT(sc); 2635 2636 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2637 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2638 bridge_rtnode_destroy(sc, brt); 2639 } 2640 } 2641 2642 /* 2643 * bridge_rtdaddr: 2644 * 2645 * Remove an address from the table. 2646 */ 2647 static int 2648 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2649 { 2650 struct bridge_rtnode *brt; 2651 int found = 0; 2652 2653 BRIDGE_LOCK_ASSERT(sc); 2654 2655 /* 2656 * If vlan is zero then we want to delete for all vlans so the lookup 2657 * may return more than one. 2658 */ 2659 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2660 bridge_rtnode_destroy(sc, brt); 2661 found = 1; 2662 } 2663 2664 return (found ? 0 : ENOENT); 2665 } 2666 2667 /* 2668 * bridge_rtdelete: 2669 * 2670 * Delete routes to a speicifc member interface. 2671 */ 2672 static void 2673 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2674 { 2675 struct bridge_rtnode *brt, *nbrt; 2676 2677 BRIDGE_LOCK_ASSERT(sc); 2678 2679 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2680 if (brt->brt_ifp == ifp && (full || 2681 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2682 bridge_rtnode_destroy(sc, brt); 2683 } 2684 } 2685 2686 /* 2687 * bridge_rtable_init: 2688 * 2689 * Initialize the route table for this bridge. 2690 */ 2691 static int 2692 bridge_rtable_init(struct bridge_softc *sc) 2693 { 2694 int i; 2695 2696 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2697 M_DEVBUF, M_NOWAIT); 2698 if (sc->sc_rthash == NULL) 2699 return (ENOMEM); 2700 2701 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2702 LIST_INIT(&sc->sc_rthash[i]); 2703 2704 sc->sc_rthash_key = arc4random(); 2705 2706 LIST_INIT(&sc->sc_rtlist); 2707 2708 return (0); 2709 } 2710 2711 /* 2712 * bridge_rtable_fini: 2713 * 2714 * Deconstruct the route table for this bridge. 2715 */ 2716 static void 2717 bridge_rtable_fini(struct bridge_softc *sc) 2718 { 2719 2720 KASSERT(sc->sc_brtcnt == 0, 2721 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt)); 2722 free(sc->sc_rthash, M_DEVBUF); 2723 } 2724 2725 /* 2726 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2727 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2728 */ 2729 #define mix(a, b, c) \ 2730 do { \ 2731 a -= b; a -= c; a ^= (c >> 13); \ 2732 b -= c; b -= a; b ^= (a << 8); \ 2733 c -= a; c -= b; c ^= (b >> 13); \ 2734 a -= b; a -= c; a ^= (c >> 12); \ 2735 b -= c; b -= a; b ^= (a << 16); \ 2736 c -= a; c -= b; c ^= (b >> 5); \ 2737 a -= b; a -= c; a ^= (c >> 3); \ 2738 b -= c; b -= a; b ^= (a << 10); \ 2739 c -= a; c -= b; c ^= (b >> 15); \ 2740 } while (/*CONSTCOND*/0) 2741 2742 static __inline uint32_t 2743 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2744 { 2745 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2746 2747 b += addr[5] << 8; 2748 b += addr[4]; 2749 a += addr[3] << 24; 2750 a += addr[2] << 16; 2751 a += addr[1] << 8; 2752 a += addr[0]; 2753 2754 mix(a, b, c); 2755 2756 return (c & BRIDGE_RTHASH_MASK); 2757 } 2758 2759 #undef mix 2760 2761 static int 2762 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2763 { 2764 int i, d; 2765 2766 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2767 d = ((int)a[i]) - ((int)b[i]); 2768 } 2769 2770 return (d); 2771 } 2772 2773 /* 2774 * bridge_rtnode_lookup: 2775 * 2776 * Look up a bridge route node for the specified destination. Compare the 2777 * vlan id or if zero then just return the first match. 2778 */ 2779 static struct bridge_rtnode * 2780 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2781 { 2782 struct bridge_rtnode *brt; 2783 uint32_t hash; 2784 int dir; 2785 2786 BRIDGE_LOCK_ASSERT(sc); 2787 2788 hash = bridge_rthash(sc, addr); 2789 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2790 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2791 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 2792 return (brt); 2793 if (dir > 0) 2794 return (NULL); 2795 } 2796 2797 return (NULL); 2798 } 2799 2800 /* 2801 * bridge_rtnode_insert: 2802 * 2803 * Insert the specified bridge node into the route table. We 2804 * assume the entry is not already in the table. 2805 */ 2806 static int 2807 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2808 { 2809 struct bridge_rtnode *lbrt; 2810 uint32_t hash; 2811 int dir; 2812 2813 BRIDGE_LOCK_ASSERT(sc); 2814 2815 hash = bridge_rthash(sc, brt->brt_addr); 2816 2817 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2818 if (lbrt == NULL) { 2819 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2820 goto out; 2821 } 2822 2823 do { 2824 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2825 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 2826 return (EEXIST); 2827 if (dir > 0) { 2828 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2829 goto out; 2830 } 2831 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2832 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2833 goto out; 2834 } 2835 lbrt = LIST_NEXT(lbrt, brt_hash); 2836 } while (lbrt != NULL); 2837 2838 #ifdef DIAGNOSTIC 2839 panic("bridge_rtnode_insert: impossible"); 2840 #endif 2841 2842 out: 2843 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2844 sc->sc_brtcnt++; 2845 2846 return (0); 2847 } 2848 2849 /* 2850 * bridge_rtnode_destroy: 2851 * 2852 * Destroy a bridge rtnode. 2853 */ 2854 static void 2855 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2856 { 2857 BRIDGE_LOCK_ASSERT(sc); 2858 2859 LIST_REMOVE(brt, brt_hash); 2860 2861 LIST_REMOVE(brt, brt_list); 2862 sc->sc_brtcnt--; 2863 brt->brt_dst->bif_addrcnt--; 2864 uma_zfree(bridge_rtnode_zone, brt); 2865 } 2866 2867 /* 2868 * bridge_rtable_expire: 2869 * 2870 * Set the expiry time for all routes on an interface. 2871 */ 2872 static void 2873 bridge_rtable_expire(struct ifnet *ifp, int age) 2874 { 2875 struct bridge_softc *sc = ifp->if_bridge; 2876 struct bridge_rtnode *brt; 2877 2878 BRIDGE_LOCK(sc); 2879 2880 /* 2881 * If the age is zero then flush, otherwise set all the expiry times to 2882 * age for the interface 2883 */ 2884 if (age == 0) 2885 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2886 else { 2887 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2888 /* Cap the expiry time to 'age' */ 2889 if (brt->brt_ifp == ifp && 2890 brt->brt_expire > time_uptime + age && 2891 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2892 brt->brt_expire = time_uptime + age; 2893 } 2894 } 2895 BRIDGE_UNLOCK(sc); 2896 } 2897 2898 /* 2899 * bridge_state_change: 2900 * 2901 * Callback from the bridgestp code when a port changes states. 2902 */ 2903 static void 2904 bridge_state_change(struct ifnet *ifp, int state) 2905 { 2906 struct bridge_softc *sc = ifp->if_bridge; 2907 static const char *stpstates[] = { 2908 "disabled", 2909 "listening", 2910 "learning", 2911 "forwarding", 2912 "blocking", 2913 "discarding" 2914 }; 2915 2916 if (log_stp) 2917 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2918 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2919 } 2920 2921 /* 2922 * Send bridge packets through pfil if they are one of the types pfil can deal 2923 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2924 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2925 * that interface. 2926 */ 2927 static int 2928 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2929 { 2930 int snap, error, i, hlen; 2931 struct ether_header *eh1, eh2; 2932 struct ip_fw_args args; 2933 struct ip *ip; 2934 struct llc llc1; 2935 u_int16_t ether_type; 2936 2937 snap = 0; 2938 error = -1; /* Default error if not error == 0 */ 2939 2940 #if 0 2941 /* we may return with the IP fields swapped, ensure its not shared */ 2942 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2943 #endif 2944 2945 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2946 return (0); /* filtering is disabled */ 2947 2948 i = min((*mp)->m_pkthdr.len, max_protohdr); 2949 if ((*mp)->m_len < i) { 2950 *mp = m_pullup(*mp, i); 2951 if (*mp == NULL) { 2952 printf("%s: m_pullup failed\n", __func__); 2953 return (-1); 2954 } 2955 } 2956 2957 eh1 = mtod(*mp, struct ether_header *); 2958 ether_type = ntohs(eh1->ether_type); 2959 2960 /* 2961 * Check for SNAP/LLC. 2962 */ 2963 if (ether_type < ETHERMTU) { 2964 struct llc *llc2 = (struct llc *)(eh1 + 1); 2965 2966 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2967 llc2->llc_dsap == LLC_SNAP_LSAP && 2968 llc2->llc_ssap == LLC_SNAP_LSAP && 2969 llc2->llc_control == LLC_UI) { 2970 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2971 snap = 1; 2972 } 2973 } 2974 2975 /* 2976 * If we're trying to filter bridge traffic, don't look at anything 2977 * other than IP and ARP traffic. If the filter doesn't understand 2978 * IPv6, don't allow IPv6 through the bridge either. This is lame 2979 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2980 * but of course we don't have an AppleTalk filter to begin with. 2981 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2982 * ARP traffic.) 2983 */ 2984 switch (ether_type) { 2985 case ETHERTYPE_ARP: 2986 case ETHERTYPE_REVARP: 2987 if (pfil_ipfw_arp == 0) 2988 return (0); /* Automatically pass */ 2989 break; 2990 2991 case ETHERTYPE_IP: 2992 #ifdef INET6 2993 case ETHERTYPE_IPV6: 2994 #endif /* INET6 */ 2995 break; 2996 default: 2997 /* 2998 * Check to see if the user wants to pass non-ip 2999 * packets, these will not be checked by pfil(9) and 3000 * passed unconditionally so the default is to drop. 3001 */ 3002 if (pfil_onlyip) 3003 goto bad; 3004 } 3005 3006 /* Strip off the Ethernet header and keep a copy. */ 3007 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3008 m_adj(*mp, ETHER_HDR_LEN); 3009 3010 /* Strip off snap header, if present */ 3011 if (snap) { 3012 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3013 m_adj(*mp, sizeof(struct llc)); 3014 } 3015 3016 /* 3017 * Check the IP header for alignment and errors 3018 */ 3019 if (dir == PFIL_IN) { 3020 switch (ether_type) { 3021 case ETHERTYPE_IP: 3022 error = bridge_ip_checkbasic(mp); 3023 break; 3024 #ifdef INET6 3025 case ETHERTYPE_IPV6: 3026 error = bridge_ip6_checkbasic(mp); 3027 break; 3028 #endif /* INET6 */ 3029 default: 3030 error = 0; 3031 } 3032 if (error) 3033 goto bad; 3034 } 3035 3036 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 3037 error = -1; 3038 args.rule = ip_dn_claim_rule(*mp); 3039 if (args.rule != NULL && V_fw_one_pass) 3040 goto ipfwpass; /* packet already partially processed */ 3041 3042 args.m = *mp; 3043 args.oif = ifp; 3044 args.next_hop = NULL; 3045 args.eh = &eh2; 3046 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 3047 i = ip_fw_chk_ptr(&args); 3048 *mp = args.m; 3049 3050 if (*mp == NULL) 3051 return (error); 3052 3053 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 3054 3055 /* put the Ethernet header back on */ 3056 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3057 if (*mp == NULL) 3058 return (error); 3059 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3060 3061 /* 3062 * Pass the pkt to dummynet, which consumes it. The 3063 * packet will return to us via bridge_dummynet(). 3064 */ 3065 args.oif = ifp; 3066 ip_dn_io_ptr(mp, DN_TO_IFB_FWD, &args); 3067 return (error); 3068 } 3069 3070 if (i != IP_FW_PASS) /* drop */ 3071 goto bad; 3072 } 3073 3074 ipfwpass: 3075 error = 0; 3076 3077 /* 3078 * Run the packet through pfil 3079 */ 3080 switch (ether_type) { 3081 case ETHERTYPE_IP: 3082 /* 3083 * before calling the firewall, swap fields the same as 3084 * IP does. here we assume the header is contiguous 3085 */ 3086 ip = mtod(*mp, struct ip *); 3087 3088 ip->ip_len = ntohs(ip->ip_len); 3089 ip->ip_off = ntohs(ip->ip_off); 3090 3091 /* 3092 * Run pfil on the member interface and the bridge, both can 3093 * be skipped by clearing pfil_member or pfil_bridge. 3094 * 3095 * Keep the order: 3096 * in_if -> bridge_if -> out_if 3097 */ 3098 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3099 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 3100 dir, NULL); 3101 3102 if (*mp == NULL || error != 0) /* filter may consume */ 3103 break; 3104 3105 if (pfil_member && ifp != NULL) 3106 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 3107 dir, NULL); 3108 3109 if (*mp == NULL || error != 0) /* filter may consume */ 3110 break; 3111 3112 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3113 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 3114 dir, NULL); 3115 3116 if (*mp == NULL || error != 0) /* filter may consume */ 3117 break; 3118 3119 /* check if we need to fragment the packet */ 3120 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 3121 i = (*mp)->m_pkthdr.len; 3122 if (i > ifp->if_mtu) { 3123 error = bridge_fragment(ifp, *mp, &eh2, snap, 3124 &llc1); 3125 return (error); 3126 } 3127 } 3128 3129 /* Recalculate the ip checksum and restore byte ordering */ 3130 ip = mtod(*mp, struct ip *); 3131 hlen = ip->ip_hl << 2; 3132 if (hlen < sizeof(struct ip)) 3133 goto bad; 3134 if (hlen > (*mp)->m_len) { 3135 if ((*mp = m_pullup(*mp, hlen)) == 0) 3136 goto bad; 3137 ip = mtod(*mp, struct ip *); 3138 if (ip == NULL) 3139 goto bad; 3140 } 3141 ip->ip_len = htons(ip->ip_len); 3142 ip->ip_off = htons(ip->ip_off); 3143 ip->ip_sum = 0; 3144 if (hlen == sizeof(struct ip)) 3145 ip->ip_sum = in_cksum_hdr(ip); 3146 else 3147 ip->ip_sum = in_cksum(*mp, hlen); 3148 3149 break; 3150 #ifdef INET6 3151 case ETHERTYPE_IPV6: 3152 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3153 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 3154 dir, NULL); 3155 3156 if (*mp == NULL || error != 0) /* filter may consume */ 3157 break; 3158 3159 if (pfil_member && ifp != NULL) 3160 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 3161 dir, NULL); 3162 3163 if (*mp == NULL || error != 0) /* filter may consume */ 3164 break; 3165 3166 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3167 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 3168 dir, NULL); 3169 break; 3170 #endif 3171 default: 3172 error = 0; 3173 break; 3174 } 3175 3176 if (*mp == NULL) 3177 return (error); 3178 if (error != 0) 3179 goto bad; 3180 3181 error = -1; 3182 3183 /* 3184 * Finally, put everything back the way it was and return 3185 */ 3186 if (snap) { 3187 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3188 if (*mp == NULL) 3189 return (error); 3190 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3191 } 3192 3193 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3194 if (*mp == NULL) 3195 return (error); 3196 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3197 3198 return (0); 3199 3200 bad: 3201 m_freem(*mp); 3202 *mp = NULL; 3203 return (error); 3204 } 3205 3206 /* 3207 * Perform basic checks on header size since 3208 * pfil assumes ip_input has already processed 3209 * it for it. Cut-and-pasted from ip_input.c. 3210 * Given how simple the IPv6 version is, 3211 * does the IPv4 version really need to be 3212 * this complicated? 3213 * 3214 * XXX Should we update ipstat here, or not? 3215 * XXX Right now we update ipstat but not 3216 * XXX csum_counter. 3217 */ 3218 static int 3219 bridge_ip_checkbasic(struct mbuf **mp) 3220 { 3221 struct mbuf *m = *mp; 3222 struct ip *ip; 3223 int len, hlen; 3224 u_short sum; 3225 3226 if (*mp == NULL) 3227 return (-1); 3228 3229 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3230 if ((m = m_copyup(m, sizeof(struct ip), 3231 (max_linkhdr + 3) & ~3)) == NULL) { 3232 /* XXXJRT new stat, please */ 3233 V_ipstat.ips_toosmall++; 3234 goto bad; 3235 } 3236 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3237 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3238 V_ipstat.ips_toosmall++; 3239 goto bad; 3240 } 3241 } 3242 ip = mtod(m, struct ip *); 3243 if (ip == NULL) goto bad; 3244 3245 if (ip->ip_v != IPVERSION) { 3246 V_ipstat.ips_badvers++; 3247 goto bad; 3248 } 3249 hlen = ip->ip_hl << 2; 3250 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3251 V_ipstat.ips_badhlen++; 3252 goto bad; 3253 } 3254 if (hlen > m->m_len) { 3255 if ((m = m_pullup(m, hlen)) == 0) { 3256 V_ipstat.ips_badhlen++; 3257 goto bad; 3258 } 3259 ip = mtod(m, struct ip *); 3260 if (ip == NULL) goto bad; 3261 } 3262 3263 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3264 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3265 } else { 3266 if (hlen == sizeof(struct ip)) { 3267 sum = in_cksum_hdr(ip); 3268 } else { 3269 sum = in_cksum(m, hlen); 3270 } 3271 } 3272 if (sum) { 3273 V_ipstat.ips_badsum++; 3274 goto bad; 3275 } 3276 3277 /* Retrieve the packet length. */ 3278 len = ntohs(ip->ip_len); 3279 3280 /* 3281 * Check for additional length bogosity 3282 */ 3283 if (len < hlen) { 3284 V_ipstat.ips_badlen++; 3285 goto bad; 3286 } 3287 3288 /* 3289 * Check that the amount of data in the buffers 3290 * is as at least much as the IP header would have us expect. 3291 * Drop packet if shorter than we expect. 3292 */ 3293 if (m->m_pkthdr.len < len) { 3294 V_ipstat.ips_tooshort++; 3295 goto bad; 3296 } 3297 3298 /* Checks out, proceed */ 3299 *mp = m; 3300 return (0); 3301 3302 bad: 3303 *mp = m; 3304 return (-1); 3305 } 3306 3307 #ifdef INET6 3308 /* 3309 * Same as above, but for IPv6. 3310 * Cut-and-pasted from ip6_input.c. 3311 * XXX Should we update ip6stat, or not? 3312 */ 3313 static int 3314 bridge_ip6_checkbasic(struct mbuf **mp) 3315 { 3316 struct mbuf *m = *mp; 3317 struct ip6_hdr *ip6; 3318 3319 /* 3320 * If the IPv6 header is not aligned, slurp it up into a new 3321 * mbuf with space for link headers, in the event we forward 3322 * it. Otherwise, if it is aligned, make sure the entire base 3323 * IPv6 header is in the first mbuf of the chain. 3324 */ 3325 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3326 struct ifnet *inifp = m->m_pkthdr.rcvif; 3327 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3328 (max_linkhdr + 3) & ~3)) == NULL) { 3329 /* XXXJRT new stat, please */ 3330 V_ip6stat.ip6s_toosmall++; 3331 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3332 goto bad; 3333 } 3334 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3335 struct ifnet *inifp = m->m_pkthdr.rcvif; 3336 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3337 V_ip6stat.ip6s_toosmall++; 3338 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3339 goto bad; 3340 } 3341 } 3342 3343 ip6 = mtod(m, struct ip6_hdr *); 3344 3345 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3346 V_ip6stat.ip6s_badvers++; 3347 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3348 goto bad; 3349 } 3350 3351 /* Checks out, proceed */ 3352 *mp = m; 3353 return (0); 3354 3355 bad: 3356 *mp = m; 3357 return (-1); 3358 } 3359 #endif /* INET6 */ 3360 3361 /* 3362 * bridge_fragment: 3363 * 3364 * Return a fragmented mbuf chain. 3365 */ 3366 static int 3367 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3368 int snap, struct llc *llc) 3369 { 3370 struct mbuf *m0; 3371 struct ip *ip; 3372 int error = -1; 3373 3374 if (m->m_len < sizeof(struct ip) && 3375 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3376 goto out; 3377 ip = mtod(m, struct ip *); 3378 3379 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3380 CSUM_DELAY_IP); 3381 if (error) 3382 goto out; 3383 3384 /* walk the chain and re-add the Ethernet header */ 3385 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3386 if (error == 0) { 3387 if (snap) { 3388 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3389 if (m0 == NULL) { 3390 error = ENOBUFS; 3391 continue; 3392 } 3393 bcopy(llc, mtod(m0, caddr_t), 3394 sizeof(struct llc)); 3395 } 3396 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3397 if (m0 == NULL) { 3398 error = ENOBUFS; 3399 continue; 3400 } 3401 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3402 } else 3403 m_freem(m); 3404 } 3405 3406 if (error == 0) 3407 V_ipstat.ips_fragmented++; 3408 3409 return (error); 3410 3411 out: 3412 if (m != NULL) 3413 m_freem(m); 3414 return (error); 3415 } 3416