1 /* $NetBSD: if_bridge.c,v 1.24 2004/04/21 19:10:31 itojun Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <vm/uma.h> 101 #include <sys/module.h> 102 #include <sys/proc.h> 103 #include <sys/lock.h> 104 #include <sys/mutex.h> 105 #include <sys/condvar.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_clone.h> 110 #include <net/if_dl.h> 111 #include <net/if_types.h> 112 #include <net/if_var.h> 113 #include <net/pfil.h> 114 115 #include <netinet/in.h> /* for struct arpcom */ 116 #include <netinet/in_systm.h> 117 #include <netinet/in_var.h> 118 #include <netinet/ip.h> 119 #include <netinet/ip_var.h> 120 #ifdef INET6 121 #include <netinet/ip6.h> 122 #include <netinet6/ip6_var.h> 123 #endif 124 #include <machine/in_cksum.h> 125 #include <netinet/if_ether.h> /* for struct arpcom */ 126 #include <net/if_bridgevar.h> 127 #include <net/if_llc.h> 128 129 #include <net/route.h> 130 #include <netinet/ip_fw.h> 131 #include <netinet/ip_dummynet.h> 132 #include <net/bridge.h> 133 134 #define sc_if ifb_ac.ac_if 135 /* 136 * Size of the route hash table. Must be a power of two. 137 */ 138 #ifndef BRIDGE_RTHASH_SIZE 139 #define BRIDGE_RTHASH_SIZE 1024 140 #endif 141 142 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 143 144 /* 145 * Maximum number of addresses to cache. 146 */ 147 #ifndef BRIDGE_RTABLE_MAX 148 #define BRIDGE_RTABLE_MAX 100 149 #endif 150 151 /* 152 * Spanning tree defaults. 153 */ 154 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 155 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 156 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 157 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 158 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 159 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 160 #define BSTP_DEFAULT_PATH_COST 55 161 162 /* 163 * Timeout (in seconds) for entries learned dynamically. 164 */ 165 #ifndef BRIDGE_RTABLE_TIMEOUT 166 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 167 #endif 168 169 /* 170 * Number of seconds between walks of the route list. 171 */ 172 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 173 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 174 #endif 175 176 static struct mtx bridge_list_mtx; 177 178 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 179 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *, 180 struct sockaddr *, struct rtentry *); 181 182 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 183 184 uma_zone_t bridge_rtnode_zone; 185 186 int bridge_clone_create(struct if_clone *, int); 187 void bridge_clone_destroy(struct ifnet *); 188 189 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 190 static void bridge_init(void *); 191 void bridge_stop(struct ifnet *, int); 192 void bridge_start(struct ifnet *); 193 194 void bridge_forward(struct bridge_softc *, struct mbuf *m); 195 196 void bridge_timer(void *); 197 198 void bridge_broadcast(struct bridge_softc *, struct ifnet *, struct mbuf *); 199 200 int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 201 struct ifnet *, int, uint8_t); 202 struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 203 void bridge_rttrim(struct bridge_softc *); 204 void bridge_rtage(struct bridge_softc *); 205 void bridge_rtflush(struct bridge_softc *, int); 206 int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 207 208 int bridge_rtable_init(struct bridge_softc *); 209 void bridge_rtable_fini(struct bridge_softc *); 210 211 struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 212 const uint8_t *); 213 int bridge_rtnode_insert(struct bridge_softc *, struct bridge_rtnode *); 214 void bridge_rtnode_destroy(struct bridge_softc *, struct bridge_rtnode *); 215 216 struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 217 const char *name); 218 struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 219 struct ifnet *ifp); 220 void bridge_delete_member(struct bridge_softc *, struct bridge_iflist *); 221 222 int bridge_ioctl_add(struct bridge_softc *, void *); 223 int bridge_ioctl_del(struct bridge_softc *, void *); 224 int bridge_ioctl_gifflags(struct bridge_softc *, void *); 225 int bridge_ioctl_sifflags(struct bridge_softc *, void *); 226 int bridge_ioctl_scache(struct bridge_softc *, void *); 227 int bridge_ioctl_gcache(struct bridge_softc *, void *); 228 int bridge_ioctl_gifs(struct bridge_softc *, void *); 229 int bridge_ioctl_rts(struct bridge_softc *, void *); 230 int bridge_ioctl_saddr(struct bridge_softc *, void *); 231 int bridge_ioctl_sto(struct bridge_softc *, void *); 232 int bridge_ioctl_gto(struct bridge_softc *, void *); 233 int bridge_ioctl_daddr(struct bridge_softc *, void *); 234 int bridge_ioctl_flush(struct bridge_softc *, void *); 235 int bridge_ioctl_gpri(struct bridge_softc *, void *); 236 int bridge_ioctl_spri(struct bridge_softc *, void *); 237 int bridge_ioctl_ght(struct bridge_softc *, void *); 238 int bridge_ioctl_sht(struct bridge_softc *, void *); 239 int bridge_ioctl_gfd(struct bridge_softc *, void *); 240 int bridge_ioctl_sfd(struct bridge_softc *, void *); 241 int bridge_ioctl_gma(struct bridge_softc *, void *); 242 int bridge_ioctl_sma(struct bridge_softc *, void *); 243 int bridge_ioctl_sifprio(struct bridge_softc *, void *); 244 int bridge_ioctl_sifcost(struct bridge_softc *, void *); 245 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, int); 246 static int bridge_ip_checkbasic(struct mbuf **mp); 247 # ifdef INET6 248 static int bridge_ip6_checkbasic(struct mbuf **mp); 249 # endif /* INET6 */ 250 251 SYSCTL_DECL(_net_link); 252 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 253 254 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 255 static int pfil_member = 1; /* run pfil hooks on the member interface */ 256 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 257 &pfil_bridge, 0, "Packet filter on the bridge interface"); 258 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 259 &pfil_member, 0, "Packet filter on the member interface"); 260 261 struct bridge_control { 262 int (*bc_func)(struct bridge_softc *, void *); 263 int bc_argsize; 264 int bc_flags; 265 }; 266 267 #define BC_F_COPYIN 0x01 /* copy arguments in */ 268 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 269 #define BC_F_SUSER 0x04 /* do super-user check */ 270 271 const struct bridge_control bridge_control_table[] = { 272 { bridge_ioctl_add, sizeof(struct ifbreq), 273 BC_F_COPYIN|BC_F_SUSER }, 274 { bridge_ioctl_del, sizeof(struct ifbreq), 275 BC_F_COPYIN|BC_F_SUSER }, 276 277 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 278 BC_F_COPYIN|BC_F_COPYOUT }, 279 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 280 BC_F_COPYIN|BC_F_SUSER }, 281 282 { bridge_ioctl_scache, sizeof(struct ifbrparam), 283 BC_F_COPYIN|BC_F_SUSER }, 284 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 285 BC_F_COPYOUT }, 286 287 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 288 BC_F_COPYIN|BC_F_COPYOUT }, 289 { bridge_ioctl_rts, sizeof(struct ifbaconf), 290 BC_F_COPYIN|BC_F_COPYOUT }, 291 292 { bridge_ioctl_saddr, sizeof(struct ifbareq), 293 BC_F_COPYIN|BC_F_SUSER }, 294 295 { bridge_ioctl_sto, sizeof(struct ifbrparam), 296 BC_F_COPYIN|BC_F_SUSER }, 297 { bridge_ioctl_gto, sizeof(struct ifbrparam), 298 BC_F_COPYOUT }, 299 300 { bridge_ioctl_daddr, sizeof(struct ifbareq), 301 BC_F_COPYIN|BC_F_SUSER }, 302 303 { bridge_ioctl_flush, sizeof(struct ifbreq), 304 BC_F_COPYIN|BC_F_SUSER }, 305 306 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 307 BC_F_COPYOUT }, 308 { bridge_ioctl_spri, sizeof(struct ifbrparam), 309 BC_F_COPYIN|BC_F_SUSER }, 310 311 { bridge_ioctl_ght, sizeof(struct ifbrparam), 312 BC_F_COPYOUT }, 313 { bridge_ioctl_sht, sizeof(struct ifbrparam), 314 BC_F_COPYIN|BC_F_SUSER }, 315 316 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 317 BC_F_COPYOUT }, 318 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 319 BC_F_COPYIN|BC_F_SUSER }, 320 321 { bridge_ioctl_gma, sizeof(struct ifbrparam), 322 BC_F_COPYOUT }, 323 { bridge_ioctl_sma, sizeof(struct ifbrparam), 324 BC_F_COPYIN|BC_F_SUSER }, 325 326 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 327 BC_F_COPYIN|BC_F_SUSER }, 328 329 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 330 BC_F_COPYIN|BC_F_SUSER }, 331 }; 332 const int bridge_control_table_size = 333 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 334 335 LIST_HEAD(, bridge_softc) bridge_list; 336 337 IFC_SIMPLE_DECLARE(bridge, 0); 338 339 static int 340 bridge_modevent(module_t mod, int type, void *data) 341 { 342 343 switch (type) { 344 case MOD_LOAD: 345 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 346 if_clone_attach(&bridge_cloner); 347 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 348 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 349 UMA_ALIGN_PTR, 0); 350 LIST_INIT(&bridge_list); 351 bridge_input_p = bridge_input; 352 bridge_output_p = bridge_output; 353 bstp_linkstate_p = bstp_linkstate; 354 break; 355 case MOD_UNLOAD: 356 if_clone_detach(&bridge_cloner); 357 while (!LIST_EMPTY(&bridge_list)) 358 bridge_clone_destroy(&LIST_FIRST(&bridge_list)->sc_if); 359 uma_zdestroy(bridge_rtnode_zone); 360 bridge_input_p = NULL; 361 bridge_output_p = NULL; 362 bstp_linkstate_p = NULL; 363 mtx_destroy(&bridge_list_mtx); 364 break; 365 default: 366 return EOPNOTSUPP; 367 } 368 return 0; 369 } 370 371 static moduledata_t bridge_mod = { 372 "if_bridge", 373 bridge_modevent, 374 0 375 }; 376 377 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 378 379 380 /* 381 * bridge_clone_create: 382 * 383 * Create a new bridge instance. 384 */ 385 int 386 bridge_clone_create(struct if_clone *ifc, int unit) 387 { 388 struct bridge_softc *sc; 389 struct ifnet *ifp; 390 391 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 392 BRIDGE_LOCK_INIT(sc); 393 ifp = &sc->sc_if; 394 395 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 396 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 397 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 398 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 399 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 400 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 401 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 402 403 /* Initialize our routing table. */ 404 bridge_rtable_init(sc); 405 406 callout_init(&sc->sc_brcallout, 0); 407 callout_init(&sc->sc_bstpcallout, 0); 408 409 LIST_INIT(&sc->sc_iflist); 410 411 ifp->if_softc = sc; 412 if_initname(ifp, ifc->ifc_name, unit); 413 ifp->if_mtu = ETHERMTU; 414 ifp->if_ioctl = bridge_ioctl; 415 ifp->if_output = bridge_output; 416 ifp->if_start = bridge_start; 417 ifp->if_init = bridge_init; 418 ifp->if_type = IFT_BRIDGE; 419 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 420 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 421 IFQ_SET_READY(&ifp->if_snd); 422 ifp->if_hdrlen = ETHER_HDR_LEN; 423 424 /* 425 * Generate a random ethernet address and use the private AC:DE:48 426 * OUI code. 427 */ 428 arc4rand( &sc->ifb_ac.ac_enaddr, ETHER_ADDR_LEN, 1); 429 sc->ifb_ac.ac_enaddr[0] = 0xAC; 430 sc->ifb_ac.ac_enaddr[1] = 0xDE; 431 sc->ifb_ac.ac_enaddr[2] = 0x48; 432 433 ether_ifattach(ifp, sc->ifb_ac.ac_enaddr); 434 /* Now undo some of the damage... */ 435 ifp->if_baudrate = 0; 436 ifp->if_type = IFT_BRIDGE; 437 438 mtx_lock(&bridge_list_mtx); 439 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 440 mtx_unlock(&bridge_list_mtx); 441 442 return (0); 443 } 444 445 /* 446 * bridge_clone_destroy: 447 * 448 * Destroy a bridge instance. 449 */ 450 void 451 bridge_clone_destroy(struct ifnet *ifp) 452 { 453 struct bridge_softc *sc = ifp->if_softc; 454 struct bridge_iflist *bif; 455 456 BRIDGE_LOCK(sc); 457 458 bridge_stop(ifp, 1); 459 460 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 461 bridge_delete_member(sc, bif); 462 463 BRIDGE_UNLOCK(sc); 464 465 mtx_lock(&bridge_list_mtx); 466 LIST_REMOVE(sc, sc_list); 467 mtx_unlock(&bridge_list_mtx); 468 469 ether_ifdetach(ifp); 470 471 /* Tear down the routing table. */ 472 bridge_rtable_fini(sc); 473 474 BRIDGE_LOCK_DESTROY(sc); 475 free(sc, M_DEVBUF); 476 } 477 478 /* 479 * bridge_ioctl: 480 * 481 * Handle a control request from the operator. 482 */ 483 int 484 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 485 { 486 struct bridge_softc *sc = ifp->if_softc; 487 struct thread *td = curthread; 488 union { 489 struct ifbreq ifbreq; 490 struct ifbifconf ifbifconf; 491 struct ifbareq ifbareq; 492 struct ifbaconf ifbaconf; 493 struct ifbrparam ifbrparam; 494 } args; 495 struct ifdrv *ifd = (struct ifdrv *) data; 496 const struct bridge_control *bc; 497 int error = 0; 498 499 BRIDGE_LOCK(sc); 500 501 switch (cmd) { 502 503 case SIOCGDRVSPEC: 504 case SIOCSDRVSPEC: 505 if (ifd->ifd_cmd >= bridge_control_table_size) { 506 error = EINVAL; 507 break; 508 } 509 bc = &bridge_control_table[ifd->ifd_cmd]; 510 511 if (cmd == SIOCGDRVSPEC && 512 (bc->bc_flags & BC_F_COPYOUT) == 0) { 513 error = EINVAL; 514 break; 515 } 516 else if (cmd == SIOCSDRVSPEC && 517 (bc->bc_flags & BC_F_COPYOUT) != 0) { 518 error = EINVAL; 519 break; 520 } 521 522 if (bc->bc_flags & BC_F_SUSER) { 523 error = suser(td); 524 if (error) 525 break; 526 } 527 528 if (ifd->ifd_len != bc->bc_argsize || 529 ifd->ifd_len > sizeof(args)) { 530 error = EINVAL; 531 break; 532 } 533 534 if (bc->bc_flags & BC_F_COPYIN) { 535 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 536 if (error) 537 break; 538 } 539 540 error = (*bc->bc_func)(sc, &args); 541 if (error) 542 break; 543 544 if (bc->bc_flags & BC_F_COPYOUT) 545 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 546 547 break; 548 549 case SIOCSIFFLAGS: 550 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) == IFF_RUNNING) { 551 /* 552 * If interface is marked down and it is running, 553 * then stop and disable it. 554 */ 555 bridge_stop(ifp, 1); 556 } else if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) == IFF_UP) { 557 /* 558 * If interface is marked up and it is stopped, then 559 * start it. 560 */ 561 (*ifp->if_init)(ifp); 562 } 563 break; 564 565 case SIOCSIFMTU: 566 /* Do not allow the MTU to be changed on the bridge */ 567 error = EINVAL; 568 break; 569 570 default: 571 /* 572 * drop the lock as ether_ioctl() will call bridge_start() and 573 * cause the lock to be recursed. 574 */ 575 BRIDGE_UNLOCK(sc); 576 error = ether_ioctl(ifp, cmd, data); 577 break; 578 } 579 580 if (BRIDGE_LOCKED(sc)) 581 BRIDGE_UNLOCK(sc); 582 583 return (error); 584 } 585 586 /* 587 * bridge_lookup_member: 588 * 589 * Lookup a bridge member interface. 590 */ 591 struct bridge_iflist * 592 bridge_lookup_member(struct bridge_softc *sc, const char *name) 593 { 594 struct bridge_iflist *bif; 595 struct ifnet *ifp; 596 597 BRIDGE_LOCK_ASSERT(sc); 598 599 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 600 ifp = bif->bif_ifp; 601 if (strcmp(ifp->if_xname, name) == 0) 602 return (bif); 603 } 604 605 return (NULL); 606 } 607 608 /* 609 * bridge_lookup_member_if: 610 * 611 * Lookup a bridge member interface by ifnet*. 612 */ 613 struct bridge_iflist * 614 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 615 { 616 struct bridge_iflist *bif; 617 618 BRIDGE_LOCK_ASSERT(sc); 619 620 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 621 if (bif->bif_ifp == member_ifp) 622 return (bif); 623 } 624 625 return (NULL); 626 } 627 628 /* 629 * bridge_delete_member: 630 * 631 * Delete the specified member interface. 632 */ 633 void 634 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif) 635 { 636 struct ifnet *ifs = bif->bif_ifp; 637 638 BRIDGE_LOCK_ASSERT(sc); 639 640 switch (ifs->if_type) { 641 case IFT_ETHER: 642 /* 643 * Take the interface out of promiscuous mode. 644 */ 645 (void) ifpromisc(ifs, 0); 646 break; 647 648 default: 649 #ifdef DIAGNOSTIC 650 panic("bridge_delete_member: impossible"); 651 #endif 652 break; 653 } 654 655 ifs->if_bridge = NULL; 656 BRIDGE_XLOCK(sc); 657 LIST_REMOVE(bif, bif_next); 658 BRIDGE_XDROP(sc); 659 660 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 661 662 free(bif, M_DEVBUF); 663 664 if (sc->sc_if.if_flags & IFF_RUNNING) 665 bstp_initialization(sc); 666 } 667 668 int 669 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 670 { 671 struct ifbreq *req = arg; 672 struct bridge_iflist *bif = NULL; 673 struct ifnet *ifs; 674 int error = 0; 675 676 BRIDGE_LOCK_ASSERT(sc); 677 678 ifs = ifunit(req->ifbr_ifsname); 679 if (ifs == NULL) 680 return (ENOENT); 681 682 if (sc->sc_if.if_mtu != ifs->if_mtu) 683 return (EINVAL); 684 685 if (ifs->if_bridge == sc) 686 return (EEXIST); 687 688 if (ifs->if_bridge != NULL) 689 return (EBUSY); 690 691 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT); 692 if (bif == NULL) 693 return (ENOMEM); 694 695 switch (ifs->if_type) { 696 case IFT_ETHER: 697 case IFT_L2VLAN: 698 /* 699 * Place the interface into promiscuous mode. 700 */ 701 error = ifpromisc(ifs, 1); 702 if (error) 703 goto out; 704 break; 705 706 default: 707 error = EINVAL; 708 goto out; 709 } 710 711 bif->bif_ifp = ifs; 712 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 713 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 714 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 715 716 ifs->if_bridge = sc; 717 /* 718 * XXX: XLOCK HERE!?! 719 * 720 * NOTE: insert_***HEAD*** should be safe for the traversals. 721 */ 722 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 723 724 if (sc->sc_if.if_flags & IFF_RUNNING) 725 bstp_initialization(sc); 726 else 727 bstp_stop(sc); 728 729 out: 730 if (error) { 731 if (bif != NULL) 732 free(bif, M_DEVBUF); 733 } 734 return (error); 735 } 736 737 int 738 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 739 { 740 struct ifbreq *req = arg; 741 struct bridge_iflist *bif; 742 743 BRIDGE_LOCK_ASSERT(sc); 744 745 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 746 if (bif == NULL) 747 return (ENOENT); 748 749 bridge_delete_member(sc, bif); 750 751 return (0); 752 } 753 754 int 755 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 756 { 757 struct ifbreq *req = arg; 758 struct bridge_iflist *bif; 759 760 BRIDGE_LOCK_ASSERT(sc); 761 762 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 763 if (bif == NULL) 764 return (ENOENT); 765 766 req->ifbr_ifsflags = bif->bif_flags; 767 req->ifbr_state = bif->bif_state; 768 req->ifbr_priority = bif->bif_priority; 769 req->ifbr_path_cost = bif->bif_path_cost; 770 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 771 772 return (0); 773 } 774 775 int 776 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 777 { 778 struct ifbreq *req = arg; 779 struct bridge_iflist *bif; 780 781 BRIDGE_LOCK_ASSERT(sc); 782 783 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 784 if (bif == NULL) 785 return (ENOENT); 786 787 if (req->ifbr_ifsflags & IFBIF_STP) { 788 switch (bif->bif_ifp->if_type) { 789 case IFT_ETHER: 790 /* These can do spanning tree. */ 791 break; 792 793 default: 794 /* Nothing else can. */ 795 return (EINVAL); 796 } 797 } 798 799 bif->bif_flags = req->ifbr_ifsflags; 800 801 if (sc->sc_if.if_flags & IFF_RUNNING) 802 bstp_initialization(sc); 803 804 return (0); 805 } 806 807 int 808 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 809 { 810 struct ifbrparam *param = arg; 811 812 BRIDGE_LOCK_ASSERT(sc); 813 814 sc->sc_brtmax = param->ifbrp_csize; 815 bridge_rttrim(sc); 816 817 return (0); 818 } 819 820 int 821 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 822 { 823 struct ifbrparam *param = arg; 824 825 BRIDGE_LOCK_ASSERT(sc); 826 827 param->ifbrp_csize = sc->sc_brtmax; 828 829 return (0); 830 } 831 832 int 833 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 834 { 835 struct ifbifconf *bifc = arg; 836 struct bridge_iflist *bif; 837 struct ifbreq breq; 838 int count, len, error = 0; 839 840 BRIDGE_LOCK_ASSERT(sc); 841 842 count = 0; 843 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 844 count++; 845 846 if (bifc->ifbic_len == 0) { 847 bifc->ifbic_len = sizeof(breq) * count; 848 return (0); 849 } 850 851 count = 0; 852 len = bifc->ifbic_len; 853 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 854 if (len < sizeof(breq)) 855 break; 856 857 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 858 sizeof(breq.ifbr_ifsname)); 859 breq.ifbr_ifsflags = bif->bif_flags; 860 breq.ifbr_state = bif->bif_state; 861 breq.ifbr_priority = bif->bif_priority; 862 breq.ifbr_path_cost = bif->bif_path_cost; 863 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 864 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 865 if (error) 866 break; 867 count++; 868 len -= sizeof(breq); 869 } 870 871 bifc->ifbic_len = sizeof(breq) * count; 872 return (error); 873 } 874 875 int 876 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 877 { 878 struct ifbaconf *bac = arg; 879 struct bridge_rtnode *brt; 880 struct ifbareq bareq; 881 struct timeval tv; 882 int count = 0, error = 0, len; 883 884 BRIDGE_LOCK_ASSERT(sc); 885 886 if (bac->ifbac_len == 0) 887 return (0); 888 889 getmicrotime(&tv); 890 891 len = bac->ifbac_len; 892 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 893 if (len < sizeof(bareq)) 894 goto out; 895 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 896 sizeof(bareq.ifba_ifsname)); 897 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 898 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 899 tv.tv_sec < brt->brt_expire) 900 bareq.ifba_expire = brt->brt_expire - tv.tv_sec; 901 else 902 bareq.ifba_expire = 0; 903 bareq.ifba_flags = brt->brt_flags; 904 905 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 906 if (error) 907 goto out; 908 count++; 909 len -= sizeof(bareq); 910 } 911 out: 912 bac->ifbac_len = sizeof(bareq) * count; 913 return (error); 914 } 915 916 int 917 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 918 { 919 struct ifbareq *req = arg; 920 struct bridge_iflist *bif; 921 int error; 922 923 BRIDGE_LOCK_ASSERT(sc); 924 925 bif = bridge_lookup_member(sc, req->ifba_ifsname); 926 if (bif == NULL) 927 return (ENOENT); 928 929 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 930 req->ifba_flags); 931 932 return (error); 933 } 934 935 int 936 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 937 { 938 struct ifbrparam *param = arg; 939 940 BRIDGE_LOCK_ASSERT(sc); 941 942 sc->sc_brttimeout = param->ifbrp_ctime; 943 944 return (0); 945 } 946 947 int 948 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 949 { 950 struct ifbrparam *param = arg; 951 952 BRIDGE_LOCK_ASSERT(sc); 953 954 param->ifbrp_ctime = sc->sc_brttimeout; 955 956 return (0); 957 } 958 959 int 960 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 961 { 962 struct ifbareq *req = arg; 963 964 BRIDGE_LOCK_ASSERT(sc); 965 966 return (bridge_rtdaddr(sc, req->ifba_dst)); 967 } 968 969 int 970 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 971 { 972 struct ifbreq *req = arg; 973 974 BRIDGE_LOCK_ASSERT(sc); 975 976 bridge_rtflush(sc, req->ifbr_ifsflags); 977 978 return (0); 979 } 980 981 int 982 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 983 { 984 struct ifbrparam *param = arg; 985 986 BRIDGE_LOCK_ASSERT(sc); 987 988 param->ifbrp_prio = sc->sc_bridge_priority; 989 990 return (0); 991 } 992 993 int 994 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 995 { 996 struct ifbrparam *param = arg; 997 998 BRIDGE_LOCK_ASSERT(sc); 999 1000 sc->sc_bridge_priority = param->ifbrp_prio; 1001 1002 if (sc->sc_if.if_flags & IFF_RUNNING) 1003 bstp_initialization(sc); 1004 1005 return (0); 1006 } 1007 1008 int 1009 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1010 { 1011 struct ifbrparam *param = arg; 1012 1013 BRIDGE_LOCK_ASSERT(sc); 1014 1015 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1016 1017 return (0); 1018 } 1019 1020 int 1021 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1022 { 1023 struct ifbrparam *param = arg; 1024 1025 BRIDGE_LOCK_ASSERT(sc); 1026 1027 if (param->ifbrp_hellotime == 0) 1028 return (EINVAL); 1029 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1030 1031 if (sc->sc_if.if_flags & IFF_RUNNING) 1032 bstp_initialization(sc); 1033 1034 return (0); 1035 } 1036 1037 int 1038 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1039 { 1040 struct ifbrparam *param = arg; 1041 1042 BRIDGE_LOCK_ASSERT(sc); 1043 1044 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1045 1046 return (0); 1047 } 1048 1049 int 1050 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1051 { 1052 struct ifbrparam *param = arg; 1053 1054 BRIDGE_LOCK_ASSERT(sc); 1055 1056 if (param->ifbrp_fwddelay == 0) 1057 return (EINVAL); 1058 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1059 1060 if (sc->sc_if.if_flags & IFF_RUNNING) 1061 bstp_initialization(sc); 1062 1063 return (0); 1064 } 1065 1066 int 1067 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1068 { 1069 struct ifbrparam *param = arg; 1070 1071 BRIDGE_LOCK_ASSERT(sc); 1072 1073 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1074 1075 return (0); 1076 } 1077 1078 int 1079 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1080 { 1081 struct ifbrparam *param = arg; 1082 1083 BRIDGE_LOCK_ASSERT(sc); 1084 1085 if (param->ifbrp_maxage == 0) 1086 return (EINVAL); 1087 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1088 1089 if (sc->sc_if.if_flags & IFF_RUNNING) 1090 bstp_initialization(sc); 1091 1092 return (0); 1093 } 1094 1095 int 1096 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1097 { 1098 struct ifbreq *req = arg; 1099 struct bridge_iflist *bif; 1100 1101 BRIDGE_LOCK_ASSERT(sc); 1102 1103 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1104 if (bif == NULL) 1105 return (ENOENT); 1106 1107 bif->bif_priority = req->ifbr_priority; 1108 1109 if (sc->sc_if.if_flags & IFF_RUNNING) 1110 bstp_initialization(sc); 1111 1112 return (0); 1113 } 1114 1115 int 1116 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1117 { 1118 struct ifbreq *req = arg; 1119 struct bridge_iflist *bif; 1120 1121 BRIDGE_LOCK_ASSERT(sc); 1122 1123 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1124 if (bif == NULL) 1125 return (ENOENT); 1126 1127 bif->bif_path_cost = req->ifbr_path_cost; 1128 1129 if (sc->sc_if.if_flags & IFF_RUNNING) 1130 bstp_initialization(sc); 1131 1132 return (0); 1133 } 1134 1135 /* 1136 * bridge_ifdetach: 1137 * 1138 * Detach an interface from a bridge. Called when a member 1139 * interface is detaching. 1140 */ 1141 void 1142 bridge_ifdetach(struct ifnet *ifp) 1143 { 1144 struct bridge_softc *sc = ifp->if_bridge; 1145 struct ifbreq breq; 1146 1147 BRIDGE_LOCK_ASSERT(sc); 1148 1149 memset(&breq, 0, sizeof(breq)); 1150 snprintf(breq.ifbr_ifsname, sizeof(breq.ifbr_ifsname), ifp->if_xname); 1151 1152 (void) bridge_ioctl_del(sc, &breq); 1153 } 1154 1155 /* 1156 * bridge_init: 1157 * 1158 * Initialize a bridge interface. 1159 */ 1160 static void 1161 bridge_init(void *xsc) 1162 { 1163 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1164 struct ifnet *ifp = &sc->sc_if; 1165 1166 if (ifp->if_flags & IFF_RUNNING) 1167 return; 1168 1169 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1170 bridge_timer, sc); 1171 1172 ifp->if_flags |= IFF_RUNNING; 1173 bstp_initialization(sc); 1174 return; 1175 } 1176 1177 /* 1178 * bridge_stop: 1179 * 1180 * Stop the bridge interface. 1181 */ 1182 void 1183 bridge_stop(struct ifnet *ifp, int disable) 1184 { 1185 struct bridge_softc *sc = ifp->if_softc; 1186 1187 if ((ifp->if_flags & IFF_RUNNING) == 0) 1188 return; 1189 1190 callout_stop(&sc->sc_brcallout); 1191 bstp_stop(sc); 1192 1193 bridge_rtflush(sc, IFBF_FLUSHDYN); 1194 1195 ifp->if_flags &= ~IFF_RUNNING; 1196 } 1197 1198 /* 1199 * bridge_enqueue: 1200 * 1201 * Enqueue a packet on a bridge member interface. 1202 * 1203 */ 1204 __inline void 1205 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m, 1206 int runfilt) 1207 { 1208 int len, err; 1209 short mflags; 1210 1211 /* 1212 * Clear any in-bound checksum flags for this packet. 1213 */ 1214 m->m_pkthdr.csum_flags = 0; 1215 1216 if (runfilt && inet_pfil_hook.ph_busy_count >= 0) { 1217 if (bridge_pfil(&m, &sc->sc_if, dst_ifp, PFIL_OUT) != 0) 1218 return; 1219 } 1220 if (m == NULL) 1221 return; 1222 1223 len = m->m_pkthdr.len; 1224 mflags = m->m_flags; 1225 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1226 if (err == 0) { 1227 1228 sc->sc_if.if_opackets++; 1229 sc->sc_if.if_obytes += len; 1230 1231 dst_ifp->if_obytes += len; 1232 1233 if (mflags & M_MCAST) { 1234 sc->sc_if.if_omcasts++; 1235 dst_ifp->if_omcasts++; 1236 } 1237 } 1238 1239 if ((dst_ifp->if_flags & IFF_OACTIVE) == 0) 1240 (*dst_ifp->if_start)(dst_ifp); 1241 } 1242 1243 /* 1244 * bridge_output: 1245 * 1246 * Send output from a bridge member interface. This 1247 * performs the bridging function for locally originated 1248 * packets. 1249 * 1250 * The mbuf has the Ethernet header already attached. We must 1251 * enqueue or free the mbuf before returning. 1252 */ 1253 int 1254 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1255 struct rtentry *rt) 1256 { 1257 struct ether_header *eh; 1258 struct ifnet *dst_if; 1259 struct bridge_softc *sc; 1260 1261 if (m->m_len < ETHER_HDR_LEN) { 1262 m = m_pullup(m, ETHER_HDR_LEN); 1263 if (m == NULL) 1264 return (0); 1265 } 1266 1267 eh = mtod(m, struct ether_header *); 1268 sc = ifp->if_bridge; 1269 1270 BRIDGE_LOCK(sc); 1271 1272 /* 1273 * If bridge is down, but the original output interface is up, 1274 * go ahead and send out that interface. Otherwise, the packet 1275 * is dropped below. 1276 */ 1277 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 1278 dst_if = ifp; 1279 goto sendunicast; 1280 } 1281 1282 /* 1283 * If the packet is a multicast, or we don't know a better way to 1284 * get there, send to all interfaces. 1285 */ 1286 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1287 dst_if = NULL; 1288 else 1289 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1290 if (dst_if == NULL) { 1291 struct bridge_iflist *bif; 1292 struct mbuf *mc; 1293 int error = 0, used = 0; 1294 1295 BRIDGE_LOCK2REF(sc, error); 1296 if (error) { 1297 m_freem(m); 1298 return (0); 1299 } 1300 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1301 dst_if = bif->bif_ifp; 1302 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1303 continue; 1304 1305 /* 1306 * If this is not the original output interface, 1307 * and the interface is participating in spanning 1308 * tree, make sure the port is in a state that 1309 * allows forwarding. 1310 */ 1311 if (dst_if != ifp && 1312 (bif->bif_flags & IFBIF_STP) != 0) { 1313 switch (bif->bif_state) { 1314 case BSTP_IFSTATE_BLOCKING: 1315 case BSTP_IFSTATE_LISTENING: 1316 case BSTP_IFSTATE_DISABLED: 1317 continue; 1318 } 1319 } 1320 1321 if (LIST_NEXT(bif, bif_next) == NULL) { 1322 used = 1; 1323 mc = m; 1324 } else { 1325 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1326 if (mc == NULL) { 1327 sc->sc_if.if_oerrors++; 1328 continue; 1329 } 1330 } 1331 1332 bridge_enqueue(sc, dst_if, mc, 0); 1333 } 1334 if (used == 0) 1335 m_freem(m); 1336 BRIDGE_UNREF(sc); 1337 return (0); 1338 } 1339 1340 sendunicast: 1341 /* 1342 * XXX Spanning tree consideration here? 1343 */ 1344 1345 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1346 m_freem(m); 1347 BRIDGE_UNLOCK(sc); 1348 return (0); 1349 } 1350 1351 BRIDGE_UNLOCK(sc); 1352 bridge_enqueue(sc, dst_if, m, 0); 1353 return (0); 1354 } 1355 1356 /* 1357 * bridge_start: 1358 * 1359 * Start output on a bridge. 1360 * 1361 */ 1362 void 1363 bridge_start(struct ifnet *ifp) 1364 { 1365 struct bridge_softc *sc; 1366 struct mbuf *m; 1367 struct ether_header *eh; 1368 struct ifnet *dst_if; 1369 1370 sc = ifp->if_softc; 1371 1372 ifp->if_flags |= IFF_OACTIVE; 1373 for (;;) { 1374 IFQ_DEQUEUE(&ifp->if_snd, m); 1375 if (m == 0) 1376 break; 1377 BPF_MTAP(ifp, m); 1378 1379 eh = mtod(m, struct ether_header *); 1380 dst_if = NULL; 1381 1382 BRIDGE_LOCK(sc); 1383 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1384 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1385 } 1386 1387 if (dst_if == NULL) 1388 bridge_broadcast(sc, ifp, m); 1389 else { 1390 BRIDGE_UNLOCK(sc); 1391 bridge_enqueue(sc, dst_if, m, 1); 1392 } 1393 } 1394 ifp->if_flags &= ~IFF_OACTIVE; 1395 1396 return; 1397 } 1398 1399 /* 1400 * bridge_forward: 1401 * 1402 * The forwarding function of the bridge. 1403 * 1404 * NOTE: Releases the lock on return. 1405 */ 1406 void 1407 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1408 { 1409 struct bridge_iflist *bif; 1410 struct ifnet *src_if, *dst_if, *ifp; 1411 struct ether_header *eh; 1412 1413 src_if = m->m_pkthdr.rcvif; 1414 BRIDGE_LOCK_ASSERT(sc); 1415 ifp = &sc->sc_if; 1416 1417 sc->sc_if.if_ipackets++; 1418 sc->sc_if.if_ibytes += m->m_pkthdr.len; 1419 1420 /* 1421 * Look up the bridge_iflist. 1422 */ 1423 bif = bridge_lookup_member_if(sc, src_if); 1424 if (bif == NULL) { 1425 /* Interface is not a bridge member (anymore?) */ 1426 BRIDGE_UNLOCK(sc); 1427 m_freem(m); 1428 return; 1429 } 1430 1431 if (bif->bif_flags & IFBIF_STP) { 1432 switch (bif->bif_state) { 1433 case BSTP_IFSTATE_BLOCKING: 1434 case BSTP_IFSTATE_LISTENING: 1435 case BSTP_IFSTATE_DISABLED: 1436 BRIDGE_UNLOCK(sc); 1437 m_freem(m); 1438 return; 1439 } 1440 } 1441 1442 eh = mtod(m, struct ether_header *); 1443 1444 /* 1445 * If the interface is learning, and the source 1446 * address is valid and not multicast, record 1447 * the address. 1448 */ 1449 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1450 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1451 (eh->ether_shost[0] == 0 && 1452 eh->ether_shost[1] == 0 && 1453 eh->ether_shost[2] == 0 && 1454 eh->ether_shost[3] == 0 && 1455 eh->ether_shost[4] == 0 && 1456 eh->ether_shost[5] == 0) == 0) { 1457 (void) bridge_rtupdate(sc, eh->ether_shost, 1458 src_if, 0, IFBAF_DYNAMIC); 1459 } 1460 1461 if ((bif->bif_flags & IFBIF_STP) != 0 && 1462 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1463 m_freem(m); 1464 BRIDGE_UNLOCK(sc); 1465 return; 1466 } 1467 1468 /* 1469 * At this point, the port either doesn't participate 1470 * in spanning tree or it is in the forwarding state. 1471 */ 1472 1473 /* 1474 * If the packet is unicast, destined for someone on 1475 * "this" side of the bridge, drop it. 1476 */ 1477 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1478 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1479 if (src_if == dst_if) { 1480 BRIDGE_UNLOCK(sc); 1481 m_freem(m); 1482 return; 1483 } 1484 } else { 1485 /* ...forward it to all interfaces. */ 1486 sc->sc_if.if_imcasts++; 1487 dst_if = NULL; 1488 } 1489 1490 /* run the packet filter */ 1491 if (inet_pfil_hook.ph_busy_count >= 0) { 1492 BRIDGE_UNLOCK(sc); 1493 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1494 return; 1495 BRIDGE_LOCK(sc); 1496 } 1497 if (m == NULL) { 1498 BRIDGE_UNLOCK(sc); 1499 return; 1500 } 1501 1502 if (dst_if == NULL) { 1503 /* tap off packets passing the bridge */ 1504 BPF_MTAP(ifp, m); 1505 1506 bridge_broadcast(sc, src_if, m); 1507 return; 1508 } 1509 1510 /* 1511 * At this point, we're dealing with a unicast frame 1512 * going to a different interface. 1513 */ 1514 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1515 BRIDGE_UNLOCK(sc); 1516 m_freem(m); 1517 return; 1518 } 1519 bif = bridge_lookup_member_if(sc, dst_if); 1520 if (bif == NULL) { 1521 /* Not a member of the bridge (anymore?) */ 1522 BRIDGE_UNLOCK(sc); 1523 m_freem(m); 1524 return; 1525 } 1526 1527 if (bif->bif_flags & IFBIF_STP) { 1528 switch (bif->bif_state) { 1529 case BSTP_IFSTATE_DISABLED: 1530 case BSTP_IFSTATE_BLOCKING: 1531 BRIDGE_UNLOCK(sc); 1532 m_freem(m); 1533 return; 1534 } 1535 } 1536 1537 /* tap off packets passing the bridge */ 1538 BPF_MTAP(ifp, m); 1539 1540 BRIDGE_UNLOCK(sc); 1541 bridge_enqueue(sc, dst_if, m, 1); 1542 } 1543 1544 /* 1545 * bridge_input: 1546 * 1547 * Receive input from a member interface. Queue the packet for 1548 * bridging if it is not for us. 1549 */ 1550 struct mbuf * 1551 bridge_input(struct ifnet *ifp, struct mbuf *m) 1552 { 1553 struct bridge_softc *sc = ifp->if_bridge; 1554 struct bridge_iflist *bif; 1555 struct ether_header *eh; 1556 struct mbuf *mc; 1557 1558 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) 1559 return (m); 1560 1561 BRIDGE_LOCK(sc); 1562 bif = bridge_lookup_member_if(sc, ifp); 1563 if (bif == NULL) { 1564 BRIDGE_UNLOCK(sc); 1565 return (m); 1566 } 1567 1568 eh = mtod(m, struct ether_header *); 1569 1570 if (memcmp(eh->ether_dhost, sc->ifb_ac.ac_enaddr, 1571 ETHER_ADDR_LEN) == 0) { 1572 /* 1573 * If the packet is for us, set the packets source as the 1574 * bridge, and return the packet back to ether_input for 1575 * local processing. 1576 */ 1577 1578 /* XXX Do we tap the packet for the member interface too? 1579 * BPF_MTAP(&m->m_pkthdr.rcvif, m); 1580 */ 1581 1582 /* Mark the packet as arriving on the bridge interface */ 1583 m->m_pkthdr.rcvif = &sc->sc_if; 1584 BPF_MTAP(&sc->sc_if, m); 1585 sc->sc_if.if_ipackets++; 1586 1587 BRIDGE_UNLOCK(sc); 1588 return (m); 1589 } 1590 1591 if (m->m_flags & (M_BCAST|M_MCAST)) { 1592 /* Tap off 802.1D packets; they do not get forwarded. */ 1593 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1594 ETHER_ADDR_LEN) == 0) { 1595 m = bstp_input(ifp, m); 1596 if (m == NULL) { 1597 BRIDGE_UNLOCK(sc); 1598 return (NULL); 1599 } 1600 } 1601 1602 if (bif->bif_flags & IFBIF_STP) { 1603 switch (bif->bif_state) { 1604 case BSTP_IFSTATE_BLOCKING: 1605 case BSTP_IFSTATE_LISTENING: 1606 case BSTP_IFSTATE_DISABLED: 1607 BRIDGE_UNLOCK(sc); 1608 return (m); 1609 } 1610 } 1611 1612 /* 1613 * Make a deep copy of the packet and enqueue the copy 1614 * for bridge processing; return the original packet for 1615 * local processing. 1616 */ 1617 mc = m_dup(m, M_DONTWAIT); 1618 if (mc == NULL) { 1619 BRIDGE_UNLOCK(sc); 1620 return (m); 1621 } 1622 1623 /* Perform the bridge forwarding function with the copy. */ 1624 bridge_forward(sc, mc); 1625 1626 /* Return the original packet for local processing. */ 1627 return (m); 1628 } 1629 1630 if (bif->bif_flags & IFBIF_STP) { 1631 switch (bif->bif_state) { 1632 case BSTP_IFSTATE_BLOCKING: 1633 case BSTP_IFSTATE_LISTENING: 1634 case BSTP_IFSTATE_DISABLED: 1635 BRIDGE_UNLOCK(sc); 1636 return (m); 1637 } 1638 } 1639 1640 /* 1641 * Unicast. Make sure it's not for us. 1642 */ 1643 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1644 /* It is destined for us. */ 1645 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1646 ETHER_ADDR_LEN) == 0) { 1647 if (bif->bif_flags & IFBIF_LEARNING) 1648 (void) bridge_rtupdate(sc, 1649 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1650 m->m_pkthdr.rcvif = bif->bif_ifp; 1651 BRIDGE_UNLOCK(sc); 1652 return (m); 1653 } 1654 1655 /* We just received a packet that we sent out. */ 1656 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1657 ETHER_ADDR_LEN) == 0) { 1658 BRIDGE_UNLOCK(sc); 1659 m_freem(m); 1660 return (NULL); 1661 } 1662 } 1663 1664 /* Perform the bridge forwarding function. */ 1665 bridge_forward(sc, m); 1666 1667 return (NULL); 1668 } 1669 1670 /* 1671 * bridge_broadcast: 1672 * 1673 * Send a frame to all interfaces that are members of 1674 * the bridge, except for the one on which the packet 1675 * arrived. 1676 * 1677 * NOTE: Releases the lock on return. 1678 */ 1679 void 1680 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1681 struct mbuf *m) 1682 { 1683 struct bridge_iflist *bif; 1684 struct mbuf *mc; 1685 struct ifnet *dst_if; 1686 int error = 0, used = 0; 1687 1688 BRIDGE_LOCK_ASSERT(sc); 1689 BRIDGE_LOCK2REF(sc, error); 1690 if (error) { 1691 m_freem(m); 1692 return; 1693 } 1694 1695 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1696 dst_if = bif->bif_ifp; 1697 if (dst_if == src_if) 1698 continue; 1699 1700 if (bif->bif_flags & IFBIF_STP) { 1701 switch (bif->bif_state) { 1702 case BSTP_IFSTATE_BLOCKING: 1703 case BSTP_IFSTATE_DISABLED: 1704 continue; 1705 } 1706 } 1707 1708 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1709 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 1710 continue; 1711 1712 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1713 continue; 1714 1715 if (LIST_NEXT(bif, bif_next) == NULL) { 1716 mc = m; 1717 used = 1; 1718 } else { 1719 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1720 if (mc == NULL) { 1721 sc->sc_if.if_oerrors++; 1722 continue; 1723 } 1724 } 1725 1726 bridge_enqueue(sc, dst_if, mc, 1); 1727 } 1728 if (used == 0) 1729 m_freem(m); 1730 1731 BRIDGE_UNREF(sc); 1732 } 1733 1734 /* 1735 * bridge_rtupdate: 1736 * 1737 * Add a bridge routing entry. 1738 */ 1739 int 1740 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 1741 struct ifnet *dst_if, int setflags, uint8_t flags) 1742 { 1743 struct bridge_rtnode *brt; 1744 struct timeval tv; 1745 int error; 1746 1747 BRIDGE_LOCK_ASSERT(sc); 1748 1749 /* 1750 * A route for this destination might already exist. If so, 1751 * update it, otherwise create a new one. 1752 */ 1753 getmicrotime(&tv); 1754 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 1755 if (sc->sc_brtcnt >= sc->sc_brtmax) 1756 return (ENOSPC); 1757 1758 /* 1759 * Allocate a new bridge forwarding node, and 1760 * initialize the expiration time and Ethernet 1761 * address. 1762 */ 1763 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 1764 if (brt == NULL) 1765 return (ENOMEM); 1766 1767 brt->brt_expire = tv.tv_sec + sc->sc_brttimeout; 1768 brt->brt_flags = IFBAF_DYNAMIC; 1769 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 1770 1771 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 1772 uma_zfree(bridge_rtnode_zone, brt); 1773 return (error); 1774 } 1775 } 1776 1777 brt->brt_ifp = dst_if; 1778 if (setflags) { 1779 brt->brt_flags = flags; 1780 brt->brt_expire = (flags & IFBAF_STATIC) ? 0 : 1781 tv.tv_sec + sc->sc_brttimeout; 1782 } 1783 1784 return (0); 1785 } 1786 1787 /* 1788 * bridge_rtlookup: 1789 * 1790 * Lookup the destination interface for an address. 1791 */ 1792 struct ifnet * 1793 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 1794 { 1795 struct bridge_rtnode *brt; 1796 1797 BRIDGE_LOCK_ASSERT(sc); 1798 1799 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 1800 return (NULL); 1801 1802 return (brt->brt_ifp); 1803 } 1804 1805 /* 1806 * bridge_rttrim: 1807 * 1808 * Trim the routine table so that we have a number 1809 * of routing entries less than or equal to the 1810 * maximum number. 1811 */ 1812 void 1813 bridge_rttrim(struct bridge_softc *sc) 1814 { 1815 struct bridge_rtnode *brt, *nbrt; 1816 1817 BRIDGE_LOCK_ASSERT(sc); 1818 1819 /* Make sure we actually need to do this. */ 1820 if (sc->sc_brtcnt <= sc->sc_brtmax) 1821 return; 1822 1823 /* Force an aging cycle; this might trim enough addresses. */ 1824 bridge_rtage(sc); 1825 if (sc->sc_brtcnt <= sc->sc_brtmax) 1826 return; 1827 1828 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 1829 nbrt = LIST_NEXT(brt, brt_list); 1830 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1831 bridge_rtnode_destroy(sc, brt); 1832 if (sc->sc_brtcnt <= sc->sc_brtmax) 1833 return; 1834 } 1835 } 1836 } 1837 1838 /* 1839 * bridge_timer: 1840 * 1841 * Aging timer for the bridge. 1842 */ 1843 void 1844 bridge_timer(void *arg) 1845 { 1846 struct bridge_softc *sc = arg; 1847 1848 BRIDGE_LOCK(sc); 1849 bridge_rtage(sc); 1850 BRIDGE_UNLOCK(sc); 1851 1852 if (sc->sc_if.if_flags & IFF_RUNNING) 1853 callout_reset(&sc->sc_brcallout, 1854 bridge_rtable_prune_period * hz, bridge_timer, sc); 1855 } 1856 1857 /* 1858 * bridge_rtage: 1859 * 1860 * Perform an aging cycle. 1861 */ 1862 void 1863 bridge_rtage(struct bridge_softc *sc) 1864 { 1865 struct bridge_rtnode *brt, *nbrt; 1866 struct timeval tv; 1867 1868 BRIDGE_LOCK_ASSERT(sc); 1869 1870 getmicrotime(&tv); 1871 1872 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 1873 nbrt = LIST_NEXT(brt, brt_list); 1874 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1875 if (tv.tv_sec >= brt->brt_expire) 1876 bridge_rtnode_destroy(sc, brt); 1877 } 1878 } 1879 } 1880 1881 /* 1882 * bridge_rtflush: 1883 * 1884 * Remove all dynamic addresses from the bridge. 1885 */ 1886 void 1887 bridge_rtflush(struct bridge_softc *sc, int full) 1888 { 1889 struct bridge_rtnode *brt, *nbrt; 1890 1891 BRIDGE_LOCK_ASSERT(sc); 1892 1893 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 1894 nbrt = LIST_NEXT(brt, brt_list); 1895 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 1896 bridge_rtnode_destroy(sc, brt); 1897 } 1898 } 1899 1900 /* 1901 * bridge_rtdaddr: 1902 * 1903 * Remove an address from the table. 1904 */ 1905 int 1906 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 1907 { 1908 struct bridge_rtnode *brt; 1909 1910 BRIDGE_LOCK_ASSERT(sc); 1911 1912 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 1913 return (ENOENT); 1914 1915 bridge_rtnode_destroy(sc, brt); 1916 return (0); 1917 } 1918 1919 /* 1920 * bridge_rtdelete: 1921 * 1922 * Delete routes to a speicifc member interface. 1923 */ 1924 void 1925 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 1926 { 1927 struct bridge_rtnode *brt, *nbrt; 1928 1929 BRIDGE_LOCK_ASSERT(sc); 1930 1931 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 1932 nbrt = LIST_NEXT(brt, brt_list); 1933 if (brt->brt_ifp == ifp && (full || 1934 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 1935 bridge_rtnode_destroy(sc, brt); 1936 } 1937 } 1938 1939 /* 1940 * bridge_rtable_init: 1941 * 1942 * Initialize the route table for this bridge. 1943 */ 1944 int 1945 bridge_rtable_init(struct bridge_softc *sc) 1946 { 1947 int i; 1948 1949 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 1950 M_DEVBUF, M_NOWAIT); 1951 if (sc->sc_rthash == NULL) 1952 return (ENOMEM); 1953 1954 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 1955 LIST_INIT(&sc->sc_rthash[i]); 1956 1957 sc->sc_rthash_key = arc4random(); 1958 1959 LIST_INIT(&sc->sc_rtlist); 1960 1961 return (0); 1962 } 1963 1964 /* 1965 * bridge_rtable_fini: 1966 * 1967 * Deconstruct the route table for this bridge. 1968 */ 1969 void 1970 bridge_rtable_fini(struct bridge_softc *sc) 1971 { 1972 1973 free(sc->sc_rthash, M_DEVBUF); 1974 } 1975 1976 /* 1977 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 1978 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 1979 */ 1980 #define mix(a, b, c) \ 1981 do { \ 1982 a -= b; a -= c; a ^= (c >> 13); \ 1983 b -= c; b -= a; b ^= (a << 8); \ 1984 c -= a; c -= b; c ^= (b >> 13); \ 1985 a -= b; a -= c; a ^= (c >> 12); \ 1986 b -= c; b -= a; b ^= (a << 16); \ 1987 c -= a; c -= b; c ^= (b >> 5); \ 1988 a -= b; a -= c; a ^= (c >> 3); \ 1989 b -= c; b -= a; b ^= (a << 10); \ 1990 c -= a; c -= b; c ^= (b >> 15); \ 1991 } while (/*CONSTCOND*/0) 1992 1993 static __inline uint32_t 1994 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 1995 { 1996 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 1997 1998 b += addr[5] << 8; 1999 b += addr[4]; 2000 a += addr[3] << 24; 2001 a += addr[2] << 16; 2002 a += addr[1] << 8; 2003 a += addr[0]; 2004 2005 mix(a, b, c); 2006 2007 return (c & BRIDGE_RTHASH_MASK); 2008 } 2009 2010 #undef mix 2011 2012 /* 2013 * bridge_rtnode_lookup: 2014 * 2015 * Look up a bridge route node for the specified destination. 2016 */ 2017 struct bridge_rtnode * 2018 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2019 { 2020 struct bridge_rtnode *brt; 2021 uint32_t hash; 2022 int dir; 2023 2024 BRIDGE_LOCK_ASSERT(sc); 2025 2026 hash = bridge_rthash(sc, addr); 2027 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2028 dir = memcmp(addr, brt->brt_addr, ETHER_ADDR_LEN); 2029 if (dir == 0) 2030 return (brt); 2031 if (dir > 0) 2032 return (NULL); 2033 } 2034 2035 return (NULL); 2036 } 2037 2038 /* 2039 * bridge_rtnode_insert: 2040 * 2041 * Insert the specified bridge node into the route table. We 2042 * assume the entry is not already in the table. 2043 */ 2044 int 2045 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2046 { 2047 struct bridge_rtnode *lbrt; 2048 uint32_t hash; 2049 int dir; 2050 2051 BRIDGE_LOCK_ASSERT(sc); 2052 2053 hash = bridge_rthash(sc, brt->brt_addr); 2054 2055 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2056 if (lbrt == NULL) { 2057 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2058 goto out; 2059 } 2060 2061 do { 2062 dir = memcmp(brt->brt_addr, lbrt->brt_addr, ETHER_ADDR_LEN); 2063 if (dir == 0) 2064 return (EEXIST); 2065 if (dir > 0) { 2066 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2067 goto out; 2068 } 2069 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2070 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2071 goto out; 2072 } 2073 lbrt = LIST_NEXT(lbrt, brt_hash); 2074 } while (lbrt != NULL); 2075 2076 #ifdef DIAGNOSTIC 2077 panic("bridge_rtnode_insert: impossible"); 2078 #endif 2079 2080 out: 2081 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2082 sc->sc_brtcnt++; 2083 2084 return (0); 2085 } 2086 2087 /* 2088 * bridge_rtnode_destroy: 2089 * 2090 * Destroy a bridge rtnode. 2091 */ 2092 void 2093 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2094 { 2095 BRIDGE_LOCK_ASSERT(sc); 2096 2097 LIST_REMOVE(brt, brt_hash); 2098 2099 LIST_REMOVE(brt, brt_list); 2100 sc->sc_brtcnt--; 2101 uma_zfree(bridge_rtnode_zone, brt); 2102 } 2103 2104 /* 2105 * Send bridge packets through pfil if they are one of the types pfil can deal 2106 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2107 * question.) 2108 */ 2109 static int bridge_pfil(struct mbuf **mp, struct ifnet *bifp, 2110 struct ifnet *ifp, int dir) 2111 { 2112 int snap, error; 2113 struct ether_header *eh1, eh2; 2114 struct ip *ip; 2115 struct llc llc; 2116 u_int16_t ether_type; 2117 2118 snap = 0; 2119 error = -1; /* Default error if not error == 0 */ 2120 eh1 = mtod(*mp, struct ether_header *); 2121 ether_type = ntohs(eh1->ether_type); 2122 2123 /* 2124 * Check for SNAP/LLC. 2125 */ 2126 if (ether_type < ETHERMTU) { 2127 struct llc *llc = (struct llc *)(eh1 + 1); 2128 2129 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2130 llc->llc_dsap == LLC_SNAP_LSAP && 2131 llc->llc_ssap == LLC_SNAP_LSAP && 2132 llc->llc_control == LLC_UI) { 2133 ether_type = htons(llc->llc_un.type_snap.ether_type); 2134 snap = 1; 2135 } 2136 } 2137 2138 /* 2139 * If we're trying to filter bridge traffic, don't look at anything 2140 * other than IP and ARP traffic. If the filter doesn't understand 2141 * IPv6, don't allow IPv6 through the bridge either. This is lame 2142 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2143 * but of course we don't have an AppleTalk filter to begin with. 2144 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2145 * ARP traffic.) 2146 */ 2147 switch (ether_type) { 2148 case ETHERTYPE_ARP: 2149 case ETHERTYPE_REVARP: 2150 return 0; /* Automatically pass */ 2151 case ETHERTYPE_IP: 2152 # ifdef INET6 2153 case ETHERTYPE_IPV6: 2154 # endif /* INET6 */ 2155 break; 2156 default: 2157 goto bad; 2158 } 2159 2160 /* Strip off the Ethernet header and keep a copy. */ 2161 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2162 m_adj(*mp, ETHER_HDR_LEN); 2163 2164 /* Strip off snap header, if present */ 2165 if (snap) { 2166 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc); 2167 m_adj(*mp, sizeof(struct llc)); 2168 } 2169 2170 /* 2171 * Check basic packet sanity and run pfil through pfil. 2172 */ 2173 switch (ether_type) 2174 { 2175 case ETHERTYPE_IP : 2176 error = (dir == PFIL_IN) ? bridge_ip_checkbasic(mp) : 0; 2177 /* 2178 * before calling the firewall, swap fields the same as 2179 * IP does. here we assume the header is contiguous 2180 */ 2181 if (error == 0) { 2182 ip = mtod(*mp, struct ip *); 2183 2184 ip->ip_len = ntohs(ip->ip_len); 2185 ip->ip_off = ntohs(ip->ip_off); 2186 } else { 2187 error = -1; 2188 break; 2189 } 2190 2191 /* 2192 * Run pfil on the member interface and the bridge, both can 2193 * be skipped by clearing pfil_member or pfil_bridge. 2194 * 2195 * Keep the order: 2196 * in_if -> bridge_if -> out_if 2197 */ 2198 if (error == 0 && pfil_bridge && dir == PFIL_OUT) 2199 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2200 dir, NULL); 2201 2202 if (error == 0 && pfil_member) 2203 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2204 dir, NULL); 2205 2206 if (error == 0 && pfil_bridge && dir == PFIL_IN) 2207 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2208 dir, NULL); 2209 2210 /* Restore ip and the fields ntohs()'d. */ 2211 if (*mp != NULL && error == 0) { 2212 ip = mtod(*mp, struct ip *); 2213 ip->ip_len = htons(ip->ip_len); 2214 ip->ip_off = htons(ip->ip_off); 2215 } 2216 2217 break; 2218 # ifdef INET6 2219 case ETHERTYPE_IPV6 : 2220 error = (dir == PFIL_IN) ? bridge_ip6_checkbasic(mp) : 0; 2221 if (error == 0) 2222 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2223 dir, NULL); 2224 break; 2225 # endif 2226 default : 2227 error = 0; 2228 break; 2229 } 2230 2231 if (*mp == NULL) 2232 return error; 2233 if (error != 0) 2234 goto bad; 2235 2236 error = -1; 2237 2238 /* 2239 * Finally, put everything back the way it was and return 2240 */ 2241 if (snap) { 2242 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2243 if (*mp == NULL) 2244 return error; 2245 bcopy(&llc, mtod(*mp, caddr_t), sizeof(struct llc)); 2246 } 2247 2248 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2249 if (*mp == NULL) 2250 return error; 2251 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2252 2253 return 0; 2254 2255 bad: 2256 m_freem(*mp); 2257 *mp = NULL; 2258 return error; 2259 } 2260 2261 /* 2262 * Perform basic checks on header size since 2263 * pfil assumes ip_input has already processed 2264 * it for it. Cut-and-pasted from ip_input.c. 2265 * Given how simple the IPv6 version is, 2266 * does the IPv4 version really need to be 2267 * this complicated? 2268 * 2269 * XXX Should we update ipstat here, or not? 2270 * XXX Right now we update ipstat but not 2271 * XXX csum_counter. 2272 */ 2273 static int 2274 bridge_ip_checkbasic(struct mbuf **mp) 2275 { 2276 struct mbuf *m = *mp; 2277 struct ip *ip; 2278 int len, hlen; 2279 u_short sum; 2280 2281 if (*mp == NULL) 2282 return -1; 2283 2284 if (__predict_false(m->m_len < sizeof (struct ip))) { 2285 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2286 ipstat.ips_toosmall++; 2287 goto bad; 2288 } 2289 } 2290 ip = mtod(m, struct ip *); 2291 if (ip == NULL) goto bad; 2292 2293 if (ip->ip_v != IPVERSION) { 2294 ipstat.ips_badvers++; 2295 goto bad; 2296 } 2297 hlen = ip->ip_hl << 2; 2298 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2299 ipstat.ips_badhlen++; 2300 goto bad; 2301 } 2302 if (hlen > m->m_len) { 2303 if ((m = m_pullup(m, hlen)) == 0) { 2304 ipstat.ips_badhlen++; 2305 goto bad; 2306 } 2307 ip = mtod(m, struct ip *); 2308 if (ip == NULL) goto bad; 2309 } 2310 2311 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2312 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2313 } else { 2314 if (hlen == sizeof(struct ip)) { 2315 sum = in_cksum_hdr(ip); 2316 } else { 2317 sum = in_cksum(m, hlen); 2318 } 2319 } 2320 if (sum) { 2321 ipstat.ips_badsum++; 2322 goto bad; 2323 } 2324 2325 /* Retrieve the packet length. */ 2326 len = ntohs(ip->ip_len); 2327 2328 /* 2329 * Check for additional length bogosity 2330 */ 2331 if (len < hlen) { 2332 ipstat.ips_badlen++; 2333 goto bad; 2334 } 2335 2336 /* 2337 * Check that the amount of data in the buffers 2338 * is as at least much as the IP header would have us expect. 2339 * Drop packet if shorter than we expect. 2340 */ 2341 if (m->m_pkthdr.len < len) { 2342 ipstat.ips_tooshort++; 2343 goto bad; 2344 } 2345 2346 /* Checks out, proceed */ 2347 *mp = m; 2348 return 0; 2349 2350 bad: 2351 *mp = m; 2352 return -1; 2353 } 2354 2355 # ifdef INET6 2356 /* 2357 * Same as above, but for IPv6. 2358 * Cut-and-pasted from ip6_input.c. 2359 * XXX Should we update ip6stat, or not? 2360 */ 2361 static int 2362 bridge_ip6_checkbasic(struct mbuf **mp) 2363 { 2364 struct mbuf *m = *mp; 2365 struct ip6_hdr *ip6; 2366 2367 /* 2368 * If the IPv6 header is not aligned, slurp it up into a new 2369 * mbuf with space for link headers, in the event we forward 2370 * it. Otherwise, if it is aligned, make sure the entire base 2371 * IPv6 header is in the first mbuf of the chain. 2372 2373 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2374 struct ifnet *inifp = m->m_pkthdr.rcvif; 2375 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2376 (max_linkhdr + 3) & ~3)) == NULL) { 2377 * XXXJRT new stat, please * 2378 ip6stat.ip6s_toosmall++; 2379 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2380 goto bad; 2381 } 2382 } else */ 2383 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2384 struct ifnet *inifp = m->m_pkthdr.rcvif; 2385 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2386 ip6stat.ip6s_toosmall++; 2387 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2388 goto bad; 2389 } 2390 } 2391 2392 ip6 = mtod(m, struct ip6_hdr *); 2393 2394 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2395 ip6stat.ip6s_badvers++; 2396 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2397 goto bad; 2398 } 2399 2400 /* Checks out, proceed */ 2401 *mp = m; 2402 return 0; 2403 2404 bad: 2405 *mp = m; 2406 return -1; 2407 } 2408 # endif /* INET6 */ 2409