1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <vm/uma.h> 101 #include <sys/module.h> 102 #include <sys/proc.h> 103 #include <sys/lock.h> 104 #include <sys/mutex.h> 105 106 #include <net/bpf.h> 107 #include <net/if.h> 108 #include <net/if_clone.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 114 #include <netinet/in.h> /* for struct arpcom */ 115 #include <netinet/in_systm.h> 116 #include <netinet/in_var.h> 117 #include <netinet/ip.h> 118 #include <netinet/ip_var.h> 119 #ifdef INET6 120 #include <netinet/ip6.h> 121 #include <netinet6/ip6_var.h> 122 #endif 123 #include <machine/in_cksum.h> 124 #include <netinet/if_ether.h> /* for struct arpcom */ 125 #include <net/if_bridgevar.h> 126 #include <net/if_llc.h> 127 128 #include <net/route.h> 129 #include <netinet/ip_fw.h> 130 #include <netinet/ip_dummynet.h> 131 132 /* 133 * Size of the route hash table. Must be a power of two. 134 */ 135 #ifndef BRIDGE_RTHASH_SIZE 136 #define BRIDGE_RTHASH_SIZE 1024 137 #endif 138 139 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 140 141 /* 142 * Maximum number of addresses to cache. 143 */ 144 #ifndef BRIDGE_RTABLE_MAX 145 #define BRIDGE_RTABLE_MAX 100 146 #endif 147 148 /* 149 * Spanning tree defaults. 150 */ 151 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 152 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 153 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 154 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 155 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 156 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 157 #define BSTP_DEFAULT_PATH_COST 55 158 159 /* 160 * Timeout (in seconds) for entries learned dynamically. 161 */ 162 #ifndef BRIDGE_RTABLE_TIMEOUT 163 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 164 #endif 165 166 /* 167 * Number of seconds between walks of the route list. 168 */ 169 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 170 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 171 #endif 172 173 /* 174 * List of capabilities to mask on the member interface. 175 */ 176 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 177 178 static struct mtx bridge_list_mtx; 179 eventhandler_tag bridge_detach_cookie = NULL; 180 181 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 182 183 uma_zone_t bridge_rtnode_zone; 184 185 static int bridge_clone_create(struct if_clone *, int); 186 static void bridge_clone_destroy(struct ifnet *); 187 188 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 189 static void bridge_mutecaps(struct bridge_iflist *, int); 190 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 191 static void bridge_init(void *); 192 static void bridge_dummynet(struct mbuf *, struct ifnet *); 193 static void bridge_stop(struct ifnet *, int); 194 static void bridge_start(struct ifnet *); 195 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 196 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 197 struct rtentry *); 198 199 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 200 201 static void bridge_timer(void *); 202 203 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 204 struct mbuf *, int); 205 static void bridge_span(struct bridge_softc *, struct mbuf *); 206 207 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 208 struct ifnet *, int, uint8_t); 209 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 210 static void bridge_rttrim(struct bridge_softc *); 211 static void bridge_rtage(struct bridge_softc *); 212 static void bridge_rtflush(struct bridge_softc *, int); 213 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 214 215 static int bridge_rtable_init(struct bridge_softc *); 216 static void bridge_rtable_fini(struct bridge_softc *); 217 218 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 219 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 220 const uint8_t *); 221 static int bridge_rtnode_insert(struct bridge_softc *, 222 struct bridge_rtnode *); 223 static void bridge_rtnode_destroy(struct bridge_softc *, 224 struct bridge_rtnode *); 225 226 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 227 const char *name); 228 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 229 struct ifnet *ifp); 230 static void bridge_delete_member(struct bridge_softc *, 231 struct bridge_iflist *, int); 232 static void bridge_delete_span(struct bridge_softc *, 233 struct bridge_iflist *); 234 235 static int bridge_ioctl_add(struct bridge_softc *, void *); 236 static int bridge_ioctl_del(struct bridge_softc *, void *); 237 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 238 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 239 static int bridge_ioctl_scache(struct bridge_softc *, void *); 240 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 241 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 242 static int bridge_ioctl_rts(struct bridge_softc *, void *); 243 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 244 static int bridge_ioctl_sto(struct bridge_softc *, void *); 245 static int bridge_ioctl_gto(struct bridge_softc *, void *); 246 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 247 static int bridge_ioctl_flush(struct bridge_softc *, void *); 248 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 249 static int bridge_ioctl_spri(struct bridge_softc *, void *); 250 static int bridge_ioctl_ght(struct bridge_softc *, void *); 251 static int bridge_ioctl_sht(struct bridge_softc *, void *); 252 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 253 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 254 static int bridge_ioctl_gma(struct bridge_softc *, void *); 255 static int bridge_ioctl_sma(struct bridge_softc *, void *); 256 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 257 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 258 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 259 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 260 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 261 int); 262 static int bridge_ip_checkbasic(struct mbuf **mp); 263 #ifdef INET6 264 static int bridge_ip6_checkbasic(struct mbuf **mp); 265 #endif /* INET6 */ 266 static int bridge_fragment(struct ifnet *, struct mbuf *, 267 struct ether_header *, int, struct llc *); 268 269 SYSCTL_DECL(_net_link); 270 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 271 272 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 273 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 274 static int pfil_member = 1; /* run pfil hooks on the member interface */ 275 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 276 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 277 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 278 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 279 &pfil_bridge, 0, "Packet filter on the bridge interface"); 280 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 281 &pfil_member, 0, "Packet filter on the member interface"); 282 283 struct bridge_control { 284 int (*bc_func)(struct bridge_softc *, void *); 285 int bc_argsize; 286 int bc_flags; 287 }; 288 289 #define BC_F_COPYIN 0x01 /* copy arguments in */ 290 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 291 #define BC_F_SUSER 0x04 /* do super-user check */ 292 293 const struct bridge_control bridge_control_table[] = { 294 { bridge_ioctl_add, sizeof(struct ifbreq), 295 BC_F_COPYIN|BC_F_SUSER }, 296 { bridge_ioctl_del, sizeof(struct ifbreq), 297 BC_F_COPYIN|BC_F_SUSER }, 298 299 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 300 BC_F_COPYIN|BC_F_COPYOUT }, 301 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 302 BC_F_COPYIN|BC_F_SUSER }, 303 304 { bridge_ioctl_scache, sizeof(struct ifbrparam), 305 BC_F_COPYIN|BC_F_SUSER }, 306 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 307 BC_F_COPYOUT }, 308 309 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 310 BC_F_COPYIN|BC_F_COPYOUT }, 311 { bridge_ioctl_rts, sizeof(struct ifbaconf), 312 BC_F_COPYIN|BC_F_COPYOUT }, 313 314 { bridge_ioctl_saddr, sizeof(struct ifbareq), 315 BC_F_COPYIN|BC_F_SUSER }, 316 317 { bridge_ioctl_sto, sizeof(struct ifbrparam), 318 BC_F_COPYIN|BC_F_SUSER }, 319 { bridge_ioctl_gto, sizeof(struct ifbrparam), 320 BC_F_COPYOUT }, 321 322 { bridge_ioctl_daddr, sizeof(struct ifbareq), 323 BC_F_COPYIN|BC_F_SUSER }, 324 325 { bridge_ioctl_flush, sizeof(struct ifbreq), 326 BC_F_COPYIN|BC_F_SUSER }, 327 328 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 329 BC_F_COPYOUT }, 330 { bridge_ioctl_spri, sizeof(struct ifbrparam), 331 BC_F_COPYIN|BC_F_SUSER }, 332 333 { bridge_ioctl_ght, sizeof(struct ifbrparam), 334 BC_F_COPYOUT }, 335 { bridge_ioctl_sht, sizeof(struct ifbrparam), 336 BC_F_COPYIN|BC_F_SUSER }, 337 338 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 339 BC_F_COPYOUT }, 340 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 341 BC_F_COPYIN|BC_F_SUSER }, 342 343 { bridge_ioctl_gma, sizeof(struct ifbrparam), 344 BC_F_COPYOUT }, 345 { bridge_ioctl_sma, sizeof(struct ifbrparam), 346 BC_F_COPYIN|BC_F_SUSER }, 347 348 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 349 BC_F_COPYIN|BC_F_SUSER }, 350 351 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 352 BC_F_COPYIN|BC_F_SUSER }, 353 354 { bridge_ioctl_addspan, sizeof(struct ifbreq), 355 BC_F_COPYIN|BC_F_SUSER }, 356 { bridge_ioctl_delspan, sizeof(struct ifbreq), 357 BC_F_COPYIN|BC_F_SUSER }, 358 }; 359 const int bridge_control_table_size = 360 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 361 362 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 363 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 364 365 LIST_HEAD(, bridge_softc) bridge_list; 366 367 IFC_SIMPLE_DECLARE(bridge, 0); 368 369 static int 370 bridge_modevent(module_t mod, int type, void *data) 371 { 372 373 switch (type) { 374 case MOD_LOAD: 375 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 376 if_clone_attach(&bridge_cloner); 377 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 378 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 379 UMA_ALIGN_PTR, 0); 380 LIST_INIT(&bridge_list); 381 bridge_input_p = bridge_input; 382 bridge_output_p = bridge_output; 383 bridge_dn_p = bridge_dummynet; 384 bstp_linkstate_p = bstp_linkstate; 385 bridge_detach_cookie = EVENTHANDLER_REGISTER( 386 ifnet_departure_event, bridge_ifdetach, NULL, 387 EVENTHANDLER_PRI_ANY); 388 break; 389 case MOD_UNLOAD: 390 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 391 bridge_detach_cookie); 392 if_clone_detach(&bridge_cloner); 393 uma_zdestroy(bridge_rtnode_zone); 394 bridge_input_p = NULL; 395 bridge_output_p = NULL; 396 bridge_dn_p = NULL; 397 bstp_linkstate_p = NULL; 398 mtx_destroy(&bridge_list_mtx); 399 break; 400 default: 401 return (EOPNOTSUPP); 402 } 403 return (0); 404 } 405 406 static moduledata_t bridge_mod = { 407 "if_bridge", 408 bridge_modevent, 409 0 410 }; 411 412 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 413 414 /* 415 * handler for net.link.bridge.pfil_ipfw 416 */ 417 static int 418 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 419 { 420 int enable = pfil_ipfw; 421 int error; 422 423 error = sysctl_handle_int(oidp, &enable, 0, req); 424 enable = (enable) ? 1 : 0; 425 426 if (enable != pfil_ipfw) { 427 pfil_ipfw = enable; 428 429 /* 430 * Disable pfil so that ipfw doesnt run twice, if the user 431 * really wants both then they can re-enable pfil_bridge and/or 432 * pfil_member. Also allow non-ip packets as ipfw can filter by 433 * layer2 type. 434 */ 435 if (pfil_ipfw) { 436 pfil_onlyip = 0; 437 pfil_bridge = 0; 438 pfil_member = 0; 439 } 440 } 441 442 return (error); 443 } 444 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 445 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 446 447 /* 448 * bridge_clone_create: 449 * 450 * Create a new bridge instance. 451 */ 452 static int 453 bridge_clone_create(struct if_clone *ifc, int unit) 454 { 455 struct bridge_softc *sc, *sc2; 456 struct ifnet *bifp, *ifp; 457 u_char eaddr[6]; 458 int retry; 459 460 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 461 BRIDGE_LOCK_INIT(sc); 462 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 463 if (ifp == NULL) { 464 free(sc, M_DEVBUF); 465 return (ENOSPC); 466 } 467 468 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 469 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 470 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 471 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 472 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 473 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 474 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 475 476 /* Initialize our routing table. */ 477 bridge_rtable_init(sc); 478 479 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 480 callout_init_mtx(&sc->sc_bstpcallout, &sc->sc_mtx, 0); 481 482 LIST_INIT(&sc->sc_iflist); 483 LIST_INIT(&sc->sc_spanlist); 484 485 ifp->if_softc = sc; 486 if_initname(ifp, ifc->ifc_name, unit); 487 ifp->if_mtu = ETHERMTU; 488 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 489 ifp->if_ioctl = bridge_ioctl; 490 ifp->if_output = bridge_output; 491 ifp->if_start = bridge_start; 492 ifp->if_init = bridge_init; 493 ifp->if_type = IFT_BRIDGE; 494 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 495 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 496 IFQ_SET_READY(&ifp->if_snd); 497 ifp->if_hdrlen = ETHER_HDR_LEN; 498 499 /* 500 * Generate a random ethernet address and use the private AC:DE:48 501 * OUI code. 502 * 503 * Since we are using random ethernet addresses for the bridge, it is 504 * possible that we might have address collisions, so make sure that 505 * this hardware address isn't already in use on another bridge. 506 */ 507 for (retry = 1; retry != 0;) { 508 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 509 eaddr[0] = 0xAC; 510 eaddr[1] = 0xDE; 511 eaddr[2] = 0x48; 512 retry = 0; 513 mtx_lock(&bridge_list_mtx); 514 LIST_FOREACH(sc2, &bridge_list, sc_list) { 515 bifp = sc2->sc_ifp; 516 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 517 retry = 1; 518 } 519 mtx_unlock(&bridge_list_mtx); 520 } 521 522 ether_ifattach(ifp, eaddr); 523 /* Now undo some of the damage... */ 524 ifp->if_baudrate = 0; 525 ifp->if_type = IFT_BRIDGE; 526 527 mtx_lock(&bridge_list_mtx); 528 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 529 mtx_unlock(&bridge_list_mtx); 530 531 return (0); 532 } 533 534 /* 535 * bridge_clone_destroy: 536 * 537 * Destroy a bridge instance. 538 */ 539 static void 540 bridge_clone_destroy(struct ifnet *ifp) 541 { 542 struct bridge_softc *sc = ifp->if_softc; 543 struct bridge_iflist *bif; 544 545 BRIDGE_LOCK(sc); 546 547 bridge_stop(ifp, 1); 548 ifp->if_flags &= ~IFF_UP; 549 550 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 551 bridge_delete_member(sc, bif, 0); 552 553 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 554 bridge_delete_span(sc, bif); 555 } 556 557 BRIDGE_UNLOCK(sc); 558 559 callout_drain(&sc->sc_brcallout); 560 callout_drain(&sc->sc_bstpcallout); 561 562 mtx_lock(&bridge_list_mtx); 563 LIST_REMOVE(sc, sc_list); 564 mtx_unlock(&bridge_list_mtx); 565 566 ether_ifdetach(ifp); 567 if_free_type(ifp, IFT_ETHER); 568 569 /* Tear down the routing table. */ 570 bridge_rtable_fini(sc); 571 572 BRIDGE_LOCK_DESTROY(sc); 573 free(sc, M_DEVBUF); 574 } 575 576 /* 577 * bridge_ioctl: 578 * 579 * Handle a control request from the operator. 580 */ 581 static int 582 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 583 { 584 struct bridge_softc *sc = ifp->if_softc; 585 struct thread *td = curthread; 586 union { 587 struct ifbreq ifbreq; 588 struct ifbifconf ifbifconf; 589 struct ifbareq ifbareq; 590 struct ifbaconf ifbaconf; 591 struct ifbrparam ifbrparam; 592 } args; 593 struct ifdrv *ifd = (struct ifdrv *) data; 594 const struct bridge_control *bc; 595 int error = 0; 596 597 BRIDGE_LOCK(sc); 598 599 switch (cmd) { 600 601 case SIOCADDMULTI: 602 case SIOCDELMULTI: 603 break; 604 605 case SIOCGDRVSPEC: 606 case SIOCSDRVSPEC: 607 if (ifd->ifd_cmd >= bridge_control_table_size) { 608 error = EINVAL; 609 break; 610 } 611 bc = &bridge_control_table[ifd->ifd_cmd]; 612 613 if (cmd == SIOCGDRVSPEC && 614 (bc->bc_flags & BC_F_COPYOUT) == 0) { 615 error = EINVAL; 616 break; 617 } 618 else if (cmd == SIOCSDRVSPEC && 619 (bc->bc_flags & BC_F_COPYOUT) != 0) { 620 error = EINVAL; 621 break; 622 } 623 624 if (bc->bc_flags & BC_F_SUSER) { 625 error = suser(td); 626 if (error) 627 break; 628 } 629 630 if (ifd->ifd_len != bc->bc_argsize || 631 ifd->ifd_len > sizeof(args)) { 632 error = EINVAL; 633 break; 634 } 635 636 bzero(&args, sizeof(args)); 637 if (bc->bc_flags & BC_F_COPYIN) { 638 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 639 if (error) 640 break; 641 } 642 643 error = (*bc->bc_func)(sc, &args); 644 if (error) 645 break; 646 647 if (bc->bc_flags & BC_F_COPYOUT) 648 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 649 650 break; 651 652 case SIOCSIFFLAGS: 653 if (!(ifp->if_flags & IFF_UP) && 654 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 655 /* 656 * If interface is marked down and it is running, 657 * then stop and disable it. 658 */ 659 bridge_stop(ifp, 1); 660 } else if ((ifp->if_flags & IFF_UP) && 661 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 662 /* 663 * If interface is marked up and it is stopped, then 664 * start it. 665 */ 666 BRIDGE_UNLOCK(sc); 667 (*ifp->if_init)(sc); 668 } 669 break; 670 671 case SIOCSIFMTU: 672 /* Do not allow the MTU to be changed on the bridge */ 673 error = EINVAL; 674 break; 675 676 default: 677 /* 678 * drop the lock as ether_ioctl() will call bridge_start() and 679 * cause the lock to be recursed. 680 */ 681 BRIDGE_UNLOCK(sc); 682 error = ether_ioctl(ifp, cmd, data); 683 break; 684 } 685 686 if (BRIDGE_LOCKED(sc)) 687 BRIDGE_UNLOCK(sc); 688 689 return (error); 690 } 691 692 /* 693 * bridge_mutecaps: 694 * 695 * Clear or restore unwanted capabilities on the member interface 696 */ 697 static void 698 bridge_mutecaps(struct bridge_iflist *bif, int mute) 699 { 700 struct ifnet *ifp = bif->bif_ifp; 701 struct ifreq ifr; 702 int error; 703 704 if (ifp->if_ioctl == NULL) 705 return; 706 707 bzero(&ifr, sizeof(ifr)); 708 ifr.ifr_reqcap = ifp->if_capenable; 709 710 if (mute) { 711 /* mask off and save capabilities */ 712 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 713 if (bif->bif_mutecap != 0) 714 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 715 } else 716 /* restore muted capabilities */ 717 ifr.ifr_reqcap |= bif->bif_mutecap; 718 719 720 if (bif->bif_mutecap != 0) { 721 IFF_LOCKGIANT(ifp); 722 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 723 IFF_UNLOCKGIANT(ifp); 724 } 725 } 726 727 /* 728 * bridge_lookup_member: 729 * 730 * Lookup a bridge member interface. 731 */ 732 static struct bridge_iflist * 733 bridge_lookup_member(struct bridge_softc *sc, const char *name) 734 { 735 struct bridge_iflist *bif; 736 struct ifnet *ifp; 737 738 BRIDGE_LOCK_ASSERT(sc); 739 740 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 741 ifp = bif->bif_ifp; 742 if (strcmp(ifp->if_xname, name) == 0) 743 return (bif); 744 } 745 746 return (NULL); 747 } 748 749 /* 750 * bridge_lookup_member_if: 751 * 752 * Lookup a bridge member interface by ifnet*. 753 */ 754 static struct bridge_iflist * 755 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 756 { 757 struct bridge_iflist *bif; 758 759 BRIDGE_LOCK_ASSERT(sc); 760 761 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 762 if (bif->bif_ifp == member_ifp) 763 return (bif); 764 } 765 766 return (NULL); 767 } 768 769 /* 770 * bridge_delete_member: 771 * 772 * Delete the specified member interface. 773 */ 774 static void 775 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 776 int gone) 777 { 778 struct ifnet *ifs = bif->bif_ifp; 779 780 BRIDGE_LOCK_ASSERT(sc); 781 782 if (!gone) { 783 switch (ifs->if_type) { 784 case IFT_ETHER: 785 case IFT_L2VLAN: 786 /* 787 * Take the interface out of promiscuous mode. 788 */ 789 (void) ifpromisc(ifs, 0); 790 bridge_mutecaps(bif, 0); 791 break; 792 793 case IFT_GIF: 794 break; 795 796 default: 797 #ifdef DIAGNOSTIC 798 panic("bridge_delete_member: impossible"); 799 #endif 800 break; 801 } 802 } 803 804 ifs->if_bridge = NULL; 805 BRIDGE_XLOCK(sc); 806 LIST_REMOVE(bif, bif_next); 807 BRIDGE_XDROP(sc); 808 809 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 810 811 free(bif, M_DEVBUF); 812 813 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 814 bstp_initialization(sc); 815 } 816 817 /* 818 * bridge_delete_span: 819 * 820 * Delete the specified span interface. 821 */ 822 static void 823 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 824 { 825 BRIDGE_LOCK_ASSERT(sc); 826 827 KASSERT(bif->bif_ifp->if_bridge == NULL, 828 ("%s: not a span interface", __func__)); 829 830 LIST_REMOVE(bif, bif_next); 831 free(bif, M_DEVBUF); 832 } 833 834 static int 835 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 836 { 837 struct ifbreq *req = arg; 838 struct bridge_iflist *bif = NULL; 839 struct ifnet *ifs; 840 int error = 0; 841 842 BRIDGE_LOCK_ASSERT(sc); 843 844 ifs = ifunit(req->ifbr_ifsname); 845 if (ifs == NULL) 846 return (ENOENT); 847 848 /* If it's in the span list, it can't be a member. */ 849 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 850 if (ifs == bif->bif_ifp) 851 return (EBUSY); 852 853 /* Allow the first Ethernet member to define the MTU */ 854 if (ifs->if_type != IFT_GIF) { 855 if (LIST_EMPTY(&sc->sc_iflist)) 856 sc->sc_ifp->if_mtu = ifs->if_mtu; 857 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 858 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 859 ifs->if_xname); 860 return (EINVAL); 861 } 862 } 863 864 if (ifs->if_bridge == sc) 865 return (EEXIST); 866 867 if (ifs->if_bridge != NULL) 868 return (EBUSY); 869 870 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 871 if (bif == NULL) 872 return (ENOMEM); 873 874 bif->bif_ifp = ifs; 875 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 876 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 877 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 878 879 switch (ifs->if_type) { 880 case IFT_ETHER: 881 case IFT_L2VLAN: 882 /* 883 * Place the interface into promiscuous mode. 884 */ 885 error = ifpromisc(ifs, 1); 886 if (error) 887 goto out; 888 889 bridge_mutecaps(bif, 1); 890 break; 891 892 case IFT_GIF: 893 break; 894 895 default: 896 error = EINVAL; 897 goto out; 898 } 899 900 ifs->if_bridge = sc; 901 /* 902 * XXX: XLOCK HERE!?! 903 * 904 * NOTE: insert_***HEAD*** should be safe for the traversals. 905 */ 906 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 907 908 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 909 bstp_initialization(sc); 910 else 911 bstp_stop(sc); 912 913 out: 914 if (error) { 915 if (bif != NULL) 916 free(bif, M_DEVBUF); 917 } 918 return (error); 919 } 920 921 static int 922 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 923 { 924 struct ifbreq *req = arg; 925 struct bridge_iflist *bif; 926 927 BRIDGE_LOCK_ASSERT(sc); 928 929 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 930 if (bif == NULL) 931 return (ENOENT); 932 933 bridge_delete_member(sc, bif, 0); 934 935 return (0); 936 } 937 938 static int 939 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 940 { 941 struct ifbreq *req = arg; 942 struct bridge_iflist *bif; 943 944 BRIDGE_LOCK_ASSERT(sc); 945 946 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 947 if (bif == NULL) 948 return (ENOENT); 949 950 req->ifbr_ifsflags = bif->bif_flags; 951 req->ifbr_state = bif->bif_state; 952 req->ifbr_priority = bif->bif_priority; 953 req->ifbr_path_cost = bif->bif_path_cost; 954 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 955 956 return (0); 957 } 958 959 static int 960 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 961 { 962 struct ifbreq *req = arg; 963 struct bridge_iflist *bif; 964 965 BRIDGE_LOCK_ASSERT(sc); 966 967 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 968 if (bif == NULL) 969 return (ENOENT); 970 971 if (req->ifbr_ifsflags & IFBIF_SPAN) 972 /* SPAN is readonly */ 973 return (EINVAL); 974 975 if (req->ifbr_ifsflags & IFBIF_STP) { 976 switch (bif->bif_ifp->if_type) { 977 case IFT_ETHER: 978 /* These can do spanning tree. */ 979 break; 980 981 default: 982 /* Nothing else can. */ 983 return (EINVAL); 984 } 985 } 986 987 bif->bif_flags = req->ifbr_ifsflags; 988 989 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 990 bstp_initialization(sc); 991 992 return (0); 993 } 994 995 static int 996 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 997 { 998 struct ifbrparam *param = arg; 999 1000 BRIDGE_LOCK_ASSERT(sc); 1001 1002 sc->sc_brtmax = param->ifbrp_csize; 1003 bridge_rttrim(sc); 1004 1005 return (0); 1006 } 1007 1008 static int 1009 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1010 { 1011 struct ifbrparam *param = arg; 1012 1013 BRIDGE_LOCK_ASSERT(sc); 1014 1015 param->ifbrp_csize = sc->sc_brtmax; 1016 1017 return (0); 1018 } 1019 1020 static int 1021 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1022 { 1023 struct ifbifconf *bifc = arg; 1024 struct bridge_iflist *bif; 1025 struct ifbreq breq; 1026 int count, len, error = 0; 1027 1028 BRIDGE_LOCK_ASSERT(sc); 1029 1030 count = 0; 1031 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1032 count++; 1033 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1034 count++; 1035 1036 if (bifc->ifbic_len == 0) { 1037 bifc->ifbic_len = sizeof(breq) * count; 1038 return (0); 1039 } 1040 1041 count = 0; 1042 len = bifc->ifbic_len; 1043 bzero(&breq, sizeof(breq)); 1044 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1045 if (len < sizeof(breq)) 1046 break; 1047 1048 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1049 sizeof(breq.ifbr_ifsname)); 1050 breq.ifbr_ifsflags = bif->bif_flags; 1051 breq.ifbr_state = bif->bif_state; 1052 breq.ifbr_priority = bif->bif_priority; 1053 breq.ifbr_path_cost = bif->bif_path_cost; 1054 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1055 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1056 if (error) 1057 break; 1058 count++; 1059 len -= sizeof(breq); 1060 } 1061 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1062 if (len < sizeof(breq)) 1063 break; 1064 1065 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1066 sizeof(breq.ifbr_ifsname)); 1067 breq.ifbr_ifsflags = bif->bif_flags; 1068 breq.ifbr_state = bif->bif_state; 1069 breq.ifbr_priority = bif->bif_priority; 1070 breq.ifbr_path_cost = bif->bif_path_cost; 1071 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1072 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1073 if (error) 1074 break; 1075 count++; 1076 len -= sizeof(breq); 1077 } 1078 1079 bifc->ifbic_len = sizeof(breq) * count; 1080 return (error); 1081 } 1082 1083 static int 1084 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1085 { 1086 struct ifbaconf *bac = arg; 1087 struct bridge_rtnode *brt; 1088 struct ifbareq bareq; 1089 int count = 0, error = 0, len; 1090 1091 BRIDGE_LOCK_ASSERT(sc); 1092 1093 if (bac->ifbac_len == 0) 1094 return (0); 1095 1096 len = bac->ifbac_len; 1097 bzero(&bareq, sizeof(bareq)); 1098 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1099 if (len < sizeof(bareq)) 1100 goto out; 1101 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1102 sizeof(bareq.ifba_ifsname)); 1103 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1104 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1105 time_uptime < brt->brt_expire) 1106 bareq.ifba_expire = brt->brt_expire - time_uptime; 1107 else 1108 bareq.ifba_expire = 0; 1109 bareq.ifba_flags = brt->brt_flags; 1110 1111 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1112 if (error) 1113 goto out; 1114 count++; 1115 len -= sizeof(bareq); 1116 } 1117 out: 1118 bac->ifbac_len = sizeof(bareq) * count; 1119 return (error); 1120 } 1121 1122 static int 1123 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1124 { 1125 struct ifbareq *req = arg; 1126 struct bridge_iflist *bif; 1127 int error; 1128 1129 BRIDGE_LOCK_ASSERT(sc); 1130 1131 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1132 if (bif == NULL) 1133 return (ENOENT); 1134 1135 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1136 req->ifba_flags); 1137 1138 return (error); 1139 } 1140 1141 static int 1142 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1143 { 1144 struct ifbrparam *param = arg; 1145 1146 BRIDGE_LOCK_ASSERT(sc); 1147 1148 sc->sc_brttimeout = param->ifbrp_ctime; 1149 1150 return (0); 1151 } 1152 1153 static int 1154 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1155 { 1156 struct ifbrparam *param = arg; 1157 1158 BRIDGE_LOCK_ASSERT(sc); 1159 1160 param->ifbrp_ctime = sc->sc_brttimeout; 1161 1162 return (0); 1163 } 1164 1165 static int 1166 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1167 { 1168 struct ifbareq *req = arg; 1169 1170 BRIDGE_LOCK_ASSERT(sc); 1171 1172 return (bridge_rtdaddr(sc, req->ifba_dst)); 1173 } 1174 1175 static int 1176 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1177 { 1178 struct ifbreq *req = arg; 1179 1180 BRIDGE_LOCK_ASSERT(sc); 1181 1182 bridge_rtflush(sc, req->ifbr_ifsflags); 1183 1184 return (0); 1185 } 1186 1187 static int 1188 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1189 { 1190 struct ifbrparam *param = arg; 1191 1192 BRIDGE_LOCK_ASSERT(sc); 1193 1194 param->ifbrp_prio = sc->sc_bridge_priority; 1195 1196 return (0); 1197 } 1198 1199 static int 1200 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1201 { 1202 struct ifbrparam *param = arg; 1203 1204 BRIDGE_LOCK_ASSERT(sc); 1205 1206 sc->sc_bridge_priority = param->ifbrp_prio; 1207 1208 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1209 bstp_initialization(sc); 1210 1211 return (0); 1212 } 1213 1214 static int 1215 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1216 { 1217 struct ifbrparam *param = arg; 1218 1219 BRIDGE_LOCK_ASSERT(sc); 1220 1221 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1222 1223 return (0); 1224 } 1225 1226 static int 1227 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1228 { 1229 struct ifbrparam *param = arg; 1230 1231 BRIDGE_LOCK_ASSERT(sc); 1232 1233 if (param->ifbrp_hellotime == 0) 1234 return (EINVAL); 1235 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1236 1237 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1238 bstp_initialization(sc); 1239 1240 return (0); 1241 } 1242 1243 static int 1244 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1245 { 1246 struct ifbrparam *param = arg; 1247 1248 BRIDGE_LOCK_ASSERT(sc); 1249 1250 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1251 1252 return (0); 1253 } 1254 1255 static int 1256 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1257 { 1258 struct ifbrparam *param = arg; 1259 1260 BRIDGE_LOCK_ASSERT(sc); 1261 1262 if (param->ifbrp_fwddelay == 0) 1263 return (EINVAL); 1264 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1265 1266 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1267 bstp_initialization(sc); 1268 1269 return (0); 1270 } 1271 1272 static int 1273 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1274 { 1275 struct ifbrparam *param = arg; 1276 1277 BRIDGE_LOCK_ASSERT(sc); 1278 1279 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1280 1281 return (0); 1282 } 1283 1284 static int 1285 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1286 { 1287 struct ifbrparam *param = arg; 1288 1289 BRIDGE_LOCK_ASSERT(sc); 1290 1291 if (param->ifbrp_maxage == 0) 1292 return (EINVAL); 1293 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1294 1295 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1296 bstp_initialization(sc); 1297 1298 return (0); 1299 } 1300 1301 static int 1302 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1303 { 1304 struct ifbreq *req = arg; 1305 struct bridge_iflist *bif; 1306 1307 BRIDGE_LOCK_ASSERT(sc); 1308 1309 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1310 if (bif == NULL) 1311 return (ENOENT); 1312 1313 bif->bif_priority = req->ifbr_priority; 1314 1315 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1316 bstp_initialization(sc); 1317 1318 return (0); 1319 } 1320 1321 static int 1322 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1323 { 1324 struct ifbreq *req = arg; 1325 struct bridge_iflist *bif; 1326 1327 BRIDGE_LOCK_ASSERT(sc); 1328 1329 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1330 if (bif == NULL) 1331 return (ENOENT); 1332 1333 bif->bif_path_cost = req->ifbr_path_cost; 1334 1335 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1336 bstp_initialization(sc); 1337 1338 return (0); 1339 } 1340 1341 static int 1342 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1343 { 1344 struct ifbreq *req = arg; 1345 struct bridge_iflist *bif = NULL; 1346 struct ifnet *ifs; 1347 1348 BRIDGE_LOCK_ASSERT(sc); 1349 1350 ifs = ifunit(req->ifbr_ifsname); 1351 if (ifs == NULL) 1352 return (ENOENT); 1353 1354 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1355 if (ifs == bif->bif_ifp) 1356 return (EBUSY); 1357 1358 if (ifs->if_bridge != NULL) 1359 return (EBUSY); 1360 1361 switch (ifs->if_type) { 1362 case IFT_ETHER: 1363 case IFT_L2VLAN: 1364 break; 1365 default: 1366 return (EINVAL); 1367 } 1368 1369 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1370 if (bif == NULL) 1371 return (ENOMEM); 1372 1373 bif->bif_ifp = ifs; 1374 bif->bif_flags = IFBIF_SPAN; 1375 1376 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1377 1378 return (0); 1379 } 1380 1381 static int 1382 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1383 { 1384 struct ifbreq *req = arg; 1385 struct bridge_iflist *bif; 1386 struct ifnet *ifs; 1387 1388 BRIDGE_LOCK_ASSERT(sc); 1389 1390 ifs = ifunit(req->ifbr_ifsname); 1391 if (ifs == NULL) 1392 return (ENOENT); 1393 1394 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1395 if (ifs == bif->bif_ifp) 1396 break; 1397 1398 if (bif == NULL) 1399 return (ENOENT); 1400 1401 bridge_delete_span(sc, bif); 1402 1403 return (0); 1404 } 1405 1406 /* 1407 * bridge_ifdetach: 1408 * 1409 * Detach an interface from a bridge. Called when a member 1410 * interface is detaching. 1411 */ 1412 static void 1413 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1414 { 1415 struct bridge_softc *sc = ifp->if_bridge; 1416 struct bridge_iflist *bif; 1417 1418 /* Check if the interface is a bridge member */ 1419 if (sc != NULL) { 1420 BRIDGE_LOCK(sc); 1421 1422 bif = bridge_lookup_member_if(sc, ifp); 1423 if (bif != NULL) 1424 bridge_delete_member(sc, bif, 1); 1425 1426 BRIDGE_UNLOCK(sc); 1427 return; 1428 } 1429 1430 /* Check if the interface is a span port */ 1431 mtx_lock(&bridge_list_mtx); 1432 LIST_FOREACH(sc, &bridge_list, sc_list) { 1433 BRIDGE_LOCK(sc); 1434 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1435 if (ifp == bif->bif_ifp) { 1436 bridge_delete_span(sc, bif); 1437 break; 1438 } 1439 1440 BRIDGE_UNLOCK(sc); 1441 } 1442 mtx_unlock(&bridge_list_mtx); 1443 } 1444 1445 /* 1446 * bridge_init: 1447 * 1448 * Initialize a bridge interface. 1449 */ 1450 static void 1451 bridge_init(void *xsc) 1452 { 1453 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1454 struct ifnet *ifp = sc->sc_ifp; 1455 1456 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1457 return; 1458 1459 BRIDGE_LOCK(sc); 1460 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1461 bridge_timer, sc); 1462 1463 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1464 bstp_initialization(sc); 1465 BRIDGE_UNLOCK(sc); 1466 } 1467 1468 /* 1469 * bridge_stop: 1470 * 1471 * Stop the bridge interface. 1472 */ 1473 static void 1474 bridge_stop(struct ifnet *ifp, int disable) 1475 { 1476 struct bridge_softc *sc = ifp->if_softc; 1477 1478 BRIDGE_LOCK_ASSERT(sc); 1479 1480 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1481 return; 1482 1483 callout_stop(&sc->sc_brcallout); 1484 bstp_stop(sc); 1485 1486 bridge_rtflush(sc, IFBF_FLUSHDYN); 1487 1488 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1489 } 1490 1491 /* 1492 * bridge_enqueue: 1493 * 1494 * Enqueue a packet on a bridge member interface. 1495 * 1496 */ 1497 __inline void 1498 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1499 { 1500 int len, err = 0; 1501 short mflags; 1502 struct mbuf *m0; 1503 1504 len = m->m_pkthdr.len; 1505 mflags = m->m_flags; 1506 1507 /* We may be sending a framgment so traverse the mbuf */ 1508 for (; m; m = m0) { 1509 m0 = m->m_nextpkt; 1510 m->m_nextpkt = NULL; 1511 1512 if (err == 0) 1513 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1514 } 1515 1516 if (err == 0) { 1517 1518 sc->sc_ifp->if_opackets++; 1519 sc->sc_ifp->if_obytes += len; 1520 1521 dst_ifp->if_obytes += len; 1522 1523 if (mflags & M_MCAST) { 1524 sc->sc_ifp->if_omcasts++; 1525 dst_ifp->if_omcasts++; 1526 } 1527 } 1528 1529 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1530 (*dst_ifp->if_start)(dst_ifp); 1531 } 1532 1533 /* 1534 * bridge_dummynet: 1535 * 1536 * Receive a queued packet from dummynet and pass it on to the output 1537 * interface. 1538 * 1539 * The mbuf has the Ethernet header already attached. 1540 */ 1541 static void 1542 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1543 { 1544 struct bridge_softc *sc; 1545 1546 sc = ifp->if_bridge; 1547 1548 /* 1549 * The packet didnt originate from a member interface. This should only 1550 * ever happen if a member interface is removed while packets are 1551 * queued for it. 1552 */ 1553 if (sc == NULL) { 1554 m_freem(m); 1555 return; 1556 } 1557 1558 if (PFIL_HOOKED(&inet_pfil_hook) 1559 #ifdef INET6 1560 || PFIL_HOOKED(&inet6_pfil_hook) 1561 #endif 1562 ) { 1563 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1564 return; 1565 if (m == NULL) 1566 return; 1567 } 1568 1569 bridge_enqueue(sc, ifp, m); 1570 } 1571 1572 /* 1573 * bridge_output: 1574 * 1575 * Send output from a bridge member interface. This 1576 * performs the bridging function for locally originated 1577 * packets. 1578 * 1579 * The mbuf has the Ethernet header already attached. We must 1580 * enqueue or free the mbuf before returning. 1581 */ 1582 static int 1583 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1584 struct rtentry *rt) 1585 { 1586 struct ether_header *eh; 1587 struct ifnet *dst_if; 1588 struct bridge_softc *sc; 1589 1590 if (m->m_len < ETHER_HDR_LEN) { 1591 m = m_pullup(m, ETHER_HDR_LEN); 1592 if (m == NULL) 1593 return (0); 1594 } 1595 1596 eh = mtod(m, struct ether_header *); 1597 sc = ifp->if_bridge; 1598 1599 BRIDGE_LOCK(sc); 1600 1601 /* 1602 * If bridge is down, but the original output interface is up, 1603 * go ahead and send out that interface. Otherwise, the packet 1604 * is dropped below. 1605 */ 1606 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1607 dst_if = ifp; 1608 goto sendunicast; 1609 } 1610 1611 /* 1612 * If the packet is a multicast, or we don't know a better way to 1613 * get there, send to all interfaces. 1614 */ 1615 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1616 dst_if = NULL; 1617 else 1618 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1619 if (dst_if == NULL) { 1620 struct bridge_iflist *bif; 1621 struct mbuf *mc; 1622 int error = 0, used = 0; 1623 1624 BRIDGE_LOCK2REF(sc, error); 1625 if (error) { 1626 m_freem(m); 1627 return (0); 1628 } 1629 1630 bridge_span(sc, m); 1631 1632 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1633 dst_if = bif->bif_ifp; 1634 1635 if (dst_if->if_type == IFT_GIF) 1636 continue; 1637 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1638 continue; 1639 1640 /* 1641 * If this is not the original output interface, 1642 * and the interface is participating in spanning 1643 * tree, make sure the port is in a state that 1644 * allows forwarding. 1645 */ 1646 if (dst_if != ifp && 1647 (bif->bif_flags & IFBIF_STP) != 0) { 1648 switch (bif->bif_state) { 1649 case BSTP_IFSTATE_BLOCKING: 1650 case BSTP_IFSTATE_LISTENING: 1651 case BSTP_IFSTATE_DISABLED: 1652 continue; 1653 } 1654 } 1655 1656 if (LIST_NEXT(bif, bif_next) == NULL) { 1657 used = 1; 1658 mc = m; 1659 } else { 1660 mc = m_copypacket(m, M_DONTWAIT); 1661 if (mc == NULL) { 1662 sc->sc_ifp->if_oerrors++; 1663 continue; 1664 } 1665 } 1666 1667 bridge_enqueue(sc, dst_if, mc); 1668 } 1669 if (used == 0) 1670 m_freem(m); 1671 BRIDGE_UNREF(sc); 1672 return (0); 1673 } 1674 1675 sendunicast: 1676 /* 1677 * XXX Spanning tree consideration here? 1678 */ 1679 1680 bridge_span(sc, m); 1681 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1682 m_freem(m); 1683 BRIDGE_UNLOCK(sc); 1684 return (0); 1685 } 1686 1687 BRIDGE_UNLOCK(sc); 1688 bridge_enqueue(sc, dst_if, m); 1689 return (0); 1690 } 1691 1692 /* 1693 * bridge_start: 1694 * 1695 * Start output on a bridge. 1696 * 1697 */ 1698 static void 1699 bridge_start(struct ifnet *ifp) 1700 { 1701 struct bridge_softc *sc; 1702 struct mbuf *m; 1703 struct ether_header *eh; 1704 struct ifnet *dst_if; 1705 1706 sc = ifp->if_softc; 1707 1708 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1709 for (;;) { 1710 IFQ_DEQUEUE(&ifp->if_snd, m); 1711 if (m == 0) 1712 break; 1713 BPF_MTAP(ifp, m); 1714 1715 eh = mtod(m, struct ether_header *); 1716 dst_if = NULL; 1717 1718 BRIDGE_LOCK(sc); 1719 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1720 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1721 } 1722 1723 if (dst_if == NULL) 1724 bridge_broadcast(sc, ifp, m, 0); 1725 else { 1726 BRIDGE_UNLOCK(sc); 1727 bridge_enqueue(sc, dst_if, m); 1728 } 1729 } 1730 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1731 } 1732 1733 /* 1734 * bridge_forward: 1735 * 1736 * The forwarding function of the bridge. 1737 * 1738 * NOTE: Releases the lock on return. 1739 */ 1740 static void 1741 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1742 { 1743 struct bridge_iflist *bif; 1744 struct ifnet *src_if, *dst_if, *ifp; 1745 struct ether_header *eh; 1746 1747 src_if = m->m_pkthdr.rcvif; 1748 BRIDGE_LOCK_ASSERT(sc); 1749 ifp = sc->sc_ifp; 1750 1751 sc->sc_ifp->if_ipackets++; 1752 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1753 1754 /* 1755 * Look up the bridge_iflist. 1756 */ 1757 bif = bridge_lookup_member_if(sc, src_if); 1758 if (bif == NULL) { 1759 /* Interface is not a bridge member (anymore?) */ 1760 BRIDGE_UNLOCK(sc); 1761 m_freem(m); 1762 return; 1763 } 1764 1765 if (bif->bif_flags & IFBIF_STP) { 1766 switch (bif->bif_state) { 1767 case BSTP_IFSTATE_BLOCKING: 1768 case BSTP_IFSTATE_LISTENING: 1769 case BSTP_IFSTATE_DISABLED: 1770 BRIDGE_UNLOCK(sc); 1771 m_freem(m); 1772 return; 1773 } 1774 } 1775 1776 eh = mtod(m, struct ether_header *); 1777 1778 /* 1779 * If the interface is learning, and the source 1780 * address is valid and not multicast, record 1781 * the address. 1782 */ 1783 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1784 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1785 (eh->ether_shost[0] == 0 && 1786 eh->ether_shost[1] == 0 && 1787 eh->ether_shost[2] == 0 && 1788 eh->ether_shost[3] == 0 && 1789 eh->ether_shost[4] == 0 && 1790 eh->ether_shost[5] == 0) == 0) { 1791 (void) bridge_rtupdate(sc, eh->ether_shost, 1792 src_if, 0, IFBAF_DYNAMIC); 1793 } 1794 1795 if ((bif->bif_flags & IFBIF_STP) != 0 && 1796 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1797 m_freem(m); 1798 BRIDGE_UNLOCK(sc); 1799 return; 1800 } 1801 1802 /* 1803 * At this point, the port either doesn't participate 1804 * in spanning tree or it is in the forwarding state. 1805 */ 1806 1807 /* 1808 * If the packet is unicast, destined for someone on 1809 * "this" side of the bridge, drop it. 1810 */ 1811 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1812 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1813 if (src_if == dst_if) { 1814 BRIDGE_UNLOCK(sc); 1815 m_freem(m); 1816 return; 1817 } 1818 } else { 1819 /* ...forward it to all interfaces. */ 1820 sc->sc_ifp->if_imcasts++; 1821 dst_if = NULL; 1822 } 1823 1824 /* 1825 * If we have a destination interface which is a member of our bridge, 1826 * OR this is a unicast packet, push it through the bpf(4) machinery. 1827 * For broadcast or multicast packets, don't bother because it will 1828 * be reinjected into ether_input. We do this before we pass the packets 1829 * through the pfil(9) framework, as it is possible that pfil(9) will 1830 * drop the packet, or possibly modify it, making it difficult to debug 1831 * firewall issues on the bridge. 1832 */ 1833 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1834 BPF_MTAP(ifp, m); 1835 1836 /* run the packet filter */ 1837 if (PFIL_HOOKED(&inet_pfil_hook) 1838 #ifdef INET6 1839 || PFIL_HOOKED(&inet6_pfil_hook) 1840 #endif 1841 ) { 1842 BRIDGE_UNLOCK(sc); 1843 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1844 return; 1845 if (m == NULL) 1846 return; 1847 BRIDGE_LOCK(sc); 1848 } 1849 1850 if (dst_if == NULL) { 1851 bridge_broadcast(sc, src_if, m, 1); 1852 return; 1853 } 1854 1855 /* 1856 * At this point, we're dealing with a unicast frame 1857 * going to a different interface. 1858 */ 1859 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1860 BRIDGE_UNLOCK(sc); 1861 m_freem(m); 1862 return; 1863 } 1864 bif = bridge_lookup_member_if(sc, dst_if); 1865 if (bif == NULL) { 1866 /* Not a member of the bridge (anymore?) */ 1867 BRIDGE_UNLOCK(sc); 1868 m_freem(m); 1869 return; 1870 } 1871 1872 if (bif->bif_flags & IFBIF_STP) { 1873 switch (bif->bif_state) { 1874 case BSTP_IFSTATE_DISABLED: 1875 case BSTP_IFSTATE_BLOCKING: 1876 BRIDGE_UNLOCK(sc); 1877 m_freem(m); 1878 return; 1879 } 1880 } 1881 1882 BRIDGE_UNLOCK(sc); 1883 1884 if (PFIL_HOOKED(&inet_pfil_hook) 1885 #ifdef INET6 1886 || PFIL_HOOKED(&inet6_pfil_hook) 1887 #endif 1888 ) { 1889 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1890 return; 1891 if (m == NULL) 1892 return; 1893 } 1894 1895 bridge_enqueue(sc, dst_if, m); 1896 } 1897 1898 /* 1899 * bridge_input: 1900 * 1901 * Receive input from a member interface. Queue the packet for 1902 * bridging if it is not for us. 1903 */ 1904 static struct mbuf * 1905 bridge_input(struct ifnet *ifp, struct mbuf *m) 1906 { 1907 struct bridge_softc *sc = ifp->if_bridge; 1908 struct bridge_iflist *bif; 1909 struct ifnet *bifp; 1910 struct ether_header *eh; 1911 struct mbuf *mc, *mc2; 1912 1913 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1914 return (m); 1915 1916 bifp = sc->sc_ifp; 1917 1918 /* 1919 * Implement support for bridge monitoring. If this flag has been 1920 * set on this interface, discard the packet once we push it through 1921 * the bpf(4) machinery, but before we do, increment the byte and 1922 * packet counters associated with this interface. 1923 */ 1924 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1925 m->m_pkthdr.rcvif = bifp; 1926 BPF_MTAP(bifp, m); 1927 bifp->if_ipackets++; 1928 bifp->if_ibytes += m->m_pkthdr.len; 1929 m_free(m); 1930 return (NULL); 1931 } 1932 BRIDGE_LOCK(sc); 1933 bif = bridge_lookup_member_if(sc, ifp); 1934 if (bif == NULL) { 1935 BRIDGE_UNLOCK(sc); 1936 return (m); 1937 } 1938 1939 eh = mtod(m, struct ether_header *); 1940 1941 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 1942 ETHER_ADDR_LEN) == 0) { 1943 /* 1944 * If the packet is for us, set the packets source as the 1945 * bridge, and return the packet back to ether_input for 1946 * local processing. 1947 */ 1948 1949 /* Mark the packet as arriving on the bridge interface */ 1950 m->m_pkthdr.rcvif = bifp; 1951 BPF_MTAP(bifp, m); 1952 bifp->if_ipackets++; 1953 1954 BRIDGE_UNLOCK(sc); 1955 return (m); 1956 } 1957 1958 bridge_span(sc, m); 1959 1960 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1961 /* Tap off 802.1D packets; they do not get forwarded. */ 1962 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1963 ETHER_ADDR_LEN) == 0) { 1964 m = bstp_input(ifp, m); 1965 if (m == NULL) { 1966 BRIDGE_UNLOCK(sc); 1967 return (NULL); 1968 } 1969 } 1970 1971 if (bif->bif_flags & IFBIF_STP) { 1972 switch (bif->bif_state) { 1973 case BSTP_IFSTATE_BLOCKING: 1974 case BSTP_IFSTATE_LISTENING: 1975 case BSTP_IFSTATE_DISABLED: 1976 BRIDGE_UNLOCK(sc); 1977 return (m); 1978 } 1979 } 1980 1981 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 1982 sizeof(etherbroadcastaddr)) == 0) 1983 m->m_flags |= M_BCAST; 1984 else 1985 m->m_flags |= M_MCAST; 1986 1987 /* 1988 * Make a deep copy of the packet and enqueue the copy 1989 * for bridge processing; return the original packet for 1990 * local processing. 1991 */ 1992 mc = m_dup(m, M_DONTWAIT); 1993 if (mc == NULL) { 1994 BRIDGE_UNLOCK(sc); 1995 return (m); 1996 } 1997 1998 /* Perform the bridge forwarding function with the copy. */ 1999 bridge_forward(sc, mc); 2000 2001 /* 2002 * Reinject the mbuf as arriving on the bridge so we have a 2003 * chance at claiming multicast packets. We can not loop back 2004 * here from ether_input as a bridge is never a member of a 2005 * bridge. 2006 */ 2007 KASSERT(bifp->if_bridge == NULL, 2008 ("loop created in bridge_input")); 2009 mc2 = m_dup(m, M_DONTWAIT); 2010 if (mc2 != NULL) { 2011 /* Keep the layer3 header aligned */ 2012 int i = min(mc2->m_pkthdr.len, max_protohdr); 2013 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2014 } 2015 if (mc2 != NULL) { 2016 mc2->m_pkthdr.rcvif = bifp; 2017 (*bifp->if_input)(bifp, mc2); 2018 } 2019 2020 /* Return the original packet for local processing. */ 2021 return (m); 2022 } 2023 2024 if (bif->bif_flags & IFBIF_STP) { 2025 switch (bif->bif_state) { 2026 case BSTP_IFSTATE_BLOCKING: 2027 case BSTP_IFSTATE_LISTENING: 2028 case BSTP_IFSTATE_DISABLED: 2029 BRIDGE_UNLOCK(sc); 2030 return (m); 2031 } 2032 } 2033 2034 /* 2035 * Unicast. Make sure it's not for us. 2036 */ 2037 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2038 if (bif->bif_ifp->if_type == IFT_GIF) 2039 continue; 2040 /* It is destined for us. */ 2041 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2042 ETHER_ADDR_LEN) == 0) { 2043 if (bif->bif_flags & IFBIF_LEARNING) 2044 (void) bridge_rtupdate(sc, 2045 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 2046 m->m_pkthdr.rcvif = bif->bif_ifp; 2047 BRIDGE_UNLOCK(sc); 2048 return (m); 2049 } 2050 2051 /* We just received a packet that we sent out. */ 2052 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2053 ETHER_ADDR_LEN) == 0) { 2054 BRIDGE_UNLOCK(sc); 2055 m_freem(m); 2056 return (NULL); 2057 } 2058 } 2059 2060 /* Perform the bridge forwarding function. */ 2061 bridge_forward(sc, m); 2062 2063 return (NULL); 2064 } 2065 2066 /* 2067 * bridge_broadcast: 2068 * 2069 * Send a frame to all interfaces that are members of 2070 * the bridge, except for the one on which the packet 2071 * arrived. 2072 * 2073 * NOTE: Releases the lock on return. 2074 */ 2075 static void 2076 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2077 struct mbuf *m, int runfilt) 2078 { 2079 struct bridge_iflist *bif; 2080 struct mbuf *mc; 2081 struct ifnet *dst_if; 2082 int error = 0, used = 0, i; 2083 2084 BRIDGE_LOCK_ASSERT(sc); 2085 BRIDGE_LOCK2REF(sc, error); 2086 if (error) { 2087 m_freem(m); 2088 return; 2089 } 2090 2091 /* Filter on the bridge interface before broadcasting */ 2092 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2093 #ifdef INET6 2094 || PFIL_HOOKED(&inet6_pfil_hook) 2095 #endif 2096 )) { 2097 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2098 goto out; 2099 if (m == NULL) 2100 goto out; 2101 } 2102 2103 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2104 dst_if = bif->bif_ifp; 2105 if (dst_if == src_if) 2106 continue; 2107 2108 if (bif->bif_flags & IFBIF_STP) { 2109 switch (bif->bif_state) { 2110 case BSTP_IFSTATE_BLOCKING: 2111 case BSTP_IFSTATE_DISABLED: 2112 continue; 2113 } 2114 } 2115 2116 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2117 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2118 continue; 2119 2120 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2121 continue; 2122 2123 if (LIST_NEXT(bif, bif_next) == NULL) { 2124 mc = m; 2125 used = 1; 2126 } else { 2127 mc = m_dup(m, M_DONTWAIT); 2128 if (mc == NULL) { 2129 sc->sc_ifp->if_oerrors++; 2130 continue; 2131 } 2132 } 2133 2134 /* 2135 * Filter on the output interface. Pass a NULL bridge interface 2136 * pointer so we do not redundantly filter on the bridge for 2137 * each interface we broadcast on. 2138 */ 2139 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2140 #ifdef INET6 2141 || PFIL_HOOKED(&inet6_pfil_hook) 2142 #endif 2143 )) { 2144 if (used == 0) { 2145 /* Keep the layer3 header aligned */ 2146 i = min(mc->m_pkthdr.len, max_protohdr); 2147 mc = m_copyup(mc, i, ETHER_ALIGN); 2148 if (mc == NULL) { 2149 sc->sc_ifp->if_oerrors++; 2150 continue; 2151 } 2152 } 2153 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2154 continue; 2155 if (mc == NULL) 2156 continue; 2157 } 2158 2159 bridge_enqueue(sc, dst_if, mc); 2160 } 2161 if (used == 0) 2162 m_freem(m); 2163 2164 out: 2165 BRIDGE_UNREF(sc); 2166 } 2167 2168 /* 2169 * bridge_span: 2170 * 2171 * Duplicate a packet out one or more interfaces that are in span mode, 2172 * the original mbuf is unmodified. 2173 */ 2174 static void 2175 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2176 { 2177 struct bridge_iflist *bif; 2178 struct ifnet *dst_if; 2179 struct mbuf *mc; 2180 2181 if (LIST_EMPTY(&sc->sc_spanlist)) 2182 return; 2183 2184 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2185 dst_if = bif->bif_ifp; 2186 2187 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2188 continue; 2189 2190 mc = m_copypacket(m, M_DONTWAIT); 2191 if (mc == NULL) { 2192 sc->sc_ifp->if_oerrors++; 2193 continue; 2194 } 2195 2196 bridge_enqueue(sc, dst_if, mc); 2197 } 2198 } 2199 2200 /* 2201 * bridge_rtupdate: 2202 * 2203 * Add a bridge routing entry. 2204 */ 2205 static int 2206 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2207 struct ifnet *dst_if, int setflags, uint8_t flags) 2208 { 2209 struct bridge_rtnode *brt; 2210 int error; 2211 2212 BRIDGE_LOCK_ASSERT(sc); 2213 2214 /* 2215 * A route for this destination might already exist. If so, 2216 * update it, otherwise create a new one. 2217 */ 2218 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2219 if (sc->sc_brtcnt >= sc->sc_brtmax) 2220 return (ENOSPC); 2221 2222 /* 2223 * Allocate a new bridge forwarding node, and 2224 * initialize the expiration time and Ethernet 2225 * address. 2226 */ 2227 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2228 if (brt == NULL) 2229 return (ENOMEM); 2230 2231 brt->brt_flags = IFBAF_DYNAMIC; 2232 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2233 2234 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2235 uma_zfree(bridge_rtnode_zone, brt); 2236 return (error); 2237 } 2238 } 2239 2240 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2241 brt->brt_ifp = dst_if; 2242 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2243 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2244 if (setflags) 2245 brt->brt_flags = flags; 2246 2247 return (0); 2248 } 2249 2250 /* 2251 * bridge_rtlookup: 2252 * 2253 * Lookup the destination interface for an address. 2254 */ 2255 static struct ifnet * 2256 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2257 { 2258 struct bridge_rtnode *brt; 2259 2260 BRIDGE_LOCK_ASSERT(sc); 2261 2262 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2263 return (NULL); 2264 2265 return (brt->brt_ifp); 2266 } 2267 2268 /* 2269 * bridge_rttrim: 2270 * 2271 * Trim the routine table so that we have a number 2272 * of routing entries less than or equal to the 2273 * maximum number. 2274 */ 2275 static void 2276 bridge_rttrim(struct bridge_softc *sc) 2277 { 2278 struct bridge_rtnode *brt, *nbrt; 2279 2280 BRIDGE_LOCK_ASSERT(sc); 2281 2282 /* Make sure we actually need to do this. */ 2283 if (sc->sc_brtcnt <= sc->sc_brtmax) 2284 return; 2285 2286 /* Force an aging cycle; this might trim enough addresses. */ 2287 bridge_rtage(sc); 2288 if (sc->sc_brtcnt <= sc->sc_brtmax) 2289 return; 2290 2291 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2292 nbrt = LIST_NEXT(brt, brt_list); 2293 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2294 bridge_rtnode_destroy(sc, brt); 2295 if (sc->sc_brtcnt <= sc->sc_brtmax) 2296 return; 2297 } 2298 } 2299 } 2300 2301 /* 2302 * bridge_timer: 2303 * 2304 * Aging timer for the bridge. 2305 */ 2306 static void 2307 bridge_timer(void *arg) 2308 { 2309 struct bridge_softc *sc = arg; 2310 2311 BRIDGE_LOCK_ASSERT(sc); 2312 2313 bridge_rtage(sc); 2314 2315 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2316 callout_reset(&sc->sc_brcallout, 2317 bridge_rtable_prune_period * hz, bridge_timer, sc); 2318 } 2319 2320 /* 2321 * bridge_rtage: 2322 * 2323 * Perform an aging cycle. 2324 */ 2325 static void 2326 bridge_rtage(struct bridge_softc *sc) 2327 { 2328 struct bridge_rtnode *brt, *nbrt; 2329 2330 BRIDGE_LOCK_ASSERT(sc); 2331 2332 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2333 nbrt = LIST_NEXT(brt, brt_list); 2334 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2335 if (time_uptime >= brt->brt_expire) 2336 bridge_rtnode_destroy(sc, brt); 2337 } 2338 } 2339 } 2340 2341 /* 2342 * bridge_rtflush: 2343 * 2344 * Remove all dynamic addresses from the bridge. 2345 */ 2346 static void 2347 bridge_rtflush(struct bridge_softc *sc, int full) 2348 { 2349 struct bridge_rtnode *brt, *nbrt; 2350 2351 BRIDGE_LOCK_ASSERT(sc); 2352 2353 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2354 nbrt = LIST_NEXT(brt, brt_list); 2355 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2356 bridge_rtnode_destroy(sc, brt); 2357 } 2358 } 2359 2360 /* 2361 * bridge_rtdaddr: 2362 * 2363 * Remove an address from the table. 2364 */ 2365 static int 2366 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2367 { 2368 struct bridge_rtnode *brt; 2369 2370 BRIDGE_LOCK_ASSERT(sc); 2371 2372 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2373 return (ENOENT); 2374 2375 bridge_rtnode_destroy(sc, brt); 2376 return (0); 2377 } 2378 2379 /* 2380 * bridge_rtdelete: 2381 * 2382 * Delete routes to a speicifc member interface. 2383 */ 2384 void 2385 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2386 { 2387 struct bridge_rtnode *brt, *nbrt; 2388 2389 BRIDGE_LOCK_ASSERT(sc); 2390 2391 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2392 nbrt = LIST_NEXT(brt, brt_list); 2393 if (brt->brt_ifp == ifp && (full || 2394 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2395 bridge_rtnode_destroy(sc, brt); 2396 } 2397 } 2398 2399 /* 2400 * bridge_rtable_init: 2401 * 2402 * Initialize the route table for this bridge. 2403 */ 2404 static int 2405 bridge_rtable_init(struct bridge_softc *sc) 2406 { 2407 int i; 2408 2409 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2410 M_DEVBUF, M_NOWAIT); 2411 if (sc->sc_rthash == NULL) 2412 return (ENOMEM); 2413 2414 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2415 LIST_INIT(&sc->sc_rthash[i]); 2416 2417 sc->sc_rthash_key = arc4random(); 2418 2419 LIST_INIT(&sc->sc_rtlist); 2420 2421 return (0); 2422 } 2423 2424 /* 2425 * bridge_rtable_fini: 2426 * 2427 * Deconstruct the route table for this bridge. 2428 */ 2429 static void 2430 bridge_rtable_fini(struct bridge_softc *sc) 2431 { 2432 2433 free(sc->sc_rthash, M_DEVBUF); 2434 } 2435 2436 /* 2437 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2438 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2439 */ 2440 #define mix(a, b, c) \ 2441 do { \ 2442 a -= b; a -= c; a ^= (c >> 13); \ 2443 b -= c; b -= a; b ^= (a << 8); \ 2444 c -= a; c -= b; c ^= (b >> 13); \ 2445 a -= b; a -= c; a ^= (c >> 12); \ 2446 b -= c; b -= a; b ^= (a << 16); \ 2447 c -= a; c -= b; c ^= (b >> 5); \ 2448 a -= b; a -= c; a ^= (c >> 3); \ 2449 b -= c; b -= a; b ^= (a << 10); \ 2450 c -= a; c -= b; c ^= (b >> 15); \ 2451 } while (/*CONSTCOND*/0) 2452 2453 static __inline uint32_t 2454 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2455 { 2456 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2457 2458 b += addr[5] << 8; 2459 b += addr[4]; 2460 a += addr[3] << 24; 2461 a += addr[2] << 16; 2462 a += addr[1] << 8; 2463 a += addr[0]; 2464 2465 mix(a, b, c); 2466 2467 return (c & BRIDGE_RTHASH_MASK); 2468 } 2469 2470 #undef mix 2471 2472 static int 2473 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2474 { 2475 int i, d; 2476 2477 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2478 d = ((int)a[i]) - ((int)b[i]); 2479 } 2480 2481 return (d); 2482 } 2483 2484 /* 2485 * bridge_rtnode_lookup: 2486 * 2487 * Look up a bridge route node for the specified destination. 2488 */ 2489 static struct bridge_rtnode * 2490 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2491 { 2492 struct bridge_rtnode *brt; 2493 uint32_t hash; 2494 int dir; 2495 2496 BRIDGE_LOCK_ASSERT(sc); 2497 2498 hash = bridge_rthash(sc, addr); 2499 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2500 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2501 if (dir == 0) 2502 return (brt); 2503 if (dir > 0) 2504 return (NULL); 2505 } 2506 2507 return (NULL); 2508 } 2509 2510 /* 2511 * bridge_rtnode_insert: 2512 * 2513 * Insert the specified bridge node into the route table. We 2514 * assume the entry is not already in the table. 2515 */ 2516 static int 2517 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2518 { 2519 struct bridge_rtnode *lbrt; 2520 uint32_t hash; 2521 int dir; 2522 2523 BRIDGE_LOCK_ASSERT(sc); 2524 2525 hash = bridge_rthash(sc, brt->brt_addr); 2526 2527 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2528 if (lbrt == NULL) { 2529 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2530 goto out; 2531 } 2532 2533 do { 2534 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2535 if (dir == 0) 2536 return (EEXIST); 2537 if (dir > 0) { 2538 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2539 goto out; 2540 } 2541 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2542 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2543 goto out; 2544 } 2545 lbrt = LIST_NEXT(lbrt, brt_hash); 2546 } while (lbrt != NULL); 2547 2548 #ifdef DIAGNOSTIC 2549 panic("bridge_rtnode_insert: impossible"); 2550 #endif 2551 2552 out: 2553 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2554 sc->sc_brtcnt++; 2555 2556 return (0); 2557 } 2558 2559 /* 2560 * bridge_rtnode_destroy: 2561 * 2562 * Destroy a bridge rtnode. 2563 */ 2564 static void 2565 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2566 { 2567 BRIDGE_LOCK_ASSERT(sc); 2568 2569 LIST_REMOVE(brt, brt_hash); 2570 2571 LIST_REMOVE(brt, brt_list); 2572 sc->sc_brtcnt--; 2573 uma_zfree(bridge_rtnode_zone, brt); 2574 } 2575 2576 /* 2577 * Send bridge packets through pfil if they are one of the types pfil can deal 2578 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2579 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2580 * that interface. 2581 */ 2582 static int 2583 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2584 { 2585 int snap, error, i, hlen; 2586 struct ether_header *eh1, eh2; 2587 struct ip_fw_args args; 2588 struct ip *ip; 2589 struct llc llc1; 2590 u_int16_t ether_type; 2591 2592 snap = 0; 2593 error = -1; /* Default error if not error == 0 */ 2594 2595 /* we may return with the IP fields swapped, ensure its not shared */ 2596 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2597 2598 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2599 return (0); /* filtering is disabled */ 2600 2601 i = min((*mp)->m_pkthdr.len, max_protohdr); 2602 if ((*mp)->m_len < i) { 2603 *mp = m_pullup(*mp, i); 2604 if (*mp == NULL) { 2605 printf("%s: m_pullup failed\n", __func__); 2606 return (-1); 2607 } 2608 } 2609 2610 eh1 = mtod(*mp, struct ether_header *); 2611 ether_type = ntohs(eh1->ether_type); 2612 2613 /* 2614 * Check for SNAP/LLC. 2615 */ 2616 if (ether_type < ETHERMTU) { 2617 struct llc *llc2 = (struct llc *)(eh1 + 1); 2618 2619 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2620 llc2->llc_dsap == LLC_SNAP_LSAP && 2621 llc2->llc_ssap == LLC_SNAP_LSAP && 2622 llc2->llc_control == LLC_UI) { 2623 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2624 snap = 1; 2625 } 2626 } 2627 2628 /* 2629 * If we're trying to filter bridge traffic, don't look at anything 2630 * other than IP and ARP traffic. If the filter doesn't understand 2631 * IPv6, don't allow IPv6 through the bridge either. This is lame 2632 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2633 * but of course we don't have an AppleTalk filter to begin with. 2634 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2635 * ARP traffic.) 2636 */ 2637 switch (ether_type) { 2638 case ETHERTYPE_ARP: 2639 case ETHERTYPE_REVARP: 2640 return (0); /* Automatically pass */ 2641 case ETHERTYPE_IP: 2642 #ifdef INET6 2643 case ETHERTYPE_IPV6: 2644 #endif /* INET6 */ 2645 break; 2646 default: 2647 /* 2648 * Check to see if the user wants to pass non-ip 2649 * packets, these will not be checked by pfil(9) and 2650 * passed unconditionally so the default is to drop. 2651 */ 2652 if (pfil_onlyip) 2653 goto bad; 2654 } 2655 2656 /* Strip off the Ethernet header and keep a copy. */ 2657 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2658 m_adj(*mp, ETHER_HDR_LEN); 2659 2660 /* Strip off snap header, if present */ 2661 if (snap) { 2662 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2663 m_adj(*mp, sizeof(struct llc)); 2664 } 2665 2666 /* 2667 * Check the IP header for alignment and errors 2668 */ 2669 if (dir == PFIL_IN) { 2670 switch (ether_type) { 2671 case ETHERTYPE_IP: 2672 error = bridge_ip_checkbasic(mp); 2673 break; 2674 #ifdef INET6 2675 case ETHERTYPE_IPV6: 2676 error = bridge_ip6_checkbasic(mp); 2677 break; 2678 #endif /* INET6 */ 2679 default: 2680 error = 0; 2681 } 2682 if (error) 2683 goto bad; 2684 } 2685 2686 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2687 error = -1; 2688 args.rule = ip_dn_claim_rule(*mp); 2689 if (args.rule != NULL && fw_one_pass) 2690 goto ipfwpass; /* packet already partially processed */ 2691 2692 args.m = *mp; 2693 args.oif = ifp; 2694 args.next_hop = NULL; 2695 args.eh = &eh2; 2696 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2697 i = ip_fw_chk_ptr(&args); 2698 *mp = args.m; 2699 2700 if (*mp == NULL) 2701 return (error); 2702 2703 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2704 2705 /* put the Ethernet header back on */ 2706 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2707 if (*mp == NULL) 2708 return (error); 2709 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2710 2711 /* 2712 * Pass the pkt to dummynet, which consumes it. The 2713 * packet will return to us via bridge_dummynet(). 2714 */ 2715 args.oif = ifp; 2716 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2717 return (error); 2718 } 2719 2720 if (i != IP_FW_PASS) /* drop */ 2721 goto bad; 2722 } 2723 2724 ipfwpass: 2725 error = 0; 2726 2727 /* 2728 * Run the packet through pfil 2729 */ 2730 switch (ether_type) { 2731 case ETHERTYPE_IP: 2732 /* 2733 * before calling the firewall, swap fields the same as 2734 * IP does. here we assume the header is contiguous 2735 */ 2736 ip = mtod(*mp, struct ip *); 2737 2738 ip->ip_len = ntohs(ip->ip_len); 2739 ip->ip_off = ntohs(ip->ip_off); 2740 2741 /* 2742 * Run pfil on the member interface and the bridge, both can 2743 * be skipped by clearing pfil_member or pfil_bridge. 2744 * 2745 * Keep the order: 2746 * in_if -> bridge_if -> out_if 2747 */ 2748 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2749 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2750 dir, NULL); 2751 2752 if (*mp == NULL || error != 0) /* filter may consume */ 2753 break; 2754 2755 if (pfil_member && ifp != NULL) 2756 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2757 dir, NULL); 2758 2759 if (*mp == NULL || error != 0) /* filter may consume */ 2760 break; 2761 2762 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2763 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2764 dir, NULL); 2765 2766 if (*mp == NULL || error != 0) /* filter may consume */ 2767 break; 2768 2769 /* check if we need to fragment the packet */ 2770 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2771 i = (*mp)->m_pkthdr.len; 2772 if (i > ifp->if_mtu) { 2773 error = bridge_fragment(ifp, *mp, &eh2, snap, 2774 &llc1); 2775 return (error); 2776 } 2777 } 2778 2779 /* Recalculate the ip checksum and restore byte ordering */ 2780 ip = mtod(*mp, struct ip *); 2781 hlen = ip->ip_hl << 2; 2782 if (hlen < sizeof(struct ip)) 2783 goto bad; 2784 if (hlen > (*mp)->m_len) { 2785 if ((*mp = m_pullup(*mp, hlen)) == 0) 2786 goto bad; 2787 ip = mtod(*mp, struct ip *); 2788 if (ip == NULL) 2789 goto bad; 2790 } 2791 ip->ip_len = htons(ip->ip_len); 2792 ip->ip_off = htons(ip->ip_off); 2793 ip->ip_sum = 0; 2794 if (hlen == sizeof(struct ip)) 2795 ip->ip_sum = in_cksum_hdr(ip); 2796 else 2797 ip->ip_sum = in_cksum(*mp, hlen); 2798 2799 break; 2800 #ifdef INET6 2801 case ETHERTYPE_IPV6: 2802 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2803 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2804 dir, NULL); 2805 2806 if (*mp == NULL || error != 0) /* filter may consume */ 2807 break; 2808 2809 if (pfil_member && ifp != NULL) 2810 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2811 dir, NULL); 2812 2813 if (*mp == NULL || error != 0) /* filter may consume */ 2814 break; 2815 2816 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2817 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2818 dir, NULL); 2819 break; 2820 #endif 2821 default: 2822 error = 0; 2823 break; 2824 } 2825 2826 if (*mp == NULL) 2827 return (error); 2828 if (error != 0) 2829 goto bad; 2830 2831 error = -1; 2832 2833 /* 2834 * Finally, put everything back the way it was and return 2835 */ 2836 if (snap) { 2837 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2838 if (*mp == NULL) 2839 return (error); 2840 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2841 } 2842 2843 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2844 if (*mp == NULL) 2845 return (error); 2846 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2847 2848 return (0); 2849 2850 bad: 2851 m_freem(*mp); 2852 *mp = NULL; 2853 return (error); 2854 } 2855 2856 /* 2857 * Perform basic checks on header size since 2858 * pfil assumes ip_input has already processed 2859 * it for it. Cut-and-pasted from ip_input.c. 2860 * Given how simple the IPv6 version is, 2861 * does the IPv4 version really need to be 2862 * this complicated? 2863 * 2864 * XXX Should we update ipstat here, or not? 2865 * XXX Right now we update ipstat but not 2866 * XXX csum_counter. 2867 */ 2868 static int 2869 bridge_ip_checkbasic(struct mbuf **mp) 2870 { 2871 struct mbuf *m = *mp; 2872 struct ip *ip; 2873 int len, hlen; 2874 u_short sum; 2875 2876 if (*mp == NULL) 2877 return (-1); 2878 2879 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2880 if ((m = m_copyup(m, sizeof(struct ip), 2881 (max_linkhdr + 3) & ~3)) == NULL) { 2882 /* XXXJRT new stat, please */ 2883 ipstat.ips_toosmall++; 2884 goto bad; 2885 } 2886 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 2887 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2888 ipstat.ips_toosmall++; 2889 goto bad; 2890 } 2891 } 2892 ip = mtod(m, struct ip *); 2893 if (ip == NULL) goto bad; 2894 2895 if (ip->ip_v != IPVERSION) { 2896 ipstat.ips_badvers++; 2897 goto bad; 2898 } 2899 hlen = ip->ip_hl << 2; 2900 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2901 ipstat.ips_badhlen++; 2902 goto bad; 2903 } 2904 if (hlen > m->m_len) { 2905 if ((m = m_pullup(m, hlen)) == 0) { 2906 ipstat.ips_badhlen++; 2907 goto bad; 2908 } 2909 ip = mtod(m, struct ip *); 2910 if (ip == NULL) goto bad; 2911 } 2912 2913 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2914 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2915 } else { 2916 if (hlen == sizeof(struct ip)) { 2917 sum = in_cksum_hdr(ip); 2918 } else { 2919 sum = in_cksum(m, hlen); 2920 } 2921 } 2922 if (sum) { 2923 ipstat.ips_badsum++; 2924 goto bad; 2925 } 2926 2927 /* Retrieve the packet length. */ 2928 len = ntohs(ip->ip_len); 2929 2930 /* 2931 * Check for additional length bogosity 2932 */ 2933 if (len < hlen) { 2934 ipstat.ips_badlen++; 2935 goto bad; 2936 } 2937 2938 /* 2939 * Check that the amount of data in the buffers 2940 * is as at least much as the IP header would have us expect. 2941 * Drop packet if shorter than we expect. 2942 */ 2943 if (m->m_pkthdr.len < len) { 2944 ipstat.ips_tooshort++; 2945 goto bad; 2946 } 2947 2948 /* Checks out, proceed */ 2949 *mp = m; 2950 return (0); 2951 2952 bad: 2953 *mp = m; 2954 return (-1); 2955 } 2956 2957 #ifdef INET6 2958 /* 2959 * Same as above, but for IPv6. 2960 * Cut-and-pasted from ip6_input.c. 2961 * XXX Should we update ip6stat, or not? 2962 */ 2963 static int 2964 bridge_ip6_checkbasic(struct mbuf **mp) 2965 { 2966 struct mbuf *m = *mp; 2967 struct ip6_hdr *ip6; 2968 2969 /* 2970 * If the IPv6 header is not aligned, slurp it up into a new 2971 * mbuf with space for link headers, in the event we forward 2972 * it. Otherwise, if it is aligned, make sure the entire base 2973 * IPv6 header is in the first mbuf of the chain. 2974 */ 2975 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2976 struct ifnet *inifp = m->m_pkthdr.rcvif; 2977 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2978 (max_linkhdr + 3) & ~3)) == NULL) { 2979 /* XXXJRT new stat, please */ 2980 ip6stat.ip6s_toosmall++; 2981 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2982 goto bad; 2983 } 2984 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2985 struct ifnet *inifp = m->m_pkthdr.rcvif; 2986 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2987 ip6stat.ip6s_toosmall++; 2988 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2989 goto bad; 2990 } 2991 } 2992 2993 ip6 = mtod(m, struct ip6_hdr *); 2994 2995 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2996 ip6stat.ip6s_badvers++; 2997 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2998 goto bad; 2999 } 3000 3001 /* Checks out, proceed */ 3002 *mp = m; 3003 return (0); 3004 3005 bad: 3006 *mp = m; 3007 return (-1); 3008 } 3009 #endif /* INET6 */ 3010 3011 /* 3012 * bridge_fragment: 3013 * 3014 * Return a fragmented mbuf chain. 3015 */ 3016 static int 3017 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3018 int snap, struct llc *llc) 3019 { 3020 struct mbuf *m0; 3021 struct ip *ip; 3022 int error = -1; 3023 3024 if (m->m_len < sizeof(struct ip) && 3025 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3026 goto out; 3027 ip = mtod(m, struct ip *); 3028 3029 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3030 CSUM_DELAY_IP); 3031 if (error) 3032 goto out; 3033 3034 /* walk the chain and re-add the Ethernet header */ 3035 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3036 if (error == 0) { 3037 if (snap) { 3038 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3039 if (m0 == NULL) { 3040 error = ENOBUFS; 3041 continue; 3042 } 3043 bcopy(llc, mtod(m0, caddr_t), 3044 sizeof(struct llc)); 3045 } 3046 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3047 if (m0 == NULL) { 3048 error = ENOBUFS; 3049 continue; 3050 } 3051 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3052 } else 3053 m_freem(m); 3054 } 3055 3056 if (error == 0) 3057 ipstat.ips_fragmented++; 3058 3059 return (error); 3060 3061 out: 3062 if (m != NULL) 3063 m_freem(m); 3064 return (error); 3065 } 3066