1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <vm/uma.h> 101 #include <sys/module.h> 102 #include <sys/proc.h> 103 #include <sys/lock.h> 104 #include <sys/mutex.h> 105 #include <sys/condvar.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_clone.h> 110 #include <net/if_dl.h> 111 #include <net/if_types.h> 112 #include <net/if_var.h> 113 #include <net/pfil.h> 114 115 #include <netinet/in.h> /* for struct arpcom */ 116 #include <netinet/in_systm.h> 117 #include <netinet/in_var.h> 118 #include <netinet/ip.h> 119 #include <netinet/ip_var.h> 120 #ifdef INET6 121 #include <netinet/ip6.h> 122 #include <netinet6/ip6_var.h> 123 #endif 124 #include <machine/in_cksum.h> 125 #include <netinet/if_ether.h> /* for struct arpcom */ 126 #include <net/if_bridgevar.h> 127 #include <net/if_llc.h> 128 129 #include <net/route.h> 130 #include <netinet/ip_fw.h> 131 #include <netinet/ip_dummynet.h> 132 133 /* 134 * Size of the route hash table. Must be a power of two. 135 */ 136 #ifndef BRIDGE_RTHASH_SIZE 137 #define BRIDGE_RTHASH_SIZE 1024 138 #endif 139 140 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 141 142 /* 143 * Maximum number of addresses to cache. 144 */ 145 #ifndef BRIDGE_RTABLE_MAX 146 #define BRIDGE_RTABLE_MAX 100 147 #endif 148 149 /* 150 * Spanning tree defaults. 151 */ 152 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 153 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 154 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 155 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 156 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 157 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 158 #define BSTP_DEFAULT_PATH_COST 55 159 160 /* 161 * Timeout (in seconds) for entries learned dynamically. 162 */ 163 #ifndef BRIDGE_RTABLE_TIMEOUT 164 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 165 #endif 166 167 /* 168 * Number of seconds between walks of the route list. 169 */ 170 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 171 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 172 #endif 173 174 static struct mtx bridge_list_mtx; 175 176 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 177 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *, 178 struct sockaddr *, struct rtentry *); 179 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 180 181 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 182 183 uma_zone_t bridge_rtnode_zone; 184 185 int bridge_clone_create(struct if_clone *, int); 186 void bridge_clone_destroy(struct ifnet *); 187 188 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 189 static void bridge_init(void *); 190 void bridge_stop(struct ifnet *, int); 191 void bridge_start(struct ifnet *); 192 193 void bridge_forward(struct bridge_softc *, struct mbuf *m); 194 195 void bridge_timer(void *); 196 197 void bridge_broadcast(struct bridge_softc *, struct ifnet *, struct mbuf *); 198 199 int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 200 struct ifnet *, int, uint8_t); 201 struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 202 void bridge_rttrim(struct bridge_softc *); 203 void bridge_rtage(struct bridge_softc *); 204 void bridge_rtflush(struct bridge_softc *, int); 205 int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 206 207 int bridge_rtable_init(struct bridge_softc *); 208 void bridge_rtable_fini(struct bridge_softc *); 209 210 struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 211 const uint8_t *); 212 int bridge_rtnode_insert(struct bridge_softc *, struct bridge_rtnode *); 213 void bridge_rtnode_destroy(struct bridge_softc *, struct bridge_rtnode *); 214 215 struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 216 const char *name); 217 struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 218 struct ifnet *ifp); 219 void bridge_delete_member(struct bridge_softc *, struct bridge_iflist *); 220 221 int bridge_ioctl_add(struct bridge_softc *, void *); 222 int bridge_ioctl_del(struct bridge_softc *, void *); 223 int bridge_ioctl_gifflags(struct bridge_softc *, void *); 224 int bridge_ioctl_sifflags(struct bridge_softc *, void *); 225 int bridge_ioctl_scache(struct bridge_softc *, void *); 226 int bridge_ioctl_gcache(struct bridge_softc *, void *); 227 int bridge_ioctl_gifs(struct bridge_softc *, void *); 228 int bridge_ioctl_rts(struct bridge_softc *, void *); 229 int bridge_ioctl_saddr(struct bridge_softc *, void *); 230 int bridge_ioctl_sto(struct bridge_softc *, void *); 231 int bridge_ioctl_gto(struct bridge_softc *, void *); 232 int bridge_ioctl_daddr(struct bridge_softc *, void *); 233 int bridge_ioctl_flush(struct bridge_softc *, void *); 234 int bridge_ioctl_gpri(struct bridge_softc *, void *); 235 int bridge_ioctl_spri(struct bridge_softc *, void *); 236 int bridge_ioctl_ght(struct bridge_softc *, void *); 237 int bridge_ioctl_sht(struct bridge_softc *, void *); 238 int bridge_ioctl_gfd(struct bridge_softc *, void *); 239 int bridge_ioctl_sfd(struct bridge_softc *, void *); 240 int bridge_ioctl_gma(struct bridge_softc *, void *); 241 int bridge_ioctl_sma(struct bridge_softc *, void *); 242 int bridge_ioctl_sifprio(struct bridge_softc *, void *); 243 int bridge_ioctl_sifcost(struct bridge_softc *, void *); 244 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, int); 245 static int bridge_ip_checkbasic(struct mbuf **mp); 246 # ifdef INET6 247 static int bridge_ip6_checkbasic(struct mbuf **mp); 248 # endif /* INET6 */ 249 250 SYSCTL_DECL(_net_link); 251 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 252 253 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 254 static int pfil_member = 1; /* run pfil hooks on the member interface */ 255 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 256 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 257 &pfil_bridge, 0, "Packet filter on the bridge interface"); 258 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 259 &pfil_member, 0, "Packet filter on the member interface"); 260 261 struct bridge_control { 262 int (*bc_func)(struct bridge_softc *, void *); 263 int bc_argsize; 264 int bc_flags; 265 }; 266 267 #define BC_F_COPYIN 0x01 /* copy arguments in */ 268 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 269 #define BC_F_SUSER 0x04 /* do super-user check */ 270 271 const struct bridge_control bridge_control_table[] = { 272 { bridge_ioctl_add, sizeof(struct ifbreq), 273 BC_F_COPYIN|BC_F_SUSER }, 274 { bridge_ioctl_del, sizeof(struct ifbreq), 275 BC_F_COPYIN|BC_F_SUSER }, 276 277 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 278 BC_F_COPYIN|BC_F_COPYOUT }, 279 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 280 BC_F_COPYIN|BC_F_SUSER }, 281 282 { bridge_ioctl_scache, sizeof(struct ifbrparam), 283 BC_F_COPYIN|BC_F_SUSER }, 284 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 285 BC_F_COPYOUT }, 286 287 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 288 BC_F_COPYIN|BC_F_COPYOUT }, 289 { bridge_ioctl_rts, sizeof(struct ifbaconf), 290 BC_F_COPYIN|BC_F_COPYOUT }, 291 292 { bridge_ioctl_saddr, sizeof(struct ifbareq), 293 BC_F_COPYIN|BC_F_SUSER }, 294 295 { bridge_ioctl_sto, sizeof(struct ifbrparam), 296 BC_F_COPYIN|BC_F_SUSER }, 297 { bridge_ioctl_gto, sizeof(struct ifbrparam), 298 BC_F_COPYOUT }, 299 300 { bridge_ioctl_daddr, sizeof(struct ifbareq), 301 BC_F_COPYIN|BC_F_SUSER }, 302 303 { bridge_ioctl_flush, sizeof(struct ifbreq), 304 BC_F_COPYIN|BC_F_SUSER }, 305 306 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 307 BC_F_COPYOUT }, 308 { bridge_ioctl_spri, sizeof(struct ifbrparam), 309 BC_F_COPYIN|BC_F_SUSER }, 310 311 { bridge_ioctl_ght, sizeof(struct ifbrparam), 312 BC_F_COPYOUT }, 313 { bridge_ioctl_sht, sizeof(struct ifbrparam), 314 BC_F_COPYIN|BC_F_SUSER }, 315 316 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 317 BC_F_COPYOUT }, 318 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 319 BC_F_COPYIN|BC_F_SUSER }, 320 321 { bridge_ioctl_gma, sizeof(struct ifbrparam), 322 BC_F_COPYOUT }, 323 { bridge_ioctl_sma, sizeof(struct ifbrparam), 324 BC_F_COPYIN|BC_F_SUSER }, 325 326 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 327 BC_F_COPYIN|BC_F_SUSER }, 328 329 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 330 BC_F_COPYIN|BC_F_SUSER }, 331 }; 332 const int bridge_control_table_size = 333 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 334 335 LIST_HEAD(, bridge_softc) bridge_list; 336 337 IFC_SIMPLE_DECLARE(bridge, 0); 338 339 static int 340 bridge_modevent(module_t mod, int type, void *data) 341 { 342 343 switch (type) { 344 case MOD_LOAD: 345 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 346 if_clone_attach(&bridge_cloner); 347 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 348 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 349 UMA_ALIGN_PTR, 0); 350 LIST_INIT(&bridge_list); 351 bridge_input_p = bridge_input; 352 bridge_output_p = bridge_output; 353 bridge_dn_p = bridge_dummynet; 354 bstp_linkstate_p = bstp_linkstate; 355 break; 356 case MOD_UNLOAD: 357 if_clone_detach(&bridge_cloner); 358 while (!LIST_EMPTY(&bridge_list)) 359 bridge_clone_destroy(LIST_FIRST(&bridge_list)->sc_ifp); 360 uma_zdestroy(bridge_rtnode_zone); 361 bridge_input_p = NULL; 362 bridge_output_p = NULL; 363 bridge_dn_p = NULL; 364 bstp_linkstate_p = NULL; 365 mtx_destroy(&bridge_list_mtx); 366 break; 367 default: 368 return EOPNOTSUPP; 369 } 370 return 0; 371 } 372 373 static moduledata_t bridge_mod = { 374 "if_bridge", 375 bridge_modevent, 376 0 377 }; 378 379 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 380 381 /* 382 * handler for net.link.bridge.pfil_ipfw 383 */ 384 static int 385 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 386 { 387 int enable = pfil_ipfw; 388 int error; 389 390 error = sysctl_handle_int(oidp, &enable, 0, req); 391 enable = (enable) ? 1 : 0; 392 393 if (enable != pfil_ipfw) { 394 pfil_ipfw = enable; 395 396 /* 397 * Disable pfil so that ipfw doesnt run twice, if the user really wants 398 * both then they can re-enable pfil_bridge and/or pfil_member. 399 */ 400 if (pfil_ipfw) { 401 pfil_bridge = 0; 402 pfil_member = 0; 403 } 404 } 405 406 return error; 407 } 408 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 409 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 410 411 /* 412 * bridge_clone_create: 413 * 414 * Create a new bridge instance. 415 */ 416 int 417 bridge_clone_create(struct if_clone *ifc, int unit) 418 { 419 struct bridge_softc *sc; 420 struct ifnet *ifp; 421 u_char eaddr[6]; 422 423 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 424 BRIDGE_LOCK_INIT(sc); 425 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 426 if (ifp == NULL) { 427 free(sc, M_DEVBUF); 428 return (ENOSPC); 429 } 430 431 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 432 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 433 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 434 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 435 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 436 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 437 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 438 439 /* Initialize our routing table. */ 440 bridge_rtable_init(sc); 441 442 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 443 callout_init_mtx(&sc->sc_bstpcallout, &sc->sc_mtx, 0); 444 445 LIST_INIT(&sc->sc_iflist); 446 447 ifp->if_softc = sc; 448 if_initname(ifp, ifc->ifc_name, unit); 449 ifp->if_mtu = ETHERMTU; 450 ifp->if_flags = IFF_MULTICAST; 451 ifp->if_ioctl = bridge_ioctl; 452 ifp->if_output = bridge_output; 453 ifp->if_start = bridge_start; 454 ifp->if_init = bridge_init; 455 ifp->if_type = IFT_BRIDGE; 456 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 457 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 458 IFQ_SET_READY(&ifp->if_snd); 459 ifp->if_hdrlen = ETHER_HDR_LEN; 460 461 /* 462 * Generate a random ethernet address and use the private AC:DE:48 463 * OUI code. 464 */ 465 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 466 eaddr[0] = 0xAC; 467 eaddr[1] = 0xDE; 468 eaddr[2] = 0x48; 469 470 ether_ifattach(ifp, eaddr); 471 /* Now undo some of the damage... */ 472 ifp->if_baudrate = 0; 473 ifp->if_type = IFT_BRIDGE; 474 475 mtx_lock(&bridge_list_mtx); 476 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 477 mtx_unlock(&bridge_list_mtx); 478 479 return (0); 480 } 481 482 /* 483 * bridge_clone_destroy: 484 * 485 * Destroy a bridge instance. 486 */ 487 void 488 bridge_clone_destroy(struct ifnet *ifp) 489 { 490 struct bridge_softc *sc = ifp->if_softc; 491 struct bridge_iflist *bif; 492 493 BRIDGE_LOCK(sc); 494 495 bridge_stop(ifp, 1); 496 ifp->if_flags &= ~IFF_UP; 497 498 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 499 bridge_delete_member(sc, bif); 500 501 BRIDGE_UNLOCK(sc); 502 503 callout_drain(&sc->sc_brcallout); 504 callout_drain(&sc->sc_bstpcallout); 505 506 mtx_lock(&bridge_list_mtx); 507 LIST_REMOVE(sc, sc_list); 508 mtx_unlock(&bridge_list_mtx); 509 510 ether_ifdetach(ifp); 511 if_free_type(ifp, IFT_ETHER); 512 513 /* Tear down the routing table. */ 514 bridge_rtable_fini(sc); 515 516 BRIDGE_LOCK_DESTROY(sc); 517 free(sc, M_DEVBUF); 518 } 519 520 /* 521 * bridge_ioctl: 522 * 523 * Handle a control request from the operator. 524 */ 525 int 526 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 527 { 528 struct bridge_softc *sc = ifp->if_softc; 529 struct thread *td = curthread; 530 union { 531 struct ifbreq ifbreq; 532 struct ifbifconf ifbifconf; 533 struct ifbareq ifbareq; 534 struct ifbaconf ifbaconf; 535 struct ifbrparam ifbrparam; 536 } args; 537 struct ifdrv *ifd = (struct ifdrv *) data; 538 const struct bridge_control *bc; 539 int error = 0; 540 541 BRIDGE_LOCK(sc); 542 543 switch (cmd) { 544 545 case SIOCADDMULTI: 546 case SIOCDELMULTI: 547 break; 548 549 case SIOCGDRVSPEC: 550 case SIOCSDRVSPEC: 551 if (ifd->ifd_cmd >= bridge_control_table_size) { 552 error = EINVAL; 553 break; 554 } 555 bc = &bridge_control_table[ifd->ifd_cmd]; 556 557 if (cmd == SIOCGDRVSPEC && 558 (bc->bc_flags & BC_F_COPYOUT) == 0) { 559 error = EINVAL; 560 break; 561 } 562 else if (cmd == SIOCSDRVSPEC && 563 (bc->bc_flags & BC_F_COPYOUT) != 0) { 564 error = EINVAL; 565 break; 566 } 567 568 if (bc->bc_flags & BC_F_SUSER) { 569 error = suser(td); 570 if (error) 571 break; 572 } 573 574 if (ifd->ifd_len != bc->bc_argsize || 575 ifd->ifd_len > sizeof(args)) { 576 error = EINVAL; 577 break; 578 } 579 580 if (bc->bc_flags & BC_F_COPYIN) { 581 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 582 if (error) 583 break; 584 } 585 586 error = (*bc->bc_func)(sc, &args); 587 if (error) 588 break; 589 590 if (bc->bc_flags & BC_F_COPYOUT) 591 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 592 593 break; 594 595 case SIOCSIFFLAGS: 596 if (!(ifp->if_flags & IFF_UP) && 597 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 598 /* 599 * If interface is marked down and it is running, 600 * then stop and disable it. 601 */ 602 bridge_stop(ifp, 1); 603 } else if ((ifp->if_flags & IFF_UP) && 604 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 605 /* 606 * If interface is marked up and it is stopped, then 607 * start it. 608 */ 609 BRIDGE_UNLOCK(sc); 610 (*ifp->if_init)(sc); 611 } 612 break; 613 614 case SIOCSIFMTU: 615 /* Do not allow the MTU to be changed on the bridge */ 616 error = EINVAL; 617 break; 618 619 default: 620 /* 621 * drop the lock as ether_ioctl() will call bridge_start() and 622 * cause the lock to be recursed. 623 */ 624 BRIDGE_UNLOCK(sc); 625 error = ether_ioctl(ifp, cmd, data); 626 break; 627 } 628 629 if (BRIDGE_LOCKED(sc)) 630 BRIDGE_UNLOCK(sc); 631 632 return (error); 633 } 634 635 /* 636 * bridge_lookup_member: 637 * 638 * Lookup a bridge member interface. 639 */ 640 struct bridge_iflist * 641 bridge_lookup_member(struct bridge_softc *sc, const char *name) 642 { 643 struct bridge_iflist *bif; 644 struct ifnet *ifp; 645 646 BRIDGE_LOCK_ASSERT(sc); 647 648 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 649 ifp = bif->bif_ifp; 650 if (strcmp(ifp->if_xname, name) == 0) 651 return (bif); 652 } 653 654 return (NULL); 655 } 656 657 /* 658 * bridge_lookup_member_if: 659 * 660 * Lookup a bridge member interface by ifnet*. 661 */ 662 struct bridge_iflist * 663 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 664 { 665 struct bridge_iflist *bif; 666 667 BRIDGE_LOCK_ASSERT(sc); 668 669 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 670 if (bif->bif_ifp == member_ifp) 671 return (bif); 672 } 673 674 return (NULL); 675 } 676 677 /* 678 * bridge_delete_member: 679 * 680 * Delete the specified member interface. 681 */ 682 void 683 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif) 684 { 685 struct ifnet *ifs = bif->bif_ifp; 686 687 BRIDGE_LOCK_ASSERT(sc); 688 689 switch (ifs->if_type) { 690 case IFT_ETHER: 691 case IFT_L2VLAN: 692 /* 693 * Take the interface out of promiscuous mode. 694 */ 695 (void) ifpromisc(ifs, 0); 696 break; 697 698 default: 699 #ifdef DIAGNOSTIC 700 panic("bridge_delete_member: impossible"); 701 #endif 702 break; 703 } 704 705 ifs->if_bridge = NULL; 706 BRIDGE_XLOCK(sc); 707 LIST_REMOVE(bif, bif_next); 708 BRIDGE_XDROP(sc); 709 710 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 711 712 free(bif, M_DEVBUF); 713 714 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 715 bstp_initialization(sc); 716 } 717 718 int 719 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 720 { 721 struct ifbreq *req = arg; 722 struct bridge_iflist *bif = NULL; 723 struct ifnet *ifs; 724 int error = 0; 725 726 BRIDGE_LOCK_ASSERT(sc); 727 728 ifs = ifunit(req->ifbr_ifsname); 729 if (ifs == NULL) 730 return (ENOENT); 731 732 /* Allow the first member to define the MTU */ 733 if (LIST_EMPTY(&sc->sc_iflist)) 734 sc->sc_ifp->if_mtu = ifs->if_mtu; 735 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 736 if_printf(sc->sc_ifp, "invalid MTU for %s\n", ifs->if_xname); 737 return (EINVAL); 738 } 739 740 if (ifs->if_bridge == sc) 741 return (EEXIST); 742 743 if (ifs->if_bridge != NULL) 744 return (EBUSY); 745 746 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT); 747 if (bif == NULL) 748 return (ENOMEM); 749 750 switch (ifs->if_type) { 751 case IFT_ETHER: 752 case IFT_L2VLAN: 753 /* 754 * Place the interface into promiscuous mode. 755 */ 756 error = ifpromisc(ifs, 1); 757 if (error) 758 goto out; 759 break; 760 761 default: 762 error = EINVAL; 763 goto out; 764 } 765 766 bif->bif_ifp = ifs; 767 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 768 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 769 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 770 771 ifs->if_bridge = sc; 772 /* 773 * XXX: XLOCK HERE!?! 774 * 775 * NOTE: insert_***HEAD*** should be safe for the traversals. 776 */ 777 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 778 779 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 780 bstp_initialization(sc); 781 else 782 bstp_stop(sc); 783 784 out: 785 if (error) { 786 if (bif != NULL) 787 free(bif, M_DEVBUF); 788 } 789 return (error); 790 } 791 792 int 793 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 794 { 795 struct ifbreq *req = arg; 796 struct bridge_iflist *bif; 797 798 BRIDGE_LOCK_ASSERT(sc); 799 800 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 801 if (bif == NULL) 802 return (ENOENT); 803 804 bridge_delete_member(sc, bif); 805 806 return (0); 807 } 808 809 int 810 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 811 { 812 struct ifbreq *req = arg; 813 struct bridge_iflist *bif; 814 815 BRIDGE_LOCK_ASSERT(sc); 816 817 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 818 if (bif == NULL) 819 return (ENOENT); 820 821 req->ifbr_ifsflags = bif->bif_flags; 822 req->ifbr_state = bif->bif_state; 823 req->ifbr_priority = bif->bif_priority; 824 req->ifbr_path_cost = bif->bif_path_cost; 825 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 826 827 return (0); 828 } 829 830 int 831 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 832 { 833 struct ifbreq *req = arg; 834 struct bridge_iflist *bif; 835 836 BRIDGE_LOCK_ASSERT(sc); 837 838 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 839 if (bif == NULL) 840 return (ENOENT); 841 842 if (req->ifbr_ifsflags & IFBIF_STP) { 843 switch (bif->bif_ifp->if_type) { 844 case IFT_ETHER: 845 /* These can do spanning tree. */ 846 break; 847 848 default: 849 /* Nothing else can. */ 850 return (EINVAL); 851 } 852 } 853 854 bif->bif_flags = req->ifbr_ifsflags; 855 856 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 857 bstp_initialization(sc); 858 859 return (0); 860 } 861 862 int 863 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 864 { 865 struct ifbrparam *param = arg; 866 867 BRIDGE_LOCK_ASSERT(sc); 868 869 sc->sc_brtmax = param->ifbrp_csize; 870 bridge_rttrim(sc); 871 872 return (0); 873 } 874 875 int 876 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 877 { 878 struct ifbrparam *param = arg; 879 880 BRIDGE_LOCK_ASSERT(sc); 881 882 param->ifbrp_csize = sc->sc_brtmax; 883 884 return (0); 885 } 886 887 int 888 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 889 { 890 struct ifbifconf *bifc = arg; 891 struct bridge_iflist *bif; 892 struct ifbreq breq; 893 int count, len, error = 0; 894 895 BRIDGE_LOCK_ASSERT(sc); 896 897 count = 0; 898 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 899 count++; 900 901 if (bifc->ifbic_len == 0) { 902 bifc->ifbic_len = sizeof(breq) * count; 903 return (0); 904 } 905 906 count = 0; 907 len = bifc->ifbic_len; 908 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 909 if (len < sizeof(breq)) 910 break; 911 912 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 913 sizeof(breq.ifbr_ifsname)); 914 breq.ifbr_ifsflags = bif->bif_flags; 915 breq.ifbr_state = bif->bif_state; 916 breq.ifbr_priority = bif->bif_priority; 917 breq.ifbr_path_cost = bif->bif_path_cost; 918 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 919 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 920 if (error) 921 break; 922 count++; 923 len -= sizeof(breq); 924 } 925 926 bifc->ifbic_len = sizeof(breq) * count; 927 return (error); 928 } 929 930 int 931 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 932 { 933 struct ifbaconf *bac = arg; 934 struct bridge_rtnode *brt; 935 struct ifbareq bareq; 936 struct timeval tv; 937 int count = 0, error = 0, len; 938 939 BRIDGE_LOCK_ASSERT(sc); 940 941 if (bac->ifbac_len == 0) 942 return (0); 943 944 getmicrotime(&tv); 945 946 len = bac->ifbac_len; 947 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 948 if (len < sizeof(bareq)) 949 goto out; 950 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 951 sizeof(bareq.ifba_ifsname)); 952 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 953 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 954 tv.tv_sec < brt->brt_expire) 955 bareq.ifba_expire = brt->brt_expire - tv.tv_sec; 956 else 957 bareq.ifba_expire = 0; 958 bareq.ifba_flags = brt->brt_flags; 959 960 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 961 if (error) 962 goto out; 963 count++; 964 len -= sizeof(bareq); 965 } 966 out: 967 bac->ifbac_len = sizeof(bareq) * count; 968 return (error); 969 } 970 971 int 972 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 973 { 974 struct ifbareq *req = arg; 975 struct bridge_iflist *bif; 976 int error; 977 978 BRIDGE_LOCK_ASSERT(sc); 979 980 bif = bridge_lookup_member(sc, req->ifba_ifsname); 981 if (bif == NULL) 982 return (ENOENT); 983 984 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 985 req->ifba_flags); 986 987 return (error); 988 } 989 990 int 991 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 992 { 993 struct ifbrparam *param = arg; 994 995 BRIDGE_LOCK_ASSERT(sc); 996 997 sc->sc_brttimeout = param->ifbrp_ctime; 998 999 return (0); 1000 } 1001 1002 int 1003 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1004 { 1005 struct ifbrparam *param = arg; 1006 1007 BRIDGE_LOCK_ASSERT(sc); 1008 1009 param->ifbrp_ctime = sc->sc_brttimeout; 1010 1011 return (0); 1012 } 1013 1014 int 1015 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1016 { 1017 struct ifbareq *req = arg; 1018 1019 BRIDGE_LOCK_ASSERT(sc); 1020 1021 return (bridge_rtdaddr(sc, req->ifba_dst)); 1022 } 1023 1024 int 1025 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1026 { 1027 struct ifbreq *req = arg; 1028 1029 BRIDGE_LOCK_ASSERT(sc); 1030 1031 bridge_rtflush(sc, req->ifbr_ifsflags); 1032 1033 return (0); 1034 } 1035 1036 int 1037 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1038 { 1039 struct ifbrparam *param = arg; 1040 1041 BRIDGE_LOCK_ASSERT(sc); 1042 1043 param->ifbrp_prio = sc->sc_bridge_priority; 1044 1045 return (0); 1046 } 1047 1048 int 1049 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1050 { 1051 struct ifbrparam *param = arg; 1052 1053 BRIDGE_LOCK_ASSERT(sc); 1054 1055 sc->sc_bridge_priority = param->ifbrp_prio; 1056 1057 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1058 bstp_initialization(sc); 1059 1060 return (0); 1061 } 1062 1063 int 1064 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1065 { 1066 struct ifbrparam *param = arg; 1067 1068 BRIDGE_LOCK_ASSERT(sc); 1069 1070 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1071 1072 return (0); 1073 } 1074 1075 int 1076 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1077 { 1078 struct ifbrparam *param = arg; 1079 1080 BRIDGE_LOCK_ASSERT(sc); 1081 1082 if (param->ifbrp_hellotime == 0) 1083 return (EINVAL); 1084 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1085 1086 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1087 bstp_initialization(sc); 1088 1089 return (0); 1090 } 1091 1092 int 1093 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1094 { 1095 struct ifbrparam *param = arg; 1096 1097 BRIDGE_LOCK_ASSERT(sc); 1098 1099 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1100 1101 return (0); 1102 } 1103 1104 int 1105 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1106 { 1107 struct ifbrparam *param = arg; 1108 1109 BRIDGE_LOCK_ASSERT(sc); 1110 1111 if (param->ifbrp_fwddelay == 0) 1112 return (EINVAL); 1113 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1114 1115 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1116 bstp_initialization(sc); 1117 1118 return (0); 1119 } 1120 1121 int 1122 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1123 { 1124 struct ifbrparam *param = arg; 1125 1126 BRIDGE_LOCK_ASSERT(sc); 1127 1128 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1129 1130 return (0); 1131 } 1132 1133 int 1134 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1135 { 1136 struct ifbrparam *param = arg; 1137 1138 BRIDGE_LOCK_ASSERT(sc); 1139 1140 if (param->ifbrp_maxage == 0) 1141 return (EINVAL); 1142 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1143 1144 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1145 bstp_initialization(sc); 1146 1147 return (0); 1148 } 1149 1150 int 1151 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1152 { 1153 struct ifbreq *req = arg; 1154 struct bridge_iflist *bif; 1155 1156 BRIDGE_LOCK_ASSERT(sc); 1157 1158 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1159 if (bif == NULL) 1160 return (ENOENT); 1161 1162 bif->bif_priority = req->ifbr_priority; 1163 1164 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1165 bstp_initialization(sc); 1166 1167 return (0); 1168 } 1169 1170 int 1171 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1172 { 1173 struct ifbreq *req = arg; 1174 struct bridge_iflist *bif; 1175 1176 BRIDGE_LOCK_ASSERT(sc); 1177 1178 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1179 if (bif == NULL) 1180 return (ENOENT); 1181 1182 bif->bif_path_cost = req->ifbr_path_cost; 1183 1184 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1185 bstp_initialization(sc); 1186 1187 return (0); 1188 } 1189 1190 /* 1191 * bridge_ifdetach: 1192 * 1193 * Detach an interface from a bridge. Called when a member 1194 * interface is detaching. 1195 */ 1196 void 1197 bridge_ifdetach(struct ifnet *ifp) 1198 { 1199 struct bridge_softc *sc = ifp->if_bridge; 1200 struct ifbreq breq; 1201 1202 BRIDGE_LOCK_ASSERT(sc); 1203 1204 memset(&breq, 0, sizeof(breq)); 1205 snprintf(breq.ifbr_ifsname, sizeof(breq.ifbr_ifsname), ifp->if_xname); 1206 1207 (void) bridge_ioctl_del(sc, &breq); 1208 } 1209 1210 /* 1211 * bridge_init: 1212 * 1213 * Initialize a bridge interface. 1214 */ 1215 static void 1216 bridge_init(void *xsc) 1217 { 1218 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1219 struct ifnet *ifp = sc->sc_ifp; 1220 1221 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1222 return; 1223 1224 BRIDGE_LOCK(sc); 1225 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1226 bridge_timer, sc); 1227 1228 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1229 bstp_initialization(sc); 1230 BRIDGE_UNLOCK(sc); 1231 return; 1232 } 1233 1234 /* 1235 * bridge_stop: 1236 * 1237 * Stop the bridge interface. 1238 */ 1239 void 1240 bridge_stop(struct ifnet *ifp, int disable) 1241 { 1242 struct bridge_softc *sc = ifp->if_softc; 1243 1244 BRIDGE_LOCK_ASSERT(sc); 1245 1246 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1247 return; 1248 1249 callout_stop(&sc->sc_brcallout); 1250 bstp_stop(sc); 1251 1252 bridge_rtflush(sc, IFBF_FLUSHDYN); 1253 1254 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1255 } 1256 1257 /* 1258 * bridge_enqueue: 1259 * 1260 * Enqueue a packet on a bridge member interface. 1261 * 1262 */ 1263 __inline void 1264 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1265 { 1266 int len, err; 1267 short mflags; 1268 1269 /* 1270 * Clear any in-bound checksum flags for this packet. 1271 */ 1272 m->m_pkthdr.csum_flags = 0; 1273 1274 len = m->m_pkthdr.len; 1275 mflags = m->m_flags; 1276 1277 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1278 if (err == 0) { 1279 1280 sc->sc_ifp->if_opackets++; 1281 sc->sc_ifp->if_obytes += len; 1282 1283 dst_ifp->if_obytes += len; 1284 1285 if (mflags & M_MCAST) { 1286 sc->sc_ifp->if_omcasts++; 1287 dst_ifp->if_omcasts++; 1288 } 1289 } 1290 1291 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1292 (*dst_ifp->if_start)(dst_ifp); 1293 } 1294 1295 /* 1296 * bridge_dummynet: 1297 * 1298 * Receive a queued packet from dummynet and pass it on to the output 1299 * interface. 1300 * 1301 * The mbuf has the Ethernet header already attached. 1302 */ 1303 void 1304 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1305 { 1306 struct bridge_softc *sc; 1307 1308 sc = ifp->if_bridge; 1309 1310 /* 1311 * The packet didnt originate from a member interface. This should only 1312 * ever happen if a member interface is removed while packets are 1313 * queued for it. 1314 */ 1315 if (sc == NULL) { 1316 m_freem(m); 1317 return; 1318 } 1319 1320 if (inet_pfil_hook.ph_busy_count >= 0 1321 #ifdef INET6 1322 || inet6_pfil_hook.ph_busy_count >= 0 1323 #endif 1324 ) { 1325 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1326 return; 1327 if (m == NULL) 1328 return; 1329 } 1330 1331 bridge_enqueue(sc, ifp, m); 1332 } 1333 1334 /* 1335 * bridge_output: 1336 * 1337 * Send output from a bridge member interface. This 1338 * performs the bridging function for locally originated 1339 * packets. 1340 * 1341 * The mbuf has the Ethernet header already attached. We must 1342 * enqueue or free the mbuf before returning. 1343 */ 1344 int 1345 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1346 struct rtentry *rt) 1347 { 1348 struct ether_header *eh; 1349 struct ifnet *dst_if; 1350 struct bridge_softc *sc; 1351 1352 if (m->m_len < ETHER_HDR_LEN) { 1353 m = m_pullup(m, ETHER_HDR_LEN); 1354 if (m == NULL) 1355 return (0); 1356 } 1357 1358 eh = mtod(m, struct ether_header *); 1359 sc = ifp->if_bridge; 1360 1361 BRIDGE_LOCK(sc); 1362 1363 /* 1364 * If bridge is down, but the original output interface is up, 1365 * go ahead and send out that interface. Otherwise, the packet 1366 * is dropped below. 1367 */ 1368 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1369 dst_if = ifp; 1370 goto sendunicast; 1371 } 1372 1373 /* 1374 * If the packet is a multicast, or we don't know a better way to 1375 * get there, send to all interfaces. 1376 */ 1377 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1378 dst_if = NULL; 1379 else 1380 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1381 if (dst_if == NULL) { 1382 struct bridge_iflist *bif; 1383 struct mbuf *mc; 1384 int error = 0, used = 0; 1385 1386 BRIDGE_LOCK2REF(sc, error); 1387 if (error) { 1388 m_freem(m); 1389 return (0); 1390 } 1391 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1392 dst_if = bif->bif_ifp; 1393 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1394 continue; 1395 1396 /* 1397 * If this is not the original output interface, 1398 * and the interface is participating in spanning 1399 * tree, make sure the port is in a state that 1400 * allows forwarding. 1401 */ 1402 if (dst_if != ifp && 1403 (bif->bif_flags & IFBIF_STP) != 0) { 1404 switch (bif->bif_state) { 1405 case BSTP_IFSTATE_BLOCKING: 1406 case BSTP_IFSTATE_LISTENING: 1407 case BSTP_IFSTATE_DISABLED: 1408 continue; 1409 } 1410 } 1411 1412 if (LIST_NEXT(bif, bif_next) == NULL) { 1413 used = 1; 1414 mc = m; 1415 } else { 1416 mc = m_copypacket(m, M_DONTWAIT); 1417 if (mc == NULL) { 1418 sc->sc_ifp->if_oerrors++; 1419 continue; 1420 } 1421 } 1422 1423 bridge_enqueue(sc, dst_if, mc); 1424 } 1425 if (used == 0) 1426 m_freem(m); 1427 BRIDGE_UNREF(sc); 1428 return (0); 1429 } 1430 1431 sendunicast: 1432 /* 1433 * XXX Spanning tree consideration here? 1434 */ 1435 1436 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1437 m_freem(m); 1438 BRIDGE_UNLOCK(sc); 1439 return (0); 1440 } 1441 1442 BRIDGE_UNLOCK(sc); 1443 bridge_enqueue(sc, dst_if, m); 1444 return (0); 1445 } 1446 1447 /* 1448 * bridge_start: 1449 * 1450 * Start output on a bridge. 1451 * 1452 */ 1453 void 1454 bridge_start(struct ifnet *ifp) 1455 { 1456 struct bridge_softc *sc; 1457 struct mbuf *m; 1458 struct ether_header *eh; 1459 struct ifnet *dst_if; 1460 1461 sc = ifp->if_softc; 1462 1463 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1464 for (;;) { 1465 IFQ_DEQUEUE(&ifp->if_snd, m); 1466 if (m == 0) 1467 break; 1468 BPF_MTAP(ifp, m); 1469 1470 eh = mtod(m, struct ether_header *); 1471 dst_if = NULL; 1472 1473 BRIDGE_LOCK(sc); 1474 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1475 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1476 } 1477 1478 if (dst_if == NULL) 1479 bridge_broadcast(sc, ifp, m); 1480 else { 1481 BRIDGE_UNLOCK(sc); 1482 1483 if (inet_pfil_hook.ph_busy_count >= 0 1484 #ifdef INET6 1485 || inet6_pfil_hook.ph_busy_count >= 0 1486 #endif 1487 ) { 1488 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1489 return; 1490 if (m == NULL) 1491 return; 1492 } 1493 1494 bridge_enqueue(sc, dst_if, m); 1495 } 1496 } 1497 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1498 1499 return; 1500 } 1501 1502 /* 1503 * bridge_forward: 1504 * 1505 * The forwarding function of the bridge. 1506 * 1507 * NOTE: Releases the lock on return. 1508 */ 1509 void 1510 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1511 { 1512 struct bridge_iflist *bif; 1513 struct ifnet *src_if, *dst_if, *ifp; 1514 struct ether_header *eh; 1515 1516 src_if = m->m_pkthdr.rcvif; 1517 BRIDGE_LOCK_ASSERT(sc); 1518 ifp = sc->sc_ifp; 1519 1520 sc->sc_ifp->if_ipackets++; 1521 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1522 1523 /* 1524 * Look up the bridge_iflist. 1525 */ 1526 bif = bridge_lookup_member_if(sc, src_if); 1527 if (bif == NULL) { 1528 /* Interface is not a bridge member (anymore?) */ 1529 BRIDGE_UNLOCK(sc); 1530 m_freem(m); 1531 return; 1532 } 1533 1534 if (bif->bif_flags & IFBIF_STP) { 1535 switch (bif->bif_state) { 1536 case BSTP_IFSTATE_BLOCKING: 1537 case BSTP_IFSTATE_LISTENING: 1538 case BSTP_IFSTATE_DISABLED: 1539 BRIDGE_UNLOCK(sc); 1540 m_freem(m); 1541 return; 1542 } 1543 } 1544 1545 eh = mtod(m, struct ether_header *); 1546 1547 /* 1548 * If the interface is learning, and the source 1549 * address is valid and not multicast, record 1550 * the address. 1551 */ 1552 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1553 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1554 (eh->ether_shost[0] == 0 && 1555 eh->ether_shost[1] == 0 && 1556 eh->ether_shost[2] == 0 && 1557 eh->ether_shost[3] == 0 && 1558 eh->ether_shost[4] == 0 && 1559 eh->ether_shost[5] == 0) == 0) { 1560 (void) bridge_rtupdate(sc, eh->ether_shost, 1561 src_if, 0, IFBAF_DYNAMIC); 1562 } 1563 1564 if ((bif->bif_flags & IFBIF_STP) != 0 && 1565 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1566 m_freem(m); 1567 BRIDGE_UNLOCK(sc); 1568 return; 1569 } 1570 1571 /* 1572 * At this point, the port either doesn't participate 1573 * in spanning tree or it is in the forwarding state. 1574 */ 1575 1576 /* 1577 * If the packet is unicast, destined for someone on 1578 * "this" side of the bridge, drop it. 1579 */ 1580 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1581 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1582 if (src_if == dst_if) { 1583 BRIDGE_UNLOCK(sc); 1584 m_freem(m); 1585 return; 1586 } 1587 } else { 1588 /* ...forward it to all interfaces. */ 1589 sc->sc_ifp->if_imcasts++; 1590 dst_if = NULL; 1591 } 1592 1593 /* run the packet filter */ 1594 if (inet_pfil_hook.ph_busy_count >= 0 1595 #ifdef INET6 1596 || inet6_pfil_hook.ph_busy_count >= 0 1597 #endif 1598 ) { 1599 BRIDGE_UNLOCK(sc); 1600 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1601 return; 1602 if (m == NULL) 1603 return; 1604 BRIDGE_LOCK(sc); 1605 } 1606 1607 if (dst_if == NULL) { 1608 /* tap off packets passing the bridge */ 1609 BPF_MTAP(ifp, m); 1610 1611 bridge_broadcast(sc, src_if, m); 1612 return; 1613 } 1614 1615 /* 1616 * At this point, we're dealing with a unicast frame 1617 * going to a different interface. 1618 */ 1619 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1620 BRIDGE_UNLOCK(sc); 1621 m_freem(m); 1622 return; 1623 } 1624 bif = bridge_lookup_member_if(sc, dst_if); 1625 if (bif == NULL) { 1626 /* Not a member of the bridge (anymore?) */ 1627 BRIDGE_UNLOCK(sc); 1628 m_freem(m); 1629 return; 1630 } 1631 1632 if (bif->bif_flags & IFBIF_STP) { 1633 switch (bif->bif_state) { 1634 case BSTP_IFSTATE_DISABLED: 1635 case BSTP_IFSTATE_BLOCKING: 1636 BRIDGE_UNLOCK(sc); 1637 m_freem(m); 1638 return; 1639 } 1640 } 1641 1642 /* tap off packets passing the bridge */ 1643 BPF_MTAP(ifp, m); 1644 1645 BRIDGE_UNLOCK(sc); 1646 1647 if (inet_pfil_hook.ph_busy_count >= 0 1648 #ifdef INET6 1649 || inet6_pfil_hook.ph_busy_count >= 0 1650 #endif 1651 ) { 1652 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1653 return; 1654 if (m == NULL) 1655 return; 1656 } 1657 1658 bridge_enqueue(sc, dst_if, m); 1659 } 1660 1661 /* 1662 * bridge_input: 1663 * 1664 * Receive input from a member interface. Queue the packet for 1665 * bridging if it is not for us. 1666 */ 1667 struct mbuf * 1668 bridge_input(struct ifnet *ifp, struct mbuf *m) 1669 { 1670 struct bridge_softc *sc = ifp->if_bridge; 1671 struct bridge_iflist *bif; 1672 struct ifnet *bifp; 1673 struct ether_header *eh; 1674 struct mbuf *mc, *mc2; 1675 1676 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1677 return (m); 1678 1679 bifp = sc->sc_ifp; 1680 1681 BRIDGE_LOCK(sc); 1682 bif = bridge_lookup_member_if(sc, ifp); 1683 if (bif == NULL) { 1684 BRIDGE_UNLOCK(sc); 1685 return (m); 1686 } 1687 1688 eh = mtod(m, struct ether_header *); 1689 1690 if (memcmp(eh->ether_dhost, IFP2ENADDR(bifp), 1691 ETHER_ADDR_LEN) == 0) { 1692 /* 1693 * If the packet is for us, set the packets source as the 1694 * bridge, and return the packet back to ether_input for 1695 * local processing. 1696 */ 1697 1698 /* XXX Do we tap the packet for the member interface too? 1699 * BPF_MTAP(&m->m_pkthdr.rcvif, m); 1700 */ 1701 1702 /* Mark the packet as arriving on the bridge interface */ 1703 m->m_pkthdr.rcvif = bifp; 1704 BPF_MTAP(bifp, m); 1705 bifp->if_ipackets++; 1706 1707 BRIDGE_UNLOCK(sc); 1708 return (m); 1709 } 1710 1711 if (m->m_flags & (M_BCAST|M_MCAST)) { 1712 /* Tap off 802.1D packets; they do not get forwarded. */ 1713 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1714 ETHER_ADDR_LEN) == 0) { 1715 m = bstp_input(ifp, m); 1716 if (m == NULL) { 1717 BRIDGE_UNLOCK(sc); 1718 return (NULL); 1719 } 1720 } 1721 1722 if (bif->bif_flags & IFBIF_STP) { 1723 switch (bif->bif_state) { 1724 case BSTP_IFSTATE_BLOCKING: 1725 case BSTP_IFSTATE_LISTENING: 1726 case BSTP_IFSTATE_DISABLED: 1727 BRIDGE_UNLOCK(sc); 1728 return (m); 1729 } 1730 } 1731 1732 /* 1733 * Make a deep copy of the packet and enqueue the copy 1734 * for bridge processing; return the original packet for 1735 * local processing. 1736 */ 1737 mc = m_dup(m, M_DONTWAIT); 1738 if (mc == NULL) { 1739 BRIDGE_UNLOCK(sc); 1740 return (m); 1741 } 1742 1743 /* Perform the bridge forwarding function with the copy. */ 1744 bridge_forward(sc, mc); 1745 1746 /* 1747 * Reinject the mbuf as arriving on the bridge so we have a 1748 * chance at claiming multicast packets. We can not loop back 1749 * here from ether_input as a bridge is never a member of a 1750 * bridge. 1751 */ 1752 KASSERT(bifp->if_bridge == NULL, 1753 ("loop created in bridge_input")); 1754 mc2 = m_copypacket(m, M_DONTWAIT); 1755 if (mc2 != NULL) { 1756 mc2->m_pkthdr.rcvif = bifp; 1757 (*bifp->if_input)(bifp, mc2); 1758 } 1759 1760 /* Return the original packet for local processing. */ 1761 return (m); 1762 } 1763 1764 if (bif->bif_flags & IFBIF_STP) { 1765 switch (bif->bif_state) { 1766 case BSTP_IFSTATE_BLOCKING: 1767 case BSTP_IFSTATE_LISTENING: 1768 case BSTP_IFSTATE_DISABLED: 1769 BRIDGE_UNLOCK(sc); 1770 return (m); 1771 } 1772 } 1773 1774 /* 1775 * Unicast. Make sure it's not for us. 1776 */ 1777 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1778 /* It is destined for us. */ 1779 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1780 ETHER_ADDR_LEN) == 0) { 1781 if (bif->bif_flags & IFBIF_LEARNING) 1782 (void) bridge_rtupdate(sc, 1783 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1784 m->m_pkthdr.rcvif = bif->bif_ifp; 1785 BRIDGE_UNLOCK(sc); 1786 return (m); 1787 } 1788 1789 /* We just received a packet that we sent out. */ 1790 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1791 ETHER_ADDR_LEN) == 0) { 1792 BRIDGE_UNLOCK(sc); 1793 m_freem(m); 1794 return (NULL); 1795 } 1796 } 1797 1798 /* Perform the bridge forwarding function. */ 1799 bridge_forward(sc, m); 1800 1801 return (NULL); 1802 } 1803 1804 /* 1805 * bridge_broadcast: 1806 * 1807 * Send a frame to all interfaces that are members of 1808 * the bridge, except for the one on which the packet 1809 * arrived. 1810 * 1811 * NOTE: Releases the lock on return. 1812 */ 1813 void 1814 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1815 struct mbuf *m) 1816 { 1817 struct bridge_iflist *bif; 1818 struct mbuf *mc; 1819 struct ifnet *dst_if; 1820 int error = 0, used = 0; 1821 1822 BRIDGE_LOCK_ASSERT(sc); 1823 BRIDGE_LOCK2REF(sc, error); 1824 if (error) { 1825 m_freem(m); 1826 return; 1827 } 1828 1829 /* Filter on the bridge interface before broadcasting */ 1830 if (inet_pfil_hook.ph_busy_count >= 0 1831 #ifdef INET6 1832 || inet6_pfil_hook.ph_busy_count >= 0 1833 #endif 1834 ) { 1835 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 1836 return; 1837 if (m == NULL) 1838 return; 1839 } 1840 1841 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1842 dst_if = bif->bif_ifp; 1843 if (dst_if == src_if) 1844 continue; 1845 1846 if (bif->bif_flags & IFBIF_STP) { 1847 switch (bif->bif_state) { 1848 case BSTP_IFSTATE_BLOCKING: 1849 case BSTP_IFSTATE_DISABLED: 1850 continue; 1851 } 1852 } 1853 1854 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1855 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 1856 continue; 1857 1858 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1859 continue; 1860 1861 if (LIST_NEXT(bif, bif_next) == NULL) { 1862 mc = m; 1863 used = 1; 1864 } else { 1865 mc = m_copypacket(m, M_DONTWAIT); 1866 if (mc == NULL) { 1867 sc->sc_ifp->if_oerrors++; 1868 continue; 1869 } 1870 } 1871 1872 /* 1873 * Filter on the output interface. Pass a NULL bridge interface 1874 * pointer so we do not redundantly filter on the bridge for 1875 * each interface we broadcast on. 1876 */ 1877 if (inet_pfil_hook.ph_busy_count >= 0 1878 #ifdef INET6 1879 || inet6_pfil_hook.ph_busy_count >= 0 1880 #endif 1881 ) { 1882 if (bridge_pfil(&m, NULL, dst_if, PFIL_OUT) != 0) 1883 return; 1884 if (m == NULL) 1885 return; 1886 } 1887 1888 bridge_enqueue(sc, dst_if, mc); 1889 } 1890 if (used == 0) 1891 m_freem(m); 1892 1893 BRIDGE_UNREF(sc); 1894 } 1895 1896 /* 1897 * bridge_rtupdate: 1898 * 1899 * Add a bridge routing entry. 1900 */ 1901 int 1902 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 1903 struct ifnet *dst_if, int setflags, uint8_t flags) 1904 { 1905 struct bridge_rtnode *brt; 1906 struct timeval tv; 1907 int error; 1908 1909 BRIDGE_LOCK_ASSERT(sc); 1910 1911 /* 1912 * A route for this destination might already exist. If so, 1913 * update it, otherwise create a new one. 1914 */ 1915 getmicrotime(&tv); 1916 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 1917 if (sc->sc_brtcnt >= sc->sc_brtmax) 1918 return (ENOSPC); 1919 1920 /* 1921 * Allocate a new bridge forwarding node, and 1922 * initialize the expiration time and Ethernet 1923 * address. 1924 */ 1925 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 1926 if (brt == NULL) 1927 return (ENOMEM); 1928 1929 brt->brt_expire = tv.tv_sec + sc->sc_brttimeout; 1930 brt->brt_flags = IFBAF_DYNAMIC; 1931 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 1932 1933 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 1934 uma_zfree(bridge_rtnode_zone, brt); 1935 return (error); 1936 } 1937 } 1938 1939 brt->brt_ifp = dst_if; 1940 if (setflags) { 1941 brt->brt_flags = flags; 1942 brt->brt_expire = (flags & IFBAF_STATIC) ? 0 : 1943 tv.tv_sec + sc->sc_brttimeout; 1944 } 1945 1946 return (0); 1947 } 1948 1949 /* 1950 * bridge_rtlookup: 1951 * 1952 * Lookup the destination interface for an address. 1953 */ 1954 struct ifnet * 1955 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 1956 { 1957 struct bridge_rtnode *brt; 1958 1959 BRIDGE_LOCK_ASSERT(sc); 1960 1961 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 1962 return (NULL); 1963 1964 return (brt->brt_ifp); 1965 } 1966 1967 /* 1968 * bridge_rttrim: 1969 * 1970 * Trim the routine table so that we have a number 1971 * of routing entries less than or equal to the 1972 * maximum number. 1973 */ 1974 void 1975 bridge_rttrim(struct bridge_softc *sc) 1976 { 1977 struct bridge_rtnode *brt, *nbrt; 1978 1979 BRIDGE_LOCK_ASSERT(sc); 1980 1981 /* Make sure we actually need to do this. */ 1982 if (sc->sc_brtcnt <= sc->sc_brtmax) 1983 return; 1984 1985 /* Force an aging cycle; this might trim enough addresses. */ 1986 bridge_rtage(sc); 1987 if (sc->sc_brtcnt <= sc->sc_brtmax) 1988 return; 1989 1990 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 1991 nbrt = LIST_NEXT(brt, brt_list); 1992 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1993 bridge_rtnode_destroy(sc, brt); 1994 if (sc->sc_brtcnt <= sc->sc_brtmax) 1995 return; 1996 } 1997 } 1998 } 1999 2000 /* 2001 * bridge_timer: 2002 * 2003 * Aging timer for the bridge. 2004 */ 2005 void 2006 bridge_timer(void *arg) 2007 { 2008 struct bridge_softc *sc = arg; 2009 2010 BRIDGE_LOCK_ASSERT(sc); 2011 2012 bridge_rtage(sc); 2013 2014 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2015 callout_reset(&sc->sc_brcallout, 2016 bridge_rtable_prune_period * hz, bridge_timer, sc); 2017 } 2018 2019 /* 2020 * bridge_rtage: 2021 * 2022 * Perform an aging cycle. 2023 */ 2024 void 2025 bridge_rtage(struct bridge_softc *sc) 2026 { 2027 struct bridge_rtnode *brt, *nbrt; 2028 struct timeval tv; 2029 2030 BRIDGE_LOCK_ASSERT(sc); 2031 2032 getmicrotime(&tv); 2033 2034 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2035 nbrt = LIST_NEXT(brt, brt_list); 2036 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2037 if (tv.tv_sec >= brt->brt_expire) 2038 bridge_rtnode_destroy(sc, brt); 2039 } 2040 } 2041 } 2042 2043 /* 2044 * bridge_rtflush: 2045 * 2046 * Remove all dynamic addresses from the bridge. 2047 */ 2048 void 2049 bridge_rtflush(struct bridge_softc *sc, int full) 2050 { 2051 struct bridge_rtnode *brt, *nbrt; 2052 2053 BRIDGE_LOCK_ASSERT(sc); 2054 2055 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2056 nbrt = LIST_NEXT(brt, brt_list); 2057 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2058 bridge_rtnode_destroy(sc, brt); 2059 } 2060 } 2061 2062 /* 2063 * bridge_rtdaddr: 2064 * 2065 * Remove an address from the table. 2066 */ 2067 int 2068 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2069 { 2070 struct bridge_rtnode *brt; 2071 2072 BRIDGE_LOCK_ASSERT(sc); 2073 2074 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2075 return (ENOENT); 2076 2077 bridge_rtnode_destroy(sc, brt); 2078 return (0); 2079 } 2080 2081 /* 2082 * bridge_rtdelete: 2083 * 2084 * Delete routes to a speicifc member interface. 2085 */ 2086 void 2087 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2088 { 2089 struct bridge_rtnode *brt, *nbrt; 2090 2091 BRIDGE_LOCK_ASSERT(sc); 2092 2093 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2094 nbrt = LIST_NEXT(brt, brt_list); 2095 if (brt->brt_ifp == ifp && (full || 2096 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2097 bridge_rtnode_destroy(sc, brt); 2098 } 2099 } 2100 2101 /* 2102 * bridge_rtable_init: 2103 * 2104 * Initialize the route table for this bridge. 2105 */ 2106 int 2107 bridge_rtable_init(struct bridge_softc *sc) 2108 { 2109 int i; 2110 2111 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2112 M_DEVBUF, M_NOWAIT); 2113 if (sc->sc_rthash == NULL) 2114 return (ENOMEM); 2115 2116 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2117 LIST_INIT(&sc->sc_rthash[i]); 2118 2119 sc->sc_rthash_key = arc4random(); 2120 2121 LIST_INIT(&sc->sc_rtlist); 2122 2123 return (0); 2124 } 2125 2126 /* 2127 * bridge_rtable_fini: 2128 * 2129 * Deconstruct the route table for this bridge. 2130 */ 2131 void 2132 bridge_rtable_fini(struct bridge_softc *sc) 2133 { 2134 2135 free(sc->sc_rthash, M_DEVBUF); 2136 } 2137 2138 /* 2139 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2140 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2141 */ 2142 #define mix(a, b, c) \ 2143 do { \ 2144 a -= b; a -= c; a ^= (c >> 13); \ 2145 b -= c; b -= a; b ^= (a << 8); \ 2146 c -= a; c -= b; c ^= (b >> 13); \ 2147 a -= b; a -= c; a ^= (c >> 12); \ 2148 b -= c; b -= a; b ^= (a << 16); \ 2149 c -= a; c -= b; c ^= (b >> 5); \ 2150 a -= b; a -= c; a ^= (c >> 3); \ 2151 b -= c; b -= a; b ^= (a << 10); \ 2152 c -= a; c -= b; c ^= (b >> 15); \ 2153 } while (/*CONSTCOND*/0) 2154 2155 static __inline uint32_t 2156 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2157 { 2158 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2159 2160 b += addr[5] << 8; 2161 b += addr[4]; 2162 a += addr[3] << 24; 2163 a += addr[2] << 16; 2164 a += addr[1] << 8; 2165 a += addr[0]; 2166 2167 mix(a, b, c); 2168 2169 return (c & BRIDGE_RTHASH_MASK); 2170 } 2171 2172 #undef mix 2173 2174 /* 2175 * bridge_rtnode_lookup: 2176 * 2177 * Look up a bridge route node for the specified destination. 2178 */ 2179 struct bridge_rtnode * 2180 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2181 { 2182 struct bridge_rtnode *brt; 2183 uint32_t hash; 2184 int dir; 2185 2186 BRIDGE_LOCK_ASSERT(sc); 2187 2188 hash = bridge_rthash(sc, addr); 2189 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2190 dir = memcmp(addr, brt->brt_addr, ETHER_ADDR_LEN); 2191 if (dir == 0) 2192 return (brt); 2193 if (dir > 0) 2194 return (NULL); 2195 } 2196 2197 return (NULL); 2198 } 2199 2200 /* 2201 * bridge_rtnode_insert: 2202 * 2203 * Insert the specified bridge node into the route table. We 2204 * assume the entry is not already in the table. 2205 */ 2206 int 2207 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2208 { 2209 struct bridge_rtnode *lbrt; 2210 uint32_t hash; 2211 int dir; 2212 2213 BRIDGE_LOCK_ASSERT(sc); 2214 2215 hash = bridge_rthash(sc, brt->brt_addr); 2216 2217 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2218 if (lbrt == NULL) { 2219 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2220 goto out; 2221 } 2222 2223 do { 2224 dir = memcmp(brt->brt_addr, lbrt->brt_addr, ETHER_ADDR_LEN); 2225 if (dir == 0) 2226 return (EEXIST); 2227 if (dir > 0) { 2228 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2229 goto out; 2230 } 2231 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2232 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2233 goto out; 2234 } 2235 lbrt = LIST_NEXT(lbrt, brt_hash); 2236 } while (lbrt != NULL); 2237 2238 #ifdef DIAGNOSTIC 2239 panic("bridge_rtnode_insert: impossible"); 2240 #endif 2241 2242 out: 2243 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2244 sc->sc_brtcnt++; 2245 2246 return (0); 2247 } 2248 2249 /* 2250 * bridge_rtnode_destroy: 2251 * 2252 * Destroy a bridge rtnode. 2253 */ 2254 void 2255 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2256 { 2257 BRIDGE_LOCK_ASSERT(sc); 2258 2259 LIST_REMOVE(brt, brt_hash); 2260 2261 LIST_REMOVE(brt, brt_list); 2262 sc->sc_brtcnt--; 2263 uma_zfree(bridge_rtnode_zone, brt); 2264 } 2265 2266 /* 2267 * Send bridge packets through pfil if they are one of the types pfil can deal 2268 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2269 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2270 * that interface. 2271 */ 2272 static int bridge_pfil(struct mbuf **mp, struct ifnet *bifp, 2273 struct ifnet *ifp, int dir) 2274 { 2275 int snap, error, i; 2276 struct ether_header *eh1, eh2; 2277 struct ip_fw_args args; 2278 struct ip *ip; 2279 struct llc llc1; 2280 u_int16_t ether_type; 2281 2282 snap = 0; 2283 error = -1; /* Default error if not error == 0 */ 2284 2285 i = min((*mp)->m_pkthdr.len, max_protohdr); 2286 if ((*mp)->m_len < i) { 2287 *mp = m_pullup(*mp, i); 2288 if (*mp == NULL) { 2289 printf("%s: m_pullup failed\n", __func__); 2290 return -1; 2291 } 2292 } 2293 2294 eh1 = mtod(*mp, struct ether_header *); 2295 ether_type = ntohs(eh1->ether_type); 2296 2297 /* 2298 * Check for SNAP/LLC. 2299 */ 2300 if (ether_type < ETHERMTU) { 2301 struct llc *llc2 = (struct llc *)(eh1 + 1); 2302 2303 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2304 llc2->llc_dsap == LLC_SNAP_LSAP && 2305 llc2->llc_ssap == LLC_SNAP_LSAP && 2306 llc2->llc_control == LLC_UI) { 2307 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2308 snap = 1; 2309 } 2310 } 2311 2312 /* 2313 * If we're trying to filter bridge traffic, don't look at anything 2314 * other than IP and ARP traffic. If the filter doesn't understand 2315 * IPv6, don't allow IPv6 through the bridge either. This is lame 2316 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2317 * but of course we don't have an AppleTalk filter to begin with. 2318 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2319 * ARP traffic.) 2320 */ 2321 switch (ether_type) { 2322 case ETHERTYPE_ARP: 2323 case ETHERTYPE_REVARP: 2324 return 0; /* Automatically pass */ 2325 case ETHERTYPE_IP: 2326 # ifdef INET6 2327 case ETHERTYPE_IPV6: 2328 # endif /* INET6 */ 2329 break; 2330 default: 2331 /* 2332 * ipfw allows layer2 protocol filtering using 2333 * 'mac-type' so we will let the packet past, if 2334 * ipfw is disabled then drop it. 2335 */ 2336 if (!IPFW_LOADED || pfil_ipfw == 0) 2337 goto bad; 2338 } 2339 2340 /* Strip off the Ethernet header and keep a copy. */ 2341 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2342 m_adj(*mp, ETHER_HDR_LEN); 2343 2344 /* Strip off snap header, if present */ 2345 if (snap) { 2346 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2347 m_adj(*mp, sizeof(struct llc)); 2348 } 2349 2350 /* 2351 * Check the IP header for alignment and errors 2352 */ 2353 if (dir == PFIL_IN) { 2354 switch (ether_type) { 2355 case ETHERTYPE_IP: 2356 error = bridge_ip_checkbasic(mp); 2357 break; 2358 # ifdef INET6 2359 case ETHERTYPE_IPV6: 2360 error = bridge_ip6_checkbasic(mp); 2361 break; 2362 # endif /* INET6 */ 2363 default: 2364 error = 0; 2365 } 2366 if (error) 2367 goto bad; 2368 } 2369 2370 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2371 error = -1; 2372 args.rule = ip_dn_claim_rule(*mp); 2373 if (args.rule != NULL && fw_one_pass) 2374 goto ipfwpass; /* packet already partially processed */ 2375 2376 args.m = *mp; 2377 args.oif = ifp; 2378 args.next_hop = NULL; 2379 args.eh = &eh2; 2380 i = ip_fw_chk_ptr(&args); 2381 *mp = args.m; 2382 2383 if (*mp == NULL) 2384 return error; 2385 2386 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2387 2388 /* put the Ethernet header back on */ 2389 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2390 if (*mp == NULL) 2391 return error; 2392 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2393 2394 /* 2395 * Pass the pkt to dummynet, which consumes it. The 2396 * packet will return to us via bridge_dummynet(). 2397 */ 2398 args.oif = ifp; 2399 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2400 return error; 2401 } 2402 2403 if (i != IP_FW_PASS) /* drop */ 2404 goto bad; 2405 } 2406 2407 ipfwpass: 2408 error = 0; 2409 2410 /* 2411 * Run the packet through pfil 2412 */ 2413 switch (ether_type) 2414 { 2415 case ETHERTYPE_IP : 2416 /* 2417 * before calling the firewall, swap fields the same as 2418 * IP does. here we assume the header is contiguous 2419 */ 2420 ip = mtod(*mp, struct ip *); 2421 2422 ip->ip_len = ntohs(ip->ip_len); 2423 ip->ip_off = ntohs(ip->ip_off); 2424 2425 /* 2426 * Run pfil on the member interface and the bridge, both can 2427 * be skipped by clearing pfil_member or pfil_bridge. 2428 * 2429 * Keep the order: 2430 * in_if -> bridge_if -> out_if 2431 */ 2432 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2433 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2434 dir, NULL); 2435 2436 if (*mp == NULL || error != 0) /* filter may consume */ 2437 break; 2438 2439 if (pfil_member && ifp != NULL) 2440 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2441 dir, NULL); 2442 2443 if (*mp == NULL || error != 0) /* filter may consume */ 2444 break; 2445 2446 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2447 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2448 dir, NULL); 2449 2450 /* Restore ip and the fields ntohs()'d. */ 2451 if (*mp != NULL && error == 0) { 2452 ip = mtod(*mp, struct ip *); 2453 ip->ip_len = htons(ip->ip_len); 2454 ip->ip_off = htons(ip->ip_off); 2455 } 2456 2457 break; 2458 # ifdef INET6 2459 case ETHERTYPE_IPV6 : 2460 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2461 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2462 dir, NULL); 2463 2464 if (*mp == NULL || error != 0) /* filter may consume */ 2465 break; 2466 2467 if (pfil_member && ifp != NULL) 2468 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2469 dir, NULL); 2470 2471 if (*mp == NULL || error != 0) /* filter may consume */ 2472 break; 2473 2474 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2475 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2476 dir, NULL); 2477 break; 2478 # endif 2479 default : 2480 error = 0; 2481 break; 2482 } 2483 2484 if (*mp == NULL) 2485 return error; 2486 if (error != 0) 2487 goto bad; 2488 2489 error = -1; 2490 2491 /* 2492 * Finally, put everything back the way it was and return 2493 */ 2494 if (snap) { 2495 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2496 if (*mp == NULL) 2497 return error; 2498 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2499 } 2500 2501 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2502 if (*mp == NULL) 2503 return error; 2504 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2505 2506 return 0; 2507 2508 bad: 2509 m_freem(*mp); 2510 *mp = NULL; 2511 return error; 2512 } 2513 2514 /* 2515 * Perform basic checks on header size since 2516 * pfil assumes ip_input has already processed 2517 * it for it. Cut-and-pasted from ip_input.c. 2518 * Given how simple the IPv6 version is, 2519 * does the IPv4 version really need to be 2520 * this complicated? 2521 * 2522 * XXX Should we update ipstat here, or not? 2523 * XXX Right now we update ipstat but not 2524 * XXX csum_counter. 2525 */ 2526 static int 2527 bridge_ip_checkbasic(struct mbuf **mp) 2528 { 2529 struct mbuf *m = *mp; 2530 struct ip *ip; 2531 int len, hlen; 2532 u_short sum; 2533 2534 if (*mp == NULL) 2535 return -1; 2536 2537 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2538 if ((m = m_copyup(m, sizeof(struct ip), 2539 (max_linkhdr + 3) & ~3)) == NULL) { 2540 /* XXXJRT new stat, please */ 2541 ipstat.ips_toosmall++; 2542 goto bad; 2543 } 2544 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 2545 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2546 ipstat.ips_toosmall++; 2547 goto bad; 2548 } 2549 } 2550 ip = mtod(m, struct ip *); 2551 if (ip == NULL) goto bad; 2552 2553 if (ip->ip_v != IPVERSION) { 2554 ipstat.ips_badvers++; 2555 goto bad; 2556 } 2557 hlen = ip->ip_hl << 2; 2558 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2559 ipstat.ips_badhlen++; 2560 goto bad; 2561 } 2562 if (hlen > m->m_len) { 2563 if ((m = m_pullup(m, hlen)) == 0) { 2564 ipstat.ips_badhlen++; 2565 goto bad; 2566 } 2567 ip = mtod(m, struct ip *); 2568 if (ip == NULL) goto bad; 2569 } 2570 2571 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2572 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2573 } else { 2574 if (hlen == sizeof(struct ip)) { 2575 sum = in_cksum_hdr(ip); 2576 } else { 2577 sum = in_cksum(m, hlen); 2578 } 2579 } 2580 if (sum) { 2581 ipstat.ips_badsum++; 2582 goto bad; 2583 } 2584 2585 /* Retrieve the packet length. */ 2586 len = ntohs(ip->ip_len); 2587 2588 /* 2589 * Check for additional length bogosity 2590 */ 2591 if (len < hlen) { 2592 ipstat.ips_badlen++; 2593 goto bad; 2594 } 2595 2596 /* 2597 * Check that the amount of data in the buffers 2598 * is as at least much as the IP header would have us expect. 2599 * Drop packet if shorter than we expect. 2600 */ 2601 if (m->m_pkthdr.len < len) { 2602 ipstat.ips_tooshort++; 2603 goto bad; 2604 } 2605 2606 /* Checks out, proceed */ 2607 *mp = m; 2608 return 0; 2609 2610 bad: 2611 *mp = m; 2612 return -1; 2613 } 2614 2615 # ifdef INET6 2616 /* 2617 * Same as above, but for IPv6. 2618 * Cut-and-pasted from ip6_input.c. 2619 * XXX Should we update ip6stat, or not? 2620 */ 2621 static int 2622 bridge_ip6_checkbasic(struct mbuf **mp) 2623 { 2624 struct mbuf *m = *mp; 2625 struct ip6_hdr *ip6; 2626 2627 /* 2628 * If the IPv6 header is not aligned, slurp it up into a new 2629 * mbuf with space for link headers, in the event we forward 2630 * it. Otherwise, if it is aligned, make sure the entire base 2631 * IPv6 header is in the first mbuf of the chain. 2632 */ 2633 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2634 struct ifnet *inifp = m->m_pkthdr.rcvif; 2635 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2636 (max_linkhdr + 3) & ~3)) == NULL) { 2637 /* XXXJRT new stat, please */ 2638 ip6stat.ip6s_toosmall++; 2639 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2640 goto bad; 2641 } 2642 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2643 struct ifnet *inifp = m->m_pkthdr.rcvif; 2644 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2645 ip6stat.ip6s_toosmall++; 2646 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2647 goto bad; 2648 } 2649 } 2650 2651 ip6 = mtod(m, struct ip6_hdr *); 2652 2653 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2654 ip6stat.ip6s_badvers++; 2655 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2656 goto bad; 2657 } 2658 2659 /* Checks out, proceed */ 2660 *mp = m; 2661 return 0; 2662 2663 bad: 2664 *mp = m; 2665 return -1; 2666 } 2667 # endif /* INET6 */ 2668