1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <vm/uma.h> 101 #include <sys/module.h> 102 #include <sys/proc.h> 103 #include <sys/lock.h> 104 #include <sys/mutex.h> 105 106 #include <net/bpf.h> 107 #include <net/if.h> 108 #include <net/if_clone.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 114 #include <netinet/in.h> /* for struct arpcom */ 115 #include <netinet/in_systm.h> 116 #include <netinet/in_var.h> 117 #include <netinet/ip.h> 118 #include <netinet/ip_var.h> 119 #ifdef INET6 120 #include <netinet/ip6.h> 121 #include <netinet6/ip6_var.h> 122 #endif 123 #include <machine/in_cksum.h> 124 #include <netinet/if_ether.h> /* for struct arpcom */ 125 #include <net/if_bridgevar.h> 126 #include <net/if_llc.h> 127 128 #include <net/route.h> 129 #include <netinet/ip_fw.h> 130 #include <netinet/ip_dummynet.h> 131 132 /* 133 * Size of the route hash table. Must be a power of two. 134 */ 135 #ifndef BRIDGE_RTHASH_SIZE 136 #define BRIDGE_RTHASH_SIZE 1024 137 #endif 138 139 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 140 141 /* 142 * Maximum number of addresses to cache. 143 */ 144 #ifndef BRIDGE_RTABLE_MAX 145 #define BRIDGE_RTABLE_MAX 100 146 #endif 147 148 /* 149 * Spanning tree defaults. 150 */ 151 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 152 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 153 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 154 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 155 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 156 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 157 #define BSTP_DEFAULT_PATH_COST 55 158 159 /* 160 * Timeout (in seconds) for entries learned dynamically. 161 */ 162 #ifndef BRIDGE_RTABLE_TIMEOUT 163 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 164 #endif 165 166 /* 167 * Number of seconds between walks of the route list. 168 */ 169 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 170 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 171 #endif 172 173 /* 174 * List of capabilities to mask on the member interface. 175 */ 176 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 177 178 static struct mtx bridge_list_mtx; 179 eventhandler_tag bridge_detach_cookie = NULL; 180 181 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 182 183 uma_zone_t bridge_rtnode_zone; 184 185 static int bridge_clone_create(struct if_clone *, int); 186 static void bridge_clone_destroy(struct ifnet *); 187 188 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 189 static void bridge_mutecaps(struct bridge_iflist *, int); 190 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 191 static void bridge_init(void *); 192 static void bridge_dummynet(struct mbuf *, struct ifnet *); 193 static void bridge_stop(struct ifnet *, int); 194 static void bridge_start(struct ifnet *); 195 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 196 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 197 struct rtentry *); 198 199 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 200 201 static void bridge_timer(void *); 202 203 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 204 struct mbuf *, int); 205 static void bridge_span(struct bridge_softc *, struct mbuf *); 206 207 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 208 struct ifnet *, int, uint8_t); 209 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 210 static void bridge_rttrim(struct bridge_softc *); 211 static void bridge_rtage(struct bridge_softc *); 212 static void bridge_rtflush(struct bridge_softc *, int); 213 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 214 215 static int bridge_rtable_init(struct bridge_softc *); 216 static void bridge_rtable_fini(struct bridge_softc *); 217 218 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 219 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 220 const uint8_t *); 221 static int bridge_rtnode_insert(struct bridge_softc *, 222 struct bridge_rtnode *); 223 static void bridge_rtnode_destroy(struct bridge_softc *, 224 struct bridge_rtnode *); 225 226 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 227 const char *name); 228 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 229 struct ifnet *ifp); 230 static void bridge_delete_member(struct bridge_softc *, 231 struct bridge_iflist *, int); 232 static void bridge_delete_span(struct bridge_softc *, 233 struct bridge_iflist *); 234 235 static int bridge_ioctl_add(struct bridge_softc *, void *); 236 static int bridge_ioctl_del(struct bridge_softc *, void *); 237 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 238 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 239 static int bridge_ioctl_scache(struct bridge_softc *, void *); 240 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 241 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 242 static int bridge_ioctl_rts(struct bridge_softc *, void *); 243 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 244 static int bridge_ioctl_sto(struct bridge_softc *, void *); 245 static int bridge_ioctl_gto(struct bridge_softc *, void *); 246 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 247 static int bridge_ioctl_flush(struct bridge_softc *, void *); 248 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 249 static int bridge_ioctl_spri(struct bridge_softc *, void *); 250 static int bridge_ioctl_ght(struct bridge_softc *, void *); 251 static int bridge_ioctl_sht(struct bridge_softc *, void *); 252 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 253 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 254 static int bridge_ioctl_gma(struct bridge_softc *, void *); 255 static int bridge_ioctl_sma(struct bridge_softc *, void *); 256 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 257 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 258 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 259 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 260 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 261 int); 262 static int bridge_ip_checkbasic(struct mbuf **mp); 263 # ifdef INET6 264 static int bridge_ip6_checkbasic(struct mbuf **mp); 265 # endif /* INET6 */ 266 267 SYSCTL_DECL(_net_link); 268 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 269 270 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 271 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 272 static int pfil_member = 1; /* run pfil hooks on the member interface */ 273 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 274 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 275 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 276 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 277 &pfil_bridge, 0, "Packet filter on the bridge interface"); 278 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 279 &pfil_member, 0, "Packet filter on the member interface"); 280 281 struct bridge_control { 282 int (*bc_func)(struct bridge_softc *, void *); 283 int bc_argsize; 284 int bc_flags; 285 }; 286 287 #define BC_F_COPYIN 0x01 /* copy arguments in */ 288 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 289 #define BC_F_SUSER 0x04 /* do super-user check */ 290 291 const struct bridge_control bridge_control_table[] = { 292 { bridge_ioctl_add, sizeof(struct ifbreq), 293 BC_F_COPYIN|BC_F_SUSER }, 294 { bridge_ioctl_del, sizeof(struct ifbreq), 295 BC_F_COPYIN|BC_F_SUSER }, 296 297 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 298 BC_F_COPYIN|BC_F_COPYOUT }, 299 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 300 BC_F_COPYIN|BC_F_SUSER }, 301 302 { bridge_ioctl_scache, sizeof(struct ifbrparam), 303 BC_F_COPYIN|BC_F_SUSER }, 304 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 305 BC_F_COPYOUT }, 306 307 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 308 BC_F_COPYIN|BC_F_COPYOUT }, 309 { bridge_ioctl_rts, sizeof(struct ifbaconf), 310 BC_F_COPYIN|BC_F_COPYOUT }, 311 312 { bridge_ioctl_saddr, sizeof(struct ifbareq), 313 BC_F_COPYIN|BC_F_SUSER }, 314 315 { bridge_ioctl_sto, sizeof(struct ifbrparam), 316 BC_F_COPYIN|BC_F_SUSER }, 317 { bridge_ioctl_gto, sizeof(struct ifbrparam), 318 BC_F_COPYOUT }, 319 320 { bridge_ioctl_daddr, sizeof(struct ifbareq), 321 BC_F_COPYIN|BC_F_SUSER }, 322 323 { bridge_ioctl_flush, sizeof(struct ifbreq), 324 BC_F_COPYIN|BC_F_SUSER }, 325 326 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 327 BC_F_COPYOUT }, 328 { bridge_ioctl_spri, sizeof(struct ifbrparam), 329 BC_F_COPYIN|BC_F_SUSER }, 330 331 { bridge_ioctl_ght, sizeof(struct ifbrparam), 332 BC_F_COPYOUT }, 333 { bridge_ioctl_sht, sizeof(struct ifbrparam), 334 BC_F_COPYIN|BC_F_SUSER }, 335 336 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 337 BC_F_COPYOUT }, 338 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 339 BC_F_COPYIN|BC_F_SUSER }, 340 341 { bridge_ioctl_gma, sizeof(struct ifbrparam), 342 BC_F_COPYOUT }, 343 { bridge_ioctl_sma, sizeof(struct ifbrparam), 344 BC_F_COPYIN|BC_F_SUSER }, 345 346 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 347 BC_F_COPYIN|BC_F_SUSER }, 348 349 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 350 BC_F_COPYIN|BC_F_SUSER }, 351 352 { bridge_ioctl_addspan, sizeof(struct ifbreq), 353 BC_F_COPYIN|BC_F_SUSER }, 354 { bridge_ioctl_delspan, sizeof(struct ifbreq), 355 BC_F_COPYIN|BC_F_SUSER }, 356 }; 357 const int bridge_control_table_size = 358 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 359 360 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 361 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 362 363 LIST_HEAD(, bridge_softc) bridge_list; 364 365 IFC_SIMPLE_DECLARE(bridge, 0); 366 367 static int 368 bridge_modevent(module_t mod, int type, void *data) 369 { 370 371 switch (type) { 372 case MOD_LOAD: 373 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 374 if_clone_attach(&bridge_cloner); 375 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 376 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 377 UMA_ALIGN_PTR, 0); 378 LIST_INIT(&bridge_list); 379 bridge_input_p = bridge_input; 380 bridge_output_p = bridge_output; 381 bridge_dn_p = bridge_dummynet; 382 bstp_linkstate_p = bstp_linkstate; 383 bridge_detach_cookie = EVENTHANDLER_REGISTER( 384 ifnet_departure_event, bridge_ifdetach, NULL, 385 EVENTHANDLER_PRI_ANY); 386 break; 387 case MOD_UNLOAD: 388 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 389 bridge_detach_cookie); 390 if_clone_detach(&bridge_cloner); 391 uma_zdestroy(bridge_rtnode_zone); 392 bridge_input_p = NULL; 393 bridge_output_p = NULL; 394 bridge_dn_p = NULL; 395 bstp_linkstate_p = NULL; 396 mtx_destroy(&bridge_list_mtx); 397 break; 398 default: 399 return EOPNOTSUPP; 400 } 401 return 0; 402 } 403 404 static moduledata_t bridge_mod = { 405 "if_bridge", 406 bridge_modevent, 407 0 408 }; 409 410 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 411 412 /* 413 * handler for net.link.bridge.pfil_ipfw 414 */ 415 static int 416 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 417 { 418 int enable = pfil_ipfw; 419 int error; 420 421 error = sysctl_handle_int(oidp, &enable, 0, req); 422 enable = (enable) ? 1 : 0; 423 424 if (enable != pfil_ipfw) { 425 pfil_ipfw = enable; 426 427 /* 428 * Disable pfil so that ipfw doesnt run twice, if the user 429 * really wants both then they can re-enable pfil_bridge and/or 430 * pfil_member. Also allow non-ip packets as ipfw can filter by 431 * layer2 type. 432 */ 433 if (pfil_ipfw) { 434 pfil_onlyip = 0; 435 pfil_bridge = 0; 436 pfil_member = 0; 437 } 438 } 439 440 return error; 441 } 442 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 443 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 444 445 /* 446 * bridge_clone_create: 447 * 448 * Create a new bridge instance. 449 */ 450 static int 451 bridge_clone_create(struct if_clone *ifc, int unit) 452 { 453 struct bridge_softc *sc, *sc2; 454 struct ifnet *bifp, *ifp; 455 u_char eaddr[6]; 456 int retry; 457 458 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 459 BRIDGE_LOCK_INIT(sc); 460 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 461 if (ifp == NULL) { 462 free(sc, M_DEVBUF); 463 return (ENOSPC); 464 } 465 466 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 467 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 468 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 469 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 470 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 471 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 472 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 473 474 /* Initialize our routing table. */ 475 bridge_rtable_init(sc); 476 477 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 478 callout_init_mtx(&sc->sc_bstpcallout, &sc->sc_mtx, 0); 479 480 LIST_INIT(&sc->sc_iflist); 481 LIST_INIT(&sc->sc_spanlist); 482 483 ifp->if_softc = sc; 484 if_initname(ifp, ifc->ifc_name, unit); 485 ifp->if_mtu = ETHERMTU; 486 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 487 ifp->if_ioctl = bridge_ioctl; 488 ifp->if_output = bridge_output; 489 ifp->if_start = bridge_start; 490 ifp->if_init = bridge_init; 491 ifp->if_type = IFT_BRIDGE; 492 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 493 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 494 IFQ_SET_READY(&ifp->if_snd); 495 ifp->if_hdrlen = ETHER_HDR_LEN; 496 497 /* 498 * Generate a random ethernet address and use the private AC:DE:48 499 * OUI code. 500 * 501 * Since we are using random ethernet addresses for the bridge, it is 502 * possible that we might have address collisions, so make sure that 503 * this hardware address isn't already in use on another bridge. 504 */ 505 for (retry = 1; retry != 0;) { 506 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 507 eaddr[0] = 0xAC; 508 eaddr[1] = 0xDE; 509 eaddr[2] = 0x48; 510 retry = 0; 511 mtx_lock(&bridge_list_mtx); 512 LIST_FOREACH(sc2, &bridge_list, sc_list) { 513 bifp = sc2->sc_ifp; 514 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 515 retry = 1; 516 } 517 mtx_unlock(&bridge_list_mtx); 518 } 519 520 ether_ifattach(ifp, eaddr); 521 /* Now undo some of the damage... */ 522 ifp->if_baudrate = 0; 523 ifp->if_type = IFT_BRIDGE; 524 525 mtx_lock(&bridge_list_mtx); 526 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 527 mtx_unlock(&bridge_list_mtx); 528 529 return (0); 530 } 531 532 /* 533 * bridge_clone_destroy: 534 * 535 * Destroy a bridge instance. 536 */ 537 static void 538 bridge_clone_destroy(struct ifnet *ifp) 539 { 540 struct bridge_softc *sc = ifp->if_softc; 541 struct bridge_iflist *bif; 542 543 BRIDGE_LOCK(sc); 544 545 bridge_stop(ifp, 1); 546 ifp->if_flags &= ~IFF_UP; 547 548 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 549 bridge_delete_member(sc, bif, 0); 550 551 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 552 bridge_delete_span(sc, bif); 553 } 554 555 BRIDGE_UNLOCK(sc); 556 557 callout_drain(&sc->sc_brcallout); 558 callout_drain(&sc->sc_bstpcallout); 559 560 mtx_lock(&bridge_list_mtx); 561 LIST_REMOVE(sc, sc_list); 562 mtx_unlock(&bridge_list_mtx); 563 564 ether_ifdetach(ifp); 565 if_free_type(ifp, IFT_ETHER); 566 567 /* Tear down the routing table. */ 568 bridge_rtable_fini(sc); 569 570 BRIDGE_LOCK_DESTROY(sc); 571 free(sc, M_DEVBUF); 572 } 573 574 /* 575 * bridge_ioctl: 576 * 577 * Handle a control request from the operator. 578 */ 579 static int 580 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 581 { 582 struct bridge_softc *sc = ifp->if_softc; 583 struct thread *td = curthread; 584 union { 585 struct ifbreq ifbreq; 586 struct ifbifconf ifbifconf; 587 struct ifbareq ifbareq; 588 struct ifbaconf ifbaconf; 589 struct ifbrparam ifbrparam; 590 } args; 591 struct ifdrv *ifd = (struct ifdrv *) data; 592 const struct bridge_control *bc; 593 int error = 0; 594 595 BRIDGE_LOCK(sc); 596 597 switch (cmd) { 598 599 case SIOCADDMULTI: 600 case SIOCDELMULTI: 601 break; 602 603 case SIOCGDRVSPEC: 604 case SIOCSDRVSPEC: 605 if (ifd->ifd_cmd >= bridge_control_table_size) { 606 error = EINVAL; 607 break; 608 } 609 bc = &bridge_control_table[ifd->ifd_cmd]; 610 611 if (cmd == SIOCGDRVSPEC && 612 (bc->bc_flags & BC_F_COPYOUT) == 0) { 613 error = EINVAL; 614 break; 615 } 616 else if (cmd == SIOCSDRVSPEC && 617 (bc->bc_flags & BC_F_COPYOUT) != 0) { 618 error = EINVAL; 619 break; 620 } 621 622 if (bc->bc_flags & BC_F_SUSER) { 623 error = suser(td); 624 if (error) 625 break; 626 } 627 628 if (ifd->ifd_len != bc->bc_argsize || 629 ifd->ifd_len > sizeof(args)) { 630 error = EINVAL; 631 break; 632 } 633 634 bzero(&args, sizeof args); 635 if (bc->bc_flags & BC_F_COPYIN) { 636 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 637 if (error) 638 break; 639 } 640 641 error = (*bc->bc_func)(sc, &args); 642 if (error) 643 break; 644 645 if (bc->bc_flags & BC_F_COPYOUT) 646 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 647 648 break; 649 650 case SIOCSIFFLAGS: 651 if (!(ifp->if_flags & IFF_UP) && 652 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 653 /* 654 * If interface is marked down and it is running, 655 * then stop and disable it. 656 */ 657 bridge_stop(ifp, 1); 658 } else if ((ifp->if_flags & IFF_UP) && 659 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 660 /* 661 * If interface is marked up and it is stopped, then 662 * start it. 663 */ 664 BRIDGE_UNLOCK(sc); 665 (*ifp->if_init)(sc); 666 } 667 break; 668 669 case SIOCSIFMTU: 670 /* Do not allow the MTU to be changed on the bridge */ 671 error = EINVAL; 672 break; 673 674 default: 675 /* 676 * drop the lock as ether_ioctl() will call bridge_start() and 677 * cause the lock to be recursed. 678 */ 679 BRIDGE_UNLOCK(sc); 680 error = ether_ioctl(ifp, cmd, data); 681 break; 682 } 683 684 if (BRIDGE_LOCKED(sc)) 685 BRIDGE_UNLOCK(sc); 686 687 return (error); 688 } 689 690 /* 691 * bridge_mutecaps: 692 * 693 * Clear or restore unwanted capabilities on the member interface 694 */ 695 static void 696 bridge_mutecaps(struct bridge_iflist *bif, int mute) 697 { 698 struct ifnet *ifp = bif->bif_ifp; 699 struct ifreq ifr; 700 int error; 701 702 if (ifp->if_ioctl == NULL) 703 return; 704 705 bzero(&ifr, sizeof ifr); 706 ifr.ifr_reqcap = ifp->if_capenable; 707 708 if (mute) { 709 /* mask off and save capabilities */ 710 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 711 if (bif->bif_mutecap != 0) 712 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 713 } else 714 /* restore muted capabilities */ 715 ifr.ifr_reqcap |= bif->bif_mutecap; 716 717 718 if (bif->bif_mutecap != 0) { 719 IFF_LOCKGIANT(ifp); 720 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 721 IFF_UNLOCKGIANT(ifp); 722 } 723 } 724 725 726 /* 727 * bridge_lookup_member: 728 * 729 * Lookup a bridge member interface. 730 */ 731 static struct bridge_iflist * 732 bridge_lookup_member(struct bridge_softc *sc, const char *name) 733 { 734 struct bridge_iflist *bif; 735 struct ifnet *ifp; 736 737 BRIDGE_LOCK_ASSERT(sc); 738 739 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 740 ifp = bif->bif_ifp; 741 if (strcmp(ifp->if_xname, name) == 0) 742 return (bif); 743 } 744 745 return (NULL); 746 } 747 748 /* 749 * bridge_lookup_member_if: 750 * 751 * Lookup a bridge member interface by ifnet*. 752 */ 753 static struct bridge_iflist * 754 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 755 { 756 struct bridge_iflist *bif; 757 758 BRIDGE_LOCK_ASSERT(sc); 759 760 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 761 if (bif->bif_ifp == member_ifp) 762 return (bif); 763 } 764 765 return (NULL); 766 } 767 768 /* 769 * bridge_delete_member: 770 * 771 * Delete the specified member interface. 772 */ 773 static void 774 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 775 int gone) 776 { 777 struct ifnet *ifs = bif->bif_ifp; 778 779 BRIDGE_LOCK_ASSERT(sc); 780 781 if (!gone) { 782 switch (ifs->if_type) { 783 case IFT_ETHER: 784 case IFT_L2VLAN: 785 /* 786 * Take the interface out of promiscuous mode. 787 */ 788 (void) ifpromisc(ifs, 0); 789 bridge_mutecaps(bif, 0); 790 break; 791 792 case IFT_GIF: 793 break; 794 795 default: 796 #ifdef DIAGNOSTIC 797 panic("bridge_delete_member: impossible"); 798 #endif 799 break; 800 } 801 } 802 803 ifs->if_bridge = NULL; 804 BRIDGE_XLOCK(sc); 805 LIST_REMOVE(bif, bif_next); 806 BRIDGE_XDROP(sc); 807 808 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 809 810 free(bif, M_DEVBUF); 811 812 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 813 bstp_initialization(sc); 814 } 815 816 /* 817 * bridge_delete_span: 818 * 819 * Delete the specified span interface. 820 */ 821 static void 822 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 823 { 824 BRIDGE_LOCK_ASSERT(sc); 825 826 KASSERT(bif->bif_ifp->if_bridge == NULL, 827 ("%s: not a span interface", __func__)); 828 829 LIST_REMOVE(bif, bif_next); 830 free(bif, M_DEVBUF); 831 } 832 833 static int 834 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 835 { 836 struct ifbreq *req = arg; 837 struct bridge_iflist *bif = NULL; 838 struct ifnet *ifs; 839 int error = 0; 840 841 BRIDGE_LOCK_ASSERT(sc); 842 843 ifs = ifunit(req->ifbr_ifsname); 844 if (ifs == NULL) 845 return (ENOENT); 846 847 /* If it's in the span list, it can't be a member. */ 848 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 849 if (ifs == bif->bif_ifp) 850 return (EBUSY); 851 852 /* Allow the first Ethernet member to define the MTU */ 853 if (ifs->if_type != IFT_GIF) { 854 if (LIST_EMPTY(&sc->sc_iflist)) 855 sc->sc_ifp->if_mtu = ifs->if_mtu; 856 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 857 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 858 ifs->if_xname); 859 return (EINVAL); 860 } 861 } 862 863 if (ifs->if_bridge == sc) 864 return (EEXIST); 865 866 if (ifs->if_bridge != NULL) 867 return (EBUSY); 868 869 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 870 if (bif == NULL) 871 return (ENOMEM); 872 873 bif->bif_ifp = ifs; 874 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 875 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 876 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 877 878 switch (ifs->if_type) { 879 case IFT_ETHER: 880 case IFT_L2VLAN: 881 /* 882 * Place the interface into promiscuous mode. 883 */ 884 error = ifpromisc(ifs, 1); 885 if (error) 886 goto out; 887 888 bridge_mutecaps(bif, 1); 889 break; 890 891 case IFT_GIF: 892 break; 893 894 default: 895 error = EINVAL; 896 goto out; 897 } 898 899 ifs->if_bridge = sc; 900 /* 901 * XXX: XLOCK HERE!?! 902 * 903 * NOTE: insert_***HEAD*** should be safe for the traversals. 904 */ 905 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 906 907 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 908 bstp_initialization(sc); 909 else 910 bstp_stop(sc); 911 912 out: 913 if (error) { 914 if (bif != NULL) 915 free(bif, M_DEVBUF); 916 } 917 return (error); 918 } 919 920 static int 921 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 922 { 923 struct ifbreq *req = arg; 924 struct bridge_iflist *bif; 925 926 BRIDGE_LOCK_ASSERT(sc); 927 928 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 929 if (bif == NULL) 930 return (ENOENT); 931 932 bridge_delete_member(sc, bif, 0); 933 934 return (0); 935 } 936 937 static int 938 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 939 { 940 struct ifbreq *req = arg; 941 struct bridge_iflist *bif; 942 943 BRIDGE_LOCK_ASSERT(sc); 944 945 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 946 if (bif == NULL) 947 return (ENOENT); 948 949 req->ifbr_ifsflags = bif->bif_flags; 950 req->ifbr_state = bif->bif_state; 951 req->ifbr_priority = bif->bif_priority; 952 req->ifbr_path_cost = bif->bif_path_cost; 953 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 954 955 return (0); 956 } 957 958 static int 959 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 960 { 961 struct ifbreq *req = arg; 962 struct bridge_iflist *bif; 963 964 BRIDGE_LOCK_ASSERT(sc); 965 966 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 967 if (bif == NULL) 968 return (ENOENT); 969 970 if (req->ifbr_ifsflags & IFBIF_SPAN) 971 /* SPAN is readonly */ 972 return (EINVAL); 973 974 if (req->ifbr_ifsflags & IFBIF_STP) { 975 switch (bif->bif_ifp->if_type) { 976 case IFT_ETHER: 977 /* These can do spanning tree. */ 978 break; 979 980 default: 981 /* Nothing else can. */ 982 return (EINVAL); 983 } 984 } 985 986 bif->bif_flags = req->ifbr_ifsflags; 987 988 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 989 bstp_initialization(sc); 990 991 return (0); 992 } 993 994 static int 995 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 996 { 997 struct ifbrparam *param = arg; 998 999 BRIDGE_LOCK_ASSERT(sc); 1000 1001 sc->sc_brtmax = param->ifbrp_csize; 1002 bridge_rttrim(sc); 1003 1004 return (0); 1005 } 1006 1007 static int 1008 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1009 { 1010 struct ifbrparam *param = arg; 1011 1012 BRIDGE_LOCK_ASSERT(sc); 1013 1014 param->ifbrp_csize = sc->sc_brtmax; 1015 1016 return (0); 1017 } 1018 1019 static int 1020 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1021 { 1022 struct ifbifconf *bifc = arg; 1023 struct bridge_iflist *bif; 1024 struct ifbreq breq; 1025 int count, len, error = 0; 1026 1027 BRIDGE_LOCK_ASSERT(sc); 1028 1029 count = 0; 1030 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1031 count++; 1032 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1033 count++; 1034 1035 if (bifc->ifbic_len == 0) { 1036 bifc->ifbic_len = sizeof(breq) * count; 1037 return (0); 1038 } 1039 1040 count = 0; 1041 len = bifc->ifbic_len; 1042 bzero(&breq, sizeof breq); 1043 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1044 if (len < sizeof(breq)) 1045 break; 1046 1047 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1048 sizeof(breq.ifbr_ifsname)); 1049 breq.ifbr_ifsflags = bif->bif_flags; 1050 breq.ifbr_state = bif->bif_state; 1051 breq.ifbr_priority = bif->bif_priority; 1052 breq.ifbr_path_cost = bif->bif_path_cost; 1053 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1054 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1055 if (error) 1056 break; 1057 count++; 1058 len -= sizeof(breq); 1059 } 1060 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1061 if (len < sizeof(breq)) 1062 break; 1063 1064 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1065 sizeof(breq.ifbr_ifsname)); 1066 breq.ifbr_ifsflags = bif->bif_flags; 1067 breq.ifbr_state = bif->bif_state; 1068 breq.ifbr_priority = bif->bif_priority; 1069 breq.ifbr_path_cost = bif->bif_path_cost; 1070 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1071 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1072 if (error) 1073 break; 1074 count++; 1075 len -= sizeof(breq); 1076 } 1077 1078 bifc->ifbic_len = sizeof(breq) * count; 1079 return (error); 1080 } 1081 1082 static int 1083 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1084 { 1085 struct ifbaconf *bac = arg; 1086 struct bridge_rtnode *brt; 1087 struct ifbareq bareq; 1088 int count = 0, error = 0, len; 1089 1090 BRIDGE_LOCK_ASSERT(sc); 1091 1092 if (bac->ifbac_len == 0) 1093 return (0); 1094 1095 len = bac->ifbac_len; 1096 bzero(&bareq, sizeof bareq); 1097 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1098 if (len < sizeof(bareq)) 1099 goto out; 1100 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1101 sizeof(bareq.ifba_ifsname)); 1102 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1103 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1104 time_uptime < brt->brt_expire) 1105 bareq.ifba_expire = brt->brt_expire - time_uptime; 1106 else 1107 bareq.ifba_expire = 0; 1108 bareq.ifba_flags = brt->brt_flags; 1109 1110 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1111 if (error) 1112 goto out; 1113 count++; 1114 len -= sizeof(bareq); 1115 } 1116 out: 1117 bac->ifbac_len = sizeof(bareq) * count; 1118 return (error); 1119 } 1120 1121 static int 1122 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1123 { 1124 struct ifbareq *req = arg; 1125 struct bridge_iflist *bif; 1126 int error; 1127 1128 BRIDGE_LOCK_ASSERT(sc); 1129 1130 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1131 if (bif == NULL) 1132 return (ENOENT); 1133 1134 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1135 req->ifba_flags); 1136 1137 return (error); 1138 } 1139 1140 static int 1141 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1142 { 1143 struct ifbrparam *param = arg; 1144 1145 BRIDGE_LOCK_ASSERT(sc); 1146 1147 sc->sc_brttimeout = param->ifbrp_ctime; 1148 1149 return (0); 1150 } 1151 1152 static int 1153 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1154 { 1155 struct ifbrparam *param = arg; 1156 1157 BRIDGE_LOCK_ASSERT(sc); 1158 1159 param->ifbrp_ctime = sc->sc_brttimeout; 1160 1161 return (0); 1162 } 1163 1164 static int 1165 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1166 { 1167 struct ifbareq *req = arg; 1168 1169 BRIDGE_LOCK_ASSERT(sc); 1170 1171 return (bridge_rtdaddr(sc, req->ifba_dst)); 1172 } 1173 1174 static int 1175 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1176 { 1177 struct ifbreq *req = arg; 1178 1179 BRIDGE_LOCK_ASSERT(sc); 1180 1181 bridge_rtflush(sc, req->ifbr_ifsflags); 1182 1183 return (0); 1184 } 1185 1186 static int 1187 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1188 { 1189 struct ifbrparam *param = arg; 1190 1191 BRIDGE_LOCK_ASSERT(sc); 1192 1193 param->ifbrp_prio = sc->sc_bridge_priority; 1194 1195 return (0); 1196 } 1197 1198 static int 1199 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1200 { 1201 struct ifbrparam *param = arg; 1202 1203 BRIDGE_LOCK_ASSERT(sc); 1204 1205 sc->sc_bridge_priority = param->ifbrp_prio; 1206 1207 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1208 bstp_initialization(sc); 1209 1210 return (0); 1211 } 1212 1213 static int 1214 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1215 { 1216 struct ifbrparam *param = arg; 1217 1218 BRIDGE_LOCK_ASSERT(sc); 1219 1220 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1221 1222 return (0); 1223 } 1224 1225 static int 1226 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1227 { 1228 struct ifbrparam *param = arg; 1229 1230 BRIDGE_LOCK_ASSERT(sc); 1231 1232 if (param->ifbrp_hellotime == 0) 1233 return (EINVAL); 1234 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1235 1236 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1237 bstp_initialization(sc); 1238 1239 return (0); 1240 } 1241 1242 static int 1243 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1244 { 1245 struct ifbrparam *param = arg; 1246 1247 BRIDGE_LOCK_ASSERT(sc); 1248 1249 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1250 1251 return (0); 1252 } 1253 1254 static int 1255 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1256 { 1257 struct ifbrparam *param = arg; 1258 1259 BRIDGE_LOCK_ASSERT(sc); 1260 1261 if (param->ifbrp_fwddelay == 0) 1262 return (EINVAL); 1263 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1264 1265 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1266 bstp_initialization(sc); 1267 1268 return (0); 1269 } 1270 1271 static int 1272 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1273 { 1274 struct ifbrparam *param = arg; 1275 1276 BRIDGE_LOCK_ASSERT(sc); 1277 1278 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1279 1280 return (0); 1281 } 1282 1283 static int 1284 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1285 { 1286 struct ifbrparam *param = arg; 1287 1288 BRIDGE_LOCK_ASSERT(sc); 1289 1290 if (param->ifbrp_maxage == 0) 1291 return (EINVAL); 1292 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1293 1294 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1295 bstp_initialization(sc); 1296 1297 return (0); 1298 } 1299 1300 static int 1301 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1302 { 1303 struct ifbreq *req = arg; 1304 struct bridge_iflist *bif; 1305 1306 BRIDGE_LOCK_ASSERT(sc); 1307 1308 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1309 if (bif == NULL) 1310 return (ENOENT); 1311 1312 bif->bif_priority = req->ifbr_priority; 1313 1314 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1315 bstp_initialization(sc); 1316 1317 return (0); 1318 } 1319 1320 static int 1321 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1322 { 1323 struct ifbreq *req = arg; 1324 struct bridge_iflist *bif; 1325 1326 BRIDGE_LOCK_ASSERT(sc); 1327 1328 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1329 if (bif == NULL) 1330 return (ENOENT); 1331 1332 bif->bif_path_cost = req->ifbr_path_cost; 1333 1334 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 1335 bstp_initialization(sc); 1336 1337 return (0); 1338 } 1339 1340 static int 1341 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1342 { 1343 struct ifbreq *req = arg; 1344 struct bridge_iflist *bif = NULL; 1345 struct ifnet *ifs; 1346 1347 BRIDGE_LOCK_ASSERT(sc); 1348 1349 ifs = ifunit(req->ifbr_ifsname); 1350 if (ifs == NULL) 1351 return (ENOENT); 1352 1353 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1354 if (ifs == bif->bif_ifp) 1355 return (EBUSY); 1356 1357 if (ifs->if_bridge != NULL) 1358 return (EBUSY); 1359 1360 switch (ifs->if_type) { 1361 case IFT_ETHER: 1362 case IFT_L2VLAN: 1363 break; 1364 default: 1365 return (EINVAL); 1366 } 1367 1368 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1369 if (bif == NULL) 1370 return (ENOMEM); 1371 1372 bif->bif_ifp = ifs; 1373 bif->bif_flags = IFBIF_SPAN; 1374 1375 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1376 1377 return (0); 1378 } 1379 1380 static int 1381 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1382 { 1383 struct ifbreq *req = arg; 1384 struct bridge_iflist *bif; 1385 struct ifnet *ifs; 1386 1387 BRIDGE_LOCK_ASSERT(sc); 1388 1389 ifs = ifunit(req->ifbr_ifsname); 1390 if (ifs == NULL) 1391 return (ENOENT); 1392 1393 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1394 if (ifs == bif->bif_ifp) 1395 break; 1396 1397 if (bif == NULL) 1398 return (ENOENT); 1399 1400 bridge_delete_span(sc, bif); 1401 1402 return (0); 1403 } 1404 1405 /* 1406 * bridge_ifdetach: 1407 * 1408 * Detach an interface from a bridge. Called when a member 1409 * interface is detaching. 1410 */ 1411 static void 1412 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1413 { 1414 struct bridge_softc *sc = ifp->if_bridge; 1415 struct bridge_iflist *bif; 1416 1417 /* Check if the interface is a bridge member */ 1418 if (sc != NULL) { 1419 BRIDGE_LOCK(sc); 1420 1421 bif = bridge_lookup_member_if(sc, ifp); 1422 if (bif != NULL) 1423 bridge_delete_member(sc, bif, 1); 1424 1425 BRIDGE_UNLOCK(sc); 1426 return; 1427 } 1428 1429 /* Check if the interface is a span port */ 1430 mtx_lock(&bridge_list_mtx); 1431 LIST_FOREACH(sc, &bridge_list, sc_list) { 1432 BRIDGE_LOCK(sc); 1433 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1434 if (ifp == bif->bif_ifp) { 1435 bridge_delete_span(sc, bif); 1436 break; 1437 } 1438 1439 BRIDGE_UNLOCK(sc); 1440 } 1441 mtx_unlock(&bridge_list_mtx); 1442 } 1443 1444 /* 1445 * bridge_init: 1446 * 1447 * Initialize a bridge interface. 1448 */ 1449 static void 1450 bridge_init(void *xsc) 1451 { 1452 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1453 struct ifnet *ifp = sc->sc_ifp; 1454 1455 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1456 return; 1457 1458 BRIDGE_LOCK(sc); 1459 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1460 bridge_timer, sc); 1461 1462 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1463 bstp_initialization(sc); 1464 BRIDGE_UNLOCK(sc); 1465 return; 1466 } 1467 1468 /* 1469 * bridge_stop: 1470 * 1471 * Stop the bridge interface. 1472 */ 1473 static void 1474 bridge_stop(struct ifnet *ifp, int disable) 1475 { 1476 struct bridge_softc *sc = ifp->if_softc; 1477 1478 BRIDGE_LOCK_ASSERT(sc); 1479 1480 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1481 return; 1482 1483 callout_stop(&sc->sc_brcallout); 1484 bstp_stop(sc); 1485 1486 bridge_rtflush(sc, IFBF_FLUSHDYN); 1487 1488 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1489 } 1490 1491 /* 1492 * bridge_enqueue: 1493 * 1494 * Enqueue a packet on a bridge member interface. 1495 * 1496 */ 1497 __inline void 1498 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1499 { 1500 int len, err; 1501 short mflags; 1502 1503 len = m->m_pkthdr.len; 1504 mflags = m->m_flags; 1505 1506 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1507 if (err == 0) { 1508 1509 sc->sc_ifp->if_opackets++; 1510 sc->sc_ifp->if_obytes += len; 1511 1512 dst_ifp->if_obytes += len; 1513 1514 if (mflags & M_MCAST) { 1515 sc->sc_ifp->if_omcasts++; 1516 dst_ifp->if_omcasts++; 1517 } 1518 } 1519 1520 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1521 (*dst_ifp->if_start)(dst_ifp); 1522 } 1523 1524 /* 1525 * bridge_dummynet: 1526 * 1527 * Receive a queued packet from dummynet and pass it on to the output 1528 * interface. 1529 * 1530 * The mbuf has the Ethernet header already attached. 1531 */ 1532 static void 1533 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1534 { 1535 struct bridge_softc *sc; 1536 1537 sc = ifp->if_bridge; 1538 1539 /* 1540 * The packet didnt originate from a member interface. This should only 1541 * ever happen if a member interface is removed while packets are 1542 * queued for it. 1543 */ 1544 if (sc == NULL) { 1545 m_freem(m); 1546 return; 1547 } 1548 1549 if (PFIL_HOOKED(&inet_pfil_hook) 1550 #ifdef INET6 1551 || PFIL_HOOKED(&inet6_pfil_hook) 1552 #endif 1553 ) { 1554 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1555 return; 1556 if (m == NULL) 1557 return; 1558 } 1559 1560 bridge_enqueue(sc, ifp, m); 1561 } 1562 1563 /* 1564 * bridge_output: 1565 * 1566 * Send output from a bridge member interface. This 1567 * performs the bridging function for locally originated 1568 * packets. 1569 * 1570 * The mbuf has the Ethernet header already attached. We must 1571 * enqueue or free the mbuf before returning. 1572 */ 1573 static int 1574 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1575 struct rtentry *rt) 1576 { 1577 struct ether_header *eh; 1578 struct ifnet *dst_if; 1579 struct bridge_softc *sc; 1580 1581 if (m->m_len < ETHER_HDR_LEN) { 1582 m = m_pullup(m, ETHER_HDR_LEN); 1583 if (m == NULL) 1584 return (0); 1585 } 1586 1587 eh = mtod(m, struct ether_header *); 1588 sc = ifp->if_bridge; 1589 1590 BRIDGE_LOCK(sc); 1591 1592 /* 1593 * If bridge is down, but the original output interface is up, 1594 * go ahead and send out that interface. Otherwise, the packet 1595 * is dropped below. 1596 */ 1597 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1598 dst_if = ifp; 1599 goto sendunicast; 1600 } 1601 1602 /* 1603 * If the packet is a multicast, or we don't know a better way to 1604 * get there, send to all interfaces. 1605 */ 1606 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1607 dst_if = NULL; 1608 else 1609 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1610 if (dst_if == NULL) { 1611 struct bridge_iflist *bif; 1612 struct mbuf *mc; 1613 int error = 0, used = 0; 1614 1615 BRIDGE_LOCK2REF(sc, error); 1616 if (error) { 1617 m_freem(m); 1618 return (0); 1619 } 1620 1621 bridge_span(sc, m); 1622 1623 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1624 dst_if = bif->bif_ifp; 1625 1626 if (dst_if->if_type == IFT_GIF) 1627 continue; 1628 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1629 continue; 1630 1631 /* 1632 * If this is not the original output interface, 1633 * and the interface is participating in spanning 1634 * tree, make sure the port is in a state that 1635 * allows forwarding. 1636 */ 1637 if (dst_if != ifp && 1638 (bif->bif_flags & IFBIF_STP) != 0) { 1639 switch (bif->bif_state) { 1640 case BSTP_IFSTATE_BLOCKING: 1641 case BSTP_IFSTATE_LISTENING: 1642 case BSTP_IFSTATE_DISABLED: 1643 continue; 1644 } 1645 } 1646 1647 if (LIST_NEXT(bif, bif_next) == NULL) { 1648 used = 1; 1649 mc = m; 1650 } else { 1651 mc = m_copypacket(m, M_DONTWAIT); 1652 if (mc == NULL) { 1653 sc->sc_ifp->if_oerrors++; 1654 continue; 1655 } 1656 } 1657 1658 bridge_enqueue(sc, dst_if, mc); 1659 } 1660 if (used == 0) 1661 m_freem(m); 1662 BRIDGE_UNREF(sc); 1663 return (0); 1664 } 1665 1666 sendunicast: 1667 /* 1668 * XXX Spanning tree consideration here? 1669 */ 1670 1671 bridge_span(sc, m); 1672 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1673 m_freem(m); 1674 BRIDGE_UNLOCK(sc); 1675 return (0); 1676 } 1677 1678 BRIDGE_UNLOCK(sc); 1679 bridge_enqueue(sc, dst_if, m); 1680 return (0); 1681 } 1682 1683 /* 1684 * bridge_start: 1685 * 1686 * Start output on a bridge. 1687 * 1688 */ 1689 static void 1690 bridge_start(struct ifnet *ifp) 1691 { 1692 struct bridge_softc *sc; 1693 struct mbuf *m; 1694 struct ether_header *eh; 1695 struct ifnet *dst_if; 1696 1697 sc = ifp->if_softc; 1698 1699 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1700 for (;;) { 1701 IFQ_DEQUEUE(&ifp->if_snd, m); 1702 if (m == 0) 1703 break; 1704 BPF_MTAP(ifp, m); 1705 1706 eh = mtod(m, struct ether_header *); 1707 dst_if = NULL; 1708 1709 BRIDGE_LOCK(sc); 1710 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1711 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1712 } 1713 1714 if (dst_if == NULL) 1715 bridge_broadcast(sc, ifp, m, 0); 1716 else { 1717 BRIDGE_UNLOCK(sc); 1718 bridge_enqueue(sc, dst_if, m); 1719 } 1720 } 1721 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1722 1723 return; 1724 } 1725 1726 /* 1727 * bridge_forward: 1728 * 1729 * The forwarding function of the bridge. 1730 * 1731 * NOTE: Releases the lock on return. 1732 */ 1733 static void 1734 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1735 { 1736 struct bridge_iflist *bif; 1737 struct ifnet *src_if, *dst_if, *ifp; 1738 struct ether_header *eh; 1739 1740 src_if = m->m_pkthdr.rcvif; 1741 BRIDGE_LOCK_ASSERT(sc); 1742 ifp = sc->sc_ifp; 1743 1744 sc->sc_ifp->if_ipackets++; 1745 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1746 1747 /* 1748 * Look up the bridge_iflist. 1749 */ 1750 bif = bridge_lookup_member_if(sc, src_if); 1751 if (bif == NULL) { 1752 /* Interface is not a bridge member (anymore?) */ 1753 BRIDGE_UNLOCK(sc); 1754 m_freem(m); 1755 return; 1756 } 1757 1758 if (bif->bif_flags & IFBIF_STP) { 1759 switch (bif->bif_state) { 1760 case BSTP_IFSTATE_BLOCKING: 1761 case BSTP_IFSTATE_LISTENING: 1762 case BSTP_IFSTATE_DISABLED: 1763 BRIDGE_UNLOCK(sc); 1764 m_freem(m); 1765 return; 1766 } 1767 } 1768 1769 eh = mtod(m, struct ether_header *); 1770 1771 /* 1772 * If the interface is learning, and the source 1773 * address is valid and not multicast, record 1774 * the address. 1775 */ 1776 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1777 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1778 (eh->ether_shost[0] == 0 && 1779 eh->ether_shost[1] == 0 && 1780 eh->ether_shost[2] == 0 && 1781 eh->ether_shost[3] == 0 && 1782 eh->ether_shost[4] == 0 && 1783 eh->ether_shost[5] == 0) == 0) { 1784 (void) bridge_rtupdate(sc, eh->ether_shost, 1785 src_if, 0, IFBAF_DYNAMIC); 1786 } 1787 1788 if ((bif->bif_flags & IFBIF_STP) != 0 && 1789 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1790 m_freem(m); 1791 BRIDGE_UNLOCK(sc); 1792 return; 1793 } 1794 1795 /* 1796 * At this point, the port either doesn't participate 1797 * in spanning tree or it is in the forwarding state. 1798 */ 1799 1800 /* 1801 * If the packet is unicast, destined for someone on 1802 * "this" side of the bridge, drop it. 1803 */ 1804 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1805 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1806 if (src_if == dst_if) { 1807 BRIDGE_UNLOCK(sc); 1808 m_freem(m); 1809 return; 1810 } 1811 } else { 1812 /* ...forward it to all interfaces. */ 1813 sc->sc_ifp->if_imcasts++; 1814 dst_if = NULL; 1815 } 1816 1817 /* 1818 * If we have a destination interface which is a member of our bridge, 1819 * OR this is a unicast packet, push it through the bpf(4) machinery. 1820 * For broadcast or multicast packets, don't bother because it will 1821 * be reinjected into ether_input. We do this before we pass the packets 1822 * through the pfil(9) framework, as it is possible that pfil(9) will 1823 * drop the packet, or possibly modify it, making it difficult to debug 1824 * firewall issues on the bridge. 1825 */ 1826 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1827 BPF_MTAP(ifp, m); 1828 1829 /* run the packet filter */ 1830 if (PFIL_HOOKED(&inet_pfil_hook) 1831 #ifdef INET6 1832 || PFIL_HOOKED(&inet6_pfil_hook) 1833 #endif 1834 ) { 1835 BRIDGE_UNLOCK(sc); 1836 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1837 return; 1838 if (m == NULL) 1839 return; 1840 BRIDGE_LOCK(sc); 1841 } 1842 1843 if (dst_if == NULL) { 1844 bridge_broadcast(sc, src_if, m, 1); 1845 return; 1846 } 1847 1848 /* 1849 * At this point, we're dealing with a unicast frame 1850 * going to a different interface. 1851 */ 1852 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1853 BRIDGE_UNLOCK(sc); 1854 m_freem(m); 1855 return; 1856 } 1857 bif = bridge_lookup_member_if(sc, dst_if); 1858 if (bif == NULL) { 1859 /* Not a member of the bridge (anymore?) */ 1860 BRIDGE_UNLOCK(sc); 1861 m_freem(m); 1862 return; 1863 } 1864 1865 if (bif->bif_flags & IFBIF_STP) { 1866 switch (bif->bif_state) { 1867 case BSTP_IFSTATE_DISABLED: 1868 case BSTP_IFSTATE_BLOCKING: 1869 BRIDGE_UNLOCK(sc); 1870 m_freem(m); 1871 return; 1872 } 1873 } 1874 1875 BRIDGE_UNLOCK(sc); 1876 1877 if (PFIL_HOOKED(&inet_pfil_hook) 1878 #ifdef INET6 1879 || PFIL_HOOKED(&inet6_pfil_hook) 1880 #endif 1881 ) { 1882 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1883 return; 1884 if (m == NULL) 1885 return; 1886 } 1887 1888 bridge_enqueue(sc, dst_if, m); 1889 } 1890 1891 /* 1892 * bridge_input: 1893 * 1894 * Receive input from a member interface. Queue the packet for 1895 * bridging if it is not for us. 1896 */ 1897 static struct mbuf * 1898 bridge_input(struct ifnet *ifp, struct mbuf *m) 1899 { 1900 struct bridge_softc *sc = ifp->if_bridge; 1901 struct bridge_iflist *bif; 1902 struct ifnet *bifp; 1903 struct ether_header *eh; 1904 struct mbuf *mc, *mc2; 1905 1906 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1907 return (m); 1908 1909 bifp = sc->sc_ifp; 1910 1911 /* 1912 * Implement support for bridge monitoring. If this flag has been 1913 * set on this interface, discard the packet once we push it through 1914 * the bpf(4) machinery, but before we do, increment the byte and 1915 * packet counters associated with this interface. 1916 */ 1917 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1918 m->m_pkthdr.rcvif = bifp; 1919 BPF_MTAP(bifp, m); 1920 bifp->if_ipackets++; 1921 bifp->if_ibytes += m->m_pkthdr.len; 1922 m_free(m); 1923 return (NULL); 1924 } 1925 BRIDGE_LOCK(sc); 1926 bif = bridge_lookup_member_if(sc, ifp); 1927 if (bif == NULL) { 1928 BRIDGE_UNLOCK(sc); 1929 return (m); 1930 } 1931 1932 eh = mtod(m, struct ether_header *); 1933 1934 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 1935 ETHER_ADDR_LEN) == 0) { 1936 /* 1937 * If the packet is for us, set the packets source as the 1938 * bridge, and return the packet back to ether_input for 1939 * local processing. 1940 */ 1941 1942 /* XXX Do we tap the packet for the member interface too? 1943 * BPF_MTAP(&m->m_pkthdr.rcvif, m); 1944 */ 1945 1946 /* Mark the packet as arriving on the bridge interface */ 1947 m->m_pkthdr.rcvif = bifp; 1948 BPF_MTAP(bifp, m); 1949 bifp->if_ipackets++; 1950 1951 BRIDGE_UNLOCK(sc); 1952 return (m); 1953 } 1954 1955 bridge_span(sc, m); 1956 1957 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1958 /* Tap off 802.1D packets; they do not get forwarded. */ 1959 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1960 ETHER_ADDR_LEN) == 0) { 1961 m = bstp_input(ifp, m); 1962 if (m == NULL) { 1963 BRIDGE_UNLOCK(sc); 1964 return (NULL); 1965 } 1966 } 1967 1968 if (bif->bif_flags & IFBIF_STP) { 1969 switch (bif->bif_state) { 1970 case BSTP_IFSTATE_BLOCKING: 1971 case BSTP_IFSTATE_LISTENING: 1972 case BSTP_IFSTATE_DISABLED: 1973 BRIDGE_UNLOCK(sc); 1974 return (m); 1975 } 1976 } 1977 1978 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 1979 sizeof(etherbroadcastaddr)) == 0) 1980 m->m_flags |= M_BCAST; 1981 else 1982 m->m_flags |= M_MCAST; 1983 1984 /* 1985 * Make a deep copy of the packet and enqueue the copy 1986 * for bridge processing; return the original packet for 1987 * local processing. 1988 */ 1989 mc = m_dup(m, M_DONTWAIT); 1990 if (mc == NULL) { 1991 BRIDGE_UNLOCK(sc); 1992 return (m); 1993 } 1994 1995 /* Perform the bridge forwarding function with the copy. */ 1996 bridge_forward(sc, mc); 1997 1998 /* 1999 * Reinject the mbuf as arriving on the bridge so we have a 2000 * chance at claiming multicast packets. We can not loop back 2001 * here from ether_input as a bridge is never a member of a 2002 * bridge. 2003 */ 2004 KASSERT(bifp->if_bridge == NULL, 2005 ("loop created in bridge_input")); 2006 mc2 = m_dup(m, M_DONTWAIT); 2007 if (mc2 != NULL) { 2008 /* Keep the layer3 header aligned */ 2009 int i = min(mc2->m_pkthdr.len, max_protohdr); 2010 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2011 } 2012 if (mc2 != NULL) { 2013 mc2->m_pkthdr.rcvif = bifp; 2014 (*bifp->if_input)(bifp, mc2); 2015 } 2016 2017 /* Return the original packet for local processing. */ 2018 return (m); 2019 } 2020 2021 if (bif->bif_flags & IFBIF_STP) { 2022 switch (bif->bif_state) { 2023 case BSTP_IFSTATE_BLOCKING: 2024 case BSTP_IFSTATE_LISTENING: 2025 case BSTP_IFSTATE_DISABLED: 2026 BRIDGE_UNLOCK(sc); 2027 return (m); 2028 } 2029 } 2030 2031 /* 2032 * Unicast. Make sure it's not for us. 2033 */ 2034 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2035 if (bif->bif_ifp->if_type == IFT_GIF) 2036 continue; 2037 /* It is destined for us. */ 2038 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2039 ETHER_ADDR_LEN) == 0) { 2040 if (bif->bif_flags & IFBIF_LEARNING) 2041 (void) bridge_rtupdate(sc, 2042 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 2043 m->m_pkthdr.rcvif = bif->bif_ifp; 2044 BRIDGE_UNLOCK(sc); 2045 return (m); 2046 } 2047 2048 /* We just received a packet that we sent out. */ 2049 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2050 ETHER_ADDR_LEN) == 0) { 2051 BRIDGE_UNLOCK(sc); 2052 m_freem(m); 2053 return (NULL); 2054 } 2055 } 2056 2057 /* Perform the bridge forwarding function. */ 2058 bridge_forward(sc, m); 2059 2060 return (NULL); 2061 } 2062 2063 /* 2064 * bridge_broadcast: 2065 * 2066 * Send a frame to all interfaces that are members of 2067 * the bridge, except for the one on which the packet 2068 * arrived. 2069 * 2070 * NOTE: Releases the lock on return. 2071 */ 2072 static void 2073 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2074 struct mbuf *m, int runfilt) 2075 { 2076 struct bridge_iflist *bif; 2077 struct mbuf *mc; 2078 struct ifnet *dst_if; 2079 int error = 0, used = 0; 2080 2081 BRIDGE_LOCK_ASSERT(sc); 2082 BRIDGE_LOCK2REF(sc, error); 2083 if (error) { 2084 m_freem(m); 2085 return; 2086 } 2087 2088 /* Filter on the bridge interface before broadcasting */ 2089 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2090 #ifdef INET6 2091 || PFIL_HOOKED(&inet6_pfil_hook) 2092 #endif 2093 )) { 2094 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2095 goto out; 2096 if (m == NULL) 2097 goto out; 2098 } 2099 2100 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2101 dst_if = bif->bif_ifp; 2102 if (dst_if == src_if) 2103 continue; 2104 2105 if (bif->bif_flags & IFBIF_STP) { 2106 switch (bif->bif_state) { 2107 case BSTP_IFSTATE_BLOCKING: 2108 case BSTP_IFSTATE_DISABLED: 2109 continue; 2110 } 2111 } 2112 2113 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2114 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2115 continue; 2116 2117 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2118 continue; 2119 2120 if (LIST_NEXT(bif, bif_next) == NULL) { 2121 mc = m; 2122 used = 1; 2123 } else { 2124 mc = m_copypacket(m, M_DONTWAIT); 2125 if (mc == NULL) { 2126 sc->sc_ifp->if_oerrors++; 2127 continue; 2128 } 2129 } 2130 2131 /* 2132 * Filter on the output interface. Pass a NULL bridge interface 2133 * pointer so we do not redundantly filter on the bridge for 2134 * each interface we broadcast on. 2135 */ 2136 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2137 #ifdef INET6 2138 || PFIL_HOOKED(&inet6_pfil_hook) 2139 #endif 2140 )) { 2141 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2142 continue; 2143 if (mc == NULL) 2144 continue; 2145 } 2146 2147 bridge_enqueue(sc, dst_if, mc); 2148 } 2149 if (used == 0) 2150 m_freem(m); 2151 2152 out: 2153 BRIDGE_UNREF(sc); 2154 } 2155 2156 /* 2157 * bridge_span: 2158 * 2159 * Duplicate a packet out one or more interfaces that are in span mode, 2160 * the original mbuf is unmodified. 2161 */ 2162 static void 2163 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2164 { 2165 struct bridge_iflist *bif; 2166 struct ifnet *dst_if; 2167 struct mbuf *mc; 2168 2169 if (LIST_EMPTY(&sc->sc_spanlist)) 2170 return; 2171 2172 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2173 dst_if = bif->bif_ifp; 2174 2175 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2176 continue; 2177 2178 mc = m_copypacket(m, M_DONTWAIT); 2179 if (mc == NULL) { 2180 sc->sc_ifp->if_oerrors++; 2181 continue; 2182 } 2183 2184 bridge_enqueue(sc, dst_if, mc); 2185 } 2186 } 2187 2188 /* 2189 * bridge_rtupdate: 2190 * 2191 * Add a bridge routing entry. 2192 */ 2193 static int 2194 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2195 struct ifnet *dst_if, int setflags, uint8_t flags) 2196 { 2197 struct bridge_rtnode *brt; 2198 int error; 2199 2200 BRIDGE_LOCK_ASSERT(sc); 2201 2202 /* 2203 * A route for this destination might already exist. If so, 2204 * update it, otherwise create a new one. 2205 */ 2206 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2207 if (sc->sc_brtcnt >= sc->sc_brtmax) 2208 return (ENOSPC); 2209 2210 /* 2211 * Allocate a new bridge forwarding node, and 2212 * initialize the expiration time and Ethernet 2213 * address. 2214 */ 2215 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2216 if (brt == NULL) 2217 return (ENOMEM); 2218 2219 brt->brt_flags = IFBAF_DYNAMIC; 2220 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2221 2222 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2223 uma_zfree(bridge_rtnode_zone, brt); 2224 return (error); 2225 } 2226 } 2227 2228 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2229 brt->brt_ifp = dst_if; 2230 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2231 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2232 if (setflags) 2233 brt->brt_flags = flags; 2234 2235 return (0); 2236 } 2237 2238 /* 2239 * bridge_rtlookup: 2240 * 2241 * Lookup the destination interface for an address. 2242 */ 2243 static struct ifnet * 2244 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2245 { 2246 struct bridge_rtnode *brt; 2247 2248 BRIDGE_LOCK_ASSERT(sc); 2249 2250 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2251 return (NULL); 2252 2253 return (brt->brt_ifp); 2254 } 2255 2256 /* 2257 * bridge_rttrim: 2258 * 2259 * Trim the routine table so that we have a number 2260 * of routing entries less than or equal to the 2261 * maximum number. 2262 */ 2263 static void 2264 bridge_rttrim(struct bridge_softc *sc) 2265 { 2266 struct bridge_rtnode *brt, *nbrt; 2267 2268 BRIDGE_LOCK_ASSERT(sc); 2269 2270 /* Make sure we actually need to do this. */ 2271 if (sc->sc_brtcnt <= sc->sc_brtmax) 2272 return; 2273 2274 /* Force an aging cycle; this might trim enough addresses. */ 2275 bridge_rtage(sc); 2276 if (sc->sc_brtcnt <= sc->sc_brtmax) 2277 return; 2278 2279 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2280 nbrt = LIST_NEXT(brt, brt_list); 2281 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2282 bridge_rtnode_destroy(sc, brt); 2283 if (sc->sc_brtcnt <= sc->sc_brtmax) 2284 return; 2285 } 2286 } 2287 } 2288 2289 /* 2290 * bridge_timer: 2291 * 2292 * Aging timer for the bridge. 2293 */ 2294 static void 2295 bridge_timer(void *arg) 2296 { 2297 struct bridge_softc *sc = arg; 2298 2299 BRIDGE_LOCK_ASSERT(sc); 2300 2301 bridge_rtage(sc); 2302 2303 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2304 callout_reset(&sc->sc_brcallout, 2305 bridge_rtable_prune_period * hz, bridge_timer, sc); 2306 } 2307 2308 /* 2309 * bridge_rtage: 2310 * 2311 * Perform an aging cycle. 2312 */ 2313 static void 2314 bridge_rtage(struct bridge_softc *sc) 2315 { 2316 struct bridge_rtnode *brt, *nbrt; 2317 2318 BRIDGE_LOCK_ASSERT(sc); 2319 2320 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2321 nbrt = LIST_NEXT(brt, brt_list); 2322 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2323 if (time_uptime >= brt->brt_expire) 2324 bridge_rtnode_destroy(sc, brt); 2325 } 2326 } 2327 } 2328 2329 /* 2330 * bridge_rtflush: 2331 * 2332 * Remove all dynamic addresses from the bridge. 2333 */ 2334 static void 2335 bridge_rtflush(struct bridge_softc *sc, int full) 2336 { 2337 struct bridge_rtnode *brt, *nbrt; 2338 2339 BRIDGE_LOCK_ASSERT(sc); 2340 2341 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2342 nbrt = LIST_NEXT(brt, brt_list); 2343 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2344 bridge_rtnode_destroy(sc, brt); 2345 } 2346 } 2347 2348 /* 2349 * bridge_rtdaddr: 2350 * 2351 * Remove an address from the table. 2352 */ 2353 static int 2354 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2355 { 2356 struct bridge_rtnode *brt; 2357 2358 BRIDGE_LOCK_ASSERT(sc); 2359 2360 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2361 return (ENOENT); 2362 2363 bridge_rtnode_destroy(sc, brt); 2364 return (0); 2365 } 2366 2367 /* 2368 * bridge_rtdelete: 2369 * 2370 * Delete routes to a speicifc member interface. 2371 */ 2372 void 2373 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2374 { 2375 struct bridge_rtnode *brt, *nbrt; 2376 2377 BRIDGE_LOCK_ASSERT(sc); 2378 2379 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2380 nbrt = LIST_NEXT(brt, brt_list); 2381 if (brt->brt_ifp == ifp && (full || 2382 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2383 bridge_rtnode_destroy(sc, brt); 2384 } 2385 } 2386 2387 /* 2388 * bridge_rtable_init: 2389 * 2390 * Initialize the route table for this bridge. 2391 */ 2392 static int 2393 bridge_rtable_init(struct bridge_softc *sc) 2394 { 2395 int i; 2396 2397 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2398 M_DEVBUF, M_NOWAIT); 2399 if (sc->sc_rthash == NULL) 2400 return (ENOMEM); 2401 2402 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2403 LIST_INIT(&sc->sc_rthash[i]); 2404 2405 sc->sc_rthash_key = arc4random(); 2406 2407 LIST_INIT(&sc->sc_rtlist); 2408 2409 return (0); 2410 } 2411 2412 /* 2413 * bridge_rtable_fini: 2414 * 2415 * Deconstruct the route table for this bridge. 2416 */ 2417 static void 2418 bridge_rtable_fini(struct bridge_softc *sc) 2419 { 2420 2421 free(sc->sc_rthash, M_DEVBUF); 2422 } 2423 2424 /* 2425 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2426 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2427 */ 2428 #define mix(a, b, c) \ 2429 do { \ 2430 a -= b; a -= c; a ^= (c >> 13); \ 2431 b -= c; b -= a; b ^= (a << 8); \ 2432 c -= a; c -= b; c ^= (b >> 13); \ 2433 a -= b; a -= c; a ^= (c >> 12); \ 2434 b -= c; b -= a; b ^= (a << 16); \ 2435 c -= a; c -= b; c ^= (b >> 5); \ 2436 a -= b; a -= c; a ^= (c >> 3); \ 2437 b -= c; b -= a; b ^= (a << 10); \ 2438 c -= a; c -= b; c ^= (b >> 15); \ 2439 } while (/*CONSTCOND*/0) 2440 2441 static __inline uint32_t 2442 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2443 { 2444 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2445 2446 b += addr[5] << 8; 2447 b += addr[4]; 2448 a += addr[3] << 24; 2449 a += addr[2] << 16; 2450 a += addr[1] << 8; 2451 a += addr[0]; 2452 2453 mix(a, b, c); 2454 2455 return (c & BRIDGE_RTHASH_MASK); 2456 } 2457 2458 #undef mix 2459 2460 static int 2461 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2462 { 2463 int i, d; 2464 2465 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2466 d = ((int)a[i]) - ((int)b[i]); 2467 } 2468 2469 return (d); 2470 } 2471 2472 /* 2473 * bridge_rtnode_lookup: 2474 * 2475 * Look up a bridge route node for the specified destination. 2476 */ 2477 static struct bridge_rtnode * 2478 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2479 { 2480 struct bridge_rtnode *brt; 2481 uint32_t hash; 2482 int dir; 2483 2484 BRIDGE_LOCK_ASSERT(sc); 2485 2486 hash = bridge_rthash(sc, addr); 2487 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2488 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2489 if (dir == 0) 2490 return (brt); 2491 if (dir > 0) 2492 return (NULL); 2493 } 2494 2495 return (NULL); 2496 } 2497 2498 /* 2499 * bridge_rtnode_insert: 2500 * 2501 * Insert the specified bridge node into the route table. We 2502 * assume the entry is not already in the table. 2503 */ 2504 static int 2505 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2506 { 2507 struct bridge_rtnode *lbrt; 2508 uint32_t hash; 2509 int dir; 2510 2511 BRIDGE_LOCK_ASSERT(sc); 2512 2513 hash = bridge_rthash(sc, brt->brt_addr); 2514 2515 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2516 if (lbrt == NULL) { 2517 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2518 goto out; 2519 } 2520 2521 do { 2522 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2523 if (dir == 0) 2524 return (EEXIST); 2525 if (dir > 0) { 2526 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2527 goto out; 2528 } 2529 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2530 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2531 goto out; 2532 } 2533 lbrt = LIST_NEXT(lbrt, brt_hash); 2534 } while (lbrt != NULL); 2535 2536 #ifdef DIAGNOSTIC 2537 panic("bridge_rtnode_insert: impossible"); 2538 #endif 2539 2540 out: 2541 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2542 sc->sc_brtcnt++; 2543 2544 return (0); 2545 } 2546 2547 /* 2548 * bridge_rtnode_destroy: 2549 * 2550 * Destroy a bridge rtnode. 2551 */ 2552 static void 2553 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2554 { 2555 BRIDGE_LOCK_ASSERT(sc); 2556 2557 LIST_REMOVE(brt, brt_hash); 2558 2559 LIST_REMOVE(brt, brt_list); 2560 sc->sc_brtcnt--; 2561 uma_zfree(bridge_rtnode_zone, brt); 2562 } 2563 2564 /* 2565 * Send bridge packets through pfil if they are one of the types pfil can deal 2566 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2567 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2568 * that interface. 2569 */ 2570 static int 2571 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2572 { 2573 int snap, error, i; 2574 struct ether_header *eh1, eh2; 2575 struct ip_fw_args args; 2576 struct ip *ip; 2577 struct llc llc1; 2578 u_int16_t ether_type; 2579 2580 snap = 0; 2581 error = -1; /* Default error if not error == 0 */ 2582 2583 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2584 return 0; /* filtering is disabled */ 2585 2586 i = min((*mp)->m_pkthdr.len, max_protohdr); 2587 if ((*mp)->m_len < i) { 2588 *mp = m_pullup(*mp, i); 2589 if (*mp == NULL) { 2590 printf("%s: m_pullup failed\n", __func__); 2591 return -1; 2592 } 2593 } 2594 2595 eh1 = mtod(*mp, struct ether_header *); 2596 ether_type = ntohs(eh1->ether_type); 2597 2598 /* 2599 * Check for SNAP/LLC. 2600 */ 2601 if (ether_type < ETHERMTU) { 2602 struct llc *llc2 = (struct llc *)(eh1 + 1); 2603 2604 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2605 llc2->llc_dsap == LLC_SNAP_LSAP && 2606 llc2->llc_ssap == LLC_SNAP_LSAP && 2607 llc2->llc_control == LLC_UI) { 2608 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2609 snap = 1; 2610 } 2611 } 2612 2613 /* 2614 * If we're trying to filter bridge traffic, don't look at anything 2615 * other than IP and ARP traffic. If the filter doesn't understand 2616 * IPv6, don't allow IPv6 through the bridge either. This is lame 2617 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2618 * but of course we don't have an AppleTalk filter to begin with. 2619 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2620 * ARP traffic.) 2621 */ 2622 switch (ether_type) { 2623 case ETHERTYPE_ARP: 2624 case ETHERTYPE_REVARP: 2625 return 0; /* Automatically pass */ 2626 case ETHERTYPE_IP: 2627 # ifdef INET6 2628 case ETHERTYPE_IPV6: 2629 # endif /* INET6 */ 2630 break; 2631 default: 2632 /* 2633 * Check to see if the user wants to pass non-ip 2634 * packets, these will not be checked by pfil(9) and 2635 * passed unconditionally so the default is to drop. 2636 */ 2637 if (pfil_onlyip) 2638 goto bad; 2639 } 2640 2641 /* Strip off the Ethernet header and keep a copy. */ 2642 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2643 m_adj(*mp, ETHER_HDR_LEN); 2644 2645 /* Strip off snap header, if present */ 2646 if (snap) { 2647 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2648 m_adj(*mp, sizeof(struct llc)); 2649 } 2650 2651 /* 2652 * Check the IP header for alignment and errors 2653 */ 2654 if (dir == PFIL_IN) { 2655 switch (ether_type) { 2656 case ETHERTYPE_IP: 2657 error = bridge_ip_checkbasic(mp); 2658 break; 2659 # ifdef INET6 2660 case ETHERTYPE_IPV6: 2661 error = bridge_ip6_checkbasic(mp); 2662 break; 2663 # endif /* INET6 */ 2664 default: 2665 error = 0; 2666 } 2667 if (error) 2668 goto bad; 2669 } 2670 2671 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2672 error = -1; 2673 args.rule = ip_dn_claim_rule(*mp); 2674 if (args.rule != NULL && fw_one_pass) 2675 goto ipfwpass; /* packet already partially processed */ 2676 2677 args.m = *mp; 2678 args.oif = ifp; 2679 args.next_hop = NULL; 2680 args.eh = &eh2; 2681 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2682 i = ip_fw_chk_ptr(&args); 2683 *mp = args.m; 2684 2685 if (*mp == NULL) 2686 return error; 2687 2688 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2689 2690 /* put the Ethernet header back on */ 2691 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2692 if (*mp == NULL) 2693 return error; 2694 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2695 2696 /* 2697 * Pass the pkt to dummynet, which consumes it. The 2698 * packet will return to us via bridge_dummynet(). 2699 */ 2700 args.oif = ifp; 2701 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2702 return error; 2703 } 2704 2705 if (i != IP_FW_PASS) /* drop */ 2706 goto bad; 2707 } 2708 2709 ipfwpass: 2710 error = 0; 2711 2712 /* 2713 * Run the packet through pfil 2714 */ 2715 switch (ether_type) 2716 { 2717 case ETHERTYPE_IP : 2718 /* 2719 * before calling the firewall, swap fields the same as 2720 * IP does. here we assume the header is contiguous 2721 */ 2722 ip = mtod(*mp, struct ip *); 2723 2724 ip->ip_len = ntohs(ip->ip_len); 2725 ip->ip_off = ntohs(ip->ip_off); 2726 2727 /* 2728 * Run pfil on the member interface and the bridge, both can 2729 * be skipped by clearing pfil_member or pfil_bridge. 2730 * 2731 * Keep the order: 2732 * in_if -> bridge_if -> out_if 2733 */ 2734 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2735 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2736 dir, NULL); 2737 2738 if (*mp == NULL || error != 0) /* filter may consume */ 2739 break; 2740 2741 if (pfil_member && ifp != NULL) 2742 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2743 dir, NULL); 2744 2745 if (*mp == NULL || error != 0) /* filter may consume */ 2746 break; 2747 2748 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2749 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2750 dir, NULL); 2751 2752 /* Restore ip and the fields ntohs()'d. */ 2753 if (*mp != NULL && error == 0) { 2754 ip = mtod(*mp, struct ip *); 2755 ip->ip_len = htons(ip->ip_len); 2756 ip->ip_off = htons(ip->ip_off); 2757 } 2758 2759 break; 2760 # ifdef INET6 2761 case ETHERTYPE_IPV6 : 2762 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2763 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2764 dir, NULL); 2765 2766 if (*mp == NULL || error != 0) /* filter may consume */ 2767 break; 2768 2769 if (pfil_member && ifp != NULL) 2770 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2771 dir, NULL); 2772 2773 if (*mp == NULL || error != 0) /* filter may consume */ 2774 break; 2775 2776 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2777 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2778 dir, NULL); 2779 break; 2780 # endif 2781 default : 2782 error = 0; 2783 break; 2784 } 2785 2786 if (*mp == NULL) 2787 return error; 2788 if (error != 0) 2789 goto bad; 2790 2791 error = -1; 2792 2793 /* 2794 * Finally, put everything back the way it was and return 2795 */ 2796 if (snap) { 2797 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2798 if (*mp == NULL) 2799 return error; 2800 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2801 } 2802 2803 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2804 if (*mp == NULL) 2805 return error; 2806 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2807 2808 return 0; 2809 2810 bad: 2811 m_freem(*mp); 2812 *mp = NULL; 2813 return error; 2814 } 2815 2816 /* 2817 * Perform basic checks on header size since 2818 * pfil assumes ip_input has already processed 2819 * it for it. Cut-and-pasted from ip_input.c. 2820 * Given how simple the IPv6 version is, 2821 * does the IPv4 version really need to be 2822 * this complicated? 2823 * 2824 * XXX Should we update ipstat here, or not? 2825 * XXX Right now we update ipstat but not 2826 * XXX csum_counter. 2827 */ 2828 static int 2829 bridge_ip_checkbasic(struct mbuf **mp) 2830 { 2831 struct mbuf *m = *mp; 2832 struct ip *ip; 2833 int len, hlen; 2834 u_short sum; 2835 2836 if (*mp == NULL) 2837 return -1; 2838 2839 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2840 if ((m = m_copyup(m, sizeof(struct ip), 2841 (max_linkhdr + 3) & ~3)) == NULL) { 2842 /* XXXJRT new stat, please */ 2843 ipstat.ips_toosmall++; 2844 goto bad; 2845 } 2846 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 2847 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2848 ipstat.ips_toosmall++; 2849 goto bad; 2850 } 2851 } 2852 ip = mtod(m, struct ip *); 2853 if (ip == NULL) goto bad; 2854 2855 if (ip->ip_v != IPVERSION) { 2856 ipstat.ips_badvers++; 2857 goto bad; 2858 } 2859 hlen = ip->ip_hl << 2; 2860 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2861 ipstat.ips_badhlen++; 2862 goto bad; 2863 } 2864 if (hlen > m->m_len) { 2865 if ((m = m_pullup(m, hlen)) == 0) { 2866 ipstat.ips_badhlen++; 2867 goto bad; 2868 } 2869 ip = mtod(m, struct ip *); 2870 if (ip == NULL) goto bad; 2871 } 2872 2873 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2874 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2875 } else { 2876 if (hlen == sizeof(struct ip)) { 2877 sum = in_cksum_hdr(ip); 2878 } else { 2879 sum = in_cksum(m, hlen); 2880 } 2881 } 2882 if (sum) { 2883 ipstat.ips_badsum++; 2884 goto bad; 2885 } 2886 2887 /* Retrieve the packet length. */ 2888 len = ntohs(ip->ip_len); 2889 2890 /* 2891 * Check for additional length bogosity 2892 */ 2893 if (len < hlen) { 2894 ipstat.ips_badlen++; 2895 goto bad; 2896 } 2897 2898 /* 2899 * Check that the amount of data in the buffers 2900 * is as at least much as the IP header would have us expect. 2901 * Drop packet if shorter than we expect. 2902 */ 2903 if (m->m_pkthdr.len < len) { 2904 ipstat.ips_tooshort++; 2905 goto bad; 2906 } 2907 2908 /* Checks out, proceed */ 2909 *mp = m; 2910 return 0; 2911 2912 bad: 2913 *mp = m; 2914 return -1; 2915 } 2916 2917 # ifdef INET6 2918 /* 2919 * Same as above, but for IPv6. 2920 * Cut-and-pasted from ip6_input.c. 2921 * XXX Should we update ip6stat, or not? 2922 */ 2923 static int 2924 bridge_ip6_checkbasic(struct mbuf **mp) 2925 { 2926 struct mbuf *m = *mp; 2927 struct ip6_hdr *ip6; 2928 2929 /* 2930 * If the IPv6 header is not aligned, slurp it up into a new 2931 * mbuf with space for link headers, in the event we forward 2932 * it. Otherwise, if it is aligned, make sure the entire base 2933 * IPv6 header is in the first mbuf of the chain. 2934 */ 2935 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2936 struct ifnet *inifp = m->m_pkthdr.rcvif; 2937 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2938 (max_linkhdr + 3) & ~3)) == NULL) { 2939 /* XXXJRT new stat, please */ 2940 ip6stat.ip6s_toosmall++; 2941 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2942 goto bad; 2943 } 2944 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2945 struct ifnet *inifp = m->m_pkthdr.rcvif; 2946 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2947 ip6stat.ip6s_toosmall++; 2948 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2949 goto bad; 2950 } 2951 } 2952 2953 ip6 = mtod(m, struct ip6_hdr *); 2954 2955 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2956 ip6stat.ip6s_badvers++; 2957 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2958 goto bad; 2959 } 2960 2961 /* Checks out, proceed */ 2962 *mp = m; 2963 return 0; 2964 2965 bad: 2966 *mp = m; 2967 return -1; 2968 } 2969 # endif /* INET6 */ 2970