1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/proc.h> 105 #include <sys/lock.h> 106 #include <sys/mutex.h> 107 108 #include <net/bpf.h> 109 #include <net/if.h> 110 #include <net/if_clone.h> 111 #include <net/if_dl.h> 112 #include <net/if_types.h> 113 #include <net/if_var.h> 114 #include <net/pfil.h> 115 116 #include <netinet/in.h> /* for struct arpcom */ 117 #include <netinet/in_systm.h> 118 #include <netinet/in_var.h> 119 #include <netinet/ip.h> 120 #include <netinet/ip_var.h> 121 #ifdef INET6 122 #include <netinet/ip6.h> 123 #include <netinet6/ip6_var.h> 124 #endif 125 #ifdef DEV_CARP 126 #include <netinet/ip_carp.h> 127 #endif 128 #include <machine/in_cksum.h> 129 #include <netinet/if_ether.h> /* for struct arpcom */ 130 #include <net/bridgestp.h> 131 #include <net/if_bridgevar.h> 132 #include <net/if_llc.h> 133 134 #include <net/route.h> 135 #include <netinet/ip_fw.h> 136 #include <netinet/ip_dummynet.h> 137 138 /* 139 * Size of the route hash table. Must be a power of two. 140 */ 141 #ifndef BRIDGE_RTHASH_SIZE 142 #define BRIDGE_RTHASH_SIZE 1024 143 #endif 144 145 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 146 147 /* 148 * Maximum number of addresses to cache. 149 */ 150 #ifndef BRIDGE_RTABLE_MAX 151 #define BRIDGE_RTABLE_MAX 100 152 #endif 153 154 /* 155 * Timeout (in seconds) for entries learned dynamically. 156 */ 157 #ifndef BRIDGE_RTABLE_TIMEOUT 158 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 159 #endif 160 161 /* 162 * Number of seconds between walks of the route list. 163 */ 164 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 165 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 166 #endif 167 168 /* 169 * List of capabilities to mask on the member interface. 170 */ 171 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 172 173 /* 174 * Bridge interface list entry. 175 */ 176 struct bridge_iflist { 177 LIST_ENTRY(bridge_iflist) bif_next; 178 struct ifnet *bif_ifp; /* member if */ 179 struct bstp_port bif_stp; /* STP state */ 180 uint32_t bif_flags; /* member if flags */ 181 int bif_mutecap; /* member muted caps */ 182 }; 183 184 /* 185 * Bridge route node. 186 */ 187 struct bridge_rtnode { 188 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 189 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 190 struct ifnet *brt_ifp; /* destination if */ 191 unsigned long brt_expire; /* expiration time */ 192 uint8_t brt_flags; /* address flags */ 193 uint8_t brt_addr[ETHER_ADDR_LEN]; 194 }; 195 196 /* 197 * Software state for each bridge. 198 */ 199 struct bridge_softc { 200 struct ifnet *sc_ifp; /* make this an interface */ 201 LIST_ENTRY(bridge_softc) sc_list; 202 struct mtx sc_mtx; 203 struct cv sc_cv; 204 uint32_t sc_brtmax; /* max # of addresses */ 205 uint32_t sc_brtcnt; /* cur. # of addresses */ 206 uint32_t sc_brttimeout; /* rt timeout in seconds */ 207 struct callout sc_brcallout; /* bridge callout */ 208 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 209 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 210 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 211 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 212 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 213 uint32_t sc_rthash_key; /* key for hash */ 214 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 215 struct bstp_state sc_stp; /* STP state */ 216 uint32_t sc_brtexceeded; /* # of cache drops */ 217 }; 218 219 static struct mtx bridge_list_mtx; 220 eventhandler_tag bridge_detach_cookie = NULL; 221 222 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 223 224 uma_zone_t bridge_rtnode_zone; 225 226 static int bridge_clone_create(struct if_clone *, int, caddr_t); 227 static void bridge_clone_destroy(struct ifnet *); 228 229 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 230 static void bridge_mutecaps(struct bridge_iflist *, int); 231 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 232 static void bridge_init(void *); 233 static void bridge_dummynet(struct mbuf *, struct ifnet *); 234 static void bridge_stop(struct ifnet *, int); 235 static void bridge_start(struct ifnet *); 236 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 237 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 238 struct rtentry *); 239 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 240 struct mbuf *); 241 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 242 243 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 244 245 static void bridge_timer(void *); 246 247 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 248 struct mbuf *, int); 249 static void bridge_span(struct bridge_softc *, struct mbuf *); 250 251 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 252 struct ifnet *, int, uint8_t); 253 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 254 static void bridge_rttrim(struct bridge_softc *); 255 static void bridge_rtage(struct bridge_softc *); 256 static void bridge_rtflush(struct bridge_softc *, int); 257 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 258 259 static int bridge_rtable_init(struct bridge_softc *); 260 static void bridge_rtable_fini(struct bridge_softc *); 261 262 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 263 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 264 const uint8_t *); 265 static int bridge_rtnode_insert(struct bridge_softc *, 266 struct bridge_rtnode *); 267 static void bridge_rtnode_destroy(struct bridge_softc *, 268 struct bridge_rtnode *); 269 static void bridge_state_change(struct ifnet *, int); 270 271 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 272 const char *name); 273 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 274 struct ifnet *ifp); 275 static void bridge_delete_member(struct bridge_softc *, 276 struct bridge_iflist *, int); 277 static void bridge_delete_span(struct bridge_softc *, 278 struct bridge_iflist *); 279 280 static int bridge_ioctl_add(struct bridge_softc *, void *); 281 static int bridge_ioctl_del(struct bridge_softc *, void *); 282 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 283 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 284 static int bridge_ioctl_scache(struct bridge_softc *, void *); 285 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 286 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 287 static int bridge_ioctl_rts(struct bridge_softc *, void *); 288 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 289 static int bridge_ioctl_sto(struct bridge_softc *, void *); 290 static int bridge_ioctl_gto(struct bridge_softc *, void *); 291 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 292 static int bridge_ioctl_flush(struct bridge_softc *, void *); 293 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 294 static int bridge_ioctl_spri(struct bridge_softc *, void *); 295 static int bridge_ioctl_ght(struct bridge_softc *, void *); 296 static int bridge_ioctl_sht(struct bridge_softc *, void *); 297 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 298 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 299 static int bridge_ioctl_gma(struct bridge_softc *, void *); 300 static int bridge_ioctl_sma(struct bridge_softc *, void *); 301 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 302 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 303 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 304 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 305 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 306 static int bridge_ioctl_grte(struct bridge_softc *, void *); 307 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 308 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 309 int); 310 static int bridge_ip_checkbasic(struct mbuf **mp); 311 #ifdef INET6 312 static int bridge_ip6_checkbasic(struct mbuf **mp); 313 #endif /* INET6 */ 314 static int bridge_fragment(struct ifnet *, struct mbuf *, 315 struct ether_header *, int, struct llc *); 316 317 SYSCTL_DECL(_net_link); 318 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 319 320 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 321 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 322 static int pfil_member = 1; /* run pfil hooks on the member interface */ 323 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 324 static int log_stp = 0; /* log STP state changes */ 325 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 326 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 327 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 328 &pfil_bridge, 0, "Packet filter on the bridge interface"); 329 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 330 &pfil_member, 0, "Packet filter on the member interface"); 331 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 332 &log_stp, 0, "Log STP state changes"); 333 334 struct bridge_control { 335 int (*bc_func)(struct bridge_softc *, void *); 336 int bc_argsize; 337 int bc_flags; 338 }; 339 340 #define BC_F_COPYIN 0x01 /* copy arguments in */ 341 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 342 #define BC_F_SUSER 0x04 /* do super-user check */ 343 344 const struct bridge_control bridge_control_table[] = { 345 { bridge_ioctl_add, sizeof(struct ifbreq), 346 BC_F_COPYIN|BC_F_SUSER }, 347 { bridge_ioctl_del, sizeof(struct ifbreq), 348 BC_F_COPYIN|BC_F_SUSER }, 349 350 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 351 BC_F_COPYIN|BC_F_COPYOUT }, 352 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 353 BC_F_COPYIN|BC_F_SUSER }, 354 355 { bridge_ioctl_scache, sizeof(struct ifbrparam), 356 BC_F_COPYIN|BC_F_SUSER }, 357 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 358 BC_F_COPYOUT }, 359 360 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 361 BC_F_COPYIN|BC_F_COPYOUT }, 362 { bridge_ioctl_rts, sizeof(struct ifbaconf), 363 BC_F_COPYIN|BC_F_COPYOUT }, 364 365 { bridge_ioctl_saddr, sizeof(struct ifbareq), 366 BC_F_COPYIN|BC_F_SUSER }, 367 368 { bridge_ioctl_sto, sizeof(struct ifbrparam), 369 BC_F_COPYIN|BC_F_SUSER }, 370 { bridge_ioctl_gto, sizeof(struct ifbrparam), 371 BC_F_COPYOUT }, 372 373 { bridge_ioctl_daddr, sizeof(struct ifbareq), 374 BC_F_COPYIN|BC_F_SUSER }, 375 376 { bridge_ioctl_flush, sizeof(struct ifbreq), 377 BC_F_COPYIN|BC_F_SUSER }, 378 379 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 380 BC_F_COPYOUT }, 381 { bridge_ioctl_spri, sizeof(struct ifbrparam), 382 BC_F_COPYIN|BC_F_SUSER }, 383 384 { bridge_ioctl_ght, sizeof(struct ifbrparam), 385 BC_F_COPYOUT }, 386 { bridge_ioctl_sht, sizeof(struct ifbrparam), 387 BC_F_COPYIN|BC_F_SUSER }, 388 389 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 390 BC_F_COPYOUT }, 391 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 392 BC_F_COPYIN|BC_F_SUSER }, 393 394 { bridge_ioctl_gma, sizeof(struct ifbrparam), 395 BC_F_COPYOUT }, 396 { bridge_ioctl_sma, sizeof(struct ifbrparam), 397 BC_F_COPYIN|BC_F_SUSER }, 398 399 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 400 BC_F_COPYIN|BC_F_SUSER }, 401 402 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 403 BC_F_COPYIN|BC_F_SUSER }, 404 405 { bridge_ioctl_addspan, sizeof(struct ifbreq), 406 BC_F_COPYIN|BC_F_SUSER }, 407 { bridge_ioctl_delspan, sizeof(struct ifbreq), 408 BC_F_COPYIN|BC_F_SUSER }, 409 410 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 411 BC_F_COPYOUT }, 412 413 { bridge_ioctl_grte, sizeof(struct ifbrparam), 414 BC_F_COPYOUT }, 415 416 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 417 BC_F_COPYOUT }, 418 }; 419 const int bridge_control_table_size = 420 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 421 422 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 423 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 424 425 LIST_HEAD(, bridge_softc) bridge_list; 426 427 IFC_SIMPLE_DECLARE(bridge, 0); 428 429 static int 430 bridge_modevent(module_t mod, int type, void *data) 431 { 432 433 switch (type) { 434 case MOD_LOAD: 435 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 436 if_clone_attach(&bridge_cloner); 437 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 438 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 439 UMA_ALIGN_PTR, 0); 440 LIST_INIT(&bridge_list); 441 bridge_input_p = bridge_input; 442 bridge_output_p = bridge_output; 443 bridge_dn_p = bridge_dummynet; 444 bstp_linkstate_p = bstp_linkstate; 445 bridge_detach_cookie = EVENTHANDLER_REGISTER( 446 ifnet_departure_event, bridge_ifdetach, NULL, 447 EVENTHANDLER_PRI_ANY); 448 break; 449 case MOD_UNLOAD: 450 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 451 bridge_detach_cookie); 452 if_clone_detach(&bridge_cloner); 453 uma_zdestroy(bridge_rtnode_zone); 454 bridge_input_p = NULL; 455 bridge_output_p = NULL; 456 bridge_dn_p = NULL; 457 bstp_linkstate_p = NULL; 458 mtx_destroy(&bridge_list_mtx); 459 break; 460 default: 461 return (EOPNOTSUPP); 462 } 463 return (0); 464 } 465 466 static moduledata_t bridge_mod = { 467 "if_bridge", 468 bridge_modevent, 469 0 470 }; 471 472 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 473 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 474 475 /* 476 * handler for net.link.bridge.pfil_ipfw 477 */ 478 static int 479 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 480 { 481 int enable = pfil_ipfw; 482 int error; 483 484 error = sysctl_handle_int(oidp, &enable, 0, req); 485 enable = (enable) ? 1 : 0; 486 487 if (enable != pfil_ipfw) { 488 pfil_ipfw = enable; 489 490 /* 491 * Disable pfil so that ipfw doesnt run twice, if the user 492 * really wants both then they can re-enable pfil_bridge and/or 493 * pfil_member. Also allow non-ip packets as ipfw can filter by 494 * layer2 type. 495 */ 496 if (pfil_ipfw) { 497 pfil_onlyip = 0; 498 pfil_bridge = 0; 499 pfil_member = 0; 500 } 501 } 502 503 return (error); 504 } 505 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 506 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 507 508 /* 509 * bridge_clone_create: 510 * 511 * Create a new bridge instance. 512 */ 513 static int 514 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 515 { 516 struct bridge_softc *sc, *sc2; 517 struct ifnet *bifp, *ifp; 518 u_char eaddr[6]; 519 int retry; 520 521 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 522 BRIDGE_LOCK_INIT(sc); 523 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 524 if (ifp == NULL) { 525 free(sc, M_DEVBUF); 526 return (ENOSPC); 527 } 528 529 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 530 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 531 getmicrotime(&(sc->sc_stp.bs_last_tc_time)); 532 533 /* Initialize our routing table. */ 534 bridge_rtable_init(sc); 535 536 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 537 538 LIST_INIT(&sc->sc_iflist); 539 LIST_INIT(&sc->sc_spanlist); 540 541 ifp->if_softc = sc; 542 if_initname(ifp, ifc->ifc_name, unit); 543 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 544 ifp->if_ioctl = bridge_ioctl; 545 ifp->if_start = bridge_start; 546 ifp->if_init = bridge_init; 547 ifp->if_type = IFT_BRIDGE; 548 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 549 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 550 IFQ_SET_READY(&ifp->if_snd); 551 552 /* 553 * Generate a random ethernet address with a locally administered 554 * address. 555 * 556 * Since we are using random ethernet addresses for the bridge, it is 557 * possible that we might have address collisions, so make sure that 558 * this hardware address isn't already in use on another bridge. 559 */ 560 for (retry = 1; retry != 0;) { 561 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 562 eaddr[0] &= ~1; /* clear multicast bit */ 563 eaddr[0] |= 2; /* set the LAA bit */ 564 retry = 0; 565 mtx_lock(&bridge_list_mtx); 566 LIST_FOREACH(sc2, &bridge_list, sc_list) { 567 bifp = sc2->sc_ifp; 568 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 569 retry = 1; 570 } 571 mtx_unlock(&bridge_list_mtx); 572 } 573 574 bstp_attach(&sc->sc_stp, bridge_state_change); 575 ether_ifattach(ifp, eaddr); 576 /* Now undo some of the damage... */ 577 ifp->if_baudrate = 0; 578 ifp->if_type = IFT_BRIDGE; 579 580 mtx_lock(&bridge_list_mtx); 581 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 582 mtx_unlock(&bridge_list_mtx); 583 584 return (0); 585 } 586 587 /* 588 * bridge_clone_destroy: 589 * 590 * Destroy a bridge instance. 591 */ 592 static void 593 bridge_clone_destroy(struct ifnet *ifp) 594 { 595 struct bridge_softc *sc = ifp->if_softc; 596 struct bridge_iflist *bif; 597 598 BRIDGE_LOCK(sc); 599 600 bridge_stop(ifp, 1); 601 ifp->if_flags &= ~IFF_UP; 602 603 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 604 bridge_delete_member(sc, bif, 0); 605 606 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 607 bridge_delete_span(sc, bif); 608 } 609 610 BRIDGE_UNLOCK(sc); 611 612 callout_drain(&sc->sc_brcallout); 613 614 mtx_lock(&bridge_list_mtx); 615 LIST_REMOVE(sc, sc_list); 616 mtx_unlock(&bridge_list_mtx); 617 618 bstp_detach(&sc->sc_stp); 619 ether_ifdetach(ifp); 620 if_free_type(ifp, IFT_ETHER); 621 622 /* Tear down the routing table. */ 623 bridge_rtable_fini(sc); 624 625 BRIDGE_LOCK_DESTROY(sc); 626 free(sc, M_DEVBUF); 627 } 628 629 /* 630 * bridge_ioctl: 631 * 632 * Handle a control request from the operator. 633 */ 634 static int 635 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 636 { 637 struct bridge_softc *sc = ifp->if_softc; 638 struct thread *td = curthread; 639 union { 640 struct ifbreq ifbreq; 641 struct ifbifconf ifbifconf; 642 struct ifbareq ifbareq; 643 struct ifbaconf ifbaconf; 644 struct ifbrparam ifbrparam; 645 } args; 646 struct ifdrv *ifd = (struct ifdrv *) data; 647 const struct bridge_control *bc; 648 int error = 0; 649 650 BRIDGE_LOCK(sc); 651 652 switch (cmd) { 653 654 case SIOCADDMULTI: 655 case SIOCDELMULTI: 656 break; 657 658 case SIOCGDRVSPEC: 659 case SIOCSDRVSPEC: 660 if (ifd->ifd_cmd >= bridge_control_table_size) { 661 error = EINVAL; 662 break; 663 } 664 bc = &bridge_control_table[ifd->ifd_cmd]; 665 666 if (cmd == SIOCGDRVSPEC && 667 (bc->bc_flags & BC_F_COPYOUT) == 0) { 668 error = EINVAL; 669 break; 670 } 671 else if (cmd == SIOCSDRVSPEC && 672 (bc->bc_flags & BC_F_COPYOUT) != 0) { 673 error = EINVAL; 674 break; 675 } 676 677 if (bc->bc_flags & BC_F_SUSER) { 678 error = suser(td); 679 if (error) 680 break; 681 } 682 683 if (ifd->ifd_len != bc->bc_argsize || 684 ifd->ifd_len > sizeof(args)) { 685 error = EINVAL; 686 break; 687 } 688 689 bzero(&args, sizeof(args)); 690 if (bc->bc_flags & BC_F_COPYIN) { 691 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 692 if (error) 693 break; 694 } 695 696 error = (*bc->bc_func)(sc, &args); 697 if (error) 698 break; 699 700 if (bc->bc_flags & BC_F_COPYOUT) 701 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 702 703 break; 704 705 case SIOCSIFFLAGS: 706 if (!(ifp->if_flags & IFF_UP) && 707 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 708 /* 709 * If interface is marked down and it is running, 710 * then stop and disable it. 711 */ 712 bridge_stop(ifp, 1); 713 } else if ((ifp->if_flags & IFF_UP) && 714 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 715 /* 716 * If interface is marked up and it is stopped, then 717 * start it. 718 */ 719 BRIDGE_UNLOCK(sc); 720 (*ifp->if_init)(sc); 721 } 722 break; 723 724 case SIOCSIFMTU: 725 /* Do not allow the MTU to be changed on the bridge */ 726 error = EINVAL; 727 break; 728 729 default: 730 /* 731 * drop the lock as ether_ioctl() will call bridge_start() and 732 * cause the lock to be recursed. 733 */ 734 BRIDGE_UNLOCK(sc); 735 error = ether_ioctl(ifp, cmd, data); 736 break; 737 } 738 739 if (BRIDGE_LOCKED(sc)) 740 BRIDGE_UNLOCK(sc); 741 742 return (error); 743 } 744 745 /* 746 * bridge_mutecaps: 747 * 748 * Clear or restore unwanted capabilities on the member interface 749 */ 750 static void 751 bridge_mutecaps(struct bridge_iflist *bif, int mute) 752 { 753 struct ifnet *ifp = bif->bif_ifp; 754 struct ifreq ifr; 755 int error; 756 757 if (ifp->if_ioctl == NULL) 758 return; 759 760 bzero(&ifr, sizeof(ifr)); 761 ifr.ifr_reqcap = ifp->if_capenable; 762 763 if (mute) { 764 /* mask off and save capabilities */ 765 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 766 if (bif->bif_mutecap != 0) 767 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 768 } else 769 /* restore muted capabilities */ 770 ifr.ifr_reqcap |= bif->bif_mutecap; 771 772 773 if (bif->bif_mutecap != 0) { 774 IFF_LOCKGIANT(ifp); 775 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 776 IFF_UNLOCKGIANT(ifp); 777 } 778 } 779 780 /* 781 * bridge_lookup_member: 782 * 783 * Lookup a bridge member interface. 784 */ 785 static struct bridge_iflist * 786 bridge_lookup_member(struct bridge_softc *sc, const char *name) 787 { 788 struct bridge_iflist *bif; 789 struct ifnet *ifp; 790 791 BRIDGE_LOCK_ASSERT(sc); 792 793 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 794 ifp = bif->bif_ifp; 795 if (strcmp(ifp->if_xname, name) == 0) 796 return (bif); 797 } 798 799 return (NULL); 800 } 801 802 /* 803 * bridge_lookup_member_if: 804 * 805 * Lookup a bridge member interface by ifnet*. 806 */ 807 static struct bridge_iflist * 808 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 809 { 810 struct bridge_iflist *bif; 811 812 BRIDGE_LOCK_ASSERT(sc); 813 814 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 815 if (bif->bif_ifp == member_ifp) 816 return (bif); 817 } 818 819 return (NULL); 820 } 821 822 /* 823 * bridge_delete_member: 824 * 825 * Delete the specified member interface. 826 */ 827 static void 828 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 829 int gone) 830 { 831 struct ifnet *ifs = bif->bif_ifp; 832 833 BRIDGE_LOCK_ASSERT(sc); 834 835 if (!gone) { 836 switch (ifs->if_type) { 837 case IFT_ETHER: 838 case IFT_L2VLAN: 839 /* 840 * Take the interface out of promiscuous mode. 841 */ 842 (void) ifpromisc(ifs, 0); 843 bridge_mutecaps(bif, 0); 844 break; 845 846 case IFT_GIF: 847 break; 848 849 default: 850 #ifdef DIAGNOSTIC 851 panic("bridge_delete_member: impossible"); 852 #endif 853 break; 854 } 855 } 856 857 if (bif->bif_flags & IFBIF_STP) 858 bstp_delete(&bif->bif_stp); 859 860 ifs->if_bridge = NULL; 861 BRIDGE_XLOCK(sc); 862 LIST_REMOVE(bif, bif_next); 863 BRIDGE_XDROP(sc); 864 865 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 866 867 BRIDGE_UNLOCK(sc); 868 bstp_drain(&bif->bif_stp); /* prepare to free */ 869 BRIDGE_LOCK(sc); 870 free(bif, M_DEVBUF); 871 } 872 873 /* 874 * bridge_delete_span: 875 * 876 * Delete the specified span interface. 877 */ 878 static void 879 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 880 { 881 BRIDGE_LOCK_ASSERT(sc); 882 883 KASSERT(bif->bif_ifp->if_bridge == NULL, 884 ("%s: not a span interface", __func__)); 885 886 LIST_REMOVE(bif, bif_next); 887 free(bif, M_DEVBUF); 888 } 889 890 static int 891 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 892 { 893 struct ifbreq *req = arg; 894 struct bridge_iflist *bif = NULL; 895 struct ifnet *ifs; 896 int error = 0; 897 898 BRIDGE_LOCK_ASSERT(sc); 899 900 ifs = ifunit(req->ifbr_ifsname); 901 if (ifs == NULL) 902 return (ENOENT); 903 904 /* If it's in the span list, it can't be a member. */ 905 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 906 if (ifs == bif->bif_ifp) 907 return (EBUSY); 908 909 /* Allow the first Ethernet member to define the MTU */ 910 if (ifs->if_type != IFT_GIF) { 911 if (LIST_EMPTY(&sc->sc_iflist)) 912 sc->sc_ifp->if_mtu = ifs->if_mtu; 913 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 914 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 915 ifs->if_xname); 916 return (EINVAL); 917 } 918 } 919 920 if (ifs->if_bridge == sc) 921 return (EEXIST); 922 923 if (ifs->if_bridge != NULL) 924 return (EBUSY); 925 926 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 927 if (bif == NULL) 928 return (ENOMEM); 929 930 bif->bif_ifp = ifs; 931 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 932 933 switch (ifs->if_type) { 934 case IFT_ETHER: 935 case IFT_L2VLAN: 936 /* 937 * Place the interface into promiscuous mode. 938 */ 939 error = ifpromisc(ifs, 1); 940 if (error) 941 goto out; 942 943 bridge_mutecaps(bif, 1); 944 break; 945 946 case IFT_GIF: 947 break; 948 949 default: 950 error = EINVAL; 951 goto out; 952 } 953 954 ifs->if_bridge = sc; 955 /* 956 * XXX: XLOCK HERE!?! 957 * 958 * NOTE: insert_***HEAD*** should be safe for the traversals. 959 */ 960 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 961 962 out: 963 if (error) { 964 if (bif != NULL) 965 free(bif, M_DEVBUF); 966 } 967 return (error); 968 } 969 970 static int 971 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 972 { 973 struct ifbreq *req = arg; 974 struct bridge_iflist *bif; 975 976 BRIDGE_LOCK_ASSERT(sc); 977 978 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 979 if (bif == NULL) 980 return (ENOENT); 981 982 bridge_delete_member(sc, bif, 0); 983 984 return (0); 985 } 986 987 static int 988 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 989 { 990 struct ifbreq *req = arg; 991 struct bridge_iflist *bif; 992 993 BRIDGE_LOCK_ASSERT(sc); 994 995 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 996 if (bif == NULL) 997 return (ENOENT); 998 999 req->ifbr_ifsflags = bif->bif_flags; 1000 req->ifbr_state = bif->bif_stp.bp_state; 1001 req->ifbr_priority = bif->bif_stp.bp_priority; 1002 req->ifbr_path_cost = bif->bif_stp.bp_path_cost; 1003 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1004 1005 return (0); 1006 } 1007 1008 static int 1009 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1010 { 1011 struct ifbreq *req = arg; 1012 struct bridge_iflist *bif; 1013 int error; 1014 1015 BRIDGE_LOCK_ASSERT(sc); 1016 1017 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1018 if (bif == NULL) 1019 return (ENOENT); 1020 1021 if (req->ifbr_ifsflags & IFBIF_SPAN) 1022 /* SPAN is readonly */ 1023 return (EINVAL); 1024 1025 if (req->ifbr_ifsflags & IFBIF_STP) { 1026 if ((bif->bif_flags & IFBIF_STP) == 0) { 1027 error = bstp_add(&sc->sc_stp, &bif->bif_stp, 1028 bif->bif_ifp); 1029 if (error) 1030 return (error); 1031 } 1032 } else { 1033 if ((bif->bif_flags & IFBIF_STP) != 0) 1034 bstp_delete(&bif->bif_stp); 1035 } 1036 1037 bif->bif_flags = req->ifbr_ifsflags; 1038 1039 return (0); 1040 } 1041 1042 static int 1043 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1044 { 1045 struct ifbrparam *param = arg; 1046 1047 BRIDGE_LOCK_ASSERT(sc); 1048 1049 sc->sc_brtmax = param->ifbrp_csize; 1050 bridge_rttrim(sc); 1051 1052 return (0); 1053 } 1054 1055 static int 1056 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1057 { 1058 struct ifbrparam *param = arg; 1059 1060 BRIDGE_LOCK_ASSERT(sc); 1061 1062 param->ifbrp_csize = sc->sc_brtmax; 1063 1064 return (0); 1065 } 1066 1067 static int 1068 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1069 { 1070 struct ifbifconf *bifc = arg; 1071 struct bridge_iflist *bif; 1072 struct ifbreq breq; 1073 int count, len, error = 0; 1074 1075 BRIDGE_LOCK_ASSERT(sc); 1076 1077 count = 0; 1078 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1079 count++; 1080 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1081 count++; 1082 1083 if (bifc->ifbic_len == 0) { 1084 bifc->ifbic_len = sizeof(breq) * count; 1085 return (0); 1086 } 1087 1088 count = 0; 1089 len = bifc->ifbic_len; 1090 bzero(&breq, sizeof(breq)); 1091 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1092 if (len < sizeof(breq)) 1093 break; 1094 1095 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1096 sizeof(breq.ifbr_ifsname)); 1097 breq.ifbr_ifsflags = bif->bif_flags; 1098 breq.ifbr_state = bif->bif_stp.bp_state; 1099 breq.ifbr_priority = bif->bif_stp.bp_priority; 1100 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost; 1101 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1102 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1103 if (error) 1104 break; 1105 count++; 1106 len -= sizeof(breq); 1107 } 1108 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1109 if (len < sizeof(breq)) 1110 break; 1111 1112 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1113 sizeof(breq.ifbr_ifsname)); 1114 breq.ifbr_ifsflags = bif->bif_flags; 1115 breq.ifbr_state = bif->bif_stp.bp_state; 1116 breq.ifbr_priority = bif->bif_stp.bp_priority; 1117 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost; 1118 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1119 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1120 if (error) 1121 break; 1122 count++; 1123 len -= sizeof(breq); 1124 } 1125 1126 bifc->ifbic_len = sizeof(breq) * count; 1127 return (error); 1128 } 1129 1130 static int 1131 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1132 { 1133 struct ifbaconf *bac = arg; 1134 struct bridge_rtnode *brt; 1135 struct ifbareq bareq; 1136 int count = 0, error = 0, len; 1137 1138 BRIDGE_LOCK_ASSERT(sc); 1139 1140 if (bac->ifbac_len == 0) 1141 return (0); 1142 1143 len = bac->ifbac_len; 1144 bzero(&bareq, sizeof(bareq)); 1145 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1146 if (len < sizeof(bareq)) 1147 goto out; 1148 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1149 sizeof(bareq.ifba_ifsname)); 1150 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1151 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1152 time_uptime < brt->brt_expire) 1153 bareq.ifba_expire = brt->brt_expire - time_uptime; 1154 else 1155 bareq.ifba_expire = 0; 1156 bareq.ifba_flags = brt->brt_flags; 1157 1158 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1159 if (error) 1160 goto out; 1161 count++; 1162 len -= sizeof(bareq); 1163 } 1164 out: 1165 bac->ifbac_len = sizeof(bareq) * count; 1166 return (error); 1167 } 1168 1169 static int 1170 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1171 { 1172 struct ifbareq *req = arg; 1173 struct bridge_iflist *bif; 1174 int error; 1175 1176 BRIDGE_LOCK_ASSERT(sc); 1177 1178 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1179 if (bif == NULL) 1180 return (ENOENT); 1181 1182 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1183 req->ifba_flags); 1184 1185 return (error); 1186 } 1187 1188 static int 1189 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1190 { 1191 struct ifbrparam *param = arg; 1192 1193 BRIDGE_LOCK_ASSERT(sc); 1194 1195 sc->sc_brttimeout = param->ifbrp_ctime; 1196 1197 return (0); 1198 } 1199 1200 static int 1201 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1202 { 1203 struct ifbrparam *param = arg; 1204 1205 BRIDGE_LOCK_ASSERT(sc); 1206 1207 param->ifbrp_ctime = sc->sc_brttimeout; 1208 1209 return (0); 1210 } 1211 1212 static int 1213 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1214 { 1215 struct ifbareq *req = arg; 1216 1217 BRIDGE_LOCK_ASSERT(sc); 1218 1219 return (bridge_rtdaddr(sc, req->ifba_dst)); 1220 } 1221 1222 static int 1223 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1224 { 1225 struct ifbreq *req = arg; 1226 1227 BRIDGE_LOCK_ASSERT(sc); 1228 1229 bridge_rtflush(sc, req->ifbr_ifsflags); 1230 1231 return (0); 1232 } 1233 1234 static int 1235 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1236 { 1237 struct ifbrparam *param = arg; 1238 struct bstp_state *bs = &sc->sc_stp; 1239 1240 BRIDGE_LOCK_ASSERT(sc); 1241 1242 param->ifbrp_prio = bs->bs_bridge_priority; 1243 1244 return (0); 1245 } 1246 1247 static int 1248 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1249 { 1250 struct ifbrparam *param = arg; 1251 struct bstp_state *bs = &sc->sc_stp; 1252 1253 BRIDGE_LOCK_ASSERT(sc); 1254 1255 bs->bs_bridge_priority = param->ifbrp_prio; 1256 bstp_reinit(bs); 1257 1258 return (0); 1259 } 1260 1261 static int 1262 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1263 { 1264 struct ifbrparam *param = arg; 1265 struct bstp_state *bs = &sc->sc_stp; 1266 1267 BRIDGE_LOCK_ASSERT(sc); 1268 1269 param->ifbrp_hellotime = bs->bs_bridge_hello_time >> 8; 1270 1271 return (0); 1272 } 1273 1274 static int 1275 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1276 { 1277 struct ifbrparam *param = arg; 1278 struct bstp_state *bs = &sc->sc_stp; 1279 1280 BRIDGE_LOCK_ASSERT(sc); 1281 1282 if (param->ifbrp_hellotime == 0) 1283 return (EINVAL); 1284 bs->bs_bridge_hello_time = param->ifbrp_hellotime << 8; 1285 bstp_reinit(bs); 1286 1287 return (0); 1288 } 1289 1290 static int 1291 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1292 { 1293 struct ifbrparam *param = arg; 1294 struct bstp_state *bs = &sc->sc_stp; 1295 1296 BRIDGE_LOCK_ASSERT(sc); 1297 1298 param->ifbrp_fwddelay = bs->bs_bridge_forward_delay >> 8; 1299 1300 return (0); 1301 } 1302 1303 static int 1304 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1305 { 1306 struct ifbrparam *param = arg; 1307 struct bstp_state *bs = &sc->sc_stp; 1308 1309 BRIDGE_LOCK_ASSERT(sc); 1310 1311 if (param->ifbrp_fwddelay == 0) 1312 return (EINVAL); 1313 bs->bs_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1314 bstp_reinit(bs); 1315 1316 return (0); 1317 } 1318 1319 static int 1320 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1321 { 1322 struct ifbrparam *param = arg; 1323 struct bstp_state *bs = &sc->sc_stp; 1324 1325 BRIDGE_LOCK_ASSERT(sc); 1326 1327 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1328 1329 return (0); 1330 } 1331 1332 static int 1333 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1334 { 1335 struct ifbrparam *param = arg; 1336 struct bstp_state *bs = &sc->sc_stp; 1337 1338 BRIDGE_LOCK_ASSERT(sc); 1339 1340 if (param->ifbrp_maxage == 0) 1341 return (EINVAL); 1342 bs->bs_bridge_max_age = param->ifbrp_maxage << 8; 1343 bstp_reinit(bs); 1344 1345 return (0); 1346 } 1347 1348 static int 1349 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1350 { 1351 struct ifbreq *req = arg; 1352 struct bridge_iflist *bif; 1353 1354 BRIDGE_LOCK_ASSERT(sc); 1355 1356 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1357 if (bif == NULL) 1358 return (ENOENT); 1359 1360 bif->bif_stp.bp_priority = req->ifbr_priority; 1361 bstp_reinit(&sc->sc_stp); 1362 1363 return (0); 1364 } 1365 1366 static int 1367 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1368 { 1369 struct ifbreq *req = arg; 1370 struct bridge_iflist *bif; 1371 1372 BRIDGE_LOCK_ASSERT(sc); 1373 1374 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1375 if (bif == NULL) 1376 return (ENOENT); 1377 1378 bif->bif_stp.bp_path_cost = req->ifbr_path_cost; 1379 bstp_reinit(&sc->sc_stp); 1380 1381 return (0); 1382 } 1383 1384 static int 1385 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1386 { 1387 struct ifbreq *req = arg; 1388 struct bridge_iflist *bif = NULL; 1389 struct ifnet *ifs; 1390 1391 BRIDGE_LOCK_ASSERT(sc); 1392 1393 ifs = ifunit(req->ifbr_ifsname); 1394 if (ifs == NULL) 1395 return (ENOENT); 1396 1397 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1398 if (ifs == bif->bif_ifp) 1399 return (EBUSY); 1400 1401 if (ifs->if_bridge != NULL) 1402 return (EBUSY); 1403 1404 switch (ifs->if_type) { 1405 case IFT_ETHER: 1406 case IFT_GIF: 1407 case IFT_L2VLAN: 1408 break; 1409 default: 1410 return (EINVAL); 1411 } 1412 1413 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1414 if (bif == NULL) 1415 return (ENOMEM); 1416 1417 bif->bif_ifp = ifs; 1418 bif->bif_flags = IFBIF_SPAN; 1419 1420 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1421 1422 return (0); 1423 } 1424 1425 static int 1426 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1427 { 1428 struct ifbreq *req = arg; 1429 struct bridge_iflist *bif; 1430 struct ifnet *ifs; 1431 1432 BRIDGE_LOCK_ASSERT(sc); 1433 1434 ifs = ifunit(req->ifbr_ifsname); 1435 if (ifs == NULL) 1436 return (ENOENT); 1437 1438 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1439 if (ifs == bif->bif_ifp) 1440 break; 1441 1442 if (bif == NULL) 1443 return (ENOENT); 1444 1445 bridge_delete_span(sc, bif); 1446 1447 return (0); 1448 } 1449 1450 static int 1451 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1452 { 1453 struct ifbropreq *req = arg; 1454 struct bstp_port *root_port; 1455 1456 BRIDGE_LOCK_ASSERT(sc); 1457 1458 req->ifbop_maxage = sc->sc_stp.bs_max_age; 1459 req->ifbop_hellotime = sc->sc_stp.bs_hello_time; 1460 req->ifbop_fwddelay = sc->sc_stp.bs_forward_delay; 1461 1462 root_port = sc->sc_stp.bs_root_port; 1463 if (root_port == NULL) 1464 req->ifbop_root_port = 0; 1465 else 1466 req->ifbop_root_port = root_port->bp_ifp->if_index; 1467 1468 req->ifbop_root_path_cost = sc->sc_stp.bs_root_path_cost; 1469 req->ifbop_designated_root = sc->sc_stp.bs_designated_root; 1470 req->ifbop_last_tc_time.tv_sec = sc->sc_stp.bs_last_tc_time.tv_sec; 1471 req->ifbop_last_tc_time.tv_usec = sc->sc_stp.bs_last_tc_time.tv_usec; 1472 1473 return (0); 1474 } 1475 1476 static int 1477 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1478 { 1479 struct ifbrparam *param = arg; 1480 1481 BRIDGE_LOCK_ASSERT(sc); 1482 1483 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1484 1485 return (0); 1486 } 1487 1488 static int 1489 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1490 { 1491 struct ifbpstpconf *bifstp = arg; 1492 struct bridge_iflist *bif; 1493 struct ifbpstpreq bpreq; 1494 int count, len, error = 0; 1495 1496 BRIDGE_LOCK_ASSERT(sc); 1497 1498 count = 0; 1499 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1500 if ((bif->bif_flags & IFBIF_STP) != 0) 1501 count++; 1502 } 1503 1504 if (bifstp->ifbpstp_len == 0) { 1505 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1506 return (0); 1507 } 1508 1509 count = 0; 1510 len = bifstp->ifbpstp_len; 1511 bzero(&bpreq, sizeof(bpreq)); 1512 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1513 if (len < sizeof(bpreq)) 1514 break; 1515 1516 if ((bif->bif_flags & IFBIF_STP) == 0) 1517 continue; 1518 1519 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xff; 1520 bpreq.ifbp_fwd_trans = bif->bif_stp.bp_forward_transitions; 1521 bpreq.ifbp_design_cost = bif->bif_stp.bp_designated_cost; 1522 bpreq.ifbp_design_port = bif->bif_stp.bp_designated_port; 1523 bpreq.ifbp_design_bridge = bif->bif_stp.bp_designated_bridge; 1524 bpreq.ifbp_design_root = bif->bif_stp.bp_designated_root; 1525 1526 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1527 sizeof(bpreq)); 1528 if (error != 0) 1529 break; 1530 1531 count++; 1532 len -= sizeof(bpreq); 1533 } 1534 1535 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1536 return (error); 1537 } 1538 1539 /* 1540 * bridge_ifdetach: 1541 * 1542 * Detach an interface from a bridge. Called when a member 1543 * interface is detaching. 1544 */ 1545 static void 1546 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1547 { 1548 struct bridge_softc *sc = ifp->if_bridge; 1549 struct bridge_iflist *bif; 1550 1551 /* Check if the interface is a bridge member */ 1552 if (sc != NULL) { 1553 BRIDGE_LOCK(sc); 1554 1555 bif = bridge_lookup_member_if(sc, ifp); 1556 if (bif != NULL) 1557 bridge_delete_member(sc, bif, 1); 1558 1559 BRIDGE_UNLOCK(sc); 1560 return; 1561 } 1562 1563 /* Check if the interface is a span port */ 1564 mtx_lock(&bridge_list_mtx); 1565 LIST_FOREACH(sc, &bridge_list, sc_list) { 1566 BRIDGE_LOCK(sc); 1567 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1568 if (ifp == bif->bif_ifp) { 1569 bridge_delete_span(sc, bif); 1570 break; 1571 } 1572 1573 BRIDGE_UNLOCK(sc); 1574 } 1575 mtx_unlock(&bridge_list_mtx); 1576 } 1577 1578 /* 1579 * bridge_init: 1580 * 1581 * Initialize a bridge interface. 1582 */ 1583 static void 1584 bridge_init(void *xsc) 1585 { 1586 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1587 struct ifnet *ifp = sc->sc_ifp; 1588 1589 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1590 return; 1591 1592 BRIDGE_LOCK(sc); 1593 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1594 bridge_timer, sc); 1595 1596 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1597 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1598 1599 BRIDGE_UNLOCK(sc); 1600 } 1601 1602 /* 1603 * bridge_stop: 1604 * 1605 * Stop the bridge interface. 1606 */ 1607 static void 1608 bridge_stop(struct ifnet *ifp, int disable) 1609 { 1610 struct bridge_softc *sc = ifp->if_softc; 1611 1612 BRIDGE_LOCK_ASSERT(sc); 1613 1614 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1615 return; 1616 1617 callout_stop(&sc->sc_brcallout); 1618 bstp_stop(&sc->sc_stp); 1619 1620 bridge_rtflush(sc, IFBF_FLUSHDYN); 1621 1622 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1623 } 1624 1625 /* 1626 * bridge_enqueue: 1627 * 1628 * Enqueue a packet on a bridge member interface. 1629 * 1630 */ 1631 static void 1632 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1633 { 1634 int len, err = 0; 1635 short mflags; 1636 struct mbuf *m0; 1637 1638 len = m->m_pkthdr.len; 1639 mflags = m->m_flags; 1640 1641 /* We may be sending a fragment so traverse the mbuf */ 1642 for (; m; m = m0) { 1643 m0 = m->m_nextpkt; 1644 m->m_nextpkt = NULL; 1645 1646 if (err == 0) 1647 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1648 } 1649 1650 if (err == 0) { 1651 1652 sc->sc_ifp->if_opackets++; 1653 sc->sc_ifp->if_obytes += len; 1654 1655 dst_ifp->if_obytes += len; 1656 1657 if (mflags & M_MCAST) { 1658 sc->sc_ifp->if_omcasts++; 1659 dst_ifp->if_omcasts++; 1660 } 1661 } 1662 1663 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1664 (*dst_ifp->if_start)(dst_ifp); 1665 } 1666 1667 /* 1668 * bridge_dummynet: 1669 * 1670 * Receive a queued packet from dummynet and pass it on to the output 1671 * interface. 1672 * 1673 * The mbuf has the Ethernet header already attached. 1674 */ 1675 static void 1676 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1677 { 1678 struct bridge_softc *sc; 1679 1680 sc = ifp->if_bridge; 1681 1682 /* 1683 * The packet didnt originate from a member interface. This should only 1684 * ever happen if a member interface is removed while packets are 1685 * queued for it. 1686 */ 1687 if (sc == NULL) { 1688 m_freem(m); 1689 return; 1690 } 1691 1692 if (PFIL_HOOKED(&inet_pfil_hook) 1693 #ifdef INET6 1694 || PFIL_HOOKED(&inet6_pfil_hook) 1695 #endif 1696 ) { 1697 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1698 return; 1699 if (m == NULL) 1700 return; 1701 } 1702 1703 bridge_enqueue(sc, ifp, m); 1704 } 1705 1706 /* 1707 * bridge_output: 1708 * 1709 * Send output from a bridge member interface. This 1710 * performs the bridging function for locally originated 1711 * packets. 1712 * 1713 * The mbuf has the Ethernet header already attached. We must 1714 * enqueue or free the mbuf before returning. 1715 */ 1716 static int 1717 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1718 struct rtentry *rt) 1719 { 1720 struct ether_header *eh; 1721 struct ifnet *dst_if; 1722 struct bridge_softc *sc; 1723 1724 if (m->m_len < ETHER_HDR_LEN) { 1725 m = m_pullup(m, ETHER_HDR_LEN); 1726 if (m == NULL) 1727 return (0); 1728 } 1729 1730 eh = mtod(m, struct ether_header *); 1731 sc = ifp->if_bridge; 1732 1733 BRIDGE_LOCK(sc); 1734 1735 /* 1736 * If bridge is down, but the original output interface is up, 1737 * go ahead and send out that interface. Otherwise, the packet 1738 * is dropped below. 1739 */ 1740 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1741 dst_if = ifp; 1742 goto sendunicast; 1743 } 1744 1745 /* 1746 * If the packet is a multicast, or we don't know a better way to 1747 * get there, send to all interfaces. 1748 */ 1749 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1750 dst_if = NULL; 1751 else 1752 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1753 if (dst_if == NULL) { 1754 struct bridge_iflist *bif; 1755 struct mbuf *mc; 1756 int error = 0, used = 0; 1757 1758 BRIDGE_LOCK2REF(sc, error); 1759 if (error) { 1760 m_freem(m); 1761 return (0); 1762 } 1763 1764 bridge_span(sc, m); 1765 1766 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1767 dst_if = bif->bif_ifp; 1768 1769 if (dst_if->if_type == IFT_GIF) 1770 continue; 1771 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1772 continue; 1773 1774 /* 1775 * If this is not the original output interface, 1776 * and the interface is participating in spanning 1777 * tree, make sure the port is in a state that 1778 * allows forwarding. 1779 */ 1780 if (dst_if != ifp && 1781 (bif->bif_flags & IFBIF_STP) != 0) { 1782 switch (bif->bif_stp.bp_state) { 1783 case BSTP_IFSTATE_BLOCKING: 1784 case BSTP_IFSTATE_LISTENING: 1785 case BSTP_IFSTATE_DISABLED: 1786 continue; 1787 } 1788 } 1789 1790 if (LIST_NEXT(bif, bif_next) == NULL) { 1791 used = 1; 1792 mc = m; 1793 } else { 1794 mc = m_copypacket(m, M_DONTWAIT); 1795 if (mc == NULL) { 1796 sc->sc_ifp->if_oerrors++; 1797 continue; 1798 } 1799 } 1800 1801 bridge_enqueue(sc, dst_if, mc); 1802 } 1803 if (used == 0) 1804 m_freem(m); 1805 BRIDGE_UNREF(sc); 1806 return (0); 1807 } 1808 1809 sendunicast: 1810 /* 1811 * XXX Spanning tree consideration here? 1812 */ 1813 1814 bridge_span(sc, m); 1815 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1816 m_freem(m); 1817 BRIDGE_UNLOCK(sc); 1818 return (0); 1819 } 1820 1821 BRIDGE_UNLOCK(sc); 1822 bridge_enqueue(sc, dst_if, m); 1823 return (0); 1824 } 1825 1826 /* 1827 * bridge_start: 1828 * 1829 * Start output on a bridge. 1830 * 1831 */ 1832 static void 1833 bridge_start(struct ifnet *ifp) 1834 { 1835 struct bridge_softc *sc; 1836 struct mbuf *m; 1837 struct ether_header *eh; 1838 struct ifnet *dst_if; 1839 1840 sc = ifp->if_softc; 1841 1842 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1843 for (;;) { 1844 IFQ_DEQUEUE(&ifp->if_snd, m); 1845 if (m == 0) 1846 break; 1847 BPF_MTAP(ifp, m); 1848 1849 eh = mtod(m, struct ether_header *); 1850 dst_if = NULL; 1851 1852 BRIDGE_LOCK(sc); 1853 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1854 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1855 } 1856 1857 if (dst_if == NULL) 1858 bridge_broadcast(sc, ifp, m, 0); 1859 else { 1860 BRIDGE_UNLOCK(sc); 1861 bridge_enqueue(sc, dst_if, m); 1862 } 1863 } 1864 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1865 } 1866 1867 /* 1868 * bridge_forward: 1869 * 1870 * The forwarding function of the bridge. 1871 * 1872 * NOTE: Releases the lock on return. 1873 */ 1874 static void 1875 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1876 { 1877 struct bridge_iflist *bif; 1878 struct ifnet *src_if, *dst_if, *ifp; 1879 struct ether_header *eh; 1880 1881 src_if = m->m_pkthdr.rcvif; 1882 BRIDGE_LOCK_ASSERT(sc); 1883 ifp = sc->sc_ifp; 1884 1885 sc->sc_ifp->if_ipackets++; 1886 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1887 1888 /* 1889 * Look up the bridge_iflist. 1890 */ 1891 bif = bridge_lookup_member_if(sc, src_if); 1892 if (bif == NULL) { 1893 /* Interface is not a bridge member (anymore?) */ 1894 BRIDGE_UNLOCK(sc); 1895 m_freem(m); 1896 return; 1897 } 1898 1899 if (bif->bif_flags & IFBIF_STP) { 1900 switch (bif->bif_stp.bp_state) { 1901 case BSTP_IFSTATE_BLOCKING: 1902 case BSTP_IFSTATE_LISTENING: 1903 case BSTP_IFSTATE_DISABLED: 1904 BRIDGE_UNLOCK(sc); 1905 m_freem(m); 1906 return; 1907 } 1908 } 1909 1910 eh = mtod(m, struct ether_header *); 1911 1912 /* 1913 * If the interface is learning, and the source 1914 * address is valid and not multicast, record 1915 * the address. 1916 */ 1917 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1918 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1919 (eh->ether_shost[0] == 0 && 1920 eh->ether_shost[1] == 0 && 1921 eh->ether_shost[2] == 0 && 1922 eh->ether_shost[3] == 0 && 1923 eh->ether_shost[4] == 0 && 1924 eh->ether_shost[5] == 0) == 0) { 1925 (void) bridge_rtupdate(sc, eh->ether_shost, 1926 src_if, 0, IFBAF_DYNAMIC); 1927 } 1928 1929 if ((bif->bif_flags & IFBIF_STP) != 0 && 1930 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1931 m_freem(m); 1932 BRIDGE_UNLOCK(sc); 1933 return; 1934 } 1935 1936 /* 1937 * At this point, the port either doesn't participate 1938 * in spanning tree or it is in the forwarding state. 1939 */ 1940 1941 /* 1942 * If the packet is unicast, destined for someone on 1943 * "this" side of the bridge, drop it. 1944 */ 1945 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1946 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1947 if (src_if == dst_if) { 1948 BRIDGE_UNLOCK(sc); 1949 m_freem(m); 1950 return; 1951 } 1952 } else { 1953 /* ...forward it to all interfaces. */ 1954 sc->sc_ifp->if_imcasts++; 1955 dst_if = NULL; 1956 } 1957 1958 /* 1959 * If we have a destination interface which is a member of our bridge, 1960 * OR this is a unicast packet, push it through the bpf(4) machinery. 1961 * For broadcast or multicast packets, don't bother because it will 1962 * be reinjected into ether_input. We do this before we pass the packets 1963 * through the pfil(9) framework, as it is possible that pfil(9) will 1964 * drop the packet, or possibly modify it, making it difficult to debug 1965 * firewall issues on the bridge. 1966 */ 1967 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1968 BPF_MTAP(ifp, m); 1969 1970 /* run the packet filter */ 1971 if (PFIL_HOOKED(&inet_pfil_hook) 1972 #ifdef INET6 1973 || PFIL_HOOKED(&inet6_pfil_hook) 1974 #endif 1975 ) { 1976 BRIDGE_UNLOCK(sc); 1977 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1978 return; 1979 if (m == NULL) 1980 return; 1981 BRIDGE_LOCK(sc); 1982 } 1983 1984 if (dst_if == NULL) { 1985 bridge_broadcast(sc, src_if, m, 1); 1986 return; 1987 } 1988 1989 /* 1990 * At this point, we're dealing with a unicast frame 1991 * going to a different interface. 1992 */ 1993 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1994 BRIDGE_UNLOCK(sc); 1995 m_freem(m); 1996 return; 1997 } 1998 bif = bridge_lookup_member_if(sc, dst_if); 1999 if (bif == NULL) { 2000 /* Not a member of the bridge (anymore?) */ 2001 BRIDGE_UNLOCK(sc); 2002 m_freem(m); 2003 return; 2004 } 2005 2006 if (bif->bif_flags & IFBIF_STP) { 2007 switch (bif->bif_stp.bp_state) { 2008 case BSTP_IFSTATE_DISABLED: 2009 case BSTP_IFSTATE_BLOCKING: 2010 BRIDGE_UNLOCK(sc); 2011 m_freem(m); 2012 return; 2013 } 2014 } 2015 2016 BRIDGE_UNLOCK(sc); 2017 2018 if (PFIL_HOOKED(&inet_pfil_hook) 2019 #ifdef INET6 2020 || PFIL_HOOKED(&inet6_pfil_hook) 2021 #endif 2022 ) { 2023 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 2024 return; 2025 if (m == NULL) 2026 return; 2027 } 2028 2029 bridge_enqueue(sc, dst_if, m); 2030 } 2031 2032 /* 2033 * bridge_input: 2034 * 2035 * Receive input from a member interface. Queue the packet for 2036 * bridging if it is not for us. 2037 */ 2038 static struct mbuf * 2039 bridge_input(struct ifnet *ifp, struct mbuf *m) 2040 { 2041 struct bridge_softc *sc = ifp->if_bridge; 2042 struct bridge_iflist *bif; 2043 struct ifnet *bifp; 2044 struct ether_header *eh; 2045 struct mbuf *mc, *mc2; 2046 2047 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2048 return (m); 2049 2050 bifp = sc->sc_ifp; 2051 2052 /* 2053 * Implement support for bridge monitoring. If this flag has been 2054 * set on this interface, discard the packet once we push it through 2055 * the bpf(4) machinery, but before we do, increment the byte and 2056 * packet counters associated with this interface. 2057 */ 2058 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2059 m->m_pkthdr.rcvif = bifp; 2060 BPF_MTAP(bifp, m); 2061 bifp->if_ipackets++; 2062 bifp->if_ibytes += m->m_pkthdr.len; 2063 m_free(m); 2064 return (NULL); 2065 } 2066 BRIDGE_LOCK(sc); 2067 bif = bridge_lookup_member_if(sc, ifp); 2068 if (bif == NULL) { 2069 BRIDGE_UNLOCK(sc); 2070 return (m); 2071 } 2072 2073 eh = mtod(m, struct ether_header *); 2074 2075 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2076 ETHER_ADDR_LEN) == 0) { 2077 /* 2078 * If the packet is for us, set the packets source as the 2079 * bridge, and return the packet back to ether_input for 2080 * local processing. 2081 */ 2082 2083 /* Mark the packet as arriving on the bridge interface */ 2084 m->m_pkthdr.rcvif = bifp; 2085 BPF_MTAP(bifp, m); 2086 bifp->if_ipackets++; 2087 2088 BRIDGE_UNLOCK(sc); 2089 return (m); 2090 } 2091 2092 bridge_span(sc, m); 2093 2094 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 2095 /* Tap off 802.1D packets; they do not get forwarded. */ 2096 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2097 ETHER_ADDR_LEN) == 0) { 2098 m = bstp_input(&bif->bif_stp, ifp, m); 2099 if (m == NULL) { 2100 BRIDGE_UNLOCK(sc); 2101 return (NULL); 2102 } 2103 } 2104 2105 if (bif->bif_flags & IFBIF_STP) { 2106 switch (bif->bif_stp.bp_state) { 2107 case BSTP_IFSTATE_BLOCKING: 2108 case BSTP_IFSTATE_LISTENING: 2109 case BSTP_IFSTATE_DISABLED: 2110 BRIDGE_UNLOCK(sc); 2111 return (m); 2112 } 2113 } 2114 2115 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 2116 sizeof(etherbroadcastaddr)) == 0) 2117 m->m_flags |= M_BCAST; 2118 else 2119 m->m_flags |= M_MCAST; 2120 2121 /* 2122 * Make a deep copy of the packet and enqueue the copy 2123 * for bridge processing; return the original packet for 2124 * local processing. 2125 */ 2126 mc = m_dup(m, M_DONTWAIT); 2127 if (mc == NULL) { 2128 BRIDGE_UNLOCK(sc); 2129 return (m); 2130 } 2131 2132 /* Perform the bridge forwarding function with the copy. */ 2133 bridge_forward(sc, mc); 2134 2135 /* 2136 * Reinject the mbuf as arriving on the bridge so we have a 2137 * chance at claiming multicast packets. We can not loop back 2138 * here from ether_input as a bridge is never a member of a 2139 * bridge. 2140 */ 2141 KASSERT(bifp->if_bridge == NULL, 2142 ("loop created in bridge_input")); 2143 mc2 = m_dup(m, M_DONTWAIT); 2144 if (mc2 != NULL) { 2145 /* Keep the layer3 header aligned */ 2146 int i = min(mc2->m_pkthdr.len, max_protohdr); 2147 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2148 } 2149 if (mc2 != NULL) { 2150 mc2->m_pkthdr.rcvif = bifp; 2151 (*bifp->if_input)(bifp, mc2); 2152 } 2153 2154 /* Return the original packet for local processing. */ 2155 return (m); 2156 } 2157 2158 if (bif->bif_flags & IFBIF_STP) { 2159 switch (bif->bif_stp.bp_state) { 2160 case BSTP_IFSTATE_BLOCKING: 2161 case BSTP_IFSTATE_LISTENING: 2162 case BSTP_IFSTATE_DISABLED: 2163 BRIDGE_UNLOCK(sc); 2164 return (m); 2165 } 2166 } 2167 2168 /* 2169 * Unicast. Make sure it's not for us. 2170 */ 2171 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2172 if (bif->bif_ifp->if_type == IFT_GIF) 2173 continue; 2174 /* It is destined for us. */ 2175 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2176 ETHER_ADDR_LEN) == 0 2177 #ifdef DEV_CARP 2178 || (bif->bif_ifp->if_carp 2179 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost)) 2180 #endif 2181 ) { 2182 if (bif->bif_flags & IFBIF_LEARNING) 2183 (void) bridge_rtupdate(sc, 2184 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 2185 m->m_pkthdr.rcvif = bif->bif_ifp; 2186 BRIDGE_UNLOCK(sc); 2187 return (m); 2188 } 2189 2190 /* We just received a packet that we sent out. */ 2191 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2192 ETHER_ADDR_LEN) == 0 2193 #ifdef DEV_CARP 2194 || (bif->bif_ifp->if_carp 2195 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost)) 2196 #endif 2197 ) { 2198 BRIDGE_UNLOCK(sc); 2199 m_freem(m); 2200 return (NULL); 2201 } 2202 } 2203 2204 /* Perform the bridge forwarding function. */ 2205 bridge_forward(sc, m); 2206 2207 return (NULL); 2208 } 2209 2210 /* 2211 * bridge_broadcast: 2212 * 2213 * Send a frame to all interfaces that are members of 2214 * the bridge, except for the one on which the packet 2215 * arrived. 2216 * 2217 * NOTE: Releases the lock on return. 2218 */ 2219 static void 2220 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2221 struct mbuf *m, int runfilt) 2222 { 2223 struct bridge_iflist *bif; 2224 struct mbuf *mc; 2225 struct ifnet *dst_if; 2226 int error = 0, used = 0, i; 2227 2228 BRIDGE_LOCK_ASSERT(sc); 2229 BRIDGE_LOCK2REF(sc, error); 2230 if (error) { 2231 m_freem(m); 2232 return; 2233 } 2234 2235 /* Filter on the bridge interface before broadcasting */ 2236 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2237 #ifdef INET6 2238 || PFIL_HOOKED(&inet6_pfil_hook) 2239 #endif 2240 )) { 2241 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2242 goto out; 2243 if (m == NULL) 2244 goto out; 2245 } 2246 2247 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2248 dst_if = bif->bif_ifp; 2249 if (dst_if == src_if) 2250 continue; 2251 2252 if (bif->bif_flags & IFBIF_STP) { 2253 switch (bif->bif_stp.bp_state) { 2254 case BSTP_IFSTATE_BLOCKING: 2255 case BSTP_IFSTATE_DISABLED: 2256 continue; 2257 } 2258 } 2259 2260 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2261 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2262 continue; 2263 2264 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2265 continue; 2266 2267 if (LIST_NEXT(bif, bif_next) == NULL) { 2268 mc = m; 2269 used = 1; 2270 } else { 2271 mc = m_dup(m, M_DONTWAIT); 2272 if (mc == NULL) { 2273 sc->sc_ifp->if_oerrors++; 2274 continue; 2275 } 2276 } 2277 2278 /* 2279 * Filter on the output interface. Pass a NULL bridge interface 2280 * pointer so we do not redundantly filter on the bridge for 2281 * each interface we broadcast on. 2282 */ 2283 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2284 #ifdef INET6 2285 || PFIL_HOOKED(&inet6_pfil_hook) 2286 #endif 2287 )) { 2288 if (used == 0) { 2289 /* Keep the layer3 header aligned */ 2290 i = min(mc->m_pkthdr.len, max_protohdr); 2291 mc = m_copyup(mc, i, ETHER_ALIGN); 2292 if (mc == NULL) { 2293 sc->sc_ifp->if_oerrors++; 2294 continue; 2295 } 2296 } 2297 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2298 continue; 2299 if (mc == NULL) 2300 continue; 2301 } 2302 2303 bridge_enqueue(sc, dst_if, mc); 2304 } 2305 if (used == 0) 2306 m_freem(m); 2307 2308 out: 2309 BRIDGE_UNREF(sc); 2310 } 2311 2312 /* 2313 * bridge_span: 2314 * 2315 * Duplicate a packet out one or more interfaces that are in span mode, 2316 * the original mbuf is unmodified. 2317 */ 2318 static void 2319 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2320 { 2321 struct bridge_iflist *bif; 2322 struct ifnet *dst_if; 2323 struct mbuf *mc; 2324 2325 if (LIST_EMPTY(&sc->sc_spanlist)) 2326 return; 2327 2328 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2329 dst_if = bif->bif_ifp; 2330 2331 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2332 continue; 2333 2334 mc = m_copypacket(m, M_DONTWAIT); 2335 if (mc == NULL) { 2336 sc->sc_ifp->if_oerrors++; 2337 continue; 2338 } 2339 2340 bridge_enqueue(sc, dst_if, mc); 2341 } 2342 } 2343 2344 /* 2345 * bridge_rtupdate: 2346 * 2347 * Add a bridge routing entry. 2348 */ 2349 static int 2350 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2351 struct ifnet *dst_if, int setflags, uint8_t flags) 2352 { 2353 struct bridge_rtnode *brt; 2354 int error; 2355 2356 BRIDGE_LOCK_ASSERT(sc); 2357 2358 /* 2359 * A route for this destination might already exist. If so, 2360 * update it, otherwise create a new one. 2361 */ 2362 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2363 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2364 sc->sc_brtexceeded++; 2365 return (ENOSPC); 2366 } 2367 2368 /* 2369 * Allocate a new bridge forwarding node, and 2370 * initialize the expiration time and Ethernet 2371 * address. 2372 */ 2373 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2374 if (brt == NULL) 2375 return (ENOMEM); 2376 2377 brt->brt_flags = IFBAF_DYNAMIC; 2378 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2379 2380 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2381 uma_zfree(bridge_rtnode_zone, brt); 2382 return (error); 2383 } 2384 } 2385 2386 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2387 brt->brt_ifp = dst_if; 2388 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2389 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2390 if (setflags) 2391 brt->brt_flags = flags; 2392 2393 return (0); 2394 } 2395 2396 /* 2397 * bridge_rtlookup: 2398 * 2399 * Lookup the destination interface for an address. 2400 */ 2401 static struct ifnet * 2402 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2403 { 2404 struct bridge_rtnode *brt; 2405 2406 BRIDGE_LOCK_ASSERT(sc); 2407 2408 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2409 return (NULL); 2410 2411 return (brt->brt_ifp); 2412 } 2413 2414 /* 2415 * bridge_rttrim: 2416 * 2417 * Trim the routine table so that we have a number 2418 * of routing entries less than or equal to the 2419 * maximum number. 2420 */ 2421 static void 2422 bridge_rttrim(struct bridge_softc *sc) 2423 { 2424 struct bridge_rtnode *brt, *nbrt; 2425 2426 BRIDGE_LOCK_ASSERT(sc); 2427 2428 /* Make sure we actually need to do this. */ 2429 if (sc->sc_brtcnt <= sc->sc_brtmax) 2430 return; 2431 2432 /* Force an aging cycle; this might trim enough addresses. */ 2433 bridge_rtage(sc); 2434 if (sc->sc_brtcnt <= sc->sc_brtmax) 2435 return; 2436 2437 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2438 nbrt = LIST_NEXT(brt, brt_list); 2439 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2440 bridge_rtnode_destroy(sc, brt); 2441 if (sc->sc_brtcnt <= sc->sc_brtmax) 2442 return; 2443 } 2444 } 2445 } 2446 2447 /* 2448 * bridge_timer: 2449 * 2450 * Aging timer for the bridge. 2451 */ 2452 static void 2453 bridge_timer(void *arg) 2454 { 2455 struct bridge_softc *sc = arg; 2456 2457 BRIDGE_LOCK_ASSERT(sc); 2458 2459 bridge_rtage(sc); 2460 2461 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2462 callout_reset(&sc->sc_brcallout, 2463 bridge_rtable_prune_period * hz, bridge_timer, sc); 2464 } 2465 2466 /* 2467 * bridge_rtage: 2468 * 2469 * Perform an aging cycle. 2470 */ 2471 static void 2472 bridge_rtage(struct bridge_softc *sc) 2473 { 2474 struct bridge_rtnode *brt, *nbrt; 2475 2476 BRIDGE_LOCK_ASSERT(sc); 2477 2478 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2479 nbrt = LIST_NEXT(brt, brt_list); 2480 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2481 if (time_uptime >= brt->brt_expire) 2482 bridge_rtnode_destroy(sc, brt); 2483 } 2484 } 2485 } 2486 2487 /* 2488 * bridge_rtflush: 2489 * 2490 * Remove all dynamic addresses from the bridge. 2491 */ 2492 static void 2493 bridge_rtflush(struct bridge_softc *sc, int full) 2494 { 2495 struct bridge_rtnode *brt, *nbrt; 2496 2497 BRIDGE_LOCK_ASSERT(sc); 2498 2499 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2500 nbrt = LIST_NEXT(brt, brt_list); 2501 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2502 bridge_rtnode_destroy(sc, brt); 2503 } 2504 } 2505 2506 /* 2507 * bridge_rtdaddr: 2508 * 2509 * Remove an address from the table. 2510 */ 2511 static int 2512 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2513 { 2514 struct bridge_rtnode *brt; 2515 2516 BRIDGE_LOCK_ASSERT(sc); 2517 2518 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2519 return (ENOENT); 2520 2521 bridge_rtnode_destroy(sc, brt); 2522 return (0); 2523 } 2524 2525 /* 2526 * bridge_rtdelete: 2527 * 2528 * Delete routes to a speicifc member interface. 2529 */ 2530 static void 2531 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2532 { 2533 struct bridge_rtnode *brt, *nbrt; 2534 2535 BRIDGE_LOCK_ASSERT(sc); 2536 2537 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2538 nbrt = LIST_NEXT(brt, brt_list); 2539 if (brt->brt_ifp == ifp && (full || 2540 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2541 bridge_rtnode_destroy(sc, brt); 2542 } 2543 } 2544 2545 /* 2546 * bridge_rtable_init: 2547 * 2548 * Initialize the route table for this bridge. 2549 */ 2550 static int 2551 bridge_rtable_init(struct bridge_softc *sc) 2552 { 2553 int i; 2554 2555 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2556 M_DEVBUF, M_NOWAIT); 2557 if (sc->sc_rthash == NULL) 2558 return (ENOMEM); 2559 2560 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2561 LIST_INIT(&sc->sc_rthash[i]); 2562 2563 sc->sc_rthash_key = arc4random(); 2564 2565 LIST_INIT(&sc->sc_rtlist); 2566 2567 return (0); 2568 } 2569 2570 /* 2571 * bridge_rtable_fini: 2572 * 2573 * Deconstruct the route table for this bridge. 2574 */ 2575 static void 2576 bridge_rtable_fini(struct bridge_softc *sc) 2577 { 2578 2579 free(sc->sc_rthash, M_DEVBUF); 2580 } 2581 2582 /* 2583 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2584 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2585 */ 2586 #define mix(a, b, c) \ 2587 do { \ 2588 a -= b; a -= c; a ^= (c >> 13); \ 2589 b -= c; b -= a; b ^= (a << 8); \ 2590 c -= a; c -= b; c ^= (b >> 13); \ 2591 a -= b; a -= c; a ^= (c >> 12); \ 2592 b -= c; b -= a; b ^= (a << 16); \ 2593 c -= a; c -= b; c ^= (b >> 5); \ 2594 a -= b; a -= c; a ^= (c >> 3); \ 2595 b -= c; b -= a; b ^= (a << 10); \ 2596 c -= a; c -= b; c ^= (b >> 15); \ 2597 } while (/*CONSTCOND*/0) 2598 2599 static __inline uint32_t 2600 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2601 { 2602 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2603 2604 b += addr[5] << 8; 2605 b += addr[4]; 2606 a += addr[3] << 24; 2607 a += addr[2] << 16; 2608 a += addr[1] << 8; 2609 a += addr[0]; 2610 2611 mix(a, b, c); 2612 2613 return (c & BRIDGE_RTHASH_MASK); 2614 } 2615 2616 #undef mix 2617 2618 static int 2619 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2620 { 2621 int i, d; 2622 2623 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2624 d = ((int)a[i]) - ((int)b[i]); 2625 } 2626 2627 return (d); 2628 } 2629 2630 /* 2631 * bridge_rtnode_lookup: 2632 * 2633 * Look up a bridge route node for the specified destination. 2634 */ 2635 static struct bridge_rtnode * 2636 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2637 { 2638 struct bridge_rtnode *brt; 2639 uint32_t hash; 2640 int dir; 2641 2642 BRIDGE_LOCK_ASSERT(sc); 2643 2644 hash = bridge_rthash(sc, addr); 2645 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2646 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2647 if (dir == 0) 2648 return (brt); 2649 if (dir > 0) 2650 return (NULL); 2651 } 2652 2653 return (NULL); 2654 } 2655 2656 /* 2657 * bridge_rtnode_insert: 2658 * 2659 * Insert the specified bridge node into the route table. We 2660 * assume the entry is not already in the table. 2661 */ 2662 static int 2663 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2664 { 2665 struct bridge_rtnode *lbrt; 2666 uint32_t hash; 2667 int dir; 2668 2669 BRIDGE_LOCK_ASSERT(sc); 2670 2671 hash = bridge_rthash(sc, brt->brt_addr); 2672 2673 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2674 if (lbrt == NULL) { 2675 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2676 goto out; 2677 } 2678 2679 do { 2680 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2681 if (dir == 0) 2682 return (EEXIST); 2683 if (dir > 0) { 2684 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2685 goto out; 2686 } 2687 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2688 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2689 goto out; 2690 } 2691 lbrt = LIST_NEXT(lbrt, brt_hash); 2692 } while (lbrt != NULL); 2693 2694 #ifdef DIAGNOSTIC 2695 panic("bridge_rtnode_insert: impossible"); 2696 #endif 2697 2698 out: 2699 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2700 sc->sc_brtcnt++; 2701 2702 return (0); 2703 } 2704 2705 /* 2706 * bridge_rtnode_destroy: 2707 * 2708 * Destroy a bridge rtnode. 2709 */ 2710 static void 2711 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2712 { 2713 BRIDGE_LOCK_ASSERT(sc); 2714 2715 LIST_REMOVE(brt, brt_hash); 2716 2717 LIST_REMOVE(brt, brt_list); 2718 sc->sc_brtcnt--; 2719 uma_zfree(bridge_rtnode_zone, brt); 2720 } 2721 2722 /* 2723 * bridge_state_change: 2724 * 2725 * Callback from the bridgestp code when a port changes states. 2726 */ 2727 static void 2728 bridge_state_change(struct ifnet *ifp, int state) 2729 { 2730 struct bridge_softc *sc = ifp->if_bridge; 2731 static const char *stpstates[] = { 2732 "disabled", 2733 "listening", 2734 "learning", 2735 "forwarding", 2736 "blocking", 2737 }; 2738 2739 if (log_stp) 2740 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2741 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2742 2743 /* if the port is blocking then remove any routes to it */ 2744 switch (state) { 2745 case BSTP_IFSTATE_DISABLED: 2746 case BSTP_IFSTATE_BLOCKING: 2747 BRIDGE_LOCK(sc); 2748 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2749 BRIDGE_UNLOCK(sc); 2750 } 2751 } 2752 2753 /* 2754 * Send bridge packets through pfil if they are one of the types pfil can deal 2755 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2756 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2757 * that interface. 2758 */ 2759 static int 2760 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2761 { 2762 int snap, error, i, hlen; 2763 struct ether_header *eh1, eh2; 2764 struct ip_fw_args args; 2765 struct ip *ip; 2766 struct llc llc1; 2767 u_int16_t ether_type; 2768 2769 snap = 0; 2770 error = -1; /* Default error if not error == 0 */ 2771 2772 /* we may return with the IP fields swapped, ensure its not shared */ 2773 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2774 2775 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2776 return (0); /* filtering is disabled */ 2777 2778 i = min((*mp)->m_pkthdr.len, max_protohdr); 2779 if ((*mp)->m_len < i) { 2780 *mp = m_pullup(*mp, i); 2781 if (*mp == NULL) { 2782 printf("%s: m_pullup failed\n", __func__); 2783 return (-1); 2784 } 2785 } 2786 2787 eh1 = mtod(*mp, struct ether_header *); 2788 ether_type = ntohs(eh1->ether_type); 2789 2790 /* 2791 * Check for SNAP/LLC. 2792 */ 2793 if (ether_type < ETHERMTU) { 2794 struct llc *llc2 = (struct llc *)(eh1 + 1); 2795 2796 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2797 llc2->llc_dsap == LLC_SNAP_LSAP && 2798 llc2->llc_ssap == LLC_SNAP_LSAP && 2799 llc2->llc_control == LLC_UI) { 2800 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2801 snap = 1; 2802 } 2803 } 2804 2805 /* 2806 * If we're trying to filter bridge traffic, don't look at anything 2807 * other than IP and ARP traffic. If the filter doesn't understand 2808 * IPv6, don't allow IPv6 through the bridge either. This is lame 2809 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2810 * but of course we don't have an AppleTalk filter to begin with. 2811 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2812 * ARP traffic.) 2813 */ 2814 switch (ether_type) { 2815 case ETHERTYPE_ARP: 2816 case ETHERTYPE_REVARP: 2817 return (0); /* Automatically pass */ 2818 case ETHERTYPE_IP: 2819 #ifdef INET6 2820 case ETHERTYPE_IPV6: 2821 #endif /* INET6 */ 2822 break; 2823 default: 2824 /* 2825 * Check to see if the user wants to pass non-ip 2826 * packets, these will not be checked by pfil(9) and 2827 * passed unconditionally so the default is to drop. 2828 */ 2829 if (pfil_onlyip) 2830 goto bad; 2831 } 2832 2833 /* Strip off the Ethernet header and keep a copy. */ 2834 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2835 m_adj(*mp, ETHER_HDR_LEN); 2836 2837 /* Strip off snap header, if present */ 2838 if (snap) { 2839 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2840 m_adj(*mp, sizeof(struct llc)); 2841 } 2842 2843 /* 2844 * Check the IP header for alignment and errors 2845 */ 2846 if (dir == PFIL_IN) { 2847 switch (ether_type) { 2848 case ETHERTYPE_IP: 2849 error = bridge_ip_checkbasic(mp); 2850 break; 2851 #ifdef INET6 2852 case ETHERTYPE_IPV6: 2853 error = bridge_ip6_checkbasic(mp); 2854 break; 2855 #endif /* INET6 */ 2856 default: 2857 error = 0; 2858 } 2859 if (error) 2860 goto bad; 2861 } 2862 2863 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2864 error = -1; 2865 args.rule = ip_dn_claim_rule(*mp); 2866 if (args.rule != NULL && fw_one_pass) 2867 goto ipfwpass; /* packet already partially processed */ 2868 2869 args.m = *mp; 2870 args.oif = ifp; 2871 args.next_hop = NULL; 2872 args.eh = &eh2; 2873 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2874 i = ip_fw_chk_ptr(&args); 2875 *mp = args.m; 2876 2877 if (*mp == NULL) 2878 return (error); 2879 2880 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2881 2882 /* put the Ethernet header back on */ 2883 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2884 if (*mp == NULL) 2885 return (error); 2886 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2887 2888 /* 2889 * Pass the pkt to dummynet, which consumes it. The 2890 * packet will return to us via bridge_dummynet(). 2891 */ 2892 args.oif = ifp; 2893 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2894 return (error); 2895 } 2896 2897 if (i != IP_FW_PASS) /* drop */ 2898 goto bad; 2899 } 2900 2901 ipfwpass: 2902 error = 0; 2903 2904 /* 2905 * Run the packet through pfil 2906 */ 2907 switch (ether_type) { 2908 case ETHERTYPE_IP: 2909 /* 2910 * before calling the firewall, swap fields the same as 2911 * IP does. here we assume the header is contiguous 2912 */ 2913 ip = mtod(*mp, struct ip *); 2914 2915 ip->ip_len = ntohs(ip->ip_len); 2916 ip->ip_off = ntohs(ip->ip_off); 2917 2918 /* 2919 * Run pfil on the member interface and the bridge, both can 2920 * be skipped by clearing pfil_member or pfil_bridge. 2921 * 2922 * Keep the order: 2923 * in_if -> bridge_if -> out_if 2924 */ 2925 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2926 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2927 dir, NULL); 2928 2929 if (*mp == NULL || error != 0) /* filter may consume */ 2930 break; 2931 2932 if (pfil_member && ifp != NULL) 2933 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2934 dir, NULL); 2935 2936 if (*mp == NULL || error != 0) /* filter may consume */ 2937 break; 2938 2939 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2940 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2941 dir, NULL); 2942 2943 if (*mp == NULL || error != 0) /* filter may consume */ 2944 break; 2945 2946 /* check if we need to fragment the packet */ 2947 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2948 i = (*mp)->m_pkthdr.len; 2949 if (i > ifp->if_mtu) { 2950 error = bridge_fragment(ifp, *mp, &eh2, snap, 2951 &llc1); 2952 return (error); 2953 } 2954 } 2955 2956 /* Recalculate the ip checksum and restore byte ordering */ 2957 ip = mtod(*mp, struct ip *); 2958 hlen = ip->ip_hl << 2; 2959 if (hlen < sizeof(struct ip)) 2960 goto bad; 2961 if (hlen > (*mp)->m_len) { 2962 if ((*mp = m_pullup(*mp, hlen)) == 0) 2963 goto bad; 2964 ip = mtod(*mp, struct ip *); 2965 if (ip == NULL) 2966 goto bad; 2967 } 2968 ip->ip_len = htons(ip->ip_len); 2969 ip->ip_off = htons(ip->ip_off); 2970 ip->ip_sum = 0; 2971 if (hlen == sizeof(struct ip)) 2972 ip->ip_sum = in_cksum_hdr(ip); 2973 else 2974 ip->ip_sum = in_cksum(*mp, hlen); 2975 2976 break; 2977 #ifdef INET6 2978 case ETHERTYPE_IPV6: 2979 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2980 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2981 dir, NULL); 2982 2983 if (*mp == NULL || error != 0) /* filter may consume */ 2984 break; 2985 2986 if (pfil_member && ifp != NULL) 2987 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2988 dir, NULL); 2989 2990 if (*mp == NULL || error != 0) /* filter may consume */ 2991 break; 2992 2993 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2994 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2995 dir, NULL); 2996 break; 2997 #endif 2998 default: 2999 error = 0; 3000 break; 3001 } 3002 3003 if (*mp == NULL) 3004 return (error); 3005 if (error != 0) 3006 goto bad; 3007 3008 error = -1; 3009 3010 /* 3011 * Finally, put everything back the way it was and return 3012 */ 3013 if (snap) { 3014 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3015 if (*mp == NULL) 3016 return (error); 3017 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3018 } 3019 3020 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3021 if (*mp == NULL) 3022 return (error); 3023 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3024 3025 return (0); 3026 3027 bad: 3028 m_freem(*mp); 3029 *mp = NULL; 3030 return (error); 3031 } 3032 3033 /* 3034 * Perform basic checks on header size since 3035 * pfil assumes ip_input has already processed 3036 * it for it. Cut-and-pasted from ip_input.c. 3037 * Given how simple the IPv6 version is, 3038 * does the IPv4 version really need to be 3039 * this complicated? 3040 * 3041 * XXX Should we update ipstat here, or not? 3042 * XXX Right now we update ipstat but not 3043 * XXX csum_counter. 3044 */ 3045 static int 3046 bridge_ip_checkbasic(struct mbuf **mp) 3047 { 3048 struct mbuf *m = *mp; 3049 struct ip *ip; 3050 int len, hlen; 3051 u_short sum; 3052 3053 if (*mp == NULL) 3054 return (-1); 3055 3056 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3057 if ((m = m_copyup(m, sizeof(struct ip), 3058 (max_linkhdr + 3) & ~3)) == NULL) { 3059 /* XXXJRT new stat, please */ 3060 ipstat.ips_toosmall++; 3061 goto bad; 3062 } 3063 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3064 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3065 ipstat.ips_toosmall++; 3066 goto bad; 3067 } 3068 } 3069 ip = mtod(m, struct ip *); 3070 if (ip == NULL) goto bad; 3071 3072 if (ip->ip_v != IPVERSION) { 3073 ipstat.ips_badvers++; 3074 goto bad; 3075 } 3076 hlen = ip->ip_hl << 2; 3077 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3078 ipstat.ips_badhlen++; 3079 goto bad; 3080 } 3081 if (hlen > m->m_len) { 3082 if ((m = m_pullup(m, hlen)) == 0) { 3083 ipstat.ips_badhlen++; 3084 goto bad; 3085 } 3086 ip = mtod(m, struct ip *); 3087 if (ip == NULL) goto bad; 3088 } 3089 3090 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3091 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3092 } else { 3093 if (hlen == sizeof(struct ip)) { 3094 sum = in_cksum_hdr(ip); 3095 } else { 3096 sum = in_cksum(m, hlen); 3097 } 3098 } 3099 if (sum) { 3100 ipstat.ips_badsum++; 3101 goto bad; 3102 } 3103 3104 /* Retrieve the packet length. */ 3105 len = ntohs(ip->ip_len); 3106 3107 /* 3108 * Check for additional length bogosity 3109 */ 3110 if (len < hlen) { 3111 ipstat.ips_badlen++; 3112 goto bad; 3113 } 3114 3115 /* 3116 * Check that the amount of data in the buffers 3117 * is as at least much as the IP header would have us expect. 3118 * Drop packet if shorter than we expect. 3119 */ 3120 if (m->m_pkthdr.len < len) { 3121 ipstat.ips_tooshort++; 3122 goto bad; 3123 } 3124 3125 /* Checks out, proceed */ 3126 *mp = m; 3127 return (0); 3128 3129 bad: 3130 *mp = m; 3131 return (-1); 3132 } 3133 3134 #ifdef INET6 3135 /* 3136 * Same as above, but for IPv6. 3137 * Cut-and-pasted from ip6_input.c. 3138 * XXX Should we update ip6stat, or not? 3139 */ 3140 static int 3141 bridge_ip6_checkbasic(struct mbuf **mp) 3142 { 3143 struct mbuf *m = *mp; 3144 struct ip6_hdr *ip6; 3145 3146 /* 3147 * If the IPv6 header is not aligned, slurp it up into a new 3148 * mbuf with space for link headers, in the event we forward 3149 * it. Otherwise, if it is aligned, make sure the entire base 3150 * IPv6 header is in the first mbuf of the chain. 3151 */ 3152 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3153 struct ifnet *inifp = m->m_pkthdr.rcvif; 3154 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3155 (max_linkhdr + 3) & ~3)) == NULL) { 3156 /* XXXJRT new stat, please */ 3157 ip6stat.ip6s_toosmall++; 3158 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3159 goto bad; 3160 } 3161 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3162 struct ifnet *inifp = m->m_pkthdr.rcvif; 3163 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3164 ip6stat.ip6s_toosmall++; 3165 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3166 goto bad; 3167 } 3168 } 3169 3170 ip6 = mtod(m, struct ip6_hdr *); 3171 3172 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3173 ip6stat.ip6s_badvers++; 3174 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3175 goto bad; 3176 } 3177 3178 /* Checks out, proceed */ 3179 *mp = m; 3180 return (0); 3181 3182 bad: 3183 *mp = m; 3184 return (-1); 3185 } 3186 #endif /* INET6 */ 3187 3188 /* 3189 * bridge_fragment: 3190 * 3191 * Return a fragmented mbuf chain. 3192 */ 3193 static int 3194 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3195 int snap, struct llc *llc) 3196 { 3197 struct mbuf *m0; 3198 struct ip *ip; 3199 int error = -1; 3200 3201 if (m->m_len < sizeof(struct ip) && 3202 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3203 goto out; 3204 ip = mtod(m, struct ip *); 3205 3206 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3207 CSUM_DELAY_IP); 3208 if (error) 3209 goto out; 3210 3211 /* walk the chain and re-add the Ethernet header */ 3212 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3213 if (error == 0) { 3214 if (snap) { 3215 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3216 if (m0 == NULL) { 3217 error = ENOBUFS; 3218 continue; 3219 } 3220 bcopy(llc, mtod(m0, caddr_t), 3221 sizeof(struct llc)); 3222 } 3223 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3224 if (m0 == NULL) { 3225 error = ENOBUFS; 3226 continue; 3227 } 3228 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3229 } else 3230 m_freem(m); 3231 } 3232 3233 if (error == 0) 3234 ipstat.ips_fragmented++; 3235 3236 return (error); 3237 3238 out: 3239 if (m != NULL) 3240 m_freem(m); 3241 return (error); 3242 } 3243