1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-4-Clause 5 * 6 * Copyright 2001 Wasabi Systems, Inc. 7 * All rights reserved. 8 * 9 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed for the NetBSD Project by 22 * Wasabi Systems, Inc. 23 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 24 * or promote products derived from this software without specific prior 25 * written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 31 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 37 * POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40 /* 41 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 42 * All rights reserved. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 54 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 55 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 56 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 57 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 58 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 59 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 62 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 63 * POSSIBILITY OF SUCH DAMAGE. 64 * 65 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 66 */ 67 68 /* 69 * Network interface bridge support. 70 * 71 * TODO: 72 * 73 * - Currently only supports Ethernet-like interfaces (Ethernet, 74 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 75 * to bridge other types of interfaces (maybe consider 76 * heterogeneous bridges). 77 */ 78 79 #include <sys/cdefs.h> 80 __FBSDID("$FreeBSD$"); 81 82 #include "opt_inet.h" 83 #include "opt_inet6.h" 84 85 #include <sys/param.h> 86 #include <sys/eventhandler.h> 87 #include <sys/mbuf.h> 88 #include <sys/malloc.h> 89 #include <sys/protosw.h> 90 #include <sys/systm.h> 91 #include <sys/jail.h> 92 #include <sys/time.h> 93 #include <sys/socket.h> /* for net/if.h */ 94 #include <sys/sockio.h> 95 #include <sys/ctype.h> /* string functions */ 96 #include <sys/kernel.h> 97 #include <sys/random.h> 98 #include <sys/syslog.h> 99 #include <sys/sysctl.h> 100 #include <vm/uma.h> 101 #include <sys/module.h> 102 #include <sys/priv.h> 103 #include <sys/proc.h> 104 #include <sys/lock.h> 105 #include <sys/mutex.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_clone.h> 110 #include <net/if_dl.h> 111 #include <net/if_types.h> 112 #include <net/if_var.h> 113 #include <net/pfil.h> 114 #include <net/vnet.h> 115 116 #include <netinet/in.h> 117 #include <netinet/in_systm.h> 118 #include <netinet/in_var.h> 119 #include <netinet/ip.h> 120 #include <netinet/ip_var.h> 121 #ifdef INET6 122 #include <netinet/ip6.h> 123 #include <netinet6/ip6_var.h> 124 #include <netinet6/in6_ifattach.h> 125 #endif 126 #if defined(INET) || defined(INET6) 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 #include <net/if_vlan_var.h> 135 136 #include <net/route.h> 137 138 #ifdef INET6 139 /* 140 * XXX: declare here to avoid to include many inet6 related files.. 141 * should be more generalized? 142 */ 143 extern void nd6_setmtu(struct ifnet *); 144 #endif 145 146 /* 147 * Size of the route hash table. Must be a power of two. 148 */ 149 #ifndef BRIDGE_RTHASH_SIZE 150 #define BRIDGE_RTHASH_SIZE 1024 151 #endif 152 153 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 154 155 /* 156 * Default maximum number of addresses to cache. 157 */ 158 #ifndef BRIDGE_RTABLE_MAX 159 #define BRIDGE_RTABLE_MAX 2000 160 #endif 161 162 /* 163 * Timeout (in seconds) for entries learned dynamically. 164 */ 165 #ifndef BRIDGE_RTABLE_TIMEOUT 166 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 167 #endif 168 169 /* 170 * Number of seconds between walks of the route list. 171 */ 172 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 173 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 174 #endif 175 176 /* 177 * List of capabilities to possibly mask on the member interface. 178 */ 179 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM|\ 180 IFCAP_TXCSUM_IPV6) 181 182 /* 183 * List of capabilities to strip 184 */ 185 #define BRIDGE_IFCAPS_STRIP IFCAP_LRO 186 187 /* 188 * Bridge locking 189 */ 190 #define BRIDGE_LOCK_INIT(_sc) do { \ 191 mtx_init(&(_sc)->sc_mtx, "if_bridge", NULL, MTX_DEF); \ 192 cv_init(&(_sc)->sc_cv, "if_bridge_cv"); \ 193 } while (0) 194 #define BRIDGE_LOCK_DESTROY(_sc) do { \ 195 mtx_destroy(&(_sc)->sc_mtx); \ 196 cv_destroy(&(_sc)->sc_cv); \ 197 } while (0) 198 #define BRIDGE_LOCK(_sc) mtx_lock(&(_sc)->sc_mtx) 199 #define BRIDGE_UNLOCK(_sc) mtx_unlock(&(_sc)->sc_mtx) 200 #define BRIDGE_LOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_OWNED) 201 #define BRIDGE_UNLOCK_ASSERT(_sc) mtx_assert(&(_sc)->sc_mtx, MA_NOTOWNED) 202 #define BRIDGE_LOCK2REF(_sc, _err) do { \ 203 mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ 204 if ((_sc)->sc_iflist_xcnt > 0) \ 205 (_err) = EBUSY; \ 206 else \ 207 (_sc)->sc_iflist_ref++; \ 208 mtx_unlock(&(_sc)->sc_mtx); \ 209 } while (0) 210 #define BRIDGE_UNREF(_sc) do { \ 211 mtx_lock(&(_sc)->sc_mtx); \ 212 (_sc)->sc_iflist_ref--; \ 213 if (((_sc)->sc_iflist_xcnt > 0) && ((_sc)->sc_iflist_ref == 0)) \ 214 cv_broadcast(&(_sc)->sc_cv); \ 215 mtx_unlock(&(_sc)->sc_mtx); \ 216 } while (0) 217 #define BRIDGE_XLOCK(_sc) do { \ 218 mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ 219 (_sc)->sc_iflist_xcnt++; \ 220 while ((_sc)->sc_iflist_ref > 0) \ 221 cv_wait(&(_sc)->sc_cv, &(_sc)->sc_mtx); \ 222 } while (0) 223 #define BRIDGE_XDROP(_sc) do { \ 224 mtx_assert(&(_sc)->sc_mtx, MA_OWNED); \ 225 (_sc)->sc_iflist_xcnt--; \ 226 } while (0) 227 228 /* 229 * Bridge interface list entry. 230 */ 231 struct bridge_iflist { 232 CK_LIST_ENTRY(bridge_iflist) bif_next; 233 struct ifnet *bif_ifp; /* member if */ 234 struct bstp_port bif_stp; /* STP state */ 235 uint32_t bif_flags; /* member if flags */ 236 int bif_savedcaps; /* saved capabilities */ 237 uint32_t bif_addrmax; /* max # of addresses */ 238 uint32_t bif_addrcnt; /* cur. # of addresses */ 239 uint32_t bif_addrexceeded;/* # of address violations */ 240 }; 241 242 /* 243 * Bridge route node. 244 */ 245 struct bridge_rtnode { 246 CK_LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 247 CK_LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 248 struct bridge_iflist *brt_dst; /* destination if */ 249 unsigned long brt_expire; /* expiration time */ 250 uint8_t brt_flags; /* address flags */ 251 uint8_t brt_addr[ETHER_ADDR_LEN]; 252 uint16_t brt_vlan; /* vlan id */ 253 }; 254 #define brt_ifp brt_dst->bif_ifp 255 256 /* 257 * Software state for each bridge. 258 */ 259 struct bridge_softc { 260 struct ifnet *sc_ifp; /* make this an interface */ 261 LIST_ENTRY(bridge_softc) sc_list; 262 struct mtx sc_mtx; 263 struct cv sc_cv; 264 uint32_t sc_brtmax; /* max # of addresses */ 265 uint32_t sc_brtcnt; /* cur. # of addresses */ 266 uint32_t sc_brttimeout; /* rt timeout in seconds */ 267 struct callout sc_brcallout; /* bridge callout */ 268 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 269 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 270 CK_LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 271 CK_LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 272 CK_LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 273 uint32_t sc_rthash_key; /* key for hash */ 274 CK_LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 275 struct bstp_state sc_stp; /* STP state */ 276 uint32_t sc_brtexceeded; /* # of cache drops */ 277 struct ifnet *sc_ifaddr; /* member mac copied from */ 278 struct ether_addr sc_defaddr; /* Default MAC address */ 279 }; 280 281 VNET_DEFINE_STATIC(struct mtx, bridge_list_mtx); 282 #define V_bridge_list_mtx VNET(bridge_list_mtx) 283 static eventhandler_tag bridge_detach_cookie; 284 285 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 286 287 VNET_DEFINE_STATIC(uma_zone_t, bridge_rtnode_zone); 288 #define V_bridge_rtnode_zone VNET(bridge_rtnode_zone) 289 290 static int bridge_clone_create(struct if_clone *, int, caddr_t); 291 static void bridge_clone_destroy(struct ifnet *); 292 293 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 294 static void bridge_mutecaps(struct bridge_softc *); 295 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *, 296 int); 297 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 298 static void bridge_init(void *); 299 static void bridge_dummynet(struct mbuf *, struct ifnet *); 300 static void bridge_stop(struct ifnet *, int); 301 static int bridge_transmit(struct ifnet *, struct mbuf *); 302 static void bridge_qflush(struct ifnet *); 303 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 304 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 305 struct rtentry *); 306 static int bridge_enqueue(struct bridge_softc *, struct ifnet *, 307 struct mbuf *); 308 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 309 310 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *, 311 struct mbuf *m); 312 313 static void bridge_timer(void *); 314 315 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 316 struct mbuf *, int); 317 static void bridge_span(struct bridge_softc *, struct mbuf *); 318 319 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 320 uint16_t, struct bridge_iflist *, int, uint8_t); 321 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 322 uint16_t); 323 static void bridge_rttrim(struct bridge_softc *); 324 static void bridge_rtage(struct bridge_softc *); 325 static void bridge_rtflush(struct bridge_softc *, int); 326 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 327 uint16_t); 328 329 static void bridge_rtable_init(struct bridge_softc *); 330 static void bridge_rtable_fini(struct bridge_softc *); 331 332 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 333 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 334 const uint8_t *, uint16_t); 335 static int bridge_rtnode_insert(struct bridge_softc *, 336 struct bridge_rtnode *); 337 static void bridge_rtnode_destroy(struct bridge_softc *, 338 struct bridge_rtnode *); 339 static void bridge_rtable_expire(struct ifnet *, int); 340 static void bridge_state_change(struct ifnet *, int); 341 342 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 343 const char *name); 344 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 345 struct ifnet *ifp); 346 static void bridge_delete_member(struct bridge_softc *, 347 struct bridge_iflist *, int); 348 static void bridge_delete_span(struct bridge_softc *, 349 struct bridge_iflist *); 350 351 static int bridge_ioctl_add(struct bridge_softc *, void *); 352 static int bridge_ioctl_del(struct bridge_softc *, void *); 353 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 354 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 355 static int bridge_ioctl_scache(struct bridge_softc *, void *); 356 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 357 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 358 static int bridge_ioctl_rts(struct bridge_softc *, void *); 359 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 360 static int bridge_ioctl_sto(struct bridge_softc *, void *); 361 static int bridge_ioctl_gto(struct bridge_softc *, void *); 362 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 363 static int bridge_ioctl_flush(struct bridge_softc *, void *); 364 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 365 static int bridge_ioctl_spri(struct bridge_softc *, void *); 366 static int bridge_ioctl_ght(struct bridge_softc *, void *); 367 static int bridge_ioctl_sht(struct bridge_softc *, void *); 368 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 369 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 370 static int bridge_ioctl_gma(struct bridge_softc *, void *); 371 static int bridge_ioctl_sma(struct bridge_softc *, void *); 372 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 373 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 374 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *); 375 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 376 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 377 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 378 static int bridge_ioctl_grte(struct bridge_softc *, void *); 379 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 380 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 381 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 382 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 383 int); 384 static int bridge_ip_checkbasic(struct mbuf **mp); 385 #ifdef INET6 386 static int bridge_ip6_checkbasic(struct mbuf **mp); 387 #endif /* INET6 */ 388 static int bridge_fragment(struct ifnet *, struct mbuf **mp, 389 struct ether_header *, int, struct llc *); 390 static void bridge_linkstate(struct ifnet *ifp); 391 static void bridge_linkcheck(struct bridge_softc *sc); 392 393 394 /* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 395 #define VLANTAGOF(_m) \ 396 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 397 398 static struct bstp_cb_ops bridge_ops = { 399 .bcb_state = bridge_state_change, 400 .bcb_rtage = bridge_rtable_expire 401 }; 402 403 SYSCTL_DECL(_net_link); 404 static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 405 "Bridge"); 406 407 /* only pass IP[46] packets when pfil is enabled */ 408 VNET_DEFINE_STATIC(int, pfil_onlyip) = 1; 409 #define V_pfil_onlyip VNET(pfil_onlyip) 410 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, 411 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_onlyip), 0, 412 "Only pass IP packets when pfil is enabled"); 413 414 /* run pfil hooks on the bridge interface */ 415 VNET_DEFINE_STATIC(int, pfil_bridge) = 1; 416 #define V_pfil_bridge VNET(pfil_bridge) 417 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, 418 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_bridge), 0, 419 "Packet filter on the bridge interface"); 420 421 /* layer2 filter with ipfw */ 422 VNET_DEFINE_STATIC(int, pfil_ipfw); 423 #define V_pfil_ipfw VNET(pfil_ipfw) 424 425 /* layer2 ARP filter with ipfw */ 426 VNET_DEFINE_STATIC(int, pfil_ipfw_arp); 427 #define V_pfil_ipfw_arp VNET(pfil_ipfw_arp) 428 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, 429 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_ipfw_arp), 0, 430 "Filter ARP packets through IPFW layer2"); 431 432 /* run pfil hooks on the member interface */ 433 VNET_DEFINE_STATIC(int, pfil_member) = 1; 434 #define V_pfil_member VNET(pfil_member) 435 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, 436 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_member), 0, 437 "Packet filter on the member interface"); 438 439 /* run pfil hooks on the physical interface for locally destined packets */ 440 VNET_DEFINE_STATIC(int, pfil_local_phys); 441 #define V_pfil_local_phys VNET(pfil_local_phys) 442 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, 443 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(pfil_local_phys), 0, 444 "Packet filter on the physical interface for locally destined packets"); 445 446 /* log STP state changes */ 447 VNET_DEFINE_STATIC(int, log_stp); 448 #define V_log_stp VNET(log_stp) 449 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, 450 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(log_stp), 0, 451 "Log STP state changes"); 452 453 /* share MAC with first bridge member */ 454 VNET_DEFINE_STATIC(int, bridge_inherit_mac); 455 #define V_bridge_inherit_mac VNET(bridge_inherit_mac) 456 SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, 457 CTLFLAG_RWTUN | CTLFLAG_VNET, &VNET_NAME(bridge_inherit_mac), 0, 458 "Inherit MAC address from the first bridge member"); 459 460 VNET_DEFINE_STATIC(int, allow_llz_overlap) = 0; 461 #define V_allow_llz_overlap VNET(allow_llz_overlap) 462 SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap, 463 CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(allow_llz_overlap), 0, 464 "Allow overlap of link-local scope " 465 "zones of a bridge interface and the member interfaces"); 466 467 struct bridge_control { 468 int (*bc_func)(struct bridge_softc *, void *); 469 int bc_argsize; 470 int bc_flags; 471 }; 472 473 #define BC_F_COPYIN 0x01 /* copy arguments in */ 474 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 475 #define BC_F_SUSER 0x04 /* do super-user check */ 476 477 const struct bridge_control bridge_control_table[] = { 478 { bridge_ioctl_add, sizeof(struct ifbreq), 479 BC_F_COPYIN|BC_F_SUSER }, 480 { bridge_ioctl_del, sizeof(struct ifbreq), 481 BC_F_COPYIN|BC_F_SUSER }, 482 483 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 484 BC_F_COPYIN|BC_F_COPYOUT }, 485 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 486 BC_F_COPYIN|BC_F_SUSER }, 487 488 { bridge_ioctl_scache, sizeof(struct ifbrparam), 489 BC_F_COPYIN|BC_F_SUSER }, 490 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 491 BC_F_COPYOUT }, 492 493 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 494 BC_F_COPYIN|BC_F_COPYOUT }, 495 { bridge_ioctl_rts, sizeof(struct ifbaconf), 496 BC_F_COPYIN|BC_F_COPYOUT }, 497 498 { bridge_ioctl_saddr, sizeof(struct ifbareq), 499 BC_F_COPYIN|BC_F_SUSER }, 500 501 { bridge_ioctl_sto, sizeof(struct ifbrparam), 502 BC_F_COPYIN|BC_F_SUSER }, 503 { bridge_ioctl_gto, sizeof(struct ifbrparam), 504 BC_F_COPYOUT }, 505 506 { bridge_ioctl_daddr, sizeof(struct ifbareq), 507 BC_F_COPYIN|BC_F_SUSER }, 508 509 { bridge_ioctl_flush, sizeof(struct ifbreq), 510 BC_F_COPYIN|BC_F_SUSER }, 511 512 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 513 BC_F_COPYOUT }, 514 { bridge_ioctl_spri, sizeof(struct ifbrparam), 515 BC_F_COPYIN|BC_F_SUSER }, 516 517 { bridge_ioctl_ght, sizeof(struct ifbrparam), 518 BC_F_COPYOUT }, 519 { bridge_ioctl_sht, sizeof(struct ifbrparam), 520 BC_F_COPYIN|BC_F_SUSER }, 521 522 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 523 BC_F_COPYOUT }, 524 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 525 BC_F_COPYIN|BC_F_SUSER }, 526 527 { bridge_ioctl_gma, sizeof(struct ifbrparam), 528 BC_F_COPYOUT }, 529 { bridge_ioctl_sma, sizeof(struct ifbrparam), 530 BC_F_COPYIN|BC_F_SUSER }, 531 532 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 533 BC_F_COPYIN|BC_F_SUSER }, 534 535 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 536 BC_F_COPYIN|BC_F_SUSER }, 537 538 { bridge_ioctl_addspan, sizeof(struct ifbreq), 539 BC_F_COPYIN|BC_F_SUSER }, 540 { bridge_ioctl_delspan, sizeof(struct ifbreq), 541 BC_F_COPYIN|BC_F_SUSER }, 542 543 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 544 BC_F_COPYOUT }, 545 546 { bridge_ioctl_grte, sizeof(struct ifbrparam), 547 BC_F_COPYOUT }, 548 549 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 550 BC_F_COPYIN|BC_F_COPYOUT }, 551 552 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 553 BC_F_COPYIN|BC_F_SUSER }, 554 555 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 556 BC_F_COPYIN|BC_F_SUSER }, 557 558 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq), 559 BC_F_COPYIN|BC_F_SUSER }, 560 561 }; 562 const int bridge_control_table_size = nitems(bridge_control_table); 563 564 VNET_DEFINE_STATIC(LIST_HEAD(, bridge_softc), bridge_list); 565 #define V_bridge_list VNET(bridge_list) 566 #define BRIDGE_LIST_LOCK_INIT(x) mtx_init(&V_bridge_list_mtx, \ 567 "if_bridge list", NULL, MTX_DEF) 568 #define BRIDGE_LIST_LOCK_DESTROY(x) mtx_destroy(&V_bridge_list_mtx) 569 #define BRIDGE_LIST_LOCK(x) mtx_lock(&V_bridge_list_mtx) 570 #define BRIDGE_LIST_UNLOCK(x) mtx_unlock(&V_bridge_list_mtx) 571 572 VNET_DEFINE_STATIC(struct if_clone *, bridge_cloner); 573 #define V_bridge_cloner VNET(bridge_cloner) 574 575 static const char bridge_name[] = "bridge"; 576 577 static void 578 vnet_bridge_init(const void *unused __unused) 579 { 580 581 V_bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 582 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 583 UMA_ALIGN_PTR, 0); 584 BRIDGE_LIST_LOCK_INIT(); 585 LIST_INIT(&V_bridge_list); 586 V_bridge_cloner = if_clone_simple(bridge_name, 587 bridge_clone_create, bridge_clone_destroy, 0); 588 } 589 VNET_SYSINIT(vnet_bridge_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 590 vnet_bridge_init, NULL); 591 592 static void 593 vnet_bridge_uninit(const void *unused __unused) 594 { 595 596 if_clone_detach(V_bridge_cloner); 597 V_bridge_cloner = NULL; 598 BRIDGE_LIST_LOCK_DESTROY(); 599 uma_zdestroy(V_bridge_rtnode_zone); 600 } 601 VNET_SYSUNINIT(vnet_bridge_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, 602 vnet_bridge_uninit, NULL); 603 604 static int 605 bridge_modevent(module_t mod, int type, void *data) 606 { 607 608 switch (type) { 609 case MOD_LOAD: 610 bridge_dn_p = bridge_dummynet; 611 bridge_detach_cookie = EVENTHANDLER_REGISTER( 612 ifnet_departure_event, bridge_ifdetach, NULL, 613 EVENTHANDLER_PRI_ANY); 614 break; 615 case MOD_UNLOAD: 616 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 617 bridge_detach_cookie); 618 bridge_dn_p = NULL; 619 break; 620 default: 621 return (EOPNOTSUPP); 622 } 623 return (0); 624 } 625 626 static moduledata_t bridge_mod = { 627 "if_bridge", 628 bridge_modevent, 629 0 630 }; 631 632 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 633 MODULE_VERSION(if_bridge, 1); 634 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 635 636 /* 637 * handler for net.link.bridge.ipfw 638 */ 639 static int 640 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 641 { 642 int enable = V_pfil_ipfw; 643 int error; 644 645 error = sysctl_handle_int(oidp, &enable, 0, req); 646 enable &= 1; 647 648 if (enable != V_pfil_ipfw) { 649 V_pfil_ipfw = enable; 650 651 /* 652 * Disable pfil so that ipfw doesnt run twice, if the user 653 * really wants both then they can re-enable pfil_bridge and/or 654 * pfil_member. Also allow non-ip packets as ipfw can filter by 655 * layer2 type. 656 */ 657 if (V_pfil_ipfw) { 658 V_pfil_onlyip = 0; 659 V_pfil_bridge = 0; 660 V_pfil_member = 0; 661 } 662 } 663 664 return (error); 665 } 666 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, 667 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_VNET | CTLFLAG_NEEDGIANT, 668 &VNET_NAME(pfil_ipfw), 0, &sysctl_pfil_ipfw, "I", 669 "Layer2 filter with IPFW"); 670 671 /* 672 * bridge_clone_create: 673 * 674 * Create a new bridge instance. 675 */ 676 static int 677 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 678 { 679 struct bridge_softc *sc, *sc2; 680 struct ifnet *bifp, *ifp; 681 int fb, retry; 682 unsigned long hostid; 683 684 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 685 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 686 if (ifp == NULL) { 687 free(sc, M_DEVBUF); 688 return (ENOSPC); 689 } 690 691 BRIDGE_LOCK_INIT(sc); 692 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 693 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 694 695 /* Initialize our routing table. */ 696 bridge_rtable_init(sc); 697 698 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 699 700 CK_LIST_INIT(&sc->sc_iflist); 701 CK_LIST_INIT(&sc->sc_spanlist); 702 703 ifp->if_softc = sc; 704 if_initname(ifp, bridge_name, unit); 705 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 706 ifp->if_ioctl = bridge_ioctl; 707 ifp->if_transmit = bridge_transmit; 708 ifp->if_qflush = bridge_qflush; 709 ifp->if_init = bridge_init; 710 ifp->if_type = IFT_BRIDGE; 711 712 /* 713 * Generate an ethernet address with a locally administered address. 714 * 715 * Since we are using random ethernet addresses for the bridge, it is 716 * possible that we might have address collisions, so make sure that 717 * this hardware address isn't already in use on another bridge. 718 * The first try uses the hostid and falls back to arc4rand(). 719 */ 720 fb = 0; 721 getcredhostid(curthread->td_ucred, &hostid); 722 do { 723 if (fb || hostid == 0) { 724 ether_gen_addr(ifp, &sc->sc_defaddr); 725 } else { 726 sc->sc_defaddr.octet[0] = 0x2; 727 sc->sc_defaddr.octet[1] = (hostid >> 24) & 0xff; 728 sc->sc_defaddr.octet[2] = (hostid >> 16) & 0xff; 729 sc->sc_defaddr.octet[3] = (hostid >> 8 ) & 0xff; 730 sc->sc_defaddr.octet[4] = hostid & 0xff; 731 sc->sc_defaddr.octet[5] = ifp->if_dunit & 0xff; 732 } 733 734 fb = 1; 735 retry = 0; 736 BRIDGE_LIST_LOCK(); 737 LIST_FOREACH(sc2, &V_bridge_list, sc_list) { 738 bifp = sc2->sc_ifp; 739 if (memcmp(sc->sc_defaddr.octet, 740 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 741 retry = 1; 742 break; 743 } 744 } 745 BRIDGE_LIST_UNLOCK(); 746 } while (retry == 1); 747 748 bstp_attach(&sc->sc_stp, &bridge_ops); 749 ether_ifattach(ifp, sc->sc_defaddr.octet); 750 /* Now undo some of the damage... */ 751 ifp->if_baudrate = 0; 752 ifp->if_type = IFT_BRIDGE; 753 754 BRIDGE_LIST_LOCK(); 755 LIST_INSERT_HEAD(&V_bridge_list, sc, sc_list); 756 BRIDGE_LIST_UNLOCK(); 757 758 return (0); 759 } 760 761 /* 762 * bridge_clone_destroy: 763 * 764 * Destroy a bridge instance. 765 */ 766 static void 767 bridge_clone_destroy(struct ifnet *ifp) 768 { 769 struct bridge_softc *sc = ifp->if_softc; 770 struct bridge_iflist *bif; 771 772 BRIDGE_LOCK(sc); 773 774 bridge_stop(ifp, 1); 775 ifp->if_flags &= ~IFF_UP; 776 777 while ((bif = CK_LIST_FIRST(&sc->sc_iflist)) != NULL) 778 bridge_delete_member(sc, bif, 0); 779 780 while ((bif = CK_LIST_FIRST(&sc->sc_spanlist)) != NULL) { 781 bridge_delete_span(sc, bif); 782 } 783 784 /* Tear down the routing table. */ 785 bridge_rtable_fini(sc); 786 787 BRIDGE_UNLOCK(sc); 788 789 callout_drain(&sc->sc_brcallout); 790 791 BRIDGE_LIST_LOCK(); 792 LIST_REMOVE(sc, sc_list); 793 BRIDGE_LIST_UNLOCK(); 794 795 bstp_detach(&sc->sc_stp); 796 ether_ifdetach(ifp); 797 if_free(ifp); 798 799 BRIDGE_LOCK_DESTROY(sc); 800 free(sc, M_DEVBUF); 801 } 802 803 /* 804 * bridge_ioctl: 805 * 806 * Handle a control request from the operator. 807 */ 808 static int 809 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 810 { 811 struct bridge_softc *sc = ifp->if_softc; 812 struct ifreq *ifr = (struct ifreq *)data; 813 struct bridge_iflist *bif; 814 struct thread *td = curthread; 815 union { 816 struct ifbreq ifbreq; 817 struct ifbifconf ifbifconf; 818 struct ifbareq ifbareq; 819 struct ifbaconf ifbaconf; 820 struct ifbrparam ifbrparam; 821 struct ifbropreq ifbropreq; 822 } args; 823 struct ifdrv *ifd = (struct ifdrv *) data; 824 const struct bridge_control *bc; 825 int error = 0, oldmtu; 826 827 switch (cmd) { 828 829 case SIOCADDMULTI: 830 case SIOCDELMULTI: 831 break; 832 833 case SIOCGDRVSPEC: 834 case SIOCSDRVSPEC: 835 if (ifd->ifd_cmd >= bridge_control_table_size) { 836 error = EINVAL; 837 break; 838 } 839 bc = &bridge_control_table[ifd->ifd_cmd]; 840 841 if (cmd == SIOCGDRVSPEC && 842 (bc->bc_flags & BC_F_COPYOUT) == 0) { 843 error = EINVAL; 844 break; 845 } 846 else if (cmd == SIOCSDRVSPEC && 847 (bc->bc_flags & BC_F_COPYOUT) != 0) { 848 error = EINVAL; 849 break; 850 } 851 852 if (bc->bc_flags & BC_F_SUSER) { 853 error = priv_check(td, PRIV_NET_BRIDGE); 854 if (error) 855 break; 856 } 857 858 if (ifd->ifd_len != bc->bc_argsize || 859 ifd->ifd_len > sizeof(args)) { 860 error = EINVAL; 861 break; 862 } 863 864 bzero(&args, sizeof(args)); 865 if (bc->bc_flags & BC_F_COPYIN) { 866 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 867 if (error) 868 break; 869 } 870 871 oldmtu = ifp->if_mtu; 872 BRIDGE_LOCK(sc); 873 error = (*bc->bc_func)(sc, &args); 874 BRIDGE_UNLOCK(sc); 875 if (error) 876 break; 877 878 /* 879 * Bridge MTU may change during addition of the first port. 880 * If it did, do network layer specific procedure. 881 */ 882 if (ifp->if_mtu != oldmtu) { 883 #ifdef INET6 884 nd6_setmtu(ifp); 885 #endif 886 rt_updatemtu(ifp); 887 } 888 889 if (bc->bc_flags & BC_F_COPYOUT) 890 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 891 892 break; 893 894 case SIOCSIFFLAGS: 895 if (!(ifp->if_flags & IFF_UP) && 896 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 897 /* 898 * If interface is marked down and it is running, 899 * then stop and disable it. 900 */ 901 BRIDGE_LOCK(sc); 902 bridge_stop(ifp, 1); 903 BRIDGE_UNLOCK(sc); 904 } else if ((ifp->if_flags & IFF_UP) && 905 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 906 /* 907 * If interface is marked up and it is stopped, then 908 * start it. 909 */ 910 (*ifp->if_init)(sc); 911 } 912 break; 913 914 case SIOCSIFMTU: 915 if (ifr->ifr_mtu < 576) { 916 error = EINVAL; 917 break; 918 } 919 if (CK_LIST_EMPTY(&sc->sc_iflist)) { 920 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 921 break; 922 } 923 BRIDGE_LOCK(sc); 924 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 925 if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) { 926 log(LOG_NOTICE, "%s: invalid MTU: %u(%s)" 927 " != %d\n", sc->sc_ifp->if_xname, 928 bif->bif_ifp->if_mtu, 929 bif->bif_ifp->if_xname, ifr->ifr_mtu); 930 error = EINVAL; 931 break; 932 } 933 } 934 if (!error) 935 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 936 BRIDGE_UNLOCK(sc); 937 break; 938 default: 939 /* 940 * drop the lock as ether_ioctl() will call bridge_start() and 941 * cause the lock to be recursed. 942 */ 943 error = ether_ioctl(ifp, cmd, data); 944 break; 945 } 946 947 return (error); 948 } 949 950 /* 951 * bridge_mutecaps: 952 * 953 * Clear or restore unwanted capabilities on the member interface 954 */ 955 static void 956 bridge_mutecaps(struct bridge_softc *sc) 957 { 958 struct bridge_iflist *bif; 959 int enabled, mask; 960 961 /* Initial bitmask of capabilities to test */ 962 mask = BRIDGE_IFCAPS_MASK; 963 964 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 965 /* Every member must support it or its disabled */ 966 mask &= bif->bif_savedcaps; 967 } 968 969 BRIDGE_XLOCK(sc); 970 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 971 enabled = bif->bif_ifp->if_capenable; 972 enabled &= ~BRIDGE_IFCAPS_STRIP; 973 /* strip off mask bits and enable them again if allowed */ 974 enabled &= ~BRIDGE_IFCAPS_MASK; 975 enabled |= mask; 976 BRIDGE_UNLOCK(sc); 977 bridge_set_ifcap(sc, bif, enabled); 978 BRIDGE_LOCK(sc); 979 } 980 BRIDGE_XDROP(sc); 981 982 } 983 984 static void 985 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set) 986 { 987 struct ifnet *ifp = bif->bif_ifp; 988 struct ifreq ifr; 989 int error, mask, stuck; 990 991 BRIDGE_UNLOCK_ASSERT(sc); 992 993 bzero(&ifr, sizeof(ifr)); 994 ifr.ifr_reqcap = set; 995 996 if (ifp->if_capenable != set) { 997 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 998 if (error) 999 if_printf(sc->sc_ifp, 1000 "error setting capabilities on %s: %d\n", 1001 ifp->if_xname, error); 1002 mask = BRIDGE_IFCAPS_MASK | BRIDGE_IFCAPS_STRIP; 1003 stuck = ifp->if_capenable & mask & ~set; 1004 if (stuck != 0) 1005 if_printf(sc->sc_ifp, 1006 "can't disable some capabilities on %s: 0x%x\n", 1007 ifp->if_xname, stuck); 1008 } 1009 } 1010 1011 /* 1012 * bridge_lookup_member: 1013 * 1014 * Lookup a bridge member interface. 1015 */ 1016 static struct bridge_iflist * 1017 bridge_lookup_member(struct bridge_softc *sc, const char *name) 1018 { 1019 struct bridge_iflist *bif; 1020 struct ifnet *ifp; 1021 1022 BRIDGE_LOCK_ASSERT(sc); 1023 1024 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1025 ifp = bif->bif_ifp; 1026 if (strcmp(ifp->if_xname, name) == 0) 1027 return (bif); 1028 } 1029 1030 return (NULL); 1031 } 1032 1033 /* 1034 * bridge_lookup_member_if: 1035 * 1036 * Lookup a bridge member interface by ifnet*. 1037 */ 1038 static struct bridge_iflist * 1039 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 1040 { 1041 struct bridge_iflist *bif; 1042 1043 BRIDGE_LOCK_ASSERT(sc); 1044 1045 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1046 if (bif->bif_ifp == member_ifp) 1047 return (bif); 1048 } 1049 1050 return (NULL); 1051 } 1052 1053 /* 1054 * bridge_delete_member: 1055 * 1056 * Delete the specified member interface. 1057 */ 1058 static void 1059 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 1060 int gone) 1061 { 1062 struct ifnet *ifs = bif->bif_ifp; 1063 struct ifnet *fif = NULL; 1064 struct bridge_iflist *bifl; 1065 1066 BRIDGE_LOCK_ASSERT(sc); 1067 1068 if (bif->bif_flags & IFBIF_STP) 1069 bstp_disable(&bif->bif_stp); 1070 1071 ifs->if_bridge = NULL; 1072 BRIDGE_XLOCK(sc); 1073 CK_LIST_REMOVE(bif, bif_next); 1074 BRIDGE_XDROP(sc); 1075 1076 /* 1077 * If removing the interface that gave the bridge its mac address, set 1078 * the mac address of the bridge to the address of the next member, or 1079 * to its default address if no members are left. 1080 */ 1081 if (V_bridge_inherit_mac && sc->sc_ifaddr == ifs) { 1082 if (CK_LIST_EMPTY(&sc->sc_iflist)) { 1083 bcopy(&sc->sc_defaddr, 1084 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1085 sc->sc_ifaddr = NULL; 1086 } else { 1087 bifl = CK_LIST_FIRST(&sc->sc_iflist); 1088 fif = bifl->bif_ifp; 1089 bcopy(IF_LLADDR(fif), 1090 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1091 sc->sc_ifaddr = fif; 1092 } 1093 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 1094 } 1095 1096 bridge_linkcheck(sc); 1097 bridge_mutecaps(sc); /* recalcuate now this interface is removed */ 1098 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 1099 KASSERT(bif->bif_addrcnt == 0, 1100 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt)); 1101 1102 ifs->if_bridge_output = NULL; 1103 ifs->if_bridge_input = NULL; 1104 ifs->if_bridge_linkstate = NULL; 1105 BRIDGE_UNLOCK(sc); 1106 if (!gone) { 1107 switch (ifs->if_type) { 1108 case IFT_ETHER: 1109 case IFT_L2VLAN: 1110 /* 1111 * Take the interface out of promiscuous mode, but only 1112 * if it was promiscuous in the first place. It might 1113 * not be if we're in the bridge_ioctl_add() error path. 1114 */ 1115 if (ifs->if_flags & IFF_PROMISC) 1116 (void) ifpromisc(ifs, 0); 1117 break; 1118 1119 case IFT_GIF: 1120 break; 1121 1122 default: 1123 #ifdef DIAGNOSTIC 1124 panic("bridge_delete_member: impossible"); 1125 #endif 1126 break; 1127 } 1128 /* reneable any interface capabilities */ 1129 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 1130 } 1131 bstp_destroy(&bif->bif_stp); /* prepare to free */ 1132 BRIDGE_LOCK(sc); 1133 free(bif, M_DEVBUF); 1134 } 1135 1136 /* 1137 * bridge_delete_span: 1138 * 1139 * Delete the specified span interface. 1140 */ 1141 static void 1142 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1143 { 1144 BRIDGE_LOCK_ASSERT(sc); 1145 1146 KASSERT(bif->bif_ifp->if_bridge == NULL, 1147 ("%s: not a span interface", __func__)); 1148 1149 CK_LIST_REMOVE(bif, bif_next); 1150 free(bif, M_DEVBUF); 1151 } 1152 1153 static int 1154 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1155 { 1156 struct ifbreq *req = arg; 1157 struct bridge_iflist *bif = NULL; 1158 struct ifnet *ifs; 1159 int error = 0; 1160 1161 ifs = ifunit(req->ifbr_ifsname); 1162 if (ifs == NULL) 1163 return (ENOENT); 1164 if (ifs->if_ioctl == NULL) /* must be supported */ 1165 return (EINVAL); 1166 1167 /* If it's in the span list, it can't be a member. */ 1168 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1169 if (ifs == bif->bif_ifp) 1170 return (EBUSY); 1171 1172 if (ifs->if_bridge == sc) 1173 return (EEXIST); 1174 1175 if (ifs->if_bridge != NULL) 1176 return (EBUSY); 1177 1178 switch (ifs->if_type) { 1179 case IFT_ETHER: 1180 case IFT_L2VLAN: 1181 case IFT_GIF: 1182 /* permitted interface types */ 1183 break; 1184 default: 1185 return (EINVAL); 1186 } 1187 1188 #ifdef INET6 1189 /* 1190 * Two valid inet6 addresses with link-local scope must not be 1191 * on the parent interface and the member interfaces at the 1192 * same time. This restriction is needed to prevent violation 1193 * of link-local scope zone. Attempts to add a member 1194 * interface which has inet6 addresses when the parent has 1195 * inet6 triggers removal of all inet6 addresses on the member 1196 * interface. 1197 */ 1198 1199 /* Check if the parent interface has a link-local scope addr. */ 1200 if (V_allow_llz_overlap == 0 && 1201 in6ifa_llaonifp(sc->sc_ifp) != NULL) { 1202 /* 1203 * If any, remove all inet6 addresses from the member 1204 * interfaces. 1205 */ 1206 BRIDGE_XLOCK(sc); 1207 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1208 if (in6ifa_llaonifp(bif->bif_ifp)) { 1209 BRIDGE_UNLOCK(sc); 1210 in6_ifdetach(bif->bif_ifp); 1211 BRIDGE_LOCK(sc); 1212 if_printf(sc->sc_ifp, 1213 "IPv6 addresses on %s have been removed " 1214 "before adding it as a member to prevent " 1215 "IPv6 address scope violation.\n", 1216 bif->bif_ifp->if_xname); 1217 } 1218 } 1219 BRIDGE_XDROP(sc); 1220 if (in6ifa_llaonifp(ifs)) { 1221 BRIDGE_UNLOCK(sc); 1222 in6_ifdetach(ifs); 1223 BRIDGE_LOCK(sc); 1224 if_printf(sc->sc_ifp, 1225 "IPv6 addresses on %s have been removed " 1226 "before adding it as a member to prevent " 1227 "IPv6 address scope violation.\n", 1228 ifs->if_xname); 1229 } 1230 } 1231 #endif 1232 /* Allow the first Ethernet member to define the MTU */ 1233 if (CK_LIST_EMPTY(&sc->sc_iflist)) 1234 sc->sc_ifp->if_mtu = ifs->if_mtu; 1235 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 1236 if_printf(sc->sc_ifp, "invalid MTU: %u(%s) != %u\n", 1237 ifs->if_mtu, ifs->if_xname, sc->sc_ifp->if_mtu); 1238 return (EINVAL); 1239 } 1240 1241 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1242 if (bif == NULL) 1243 return (ENOMEM); 1244 1245 bif->bif_ifp = ifs; 1246 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 1247 bif->bif_savedcaps = ifs->if_capenable; 1248 1249 /* 1250 * Assign the interface's MAC address to the bridge if it's the first 1251 * member and the MAC address of the bridge has not been changed from 1252 * the default randomly generated one. 1253 */ 1254 if (V_bridge_inherit_mac && CK_LIST_EMPTY(&sc->sc_iflist) && 1255 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr.octet, ETHER_ADDR_LEN)) { 1256 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1257 sc->sc_ifaddr = ifs; 1258 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 1259 } 1260 1261 ifs->if_bridge = sc; 1262 ifs->if_bridge_output = bridge_output; 1263 ifs->if_bridge_input = bridge_input; 1264 ifs->if_bridge_linkstate = bridge_linkstate; 1265 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 1266 /* 1267 * XXX: XLOCK HERE!?! 1268 * 1269 * NOTE: insert_***HEAD*** should be safe for the traversals. 1270 */ 1271 CK_LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 1272 1273 /* Set interface capabilities to the intersection set of all members */ 1274 bridge_mutecaps(sc); 1275 bridge_linkcheck(sc); 1276 1277 /* Place the interface into promiscuous mode */ 1278 switch (ifs->if_type) { 1279 case IFT_ETHER: 1280 case IFT_L2VLAN: 1281 BRIDGE_UNLOCK(sc); 1282 error = ifpromisc(ifs, 1); 1283 BRIDGE_LOCK(sc); 1284 break; 1285 } 1286 1287 if (error) 1288 bridge_delete_member(sc, bif, 0); 1289 return (error); 1290 } 1291 1292 static int 1293 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1294 { 1295 struct ifbreq *req = arg; 1296 struct bridge_iflist *bif; 1297 1298 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1299 if (bif == NULL) 1300 return (ENOENT); 1301 1302 bridge_delete_member(sc, bif, 0); 1303 1304 return (0); 1305 } 1306 1307 static int 1308 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1309 { 1310 struct ifbreq *req = arg; 1311 struct bridge_iflist *bif; 1312 struct bstp_port *bp; 1313 1314 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1315 if (bif == NULL) 1316 return (ENOENT); 1317 1318 bp = &bif->bif_stp; 1319 req->ifbr_ifsflags = bif->bif_flags; 1320 req->ifbr_state = bp->bp_state; 1321 req->ifbr_priority = bp->bp_priority; 1322 req->ifbr_path_cost = bp->bp_path_cost; 1323 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1324 req->ifbr_proto = bp->bp_protover; 1325 req->ifbr_role = bp->bp_role; 1326 req->ifbr_stpflags = bp->bp_flags; 1327 req->ifbr_addrcnt = bif->bif_addrcnt; 1328 req->ifbr_addrmax = bif->bif_addrmax; 1329 req->ifbr_addrexceeded = bif->bif_addrexceeded; 1330 1331 /* Copy STP state options as flags */ 1332 if (bp->bp_operedge) 1333 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1334 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1335 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1336 if (bp->bp_ptp_link) 1337 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1338 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1339 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1340 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1341 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1342 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1343 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1344 return (0); 1345 } 1346 1347 static int 1348 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1349 { 1350 struct ifbreq *req = arg; 1351 struct bridge_iflist *bif; 1352 struct bstp_port *bp; 1353 int error; 1354 1355 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1356 if (bif == NULL) 1357 return (ENOENT); 1358 bp = &bif->bif_stp; 1359 1360 if (req->ifbr_ifsflags & IFBIF_SPAN) 1361 /* SPAN is readonly */ 1362 return (EINVAL); 1363 1364 if (req->ifbr_ifsflags & IFBIF_STP) { 1365 if ((bif->bif_flags & IFBIF_STP) == 0) { 1366 error = bstp_enable(&bif->bif_stp); 1367 if (error) 1368 return (error); 1369 } 1370 } else { 1371 if ((bif->bif_flags & IFBIF_STP) != 0) 1372 bstp_disable(&bif->bif_stp); 1373 } 1374 1375 /* Pass on STP flags */ 1376 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1377 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1378 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1379 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1380 1381 /* Save the bits relating to the bridge */ 1382 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1383 1384 return (0); 1385 } 1386 1387 static int 1388 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1389 { 1390 struct ifbrparam *param = arg; 1391 1392 sc->sc_brtmax = param->ifbrp_csize; 1393 bridge_rttrim(sc); 1394 1395 return (0); 1396 } 1397 1398 static int 1399 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1400 { 1401 struct ifbrparam *param = arg; 1402 1403 param->ifbrp_csize = sc->sc_brtmax; 1404 1405 return (0); 1406 } 1407 1408 static int 1409 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1410 { 1411 struct ifbifconf *bifc = arg; 1412 struct bridge_iflist *bif; 1413 struct ifbreq breq; 1414 char *buf, *outbuf; 1415 int count, buflen, len, error = 0; 1416 1417 count = 0; 1418 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1419 count++; 1420 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1421 count++; 1422 1423 buflen = sizeof(breq) * count; 1424 if (bifc->ifbic_len == 0) { 1425 bifc->ifbic_len = buflen; 1426 return (0); 1427 } 1428 BRIDGE_UNLOCK(sc); 1429 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1430 BRIDGE_LOCK(sc); 1431 1432 count = 0; 1433 buf = outbuf; 1434 len = min(bifc->ifbic_len, buflen); 1435 bzero(&breq, sizeof(breq)); 1436 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1437 if (len < sizeof(breq)) 1438 break; 1439 1440 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1441 sizeof(breq.ifbr_ifsname)); 1442 /* Fill in the ifbreq structure */ 1443 error = bridge_ioctl_gifflags(sc, &breq); 1444 if (error) 1445 break; 1446 memcpy(buf, &breq, sizeof(breq)); 1447 count++; 1448 buf += sizeof(breq); 1449 len -= sizeof(breq); 1450 } 1451 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1452 if (len < sizeof(breq)) 1453 break; 1454 1455 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1456 sizeof(breq.ifbr_ifsname)); 1457 breq.ifbr_ifsflags = bif->bif_flags; 1458 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1459 memcpy(buf, &breq, sizeof(breq)); 1460 count++; 1461 buf += sizeof(breq); 1462 len -= sizeof(breq); 1463 } 1464 1465 BRIDGE_UNLOCK(sc); 1466 bifc->ifbic_len = sizeof(breq) * count; 1467 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len); 1468 BRIDGE_LOCK(sc); 1469 free(outbuf, M_TEMP); 1470 return (error); 1471 } 1472 1473 static int 1474 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1475 { 1476 struct ifbaconf *bac = arg; 1477 struct bridge_rtnode *brt; 1478 struct ifbareq bareq; 1479 char *buf, *outbuf; 1480 int count, buflen, len, error = 0; 1481 1482 if (bac->ifbac_len == 0) 1483 return (0); 1484 1485 count = 0; 1486 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) 1487 count++; 1488 buflen = sizeof(bareq) * count; 1489 1490 BRIDGE_UNLOCK(sc); 1491 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1492 BRIDGE_LOCK(sc); 1493 1494 count = 0; 1495 buf = outbuf; 1496 len = min(bac->ifbac_len, buflen); 1497 bzero(&bareq, sizeof(bareq)); 1498 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1499 if (len < sizeof(bareq)) 1500 goto out; 1501 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1502 sizeof(bareq.ifba_ifsname)); 1503 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1504 bareq.ifba_vlan = brt->brt_vlan; 1505 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1506 time_uptime < brt->brt_expire) 1507 bareq.ifba_expire = brt->brt_expire - time_uptime; 1508 else 1509 bareq.ifba_expire = 0; 1510 bareq.ifba_flags = brt->brt_flags; 1511 1512 memcpy(buf, &bareq, sizeof(bareq)); 1513 count++; 1514 buf += sizeof(bareq); 1515 len -= sizeof(bareq); 1516 } 1517 out: 1518 BRIDGE_UNLOCK(sc); 1519 bac->ifbac_len = sizeof(bareq) * count; 1520 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len); 1521 BRIDGE_LOCK(sc); 1522 free(outbuf, M_TEMP); 1523 return (error); 1524 } 1525 1526 static int 1527 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1528 { 1529 struct ifbareq *req = arg; 1530 struct bridge_iflist *bif; 1531 int error; 1532 1533 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1534 if (bif == NULL) 1535 return (ENOENT); 1536 1537 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1538 req->ifba_flags); 1539 1540 return (error); 1541 } 1542 1543 static int 1544 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1545 { 1546 struct ifbrparam *param = arg; 1547 1548 sc->sc_brttimeout = param->ifbrp_ctime; 1549 return (0); 1550 } 1551 1552 static int 1553 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1554 { 1555 struct ifbrparam *param = arg; 1556 1557 param->ifbrp_ctime = sc->sc_brttimeout; 1558 return (0); 1559 } 1560 1561 static int 1562 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1563 { 1564 struct ifbareq *req = arg; 1565 1566 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1567 } 1568 1569 static int 1570 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1571 { 1572 struct ifbreq *req = arg; 1573 1574 bridge_rtflush(sc, req->ifbr_ifsflags); 1575 return (0); 1576 } 1577 1578 static int 1579 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1580 { 1581 struct ifbrparam *param = arg; 1582 struct bstp_state *bs = &sc->sc_stp; 1583 1584 param->ifbrp_prio = bs->bs_bridge_priority; 1585 return (0); 1586 } 1587 1588 static int 1589 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1590 { 1591 struct ifbrparam *param = arg; 1592 1593 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1594 } 1595 1596 static int 1597 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1598 { 1599 struct ifbrparam *param = arg; 1600 struct bstp_state *bs = &sc->sc_stp; 1601 1602 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1603 return (0); 1604 } 1605 1606 static int 1607 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1608 { 1609 struct ifbrparam *param = arg; 1610 1611 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1612 } 1613 1614 static int 1615 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1616 { 1617 struct ifbrparam *param = arg; 1618 struct bstp_state *bs = &sc->sc_stp; 1619 1620 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1621 return (0); 1622 } 1623 1624 static int 1625 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1626 { 1627 struct ifbrparam *param = arg; 1628 1629 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1630 } 1631 1632 static int 1633 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1634 { 1635 struct ifbrparam *param = arg; 1636 struct bstp_state *bs = &sc->sc_stp; 1637 1638 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1639 return (0); 1640 } 1641 1642 static int 1643 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1644 { 1645 struct ifbrparam *param = arg; 1646 1647 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1648 } 1649 1650 static int 1651 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1652 { 1653 struct ifbreq *req = arg; 1654 struct bridge_iflist *bif; 1655 1656 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1657 if (bif == NULL) 1658 return (ENOENT); 1659 1660 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1661 } 1662 1663 static int 1664 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1665 { 1666 struct ifbreq *req = arg; 1667 struct bridge_iflist *bif; 1668 1669 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1670 if (bif == NULL) 1671 return (ENOENT); 1672 1673 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1674 } 1675 1676 static int 1677 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg) 1678 { 1679 struct ifbreq *req = arg; 1680 struct bridge_iflist *bif; 1681 1682 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1683 if (bif == NULL) 1684 return (ENOENT); 1685 1686 bif->bif_addrmax = req->ifbr_addrmax; 1687 return (0); 1688 } 1689 1690 static int 1691 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1692 { 1693 struct ifbreq *req = arg; 1694 struct bridge_iflist *bif = NULL; 1695 struct ifnet *ifs; 1696 1697 ifs = ifunit(req->ifbr_ifsname); 1698 if (ifs == NULL) 1699 return (ENOENT); 1700 1701 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1702 if (ifs == bif->bif_ifp) 1703 return (EBUSY); 1704 1705 if (ifs->if_bridge != NULL) 1706 return (EBUSY); 1707 1708 switch (ifs->if_type) { 1709 case IFT_ETHER: 1710 case IFT_GIF: 1711 case IFT_L2VLAN: 1712 break; 1713 default: 1714 return (EINVAL); 1715 } 1716 1717 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1718 if (bif == NULL) 1719 return (ENOMEM); 1720 1721 bif->bif_ifp = ifs; 1722 bif->bif_flags = IFBIF_SPAN; 1723 1724 CK_LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1725 1726 return (0); 1727 } 1728 1729 static int 1730 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1731 { 1732 struct ifbreq *req = arg; 1733 struct bridge_iflist *bif; 1734 struct ifnet *ifs; 1735 1736 ifs = ifunit(req->ifbr_ifsname); 1737 if (ifs == NULL) 1738 return (ENOENT); 1739 1740 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1741 if (ifs == bif->bif_ifp) 1742 break; 1743 1744 if (bif == NULL) 1745 return (ENOENT); 1746 1747 bridge_delete_span(sc, bif); 1748 1749 return (0); 1750 } 1751 1752 static int 1753 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1754 { 1755 struct ifbropreq *req = arg; 1756 struct bstp_state *bs = &sc->sc_stp; 1757 struct bstp_port *root_port; 1758 1759 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1760 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1761 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1762 1763 root_port = bs->bs_root_port; 1764 if (root_port == NULL) 1765 req->ifbop_root_port = 0; 1766 else 1767 req->ifbop_root_port = root_port->bp_ifp->if_index; 1768 1769 req->ifbop_holdcount = bs->bs_txholdcount; 1770 req->ifbop_priority = bs->bs_bridge_priority; 1771 req->ifbop_protocol = bs->bs_protover; 1772 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1773 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1774 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1775 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1776 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1777 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1778 1779 return (0); 1780 } 1781 1782 static int 1783 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1784 { 1785 struct ifbrparam *param = arg; 1786 1787 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1788 return (0); 1789 } 1790 1791 static int 1792 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1793 { 1794 struct ifbpstpconf *bifstp = arg; 1795 struct bridge_iflist *bif; 1796 struct bstp_port *bp; 1797 struct ifbpstpreq bpreq; 1798 char *buf, *outbuf; 1799 int count, buflen, len, error = 0; 1800 1801 count = 0; 1802 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1803 if ((bif->bif_flags & IFBIF_STP) != 0) 1804 count++; 1805 } 1806 1807 buflen = sizeof(bpreq) * count; 1808 if (bifstp->ifbpstp_len == 0) { 1809 bifstp->ifbpstp_len = buflen; 1810 return (0); 1811 } 1812 1813 BRIDGE_UNLOCK(sc); 1814 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1815 BRIDGE_LOCK(sc); 1816 1817 count = 0; 1818 buf = outbuf; 1819 len = min(bifstp->ifbpstp_len, buflen); 1820 bzero(&bpreq, sizeof(bpreq)); 1821 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1822 if (len < sizeof(bpreq)) 1823 break; 1824 1825 if ((bif->bif_flags & IFBIF_STP) == 0) 1826 continue; 1827 1828 bp = &bif->bif_stp; 1829 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1830 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1831 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1832 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1833 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1834 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1835 1836 memcpy(buf, &bpreq, sizeof(bpreq)); 1837 count++; 1838 buf += sizeof(bpreq); 1839 len -= sizeof(bpreq); 1840 } 1841 1842 BRIDGE_UNLOCK(sc); 1843 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1844 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len); 1845 BRIDGE_LOCK(sc); 1846 free(outbuf, M_TEMP); 1847 return (error); 1848 } 1849 1850 static int 1851 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1852 { 1853 struct ifbrparam *param = arg; 1854 1855 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1856 } 1857 1858 static int 1859 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1860 { 1861 struct ifbrparam *param = arg; 1862 1863 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1864 } 1865 1866 /* 1867 * bridge_ifdetach: 1868 * 1869 * Detach an interface from a bridge. Called when a member 1870 * interface is detaching. 1871 */ 1872 static void 1873 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1874 { 1875 struct bridge_softc *sc = ifp->if_bridge; 1876 struct bridge_iflist *bif; 1877 1878 if (ifp->if_flags & IFF_RENAMING) 1879 return; 1880 if (V_bridge_cloner == NULL) { 1881 /* 1882 * This detach handler can be called after 1883 * vnet_bridge_uninit(). Just return in that case. 1884 */ 1885 return; 1886 } 1887 /* Check if the interface is a bridge member */ 1888 if (sc != NULL) { 1889 BRIDGE_LOCK(sc); 1890 1891 bif = bridge_lookup_member_if(sc, ifp); 1892 if (bif != NULL) 1893 bridge_delete_member(sc, bif, 1); 1894 1895 BRIDGE_UNLOCK(sc); 1896 return; 1897 } 1898 1899 /* Check if the interface is a span port */ 1900 BRIDGE_LIST_LOCK(); 1901 LIST_FOREACH(sc, &V_bridge_list, sc_list) { 1902 BRIDGE_LOCK(sc); 1903 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1904 if (ifp == bif->bif_ifp) { 1905 bridge_delete_span(sc, bif); 1906 break; 1907 } 1908 1909 BRIDGE_UNLOCK(sc); 1910 } 1911 BRIDGE_LIST_UNLOCK(); 1912 } 1913 1914 /* 1915 * bridge_init: 1916 * 1917 * Initialize a bridge interface. 1918 */ 1919 static void 1920 bridge_init(void *xsc) 1921 { 1922 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1923 struct ifnet *ifp = sc->sc_ifp; 1924 1925 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1926 return; 1927 1928 BRIDGE_LOCK(sc); 1929 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1930 bridge_timer, sc); 1931 1932 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1933 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1934 1935 BRIDGE_UNLOCK(sc); 1936 } 1937 1938 /* 1939 * bridge_stop: 1940 * 1941 * Stop the bridge interface. 1942 */ 1943 static void 1944 bridge_stop(struct ifnet *ifp, int disable) 1945 { 1946 struct bridge_softc *sc = ifp->if_softc; 1947 1948 BRIDGE_LOCK_ASSERT(sc); 1949 1950 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1951 return; 1952 1953 callout_stop(&sc->sc_brcallout); 1954 bstp_stop(&sc->sc_stp); 1955 1956 bridge_rtflush(sc, IFBF_FLUSHDYN); 1957 1958 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1959 } 1960 1961 /* 1962 * bridge_enqueue: 1963 * 1964 * Enqueue a packet on a bridge member interface. 1965 * 1966 */ 1967 static int 1968 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1969 { 1970 int len, err = 0; 1971 short mflags; 1972 struct mbuf *m0; 1973 1974 /* We may be sending a fragment so traverse the mbuf */ 1975 for (; m; m = m0) { 1976 m0 = m->m_nextpkt; 1977 m->m_nextpkt = NULL; 1978 len = m->m_pkthdr.len; 1979 mflags = m->m_flags; 1980 1981 /* 1982 * If underlying interface can not do VLAN tag insertion itself 1983 * then attach a packet tag that holds it. 1984 */ 1985 if ((m->m_flags & M_VLANTAG) && 1986 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) { 1987 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag); 1988 if (m == NULL) { 1989 if_printf(dst_ifp, 1990 "unable to prepend VLAN header\n"); 1991 if_inc_counter(dst_ifp, IFCOUNTER_OERRORS, 1); 1992 continue; 1993 } 1994 m->m_flags &= ~M_VLANTAG; 1995 } 1996 1997 M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */ 1998 if ((err = dst_ifp->if_transmit(dst_ifp, m))) { 1999 m_freem(m0); 2000 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); 2001 break; 2002 } 2003 2004 if_inc_counter(sc->sc_ifp, IFCOUNTER_OPACKETS, 1); 2005 if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, len); 2006 if (mflags & M_MCAST) 2007 if_inc_counter(sc->sc_ifp, IFCOUNTER_OMCASTS, 1); 2008 } 2009 2010 return (err); 2011 } 2012 2013 /* 2014 * bridge_dummynet: 2015 * 2016 * Receive a queued packet from dummynet and pass it on to the output 2017 * interface. 2018 * 2019 * The mbuf has the Ethernet header already attached. 2020 */ 2021 static void 2022 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 2023 { 2024 struct bridge_softc *sc; 2025 2026 sc = ifp->if_bridge; 2027 2028 /* 2029 * The packet didnt originate from a member interface. This should only 2030 * ever happen if a member interface is removed while packets are 2031 * queued for it. 2032 */ 2033 if (sc == NULL) { 2034 m_freem(m); 2035 return; 2036 } 2037 2038 if (PFIL_HOOKED_OUT(V_inet_pfil_head) 2039 #ifdef INET6 2040 || PFIL_HOOKED_OUT(V_inet6_pfil_head) 2041 #endif 2042 ) { 2043 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 2044 return; 2045 if (m == NULL) 2046 return; 2047 } 2048 2049 bridge_enqueue(sc, ifp, m); 2050 } 2051 2052 /* 2053 * bridge_output: 2054 * 2055 * Send output from a bridge member interface. This 2056 * performs the bridging function for locally originated 2057 * packets. 2058 * 2059 * The mbuf has the Ethernet header already attached. We must 2060 * enqueue or free the mbuf before returning. 2061 */ 2062 static int 2063 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 2064 struct rtentry *rt) 2065 { 2066 struct ether_header *eh; 2067 struct ifnet *bifp, *dst_if; 2068 struct bridge_softc *sc; 2069 uint16_t vlan; 2070 2071 if (m->m_len < ETHER_HDR_LEN) { 2072 m = m_pullup(m, ETHER_HDR_LEN); 2073 if (m == NULL) 2074 return (0); 2075 } 2076 2077 eh = mtod(m, struct ether_header *); 2078 sc = ifp->if_bridge; 2079 vlan = VLANTAGOF(m); 2080 2081 BRIDGE_LOCK(sc); 2082 bifp = sc->sc_ifp; 2083 2084 /* 2085 * If bridge is down, but the original output interface is up, 2086 * go ahead and send out that interface. Otherwise, the packet 2087 * is dropped below. 2088 */ 2089 if ((bifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2090 dst_if = ifp; 2091 goto sendunicast; 2092 } 2093 2094 /* 2095 * If the packet is a multicast, or we don't know a better way to 2096 * get there, send to all interfaces. 2097 */ 2098 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 2099 dst_if = NULL; 2100 else 2101 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 2102 /* Tap any traffic not passing back out the originating interface */ 2103 if (dst_if != ifp) 2104 ETHER_BPF_MTAP(bifp, m); 2105 if (dst_if == NULL) { 2106 struct bridge_iflist *bif; 2107 struct mbuf *mc; 2108 int error = 0, used = 0; 2109 2110 bridge_span(sc, m); 2111 2112 BRIDGE_LOCK2REF(sc, error); 2113 if (error) { 2114 m_freem(m); 2115 return (0); 2116 } 2117 2118 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2119 dst_if = bif->bif_ifp; 2120 2121 if (dst_if->if_type == IFT_GIF) 2122 continue; 2123 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2124 continue; 2125 2126 /* 2127 * If this is not the original output interface, 2128 * and the interface is participating in spanning 2129 * tree, make sure the port is in a state that 2130 * allows forwarding. 2131 */ 2132 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 2133 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2134 continue; 2135 2136 if (CK_LIST_NEXT(bif, bif_next) == NULL) { 2137 used = 1; 2138 mc = m; 2139 } else { 2140 mc = m_copypacket(m, M_NOWAIT); 2141 if (mc == NULL) { 2142 if_inc_counter(bifp, IFCOUNTER_OERRORS, 1); 2143 continue; 2144 } 2145 } 2146 2147 bridge_enqueue(sc, dst_if, mc); 2148 } 2149 if (used == 0) 2150 m_freem(m); 2151 BRIDGE_UNREF(sc); 2152 return (0); 2153 } 2154 2155 sendunicast: 2156 /* 2157 * XXX Spanning tree consideration here? 2158 */ 2159 2160 bridge_span(sc, m); 2161 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2162 m_freem(m); 2163 BRIDGE_UNLOCK(sc); 2164 return (0); 2165 } 2166 2167 BRIDGE_UNLOCK(sc); 2168 bridge_enqueue(sc, dst_if, m); 2169 return (0); 2170 } 2171 2172 /* 2173 * bridge_transmit: 2174 * 2175 * Do output on a bridge. 2176 * 2177 */ 2178 static int 2179 bridge_transmit(struct ifnet *ifp, struct mbuf *m) 2180 { 2181 struct bridge_softc *sc; 2182 struct ether_header *eh; 2183 struct ifnet *dst_if; 2184 int error = 0; 2185 2186 sc = ifp->if_softc; 2187 2188 ETHER_BPF_MTAP(ifp, m); 2189 2190 eh = mtod(m, struct ether_header *); 2191 2192 BRIDGE_LOCK(sc); 2193 if (((m->m_flags & (M_BCAST|M_MCAST)) == 0) && 2194 (dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1)) != NULL) { 2195 BRIDGE_UNLOCK(sc); 2196 error = bridge_enqueue(sc, dst_if, m); 2197 } else 2198 bridge_broadcast(sc, ifp, m, 0); 2199 2200 return (error); 2201 } 2202 2203 /* 2204 * The ifp->if_qflush entry point for if_bridge(4) is no-op. 2205 */ 2206 static void 2207 bridge_qflush(struct ifnet *ifp __unused) 2208 { 2209 } 2210 2211 /* 2212 * bridge_forward: 2213 * 2214 * The forwarding function of the bridge. 2215 * 2216 * NOTE: Releases the lock on return. 2217 */ 2218 static void 2219 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif, 2220 struct mbuf *m) 2221 { 2222 struct bridge_iflist *dbif; 2223 struct ifnet *src_if, *dst_if, *ifp; 2224 struct ether_header *eh; 2225 uint16_t vlan; 2226 uint8_t *dst; 2227 int error; 2228 2229 src_if = m->m_pkthdr.rcvif; 2230 ifp = sc->sc_ifp; 2231 2232 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 2233 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 2234 vlan = VLANTAGOF(m); 2235 2236 if ((sbif->bif_flags & IFBIF_STP) && 2237 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2238 goto drop; 2239 2240 eh = mtod(m, struct ether_header *); 2241 dst = eh->ether_dhost; 2242 2243 /* If the interface is learning, record the address. */ 2244 if (sbif->bif_flags & IFBIF_LEARNING) { 2245 error = bridge_rtupdate(sc, eh->ether_shost, vlan, 2246 sbif, 0, IFBAF_DYNAMIC); 2247 /* 2248 * If the interface has addresses limits then deny any source 2249 * that is not in the cache. 2250 */ 2251 if (error && sbif->bif_addrmax) 2252 goto drop; 2253 } 2254 2255 if ((sbif->bif_flags & IFBIF_STP) != 0 && 2256 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) 2257 goto drop; 2258 2259 /* 2260 * At this point, the port either doesn't participate 2261 * in spanning tree or it is in the forwarding state. 2262 */ 2263 2264 /* 2265 * If the packet is unicast, destined for someone on 2266 * "this" side of the bridge, drop it. 2267 */ 2268 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2269 dst_if = bridge_rtlookup(sc, dst, vlan); 2270 if (src_if == dst_if) 2271 goto drop; 2272 } else { 2273 /* 2274 * Check if its a reserved multicast address, any address 2275 * listed in 802.1D section 7.12.6 may not be forwarded by the 2276 * bridge. 2277 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F 2278 */ 2279 if (dst[0] == 0x01 && dst[1] == 0x80 && 2280 dst[2] == 0xc2 && dst[3] == 0x00 && 2281 dst[4] == 0x00 && dst[5] <= 0x0f) 2282 goto drop; 2283 2284 /* ...forward it to all interfaces. */ 2285 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1); 2286 dst_if = NULL; 2287 } 2288 2289 /* 2290 * If we have a destination interface which is a member of our bridge, 2291 * OR this is a unicast packet, push it through the bpf(4) machinery. 2292 * For broadcast or multicast packets, don't bother because it will 2293 * be reinjected into ether_input. We do this before we pass the packets 2294 * through the pfil(9) framework, as it is possible that pfil(9) will 2295 * drop the packet, or possibly modify it, making it difficult to debug 2296 * firewall issues on the bridge. 2297 */ 2298 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 2299 ETHER_BPF_MTAP(ifp, m); 2300 2301 /* run the packet filter */ 2302 if (PFIL_HOOKED_IN(V_inet_pfil_head) 2303 #ifdef INET6 2304 || PFIL_HOOKED_IN(V_inet6_pfil_head) 2305 #endif 2306 ) { 2307 BRIDGE_UNLOCK(sc); 2308 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2309 return; 2310 if (m == NULL) 2311 return; 2312 BRIDGE_LOCK(sc); 2313 } 2314 2315 if (dst_if == NULL) { 2316 bridge_broadcast(sc, src_if, m, 1); 2317 return; 2318 } 2319 2320 /* 2321 * At this point, we're dealing with a unicast frame 2322 * going to a different interface. 2323 */ 2324 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2325 goto drop; 2326 2327 dbif = bridge_lookup_member_if(sc, dst_if); 2328 if (dbif == NULL) 2329 /* Not a member of the bridge (anymore?) */ 2330 goto drop; 2331 2332 /* Private segments can not talk to each other */ 2333 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE) 2334 goto drop; 2335 2336 if ((dbif->bif_flags & IFBIF_STP) && 2337 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2338 goto drop; 2339 2340 BRIDGE_UNLOCK(sc); 2341 2342 if (PFIL_HOOKED_OUT(V_inet_pfil_head) 2343 #ifdef INET6 2344 || PFIL_HOOKED_OUT(V_inet6_pfil_head) 2345 #endif 2346 ) { 2347 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2348 return; 2349 if (m == NULL) 2350 return; 2351 } 2352 2353 bridge_enqueue(sc, dst_if, m); 2354 return; 2355 2356 drop: 2357 BRIDGE_UNLOCK(sc); 2358 m_freem(m); 2359 } 2360 2361 /* 2362 * bridge_input: 2363 * 2364 * Receive input from a member interface. Queue the packet for 2365 * bridging if it is not for us. 2366 */ 2367 static struct mbuf * 2368 bridge_input(struct ifnet *ifp, struct mbuf *m) 2369 { 2370 struct bridge_softc *sc = ifp->if_bridge; 2371 struct bridge_iflist *bif, *bif2; 2372 struct ifnet *bifp; 2373 struct ether_header *eh; 2374 struct mbuf *mc, *mc2; 2375 uint16_t vlan; 2376 int error; 2377 2378 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2379 return (m); 2380 2381 bifp = sc->sc_ifp; 2382 vlan = VLANTAGOF(m); 2383 2384 /* 2385 * Implement support for bridge monitoring. If this flag has been 2386 * set on this interface, discard the packet once we push it through 2387 * the bpf(4) machinery, but before we do, increment the byte and 2388 * packet counters associated with this interface. 2389 */ 2390 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2391 m->m_pkthdr.rcvif = bifp; 2392 ETHER_BPF_MTAP(bifp, m); 2393 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); 2394 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 2395 m_freem(m); 2396 return (NULL); 2397 } 2398 BRIDGE_LOCK(sc); 2399 bif = bridge_lookup_member_if(sc, ifp); 2400 if (bif == NULL) { 2401 BRIDGE_UNLOCK(sc); 2402 return (m); 2403 } 2404 2405 eh = mtod(m, struct ether_header *); 2406 2407 bridge_span(sc, m); 2408 2409 if (m->m_flags & (M_BCAST|M_MCAST)) { 2410 /* Tap off 802.1D packets; they do not get forwarded. */ 2411 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2412 ETHER_ADDR_LEN) == 0) { 2413 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */ 2414 BRIDGE_UNLOCK(sc); 2415 return (NULL); 2416 } 2417 2418 if ((bif->bif_flags & IFBIF_STP) && 2419 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2420 BRIDGE_UNLOCK(sc); 2421 return (m); 2422 } 2423 2424 /* 2425 * Make a deep copy of the packet and enqueue the copy 2426 * for bridge processing; return the original packet for 2427 * local processing. 2428 */ 2429 mc = m_dup(m, M_NOWAIT); 2430 if (mc == NULL) { 2431 BRIDGE_UNLOCK(sc); 2432 return (m); 2433 } 2434 2435 /* Perform the bridge forwarding function with the copy. */ 2436 bridge_forward(sc, bif, mc); 2437 2438 /* 2439 * Reinject the mbuf as arriving on the bridge so we have a 2440 * chance at claiming multicast packets. We can not loop back 2441 * here from ether_input as a bridge is never a member of a 2442 * bridge. 2443 */ 2444 KASSERT(bifp->if_bridge == NULL, 2445 ("loop created in bridge_input")); 2446 mc2 = m_dup(m, M_NOWAIT); 2447 if (mc2 != NULL) { 2448 /* Keep the layer3 header aligned */ 2449 int i = min(mc2->m_pkthdr.len, max_protohdr); 2450 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2451 } 2452 if (mc2 != NULL) { 2453 mc2->m_pkthdr.rcvif = bifp; 2454 (*bifp->if_input)(bifp, mc2); 2455 } 2456 2457 /* Return the original packet for local processing. */ 2458 return (m); 2459 } 2460 2461 if ((bif->bif_flags & IFBIF_STP) && 2462 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2463 BRIDGE_UNLOCK(sc); 2464 return (m); 2465 } 2466 2467 #if (defined(INET) || defined(INET6)) 2468 # define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2469 || ((iface)->if_carp \ 2470 && (*carp_forus_p)((iface), eh->ether_dhost)) 2471 # define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2472 || ((iface)->if_carp \ 2473 && (*carp_forus_p)((iface), eh->ether_shost)) 2474 #else 2475 # define OR_CARP_CHECK_WE_ARE_DST(iface) 2476 # define OR_CARP_CHECK_WE_ARE_SRC(iface) 2477 #endif 2478 2479 #ifdef INET6 2480 # define OR_PFIL_HOOKED_INET6 \ 2481 || PFIL_HOOKED_IN(V_inet6_pfil_head) 2482 #else 2483 # define OR_PFIL_HOOKED_INET6 2484 #endif 2485 2486 #define GRAB_OUR_PACKETS(iface) \ 2487 if ((iface)->if_type == IFT_GIF) \ 2488 continue; \ 2489 /* It is destined for us. */ \ 2490 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2491 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2492 ) { \ 2493 if (bif->bif_flags & IFBIF_LEARNING) { \ 2494 error = bridge_rtupdate(sc, eh->ether_shost, \ 2495 vlan, bif, 0, IFBAF_DYNAMIC); \ 2496 if (error && bif->bif_addrmax) { \ 2497 BRIDGE_UNLOCK(sc); \ 2498 m_freem(m); \ 2499 return (NULL); \ 2500 } \ 2501 } \ 2502 m->m_pkthdr.rcvif = iface; \ 2503 if ((iface) == ifp) { \ 2504 /* Skip bridge processing... src == dest */ \ 2505 BRIDGE_UNLOCK(sc); \ 2506 return (m); \ 2507 } \ 2508 /* It's passing over or to the bridge, locally. */ \ 2509 ETHER_BPF_MTAP(bifp, m); \ 2510 if_inc_counter(bifp, IFCOUNTER_IPACKETS, 1); \ 2511 if_inc_counter(bifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); \ 2512 /* Filter on the physical interface. */ \ 2513 if (V_pfil_local_phys && (PFIL_HOOKED_IN(V_inet_pfil_head) \ 2514 OR_PFIL_HOOKED_INET6)) { \ 2515 if (bridge_pfil(&m, NULL, ifp, \ 2516 PFIL_IN) != 0 || m == NULL) { \ 2517 BRIDGE_UNLOCK(sc); \ 2518 return (NULL); \ 2519 } \ 2520 } \ 2521 if ((iface) != bifp) \ 2522 ETHER_BPF_MTAP(iface, m); \ 2523 BRIDGE_UNLOCK(sc); \ 2524 return (m); \ 2525 } \ 2526 \ 2527 /* We just received a packet that we sent out. */ \ 2528 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2529 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2530 ) { \ 2531 BRIDGE_UNLOCK(sc); \ 2532 m_freem(m); \ 2533 return (NULL); \ 2534 } 2535 2536 /* 2537 * Unicast. Make sure it's not for the bridge. 2538 */ 2539 do { GRAB_OUR_PACKETS(bifp) } while (0); 2540 2541 /* 2542 * Give a chance for ifp at first priority. This will help when the 2543 * packet comes through the interface like VLAN's with the same MACs 2544 * on several interfaces from the same bridge. This also will save 2545 * some CPU cycles in case the destination interface and the input 2546 * interface (eq ifp) are the same. 2547 */ 2548 do { GRAB_OUR_PACKETS(ifp) } while (0); 2549 2550 /* Now check the all bridge members. */ 2551 CK_LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2552 GRAB_OUR_PACKETS(bif2->bif_ifp) 2553 } 2554 2555 #undef OR_CARP_CHECK_WE_ARE_DST 2556 #undef OR_CARP_CHECK_WE_ARE_SRC 2557 #undef OR_PFIL_HOOKED_INET6 2558 #undef GRAB_OUR_PACKETS 2559 2560 /* Perform the bridge forwarding function. */ 2561 bridge_forward(sc, bif, m); 2562 2563 return (NULL); 2564 } 2565 2566 /* 2567 * bridge_broadcast: 2568 * 2569 * Send a frame to all interfaces that are members of 2570 * the bridge, except for the one on which the packet 2571 * arrived. 2572 * 2573 * NOTE: Releases the lock on return. 2574 */ 2575 static void 2576 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2577 struct mbuf *m, int runfilt) 2578 { 2579 struct bridge_iflist *dbif, *sbif; 2580 struct mbuf *mc; 2581 struct ifnet *dst_if; 2582 int error = 0, used = 0, i; 2583 2584 sbif = bridge_lookup_member_if(sc, src_if); 2585 2586 BRIDGE_LOCK2REF(sc, error); 2587 if (error) { 2588 m_freem(m); 2589 return; 2590 } 2591 2592 /* Filter on the bridge interface before broadcasting */ 2593 if (runfilt && (PFIL_HOOKED_OUT(V_inet_pfil_head) 2594 #ifdef INET6 2595 || PFIL_HOOKED_OUT(V_inet6_pfil_head) 2596 #endif 2597 )) { 2598 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2599 goto out; 2600 if (m == NULL) 2601 goto out; 2602 } 2603 2604 CK_LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) { 2605 dst_if = dbif->bif_ifp; 2606 if (dst_if == src_if) 2607 continue; 2608 2609 /* Private segments can not talk to each other */ 2610 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)) 2611 continue; 2612 2613 if ((dbif->bif_flags & IFBIF_STP) && 2614 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2615 continue; 2616 2617 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 && 2618 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2619 continue; 2620 2621 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2622 continue; 2623 2624 if (CK_LIST_NEXT(dbif, bif_next) == NULL) { 2625 mc = m; 2626 used = 1; 2627 } else { 2628 mc = m_dup(m, M_NOWAIT); 2629 if (mc == NULL) { 2630 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); 2631 continue; 2632 } 2633 } 2634 2635 /* 2636 * Filter on the output interface. Pass a NULL bridge interface 2637 * pointer so we do not redundantly filter on the bridge for 2638 * each interface we broadcast on. 2639 */ 2640 if (runfilt && (PFIL_HOOKED_OUT(V_inet_pfil_head) 2641 #ifdef INET6 2642 || PFIL_HOOKED_OUT(V_inet6_pfil_head) 2643 #endif 2644 )) { 2645 if (used == 0) { 2646 /* Keep the layer3 header aligned */ 2647 i = min(mc->m_pkthdr.len, max_protohdr); 2648 mc = m_copyup(mc, i, ETHER_ALIGN); 2649 if (mc == NULL) { 2650 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); 2651 continue; 2652 } 2653 } 2654 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2655 continue; 2656 if (mc == NULL) 2657 continue; 2658 } 2659 2660 bridge_enqueue(sc, dst_if, mc); 2661 } 2662 if (used == 0) 2663 m_freem(m); 2664 2665 out: 2666 BRIDGE_UNREF(sc); 2667 } 2668 2669 /* 2670 * bridge_span: 2671 * 2672 * Duplicate a packet out one or more interfaces that are in span mode, 2673 * the original mbuf is unmodified. 2674 */ 2675 static void 2676 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2677 { 2678 struct bridge_iflist *bif; 2679 struct ifnet *dst_if; 2680 struct mbuf *mc; 2681 2682 if (CK_LIST_EMPTY(&sc->sc_spanlist)) 2683 return; 2684 2685 CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2686 dst_if = bif->bif_ifp; 2687 2688 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2689 continue; 2690 2691 mc = m_copypacket(m, M_NOWAIT); 2692 if (mc == NULL) { 2693 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); 2694 continue; 2695 } 2696 2697 bridge_enqueue(sc, dst_if, mc); 2698 } 2699 } 2700 2701 /* 2702 * bridge_rtupdate: 2703 * 2704 * Add a bridge routing entry. 2705 */ 2706 static int 2707 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2708 struct bridge_iflist *bif, int setflags, uint8_t flags) 2709 { 2710 struct bridge_rtnode *brt; 2711 int error; 2712 2713 BRIDGE_LOCK_ASSERT(sc); 2714 2715 /* Check the source address is valid and not multicast. */ 2716 if (ETHER_IS_MULTICAST(dst) || 2717 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 && 2718 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0) 2719 return (EINVAL); 2720 2721 /* 802.1p frames map to vlan 1 */ 2722 if (vlan == 0) 2723 vlan = 1; 2724 2725 /* 2726 * A route for this destination might already exist. If so, 2727 * update it, otherwise create a new one. 2728 */ 2729 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2730 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2731 sc->sc_brtexceeded++; 2732 return (ENOSPC); 2733 } 2734 /* Check per interface address limits (if enabled) */ 2735 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) { 2736 bif->bif_addrexceeded++; 2737 return (ENOSPC); 2738 } 2739 2740 /* 2741 * Allocate a new bridge forwarding node, and 2742 * initialize the expiration time and Ethernet 2743 * address. 2744 */ 2745 brt = uma_zalloc(V_bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2746 if (brt == NULL) 2747 return (ENOMEM); 2748 2749 if (bif->bif_flags & IFBIF_STICKY) 2750 brt->brt_flags = IFBAF_STICKY; 2751 else 2752 brt->brt_flags = IFBAF_DYNAMIC; 2753 2754 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2755 brt->brt_vlan = vlan; 2756 2757 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2758 uma_zfree(V_bridge_rtnode_zone, brt); 2759 return (error); 2760 } 2761 brt->brt_dst = bif; 2762 bif->bif_addrcnt++; 2763 } 2764 2765 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2766 brt->brt_dst != bif) { 2767 brt->brt_dst->bif_addrcnt--; 2768 brt->brt_dst = bif; 2769 brt->brt_dst->bif_addrcnt++; 2770 } 2771 2772 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2773 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2774 if (setflags) 2775 brt->brt_flags = flags; 2776 2777 return (0); 2778 } 2779 2780 /* 2781 * bridge_rtlookup: 2782 * 2783 * Lookup the destination interface for an address. 2784 */ 2785 static struct ifnet * 2786 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2787 { 2788 struct bridge_rtnode *brt; 2789 2790 BRIDGE_LOCK_ASSERT(sc); 2791 2792 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2793 return (NULL); 2794 2795 return (brt->brt_ifp); 2796 } 2797 2798 /* 2799 * bridge_rttrim: 2800 * 2801 * Trim the routine table so that we have a number 2802 * of routing entries less than or equal to the 2803 * maximum number. 2804 */ 2805 static void 2806 bridge_rttrim(struct bridge_softc *sc) 2807 { 2808 struct bridge_rtnode *brt, *nbrt; 2809 2810 BRIDGE_LOCK_ASSERT(sc); 2811 2812 /* Make sure we actually need to do this. */ 2813 if (sc->sc_brtcnt <= sc->sc_brtmax) 2814 return; 2815 2816 /* Force an aging cycle; this might trim enough addresses. */ 2817 bridge_rtage(sc); 2818 if (sc->sc_brtcnt <= sc->sc_brtmax) 2819 return; 2820 2821 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2822 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2823 bridge_rtnode_destroy(sc, brt); 2824 if (sc->sc_brtcnt <= sc->sc_brtmax) 2825 return; 2826 } 2827 } 2828 } 2829 2830 /* 2831 * bridge_timer: 2832 * 2833 * Aging timer for the bridge. 2834 */ 2835 static void 2836 bridge_timer(void *arg) 2837 { 2838 struct bridge_softc *sc = arg; 2839 2840 BRIDGE_LOCK_ASSERT(sc); 2841 2842 /* Destruction of rtnodes requires a proper vnet context */ 2843 CURVNET_SET(sc->sc_ifp->if_vnet); 2844 bridge_rtage(sc); 2845 2846 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2847 callout_reset(&sc->sc_brcallout, 2848 bridge_rtable_prune_period * hz, bridge_timer, sc); 2849 CURVNET_RESTORE(); 2850 } 2851 2852 /* 2853 * bridge_rtage: 2854 * 2855 * Perform an aging cycle. 2856 */ 2857 static void 2858 bridge_rtage(struct bridge_softc *sc) 2859 { 2860 struct bridge_rtnode *brt, *nbrt; 2861 2862 BRIDGE_LOCK_ASSERT(sc); 2863 2864 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2865 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2866 if (time_uptime >= brt->brt_expire) 2867 bridge_rtnode_destroy(sc, brt); 2868 } 2869 } 2870 } 2871 2872 /* 2873 * bridge_rtflush: 2874 * 2875 * Remove all dynamic addresses from the bridge. 2876 */ 2877 static void 2878 bridge_rtflush(struct bridge_softc *sc, int full) 2879 { 2880 struct bridge_rtnode *brt, *nbrt; 2881 2882 BRIDGE_LOCK_ASSERT(sc); 2883 2884 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2885 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2886 bridge_rtnode_destroy(sc, brt); 2887 } 2888 } 2889 2890 /* 2891 * bridge_rtdaddr: 2892 * 2893 * Remove an address from the table. 2894 */ 2895 static int 2896 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2897 { 2898 struct bridge_rtnode *brt; 2899 int found = 0; 2900 2901 BRIDGE_LOCK_ASSERT(sc); 2902 2903 /* 2904 * If vlan is zero then we want to delete for all vlans so the lookup 2905 * may return more than one. 2906 */ 2907 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2908 bridge_rtnode_destroy(sc, brt); 2909 found = 1; 2910 } 2911 2912 return (found ? 0 : ENOENT); 2913 } 2914 2915 /* 2916 * bridge_rtdelete: 2917 * 2918 * Delete routes to a speicifc member interface. 2919 */ 2920 static void 2921 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2922 { 2923 struct bridge_rtnode *brt, *nbrt; 2924 2925 BRIDGE_LOCK_ASSERT(sc); 2926 2927 CK_LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2928 if (brt->brt_ifp == ifp && (full || 2929 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2930 bridge_rtnode_destroy(sc, brt); 2931 } 2932 } 2933 2934 /* 2935 * bridge_rtable_init: 2936 * 2937 * Initialize the route table for this bridge. 2938 */ 2939 static void 2940 bridge_rtable_init(struct bridge_softc *sc) 2941 { 2942 int i; 2943 2944 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2945 M_DEVBUF, M_WAITOK); 2946 2947 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2948 CK_LIST_INIT(&sc->sc_rthash[i]); 2949 2950 sc->sc_rthash_key = arc4random(); 2951 CK_LIST_INIT(&sc->sc_rtlist); 2952 } 2953 2954 /* 2955 * bridge_rtable_fini: 2956 * 2957 * Deconstruct the route table for this bridge. 2958 */ 2959 static void 2960 bridge_rtable_fini(struct bridge_softc *sc) 2961 { 2962 2963 KASSERT(sc->sc_brtcnt == 0, 2964 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt)); 2965 free(sc->sc_rthash, M_DEVBUF); 2966 } 2967 2968 /* 2969 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2970 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2971 */ 2972 #define mix(a, b, c) \ 2973 do { \ 2974 a -= b; a -= c; a ^= (c >> 13); \ 2975 b -= c; b -= a; b ^= (a << 8); \ 2976 c -= a; c -= b; c ^= (b >> 13); \ 2977 a -= b; a -= c; a ^= (c >> 12); \ 2978 b -= c; b -= a; b ^= (a << 16); \ 2979 c -= a; c -= b; c ^= (b >> 5); \ 2980 a -= b; a -= c; a ^= (c >> 3); \ 2981 b -= c; b -= a; b ^= (a << 10); \ 2982 c -= a; c -= b; c ^= (b >> 15); \ 2983 } while (/*CONSTCOND*/0) 2984 2985 static __inline uint32_t 2986 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2987 { 2988 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2989 2990 b += addr[5] << 8; 2991 b += addr[4]; 2992 a += addr[3] << 24; 2993 a += addr[2] << 16; 2994 a += addr[1] << 8; 2995 a += addr[0]; 2996 2997 mix(a, b, c); 2998 2999 return (c & BRIDGE_RTHASH_MASK); 3000 } 3001 3002 #undef mix 3003 3004 static int 3005 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 3006 { 3007 int i, d; 3008 3009 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 3010 d = ((int)a[i]) - ((int)b[i]); 3011 } 3012 3013 return (d); 3014 } 3015 3016 /* 3017 * bridge_rtnode_lookup: 3018 * 3019 * Look up a bridge route node for the specified destination. Compare the 3020 * vlan id or if zero then just return the first match. 3021 */ 3022 static struct bridge_rtnode * 3023 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 3024 { 3025 struct bridge_rtnode *brt; 3026 uint32_t hash; 3027 int dir; 3028 3029 BRIDGE_LOCK_ASSERT(sc); 3030 3031 hash = bridge_rthash(sc, addr); 3032 CK_LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 3033 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 3034 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 3035 return (brt); 3036 if (dir > 0) 3037 return (NULL); 3038 } 3039 3040 return (NULL); 3041 } 3042 3043 /* 3044 * bridge_rtnode_insert: 3045 * 3046 * Insert the specified bridge node into the route table. We 3047 * assume the entry is not already in the table. 3048 */ 3049 static int 3050 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 3051 { 3052 struct bridge_rtnode *lbrt; 3053 uint32_t hash; 3054 int dir; 3055 3056 BRIDGE_LOCK_ASSERT(sc); 3057 3058 hash = bridge_rthash(sc, brt->brt_addr); 3059 3060 lbrt = CK_LIST_FIRST(&sc->sc_rthash[hash]); 3061 if (lbrt == NULL) { 3062 CK_LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 3063 goto out; 3064 } 3065 3066 do { 3067 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 3068 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 3069 return (EEXIST); 3070 if (dir > 0) { 3071 CK_LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 3072 goto out; 3073 } 3074 if (CK_LIST_NEXT(lbrt, brt_hash) == NULL) { 3075 CK_LIST_INSERT_AFTER(lbrt, brt, brt_hash); 3076 goto out; 3077 } 3078 lbrt = CK_LIST_NEXT(lbrt, brt_hash); 3079 } while (lbrt != NULL); 3080 3081 #ifdef DIAGNOSTIC 3082 panic("bridge_rtnode_insert: impossible"); 3083 #endif 3084 3085 out: 3086 CK_LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 3087 sc->sc_brtcnt++; 3088 3089 return (0); 3090 } 3091 3092 /* 3093 * bridge_rtnode_destroy: 3094 * 3095 * Destroy a bridge rtnode. 3096 */ 3097 static void 3098 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 3099 { 3100 BRIDGE_LOCK_ASSERT(sc); 3101 3102 CK_LIST_REMOVE(brt, brt_hash); 3103 3104 CK_LIST_REMOVE(brt, brt_list); 3105 sc->sc_brtcnt--; 3106 brt->brt_dst->bif_addrcnt--; 3107 uma_zfree(V_bridge_rtnode_zone, brt); 3108 } 3109 3110 /* 3111 * bridge_rtable_expire: 3112 * 3113 * Set the expiry time for all routes on an interface. 3114 */ 3115 static void 3116 bridge_rtable_expire(struct ifnet *ifp, int age) 3117 { 3118 struct bridge_softc *sc = ifp->if_bridge; 3119 struct bridge_rtnode *brt; 3120 3121 CURVNET_SET(ifp->if_vnet); 3122 BRIDGE_LOCK(sc); 3123 3124 /* 3125 * If the age is zero then flush, otherwise set all the expiry times to 3126 * age for the interface 3127 */ 3128 if (age == 0) 3129 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 3130 else { 3131 CK_LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 3132 /* Cap the expiry time to 'age' */ 3133 if (brt->brt_ifp == ifp && 3134 brt->brt_expire > time_uptime + age && 3135 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 3136 brt->brt_expire = time_uptime + age; 3137 } 3138 } 3139 BRIDGE_UNLOCK(sc); 3140 CURVNET_RESTORE(); 3141 } 3142 3143 /* 3144 * bridge_state_change: 3145 * 3146 * Callback from the bridgestp code when a port changes states. 3147 */ 3148 static void 3149 bridge_state_change(struct ifnet *ifp, int state) 3150 { 3151 struct bridge_softc *sc = ifp->if_bridge; 3152 static const char *stpstates[] = { 3153 "disabled", 3154 "listening", 3155 "learning", 3156 "forwarding", 3157 "blocking", 3158 "discarding" 3159 }; 3160 3161 CURVNET_SET(ifp->if_vnet); 3162 if (V_log_stp) 3163 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 3164 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 3165 CURVNET_RESTORE(); 3166 } 3167 3168 /* 3169 * Send bridge packets through pfil if they are one of the types pfil can deal 3170 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3171 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3172 * that interface. 3173 */ 3174 static int 3175 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3176 { 3177 int snap, error, i, hlen; 3178 struct ether_header *eh1, eh2; 3179 struct ip *ip; 3180 struct llc llc1; 3181 u_int16_t ether_type; 3182 pfil_return_t rv; 3183 3184 snap = 0; 3185 error = -1; /* Default error if not error == 0 */ 3186 3187 #if 0 3188 /* we may return with the IP fields swapped, ensure its not shared */ 3189 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 3190 #endif 3191 3192 if (V_pfil_bridge == 0 && V_pfil_member == 0 && V_pfil_ipfw == 0) 3193 return (0); /* filtering is disabled */ 3194 3195 i = min((*mp)->m_pkthdr.len, max_protohdr); 3196 if ((*mp)->m_len < i) { 3197 *mp = m_pullup(*mp, i); 3198 if (*mp == NULL) { 3199 printf("%s: m_pullup failed\n", __func__); 3200 return (-1); 3201 } 3202 } 3203 3204 eh1 = mtod(*mp, struct ether_header *); 3205 ether_type = ntohs(eh1->ether_type); 3206 3207 /* 3208 * Check for SNAP/LLC. 3209 */ 3210 if (ether_type < ETHERMTU) { 3211 struct llc *llc2 = (struct llc *)(eh1 + 1); 3212 3213 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3214 llc2->llc_dsap == LLC_SNAP_LSAP && 3215 llc2->llc_ssap == LLC_SNAP_LSAP && 3216 llc2->llc_control == LLC_UI) { 3217 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3218 snap = 1; 3219 } 3220 } 3221 3222 /* 3223 * If we're trying to filter bridge traffic, don't look at anything 3224 * other than IP and ARP traffic. If the filter doesn't understand 3225 * IPv6, don't allow IPv6 through the bridge either. This is lame 3226 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3227 * but of course we don't have an AppleTalk filter to begin with. 3228 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3229 * ARP traffic.) 3230 */ 3231 switch (ether_type) { 3232 case ETHERTYPE_ARP: 3233 case ETHERTYPE_REVARP: 3234 if (V_pfil_ipfw_arp == 0) 3235 return (0); /* Automatically pass */ 3236 break; 3237 3238 case ETHERTYPE_IP: 3239 #ifdef INET6 3240 case ETHERTYPE_IPV6: 3241 #endif /* INET6 */ 3242 break; 3243 default: 3244 /* 3245 * Check to see if the user wants to pass non-ip 3246 * packets, these will not be checked by pfil(9) and 3247 * passed unconditionally so the default is to drop. 3248 */ 3249 if (V_pfil_onlyip) 3250 goto bad; 3251 } 3252 3253 /* Run the packet through pfil before stripping link headers */ 3254 if (PFIL_HOOKED_OUT(V_link_pfil_head) && V_pfil_ipfw != 0 && 3255 dir == PFIL_OUT && ifp != NULL) { 3256 switch (pfil_run_hooks(V_link_pfil_head, mp, ifp, dir, NULL)) { 3257 case PFIL_DROPPED: 3258 return (EACCES); 3259 case PFIL_CONSUMED: 3260 return (0); 3261 } 3262 } 3263 3264 /* Strip off the Ethernet header and keep a copy. */ 3265 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3266 m_adj(*mp, ETHER_HDR_LEN); 3267 3268 /* Strip off snap header, if present */ 3269 if (snap) { 3270 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3271 m_adj(*mp, sizeof(struct llc)); 3272 } 3273 3274 /* 3275 * Check the IP header for alignment and errors 3276 */ 3277 if (dir == PFIL_IN) { 3278 switch (ether_type) { 3279 case ETHERTYPE_IP: 3280 error = bridge_ip_checkbasic(mp); 3281 break; 3282 #ifdef INET6 3283 case ETHERTYPE_IPV6: 3284 error = bridge_ip6_checkbasic(mp); 3285 break; 3286 #endif /* INET6 */ 3287 default: 3288 error = 0; 3289 } 3290 if (error) 3291 goto bad; 3292 } 3293 3294 error = 0; 3295 3296 /* 3297 * Run the packet through pfil 3298 */ 3299 rv = PFIL_PASS; 3300 switch (ether_type) { 3301 case ETHERTYPE_IP: 3302 /* 3303 * Run pfil on the member interface and the bridge, both can 3304 * be skipped by clearing pfil_member or pfil_bridge. 3305 * 3306 * Keep the order: 3307 * in_if -> bridge_if -> out_if 3308 */ 3309 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = 3310 pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != 3311 PFIL_PASS) 3312 break; 3313 3314 if (V_pfil_member && ifp != NULL && (rv = 3315 pfil_run_hooks(V_inet_pfil_head, mp, ifp, dir, NULL)) != 3316 PFIL_PASS) 3317 break; 3318 3319 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = 3320 pfil_run_hooks(V_inet_pfil_head, mp, bifp, dir, NULL)) != 3321 PFIL_PASS) 3322 break; 3323 3324 /* check if we need to fragment the packet */ 3325 /* bridge_fragment generates a mbuf chain of packets */ 3326 /* that already include eth headers */ 3327 if (V_pfil_member && ifp != NULL && dir == PFIL_OUT) { 3328 i = (*mp)->m_pkthdr.len; 3329 if (i > ifp->if_mtu) { 3330 error = bridge_fragment(ifp, mp, &eh2, snap, 3331 &llc1); 3332 return (error); 3333 } 3334 } 3335 3336 /* Recalculate the ip checksum. */ 3337 ip = mtod(*mp, struct ip *); 3338 hlen = ip->ip_hl << 2; 3339 if (hlen < sizeof(struct ip)) 3340 goto bad; 3341 if (hlen > (*mp)->m_len) { 3342 if ((*mp = m_pullup(*mp, hlen)) == NULL) 3343 goto bad; 3344 ip = mtod(*mp, struct ip *); 3345 if (ip == NULL) 3346 goto bad; 3347 } 3348 ip->ip_sum = 0; 3349 if (hlen == sizeof(struct ip)) 3350 ip->ip_sum = in_cksum_hdr(ip); 3351 else 3352 ip->ip_sum = in_cksum(*mp, hlen); 3353 3354 break; 3355 #ifdef INET6 3356 case ETHERTYPE_IPV6: 3357 if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = 3358 pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != 3359 PFIL_PASS) 3360 break; 3361 3362 if (V_pfil_member && ifp != NULL && (rv = 3363 pfil_run_hooks(V_inet6_pfil_head, mp, ifp, dir, NULL)) != 3364 PFIL_PASS) 3365 break; 3366 3367 if (V_pfil_bridge && dir == PFIL_IN && bifp != NULL && (rv = 3368 pfil_run_hooks(V_inet6_pfil_head, mp, bifp, dir, NULL)) != 3369 PFIL_PASS) 3370 break; 3371 break; 3372 #endif 3373 } 3374 3375 switch (rv) { 3376 case PFIL_CONSUMED: 3377 return (0); 3378 case PFIL_DROPPED: 3379 return (EACCES); 3380 default: 3381 break; 3382 } 3383 3384 error = -1; 3385 3386 /* 3387 * Finally, put everything back the way it was and return 3388 */ 3389 if (snap) { 3390 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT); 3391 if (*mp == NULL) 3392 return (error); 3393 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3394 } 3395 3396 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT); 3397 if (*mp == NULL) 3398 return (error); 3399 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3400 3401 return (0); 3402 3403 bad: 3404 m_freem(*mp); 3405 *mp = NULL; 3406 return (error); 3407 } 3408 3409 /* 3410 * Perform basic checks on header size since 3411 * pfil assumes ip_input has already processed 3412 * it for it. Cut-and-pasted from ip_input.c. 3413 * Given how simple the IPv6 version is, 3414 * does the IPv4 version really need to be 3415 * this complicated? 3416 * 3417 * XXX Should we update ipstat here, or not? 3418 * XXX Right now we update ipstat but not 3419 * XXX csum_counter. 3420 */ 3421 static int 3422 bridge_ip_checkbasic(struct mbuf **mp) 3423 { 3424 struct mbuf *m = *mp; 3425 struct ip *ip; 3426 int len, hlen; 3427 u_short sum; 3428 3429 if (*mp == NULL) 3430 return (-1); 3431 3432 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3433 if ((m = m_copyup(m, sizeof(struct ip), 3434 (max_linkhdr + 3) & ~3)) == NULL) { 3435 /* XXXJRT new stat, please */ 3436 KMOD_IPSTAT_INC(ips_toosmall); 3437 goto bad; 3438 } 3439 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3440 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3441 KMOD_IPSTAT_INC(ips_toosmall); 3442 goto bad; 3443 } 3444 } 3445 ip = mtod(m, struct ip *); 3446 if (ip == NULL) goto bad; 3447 3448 if (ip->ip_v != IPVERSION) { 3449 KMOD_IPSTAT_INC(ips_badvers); 3450 goto bad; 3451 } 3452 hlen = ip->ip_hl << 2; 3453 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3454 KMOD_IPSTAT_INC(ips_badhlen); 3455 goto bad; 3456 } 3457 if (hlen > m->m_len) { 3458 if ((m = m_pullup(m, hlen)) == NULL) { 3459 KMOD_IPSTAT_INC(ips_badhlen); 3460 goto bad; 3461 } 3462 ip = mtod(m, struct ip *); 3463 if (ip == NULL) goto bad; 3464 } 3465 3466 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3467 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3468 } else { 3469 if (hlen == sizeof(struct ip)) { 3470 sum = in_cksum_hdr(ip); 3471 } else { 3472 sum = in_cksum(m, hlen); 3473 } 3474 } 3475 if (sum) { 3476 KMOD_IPSTAT_INC(ips_badsum); 3477 goto bad; 3478 } 3479 3480 /* Retrieve the packet length. */ 3481 len = ntohs(ip->ip_len); 3482 3483 /* 3484 * Check for additional length bogosity 3485 */ 3486 if (len < hlen) { 3487 KMOD_IPSTAT_INC(ips_badlen); 3488 goto bad; 3489 } 3490 3491 /* 3492 * Check that the amount of data in the buffers 3493 * is as at least much as the IP header would have us expect. 3494 * Drop packet if shorter than we expect. 3495 */ 3496 if (m->m_pkthdr.len < len) { 3497 KMOD_IPSTAT_INC(ips_tooshort); 3498 goto bad; 3499 } 3500 3501 /* Checks out, proceed */ 3502 *mp = m; 3503 return (0); 3504 3505 bad: 3506 *mp = m; 3507 return (-1); 3508 } 3509 3510 #ifdef INET6 3511 /* 3512 * Same as above, but for IPv6. 3513 * Cut-and-pasted from ip6_input.c. 3514 * XXX Should we update ip6stat, or not? 3515 */ 3516 static int 3517 bridge_ip6_checkbasic(struct mbuf **mp) 3518 { 3519 struct mbuf *m = *mp; 3520 struct ip6_hdr *ip6; 3521 3522 /* 3523 * If the IPv6 header is not aligned, slurp it up into a new 3524 * mbuf with space for link headers, in the event we forward 3525 * it. Otherwise, if it is aligned, make sure the entire base 3526 * IPv6 header is in the first mbuf of the chain. 3527 */ 3528 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3529 struct ifnet *inifp = m->m_pkthdr.rcvif; 3530 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3531 (max_linkhdr + 3) & ~3)) == NULL) { 3532 /* XXXJRT new stat, please */ 3533 IP6STAT_INC(ip6s_toosmall); 3534 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3535 goto bad; 3536 } 3537 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3538 struct ifnet *inifp = m->m_pkthdr.rcvif; 3539 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3540 IP6STAT_INC(ip6s_toosmall); 3541 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3542 goto bad; 3543 } 3544 } 3545 3546 ip6 = mtod(m, struct ip6_hdr *); 3547 3548 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3549 IP6STAT_INC(ip6s_badvers); 3550 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3551 goto bad; 3552 } 3553 3554 /* Checks out, proceed */ 3555 *mp = m; 3556 return (0); 3557 3558 bad: 3559 *mp = m; 3560 return (-1); 3561 } 3562 #endif /* INET6 */ 3563 3564 /* 3565 * bridge_fragment: 3566 * 3567 * Fragment mbuf chain in multiple packets and prepend ethernet header. 3568 */ 3569 static int 3570 bridge_fragment(struct ifnet *ifp, struct mbuf **mp, struct ether_header *eh, 3571 int snap, struct llc *llc) 3572 { 3573 struct mbuf *m = *mp, *nextpkt = NULL, *mprev = NULL, *mcur = NULL; 3574 struct ip *ip; 3575 int error = -1; 3576 3577 if (m->m_len < sizeof(struct ip) && 3578 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3579 goto dropit; 3580 ip = mtod(m, struct ip *); 3581 3582 m->m_pkthdr.csum_flags |= CSUM_IP; 3583 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist); 3584 if (error) 3585 goto dropit; 3586 3587 /* 3588 * Walk the chain and re-add the Ethernet header for 3589 * each mbuf packet. 3590 */ 3591 for (mcur = m; mcur; mcur = mcur->m_nextpkt) { 3592 nextpkt = mcur->m_nextpkt; 3593 mcur->m_nextpkt = NULL; 3594 if (snap) { 3595 M_PREPEND(mcur, sizeof(struct llc), M_NOWAIT); 3596 if (mcur == NULL) { 3597 error = ENOBUFS; 3598 if (mprev != NULL) 3599 mprev->m_nextpkt = nextpkt; 3600 goto dropit; 3601 } 3602 bcopy(llc, mtod(mcur, caddr_t),sizeof(struct llc)); 3603 } 3604 3605 M_PREPEND(mcur, ETHER_HDR_LEN, M_NOWAIT); 3606 if (mcur == NULL) { 3607 error = ENOBUFS; 3608 if (mprev != NULL) 3609 mprev->m_nextpkt = nextpkt; 3610 goto dropit; 3611 } 3612 bcopy(eh, mtod(mcur, caddr_t), ETHER_HDR_LEN); 3613 3614 /* 3615 * The previous two M_PREPEND could have inserted one or two 3616 * mbufs in front so we have to update the previous packet's 3617 * m_nextpkt. 3618 */ 3619 mcur->m_nextpkt = nextpkt; 3620 if (mprev != NULL) 3621 mprev->m_nextpkt = mcur; 3622 else { 3623 /* The first mbuf in the original chain needs to be 3624 * updated. */ 3625 *mp = mcur; 3626 } 3627 mprev = mcur; 3628 } 3629 3630 KMOD_IPSTAT_INC(ips_fragmented); 3631 return (error); 3632 3633 dropit: 3634 for (mcur = *mp; mcur; mcur = m) { /* droping the full packet chain */ 3635 m = mcur->m_nextpkt; 3636 m_freem(mcur); 3637 } 3638 return (error); 3639 } 3640 3641 static void 3642 bridge_linkstate(struct ifnet *ifp) 3643 { 3644 struct bridge_softc *sc = ifp->if_bridge; 3645 struct bridge_iflist *bif; 3646 3647 BRIDGE_LOCK(sc); 3648 bif = bridge_lookup_member_if(sc, ifp); 3649 if (bif == NULL) { 3650 BRIDGE_UNLOCK(sc); 3651 return; 3652 } 3653 bridge_linkcheck(sc); 3654 BRIDGE_UNLOCK(sc); 3655 3656 bstp_linkstate(&bif->bif_stp); 3657 } 3658 3659 static void 3660 bridge_linkcheck(struct bridge_softc *sc) 3661 { 3662 struct bridge_iflist *bif; 3663 int new_link, hasls; 3664 3665 BRIDGE_LOCK_ASSERT(sc); 3666 new_link = LINK_STATE_DOWN; 3667 hasls = 0; 3668 /* Our link is considered up if at least one of our ports is active */ 3669 CK_LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 3670 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE) 3671 hasls++; 3672 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) { 3673 new_link = LINK_STATE_UP; 3674 break; 3675 } 3676 } 3677 if (!CK_LIST_EMPTY(&sc->sc_iflist) && !hasls) { 3678 /* If no interfaces support link-state then we default to up */ 3679 new_link = LINK_STATE_UP; 3680 } 3681 if_link_state_change(sc->sc_ifp, new_link); 3682 } 3683