1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __FBSDID("$FreeBSD$"); 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 #include "opt_carp.h" 88 89 #include <sys/param.h> 90 #include <sys/mbuf.h> 91 #include <sys/malloc.h> 92 #include <sys/protosw.h> 93 #include <sys/systm.h> 94 #include <sys/time.h> 95 #include <sys/socket.h> /* for net/if.h */ 96 #include <sys/sockio.h> 97 #include <sys/ctype.h> /* string functions */ 98 #include <sys/kernel.h> 99 #include <sys/random.h> 100 #include <sys/syslog.h> 101 #include <sys/sysctl.h> 102 #include <vm/uma.h> 103 #include <sys/module.h> 104 #include <sys/priv.h> 105 #include <sys/proc.h> 106 #include <sys/lock.h> 107 #include <sys/mutex.h> 108 109 #include <net/bpf.h> 110 #include <net/if.h> 111 #include <net/if_clone.h> 112 #include <net/if_dl.h> 113 #include <net/if_types.h> 114 #include <net/if_var.h> 115 #include <net/pfil.h> 116 117 #include <netinet/in.h> /* for struct arpcom */ 118 #include <netinet/in_systm.h> 119 #include <netinet/in_var.h> 120 #include <netinet/ip.h> 121 #include <netinet/ip_var.h> 122 #ifdef INET6 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 #endif 126 #ifdef DEV_CARP 127 #include <netinet/ip_carp.h> 128 #endif 129 #include <machine/in_cksum.h> 130 #include <netinet/if_ether.h> /* for struct arpcom */ 131 #include <net/bridgestp.h> 132 #include <net/if_bridgevar.h> 133 #include <net/if_llc.h> 134 135 #include <net/route.h> 136 #include <netinet/ip_fw.h> 137 #include <netinet/ip_dummynet.h> 138 139 /* 140 * Size of the route hash table. Must be a power of two. 141 */ 142 #ifndef BRIDGE_RTHASH_SIZE 143 #define BRIDGE_RTHASH_SIZE 1024 144 #endif 145 146 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 147 148 /* 149 * Maximum number of addresses to cache. 150 */ 151 #ifndef BRIDGE_RTABLE_MAX 152 #define BRIDGE_RTABLE_MAX 100 153 #endif 154 155 /* 156 * Timeout (in seconds) for entries learned dynamically. 157 */ 158 #ifndef BRIDGE_RTABLE_TIMEOUT 159 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 160 #endif 161 162 /* 163 * Number of seconds between walks of the route list. 164 */ 165 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 166 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 167 #endif 168 169 /* 170 * List of capabilities to mask on the member interface. 171 */ 172 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 173 174 /* 175 * Bridge interface list entry. 176 */ 177 struct bridge_iflist { 178 LIST_ENTRY(bridge_iflist) bif_next; 179 struct ifnet *bif_ifp; /* member if */ 180 struct bstp_port bif_stp; /* STP state */ 181 uint32_t bif_flags; /* member if flags */ 182 int bif_mutecap; /* member muted caps */ 183 }; 184 185 /* 186 * Bridge route node. 187 */ 188 struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct ifnet *brt_ifp; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195 }; 196 197 /* 198 * Software state for each bridge. 199 */ 200 struct bridge_softc { 201 struct ifnet *sc_ifp; /* make this an interface */ 202 LIST_ENTRY(bridge_softc) sc_list; 203 struct mtx sc_mtx; 204 struct cv sc_cv; 205 uint32_t sc_brtmax; /* max # of addresses */ 206 uint32_t sc_brtcnt; /* cur. # of addresses */ 207 uint32_t sc_brttimeout; /* rt timeout in seconds */ 208 struct callout sc_brcallout; /* bridge callout */ 209 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 210 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 211 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 212 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 213 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 214 uint32_t sc_rthash_key; /* key for hash */ 215 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 216 struct bstp_state sc_stp; /* STP state */ 217 uint32_t sc_brtexceeded; /* # of cache drops */ 218 }; 219 220 static struct mtx bridge_list_mtx; 221 eventhandler_tag bridge_detach_cookie = NULL; 222 223 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 224 225 uma_zone_t bridge_rtnode_zone; 226 227 static int bridge_clone_create(struct if_clone *, int, caddr_t); 228 static void bridge_clone_destroy(struct ifnet *); 229 230 static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 231 static void bridge_mutecaps(struct bridge_iflist *, int); 232 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 233 static void bridge_init(void *); 234 static void bridge_dummynet(struct mbuf *, struct ifnet *); 235 static void bridge_stop(struct ifnet *, int); 236 static void bridge_start(struct ifnet *); 237 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 238 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 239 struct rtentry *); 240 static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 241 struct mbuf *); 242 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 243 244 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 245 246 static void bridge_timer(void *); 247 248 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 249 struct mbuf *, int); 250 static void bridge_span(struct bridge_softc *, struct mbuf *); 251 252 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 253 struct bridge_iflist *, int, uint8_t); 254 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 255 static void bridge_rttrim(struct bridge_softc *); 256 static void bridge_rtage(struct bridge_softc *); 257 static void bridge_rtflush(struct bridge_softc *, int); 258 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 259 260 static int bridge_rtable_init(struct bridge_softc *); 261 static void bridge_rtable_fini(struct bridge_softc *); 262 263 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 264 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 265 const uint8_t *); 266 static int bridge_rtnode_insert(struct bridge_softc *, 267 struct bridge_rtnode *); 268 static void bridge_rtnode_destroy(struct bridge_softc *, 269 struct bridge_rtnode *); 270 static void bridge_rtable_expire(struct ifnet *, int); 271 static void bridge_state_change(struct ifnet *, int); 272 273 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 274 const char *name); 275 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 276 struct ifnet *ifp); 277 static void bridge_delete_member(struct bridge_softc *, 278 struct bridge_iflist *, int); 279 static void bridge_delete_span(struct bridge_softc *, 280 struct bridge_iflist *); 281 282 static int bridge_ioctl_add(struct bridge_softc *, void *); 283 static int bridge_ioctl_del(struct bridge_softc *, void *); 284 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 285 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 286 static int bridge_ioctl_scache(struct bridge_softc *, void *); 287 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 288 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 289 static int bridge_ioctl_rts(struct bridge_softc *, void *); 290 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 291 static int bridge_ioctl_sto(struct bridge_softc *, void *); 292 static int bridge_ioctl_gto(struct bridge_softc *, void *); 293 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 294 static int bridge_ioctl_flush(struct bridge_softc *, void *); 295 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 296 static int bridge_ioctl_spri(struct bridge_softc *, void *); 297 static int bridge_ioctl_ght(struct bridge_softc *, void *); 298 static int bridge_ioctl_sht(struct bridge_softc *, void *); 299 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 300 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 301 static int bridge_ioctl_gma(struct bridge_softc *, void *); 302 static int bridge_ioctl_sma(struct bridge_softc *, void *); 303 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 304 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 305 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 306 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 307 static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 308 static int bridge_ioctl_grte(struct bridge_softc *, void *); 309 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 310 static int bridge_ioctl_sproto(struct bridge_softc *, void *); 311 static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 312 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 313 int); 314 static int bridge_ip_checkbasic(struct mbuf **mp); 315 #ifdef INET6 316 static int bridge_ip6_checkbasic(struct mbuf **mp); 317 #endif /* INET6 */ 318 static int bridge_fragment(struct ifnet *, struct mbuf *, 319 struct ether_header *, int, struct llc *); 320 321 static struct bstp_cb_ops bridge_ops = { 322 .bcb_state = bridge_state_change, 323 .bcb_rtage = bridge_rtable_expire 324 }; 325 326 SYSCTL_DECL(_net_link); 327 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 328 329 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 330 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 331 static int pfil_member = 1; /* run pfil hooks on the member interface */ 332 static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 333 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 334 static int log_stp = 0; /* log STP state changes */ 335 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 336 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 337 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 338 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 339 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 340 &pfil_bridge, 0, "Packet filter on the bridge interface"); 341 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 342 &pfil_member, 0, "Packet filter on the member interface"); 343 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 344 &log_stp, 0, "Log STP state changes"); 345 346 struct bridge_control { 347 int (*bc_func)(struct bridge_softc *, void *); 348 int bc_argsize; 349 int bc_flags; 350 }; 351 352 #define BC_F_COPYIN 0x01 /* copy arguments in */ 353 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 354 #define BC_F_SUSER 0x04 /* do super-user check */ 355 356 const struct bridge_control bridge_control_table[] = { 357 { bridge_ioctl_add, sizeof(struct ifbreq), 358 BC_F_COPYIN|BC_F_SUSER }, 359 { bridge_ioctl_del, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_SUSER }, 361 362 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 363 BC_F_COPYIN|BC_F_COPYOUT }, 364 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 365 BC_F_COPYIN|BC_F_SUSER }, 366 367 { bridge_ioctl_scache, sizeof(struct ifbrparam), 368 BC_F_COPYIN|BC_F_SUSER }, 369 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 370 BC_F_COPYOUT }, 371 372 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 373 BC_F_COPYIN|BC_F_COPYOUT }, 374 { bridge_ioctl_rts, sizeof(struct ifbaconf), 375 BC_F_COPYIN|BC_F_COPYOUT }, 376 377 { bridge_ioctl_saddr, sizeof(struct ifbareq), 378 BC_F_COPYIN|BC_F_SUSER }, 379 380 { bridge_ioctl_sto, sizeof(struct ifbrparam), 381 BC_F_COPYIN|BC_F_SUSER }, 382 { bridge_ioctl_gto, sizeof(struct ifbrparam), 383 BC_F_COPYOUT }, 384 385 { bridge_ioctl_daddr, sizeof(struct ifbareq), 386 BC_F_COPYIN|BC_F_SUSER }, 387 388 { bridge_ioctl_flush, sizeof(struct ifbreq), 389 BC_F_COPYIN|BC_F_SUSER }, 390 391 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 392 BC_F_COPYOUT }, 393 { bridge_ioctl_spri, sizeof(struct ifbrparam), 394 BC_F_COPYIN|BC_F_SUSER }, 395 396 { bridge_ioctl_ght, sizeof(struct ifbrparam), 397 BC_F_COPYOUT }, 398 { bridge_ioctl_sht, sizeof(struct ifbrparam), 399 BC_F_COPYIN|BC_F_SUSER }, 400 401 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 402 BC_F_COPYOUT }, 403 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 404 BC_F_COPYIN|BC_F_SUSER }, 405 406 { bridge_ioctl_gma, sizeof(struct ifbrparam), 407 BC_F_COPYOUT }, 408 { bridge_ioctl_sma, sizeof(struct ifbrparam), 409 BC_F_COPYIN|BC_F_SUSER }, 410 411 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 415 BC_F_COPYIN|BC_F_SUSER }, 416 417 { bridge_ioctl_addspan, sizeof(struct ifbreq), 418 BC_F_COPYIN|BC_F_SUSER }, 419 { bridge_ioctl_delspan, sizeof(struct ifbreq), 420 BC_F_COPYIN|BC_F_SUSER }, 421 422 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 423 BC_F_COPYOUT }, 424 425 { bridge_ioctl_grte, sizeof(struct ifbrparam), 426 BC_F_COPYOUT }, 427 428 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 429 BC_F_COPYIN|BC_F_COPYOUT }, 430 431 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 432 BC_F_COPYIN|BC_F_SUSER }, 433 434 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 435 BC_F_COPYIN|BC_F_SUSER }, 436 }; 437 const int bridge_control_table_size = 438 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 439 440 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 441 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 442 443 LIST_HEAD(, bridge_softc) bridge_list; 444 445 IFC_SIMPLE_DECLARE(bridge, 0); 446 447 static int 448 bridge_modevent(module_t mod, int type, void *data) 449 { 450 451 switch (type) { 452 case MOD_LOAD: 453 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 454 if_clone_attach(&bridge_cloner); 455 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 456 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 457 UMA_ALIGN_PTR, 0); 458 LIST_INIT(&bridge_list); 459 bridge_input_p = bridge_input; 460 bridge_output_p = bridge_output; 461 bridge_dn_p = bridge_dummynet; 462 bstp_linkstate_p = bstp_linkstate; 463 bridge_detach_cookie = EVENTHANDLER_REGISTER( 464 ifnet_departure_event, bridge_ifdetach, NULL, 465 EVENTHANDLER_PRI_ANY); 466 break; 467 case MOD_UNLOAD: 468 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 469 bridge_detach_cookie); 470 if_clone_detach(&bridge_cloner); 471 uma_zdestroy(bridge_rtnode_zone); 472 bridge_input_p = NULL; 473 bridge_output_p = NULL; 474 bridge_dn_p = NULL; 475 bstp_linkstate_p = NULL; 476 mtx_destroy(&bridge_list_mtx); 477 break; 478 default: 479 return (EOPNOTSUPP); 480 } 481 return (0); 482 } 483 484 static moduledata_t bridge_mod = { 485 "if_bridge", 486 bridge_modevent, 487 0 488 }; 489 490 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 491 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 492 493 /* 494 * handler for net.link.bridge.pfil_ipfw 495 */ 496 static int 497 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 498 { 499 int enable = pfil_ipfw; 500 int error; 501 502 error = sysctl_handle_int(oidp, &enable, 0, req); 503 enable = (enable) ? 1 : 0; 504 505 if (enable != pfil_ipfw) { 506 pfil_ipfw = enable; 507 508 /* 509 * Disable pfil so that ipfw doesnt run twice, if the user 510 * really wants both then they can re-enable pfil_bridge and/or 511 * pfil_member. Also allow non-ip packets as ipfw can filter by 512 * layer2 type. 513 */ 514 if (pfil_ipfw) { 515 pfil_onlyip = 0; 516 pfil_bridge = 0; 517 pfil_member = 0; 518 } 519 } 520 521 return (error); 522 } 523 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 524 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 525 526 /* 527 * bridge_clone_create: 528 * 529 * Create a new bridge instance. 530 */ 531 static int 532 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 533 { 534 struct bridge_softc *sc, *sc2; 535 struct ifnet *bifp, *ifp; 536 u_char eaddr[6]; 537 int retry; 538 539 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 540 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 541 if (ifp == NULL) { 542 free(sc, M_DEVBUF); 543 return (ENOSPC); 544 } 545 546 BRIDGE_LOCK_INIT(sc); 547 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 548 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 549 550 /* Initialize our routing table. */ 551 bridge_rtable_init(sc); 552 553 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 554 555 LIST_INIT(&sc->sc_iflist); 556 LIST_INIT(&sc->sc_spanlist); 557 558 ifp->if_softc = sc; 559 if_initname(ifp, ifc->ifc_name, unit); 560 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 561 ifp->if_ioctl = bridge_ioctl; 562 ifp->if_start = bridge_start; 563 ifp->if_init = bridge_init; 564 ifp->if_type = IFT_BRIDGE; 565 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 566 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 567 IFQ_SET_READY(&ifp->if_snd); 568 569 /* 570 * Generate a random ethernet address with a locally administered 571 * address. 572 * 573 * Since we are using random ethernet addresses for the bridge, it is 574 * possible that we might have address collisions, so make sure that 575 * this hardware address isn't already in use on another bridge. 576 */ 577 for (retry = 1; retry != 0;) { 578 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 579 eaddr[0] &= ~1; /* clear multicast bit */ 580 eaddr[0] |= 2; /* set the LAA bit */ 581 retry = 0; 582 mtx_lock(&bridge_list_mtx); 583 LIST_FOREACH(sc2, &bridge_list, sc_list) { 584 bifp = sc2->sc_ifp; 585 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 586 retry = 1; 587 } 588 mtx_unlock(&bridge_list_mtx); 589 } 590 591 bstp_attach(&sc->sc_stp, &bridge_ops); 592 ether_ifattach(ifp, eaddr); 593 /* Now undo some of the damage... */ 594 ifp->if_baudrate = 0; 595 ifp->if_type = IFT_BRIDGE; 596 597 mtx_lock(&bridge_list_mtx); 598 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 599 mtx_unlock(&bridge_list_mtx); 600 601 return (0); 602 } 603 604 /* 605 * bridge_clone_destroy: 606 * 607 * Destroy a bridge instance. 608 */ 609 static void 610 bridge_clone_destroy(struct ifnet *ifp) 611 { 612 struct bridge_softc *sc = ifp->if_softc; 613 struct bridge_iflist *bif; 614 615 BRIDGE_LOCK(sc); 616 617 bridge_stop(ifp, 1); 618 ifp->if_flags &= ~IFF_UP; 619 620 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 621 bridge_delete_member(sc, bif, 0); 622 623 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 624 bridge_delete_span(sc, bif); 625 } 626 627 BRIDGE_UNLOCK(sc); 628 629 callout_drain(&sc->sc_brcallout); 630 631 mtx_lock(&bridge_list_mtx); 632 LIST_REMOVE(sc, sc_list); 633 mtx_unlock(&bridge_list_mtx); 634 635 bstp_detach(&sc->sc_stp); 636 ether_ifdetach(ifp); 637 if_free_type(ifp, IFT_ETHER); 638 639 /* Tear down the routing table. */ 640 bridge_rtable_fini(sc); 641 642 BRIDGE_LOCK_DESTROY(sc); 643 free(sc, M_DEVBUF); 644 } 645 646 /* 647 * bridge_ioctl: 648 * 649 * Handle a control request from the operator. 650 */ 651 static int 652 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 653 { 654 struct bridge_softc *sc = ifp->if_softc; 655 struct thread *td = curthread; 656 union { 657 struct ifbreq ifbreq; 658 struct ifbifconf ifbifconf; 659 struct ifbareq ifbareq; 660 struct ifbaconf ifbaconf; 661 struct ifbrparam ifbrparam; 662 struct ifbropreq ifbropreq; 663 } args; 664 struct ifdrv *ifd = (struct ifdrv *) data; 665 const struct bridge_control *bc; 666 int error = 0; 667 668 BRIDGE_LOCK(sc); 669 670 switch (cmd) { 671 672 case SIOCADDMULTI: 673 case SIOCDELMULTI: 674 break; 675 676 case SIOCGDRVSPEC: 677 case SIOCSDRVSPEC: 678 if (ifd->ifd_cmd >= bridge_control_table_size) { 679 error = EINVAL; 680 break; 681 } 682 bc = &bridge_control_table[ifd->ifd_cmd]; 683 684 if (cmd == SIOCGDRVSPEC && 685 (bc->bc_flags & BC_F_COPYOUT) == 0) { 686 error = EINVAL; 687 break; 688 } 689 else if (cmd == SIOCSDRVSPEC && 690 (bc->bc_flags & BC_F_COPYOUT) != 0) { 691 error = EINVAL; 692 break; 693 } 694 695 if (bc->bc_flags & BC_F_SUSER) { 696 error = priv_check(td, PRIV_NET_BRIDGE); 697 if (error) 698 break; 699 } 700 701 if (ifd->ifd_len != bc->bc_argsize || 702 ifd->ifd_len > sizeof(args)) { 703 error = EINVAL; 704 break; 705 } 706 707 bzero(&args, sizeof(args)); 708 if (bc->bc_flags & BC_F_COPYIN) { 709 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 710 if (error) 711 break; 712 } 713 714 error = (*bc->bc_func)(sc, &args); 715 if (error) 716 break; 717 718 if (bc->bc_flags & BC_F_COPYOUT) 719 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 720 721 break; 722 723 case SIOCSIFFLAGS: 724 if (!(ifp->if_flags & IFF_UP) && 725 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 726 /* 727 * If interface is marked down and it is running, 728 * then stop and disable it. 729 */ 730 bridge_stop(ifp, 1); 731 } else if ((ifp->if_flags & IFF_UP) && 732 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 733 /* 734 * If interface is marked up and it is stopped, then 735 * start it. 736 */ 737 BRIDGE_UNLOCK(sc); 738 (*ifp->if_init)(sc); 739 } 740 break; 741 742 case SIOCSIFMTU: 743 /* Do not allow the MTU to be changed on the bridge */ 744 error = EINVAL; 745 break; 746 747 default: 748 /* 749 * drop the lock as ether_ioctl() will call bridge_start() and 750 * cause the lock to be recursed. 751 */ 752 BRIDGE_UNLOCK(sc); 753 error = ether_ioctl(ifp, cmd, data); 754 break; 755 } 756 757 if (BRIDGE_LOCKED(sc)) 758 BRIDGE_UNLOCK(sc); 759 760 return (error); 761 } 762 763 /* 764 * bridge_mutecaps: 765 * 766 * Clear or restore unwanted capabilities on the member interface 767 */ 768 static void 769 bridge_mutecaps(struct bridge_iflist *bif, int mute) 770 { 771 struct ifnet *ifp = bif->bif_ifp; 772 struct ifreq ifr; 773 int error; 774 775 if (ifp->if_ioctl == NULL) 776 return; 777 778 bzero(&ifr, sizeof(ifr)); 779 ifr.ifr_reqcap = ifp->if_capenable; 780 781 if (mute) { 782 /* mask off and save capabilities */ 783 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 784 if (bif->bif_mutecap != 0) 785 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 786 } else 787 /* restore muted capabilities */ 788 ifr.ifr_reqcap |= bif->bif_mutecap; 789 790 791 if (bif->bif_mutecap != 0) { 792 IFF_LOCKGIANT(ifp); 793 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 794 IFF_UNLOCKGIANT(ifp); 795 } 796 } 797 798 /* 799 * bridge_lookup_member: 800 * 801 * Lookup a bridge member interface. 802 */ 803 static struct bridge_iflist * 804 bridge_lookup_member(struct bridge_softc *sc, const char *name) 805 { 806 struct bridge_iflist *bif; 807 struct ifnet *ifp; 808 809 BRIDGE_LOCK_ASSERT(sc); 810 811 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 812 ifp = bif->bif_ifp; 813 if (strcmp(ifp->if_xname, name) == 0) 814 return (bif); 815 } 816 817 return (NULL); 818 } 819 820 /* 821 * bridge_lookup_member_if: 822 * 823 * Lookup a bridge member interface by ifnet*. 824 */ 825 static struct bridge_iflist * 826 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 827 { 828 struct bridge_iflist *bif; 829 830 BRIDGE_LOCK_ASSERT(sc); 831 832 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 833 if (bif->bif_ifp == member_ifp) 834 return (bif); 835 } 836 837 return (NULL); 838 } 839 840 /* 841 * bridge_delete_member: 842 * 843 * Delete the specified member interface. 844 */ 845 static void 846 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 847 int gone) 848 { 849 struct ifnet *ifs = bif->bif_ifp; 850 851 BRIDGE_LOCK_ASSERT(sc); 852 853 if (!gone) { 854 switch (ifs->if_type) { 855 case IFT_ETHER: 856 case IFT_L2VLAN: 857 /* 858 * Take the interface out of promiscuous mode. 859 */ 860 (void) ifpromisc(ifs, 0); 861 bridge_mutecaps(bif, 0); 862 break; 863 864 case IFT_GIF: 865 break; 866 867 default: 868 #ifdef DIAGNOSTIC 869 panic("bridge_delete_member: impossible"); 870 #endif 871 break; 872 } 873 } 874 875 if (bif->bif_flags & IFBIF_STP) 876 bstp_disable(&bif->bif_stp); 877 878 ifs->if_bridge = NULL; 879 BRIDGE_XLOCK(sc); 880 LIST_REMOVE(bif, bif_next); 881 BRIDGE_XDROP(sc); 882 883 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 884 885 BRIDGE_UNLOCK(sc); 886 bstp_destroy(&bif->bif_stp); /* prepare to free */ 887 BRIDGE_LOCK(sc); 888 free(bif, M_DEVBUF); 889 } 890 891 /* 892 * bridge_delete_span: 893 * 894 * Delete the specified span interface. 895 */ 896 static void 897 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 898 { 899 BRIDGE_LOCK_ASSERT(sc); 900 901 KASSERT(bif->bif_ifp->if_bridge == NULL, 902 ("%s: not a span interface", __func__)); 903 904 LIST_REMOVE(bif, bif_next); 905 free(bif, M_DEVBUF); 906 } 907 908 static int 909 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 910 { 911 struct ifbreq *req = arg; 912 struct bridge_iflist *bif = NULL; 913 struct ifnet *ifs; 914 int error = 0; 915 916 ifs = ifunit(req->ifbr_ifsname); 917 if (ifs == NULL) 918 return (ENOENT); 919 920 /* If it's in the span list, it can't be a member. */ 921 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 922 if (ifs == bif->bif_ifp) 923 return (EBUSY); 924 925 /* Allow the first Ethernet member to define the MTU */ 926 if (ifs->if_type != IFT_GIF) { 927 if (LIST_EMPTY(&sc->sc_iflist)) 928 sc->sc_ifp->if_mtu = ifs->if_mtu; 929 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 930 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 931 ifs->if_xname); 932 return (EINVAL); 933 } 934 } 935 936 if (ifs->if_bridge == sc) 937 return (EEXIST); 938 939 if (ifs->if_bridge != NULL) 940 return (EBUSY); 941 942 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 943 if (bif == NULL) 944 return (ENOMEM); 945 946 bif->bif_ifp = ifs; 947 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 948 949 switch (ifs->if_type) { 950 case IFT_ETHER: 951 case IFT_L2VLAN: 952 /* 953 * Place the interface into promiscuous mode. 954 */ 955 error = ifpromisc(ifs, 1); 956 if (error) 957 goto out; 958 959 bridge_mutecaps(bif, 1); 960 break; 961 962 case IFT_GIF: 963 break; 964 965 default: 966 error = EINVAL; 967 goto out; 968 } 969 970 ifs->if_bridge = sc; 971 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 972 /* 973 * XXX: XLOCK HERE!?! 974 * 975 * NOTE: insert_***HEAD*** should be safe for the traversals. 976 */ 977 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 978 979 out: 980 if (error) { 981 if (bif != NULL) 982 free(bif, M_DEVBUF); 983 } 984 return (error); 985 } 986 987 static int 988 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 989 { 990 struct ifbreq *req = arg; 991 struct bridge_iflist *bif; 992 993 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 994 if (bif == NULL) 995 return (ENOENT); 996 997 bridge_delete_member(sc, bif, 0); 998 999 return (0); 1000 } 1001 1002 static int 1003 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1004 { 1005 struct ifbreq *req = arg; 1006 struct bridge_iflist *bif; 1007 struct bstp_port *bp; 1008 1009 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1010 if (bif == NULL) 1011 return (ENOENT); 1012 1013 bp = &bif->bif_stp; 1014 req->ifbr_ifsflags = bif->bif_flags; 1015 req->ifbr_state = bp->bp_state; 1016 req->ifbr_priority = bp->bp_priority; 1017 req->ifbr_path_cost = bp->bp_path_cost; 1018 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1019 req->ifbr_proto = bp->bp_protover; 1020 req->ifbr_role = bp->bp_role; 1021 req->ifbr_stpflags = bp->bp_flags; 1022 1023 /* Copy STP state options as flags */ 1024 if (bp->bp_operedge) 1025 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1026 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1027 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1028 if (bp->bp_ptp_link) 1029 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1030 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1031 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1032 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1033 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1034 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1035 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1036 return (0); 1037 } 1038 1039 static int 1040 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1041 { 1042 struct ifbreq *req = arg; 1043 struct bridge_iflist *bif; 1044 struct bstp_port *bp; 1045 int error; 1046 1047 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1048 if (bif == NULL) 1049 return (ENOENT); 1050 bp = &bif->bif_stp; 1051 1052 if (req->ifbr_ifsflags & IFBIF_SPAN) 1053 /* SPAN is readonly */ 1054 return (EINVAL); 1055 1056 if (req->ifbr_ifsflags & IFBIF_STP) { 1057 if ((bif->bif_flags & IFBIF_STP) == 0) { 1058 error = bstp_enable(&bif->bif_stp); 1059 if (error) 1060 return (error); 1061 } 1062 } else { 1063 if ((bif->bif_flags & IFBIF_STP) != 0) 1064 bstp_disable(&bif->bif_stp); 1065 } 1066 1067 /* Pass on STP flags */ 1068 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1069 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1070 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1071 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1072 1073 /* Save the bits relating to the bridge */ 1074 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1075 1076 return (0); 1077 } 1078 1079 static int 1080 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1081 { 1082 struct ifbrparam *param = arg; 1083 1084 sc->sc_brtmax = param->ifbrp_csize; 1085 bridge_rttrim(sc); 1086 1087 return (0); 1088 } 1089 1090 static int 1091 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1092 { 1093 struct ifbrparam *param = arg; 1094 1095 param->ifbrp_csize = sc->sc_brtmax; 1096 1097 return (0); 1098 } 1099 1100 static int 1101 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1102 { 1103 struct ifbifconf *bifc = arg; 1104 struct bridge_iflist *bif; 1105 struct ifbreq breq; 1106 int count, len, error = 0; 1107 1108 count = 0; 1109 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1110 count++; 1111 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1112 count++; 1113 1114 if (bifc->ifbic_len == 0) { 1115 bifc->ifbic_len = sizeof(breq) * count; 1116 return (0); 1117 } 1118 1119 count = 0; 1120 len = bifc->ifbic_len; 1121 bzero(&breq, sizeof(breq)); 1122 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1123 if (len < sizeof(breq)) 1124 break; 1125 1126 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1127 sizeof(breq.ifbr_ifsname)); 1128 /* Fill in the ifbreq structure */ 1129 error = bridge_ioctl_gifflags(sc, &breq); 1130 if (error) 1131 break; 1132 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1133 if (error) 1134 break; 1135 count++; 1136 len -= sizeof(breq); 1137 } 1138 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1139 if (len < sizeof(breq)) 1140 break; 1141 1142 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1143 sizeof(breq.ifbr_ifsname)); 1144 breq.ifbr_ifsflags = bif->bif_flags; 1145 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1146 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1147 if (error) 1148 break; 1149 count++; 1150 len -= sizeof(breq); 1151 } 1152 1153 bifc->ifbic_len = sizeof(breq) * count; 1154 return (error); 1155 } 1156 1157 static int 1158 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1159 { 1160 struct ifbaconf *bac = arg; 1161 struct bridge_rtnode *brt; 1162 struct ifbareq bareq; 1163 int count = 0, error = 0, len; 1164 1165 if (bac->ifbac_len == 0) 1166 return (0); 1167 1168 len = bac->ifbac_len; 1169 bzero(&bareq, sizeof(bareq)); 1170 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1171 if (len < sizeof(bareq)) 1172 goto out; 1173 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1174 sizeof(bareq.ifba_ifsname)); 1175 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1176 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1177 time_uptime < brt->brt_expire) 1178 bareq.ifba_expire = brt->brt_expire - time_uptime; 1179 else 1180 bareq.ifba_expire = 0; 1181 bareq.ifba_flags = brt->brt_flags; 1182 1183 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1184 if (error) 1185 goto out; 1186 count++; 1187 len -= sizeof(bareq); 1188 } 1189 out: 1190 bac->ifbac_len = sizeof(bareq) * count; 1191 return (error); 1192 } 1193 1194 static int 1195 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1196 { 1197 struct ifbareq *req = arg; 1198 struct bridge_iflist *bif; 1199 int error; 1200 1201 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1202 if (bif == NULL) 1203 return (ENOENT); 1204 1205 error = bridge_rtupdate(sc, req->ifba_dst, bif, 1, 1206 req->ifba_flags); 1207 1208 return (error); 1209 } 1210 1211 static int 1212 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1213 { 1214 struct ifbrparam *param = arg; 1215 1216 sc->sc_brttimeout = param->ifbrp_ctime; 1217 return (0); 1218 } 1219 1220 static int 1221 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1222 { 1223 struct ifbrparam *param = arg; 1224 1225 param->ifbrp_ctime = sc->sc_brttimeout; 1226 return (0); 1227 } 1228 1229 static int 1230 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1231 { 1232 struct ifbareq *req = arg; 1233 1234 return (bridge_rtdaddr(sc, req->ifba_dst)); 1235 } 1236 1237 static int 1238 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1239 { 1240 struct ifbreq *req = arg; 1241 1242 bridge_rtflush(sc, req->ifbr_ifsflags); 1243 return (0); 1244 } 1245 1246 static int 1247 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1248 { 1249 struct ifbrparam *param = arg; 1250 struct bstp_state *bs = &sc->sc_stp; 1251 1252 param->ifbrp_prio = bs->bs_bridge_priority; 1253 return (0); 1254 } 1255 1256 static int 1257 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1258 { 1259 struct ifbrparam *param = arg; 1260 1261 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1262 } 1263 1264 static int 1265 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1266 { 1267 struct ifbrparam *param = arg; 1268 struct bstp_state *bs = &sc->sc_stp; 1269 1270 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1271 return (0); 1272 } 1273 1274 static int 1275 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1276 { 1277 struct ifbrparam *param = arg; 1278 1279 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1280 } 1281 1282 static int 1283 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1284 { 1285 struct ifbrparam *param = arg; 1286 struct bstp_state *bs = &sc->sc_stp; 1287 1288 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1289 return (0); 1290 } 1291 1292 static int 1293 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1294 { 1295 struct ifbrparam *param = arg; 1296 1297 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1298 } 1299 1300 static int 1301 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1302 { 1303 struct ifbrparam *param = arg; 1304 struct bstp_state *bs = &sc->sc_stp; 1305 1306 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1307 return (0); 1308 } 1309 1310 static int 1311 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1312 { 1313 struct ifbrparam *param = arg; 1314 1315 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1316 } 1317 1318 static int 1319 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1320 { 1321 struct ifbreq *req = arg; 1322 struct bridge_iflist *bif; 1323 1324 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1325 if (bif == NULL) 1326 return (ENOENT); 1327 1328 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1329 } 1330 1331 static int 1332 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1333 { 1334 struct ifbreq *req = arg; 1335 struct bridge_iflist *bif; 1336 1337 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1338 if (bif == NULL) 1339 return (ENOENT); 1340 1341 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1342 } 1343 1344 static int 1345 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1346 { 1347 struct ifbreq *req = arg; 1348 struct bridge_iflist *bif = NULL; 1349 struct ifnet *ifs; 1350 1351 ifs = ifunit(req->ifbr_ifsname); 1352 if (ifs == NULL) 1353 return (ENOENT); 1354 1355 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1356 if (ifs == bif->bif_ifp) 1357 return (EBUSY); 1358 1359 if (ifs->if_bridge != NULL) 1360 return (EBUSY); 1361 1362 switch (ifs->if_type) { 1363 case IFT_ETHER: 1364 case IFT_GIF: 1365 case IFT_L2VLAN: 1366 break; 1367 default: 1368 return (EINVAL); 1369 } 1370 1371 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1372 if (bif == NULL) 1373 return (ENOMEM); 1374 1375 bif->bif_ifp = ifs; 1376 bif->bif_flags = IFBIF_SPAN; 1377 1378 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1379 1380 return (0); 1381 } 1382 1383 static int 1384 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1385 { 1386 struct ifbreq *req = arg; 1387 struct bridge_iflist *bif; 1388 struct ifnet *ifs; 1389 1390 ifs = ifunit(req->ifbr_ifsname); 1391 if (ifs == NULL) 1392 return (ENOENT); 1393 1394 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1395 if (ifs == bif->bif_ifp) 1396 break; 1397 1398 if (bif == NULL) 1399 return (ENOENT); 1400 1401 bridge_delete_span(sc, bif); 1402 1403 return (0); 1404 } 1405 1406 static int 1407 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1408 { 1409 struct ifbropreq *req = arg; 1410 struct bstp_state *bs = &sc->sc_stp; 1411 struct bstp_port *root_port; 1412 1413 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1414 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1415 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1416 1417 root_port = bs->bs_root_port; 1418 if (root_port == NULL) 1419 req->ifbop_root_port = 0; 1420 else 1421 req->ifbop_root_port = root_port->bp_ifp->if_index; 1422 1423 req->ifbop_holdcount = bs->bs_txholdcount; 1424 req->ifbop_priority = bs->bs_bridge_priority; 1425 req->ifbop_protocol = bs->bs_protover; 1426 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1427 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1428 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1429 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1430 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1431 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1432 1433 return (0); 1434 } 1435 1436 static int 1437 bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1438 { 1439 struct ifbrparam *param = arg; 1440 1441 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1442 return (0); 1443 } 1444 1445 static int 1446 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1447 { 1448 struct ifbpstpconf *bifstp = arg; 1449 struct bridge_iflist *bif; 1450 struct bstp_port *bp; 1451 struct ifbpstpreq bpreq; 1452 int count, len, error = 0; 1453 1454 count = 0; 1455 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1456 if ((bif->bif_flags & IFBIF_STP) != 0) 1457 count++; 1458 } 1459 1460 if (bifstp->ifbpstp_len == 0) { 1461 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1462 return (0); 1463 } 1464 1465 count = 0; 1466 len = bifstp->ifbpstp_len; 1467 bzero(&bpreq, sizeof(bpreq)); 1468 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1469 if (len < sizeof(bpreq)) 1470 break; 1471 1472 if ((bif->bif_flags & IFBIF_STP) == 0) 1473 continue; 1474 1475 bp = &bif->bif_stp; 1476 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1477 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1478 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1479 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1480 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1481 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1482 1483 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1484 sizeof(bpreq)); 1485 if (error != 0) 1486 break; 1487 1488 count++; 1489 len -= sizeof(bpreq); 1490 } 1491 1492 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1493 return (error); 1494 } 1495 1496 static int 1497 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1498 { 1499 struct ifbrparam *param = arg; 1500 1501 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1502 } 1503 1504 static int 1505 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1506 { 1507 struct ifbrparam *param = arg; 1508 1509 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1510 } 1511 1512 /* 1513 * bridge_ifdetach: 1514 * 1515 * Detach an interface from a bridge. Called when a member 1516 * interface is detaching. 1517 */ 1518 static void 1519 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1520 { 1521 struct bridge_softc *sc = ifp->if_bridge; 1522 struct bridge_iflist *bif; 1523 1524 /* Check if the interface is a bridge member */ 1525 if (sc != NULL) { 1526 BRIDGE_LOCK(sc); 1527 1528 bif = bridge_lookup_member_if(sc, ifp); 1529 if (bif != NULL) 1530 bridge_delete_member(sc, bif, 1); 1531 1532 BRIDGE_UNLOCK(sc); 1533 return; 1534 } 1535 1536 /* Check if the interface is a span port */ 1537 mtx_lock(&bridge_list_mtx); 1538 LIST_FOREACH(sc, &bridge_list, sc_list) { 1539 BRIDGE_LOCK(sc); 1540 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1541 if (ifp == bif->bif_ifp) { 1542 bridge_delete_span(sc, bif); 1543 break; 1544 } 1545 1546 BRIDGE_UNLOCK(sc); 1547 } 1548 mtx_unlock(&bridge_list_mtx); 1549 } 1550 1551 /* 1552 * bridge_init: 1553 * 1554 * Initialize a bridge interface. 1555 */ 1556 static void 1557 bridge_init(void *xsc) 1558 { 1559 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1560 struct ifnet *ifp = sc->sc_ifp; 1561 1562 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1563 return; 1564 1565 BRIDGE_LOCK(sc); 1566 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1567 bridge_timer, sc); 1568 1569 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1570 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1571 1572 BRIDGE_UNLOCK(sc); 1573 } 1574 1575 /* 1576 * bridge_stop: 1577 * 1578 * Stop the bridge interface. 1579 */ 1580 static void 1581 bridge_stop(struct ifnet *ifp, int disable) 1582 { 1583 struct bridge_softc *sc = ifp->if_softc; 1584 1585 BRIDGE_LOCK_ASSERT(sc); 1586 1587 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1588 return; 1589 1590 callout_stop(&sc->sc_brcallout); 1591 bstp_stop(&sc->sc_stp); 1592 1593 bridge_rtflush(sc, IFBF_FLUSHDYN); 1594 1595 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1596 } 1597 1598 /* 1599 * bridge_enqueue: 1600 * 1601 * Enqueue a packet on a bridge member interface. 1602 * 1603 */ 1604 static void 1605 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1606 { 1607 int len, err = 0; 1608 short mflags; 1609 struct mbuf *m0; 1610 1611 len = m->m_pkthdr.len; 1612 mflags = m->m_flags; 1613 1614 /* We may be sending a fragment so traverse the mbuf */ 1615 for (; m; m = m0) { 1616 m0 = m->m_nextpkt; 1617 m->m_nextpkt = NULL; 1618 1619 if (err == 0) 1620 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1621 } 1622 1623 if (err == 0) { 1624 1625 sc->sc_ifp->if_opackets++; 1626 sc->sc_ifp->if_obytes += len; 1627 1628 dst_ifp->if_obytes += len; 1629 1630 if (mflags & M_MCAST) { 1631 sc->sc_ifp->if_omcasts++; 1632 dst_ifp->if_omcasts++; 1633 } 1634 } 1635 1636 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1637 (*dst_ifp->if_start)(dst_ifp); 1638 } 1639 1640 /* 1641 * bridge_dummynet: 1642 * 1643 * Receive a queued packet from dummynet and pass it on to the output 1644 * interface. 1645 * 1646 * The mbuf has the Ethernet header already attached. 1647 */ 1648 static void 1649 bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1650 { 1651 struct bridge_softc *sc; 1652 1653 sc = ifp->if_bridge; 1654 1655 /* 1656 * The packet didnt originate from a member interface. This should only 1657 * ever happen if a member interface is removed while packets are 1658 * queued for it. 1659 */ 1660 if (sc == NULL) { 1661 m_freem(m); 1662 return; 1663 } 1664 1665 if (PFIL_HOOKED(&inet_pfil_hook) 1666 #ifdef INET6 1667 || PFIL_HOOKED(&inet6_pfil_hook) 1668 #endif 1669 ) { 1670 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1671 return; 1672 if (m == NULL) 1673 return; 1674 } 1675 1676 bridge_enqueue(sc, ifp, m); 1677 } 1678 1679 /* 1680 * bridge_output: 1681 * 1682 * Send output from a bridge member interface. This 1683 * performs the bridging function for locally originated 1684 * packets. 1685 * 1686 * The mbuf has the Ethernet header already attached. We must 1687 * enqueue or free the mbuf before returning. 1688 */ 1689 static int 1690 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1691 struct rtentry *rt) 1692 { 1693 struct ether_header *eh; 1694 struct ifnet *dst_if; 1695 struct bridge_softc *sc; 1696 1697 if (m->m_len < ETHER_HDR_LEN) { 1698 m = m_pullup(m, ETHER_HDR_LEN); 1699 if (m == NULL) 1700 return (0); 1701 } 1702 1703 eh = mtod(m, struct ether_header *); 1704 sc = ifp->if_bridge; 1705 1706 BRIDGE_LOCK(sc); 1707 1708 /* 1709 * If bridge is down, but the original output interface is up, 1710 * go ahead and send out that interface. Otherwise, the packet 1711 * is dropped below. 1712 */ 1713 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1714 dst_if = ifp; 1715 goto sendunicast; 1716 } 1717 1718 /* 1719 * If the packet is a multicast, or we don't know a better way to 1720 * get there, send to all interfaces. 1721 */ 1722 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1723 dst_if = NULL; 1724 else 1725 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1726 if (dst_if == NULL) { 1727 struct bridge_iflist *bif; 1728 struct mbuf *mc; 1729 int error = 0, used = 0; 1730 1731 bridge_span(sc, m); 1732 1733 BRIDGE_LOCK2REF(sc, error); 1734 if (error) { 1735 m_freem(m); 1736 return (0); 1737 } 1738 1739 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1740 dst_if = bif->bif_ifp; 1741 1742 if (dst_if->if_type == IFT_GIF) 1743 continue; 1744 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1745 continue; 1746 1747 /* 1748 * If this is not the original output interface, 1749 * and the interface is participating in spanning 1750 * tree, make sure the port is in a state that 1751 * allows forwarding. 1752 */ 1753 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1754 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1755 continue; 1756 1757 if (LIST_NEXT(bif, bif_next) == NULL) { 1758 used = 1; 1759 mc = m; 1760 } else { 1761 mc = m_copypacket(m, M_DONTWAIT); 1762 if (mc == NULL) { 1763 sc->sc_ifp->if_oerrors++; 1764 continue; 1765 } 1766 } 1767 1768 bridge_enqueue(sc, dst_if, mc); 1769 } 1770 if (used == 0) 1771 m_freem(m); 1772 BRIDGE_UNREF(sc); 1773 return (0); 1774 } 1775 1776 sendunicast: 1777 /* 1778 * XXX Spanning tree consideration here? 1779 */ 1780 1781 bridge_span(sc, m); 1782 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1783 m_freem(m); 1784 BRIDGE_UNLOCK(sc); 1785 return (0); 1786 } 1787 1788 BRIDGE_UNLOCK(sc); 1789 bridge_enqueue(sc, dst_if, m); 1790 return (0); 1791 } 1792 1793 /* 1794 * bridge_start: 1795 * 1796 * Start output on a bridge. 1797 * 1798 */ 1799 static void 1800 bridge_start(struct ifnet *ifp) 1801 { 1802 struct bridge_softc *sc; 1803 struct mbuf *m; 1804 struct ether_header *eh; 1805 struct ifnet *dst_if; 1806 1807 sc = ifp->if_softc; 1808 1809 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1810 for (;;) { 1811 IFQ_DEQUEUE(&ifp->if_snd, m); 1812 if (m == 0) 1813 break; 1814 BPF_MTAP(ifp, m); 1815 1816 eh = mtod(m, struct ether_header *); 1817 dst_if = NULL; 1818 1819 BRIDGE_LOCK(sc); 1820 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1821 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1822 } 1823 1824 if (dst_if == NULL) 1825 bridge_broadcast(sc, ifp, m, 0); 1826 else { 1827 BRIDGE_UNLOCK(sc); 1828 bridge_enqueue(sc, dst_if, m); 1829 } 1830 } 1831 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1832 } 1833 1834 /* 1835 * bridge_forward: 1836 * 1837 * The forwarding function of the bridge. 1838 * 1839 * NOTE: Releases the lock on return. 1840 */ 1841 static void 1842 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1843 { 1844 struct bridge_iflist *bif; 1845 struct ifnet *src_if, *dst_if, *ifp; 1846 struct ether_header *eh; 1847 1848 src_if = m->m_pkthdr.rcvif; 1849 ifp = sc->sc_ifp; 1850 1851 sc->sc_ifp->if_ipackets++; 1852 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1853 1854 /* 1855 * Look up the bridge_iflist. 1856 */ 1857 bif = bridge_lookup_member_if(sc, src_if); 1858 if (bif == NULL) { 1859 /* Interface is not a bridge member (anymore?) */ 1860 BRIDGE_UNLOCK(sc); 1861 m_freem(m); 1862 return; 1863 } 1864 1865 if ((bif->bif_flags & IFBIF_STP) && 1866 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1867 BRIDGE_UNLOCK(sc); 1868 m_freem(m); 1869 return; 1870 } 1871 1872 eh = mtod(m, struct ether_header *); 1873 1874 /* 1875 * If the interface is learning, and the source 1876 * address is valid and not multicast, record 1877 * the address. 1878 */ 1879 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1880 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1881 (eh->ether_shost[0] == 0 && 1882 eh->ether_shost[1] == 0 && 1883 eh->ether_shost[2] == 0 && 1884 eh->ether_shost[3] == 0 && 1885 eh->ether_shost[4] == 0 && 1886 eh->ether_shost[5] == 0) == 0) { 1887 (void) bridge_rtupdate(sc, eh->ether_shost, 1888 bif, 0, IFBAF_DYNAMIC); 1889 } 1890 1891 if ((bif->bif_flags & IFBIF_STP) != 0 && 1892 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1893 m_freem(m); 1894 BRIDGE_UNLOCK(sc); 1895 return; 1896 } 1897 1898 /* 1899 * At this point, the port either doesn't participate 1900 * in spanning tree or it is in the forwarding state. 1901 */ 1902 1903 /* 1904 * If the packet is unicast, destined for someone on 1905 * "this" side of the bridge, drop it. 1906 */ 1907 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1908 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1909 if (src_if == dst_if) { 1910 BRIDGE_UNLOCK(sc); 1911 m_freem(m); 1912 return; 1913 } 1914 } else { 1915 /* ...forward it to all interfaces. */ 1916 sc->sc_ifp->if_imcasts++; 1917 dst_if = NULL; 1918 } 1919 1920 /* 1921 * If we have a destination interface which is a member of our bridge, 1922 * OR this is a unicast packet, push it through the bpf(4) machinery. 1923 * For broadcast or multicast packets, don't bother because it will 1924 * be reinjected into ether_input. We do this before we pass the packets 1925 * through the pfil(9) framework, as it is possible that pfil(9) will 1926 * drop the packet, or possibly modify it, making it difficult to debug 1927 * firewall issues on the bridge. 1928 */ 1929 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1930 BPF_MTAP(ifp, m); 1931 1932 /* run the packet filter */ 1933 if (PFIL_HOOKED(&inet_pfil_hook) 1934 #ifdef INET6 1935 || PFIL_HOOKED(&inet6_pfil_hook) 1936 #endif 1937 ) { 1938 BRIDGE_UNLOCK(sc); 1939 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1940 return; 1941 if (m == NULL) 1942 return; 1943 BRIDGE_LOCK(sc); 1944 } 1945 1946 if (dst_if == NULL) { 1947 bridge_broadcast(sc, src_if, m, 1); 1948 return; 1949 } 1950 1951 /* 1952 * At this point, we're dealing with a unicast frame 1953 * going to a different interface. 1954 */ 1955 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1956 BRIDGE_UNLOCK(sc); 1957 m_freem(m); 1958 return; 1959 } 1960 bif = bridge_lookup_member_if(sc, dst_if); 1961 if (bif == NULL) { 1962 /* Not a member of the bridge (anymore?) */ 1963 BRIDGE_UNLOCK(sc); 1964 m_freem(m); 1965 return; 1966 } 1967 1968 if ((bif->bif_flags & IFBIF_STP) && 1969 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1970 BRIDGE_UNLOCK(sc); 1971 m_freem(m); 1972 return; 1973 } 1974 1975 BRIDGE_UNLOCK(sc); 1976 1977 if (PFIL_HOOKED(&inet_pfil_hook) 1978 #ifdef INET6 1979 || PFIL_HOOKED(&inet6_pfil_hook) 1980 #endif 1981 ) { 1982 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1983 return; 1984 if (m == NULL) 1985 return; 1986 } 1987 1988 bridge_enqueue(sc, dst_if, m); 1989 } 1990 1991 /* 1992 * bridge_input: 1993 * 1994 * Receive input from a member interface. Queue the packet for 1995 * bridging if it is not for us. 1996 */ 1997 static struct mbuf * 1998 bridge_input(struct ifnet *ifp, struct mbuf *m) 1999 { 2000 struct bridge_softc *sc = ifp->if_bridge; 2001 struct bridge_iflist *bif, *bif2; 2002 struct ifnet *bifp; 2003 struct ether_header *eh; 2004 struct mbuf *mc, *mc2; 2005 2006 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2007 return (m); 2008 2009 bifp = sc->sc_ifp; 2010 2011 /* 2012 * Implement support for bridge monitoring. If this flag has been 2013 * set on this interface, discard the packet once we push it through 2014 * the bpf(4) machinery, but before we do, increment the byte and 2015 * packet counters associated with this interface. 2016 */ 2017 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2018 m->m_pkthdr.rcvif = bifp; 2019 BPF_MTAP(bifp, m); 2020 bifp->if_ipackets++; 2021 bifp->if_ibytes += m->m_pkthdr.len; 2022 m_freem(m); 2023 return (NULL); 2024 } 2025 BRIDGE_LOCK(sc); 2026 bif = bridge_lookup_member_if(sc, ifp); 2027 if (bif == NULL) { 2028 BRIDGE_UNLOCK(sc); 2029 return (m); 2030 } 2031 2032 eh = mtod(m, struct ether_header *); 2033 2034 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2035 ETHER_ADDR_LEN) == 0) { 2036 /* 2037 * If the packet is for us, set the packets source as the 2038 * bridge, and return the packet back to ether_input for 2039 * local processing. 2040 */ 2041 2042 /* Note where to send the reply to */ 2043 if (bif->bif_flags & IFBIF_LEARNING) 2044 (void) bridge_rtupdate(sc, 2045 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2046 2047 /* Mark the packet as arriving on the bridge interface */ 2048 m->m_pkthdr.rcvif = bifp; 2049 BPF_MTAP(bifp, m); 2050 bifp->if_ipackets++; 2051 2052 BRIDGE_UNLOCK(sc); 2053 return (m); 2054 } 2055 2056 bridge_span(sc, m); 2057 2058 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 2059 /* Tap off 802.1D packets; they do not get forwarded. */ 2060 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2061 ETHER_ADDR_LEN) == 0) { 2062 m = bstp_input(&bif->bif_stp, ifp, m); 2063 if (m == NULL) { 2064 BRIDGE_UNLOCK(sc); 2065 return (NULL); 2066 } 2067 } 2068 2069 if ((bif->bif_flags & IFBIF_STP) && 2070 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2071 BRIDGE_UNLOCK(sc); 2072 return (m); 2073 } 2074 2075 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 2076 sizeof(etherbroadcastaddr)) == 0) 2077 m->m_flags |= M_BCAST; 2078 else 2079 m->m_flags |= M_MCAST; 2080 2081 /* 2082 * Make a deep copy of the packet and enqueue the copy 2083 * for bridge processing; return the original packet for 2084 * local processing. 2085 */ 2086 mc = m_dup(m, M_DONTWAIT); 2087 if (mc == NULL) { 2088 BRIDGE_UNLOCK(sc); 2089 return (m); 2090 } 2091 2092 /* Perform the bridge forwarding function with the copy. */ 2093 bridge_forward(sc, mc); 2094 2095 /* 2096 * Reinject the mbuf as arriving on the bridge so we have a 2097 * chance at claiming multicast packets. We can not loop back 2098 * here from ether_input as a bridge is never a member of a 2099 * bridge. 2100 */ 2101 KASSERT(bifp->if_bridge == NULL, 2102 ("loop created in bridge_input")); 2103 mc2 = m_dup(m, M_DONTWAIT); 2104 if (mc2 != NULL) { 2105 /* Keep the layer3 header aligned */ 2106 int i = min(mc2->m_pkthdr.len, max_protohdr); 2107 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2108 } 2109 if (mc2 != NULL) { 2110 mc2->m_pkthdr.rcvif = bifp; 2111 (*bifp->if_input)(bifp, mc2); 2112 } 2113 2114 /* Return the original packet for local processing. */ 2115 return (m); 2116 } 2117 2118 if ((bif->bif_flags & IFBIF_STP) && 2119 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2120 BRIDGE_UNLOCK(sc); 2121 return (m); 2122 } 2123 2124 /* 2125 * Unicast. Make sure it's not for us. 2126 */ 2127 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2128 if (bif2->bif_ifp->if_type == IFT_GIF) 2129 continue; 2130 /* It is destined for us. */ 2131 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_dhost, 2132 ETHER_ADDR_LEN) == 0 2133 #ifdef DEV_CARP 2134 || (bif2->bif_ifp->if_carp 2135 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_dhost)) 2136 #endif 2137 ) { 2138 if (bif->bif_flags & IFBIF_LEARNING) 2139 (void) bridge_rtupdate(sc, 2140 eh->ether_shost, bif, 0, IFBAF_DYNAMIC); 2141 m->m_pkthdr.rcvif = bif2->bif_ifp; 2142 BRIDGE_UNLOCK(sc); 2143 return (m); 2144 } 2145 2146 /* We just received a packet that we sent out. */ 2147 if (memcmp(IF_LLADDR(bif2->bif_ifp), eh->ether_shost, 2148 ETHER_ADDR_LEN) == 0 2149 #ifdef DEV_CARP 2150 || (bif2->bif_ifp->if_carp 2151 && carp_forus(bif2->bif_ifp->if_carp, eh->ether_shost)) 2152 #endif 2153 ) { 2154 BRIDGE_UNLOCK(sc); 2155 m_freem(m); 2156 return (NULL); 2157 } 2158 } 2159 2160 /* Perform the bridge forwarding function. */ 2161 bridge_forward(sc, m); 2162 2163 return (NULL); 2164 } 2165 2166 /* 2167 * bridge_broadcast: 2168 * 2169 * Send a frame to all interfaces that are members of 2170 * the bridge, except for the one on which the packet 2171 * arrived. 2172 * 2173 * NOTE: Releases the lock on return. 2174 */ 2175 static void 2176 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2177 struct mbuf *m, int runfilt) 2178 { 2179 struct bridge_iflist *bif; 2180 struct mbuf *mc; 2181 struct ifnet *dst_if; 2182 int error = 0, used = 0, i; 2183 2184 BRIDGE_LOCK2REF(sc, error); 2185 if (error) { 2186 m_freem(m); 2187 return; 2188 } 2189 2190 /* Filter on the bridge interface before broadcasting */ 2191 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2192 #ifdef INET6 2193 || PFIL_HOOKED(&inet6_pfil_hook) 2194 #endif 2195 )) { 2196 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2197 goto out; 2198 if (m == NULL) 2199 goto out; 2200 } 2201 2202 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2203 dst_if = bif->bif_ifp; 2204 if (dst_if == src_if) 2205 continue; 2206 2207 if ((bif->bif_flags & IFBIF_STP) && 2208 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2209 continue; 2210 2211 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2212 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2213 continue; 2214 2215 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2216 continue; 2217 2218 if (LIST_NEXT(bif, bif_next) == NULL) { 2219 mc = m; 2220 used = 1; 2221 } else { 2222 mc = m_dup(m, M_DONTWAIT); 2223 if (mc == NULL) { 2224 sc->sc_ifp->if_oerrors++; 2225 continue; 2226 } 2227 } 2228 2229 /* 2230 * Filter on the output interface. Pass a NULL bridge interface 2231 * pointer so we do not redundantly filter on the bridge for 2232 * each interface we broadcast on. 2233 */ 2234 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2235 #ifdef INET6 2236 || PFIL_HOOKED(&inet6_pfil_hook) 2237 #endif 2238 )) { 2239 if (used == 0) { 2240 /* Keep the layer3 header aligned */ 2241 i = min(mc->m_pkthdr.len, max_protohdr); 2242 mc = m_copyup(mc, i, ETHER_ALIGN); 2243 if (mc == NULL) { 2244 sc->sc_ifp->if_oerrors++; 2245 continue; 2246 } 2247 } 2248 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2249 continue; 2250 if (mc == NULL) 2251 continue; 2252 } 2253 2254 bridge_enqueue(sc, dst_if, mc); 2255 } 2256 if (used == 0) 2257 m_freem(m); 2258 2259 out: 2260 BRIDGE_UNREF(sc); 2261 } 2262 2263 /* 2264 * bridge_span: 2265 * 2266 * Duplicate a packet out one or more interfaces that are in span mode, 2267 * the original mbuf is unmodified. 2268 */ 2269 static void 2270 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2271 { 2272 struct bridge_iflist *bif; 2273 struct ifnet *dst_if; 2274 struct mbuf *mc; 2275 2276 if (LIST_EMPTY(&sc->sc_spanlist)) 2277 return; 2278 2279 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2280 dst_if = bif->bif_ifp; 2281 2282 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2283 continue; 2284 2285 mc = m_copypacket(m, M_DONTWAIT); 2286 if (mc == NULL) { 2287 sc->sc_ifp->if_oerrors++; 2288 continue; 2289 } 2290 2291 bridge_enqueue(sc, dst_if, mc); 2292 } 2293 } 2294 2295 /* 2296 * bridge_rtupdate: 2297 * 2298 * Add a bridge routing entry. 2299 */ 2300 static int 2301 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2302 struct bridge_iflist *bif, int setflags, uint8_t flags) 2303 { 2304 struct bridge_rtnode *brt; 2305 struct ifnet *dst_if = bif->bif_ifp; 2306 int error; 2307 2308 BRIDGE_LOCK_ASSERT(sc); 2309 2310 /* 2311 * A route for this destination might already exist. If so, 2312 * update it, otherwise create a new one. 2313 */ 2314 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2315 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2316 sc->sc_brtexceeded++; 2317 return (ENOSPC); 2318 } 2319 2320 /* 2321 * Allocate a new bridge forwarding node, and 2322 * initialize the expiration time and Ethernet 2323 * address. 2324 */ 2325 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2326 if (brt == NULL) 2327 return (ENOMEM); 2328 2329 if (bif->bif_flags & IFBIF_STICKY) 2330 brt->brt_flags = IFBAF_STICKY; 2331 else 2332 brt->brt_flags = IFBAF_DYNAMIC; 2333 2334 brt->brt_ifp = dst_if; 2335 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2336 2337 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2338 uma_zfree(bridge_rtnode_zone, brt); 2339 return (error); 2340 } 2341 } 2342 2343 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2344 brt->brt_ifp = dst_if; 2345 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2346 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2347 if (setflags) 2348 brt->brt_flags = flags; 2349 2350 return (0); 2351 } 2352 2353 /* 2354 * bridge_rtlookup: 2355 * 2356 * Lookup the destination interface for an address. 2357 */ 2358 static struct ifnet * 2359 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2360 { 2361 struct bridge_rtnode *brt; 2362 2363 BRIDGE_LOCK_ASSERT(sc); 2364 2365 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2366 return (NULL); 2367 2368 return (brt->brt_ifp); 2369 } 2370 2371 /* 2372 * bridge_rttrim: 2373 * 2374 * Trim the routine table so that we have a number 2375 * of routing entries less than or equal to the 2376 * maximum number. 2377 */ 2378 static void 2379 bridge_rttrim(struct bridge_softc *sc) 2380 { 2381 struct bridge_rtnode *brt, *nbrt; 2382 2383 BRIDGE_LOCK_ASSERT(sc); 2384 2385 /* Make sure we actually need to do this. */ 2386 if (sc->sc_brtcnt <= sc->sc_brtmax) 2387 return; 2388 2389 /* Force an aging cycle; this might trim enough addresses. */ 2390 bridge_rtage(sc); 2391 if (sc->sc_brtcnt <= sc->sc_brtmax) 2392 return; 2393 2394 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2395 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2396 bridge_rtnode_destroy(sc, brt); 2397 if (sc->sc_brtcnt <= sc->sc_brtmax) 2398 return; 2399 } 2400 } 2401 } 2402 2403 /* 2404 * bridge_timer: 2405 * 2406 * Aging timer for the bridge. 2407 */ 2408 static void 2409 bridge_timer(void *arg) 2410 { 2411 struct bridge_softc *sc = arg; 2412 2413 BRIDGE_LOCK_ASSERT(sc); 2414 2415 bridge_rtage(sc); 2416 2417 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2418 callout_reset(&sc->sc_brcallout, 2419 bridge_rtable_prune_period * hz, bridge_timer, sc); 2420 } 2421 2422 /* 2423 * bridge_rtage: 2424 * 2425 * Perform an aging cycle. 2426 */ 2427 static void 2428 bridge_rtage(struct bridge_softc *sc) 2429 { 2430 struct bridge_rtnode *brt, *nbrt; 2431 2432 BRIDGE_LOCK_ASSERT(sc); 2433 2434 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2435 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2436 if (time_uptime >= brt->brt_expire) 2437 bridge_rtnode_destroy(sc, brt); 2438 } 2439 } 2440 } 2441 2442 /* 2443 * bridge_rtflush: 2444 * 2445 * Remove all dynamic addresses from the bridge. 2446 */ 2447 static void 2448 bridge_rtflush(struct bridge_softc *sc, int full) 2449 { 2450 struct bridge_rtnode *brt, *nbrt; 2451 2452 BRIDGE_LOCK_ASSERT(sc); 2453 2454 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2455 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2456 bridge_rtnode_destroy(sc, brt); 2457 } 2458 } 2459 2460 /* 2461 * bridge_rtdaddr: 2462 * 2463 * Remove an address from the table. 2464 */ 2465 static int 2466 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2467 { 2468 struct bridge_rtnode *brt; 2469 2470 BRIDGE_LOCK_ASSERT(sc); 2471 2472 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2473 return (ENOENT); 2474 2475 bridge_rtnode_destroy(sc, brt); 2476 return (0); 2477 } 2478 2479 /* 2480 * bridge_rtdelete: 2481 * 2482 * Delete routes to a speicifc member interface. 2483 */ 2484 static void 2485 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2486 { 2487 struct bridge_rtnode *brt, *nbrt; 2488 2489 BRIDGE_LOCK_ASSERT(sc); 2490 2491 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2492 if (brt->brt_ifp == ifp && (full || 2493 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2494 bridge_rtnode_destroy(sc, brt); 2495 } 2496 } 2497 2498 /* 2499 * bridge_rtable_init: 2500 * 2501 * Initialize the route table for this bridge. 2502 */ 2503 static int 2504 bridge_rtable_init(struct bridge_softc *sc) 2505 { 2506 int i; 2507 2508 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2509 M_DEVBUF, M_NOWAIT); 2510 if (sc->sc_rthash == NULL) 2511 return (ENOMEM); 2512 2513 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2514 LIST_INIT(&sc->sc_rthash[i]); 2515 2516 sc->sc_rthash_key = arc4random(); 2517 2518 LIST_INIT(&sc->sc_rtlist); 2519 2520 return (0); 2521 } 2522 2523 /* 2524 * bridge_rtable_fini: 2525 * 2526 * Deconstruct the route table for this bridge. 2527 */ 2528 static void 2529 bridge_rtable_fini(struct bridge_softc *sc) 2530 { 2531 2532 free(sc->sc_rthash, M_DEVBUF); 2533 } 2534 2535 /* 2536 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2537 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2538 */ 2539 #define mix(a, b, c) \ 2540 do { \ 2541 a -= b; a -= c; a ^= (c >> 13); \ 2542 b -= c; b -= a; b ^= (a << 8); \ 2543 c -= a; c -= b; c ^= (b >> 13); \ 2544 a -= b; a -= c; a ^= (c >> 12); \ 2545 b -= c; b -= a; b ^= (a << 16); \ 2546 c -= a; c -= b; c ^= (b >> 5); \ 2547 a -= b; a -= c; a ^= (c >> 3); \ 2548 b -= c; b -= a; b ^= (a << 10); \ 2549 c -= a; c -= b; c ^= (b >> 15); \ 2550 } while (/*CONSTCOND*/0) 2551 2552 static __inline uint32_t 2553 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2554 { 2555 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2556 2557 b += addr[5] << 8; 2558 b += addr[4]; 2559 a += addr[3] << 24; 2560 a += addr[2] << 16; 2561 a += addr[1] << 8; 2562 a += addr[0]; 2563 2564 mix(a, b, c); 2565 2566 return (c & BRIDGE_RTHASH_MASK); 2567 } 2568 2569 #undef mix 2570 2571 static int 2572 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2573 { 2574 int i, d; 2575 2576 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2577 d = ((int)a[i]) - ((int)b[i]); 2578 } 2579 2580 return (d); 2581 } 2582 2583 /* 2584 * bridge_rtnode_lookup: 2585 * 2586 * Look up a bridge route node for the specified destination. 2587 */ 2588 static struct bridge_rtnode * 2589 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2590 { 2591 struct bridge_rtnode *brt; 2592 uint32_t hash; 2593 int dir; 2594 2595 BRIDGE_LOCK_ASSERT(sc); 2596 2597 hash = bridge_rthash(sc, addr); 2598 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2599 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2600 if (dir == 0) 2601 return (brt); 2602 if (dir > 0) 2603 return (NULL); 2604 } 2605 2606 return (NULL); 2607 } 2608 2609 /* 2610 * bridge_rtnode_insert: 2611 * 2612 * Insert the specified bridge node into the route table. We 2613 * assume the entry is not already in the table. 2614 */ 2615 static int 2616 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2617 { 2618 struct bridge_rtnode *lbrt; 2619 uint32_t hash; 2620 int dir; 2621 2622 BRIDGE_LOCK_ASSERT(sc); 2623 2624 hash = bridge_rthash(sc, brt->brt_addr); 2625 2626 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2627 if (lbrt == NULL) { 2628 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2629 goto out; 2630 } 2631 2632 do { 2633 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2634 if (dir == 0) 2635 return (EEXIST); 2636 if (dir > 0) { 2637 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2638 goto out; 2639 } 2640 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2641 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2642 goto out; 2643 } 2644 lbrt = LIST_NEXT(lbrt, brt_hash); 2645 } while (lbrt != NULL); 2646 2647 #ifdef DIAGNOSTIC 2648 panic("bridge_rtnode_insert: impossible"); 2649 #endif 2650 2651 out: 2652 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2653 sc->sc_brtcnt++; 2654 2655 return (0); 2656 } 2657 2658 /* 2659 * bridge_rtnode_destroy: 2660 * 2661 * Destroy a bridge rtnode. 2662 */ 2663 static void 2664 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2665 { 2666 BRIDGE_LOCK_ASSERT(sc); 2667 2668 LIST_REMOVE(brt, brt_hash); 2669 2670 LIST_REMOVE(brt, brt_list); 2671 sc->sc_brtcnt--; 2672 uma_zfree(bridge_rtnode_zone, brt); 2673 } 2674 2675 /* 2676 * bridge_rtable_expire: 2677 * 2678 * Set the expiry time for all routes on an interface. 2679 */ 2680 static void 2681 bridge_rtable_expire(struct ifnet *ifp, int age) 2682 { 2683 struct bridge_softc *sc = ifp->if_bridge; 2684 struct bridge_rtnode *brt; 2685 2686 BRIDGE_LOCK(sc); 2687 2688 /* 2689 * If the age is zero then flush, otherwise set all the expiry times to 2690 * age for the interface 2691 */ 2692 if (age == 0) 2693 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2694 else { 2695 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2696 /* Cap the expiry time to 'age' */ 2697 if (brt->brt_ifp == ifp && 2698 brt->brt_expire > time_uptime + age && 2699 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2700 brt->brt_expire = time_uptime + age; 2701 } 2702 } 2703 BRIDGE_UNLOCK(sc); 2704 } 2705 2706 /* 2707 * bridge_state_change: 2708 * 2709 * Callback from the bridgestp code when a port changes states. 2710 */ 2711 static void 2712 bridge_state_change(struct ifnet *ifp, int state) 2713 { 2714 struct bridge_softc *sc = ifp->if_bridge; 2715 static const char *stpstates[] = { 2716 "disabled", 2717 "listening", 2718 "learning", 2719 "forwarding", 2720 "blocking", 2721 "discarding" 2722 }; 2723 2724 if (log_stp) 2725 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2726 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2727 } 2728 2729 /* 2730 * Send bridge packets through pfil if they are one of the types pfil can deal 2731 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2732 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2733 * that interface. 2734 */ 2735 static int 2736 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2737 { 2738 int snap, error, i, hlen; 2739 struct ether_header *eh1, eh2; 2740 struct ip_fw_args args; 2741 struct ip *ip; 2742 struct llc llc1; 2743 u_int16_t ether_type; 2744 2745 snap = 0; 2746 error = -1; /* Default error if not error == 0 */ 2747 2748 /* we may return with the IP fields swapped, ensure its not shared */ 2749 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2750 2751 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2752 return (0); /* filtering is disabled */ 2753 2754 i = min((*mp)->m_pkthdr.len, max_protohdr); 2755 if ((*mp)->m_len < i) { 2756 *mp = m_pullup(*mp, i); 2757 if (*mp == NULL) { 2758 printf("%s: m_pullup failed\n", __func__); 2759 return (-1); 2760 } 2761 } 2762 2763 eh1 = mtod(*mp, struct ether_header *); 2764 ether_type = ntohs(eh1->ether_type); 2765 2766 /* 2767 * Check for SNAP/LLC. 2768 */ 2769 if (ether_type < ETHERMTU) { 2770 struct llc *llc2 = (struct llc *)(eh1 + 1); 2771 2772 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2773 llc2->llc_dsap == LLC_SNAP_LSAP && 2774 llc2->llc_ssap == LLC_SNAP_LSAP && 2775 llc2->llc_control == LLC_UI) { 2776 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2777 snap = 1; 2778 } 2779 } 2780 2781 /* 2782 * If we're trying to filter bridge traffic, don't look at anything 2783 * other than IP and ARP traffic. If the filter doesn't understand 2784 * IPv6, don't allow IPv6 through the bridge either. This is lame 2785 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2786 * but of course we don't have an AppleTalk filter to begin with. 2787 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2788 * ARP traffic.) 2789 */ 2790 switch (ether_type) { 2791 case ETHERTYPE_ARP: 2792 case ETHERTYPE_REVARP: 2793 if (pfil_ipfw_arp == 0) 2794 return (0); /* Automatically pass */ 2795 break; 2796 2797 case ETHERTYPE_IP: 2798 #ifdef INET6 2799 case ETHERTYPE_IPV6: 2800 #endif /* INET6 */ 2801 break; 2802 default: 2803 /* 2804 * Check to see if the user wants to pass non-ip 2805 * packets, these will not be checked by pfil(9) and 2806 * passed unconditionally so the default is to drop. 2807 */ 2808 if (pfil_onlyip) 2809 goto bad; 2810 } 2811 2812 /* Strip off the Ethernet header and keep a copy. */ 2813 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2814 m_adj(*mp, ETHER_HDR_LEN); 2815 2816 /* Strip off snap header, if present */ 2817 if (snap) { 2818 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2819 m_adj(*mp, sizeof(struct llc)); 2820 } 2821 2822 /* 2823 * Check the IP header for alignment and errors 2824 */ 2825 if (dir == PFIL_IN) { 2826 switch (ether_type) { 2827 case ETHERTYPE_IP: 2828 error = bridge_ip_checkbasic(mp); 2829 break; 2830 #ifdef INET6 2831 case ETHERTYPE_IPV6: 2832 error = bridge_ip6_checkbasic(mp); 2833 break; 2834 #endif /* INET6 */ 2835 default: 2836 error = 0; 2837 } 2838 if (error) 2839 goto bad; 2840 } 2841 2842 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2843 error = -1; 2844 args.rule = ip_dn_claim_rule(*mp); 2845 if (args.rule != NULL && fw_one_pass) 2846 goto ipfwpass; /* packet already partially processed */ 2847 2848 args.m = *mp; 2849 args.oif = ifp; 2850 args.next_hop = NULL; 2851 args.eh = &eh2; 2852 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2853 i = ip_fw_chk_ptr(&args); 2854 *mp = args.m; 2855 2856 if (*mp == NULL) 2857 return (error); 2858 2859 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2860 2861 /* put the Ethernet header back on */ 2862 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2863 if (*mp == NULL) 2864 return (error); 2865 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2866 2867 /* 2868 * Pass the pkt to dummynet, which consumes it. The 2869 * packet will return to us via bridge_dummynet(). 2870 */ 2871 args.oif = ifp; 2872 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2873 return (error); 2874 } 2875 2876 if (i != IP_FW_PASS) /* drop */ 2877 goto bad; 2878 } 2879 2880 ipfwpass: 2881 error = 0; 2882 2883 /* 2884 * Run the packet through pfil 2885 */ 2886 switch (ether_type) { 2887 case ETHERTYPE_IP: 2888 /* 2889 * before calling the firewall, swap fields the same as 2890 * IP does. here we assume the header is contiguous 2891 */ 2892 ip = mtod(*mp, struct ip *); 2893 2894 ip->ip_len = ntohs(ip->ip_len); 2895 ip->ip_off = ntohs(ip->ip_off); 2896 2897 /* 2898 * Run pfil on the member interface and the bridge, both can 2899 * be skipped by clearing pfil_member or pfil_bridge. 2900 * 2901 * Keep the order: 2902 * in_if -> bridge_if -> out_if 2903 */ 2904 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2905 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2906 dir, NULL); 2907 2908 if (*mp == NULL || error != 0) /* filter may consume */ 2909 break; 2910 2911 if (pfil_member && ifp != NULL) 2912 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2913 dir, NULL); 2914 2915 if (*mp == NULL || error != 0) /* filter may consume */ 2916 break; 2917 2918 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2919 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2920 dir, NULL); 2921 2922 if (*mp == NULL || error != 0) /* filter may consume */ 2923 break; 2924 2925 /* check if we need to fragment the packet */ 2926 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2927 i = (*mp)->m_pkthdr.len; 2928 if (i > ifp->if_mtu) { 2929 error = bridge_fragment(ifp, *mp, &eh2, snap, 2930 &llc1); 2931 return (error); 2932 } 2933 } 2934 2935 /* Recalculate the ip checksum and restore byte ordering */ 2936 ip = mtod(*mp, struct ip *); 2937 hlen = ip->ip_hl << 2; 2938 if (hlen < sizeof(struct ip)) 2939 goto bad; 2940 if (hlen > (*mp)->m_len) { 2941 if ((*mp = m_pullup(*mp, hlen)) == 0) 2942 goto bad; 2943 ip = mtod(*mp, struct ip *); 2944 if (ip == NULL) 2945 goto bad; 2946 } 2947 ip->ip_len = htons(ip->ip_len); 2948 ip->ip_off = htons(ip->ip_off); 2949 ip->ip_sum = 0; 2950 if (hlen == sizeof(struct ip)) 2951 ip->ip_sum = in_cksum_hdr(ip); 2952 else 2953 ip->ip_sum = in_cksum(*mp, hlen); 2954 2955 break; 2956 #ifdef INET6 2957 case ETHERTYPE_IPV6: 2958 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2959 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2960 dir, NULL); 2961 2962 if (*mp == NULL || error != 0) /* filter may consume */ 2963 break; 2964 2965 if (pfil_member && ifp != NULL) 2966 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2967 dir, NULL); 2968 2969 if (*mp == NULL || error != 0) /* filter may consume */ 2970 break; 2971 2972 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2973 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2974 dir, NULL); 2975 break; 2976 #endif 2977 default: 2978 error = 0; 2979 break; 2980 } 2981 2982 if (*mp == NULL) 2983 return (error); 2984 if (error != 0) 2985 goto bad; 2986 2987 error = -1; 2988 2989 /* 2990 * Finally, put everything back the way it was and return 2991 */ 2992 if (snap) { 2993 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2994 if (*mp == NULL) 2995 return (error); 2996 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2997 } 2998 2999 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3000 if (*mp == NULL) 3001 return (error); 3002 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3003 3004 return (0); 3005 3006 bad: 3007 m_freem(*mp); 3008 *mp = NULL; 3009 return (error); 3010 } 3011 3012 /* 3013 * Perform basic checks on header size since 3014 * pfil assumes ip_input has already processed 3015 * it for it. Cut-and-pasted from ip_input.c. 3016 * Given how simple the IPv6 version is, 3017 * does the IPv4 version really need to be 3018 * this complicated? 3019 * 3020 * XXX Should we update ipstat here, or not? 3021 * XXX Right now we update ipstat but not 3022 * XXX csum_counter. 3023 */ 3024 static int 3025 bridge_ip_checkbasic(struct mbuf **mp) 3026 { 3027 struct mbuf *m = *mp; 3028 struct ip *ip; 3029 int len, hlen; 3030 u_short sum; 3031 3032 if (*mp == NULL) 3033 return (-1); 3034 3035 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3036 if ((m = m_copyup(m, sizeof(struct ip), 3037 (max_linkhdr + 3) & ~3)) == NULL) { 3038 /* XXXJRT new stat, please */ 3039 ipstat.ips_toosmall++; 3040 goto bad; 3041 } 3042 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3043 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3044 ipstat.ips_toosmall++; 3045 goto bad; 3046 } 3047 } 3048 ip = mtod(m, struct ip *); 3049 if (ip == NULL) goto bad; 3050 3051 if (ip->ip_v != IPVERSION) { 3052 ipstat.ips_badvers++; 3053 goto bad; 3054 } 3055 hlen = ip->ip_hl << 2; 3056 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3057 ipstat.ips_badhlen++; 3058 goto bad; 3059 } 3060 if (hlen > m->m_len) { 3061 if ((m = m_pullup(m, hlen)) == 0) { 3062 ipstat.ips_badhlen++; 3063 goto bad; 3064 } 3065 ip = mtod(m, struct ip *); 3066 if (ip == NULL) goto bad; 3067 } 3068 3069 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3070 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3071 } else { 3072 if (hlen == sizeof(struct ip)) { 3073 sum = in_cksum_hdr(ip); 3074 } else { 3075 sum = in_cksum(m, hlen); 3076 } 3077 } 3078 if (sum) { 3079 ipstat.ips_badsum++; 3080 goto bad; 3081 } 3082 3083 /* Retrieve the packet length. */ 3084 len = ntohs(ip->ip_len); 3085 3086 /* 3087 * Check for additional length bogosity 3088 */ 3089 if (len < hlen) { 3090 ipstat.ips_badlen++; 3091 goto bad; 3092 } 3093 3094 /* 3095 * Check that the amount of data in the buffers 3096 * is as at least much as the IP header would have us expect. 3097 * Drop packet if shorter than we expect. 3098 */ 3099 if (m->m_pkthdr.len < len) { 3100 ipstat.ips_tooshort++; 3101 goto bad; 3102 } 3103 3104 /* Checks out, proceed */ 3105 *mp = m; 3106 return (0); 3107 3108 bad: 3109 *mp = m; 3110 return (-1); 3111 } 3112 3113 #ifdef INET6 3114 /* 3115 * Same as above, but for IPv6. 3116 * Cut-and-pasted from ip6_input.c. 3117 * XXX Should we update ip6stat, or not? 3118 */ 3119 static int 3120 bridge_ip6_checkbasic(struct mbuf **mp) 3121 { 3122 struct mbuf *m = *mp; 3123 struct ip6_hdr *ip6; 3124 3125 /* 3126 * If the IPv6 header is not aligned, slurp it up into a new 3127 * mbuf with space for link headers, in the event we forward 3128 * it. Otherwise, if it is aligned, make sure the entire base 3129 * IPv6 header is in the first mbuf of the chain. 3130 */ 3131 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3132 struct ifnet *inifp = m->m_pkthdr.rcvif; 3133 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3134 (max_linkhdr + 3) & ~3)) == NULL) { 3135 /* XXXJRT new stat, please */ 3136 ip6stat.ip6s_toosmall++; 3137 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3138 goto bad; 3139 } 3140 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3141 struct ifnet *inifp = m->m_pkthdr.rcvif; 3142 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3143 ip6stat.ip6s_toosmall++; 3144 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3145 goto bad; 3146 } 3147 } 3148 3149 ip6 = mtod(m, struct ip6_hdr *); 3150 3151 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3152 ip6stat.ip6s_badvers++; 3153 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3154 goto bad; 3155 } 3156 3157 /* Checks out, proceed */ 3158 *mp = m; 3159 return (0); 3160 3161 bad: 3162 *mp = m; 3163 return (-1); 3164 } 3165 #endif /* INET6 */ 3166 3167 /* 3168 * bridge_fragment: 3169 * 3170 * Return a fragmented mbuf chain. 3171 */ 3172 static int 3173 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3174 int snap, struct llc *llc) 3175 { 3176 struct mbuf *m0; 3177 struct ip *ip; 3178 int error = -1; 3179 3180 if (m->m_len < sizeof(struct ip) && 3181 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3182 goto out; 3183 ip = mtod(m, struct ip *); 3184 3185 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3186 CSUM_DELAY_IP); 3187 if (error) 3188 goto out; 3189 3190 /* walk the chain and re-add the Ethernet header */ 3191 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3192 if (error == 0) { 3193 if (snap) { 3194 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3195 if (m0 == NULL) { 3196 error = ENOBUFS; 3197 continue; 3198 } 3199 bcopy(llc, mtod(m0, caddr_t), 3200 sizeof(struct llc)); 3201 } 3202 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3203 if (m0 == NULL) { 3204 error = ENOBUFS; 3205 continue; 3206 } 3207 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3208 } else 3209 m_freem(m); 3210 } 3211 3212 if (error == 0) 3213 ipstat.ips_fragmented++; 3214 3215 return (error); 3216 3217 out: 3218 if (m != NULL) 3219 m_freem(m); 3220 return (error); 3221 } 3222