1 /* 2 * Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 30 * $FreeBSD$ 31 */ 32 33 #include "opt_atalk.h" 34 #include "opt_inet.h" 35 #include "opt_inet6.h" 36 #include "opt_ipx.h" 37 #include "opt_bdg.h" 38 #include "opt_mac.h" 39 #include "opt_netgraph.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/kernel.h> 44 #include <sys/mac.h> 45 #include <sys/malloc.h> 46 #include <sys/module.h> 47 #include <sys/mbuf.h> 48 #include <sys/random.h> 49 #include <sys/socket.h> 50 #include <sys/sockio.h> 51 #include <sys/sysctl.h> 52 53 #include <net/if.h> 54 #include <net/if_arp.h> 55 #include <net/netisr.h> 56 #include <net/route.h> 57 #include <net/if_llc.h> 58 #include <net/if_dl.h> 59 #include <net/if_types.h> 60 #include <net/bpf.h> 61 #include <net/ethernet.h> 62 #include <net/bridge.h> 63 #include <net/if_vlan_var.h> 64 65 #if defined(INET) || defined(INET6) 66 #include <netinet/in.h> 67 #include <netinet/in_var.h> 68 #include <netinet/if_ether.h> 69 #include <netinet/ip_fw.h> 70 #include <netinet/ip_dummynet.h> 71 #endif 72 #ifdef INET6 73 #include <netinet6/nd6.h> 74 #endif 75 76 #ifdef IPX 77 #include <netipx/ipx.h> 78 #include <netipx/ipx_if.h> 79 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 80 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, 81 struct sockaddr *dst, short *tp, int *hlen); 82 #endif 83 84 #ifdef NETATALK 85 #include <netatalk/at.h> 86 #include <netatalk/at_var.h> 87 #include <netatalk/at_extern.h> 88 89 #define llc_snap_org_code llc_un.type_snap.org_code 90 #define llc_snap_ether_type llc_un.type_snap.ether_type 91 92 extern u_char at_org_code[3]; 93 extern u_char aarp_org_code[3]; 94 #endif /* NETATALK */ 95 96 /* netgraph node hooks for ng_ether(4) */ 97 void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp); 98 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m); 99 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 100 void (*ng_ether_attach_p)(struct ifnet *ifp); 101 void (*ng_ether_detach_p)(struct ifnet *ifp); 102 103 void (*vlan_input_p)(struct ifnet *, struct mbuf *); 104 105 /* bridge support */ 106 int do_bridge; 107 bridge_in_t *bridge_in_ptr; 108 bdg_forward_t *bdg_forward_ptr; 109 bdgtakeifaces_t *bdgtakeifaces_ptr; 110 struct bdg_softc *ifp2sc; 111 112 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 113 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 114 115 static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 116 struct sockaddr *); 117 118 #define senderr(e) do { error = (e); goto bad;} while (0) 119 120 #if defined(INET) || defined(INET6) 121 int 122 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 123 struct ip_fw **rule, int shared); 124 static int ether_ipfw; 125 #endif 126 127 /* 128 * Ethernet output routine. 129 * Encapsulate a packet of type family for the local net. 130 * Use trailer local net encapsulation if enough data in first 131 * packet leaves a multiple of 512 bytes of data in remainder. 132 * Assumes that ifp is actually pointer to arpcom structure. 133 */ 134 int 135 ether_output(struct ifnet *ifp, struct mbuf *m, 136 struct sockaddr *dst, struct rtentry *rt0) 137 { 138 short type; 139 int error, hdrcmplt = 0; 140 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 141 struct ether_header *eh; 142 int loop_copy = 0; 143 int hlen; /* link layer header length */ 144 145 #ifdef MAC 146 error = mac_check_ifnet_transmit(ifp, m); 147 if (error) 148 senderr(error); 149 #endif 150 151 if (ifp->if_flags & IFF_MONITOR) 152 senderr(ENETDOWN); 153 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 154 senderr(ENETDOWN); 155 156 hlen = ETHER_HDR_LEN; 157 switch (dst->sa_family) { 158 #ifdef INET 159 case AF_INET: 160 error = arpresolve(ifp, rt0, m, dst, edst); 161 if (error) 162 return (error == EWOULDBLOCK ? 0 : error); 163 type = htons(ETHERTYPE_IP); 164 break; 165 case AF_ARP: 166 { 167 struct arphdr *ah; 168 ah = mtod(m, struct arphdr *); 169 ah->ar_hrd = htons(ARPHRD_ETHER); 170 171 loop_copy = -1; /* if this is for us, don't do it */ 172 173 switch(ntohs(ah->ar_op)) { 174 case ARPOP_REVREQUEST: 175 case ARPOP_REVREPLY: 176 type = htons(ETHERTYPE_REVARP); 177 break; 178 case ARPOP_REQUEST: 179 case ARPOP_REPLY: 180 default: 181 type = htons(ETHERTYPE_ARP); 182 break; 183 } 184 185 if (m->m_flags & M_BCAST) 186 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 187 else 188 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 189 190 } 191 break; 192 #endif 193 #ifdef INET6 194 case AF_INET6: 195 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char *)edst); 196 if (error) 197 return error; 198 type = htons(ETHERTYPE_IPV6); 199 break; 200 #endif 201 #ifdef IPX 202 case AF_IPX: 203 if (ef_outputp) { 204 error = ef_outputp(ifp, &m, dst, &type, &hlen); 205 if (error) 206 goto bad; 207 } else 208 type = htons(ETHERTYPE_IPX); 209 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 210 (caddr_t)edst, sizeof (edst)); 211 break; 212 #endif 213 #ifdef NETATALK 214 case AF_APPLETALK: 215 { 216 struct at_ifaddr *aa; 217 218 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) 219 senderr(EHOSTUNREACH); /* XXX */ 220 if (!aarpresolve(ifp, m, (struct sockaddr_at *)dst, edst)) 221 return (0); 222 /* 223 * In the phase 2 case, need to prepend an mbuf for the llc header. 224 */ 225 if ( aa->aa_flags & AFA_PHASE2 ) { 226 struct llc llc; 227 228 M_PREPEND(m, LLC_SNAPFRAMELEN, M_TRYWAIT); 229 if (m == NULL) 230 senderr(ENOBUFS); 231 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 232 llc.llc_control = LLC_UI; 233 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 234 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 235 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 236 type = htons(m->m_pkthdr.len); 237 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 238 } else { 239 type = htons(ETHERTYPE_AT); 240 } 241 break; 242 } 243 #endif /* NETATALK */ 244 245 case pseudo_AF_HDRCMPLT: 246 hdrcmplt = 1; 247 eh = (struct ether_header *)dst->sa_data; 248 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 249 /* FALLTHROUGH */ 250 251 case AF_UNSPEC: 252 loop_copy = -1; /* if this is for us, don't do it */ 253 eh = (struct ether_header *)dst->sa_data; 254 (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 255 type = eh->ether_type; 256 break; 257 258 default: 259 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 260 senderr(EAFNOSUPPORT); 261 } 262 263 /* 264 * Add local net header. If no space in first mbuf, 265 * allocate another. 266 */ 267 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 268 if (m == NULL) 269 senderr(ENOBUFS); 270 eh = mtod(m, struct ether_header *); 271 (void)memcpy(&eh->ether_type, &type, 272 sizeof(eh->ether_type)); 273 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 274 if (hdrcmplt) 275 (void)memcpy(eh->ether_shost, esrc, 276 sizeof(eh->ether_shost)); 277 else 278 (void)memcpy(eh->ether_shost, IFP2AC(ifp)->ac_enaddr, 279 sizeof(eh->ether_shost)); 280 281 /* 282 * If a simplex interface, and the packet is being sent to our 283 * Ethernet address or a broadcast address, loopback a copy. 284 * XXX To make a simplex device behave exactly like a duplex 285 * device, we should copy in the case of sending to our own 286 * ethernet address (thus letting the original actually appear 287 * on the wire). However, we don't do that here for security 288 * reasons and compatibility with the original behavior. 289 */ 290 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) { 291 int csum_flags = 0; 292 293 if (m->m_pkthdr.csum_flags & CSUM_IP) 294 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID); 295 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 296 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); 297 298 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) { 299 struct mbuf *n; 300 301 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 302 n->m_pkthdr.csum_flags |= csum_flags; 303 if (csum_flags & CSUM_DATA_VALID) 304 n->m_pkthdr.csum_data = 0xffff; 305 (void)if_simloop(ifp, n, dst->sa_family, hlen); 306 } else 307 ifp->if_iqdrops++; 308 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 309 ETHER_ADDR_LEN) == 0) { 310 m->m_pkthdr.csum_flags |= csum_flags; 311 if (csum_flags & CSUM_DATA_VALID) 312 m->m_pkthdr.csum_data = 0xffff; 313 (void) if_simloop(ifp, m, dst->sa_family, hlen); 314 return (0); /* XXX */ 315 } 316 } 317 318 /* Handle ng_ether(4) processing, if any */ 319 if (ng_ether_output_p != NULL) { 320 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 321 bad: if (m != NULL) 322 m_freem(m); 323 return (error); 324 } 325 if (m == NULL) 326 return (0); 327 } 328 329 /* Continue with link-layer output */ 330 return ether_output_frame(ifp, m); 331 } 332 333 /* 334 * Ethernet link layer output routine to send a raw frame to the device. 335 * 336 * This assumes that the 14 byte Ethernet header is present and contiguous 337 * in the first mbuf (if BRIDGE'ing). 338 */ 339 int 340 ether_output_frame(struct ifnet *ifp, struct mbuf *m) 341 { 342 #if defined(INET) || defined(INET6) 343 struct ip_fw *rule = ip_dn_claim_rule(m); 344 #else 345 void *rule = NULL; 346 #endif 347 int error; 348 349 if (rule == NULL && BDG_ACTIVE(ifp)) { 350 /* 351 * Beware, the bridge code notices the null rcvif and 352 * uses that identify that it's being called from 353 * ether_output as opposd to ether_input. Yech. 354 */ 355 m->m_pkthdr.rcvif = NULL; 356 m = bdg_forward_ptr(m, ifp); 357 if (m != NULL) 358 m_freem(m); 359 return (0); 360 } 361 #if defined(INET) || defined(INET6) 362 if (IPFW_LOADED && ether_ipfw != 0) { 363 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 364 if (m) { 365 m_freem(m); 366 return EACCES; /* pkt dropped */ 367 } else 368 return 0; /* consumed e.g. in a pipe */ 369 } 370 } 371 #endif 372 373 /* 374 * Queue message on interface, update output statistics if 375 * successful, and start output if interface not yet active. 376 */ 377 IFQ_HANDOFF(ifp, m, error); 378 return (error); 379 } 380 381 #if defined(INET) || defined(INET6) 382 /* 383 * ipfw processing for ethernet packets (in and out). 384 * The second parameter is NULL from ether_demux, and ifp from 385 * ether_output_frame. This section of code could be used from 386 * bridge.c as well as long as we use some extra info 387 * to distinguish that case from ether_output_frame(); 388 */ 389 int 390 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 391 struct ip_fw **rule, int shared) 392 { 393 struct ether_header *eh; 394 struct ether_header save_eh; 395 struct mbuf *m; 396 int i; 397 struct ip_fw_args args; 398 399 if (*rule != NULL && fw_one_pass) 400 return 1; /* dummynet packet, already partially processed */ 401 402 /* 403 * I need some amt of data to be contiguous, and in case others need 404 * the packet (shared==1) also better be in the first mbuf. 405 */ 406 m = *m0; 407 i = min( m->m_pkthdr.len, max_protohdr); 408 if ( shared || m->m_len < i) { 409 m = m_pullup(m, i); 410 if (m == NULL) { 411 *m0 = m; 412 return 0; 413 } 414 } 415 eh = mtod(m, struct ether_header *); 416 save_eh = *eh; /* save copy for restore below */ 417 m_adj(m, ETHER_HDR_LEN); /* strip ethernet header */ 418 419 args.m = m; /* the packet we are looking at */ 420 args.oif = dst; /* destination, if any */ 421 args.rule = *rule; /* matching rule to restart */ 422 args.next_hop = NULL; /* we do not support forward yet */ 423 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 424 i = ip_fw_chk_ptr(&args); 425 m = args.m; 426 if (m != NULL) { 427 /* 428 * Restore Ethernet header, as needed, in case the 429 * mbuf chain was replaced by ipfw. 430 */ 431 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 432 if (m == NULL) { 433 *m0 = m; 434 return 0; 435 } 436 if (eh != mtod(m, struct ether_header *)) 437 bcopy(&save_eh, mtod(m, struct ether_header *), 438 ETHER_HDR_LEN); 439 } 440 *m0 = m; 441 *rule = args.rule; 442 443 if ( (i & IP_FW_PORT_DENY_FLAG) || m == NULL) /* drop */ 444 return 0; 445 446 if (i == 0) /* a PASS rule. */ 447 return 1; 448 449 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 450 /* 451 * Pass the pkt to dummynet, which consumes it. 452 * If shared, make a copy and keep the original. 453 */ 454 if (shared) { 455 m = m_copypacket(m, M_DONTWAIT); 456 if (m == NULL) 457 return 0; 458 } else { 459 /* 460 * Pass the original to dummynet and 461 * nothing back to the caller 462 */ 463 *m0 = NULL ; 464 } 465 ip_dn_io_ptr(m, (i & 0xffff), 466 dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 467 return 0; 468 } 469 /* 470 * XXX at some point add support for divert/forward actions. 471 * If none of the above matches, we have to drop the pkt. 472 */ 473 return 0; 474 } 475 #endif 476 477 /* 478 * Process a received Ethernet packet; the packet is in the 479 * mbuf chain m with the ethernet header at the front. 480 */ 481 static void 482 ether_input(struct ifnet *ifp, struct mbuf *m) 483 { 484 struct ether_header *eh; 485 u_short etype; 486 487 /* 488 * Do consistency checks to verify assumptions 489 * made by code past this point. 490 */ 491 if ((m->m_flags & M_PKTHDR) == 0) { 492 if_printf(ifp, "discard frame w/o packet header\n"); 493 ifp->if_ierrors++; 494 m_freem(m); 495 return; 496 } 497 if (m->m_len < ETHER_HDR_LEN) { 498 /* XXX maybe should pullup? */ 499 if_printf(ifp, "discard frame w/o leading ethernet " 500 "header (len %u pkt len %u)\n", 501 m->m_len, m->m_pkthdr.len); 502 ifp->if_ierrors++; 503 m_freem(m); 504 return; 505 } 506 eh = mtod(m, struct ether_header *); 507 etype = ntohs(eh->ether_type); 508 if (m->m_pkthdr.len > 509 ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS)) { 510 if_printf(ifp, "discard oversize frame " 511 "(ether type %x flags %x len %u > max %lu)\n", 512 etype, m->m_flags, m->m_pkthdr.len, 513 ETHER_MAX_FRAME(ifp, etype, 514 m->m_flags & M_HASFCS)); 515 ifp->if_ierrors++; 516 m_freem(m); 517 return; 518 } 519 if (m->m_pkthdr.rcvif == NULL) { 520 if_printf(ifp, "discard frame w/o interface pointer\n"); 521 ifp->if_ierrors++; 522 m_freem(m); 523 return; 524 } 525 #ifdef DIAGNOSTIC 526 if (m->m_pkthdr.rcvif != ifp) { 527 if_printf(ifp, "Warning, frame marked as received on %s\n", 528 m->m_pkthdr.rcvif->if_xname); 529 } 530 #endif 531 532 #ifdef MAC 533 /* 534 * Tag the mbuf with an appropriate MAC label before any other 535 * consumers can get to it. 536 */ 537 mac_create_mbuf_from_ifnet(ifp, m); 538 #endif 539 540 /* 541 * Give bpf a chance at the packet. 542 */ 543 BPF_MTAP(ifp, m); 544 545 if (ifp->if_flags & IFF_MONITOR) { 546 /* 547 * Interface marked for monitoring; discard packet. 548 */ 549 m_freem(m); 550 return; 551 } 552 553 /* If the CRC is still on the packet, trim it off. */ 554 if (m->m_flags & M_HASFCS) { 555 m_adj(m, -ETHER_CRC_LEN); 556 m->m_flags &= ~M_HASFCS; 557 } 558 559 ifp->if_ibytes += m->m_pkthdr.len; 560 561 /* Handle ng_ether(4) processing, if any */ 562 if (ng_ether_input_p != NULL) { 563 (*ng_ether_input_p)(ifp, &m); 564 if (m == NULL) 565 return; 566 } 567 568 /* Check for bridging mode */ 569 if (BDG_ACTIVE(ifp) ) { 570 struct ifnet *bif; 571 572 /* 573 * Check with bridging code to see how the packet 574 * should be handled. Possibilities are: 575 * 576 * BDG_BCAST broadcast 577 * BDG_MCAST multicast 578 * BDG_LOCAL for local address, don't forward 579 * BDG_DROP discard 580 * ifp forward only to specified interface(s) 581 * 582 * Non-local destinations are handled by passing the 583 * packet back to the bridge code. 584 */ 585 bif = bridge_in_ptr(ifp, eh); 586 if (bif == BDG_DROP) { /* discard packet */ 587 m_freem(m); 588 return; 589 } 590 if (bif != BDG_LOCAL) { /* non-local, forward */ 591 m = bdg_forward_ptr(m, bif); 592 /* 593 * The bridge may consume the packet if it's not 594 * supposed to be passed up or if a problem occurred 595 * while doing its job. This is reflected by it 596 * returning a NULL mbuf pointer. 597 */ 598 if (m == NULL) { 599 if (bif == BDG_BCAST || bif == BDG_MCAST) 600 if_printf(ifp, 601 "bridge dropped %s packet\n", 602 bif == BDG_BCAST ? "broadcast" : 603 "multicast"); 604 return; 605 } 606 /* 607 * But in some cases the bridge may return the 608 * packet for us to free; sigh. 609 */ 610 if (bif != BDG_BCAST && bif != BDG_MCAST) { 611 m_freem(m); 612 return; 613 } 614 } 615 } 616 617 ether_demux(ifp, m); 618 /* First chunk of an mbuf contains good entropy */ 619 if (harvest.ethernet) 620 random_harvest(m, 16, 3, 0, RANDOM_NET); 621 } 622 623 /* 624 * Upper layer processing for a received Ethernet packet. 625 */ 626 void 627 ether_demux(struct ifnet *ifp, struct mbuf *m) 628 { 629 struct ether_header *eh; 630 int isr; 631 u_short ether_type; 632 #if defined(NETATALK) 633 struct llc *l; 634 #endif 635 #if defined(INET) || defined(INET6) 636 struct ip_fw *rule = ip_dn_claim_rule(m); 637 #endif 638 639 KASSERT(ifp != NULL, ("ether_demux: NULL interface pointer")); 640 641 eh = mtod(m, struct ether_header *); 642 ether_type = ntohs(eh->ether_type); 643 644 #if defined(INET) || defined(INET6) 645 if (rule) /* packet was already bridged */ 646 goto post_stats; 647 #endif 648 649 if (!(BDG_ACTIVE(ifp)) && 650 !(ether_type == ETHERTYPE_VLAN && ifp->if_nvlans > 0)) { 651 /* 652 * Discard packet if upper layers shouldn't see it because it 653 * was unicast to a different Ethernet address. If the driver 654 * is working properly, then this situation can only happen 655 * when the interface is in promiscuous mode. 656 * 657 * If VLANs are active, and this packet has a VLAN tag, do 658 * not drop it here but pass it on to the VLAN layer, to 659 * give them a chance to consider it as well (e. g. in case 660 * bridging is only active on a VLAN). They will drop it if 661 * it's undesired. 662 */ 663 if ((ifp->if_flags & IFF_PROMISC) != 0 664 && (eh->ether_dhost[0] & 1) == 0 665 && bcmp(eh->ether_dhost, 666 IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0 667 && (ifp->if_flags & IFF_PPROMISC) == 0) { 668 m_freem(m); 669 return; 670 } 671 } 672 673 /* Discard packet if interface is not up */ 674 if ((ifp->if_flags & IFF_UP) == 0) { 675 m_freem(m); 676 return; 677 } 678 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 679 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 680 sizeof(etherbroadcastaddr)) == 0) 681 m->m_flags |= M_BCAST; 682 else 683 m->m_flags |= M_MCAST; 684 } 685 if (m->m_flags & (M_BCAST|M_MCAST)) 686 ifp->if_imcasts++; 687 688 #if defined(INET) || defined(INET6) 689 post_stats: 690 if (IPFW_LOADED && ether_ipfw != 0) { 691 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 692 if (m) 693 m_freem(m); 694 return; 695 } 696 } 697 #endif 698 699 /* 700 * If VLANs are configured on the interface, check to 701 * see if the device performed the decapsulation and 702 * provided us with the tag. 703 */ 704 if (ifp->if_nvlans && 705 m_tag_locate(m, MTAG_VLAN, MTAG_VLAN_TAG, NULL) != NULL) { 706 /* 707 * vlan_input() will either recursively call ether_input() 708 * or drop the packet. 709 */ 710 KASSERT(vlan_input_p != NULL,("ether_input: VLAN not loaded!")); 711 (*vlan_input_p)(ifp, m); 712 return; 713 } 714 715 /* 716 * Handle protocols that expect to have the Ethernet header 717 * (and possibly FCS) intact. 718 */ 719 switch (ether_type) { 720 case ETHERTYPE_VLAN: 721 if (ifp->if_nvlans != 0) { 722 KASSERT(vlan_input_p,("ether_input: VLAN not loaded!")); 723 (*vlan_input_p)(ifp, m); 724 } else { 725 ifp->if_noproto++; 726 m_freem(m); 727 } 728 return; 729 } 730 731 /* Strip off Ethernet header. */ 732 m_adj(m, ETHER_HDR_LEN); 733 734 /* If the CRC is still on the packet, trim it off. */ 735 if (m->m_flags & M_HASFCS) { 736 m_adj(m, -ETHER_CRC_LEN); 737 m->m_flags &= ~M_HASFCS; 738 } 739 740 switch (ether_type) { 741 #ifdef INET 742 case ETHERTYPE_IP: 743 if (ip_fastforward(m)) 744 return; 745 isr = NETISR_IP; 746 break; 747 748 case ETHERTYPE_ARP: 749 if (ifp->if_flags & IFF_NOARP) { 750 /* Discard packet if ARP is disabled on interface */ 751 m_freem(m); 752 return; 753 } 754 isr = NETISR_ARP; 755 break; 756 #endif 757 #ifdef IPX 758 case ETHERTYPE_IPX: 759 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 760 return; 761 isr = NETISR_IPX; 762 break; 763 #endif 764 #ifdef INET6 765 case ETHERTYPE_IPV6: 766 isr = NETISR_IPV6; 767 break; 768 #endif 769 #ifdef NETATALK 770 case ETHERTYPE_AT: 771 isr = NETISR_ATALK1; 772 break; 773 case ETHERTYPE_AARP: 774 isr = NETISR_AARP; 775 break; 776 #endif /* NETATALK */ 777 default: 778 #ifdef IPX 779 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 780 return; 781 #endif /* IPX */ 782 #if defined(NETATALK) 783 if (ether_type > ETHERMTU) 784 goto discard; 785 l = mtod(m, struct llc *); 786 if (l->llc_dsap == LLC_SNAP_LSAP && 787 l->llc_ssap == LLC_SNAP_LSAP && 788 l->llc_control == LLC_UI) { 789 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 790 sizeof(at_org_code)) == 0 && 791 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 792 m_adj(m, LLC_SNAPFRAMELEN); 793 isr = NETISR_ATALK2; 794 break; 795 } 796 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 797 sizeof(aarp_org_code)) == 0 && 798 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 799 m_adj(m, LLC_SNAPFRAMELEN); 800 isr = NETISR_AARP; 801 break; 802 } 803 } 804 #endif /* NETATALK */ 805 goto discard; 806 } 807 netisr_dispatch(isr, m); 808 return; 809 810 discard: 811 /* 812 * Packet is to be discarded. If netgraph is present, 813 * hand the packet to it for last chance processing; 814 * otherwise dispose of it. 815 */ 816 if (ng_ether_input_orphan_p != NULL) { 817 /* 818 * Put back the ethernet header so netgraph has a 819 * consistent view of inbound packets. 820 */ 821 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 822 (*ng_ether_input_orphan_p)(ifp, m); 823 return; 824 } 825 m_freem(m); 826 } 827 828 /* 829 * Convert Ethernet address to printable (loggable) representation. 830 * This routine is for compatibility; it's better to just use 831 * 832 * printf("%6D", <pointer to address>, ":"); 833 * 834 * since there's no static buffer involved. 835 */ 836 char * 837 ether_sprintf(const u_char *ap) 838 { 839 static char etherbuf[18]; 840 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 841 return (etherbuf); 842 } 843 844 /* 845 * Perform common duties while attaching to interface list 846 */ 847 void 848 ether_ifattach(struct ifnet *ifp, const u_int8_t *llc) 849 { 850 int i; 851 struct ifaddr *ifa; 852 struct sockaddr_dl *sdl; 853 854 ifp->if_type = IFT_ETHER; 855 ifp->if_addrlen = ETHER_ADDR_LEN; 856 ifp->if_hdrlen = ETHER_HDR_LEN; 857 if_attach(ifp); 858 ifp->if_mtu = ETHERMTU; 859 ifp->if_output = ether_output; 860 ifp->if_input = ether_input; 861 ifp->if_resolvemulti = ether_resolvemulti; 862 if (ifp->if_baudrate == 0) 863 ifp->if_baudrate = IF_Mbps(10); /* just a default */ 864 ifp->if_broadcastaddr = etherbroadcastaddr; 865 866 ifa = ifaddr_byindex(ifp->if_index); 867 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 868 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 869 sdl->sdl_type = IFT_ETHER; 870 sdl->sdl_alen = ifp->if_addrlen; 871 bcopy(llc, LLADDR(sdl), ifp->if_addrlen); 872 /* 873 * XXX: This doesn't belong here; we do it until 874 * XXX: all drivers are cleaned up 875 */ 876 if (llc != IFP2AC(ifp)->ac_enaddr) 877 bcopy(llc, IFP2AC(ifp)->ac_enaddr, ifp->if_addrlen); 878 879 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 880 if (ng_ether_attach_p != NULL) 881 (*ng_ether_attach_p)(ifp); 882 if (BDG_LOADED) 883 bdgtakeifaces_ptr(); 884 885 /* Announce Ethernet MAC address if non-zero. */ 886 for (i = 0; i < ifp->if_addrlen; i++) 887 if (llc[i] != 0) 888 break; 889 if (i != ifp->if_addrlen) 890 if_printf(ifp, "Ethernet address: %6D\n", llc, ":"); 891 if (debug_mpsafenet && (ifp->if_flags & IFF_NEEDSGIANT) != 0) 892 if_printf(ifp, "if_start running deferred for Giant\n"); 893 } 894 895 /* 896 * Perform common duties while detaching an Ethernet interface 897 */ 898 void 899 ether_ifdetach(struct ifnet *ifp) 900 { 901 if (ng_ether_detach_p != NULL) 902 (*ng_ether_detach_p)(ifp); 903 bpfdetach(ifp); 904 if_detach(ifp); 905 if (BDG_LOADED) 906 bdgtakeifaces_ptr(); 907 } 908 909 SYSCTL_DECL(_net_link); 910 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 911 #if defined(INET) || defined(INET6) 912 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 913 ðer_ipfw,0,"Pass ether pkts through firewall"); 914 #endif 915 916 #if 0 917 /* 918 * This is for reference. We have a table-driven version 919 * of the little-endian crc32 generator, which is faster 920 * than the double-loop. 921 */ 922 uint32_t 923 ether_crc32_le(const uint8_t *buf, size_t len) 924 { 925 size_t i; 926 uint32_t crc; 927 int bit; 928 uint8_t data; 929 930 crc = 0xffffffff; /* initial value */ 931 932 for (i = 0; i < len; i++) { 933 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) 934 carry = (crc ^ data) & 1; 935 crc >>= 1; 936 if (carry) 937 crc = (crc ^ ETHER_CRC_POLY_LE); 938 } 939 940 return (crc); 941 } 942 #else 943 uint32_t 944 ether_crc32_le(const uint8_t *buf, size_t len) 945 { 946 static const uint32_t crctab[] = { 947 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 948 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 949 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 950 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 951 }; 952 size_t i; 953 uint32_t crc; 954 955 crc = 0xffffffff; /* initial value */ 956 957 for (i = 0; i < len; i++) { 958 crc ^= buf[i]; 959 crc = (crc >> 4) ^ crctab[crc & 0xf]; 960 crc = (crc >> 4) ^ crctab[crc & 0xf]; 961 } 962 963 return (crc); 964 } 965 #endif 966 967 uint32_t 968 ether_crc32_be(const uint8_t *buf, size_t len) 969 { 970 size_t i; 971 uint32_t crc, carry; 972 int bit; 973 uint8_t data; 974 975 crc = 0xffffffff; /* initial value */ 976 977 for (i = 0; i < len; i++) { 978 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 979 carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 980 crc <<= 1; 981 if (carry) 982 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 983 } 984 } 985 986 return (crc); 987 } 988 989 int 990 ether_ioctl(struct ifnet *ifp, int command, caddr_t data) 991 { 992 struct ifaddr *ifa = (struct ifaddr *) data; 993 struct ifreq *ifr = (struct ifreq *) data; 994 int error = 0; 995 996 switch (command) { 997 case SIOCSIFADDR: 998 ifp->if_flags |= IFF_UP; 999 1000 switch (ifa->ifa_addr->sa_family) { 1001 #ifdef INET 1002 case AF_INET: 1003 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 1004 arp_ifinit(ifp, ifa); 1005 break; 1006 #endif 1007 #ifdef IPX 1008 /* 1009 * XXX - This code is probably wrong 1010 */ 1011 case AF_IPX: 1012 { 1013 struct ipx_addr *ina = &(IA_SIPX(ifa)->sipx_addr); 1014 struct arpcom *ac = IFP2AC(ifp); 1015 1016 if (ipx_nullhost(*ina)) 1017 ina->x_host = 1018 *(union ipx_host *) 1019 ac->ac_enaddr; 1020 else { 1021 bcopy((caddr_t) ina->x_host.c_host, 1022 (caddr_t) ac->ac_enaddr, 1023 sizeof(ac->ac_enaddr)); 1024 } 1025 1026 /* 1027 * Set new address 1028 */ 1029 ifp->if_init(ifp->if_softc); 1030 break; 1031 } 1032 #endif 1033 default: 1034 ifp->if_init(ifp->if_softc); 1035 break; 1036 } 1037 break; 1038 1039 case SIOCGIFADDR: 1040 { 1041 struct sockaddr *sa; 1042 1043 sa = (struct sockaddr *) & ifr->ifr_data; 1044 bcopy(IFP2AC(ifp)->ac_enaddr, 1045 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1046 } 1047 break; 1048 1049 case SIOCSIFMTU: 1050 /* 1051 * Set the interface MTU. 1052 */ 1053 if (ifr->ifr_mtu > ETHERMTU) { 1054 error = EINVAL; 1055 } else { 1056 ifp->if_mtu = ifr->ifr_mtu; 1057 } 1058 break; 1059 default: 1060 error = EINVAL; /* XXX netbsd has ENOTTY??? */ 1061 break; 1062 } 1063 return (error); 1064 } 1065 1066 static int 1067 ether_resolvemulti(struct ifnet *ifp, struct sockaddr **llsa, 1068 struct sockaddr *sa) 1069 { 1070 struct sockaddr_dl *sdl; 1071 #ifdef INET 1072 struct sockaddr_in *sin; 1073 #endif 1074 #ifdef INET6 1075 struct sockaddr_in6 *sin6; 1076 #endif 1077 u_char *e_addr; 1078 1079 switch(sa->sa_family) { 1080 case AF_LINK: 1081 /* 1082 * No mapping needed. Just check that it's a valid MC address. 1083 */ 1084 sdl = (struct sockaddr_dl *)sa; 1085 e_addr = LLADDR(sdl); 1086 if (!ETHER_IS_MULTICAST(e_addr)) 1087 return EADDRNOTAVAIL; 1088 *llsa = 0; 1089 return 0; 1090 1091 #ifdef INET 1092 case AF_INET: 1093 sin = (struct sockaddr_in *)sa; 1094 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1095 return EADDRNOTAVAIL; 1096 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1097 M_WAITOK|M_ZERO); 1098 sdl->sdl_len = sizeof *sdl; 1099 sdl->sdl_family = AF_LINK; 1100 sdl->sdl_index = ifp->if_index; 1101 sdl->sdl_type = IFT_ETHER; 1102 sdl->sdl_alen = ETHER_ADDR_LEN; 1103 e_addr = LLADDR(sdl); 1104 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1105 *llsa = (struct sockaddr *)sdl; 1106 return 0; 1107 #endif 1108 #ifdef INET6 1109 case AF_INET6: 1110 sin6 = (struct sockaddr_in6 *)sa; 1111 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1112 /* 1113 * An IP6 address of 0 means listen to all 1114 * of the Ethernet multicast address used for IP6. 1115 * (This is used for multicast routers.) 1116 */ 1117 ifp->if_flags |= IFF_ALLMULTI; 1118 *llsa = 0; 1119 return 0; 1120 } 1121 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1122 return EADDRNOTAVAIL; 1123 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1124 M_WAITOK|M_ZERO); 1125 sdl->sdl_len = sizeof *sdl; 1126 sdl->sdl_family = AF_LINK; 1127 sdl->sdl_index = ifp->if_index; 1128 sdl->sdl_type = IFT_ETHER; 1129 sdl->sdl_alen = ETHER_ADDR_LEN; 1130 e_addr = LLADDR(sdl); 1131 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1132 *llsa = (struct sockaddr *)sdl; 1133 return 0; 1134 #endif 1135 1136 default: 1137 /* 1138 * Well, the text isn't quite right, but it's the name 1139 * that counts... 1140 */ 1141 return EAFNOSUPPORT; 1142 } 1143 } 1144 1145 static moduledata_t ether_mod = { 1146 "ether", 1147 NULL, 1148 0 1149 }; 1150 1151 DECLARE_MODULE(ether, ether_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1152 MODULE_VERSION(ether, 1); 1153