1 /* 2 * Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD$ 35 */ 36 37 #include "opt_atalk.h" 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 #include "opt_ipx.h" 41 #include "opt_bdg.h" 42 #include "opt_mac.h" 43 #include "opt_netgraph.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/mac.h> 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 #include <sys/random.h> 52 #include <sys/socket.h> 53 #include <sys/sockio.h> 54 #include <sys/sysctl.h> 55 56 #include <net/if.h> 57 #include <net/netisr.h> 58 #include <net/route.h> 59 #include <net/if_llc.h> 60 #include <net/if_dl.h> 61 #include <net/if_types.h> 62 #include <net/bpf.h> 63 #include <net/ethernet.h> 64 #include <net/bridge.h> 65 66 #if defined(INET) || defined(INET6) 67 #include <netinet/in.h> 68 #include <netinet/in_var.h> 69 #include <netinet/if_ether.h> 70 #include <netinet/ip_fw.h> 71 #include <netinet/ip_dummynet.h> 72 #endif 73 #ifdef INET6 74 #include <netinet6/nd6.h> 75 #endif 76 77 #ifdef IPX 78 #include <netipx/ipx.h> 79 #include <netipx/ipx_if.h> 80 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 81 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, 82 struct sockaddr *dst, short *tp, int *hlen); 83 #endif 84 85 #ifdef NS 86 #include <netns/ns.h> 87 #include <netns/ns_if.h> 88 ushort ns_nettype; 89 int ether_outputdebug = 0; 90 int ether_inputdebug = 0; 91 #endif 92 93 #ifdef NETATALK 94 #include <netatalk/at.h> 95 #include <netatalk/at_var.h> 96 #include <netatalk/at_extern.h> 97 98 #define llc_snap_org_code llc_un.type_snap.org_code 99 #define llc_snap_ether_type llc_un.type_snap.ether_type 100 101 extern u_char at_org_code[3]; 102 extern u_char aarp_org_code[3]; 103 #endif /* NETATALK */ 104 105 /* netgraph node hooks for ng_ether(4) */ 106 void (*ng_ether_input_p)(struct ifnet *ifp, 107 struct mbuf **mp, struct ether_header *eh); 108 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, 109 struct mbuf *m, struct ether_header *eh); 110 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 111 void (*ng_ether_attach_p)(struct ifnet *ifp); 112 void (*ng_ether_detach_p)(struct ifnet *ifp); 113 114 int (*vlan_input_p)(struct ether_header *eh, struct mbuf *m); 115 int (*vlan_input_tag_p)(struct ether_header *eh, struct mbuf *m, 116 u_int16_t t); 117 118 /* bridge support */ 119 int do_bridge; 120 bridge_in_t *bridge_in_ptr; 121 bdg_forward_t *bdg_forward_ptr; 122 bdgtakeifaces_t *bdgtakeifaces_ptr; 123 struct bdg_softc *ifp2sc; 124 125 static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 126 struct sockaddr *); 127 u_char etherbroadcastaddr[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 128 #define senderr(e) do { error = (e); goto bad;} while (0) 129 #define IFP2AC(IFP) ((struct arpcom *)IFP) 130 131 int 132 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 133 struct ip_fw **rule, struct ether_header *eh, int shared); 134 static int ether_ipfw; 135 136 /* 137 * Ethernet output routine. 138 * Encapsulate a packet of type family for the local net. 139 * Use trailer local net encapsulation if enough data in first 140 * packet leaves a multiple of 512 bytes of data in remainder. 141 * Assumes that ifp is actually pointer to arpcom structure. 142 */ 143 int 144 ether_output(ifp, m, dst, rt0) 145 register struct ifnet *ifp; 146 struct mbuf *m; 147 struct sockaddr *dst; 148 struct rtentry *rt0; 149 { 150 short type; 151 int error = 0, hdrcmplt = 0; 152 u_char esrc[6], edst[6]; 153 register struct rtentry *rt; 154 register struct ether_header *eh; 155 int loop_copy = 0; 156 int hlen; /* link layer header lenght */ 157 struct arpcom *ac = IFP2AC(ifp); 158 159 #ifdef MAC 160 error = mac_check_ifnet_transmit(ifp, m); 161 if (error) 162 senderr(error); 163 #endif 164 165 if (ifp->if_flags & IFF_MONITOR) 166 senderr(ENETDOWN); 167 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 168 senderr(ENETDOWN); 169 rt = rt0; 170 if (rt) { 171 if ((rt->rt_flags & RTF_UP) == 0) { 172 rt0 = rt = rtalloc1(dst, 1, 0UL); 173 if (rt0) 174 rt->rt_refcnt--; 175 else 176 senderr(EHOSTUNREACH); 177 } 178 if (rt->rt_flags & RTF_GATEWAY) { 179 if (rt->rt_gwroute == 0) 180 goto lookup; 181 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 182 rtfree(rt); rt = rt0; 183 lookup: rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1, 184 0UL); 185 if ((rt = rt->rt_gwroute) == 0) 186 senderr(EHOSTUNREACH); 187 } 188 } 189 if (rt->rt_flags & RTF_REJECT) 190 if (rt->rt_rmx.rmx_expire == 0 || 191 time_second < rt->rt_rmx.rmx_expire) 192 senderr(rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 193 } 194 hlen = ETHER_HDR_LEN; 195 switch (dst->sa_family) { 196 #ifdef INET 197 case AF_INET: 198 if (!arpresolve(ifp, rt, m, dst, edst, rt0)) 199 return (0); /* if not yet resolved */ 200 type = htons(ETHERTYPE_IP); 201 break; 202 #endif 203 #ifdef INET6 204 case AF_INET6: 205 if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, (u_char *)edst)) { 206 /* Something bad happened */ 207 return(0); 208 } 209 type = htons(ETHERTYPE_IPV6); 210 break; 211 #endif 212 #ifdef IPX 213 case AF_IPX: 214 if (ef_outputp) { 215 error = ef_outputp(ifp, &m, dst, &type, &hlen); 216 if (error) 217 goto bad; 218 } else 219 type = htons(ETHERTYPE_IPX); 220 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 221 (caddr_t)edst, sizeof (edst)); 222 break; 223 #endif 224 #ifdef NETATALK 225 case AF_APPLETALK: 226 { 227 struct at_ifaddr *aa; 228 229 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) { 230 goto bad; 231 } 232 if (!aarpresolve(ac, m, (struct sockaddr_at *)dst, edst)) 233 return (0); 234 /* 235 * In the phase 2 case, need to prepend an mbuf for the llc header. 236 * Since we must preserve the value of m, which is passed to us by 237 * value, we m_copy() the first mbuf, and use it for our llc header. 238 */ 239 if ( aa->aa_flags & AFA_PHASE2 ) { 240 struct llc llc; 241 242 M_PREPEND(m, sizeof(struct llc), M_TRYWAIT); 243 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 244 llc.llc_control = LLC_UI; 245 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 246 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 247 bcopy(&llc, mtod(m, caddr_t), sizeof(struct llc)); 248 type = htons(m->m_pkthdr.len); 249 hlen = sizeof(struct llc) + ETHER_HDR_LEN; 250 } else { 251 type = htons(ETHERTYPE_AT); 252 } 253 break; 254 } 255 #endif /* NETATALK */ 256 #ifdef NS 257 case AF_NS: 258 switch(ns_nettype){ 259 default: 260 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 261 type = 0x8137; 262 break; 263 case 0x0: /* Novell 802.3 */ 264 type = htons( m->m_pkthdr.len); 265 break; 266 case 0xe0e0: /* Novell 802.2 and Token-Ring */ 267 M_PREPEND(m, 3, M_TRYWAIT); 268 type = htons( m->m_pkthdr.len); 269 cp = mtod(m, u_char *); 270 *cp++ = 0xE0; 271 *cp++ = 0xE0; 272 *cp++ = 0x03; 273 break; 274 } 275 bcopy((caddr_t)&(((struct sockaddr_ns *)dst)->sns_addr.x_host), 276 (caddr_t)edst, sizeof (edst)); 277 /* 278 * XXX if ns_thishost is the same as the node's ethernet 279 * address then just the default code will catch this anyhow. 280 * So I'm not sure if this next clause should be here at all? 281 * [JRE] 282 */ 283 if (!bcmp((caddr_t)edst, (caddr_t)&ns_thishost, sizeof(edst))){ 284 m->m_pkthdr.rcvif = ifp; 285 inq = &nsintrq; 286 if (IF_HANDOFF(inq, m, NULL)) 287 schednetisr(NETISR_NS); 288 return (error); 289 } 290 if (!bcmp((caddr_t)edst, (caddr_t)&ns_broadhost, sizeof(edst))){ 291 m->m_flags |= M_BCAST; 292 } 293 break; 294 #endif /* NS */ 295 296 case pseudo_AF_HDRCMPLT: 297 hdrcmplt = 1; 298 eh = (struct ether_header *)dst->sa_data; 299 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 300 /* FALLTHROUGH */ 301 302 case AF_UNSPEC: 303 loop_copy = -1; /* if this is for us, don't do it */ 304 eh = (struct ether_header *)dst->sa_data; 305 (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 306 type = eh->ether_type; 307 break; 308 309 default: 310 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 311 senderr(EAFNOSUPPORT); 312 } 313 314 /* 315 * Add local net header. If no space in first mbuf, 316 * allocate another. 317 */ 318 M_PREPEND(m, sizeof (struct ether_header), M_DONTWAIT); 319 if (m == 0) 320 senderr(ENOBUFS); 321 eh = mtod(m, struct ether_header *); 322 (void)memcpy(&eh->ether_type, &type, 323 sizeof(eh->ether_type)); 324 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 325 if (hdrcmplt) 326 (void)memcpy(eh->ether_shost, esrc, 327 sizeof(eh->ether_shost)); 328 else 329 (void)memcpy(eh->ether_shost, ac->ac_enaddr, 330 sizeof(eh->ether_shost)); 331 332 /* 333 * If a simplex interface, and the packet is being sent to our 334 * Ethernet address or a broadcast address, loopback a copy. 335 * XXX To make a simplex device behave exactly like a duplex 336 * device, we should copy in the case of sending to our own 337 * ethernet address (thus letting the original actually appear 338 * on the wire). However, we don't do that here for security 339 * reasons and compatibility with the original behavior. 340 */ 341 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) { 342 int csum_flags = 0; 343 344 if (m->m_pkthdr.csum_flags & CSUM_IP) 345 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID); 346 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 347 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); 348 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) { 349 struct mbuf *n = m_copy(m, 0, (int)M_COPYALL); 350 351 n->m_pkthdr.csum_flags |= csum_flags; 352 if (csum_flags & CSUM_DATA_VALID) 353 n->m_pkthdr.csum_data = 0xffff; 354 355 (void) if_simloop(ifp, n, dst->sa_family, hlen); 356 } else if (bcmp(eh->ether_dhost, 357 eh->ether_shost, ETHER_ADDR_LEN) == 0) { 358 m->m_pkthdr.csum_flags |= csum_flags; 359 if (csum_flags & CSUM_DATA_VALID) 360 m->m_pkthdr.csum_data = 0xffff; 361 (void) if_simloop(ifp, m, dst->sa_family, hlen); 362 return (0); /* XXX */ 363 } 364 } 365 366 /* Handle ng_ether(4) processing, if any */ 367 if (ng_ether_output_p != NULL) { 368 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 369 bad: if (m != NULL) 370 m_freem(m); 371 return (error); 372 } 373 if (m == NULL) 374 return (0); 375 } 376 377 /* Continue with link-layer output */ 378 return ether_output_frame(ifp, m); 379 } 380 381 /* 382 * Ethernet link layer output routine to send a raw frame to the device. 383 * 384 * This assumes that the 14 byte Ethernet header is present and contiguous 385 * in the first mbuf (if BRIDGE'ing). 386 */ 387 int 388 ether_output_frame(ifp, m) 389 struct ifnet *ifp; 390 struct mbuf *m; 391 { 392 int error = 0; 393 struct ip_fw *rule = NULL; 394 395 /* Extract info from dummynet tag, ignore others */ 396 for (; m->m_type == MT_TAG; m = m->m_next) 397 if (m->m_flags == PACKET_TAG_DUMMYNET) 398 rule = ((struct dn_pkt *)m)->rule; 399 400 if (rule) /* packet was already bridged */ 401 goto no_bridge; 402 403 if (BDG_ACTIVE(ifp) ) { 404 struct ether_header *eh; /* a ptr suffices */ 405 406 m->m_pkthdr.rcvif = NULL; 407 eh = mtod(m, struct ether_header *); 408 m_adj(m, ETHER_HDR_LEN); 409 m = bdg_forward_ptr(m, eh, ifp); 410 if (m != NULL) 411 m_freem(m); 412 return (0); 413 } 414 415 no_bridge: 416 if (IPFW_LOADED && ether_ipfw != 0) { 417 struct ether_header save_eh, *eh; 418 419 eh = mtod(m, struct ether_header *); 420 save_eh = *eh; 421 m_adj(m, ETHER_HDR_LEN); 422 if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) { 423 if (m) { 424 m_freem(m); 425 return ENOBUFS; /* pkt dropped */ 426 } else 427 return 0; /* consumed e.g. in a pipe */ 428 } 429 /* packet was ok, restore the ethernet header */ 430 if ( (void *)(eh + 1) == (void *)m->m_data) { 431 m->m_data -= ETHER_HDR_LEN ; 432 m->m_len += ETHER_HDR_LEN ; 433 m->m_pkthdr.len += ETHER_HDR_LEN ; 434 } else { 435 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 436 if (m == NULL) /* nope... */ 437 return ENOBUFS; 438 bcopy(&save_eh, mtod(m, struct ether_header *), 439 ETHER_HDR_LEN); 440 } 441 } 442 443 /* 444 * Queue message on interface, update output statistics if 445 * successful, and start output if interface not yet active. 446 */ 447 if (! IF_HANDOFF(&ifp->if_snd, m, ifp)) 448 return (ENOBUFS); 449 return (error); 450 } 451 452 /* 453 * ipfw processing for ethernet packets (in and out). 454 * The second parameter is NULL from ether_demux, and ifp from 455 * ether_output_frame. This section of code could be used from 456 * bridge.c as well as long as we use some extra info 457 * to distinguish that case from ether_output_frame(); 458 */ 459 int 460 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 461 struct ip_fw **rule, struct ether_header *eh, int shared) 462 { 463 struct ether_header save_eh = *eh; /* might be a ptr in m */ 464 int i; 465 struct ip_fw_args args; 466 467 if (*rule != NULL /*&& fw_one_pass*/) /* HACK! need to obey fw_one_pass */ 468 return 1; /* dummynet packet, already partially processed */ 469 470 /* 471 * I need some amt of data to be contiguous, and in case others need 472 * the packet (shared==1) also better be in the first mbuf. 473 */ 474 i = min( (*m0)->m_pkthdr.len, max_protohdr); 475 if ( shared || (*m0)->m_len < i) { 476 *m0 = m_pullup(*m0, i); 477 if (*m0 == NULL) 478 return 0; 479 } 480 481 args.m = *m0; /* the packet we are looking at */ 482 args.oif = dst; /* destination, if any */ 483 args.divert_rule = 0; /* we do not support divert yet */ 484 args.rule = *rule; /* matching rule to restart */ 485 args.next_hop = NULL; /* we do not support forward yet */ 486 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 487 i = ip_fw_chk_ptr(&args); 488 *m0 = args.m; 489 *rule = args.rule; 490 491 if ( (i & IP_FW_PORT_DENY_FLAG) || *m0 == NULL) /* drop */ 492 return 0; 493 494 if (i == 0) /* a PASS rule. */ 495 return 1; 496 497 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 498 /* 499 * Pass the pkt to dummynet, which consumes it. 500 * If shared, make a copy and keep the original. 501 */ 502 struct mbuf *m ; 503 504 if (shared) { 505 m = m_copypacket(*m0, M_DONTWAIT); 506 if (m == NULL) 507 return 0; 508 } else { 509 m = *m0 ; /* pass the original to dummynet */ 510 *m0 = NULL ; /* and nothing back to the caller */ 511 } 512 /* 513 * Prepend the header, optimize for the common case of 514 * eh pointing into the mbuf. 515 */ 516 if ( (void *)(eh + 1) == (void *)m->m_data) { 517 m->m_data -= ETHER_HDR_LEN ; 518 m->m_len += ETHER_HDR_LEN ; 519 m->m_pkthdr.len += ETHER_HDR_LEN ; 520 } else { 521 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 522 if (m == NULL) /* nope... */ 523 return 0; 524 bcopy(&save_eh, mtod(m, struct ether_header *), 525 ETHER_HDR_LEN); 526 } 527 ip_dn_io_ptr(m, (i & 0xffff), 528 dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 529 return 0; 530 } 531 /* 532 * XXX at some point add support for divert/forward actions. 533 * If none of the above matches, we have to drop the pkt. 534 */ 535 return 0; 536 } 537 538 /* 539 * Process a received Ethernet packet. We have two different interfaces: 540 * one (conventional) assumes the packet in the mbuf, with the ethernet 541 * header provided separately in *eh. The second one (new) has everything 542 * in the mbuf, and we can tell it because eh == NULL. 543 * The caller MUST MAKE SURE that there are at least 544 * sizeof(struct ether_header) bytes in the first mbuf. 545 * 546 * This allows us to concentrate in one place a bunch of code which 547 * is replicated in all device drivers. Also, many functions called 548 * from ether_input() try to put the eh back into the mbuf, so we 549 * can later propagate the 'contiguous packet' interface to them, 550 * and handle the old interface just here. 551 * 552 * NOTA BENE: for many drivers "eh" is a pointer into the first mbuf or 553 * cluster, right before m_data. So be very careful when working on m, 554 * as you could destroy *eh !! 555 * 556 * First we perform any link layer operations, then continue 557 * to the upper layers with ether_demux(). 558 */ 559 void 560 ether_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) 561 { 562 struct ether_header save_eh; 563 564 if (eh == NULL) { 565 if (m->m_len < sizeof(struct ether_header)) { 566 /* XXX error in the caller. */ 567 m_freem(m); 568 return; 569 } 570 if (ifp->if_bpf != NULL) 571 bpf_mtap(ifp, m); 572 m->m_pkthdr.rcvif = ifp; 573 eh = mtod(m, struct ether_header *); 574 m->m_data += sizeof(struct ether_header); 575 m->m_len -= sizeof(struct ether_header); 576 m->m_pkthdr.len = m->m_len; 577 } else if (ifp->if_bpf != NULL) { 578 struct m_hdr mh; 579 580 /* This kludge is OK; BPF treats the "mbuf" as read-only */ 581 mh.mh_next = m; 582 mh.mh_data = (char *)eh; 583 mh.mh_len = ETHER_HDR_LEN; 584 bpf_mtap(ifp, (struct mbuf *)&mh); 585 } 586 587 if (ifp->if_flags & IFF_MONITOR) { 588 m_freem(m); 589 return; 590 } 591 592 #ifdef MAC 593 mac_create_mbuf_from_ifnet(ifp, m); 594 #endif 595 596 ifp->if_ibytes += m->m_pkthdr.len + sizeof (*eh); 597 598 /* Handle ng_ether(4) processing, if any */ 599 if (ng_ether_input_p != NULL) { 600 (*ng_ether_input_p)(ifp, &m, eh); 601 if (m == NULL) 602 return; 603 } 604 605 /* Check for bridging mode */ 606 if (BDG_ACTIVE(ifp) ) { 607 struct ifnet *bif; 608 609 /* Check with bridging code */ 610 if ((bif = bridge_in_ptr(ifp, eh)) == BDG_DROP) { 611 m_freem(m); 612 return; 613 } 614 if (bif != BDG_LOCAL) { 615 save_eh = *eh ; /* because it might change */ 616 m = bdg_forward_ptr(m, eh, bif); /* needs forwarding */ 617 /* 618 * Do not continue if bdg_forward_ptr() processed our 619 * packet (and cleared the mbuf pointer m) or if 620 * it dropped (m_free'd) the packet itself. 621 */ 622 if (m == NULL) { 623 if (bif == BDG_BCAST || bif == BDG_MCAST) 624 printf("bdg_forward drop MULTICAST PKT\n"); 625 return; 626 } 627 eh = &save_eh ; 628 } 629 if (bif == BDG_LOCAL 630 || bif == BDG_BCAST 631 || bif == BDG_MCAST) 632 goto recvLocal; /* receive locally */ 633 634 /* If not local and not multicast, just drop it */ 635 if (m != NULL) 636 m_freem(m); 637 return; 638 } 639 640 recvLocal: 641 /* Continue with upper layer processing */ 642 ether_demux(ifp, eh, m); 643 /* First chunk of an mbuf contains good entropy */ 644 if (harvest.ethernet) 645 random_harvest(m, 16, 3, 0, RANDOM_NET); 646 } 647 648 /* 649 * Upper layer processing for a received Ethernet packet. 650 */ 651 void 652 ether_demux(ifp, eh, m) 653 struct ifnet *ifp; 654 struct ether_header *eh; 655 struct mbuf *m; 656 { 657 struct ifqueue *inq; 658 u_short ether_type; 659 #if defined(NETATALK) 660 register struct llc *l; 661 #endif 662 struct ip_fw *rule = NULL; 663 664 /* Extract info from dummynet tag, ignore others */ 665 for (;m->m_type == MT_TAG; m = m->m_next) 666 if (m->m_flags == PACKET_TAG_DUMMYNET) { 667 rule = ((struct dn_pkt *)m)->rule; 668 ifp = m->m_next->m_pkthdr.rcvif; 669 } 670 671 if (rule) /* packet was already bridged */ 672 goto post_stats; 673 674 if (!(BDG_ACTIVE(ifp))) { 675 /* 676 * Discard packet if upper layers shouldn't see it because it 677 * was unicast to a different Ethernet address. If the driver 678 * is working properly, then this situation can only happen 679 * when the interface is in promiscuous mode. 680 */ 681 if ((ifp->if_flags & IFF_PROMISC) != 0 682 && (eh->ether_dhost[0] & 1) == 0 683 && bcmp(eh->ether_dhost, 684 IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0 685 && (ifp->if_flags & IFF_PPROMISC) == 0) { 686 m_freem(m); 687 return; 688 } 689 } 690 691 /* Discard packet if interface is not up */ 692 if ((ifp->if_flags & IFF_UP) == 0) { 693 m_freem(m); 694 return; 695 } 696 if (eh->ether_dhost[0] & 1) { 697 if (bcmp((caddr_t)etherbroadcastaddr, (caddr_t)eh->ether_dhost, 698 sizeof(etherbroadcastaddr)) == 0) 699 m->m_flags |= M_BCAST; 700 else 701 m->m_flags |= M_MCAST; 702 } 703 if (m->m_flags & (M_BCAST|M_MCAST)) 704 ifp->if_imcasts++; 705 706 post_stats: 707 if (IPFW_LOADED && ether_ipfw != 0) { 708 if (ether_ipfw_chk(&m, NULL, &rule, eh, 0 ) == 0) { 709 if (m) 710 m_freem(m); 711 return; 712 } 713 } 714 715 ether_type = ntohs(eh->ether_type); 716 717 switch (ether_type) { 718 #ifdef INET 719 case ETHERTYPE_IP: 720 if (ipflow_fastforward(m)) 721 return; 722 schednetisr(NETISR_IP); 723 inq = &ipintrq; 724 break; 725 726 case ETHERTYPE_ARP: 727 if (ifp->if_flags & IFF_NOARP) { 728 /* Discard packet if ARP is disabled on interface */ 729 m_freem(m); 730 return; 731 } 732 schednetisr(NETISR_ARP); 733 inq = &arpintrq; 734 break; 735 #endif 736 #ifdef IPX 737 case ETHERTYPE_IPX: 738 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 739 return; 740 schednetisr(NETISR_IPX); 741 inq = &ipxintrq; 742 break; 743 #endif 744 #ifdef INET6 745 case ETHERTYPE_IPV6: 746 schednetisr(NETISR_IPV6); 747 inq = &ip6intrq; 748 break; 749 #endif 750 #ifdef NS 751 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 752 schednetisr(NETISR_NS); 753 inq = &nsintrq; 754 break; 755 756 #endif /* NS */ 757 #ifdef NETATALK 758 case ETHERTYPE_AT: 759 schednetisr(NETISR_ATALK); 760 inq = &atintrq1; 761 break; 762 case ETHERTYPE_AARP: 763 /* probably this should be done with a NETISR as well */ 764 aarpinput(IFP2AC(ifp), m); /* XXX */ 765 return; 766 #endif /* NETATALK */ 767 case ETHERTYPE_VLAN: 768 /* XXX lock ? */ 769 if (vlan_input_p != NULL) 770 (*vlan_input_p)(eh, m); 771 else { 772 m->m_pkthdr.rcvif->if_noproto++; 773 m_freem(m); 774 } 775 /* XXX unlock ? */ 776 return; 777 default: 778 #ifdef IPX 779 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 780 return; 781 #endif /* IPX */ 782 #ifdef NS 783 checksum = mtod(m, ushort *); 784 /* Novell 802.3 */ 785 if ((ether_type <= ETHERMTU) && 786 ((*checksum == 0xffff) || (*checksum == 0xE0E0))){ 787 if(*checksum == 0xE0E0) { 788 m->m_pkthdr.len -= 3; 789 m->m_len -= 3; 790 m->m_data += 3; 791 } 792 schednetisr(NETISR_NS); 793 inq = &nsintrq; 794 break; 795 } 796 #endif /* NS */ 797 #if defined(NETATALK) 798 if (ether_type > ETHERMTU) 799 goto dropanyway; 800 l = mtod(m, struct llc *); 801 switch (l->llc_dsap) { 802 case LLC_SNAP_LSAP: 803 switch (l->llc_control) { 804 case LLC_UI: 805 if (l->llc_ssap != LLC_SNAP_LSAP) 806 goto dropanyway; 807 808 if (Bcmp(&(l->llc_snap_org_code)[0], at_org_code, 809 sizeof(at_org_code)) == 0 && 810 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 811 inq = &atintrq2; 812 m_adj( m, sizeof( struct llc )); 813 schednetisr(NETISR_ATALK); 814 break; 815 } 816 817 if (Bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 818 sizeof(aarp_org_code)) == 0 && 819 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 820 m_adj( m, sizeof( struct llc )); 821 aarpinput(IFP2AC(ifp), m); /* XXX */ 822 return; 823 } 824 825 default: 826 goto dropanyway; 827 } 828 break; 829 dropanyway: 830 default: 831 if (ng_ether_input_orphan_p != NULL) 832 (*ng_ether_input_orphan_p)(ifp, m, eh); 833 else 834 m_freem(m); 835 return; 836 } 837 #else /* NETATALK */ 838 if (ng_ether_input_orphan_p != NULL) 839 (*ng_ether_input_orphan_p)(ifp, m, eh); 840 else 841 m_freem(m); 842 return; 843 #endif /* NETATALK */ 844 } 845 846 (void) IF_HANDOFF(inq, m, NULL); 847 } 848 849 /* 850 * Perform common duties while attaching to interface list 851 */ 852 void 853 ether_ifattach(ifp, bpf) 854 register struct ifnet *ifp; 855 int bpf; 856 { 857 register struct ifaddr *ifa; 858 register struct sockaddr_dl *sdl; 859 860 ifp->if_type = IFT_ETHER; 861 ifp->if_addrlen = 6; 862 ifp->if_hdrlen = 14; 863 if_attach(ifp); 864 ifp->if_mtu = ETHERMTU; 865 ifp->if_resolvemulti = ether_resolvemulti; 866 if (ifp->if_baudrate == 0) 867 ifp->if_baudrate = 10000000; 868 ifp->if_broadcastaddr = etherbroadcastaddr; 869 ifa = ifaddr_byindex(ifp->if_index); 870 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 871 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 872 sdl->sdl_type = IFT_ETHER; 873 sdl->sdl_alen = ifp->if_addrlen; 874 bcopy((IFP2AC(ifp))->ac_enaddr, LLADDR(sdl), ifp->if_addrlen); 875 if (bpf) 876 bpfattach(ifp, DLT_EN10MB, sizeof(struct ether_header)); 877 if (ng_ether_attach_p != NULL) 878 (*ng_ether_attach_p)(ifp); 879 if (BDG_LOADED) 880 bdgtakeifaces_ptr(); 881 } 882 883 /* 884 * Perform common duties while detaching an Ethernet interface 885 */ 886 void 887 ether_ifdetach(ifp, bpf) 888 struct ifnet *ifp; 889 int bpf; 890 { 891 if (ng_ether_detach_p != NULL) 892 (*ng_ether_detach_p)(ifp); 893 if (bpf) 894 bpfdetach(ifp); 895 if_detach(ifp); 896 if (BDG_LOADED) 897 bdgtakeifaces_ptr(); 898 } 899 900 SYSCTL_DECL(_net_link); 901 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 902 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 903 ðer_ipfw,0,"Pass ether pkts through firewall"); 904 905 int 906 ether_ioctl(ifp, command, data) 907 struct ifnet *ifp; 908 int command; 909 caddr_t data; 910 { 911 struct ifaddr *ifa = (struct ifaddr *) data; 912 struct ifreq *ifr = (struct ifreq *) data; 913 int error = 0; 914 915 switch (command) { 916 case SIOCSIFADDR: 917 ifp->if_flags |= IFF_UP; 918 919 switch (ifa->ifa_addr->sa_family) { 920 #ifdef INET 921 case AF_INET: 922 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 923 arp_ifinit(ifp, ifa); 924 break; 925 #endif 926 #ifdef IPX 927 /* 928 * XXX - This code is probably wrong 929 */ 930 case AF_IPX: 931 { 932 register struct ipx_addr *ina = &(IA_SIPX(ifa)->sipx_addr); 933 struct arpcom *ac = IFP2AC(ifp); 934 935 if (ipx_nullhost(*ina)) 936 ina->x_host = 937 *(union ipx_host *) 938 ac->ac_enaddr; 939 else { 940 bcopy((caddr_t) ina->x_host.c_host, 941 (caddr_t) ac->ac_enaddr, 942 sizeof(ac->ac_enaddr)); 943 } 944 945 /* 946 * Set new address 947 */ 948 ifp->if_init(ifp->if_softc); 949 break; 950 } 951 #endif 952 #ifdef NS 953 /* 954 * XXX - This code is probably wrong 955 */ 956 case AF_NS: 957 { 958 register struct ns_addr *ina = &(IA_SNS(ifa)->sns_addr); 959 struct arpcom *ac = IFP2AC(ifp); 960 961 if (ns_nullhost(*ina)) 962 ina->x_host = 963 *(union ns_host *) (ac->ac_enaddr); 964 else { 965 bcopy((caddr_t) ina->x_host.c_host, 966 (caddr_t) ac->ac_enaddr, 967 sizeof(ac->ac_enaddr)); 968 } 969 970 /* 971 * Set new address 972 */ 973 ifp->if_init(ifp->if_softc); 974 break; 975 } 976 #endif 977 default: 978 ifp->if_init(ifp->if_softc); 979 break; 980 } 981 break; 982 983 case SIOCGIFADDR: 984 { 985 struct sockaddr *sa; 986 987 sa = (struct sockaddr *) & ifr->ifr_data; 988 bcopy(IFP2AC(ifp)->ac_enaddr, 989 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 990 } 991 break; 992 993 case SIOCSIFMTU: 994 /* 995 * Set the interface MTU. 996 */ 997 if (ifr->ifr_mtu > ETHERMTU) { 998 error = EINVAL; 999 } else { 1000 ifp->if_mtu = ifr->ifr_mtu; 1001 } 1002 break; 1003 } 1004 return (error); 1005 } 1006 1007 static int 1008 ether_resolvemulti(ifp, llsa, sa) 1009 struct ifnet *ifp; 1010 struct sockaddr **llsa; 1011 struct sockaddr *sa; 1012 { 1013 struct sockaddr_dl *sdl; 1014 struct sockaddr_in *sin; 1015 #ifdef INET6 1016 struct sockaddr_in6 *sin6; 1017 #endif 1018 u_char *e_addr; 1019 1020 switch(sa->sa_family) { 1021 case AF_LINK: 1022 /* 1023 * No mapping needed. Just check that it's a valid MC address. 1024 */ 1025 sdl = (struct sockaddr_dl *)sa; 1026 e_addr = LLADDR(sdl); 1027 if ((e_addr[0] & 1) != 1) 1028 return EADDRNOTAVAIL; 1029 *llsa = 0; 1030 return 0; 1031 1032 #ifdef INET 1033 case AF_INET: 1034 sin = (struct sockaddr_in *)sa; 1035 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1036 return EADDRNOTAVAIL; 1037 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1038 M_WAITOK|M_ZERO); 1039 sdl->sdl_len = sizeof *sdl; 1040 sdl->sdl_family = AF_LINK; 1041 sdl->sdl_index = ifp->if_index; 1042 sdl->sdl_type = IFT_ETHER; 1043 sdl->sdl_alen = ETHER_ADDR_LEN; 1044 e_addr = LLADDR(sdl); 1045 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1046 *llsa = (struct sockaddr *)sdl; 1047 return 0; 1048 #endif 1049 #ifdef INET6 1050 case AF_INET6: 1051 sin6 = (struct sockaddr_in6 *)sa; 1052 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1053 /* 1054 * An IP6 address of 0 means listen to all 1055 * of the Ethernet multicast address used for IP6. 1056 * (This is used for multicast routers.) 1057 */ 1058 ifp->if_flags |= IFF_ALLMULTI; 1059 *llsa = 0; 1060 return 0; 1061 } 1062 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1063 return EADDRNOTAVAIL; 1064 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1065 M_WAITOK|M_ZERO); 1066 sdl->sdl_len = sizeof *sdl; 1067 sdl->sdl_family = AF_LINK; 1068 sdl->sdl_index = ifp->if_index; 1069 sdl->sdl_type = IFT_ETHER; 1070 sdl->sdl_alen = ETHER_ADDR_LEN; 1071 e_addr = LLADDR(sdl); 1072 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1073 *llsa = (struct sockaddr *)sdl; 1074 return 0; 1075 #endif 1076 1077 default: 1078 /* 1079 * Well, the text isn't quite right, but it's the name 1080 * that counts... 1081 */ 1082 return EAFNOSUPPORT; 1083 } 1084 } 1085