1 /*- 2 * Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 30 * $FreeBSD$ 31 */ 32 33 #include "opt_atalk.h" 34 #include "opt_inet.h" 35 #include "opt_inet6.h" 36 #include "opt_ipx.h" 37 #include "opt_bdg.h" 38 #include "opt_mac.h" 39 #include "opt_netgraph.h" 40 #include "opt_carp.h" 41 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/mac.h> 46 #include <sys/malloc.h> 47 #include <sys/module.h> 48 #include <sys/mbuf.h> 49 #include <sys/random.h> 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/sysctl.h> 53 54 #include <net/if.h> 55 #include <net/if_arp.h> 56 #include <net/netisr.h> 57 #include <net/route.h> 58 #include <net/if_llc.h> 59 #include <net/if_dl.h> 60 #include <net/if_types.h> 61 #include <net/bpf.h> 62 #include <net/ethernet.h> 63 #include <net/bridge.h> 64 #include <net/if_vlan_var.h> 65 66 #if defined(INET) || defined(INET6) 67 #include <netinet/in.h> 68 #include <netinet/in_var.h> 69 #include <netinet/if_ether.h> 70 #include <netinet/ip_fw.h> 71 #include <netinet/ip_dummynet.h> 72 #endif 73 #ifdef INET6 74 #include <netinet6/nd6.h> 75 #endif 76 77 #ifdef DEV_CARP 78 #include <netinet/ip_carp.h> 79 #endif 80 81 #ifdef IPX 82 #include <netipx/ipx.h> 83 #include <netipx/ipx_if.h> 84 #endif 85 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 86 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, 87 struct sockaddr *dst, short *tp, int *hlen); 88 89 #ifdef NETATALK 90 #include <netatalk/at.h> 91 #include <netatalk/at_var.h> 92 #include <netatalk/at_extern.h> 93 94 #define llc_snap_org_code llc_un.type_snap.org_code 95 #define llc_snap_ether_type llc_un.type_snap.ether_type 96 97 extern u_char at_org_code[3]; 98 extern u_char aarp_org_code[3]; 99 #endif /* NETATALK */ 100 101 /* netgraph node hooks for ng_ether(4) */ 102 void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp); 103 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m); 104 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 105 void (*ng_ether_attach_p)(struct ifnet *ifp); 106 void (*ng_ether_detach_p)(struct ifnet *ifp); 107 108 void (*vlan_input_p)(struct ifnet *, struct mbuf *); 109 110 /* bridge support */ 111 int do_bridge; 112 bridge_in_t *bridge_in_ptr; 113 bdg_forward_t *bdg_forward_ptr; 114 bdgtakeifaces_t *bdgtakeifaces_ptr; 115 struct bdg_softc *ifp2sc; 116 117 struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 118 int (*bridge_output_p)(struct ifnet *, struct mbuf *, 119 struct sockaddr *, struct rtentry *); 120 void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 121 122 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 123 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 124 125 static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 126 struct sockaddr *); 127 128 /* XXX: should be in an arp support file, not here */ 129 MALLOC_DEFINE(M_ARPCOM, "arpcom", "802.* interface internals"); 130 131 #define senderr(e) do { error = (e); goto bad;} while (0) 132 133 #if defined(INET) || defined(INET6) 134 int 135 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 136 struct ip_fw **rule, int shared); 137 static int ether_ipfw; 138 #endif 139 140 /* 141 * Ethernet output routine. 142 * Encapsulate a packet of type family for the local net. 143 * Use trailer local net encapsulation if enough data in first 144 * packet leaves a multiple of 512 bytes of data in remainder. 145 * Assumes that ifp is actually pointer to arpcom structure. 146 */ 147 int 148 ether_output(struct ifnet *ifp, struct mbuf *m, 149 struct sockaddr *dst, struct rtentry *rt0) 150 { 151 short type; 152 int error, hdrcmplt = 0; 153 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 154 struct ether_header *eh; 155 int loop_copy = 0; 156 int hlen; /* link layer header length */ 157 158 #ifdef MAC 159 error = mac_check_ifnet_transmit(ifp, m); 160 if (error) 161 senderr(error); 162 #endif 163 164 if (ifp->if_flags & IFF_MONITOR) 165 senderr(ENETDOWN); 166 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 167 senderr(ENETDOWN); 168 169 hlen = ETHER_HDR_LEN; 170 switch (dst->sa_family) { 171 #ifdef INET 172 case AF_INET: 173 error = arpresolve(ifp, rt0, m, dst, edst); 174 if (error) 175 return (error == EWOULDBLOCK ? 0 : error); 176 type = htons(ETHERTYPE_IP); 177 break; 178 case AF_ARP: 179 { 180 struct arphdr *ah; 181 ah = mtod(m, struct arphdr *); 182 ah->ar_hrd = htons(ARPHRD_ETHER); 183 184 loop_copy = -1; /* if this is for us, don't do it */ 185 186 switch(ntohs(ah->ar_op)) { 187 case ARPOP_REVREQUEST: 188 case ARPOP_REVREPLY: 189 type = htons(ETHERTYPE_REVARP); 190 break; 191 case ARPOP_REQUEST: 192 case ARPOP_REPLY: 193 default: 194 type = htons(ETHERTYPE_ARP); 195 break; 196 } 197 198 if (m->m_flags & M_BCAST) 199 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 200 else 201 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 202 203 } 204 break; 205 #endif 206 #ifdef INET6 207 case AF_INET6: 208 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char *)edst); 209 if (error) 210 return error; 211 type = htons(ETHERTYPE_IPV6); 212 break; 213 #endif 214 #ifdef IPX 215 case AF_IPX: 216 if (ef_outputp) { 217 error = ef_outputp(ifp, &m, dst, &type, &hlen); 218 if (error) 219 goto bad; 220 } else 221 type = htons(ETHERTYPE_IPX); 222 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 223 (caddr_t)edst, sizeof (edst)); 224 break; 225 #endif 226 #ifdef NETATALK 227 case AF_APPLETALK: 228 { 229 struct at_ifaddr *aa; 230 231 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) 232 senderr(EHOSTUNREACH); /* XXX */ 233 if (!aarpresolve(ifp, m, (struct sockaddr_at *)dst, edst)) 234 return (0); 235 /* 236 * In the phase 2 case, need to prepend an mbuf for the llc header. 237 */ 238 if ( aa->aa_flags & AFA_PHASE2 ) { 239 struct llc llc; 240 241 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 242 if (m == NULL) 243 senderr(ENOBUFS); 244 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 245 llc.llc_control = LLC_UI; 246 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 247 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 248 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 249 type = htons(m->m_pkthdr.len); 250 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 251 } else { 252 type = htons(ETHERTYPE_AT); 253 } 254 break; 255 } 256 #endif /* NETATALK */ 257 258 case pseudo_AF_HDRCMPLT: 259 hdrcmplt = 1; 260 eh = (struct ether_header *)dst->sa_data; 261 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 262 /* FALLTHROUGH */ 263 264 case AF_UNSPEC: 265 loop_copy = -1; /* if this is for us, don't do it */ 266 eh = (struct ether_header *)dst->sa_data; 267 (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 268 type = eh->ether_type; 269 break; 270 271 default: 272 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 273 senderr(EAFNOSUPPORT); 274 } 275 276 /* 277 * Add local net header. If no space in first mbuf, 278 * allocate another. 279 */ 280 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 281 if (m == NULL) 282 senderr(ENOBUFS); 283 eh = mtod(m, struct ether_header *); 284 (void)memcpy(&eh->ether_type, &type, 285 sizeof(eh->ether_type)); 286 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 287 if (hdrcmplt) 288 (void)memcpy(eh->ether_shost, esrc, 289 sizeof(eh->ether_shost)); 290 else 291 (void)memcpy(eh->ether_shost, IFP2ENADDR(ifp), 292 sizeof(eh->ether_shost)); 293 294 /* 295 * Bridges require special output handling. 296 */ 297 if (ifp->if_bridge) { 298 KASSERT(bridge_output_p != NULL, 299 ("ether_input: if_bridge not loaded!")); 300 return ((*bridge_output_p)(ifp, m, NULL, NULL)); 301 } 302 303 /* 304 * If a simplex interface, and the packet is being sent to our 305 * Ethernet address or a broadcast address, loopback a copy. 306 * XXX To make a simplex device behave exactly like a duplex 307 * device, we should copy in the case of sending to our own 308 * ethernet address (thus letting the original actually appear 309 * on the wire). However, we don't do that here for security 310 * reasons and compatibility with the original behavior. 311 */ 312 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) { 313 int csum_flags = 0; 314 315 if (m->m_pkthdr.csum_flags & CSUM_IP) 316 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID); 317 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 318 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); 319 320 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) { 321 struct mbuf *n; 322 323 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 324 n->m_pkthdr.csum_flags |= csum_flags; 325 if (csum_flags & CSUM_DATA_VALID) 326 n->m_pkthdr.csum_data = 0xffff; 327 (void)if_simloop(ifp, n, dst->sa_family, hlen); 328 } else 329 ifp->if_iqdrops++; 330 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 331 ETHER_ADDR_LEN) == 0) { 332 m->m_pkthdr.csum_flags |= csum_flags; 333 if (csum_flags & CSUM_DATA_VALID) 334 m->m_pkthdr.csum_data = 0xffff; 335 (void) if_simloop(ifp, m, dst->sa_family, hlen); 336 return (0); /* XXX */ 337 } 338 } 339 340 #ifdef DEV_CARP 341 if (ifp->if_carp && 342 (error = carp_output(ifp, m, dst, NULL))) 343 goto bad; 344 #endif 345 346 /* Handle ng_ether(4) processing, if any */ 347 if (IFP2AC(ifp)->ac_netgraph != NULL) { 348 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 349 bad: if (m != NULL) 350 m_freem(m); 351 return (error); 352 } 353 if (m == NULL) 354 return (0); 355 } 356 357 /* Continue with link-layer output */ 358 return ether_output_frame(ifp, m); 359 } 360 361 /* 362 * Ethernet link layer output routine to send a raw frame to the device. 363 * 364 * This assumes that the 14 byte Ethernet header is present and contiguous 365 * in the first mbuf (if BRIDGE'ing). 366 */ 367 int 368 ether_output_frame(struct ifnet *ifp, struct mbuf *m) 369 { 370 #if defined(INET) || defined(INET6) 371 struct ip_fw *rule = ip_dn_claim_rule(m); 372 #else 373 void *rule = NULL; 374 #endif 375 int error; 376 377 if (rule == NULL && BDG_ACTIVE(ifp)) { 378 /* 379 * Beware, the bridge code notices the null rcvif and 380 * uses that identify that it's being called from 381 * ether_output as opposd to ether_input. Yech. 382 */ 383 m->m_pkthdr.rcvif = NULL; 384 m = bdg_forward_ptr(m, ifp); 385 if (m != NULL) 386 m_freem(m); 387 return (0); 388 } 389 #if defined(INET) || defined(INET6) 390 if (IPFW_LOADED && ether_ipfw != 0) { 391 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 392 if (m) { 393 m_freem(m); 394 return EACCES; /* pkt dropped */ 395 } else 396 return 0; /* consumed e.g. in a pipe */ 397 } 398 } 399 #endif 400 401 /* 402 * Queue message on interface, update output statistics if 403 * successful, and start output if interface not yet active. 404 */ 405 IFQ_HANDOFF(ifp, m, error); 406 return (error); 407 } 408 409 #if defined(INET) || defined(INET6) 410 /* 411 * ipfw processing for ethernet packets (in and out). 412 * The second parameter is NULL from ether_demux, and ifp from 413 * ether_output_frame. This section of code could be used from 414 * bridge.c as well as long as we use some extra info 415 * to distinguish that case from ether_output_frame(); 416 */ 417 int 418 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 419 struct ip_fw **rule, int shared) 420 { 421 struct ether_header *eh; 422 struct ether_header save_eh; 423 struct mbuf *m; 424 int i; 425 struct ip_fw_args args; 426 427 if (*rule != NULL && fw_one_pass) 428 return 1; /* dummynet packet, already partially processed */ 429 430 /* 431 * I need some amt of data to be contiguous, and in case others need 432 * the packet (shared==1) also better be in the first mbuf. 433 */ 434 m = *m0; 435 i = min( m->m_pkthdr.len, max_protohdr); 436 if ( shared || m->m_len < i) { 437 m = m_pullup(m, i); 438 if (m == NULL) { 439 *m0 = m; 440 return 0; 441 } 442 } 443 eh = mtod(m, struct ether_header *); 444 save_eh = *eh; /* save copy for restore below */ 445 m_adj(m, ETHER_HDR_LEN); /* strip ethernet header */ 446 447 args.m = m; /* the packet we are looking at */ 448 args.oif = dst; /* destination, if any */ 449 args.rule = *rule; /* matching rule to restart */ 450 args.next_hop = NULL; /* we do not support forward yet */ 451 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 452 i = ip_fw_chk_ptr(&args); 453 m = args.m; 454 if (m != NULL) { 455 /* 456 * Restore Ethernet header, as needed, in case the 457 * mbuf chain was replaced by ipfw. 458 */ 459 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 460 if (m == NULL) { 461 *m0 = m; 462 return 0; 463 } 464 if (eh != mtod(m, struct ether_header *)) 465 bcopy(&save_eh, mtod(m, struct ether_header *), 466 ETHER_HDR_LEN); 467 } 468 *m0 = m; 469 *rule = args.rule; 470 471 if (i == IP_FW_DENY) /* drop */ 472 return 0; 473 474 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL")); 475 476 if (i == IP_FW_PASS) /* a PASS rule. */ 477 return 1; 478 479 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 480 /* 481 * Pass the pkt to dummynet, which consumes it. 482 * If shared, make a copy and keep the original. 483 */ 484 if (shared) { 485 m = m_copypacket(m, M_DONTWAIT); 486 if (m == NULL) 487 return 0; 488 } else { 489 /* 490 * Pass the original to dummynet and 491 * nothing back to the caller 492 */ 493 *m0 = NULL ; 494 } 495 ip_dn_io_ptr(m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 496 return 0; 497 } 498 /* 499 * XXX at some point add support for divert/forward actions. 500 * If none of the above matches, we have to drop the pkt. 501 */ 502 return 0; 503 } 504 #endif 505 506 /* 507 * Process a received Ethernet packet; the packet is in the 508 * mbuf chain m with the ethernet header at the front. 509 */ 510 static void 511 ether_input(struct ifnet *ifp, struct mbuf *m) 512 { 513 struct ether_header *eh; 514 u_short etype; 515 516 /* 517 * Do consistency checks to verify assumptions 518 * made by code past this point. 519 */ 520 if ((m->m_flags & M_PKTHDR) == 0) { 521 if_printf(ifp, "discard frame w/o packet header\n"); 522 ifp->if_ierrors++; 523 m_freem(m); 524 return; 525 } 526 if (m->m_len < ETHER_HDR_LEN) { 527 /* XXX maybe should pullup? */ 528 if_printf(ifp, "discard frame w/o leading ethernet " 529 "header (len %u pkt len %u)\n", 530 m->m_len, m->m_pkthdr.len); 531 ifp->if_ierrors++; 532 m_freem(m); 533 return; 534 } 535 eh = mtod(m, struct ether_header *); 536 etype = ntohs(eh->ether_type); 537 if (m->m_pkthdr.len > 538 ETHER_MAX_FRAME(ifp, etype, m->m_flags & M_HASFCS)) { 539 if_printf(ifp, "discard oversize frame " 540 "(ether type %x flags %x len %u > max %lu)\n", 541 etype, m->m_flags, m->m_pkthdr.len, 542 ETHER_MAX_FRAME(ifp, etype, 543 m->m_flags & M_HASFCS)); 544 ifp->if_ierrors++; 545 m_freem(m); 546 return; 547 } 548 if (m->m_pkthdr.rcvif == NULL) { 549 if_printf(ifp, "discard frame w/o interface pointer\n"); 550 ifp->if_ierrors++; 551 m_freem(m); 552 return; 553 } 554 #ifdef DIAGNOSTIC 555 if (m->m_pkthdr.rcvif != ifp) { 556 if_printf(ifp, "Warning, frame marked as received on %s\n", 557 m->m_pkthdr.rcvif->if_xname); 558 } 559 #endif 560 561 #ifdef MAC 562 /* 563 * Tag the mbuf with an appropriate MAC label before any other 564 * consumers can get to it. 565 */ 566 mac_create_mbuf_from_ifnet(ifp, m); 567 #endif 568 569 /* 570 * Give bpf a chance at the packet. 571 */ 572 BPF_MTAP(ifp, m); 573 574 if (ifp->if_flags & IFF_MONITOR) { 575 /* 576 * Interface marked for monitoring; discard packet. 577 */ 578 m_freem(m); 579 return; 580 } 581 582 /* If the CRC is still on the packet, trim it off. */ 583 if (m->m_flags & M_HASFCS) { 584 m_adj(m, -ETHER_CRC_LEN); 585 m->m_flags &= ~M_HASFCS; 586 } 587 588 ifp->if_ibytes += m->m_pkthdr.len; 589 590 /* Handle ng_ether(4) processing, if any */ 591 if (IFP2AC(ifp)->ac_netgraph != NULL) { 592 (*ng_ether_input_p)(ifp, &m); 593 if (m == NULL) 594 return; 595 } 596 597 /* 598 * Tap the packet off here for a bridge. bridge_input() 599 * will return NULL if it has consumed the packet, otherwise 600 * it gets processed as normal. Note that bridge_input() 601 * will always return the original packet if we need to 602 * process it locally. 603 */ 604 if (ifp->if_bridge) { 605 KASSERT(bridge_input_p != NULL, 606 ("ether_input: if_bridge not loaded!")); 607 608 /* Mark the packet as broadcast or multicast. This is also set 609 * further down the code in ether_demux() but since the bridge 610 * input routine rarely returns a mbuf for further processing, 611 * it is an acceptable duplication. 612 */ 613 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 614 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 615 sizeof(etherbroadcastaddr)) == 0) 616 m->m_flags |= M_BCAST; 617 else 618 m->m_flags |= M_MCAST; 619 } 620 621 m = (*bridge_input_p)(ifp, m); 622 if (m == NULL) 623 return; 624 /* 625 * Bridge has determined that the packet is for us. 626 * Update our interface pointer -- we may have had 627 * to "bridge" the packet locally. 628 */ 629 ifp = m->m_pkthdr.rcvif; 630 } 631 632 /* Check for bridging mode */ 633 if (BDG_ACTIVE(ifp) ) 634 if ((m = bridge_in_ptr(ifp, m)) == NULL) 635 return; 636 637 /* First chunk of an mbuf contains good entropy */ 638 if (harvest.ethernet) 639 random_harvest(m, 16, 3, 0, RANDOM_NET); 640 ether_demux(ifp, m); 641 } 642 643 /* 644 * Upper layer processing for a received Ethernet packet. 645 */ 646 void 647 ether_demux(struct ifnet *ifp, struct mbuf *m) 648 { 649 struct ether_header *eh; 650 int isr; 651 u_short ether_type; 652 #if defined(NETATALK) 653 struct llc *l; 654 #endif 655 #if defined(INET) || defined(INET6) 656 struct ip_fw *rule = ip_dn_claim_rule(m); 657 #endif 658 659 KASSERT(ifp != NULL, ("ether_demux: NULL interface pointer")); 660 661 eh = mtod(m, struct ether_header *); 662 ether_type = ntohs(eh->ether_type); 663 664 #if defined(INET) || defined(INET6) 665 if (rule) /* packet was already bridged */ 666 goto post_stats; 667 #endif 668 669 if (!(BDG_ACTIVE(ifp)) && 670 !((ether_type == ETHERTYPE_VLAN || m->m_flags & M_VLANTAG) && 671 ifp->if_nvlans > 0)) { 672 #ifdef DEV_CARP 673 /* 674 * XXX: Okay, we need to call carp_forus() and - if it is for 675 * us jump over code that does the normal check 676 * "IFP2ENADDR(ifp) == ether_dhost". The check sequence is a bit 677 * different from OpenBSD, so we jump over as few code as 678 * possible, to catch _all_ sanity checks. This needs 679 * evaluation, to see if the carp ether_dhost values break any 680 * of these checks! 681 */ 682 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) 683 goto pre_stats; 684 #endif 685 /* 686 * Discard packet if upper layers shouldn't see it because it 687 * was unicast to a different Ethernet address. If the driver 688 * is working properly, then this situation can only happen 689 * when the interface is in promiscuous mode. 690 * 691 * If VLANs are active, and this packet has a VLAN tag, do 692 * not drop it here but pass it on to the VLAN layer, to 693 * give them a chance to consider it as well (e. g. in case 694 * bridging is only active on a VLAN). They will drop it if 695 * it's undesired. 696 */ 697 if ((ifp->if_flags & IFF_PROMISC) != 0 698 && !ETHER_IS_MULTICAST(eh->ether_dhost) 699 && bcmp(eh->ether_dhost, 700 IFP2ENADDR(ifp), ETHER_ADDR_LEN) != 0 701 && (ifp->if_flags & IFF_PPROMISC) == 0) { 702 m_freem(m); 703 return; 704 } 705 } 706 707 #ifdef DEV_CARP 708 pre_stats: 709 #endif 710 /* Discard packet if interface is not up */ 711 if ((ifp->if_flags & IFF_UP) == 0) { 712 m_freem(m); 713 return; 714 } 715 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 716 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 717 sizeof(etherbroadcastaddr)) == 0) 718 m->m_flags |= M_BCAST; 719 else 720 m->m_flags |= M_MCAST; 721 } 722 if (m->m_flags & (M_BCAST|M_MCAST)) 723 ifp->if_imcasts++; 724 725 #if defined(INET) || defined(INET6) 726 post_stats: 727 if (IPFW_LOADED && ether_ipfw != 0) { 728 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 729 if (m) 730 m_freem(m); 731 return; 732 } 733 } 734 #endif 735 736 /* 737 * Check to see if the device performed the VLAN decapsulation and 738 * provided us with the tag. 739 */ 740 if (m->m_flags & M_VLANTAG) { 741 /* 742 * If no VLANs are configured, drop. 743 */ 744 if (ifp->if_nvlans == 0) { 745 ifp->if_noproto++; 746 m_freem(m); 747 return; 748 } 749 /* 750 * vlan_input() will either recursively call ether_input() 751 * or drop the packet. 752 */ 753 KASSERT(vlan_input_p != NULL,("ether_input: VLAN not loaded!")); 754 (*vlan_input_p)(ifp, m); 755 return; 756 } 757 758 /* 759 * Handle protocols that expect to have the Ethernet header 760 * (and possibly FCS) intact. 761 */ 762 switch (ether_type) { 763 case ETHERTYPE_VLAN: 764 if (ifp->if_nvlans != 0) { 765 KASSERT(vlan_input_p,("ether_input: VLAN not loaded!")); 766 (*vlan_input_p)(ifp, m); 767 } else { 768 ifp->if_noproto++; 769 m_freem(m); 770 } 771 return; 772 } 773 774 /* Strip off Ethernet header. */ 775 m_adj(m, ETHER_HDR_LEN); 776 777 /* If the CRC is still on the packet, trim it off. */ 778 if (m->m_flags & M_HASFCS) { 779 m_adj(m, -ETHER_CRC_LEN); 780 m->m_flags &= ~M_HASFCS; 781 } 782 783 switch (ether_type) { 784 #ifdef INET 785 case ETHERTYPE_IP: 786 if (ip_fastforward(m)) 787 return; 788 isr = NETISR_IP; 789 break; 790 791 case ETHERTYPE_ARP: 792 if (ifp->if_flags & IFF_NOARP) { 793 /* Discard packet if ARP is disabled on interface */ 794 m_freem(m); 795 return; 796 } 797 isr = NETISR_ARP; 798 break; 799 #endif 800 #ifdef IPX 801 case ETHERTYPE_IPX: 802 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 803 return; 804 isr = NETISR_IPX; 805 break; 806 #endif 807 #ifdef INET6 808 case ETHERTYPE_IPV6: 809 isr = NETISR_IPV6; 810 break; 811 #endif 812 #ifdef NETATALK 813 case ETHERTYPE_AT: 814 isr = NETISR_ATALK1; 815 break; 816 case ETHERTYPE_AARP: 817 isr = NETISR_AARP; 818 break; 819 #endif /* NETATALK */ 820 default: 821 #ifdef IPX 822 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 823 return; 824 #endif /* IPX */ 825 #if defined(NETATALK) 826 if (ether_type > ETHERMTU) 827 goto discard; 828 l = mtod(m, struct llc *); 829 if (l->llc_dsap == LLC_SNAP_LSAP && 830 l->llc_ssap == LLC_SNAP_LSAP && 831 l->llc_control == LLC_UI) { 832 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 833 sizeof(at_org_code)) == 0 && 834 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 835 m_adj(m, LLC_SNAPFRAMELEN); 836 isr = NETISR_ATALK2; 837 break; 838 } 839 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 840 sizeof(aarp_org_code)) == 0 && 841 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 842 m_adj(m, LLC_SNAPFRAMELEN); 843 isr = NETISR_AARP; 844 break; 845 } 846 } 847 #endif /* NETATALK */ 848 goto discard; 849 } 850 netisr_dispatch(isr, m); 851 return; 852 853 discard: 854 /* 855 * Packet is to be discarded. If netgraph is present, 856 * hand the packet to it for last chance processing; 857 * otherwise dispose of it. 858 */ 859 if (IFP2AC(ifp)->ac_netgraph != NULL) { 860 /* 861 * Put back the ethernet header so netgraph has a 862 * consistent view of inbound packets. 863 */ 864 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 865 (*ng_ether_input_orphan_p)(ifp, m); 866 return; 867 } 868 m_freem(m); 869 } 870 871 /* 872 * Convert Ethernet address to printable (loggable) representation. 873 * This routine is for compatibility; it's better to just use 874 * 875 * printf("%6D", <pointer to address>, ":"); 876 * 877 * since there's no static buffer involved. 878 */ 879 char * 880 ether_sprintf(const u_char *ap) 881 { 882 static char etherbuf[18]; 883 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 884 return (etherbuf); 885 } 886 887 /* 888 * Perform common duties while attaching to interface list 889 */ 890 void 891 ether_ifattach(struct ifnet *ifp, const u_int8_t *llc) 892 { 893 int i; 894 struct ifaddr *ifa; 895 struct sockaddr_dl *sdl; 896 897 ifp->if_addrlen = ETHER_ADDR_LEN; 898 ifp->if_hdrlen = ETHER_HDR_LEN; 899 if_attach(ifp); 900 ifp->if_mtu = ETHERMTU; 901 ifp->if_output = ether_output; 902 ifp->if_input = ether_input; 903 ifp->if_resolvemulti = ether_resolvemulti; 904 if (ifp->if_baudrate == 0) 905 ifp->if_baudrate = IF_Mbps(10); /* just a default */ 906 ifp->if_broadcastaddr = etherbroadcastaddr; 907 908 ifa = ifaddr_byindex(ifp->if_index); 909 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 910 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 911 sdl->sdl_type = IFT_ETHER; 912 sdl->sdl_alen = ifp->if_addrlen; 913 bcopy(llc, LLADDR(sdl), ifp->if_addrlen); 914 /* 915 * XXX: This doesn't belong here; we do it until 916 * XXX: all drivers are cleaned up 917 */ 918 if (llc != IFP2ENADDR(ifp)) 919 bcopy(llc, IFP2ENADDR(ifp), ifp->if_addrlen); 920 921 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 922 if (ng_ether_attach_p != NULL) 923 (*ng_ether_attach_p)(ifp); 924 if (BDG_LOADED) 925 bdgtakeifaces_ptr(); 926 927 /* Announce Ethernet MAC address if non-zero. */ 928 for (i = 0; i < ifp->if_addrlen; i++) 929 if (llc[i] != 0) 930 break; 931 if (i != ifp->if_addrlen) 932 if_printf(ifp, "Ethernet address: %6D\n", llc, ":"); 933 if (debug_mpsafenet && (ifp->if_flags & IFF_NEEDSGIANT) != 0) 934 if_printf(ifp, "if_start running deferred for Giant\n"); 935 } 936 937 /* 938 * Perform common duties while detaching an Ethernet interface 939 */ 940 void 941 ether_ifdetach(struct ifnet *ifp) 942 { 943 if (IFP2AC(ifp)->ac_netgraph != NULL) 944 (*ng_ether_detach_p)(ifp); 945 bpfdetach(ifp); 946 if_detach(ifp); 947 if (BDG_LOADED) 948 bdgtakeifaces_ptr(); 949 } 950 951 SYSCTL_DECL(_net_link); 952 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 953 #if defined(INET) || defined(INET6) 954 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 955 ðer_ipfw,0,"Pass ether pkts through firewall"); 956 #endif 957 958 #if 0 959 /* 960 * This is for reference. We have a table-driven version 961 * of the little-endian crc32 generator, which is faster 962 * than the double-loop. 963 */ 964 uint32_t 965 ether_crc32_le(const uint8_t *buf, size_t len) 966 { 967 size_t i; 968 uint32_t crc; 969 int bit; 970 uint8_t data; 971 972 crc = 0xffffffff; /* initial value */ 973 974 for (i = 0; i < len; i++) { 975 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) 976 carry = (crc ^ data) & 1; 977 crc >>= 1; 978 if (carry) 979 crc = (crc ^ ETHER_CRC_POLY_LE); 980 } 981 982 return (crc); 983 } 984 #else 985 uint32_t 986 ether_crc32_le(const uint8_t *buf, size_t len) 987 { 988 static const uint32_t crctab[] = { 989 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 990 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 991 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 992 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 993 }; 994 size_t i; 995 uint32_t crc; 996 997 crc = 0xffffffff; /* initial value */ 998 999 for (i = 0; i < len; i++) { 1000 crc ^= buf[i]; 1001 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1002 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1003 } 1004 1005 return (crc); 1006 } 1007 #endif 1008 1009 uint32_t 1010 ether_crc32_be(const uint8_t *buf, size_t len) 1011 { 1012 size_t i; 1013 uint32_t crc, carry; 1014 int bit; 1015 uint8_t data; 1016 1017 crc = 0xffffffff; /* initial value */ 1018 1019 for (i = 0; i < len; i++) { 1020 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 1021 carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 1022 crc <<= 1; 1023 if (carry) 1024 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 1025 } 1026 } 1027 1028 return (crc); 1029 } 1030 1031 int 1032 ether_ioctl(struct ifnet *ifp, int command, caddr_t data) 1033 { 1034 struct ifaddr *ifa = (struct ifaddr *) data; 1035 struct ifreq *ifr = (struct ifreq *) data; 1036 int error = 0; 1037 1038 switch (command) { 1039 case SIOCSIFADDR: 1040 ifp->if_flags |= IFF_UP; 1041 1042 switch (ifa->ifa_addr->sa_family) { 1043 #ifdef INET 1044 case AF_INET: 1045 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 1046 arp_ifinit(ifp, ifa); 1047 break; 1048 #endif 1049 #ifdef IPX 1050 /* 1051 * XXX - This code is probably wrong 1052 */ 1053 case AF_IPX: 1054 { 1055 struct ipx_addr *ina = &(IA_SIPX(ifa)->sipx_addr); 1056 1057 if (ipx_nullhost(*ina)) 1058 ina->x_host = 1059 *(union ipx_host *) 1060 IFP2ENADDR(ifp); 1061 else { 1062 bcopy((caddr_t) ina->x_host.c_host, 1063 (caddr_t) IFP2ENADDR(ifp), 1064 ETHER_ADDR_LEN); 1065 } 1066 1067 /* 1068 * Set new address 1069 */ 1070 ifp->if_init(ifp->if_softc); 1071 break; 1072 } 1073 #endif 1074 default: 1075 ifp->if_init(ifp->if_softc); 1076 break; 1077 } 1078 break; 1079 1080 case SIOCGIFADDR: 1081 { 1082 struct sockaddr *sa; 1083 1084 sa = (struct sockaddr *) & ifr->ifr_data; 1085 bcopy(IFP2ENADDR(ifp), 1086 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1087 } 1088 break; 1089 1090 case SIOCSIFMTU: 1091 /* 1092 * Set the interface MTU. 1093 */ 1094 if (ifr->ifr_mtu > ETHERMTU) { 1095 error = EINVAL; 1096 } else { 1097 ifp->if_mtu = ifr->ifr_mtu; 1098 } 1099 break; 1100 default: 1101 error = EINVAL; /* XXX netbsd has ENOTTY??? */ 1102 break; 1103 } 1104 return (error); 1105 } 1106 1107 static int 1108 ether_resolvemulti(struct ifnet *ifp, struct sockaddr **llsa, 1109 struct sockaddr *sa) 1110 { 1111 struct sockaddr_dl *sdl; 1112 #ifdef INET 1113 struct sockaddr_in *sin; 1114 #endif 1115 #ifdef INET6 1116 struct sockaddr_in6 *sin6; 1117 #endif 1118 u_char *e_addr; 1119 1120 switch(sa->sa_family) { 1121 case AF_LINK: 1122 /* 1123 * No mapping needed. Just check that it's a valid MC address. 1124 */ 1125 sdl = (struct sockaddr_dl *)sa; 1126 e_addr = LLADDR(sdl); 1127 if (!ETHER_IS_MULTICAST(e_addr)) 1128 return EADDRNOTAVAIL; 1129 *llsa = 0; 1130 return 0; 1131 1132 #ifdef INET 1133 case AF_INET: 1134 sin = (struct sockaddr_in *)sa; 1135 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1136 return EADDRNOTAVAIL; 1137 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1138 M_WAITOK|M_ZERO); 1139 sdl->sdl_len = sizeof *sdl; 1140 sdl->sdl_family = AF_LINK; 1141 sdl->sdl_index = ifp->if_index; 1142 sdl->sdl_type = IFT_ETHER; 1143 sdl->sdl_alen = ETHER_ADDR_LEN; 1144 e_addr = LLADDR(sdl); 1145 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1146 *llsa = (struct sockaddr *)sdl; 1147 return 0; 1148 #endif 1149 #ifdef INET6 1150 case AF_INET6: 1151 sin6 = (struct sockaddr_in6 *)sa; 1152 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1153 /* 1154 * An IP6 address of 0 means listen to all 1155 * of the Ethernet multicast address used for IP6. 1156 * (This is used for multicast routers.) 1157 */ 1158 ifp->if_flags |= IFF_ALLMULTI; 1159 *llsa = 0; 1160 return 0; 1161 } 1162 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1163 return EADDRNOTAVAIL; 1164 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1165 M_WAITOK|M_ZERO); 1166 sdl->sdl_len = sizeof *sdl; 1167 sdl->sdl_family = AF_LINK; 1168 sdl->sdl_index = ifp->if_index; 1169 sdl->sdl_type = IFT_ETHER; 1170 sdl->sdl_alen = ETHER_ADDR_LEN; 1171 e_addr = LLADDR(sdl); 1172 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1173 *llsa = (struct sockaddr *)sdl; 1174 return 0; 1175 #endif 1176 1177 default: 1178 /* 1179 * Well, the text isn't quite right, but it's the name 1180 * that counts... 1181 */ 1182 return EAFNOSUPPORT; 1183 } 1184 } 1185 1186 static void* 1187 ether_alloc(u_char type, struct ifnet *ifp) 1188 { 1189 struct arpcom *ac; 1190 1191 ac = malloc(sizeof(struct arpcom), M_ARPCOM, M_WAITOK | M_ZERO); 1192 ac->ac_ifp = ifp; 1193 1194 return (ac); 1195 } 1196 1197 static void 1198 ether_free(void *com, u_char type) 1199 { 1200 1201 free(com, M_ARPCOM); 1202 } 1203 1204 static int 1205 ether_modevent(module_t mod, int type, void *data) 1206 { 1207 1208 switch (type) { 1209 case MOD_LOAD: 1210 if_register_com_alloc(IFT_ETHER, ether_alloc, ether_free); 1211 break; 1212 case MOD_UNLOAD: 1213 if_deregister_com_alloc(IFT_ETHER); 1214 break; 1215 default: 1216 return EOPNOTSUPP; 1217 } 1218 1219 return (0); 1220 } 1221 1222 static moduledata_t ether_mod = { 1223 "ether", 1224 ether_modevent, 1225 0 1226 }; 1227 1228 DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY); 1229 MODULE_VERSION(ether, 1); 1230