1 /* 2 * Copyright 1998 Massachusetts Institute of Technology 3 * 4 * Permission to use, copy, modify, and distribute this software and 5 * its documentation for any purpose and without fee is hereby 6 * granted, provided that both the above copyright notice and this 7 * permission notice appear in all copies, that both the above 8 * copyright notice and this permission notice appear in all 9 * supporting documentation, and that the name of M.I.T. not be used 10 * in advertising or publicity pertaining to distribution of the 11 * software without specific, written prior permission. M.I.T. makes 12 * no representations about the suitability of this software for any 13 * purpose. It is provided "as is" without express or implied 14 * warranty. 15 * 16 * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''. M.I.T. DISCLAIMS 17 * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE, 18 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT 20 * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 22 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 23 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 /* 33 * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. 34 * Might be extended some day to also handle IEEE 802.1p priority 35 * tagging. This is sort of sneaky in the implementation, since 36 * we need to pretend to be enough of an Ethernet implementation 37 * to make arp work. The way we do this is by telling everyone 38 * that we are an Ethernet, and then catch the packets that 39 * ether_output() left on our output queue queue when it calls 40 * if_start(), rewrite them for use by the real outgoing interface, 41 * and ask it to send them. 42 * 43 * 44 * XXX It's incorrect to assume that we must always kludge up 45 * headers on the physical device's behalf: some devices support 46 * VLAN tag insersion and extraction in firmware. For these cases, 47 * one can change the behavior of the vlan interface by setting 48 * the LINK0 flag on it (that is setting the vlan interface's LINK0 49 * flag, _not_ the parent's LINK0 flag; we try to leave the parent 50 * alone). If the interface as the LINK0 flag set, then it will 51 * not modify the ethernet header on output because the parent 52 * can do that for itself. On input, the parent can call vlan_input_tag() 53 * directly in order to supply us with an incoming mbuf and the vlan 54 * tag value that goes with it. 55 */ 56 57 #include "vlan.h" 58 #if NVLAN > 0 59 #include "opt_inet.h" 60 61 #include <sys/param.h> 62 #include <sys/kernel.h> 63 #include <sys/malloc.h> 64 #include <sys/mbuf.h> 65 #include <sys/queue.h> 66 #include <sys/socket.h> 67 #include <sys/sockio.h> 68 #include <sys/sysctl.h> 69 #include <sys/systm.h> 70 71 #include <net/bpf.h> 72 #include <net/ethernet.h> 73 #include <net/if.h> 74 #include <net/if_arp.h> 75 #include <net/if_dl.h> 76 #include <net/if_types.h> 77 #include <net/if_vlan_var.h> 78 79 #ifdef INET 80 #include <netinet/in.h> 81 #include <netinet/if_ether.h> 82 #endif 83 84 SYSCTL_DECL(_net_link); 85 SYSCTL_NODE(_net_link, IFT_8021_VLAN, vlan, CTLFLAG_RW, 0, "IEEE 802.1Q VLAN"); 86 SYSCTL_NODE(_net_link_vlan, PF_LINK, link, CTLFLAG_RW, 0, "for consistency"); 87 88 u_int vlan_proto = ETHERTYPE_VLAN; 89 SYSCTL_INT(_net_link_vlan_link, VLANCTL_PROTO, proto, CTLFLAG_RW, &vlan_proto, 90 0, "Ethernet protocol used for VLAN encapsulation"); 91 92 static struct ifvlan ifv_softc[NVLAN]; 93 94 static void vlan_start(struct ifnet *ifp); 95 static void vlan_ifinit(void *foo); 96 static int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr); 97 static int vlan_setmulti(struct ifnet *ifp); 98 static int vlan_unconfig(struct ifnet *ifp); 99 static int vlan_config(struct ifvlan *ifv, struct ifnet *p); 100 101 /* 102 * Program our multicast filter. What we're actually doing is 103 * programming the multicast filter of the parent. This has the 104 * side effect of causing the parent interface to receive multicast 105 * traffic that it doesn't really want, which ends up being discarded 106 * later by the upper protocol layers. Unfortunately, there's no way 107 * to avoid this: there really is only one physical interface. 108 */ 109 static int vlan_setmulti(struct ifnet *ifp) 110 { 111 struct ifnet *ifp_p; 112 struct ifmultiaddr *ifma, *rifma = NULL; 113 struct ifvlan *sc; 114 struct vlan_mc_entry *mc = NULL; 115 struct sockaddr_dl sdl; 116 int error; 117 118 /* Find the parent. */ 119 sc = ifp->if_softc; 120 ifp_p = sc->ifv_p; 121 122 sdl.sdl_len = ETHER_ADDR_LEN; 123 sdl.sdl_family = AF_LINK; 124 125 /* First, remove any existing filter entries. */ 126 while(sc->vlan_mc_listhead.slh_first != NULL) { 127 mc = sc->vlan_mc_listhead.slh_first; 128 bcopy((char *)&mc->mc_addr, LLADDR(&sdl), ETHER_ADDR_LEN); 129 error = if_delmulti(ifp_p, (struct sockaddr *)&sdl); 130 if (error) 131 return(error); 132 SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries); 133 free(mc, M_DEVBUF); 134 } 135 136 /* Now program new ones. */ 137 for (ifma = ifp->if_multiaddrs.lh_first; 138 ifma != NULL;ifma = ifma->ifma_link.le_next) { 139 if (ifma->ifma_addr->sa_family != AF_LINK) 140 continue; 141 mc = malloc(sizeof(struct vlan_mc_entry), M_DEVBUF, M_NOWAIT); 142 bcopy(LLADDR((struct sockaddr_dl *)ifma->ifma_addr), 143 (char *)&mc->mc_addr, ETHER_ADDR_LEN); 144 SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries); 145 error = if_addmulti(ifp_p, (struct sockaddr *)&sdl, &rifma); 146 if (error) 147 return(error); 148 } 149 150 return(0); 151 } 152 153 static void 154 vlaninit(void *dummy) 155 { 156 int i; 157 158 for (i = 0; i < NVLAN; i++) { 159 struct ifnet *ifp = &ifv_softc[i].ifv_if; 160 161 ifp->if_softc = &ifv_softc[i]; 162 ifp->if_name = "vlan"; 163 ifp->if_unit = i; 164 /* NB: flags are not set here */ 165 ifp->if_linkmib = &ifv_softc[i].ifv_mib; 166 ifp->if_linkmiblen = sizeof ifv_softc[i].ifv_mib; 167 /* NB: mtu is not set here */ 168 169 ifp->if_init = vlan_ifinit; 170 ifp->if_start = vlan_start; 171 ifp->if_ioctl = vlan_ioctl; 172 ifp->if_output = ether_output; 173 ifp->if_snd.ifq_maxlen = ifqmaxlen; 174 if_attach(ifp); 175 ether_ifattach(ifp); 176 bpfattach(ifp, DLT_EN10MB, sizeof(struct ether_header)); 177 /* Now undo some of the damage... */ 178 ifp->if_data.ifi_type = IFT_8021_VLAN; 179 ifp->if_data.ifi_hdrlen = EVL_ENCAPLEN; 180 ifp->if_resolvemulti = 0; 181 } 182 } 183 PSEUDO_SET(vlaninit, if_vlan); 184 185 static void 186 vlan_ifinit(void *foo) 187 { 188 return; 189 } 190 191 static void 192 vlan_start(struct ifnet *ifp) 193 { 194 struct ifvlan *ifv; 195 struct ifnet *p; 196 struct ether_vlan_header *evl; 197 struct mbuf *m; 198 199 ifv = ifp->if_softc; 200 p = ifv->ifv_p; 201 202 ifp->if_flags |= IFF_OACTIVE; 203 for (;;) { 204 IF_DEQUEUE(&ifp->if_snd, m); 205 if (m == 0) 206 break; 207 if (ifp->if_bpf) 208 bpf_mtap(ifp, m); 209 210 /* 211 * If the LINK0 flag is set, it means the underlying interface 212 * can do VLAN tag insertion itself and doesn't require us to 213 * create a special header for it. In this case, we just pass 214 * the packet along. However, we need some way to tell the 215 * interface where the packet came from so that it knows how 216 * to find the VLAN tag to use, so we set the rcvif in the 217 * mbuf header to our ifnet. 218 * 219 * Note: we also set the M_PROTO1 flag in the mbuf to let 220 * the parent driver know that the rcvif pointer is really 221 * valid. We need to do this because sometimes mbufs will 222 * be allocated by other parts of the system that contain 223 * garbage in the rcvif pointer. Using the M_PROTO1 flag 224 * lets the driver perform a proper sanity check and avoid 225 * following potentially bogus rcvif pointers off into 226 * never-never land. 227 */ 228 if (ifp->if_flags & IFF_LINK0) { 229 m->m_pkthdr.rcvif = ifp; 230 m->m_flags |= M_PROTO1; 231 } else { 232 M_PREPEND(m, EVL_ENCAPLEN, M_DONTWAIT); 233 if (m == 0) 234 continue; 235 /* M_PREPEND takes care of m_len, m_pkthdr.len for us */ 236 237 /* 238 * Transform the Ethernet header into an Ethernet header 239 * with 802.1Q encapsulation. 240 */ 241 bcopy(mtod(m, char *) + EVL_ENCAPLEN, mtod(m, char *), 242 sizeof(struct ether_header)); 243 evl = mtod(m, struct ether_vlan_header *); 244 evl->evl_proto = evl->evl_encap_proto; 245 evl->evl_encap_proto = htons(vlan_proto); 246 evl->evl_tag = htons(ifv->ifv_tag); 247 #ifdef DEBUG 248 printf("vlan_start: %*D\n", sizeof *evl, 249 (char *)evl, ":"); 250 #endif 251 } 252 253 /* 254 * Send it, precisely as ether_output() would have. 255 * We are already running at splimp. 256 */ 257 if (IF_QFULL(&p->if_snd)) { 258 IF_DROP(&p->if_snd); 259 /* XXX stats */ 260 ifp->if_oerrors++; 261 m_freem(m); 262 continue; 263 } 264 IF_ENQUEUE(&p->if_snd, m); 265 if ((p->if_flags & IFF_OACTIVE) == 0) { 266 p->if_start(p); 267 ifp->if_opackets++; 268 } 269 } 270 ifp->if_flags &= ~IFF_OACTIVE; 271 272 return; 273 } 274 275 void 276 vlan_input_tag(struct ether_header *eh, struct mbuf *m, u_int16_t t) 277 { 278 int i; 279 struct ifvlan *ifv; 280 281 for (i = 0; i < NVLAN; i++) { 282 ifv = &ifv_softc[i]; 283 if (ifv->ifv_tag == t) 284 break; 285 } 286 287 if (i >= NVLAN || (ifv->ifv_if.if_flags & IFF_UP) == 0) { 288 m_freem(m); 289 ifv->ifv_p->if_data.ifi_noproto++; 290 return; 291 } 292 293 /* 294 * Having found a valid vlan interface corresponding to 295 * the given source interface and vlan tag, run the 296 * the real packet through ethert_input(). 297 */ 298 m->m_pkthdr.rcvif = &ifv->ifv_if; 299 300 if (ifv->ifv_if.if_bpf) { 301 /* 302 * Do the usual BPF fakery. Note that we don't support 303 * promiscuous mode here, since it would require the 304 * drivers to know about VLANs and we're not ready for 305 * that yet. 306 */ 307 struct mbuf m0; 308 m0.m_next = m; 309 m0.m_len = sizeof(struct ether_header); 310 m0.m_data = (char *)eh; 311 bpf_mtap(&ifv->ifv_if, &m0); 312 } 313 ifv->ifv_if.if_ipackets++; 314 ether_input(&ifv->ifv_if, eh, m); 315 return; 316 } 317 318 int 319 vlan_input(struct ether_header *eh, struct mbuf *m) 320 { 321 int i; 322 struct ifvlan *ifv; 323 324 for (i = 0; i < NVLAN; i++) { 325 ifv = &ifv_softc[i]; 326 if (m->m_pkthdr.rcvif == ifv->ifv_p 327 && (EVL_VLANOFTAG(ntohs(*mtod(m, u_int16_t *))) 328 == ifv->ifv_tag)) 329 break; 330 } 331 332 if (i >= NVLAN || (ifv->ifv_if.if_flags & IFF_UP) == 0) { 333 m_freem(m); 334 return -1; /* so ether_input can take note */ 335 } 336 337 /* 338 * Having found a valid vlan interface corresponding to 339 * the given source interface and vlan tag, remove the 340 * encapsulation, and run the real packet through 341 * ether_input() a second time (it had better be 342 * reentrant!). 343 */ 344 m->m_pkthdr.rcvif = &ifv->ifv_if; 345 eh->ether_type = mtod(m, u_int16_t *)[1]; 346 m->m_data += EVL_ENCAPLEN; 347 m->m_len -= EVL_ENCAPLEN; 348 m->m_pkthdr.len -= EVL_ENCAPLEN; 349 350 if (ifv->ifv_if.if_bpf) { 351 /* 352 * Do the usual BPF fakery. Note that we don't support 353 * promiscuous mode here, since it would require the 354 * drivers to know about VLANs and we're not ready for 355 * that yet. 356 */ 357 struct mbuf m0; 358 m0.m_next = m; 359 m0.m_len = sizeof(struct ether_header); 360 m0.m_data = (char *)eh; 361 bpf_mtap(&ifv->ifv_if, &m0); 362 } 363 ifv->ifv_if.if_ipackets++; 364 ether_input(&ifv->ifv_if, eh, m); 365 return 0; 366 } 367 368 static int 369 vlan_config(struct ifvlan *ifv, struct ifnet *p) 370 { 371 struct ifaddr *ifa1, *ifa2; 372 struct sockaddr_dl *sdl1, *sdl2; 373 374 if (p->if_data.ifi_type != IFT_ETHER) 375 return EPROTONOSUPPORT; 376 if (ifv->ifv_p) 377 return EBUSY; 378 ifv->ifv_p = p; 379 if (p->if_data.ifi_hdrlen == sizeof(struct ether_vlan_header)) 380 ifv->ifv_if.if_mtu = p->if_mtu; 381 else 382 ifv->ifv_if.if_mtu = p->if_data.ifi_mtu - EVL_ENCAPLEN; 383 384 /* 385 * Preserve the state of the LINK0 flag for ourselves. 386 */ 387 ifv->ifv_if.if_flags = (p->if_flags & ~(IFF_LINK0)); 388 389 /* 390 * Set up our ``Ethernet address'' to reflect the underlying 391 * physical interface's. 392 */ 393 ifa1 = ifnet_addrs[ifv->ifv_if.if_index - 1]; 394 ifa2 = ifnet_addrs[p->if_index - 1]; 395 sdl1 = (struct sockaddr_dl *)ifa1->ifa_addr; 396 sdl2 = (struct sockaddr_dl *)ifa2->ifa_addr; 397 sdl1->sdl_type = IFT_ETHER; 398 sdl1->sdl_alen = ETHER_ADDR_LEN; 399 bcopy(LLADDR(sdl2), LLADDR(sdl1), ETHER_ADDR_LEN); 400 bcopy(LLADDR(sdl2), ifv->ifv_ac.ac_enaddr, ETHER_ADDR_LEN); 401 return 0; 402 } 403 404 static int 405 vlan_unconfig(struct ifnet *ifp) 406 { 407 struct ifaddr *ifa; 408 struct sockaddr_dl *sdl; 409 struct vlan_mc_entry *mc; 410 struct ifvlan *ifv; 411 struct ifnet *p; 412 int error; 413 414 ifv = ifp->if_softc; 415 p = ifv->ifv_p; 416 417 /* 418 * Since the interface is being unconfigured, we need to 419 * empty the list of multicast groups that we may have joined 420 * while we were alive and remove them from the parent's list 421 * as well. 422 */ 423 while(ifv->vlan_mc_listhead.slh_first != NULL) { 424 struct sockaddr_dl sdl; 425 426 sdl.sdl_len = ETHER_ADDR_LEN; 427 sdl.sdl_family = AF_LINK; 428 mc = ifv->vlan_mc_listhead.slh_first; 429 bcopy((char *)&mc->mc_addr, LLADDR(&sdl), ETHER_ADDR_LEN); 430 error = if_delmulti(p, (struct sockaddr *)&sdl); 431 error = if_delmulti(ifp, (struct sockaddr *)&sdl); 432 if (error) 433 return(error); 434 SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries); 435 free(mc, M_DEVBUF); 436 } 437 438 /* Disconnect from parent. */ 439 ifv->ifv_p = NULL; 440 ifv->ifv_if.if_mtu = ETHERMTU; 441 442 /* Clear our MAC address. */ 443 ifa = ifnet_addrs[ifv->ifv_if.if_index - 1]; 444 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 445 sdl->sdl_type = IFT_ETHER; 446 sdl->sdl_alen = ETHER_ADDR_LEN; 447 bzero(LLADDR(sdl), ETHER_ADDR_LEN); 448 bzero(ifv->ifv_ac.ac_enaddr, ETHER_ADDR_LEN); 449 450 return 0; 451 } 452 453 static int 454 vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 455 { 456 struct ifaddr *ifa; 457 struct ifnet *p; 458 struct ifreq *ifr; 459 struct ifvlan *ifv; 460 struct vlanreq vlr; 461 int error = 0; 462 463 ifr = (struct ifreq *)data; 464 ifa = (struct ifaddr *)data; 465 ifv = ifp->if_softc; 466 467 switch (cmd) { 468 case SIOCSIFADDR: 469 ifp->if_flags |= IFF_UP; 470 471 switch (ifa->ifa_addr->sa_family) { 472 #ifdef INET 473 case AF_INET: 474 arp_ifinit(&ifv->ifv_ac, ifa); 475 break; 476 #endif 477 default: 478 break; 479 } 480 break; 481 482 case SIOCGIFADDR: 483 { 484 struct sockaddr *sa; 485 486 sa = (struct sockaddr *) &ifr->ifr_data; 487 bcopy(((struct arpcom *)ifp->if_softc)->ac_enaddr, 488 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 489 } 490 break; 491 492 case SIOCSIFMTU: 493 /* 494 * Set the interface MTU. 495 * This is bogus. The underlying interface might support 496 * jumbo frames. 497 */ 498 if (ifr->ifr_mtu > ETHERMTU) { 499 error = EINVAL; 500 } else { 501 ifp->if_mtu = ifr->ifr_mtu; 502 } 503 break; 504 505 case SIOCSETVLAN: 506 error = copyin(ifr->ifr_data, &vlr, sizeof vlr); 507 if (error) 508 break; 509 if (vlr.vlr_parent[0] == '\0') { 510 vlan_unconfig(ifp); 511 if_down(ifp); 512 ifp->if_flags = 0; 513 break; 514 } 515 p = ifunit(vlr.vlr_parent); 516 if (p == 0) { 517 error = ENOENT; 518 break; 519 } 520 error = vlan_config(ifv, p); 521 if (error) 522 break; 523 ifv->ifv_tag = vlr.vlr_tag; 524 break; 525 526 case SIOCGETVLAN: 527 bzero(&vlr, sizeof vlr); 528 if (ifv->ifv_p) { 529 snprintf(vlr.vlr_parent, sizeof(vlr.vlr_parent), 530 "%s%d", ifv->ifv_p->if_name, ifv->ifv_p->if_unit); 531 vlr.vlr_tag = ifv->ifv_tag; 532 } 533 error = copyout(&vlr, ifr->ifr_data, sizeof vlr); 534 break; 535 536 case SIOCSIFFLAGS: 537 /* 538 * We don't support promiscuous mode 539 * right now because it would require help from the 540 * underlying drivers, which hasn't been implemented. 541 */ 542 if (ifr->ifr_flags & (IFF_PROMISC)) { 543 ifp->if_flags &= ~(IFF_PROMISC); 544 error = EINVAL; 545 } 546 break; 547 case SIOCADDMULTI: 548 case SIOCDELMULTI: 549 error = vlan_setmulti(ifp); 550 break; 551 default: 552 error = EINVAL; 553 } 554 return error; 555 } 556 557 #endif /* NVLAN > 0 */ 558