xref: /freebsd/sys/net/if_vlan.c (revision 51015e6d0f570239b0c2088dc6cf2b018928375d)
1 /*-
2  * Copyright 1998 Massachusetts Institute of Technology
3  * Copyright 2012 ADARA Networks, Inc.
4  * Copyright 2017 Dell EMC Isilon
5  *
6  * Portions of this software were developed by Robert N. M. Watson under
7  * contract to ADARA Networks, Inc.
8  *
9  * Permission to use, copy, modify, and distribute this software and
10  * its documentation for any purpose and without fee is hereby
11  * granted, provided that both the above copyright notice and this
12  * permission notice appear in all copies, that both the above
13  * copyright notice and this permission notice appear in all
14  * supporting documentation, and that the name of M.I.T. not be used
15  * in advertising or publicity pertaining to distribution of the
16  * software without specific, written prior permission.  M.I.T. makes
17  * no representations about the suitability of this software for any
18  * purpose.  It is provided "as is" without express or implied
19  * warranty.
20  *
21  * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''.  M.I.T. DISCLAIMS
22  * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE,
23  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
25  * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
28  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 /*
36  * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs.
37  * This is sort of sneaky in the implementation, since
38  * we need to pretend to be enough of an Ethernet implementation
39  * to make arp work.  The way we do this is by telling everyone
40  * that we are an Ethernet, and then catch the packets that
41  * ether_output() sends to us via if_transmit(), rewrite them for
42  * use by the real outgoing interface, and ask it to send them.
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include "opt_inet.h"
49 #include "opt_inet6.h"
50 #include "opt_kern_tls.h"
51 #include "opt_vlan.h"
52 #include "opt_ratelimit.h"
53 
54 #include <sys/param.h>
55 #include <sys/eventhandler.h>
56 #include <sys/kernel.h>
57 #include <sys/lock.h>
58 #include <sys/malloc.h>
59 #include <sys/mbuf.h>
60 #include <sys/module.h>
61 #include <sys/rmlock.h>
62 #include <sys/priv.h>
63 #include <sys/queue.h>
64 #include <sys/socket.h>
65 #include <sys/sockio.h>
66 #include <sys/sysctl.h>
67 #include <sys/systm.h>
68 #include <sys/sx.h>
69 #include <sys/taskqueue.h>
70 
71 #include <net/bpf.h>
72 #include <net/ethernet.h>
73 #include <net/if.h>
74 #include <net/if_var.h>
75 #include <net/if_private.h>
76 #include <net/if_clone.h>
77 #include <net/if_dl.h>
78 #include <net/if_types.h>
79 #include <net/if_vlan_var.h>
80 #include <net/route.h>
81 #include <net/vnet.h>
82 
83 #ifdef INET
84 #include <netinet/in.h>
85 #include <netinet/if_ether.h>
86 #endif
87 
88 #define	VLAN_DEF_HWIDTH	4
89 #define	VLAN_IFFLAGS	(IFF_BROADCAST | IFF_MULTICAST)
90 
91 #define	UP_AND_RUNNING(ifp) \
92     ((ifp)->if_flags & IFF_UP && (ifp)->if_drv_flags & IFF_DRV_RUNNING)
93 
94 CK_SLIST_HEAD(ifvlanhead, ifvlan);
95 
96 struct ifvlantrunk {
97 	struct	ifnet   *parent;	/* parent interface of this trunk */
98 	struct	mtx	lock;
99 #ifdef VLAN_ARRAY
100 #define	VLAN_ARRAY_SIZE	(EVL_VLID_MASK + 1)
101 	struct	ifvlan	*vlans[VLAN_ARRAY_SIZE]; /* static table */
102 #else
103 	struct	ifvlanhead *hash;	/* dynamic hash-list table */
104 	uint16_t	hmask;
105 	uint16_t	hwidth;
106 #endif
107 	int		refcnt;
108 };
109 
110 #if defined(KERN_TLS) || defined(RATELIMIT)
111 struct vlan_snd_tag {
112 	struct m_snd_tag com;
113 	struct m_snd_tag *tag;
114 };
115 
116 static inline struct vlan_snd_tag *
117 mst_to_vst(struct m_snd_tag *mst)
118 {
119 
120 	return (__containerof(mst, struct vlan_snd_tag, com));
121 }
122 #endif
123 
124 /*
125  * This macro provides a facility to iterate over every vlan on a trunk with
126  * the assumption that none will be added/removed during iteration.
127  */
128 #ifdef VLAN_ARRAY
129 #define VLAN_FOREACH(_ifv, _trunk) \
130 	size_t _i; \
131 	for (_i = 0; _i < VLAN_ARRAY_SIZE; _i++) \
132 		if (((_ifv) = (_trunk)->vlans[_i]) != NULL)
133 #else /* VLAN_ARRAY */
134 #define VLAN_FOREACH(_ifv, _trunk) \
135 	struct ifvlan *_next; \
136 	size_t _i; \
137 	for (_i = 0; _i < (1 << (_trunk)->hwidth); _i++) \
138 		CK_SLIST_FOREACH_SAFE((_ifv), &(_trunk)->hash[_i], ifv_list, _next)
139 #endif /* VLAN_ARRAY */
140 
141 /*
142  * This macro provides a facility to iterate over every vlan on a trunk while
143  * also modifying the number of vlans on the trunk. The iteration continues
144  * until some condition is met or there are no more vlans on the trunk.
145  */
146 #ifdef VLAN_ARRAY
147 /* The VLAN_ARRAY case is simple -- just a for loop using the condition. */
148 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \
149 	size_t _i; \
150 	for (_i = 0; !(_cond) && _i < VLAN_ARRAY_SIZE; _i++) \
151 		if (((_ifv) = (_trunk)->vlans[_i]))
152 #else /* VLAN_ARRAY */
153 /*
154  * The hash table case is more complicated. We allow for the hash table to be
155  * modified (i.e. vlans removed) while we are iterating over it. To allow for
156  * this we must restart the iteration every time we "touch" something during
157  * the iteration, since removal will resize the hash table and invalidate our
158  * current position. If acting on the touched element causes the trunk to be
159  * emptied, then iteration also stops.
160  */
161 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \
162 	size_t _i; \
163 	bool _touch = false; \
164 	for (_i = 0; \
165 	    !(_cond) && _i < (1 << (_trunk)->hwidth); \
166 	    _i = (_touch && ((_trunk) != NULL) ? 0 : _i + 1), _touch = false) \
167 		if (((_ifv) = CK_SLIST_FIRST(&(_trunk)->hash[_i])) != NULL && \
168 		    (_touch = true))
169 #endif /* VLAN_ARRAY */
170 
171 struct vlan_mc_entry {
172 	struct sockaddr_dl		mc_addr;
173 	CK_SLIST_ENTRY(vlan_mc_entry)	mc_entries;
174 	struct epoch_context		mc_epoch_ctx;
175 };
176 
177 struct ifvlan {
178 	struct	ifvlantrunk *ifv_trunk;
179 	struct	ifnet *ifv_ifp;
180 #define	TRUNK(ifv)	((ifv)->ifv_trunk)
181 #define	PARENT(ifv)	(TRUNK(ifv)->parent)
182 	void	*ifv_cookie;
183 	int	ifv_pflags;	/* special flags we have set on parent */
184 	int	ifv_capenable;
185 	int	ifv_encaplen;	/* encapsulation length */
186 	int	ifv_mtufudge;	/* MTU fudged by this much */
187 	int	ifv_mintu;	/* min transmission unit */
188 	struct  ether_8021q_tag ifv_qtag;
189 #define ifv_proto	ifv_qtag.proto
190 #define ifv_vid		ifv_qtag.vid
191 #define ifv_pcp		ifv_qtag.pcp
192 	struct task lladdr_task;
193 	CK_SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead;
194 #ifndef VLAN_ARRAY
195 	CK_SLIST_ENTRY(ifvlan) ifv_list;
196 #endif
197 };
198 
199 /* Special flags we should propagate to parent. */
200 static struct {
201 	int flag;
202 	int (*func)(struct ifnet *, int);
203 } vlan_pflags[] = {
204 	{IFF_PROMISC, ifpromisc},
205 	{IFF_ALLMULTI, if_allmulti},
206 	{0, NULL}
207 };
208 
209 VNET_DECLARE(int, vlan_mtag_pcp);
210 #define	V_vlan_mtag_pcp	VNET(vlan_mtag_pcp)
211 
212 static const char vlanname[] = "vlan";
213 static MALLOC_DEFINE(M_VLAN, vlanname, "802.1Q Virtual LAN Interface");
214 
215 static eventhandler_tag ifdetach_tag;
216 static eventhandler_tag iflladdr_tag;
217 static eventhandler_tag ifevent_tag;
218 
219 /*
220  * if_vlan uses two module-level synchronizations primitives to allow concurrent
221  * modification of vlan interfaces and (mostly) allow for vlans to be destroyed
222  * while they are being used for tx/rx. To accomplish this in a way that has
223  * acceptable performance and cooperation with other parts of the network stack
224  * there is a non-sleepable epoch(9) and an sx(9).
225  *
226  * The performance-sensitive paths that warrant using the epoch(9) are
227  * vlan_transmit and vlan_input. Both have to check for the vlan interface's
228  * existence using if_vlantrunk, and being in the network tx/rx paths the use
229  * of an epoch(9) gives a measureable improvement in performance.
230  *
231  * The reason for having an sx(9) is mostly because there are still areas that
232  * must be sleepable and also have safe concurrent access to a vlan interface.
233  * Since the sx(9) exists, it is used by default in most paths unless sleeping
234  * is not permitted, or if it is not clear whether sleeping is permitted.
235  *
236  */
237 #define _VLAN_SX_ID ifv_sx
238 
239 static struct sx _VLAN_SX_ID;
240 
241 #define VLAN_LOCKING_INIT() \
242 	sx_init_flags(&_VLAN_SX_ID, "vlan_sx", SX_RECURSE)
243 
244 #define VLAN_LOCKING_DESTROY() \
245 	sx_destroy(&_VLAN_SX_ID)
246 
247 #define	VLAN_SLOCK()			sx_slock(&_VLAN_SX_ID)
248 #define	VLAN_SUNLOCK()			sx_sunlock(&_VLAN_SX_ID)
249 #define	VLAN_XLOCK()			sx_xlock(&_VLAN_SX_ID)
250 #define	VLAN_XUNLOCK()			sx_xunlock(&_VLAN_SX_ID)
251 #define	VLAN_SLOCK_ASSERT()		sx_assert(&_VLAN_SX_ID, SA_SLOCKED)
252 #define	VLAN_XLOCK_ASSERT()		sx_assert(&_VLAN_SX_ID, SA_XLOCKED)
253 #define	VLAN_SXLOCK_ASSERT()		sx_assert(&_VLAN_SX_ID, SA_LOCKED)
254 
255 /*
256  * We also have a per-trunk mutex that should be acquired when changing
257  * its state.
258  */
259 #define	TRUNK_LOCK_INIT(trunk)		mtx_init(&(trunk)->lock, vlanname, NULL, MTX_DEF)
260 #define	TRUNK_LOCK_DESTROY(trunk)	mtx_destroy(&(trunk)->lock)
261 #define	TRUNK_WLOCK(trunk)		mtx_lock(&(trunk)->lock)
262 #define	TRUNK_WUNLOCK(trunk)		mtx_unlock(&(trunk)->lock)
263 #define	TRUNK_WLOCK_ASSERT(trunk)	mtx_assert(&(trunk)->lock, MA_OWNED);
264 
265 /*
266  * The VLAN_ARRAY substitutes the dynamic hash with a static array
267  * with 4096 entries. In theory this can give a boost in processing,
268  * however in practice it does not. Probably this is because the array
269  * is too big to fit into CPU cache.
270  */
271 #ifndef VLAN_ARRAY
272 static	void vlan_inithash(struct ifvlantrunk *trunk);
273 static	void vlan_freehash(struct ifvlantrunk *trunk);
274 static	int vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv);
275 static	int vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv);
276 static	void vlan_growhash(struct ifvlantrunk *trunk, int howmuch);
277 static __inline struct ifvlan * vlan_gethash(struct ifvlantrunk *trunk,
278 	uint16_t vid);
279 #endif
280 static	void trunk_destroy(struct ifvlantrunk *trunk);
281 
282 static	void vlan_init(void *foo);
283 static	void vlan_input(struct ifnet *ifp, struct mbuf *m);
284 static	int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr);
285 #if defined(KERN_TLS) || defined(RATELIMIT)
286 static	int vlan_snd_tag_alloc(struct ifnet *,
287     union if_snd_tag_alloc_params *, struct m_snd_tag **);
288 static	int vlan_snd_tag_modify(struct m_snd_tag *,
289     union if_snd_tag_modify_params *);
290 static	int vlan_snd_tag_query(struct m_snd_tag *,
291     union if_snd_tag_query_params *);
292 static	void vlan_snd_tag_free(struct m_snd_tag *);
293 static struct m_snd_tag *vlan_next_snd_tag(struct m_snd_tag *);
294 static void vlan_ratelimit_query(struct ifnet *,
295     struct if_ratelimit_query_results *);
296 #endif
297 static	void vlan_qflush(struct ifnet *ifp);
298 static	int vlan_setflag(struct ifnet *ifp, int flag, int status,
299     int (*func)(struct ifnet *, int));
300 static	int vlan_setflags(struct ifnet *ifp, int status);
301 static	int vlan_setmulti(struct ifnet *ifp);
302 static	int vlan_transmit(struct ifnet *ifp, struct mbuf *m);
303 #ifdef ALTQ
304 static void vlan_altq_start(struct ifnet *ifp);
305 static	int vlan_altq_transmit(struct ifnet *ifp, struct mbuf *m);
306 #endif
307 static	int vlan_output(struct ifnet *ifp, struct mbuf *m,
308     const struct sockaddr *dst, struct route *ro);
309 static	void vlan_unconfig(struct ifnet *ifp);
310 static	void vlan_unconfig_locked(struct ifnet *ifp, int departing);
311 static	int vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t tag,
312 	uint16_t proto);
313 static	void vlan_link_state(struct ifnet *ifp);
314 static	void vlan_capabilities(struct ifvlan *ifv);
315 static	void vlan_trunk_capabilities(struct ifnet *ifp);
316 
317 static	struct ifnet *vlan_clone_match_ethervid(const char *, int *);
318 static	int vlan_clone_match(struct if_clone *, const char *);
319 static	int vlan_clone_create(struct if_clone *, char *, size_t,
320     struct ifc_data *, struct ifnet **);
321 static	int vlan_clone_destroy(struct if_clone *, struct ifnet *, uint32_t);
322 
323 static	void vlan_ifdetach(void *arg, struct ifnet *ifp);
324 static  void vlan_iflladdr(void *arg, struct ifnet *ifp);
325 static  void vlan_ifevent(void *arg, struct ifnet *ifp, int event);
326 
327 static  void vlan_lladdr_fn(void *arg, int pending);
328 
329 static struct if_clone *vlan_cloner;
330 
331 #ifdef VIMAGE
332 VNET_DEFINE_STATIC(struct if_clone *, vlan_cloner);
333 #define	V_vlan_cloner	VNET(vlan_cloner)
334 #endif
335 
336 #ifdef RATELIMIT
337 static const struct if_snd_tag_sw vlan_snd_tag_ul_sw = {
338 	.snd_tag_modify = vlan_snd_tag_modify,
339 	.snd_tag_query = vlan_snd_tag_query,
340 	.snd_tag_free = vlan_snd_tag_free,
341 	.next_snd_tag = vlan_next_snd_tag,
342 	.type = IF_SND_TAG_TYPE_UNLIMITED
343 };
344 
345 static const struct if_snd_tag_sw vlan_snd_tag_rl_sw = {
346 	.snd_tag_modify = vlan_snd_tag_modify,
347 	.snd_tag_query = vlan_snd_tag_query,
348 	.snd_tag_free = vlan_snd_tag_free,
349 	.next_snd_tag = vlan_next_snd_tag,
350 	.type = IF_SND_TAG_TYPE_RATE_LIMIT
351 };
352 #endif
353 
354 #ifdef KERN_TLS
355 static const struct if_snd_tag_sw vlan_snd_tag_tls_sw = {
356 	.snd_tag_modify = vlan_snd_tag_modify,
357 	.snd_tag_query = vlan_snd_tag_query,
358 	.snd_tag_free = vlan_snd_tag_free,
359 	.next_snd_tag = vlan_next_snd_tag,
360 	.type = IF_SND_TAG_TYPE_TLS
361 };
362 
363 #ifdef RATELIMIT
364 static const struct if_snd_tag_sw vlan_snd_tag_tls_rl_sw = {
365 	.snd_tag_modify = vlan_snd_tag_modify,
366 	.snd_tag_query = vlan_snd_tag_query,
367 	.snd_tag_free = vlan_snd_tag_free,
368 	.next_snd_tag = vlan_next_snd_tag,
369 	.type = IF_SND_TAG_TYPE_TLS_RATE_LIMIT
370 };
371 #endif
372 #endif
373 
374 static void
375 vlan_mc_free(struct epoch_context *ctx)
376 {
377 	struct vlan_mc_entry *mc = __containerof(ctx, struct vlan_mc_entry, mc_epoch_ctx);
378 	free(mc, M_VLAN);
379 }
380 
381 #ifndef VLAN_ARRAY
382 #define HASH(n, m)	((((n) >> 8) ^ ((n) >> 4) ^ (n)) & (m))
383 
384 static void
385 vlan_inithash(struct ifvlantrunk *trunk)
386 {
387 	int i, n;
388 
389 	/*
390 	 * The trunk must not be locked here since we call malloc(M_WAITOK).
391 	 * It is OK in case this function is called before the trunk struct
392 	 * gets hooked up and becomes visible from other threads.
393 	 */
394 
395 	KASSERT(trunk->hwidth == 0 && trunk->hash == NULL,
396 	    ("%s: hash already initialized", __func__));
397 
398 	trunk->hwidth = VLAN_DEF_HWIDTH;
399 	n = 1 << trunk->hwidth;
400 	trunk->hmask = n - 1;
401 	trunk->hash = malloc(sizeof(struct ifvlanhead) * n, M_VLAN, M_WAITOK);
402 	for (i = 0; i < n; i++)
403 		CK_SLIST_INIT(&trunk->hash[i]);
404 }
405 
406 static void
407 vlan_freehash(struct ifvlantrunk *trunk)
408 {
409 #ifdef INVARIANTS
410 	int i;
411 
412 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
413 	for (i = 0; i < (1 << trunk->hwidth); i++)
414 		KASSERT(CK_SLIST_EMPTY(&trunk->hash[i]),
415 		    ("%s: hash table not empty", __func__));
416 #endif
417 	free(trunk->hash, M_VLAN);
418 	trunk->hash = NULL;
419 	trunk->hwidth = trunk->hmask = 0;
420 }
421 
422 static int
423 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
424 {
425 	int i, b;
426 	struct ifvlan *ifv2;
427 
428 	VLAN_XLOCK_ASSERT();
429 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
430 
431 	b = 1 << trunk->hwidth;
432 	i = HASH(ifv->ifv_vid, trunk->hmask);
433 	CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
434 		if (ifv->ifv_vid == ifv2->ifv_vid)
435 			return (EEXIST);
436 
437 	/*
438 	 * Grow the hash when the number of vlans exceeds half of the number of
439 	 * hash buckets squared. This will make the average linked-list length
440 	 * buckets/2.
441 	 */
442 	if (trunk->refcnt > (b * b) / 2) {
443 		vlan_growhash(trunk, 1);
444 		i = HASH(ifv->ifv_vid, trunk->hmask);
445 	}
446 	CK_SLIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list);
447 	trunk->refcnt++;
448 
449 	return (0);
450 }
451 
452 static int
453 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
454 {
455 	int i, b;
456 	struct ifvlan *ifv2;
457 
458 	VLAN_XLOCK_ASSERT();
459 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
460 
461 	b = 1 << (trunk->hwidth - 1);
462 	i = HASH(ifv->ifv_vid, trunk->hmask);
463 	CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
464 		if (ifv2 == ifv) {
465 			trunk->refcnt--;
466 			CK_SLIST_REMOVE(&trunk->hash[i], ifv2, ifvlan, ifv_list);
467 			if (trunk->refcnt < (b * b) / 2)
468 				vlan_growhash(trunk, -1);
469 			return (0);
470 		}
471 
472 	panic("%s: vlan not found\n", __func__);
473 	return (ENOENT); /*NOTREACHED*/
474 }
475 
476 /*
477  * Grow the hash larger or smaller if memory permits.
478  */
479 static void
480 vlan_growhash(struct ifvlantrunk *trunk, int howmuch)
481 {
482 	struct ifvlan *ifv;
483 	struct ifvlanhead *hash2;
484 	int hwidth2, i, j, n, n2;
485 
486 	VLAN_XLOCK_ASSERT();
487 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
488 
489 	if (howmuch == 0) {
490 		/* Harmless yet obvious coding error */
491 		printf("%s: howmuch is 0\n", __func__);
492 		return;
493 	}
494 
495 	hwidth2 = trunk->hwidth + howmuch;
496 	n = 1 << trunk->hwidth;
497 	n2 = 1 << hwidth2;
498 	/* Do not shrink the table below the default */
499 	if (hwidth2 < VLAN_DEF_HWIDTH)
500 		return;
501 
502 	hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_WAITOK);
503 	if (hash2 == NULL) {
504 		printf("%s: out of memory -- hash size not changed\n",
505 		    __func__);
506 		return;		/* We can live with the old hash table */
507 	}
508 	for (j = 0; j < n2; j++)
509 		CK_SLIST_INIT(&hash2[j]);
510 	for (i = 0; i < n; i++)
511 		while ((ifv = CK_SLIST_FIRST(&trunk->hash[i])) != NULL) {
512 			CK_SLIST_REMOVE(&trunk->hash[i], ifv, ifvlan, ifv_list);
513 			j = HASH(ifv->ifv_vid, n2 - 1);
514 			CK_SLIST_INSERT_HEAD(&hash2[j], ifv, ifv_list);
515 		}
516 	NET_EPOCH_WAIT();
517 	free(trunk->hash, M_VLAN);
518 	trunk->hash = hash2;
519 	trunk->hwidth = hwidth2;
520 	trunk->hmask = n2 - 1;
521 
522 	if (bootverbose)
523 		if_printf(trunk->parent,
524 		    "VLAN hash table resized from %d to %d buckets\n", n, n2);
525 }
526 
527 static __inline struct ifvlan *
528 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid)
529 {
530 	struct ifvlan *ifv;
531 
532 	NET_EPOCH_ASSERT();
533 
534 	CK_SLIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list)
535 		if (ifv->ifv_vid == vid)
536 			return (ifv);
537 	return (NULL);
538 }
539 
540 #if 0
541 /* Debugging code to view the hashtables. */
542 static void
543 vlan_dumphash(struct ifvlantrunk *trunk)
544 {
545 	int i;
546 	struct ifvlan *ifv;
547 
548 	for (i = 0; i < (1 << trunk->hwidth); i++) {
549 		printf("%d: ", i);
550 		CK_SLIST_FOREACH(ifv, &trunk->hash[i], ifv_list)
551 			printf("%s ", ifv->ifv_ifp->if_xname);
552 		printf("\n");
553 	}
554 }
555 #endif /* 0 */
556 #else
557 
558 static __inline struct ifvlan *
559 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid)
560 {
561 
562 	return trunk->vlans[vid];
563 }
564 
565 static __inline int
566 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
567 {
568 
569 	if (trunk->vlans[ifv->ifv_vid] != NULL)
570 		return EEXIST;
571 	trunk->vlans[ifv->ifv_vid] = ifv;
572 	trunk->refcnt++;
573 
574 	return (0);
575 }
576 
577 static __inline int
578 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
579 {
580 
581 	trunk->vlans[ifv->ifv_vid] = NULL;
582 	trunk->refcnt--;
583 
584 	return (0);
585 }
586 
587 static __inline void
588 vlan_freehash(struct ifvlantrunk *trunk)
589 {
590 }
591 
592 static __inline void
593 vlan_inithash(struct ifvlantrunk *trunk)
594 {
595 }
596 
597 #endif /* !VLAN_ARRAY */
598 
599 static void
600 trunk_destroy(struct ifvlantrunk *trunk)
601 {
602 	VLAN_XLOCK_ASSERT();
603 
604 	vlan_freehash(trunk);
605 	trunk->parent->if_vlantrunk = NULL;
606 	TRUNK_LOCK_DESTROY(trunk);
607 	if_rele(trunk->parent);
608 	free(trunk, M_VLAN);
609 }
610 
611 /*
612  * Program our multicast filter. What we're actually doing is
613  * programming the multicast filter of the parent. This has the
614  * side effect of causing the parent interface to receive multicast
615  * traffic that it doesn't really want, which ends up being discarded
616  * later by the upper protocol layers. Unfortunately, there's no way
617  * to avoid this: there really is only one physical interface.
618  */
619 static int
620 vlan_setmulti(struct ifnet *ifp)
621 {
622 	struct ifnet		*ifp_p;
623 	struct ifmultiaddr	*ifma;
624 	struct ifvlan		*sc;
625 	struct vlan_mc_entry	*mc;
626 	int			error;
627 
628 	VLAN_XLOCK_ASSERT();
629 
630 	/* Find the parent. */
631 	sc = ifp->if_softc;
632 	ifp_p = PARENT(sc);
633 
634 	CURVNET_SET_QUIET(ifp_p->if_vnet);
635 
636 	/* First, remove any existing filter entries. */
637 	while ((mc = CK_SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) {
638 		CK_SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries);
639 		(void)if_delmulti(ifp_p, (struct sockaddr *)&mc->mc_addr);
640 		NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx);
641 	}
642 
643 	/* Now program new ones. */
644 	IF_ADDR_WLOCK(ifp);
645 	CK_STAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
646 		if (ifma->ifma_addr->sa_family != AF_LINK)
647 			continue;
648 		mc = malloc(sizeof(struct vlan_mc_entry), M_VLAN, M_NOWAIT);
649 		if (mc == NULL) {
650 			IF_ADDR_WUNLOCK(ifp);
651 			CURVNET_RESTORE();
652 			return (ENOMEM);
653 		}
654 		bcopy(ifma->ifma_addr, &mc->mc_addr, ifma->ifma_addr->sa_len);
655 		mc->mc_addr.sdl_index = ifp_p->if_index;
656 		CK_SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries);
657 	}
658 	IF_ADDR_WUNLOCK(ifp);
659 	CK_SLIST_FOREACH (mc, &sc->vlan_mc_listhead, mc_entries) {
660 		error = if_addmulti(ifp_p, (struct sockaddr *)&mc->mc_addr,
661 		    NULL);
662 		if (error) {
663 			CURVNET_RESTORE();
664 			return (error);
665 		}
666 	}
667 
668 	CURVNET_RESTORE();
669 	return (0);
670 }
671 
672 /*
673  * A handler for interface ifnet events.
674  */
675 static void
676 vlan_ifevent(void *arg __unused, struct ifnet *ifp, int event)
677 {
678 	struct epoch_tracker et;
679 	struct ifvlan *ifv;
680 	struct ifvlantrunk *trunk;
681 
682 	if (event != IFNET_EVENT_UPDATE_BAUDRATE)
683 		return;
684 
685 	NET_EPOCH_ENTER(et);
686 	trunk = ifp->if_vlantrunk;
687 	if (trunk == NULL) {
688 		NET_EPOCH_EXIT(et);
689 		return;
690 	}
691 
692 	TRUNK_WLOCK(trunk);
693 	VLAN_FOREACH(ifv, trunk) {
694 		ifv->ifv_ifp->if_baudrate = ifp->if_baudrate;
695 	}
696 	TRUNK_WUNLOCK(trunk);
697 	NET_EPOCH_EXIT(et);
698 }
699 
700 /*
701  * A handler for parent interface link layer address changes.
702  * If the parent interface link layer address is changed we
703  * should also change it on all children vlans.
704  */
705 static void
706 vlan_iflladdr(void *arg __unused, struct ifnet *ifp)
707 {
708 	struct epoch_tracker et;
709 	struct ifvlan *ifv;
710 	struct ifnet *ifv_ifp;
711 	struct ifvlantrunk *trunk;
712 	struct sockaddr_dl *sdl;
713 
714 	/* Need the epoch since this is run on taskqueue_swi. */
715 	NET_EPOCH_ENTER(et);
716 	trunk = ifp->if_vlantrunk;
717 	if (trunk == NULL) {
718 		NET_EPOCH_EXIT(et);
719 		return;
720 	}
721 
722 	/*
723 	 * OK, it's a trunk.  Loop over and change all vlan's lladdrs on it.
724 	 * We need an exclusive lock here to prevent concurrent SIOCSIFLLADDR
725 	 * ioctl calls on the parent garbling the lladdr of the child vlan.
726 	 */
727 	TRUNK_WLOCK(trunk);
728 	VLAN_FOREACH(ifv, trunk) {
729 		/*
730 		 * Copy new new lladdr into the ifv_ifp, enqueue a task
731 		 * to actually call if_setlladdr. if_setlladdr needs to
732 		 * be deferred to a taskqueue because it will call into
733 		 * the if_vlan ioctl path and try to acquire the global
734 		 * lock.
735 		 */
736 		ifv_ifp = ifv->ifv_ifp;
737 		bcopy(IF_LLADDR(ifp), IF_LLADDR(ifv_ifp),
738 		    ifp->if_addrlen);
739 		sdl = (struct sockaddr_dl *)ifv_ifp->if_addr->ifa_addr;
740 		sdl->sdl_alen = ifp->if_addrlen;
741 		taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task);
742 	}
743 	TRUNK_WUNLOCK(trunk);
744 	NET_EPOCH_EXIT(et);
745 }
746 
747 /*
748  * A handler for network interface departure events.
749  * Track departure of trunks here so that we don't access invalid
750  * pointers or whatever if a trunk is ripped from under us, e.g.,
751  * by ejecting its hot-plug card.  However, if an ifnet is simply
752  * being renamed, then there's no need to tear down the state.
753  */
754 static void
755 vlan_ifdetach(void *arg __unused, struct ifnet *ifp)
756 {
757 	struct ifvlan *ifv;
758 	struct ifvlantrunk *trunk;
759 
760 	/* If the ifnet is just being renamed, don't do anything. */
761 	if (ifp->if_flags & IFF_RENAMING)
762 		return;
763 	VLAN_XLOCK();
764 	trunk = ifp->if_vlantrunk;
765 	if (trunk == NULL) {
766 		VLAN_XUNLOCK();
767 		return;
768 	}
769 
770 	/*
771 	 * OK, it's a trunk.  Loop over and detach all vlan's on it.
772 	 * Check trunk pointer after each vlan_unconfig() as it will
773 	 * free it and set to NULL after the last vlan was detached.
774 	 */
775 	VLAN_FOREACH_UNTIL_SAFE(ifv, ifp->if_vlantrunk,
776 	    ifp->if_vlantrunk == NULL)
777 		vlan_unconfig_locked(ifv->ifv_ifp, 1);
778 
779 	/* Trunk should have been destroyed in vlan_unconfig(). */
780 	KASSERT(ifp->if_vlantrunk == NULL, ("%s: purge failed", __func__));
781 	VLAN_XUNLOCK();
782 }
783 
784 /*
785  * Return the trunk device for a virtual interface.
786  */
787 static struct ifnet  *
788 vlan_trunkdev(struct ifnet *ifp)
789 {
790 	struct ifvlan *ifv;
791 
792 	NET_EPOCH_ASSERT();
793 
794 	if (ifp->if_type != IFT_L2VLAN)
795 		return (NULL);
796 
797 	ifv = ifp->if_softc;
798 	ifp = NULL;
799 	if (ifv->ifv_trunk)
800 		ifp = PARENT(ifv);
801 	return (ifp);
802 }
803 
804 /*
805  * Return the 12-bit VLAN VID for this interface, for use by external
806  * components such as Infiniband.
807  *
808  * XXXRW: Note that the function name here is historical; it should be named
809  * vlan_vid().
810  */
811 static int
812 vlan_tag(struct ifnet *ifp, uint16_t *vidp)
813 {
814 	struct ifvlan *ifv;
815 
816 	if (ifp->if_type != IFT_L2VLAN)
817 		return (EINVAL);
818 	ifv = ifp->if_softc;
819 	*vidp = ifv->ifv_vid;
820 	return (0);
821 }
822 
823 static int
824 vlan_pcp(struct ifnet *ifp, uint16_t *pcpp)
825 {
826 	struct ifvlan *ifv;
827 
828 	if (ifp->if_type != IFT_L2VLAN)
829 		return (EINVAL);
830 	ifv = ifp->if_softc;
831 	*pcpp = ifv->ifv_pcp;
832 	return (0);
833 }
834 
835 /*
836  * Return a driver specific cookie for this interface.  Synchronization
837  * with setcookie must be provided by the driver.
838  */
839 static void *
840 vlan_cookie(struct ifnet *ifp)
841 {
842 	struct ifvlan *ifv;
843 
844 	if (ifp->if_type != IFT_L2VLAN)
845 		return (NULL);
846 	ifv = ifp->if_softc;
847 	return (ifv->ifv_cookie);
848 }
849 
850 /*
851  * Store a cookie in our softc that drivers can use to store driver
852  * private per-instance data in.
853  */
854 static int
855 vlan_setcookie(struct ifnet *ifp, void *cookie)
856 {
857 	struct ifvlan *ifv;
858 
859 	if (ifp->if_type != IFT_L2VLAN)
860 		return (EINVAL);
861 	ifv = ifp->if_softc;
862 	ifv->ifv_cookie = cookie;
863 	return (0);
864 }
865 
866 /*
867  * Return the vlan device present at the specific VID.
868  */
869 static struct ifnet *
870 vlan_devat(struct ifnet *ifp, uint16_t vid)
871 {
872 	struct ifvlantrunk *trunk;
873 	struct ifvlan *ifv;
874 
875 	NET_EPOCH_ASSERT();
876 
877 	trunk = ifp->if_vlantrunk;
878 	if (trunk == NULL)
879 		return (NULL);
880 	ifp = NULL;
881 	ifv = vlan_gethash(trunk, vid);
882 	if (ifv)
883 		ifp = ifv->ifv_ifp;
884 	return (ifp);
885 }
886 
887 /*
888  * VLAN support can be loaded as a module.  The only place in the
889  * system that's intimately aware of this is ether_input.  We hook
890  * into this code through vlan_input_p which is defined there and
891  * set here.  No one else in the system should be aware of this so
892  * we use an explicit reference here.
893  */
894 extern	void (*vlan_input_p)(struct ifnet *, struct mbuf *);
895 
896 /* For if_link_state_change() eyes only... */
897 extern	void (*vlan_link_state_p)(struct ifnet *);
898 
899 static struct if_clone_addreq vlan_addreq = {
900 	.match_f = vlan_clone_match,
901 	.create_f = vlan_clone_create,
902 	.destroy_f = vlan_clone_destroy,
903 };
904 
905 static int
906 vlan_modevent(module_t mod, int type, void *data)
907 {
908 
909 	switch (type) {
910 	case MOD_LOAD:
911 		ifdetach_tag = EVENTHANDLER_REGISTER(ifnet_departure_event,
912 		    vlan_ifdetach, NULL, EVENTHANDLER_PRI_ANY);
913 		if (ifdetach_tag == NULL)
914 			return (ENOMEM);
915 		iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event,
916 		    vlan_iflladdr, NULL, EVENTHANDLER_PRI_ANY);
917 		if (iflladdr_tag == NULL)
918 			return (ENOMEM);
919 		ifevent_tag = EVENTHANDLER_REGISTER(ifnet_event,
920 		    vlan_ifevent, NULL, EVENTHANDLER_PRI_ANY);
921 		if (ifevent_tag == NULL)
922 			return (ENOMEM);
923 		VLAN_LOCKING_INIT();
924 		vlan_input_p = vlan_input;
925 		vlan_link_state_p = vlan_link_state;
926 		vlan_trunk_cap_p = vlan_trunk_capabilities;
927 		vlan_trunkdev_p = vlan_trunkdev;
928 		vlan_cookie_p = vlan_cookie;
929 		vlan_setcookie_p = vlan_setcookie;
930 		vlan_tag_p = vlan_tag;
931 		vlan_pcp_p = vlan_pcp;
932 		vlan_devat_p = vlan_devat;
933 #ifndef VIMAGE
934 		vlan_cloner = ifc_attach_cloner(vlanname, &vlan_addreq);
935 #endif
936 		if (bootverbose)
937 			printf("vlan: initialized, using "
938 #ifdef VLAN_ARRAY
939 			       "full-size arrays"
940 #else
941 			       "hash tables with chaining"
942 #endif
943 
944 			       "\n");
945 		break;
946 	case MOD_UNLOAD:
947 #ifndef VIMAGE
948 		ifc_detach_cloner(vlan_cloner);
949 #endif
950 		EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_tag);
951 		EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_tag);
952 		EVENTHANDLER_DEREGISTER(ifnet_event, ifevent_tag);
953 		vlan_input_p = NULL;
954 		vlan_link_state_p = NULL;
955 		vlan_trunk_cap_p = NULL;
956 		vlan_trunkdev_p = NULL;
957 		vlan_tag_p = NULL;
958 		vlan_cookie_p = NULL;
959 		vlan_setcookie_p = NULL;
960 		vlan_devat_p = NULL;
961 		VLAN_LOCKING_DESTROY();
962 		if (bootverbose)
963 			printf("vlan: unloaded\n");
964 		break;
965 	default:
966 		return (EOPNOTSUPP);
967 	}
968 	return (0);
969 }
970 
971 static moduledata_t vlan_mod = {
972 	"if_vlan",
973 	vlan_modevent,
974 	0
975 };
976 
977 DECLARE_MODULE(if_vlan, vlan_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
978 MODULE_VERSION(if_vlan, 3);
979 
980 #ifdef VIMAGE
981 static void
982 vnet_vlan_init(const void *unused __unused)
983 {
984 	vlan_cloner = ifc_attach_cloner(vlanname, &vlan_addreq);
985 	V_vlan_cloner = vlan_cloner;
986 }
987 VNET_SYSINIT(vnet_vlan_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
988     vnet_vlan_init, NULL);
989 
990 static void
991 vnet_vlan_uninit(const void *unused __unused)
992 {
993 
994 	ifc_detach_cloner(V_vlan_cloner);
995 }
996 VNET_SYSUNINIT(vnet_vlan_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY,
997     vnet_vlan_uninit, NULL);
998 #endif
999 
1000 /*
1001  * Check for <etherif>.<vlan>[.<vlan> ...] style interface names.
1002  */
1003 static struct ifnet *
1004 vlan_clone_match_ethervid(const char *name, int *vidp)
1005 {
1006 	char ifname[IFNAMSIZ];
1007 	char *cp;
1008 	struct ifnet *ifp;
1009 	int vid;
1010 
1011 	strlcpy(ifname, name, IFNAMSIZ);
1012 	if ((cp = strrchr(ifname, '.')) == NULL)
1013 		return (NULL);
1014 	*cp = '\0';
1015 	if ((ifp = ifunit_ref(ifname)) == NULL)
1016 		return (NULL);
1017 	/* Parse VID. */
1018 	if (*++cp == '\0') {
1019 		if_rele(ifp);
1020 		return (NULL);
1021 	}
1022 	vid = 0;
1023 	for(; *cp >= '0' && *cp <= '9'; cp++)
1024 		vid = (vid * 10) + (*cp - '0');
1025 	if (*cp != '\0') {
1026 		if_rele(ifp);
1027 		return (NULL);
1028 	}
1029 	if (vidp != NULL)
1030 		*vidp = vid;
1031 
1032 	return (ifp);
1033 }
1034 
1035 static int
1036 vlan_clone_match(struct if_clone *ifc, const char *name)
1037 {
1038 	struct ifnet *ifp;
1039 	const char *cp;
1040 
1041 	ifp = vlan_clone_match_ethervid(name, NULL);
1042 	if (ifp != NULL) {
1043 		if_rele(ifp);
1044 		return (1);
1045 	}
1046 
1047 	if (strncmp(vlanname, name, strlen(vlanname)) != 0)
1048 		return (0);
1049 	for (cp = name + 4; *cp != '\0'; cp++) {
1050 		if (*cp < '0' || *cp > '9')
1051 			return (0);
1052 	}
1053 
1054 	return (1);
1055 }
1056 
1057 static int
1058 vlan_clone_create(struct if_clone *ifc, char *name, size_t len,
1059     struct ifc_data *ifd, struct ifnet **ifpp)
1060 {
1061 	char *dp;
1062 	bool wildcard = false;
1063 	bool subinterface = false;
1064 	int unit;
1065 	int error;
1066 	int vid = 0;
1067 	uint16_t proto = ETHERTYPE_VLAN;
1068 	struct ifvlan *ifv;
1069 	struct ifnet *ifp;
1070 	struct ifnet *p = NULL;
1071 	struct ifaddr *ifa;
1072 	struct sockaddr_dl *sdl;
1073 	struct vlanreq vlr;
1074 	static const u_char eaddr[ETHER_ADDR_LEN];	/* 00:00:00:00:00:00 */
1075 
1076 
1077 	/*
1078 	 * There are three ways to specify the cloned device:
1079 	 * o pass a parameter block with the clone request.
1080 	 * o specify parameters in the text of the clone device name
1081 	 * o specify no parameters and get an unattached device that
1082 	 *   must be configured separately.
1083 	 * The first technique is preferred; the latter two are supported
1084 	 * for backwards compatibility.
1085 	 *
1086 	 * XXXRW: Note historic use of the word "tag" here.  New ioctls may be
1087 	 * called for.
1088 	 */
1089 
1090 	if (ifd->params != NULL) {
1091 		error = ifc_copyin(ifd, &vlr, sizeof(vlr));
1092 		if (error)
1093 			return error;
1094 		vid = vlr.vlr_tag;
1095 		proto = vlr.vlr_proto;
1096 
1097 #ifdef COMPAT_FREEBSD12
1098 		if (proto == 0)
1099 			proto = ETHERTYPE_VLAN;
1100 #endif
1101 		p = ifunit_ref(vlr.vlr_parent);
1102 		if (p == NULL)
1103 			return (ENXIO);
1104 	}
1105 
1106 	if ((error = ifc_name2unit(name, &unit)) == 0) {
1107 
1108 		/*
1109 		 * vlanX interface. Set wildcard to true if the unit number
1110 		 * is not fixed (-1)
1111 		 */
1112 		wildcard = (unit < 0);
1113 	} else {
1114 		struct ifnet *p_tmp = vlan_clone_match_ethervid(name, &vid);
1115 		if (p_tmp != NULL) {
1116 			error = 0;
1117 			subinterface = true;
1118 			unit = IF_DUNIT_NONE;
1119 			wildcard = false;
1120 			if (p != NULL) {
1121 				if_rele(p_tmp);
1122 				if (p != p_tmp)
1123 					error = EINVAL;
1124 			} else
1125 				p = p_tmp;
1126 		} else
1127 			error = ENXIO;
1128 	}
1129 
1130 	if (error != 0) {
1131 		if (p != NULL)
1132 			if_rele(p);
1133 		return (error);
1134 	}
1135 
1136 	if (!subinterface) {
1137 		/* vlanX interface, mark X as busy or allocate new unit # */
1138 		error = ifc_alloc_unit(ifc, &unit);
1139 		if (error != 0) {
1140 			if (p != NULL)
1141 				if_rele(p);
1142 			return (error);
1143 		}
1144 	}
1145 
1146 	/* In the wildcard case, we need to update the name. */
1147 	if (wildcard) {
1148 		for (dp = name; *dp != '\0'; dp++);
1149 		if (snprintf(dp, len - (dp-name), "%d", unit) >
1150 		    len - (dp-name) - 1) {
1151 			panic("%s: interface name too long", __func__);
1152 		}
1153 	}
1154 
1155 	ifv = malloc(sizeof(struct ifvlan), M_VLAN, M_WAITOK | M_ZERO);
1156 	ifp = ifv->ifv_ifp = if_alloc(IFT_ETHER);
1157 	if (ifp == NULL) {
1158 		if (!subinterface)
1159 			ifc_free_unit(ifc, unit);
1160 		free(ifv, M_VLAN);
1161 		if (p != NULL)
1162 			if_rele(p);
1163 		return (ENOSPC);
1164 	}
1165 	CK_SLIST_INIT(&ifv->vlan_mc_listhead);
1166 	ifp->if_softc = ifv;
1167 	/*
1168 	 * Set the name manually rather than using if_initname because
1169 	 * we don't conform to the default naming convention for interfaces.
1170 	 */
1171 	strlcpy(ifp->if_xname, name, IFNAMSIZ);
1172 	ifp->if_dname = vlanname;
1173 	ifp->if_dunit = unit;
1174 
1175 	ifp->if_init = vlan_init;
1176 #ifdef ALTQ
1177 	ifp->if_start = vlan_altq_start;
1178 	ifp->if_transmit = vlan_altq_transmit;
1179 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
1180 	ifp->if_snd.ifq_drv_maxlen = 0;
1181 	IFQ_SET_READY(&ifp->if_snd);
1182 #else
1183 	ifp->if_transmit = vlan_transmit;
1184 #endif
1185 	ifp->if_qflush = vlan_qflush;
1186 	ifp->if_ioctl = vlan_ioctl;
1187 #if defined(KERN_TLS) || defined(RATELIMIT)
1188 	ifp->if_snd_tag_alloc = vlan_snd_tag_alloc;
1189 	ifp->if_ratelimit_query = vlan_ratelimit_query;
1190 #endif
1191 	ifp->if_flags = VLAN_IFFLAGS;
1192 	ether_ifattach(ifp, eaddr);
1193 	/* Now undo some of the damage... */
1194 	ifp->if_baudrate = 0;
1195 	ifp->if_type = IFT_L2VLAN;
1196 	ifp->if_hdrlen = ETHER_VLAN_ENCAP_LEN;
1197 	ifa = ifp->if_addr;
1198 	sdl = (struct sockaddr_dl *)ifa->ifa_addr;
1199 	sdl->sdl_type = IFT_L2VLAN;
1200 
1201 	if (p != NULL) {
1202 		error = vlan_config(ifv, p, vid, proto);
1203 		if_rele(p);
1204 		if (error != 0) {
1205 			/*
1206 			 * Since we've partially failed, we need to back
1207 			 * out all the way, otherwise userland could get
1208 			 * confused.  Thus, we destroy the interface.
1209 			 */
1210 			ether_ifdetach(ifp);
1211 			vlan_unconfig(ifp);
1212 			if_free(ifp);
1213 			if (!subinterface)
1214 				ifc_free_unit(ifc, unit);
1215 			free(ifv, M_VLAN);
1216 
1217 			return (error);
1218 		}
1219 	}
1220 	*ifpp = ifp;
1221 
1222 	return (0);
1223 }
1224 
1225 static int
1226 vlan_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags)
1227 {
1228 	struct ifvlan *ifv = ifp->if_softc;
1229 	int unit = ifp->if_dunit;
1230 
1231 	if (ifp->if_vlantrunk)
1232 		return (EBUSY);
1233 
1234 #ifdef ALTQ
1235 	IFQ_PURGE(&ifp->if_snd);
1236 #endif
1237 	ether_ifdetach(ifp);	/* first, remove it from system-wide lists */
1238 	vlan_unconfig(ifp);	/* now it can be unconfigured and freed */
1239 	/*
1240 	 * We should have the only reference to the ifv now, so we can now
1241 	 * drain any remaining lladdr task before freeing the ifnet and the
1242 	 * ifvlan.
1243 	 */
1244 	taskqueue_drain(taskqueue_thread, &ifv->lladdr_task);
1245 	NET_EPOCH_WAIT();
1246 	if_free(ifp);
1247 	free(ifv, M_VLAN);
1248 	if (unit != IF_DUNIT_NONE)
1249 		ifc_free_unit(ifc, unit);
1250 
1251 	return (0);
1252 }
1253 
1254 /*
1255  * The ifp->if_init entry point for vlan(4) is a no-op.
1256  */
1257 static void
1258 vlan_init(void *foo __unused)
1259 {
1260 }
1261 
1262 /*
1263  * The if_transmit method for vlan(4) interface.
1264  */
1265 static int
1266 vlan_transmit(struct ifnet *ifp, struct mbuf *m)
1267 {
1268 	struct ifvlan *ifv;
1269 	struct ifnet *p;
1270 	int error, len, mcast;
1271 
1272 	NET_EPOCH_ASSERT();
1273 
1274 	ifv = ifp->if_softc;
1275 	if (TRUNK(ifv) == NULL) {
1276 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1277 		m_freem(m);
1278 		return (ENETDOWN);
1279 	}
1280 	p = PARENT(ifv);
1281 	len = m->m_pkthdr.len;
1282 	mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1 : 0;
1283 
1284 	BPF_MTAP(ifp, m);
1285 
1286 #if defined(KERN_TLS) || defined(RATELIMIT)
1287 	if (m->m_pkthdr.csum_flags & CSUM_SND_TAG) {
1288 		struct vlan_snd_tag *vst;
1289 		struct m_snd_tag *mst;
1290 
1291 		MPASS(m->m_pkthdr.snd_tag->ifp == ifp);
1292 		mst = m->m_pkthdr.snd_tag;
1293 		vst = mst_to_vst(mst);
1294 		if (vst->tag->ifp != p) {
1295 			if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1296 			m_freem(m);
1297 			return (EAGAIN);
1298 		}
1299 
1300 		m->m_pkthdr.snd_tag = m_snd_tag_ref(vst->tag);
1301 		m_snd_tag_rele(mst);
1302 	}
1303 #endif
1304 
1305 	/*
1306 	 * Do not run parent's if_transmit() if the parent is not up,
1307 	 * or parent's driver will cause a system crash.
1308 	 */
1309 	if (!UP_AND_RUNNING(p)) {
1310 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1311 		m_freem(m);
1312 		return (ENETDOWN);
1313 	}
1314 
1315 	if (!ether_8021q_frame(&m, ifp, p, &ifv->ifv_qtag)) {
1316 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1317 		return (0);
1318 	}
1319 
1320 	/*
1321 	 * Send it, precisely as ether_output() would have.
1322 	 */
1323 	error = (p->if_transmit)(p, m);
1324 	if (error == 0) {
1325 		if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
1326 		if_inc_counter(ifp, IFCOUNTER_OBYTES, len);
1327 		if_inc_counter(ifp, IFCOUNTER_OMCASTS, mcast);
1328 	} else
1329 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1330 	return (error);
1331 }
1332 
1333 static int
1334 vlan_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
1335     struct route *ro)
1336 {
1337 	struct ifvlan *ifv;
1338 	struct ifnet *p;
1339 
1340 	NET_EPOCH_ASSERT();
1341 
1342 	/*
1343 	 * Find the first non-VLAN parent interface.
1344 	 */
1345 	ifv = ifp->if_softc;
1346 	do {
1347 		if (TRUNK(ifv) == NULL) {
1348 			m_freem(m);
1349 			return (ENETDOWN);
1350 		}
1351 		p = PARENT(ifv);
1352 		ifv = p->if_softc;
1353 	} while (p->if_type == IFT_L2VLAN);
1354 
1355 	return p->if_output(ifp, m, dst, ro);
1356 }
1357 
1358 #ifdef ALTQ
1359 static void
1360 vlan_altq_start(if_t ifp)
1361 {
1362 	struct ifaltq *ifq = &ifp->if_snd;
1363 	struct mbuf *m;
1364 
1365 	IFQ_LOCK(ifq);
1366 	IFQ_DEQUEUE_NOLOCK(ifq, m);
1367 	while (m != NULL) {
1368 		vlan_transmit(ifp, m);
1369 		IFQ_DEQUEUE_NOLOCK(ifq, m);
1370 	}
1371 	IFQ_UNLOCK(ifq);
1372 }
1373 
1374 static int
1375 vlan_altq_transmit(if_t ifp, struct mbuf *m)
1376 {
1377 	int err;
1378 
1379 	if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
1380 		IFQ_ENQUEUE(&ifp->if_snd, m, err);
1381 		if (err == 0)
1382 			vlan_altq_start(ifp);
1383 	} else
1384 		err = vlan_transmit(ifp, m);
1385 
1386 	return (err);
1387 }
1388 #endif	/* ALTQ */
1389 
1390 /*
1391  * The ifp->if_qflush entry point for vlan(4) is a no-op.
1392  */
1393 static void
1394 vlan_qflush(struct ifnet *ifp __unused)
1395 {
1396 }
1397 
1398 static void
1399 vlan_input(struct ifnet *ifp, struct mbuf *m)
1400 {
1401 	struct ifvlantrunk *trunk;
1402 	struct ifvlan *ifv;
1403 	struct m_tag *mtag;
1404 	uint16_t vid, tag;
1405 
1406 	NET_EPOCH_ASSERT();
1407 
1408 	trunk = ifp->if_vlantrunk;
1409 	if (trunk == NULL) {
1410 		m_freem(m);
1411 		return;
1412 	}
1413 
1414 	if (m->m_flags & M_VLANTAG) {
1415 		/*
1416 		 * Packet is tagged, but m contains a normal
1417 		 * Ethernet frame; the tag is stored out-of-band.
1418 		 */
1419 		tag = m->m_pkthdr.ether_vtag;
1420 		m->m_flags &= ~M_VLANTAG;
1421 	} else {
1422 		struct ether_vlan_header *evl;
1423 
1424 		/*
1425 		 * Packet is tagged in-band as specified by 802.1q.
1426 		 */
1427 		switch (ifp->if_type) {
1428 		case IFT_ETHER:
1429 			if (m->m_len < sizeof(*evl) &&
1430 			    (m = m_pullup(m, sizeof(*evl))) == NULL) {
1431 				if_printf(ifp, "cannot pullup VLAN header\n");
1432 				return;
1433 			}
1434 			evl = mtod(m, struct ether_vlan_header *);
1435 			tag = ntohs(evl->evl_tag);
1436 
1437 			/*
1438 			 * Remove the 802.1q header by copying the Ethernet
1439 			 * addresses over it and adjusting the beginning of
1440 			 * the data in the mbuf.  The encapsulated Ethernet
1441 			 * type field is already in place.
1442 			 */
1443 			bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN,
1444 			      ETHER_HDR_LEN - ETHER_TYPE_LEN);
1445 			m_adj(m, ETHER_VLAN_ENCAP_LEN);
1446 			break;
1447 
1448 		default:
1449 #ifdef INVARIANTS
1450 			panic("%s: %s has unsupported if_type %u",
1451 			      __func__, ifp->if_xname, ifp->if_type);
1452 #endif
1453 			if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1);
1454 			m_freem(m);
1455 			return;
1456 		}
1457 	}
1458 
1459 	vid = EVL_VLANOFTAG(tag);
1460 
1461 	ifv = vlan_gethash(trunk, vid);
1462 	if (ifv == NULL || !UP_AND_RUNNING(ifv->ifv_ifp)) {
1463 		if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1);
1464 		m_freem(m);
1465 		return;
1466 	}
1467 
1468 	if (V_vlan_mtag_pcp) {
1469 		/*
1470 		 * While uncommon, it is possible that we will find a 802.1q
1471 		 * packet encapsulated inside another packet that also had an
1472 		 * 802.1q header.  For example, ethernet tunneled over IPSEC
1473 		 * arriving over ethernet.  In that case, we replace the
1474 		 * existing 802.1q PCP m_tag value.
1475 		 */
1476 		mtag = m_tag_locate(m, MTAG_8021Q, MTAG_8021Q_PCP_IN, NULL);
1477 		if (mtag == NULL) {
1478 			mtag = m_tag_alloc(MTAG_8021Q, MTAG_8021Q_PCP_IN,
1479 			    sizeof(uint8_t), M_NOWAIT);
1480 			if (mtag == NULL) {
1481 				if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1482 				m_freem(m);
1483 				return;
1484 			}
1485 			m_tag_prepend(m, mtag);
1486 		}
1487 		*(uint8_t *)(mtag + 1) = EVL_PRIOFTAG(tag);
1488 	}
1489 
1490 	m->m_pkthdr.rcvif = ifv->ifv_ifp;
1491 	if_inc_counter(ifv->ifv_ifp, IFCOUNTER_IPACKETS, 1);
1492 
1493 	/* Pass it back through the parent's input routine. */
1494 	(*ifv->ifv_ifp->if_input)(ifv->ifv_ifp, m);
1495 }
1496 
1497 static void
1498 vlan_lladdr_fn(void *arg, int pending __unused)
1499 {
1500 	struct ifvlan *ifv;
1501 	struct ifnet *ifp;
1502 
1503 	ifv = (struct ifvlan *)arg;
1504 	ifp = ifv->ifv_ifp;
1505 
1506 	CURVNET_SET(ifp->if_vnet);
1507 
1508 	/* The ifv_ifp already has the lladdr copied in. */
1509 	if_setlladdr(ifp, IF_LLADDR(ifp), ifp->if_addrlen);
1510 
1511 	CURVNET_RESTORE();
1512 }
1513 
1514 static int
1515 vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid,
1516 	uint16_t proto)
1517 {
1518 	struct epoch_tracker et;
1519 	struct ifvlantrunk *trunk;
1520 	struct ifnet *ifp;
1521 	int error = 0;
1522 
1523 	/*
1524 	 * We can handle non-ethernet hardware types as long as
1525 	 * they handle the tagging and headers themselves.
1526 	 */
1527 	if (p->if_type != IFT_ETHER &&
1528 	    p->if_type != IFT_L2VLAN &&
1529 	    (p->if_capenable & IFCAP_VLAN_HWTAGGING) == 0)
1530 		return (EPROTONOSUPPORT);
1531 	if ((p->if_flags & VLAN_IFFLAGS) != VLAN_IFFLAGS)
1532 		return (EPROTONOSUPPORT);
1533 	/*
1534 	 * Don't let the caller set up a VLAN VID with
1535 	 * anything except VLID bits.
1536 	 * VID numbers 0x0 and 0xFFF are reserved.
1537 	 */
1538 	if (vid == 0 || vid == 0xFFF || (vid & ~EVL_VLID_MASK))
1539 		return (EINVAL);
1540 	if (ifv->ifv_trunk) {
1541 		trunk = ifv->ifv_trunk;
1542 		if (trunk->parent != p)
1543 			return (EBUSY);
1544 
1545 		VLAN_XLOCK();
1546 
1547 		ifv->ifv_proto = proto;
1548 
1549 		if (ifv->ifv_vid != vid) {
1550 			/* Re-hash */
1551 			vlan_remhash(trunk, ifv);
1552 			ifv->ifv_vid = vid;
1553 			error = vlan_inshash(trunk, ifv);
1554 		}
1555 		/* Will unlock */
1556 		goto done;
1557 	}
1558 
1559 	VLAN_XLOCK();
1560 	if (p->if_vlantrunk == NULL) {
1561 		trunk = malloc(sizeof(struct ifvlantrunk),
1562 		    M_VLAN, M_WAITOK | M_ZERO);
1563 		vlan_inithash(trunk);
1564 		TRUNK_LOCK_INIT(trunk);
1565 		TRUNK_WLOCK(trunk);
1566 		p->if_vlantrunk = trunk;
1567 		trunk->parent = p;
1568 		if_ref(trunk->parent);
1569 		TRUNK_WUNLOCK(trunk);
1570 	} else {
1571 		trunk = p->if_vlantrunk;
1572 	}
1573 
1574 	ifv->ifv_vid = vid;	/* must set this before vlan_inshash() */
1575 	ifv->ifv_pcp = 0;       /* Default: best effort delivery. */
1576 	error = vlan_inshash(trunk, ifv);
1577 	if (error)
1578 		goto done;
1579 	ifv->ifv_proto = proto;
1580 	ifv->ifv_encaplen = ETHER_VLAN_ENCAP_LEN;
1581 	ifv->ifv_mintu = ETHERMIN;
1582 	ifv->ifv_pflags = 0;
1583 	ifv->ifv_capenable = -1;
1584 
1585 	/*
1586 	 * If the parent supports the VLAN_MTU capability,
1587 	 * i.e. can Tx/Rx larger than ETHER_MAX_LEN frames,
1588 	 * use it.
1589 	 */
1590 	if (p->if_capenable & IFCAP_VLAN_MTU) {
1591 		/*
1592 		 * No need to fudge the MTU since the parent can
1593 		 * handle extended frames.
1594 		 */
1595 		ifv->ifv_mtufudge = 0;
1596 	} else {
1597 		/*
1598 		 * Fudge the MTU by the encapsulation size.  This
1599 		 * makes us incompatible with strictly compliant
1600 		 * 802.1Q implementations, but allows us to use
1601 		 * the feature with other NetBSD implementations,
1602 		 * which might still be useful.
1603 		 */
1604 		ifv->ifv_mtufudge = ifv->ifv_encaplen;
1605 	}
1606 
1607 	ifv->ifv_trunk = trunk;
1608 	ifp = ifv->ifv_ifp;
1609 	/*
1610 	 * Initialize fields from our parent.  This duplicates some
1611 	 * work with ether_ifattach() but allows for non-ethernet
1612 	 * interfaces to also work.
1613 	 */
1614 	ifp->if_mtu = p->if_mtu - ifv->ifv_mtufudge;
1615 	ifp->if_baudrate = p->if_baudrate;
1616 	ifp->if_input = p->if_input;
1617 	ifp->if_resolvemulti = p->if_resolvemulti;
1618 	ifp->if_addrlen = p->if_addrlen;
1619 	ifp->if_broadcastaddr = p->if_broadcastaddr;
1620 	ifp->if_pcp = ifv->ifv_pcp;
1621 
1622 	/*
1623 	 * We wrap the parent's if_output using vlan_output to ensure that it
1624 	 * can't become stale.
1625 	 */
1626 	ifp->if_output = vlan_output;
1627 
1628 	/*
1629 	 * Copy only a selected subset of flags from the parent.
1630 	 * Other flags are none of our business.
1631 	 */
1632 #define VLAN_COPY_FLAGS (IFF_SIMPLEX)
1633 	ifp->if_flags &= ~VLAN_COPY_FLAGS;
1634 	ifp->if_flags |= p->if_flags & VLAN_COPY_FLAGS;
1635 #undef VLAN_COPY_FLAGS
1636 
1637 	ifp->if_link_state = p->if_link_state;
1638 
1639 	NET_EPOCH_ENTER(et);
1640 	vlan_capabilities(ifv);
1641 	NET_EPOCH_EXIT(et);
1642 
1643 	/*
1644 	 * Set up our interface address to reflect the underlying
1645 	 * physical interface's.
1646 	 */
1647 	TASK_INIT(&ifv->lladdr_task, 0, vlan_lladdr_fn, ifv);
1648 	((struct sockaddr_dl *)ifp->if_addr->ifa_addr)->sdl_alen =
1649 	    p->if_addrlen;
1650 
1651 	/*
1652 	 * Do not schedule link address update if it was the same
1653 	 * as previous parent's. This helps avoid updating for each
1654 	 * associated llentry.
1655 	 */
1656 	if (memcmp(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen) != 0) {
1657 		bcopy(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen);
1658 		taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task);
1659 	}
1660 
1661 	/* We are ready for operation now. */
1662 	ifp->if_drv_flags |= IFF_DRV_RUNNING;
1663 
1664 	/* Update flags on the parent, if necessary. */
1665 	vlan_setflags(ifp, 1);
1666 
1667 	/*
1668 	 * Configure multicast addresses that may already be
1669 	 * joined on the vlan device.
1670 	 */
1671 	(void)vlan_setmulti(ifp);
1672 
1673 done:
1674 	if (error == 0)
1675 		EVENTHANDLER_INVOKE(vlan_config, p, ifv->ifv_vid);
1676 	VLAN_XUNLOCK();
1677 
1678 	return (error);
1679 }
1680 
1681 static void
1682 vlan_unconfig(struct ifnet *ifp)
1683 {
1684 
1685 	VLAN_XLOCK();
1686 	vlan_unconfig_locked(ifp, 0);
1687 	VLAN_XUNLOCK();
1688 }
1689 
1690 static void
1691 vlan_unconfig_locked(struct ifnet *ifp, int departing)
1692 {
1693 	struct ifvlantrunk *trunk;
1694 	struct vlan_mc_entry *mc;
1695 	struct ifvlan *ifv;
1696 	struct ifnet  *parent;
1697 	int error;
1698 
1699 	VLAN_XLOCK_ASSERT();
1700 
1701 	ifv = ifp->if_softc;
1702 	trunk = ifv->ifv_trunk;
1703 	parent = NULL;
1704 
1705 	if (trunk != NULL) {
1706 		parent = trunk->parent;
1707 
1708 		/*
1709 		 * Since the interface is being unconfigured, we need to
1710 		 * empty the list of multicast groups that we may have joined
1711 		 * while we were alive from the parent's list.
1712 		 */
1713 		while ((mc = CK_SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) {
1714 			/*
1715 			 * If the parent interface is being detached,
1716 			 * all its multicast addresses have already
1717 			 * been removed.  Warn about errors if
1718 			 * if_delmulti() does fail, but don't abort as
1719 			 * all callers expect vlan destruction to
1720 			 * succeed.
1721 			 */
1722 			if (!departing) {
1723 				error = if_delmulti(parent,
1724 				    (struct sockaddr *)&mc->mc_addr);
1725 				if (error)
1726 					if_printf(ifp,
1727 		    "Failed to delete multicast address from parent: %d\n",
1728 					    error);
1729 			}
1730 			CK_SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries);
1731 			NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx);
1732 		}
1733 
1734 		vlan_setflags(ifp, 0); /* clear special flags on parent */
1735 
1736 		vlan_remhash(trunk, ifv);
1737 		ifv->ifv_trunk = NULL;
1738 
1739 		/*
1740 		 * Check if we were the last.
1741 		 */
1742 		if (trunk->refcnt == 0) {
1743 			parent->if_vlantrunk = NULL;
1744 			NET_EPOCH_WAIT();
1745 			trunk_destroy(trunk);
1746 		}
1747 	}
1748 
1749 	/* Disconnect from parent. */
1750 	if (ifv->ifv_pflags)
1751 		if_printf(ifp, "%s: ifv_pflags unclean\n", __func__);
1752 	ifp->if_mtu = ETHERMTU;
1753 	ifp->if_link_state = LINK_STATE_UNKNOWN;
1754 	ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1755 
1756 	/*
1757 	 * Only dispatch an event if vlan was
1758 	 * attached, otherwise there is nothing
1759 	 * to cleanup anyway.
1760 	 */
1761 	if (parent != NULL)
1762 		EVENTHANDLER_INVOKE(vlan_unconfig, parent, ifv->ifv_vid);
1763 }
1764 
1765 /* Handle a reference counted flag that should be set on the parent as well */
1766 static int
1767 vlan_setflag(struct ifnet *ifp, int flag, int status,
1768 	     int (*func)(struct ifnet *, int))
1769 {
1770 	struct ifvlan *ifv;
1771 	int error;
1772 
1773 	VLAN_SXLOCK_ASSERT();
1774 
1775 	ifv = ifp->if_softc;
1776 	status = status ? (ifp->if_flags & flag) : 0;
1777 	/* Now "status" contains the flag value or 0 */
1778 
1779 	/*
1780 	 * See if recorded parent's status is different from what
1781 	 * we want it to be.  If it is, flip it.  We record parent's
1782 	 * status in ifv_pflags so that we won't clear parent's flag
1783 	 * we haven't set.  In fact, we don't clear or set parent's
1784 	 * flags directly, but get or release references to them.
1785 	 * That's why we can be sure that recorded flags still are
1786 	 * in accord with actual parent's flags.
1787 	 */
1788 	if (status != (ifv->ifv_pflags & flag)) {
1789 		error = (*func)(PARENT(ifv), status);
1790 		if (error)
1791 			return (error);
1792 		ifv->ifv_pflags &= ~flag;
1793 		ifv->ifv_pflags |= status;
1794 	}
1795 	return (0);
1796 }
1797 
1798 /*
1799  * Handle IFF_* flags that require certain changes on the parent:
1800  * if "status" is true, update parent's flags respective to our if_flags;
1801  * if "status" is false, forcedly clear the flags set on parent.
1802  */
1803 static int
1804 vlan_setflags(struct ifnet *ifp, int status)
1805 {
1806 	int error, i;
1807 
1808 	for (i = 0; vlan_pflags[i].flag; i++) {
1809 		error = vlan_setflag(ifp, vlan_pflags[i].flag,
1810 				     status, vlan_pflags[i].func);
1811 		if (error)
1812 			return (error);
1813 	}
1814 	return (0);
1815 }
1816 
1817 /* Inform all vlans that their parent has changed link state */
1818 static void
1819 vlan_link_state(struct ifnet *ifp)
1820 {
1821 	struct epoch_tracker et;
1822 	struct ifvlantrunk *trunk;
1823 	struct ifvlan *ifv;
1824 
1825 	NET_EPOCH_ENTER(et);
1826 	trunk = ifp->if_vlantrunk;
1827 	if (trunk == NULL) {
1828 		NET_EPOCH_EXIT(et);
1829 		return;
1830 	}
1831 
1832 	TRUNK_WLOCK(trunk);
1833 	VLAN_FOREACH(ifv, trunk) {
1834 		ifv->ifv_ifp->if_baudrate = trunk->parent->if_baudrate;
1835 		if_link_state_change(ifv->ifv_ifp,
1836 		    trunk->parent->if_link_state);
1837 	}
1838 	TRUNK_WUNLOCK(trunk);
1839 	NET_EPOCH_EXIT(et);
1840 }
1841 
1842 static void
1843 vlan_capabilities(struct ifvlan *ifv)
1844 {
1845 	struct ifnet *p;
1846 	struct ifnet *ifp;
1847 	struct ifnet_hw_tsomax hw_tsomax;
1848 	int cap = 0, ena = 0, mena;
1849 	u_long hwa = 0;
1850 
1851 	NET_EPOCH_ASSERT();
1852 	VLAN_SXLOCK_ASSERT();
1853 
1854 	p = PARENT(ifv);
1855 	ifp = ifv->ifv_ifp;
1856 
1857 	/* Mask parent interface enabled capabilities disabled by user. */
1858 	mena = p->if_capenable & ifv->ifv_capenable;
1859 
1860 	/*
1861 	 * If the parent interface can do checksum offloading
1862 	 * on VLANs, then propagate its hardware-assisted
1863 	 * checksumming flags. Also assert that checksum
1864 	 * offloading requires hardware VLAN tagging.
1865 	 */
1866 	if (p->if_capabilities & IFCAP_VLAN_HWCSUM)
1867 		cap |= p->if_capabilities & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6);
1868 	if (p->if_capenable & IFCAP_VLAN_HWCSUM &&
1869 	    p->if_capenable & IFCAP_VLAN_HWTAGGING) {
1870 		ena |= mena & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6);
1871 		if (ena & IFCAP_TXCSUM)
1872 			hwa |= p->if_hwassist & (CSUM_IP | CSUM_TCP |
1873 			    CSUM_UDP | CSUM_SCTP);
1874 		if (ena & IFCAP_TXCSUM_IPV6)
1875 			hwa |= p->if_hwassist & (CSUM_TCP_IPV6 |
1876 			    CSUM_UDP_IPV6 | CSUM_SCTP_IPV6);
1877 	}
1878 
1879 	/*
1880 	 * If the parent interface can do TSO on VLANs then
1881 	 * propagate the hardware-assisted flag. TSO on VLANs
1882 	 * does not necessarily require hardware VLAN tagging.
1883 	 */
1884 	memset(&hw_tsomax, 0, sizeof(hw_tsomax));
1885 	if_hw_tsomax_common(p, &hw_tsomax);
1886 	if_hw_tsomax_update(ifp, &hw_tsomax);
1887 	if (p->if_capabilities & IFCAP_VLAN_HWTSO)
1888 		cap |= p->if_capabilities & IFCAP_TSO;
1889 	if (p->if_capenable & IFCAP_VLAN_HWTSO) {
1890 		ena |= mena & IFCAP_TSO;
1891 		if (ena & IFCAP_TSO)
1892 			hwa |= p->if_hwassist & CSUM_TSO;
1893 	}
1894 
1895 	/*
1896 	 * If the parent interface can do LRO and checksum offloading on
1897 	 * VLANs, then guess it may do LRO on VLANs.  False positive here
1898 	 * cost nothing, while false negative may lead to some confusions.
1899 	 */
1900 	if (p->if_capabilities & IFCAP_VLAN_HWCSUM)
1901 		cap |= p->if_capabilities & IFCAP_LRO;
1902 	if (p->if_capenable & IFCAP_VLAN_HWCSUM)
1903 		ena |= p->if_capenable & IFCAP_LRO;
1904 
1905 	/*
1906 	 * If the parent interface can offload TCP connections over VLANs then
1907 	 * propagate its TOE capability to the VLAN interface.
1908 	 *
1909 	 * All TOE drivers in the tree today can deal with VLANs.  If this
1910 	 * changes then IFCAP_VLAN_TOE should be promoted to a full capability
1911 	 * with its own bit.
1912 	 */
1913 #define	IFCAP_VLAN_TOE IFCAP_TOE
1914 	if (p->if_capabilities & IFCAP_VLAN_TOE)
1915 		cap |= p->if_capabilities & IFCAP_TOE;
1916 	if (p->if_capenable & IFCAP_VLAN_TOE) {
1917 		SETTOEDEV(ifp, TOEDEV(p));
1918 		ena |= mena & IFCAP_TOE;
1919 	}
1920 
1921 	/*
1922 	 * If the parent interface supports dynamic link state, so does the
1923 	 * VLAN interface.
1924 	 */
1925 	cap |= (p->if_capabilities & IFCAP_LINKSTATE);
1926 	ena |= (mena & IFCAP_LINKSTATE);
1927 
1928 #ifdef RATELIMIT
1929 	/*
1930 	 * If the parent interface supports ratelimiting, so does the
1931 	 * VLAN interface.
1932 	 */
1933 	cap |= (p->if_capabilities & IFCAP_TXRTLMT);
1934 	ena |= (mena & IFCAP_TXRTLMT);
1935 #endif
1936 
1937 	/*
1938 	 * If the parent interface supports unmapped mbufs, so does
1939 	 * the VLAN interface.  Note that this should be fine even for
1940 	 * interfaces that don't support hardware tagging as headers
1941 	 * are prepended in normal mbufs to unmapped mbufs holding
1942 	 * payload data.
1943 	 */
1944 	cap |= (p->if_capabilities & IFCAP_MEXTPG);
1945 	ena |= (mena & IFCAP_MEXTPG);
1946 
1947 	/*
1948 	 * If the parent interface can offload encryption and segmentation
1949 	 * of TLS records over TCP, propagate it's capability to the VLAN
1950 	 * interface.
1951 	 *
1952 	 * All TLS drivers in the tree today can deal with VLANs.  If
1953 	 * this ever changes, then a new IFCAP_VLAN_TXTLS can be
1954 	 * defined.
1955 	 */
1956 	if (p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT))
1957 		cap |= p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT);
1958 	if (p->if_capenable & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT))
1959 		ena |= mena & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT);
1960 
1961 	ifp->if_capabilities = cap;
1962 	ifp->if_capenable = ena;
1963 	ifp->if_hwassist = hwa;
1964 }
1965 
1966 static void
1967 vlan_trunk_capabilities(struct ifnet *ifp)
1968 {
1969 	struct epoch_tracker et;
1970 	struct ifvlantrunk *trunk;
1971 	struct ifvlan *ifv;
1972 
1973 	VLAN_SLOCK();
1974 	trunk = ifp->if_vlantrunk;
1975 	if (trunk == NULL) {
1976 		VLAN_SUNLOCK();
1977 		return;
1978 	}
1979 	NET_EPOCH_ENTER(et);
1980 	VLAN_FOREACH(ifv, trunk)
1981 		vlan_capabilities(ifv);
1982 	NET_EPOCH_EXIT(et);
1983 	VLAN_SUNLOCK();
1984 }
1985 
1986 static int
1987 vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1988 {
1989 	struct ifnet *p;
1990 	struct ifreq *ifr;
1991 #ifdef INET
1992 	struct ifaddr *ifa;
1993 #endif
1994 	struct ifvlan *ifv;
1995 	struct ifvlantrunk *trunk;
1996 	struct vlanreq vlr;
1997 	int error = 0, oldmtu;
1998 
1999 	ifr = (struct ifreq *)data;
2000 #ifdef INET
2001 	ifa = (struct ifaddr *) data;
2002 #endif
2003 	ifv = ifp->if_softc;
2004 
2005 	switch (cmd) {
2006 	case SIOCSIFADDR:
2007 		ifp->if_flags |= IFF_UP;
2008 #ifdef INET
2009 		if (ifa->ifa_addr->sa_family == AF_INET)
2010 			arp_ifinit(ifp, ifa);
2011 #endif
2012 		break;
2013 	case SIOCGIFADDR:
2014 		bcopy(IF_LLADDR(ifp), &ifr->ifr_addr.sa_data[0],
2015 		    ifp->if_addrlen);
2016 		break;
2017 	case SIOCGIFMEDIA:
2018 		VLAN_SLOCK();
2019 		if (TRUNK(ifv) != NULL) {
2020 			p = PARENT(ifv);
2021 			if_ref(p);
2022 			error = (*p->if_ioctl)(p, SIOCGIFMEDIA, data);
2023 			if_rele(p);
2024 			/* Limit the result to the parent's current config. */
2025 			if (error == 0) {
2026 				struct ifmediareq *ifmr;
2027 
2028 				ifmr = (struct ifmediareq *)data;
2029 				if (ifmr->ifm_count >= 1 && ifmr->ifm_ulist) {
2030 					ifmr->ifm_count = 1;
2031 					error = copyout(&ifmr->ifm_current,
2032 						ifmr->ifm_ulist,
2033 						sizeof(int));
2034 				}
2035 			}
2036 		} else {
2037 			error = EINVAL;
2038 		}
2039 		VLAN_SUNLOCK();
2040 		break;
2041 
2042 	case SIOCSIFMEDIA:
2043 		error = EINVAL;
2044 		break;
2045 
2046 	case SIOCSIFMTU:
2047 		/*
2048 		 * Set the interface MTU.
2049 		 */
2050 		VLAN_SLOCK();
2051 		trunk = TRUNK(ifv);
2052 		if (trunk != NULL) {
2053 			TRUNK_WLOCK(trunk);
2054 			if (ifr->ifr_mtu >
2055 			     (PARENT(ifv)->if_mtu - ifv->ifv_mtufudge) ||
2056 			    ifr->ifr_mtu <
2057 			     (ifv->ifv_mintu - ifv->ifv_mtufudge))
2058 				error = EINVAL;
2059 			else
2060 				ifp->if_mtu = ifr->ifr_mtu;
2061 			TRUNK_WUNLOCK(trunk);
2062 		} else
2063 			error = EINVAL;
2064 		VLAN_SUNLOCK();
2065 		break;
2066 
2067 	case SIOCSETVLAN:
2068 #ifdef VIMAGE
2069 		/*
2070 		 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN
2071 		 * interface to be delegated to a jail without allowing the
2072 		 * jail to change what underlying interface/VID it is
2073 		 * associated with.  We are not entirely convinced that this
2074 		 * is the right way to accomplish that policy goal.
2075 		 */
2076 		if (ifp->if_vnet != ifp->if_home_vnet) {
2077 			error = EPERM;
2078 			break;
2079 		}
2080 #endif
2081 		error = copyin(ifr_data_get_ptr(ifr), &vlr, sizeof(vlr));
2082 		if (error)
2083 			break;
2084 		if (vlr.vlr_parent[0] == '\0') {
2085 			vlan_unconfig(ifp);
2086 			break;
2087 		}
2088 		p = ifunit_ref(vlr.vlr_parent);
2089 		if (p == NULL) {
2090 			error = ENOENT;
2091 			break;
2092 		}
2093 #ifdef COMPAT_FREEBSD12
2094 		if (vlr.vlr_proto == 0)
2095 			vlr.vlr_proto = ETHERTYPE_VLAN;
2096 #endif
2097 		oldmtu = ifp->if_mtu;
2098 		error = vlan_config(ifv, p, vlr.vlr_tag, vlr.vlr_proto);
2099 		if_rele(p);
2100 
2101 		/*
2102 		 * VLAN MTU may change during addition of the vlandev.
2103 		 * If it did, do network layer specific procedure.
2104 		 */
2105 		if (ifp->if_mtu != oldmtu)
2106 			if_notifymtu(ifp);
2107 		break;
2108 
2109 	case SIOCGETVLAN:
2110 #ifdef VIMAGE
2111 		if (ifp->if_vnet != ifp->if_home_vnet) {
2112 			error = EPERM;
2113 			break;
2114 		}
2115 #endif
2116 		bzero(&vlr, sizeof(vlr));
2117 		VLAN_SLOCK();
2118 		if (TRUNK(ifv) != NULL) {
2119 			strlcpy(vlr.vlr_parent, PARENT(ifv)->if_xname,
2120 			    sizeof(vlr.vlr_parent));
2121 			vlr.vlr_tag = ifv->ifv_vid;
2122 			vlr.vlr_proto = ifv->ifv_proto;
2123 		}
2124 		VLAN_SUNLOCK();
2125 		error = copyout(&vlr, ifr_data_get_ptr(ifr), sizeof(vlr));
2126 		break;
2127 
2128 	case SIOCSIFFLAGS:
2129 		/*
2130 		 * We should propagate selected flags to the parent,
2131 		 * e.g., promiscuous mode.
2132 		 */
2133 		VLAN_XLOCK();
2134 		if (TRUNK(ifv) != NULL)
2135 			error = vlan_setflags(ifp, 1);
2136 		VLAN_XUNLOCK();
2137 		break;
2138 
2139 	case SIOCADDMULTI:
2140 	case SIOCDELMULTI:
2141 		/*
2142 		 * If we don't have a parent, just remember the membership for
2143 		 * when we do.
2144 		 *
2145 		 * XXX We need the rmlock here to avoid sleeping while
2146 		 * holding in6_multi_mtx.
2147 		 */
2148 		VLAN_XLOCK();
2149 		trunk = TRUNK(ifv);
2150 		if (trunk != NULL)
2151 			error = vlan_setmulti(ifp);
2152 		VLAN_XUNLOCK();
2153 
2154 		break;
2155 	case SIOCGVLANPCP:
2156 #ifdef VIMAGE
2157 		if (ifp->if_vnet != ifp->if_home_vnet) {
2158 			error = EPERM;
2159 			break;
2160 		}
2161 #endif
2162 		ifr->ifr_vlan_pcp = ifv->ifv_pcp;
2163 		break;
2164 
2165 	case SIOCSVLANPCP:
2166 #ifdef VIMAGE
2167 		if (ifp->if_vnet != ifp->if_home_vnet) {
2168 			error = EPERM;
2169 			break;
2170 		}
2171 #endif
2172 		error = priv_check(curthread, PRIV_NET_SETVLANPCP);
2173 		if (error)
2174 			break;
2175 		if (ifr->ifr_vlan_pcp > VLAN_PCP_MAX) {
2176 			error = EINVAL;
2177 			break;
2178 		}
2179 		ifv->ifv_pcp = ifr->ifr_vlan_pcp;
2180 		ifp->if_pcp = ifv->ifv_pcp;
2181 		/* broadcast event about PCP change */
2182 		EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_PCP);
2183 		break;
2184 
2185 	case SIOCSIFCAP:
2186 		VLAN_SLOCK();
2187 		ifv->ifv_capenable = ifr->ifr_reqcap;
2188 		trunk = TRUNK(ifv);
2189 		if (trunk != NULL) {
2190 			struct epoch_tracker et;
2191 
2192 			NET_EPOCH_ENTER(et);
2193 			vlan_capabilities(ifv);
2194 			NET_EPOCH_EXIT(et);
2195 		}
2196 		VLAN_SUNLOCK();
2197 		break;
2198 
2199 	default:
2200 		error = EINVAL;
2201 		break;
2202 	}
2203 
2204 	return (error);
2205 }
2206 
2207 #if defined(KERN_TLS) || defined(RATELIMIT)
2208 static int
2209 vlan_snd_tag_alloc(struct ifnet *ifp,
2210     union if_snd_tag_alloc_params *params,
2211     struct m_snd_tag **ppmt)
2212 {
2213 	struct epoch_tracker et;
2214 	const struct if_snd_tag_sw *sw;
2215 	struct vlan_snd_tag *vst;
2216 	struct ifvlan *ifv;
2217 	struct ifnet *parent;
2218 	struct m_snd_tag *mst;
2219 	int error;
2220 
2221 	NET_EPOCH_ENTER(et);
2222 	ifv = ifp->if_softc;
2223 
2224 	switch (params->hdr.type) {
2225 #ifdef RATELIMIT
2226 	case IF_SND_TAG_TYPE_UNLIMITED:
2227 		sw = &vlan_snd_tag_ul_sw;
2228 		break;
2229 	case IF_SND_TAG_TYPE_RATE_LIMIT:
2230 		sw = &vlan_snd_tag_rl_sw;
2231 		break;
2232 #endif
2233 #ifdef KERN_TLS
2234 	case IF_SND_TAG_TYPE_TLS:
2235 		sw = &vlan_snd_tag_tls_sw;
2236 		break;
2237 	case IF_SND_TAG_TYPE_TLS_RX:
2238 		sw = NULL;
2239 		if (params->tls_rx.vlan_id != 0)
2240 			goto failure;
2241 		params->tls_rx.vlan_id = ifv->ifv_vid;
2242 		break;
2243 #ifdef RATELIMIT
2244 	case IF_SND_TAG_TYPE_TLS_RATE_LIMIT:
2245 		sw = &vlan_snd_tag_tls_rl_sw;
2246 		break;
2247 #endif
2248 #endif
2249 	default:
2250 		goto failure;
2251 	}
2252 
2253 	if (ifv->ifv_trunk != NULL)
2254 		parent = PARENT(ifv);
2255 	else
2256 		parent = NULL;
2257 	if (parent == NULL)
2258 		goto failure;
2259 	if_ref(parent);
2260 	NET_EPOCH_EXIT(et);
2261 
2262 	if (sw != NULL) {
2263 		vst = malloc(sizeof(*vst), M_VLAN, M_NOWAIT);
2264 		if (vst == NULL) {
2265 			if_rele(parent);
2266 			return (ENOMEM);
2267 		}
2268 	} else
2269 		vst = NULL;
2270 
2271 	error = m_snd_tag_alloc(parent, params, &mst);
2272 	if_rele(parent);
2273 	if (error) {
2274 		free(vst, M_VLAN);
2275 		return (error);
2276 	}
2277 
2278 	if (sw != NULL) {
2279 		m_snd_tag_init(&vst->com, ifp, sw);
2280 		vst->tag = mst;
2281 
2282 		*ppmt = &vst->com;
2283 	} else
2284 		*ppmt = mst;
2285 
2286 	return (0);
2287 failure:
2288 	NET_EPOCH_EXIT(et);
2289 	return (EOPNOTSUPP);
2290 }
2291 
2292 static struct m_snd_tag *
2293 vlan_next_snd_tag(struct m_snd_tag *mst)
2294 {
2295 	struct vlan_snd_tag *vst;
2296 
2297 	vst = mst_to_vst(mst);
2298 	return (vst->tag);
2299 }
2300 
2301 static int
2302 vlan_snd_tag_modify(struct m_snd_tag *mst,
2303     union if_snd_tag_modify_params *params)
2304 {
2305 	struct vlan_snd_tag *vst;
2306 
2307 	vst = mst_to_vst(mst);
2308 	return (vst->tag->sw->snd_tag_modify(vst->tag, params));
2309 }
2310 
2311 static int
2312 vlan_snd_tag_query(struct m_snd_tag *mst,
2313     union if_snd_tag_query_params *params)
2314 {
2315 	struct vlan_snd_tag *vst;
2316 
2317 	vst = mst_to_vst(mst);
2318 	return (vst->tag->sw->snd_tag_query(vst->tag, params));
2319 }
2320 
2321 static void
2322 vlan_snd_tag_free(struct m_snd_tag *mst)
2323 {
2324 	struct vlan_snd_tag *vst;
2325 
2326 	vst = mst_to_vst(mst);
2327 	m_snd_tag_rele(vst->tag);
2328 	free(vst, M_VLAN);
2329 }
2330 
2331 static void
2332 vlan_ratelimit_query(struct ifnet *ifp __unused, struct if_ratelimit_query_results *q)
2333 {
2334 	/*
2335 	 * For vlan, we have an indirect
2336 	 * interface. The caller needs to
2337 	 * get a ratelimit tag on the actual
2338 	 * interface the flow will go on.
2339 	 */
2340 	q->rate_table = NULL;
2341 	q->flags = RT_IS_INDIRECT;
2342 	q->max_flows = 0;
2343 	q->number_of_rates = 0;
2344 }
2345 
2346 #endif
2347