1 /*- 2 * Copyright 1998 Massachusetts Institute of Technology 3 * Copyright 2012 ADARA Networks, Inc. 4 * Copyright 2017 Dell EMC Isilon 5 * 6 * Portions of this software were developed by Robert N. M. Watson under 7 * contract to ADARA Networks, Inc. 8 * 9 * Permission to use, copy, modify, and distribute this software and 10 * its documentation for any purpose and without fee is hereby 11 * granted, provided that both the above copyright notice and this 12 * permission notice appear in all copies, that both the above 13 * copyright notice and this permission notice appear in all 14 * supporting documentation, and that the name of M.I.T. not be used 15 * in advertising or publicity pertaining to distribution of the 16 * software without specific, written prior permission. M.I.T. makes 17 * no representations about the suitability of this software for any 18 * purpose. It is provided "as is" without express or implied 19 * warranty. 20 * 21 * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''. M.I.T. DISCLAIMS 22 * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE, 23 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT 25 * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 28 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. 37 * This is sort of sneaky in the implementation, since 38 * we need to pretend to be enough of an Ethernet implementation 39 * to make arp work. The way we do this is by telling everyone 40 * that we are an Ethernet, and then catch the packets that 41 * ether_output() sends to us via if_transmit(), rewrite them for 42 * use by the real outgoing interface, and ask it to send them. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include "opt_inet.h" 49 #include "opt_inet6.h" 50 #include "opt_kern_tls.h" 51 #include "opt_vlan.h" 52 #include "opt_ratelimit.h" 53 54 #include <sys/param.h> 55 #include <sys/eventhandler.h> 56 #include <sys/kernel.h> 57 #include <sys/lock.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/module.h> 61 #include <sys/rmlock.h> 62 #include <sys/priv.h> 63 #include <sys/queue.h> 64 #include <sys/socket.h> 65 #include <sys/sockio.h> 66 #include <sys/sysctl.h> 67 #include <sys/systm.h> 68 #include <sys/sx.h> 69 #include <sys/taskqueue.h> 70 71 #include <net/bpf.h> 72 #include <net/ethernet.h> 73 #include <net/if.h> 74 #include <net/if_var.h> 75 #include <net/if_private.h> 76 #include <net/if_clone.h> 77 #include <net/if_dl.h> 78 #include <net/if_types.h> 79 #include <net/if_vlan_var.h> 80 #include <net/route.h> 81 #include <net/vnet.h> 82 83 #ifdef INET 84 #include <netinet/in.h> 85 #include <netinet/if_ether.h> 86 #endif 87 88 #define VLAN_DEF_HWIDTH 4 89 #define VLAN_IFFLAGS (IFF_BROADCAST | IFF_MULTICAST) 90 91 #define UP_AND_RUNNING(ifp) \ 92 ((ifp)->if_flags & IFF_UP && (ifp)->if_drv_flags & IFF_DRV_RUNNING) 93 94 CK_SLIST_HEAD(ifvlanhead, ifvlan); 95 96 struct ifvlantrunk { 97 struct ifnet *parent; /* parent interface of this trunk */ 98 struct mtx lock; 99 #ifdef VLAN_ARRAY 100 #define VLAN_ARRAY_SIZE (EVL_VLID_MASK + 1) 101 struct ifvlan *vlans[VLAN_ARRAY_SIZE]; /* static table */ 102 #else 103 struct ifvlanhead *hash; /* dynamic hash-list table */ 104 uint16_t hmask; 105 uint16_t hwidth; 106 #endif 107 int refcnt; 108 }; 109 110 #if defined(KERN_TLS) || defined(RATELIMIT) 111 struct vlan_snd_tag { 112 struct m_snd_tag com; 113 struct m_snd_tag *tag; 114 }; 115 116 static inline struct vlan_snd_tag * 117 mst_to_vst(struct m_snd_tag *mst) 118 { 119 120 return (__containerof(mst, struct vlan_snd_tag, com)); 121 } 122 #endif 123 124 /* 125 * This macro provides a facility to iterate over every vlan on a trunk with 126 * the assumption that none will be added/removed during iteration. 127 */ 128 #ifdef VLAN_ARRAY 129 #define VLAN_FOREACH(_ifv, _trunk) \ 130 size_t _i; \ 131 for (_i = 0; _i < VLAN_ARRAY_SIZE; _i++) \ 132 if (((_ifv) = (_trunk)->vlans[_i]) != NULL) 133 #else /* VLAN_ARRAY */ 134 #define VLAN_FOREACH(_ifv, _trunk) \ 135 struct ifvlan *_next; \ 136 size_t _i; \ 137 for (_i = 0; _i < (1 << (_trunk)->hwidth); _i++) \ 138 CK_SLIST_FOREACH_SAFE((_ifv), &(_trunk)->hash[_i], ifv_list, _next) 139 #endif /* VLAN_ARRAY */ 140 141 /* 142 * This macro provides a facility to iterate over every vlan on a trunk while 143 * also modifying the number of vlans on the trunk. The iteration continues 144 * until some condition is met or there are no more vlans on the trunk. 145 */ 146 #ifdef VLAN_ARRAY 147 /* The VLAN_ARRAY case is simple -- just a for loop using the condition. */ 148 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \ 149 size_t _i; \ 150 for (_i = 0; !(_cond) && _i < VLAN_ARRAY_SIZE; _i++) \ 151 if (((_ifv) = (_trunk)->vlans[_i])) 152 #else /* VLAN_ARRAY */ 153 /* 154 * The hash table case is more complicated. We allow for the hash table to be 155 * modified (i.e. vlans removed) while we are iterating over it. To allow for 156 * this we must restart the iteration every time we "touch" something during 157 * the iteration, since removal will resize the hash table and invalidate our 158 * current position. If acting on the touched element causes the trunk to be 159 * emptied, then iteration also stops. 160 */ 161 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \ 162 size_t _i; \ 163 bool _touch = false; \ 164 for (_i = 0; \ 165 !(_cond) && _i < (1 << (_trunk)->hwidth); \ 166 _i = (_touch && ((_trunk) != NULL) ? 0 : _i + 1), _touch = false) \ 167 if (((_ifv) = CK_SLIST_FIRST(&(_trunk)->hash[_i])) != NULL && \ 168 (_touch = true)) 169 #endif /* VLAN_ARRAY */ 170 171 struct vlan_mc_entry { 172 struct sockaddr_dl mc_addr; 173 CK_SLIST_ENTRY(vlan_mc_entry) mc_entries; 174 struct epoch_context mc_epoch_ctx; 175 }; 176 177 struct ifvlan { 178 struct ifvlantrunk *ifv_trunk; 179 struct ifnet *ifv_ifp; 180 #define TRUNK(ifv) ((ifv)->ifv_trunk) 181 #define PARENT(ifv) (TRUNK(ifv)->parent) 182 void *ifv_cookie; 183 int ifv_pflags; /* special flags we have set on parent */ 184 int ifv_capenable; 185 int ifv_encaplen; /* encapsulation length */ 186 int ifv_mtufudge; /* MTU fudged by this much */ 187 int ifv_mintu; /* min transmission unit */ 188 struct ether_8021q_tag ifv_qtag; 189 #define ifv_proto ifv_qtag.proto 190 #define ifv_vid ifv_qtag.vid 191 #define ifv_pcp ifv_qtag.pcp 192 struct task lladdr_task; 193 CK_SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead; 194 #ifndef VLAN_ARRAY 195 CK_SLIST_ENTRY(ifvlan) ifv_list; 196 #endif 197 }; 198 199 /* Special flags we should propagate to parent. */ 200 static struct { 201 int flag; 202 int (*func)(struct ifnet *, int); 203 } vlan_pflags[] = { 204 {IFF_PROMISC, ifpromisc}, 205 {IFF_ALLMULTI, if_allmulti}, 206 {0, NULL} 207 }; 208 209 VNET_DECLARE(int, vlan_mtag_pcp); 210 #define V_vlan_mtag_pcp VNET(vlan_mtag_pcp) 211 212 static const char vlanname[] = "vlan"; 213 static MALLOC_DEFINE(M_VLAN, vlanname, "802.1Q Virtual LAN Interface"); 214 215 static eventhandler_tag ifdetach_tag; 216 static eventhandler_tag iflladdr_tag; 217 static eventhandler_tag ifevent_tag; 218 219 /* 220 * if_vlan uses two module-level synchronizations primitives to allow concurrent 221 * modification of vlan interfaces and (mostly) allow for vlans to be destroyed 222 * while they are being used for tx/rx. To accomplish this in a way that has 223 * acceptable performance and cooperation with other parts of the network stack 224 * there is a non-sleepable epoch(9) and an sx(9). 225 * 226 * The performance-sensitive paths that warrant using the epoch(9) are 227 * vlan_transmit and vlan_input. Both have to check for the vlan interface's 228 * existence using if_vlantrunk, and being in the network tx/rx paths the use 229 * of an epoch(9) gives a measureable improvement in performance. 230 * 231 * The reason for having an sx(9) is mostly because there are still areas that 232 * must be sleepable and also have safe concurrent access to a vlan interface. 233 * Since the sx(9) exists, it is used by default in most paths unless sleeping 234 * is not permitted, or if it is not clear whether sleeping is permitted. 235 * 236 */ 237 #define _VLAN_SX_ID ifv_sx 238 239 static struct sx _VLAN_SX_ID; 240 241 #define VLAN_LOCKING_INIT() \ 242 sx_init_flags(&_VLAN_SX_ID, "vlan_sx", SX_RECURSE) 243 244 #define VLAN_LOCKING_DESTROY() \ 245 sx_destroy(&_VLAN_SX_ID) 246 247 #define VLAN_SLOCK() sx_slock(&_VLAN_SX_ID) 248 #define VLAN_SUNLOCK() sx_sunlock(&_VLAN_SX_ID) 249 #define VLAN_XLOCK() sx_xlock(&_VLAN_SX_ID) 250 #define VLAN_XUNLOCK() sx_xunlock(&_VLAN_SX_ID) 251 #define VLAN_SLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_SLOCKED) 252 #define VLAN_XLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_XLOCKED) 253 #define VLAN_SXLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_LOCKED) 254 255 /* 256 * We also have a per-trunk mutex that should be acquired when changing 257 * its state. 258 */ 259 #define TRUNK_LOCK_INIT(trunk) mtx_init(&(trunk)->lock, vlanname, NULL, MTX_DEF) 260 #define TRUNK_LOCK_DESTROY(trunk) mtx_destroy(&(trunk)->lock) 261 #define TRUNK_WLOCK(trunk) mtx_lock(&(trunk)->lock) 262 #define TRUNK_WUNLOCK(trunk) mtx_unlock(&(trunk)->lock) 263 #define TRUNK_WLOCK_ASSERT(trunk) mtx_assert(&(trunk)->lock, MA_OWNED); 264 265 /* 266 * The VLAN_ARRAY substitutes the dynamic hash with a static array 267 * with 4096 entries. In theory this can give a boost in processing, 268 * however in practice it does not. Probably this is because the array 269 * is too big to fit into CPU cache. 270 */ 271 #ifndef VLAN_ARRAY 272 static void vlan_inithash(struct ifvlantrunk *trunk); 273 static void vlan_freehash(struct ifvlantrunk *trunk); 274 static int vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv); 275 static int vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv); 276 static void vlan_growhash(struct ifvlantrunk *trunk, int howmuch); 277 static __inline struct ifvlan * vlan_gethash(struct ifvlantrunk *trunk, 278 uint16_t vid); 279 #endif 280 static void trunk_destroy(struct ifvlantrunk *trunk); 281 282 static void vlan_init(void *foo); 283 static void vlan_input(struct ifnet *ifp, struct mbuf *m); 284 static int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr); 285 #if defined(KERN_TLS) || defined(RATELIMIT) 286 static int vlan_snd_tag_alloc(struct ifnet *, 287 union if_snd_tag_alloc_params *, struct m_snd_tag **); 288 static int vlan_snd_tag_modify(struct m_snd_tag *, 289 union if_snd_tag_modify_params *); 290 static int vlan_snd_tag_query(struct m_snd_tag *, 291 union if_snd_tag_query_params *); 292 static void vlan_snd_tag_free(struct m_snd_tag *); 293 static struct m_snd_tag *vlan_next_snd_tag(struct m_snd_tag *); 294 static void vlan_ratelimit_query(struct ifnet *, 295 struct if_ratelimit_query_results *); 296 #endif 297 static void vlan_qflush(struct ifnet *ifp); 298 static int vlan_setflag(struct ifnet *ifp, int flag, int status, 299 int (*func)(struct ifnet *, int)); 300 static int vlan_setflags(struct ifnet *ifp, int status); 301 static int vlan_setmulti(struct ifnet *ifp); 302 static int vlan_transmit(struct ifnet *ifp, struct mbuf *m); 303 #ifdef ALTQ 304 static void vlan_altq_start(struct ifnet *ifp); 305 static int vlan_altq_transmit(struct ifnet *ifp, struct mbuf *m); 306 #endif 307 static int vlan_output(struct ifnet *ifp, struct mbuf *m, 308 const struct sockaddr *dst, struct route *ro); 309 static void vlan_unconfig(struct ifnet *ifp); 310 static void vlan_unconfig_locked(struct ifnet *ifp, int departing); 311 static int vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t tag, 312 uint16_t proto); 313 static void vlan_link_state(struct ifnet *ifp); 314 static void vlan_capabilities(struct ifvlan *ifv); 315 static void vlan_trunk_capabilities(struct ifnet *ifp); 316 317 static struct ifnet *vlan_clone_match_ethervid(const char *, int *); 318 static int vlan_clone_match(struct if_clone *, const char *); 319 static int vlan_clone_create(struct if_clone *, char *, size_t, 320 struct ifc_data *, struct ifnet **); 321 static int vlan_clone_destroy(struct if_clone *, struct ifnet *, uint32_t); 322 323 static void vlan_ifdetach(void *arg, struct ifnet *ifp); 324 static void vlan_iflladdr(void *arg, struct ifnet *ifp); 325 static void vlan_ifevent(void *arg, struct ifnet *ifp, int event); 326 327 static void vlan_lladdr_fn(void *arg, int pending); 328 329 static struct if_clone *vlan_cloner; 330 331 #ifdef VIMAGE 332 VNET_DEFINE_STATIC(struct if_clone *, vlan_cloner); 333 #define V_vlan_cloner VNET(vlan_cloner) 334 #endif 335 336 #ifdef RATELIMIT 337 static const struct if_snd_tag_sw vlan_snd_tag_ul_sw = { 338 .snd_tag_modify = vlan_snd_tag_modify, 339 .snd_tag_query = vlan_snd_tag_query, 340 .snd_tag_free = vlan_snd_tag_free, 341 .next_snd_tag = vlan_next_snd_tag, 342 .type = IF_SND_TAG_TYPE_UNLIMITED 343 }; 344 345 static const struct if_snd_tag_sw vlan_snd_tag_rl_sw = { 346 .snd_tag_modify = vlan_snd_tag_modify, 347 .snd_tag_query = vlan_snd_tag_query, 348 .snd_tag_free = vlan_snd_tag_free, 349 .next_snd_tag = vlan_next_snd_tag, 350 .type = IF_SND_TAG_TYPE_RATE_LIMIT 351 }; 352 #endif 353 354 #ifdef KERN_TLS 355 static const struct if_snd_tag_sw vlan_snd_tag_tls_sw = { 356 .snd_tag_modify = vlan_snd_tag_modify, 357 .snd_tag_query = vlan_snd_tag_query, 358 .snd_tag_free = vlan_snd_tag_free, 359 .next_snd_tag = vlan_next_snd_tag, 360 .type = IF_SND_TAG_TYPE_TLS 361 }; 362 363 #ifdef RATELIMIT 364 static const struct if_snd_tag_sw vlan_snd_tag_tls_rl_sw = { 365 .snd_tag_modify = vlan_snd_tag_modify, 366 .snd_tag_query = vlan_snd_tag_query, 367 .snd_tag_free = vlan_snd_tag_free, 368 .next_snd_tag = vlan_next_snd_tag, 369 .type = IF_SND_TAG_TYPE_TLS_RATE_LIMIT 370 }; 371 #endif 372 #endif 373 374 static void 375 vlan_mc_free(struct epoch_context *ctx) 376 { 377 struct vlan_mc_entry *mc = __containerof(ctx, struct vlan_mc_entry, mc_epoch_ctx); 378 free(mc, M_VLAN); 379 } 380 381 #ifndef VLAN_ARRAY 382 #define HASH(n, m) ((((n) >> 8) ^ ((n) >> 4) ^ (n)) & (m)) 383 384 static void 385 vlan_inithash(struct ifvlantrunk *trunk) 386 { 387 int i, n; 388 389 /* 390 * The trunk must not be locked here since we call malloc(M_WAITOK). 391 * It is OK in case this function is called before the trunk struct 392 * gets hooked up and becomes visible from other threads. 393 */ 394 395 KASSERT(trunk->hwidth == 0 && trunk->hash == NULL, 396 ("%s: hash already initialized", __func__)); 397 398 trunk->hwidth = VLAN_DEF_HWIDTH; 399 n = 1 << trunk->hwidth; 400 trunk->hmask = n - 1; 401 trunk->hash = malloc(sizeof(struct ifvlanhead) * n, M_VLAN, M_WAITOK); 402 for (i = 0; i < n; i++) 403 CK_SLIST_INIT(&trunk->hash[i]); 404 } 405 406 static void 407 vlan_freehash(struct ifvlantrunk *trunk) 408 { 409 #ifdef INVARIANTS 410 int i; 411 412 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 413 for (i = 0; i < (1 << trunk->hwidth); i++) 414 KASSERT(CK_SLIST_EMPTY(&trunk->hash[i]), 415 ("%s: hash table not empty", __func__)); 416 #endif 417 free(trunk->hash, M_VLAN); 418 trunk->hash = NULL; 419 trunk->hwidth = trunk->hmask = 0; 420 } 421 422 static int 423 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 424 { 425 int i, b; 426 struct ifvlan *ifv2; 427 428 VLAN_XLOCK_ASSERT(); 429 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 430 431 b = 1 << trunk->hwidth; 432 i = HASH(ifv->ifv_vid, trunk->hmask); 433 CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list) 434 if (ifv->ifv_vid == ifv2->ifv_vid) 435 return (EEXIST); 436 437 /* 438 * Grow the hash when the number of vlans exceeds half of the number of 439 * hash buckets squared. This will make the average linked-list length 440 * buckets/2. 441 */ 442 if (trunk->refcnt > (b * b) / 2) { 443 vlan_growhash(trunk, 1); 444 i = HASH(ifv->ifv_vid, trunk->hmask); 445 } 446 CK_SLIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list); 447 trunk->refcnt++; 448 449 return (0); 450 } 451 452 static int 453 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 454 { 455 int i, b; 456 struct ifvlan *ifv2; 457 458 VLAN_XLOCK_ASSERT(); 459 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 460 461 b = 1 << (trunk->hwidth - 1); 462 i = HASH(ifv->ifv_vid, trunk->hmask); 463 CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list) 464 if (ifv2 == ifv) { 465 trunk->refcnt--; 466 CK_SLIST_REMOVE(&trunk->hash[i], ifv2, ifvlan, ifv_list); 467 if (trunk->refcnt < (b * b) / 2) 468 vlan_growhash(trunk, -1); 469 return (0); 470 } 471 472 panic("%s: vlan not found\n", __func__); 473 return (ENOENT); /*NOTREACHED*/ 474 } 475 476 /* 477 * Grow the hash larger or smaller if memory permits. 478 */ 479 static void 480 vlan_growhash(struct ifvlantrunk *trunk, int howmuch) 481 { 482 struct ifvlan *ifv; 483 struct ifvlanhead *hash2; 484 int hwidth2, i, j, n, n2; 485 486 VLAN_XLOCK_ASSERT(); 487 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 488 489 if (howmuch == 0) { 490 /* Harmless yet obvious coding error */ 491 printf("%s: howmuch is 0\n", __func__); 492 return; 493 } 494 495 hwidth2 = trunk->hwidth + howmuch; 496 n = 1 << trunk->hwidth; 497 n2 = 1 << hwidth2; 498 /* Do not shrink the table below the default */ 499 if (hwidth2 < VLAN_DEF_HWIDTH) 500 return; 501 502 hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_WAITOK); 503 if (hash2 == NULL) { 504 printf("%s: out of memory -- hash size not changed\n", 505 __func__); 506 return; /* We can live with the old hash table */ 507 } 508 for (j = 0; j < n2; j++) 509 CK_SLIST_INIT(&hash2[j]); 510 for (i = 0; i < n; i++) 511 while ((ifv = CK_SLIST_FIRST(&trunk->hash[i])) != NULL) { 512 CK_SLIST_REMOVE(&trunk->hash[i], ifv, ifvlan, ifv_list); 513 j = HASH(ifv->ifv_vid, n2 - 1); 514 CK_SLIST_INSERT_HEAD(&hash2[j], ifv, ifv_list); 515 } 516 NET_EPOCH_WAIT(); 517 free(trunk->hash, M_VLAN); 518 trunk->hash = hash2; 519 trunk->hwidth = hwidth2; 520 trunk->hmask = n2 - 1; 521 522 if (bootverbose) 523 if_printf(trunk->parent, 524 "VLAN hash table resized from %d to %d buckets\n", n, n2); 525 } 526 527 static __inline struct ifvlan * 528 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid) 529 { 530 struct ifvlan *ifv; 531 532 NET_EPOCH_ASSERT(); 533 534 CK_SLIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list) 535 if (ifv->ifv_vid == vid) 536 return (ifv); 537 return (NULL); 538 } 539 540 #if 0 541 /* Debugging code to view the hashtables. */ 542 static void 543 vlan_dumphash(struct ifvlantrunk *trunk) 544 { 545 int i; 546 struct ifvlan *ifv; 547 548 for (i = 0; i < (1 << trunk->hwidth); i++) { 549 printf("%d: ", i); 550 CK_SLIST_FOREACH(ifv, &trunk->hash[i], ifv_list) 551 printf("%s ", ifv->ifv_ifp->if_xname); 552 printf("\n"); 553 } 554 } 555 #endif /* 0 */ 556 #else 557 558 static __inline struct ifvlan * 559 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid) 560 { 561 562 return trunk->vlans[vid]; 563 } 564 565 static __inline int 566 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 567 { 568 569 if (trunk->vlans[ifv->ifv_vid] != NULL) 570 return EEXIST; 571 trunk->vlans[ifv->ifv_vid] = ifv; 572 trunk->refcnt++; 573 574 return (0); 575 } 576 577 static __inline int 578 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 579 { 580 581 trunk->vlans[ifv->ifv_vid] = NULL; 582 trunk->refcnt--; 583 584 return (0); 585 } 586 587 static __inline void 588 vlan_freehash(struct ifvlantrunk *trunk) 589 { 590 } 591 592 static __inline void 593 vlan_inithash(struct ifvlantrunk *trunk) 594 { 595 } 596 597 #endif /* !VLAN_ARRAY */ 598 599 static void 600 trunk_destroy(struct ifvlantrunk *trunk) 601 { 602 VLAN_XLOCK_ASSERT(); 603 604 vlan_freehash(trunk); 605 trunk->parent->if_vlantrunk = NULL; 606 TRUNK_LOCK_DESTROY(trunk); 607 if_rele(trunk->parent); 608 free(trunk, M_VLAN); 609 } 610 611 /* 612 * Program our multicast filter. What we're actually doing is 613 * programming the multicast filter of the parent. This has the 614 * side effect of causing the parent interface to receive multicast 615 * traffic that it doesn't really want, which ends up being discarded 616 * later by the upper protocol layers. Unfortunately, there's no way 617 * to avoid this: there really is only one physical interface. 618 */ 619 static int 620 vlan_setmulti(struct ifnet *ifp) 621 { 622 struct ifnet *ifp_p; 623 struct ifmultiaddr *ifma; 624 struct ifvlan *sc; 625 struct vlan_mc_entry *mc; 626 int error; 627 628 VLAN_XLOCK_ASSERT(); 629 630 /* Find the parent. */ 631 sc = ifp->if_softc; 632 ifp_p = PARENT(sc); 633 634 CURVNET_SET_QUIET(ifp_p->if_vnet); 635 636 /* First, remove any existing filter entries. */ 637 while ((mc = CK_SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) { 638 CK_SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries); 639 (void)if_delmulti(ifp_p, (struct sockaddr *)&mc->mc_addr); 640 NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx); 641 } 642 643 /* Now program new ones. */ 644 IF_ADDR_WLOCK(ifp); 645 CK_STAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 646 if (ifma->ifma_addr->sa_family != AF_LINK) 647 continue; 648 mc = malloc(sizeof(struct vlan_mc_entry), M_VLAN, M_NOWAIT); 649 if (mc == NULL) { 650 IF_ADDR_WUNLOCK(ifp); 651 CURVNET_RESTORE(); 652 return (ENOMEM); 653 } 654 bcopy(ifma->ifma_addr, &mc->mc_addr, ifma->ifma_addr->sa_len); 655 mc->mc_addr.sdl_index = ifp_p->if_index; 656 CK_SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries); 657 } 658 IF_ADDR_WUNLOCK(ifp); 659 CK_SLIST_FOREACH (mc, &sc->vlan_mc_listhead, mc_entries) { 660 error = if_addmulti(ifp_p, (struct sockaddr *)&mc->mc_addr, 661 NULL); 662 if (error) { 663 CURVNET_RESTORE(); 664 return (error); 665 } 666 } 667 668 CURVNET_RESTORE(); 669 return (0); 670 } 671 672 /* 673 * A handler for interface ifnet events. 674 */ 675 static void 676 vlan_ifevent(void *arg __unused, struct ifnet *ifp, int event) 677 { 678 struct epoch_tracker et; 679 struct ifvlan *ifv; 680 struct ifvlantrunk *trunk; 681 682 if (event != IFNET_EVENT_UPDATE_BAUDRATE) 683 return; 684 685 NET_EPOCH_ENTER(et); 686 trunk = ifp->if_vlantrunk; 687 if (trunk == NULL) { 688 NET_EPOCH_EXIT(et); 689 return; 690 } 691 692 TRUNK_WLOCK(trunk); 693 VLAN_FOREACH(ifv, trunk) { 694 ifv->ifv_ifp->if_baudrate = ifp->if_baudrate; 695 } 696 TRUNK_WUNLOCK(trunk); 697 NET_EPOCH_EXIT(et); 698 } 699 700 /* 701 * A handler for parent interface link layer address changes. 702 * If the parent interface link layer address is changed we 703 * should also change it on all children vlans. 704 */ 705 static void 706 vlan_iflladdr(void *arg __unused, struct ifnet *ifp) 707 { 708 struct epoch_tracker et; 709 struct ifvlan *ifv; 710 struct ifnet *ifv_ifp; 711 struct ifvlantrunk *trunk; 712 struct sockaddr_dl *sdl; 713 714 /* Need the epoch since this is run on taskqueue_swi. */ 715 NET_EPOCH_ENTER(et); 716 trunk = ifp->if_vlantrunk; 717 if (trunk == NULL) { 718 NET_EPOCH_EXIT(et); 719 return; 720 } 721 722 /* 723 * OK, it's a trunk. Loop over and change all vlan's lladdrs on it. 724 * We need an exclusive lock here to prevent concurrent SIOCSIFLLADDR 725 * ioctl calls on the parent garbling the lladdr of the child vlan. 726 */ 727 TRUNK_WLOCK(trunk); 728 VLAN_FOREACH(ifv, trunk) { 729 /* 730 * Copy new new lladdr into the ifv_ifp, enqueue a task 731 * to actually call if_setlladdr. if_setlladdr needs to 732 * be deferred to a taskqueue because it will call into 733 * the if_vlan ioctl path and try to acquire the global 734 * lock. 735 */ 736 ifv_ifp = ifv->ifv_ifp; 737 bcopy(IF_LLADDR(ifp), IF_LLADDR(ifv_ifp), 738 ifp->if_addrlen); 739 sdl = (struct sockaddr_dl *)ifv_ifp->if_addr->ifa_addr; 740 sdl->sdl_alen = ifp->if_addrlen; 741 taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task); 742 } 743 TRUNK_WUNLOCK(trunk); 744 NET_EPOCH_EXIT(et); 745 } 746 747 /* 748 * A handler for network interface departure events. 749 * Track departure of trunks here so that we don't access invalid 750 * pointers or whatever if a trunk is ripped from under us, e.g., 751 * by ejecting its hot-plug card. However, if an ifnet is simply 752 * being renamed, then there's no need to tear down the state. 753 */ 754 static void 755 vlan_ifdetach(void *arg __unused, struct ifnet *ifp) 756 { 757 struct ifvlan *ifv; 758 struct ifvlantrunk *trunk; 759 760 /* If the ifnet is just being renamed, don't do anything. */ 761 if (ifp->if_flags & IFF_RENAMING) 762 return; 763 VLAN_XLOCK(); 764 trunk = ifp->if_vlantrunk; 765 if (trunk == NULL) { 766 VLAN_XUNLOCK(); 767 return; 768 } 769 770 /* 771 * OK, it's a trunk. Loop over and detach all vlan's on it. 772 * Check trunk pointer after each vlan_unconfig() as it will 773 * free it and set to NULL after the last vlan was detached. 774 */ 775 VLAN_FOREACH_UNTIL_SAFE(ifv, ifp->if_vlantrunk, 776 ifp->if_vlantrunk == NULL) 777 vlan_unconfig_locked(ifv->ifv_ifp, 1); 778 779 /* Trunk should have been destroyed in vlan_unconfig(). */ 780 KASSERT(ifp->if_vlantrunk == NULL, ("%s: purge failed", __func__)); 781 VLAN_XUNLOCK(); 782 } 783 784 /* 785 * Return the trunk device for a virtual interface. 786 */ 787 static struct ifnet * 788 vlan_trunkdev(struct ifnet *ifp) 789 { 790 struct ifvlan *ifv; 791 792 NET_EPOCH_ASSERT(); 793 794 if (ifp->if_type != IFT_L2VLAN) 795 return (NULL); 796 797 ifv = ifp->if_softc; 798 ifp = NULL; 799 if (ifv->ifv_trunk) 800 ifp = PARENT(ifv); 801 return (ifp); 802 } 803 804 /* 805 * Return the 12-bit VLAN VID for this interface, for use by external 806 * components such as Infiniband. 807 * 808 * XXXRW: Note that the function name here is historical; it should be named 809 * vlan_vid(). 810 */ 811 static int 812 vlan_tag(struct ifnet *ifp, uint16_t *vidp) 813 { 814 struct ifvlan *ifv; 815 816 if (ifp->if_type != IFT_L2VLAN) 817 return (EINVAL); 818 ifv = ifp->if_softc; 819 *vidp = ifv->ifv_vid; 820 return (0); 821 } 822 823 static int 824 vlan_pcp(struct ifnet *ifp, uint16_t *pcpp) 825 { 826 struct ifvlan *ifv; 827 828 if (ifp->if_type != IFT_L2VLAN) 829 return (EINVAL); 830 ifv = ifp->if_softc; 831 *pcpp = ifv->ifv_pcp; 832 return (0); 833 } 834 835 /* 836 * Return a driver specific cookie for this interface. Synchronization 837 * with setcookie must be provided by the driver. 838 */ 839 static void * 840 vlan_cookie(struct ifnet *ifp) 841 { 842 struct ifvlan *ifv; 843 844 if (ifp->if_type != IFT_L2VLAN) 845 return (NULL); 846 ifv = ifp->if_softc; 847 return (ifv->ifv_cookie); 848 } 849 850 /* 851 * Store a cookie in our softc that drivers can use to store driver 852 * private per-instance data in. 853 */ 854 static int 855 vlan_setcookie(struct ifnet *ifp, void *cookie) 856 { 857 struct ifvlan *ifv; 858 859 if (ifp->if_type != IFT_L2VLAN) 860 return (EINVAL); 861 ifv = ifp->if_softc; 862 ifv->ifv_cookie = cookie; 863 return (0); 864 } 865 866 /* 867 * Return the vlan device present at the specific VID. 868 */ 869 static struct ifnet * 870 vlan_devat(struct ifnet *ifp, uint16_t vid) 871 { 872 struct ifvlantrunk *trunk; 873 struct ifvlan *ifv; 874 875 NET_EPOCH_ASSERT(); 876 877 trunk = ifp->if_vlantrunk; 878 if (trunk == NULL) 879 return (NULL); 880 ifp = NULL; 881 ifv = vlan_gethash(trunk, vid); 882 if (ifv) 883 ifp = ifv->ifv_ifp; 884 return (ifp); 885 } 886 887 /* 888 * VLAN support can be loaded as a module. The only place in the 889 * system that's intimately aware of this is ether_input. We hook 890 * into this code through vlan_input_p which is defined there and 891 * set here. No one else in the system should be aware of this so 892 * we use an explicit reference here. 893 */ 894 extern void (*vlan_input_p)(struct ifnet *, struct mbuf *); 895 896 /* For if_link_state_change() eyes only... */ 897 extern void (*vlan_link_state_p)(struct ifnet *); 898 899 static struct if_clone_addreq vlan_addreq = { 900 .match_f = vlan_clone_match, 901 .create_f = vlan_clone_create, 902 .destroy_f = vlan_clone_destroy, 903 }; 904 905 static int 906 vlan_modevent(module_t mod, int type, void *data) 907 { 908 909 switch (type) { 910 case MOD_LOAD: 911 ifdetach_tag = EVENTHANDLER_REGISTER(ifnet_departure_event, 912 vlan_ifdetach, NULL, EVENTHANDLER_PRI_ANY); 913 if (ifdetach_tag == NULL) 914 return (ENOMEM); 915 iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event, 916 vlan_iflladdr, NULL, EVENTHANDLER_PRI_ANY); 917 if (iflladdr_tag == NULL) 918 return (ENOMEM); 919 ifevent_tag = EVENTHANDLER_REGISTER(ifnet_event, 920 vlan_ifevent, NULL, EVENTHANDLER_PRI_ANY); 921 if (ifevent_tag == NULL) 922 return (ENOMEM); 923 VLAN_LOCKING_INIT(); 924 vlan_input_p = vlan_input; 925 vlan_link_state_p = vlan_link_state; 926 vlan_trunk_cap_p = vlan_trunk_capabilities; 927 vlan_trunkdev_p = vlan_trunkdev; 928 vlan_cookie_p = vlan_cookie; 929 vlan_setcookie_p = vlan_setcookie; 930 vlan_tag_p = vlan_tag; 931 vlan_pcp_p = vlan_pcp; 932 vlan_devat_p = vlan_devat; 933 #ifndef VIMAGE 934 vlan_cloner = ifc_attach_cloner(vlanname, &vlan_addreq); 935 #endif 936 if (bootverbose) 937 printf("vlan: initialized, using " 938 #ifdef VLAN_ARRAY 939 "full-size arrays" 940 #else 941 "hash tables with chaining" 942 #endif 943 944 "\n"); 945 break; 946 case MOD_UNLOAD: 947 #ifndef VIMAGE 948 ifc_detach_cloner(vlan_cloner); 949 #endif 950 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_tag); 951 EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_tag); 952 EVENTHANDLER_DEREGISTER(ifnet_event, ifevent_tag); 953 vlan_input_p = NULL; 954 vlan_link_state_p = NULL; 955 vlan_trunk_cap_p = NULL; 956 vlan_trunkdev_p = NULL; 957 vlan_tag_p = NULL; 958 vlan_cookie_p = NULL; 959 vlan_setcookie_p = NULL; 960 vlan_devat_p = NULL; 961 VLAN_LOCKING_DESTROY(); 962 if (bootverbose) 963 printf("vlan: unloaded\n"); 964 break; 965 default: 966 return (EOPNOTSUPP); 967 } 968 return (0); 969 } 970 971 static moduledata_t vlan_mod = { 972 "if_vlan", 973 vlan_modevent, 974 0 975 }; 976 977 DECLARE_MODULE(if_vlan, vlan_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 978 MODULE_VERSION(if_vlan, 3); 979 980 #ifdef VIMAGE 981 static void 982 vnet_vlan_init(const void *unused __unused) 983 { 984 vlan_cloner = ifc_attach_cloner(vlanname, &vlan_addreq); 985 V_vlan_cloner = vlan_cloner; 986 } 987 VNET_SYSINIT(vnet_vlan_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 988 vnet_vlan_init, NULL); 989 990 static void 991 vnet_vlan_uninit(const void *unused __unused) 992 { 993 994 ifc_detach_cloner(V_vlan_cloner); 995 } 996 VNET_SYSUNINIT(vnet_vlan_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY, 997 vnet_vlan_uninit, NULL); 998 #endif 999 1000 /* 1001 * Check for <etherif>.<vlan>[.<vlan> ...] style interface names. 1002 */ 1003 static struct ifnet * 1004 vlan_clone_match_ethervid(const char *name, int *vidp) 1005 { 1006 char ifname[IFNAMSIZ]; 1007 char *cp; 1008 struct ifnet *ifp; 1009 int vid; 1010 1011 strlcpy(ifname, name, IFNAMSIZ); 1012 if ((cp = strrchr(ifname, '.')) == NULL) 1013 return (NULL); 1014 *cp = '\0'; 1015 if ((ifp = ifunit_ref(ifname)) == NULL) 1016 return (NULL); 1017 /* Parse VID. */ 1018 if (*++cp == '\0') { 1019 if_rele(ifp); 1020 return (NULL); 1021 } 1022 vid = 0; 1023 for(; *cp >= '0' && *cp <= '9'; cp++) 1024 vid = (vid * 10) + (*cp - '0'); 1025 if (*cp != '\0') { 1026 if_rele(ifp); 1027 return (NULL); 1028 } 1029 if (vidp != NULL) 1030 *vidp = vid; 1031 1032 return (ifp); 1033 } 1034 1035 static int 1036 vlan_clone_match(struct if_clone *ifc, const char *name) 1037 { 1038 struct ifnet *ifp; 1039 const char *cp; 1040 1041 ifp = vlan_clone_match_ethervid(name, NULL); 1042 if (ifp != NULL) { 1043 if_rele(ifp); 1044 return (1); 1045 } 1046 1047 if (strncmp(vlanname, name, strlen(vlanname)) != 0) 1048 return (0); 1049 for (cp = name + 4; *cp != '\0'; cp++) { 1050 if (*cp < '0' || *cp > '9') 1051 return (0); 1052 } 1053 1054 return (1); 1055 } 1056 1057 static int 1058 vlan_clone_create(struct if_clone *ifc, char *name, size_t len, 1059 struct ifc_data *ifd, struct ifnet **ifpp) 1060 { 1061 char *dp; 1062 bool wildcard = false; 1063 bool subinterface = false; 1064 int unit; 1065 int error; 1066 int vid = 0; 1067 uint16_t proto = ETHERTYPE_VLAN; 1068 struct ifvlan *ifv; 1069 struct ifnet *ifp; 1070 struct ifnet *p = NULL; 1071 struct ifaddr *ifa; 1072 struct sockaddr_dl *sdl; 1073 struct vlanreq vlr; 1074 static const u_char eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ 1075 1076 1077 /* 1078 * There are three ways to specify the cloned device: 1079 * o pass a parameter block with the clone request. 1080 * o specify parameters in the text of the clone device name 1081 * o specify no parameters and get an unattached device that 1082 * must be configured separately. 1083 * The first technique is preferred; the latter two are supported 1084 * for backwards compatibility. 1085 * 1086 * XXXRW: Note historic use of the word "tag" here. New ioctls may be 1087 * called for. 1088 */ 1089 1090 if (ifd->params != NULL) { 1091 error = ifc_copyin(ifd, &vlr, sizeof(vlr)); 1092 if (error) 1093 return error; 1094 vid = vlr.vlr_tag; 1095 proto = vlr.vlr_proto; 1096 1097 #ifdef COMPAT_FREEBSD12 1098 if (proto == 0) 1099 proto = ETHERTYPE_VLAN; 1100 #endif 1101 p = ifunit_ref(vlr.vlr_parent); 1102 if (p == NULL) 1103 return (ENXIO); 1104 } 1105 1106 if ((error = ifc_name2unit(name, &unit)) == 0) { 1107 1108 /* 1109 * vlanX interface. Set wildcard to true if the unit number 1110 * is not fixed (-1) 1111 */ 1112 wildcard = (unit < 0); 1113 } else { 1114 struct ifnet *p_tmp = vlan_clone_match_ethervid(name, &vid); 1115 if (p_tmp != NULL) { 1116 error = 0; 1117 subinterface = true; 1118 unit = IF_DUNIT_NONE; 1119 wildcard = false; 1120 if (p != NULL) { 1121 if_rele(p_tmp); 1122 if (p != p_tmp) 1123 error = EINVAL; 1124 } else 1125 p = p_tmp; 1126 } else 1127 error = ENXIO; 1128 } 1129 1130 if (error != 0) { 1131 if (p != NULL) 1132 if_rele(p); 1133 return (error); 1134 } 1135 1136 if (!subinterface) { 1137 /* vlanX interface, mark X as busy or allocate new unit # */ 1138 error = ifc_alloc_unit(ifc, &unit); 1139 if (error != 0) { 1140 if (p != NULL) 1141 if_rele(p); 1142 return (error); 1143 } 1144 } 1145 1146 /* In the wildcard case, we need to update the name. */ 1147 if (wildcard) { 1148 for (dp = name; *dp != '\0'; dp++); 1149 if (snprintf(dp, len - (dp-name), "%d", unit) > 1150 len - (dp-name) - 1) { 1151 panic("%s: interface name too long", __func__); 1152 } 1153 } 1154 1155 ifv = malloc(sizeof(struct ifvlan), M_VLAN, M_WAITOK | M_ZERO); 1156 ifp = ifv->ifv_ifp = if_alloc(IFT_ETHER); 1157 if (ifp == NULL) { 1158 if (!subinterface) 1159 ifc_free_unit(ifc, unit); 1160 free(ifv, M_VLAN); 1161 if (p != NULL) 1162 if_rele(p); 1163 return (ENOSPC); 1164 } 1165 CK_SLIST_INIT(&ifv->vlan_mc_listhead); 1166 ifp->if_softc = ifv; 1167 /* 1168 * Set the name manually rather than using if_initname because 1169 * we don't conform to the default naming convention for interfaces. 1170 */ 1171 strlcpy(ifp->if_xname, name, IFNAMSIZ); 1172 ifp->if_dname = vlanname; 1173 ifp->if_dunit = unit; 1174 1175 ifp->if_init = vlan_init; 1176 #ifdef ALTQ 1177 ifp->if_start = vlan_altq_start; 1178 ifp->if_transmit = vlan_altq_transmit; 1179 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 1180 ifp->if_snd.ifq_drv_maxlen = 0; 1181 IFQ_SET_READY(&ifp->if_snd); 1182 #else 1183 ifp->if_transmit = vlan_transmit; 1184 #endif 1185 ifp->if_qflush = vlan_qflush; 1186 ifp->if_ioctl = vlan_ioctl; 1187 #if defined(KERN_TLS) || defined(RATELIMIT) 1188 ifp->if_snd_tag_alloc = vlan_snd_tag_alloc; 1189 ifp->if_ratelimit_query = vlan_ratelimit_query; 1190 #endif 1191 ifp->if_flags = VLAN_IFFLAGS; 1192 ether_ifattach(ifp, eaddr); 1193 /* Now undo some of the damage... */ 1194 ifp->if_baudrate = 0; 1195 ifp->if_type = IFT_L2VLAN; 1196 ifp->if_hdrlen = ETHER_VLAN_ENCAP_LEN; 1197 ifa = ifp->if_addr; 1198 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 1199 sdl->sdl_type = IFT_L2VLAN; 1200 1201 if (p != NULL) { 1202 error = vlan_config(ifv, p, vid, proto); 1203 if_rele(p); 1204 if (error != 0) { 1205 /* 1206 * Since we've partially failed, we need to back 1207 * out all the way, otherwise userland could get 1208 * confused. Thus, we destroy the interface. 1209 */ 1210 ether_ifdetach(ifp); 1211 vlan_unconfig(ifp); 1212 if_free(ifp); 1213 if (!subinterface) 1214 ifc_free_unit(ifc, unit); 1215 free(ifv, M_VLAN); 1216 1217 return (error); 1218 } 1219 } 1220 *ifpp = ifp; 1221 1222 return (0); 1223 } 1224 1225 static int 1226 vlan_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags) 1227 { 1228 struct ifvlan *ifv = ifp->if_softc; 1229 int unit = ifp->if_dunit; 1230 1231 if (ifp->if_vlantrunk) 1232 return (EBUSY); 1233 1234 #ifdef ALTQ 1235 IFQ_PURGE(&ifp->if_snd); 1236 #endif 1237 ether_ifdetach(ifp); /* first, remove it from system-wide lists */ 1238 vlan_unconfig(ifp); /* now it can be unconfigured and freed */ 1239 /* 1240 * We should have the only reference to the ifv now, so we can now 1241 * drain any remaining lladdr task before freeing the ifnet and the 1242 * ifvlan. 1243 */ 1244 taskqueue_drain(taskqueue_thread, &ifv->lladdr_task); 1245 NET_EPOCH_WAIT(); 1246 if_free(ifp); 1247 free(ifv, M_VLAN); 1248 if (unit != IF_DUNIT_NONE) 1249 ifc_free_unit(ifc, unit); 1250 1251 return (0); 1252 } 1253 1254 /* 1255 * The ifp->if_init entry point for vlan(4) is a no-op. 1256 */ 1257 static void 1258 vlan_init(void *foo __unused) 1259 { 1260 } 1261 1262 /* 1263 * The if_transmit method for vlan(4) interface. 1264 */ 1265 static int 1266 vlan_transmit(struct ifnet *ifp, struct mbuf *m) 1267 { 1268 struct ifvlan *ifv; 1269 struct ifnet *p; 1270 int error, len, mcast; 1271 1272 NET_EPOCH_ASSERT(); 1273 1274 ifv = ifp->if_softc; 1275 if (TRUNK(ifv) == NULL) { 1276 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1277 m_freem(m); 1278 return (ENETDOWN); 1279 } 1280 p = PARENT(ifv); 1281 len = m->m_pkthdr.len; 1282 mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1 : 0; 1283 1284 BPF_MTAP(ifp, m); 1285 1286 #if defined(KERN_TLS) || defined(RATELIMIT) 1287 if (m->m_pkthdr.csum_flags & CSUM_SND_TAG) { 1288 struct vlan_snd_tag *vst; 1289 struct m_snd_tag *mst; 1290 1291 MPASS(m->m_pkthdr.snd_tag->ifp == ifp); 1292 mst = m->m_pkthdr.snd_tag; 1293 vst = mst_to_vst(mst); 1294 if (vst->tag->ifp != p) { 1295 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1296 m_freem(m); 1297 return (EAGAIN); 1298 } 1299 1300 m->m_pkthdr.snd_tag = m_snd_tag_ref(vst->tag); 1301 m_snd_tag_rele(mst); 1302 } 1303 #endif 1304 1305 /* 1306 * Do not run parent's if_transmit() if the parent is not up, 1307 * or parent's driver will cause a system crash. 1308 */ 1309 if (!UP_AND_RUNNING(p)) { 1310 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1311 m_freem(m); 1312 return (ENETDOWN); 1313 } 1314 1315 if (!ether_8021q_frame(&m, ifp, p, &ifv->ifv_qtag)) { 1316 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1317 return (0); 1318 } 1319 1320 /* 1321 * Send it, precisely as ether_output() would have. 1322 */ 1323 error = (p->if_transmit)(p, m); 1324 if (error == 0) { 1325 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1326 if_inc_counter(ifp, IFCOUNTER_OBYTES, len); 1327 if_inc_counter(ifp, IFCOUNTER_OMCASTS, mcast); 1328 } else 1329 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1330 return (error); 1331 } 1332 1333 static int 1334 vlan_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 1335 struct route *ro) 1336 { 1337 struct ifvlan *ifv; 1338 struct ifnet *p; 1339 1340 NET_EPOCH_ASSERT(); 1341 1342 /* 1343 * Find the first non-VLAN parent interface. 1344 */ 1345 ifv = ifp->if_softc; 1346 do { 1347 if (TRUNK(ifv) == NULL) { 1348 m_freem(m); 1349 return (ENETDOWN); 1350 } 1351 p = PARENT(ifv); 1352 ifv = p->if_softc; 1353 } while (p->if_type == IFT_L2VLAN); 1354 1355 return p->if_output(ifp, m, dst, ro); 1356 } 1357 1358 #ifdef ALTQ 1359 static void 1360 vlan_altq_start(if_t ifp) 1361 { 1362 struct ifaltq *ifq = &ifp->if_snd; 1363 struct mbuf *m; 1364 1365 IFQ_LOCK(ifq); 1366 IFQ_DEQUEUE_NOLOCK(ifq, m); 1367 while (m != NULL) { 1368 vlan_transmit(ifp, m); 1369 IFQ_DEQUEUE_NOLOCK(ifq, m); 1370 } 1371 IFQ_UNLOCK(ifq); 1372 } 1373 1374 static int 1375 vlan_altq_transmit(if_t ifp, struct mbuf *m) 1376 { 1377 int err; 1378 1379 if (ALTQ_IS_ENABLED(&ifp->if_snd)) { 1380 IFQ_ENQUEUE(&ifp->if_snd, m, err); 1381 if (err == 0) 1382 vlan_altq_start(ifp); 1383 } else 1384 err = vlan_transmit(ifp, m); 1385 1386 return (err); 1387 } 1388 #endif /* ALTQ */ 1389 1390 /* 1391 * The ifp->if_qflush entry point for vlan(4) is a no-op. 1392 */ 1393 static void 1394 vlan_qflush(struct ifnet *ifp __unused) 1395 { 1396 } 1397 1398 static void 1399 vlan_input(struct ifnet *ifp, struct mbuf *m) 1400 { 1401 struct ifvlantrunk *trunk; 1402 struct ifvlan *ifv; 1403 struct m_tag *mtag; 1404 uint16_t vid, tag; 1405 1406 NET_EPOCH_ASSERT(); 1407 1408 trunk = ifp->if_vlantrunk; 1409 if (trunk == NULL) { 1410 m_freem(m); 1411 return; 1412 } 1413 1414 if (m->m_flags & M_VLANTAG) { 1415 /* 1416 * Packet is tagged, but m contains a normal 1417 * Ethernet frame; the tag is stored out-of-band. 1418 */ 1419 tag = m->m_pkthdr.ether_vtag; 1420 m->m_flags &= ~M_VLANTAG; 1421 } else { 1422 struct ether_vlan_header *evl; 1423 1424 /* 1425 * Packet is tagged in-band as specified by 802.1q. 1426 */ 1427 switch (ifp->if_type) { 1428 case IFT_ETHER: 1429 if (m->m_len < sizeof(*evl) && 1430 (m = m_pullup(m, sizeof(*evl))) == NULL) { 1431 if_printf(ifp, "cannot pullup VLAN header\n"); 1432 return; 1433 } 1434 evl = mtod(m, struct ether_vlan_header *); 1435 tag = ntohs(evl->evl_tag); 1436 1437 /* 1438 * Remove the 802.1q header by copying the Ethernet 1439 * addresses over it and adjusting the beginning of 1440 * the data in the mbuf. The encapsulated Ethernet 1441 * type field is already in place. 1442 */ 1443 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN, 1444 ETHER_HDR_LEN - ETHER_TYPE_LEN); 1445 m_adj(m, ETHER_VLAN_ENCAP_LEN); 1446 break; 1447 1448 default: 1449 #ifdef INVARIANTS 1450 panic("%s: %s has unsupported if_type %u", 1451 __func__, ifp->if_xname, ifp->if_type); 1452 #endif 1453 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 1454 m_freem(m); 1455 return; 1456 } 1457 } 1458 1459 vid = EVL_VLANOFTAG(tag); 1460 1461 ifv = vlan_gethash(trunk, vid); 1462 if (ifv == NULL || !UP_AND_RUNNING(ifv->ifv_ifp)) { 1463 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 1464 m_freem(m); 1465 return; 1466 } 1467 1468 if (V_vlan_mtag_pcp) { 1469 /* 1470 * While uncommon, it is possible that we will find a 802.1q 1471 * packet encapsulated inside another packet that also had an 1472 * 802.1q header. For example, ethernet tunneled over IPSEC 1473 * arriving over ethernet. In that case, we replace the 1474 * existing 802.1q PCP m_tag value. 1475 */ 1476 mtag = m_tag_locate(m, MTAG_8021Q, MTAG_8021Q_PCP_IN, NULL); 1477 if (mtag == NULL) { 1478 mtag = m_tag_alloc(MTAG_8021Q, MTAG_8021Q_PCP_IN, 1479 sizeof(uint8_t), M_NOWAIT); 1480 if (mtag == NULL) { 1481 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1482 m_freem(m); 1483 return; 1484 } 1485 m_tag_prepend(m, mtag); 1486 } 1487 *(uint8_t *)(mtag + 1) = EVL_PRIOFTAG(tag); 1488 } 1489 1490 m->m_pkthdr.rcvif = ifv->ifv_ifp; 1491 if_inc_counter(ifv->ifv_ifp, IFCOUNTER_IPACKETS, 1); 1492 1493 /* Pass it back through the parent's input routine. */ 1494 (*ifv->ifv_ifp->if_input)(ifv->ifv_ifp, m); 1495 } 1496 1497 static void 1498 vlan_lladdr_fn(void *arg, int pending __unused) 1499 { 1500 struct ifvlan *ifv; 1501 struct ifnet *ifp; 1502 1503 ifv = (struct ifvlan *)arg; 1504 ifp = ifv->ifv_ifp; 1505 1506 CURVNET_SET(ifp->if_vnet); 1507 1508 /* The ifv_ifp already has the lladdr copied in. */ 1509 if_setlladdr(ifp, IF_LLADDR(ifp), ifp->if_addrlen); 1510 1511 CURVNET_RESTORE(); 1512 } 1513 1514 static int 1515 vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid, 1516 uint16_t proto) 1517 { 1518 struct epoch_tracker et; 1519 struct ifvlantrunk *trunk; 1520 struct ifnet *ifp; 1521 int error = 0; 1522 1523 /* 1524 * We can handle non-ethernet hardware types as long as 1525 * they handle the tagging and headers themselves. 1526 */ 1527 if (p->if_type != IFT_ETHER && 1528 p->if_type != IFT_L2VLAN && 1529 (p->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) 1530 return (EPROTONOSUPPORT); 1531 if ((p->if_flags & VLAN_IFFLAGS) != VLAN_IFFLAGS) 1532 return (EPROTONOSUPPORT); 1533 /* 1534 * Don't let the caller set up a VLAN VID with 1535 * anything except VLID bits. 1536 * VID numbers 0x0 and 0xFFF are reserved. 1537 */ 1538 if (vid == 0 || vid == 0xFFF || (vid & ~EVL_VLID_MASK)) 1539 return (EINVAL); 1540 if (ifv->ifv_trunk) { 1541 trunk = ifv->ifv_trunk; 1542 if (trunk->parent != p) 1543 return (EBUSY); 1544 1545 VLAN_XLOCK(); 1546 1547 ifv->ifv_proto = proto; 1548 1549 if (ifv->ifv_vid != vid) { 1550 /* Re-hash */ 1551 vlan_remhash(trunk, ifv); 1552 ifv->ifv_vid = vid; 1553 error = vlan_inshash(trunk, ifv); 1554 } 1555 /* Will unlock */ 1556 goto done; 1557 } 1558 1559 VLAN_XLOCK(); 1560 if (p->if_vlantrunk == NULL) { 1561 trunk = malloc(sizeof(struct ifvlantrunk), 1562 M_VLAN, M_WAITOK | M_ZERO); 1563 vlan_inithash(trunk); 1564 TRUNK_LOCK_INIT(trunk); 1565 TRUNK_WLOCK(trunk); 1566 p->if_vlantrunk = trunk; 1567 trunk->parent = p; 1568 if_ref(trunk->parent); 1569 TRUNK_WUNLOCK(trunk); 1570 } else { 1571 trunk = p->if_vlantrunk; 1572 } 1573 1574 ifv->ifv_vid = vid; /* must set this before vlan_inshash() */ 1575 ifv->ifv_pcp = 0; /* Default: best effort delivery. */ 1576 error = vlan_inshash(trunk, ifv); 1577 if (error) 1578 goto done; 1579 ifv->ifv_proto = proto; 1580 ifv->ifv_encaplen = ETHER_VLAN_ENCAP_LEN; 1581 ifv->ifv_mintu = ETHERMIN; 1582 ifv->ifv_pflags = 0; 1583 ifv->ifv_capenable = -1; 1584 1585 /* 1586 * If the parent supports the VLAN_MTU capability, 1587 * i.e. can Tx/Rx larger than ETHER_MAX_LEN frames, 1588 * use it. 1589 */ 1590 if (p->if_capenable & IFCAP_VLAN_MTU) { 1591 /* 1592 * No need to fudge the MTU since the parent can 1593 * handle extended frames. 1594 */ 1595 ifv->ifv_mtufudge = 0; 1596 } else { 1597 /* 1598 * Fudge the MTU by the encapsulation size. This 1599 * makes us incompatible with strictly compliant 1600 * 802.1Q implementations, but allows us to use 1601 * the feature with other NetBSD implementations, 1602 * which might still be useful. 1603 */ 1604 ifv->ifv_mtufudge = ifv->ifv_encaplen; 1605 } 1606 1607 ifv->ifv_trunk = trunk; 1608 ifp = ifv->ifv_ifp; 1609 /* 1610 * Initialize fields from our parent. This duplicates some 1611 * work with ether_ifattach() but allows for non-ethernet 1612 * interfaces to also work. 1613 */ 1614 ifp->if_mtu = p->if_mtu - ifv->ifv_mtufudge; 1615 ifp->if_baudrate = p->if_baudrate; 1616 ifp->if_input = p->if_input; 1617 ifp->if_resolvemulti = p->if_resolvemulti; 1618 ifp->if_addrlen = p->if_addrlen; 1619 ifp->if_broadcastaddr = p->if_broadcastaddr; 1620 ifp->if_pcp = ifv->ifv_pcp; 1621 1622 /* 1623 * We wrap the parent's if_output using vlan_output to ensure that it 1624 * can't become stale. 1625 */ 1626 ifp->if_output = vlan_output; 1627 1628 /* 1629 * Copy only a selected subset of flags from the parent. 1630 * Other flags are none of our business. 1631 */ 1632 #define VLAN_COPY_FLAGS (IFF_SIMPLEX) 1633 ifp->if_flags &= ~VLAN_COPY_FLAGS; 1634 ifp->if_flags |= p->if_flags & VLAN_COPY_FLAGS; 1635 #undef VLAN_COPY_FLAGS 1636 1637 ifp->if_link_state = p->if_link_state; 1638 1639 NET_EPOCH_ENTER(et); 1640 vlan_capabilities(ifv); 1641 NET_EPOCH_EXIT(et); 1642 1643 /* 1644 * Set up our interface address to reflect the underlying 1645 * physical interface's. 1646 */ 1647 TASK_INIT(&ifv->lladdr_task, 0, vlan_lladdr_fn, ifv); 1648 ((struct sockaddr_dl *)ifp->if_addr->ifa_addr)->sdl_alen = 1649 p->if_addrlen; 1650 1651 /* 1652 * Do not schedule link address update if it was the same 1653 * as previous parent's. This helps avoid updating for each 1654 * associated llentry. 1655 */ 1656 if (memcmp(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen) != 0) { 1657 bcopy(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen); 1658 taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task); 1659 } 1660 1661 /* We are ready for operation now. */ 1662 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1663 1664 /* Update flags on the parent, if necessary. */ 1665 vlan_setflags(ifp, 1); 1666 1667 /* 1668 * Configure multicast addresses that may already be 1669 * joined on the vlan device. 1670 */ 1671 (void)vlan_setmulti(ifp); 1672 1673 done: 1674 if (error == 0) 1675 EVENTHANDLER_INVOKE(vlan_config, p, ifv->ifv_vid); 1676 VLAN_XUNLOCK(); 1677 1678 return (error); 1679 } 1680 1681 static void 1682 vlan_unconfig(struct ifnet *ifp) 1683 { 1684 1685 VLAN_XLOCK(); 1686 vlan_unconfig_locked(ifp, 0); 1687 VLAN_XUNLOCK(); 1688 } 1689 1690 static void 1691 vlan_unconfig_locked(struct ifnet *ifp, int departing) 1692 { 1693 struct ifvlantrunk *trunk; 1694 struct vlan_mc_entry *mc; 1695 struct ifvlan *ifv; 1696 struct ifnet *parent; 1697 int error; 1698 1699 VLAN_XLOCK_ASSERT(); 1700 1701 ifv = ifp->if_softc; 1702 trunk = ifv->ifv_trunk; 1703 parent = NULL; 1704 1705 if (trunk != NULL) { 1706 parent = trunk->parent; 1707 1708 /* 1709 * Since the interface is being unconfigured, we need to 1710 * empty the list of multicast groups that we may have joined 1711 * while we were alive from the parent's list. 1712 */ 1713 while ((mc = CK_SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) { 1714 /* 1715 * If the parent interface is being detached, 1716 * all its multicast addresses have already 1717 * been removed. Warn about errors if 1718 * if_delmulti() does fail, but don't abort as 1719 * all callers expect vlan destruction to 1720 * succeed. 1721 */ 1722 if (!departing) { 1723 error = if_delmulti(parent, 1724 (struct sockaddr *)&mc->mc_addr); 1725 if (error) 1726 if_printf(ifp, 1727 "Failed to delete multicast address from parent: %d\n", 1728 error); 1729 } 1730 CK_SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries); 1731 NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx); 1732 } 1733 1734 vlan_setflags(ifp, 0); /* clear special flags on parent */ 1735 1736 vlan_remhash(trunk, ifv); 1737 ifv->ifv_trunk = NULL; 1738 1739 /* 1740 * Check if we were the last. 1741 */ 1742 if (trunk->refcnt == 0) { 1743 parent->if_vlantrunk = NULL; 1744 NET_EPOCH_WAIT(); 1745 trunk_destroy(trunk); 1746 } 1747 } 1748 1749 /* Disconnect from parent. */ 1750 if (ifv->ifv_pflags) 1751 if_printf(ifp, "%s: ifv_pflags unclean\n", __func__); 1752 ifp->if_mtu = ETHERMTU; 1753 ifp->if_link_state = LINK_STATE_UNKNOWN; 1754 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1755 1756 /* 1757 * Only dispatch an event if vlan was 1758 * attached, otherwise there is nothing 1759 * to cleanup anyway. 1760 */ 1761 if (parent != NULL) 1762 EVENTHANDLER_INVOKE(vlan_unconfig, parent, ifv->ifv_vid); 1763 } 1764 1765 /* Handle a reference counted flag that should be set on the parent as well */ 1766 static int 1767 vlan_setflag(struct ifnet *ifp, int flag, int status, 1768 int (*func)(struct ifnet *, int)) 1769 { 1770 struct ifvlan *ifv; 1771 int error; 1772 1773 VLAN_SXLOCK_ASSERT(); 1774 1775 ifv = ifp->if_softc; 1776 status = status ? (ifp->if_flags & flag) : 0; 1777 /* Now "status" contains the flag value or 0 */ 1778 1779 /* 1780 * See if recorded parent's status is different from what 1781 * we want it to be. If it is, flip it. We record parent's 1782 * status in ifv_pflags so that we won't clear parent's flag 1783 * we haven't set. In fact, we don't clear or set parent's 1784 * flags directly, but get or release references to them. 1785 * That's why we can be sure that recorded flags still are 1786 * in accord with actual parent's flags. 1787 */ 1788 if (status != (ifv->ifv_pflags & flag)) { 1789 error = (*func)(PARENT(ifv), status); 1790 if (error) 1791 return (error); 1792 ifv->ifv_pflags &= ~flag; 1793 ifv->ifv_pflags |= status; 1794 } 1795 return (0); 1796 } 1797 1798 /* 1799 * Handle IFF_* flags that require certain changes on the parent: 1800 * if "status" is true, update parent's flags respective to our if_flags; 1801 * if "status" is false, forcedly clear the flags set on parent. 1802 */ 1803 static int 1804 vlan_setflags(struct ifnet *ifp, int status) 1805 { 1806 int error, i; 1807 1808 for (i = 0; vlan_pflags[i].flag; i++) { 1809 error = vlan_setflag(ifp, vlan_pflags[i].flag, 1810 status, vlan_pflags[i].func); 1811 if (error) 1812 return (error); 1813 } 1814 return (0); 1815 } 1816 1817 /* Inform all vlans that their parent has changed link state */ 1818 static void 1819 vlan_link_state(struct ifnet *ifp) 1820 { 1821 struct epoch_tracker et; 1822 struct ifvlantrunk *trunk; 1823 struct ifvlan *ifv; 1824 1825 NET_EPOCH_ENTER(et); 1826 trunk = ifp->if_vlantrunk; 1827 if (trunk == NULL) { 1828 NET_EPOCH_EXIT(et); 1829 return; 1830 } 1831 1832 TRUNK_WLOCK(trunk); 1833 VLAN_FOREACH(ifv, trunk) { 1834 ifv->ifv_ifp->if_baudrate = trunk->parent->if_baudrate; 1835 if_link_state_change(ifv->ifv_ifp, 1836 trunk->parent->if_link_state); 1837 } 1838 TRUNK_WUNLOCK(trunk); 1839 NET_EPOCH_EXIT(et); 1840 } 1841 1842 static void 1843 vlan_capabilities(struct ifvlan *ifv) 1844 { 1845 struct ifnet *p; 1846 struct ifnet *ifp; 1847 struct ifnet_hw_tsomax hw_tsomax; 1848 int cap = 0, ena = 0, mena; 1849 u_long hwa = 0; 1850 1851 NET_EPOCH_ASSERT(); 1852 VLAN_SXLOCK_ASSERT(); 1853 1854 p = PARENT(ifv); 1855 ifp = ifv->ifv_ifp; 1856 1857 /* Mask parent interface enabled capabilities disabled by user. */ 1858 mena = p->if_capenable & ifv->ifv_capenable; 1859 1860 /* 1861 * If the parent interface can do checksum offloading 1862 * on VLANs, then propagate its hardware-assisted 1863 * checksumming flags. Also assert that checksum 1864 * offloading requires hardware VLAN tagging. 1865 */ 1866 if (p->if_capabilities & IFCAP_VLAN_HWCSUM) 1867 cap |= p->if_capabilities & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6); 1868 if (p->if_capenable & IFCAP_VLAN_HWCSUM && 1869 p->if_capenable & IFCAP_VLAN_HWTAGGING) { 1870 ena |= mena & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6); 1871 if (ena & IFCAP_TXCSUM) 1872 hwa |= p->if_hwassist & (CSUM_IP | CSUM_TCP | 1873 CSUM_UDP | CSUM_SCTP); 1874 if (ena & IFCAP_TXCSUM_IPV6) 1875 hwa |= p->if_hwassist & (CSUM_TCP_IPV6 | 1876 CSUM_UDP_IPV6 | CSUM_SCTP_IPV6); 1877 } 1878 1879 /* 1880 * If the parent interface can do TSO on VLANs then 1881 * propagate the hardware-assisted flag. TSO on VLANs 1882 * does not necessarily require hardware VLAN tagging. 1883 */ 1884 memset(&hw_tsomax, 0, sizeof(hw_tsomax)); 1885 if_hw_tsomax_common(p, &hw_tsomax); 1886 if_hw_tsomax_update(ifp, &hw_tsomax); 1887 if (p->if_capabilities & IFCAP_VLAN_HWTSO) 1888 cap |= p->if_capabilities & IFCAP_TSO; 1889 if (p->if_capenable & IFCAP_VLAN_HWTSO) { 1890 ena |= mena & IFCAP_TSO; 1891 if (ena & IFCAP_TSO) 1892 hwa |= p->if_hwassist & CSUM_TSO; 1893 } 1894 1895 /* 1896 * If the parent interface can do LRO and checksum offloading on 1897 * VLANs, then guess it may do LRO on VLANs. False positive here 1898 * cost nothing, while false negative may lead to some confusions. 1899 */ 1900 if (p->if_capabilities & IFCAP_VLAN_HWCSUM) 1901 cap |= p->if_capabilities & IFCAP_LRO; 1902 if (p->if_capenable & IFCAP_VLAN_HWCSUM) 1903 ena |= p->if_capenable & IFCAP_LRO; 1904 1905 /* 1906 * If the parent interface can offload TCP connections over VLANs then 1907 * propagate its TOE capability to the VLAN interface. 1908 * 1909 * All TOE drivers in the tree today can deal with VLANs. If this 1910 * changes then IFCAP_VLAN_TOE should be promoted to a full capability 1911 * with its own bit. 1912 */ 1913 #define IFCAP_VLAN_TOE IFCAP_TOE 1914 if (p->if_capabilities & IFCAP_VLAN_TOE) 1915 cap |= p->if_capabilities & IFCAP_TOE; 1916 if (p->if_capenable & IFCAP_VLAN_TOE) { 1917 SETTOEDEV(ifp, TOEDEV(p)); 1918 ena |= mena & IFCAP_TOE; 1919 } 1920 1921 /* 1922 * If the parent interface supports dynamic link state, so does the 1923 * VLAN interface. 1924 */ 1925 cap |= (p->if_capabilities & IFCAP_LINKSTATE); 1926 ena |= (mena & IFCAP_LINKSTATE); 1927 1928 #ifdef RATELIMIT 1929 /* 1930 * If the parent interface supports ratelimiting, so does the 1931 * VLAN interface. 1932 */ 1933 cap |= (p->if_capabilities & IFCAP_TXRTLMT); 1934 ena |= (mena & IFCAP_TXRTLMT); 1935 #endif 1936 1937 /* 1938 * If the parent interface supports unmapped mbufs, so does 1939 * the VLAN interface. Note that this should be fine even for 1940 * interfaces that don't support hardware tagging as headers 1941 * are prepended in normal mbufs to unmapped mbufs holding 1942 * payload data. 1943 */ 1944 cap |= (p->if_capabilities & IFCAP_MEXTPG); 1945 ena |= (mena & IFCAP_MEXTPG); 1946 1947 /* 1948 * If the parent interface can offload encryption and segmentation 1949 * of TLS records over TCP, propagate it's capability to the VLAN 1950 * interface. 1951 * 1952 * All TLS drivers in the tree today can deal with VLANs. If 1953 * this ever changes, then a new IFCAP_VLAN_TXTLS can be 1954 * defined. 1955 */ 1956 if (p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT)) 1957 cap |= p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT); 1958 if (p->if_capenable & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT)) 1959 ena |= mena & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT); 1960 1961 ifp->if_capabilities = cap; 1962 ifp->if_capenable = ena; 1963 ifp->if_hwassist = hwa; 1964 } 1965 1966 static void 1967 vlan_trunk_capabilities(struct ifnet *ifp) 1968 { 1969 struct epoch_tracker et; 1970 struct ifvlantrunk *trunk; 1971 struct ifvlan *ifv; 1972 1973 VLAN_SLOCK(); 1974 trunk = ifp->if_vlantrunk; 1975 if (trunk == NULL) { 1976 VLAN_SUNLOCK(); 1977 return; 1978 } 1979 NET_EPOCH_ENTER(et); 1980 VLAN_FOREACH(ifv, trunk) 1981 vlan_capabilities(ifv); 1982 NET_EPOCH_EXIT(et); 1983 VLAN_SUNLOCK(); 1984 } 1985 1986 static int 1987 vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1988 { 1989 struct ifnet *p; 1990 struct ifreq *ifr; 1991 #ifdef INET 1992 struct ifaddr *ifa; 1993 #endif 1994 struct ifvlan *ifv; 1995 struct ifvlantrunk *trunk; 1996 struct vlanreq vlr; 1997 int error = 0, oldmtu; 1998 1999 ifr = (struct ifreq *)data; 2000 #ifdef INET 2001 ifa = (struct ifaddr *) data; 2002 #endif 2003 ifv = ifp->if_softc; 2004 2005 switch (cmd) { 2006 case SIOCSIFADDR: 2007 ifp->if_flags |= IFF_UP; 2008 #ifdef INET 2009 if (ifa->ifa_addr->sa_family == AF_INET) 2010 arp_ifinit(ifp, ifa); 2011 #endif 2012 break; 2013 case SIOCGIFADDR: 2014 bcopy(IF_LLADDR(ifp), &ifr->ifr_addr.sa_data[0], 2015 ifp->if_addrlen); 2016 break; 2017 case SIOCGIFMEDIA: 2018 VLAN_SLOCK(); 2019 if (TRUNK(ifv) != NULL) { 2020 p = PARENT(ifv); 2021 if_ref(p); 2022 error = (*p->if_ioctl)(p, SIOCGIFMEDIA, data); 2023 if_rele(p); 2024 /* Limit the result to the parent's current config. */ 2025 if (error == 0) { 2026 struct ifmediareq *ifmr; 2027 2028 ifmr = (struct ifmediareq *)data; 2029 if (ifmr->ifm_count >= 1 && ifmr->ifm_ulist) { 2030 ifmr->ifm_count = 1; 2031 error = copyout(&ifmr->ifm_current, 2032 ifmr->ifm_ulist, 2033 sizeof(int)); 2034 } 2035 } 2036 } else { 2037 error = EINVAL; 2038 } 2039 VLAN_SUNLOCK(); 2040 break; 2041 2042 case SIOCSIFMEDIA: 2043 error = EINVAL; 2044 break; 2045 2046 case SIOCSIFMTU: 2047 /* 2048 * Set the interface MTU. 2049 */ 2050 VLAN_SLOCK(); 2051 trunk = TRUNK(ifv); 2052 if (trunk != NULL) { 2053 TRUNK_WLOCK(trunk); 2054 if (ifr->ifr_mtu > 2055 (PARENT(ifv)->if_mtu - ifv->ifv_mtufudge) || 2056 ifr->ifr_mtu < 2057 (ifv->ifv_mintu - ifv->ifv_mtufudge)) 2058 error = EINVAL; 2059 else 2060 ifp->if_mtu = ifr->ifr_mtu; 2061 TRUNK_WUNLOCK(trunk); 2062 } else 2063 error = EINVAL; 2064 VLAN_SUNLOCK(); 2065 break; 2066 2067 case SIOCSETVLAN: 2068 #ifdef VIMAGE 2069 /* 2070 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN 2071 * interface to be delegated to a jail without allowing the 2072 * jail to change what underlying interface/VID it is 2073 * associated with. We are not entirely convinced that this 2074 * is the right way to accomplish that policy goal. 2075 */ 2076 if (ifp->if_vnet != ifp->if_home_vnet) { 2077 error = EPERM; 2078 break; 2079 } 2080 #endif 2081 error = copyin(ifr_data_get_ptr(ifr), &vlr, sizeof(vlr)); 2082 if (error) 2083 break; 2084 if (vlr.vlr_parent[0] == '\0') { 2085 vlan_unconfig(ifp); 2086 break; 2087 } 2088 p = ifunit_ref(vlr.vlr_parent); 2089 if (p == NULL) { 2090 error = ENOENT; 2091 break; 2092 } 2093 #ifdef COMPAT_FREEBSD12 2094 if (vlr.vlr_proto == 0) 2095 vlr.vlr_proto = ETHERTYPE_VLAN; 2096 #endif 2097 oldmtu = ifp->if_mtu; 2098 error = vlan_config(ifv, p, vlr.vlr_tag, vlr.vlr_proto); 2099 if_rele(p); 2100 2101 /* 2102 * VLAN MTU may change during addition of the vlandev. 2103 * If it did, do network layer specific procedure. 2104 */ 2105 if (ifp->if_mtu != oldmtu) 2106 if_notifymtu(ifp); 2107 break; 2108 2109 case SIOCGETVLAN: 2110 #ifdef VIMAGE 2111 if (ifp->if_vnet != ifp->if_home_vnet) { 2112 error = EPERM; 2113 break; 2114 } 2115 #endif 2116 bzero(&vlr, sizeof(vlr)); 2117 VLAN_SLOCK(); 2118 if (TRUNK(ifv) != NULL) { 2119 strlcpy(vlr.vlr_parent, PARENT(ifv)->if_xname, 2120 sizeof(vlr.vlr_parent)); 2121 vlr.vlr_tag = ifv->ifv_vid; 2122 vlr.vlr_proto = ifv->ifv_proto; 2123 } 2124 VLAN_SUNLOCK(); 2125 error = copyout(&vlr, ifr_data_get_ptr(ifr), sizeof(vlr)); 2126 break; 2127 2128 case SIOCSIFFLAGS: 2129 /* 2130 * We should propagate selected flags to the parent, 2131 * e.g., promiscuous mode. 2132 */ 2133 VLAN_XLOCK(); 2134 if (TRUNK(ifv) != NULL) 2135 error = vlan_setflags(ifp, 1); 2136 VLAN_XUNLOCK(); 2137 break; 2138 2139 case SIOCADDMULTI: 2140 case SIOCDELMULTI: 2141 /* 2142 * If we don't have a parent, just remember the membership for 2143 * when we do. 2144 * 2145 * XXX We need the rmlock here to avoid sleeping while 2146 * holding in6_multi_mtx. 2147 */ 2148 VLAN_XLOCK(); 2149 trunk = TRUNK(ifv); 2150 if (trunk != NULL) 2151 error = vlan_setmulti(ifp); 2152 VLAN_XUNLOCK(); 2153 2154 break; 2155 case SIOCGVLANPCP: 2156 #ifdef VIMAGE 2157 if (ifp->if_vnet != ifp->if_home_vnet) { 2158 error = EPERM; 2159 break; 2160 } 2161 #endif 2162 ifr->ifr_vlan_pcp = ifv->ifv_pcp; 2163 break; 2164 2165 case SIOCSVLANPCP: 2166 #ifdef VIMAGE 2167 if (ifp->if_vnet != ifp->if_home_vnet) { 2168 error = EPERM; 2169 break; 2170 } 2171 #endif 2172 error = priv_check(curthread, PRIV_NET_SETVLANPCP); 2173 if (error) 2174 break; 2175 if (ifr->ifr_vlan_pcp > VLAN_PCP_MAX) { 2176 error = EINVAL; 2177 break; 2178 } 2179 ifv->ifv_pcp = ifr->ifr_vlan_pcp; 2180 ifp->if_pcp = ifv->ifv_pcp; 2181 /* broadcast event about PCP change */ 2182 EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_PCP); 2183 break; 2184 2185 case SIOCSIFCAP: 2186 VLAN_SLOCK(); 2187 ifv->ifv_capenable = ifr->ifr_reqcap; 2188 trunk = TRUNK(ifv); 2189 if (trunk != NULL) { 2190 struct epoch_tracker et; 2191 2192 NET_EPOCH_ENTER(et); 2193 vlan_capabilities(ifv); 2194 NET_EPOCH_EXIT(et); 2195 } 2196 VLAN_SUNLOCK(); 2197 break; 2198 2199 default: 2200 error = EINVAL; 2201 break; 2202 } 2203 2204 return (error); 2205 } 2206 2207 #if defined(KERN_TLS) || defined(RATELIMIT) 2208 static int 2209 vlan_snd_tag_alloc(struct ifnet *ifp, 2210 union if_snd_tag_alloc_params *params, 2211 struct m_snd_tag **ppmt) 2212 { 2213 struct epoch_tracker et; 2214 const struct if_snd_tag_sw *sw; 2215 struct vlan_snd_tag *vst; 2216 struct ifvlan *ifv; 2217 struct ifnet *parent; 2218 struct m_snd_tag *mst; 2219 int error; 2220 2221 NET_EPOCH_ENTER(et); 2222 ifv = ifp->if_softc; 2223 2224 switch (params->hdr.type) { 2225 #ifdef RATELIMIT 2226 case IF_SND_TAG_TYPE_UNLIMITED: 2227 sw = &vlan_snd_tag_ul_sw; 2228 break; 2229 case IF_SND_TAG_TYPE_RATE_LIMIT: 2230 sw = &vlan_snd_tag_rl_sw; 2231 break; 2232 #endif 2233 #ifdef KERN_TLS 2234 case IF_SND_TAG_TYPE_TLS: 2235 sw = &vlan_snd_tag_tls_sw; 2236 break; 2237 case IF_SND_TAG_TYPE_TLS_RX: 2238 sw = NULL; 2239 if (params->tls_rx.vlan_id != 0) 2240 goto failure; 2241 params->tls_rx.vlan_id = ifv->ifv_vid; 2242 break; 2243 #ifdef RATELIMIT 2244 case IF_SND_TAG_TYPE_TLS_RATE_LIMIT: 2245 sw = &vlan_snd_tag_tls_rl_sw; 2246 break; 2247 #endif 2248 #endif 2249 default: 2250 goto failure; 2251 } 2252 2253 if (ifv->ifv_trunk != NULL) 2254 parent = PARENT(ifv); 2255 else 2256 parent = NULL; 2257 if (parent == NULL) 2258 goto failure; 2259 if_ref(parent); 2260 NET_EPOCH_EXIT(et); 2261 2262 if (sw != NULL) { 2263 vst = malloc(sizeof(*vst), M_VLAN, M_NOWAIT); 2264 if (vst == NULL) { 2265 if_rele(parent); 2266 return (ENOMEM); 2267 } 2268 } else 2269 vst = NULL; 2270 2271 error = m_snd_tag_alloc(parent, params, &mst); 2272 if_rele(parent); 2273 if (error) { 2274 free(vst, M_VLAN); 2275 return (error); 2276 } 2277 2278 if (sw != NULL) { 2279 m_snd_tag_init(&vst->com, ifp, sw); 2280 vst->tag = mst; 2281 2282 *ppmt = &vst->com; 2283 } else 2284 *ppmt = mst; 2285 2286 return (0); 2287 failure: 2288 NET_EPOCH_EXIT(et); 2289 return (EOPNOTSUPP); 2290 } 2291 2292 static struct m_snd_tag * 2293 vlan_next_snd_tag(struct m_snd_tag *mst) 2294 { 2295 struct vlan_snd_tag *vst; 2296 2297 vst = mst_to_vst(mst); 2298 return (vst->tag); 2299 } 2300 2301 static int 2302 vlan_snd_tag_modify(struct m_snd_tag *mst, 2303 union if_snd_tag_modify_params *params) 2304 { 2305 struct vlan_snd_tag *vst; 2306 2307 vst = mst_to_vst(mst); 2308 return (vst->tag->sw->snd_tag_modify(vst->tag, params)); 2309 } 2310 2311 static int 2312 vlan_snd_tag_query(struct m_snd_tag *mst, 2313 union if_snd_tag_query_params *params) 2314 { 2315 struct vlan_snd_tag *vst; 2316 2317 vst = mst_to_vst(mst); 2318 return (vst->tag->sw->snd_tag_query(vst->tag, params)); 2319 } 2320 2321 static void 2322 vlan_snd_tag_free(struct m_snd_tag *mst) 2323 { 2324 struct vlan_snd_tag *vst; 2325 2326 vst = mst_to_vst(mst); 2327 m_snd_tag_rele(vst->tag); 2328 free(vst, M_VLAN); 2329 } 2330 2331 static void 2332 vlan_ratelimit_query(struct ifnet *ifp __unused, struct if_ratelimit_query_results *q) 2333 { 2334 /* 2335 * For vlan, we have an indirect 2336 * interface. The caller needs to 2337 * get a ratelimit tag on the actual 2338 * interface the flow will go on. 2339 */ 2340 q->rate_table = NULL; 2341 q->flags = RT_IS_INDIRECT; 2342 q->max_flows = 0; 2343 q->number_of_rates = 0; 2344 } 2345 2346 #endif 2347