1 /*- 2 * Copyright 1998 Massachusetts Institute of Technology 3 * Copyright 2012 ADARA Networks, Inc. 4 * Copyright 2017 Dell EMC Isilon 5 * 6 * Portions of this software were developed by Robert N. M. Watson under 7 * contract to ADARA Networks, Inc. 8 * 9 * Permission to use, copy, modify, and distribute this software and 10 * its documentation for any purpose and without fee is hereby 11 * granted, provided that both the above copyright notice and this 12 * permission notice appear in all copies, that both the above 13 * copyright notice and this permission notice appear in all 14 * supporting documentation, and that the name of M.I.T. not be used 15 * in advertising or publicity pertaining to distribution of the 16 * software without specific, written prior permission. M.I.T. makes 17 * no representations about the suitability of this software for any 18 * purpose. It is provided "as is" without express or implied 19 * warranty. 20 * 21 * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''. M.I.T. DISCLAIMS 22 * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE, 23 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT 25 * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 28 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. 37 * This is sort of sneaky in the implementation, since 38 * we need to pretend to be enough of an Ethernet implementation 39 * to make arp work. The way we do this is by telling everyone 40 * that we are an Ethernet, and then catch the packets that 41 * ether_output() sends to us via if_transmit(), rewrite them for 42 * use by the real outgoing interface, and ask it to send them. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include "opt_inet.h" 49 #include "opt_inet6.h" 50 #include "opt_kern_tls.h" 51 #include "opt_vlan.h" 52 #include "opt_ratelimit.h" 53 54 #include <sys/param.h> 55 #include <sys/eventhandler.h> 56 #include <sys/kernel.h> 57 #include <sys/lock.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/module.h> 61 #include <sys/rmlock.h> 62 #include <sys/priv.h> 63 #include <sys/queue.h> 64 #include <sys/socket.h> 65 #include <sys/sockio.h> 66 #include <sys/sysctl.h> 67 #include <sys/systm.h> 68 #include <sys/sx.h> 69 #include <sys/taskqueue.h> 70 71 #include <net/bpf.h> 72 #include <net/ethernet.h> 73 #include <net/if.h> 74 #include <net/if_var.h> 75 #include <net/if_clone.h> 76 #include <net/if_dl.h> 77 #include <net/if_types.h> 78 #include <net/if_vlan_var.h> 79 #include <net/route.h> 80 #include <net/vnet.h> 81 82 #ifdef INET 83 #include <netinet/in.h> 84 #include <netinet/if_ether.h> 85 #endif 86 87 #ifdef INET6 88 /* 89 * XXX: declare here to avoid to include many inet6 related files.. 90 * should be more generalized? 91 */ 92 extern void nd6_setmtu(struct ifnet *); 93 #endif 94 95 #define VLAN_DEF_HWIDTH 4 96 #define VLAN_IFFLAGS (IFF_BROADCAST | IFF_MULTICAST) 97 98 #define UP_AND_RUNNING(ifp) \ 99 ((ifp)->if_flags & IFF_UP && (ifp)->if_drv_flags & IFF_DRV_RUNNING) 100 101 CK_SLIST_HEAD(ifvlanhead, ifvlan); 102 103 struct ifvlantrunk { 104 struct ifnet *parent; /* parent interface of this trunk */ 105 struct mtx lock; 106 #ifdef VLAN_ARRAY 107 #define VLAN_ARRAY_SIZE (EVL_VLID_MASK + 1) 108 struct ifvlan *vlans[VLAN_ARRAY_SIZE]; /* static table */ 109 #else 110 struct ifvlanhead *hash; /* dynamic hash-list table */ 111 uint16_t hmask; 112 uint16_t hwidth; 113 #endif 114 int refcnt; 115 }; 116 117 #if defined(KERN_TLS) || defined(RATELIMIT) 118 struct vlan_snd_tag { 119 struct m_snd_tag com; 120 struct m_snd_tag *tag; 121 }; 122 123 static inline struct vlan_snd_tag * 124 mst_to_vst(struct m_snd_tag *mst) 125 { 126 127 return (__containerof(mst, struct vlan_snd_tag, com)); 128 } 129 #endif 130 131 /* 132 * This macro provides a facility to iterate over every vlan on a trunk with 133 * the assumption that none will be added/removed during iteration. 134 */ 135 #ifdef VLAN_ARRAY 136 #define VLAN_FOREACH(_ifv, _trunk) \ 137 size_t _i; \ 138 for (_i = 0; _i < VLAN_ARRAY_SIZE; _i++) \ 139 if (((_ifv) = (_trunk)->vlans[_i]) != NULL) 140 #else /* VLAN_ARRAY */ 141 #define VLAN_FOREACH(_ifv, _trunk) \ 142 struct ifvlan *_next; \ 143 size_t _i; \ 144 for (_i = 0; _i < (1 << (_trunk)->hwidth); _i++) \ 145 CK_SLIST_FOREACH_SAFE((_ifv), &(_trunk)->hash[_i], ifv_list, _next) 146 #endif /* VLAN_ARRAY */ 147 148 /* 149 * This macro provides a facility to iterate over every vlan on a trunk while 150 * also modifying the number of vlans on the trunk. The iteration continues 151 * until some condition is met or there are no more vlans on the trunk. 152 */ 153 #ifdef VLAN_ARRAY 154 /* The VLAN_ARRAY case is simple -- just a for loop using the condition. */ 155 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \ 156 size_t _i; \ 157 for (_i = 0; !(_cond) && _i < VLAN_ARRAY_SIZE; _i++) \ 158 if (((_ifv) = (_trunk)->vlans[_i])) 159 #else /* VLAN_ARRAY */ 160 /* 161 * The hash table case is more complicated. We allow for the hash table to be 162 * modified (i.e. vlans removed) while we are iterating over it. To allow for 163 * this we must restart the iteration every time we "touch" something during 164 * the iteration, since removal will resize the hash table and invalidate our 165 * current position. If acting on the touched element causes the trunk to be 166 * emptied, then iteration also stops. 167 */ 168 #define VLAN_FOREACH_UNTIL_SAFE(_ifv, _trunk, _cond) \ 169 size_t _i; \ 170 bool _touch = false; \ 171 for (_i = 0; \ 172 !(_cond) && _i < (1 << (_trunk)->hwidth); \ 173 _i = (_touch && ((_trunk) != NULL) ? 0 : _i + 1), _touch = false) \ 174 if (((_ifv) = CK_SLIST_FIRST(&(_trunk)->hash[_i])) != NULL && \ 175 (_touch = true)) 176 #endif /* VLAN_ARRAY */ 177 178 struct vlan_mc_entry { 179 struct sockaddr_dl mc_addr; 180 CK_SLIST_ENTRY(vlan_mc_entry) mc_entries; 181 struct epoch_context mc_epoch_ctx; 182 }; 183 184 struct ifvlan { 185 struct ifvlantrunk *ifv_trunk; 186 struct ifnet *ifv_ifp; 187 #define TRUNK(ifv) ((ifv)->ifv_trunk) 188 #define PARENT(ifv) (TRUNK(ifv)->parent) 189 void *ifv_cookie; 190 int ifv_pflags; /* special flags we have set on parent */ 191 int ifv_capenable; 192 int ifv_encaplen; /* encapsulation length */ 193 int ifv_mtufudge; /* MTU fudged by this much */ 194 int ifv_mintu; /* min transmission unit */ 195 struct ether_8021q_tag ifv_qtag; 196 #define ifv_proto ifv_qtag.proto 197 #define ifv_vid ifv_qtag.vid 198 #define ifv_pcp ifv_qtag.pcp 199 struct task lladdr_task; 200 CK_SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead; 201 #ifndef VLAN_ARRAY 202 CK_SLIST_ENTRY(ifvlan) ifv_list; 203 #endif 204 }; 205 206 /* Special flags we should propagate to parent. */ 207 static struct { 208 int flag; 209 int (*func)(struct ifnet *, int); 210 } vlan_pflags[] = { 211 {IFF_PROMISC, ifpromisc}, 212 {IFF_ALLMULTI, if_allmulti}, 213 {0, NULL} 214 }; 215 216 VNET_DECLARE(int, vlan_mtag_pcp); 217 #define V_vlan_mtag_pcp VNET(vlan_mtag_pcp) 218 219 static const char vlanname[] = "vlan"; 220 static MALLOC_DEFINE(M_VLAN, vlanname, "802.1Q Virtual LAN Interface"); 221 222 static eventhandler_tag ifdetach_tag; 223 static eventhandler_tag iflladdr_tag; 224 225 /* 226 * if_vlan uses two module-level synchronizations primitives to allow concurrent 227 * modification of vlan interfaces and (mostly) allow for vlans to be destroyed 228 * while they are being used for tx/rx. To accomplish this in a way that has 229 * acceptable performance and cooperation with other parts of the network stack 230 * there is a non-sleepable epoch(9) and an sx(9). 231 * 232 * The performance-sensitive paths that warrant using the epoch(9) are 233 * vlan_transmit and vlan_input. Both have to check for the vlan interface's 234 * existence using if_vlantrunk, and being in the network tx/rx paths the use 235 * of an epoch(9) gives a measureable improvement in performance. 236 * 237 * The reason for having an sx(9) is mostly because there are still areas that 238 * must be sleepable and also have safe concurrent access to a vlan interface. 239 * Since the sx(9) exists, it is used by default in most paths unless sleeping 240 * is not permitted, or if it is not clear whether sleeping is permitted. 241 * 242 */ 243 #define _VLAN_SX_ID ifv_sx 244 245 static struct sx _VLAN_SX_ID; 246 247 #define VLAN_LOCKING_INIT() \ 248 sx_init_flags(&_VLAN_SX_ID, "vlan_sx", SX_RECURSE) 249 250 #define VLAN_LOCKING_DESTROY() \ 251 sx_destroy(&_VLAN_SX_ID) 252 253 #define VLAN_SLOCK() sx_slock(&_VLAN_SX_ID) 254 #define VLAN_SUNLOCK() sx_sunlock(&_VLAN_SX_ID) 255 #define VLAN_XLOCK() sx_xlock(&_VLAN_SX_ID) 256 #define VLAN_XUNLOCK() sx_xunlock(&_VLAN_SX_ID) 257 #define VLAN_SLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_SLOCKED) 258 #define VLAN_XLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_XLOCKED) 259 #define VLAN_SXLOCK_ASSERT() sx_assert(&_VLAN_SX_ID, SA_LOCKED) 260 261 /* 262 * We also have a per-trunk mutex that should be acquired when changing 263 * its state. 264 */ 265 #define TRUNK_LOCK_INIT(trunk) mtx_init(&(trunk)->lock, vlanname, NULL, MTX_DEF) 266 #define TRUNK_LOCK_DESTROY(trunk) mtx_destroy(&(trunk)->lock) 267 #define TRUNK_WLOCK(trunk) mtx_lock(&(trunk)->lock) 268 #define TRUNK_WUNLOCK(trunk) mtx_unlock(&(trunk)->lock) 269 #define TRUNK_WLOCK_ASSERT(trunk) mtx_assert(&(trunk)->lock, MA_OWNED); 270 271 /* 272 * The VLAN_ARRAY substitutes the dynamic hash with a static array 273 * with 4096 entries. In theory this can give a boost in processing, 274 * however in practice it does not. Probably this is because the array 275 * is too big to fit into CPU cache. 276 */ 277 #ifndef VLAN_ARRAY 278 static void vlan_inithash(struct ifvlantrunk *trunk); 279 static void vlan_freehash(struct ifvlantrunk *trunk); 280 static int vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv); 281 static int vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv); 282 static void vlan_growhash(struct ifvlantrunk *trunk, int howmuch); 283 static __inline struct ifvlan * vlan_gethash(struct ifvlantrunk *trunk, 284 uint16_t vid); 285 #endif 286 static void trunk_destroy(struct ifvlantrunk *trunk); 287 288 static void vlan_init(void *foo); 289 static void vlan_input(struct ifnet *ifp, struct mbuf *m); 290 static int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr); 291 #if defined(KERN_TLS) || defined(RATELIMIT) 292 static int vlan_snd_tag_alloc(struct ifnet *, 293 union if_snd_tag_alloc_params *, struct m_snd_tag **); 294 static int vlan_snd_tag_modify(struct m_snd_tag *, 295 union if_snd_tag_modify_params *); 296 static int vlan_snd_tag_query(struct m_snd_tag *, 297 union if_snd_tag_query_params *); 298 static void vlan_snd_tag_free(struct m_snd_tag *); 299 static struct m_snd_tag *vlan_next_snd_tag(struct m_snd_tag *); 300 static void vlan_ratelimit_query(struct ifnet *, 301 struct if_ratelimit_query_results *); 302 #endif 303 static void vlan_qflush(struct ifnet *ifp); 304 static int vlan_setflag(struct ifnet *ifp, int flag, int status, 305 int (*func)(struct ifnet *, int)); 306 static int vlan_setflags(struct ifnet *ifp, int status); 307 static int vlan_setmulti(struct ifnet *ifp); 308 static int vlan_transmit(struct ifnet *ifp, struct mbuf *m); 309 #ifdef ALTQ 310 static void vlan_altq_start(struct ifnet *ifp); 311 static int vlan_altq_transmit(struct ifnet *ifp, struct mbuf *m); 312 #endif 313 static int vlan_output(struct ifnet *ifp, struct mbuf *m, 314 const struct sockaddr *dst, struct route *ro); 315 static void vlan_unconfig(struct ifnet *ifp); 316 static void vlan_unconfig_locked(struct ifnet *ifp, int departing); 317 static int vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t tag, 318 uint16_t proto); 319 static void vlan_link_state(struct ifnet *ifp); 320 static void vlan_capabilities(struct ifvlan *ifv); 321 static void vlan_trunk_capabilities(struct ifnet *ifp); 322 323 static struct ifnet *vlan_clone_match_ethervid(const char *, int *); 324 static int vlan_clone_match(struct if_clone *, const char *); 325 static int vlan_clone_create(struct if_clone *, char *, size_t, caddr_t); 326 static int vlan_clone_destroy(struct if_clone *, struct ifnet *); 327 328 static void vlan_ifdetach(void *arg, struct ifnet *ifp); 329 static void vlan_iflladdr(void *arg, struct ifnet *ifp); 330 331 static void vlan_lladdr_fn(void *arg, int pending); 332 333 static struct if_clone *vlan_cloner; 334 335 #ifdef VIMAGE 336 VNET_DEFINE_STATIC(struct if_clone *, vlan_cloner); 337 #define V_vlan_cloner VNET(vlan_cloner) 338 #endif 339 340 #ifdef RATELIMIT 341 static const struct if_snd_tag_sw vlan_snd_tag_ul_sw = { 342 .snd_tag_modify = vlan_snd_tag_modify, 343 .snd_tag_query = vlan_snd_tag_query, 344 .snd_tag_free = vlan_snd_tag_free, 345 .next_snd_tag = vlan_next_snd_tag, 346 .type = IF_SND_TAG_TYPE_UNLIMITED 347 }; 348 349 static const struct if_snd_tag_sw vlan_snd_tag_rl_sw = { 350 .snd_tag_modify = vlan_snd_tag_modify, 351 .snd_tag_query = vlan_snd_tag_query, 352 .snd_tag_free = vlan_snd_tag_free, 353 .next_snd_tag = vlan_next_snd_tag, 354 .type = IF_SND_TAG_TYPE_RATE_LIMIT 355 }; 356 #endif 357 358 #ifdef KERN_TLS 359 static const struct if_snd_tag_sw vlan_snd_tag_tls_sw = { 360 .snd_tag_modify = vlan_snd_tag_modify, 361 .snd_tag_query = vlan_snd_tag_query, 362 .snd_tag_free = vlan_snd_tag_free, 363 .next_snd_tag = vlan_next_snd_tag, 364 .type = IF_SND_TAG_TYPE_TLS 365 }; 366 367 #ifdef RATELIMIT 368 static const struct if_snd_tag_sw vlan_snd_tag_tls_rl_sw = { 369 .snd_tag_modify = vlan_snd_tag_modify, 370 .snd_tag_query = vlan_snd_tag_query, 371 .snd_tag_free = vlan_snd_tag_free, 372 .next_snd_tag = vlan_next_snd_tag, 373 .type = IF_SND_TAG_TYPE_TLS_RATE_LIMIT 374 }; 375 #endif 376 #endif 377 378 static void 379 vlan_mc_free(struct epoch_context *ctx) 380 { 381 struct vlan_mc_entry *mc = __containerof(ctx, struct vlan_mc_entry, mc_epoch_ctx); 382 free(mc, M_VLAN); 383 } 384 385 #ifndef VLAN_ARRAY 386 #define HASH(n, m) ((((n) >> 8) ^ ((n) >> 4) ^ (n)) & (m)) 387 388 static void 389 vlan_inithash(struct ifvlantrunk *trunk) 390 { 391 int i, n; 392 393 /* 394 * The trunk must not be locked here since we call malloc(M_WAITOK). 395 * It is OK in case this function is called before the trunk struct 396 * gets hooked up and becomes visible from other threads. 397 */ 398 399 KASSERT(trunk->hwidth == 0 && trunk->hash == NULL, 400 ("%s: hash already initialized", __func__)); 401 402 trunk->hwidth = VLAN_DEF_HWIDTH; 403 n = 1 << trunk->hwidth; 404 trunk->hmask = n - 1; 405 trunk->hash = malloc(sizeof(struct ifvlanhead) * n, M_VLAN, M_WAITOK); 406 for (i = 0; i < n; i++) 407 CK_SLIST_INIT(&trunk->hash[i]); 408 } 409 410 static void 411 vlan_freehash(struct ifvlantrunk *trunk) 412 { 413 #ifdef INVARIANTS 414 int i; 415 416 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 417 for (i = 0; i < (1 << trunk->hwidth); i++) 418 KASSERT(CK_SLIST_EMPTY(&trunk->hash[i]), 419 ("%s: hash table not empty", __func__)); 420 #endif 421 free(trunk->hash, M_VLAN); 422 trunk->hash = NULL; 423 trunk->hwidth = trunk->hmask = 0; 424 } 425 426 static int 427 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 428 { 429 int i, b; 430 struct ifvlan *ifv2; 431 432 VLAN_XLOCK_ASSERT(); 433 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 434 435 b = 1 << trunk->hwidth; 436 i = HASH(ifv->ifv_vid, trunk->hmask); 437 CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list) 438 if (ifv->ifv_vid == ifv2->ifv_vid) 439 return (EEXIST); 440 441 /* 442 * Grow the hash when the number of vlans exceeds half of the number of 443 * hash buckets squared. This will make the average linked-list length 444 * buckets/2. 445 */ 446 if (trunk->refcnt > (b * b) / 2) { 447 vlan_growhash(trunk, 1); 448 i = HASH(ifv->ifv_vid, trunk->hmask); 449 } 450 CK_SLIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list); 451 trunk->refcnt++; 452 453 return (0); 454 } 455 456 static int 457 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 458 { 459 int i, b; 460 struct ifvlan *ifv2; 461 462 VLAN_XLOCK_ASSERT(); 463 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 464 465 b = 1 << trunk->hwidth; 466 i = HASH(ifv->ifv_vid, trunk->hmask); 467 CK_SLIST_FOREACH(ifv2, &trunk->hash[i], ifv_list) 468 if (ifv2 == ifv) { 469 trunk->refcnt--; 470 CK_SLIST_REMOVE(&trunk->hash[i], ifv2, ifvlan, ifv_list); 471 if (trunk->refcnt < (b * b) / 2) 472 vlan_growhash(trunk, -1); 473 return (0); 474 } 475 476 panic("%s: vlan not found\n", __func__); 477 return (ENOENT); /*NOTREACHED*/ 478 } 479 480 /* 481 * Grow the hash larger or smaller if memory permits. 482 */ 483 static void 484 vlan_growhash(struct ifvlantrunk *trunk, int howmuch) 485 { 486 struct ifvlan *ifv; 487 struct ifvlanhead *hash2; 488 int hwidth2, i, j, n, n2; 489 490 VLAN_XLOCK_ASSERT(); 491 KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__)); 492 493 if (howmuch == 0) { 494 /* Harmless yet obvious coding error */ 495 printf("%s: howmuch is 0\n", __func__); 496 return; 497 } 498 499 hwidth2 = trunk->hwidth + howmuch; 500 n = 1 << trunk->hwidth; 501 n2 = 1 << hwidth2; 502 /* Do not shrink the table below the default */ 503 if (hwidth2 < VLAN_DEF_HWIDTH) 504 return; 505 506 hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_WAITOK); 507 if (hash2 == NULL) { 508 printf("%s: out of memory -- hash size not changed\n", 509 __func__); 510 return; /* We can live with the old hash table */ 511 } 512 for (j = 0; j < n2; j++) 513 CK_SLIST_INIT(&hash2[j]); 514 for (i = 0; i < n; i++) 515 while ((ifv = CK_SLIST_FIRST(&trunk->hash[i])) != NULL) { 516 CK_SLIST_REMOVE(&trunk->hash[i], ifv, ifvlan, ifv_list); 517 j = HASH(ifv->ifv_vid, n2 - 1); 518 CK_SLIST_INSERT_HEAD(&hash2[j], ifv, ifv_list); 519 } 520 NET_EPOCH_WAIT(); 521 free(trunk->hash, M_VLAN); 522 trunk->hash = hash2; 523 trunk->hwidth = hwidth2; 524 trunk->hmask = n2 - 1; 525 526 if (bootverbose) 527 if_printf(trunk->parent, 528 "VLAN hash table resized from %d to %d buckets\n", n, n2); 529 } 530 531 static __inline struct ifvlan * 532 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid) 533 { 534 struct ifvlan *ifv; 535 536 NET_EPOCH_ASSERT(); 537 538 CK_SLIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list) 539 if (ifv->ifv_vid == vid) 540 return (ifv); 541 return (NULL); 542 } 543 544 #if 0 545 /* Debugging code to view the hashtables. */ 546 static void 547 vlan_dumphash(struct ifvlantrunk *trunk) 548 { 549 int i; 550 struct ifvlan *ifv; 551 552 for (i = 0; i < (1 << trunk->hwidth); i++) { 553 printf("%d: ", i); 554 CK_SLIST_FOREACH(ifv, &trunk->hash[i], ifv_list) 555 printf("%s ", ifv->ifv_ifp->if_xname); 556 printf("\n"); 557 } 558 } 559 #endif /* 0 */ 560 #else 561 562 static __inline struct ifvlan * 563 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid) 564 { 565 566 return trunk->vlans[vid]; 567 } 568 569 static __inline int 570 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 571 { 572 573 if (trunk->vlans[ifv->ifv_vid] != NULL) 574 return EEXIST; 575 trunk->vlans[ifv->ifv_vid] = ifv; 576 trunk->refcnt++; 577 578 return (0); 579 } 580 581 static __inline int 582 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv) 583 { 584 585 trunk->vlans[ifv->ifv_vid] = NULL; 586 trunk->refcnt--; 587 588 return (0); 589 } 590 591 static __inline void 592 vlan_freehash(struct ifvlantrunk *trunk) 593 { 594 } 595 596 static __inline void 597 vlan_inithash(struct ifvlantrunk *trunk) 598 { 599 } 600 601 #endif /* !VLAN_ARRAY */ 602 603 static void 604 trunk_destroy(struct ifvlantrunk *trunk) 605 { 606 VLAN_XLOCK_ASSERT(); 607 608 vlan_freehash(trunk); 609 trunk->parent->if_vlantrunk = NULL; 610 TRUNK_LOCK_DESTROY(trunk); 611 if_rele(trunk->parent); 612 free(trunk, M_VLAN); 613 } 614 615 /* 616 * Program our multicast filter. What we're actually doing is 617 * programming the multicast filter of the parent. This has the 618 * side effect of causing the parent interface to receive multicast 619 * traffic that it doesn't really want, which ends up being discarded 620 * later by the upper protocol layers. Unfortunately, there's no way 621 * to avoid this: there really is only one physical interface. 622 */ 623 static int 624 vlan_setmulti(struct ifnet *ifp) 625 { 626 struct ifnet *ifp_p; 627 struct ifmultiaddr *ifma; 628 struct ifvlan *sc; 629 struct vlan_mc_entry *mc; 630 int error; 631 632 VLAN_XLOCK_ASSERT(); 633 634 /* Find the parent. */ 635 sc = ifp->if_softc; 636 ifp_p = PARENT(sc); 637 638 CURVNET_SET_QUIET(ifp_p->if_vnet); 639 640 /* First, remove any existing filter entries. */ 641 while ((mc = CK_SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) { 642 CK_SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries); 643 (void)if_delmulti(ifp_p, (struct sockaddr *)&mc->mc_addr); 644 NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx); 645 } 646 647 /* Now program new ones. */ 648 IF_ADDR_WLOCK(ifp); 649 CK_STAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 650 if (ifma->ifma_addr->sa_family != AF_LINK) 651 continue; 652 mc = malloc(sizeof(struct vlan_mc_entry), M_VLAN, M_NOWAIT); 653 if (mc == NULL) { 654 IF_ADDR_WUNLOCK(ifp); 655 CURVNET_RESTORE(); 656 return (ENOMEM); 657 } 658 bcopy(ifma->ifma_addr, &mc->mc_addr, ifma->ifma_addr->sa_len); 659 mc->mc_addr.sdl_index = ifp_p->if_index; 660 CK_SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries); 661 } 662 IF_ADDR_WUNLOCK(ifp); 663 CK_SLIST_FOREACH (mc, &sc->vlan_mc_listhead, mc_entries) { 664 error = if_addmulti(ifp_p, (struct sockaddr *)&mc->mc_addr, 665 NULL); 666 if (error) { 667 CURVNET_RESTORE(); 668 return (error); 669 } 670 } 671 672 CURVNET_RESTORE(); 673 return (0); 674 } 675 676 /* 677 * A handler for parent interface link layer address changes. 678 * If the parent interface link layer address is changed we 679 * should also change it on all children vlans. 680 */ 681 static void 682 vlan_iflladdr(void *arg __unused, struct ifnet *ifp) 683 { 684 struct epoch_tracker et; 685 struct ifvlan *ifv; 686 struct ifnet *ifv_ifp; 687 struct ifvlantrunk *trunk; 688 struct sockaddr_dl *sdl; 689 690 /* Need the epoch since this is run on taskqueue_swi. */ 691 NET_EPOCH_ENTER(et); 692 trunk = ifp->if_vlantrunk; 693 if (trunk == NULL) { 694 NET_EPOCH_EXIT(et); 695 return; 696 } 697 698 /* 699 * OK, it's a trunk. Loop over and change all vlan's lladdrs on it. 700 * We need an exclusive lock here to prevent concurrent SIOCSIFLLADDR 701 * ioctl calls on the parent garbling the lladdr of the child vlan. 702 */ 703 TRUNK_WLOCK(trunk); 704 VLAN_FOREACH(ifv, trunk) { 705 /* 706 * Copy new new lladdr into the ifv_ifp, enqueue a task 707 * to actually call if_setlladdr. if_setlladdr needs to 708 * be deferred to a taskqueue because it will call into 709 * the if_vlan ioctl path and try to acquire the global 710 * lock. 711 */ 712 ifv_ifp = ifv->ifv_ifp; 713 bcopy(IF_LLADDR(ifp), IF_LLADDR(ifv_ifp), 714 ifp->if_addrlen); 715 sdl = (struct sockaddr_dl *)ifv_ifp->if_addr->ifa_addr; 716 sdl->sdl_alen = ifp->if_addrlen; 717 taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task); 718 } 719 TRUNK_WUNLOCK(trunk); 720 NET_EPOCH_EXIT(et); 721 } 722 723 /* 724 * A handler for network interface departure events. 725 * Track departure of trunks here so that we don't access invalid 726 * pointers or whatever if a trunk is ripped from under us, e.g., 727 * by ejecting its hot-plug card. However, if an ifnet is simply 728 * being renamed, then there's no need to tear down the state. 729 */ 730 static void 731 vlan_ifdetach(void *arg __unused, struct ifnet *ifp) 732 { 733 struct ifvlan *ifv; 734 struct ifvlantrunk *trunk; 735 736 /* If the ifnet is just being renamed, don't do anything. */ 737 if (ifp->if_flags & IFF_RENAMING) 738 return; 739 VLAN_XLOCK(); 740 trunk = ifp->if_vlantrunk; 741 if (trunk == NULL) { 742 VLAN_XUNLOCK(); 743 return; 744 } 745 746 /* 747 * OK, it's a trunk. Loop over and detach all vlan's on it. 748 * Check trunk pointer after each vlan_unconfig() as it will 749 * free it and set to NULL after the last vlan was detached. 750 */ 751 VLAN_FOREACH_UNTIL_SAFE(ifv, ifp->if_vlantrunk, 752 ifp->if_vlantrunk == NULL) 753 vlan_unconfig_locked(ifv->ifv_ifp, 1); 754 755 /* Trunk should have been destroyed in vlan_unconfig(). */ 756 KASSERT(ifp->if_vlantrunk == NULL, ("%s: purge failed", __func__)); 757 VLAN_XUNLOCK(); 758 } 759 760 /* 761 * Return the trunk device for a virtual interface. 762 */ 763 static struct ifnet * 764 vlan_trunkdev(struct ifnet *ifp) 765 { 766 struct ifvlan *ifv; 767 768 NET_EPOCH_ASSERT(); 769 770 if (ifp->if_type != IFT_L2VLAN) 771 return (NULL); 772 773 ifv = ifp->if_softc; 774 ifp = NULL; 775 if (ifv->ifv_trunk) 776 ifp = PARENT(ifv); 777 return (ifp); 778 } 779 780 /* 781 * Return the 12-bit VLAN VID for this interface, for use by external 782 * components such as Infiniband. 783 * 784 * XXXRW: Note that the function name here is historical; it should be named 785 * vlan_vid(). 786 */ 787 static int 788 vlan_tag(struct ifnet *ifp, uint16_t *vidp) 789 { 790 struct ifvlan *ifv; 791 792 if (ifp->if_type != IFT_L2VLAN) 793 return (EINVAL); 794 ifv = ifp->if_softc; 795 *vidp = ifv->ifv_vid; 796 return (0); 797 } 798 799 static int 800 vlan_pcp(struct ifnet *ifp, uint16_t *pcpp) 801 { 802 struct ifvlan *ifv; 803 804 if (ifp->if_type != IFT_L2VLAN) 805 return (EINVAL); 806 ifv = ifp->if_softc; 807 *pcpp = ifv->ifv_pcp; 808 return (0); 809 } 810 811 /* 812 * Return a driver specific cookie for this interface. Synchronization 813 * with setcookie must be provided by the driver. 814 */ 815 static void * 816 vlan_cookie(struct ifnet *ifp) 817 { 818 struct ifvlan *ifv; 819 820 if (ifp->if_type != IFT_L2VLAN) 821 return (NULL); 822 ifv = ifp->if_softc; 823 return (ifv->ifv_cookie); 824 } 825 826 /* 827 * Store a cookie in our softc that drivers can use to store driver 828 * private per-instance data in. 829 */ 830 static int 831 vlan_setcookie(struct ifnet *ifp, void *cookie) 832 { 833 struct ifvlan *ifv; 834 835 if (ifp->if_type != IFT_L2VLAN) 836 return (EINVAL); 837 ifv = ifp->if_softc; 838 ifv->ifv_cookie = cookie; 839 return (0); 840 } 841 842 /* 843 * Return the vlan device present at the specific VID. 844 */ 845 static struct ifnet * 846 vlan_devat(struct ifnet *ifp, uint16_t vid) 847 { 848 struct ifvlantrunk *trunk; 849 struct ifvlan *ifv; 850 851 NET_EPOCH_ASSERT(); 852 853 trunk = ifp->if_vlantrunk; 854 if (trunk == NULL) 855 return (NULL); 856 ifp = NULL; 857 ifv = vlan_gethash(trunk, vid); 858 if (ifv) 859 ifp = ifv->ifv_ifp; 860 return (ifp); 861 } 862 863 /* 864 * VLAN support can be loaded as a module. The only place in the 865 * system that's intimately aware of this is ether_input. We hook 866 * into this code through vlan_input_p which is defined there and 867 * set here. No one else in the system should be aware of this so 868 * we use an explicit reference here. 869 */ 870 extern void (*vlan_input_p)(struct ifnet *, struct mbuf *); 871 872 /* For if_link_state_change() eyes only... */ 873 extern void (*vlan_link_state_p)(struct ifnet *); 874 875 static int 876 vlan_modevent(module_t mod, int type, void *data) 877 { 878 879 switch (type) { 880 case MOD_LOAD: 881 ifdetach_tag = EVENTHANDLER_REGISTER(ifnet_departure_event, 882 vlan_ifdetach, NULL, EVENTHANDLER_PRI_ANY); 883 if (ifdetach_tag == NULL) 884 return (ENOMEM); 885 iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event, 886 vlan_iflladdr, NULL, EVENTHANDLER_PRI_ANY); 887 if (iflladdr_tag == NULL) 888 return (ENOMEM); 889 VLAN_LOCKING_INIT(); 890 vlan_input_p = vlan_input; 891 vlan_link_state_p = vlan_link_state; 892 vlan_trunk_cap_p = vlan_trunk_capabilities; 893 vlan_trunkdev_p = vlan_trunkdev; 894 vlan_cookie_p = vlan_cookie; 895 vlan_setcookie_p = vlan_setcookie; 896 vlan_tag_p = vlan_tag; 897 vlan_pcp_p = vlan_pcp; 898 vlan_devat_p = vlan_devat; 899 #ifndef VIMAGE 900 vlan_cloner = if_clone_advanced(vlanname, 0, vlan_clone_match, 901 vlan_clone_create, vlan_clone_destroy); 902 #endif 903 if (bootverbose) 904 printf("vlan: initialized, using " 905 #ifdef VLAN_ARRAY 906 "full-size arrays" 907 #else 908 "hash tables with chaining" 909 #endif 910 911 "\n"); 912 break; 913 case MOD_UNLOAD: 914 #ifndef VIMAGE 915 if_clone_detach(vlan_cloner); 916 #endif 917 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_tag); 918 EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_tag); 919 vlan_input_p = NULL; 920 vlan_link_state_p = NULL; 921 vlan_trunk_cap_p = NULL; 922 vlan_trunkdev_p = NULL; 923 vlan_tag_p = NULL; 924 vlan_cookie_p = NULL; 925 vlan_setcookie_p = NULL; 926 vlan_devat_p = NULL; 927 VLAN_LOCKING_DESTROY(); 928 if (bootverbose) 929 printf("vlan: unloaded\n"); 930 break; 931 default: 932 return (EOPNOTSUPP); 933 } 934 return (0); 935 } 936 937 static moduledata_t vlan_mod = { 938 "if_vlan", 939 vlan_modevent, 940 0 941 }; 942 943 DECLARE_MODULE(if_vlan, vlan_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 944 MODULE_VERSION(if_vlan, 3); 945 946 #ifdef VIMAGE 947 static void 948 vnet_vlan_init(const void *unused __unused) 949 { 950 951 vlan_cloner = if_clone_advanced(vlanname, 0, vlan_clone_match, 952 vlan_clone_create, vlan_clone_destroy); 953 V_vlan_cloner = vlan_cloner; 954 } 955 VNET_SYSINIT(vnet_vlan_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 956 vnet_vlan_init, NULL); 957 958 static void 959 vnet_vlan_uninit(const void *unused __unused) 960 { 961 962 if_clone_detach(V_vlan_cloner); 963 } 964 VNET_SYSUNINIT(vnet_vlan_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY, 965 vnet_vlan_uninit, NULL); 966 #endif 967 968 /* 969 * Check for <etherif>.<vlan>[.<vlan> ...] style interface names. 970 */ 971 static struct ifnet * 972 vlan_clone_match_ethervid(const char *name, int *vidp) 973 { 974 char ifname[IFNAMSIZ]; 975 char *cp; 976 struct ifnet *ifp; 977 int vid; 978 979 strlcpy(ifname, name, IFNAMSIZ); 980 if ((cp = strrchr(ifname, '.')) == NULL) 981 return (NULL); 982 *cp = '\0'; 983 if ((ifp = ifunit_ref(ifname)) == NULL) 984 return (NULL); 985 /* Parse VID. */ 986 if (*++cp == '\0') { 987 if_rele(ifp); 988 return (NULL); 989 } 990 vid = 0; 991 for(; *cp >= '0' && *cp <= '9'; cp++) 992 vid = (vid * 10) + (*cp - '0'); 993 if (*cp != '\0') { 994 if_rele(ifp); 995 return (NULL); 996 } 997 if (vidp != NULL) 998 *vidp = vid; 999 1000 return (ifp); 1001 } 1002 1003 static int 1004 vlan_clone_match(struct if_clone *ifc, const char *name) 1005 { 1006 struct ifnet *ifp; 1007 const char *cp; 1008 1009 ifp = vlan_clone_match_ethervid(name, NULL); 1010 if (ifp != NULL) { 1011 if_rele(ifp); 1012 return (1); 1013 } 1014 1015 if (strncmp(vlanname, name, strlen(vlanname)) != 0) 1016 return (0); 1017 for (cp = name + 4; *cp != '\0'; cp++) { 1018 if (*cp < '0' || *cp > '9') 1019 return (0); 1020 } 1021 1022 return (1); 1023 } 1024 1025 static int 1026 vlan_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) 1027 { 1028 char *dp; 1029 bool wildcard = false; 1030 bool subinterface = false; 1031 int unit; 1032 int error; 1033 int vid = 0; 1034 uint16_t proto = ETHERTYPE_VLAN; 1035 struct ifvlan *ifv; 1036 struct ifnet *ifp; 1037 struct ifnet *p = NULL; 1038 struct ifaddr *ifa; 1039 struct sockaddr_dl *sdl; 1040 struct vlanreq vlr; 1041 static const u_char eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ 1042 1043 1044 /* 1045 * There are three ways to specify the cloned device: 1046 * o pass a parameter block with the clone request. 1047 * o specify parameters in the text of the clone device name 1048 * o specify no parameters and get an unattached device that 1049 * must be configured separately. 1050 * The first technique is preferred; the latter two are supported 1051 * for backwards compatibility. 1052 * 1053 * XXXRW: Note historic use of the word "tag" here. New ioctls may be 1054 * called for. 1055 */ 1056 1057 if (params) { 1058 error = copyin(params, &vlr, sizeof(vlr)); 1059 if (error) 1060 return error; 1061 vid = vlr.vlr_tag; 1062 proto = vlr.vlr_proto; 1063 1064 #ifdef COMPAT_FREEBSD12 1065 if (proto == 0) 1066 proto = ETHERTYPE_VLAN; 1067 #endif 1068 p = ifunit_ref(vlr.vlr_parent); 1069 if (p == NULL) 1070 return (ENXIO); 1071 } 1072 1073 if ((error = ifc_name2unit(name, &unit)) == 0) { 1074 1075 /* 1076 * vlanX interface. Set wildcard to true if the unit number 1077 * is not fixed (-1) 1078 */ 1079 wildcard = (unit < 0); 1080 } else { 1081 struct ifnet *p_tmp = vlan_clone_match_ethervid(name, &vid); 1082 if (p_tmp != NULL) { 1083 error = 0; 1084 subinterface = true; 1085 unit = IF_DUNIT_NONE; 1086 wildcard = false; 1087 if (p != NULL) { 1088 if_rele(p_tmp); 1089 if (p != p_tmp) 1090 error = EINVAL; 1091 } else 1092 p = p_tmp; 1093 } else 1094 error = ENXIO; 1095 } 1096 1097 if (error != 0) { 1098 if (p != NULL) 1099 if_rele(p); 1100 return (error); 1101 } 1102 1103 if (!subinterface) { 1104 /* vlanX interface, mark X as busy or allocate new unit # */ 1105 error = ifc_alloc_unit(ifc, &unit); 1106 if (error != 0) { 1107 if (p != NULL) 1108 if_rele(p); 1109 return (error); 1110 } 1111 } 1112 1113 /* In the wildcard case, we need to update the name. */ 1114 if (wildcard) { 1115 for (dp = name; *dp != '\0'; dp++); 1116 if (snprintf(dp, len - (dp-name), "%d", unit) > 1117 len - (dp-name) - 1) { 1118 panic("%s: interface name too long", __func__); 1119 } 1120 } 1121 1122 ifv = malloc(sizeof(struct ifvlan), M_VLAN, M_WAITOK | M_ZERO); 1123 ifp = ifv->ifv_ifp = if_alloc(IFT_ETHER); 1124 if (ifp == NULL) { 1125 if (!subinterface) 1126 ifc_free_unit(ifc, unit); 1127 free(ifv, M_VLAN); 1128 if (p != NULL) 1129 if_rele(p); 1130 return (ENOSPC); 1131 } 1132 CK_SLIST_INIT(&ifv->vlan_mc_listhead); 1133 ifp->if_softc = ifv; 1134 /* 1135 * Set the name manually rather than using if_initname because 1136 * we don't conform to the default naming convention for interfaces. 1137 */ 1138 strlcpy(ifp->if_xname, name, IFNAMSIZ); 1139 ifp->if_dname = vlanname; 1140 ifp->if_dunit = unit; 1141 1142 ifp->if_init = vlan_init; 1143 #ifdef ALTQ 1144 ifp->if_start = vlan_altq_start; 1145 ifp->if_transmit = vlan_altq_transmit; 1146 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 1147 ifp->if_snd.ifq_drv_maxlen = 0; 1148 IFQ_SET_READY(&ifp->if_snd); 1149 #else 1150 ifp->if_transmit = vlan_transmit; 1151 #endif 1152 ifp->if_qflush = vlan_qflush; 1153 ifp->if_ioctl = vlan_ioctl; 1154 #if defined(KERN_TLS) || defined(RATELIMIT) 1155 ifp->if_snd_tag_alloc = vlan_snd_tag_alloc; 1156 ifp->if_ratelimit_query = vlan_ratelimit_query; 1157 #endif 1158 ifp->if_flags = VLAN_IFFLAGS; 1159 ether_ifattach(ifp, eaddr); 1160 /* Now undo some of the damage... */ 1161 ifp->if_baudrate = 0; 1162 ifp->if_type = IFT_L2VLAN; 1163 ifp->if_hdrlen = ETHER_VLAN_ENCAP_LEN; 1164 ifa = ifp->if_addr; 1165 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 1166 sdl->sdl_type = IFT_L2VLAN; 1167 1168 if (p != NULL) { 1169 error = vlan_config(ifv, p, vid, proto); 1170 if_rele(p); 1171 if (error != 0) { 1172 /* 1173 * Since we've partially failed, we need to back 1174 * out all the way, otherwise userland could get 1175 * confused. Thus, we destroy the interface. 1176 */ 1177 ether_ifdetach(ifp); 1178 vlan_unconfig(ifp); 1179 if_free(ifp); 1180 if (!subinterface) 1181 ifc_free_unit(ifc, unit); 1182 free(ifv, M_VLAN); 1183 1184 return (error); 1185 } 1186 } 1187 1188 return (0); 1189 } 1190 1191 static int 1192 vlan_clone_destroy(struct if_clone *ifc, struct ifnet *ifp) 1193 { 1194 struct ifvlan *ifv = ifp->if_softc; 1195 int unit = ifp->if_dunit; 1196 1197 if (ifp->if_vlantrunk) 1198 return (EBUSY); 1199 1200 #ifdef ALTQ 1201 IFQ_PURGE(&ifp->if_snd); 1202 #endif 1203 ether_ifdetach(ifp); /* first, remove it from system-wide lists */ 1204 vlan_unconfig(ifp); /* now it can be unconfigured and freed */ 1205 /* 1206 * We should have the only reference to the ifv now, so we can now 1207 * drain any remaining lladdr task before freeing the ifnet and the 1208 * ifvlan. 1209 */ 1210 taskqueue_drain(taskqueue_thread, &ifv->lladdr_task); 1211 NET_EPOCH_WAIT(); 1212 if_free(ifp); 1213 free(ifv, M_VLAN); 1214 if (unit != IF_DUNIT_NONE) 1215 ifc_free_unit(ifc, unit); 1216 1217 return (0); 1218 } 1219 1220 /* 1221 * The ifp->if_init entry point for vlan(4) is a no-op. 1222 */ 1223 static void 1224 vlan_init(void *foo __unused) 1225 { 1226 } 1227 1228 /* 1229 * The if_transmit method for vlan(4) interface. 1230 */ 1231 static int 1232 vlan_transmit(struct ifnet *ifp, struct mbuf *m) 1233 { 1234 struct ifvlan *ifv; 1235 struct ifnet *p; 1236 int error, len, mcast; 1237 1238 NET_EPOCH_ASSERT(); 1239 1240 ifv = ifp->if_softc; 1241 if (TRUNK(ifv) == NULL) { 1242 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1243 m_freem(m); 1244 return (ENETDOWN); 1245 } 1246 p = PARENT(ifv); 1247 len = m->m_pkthdr.len; 1248 mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1 : 0; 1249 1250 BPF_MTAP(ifp, m); 1251 1252 #if defined(KERN_TLS) || defined(RATELIMIT) 1253 if (m->m_pkthdr.csum_flags & CSUM_SND_TAG) { 1254 struct vlan_snd_tag *vst; 1255 struct m_snd_tag *mst; 1256 1257 MPASS(m->m_pkthdr.snd_tag->ifp == ifp); 1258 mst = m->m_pkthdr.snd_tag; 1259 vst = mst_to_vst(mst); 1260 if (vst->tag->ifp != p) { 1261 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1262 m_freem(m); 1263 return (EAGAIN); 1264 } 1265 1266 m->m_pkthdr.snd_tag = m_snd_tag_ref(vst->tag); 1267 m_snd_tag_rele(mst); 1268 } 1269 #endif 1270 1271 /* 1272 * Do not run parent's if_transmit() if the parent is not up, 1273 * or parent's driver will cause a system crash. 1274 */ 1275 if (!UP_AND_RUNNING(p)) { 1276 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1277 m_freem(m); 1278 return (ENETDOWN); 1279 } 1280 1281 if (!ether_8021q_frame(&m, ifp, p, &ifv->ifv_qtag)) { 1282 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1283 return (0); 1284 } 1285 1286 /* 1287 * Send it, precisely as ether_output() would have. 1288 */ 1289 error = (p->if_transmit)(p, m); 1290 if (error == 0) { 1291 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 1292 if_inc_counter(ifp, IFCOUNTER_OBYTES, len); 1293 if_inc_counter(ifp, IFCOUNTER_OMCASTS, mcast); 1294 } else 1295 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1296 return (error); 1297 } 1298 1299 static int 1300 vlan_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 1301 struct route *ro) 1302 { 1303 struct ifvlan *ifv; 1304 struct ifnet *p; 1305 1306 NET_EPOCH_ASSERT(); 1307 1308 /* 1309 * Find the first non-VLAN parent interface. 1310 */ 1311 ifv = ifp->if_softc; 1312 do { 1313 if (TRUNK(ifv) == NULL) { 1314 m_freem(m); 1315 return (ENETDOWN); 1316 } 1317 p = PARENT(ifv); 1318 ifv = p->if_softc; 1319 } while (p->if_type == IFT_L2VLAN); 1320 1321 return p->if_output(ifp, m, dst, ro); 1322 } 1323 1324 #ifdef ALTQ 1325 static void 1326 vlan_altq_start(if_t ifp) 1327 { 1328 struct ifaltq *ifq = &ifp->if_snd; 1329 struct mbuf *m; 1330 1331 IFQ_LOCK(ifq); 1332 IFQ_DEQUEUE_NOLOCK(ifq, m); 1333 while (m != NULL) { 1334 vlan_transmit(ifp, m); 1335 IFQ_DEQUEUE_NOLOCK(ifq, m); 1336 } 1337 IFQ_UNLOCK(ifq); 1338 } 1339 1340 static int 1341 vlan_altq_transmit(if_t ifp, struct mbuf *m) 1342 { 1343 int err; 1344 1345 if (ALTQ_IS_ENABLED(&ifp->if_snd)) { 1346 IFQ_ENQUEUE(&ifp->if_snd, m, err); 1347 if (err == 0) 1348 vlan_altq_start(ifp); 1349 } else 1350 err = vlan_transmit(ifp, m); 1351 1352 return (err); 1353 } 1354 #endif /* ALTQ */ 1355 1356 /* 1357 * The ifp->if_qflush entry point for vlan(4) is a no-op. 1358 */ 1359 static void 1360 vlan_qflush(struct ifnet *ifp __unused) 1361 { 1362 } 1363 1364 static void 1365 vlan_input(struct ifnet *ifp, struct mbuf *m) 1366 { 1367 struct ifvlantrunk *trunk; 1368 struct ifvlan *ifv; 1369 struct m_tag *mtag; 1370 uint16_t vid, tag; 1371 1372 NET_EPOCH_ASSERT(); 1373 1374 trunk = ifp->if_vlantrunk; 1375 if (trunk == NULL) { 1376 m_freem(m); 1377 return; 1378 } 1379 1380 if (m->m_flags & M_VLANTAG) { 1381 /* 1382 * Packet is tagged, but m contains a normal 1383 * Ethernet frame; the tag is stored out-of-band. 1384 */ 1385 tag = m->m_pkthdr.ether_vtag; 1386 m->m_flags &= ~M_VLANTAG; 1387 } else { 1388 struct ether_vlan_header *evl; 1389 1390 /* 1391 * Packet is tagged in-band as specified by 802.1q. 1392 */ 1393 switch (ifp->if_type) { 1394 case IFT_ETHER: 1395 if (m->m_len < sizeof(*evl) && 1396 (m = m_pullup(m, sizeof(*evl))) == NULL) { 1397 if_printf(ifp, "cannot pullup VLAN header\n"); 1398 return; 1399 } 1400 evl = mtod(m, struct ether_vlan_header *); 1401 tag = ntohs(evl->evl_tag); 1402 1403 /* 1404 * Remove the 802.1q header by copying the Ethernet 1405 * addresses over it and adjusting the beginning of 1406 * the data in the mbuf. The encapsulated Ethernet 1407 * type field is already in place. 1408 */ 1409 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN, 1410 ETHER_HDR_LEN - ETHER_TYPE_LEN); 1411 m_adj(m, ETHER_VLAN_ENCAP_LEN); 1412 break; 1413 1414 default: 1415 #ifdef INVARIANTS 1416 panic("%s: %s has unsupported if_type %u", 1417 __func__, ifp->if_xname, ifp->if_type); 1418 #endif 1419 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 1420 m_freem(m); 1421 return; 1422 } 1423 } 1424 1425 vid = EVL_VLANOFTAG(tag); 1426 1427 ifv = vlan_gethash(trunk, vid); 1428 if (ifv == NULL || !UP_AND_RUNNING(ifv->ifv_ifp)) { 1429 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 1430 m_freem(m); 1431 return; 1432 } 1433 1434 if (V_vlan_mtag_pcp) { 1435 /* 1436 * While uncommon, it is possible that we will find a 802.1q 1437 * packet encapsulated inside another packet that also had an 1438 * 802.1q header. For example, ethernet tunneled over IPSEC 1439 * arriving over ethernet. In that case, we replace the 1440 * existing 802.1q PCP m_tag value. 1441 */ 1442 mtag = m_tag_locate(m, MTAG_8021Q, MTAG_8021Q_PCP_IN, NULL); 1443 if (mtag == NULL) { 1444 mtag = m_tag_alloc(MTAG_8021Q, MTAG_8021Q_PCP_IN, 1445 sizeof(uint8_t), M_NOWAIT); 1446 if (mtag == NULL) { 1447 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1448 m_freem(m); 1449 return; 1450 } 1451 m_tag_prepend(m, mtag); 1452 } 1453 *(uint8_t *)(mtag + 1) = EVL_PRIOFTAG(tag); 1454 } 1455 1456 m->m_pkthdr.rcvif = ifv->ifv_ifp; 1457 if_inc_counter(ifv->ifv_ifp, IFCOUNTER_IPACKETS, 1); 1458 1459 /* Pass it back through the parent's input routine. */ 1460 (*ifv->ifv_ifp->if_input)(ifv->ifv_ifp, m); 1461 } 1462 1463 static void 1464 vlan_lladdr_fn(void *arg, int pending __unused) 1465 { 1466 struct ifvlan *ifv; 1467 struct ifnet *ifp; 1468 1469 ifv = (struct ifvlan *)arg; 1470 ifp = ifv->ifv_ifp; 1471 1472 CURVNET_SET(ifp->if_vnet); 1473 1474 /* The ifv_ifp already has the lladdr copied in. */ 1475 if_setlladdr(ifp, IF_LLADDR(ifp), ifp->if_addrlen); 1476 1477 CURVNET_RESTORE(); 1478 } 1479 1480 static int 1481 vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid, 1482 uint16_t proto) 1483 { 1484 struct epoch_tracker et; 1485 struct ifvlantrunk *trunk; 1486 struct ifnet *ifp; 1487 int error = 0; 1488 1489 /* 1490 * We can handle non-ethernet hardware types as long as 1491 * they handle the tagging and headers themselves. 1492 */ 1493 if (p->if_type != IFT_ETHER && 1494 p->if_type != IFT_L2VLAN && 1495 (p->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) 1496 return (EPROTONOSUPPORT); 1497 if ((p->if_flags & VLAN_IFFLAGS) != VLAN_IFFLAGS) 1498 return (EPROTONOSUPPORT); 1499 /* 1500 * Don't let the caller set up a VLAN VID with 1501 * anything except VLID bits. 1502 * VID numbers 0x0 and 0xFFF are reserved. 1503 */ 1504 if (vid == 0 || vid == 0xFFF || (vid & ~EVL_VLID_MASK)) 1505 return (EINVAL); 1506 if (ifv->ifv_trunk) 1507 return (EBUSY); 1508 1509 VLAN_XLOCK(); 1510 if (p->if_vlantrunk == NULL) { 1511 trunk = malloc(sizeof(struct ifvlantrunk), 1512 M_VLAN, M_WAITOK | M_ZERO); 1513 vlan_inithash(trunk); 1514 TRUNK_LOCK_INIT(trunk); 1515 TRUNK_WLOCK(trunk); 1516 p->if_vlantrunk = trunk; 1517 trunk->parent = p; 1518 if_ref(trunk->parent); 1519 TRUNK_WUNLOCK(trunk); 1520 } else { 1521 trunk = p->if_vlantrunk; 1522 } 1523 1524 ifv->ifv_vid = vid; /* must set this before vlan_inshash() */ 1525 ifv->ifv_pcp = 0; /* Default: best effort delivery. */ 1526 error = vlan_inshash(trunk, ifv); 1527 if (error) 1528 goto done; 1529 ifv->ifv_proto = proto; 1530 ifv->ifv_encaplen = ETHER_VLAN_ENCAP_LEN; 1531 ifv->ifv_mintu = ETHERMIN; 1532 ifv->ifv_pflags = 0; 1533 ifv->ifv_capenable = -1; 1534 1535 /* 1536 * If the parent supports the VLAN_MTU capability, 1537 * i.e. can Tx/Rx larger than ETHER_MAX_LEN frames, 1538 * use it. 1539 */ 1540 if (p->if_capenable & IFCAP_VLAN_MTU) { 1541 /* 1542 * No need to fudge the MTU since the parent can 1543 * handle extended frames. 1544 */ 1545 ifv->ifv_mtufudge = 0; 1546 } else { 1547 /* 1548 * Fudge the MTU by the encapsulation size. This 1549 * makes us incompatible with strictly compliant 1550 * 802.1Q implementations, but allows us to use 1551 * the feature with other NetBSD implementations, 1552 * which might still be useful. 1553 */ 1554 ifv->ifv_mtufudge = ifv->ifv_encaplen; 1555 } 1556 1557 ifv->ifv_trunk = trunk; 1558 ifp = ifv->ifv_ifp; 1559 /* 1560 * Initialize fields from our parent. This duplicates some 1561 * work with ether_ifattach() but allows for non-ethernet 1562 * interfaces to also work. 1563 */ 1564 ifp->if_mtu = p->if_mtu - ifv->ifv_mtufudge; 1565 ifp->if_baudrate = p->if_baudrate; 1566 ifp->if_input = p->if_input; 1567 ifp->if_resolvemulti = p->if_resolvemulti; 1568 ifp->if_addrlen = p->if_addrlen; 1569 ifp->if_broadcastaddr = p->if_broadcastaddr; 1570 ifp->if_pcp = ifv->ifv_pcp; 1571 1572 /* 1573 * We wrap the parent's if_output using vlan_output to ensure that it 1574 * can't become stale. 1575 */ 1576 ifp->if_output = vlan_output; 1577 1578 /* 1579 * Copy only a selected subset of flags from the parent. 1580 * Other flags are none of our business. 1581 */ 1582 #define VLAN_COPY_FLAGS (IFF_SIMPLEX) 1583 ifp->if_flags &= ~VLAN_COPY_FLAGS; 1584 ifp->if_flags |= p->if_flags & VLAN_COPY_FLAGS; 1585 #undef VLAN_COPY_FLAGS 1586 1587 ifp->if_link_state = p->if_link_state; 1588 1589 NET_EPOCH_ENTER(et); 1590 vlan_capabilities(ifv); 1591 NET_EPOCH_EXIT(et); 1592 1593 /* 1594 * Set up our interface address to reflect the underlying 1595 * physical interface's. 1596 */ 1597 TASK_INIT(&ifv->lladdr_task, 0, vlan_lladdr_fn, ifv); 1598 ((struct sockaddr_dl *)ifp->if_addr->ifa_addr)->sdl_alen = 1599 p->if_addrlen; 1600 1601 /* 1602 * Do not schedule link address update if it was the same 1603 * as previous parent's. This helps avoid updating for each 1604 * associated llentry. 1605 */ 1606 if (memcmp(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen) != 0) { 1607 bcopy(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen); 1608 taskqueue_enqueue(taskqueue_thread, &ifv->lladdr_task); 1609 } 1610 1611 /* We are ready for operation now. */ 1612 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1613 1614 /* Update flags on the parent, if necessary. */ 1615 vlan_setflags(ifp, 1); 1616 1617 /* 1618 * Configure multicast addresses that may already be 1619 * joined on the vlan device. 1620 */ 1621 (void)vlan_setmulti(ifp); 1622 1623 done: 1624 if (error == 0) 1625 EVENTHANDLER_INVOKE(vlan_config, p, ifv->ifv_vid); 1626 VLAN_XUNLOCK(); 1627 1628 return (error); 1629 } 1630 1631 static void 1632 vlan_unconfig(struct ifnet *ifp) 1633 { 1634 1635 VLAN_XLOCK(); 1636 vlan_unconfig_locked(ifp, 0); 1637 VLAN_XUNLOCK(); 1638 } 1639 1640 static void 1641 vlan_unconfig_locked(struct ifnet *ifp, int departing) 1642 { 1643 struct ifvlantrunk *trunk; 1644 struct vlan_mc_entry *mc; 1645 struct ifvlan *ifv; 1646 struct ifnet *parent; 1647 int error; 1648 1649 VLAN_XLOCK_ASSERT(); 1650 1651 ifv = ifp->if_softc; 1652 trunk = ifv->ifv_trunk; 1653 parent = NULL; 1654 1655 if (trunk != NULL) { 1656 parent = trunk->parent; 1657 1658 /* 1659 * Since the interface is being unconfigured, we need to 1660 * empty the list of multicast groups that we may have joined 1661 * while we were alive from the parent's list. 1662 */ 1663 while ((mc = CK_SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) { 1664 /* 1665 * If the parent interface is being detached, 1666 * all its multicast addresses have already 1667 * been removed. Warn about errors if 1668 * if_delmulti() does fail, but don't abort as 1669 * all callers expect vlan destruction to 1670 * succeed. 1671 */ 1672 if (!departing) { 1673 error = if_delmulti(parent, 1674 (struct sockaddr *)&mc->mc_addr); 1675 if (error) 1676 if_printf(ifp, 1677 "Failed to delete multicast address from parent: %d\n", 1678 error); 1679 } 1680 CK_SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries); 1681 NET_EPOCH_CALL(vlan_mc_free, &mc->mc_epoch_ctx); 1682 } 1683 1684 vlan_setflags(ifp, 0); /* clear special flags on parent */ 1685 1686 vlan_remhash(trunk, ifv); 1687 ifv->ifv_trunk = NULL; 1688 1689 /* 1690 * Check if we were the last. 1691 */ 1692 if (trunk->refcnt == 0) { 1693 parent->if_vlantrunk = NULL; 1694 NET_EPOCH_WAIT(); 1695 trunk_destroy(trunk); 1696 } 1697 } 1698 1699 /* Disconnect from parent. */ 1700 if (ifv->ifv_pflags) 1701 if_printf(ifp, "%s: ifv_pflags unclean\n", __func__); 1702 ifp->if_mtu = ETHERMTU; 1703 ifp->if_link_state = LINK_STATE_UNKNOWN; 1704 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1705 1706 /* 1707 * Only dispatch an event if vlan was 1708 * attached, otherwise there is nothing 1709 * to cleanup anyway. 1710 */ 1711 if (parent != NULL) 1712 EVENTHANDLER_INVOKE(vlan_unconfig, parent, ifv->ifv_vid); 1713 } 1714 1715 /* Handle a reference counted flag that should be set on the parent as well */ 1716 static int 1717 vlan_setflag(struct ifnet *ifp, int flag, int status, 1718 int (*func)(struct ifnet *, int)) 1719 { 1720 struct ifvlan *ifv; 1721 int error; 1722 1723 VLAN_SXLOCK_ASSERT(); 1724 1725 ifv = ifp->if_softc; 1726 status = status ? (ifp->if_flags & flag) : 0; 1727 /* Now "status" contains the flag value or 0 */ 1728 1729 /* 1730 * See if recorded parent's status is different from what 1731 * we want it to be. If it is, flip it. We record parent's 1732 * status in ifv_pflags so that we won't clear parent's flag 1733 * we haven't set. In fact, we don't clear or set parent's 1734 * flags directly, but get or release references to them. 1735 * That's why we can be sure that recorded flags still are 1736 * in accord with actual parent's flags. 1737 */ 1738 if (status != (ifv->ifv_pflags & flag)) { 1739 error = (*func)(PARENT(ifv), status); 1740 if (error) 1741 return (error); 1742 ifv->ifv_pflags &= ~flag; 1743 ifv->ifv_pflags |= status; 1744 } 1745 return (0); 1746 } 1747 1748 /* 1749 * Handle IFF_* flags that require certain changes on the parent: 1750 * if "status" is true, update parent's flags respective to our if_flags; 1751 * if "status" is false, forcedly clear the flags set on parent. 1752 */ 1753 static int 1754 vlan_setflags(struct ifnet *ifp, int status) 1755 { 1756 int error, i; 1757 1758 for (i = 0; vlan_pflags[i].flag; i++) { 1759 error = vlan_setflag(ifp, vlan_pflags[i].flag, 1760 status, vlan_pflags[i].func); 1761 if (error) 1762 return (error); 1763 } 1764 return (0); 1765 } 1766 1767 /* Inform all vlans that their parent has changed link state */ 1768 static void 1769 vlan_link_state(struct ifnet *ifp) 1770 { 1771 struct epoch_tracker et; 1772 struct ifvlantrunk *trunk; 1773 struct ifvlan *ifv; 1774 1775 NET_EPOCH_ENTER(et); 1776 trunk = ifp->if_vlantrunk; 1777 if (trunk == NULL) { 1778 NET_EPOCH_EXIT(et); 1779 return; 1780 } 1781 1782 TRUNK_WLOCK(trunk); 1783 VLAN_FOREACH(ifv, trunk) { 1784 ifv->ifv_ifp->if_baudrate = trunk->parent->if_baudrate; 1785 if_link_state_change(ifv->ifv_ifp, 1786 trunk->parent->if_link_state); 1787 } 1788 TRUNK_WUNLOCK(trunk); 1789 NET_EPOCH_EXIT(et); 1790 } 1791 1792 static void 1793 vlan_capabilities(struct ifvlan *ifv) 1794 { 1795 struct ifnet *p; 1796 struct ifnet *ifp; 1797 struct ifnet_hw_tsomax hw_tsomax; 1798 int cap = 0, ena = 0, mena; 1799 u_long hwa = 0; 1800 1801 NET_EPOCH_ASSERT(); 1802 VLAN_SXLOCK_ASSERT(); 1803 1804 p = PARENT(ifv); 1805 ifp = ifv->ifv_ifp; 1806 1807 /* Mask parent interface enabled capabilities disabled by user. */ 1808 mena = p->if_capenable & ifv->ifv_capenable; 1809 1810 /* 1811 * If the parent interface can do checksum offloading 1812 * on VLANs, then propagate its hardware-assisted 1813 * checksumming flags. Also assert that checksum 1814 * offloading requires hardware VLAN tagging. 1815 */ 1816 if (p->if_capabilities & IFCAP_VLAN_HWCSUM) 1817 cap |= p->if_capabilities & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6); 1818 if (p->if_capenable & IFCAP_VLAN_HWCSUM && 1819 p->if_capenable & IFCAP_VLAN_HWTAGGING) { 1820 ena |= mena & (IFCAP_HWCSUM | IFCAP_HWCSUM_IPV6); 1821 if (ena & IFCAP_TXCSUM) 1822 hwa |= p->if_hwassist & (CSUM_IP | CSUM_TCP | 1823 CSUM_UDP | CSUM_SCTP); 1824 if (ena & IFCAP_TXCSUM_IPV6) 1825 hwa |= p->if_hwassist & (CSUM_TCP_IPV6 | 1826 CSUM_UDP_IPV6 | CSUM_SCTP_IPV6); 1827 } 1828 1829 /* 1830 * If the parent interface can do TSO on VLANs then 1831 * propagate the hardware-assisted flag. TSO on VLANs 1832 * does not necessarily require hardware VLAN tagging. 1833 */ 1834 memset(&hw_tsomax, 0, sizeof(hw_tsomax)); 1835 if_hw_tsomax_common(p, &hw_tsomax); 1836 if_hw_tsomax_update(ifp, &hw_tsomax); 1837 if (p->if_capabilities & IFCAP_VLAN_HWTSO) 1838 cap |= p->if_capabilities & IFCAP_TSO; 1839 if (p->if_capenable & IFCAP_VLAN_HWTSO) { 1840 ena |= mena & IFCAP_TSO; 1841 if (ena & IFCAP_TSO) 1842 hwa |= p->if_hwassist & CSUM_TSO; 1843 } 1844 1845 /* 1846 * If the parent interface can do LRO and checksum offloading on 1847 * VLANs, then guess it may do LRO on VLANs. False positive here 1848 * cost nothing, while false negative may lead to some confusions. 1849 */ 1850 if (p->if_capabilities & IFCAP_VLAN_HWCSUM) 1851 cap |= p->if_capabilities & IFCAP_LRO; 1852 if (p->if_capenable & IFCAP_VLAN_HWCSUM) 1853 ena |= p->if_capenable & IFCAP_LRO; 1854 1855 /* 1856 * If the parent interface can offload TCP connections over VLANs then 1857 * propagate its TOE capability to the VLAN interface. 1858 * 1859 * All TOE drivers in the tree today can deal with VLANs. If this 1860 * changes then IFCAP_VLAN_TOE should be promoted to a full capability 1861 * with its own bit. 1862 */ 1863 #define IFCAP_VLAN_TOE IFCAP_TOE 1864 if (p->if_capabilities & IFCAP_VLAN_TOE) 1865 cap |= p->if_capabilities & IFCAP_TOE; 1866 if (p->if_capenable & IFCAP_VLAN_TOE) { 1867 TOEDEV(ifp) = TOEDEV(p); 1868 ena |= mena & IFCAP_TOE; 1869 } 1870 1871 /* 1872 * If the parent interface supports dynamic link state, so does the 1873 * VLAN interface. 1874 */ 1875 cap |= (p->if_capabilities & IFCAP_LINKSTATE); 1876 ena |= (mena & IFCAP_LINKSTATE); 1877 1878 #ifdef RATELIMIT 1879 /* 1880 * If the parent interface supports ratelimiting, so does the 1881 * VLAN interface. 1882 */ 1883 cap |= (p->if_capabilities & IFCAP_TXRTLMT); 1884 ena |= (mena & IFCAP_TXRTLMT); 1885 #endif 1886 1887 /* 1888 * If the parent interface supports unmapped mbufs, so does 1889 * the VLAN interface. Note that this should be fine even for 1890 * interfaces that don't support hardware tagging as headers 1891 * are prepended in normal mbufs to unmapped mbufs holding 1892 * payload data. 1893 */ 1894 cap |= (p->if_capabilities & IFCAP_MEXTPG); 1895 ena |= (mena & IFCAP_MEXTPG); 1896 1897 /* 1898 * If the parent interface can offload encryption and segmentation 1899 * of TLS records over TCP, propagate it's capability to the VLAN 1900 * interface. 1901 * 1902 * All TLS drivers in the tree today can deal with VLANs. If 1903 * this ever changes, then a new IFCAP_VLAN_TXTLS can be 1904 * defined. 1905 */ 1906 if (p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT)) 1907 cap |= p->if_capabilities & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT); 1908 if (p->if_capenable & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT)) 1909 ena |= mena & (IFCAP_TXTLS | IFCAP_TXTLS_RTLMT); 1910 1911 ifp->if_capabilities = cap; 1912 ifp->if_capenable = ena; 1913 ifp->if_hwassist = hwa; 1914 } 1915 1916 static void 1917 vlan_trunk_capabilities(struct ifnet *ifp) 1918 { 1919 struct epoch_tracker et; 1920 struct ifvlantrunk *trunk; 1921 struct ifvlan *ifv; 1922 1923 VLAN_SLOCK(); 1924 trunk = ifp->if_vlantrunk; 1925 if (trunk == NULL) { 1926 VLAN_SUNLOCK(); 1927 return; 1928 } 1929 NET_EPOCH_ENTER(et); 1930 VLAN_FOREACH(ifv, trunk) 1931 vlan_capabilities(ifv); 1932 NET_EPOCH_EXIT(et); 1933 VLAN_SUNLOCK(); 1934 } 1935 1936 static int 1937 vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1938 { 1939 struct ifnet *p; 1940 struct ifreq *ifr; 1941 struct ifaddr *ifa; 1942 struct ifvlan *ifv; 1943 struct ifvlantrunk *trunk; 1944 struct vlanreq vlr; 1945 int error = 0, oldmtu; 1946 1947 ifr = (struct ifreq *)data; 1948 ifa = (struct ifaddr *) data; 1949 ifv = ifp->if_softc; 1950 1951 switch (cmd) { 1952 case SIOCSIFADDR: 1953 ifp->if_flags |= IFF_UP; 1954 #ifdef INET 1955 if (ifa->ifa_addr->sa_family == AF_INET) 1956 arp_ifinit(ifp, ifa); 1957 #endif 1958 break; 1959 case SIOCGIFADDR: 1960 bcopy(IF_LLADDR(ifp), &ifr->ifr_addr.sa_data[0], 1961 ifp->if_addrlen); 1962 break; 1963 case SIOCGIFMEDIA: 1964 VLAN_SLOCK(); 1965 if (TRUNK(ifv) != NULL) { 1966 p = PARENT(ifv); 1967 if_ref(p); 1968 error = (*p->if_ioctl)(p, SIOCGIFMEDIA, data); 1969 if_rele(p); 1970 /* Limit the result to the parent's current config. */ 1971 if (error == 0) { 1972 struct ifmediareq *ifmr; 1973 1974 ifmr = (struct ifmediareq *)data; 1975 if (ifmr->ifm_count >= 1 && ifmr->ifm_ulist) { 1976 ifmr->ifm_count = 1; 1977 error = copyout(&ifmr->ifm_current, 1978 ifmr->ifm_ulist, 1979 sizeof(int)); 1980 } 1981 } 1982 } else { 1983 error = EINVAL; 1984 } 1985 VLAN_SUNLOCK(); 1986 break; 1987 1988 case SIOCSIFMEDIA: 1989 error = EINVAL; 1990 break; 1991 1992 case SIOCSIFMTU: 1993 /* 1994 * Set the interface MTU. 1995 */ 1996 VLAN_SLOCK(); 1997 trunk = TRUNK(ifv); 1998 if (trunk != NULL) { 1999 TRUNK_WLOCK(trunk); 2000 if (ifr->ifr_mtu > 2001 (PARENT(ifv)->if_mtu - ifv->ifv_mtufudge) || 2002 ifr->ifr_mtu < 2003 (ifv->ifv_mintu - ifv->ifv_mtufudge)) 2004 error = EINVAL; 2005 else 2006 ifp->if_mtu = ifr->ifr_mtu; 2007 TRUNK_WUNLOCK(trunk); 2008 } else 2009 error = EINVAL; 2010 VLAN_SUNLOCK(); 2011 break; 2012 2013 case SIOCSETVLAN: 2014 #ifdef VIMAGE 2015 /* 2016 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN 2017 * interface to be delegated to a jail without allowing the 2018 * jail to change what underlying interface/VID it is 2019 * associated with. We are not entirely convinced that this 2020 * is the right way to accomplish that policy goal. 2021 */ 2022 if (ifp->if_vnet != ifp->if_home_vnet) { 2023 error = EPERM; 2024 break; 2025 } 2026 #endif 2027 error = copyin(ifr_data_get_ptr(ifr), &vlr, sizeof(vlr)); 2028 if (error) 2029 break; 2030 if (vlr.vlr_parent[0] == '\0') { 2031 vlan_unconfig(ifp); 2032 break; 2033 } 2034 p = ifunit_ref(vlr.vlr_parent); 2035 if (p == NULL) { 2036 error = ENOENT; 2037 break; 2038 } 2039 #ifdef COMPAT_FREEBSD12 2040 if (vlr.vlr_proto == 0) 2041 vlr.vlr_proto = ETHERTYPE_VLAN; 2042 #endif 2043 oldmtu = ifp->if_mtu; 2044 error = vlan_config(ifv, p, vlr.vlr_tag, vlr.vlr_proto); 2045 if_rele(p); 2046 2047 /* 2048 * VLAN MTU may change during addition of the vlandev. 2049 * If it did, do network layer specific procedure. 2050 */ 2051 if (ifp->if_mtu != oldmtu) { 2052 #ifdef INET6 2053 nd6_setmtu(ifp); 2054 #endif 2055 rt_updatemtu(ifp); 2056 } 2057 break; 2058 2059 case SIOCGETVLAN: 2060 #ifdef VIMAGE 2061 if (ifp->if_vnet != ifp->if_home_vnet) { 2062 error = EPERM; 2063 break; 2064 } 2065 #endif 2066 bzero(&vlr, sizeof(vlr)); 2067 VLAN_SLOCK(); 2068 if (TRUNK(ifv) != NULL) { 2069 strlcpy(vlr.vlr_parent, PARENT(ifv)->if_xname, 2070 sizeof(vlr.vlr_parent)); 2071 vlr.vlr_tag = ifv->ifv_vid; 2072 vlr.vlr_proto = ifv->ifv_proto; 2073 } 2074 VLAN_SUNLOCK(); 2075 error = copyout(&vlr, ifr_data_get_ptr(ifr), sizeof(vlr)); 2076 break; 2077 2078 case SIOCSIFFLAGS: 2079 /* 2080 * We should propagate selected flags to the parent, 2081 * e.g., promiscuous mode. 2082 */ 2083 VLAN_XLOCK(); 2084 if (TRUNK(ifv) != NULL) 2085 error = vlan_setflags(ifp, 1); 2086 VLAN_XUNLOCK(); 2087 break; 2088 2089 case SIOCADDMULTI: 2090 case SIOCDELMULTI: 2091 /* 2092 * If we don't have a parent, just remember the membership for 2093 * when we do. 2094 * 2095 * XXX We need the rmlock here to avoid sleeping while 2096 * holding in6_multi_mtx. 2097 */ 2098 VLAN_XLOCK(); 2099 trunk = TRUNK(ifv); 2100 if (trunk != NULL) 2101 error = vlan_setmulti(ifp); 2102 VLAN_XUNLOCK(); 2103 2104 break; 2105 case SIOCGVLANPCP: 2106 #ifdef VIMAGE 2107 if (ifp->if_vnet != ifp->if_home_vnet) { 2108 error = EPERM; 2109 break; 2110 } 2111 #endif 2112 ifr->ifr_vlan_pcp = ifv->ifv_pcp; 2113 break; 2114 2115 case SIOCSVLANPCP: 2116 #ifdef VIMAGE 2117 if (ifp->if_vnet != ifp->if_home_vnet) { 2118 error = EPERM; 2119 break; 2120 } 2121 #endif 2122 error = priv_check(curthread, PRIV_NET_SETVLANPCP); 2123 if (error) 2124 break; 2125 if (ifr->ifr_vlan_pcp > VLAN_PCP_MAX) { 2126 error = EINVAL; 2127 break; 2128 } 2129 ifv->ifv_pcp = ifr->ifr_vlan_pcp; 2130 ifp->if_pcp = ifv->ifv_pcp; 2131 /* broadcast event about PCP change */ 2132 EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_PCP); 2133 break; 2134 2135 case SIOCSIFCAP: 2136 VLAN_SLOCK(); 2137 ifv->ifv_capenable = ifr->ifr_reqcap; 2138 trunk = TRUNK(ifv); 2139 if (trunk != NULL) { 2140 struct epoch_tracker et; 2141 2142 NET_EPOCH_ENTER(et); 2143 vlan_capabilities(ifv); 2144 NET_EPOCH_EXIT(et); 2145 } 2146 VLAN_SUNLOCK(); 2147 break; 2148 2149 default: 2150 error = EINVAL; 2151 break; 2152 } 2153 2154 return (error); 2155 } 2156 2157 #if defined(KERN_TLS) || defined(RATELIMIT) 2158 static int 2159 vlan_snd_tag_alloc(struct ifnet *ifp, 2160 union if_snd_tag_alloc_params *params, 2161 struct m_snd_tag **ppmt) 2162 { 2163 struct epoch_tracker et; 2164 const struct if_snd_tag_sw *sw; 2165 struct vlan_snd_tag *vst; 2166 struct ifvlan *ifv; 2167 struct ifnet *parent; 2168 int error; 2169 2170 switch (params->hdr.type) { 2171 #ifdef RATELIMIT 2172 case IF_SND_TAG_TYPE_UNLIMITED: 2173 sw = &vlan_snd_tag_ul_sw; 2174 break; 2175 case IF_SND_TAG_TYPE_RATE_LIMIT: 2176 sw = &vlan_snd_tag_rl_sw; 2177 break; 2178 #endif 2179 #ifdef KERN_TLS 2180 case IF_SND_TAG_TYPE_TLS: 2181 sw = &vlan_snd_tag_tls_sw; 2182 break; 2183 #ifdef RATELIMIT 2184 case IF_SND_TAG_TYPE_TLS_RATE_LIMIT: 2185 sw = &vlan_snd_tag_tls_rl_sw; 2186 break; 2187 #endif 2188 #endif 2189 default: 2190 return (EOPNOTSUPP); 2191 } 2192 2193 NET_EPOCH_ENTER(et); 2194 ifv = ifp->if_softc; 2195 if (ifv->ifv_trunk != NULL) 2196 parent = PARENT(ifv); 2197 else 2198 parent = NULL; 2199 if (parent == NULL) { 2200 NET_EPOCH_EXIT(et); 2201 return (EOPNOTSUPP); 2202 } 2203 if_ref(parent); 2204 NET_EPOCH_EXIT(et); 2205 2206 vst = malloc(sizeof(*vst), M_VLAN, M_NOWAIT); 2207 if (vst == NULL) { 2208 if_rele(parent); 2209 return (ENOMEM); 2210 } 2211 2212 error = m_snd_tag_alloc(parent, params, &vst->tag); 2213 if_rele(parent); 2214 if (error) { 2215 free(vst, M_VLAN); 2216 return (error); 2217 } 2218 2219 m_snd_tag_init(&vst->com, ifp, sw); 2220 2221 *ppmt = &vst->com; 2222 return (0); 2223 } 2224 2225 static struct m_snd_tag * 2226 vlan_next_snd_tag(struct m_snd_tag *mst) 2227 { 2228 struct vlan_snd_tag *vst; 2229 2230 vst = mst_to_vst(mst); 2231 return (vst->tag); 2232 } 2233 2234 static int 2235 vlan_snd_tag_modify(struct m_snd_tag *mst, 2236 union if_snd_tag_modify_params *params) 2237 { 2238 struct vlan_snd_tag *vst; 2239 2240 vst = mst_to_vst(mst); 2241 return (vst->tag->sw->snd_tag_modify(vst->tag, params)); 2242 } 2243 2244 static int 2245 vlan_snd_tag_query(struct m_snd_tag *mst, 2246 union if_snd_tag_query_params *params) 2247 { 2248 struct vlan_snd_tag *vst; 2249 2250 vst = mst_to_vst(mst); 2251 return (vst->tag->sw->snd_tag_query(vst->tag, params)); 2252 } 2253 2254 static void 2255 vlan_snd_tag_free(struct m_snd_tag *mst) 2256 { 2257 struct vlan_snd_tag *vst; 2258 2259 vst = mst_to_vst(mst); 2260 m_snd_tag_rele(vst->tag); 2261 free(vst, M_VLAN); 2262 } 2263 2264 static void 2265 vlan_ratelimit_query(struct ifnet *ifp __unused, struct if_ratelimit_query_results *q) 2266 { 2267 /* 2268 * For vlan, we have an indirect 2269 * interface. The caller needs to 2270 * get a ratelimit tag on the actual 2271 * interface the flow will go on. 2272 */ 2273 q->rate_table = NULL; 2274 q->flags = RT_IS_INDIRECT; 2275 q->max_flows = 0; 2276 q->number_of_rates = 0; 2277 } 2278 2279 #endif 2280