xref: /freebsd/sys/net/if_vlan.c (revision f5f7c05209ca2c3748fd8b27c5e80ffad49120eb)
1 /*-
2  * Copyright 1998 Massachusetts Institute of Technology
3  *
4  * Permission to use, copy, modify, and distribute this software and
5  * its documentation for any purpose and without fee is hereby
6  * granted, provided that both the above copyright notice and this
7  * permission notice appear in all copies, that both the above
8  * copyright notice and this permission notice appear in all
9  * supporting documentation, and that the name of M.I.T. not be used
10  * in advertising or publicity pertaining to distribution of the
11  * software without specific, written prior permission.  M.I.T. makes
12  * no representations about the suitability of this software for any
13  * purpose.  It is provided "as is" without express or implied
14  * warranty.
15  *
16  * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''.  M.I.T. DISCLAIMS
17  * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE,
18  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
20  * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 /*
31  * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs.
32  * Might be extended some day to also handle IEEE 802.1p priority
33  * tagging.  This is sort of sneaky in the implementation, since
34  * we need to pretend to be enough of an Ethernet implementation
35  * to make arp work.  The way we do this is by telling everyone
36  * that we are an Ethernet, and then catch the packets that
37  * ether_output() sends to us via if_transmit(), rewrite them for
38  * use by the real outgoing interface, and ask it to send them.
39  */
40 
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43 
44 #include "opt_vlan.h"
45 
46 #include <sys/param.h>
47 #include <sys/kernel.h>
48 #include <sys/lock.h>
49 #include <sys/malloc.h>
50 #include <sys/mbuf.h>
51 #include <sys/module.h>
52 #include <sys/rwlock.h>
53 #include <sys/queue.h>
54 #include <sys/socket.h>
55 #include <sys/sockio.h>
56 #include <sys/sysctl.h>
57 #include <sys/systm.h>
58 #include <sys/sx.h>
59 
60 #include <net/bpf.h>
61 #include <net/ethernet.h>
62 #include <net/if.h>
63 #include <net/if_clone.h>
64 #include <net/if_dl.h>
65 #include <net/if_types.h>
66 #include <net/if_vlan_var.h>
67 #include <net/vnet.h>
68 
69 #define	VLAN_DEF_HWIDTH	4
70 #define	VLAN_IFFLAGS	(IFF_BROADCAST | IFF_MULTICAST)
71 
72 #define	UP_AND_RUNNING(ifp) \
73     ((ifp)->if_flags & IFF_UP && (ifp)->if_drv_flags & IFF_DRV_RUNNING)
74 
75 LIST_HEAD(ifvlanhead, ifvlan);
76 
77 struct ifvlantrunk {
78 	struct	ifnet   *parent;	/* parent interface of this trunk */
79 	struct	rwlock	rw;
80 #ifdef VLAN_ARRAY
81 #define	VLAN_ARRAY_SIZE	(EVL_VLID_MASK + 1)
82 	struct	ifvlan	*vlans[VLAN_ARRAY_SIZE]; /* static table */
83 #else
84 	struct	ifvlanhead *hash;	/* dynamic hash-list table */
85 	uint16_t	hmask;
86 	uint16_t	hwidth;
87 #endif
88 	int		refcnt;
89 };
90 
91 struct vlan_mc_entry {
92 	struct sockaddr_dl		mc_addr;
93 	SLIST_ENTRY(vlan_mc_entry)	mc_entries;
94 };
95 
96 struct	ifvlan {
97 	struct	ifvlantrunk *ifv_trunk;
98 	struct	ifnet *ifv_ifp;
99 	void	*ifv_cookie;
100 #define	TRUNK(ifv)	((ifv)->ifv_trunk)
101 #define	PARENT(ifv)	((ifv)->ifv_trunk->parent)
102 	int	ifv_pflags;	/* special flags we have set on parent */
103 	struct	ifv_linkmib {
104 		int	ifvm_encaplen;	/* encapsulation length */
105 		int	ifvm_mtufudge;	/* MTU fudged by this much */
106 		int	ifvm_mintu;	/* min transmission unit */
107 		uint16_t ifvm_proto;	/* encapsulation ethertype */
108 		uint16_t ifvm_tag;	/* tag to apply on packets leaving if */
109 	}	ifv_mib;
110 	SLIST_HEAD(, vlan_mc_entry) vlan_mc_listhead;
111 #ifndef VLAN_ARRAY
112 	LIST_ENTRY(ifvlan) ifv_list;
113 #endif
114 };
115 #define	ifv_proto	ifv_mib.ifvm_proto
116 #define	ifv_vid		ifv_mib.ifvm_tag
117 #define	ifv_encaplen	ifv_mib.ifvm_encaplen
118 #define	ifv_mtufudge	ifv_mib.ifvm_mtufudge
119 #define	ifv_mintu	ifv_mib.ifvm_mintu
120 
121 /* Special flags we should propagate to parent. */
122 static struct {
123 	int flag;
124 	int (*func)(struct ifnet *, int);
125 } vlan_pflags[] = {
126 	{IFF_PROMISC, ifpromisc},
127 	{IFF_ALLMULTI, if_allmulti},
128 	{0, NULL}
129 };
130 
131 SYSCTL_DECL(_net_link);
132 static SYSCTL_NODE(_net_link, IFT_L2VLAN, vlan, CTLFLAG_RW, 0,
133     "IEEE 802.1Q VLAN");
134 static SYSCTL_NODE(_net_link_vlan, PF_LINK, link, CTLFLAG_RW, 0,
135     "for consistency");
136 
137 static int soft_pad = 0;
138 SYSCTL_INT(_net_link_vlan, OID_AUTO, soft_pad, CTLFLAG_RW, &soft_pad, 0,
139 	   "pad short frames before tagging");
140 
141 static const char vlanname[] = "vlan";
142 static MALLOC_DEFINE(M_VLAN, vlanname, "802.1Q Virtual LAN Interface");
143 
144 static eventhandler_tag ifdetach_tag;
145 static eventhandler_tag iflladdr_tag;
146 
147 /*
148  * We have a global mutex, that is used to serialize configuration
149  * changes and isn't used in normal packet delivery.
150  *
151  * We also have a per-trunk rwlock, that is locked shared on packet
152  * processing and exclusive when configuration is changed.
153  *
154  * The VLAN_ARRAY substitutes the dynamic hash with a static array
155  * with 4096 entries. In theory this can give a boost in processing,
156  * however on practice it does not. Probably this is because array
157  * is too big to fit into CPU cache.
158  */
159 static struct sx ifv_lock;
160 #define	VLAN_LOCK_INIT()	sx_init(&ifv_lock, "vlan_global")
161 #define	VLAN_LOCK_DESTROY()	sx_destroy(&ifv_lock)
162 #define	VLAN_LOCK_ASSERT()	sx_assert(&ifv_lock, SA_LOCKED)
163 #define	VLAN_LOCK()		sx_xlock(&ifv_lock)
164 #define	VLAN_UNLOCK()		sx_xunlock(&ifv_lock)
165 #define	TRUNK_LOCK_INIT(trunk)	rw_init(&(trunk)->rw, vlanname)
166 #define	TRUNK_LOCK_DESTROY(trunk) rw_destroy(&(trunk)->rw)
167 #define	TRUNK_LOCK(trunk)	rw_wlock(&(trunk)->rw)
168 #define	TRUNK_UNLOCK(trunk)	rw_wunlock(&(trunk)->rw)
169 #define	TRUNK_LOCK_ASSERT(trunk) rw_assert(&(trunk)->rw, RA_WLOCKED)
170 #define	TRUNK_RLOCK(trunk)	rw_rlock(&(trunk)->rw)
171 #define	TRUNK_RUNLOCK(trunk)	rw_runlock(&(trunk)->rw)
172 #define	TRUNK_LOCK_RASSERT(trunk) rw_assert(&(trunk)->rw, RA_RLOCKED)
173 
174 #ifndef VLAN_ARRAY
175 static	void vlan_inithash(struct ifvlantrunk *trunk);
176 static	void vlan_freehash(struct ifvlantrunk *trunk);
177 static	int vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv);
178 static	int vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv);
179 static	void vlan_growhash(struct ifvlantrunk *trunk, int howmuch);
180 static __inline struct ifvlan * vlan_gethash(struct ifvlantrunk *trunk,
181 	uint16_t vid);
182 #endif
183 static	void trunk_destroy(struct ifvlantrunk *trunk);
184 
185 static	void vlan_init(void *foo);
186 static	void vlan_input(struct ifnet *ifp, struct mbuf *m);
187 static	int vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr);
188 static	void vlan_qflush(struct ifnet *ifp);
189 static	int vlan_setflag(struct ifnet *ifp, int flag, int status,
190     int (*func)(struct ifnet *, int));
191 static	int vlan_setflags(struct ifnet *ifp, int status);
192 static	int vlan_setmulti(struct ifnet *ifp);
193 static	int vlan_transmit(struct ifnet *ifp, struct mbuf *m);
194 static	void vlan_unconfig(struct ifnet *ifp);
195 static	void vlan_unconfig_locked(struct ifnet *ifp, int departing);
196 static	int vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t tag);
197 static	void vlan_link_state(struct ifnet *ifp);
198 static	void vlan_capabilities(struct ifvlan *ifv);
199 static	void vlan_trunk_capabilities(struct ifnet *ifp);
200 
201 static	struct ifnet *vlan_clone_match_ethervid(struct if_clone *,
202     const char *, int *);
203 static	int vlan_clone_match(struct if_clone *, const char *);
204 static	int vlan_clone_create(struct if_clone *, char *, size_t, caddr_t);
205 static	int vlan_clone_destroy(struct if_clone *, struct ifnet *);
206 
207 static	void vlan_ifdetach(void *arg, struct ifnet *ifp);
208 static  void vlan_iflladdr(void *arg, struct ifnet *ifp);
209 
210 static struct if_clone *vlan_cloner;
211 
212 #ifdef VIMAGE
213 static VNET_DEFINE(struct if_clone *, vlan_cloner);
214 #define	V_vlan_cloner	VNET(vlan_cloner)
215 #endif
216 
217 #ifndef VLAN_ARRAY
218 #define HASH(n, m)	((((n) >> 8) ^ ((n) >> 4) ^ (n)) & (m))
219 
220 static void
221 vlan_inithash(struct ifvlantrunk *trunk)
222 {
223 	int i, n;
224 
225 	/*
226 	 * The trunk must not be locked here since we call malloc(M_WAITOK).
227 	 * It is OK in case this function is called before the trunk struct
228 	 * gets hooked up and becomes visible from other threads.
229 	 */
230 
231 	KASSERT(trunk->hwidth == 0 && trunk->hash == NULL,
232 	    ("%s: hash already initialized", __func__));
233 
234 	trunk->hwidth = VLAN_DEF_HWIDTH;
235 	n = 1 << trunk->hwidth;
236 	trunk->hmask = n - 1;
237 	trunk->hash = malloc(sizeof(struct ifvlanhead) * n, M_VLAN, M_WAITOK);
238 	for (i = 0; i < n; i++)
239 		LIST_INIT(&trunk->hash[i]);
240 }
241 
242 static void
243 vlan_freehash(struct ifvlantrunk *trunk)
244 {
245 #ifdef INVARIANTS
246 	int i;
247 
248 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
249 	for (i = 0; i < (1 << trunk->hwidth); i++)
250 		KASSERT(LIST_EMPTY(&trunk->hash[i]),
251 		    ("%s: hash table not empty", __func__));
252 #endif
253 	free(trunk->hash, M_VLAN);
254 	trunk->hash = NULL;
255 	trunk->hwidth = trunk->hmask = 0;
256 }
257 
258 static int
259 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
260 {
261 	int i, b;
262 	struct ifvlan *ifv2;
263 
264 	TRUNK_LOCK_ASSERT(trunk);
265 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
266 
267 	b = 1 << trunk->hwidth;
268 	i = HASH(ifv->ifv_vid, trunk->hmask);
269 	LIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
270 		if (ifv->ifv_vid == ifv2->ifv_vid)
271 			return (EEXIST);
272 
273 	/*
274 	 * Grow the hash when the number of vlans exceeds half of the number of
275 	 * hash buckets squared. This will make the average linked-list length
276 	 * buckets/2.
277 	 */
278 	if (trunk->refcnt > (b * b) / 2) {
279 		vlan_growhash(trunk, 1);
280 		i = HASH(ifv->ifv_vid, trunk->hmask);
281 	}
282 	LIST_INSERT_HEAD(&trunk->hash[i], ifv, ifv_list);
283 	trunk->refcnt++;
284 
285 	return (0);
286 }
287 
288 static int
289 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
290 {
291 	int i, b;
292 	struct ifvlan *ifv2;
293 
294 	TRUNK_LOCK_ASSERT(trunk);
295 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
296 
297 	b = 1 << trunk->hwidth;
298 	i = HASH(ifv->ifv_vid, trunk->hmask);
299 	LIST_FOREACH(ifv2, &trunk->hash[i], ifv_list)
300 		if (ifv2 == ifv) {
301 			trunk->refcnt--;
302 			LIST_REMOVE(ifv2, ifv_list);
303 			if (trunk->refcnt < (b * b) / 2)
304 				vlan_growhash(trunk, -1);
305 			return (0);
306 		}
307 
308 	panic("%s: vlan not found\n", __func__);
309 	return (ENOENT); /*NOTREACHED*/
310 }
311 
312 /*
313  * Grow the hash larger or smaller if memory permits.
314  */
315 static void
316 vlan_growhash(struct ifvlantrunk *trunk, int howmuch)
317 {
318 	struct ifvlan *ifv;
319 	struct ifvlanhead *hash2;
320 	int hwidth2, i, j, n, n2;
321 
322 	TRUNK_LOCK_ASSERT(trunk);
323 	KASSERT(trunk->hwidth > 0, ("%s: hwidth not positive", __func__));
324 
325 	if (howmuch == 0) {
326 		/* Harmless yet obvious coding error */
327 		printf("%s: howmuch is 0\n", __func__);
328 		return;
329 	}
330 
331 	hwidth2 = trunk->hwidth + howmuch;
332 	n = 1 << trunk->hwidth;
333 	n2 = 1 << hwidth2;
334 	/* Do not shrink the table below the default */
335 	if (hwidth2 < VLAN_DEF_HWIDTH)
336 		return;
337 
338 	/* M_NOWAIT because we're called with trunk mutex held */
339 	hash2 = malloc(sizeof(struct ifvlanhead) * n2, M_VLAN, M_NOWAIT);
340 	if (hash2 == NULL) {
341 		printf("%s: out of memory -- hash size not changed\n",
342 		    __func__);
343 		return;		/* We can live with the old hash table */
344 	}
345 	for (j = 0; j < n2; j++)
346 		LIST_INIT(&hash2[j]);
347 	for (i = 0; i < n; i++)
348 		while ((ifv = LIST_FIRST(&trunk->hash[i])) != NULL) {
349 			LIST_REMOVE(ifv, ifv_list);
350 			j = HASH(ifv->ifv_vid, n2 - 1);
351 			LIST_INSERT_HEAD(&hash2[j], ifv, ifv_list);
352 		}
353 	free(trunk->hash, M_VLAN);
354 	trunk->hash = hash2;
355 	trunk->hwidth = hwidth2;
356 	trunk->hmask = n2 - 1;
357 
358 	if (bootverbose)
359 		if_printf(trunk->parent,
360 		    "VLAN hash table resized from %d to %d buckets\n", n, n2);
361 }
362 
363 static __inline struct ifvlan *
364 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid)
365 {
366 	struct ifvlan *ifv;
367 
368 	TRUNK_LOCK_RASSERT(trunk);
369 
370 	LIST_FOREACH(ifv, &trunk->hash[HASH(vid, trunk->hmask)], ifv_list)
371 		if (ifv->ifv_vid == vid)
372 			return (ifv);
373 	return (NULL);
374 }
375 
376 #if 0
377 /* Debugging code to view the hashtables. */
378 static void
379 vlan_dumphash(struct ifvlantrunk *trunk)
380 {
381 	int i;
382 	struct ifvlan *ifv;
383 
384 	for (i = 0; i < (1 << trunk->hwidth); i++) {
385 		printf("%d: ", i);
386 		LIST_FOREACH(ifv, &trunk->hash[i], ifv_list)
387 			printf("%s ", ifv->ifv_ifp->if_xname);
388 		printf("\n");
389 	}
390 }
391 #endif /* 0 */
392 #else
393 
394 static __inline struct ifvlan *
395 vlan_gethash(struct ifvlantrunk *trunk, uint16_t vid)
396 {
397 
398 	return trunk->vlans[vid];
399 }
400 
401 static __inline int
402 vlan_inshash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
403 {
404 
405 	if (trunk->vlans[ifv->ifv_vid] != NULL)
406 		return EEXIST;
407 	trunk->vlans[ifv->ifv_vid] = ifv;
408 	trunk->refcnt++;
409 
410 	return (0);
411 }
412 
413 static __inline int
414 vlan_remhash(struct ifvlantrunk *trunk, struct ifvlan *ifv)
415 {
416 
417 	trunk->vlans[ifv->ifv_vid] = NULL;
418 	trunk->refcnt--;
419 
420 	return (0);
421 }
422 
423 static __inline void
424 vlan_freehash(struct ifvlantrunk *trunk)
425 {
426 }
427 
428 static __inline void
429 vlan_inithash(struct ifvlantrunk *trunk)
430 {
431 }
432 
433 #endif /* !VLAN_ARRAY */
434 
435 static void
436 trunk_destroy(struct ifvlantrunk *trunk)
437 {
438 	VLAN_LOCK_ASSERT();
439 
440 	TRUNK_LOCK(trunk);
441 	vlan_freehash(trunk);
442 	trunk->parent->if_vlantrunk = NULL;
443 	TRUNK_UNLOCK(trunk);
444 	TRUNK_LOCK_DESTROY(trunk);
445 	free(trunk, M_VLAN);
446 }
447 
448 /*
449  * Program our multicast filter. What we're actually doing is
450  * programming the multicast filter of the parent. This has the
451  * side effect of causing the parent interface to receive multicast
452  * traffic that it doesn't really want, which ends up being discarded
453  * later by the upper protocol layers. Unfortunately, there's no way
454  * to avoid this: there really is only one physical interface.
455  *
456  * XXX: There is a possible race here if more than one thread is
457  *      modifying the multicast state of the vlan interface at the same time.
458  */
459 static int
460 vlan_setmulti(struct ifnet *ifp)
461 {
462 	struct ifnet		*ifp_p;
463 	struct ifmultiaddr	*ifma, *rifma = NULL;
464 	struct ifvlan		*sc;
465 	struct vlan_mc_entry	*mc;
466 	int			error;
467 
468 	/*VLAN_LOCK_ASSERT();*/
469 
470 	/* Find the parent. */
471 	sc = ifp->if_softc;
472 	ifp_p = PARENT(sc);
473 
474 	CURVNET_SET_QUIET(ifp_p->if_vnet);
475 
476 	/* First, remove any existing filter entries. */
477 	while ((mc = SLIST_FIRST(&sc->vlan_mc_listhead)) != NULL) {
478 		error = if_delmulti(ifp_p, (struct sockaddr *)&mc->mc_addr);
479 		if (error)
480 			return (error);
481 		SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead, mc_entries);
482 		free(mc, M_VLAN);
483 	}
484 
485 	/* Now program new ones. */
486 	TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
487 		if (ifma->ifma_addr->sa_family != AF_LINK)
488 			continue;
489 		mc = malloc(sizeof(struct vlan_mc_entry), M_VLAN, M_NOWAIT);
490 		if (mc == NULL)
491 			return (ENOMEM);
492 		bcopy(ifma->ifma_addr, &mc->mc_addr, ifma->ifma_addr->sa_len);
493 		mc->mc_addr.sdl_index = ifp_p->if_index;
494 		SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries);
495 		error = if_addmulti(ifp_p, (struct sockaddr *)&mc->mc_addr,
496 		    &rifma);
497 		if (error)
498 			return (error);
499 	}
500 
501 	CURVNET_RESTORE();
502 	return (0);
503 }
504 
505 /*
506  * A handler for parent interface link layer address changes.
507  * If the parent interface link layer address is changed we
508  * should also change it on all children vlans.
509  */
510 static void
511 vlan_iflladdr(void *arg __unused, struct ifnet *ifp)
512 {
513 	struct ifvlan *ifv;
514 #ifndef VLAN_ARRAY
515 	struct ifvlan *next;
516 #endif
517 	int i;
518 
519 	/*
520 	 * Check if it's a trunk interface first of all
521 	 * to avoid needless locking.
522 	 */
523 	if (ifp->if_vlantrunk == NULL)
524 		return;
525 
526 	VLAN_LOCK();
527 	/*
528 	 * OK, it's a trunk.  Loop over and change all vlan's lladdrs on it.
529 	 */
530 #ifdef VLAN_ARRAY
531 	for (i = 0; i < VLAN_ARRAY_SIZE; i++)
532 		if ((ifv = ifp->if_vlantrunk->vlans[i])) {
533 #else /* VLAN_ARRAY */
534 	for (i = 0; i < (1 << ifp->if_vlantrunk->hwidth); i++)
535 		LIST_FOREACH_SAFE(ifv, &ifp->if_vlantrunk->hash[i], ifv_list, next) {
536 #endif /* VLAN_ARRAY */
537 			VLAN_UNLOCK();
538 			if_setlladdr(ifv->ifv_ifp, IF_LLADDR(ifp),
539 			    ifp->if_addrlen);
540 			VLAN_LOCK();
541 		}
542 	VLAN_UNLOCK();
543 
544 }
545 
546 /*
547  * A handler for network interface departure events.
548  * Track departure of trunks here so that we don't access invalid
549  * pointers or whatever if a trunk is ripped from under us, e.g.,
550  * by ejecting its hot-plug card.  However, if an ifnet is simply
551  * being renamed, then there's no need to tear down the state.
552  */
553 static void
554 vlan_ifdetach(void *arg __unused, struct ifnet *ifp)
555 {
556 	struct ifvlan *ifv;
557 	int i;
558 
559 	/*
560 	 * Check if it's a trunk interface first of all
561 	 * to avoid needless locking.
562 	 */
563 	if (ifp->if_vlantrunk == NULL)
564 		return;
565 
566 	/* If the ifnet is just being renamed, don't do anything. */
567 	if (ifp->if_flags & IFF_RENAMING)
568 		return;
569 
570 	VLAN_LOCK();
571 	/*
572 	 * OK, it's a trunk.  Loop over and detach all vlan's on it.
573 	 * Check trunk pointer after each vlan_unconfig() as it will
574 	 * free it and set to NULL after the last vlan was detached.
575 	 */
576 #ifdef VLAN_ARRAY
577 	for (i = 0; i < VLAN_ARRAY_SIZE; i++)
578 		if ((ifv = ifp->if_vlantrunk->vlans[i])) {
579 			vlan_unconfig_locked(ifv->ifv_ifp, 1);
580 			if (ifp->if_vlantrunk == NULL)
581 				break;
582 		}
583 #else /* VLAN_ARRAY */
584 restart:
585 	for (i = 0; i < (1 << ifp->if_vlantrunk->hwidth); i++)
586 		if ((ifv = LIST_FIRST(&ifp->if_vlantrunk->hash[i]))) {
587 			vlan_unconfig_locked(ifv->ifv_ifp, 1);
588 			if (ifp->if_vlantrunk)
589 				goto restart;	/* trunk->hwidth can change */
590 			else
591 				break;
592 		}
593 #endif /* VLAN_ARRAY */
594 	/* Trunk should have been destroyed in vlan_unconfig(). */
595 	KASSERT(ifp->if_vlantrunk == NULL, ("%s: purge failed", __func__));
596 	VLAN_UNLOCK();
597 }
598 
599 /*
600  * Return the trunk device for a virtual interface.
601  */
602 static struct ifnet  *
603 vlan_trunkdev(struct ifnet *ifp)
604 {
605 	struct ifvlan *ifv;
606 
607 	if (ifp->if_type != IFT_L2VLAN)
608 		return (NULL);
609 	ifv = ifp->if_softc;
610 	ifp = NULL;
611 	VLAN_LOCK();
612 	if (ifv->ifv_trunk)
613 		ifp = PARENT(ifv);
614 	VLAN_UNLOCK();
615 	return (ifp);
616 }
617 
618 /*
619  * Return the 12-bit VLAN VID for this interface, for use by external
620  * components such as Infiniband.
621  *
622  * XXXRW: Note that the function name here is historical; it should be named
623  * vlan_vid().
624  */
625 static int
626 vlan_tag(struct ifnet *ifp, uint16_t *vidp)
627 {
628 	struct ifvlan *ifv;
629 
630 	if (ifp->if_type != IFT_L2VLAN)
631 		return (EINVAL);
632 	ifv = ifp->if_softc;
633 	*vidp = ifv->ifv_vid;
634 	return (0);
635 }
636 
637 /*
638  * Return a driver specific cookie for this interface.  Synchronization
639  * with setcookie must be provided by the driver.
640  */
641 static void *
642 vlan_cookie(struct ifnet *ifp)
643 {
644 	struct ifvlan *ifv;
645 
646 	if (ifp->if_type != IFT_L2VLAN)
647 		return (NULL);
648 	ifv = ifp->if_softc;
649 	return (ifv->ifv_cookie);
650 }
651 
652 /*
653  * Store a cookie in our softc that drivers can use to store driver
654  * private per-instance data in.
655  */
656 static int
657 vlan_setcookie(struct ifnet *ifp, void *cookie)
658 {
659 	struct ifvlan *ifv;
660 
661 	if (ifp->if_type != IFT_L2VLAN)
662 		return (EINVAL);
663 	ifv = ifp->if_softc;
664 	ifv->ifv_cookie = cookie;
665 	return (0);
666 }
667 
668 /*
669  * Return the vlan device present at the specific VID.
670  */
671 static struct ifnet *
672 vlan_devat(struct ifnet *ifp, uint16_t vid)
673 {
674 	struct ifvlantrunk *trunk;
675 	struct ifvlan *ifv;
676 
677 	trunk = ifp->if_vlantrunk;
678 	if (trunk == NULL)
679 		return (NULL);
680 	ifp = NULL;
681 	TRUNK_RLOCK(trunk);
682 	ifv = vlan_gethash(trunk, vid);
683 	if (ifv)
684 		ifp = ifv->ifv_ifp;
685 	TRUNK_RUNLOCK(trunk);
686 	return (ifp);
687 }
688 
689 /*
690  * VLAN support can be loaded as a module.  The only place in the
691  * system that's intimately aware of this is ether_input.  We hook
692  * into this code through vlan_input_p which is defined there and
693  * set here.  Noone else in the system should be aware of this so
694  * we use an explicit reference here.
695  */
696 extern	void (*vlan_input_p)(struct ifnet *, struct mbuf *);
697 
698 /* For if_link_state_change() eyes only... */
699 extern	void (*vlan_link_state_p)(struct ifnet *);
700 
701 static int
702 vlan_modevent(module_t mod, int type, void *data)
703 {
704 
705 	switch (type) {
706 	case MOD_LOAD:
707 		ifdetach_tag = EVENTHANDLER_REGISTER(ifnet_departure_event,
708 		    vlan_ifdetach, NULL, EVENTHANDLER_PRI_ANY);
709 		if (ifdetach_tag == NULL)
710 			return (ENOMEM);
711 		iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event,
712 		    vlan_iflladdr, NULL, EVENTHANDLER_PRI_ANY);
713 		if (iflladdr_tag == NULL)
714 			return (ENOMEM);
715 		VLAN_LOCK_INIT();
716 		vlan_input_p = vlan_input;
717 		vlan_link_state_p = vlan_link_state;
718 		vlan_trunk_cap_p = vlan_trunk_capabilities;
719 		vlan_trunkdev_p = vlan_trunkdev;
720 		vlan_cookie_p = vlan_cookie;
721 		vlan_setcookie_p = vlan_setcookie;
722 		vlan_tag_p = vlan_tag;
723 		vlan_devat_p = vlan_devat;
724 #ifndef VIMAGE
725 		vlan_cloner = if_clone_advanced(vlanname, 0, vlan_clone_match,
726 		    vlan_clone_create, vlan_clone_destroy);
727 #endif
728 		if (bootverbose)
729 			printf("vlan: initialized, using "
730 #ifdef VLAN_ARRAY
731 			       "full-size arrays"
732 #else
733 			       "hash tables with chaining"
734 #endif
735 
736 			       "\n");
737 		break;
738 	case MOD_UNLOAD:
739 #ifndef VIMAGE
740 		if_clone_detach(vlan_cloner);
741 #endif
742 		EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_tag);
743 		EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_tag);
744 		vlan_input_p = NULL;
745 		vlan_link_state_p = NULL;
746 		vlan_trunk_cap_p = NULL;
747 		vlan_trunkdev_p = NULL;
748 		vlan_tag_p = NULL;
749 		vlan_cookie_p = NULL;
750 		vlan_setcookie_p = NULL;
751 		vlan_devat_p = NULL;
752 		VLAN_LOCK_DESTROY();
753 		if (bootverbose)
754 			printf("vlan: unloaded\n");
755 		break;
756 	default:
757 		return (EOPNOTSUPP);
758 	}
759 	return (0);
760 }
761 
762 static moduledata_t vlan_mod = {
763 	"if_vlan",
764 	vlan_modevent,
765 	0
766 };
767 
768 DECLARE_MODULE(if_vlan, vlan_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
769 MODULE_VERSION(if_vlan, 3);
770 
771 #ifdef VIMAGE
772 static void
773 vnet_vlan_init(const void *unused __unused)
774 {
775 
776 	vlan_cloner = if_clone_advanced(vlanname, 0, vlan_clone_match,
777 		    vlan_clone_create, vlan_clone_destroy);
778 	V_vlan_cloner = vlan_cloner;
779 }
780 VNET_SYSINIT(vnet_vlan_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
781     vnet_vlan_init, NULL);
782 
783 static void
784 vnet_vlan_uninit(const void *unused __unused)
785 {
786 
787 	if_clone_detach(V_vlan_cloner);
788 }
789 VNET_SYSUNINIT(vnet_vlan_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_FIRST,
790     vnet_vlan_uninit, NULL);
791 #endif
792 
793 static struct ifnet *
794 vlan_clone_match_ethervid(struct if_clone *ifc, const char *name, int *vidp)
795 {
796 	const char *cp;
797 	struct ifnet *ifp;
798 	int vid;
799 
800 	/* Check for <etherif>.<vlan> style interface names. */
801 	IFNET_RLOCK_NOSLEEP();
802 	TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
803 		/*
804 		 * We can handle non-ethernet hardware types as long as
805 		 * they handle the tagging and headers themselves.
806 		 */
807 		if (ifp->if_type != IFT_ETHER &&
808 		    (ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0)
809 			continue;
810 		if (strncmp(ifp->if_xname, name, strlen(ifp->if_xname)) != 0)
811 			continue;
812 		cp = name + strlen(ifp->if_xname);
813 		if (*cp++ != '.')
814 			continue;
815 		if (*cp == '\0')
816 			continue;
817 		vid = 0;
818 		for(; *cp >= '0' && *cp <= '9'; cp++)
819 			vid = (vid * 10) + (*cp - '0');
820 		if (*cp != '\0')
821 			continue;
822 		if (vidp != NULL)
823 			*vidp = vid;
824 		break;
825 	}
826 	IFNET_RUNLOCK_NOSLEEP();
827 
828 	return (ifp);
829 }
830 
831 static int
832 vlan_clone_match(struct if_clone *ifc, const char *name)
833 {
834 	const char *cp;
835 
836 	if (vlan_clone_match_ethervid(ifc, name, NULL) != NULL)
837 		return (1);
838 
839 	if (strncmp(vlanname, name, strlen(vlanname)) != 0)
840 		return (0);
841 	for (cp = name + 4; *cp != '\0'; cp++) {
842 		if (*cp < '0' || *cp > '9')
843 			return (0);
844 	}
845 
846 	return (1);
847 }
848 
849 static int
850 vlan_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
851 {
852 	char *dp;
853 	int wildcard;
854 	int unit;
855 	int error;
856 	int vid;
857 	int ethertag;
858 	struct ifvlan *ifv;
859 	struct ifnet *ifp;
860 	struct ifnet *p;
861 	struct ifaddr *ifa;
862 	struct sockaddr_dl *sdl;
863 	struct vlanreq vlr;
864 	static const u_char eaddr[ETHER_ADDR_LEN];	/* 00:00:00:00:00:00 */
865 
866 	/*
867 	 * There are 3 (ugh) ways to specify the cloned device:
868 	 * o pass a parameter block with the clone request.
869 	 * o specify parameters in the text of the clone device name
870 	 * o specify no parameters and get an unattached device that
871 	 *   must be configured separately.
872 	 * The first technique is preferred; the latter two are
873 	 * supported for backwards compatibilty.
874 	 *
875 	 * XXXRW: Note historic use of the word "tag" here.  New ioctls may be
876 	 * called for.
877 	 */
878 	if (params) {
879 		error = copyin(params, &vlr, sizeof(vlr));
880 		if (error)
881 			return error;
882 		p = ifunit(vlr.vlr_parent);
883 		if (p == NULL)
884 			return ENXIO;
885 		/*
886 		 * Don't let the caller set up a VLAN VID with
887 		 * anything except VLID bits.
888 		 */
889 		if (vlr.vlr_tag & ~EVL_VLID_MASK)
890 			return (EINVAL);
891 		error = ifc_name2unit(name, &unit);
892 		if (error != 0)
893 			return (error);
894 
895 		ethertag = 1;
896 		vid = vlr.vlr_tag;
897 		wildcard = (unit < 0);
898 	} else if ((p = vlan_clone_match_ethervid(ifc, name, &vid)) != NULL) {
899 		ethertag = 1;
900 		unit = -1;
901 		wildcard = 0;
902 
903 		/*
904 		 * Don't let the caller set up a VLAN VID with
905 		 * anything except VLID bits.
906 		 */
907 		if (vid & ~EVL_VLID_MASK)
908 			return (EINVAL);
909 	} else {
910 		ethertag = 0;
911 
912 		error = ifc_name2unit(name, &unit);
913 		if (error != 0)
914 			return (error);
915 
916 		wildcard = (unit < 0);
917 	}
918 
919 	error = ifc_alloc_unit(ifc, &unit);
920 	if (error != 0)
921 		return (error);
922 
923 	/* In the wildcard case, we need to update the name. */
924 	if (wildcard) {
925 		for (dp = name; *dp != '\0'; dp++);
926 		if (snprintf(dp, len - (dp-name), "%d", unit) >
927 		    len - (dp-name) - 1) {
928 			panic("%s: interface name too long", __func__);
929 		}
930 	}
931 
932 	ifv = malloc(sizeof(struct ifvlan), M_VLAN, M_WAITOK | M_ZERO);
933 	ifp = ifv->ifv_ifp = if_alloc(IFT_ETHER);
934 	if (ifp == NULL) {
935 		ifc_free_unit(ifc, unit);
936 		free(ifv, M_VLAN);
937 		return (ENOSPC);
938 	}
939 	SLIST_INIT(&ifv->vlan_mc_listhead);
940 
941 	ifp->if_softc = ifv;
942 	/*
943 	 * Set the name manually rather than using if_initname because
944 	 * we don't conform to the default naming convention for interfaces.
945 	 */
946 	strlcpy(ifp->if_xname, name, IFNAMSIZ);
947 	ifp->if_dname = vlanname;
948 	ifp->if_dunit = unit;
949 	/* NB: flags are not set here */
950 	ifp->if_linkmib = &ifv->ifv_mib;
951 	ifp->if_linkmiblen = sizeof(ifv->ifv_mib);
952 	/* NB: mtu is not set here */
953 
954 	ifp->if_init = vlan_init;
955 	ifp->if_transmit = vlan_transmit;
956 	ifp->if_qflush = vlan_qflush;
957 	ifp->if_ioctl = vlan_ioctl;
958 	ifp->if_flags = VLAN_IFFLAGS;
959 	ether_ifattach(ifp, eaddr);
960 	/* Now undo some of the damage... */
961 	ifp->if_baudrate = 0;
962 	ifp->if_type = IFT_L2VLAN;
963 	ifp->if_hdrlen = ETHER_VLAN_ENCAP_LEN;
964 	ifa = ifp->if_addr;
965 	sdl = (struct sockaddr_dl *)ifa->ifa_addr;
966 	sdl->sdl_type = IFT_L2VLAN;
967 
968 	if (ethertag) {
969 		error = vlan_config(ifv, p, vid);
970 		if (error != 0) {
971 			/*
972 			 * Since we've partially failed, we need to back
973 			 * out all the way, otherwise userland could get
974 			 * confused.  Thus, we destroy the interface.
975 			 */
976 			ether_ifdetach(ifp);
977 			vlan_unconfig(ifp);
978 			if_free(ifp);
979 			ifc_free_unit(ifc, unit);
980 			free(ifv, M_VLAN);
981 
982 			return (error);
983 		}
984 
985 		/* Update flags on the parent, if necessary. */
986 		vlan_setflags(ifp, 1);
987 	}
988 
989 	return (0);
990 }
991 
992 static int
993 vlan_clone_destroy(struct if_clone *ifc, struct ifnet *ifp)
994 {
995 	struct ifvlan *ifv = ifp->if_softc;
996 	int unit = ifp->if_dunit;
997 
998 	ether_ifdetach(ifp);	/* first, remove it from system-wide lists */
999 	vlan_unconfig(ifp);	/* now it can be unconfigured and freed */
1000 	if_free(ifp);
1001 	free(ifv, M_VLAN);
1002 	ifc_free_unit(ifc, unit);
1003 
1004 	return (0);
1005 }
1006 
1007 /*
1008  * The ifp->if_init entry point for vlan(4) is a no-op.
1009  */
1010 static void
1011 vlan_init(void *foo __unused)
1012 {
1013 }
1014 
1015 /*
1016  * The if_transmit method for vlan(4) interface.
1017  */
1018 static int
1019 vlan_transmit(struct ifnet *ifp, struct mbuf *m)
1020 {
1021 	struct ifvlan *ifv;
1022 	struct ifnet *p;
1023 	int error, len, mcast;
1024 
1025 	ifv = ifp->if_softc;
1026 	p = PARENT(ifv);
1027 	len = m->m_pkthdr.len;
1028 	mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1 : 0;
1029 
1030 	BPF_MTAP(ifp, m);
1031 
1032 	/*
1033 	 * Do not run parent's if_transmit() if the parent is not up,
1034 	 * or parent's driver will cause a system crash.
1035 	 */
1036 	if (!UP_AND_RUNNING(p)) {
1037 		m_freem(m);
1038 		ifp->if_oerrors++;
1039 		return (0);
1040 	}
1041 
1042 	/*
1043 	 * Pad the frame to the minimum size allowed if told to.
1044 	 * This option is in accord with IEEE Std 802.1Q, 2003 Ed.,
1045 	 * paragraph C.4.4.3.b.  It can help to work around buggy
1046 	 * bridges that violate paragraph C.4.4.3.a from the same
1047 	 * document, i.e., fail to pad short frames after untagging.
1048 	 * E.g., a tagged frame 66 bytes long (incl. FCS) is OK, but
1049 	 * untagging it will produce a 62-byte frame, which is a runt
1050 	 * and requires padding.  There are VLAN-enabled network
1051 	 * devices that just discard such runts instead or mishandle
1052 	 * them somehow.
1053 	 */
1054 	if (soft_pad && p->if_type == IFT_ETHER) {
1055 		static char pad[8];	/* just zeros */
1056 		int n;
1057 
1058 		for (n = ETHERMIN + ETHER_HDR_LEN - m->m_pkthdr.len;
1059 		     n > 0; n -= sizeof(pad))
1060 			if (!m_append(m, min(n, sizeof(pad)), pad))
1061 				break;
1062 
1063 		if (n > 0) {
1064 			if_printf(ifp, "cannot pad short frame\n");
1065 			ifp->if_oerrors++;
1066 			m_freem(m);
1067 			return (0);
1068 		}
1069 	}
1070 
1071 	/*
1072 	 * If underlying interface can do VLAN tag insertion itself,
1073 	 * just pass the packet along. However, we need some way to
1074 	 * tell the interface where the packet came from so that it
1075 	 * knows how to find the VLAN tag to use, so we attach a
1076 	 * packet tag that holds it.
1077 	 */
1078 	if (p->if_capenable & IFCAP_VLAN_HWTAGGING) {
1079 		m->m_pkthdr.ether_vtag = ifv->ifv_vid;
1080 		m->m_flags |= M_VLANTAG;
1081 	} else {
1082 		m = ether_vlanencap(m, ifv->ifv_vid);
1083 		if (m == NULL) {
1084 			if_printf(ifp, "unable to prepend VLAN header\n");
1085 			ifp->if_oerrors++;
1086 			return (0);
1087 		}
1088 	}
1089 
1090 	/*
1091 	 * Send it, precisely as ether_output() would have.
1092 	 */
1093 	error = (p->if_transmit)(p, m);
1094 	if (!error) {
1095 		ifp->if_opackets++;
1096 		ifp->if_omcasts += mcast;
1097 		ifp->if_obytes += len;
1098 	} else
1099 		ifp->if_oerrors++;
1100 	return (error);
1101 }
1102 
1103 /*
1104  * The ifp->if_qflush entry point for vlan(4) is a no-op.
1105  */
1106 static void
1107 vlan_qflush(struct ifnet *ifp __unused)
1108 {
1109 }
1110 
1111 static void
1112 vlan_input(struct ifnet *ifp, struct mbuf *m)
1113 {
1114 	struct ifvlantrunk *trunk = ifp->if_vlantrunk;
1115 	struct ifvlan *ifv;
1116 	uint16_t vid;
1117 
1118 	KASSERT(trunk != NULL, ("%s: no trunk", __func__));
1119 
1120 	if (m->m_flags & M_VLANTAG) {
1121 		/*
1122 		 * Packet is tagged, but m contains a normal
1123 		 * Ethernet frame; the tag is stored out-of-band.
1124 		 */
1125 		vid = EVL_VLANOFTAG(m->m_pkthdr.ether_vtag);
1126 		m->m_flags &= ~M_VLANTAG;
1127 	} else {
1128 		struct ether_vlan_header *evl;
1129 
1130 		/*
1131 		 * Packet is tagged in-band as specified by 802.1q.
1132 		 */
1133 		switch (ifp->if_type) {
1134 		case IFT_ETHER:
1135 			if (m->m_len < sizeof(*evl) &&
1136 			    (m = m_pullup(m, sizeof(*evl))) == NULL) {
1137 				if_printf(ifp, "cannot pullup VLAN header\n");
1138 				return;
1139 			}
1140 			evl = mtod(m, struct ether_vlan_header *);
1141 			vid = EVL_VLANOFTAG(ntohs(evl->evl_tag));
1142 
1143 			/*
1144 			 * Remove the 802.1q header by copying the Ethernet
1145 			 * addresses over it and adjusting the beginning of
1146 			 * the data in the mbuf.  The encapsulated Ethernet
1147 			 * type field is already in place.
1148 			 */
1149 			bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN,
1150 			      ETHER_HDR_LEN - ETHER_TYPE_LEN);
1151 			m_adj(m, ETHER_VLAN_ENCAP_LEN);
1152 			break;
1153 
1154 		default:
1155 #ifdef INVARIANTS
1156 			panic("%s: %s has unsupported if_type %u",
1157 			      __func__, ifp->if_xname, ifp->if_type);
1158 #endif
1159 			m_freem(m);
1160 			ifp->if_noproto++;
1161 			return;
1162 		}
1163 	}
1164 
1165 	TRUNK_RLOCK(trunk);
1166 	ifv = vlan_gethash(trunk, vid);
1167 	if (ifv == NULL || !UP_AND_RUNNING(ifv->ifv_ifp)) {
1168 		TRUNK_RUNLOCK(trunk);
1169 		m_freem(m);
1170 		ifp->if_noproto++;
1171 		return;
1172 	}
1173 	TRUNK_RUNLOCK(trunk);
1174 
1175 	m->m_pkthdr.rcvif = ifv->ifv_ifp;
1176 	ifv->ifv_ifp->if_ipackets++;
1177 
1178 	/* Pass it back through the parent's input routine. */
1179 	(*ifp->if_input)(ifv->ifv_ifp, m);
1180 }
1181 
1182 static int
1183 vlan_config(struct ifvlan *ifv, struct ifnet *p, uint16_t vid)
1184 {
1185 	struct ifvlantrunk *trunk;
1186 	struct ifnet *ifp;
1187 	int error = 0;
1188 
1189 	/* VID numbers 0x0 and 0xFFF are reserved */
1190 	if (vid == 0 || vid == 0xFFF)
1191 		return (EINVAL);
1192 	if (p->if_type != IFT_ETHER &&
1193 	    (p->if_capenable & IFCAP_VLAN_HWTAGGING) == 0)
1194 		return (EPROTONOSUPPORT);
1195 	if ((p->if_flags & VLAN_IFFLAGS) != VLAN_IFFLAGS)
1196 		return (EPROTONOSUPPORT);
1197 	if (ifv->ifv_trunk)
1198 		return (EBUSY);
1199 
1200 	if (p->if_vlantrunk == NULL) {
1201 		trunk = malloc(sizeof(struct ifvlantrunk),
1202 		    M_VLAN, M_WAITOK | M_ZERO);
1203 		vlan_inithash(trunk);
1204 		VLAN_LOCK();
1205 		if (p->if_vlantrunk != NULL) {
1206 			/* A race that that is very unlikely to be hit. */
1207 			vlan_freehash(trunk);
1208 			free(trunk, M_VLAN);
1209 			goto exists;
1210 		}
1211 		TRUNK_LOCK_INIT(trunk);
1212 		TRUNK_LOCK(trunk);
1213 		p->if_vlantrunk = trunk;
1214 		trunk->parent = p;
1215 	} else {
1216 		VLAN_LOCK();
1217 exists:
1218 		trunk = p->if_vlantrunk;
1219 		TRUNK_LOCK(trunk);
1220 	}
1221 
1222 	ifv->ifv_vid = vid;	/* must set this before vlan_inshash() */
1223 	error = vlan_inshash(trunk, ifv);
1224 	if (error)
1225 		goto done;
1226 	ifv->ifv_proto = ETHERTYPE_VLAN;
1227 	ifv->ifv_encaplen = ETHER_VLAN_ENCAP_LEN;
1228 	ifv->ifv_mintu = ETHERMIN;
1229 	ifv->ifv_pflags = 0;
1230 
1231 	/*
1232 	 * If the parent supports the VLAN_MTU capability,
1233 	 * i.e. can Tx/Rx larger than ETHER_MAX_LEN frames,
1234 	 * use it.
1235 	 */
1236 	if (p->if_capenable & IFCAP_VLAN_MTU) {
1237 		/*
1238 		 * No need to fudge the MTU since the parent can
1239 		 * handle extended frames.
1240 		 */
1241 		ifv->ifv_mtufudge = 0;
1242 	} else {
1243 		/*
1244 		 * Fudge the MTU by the encapsulation size.  This
1245 		 * makes us incompatible with strictly compliant
1246 		 * 802.1Q implementations, but allows us to use
1247 		 * the feature with other NetBSD implementations,
1248 		 * which might still be useful.
1249 		 */
1250 		ifv->ifv_mtufudge = ifv->ifv_encaplen;
1251 	}
1252 
1253 	ifv->ifv_trunk = trunk;
1254 	ifp = ifv->ifv_ifp;
1255 	/*
1256 	 * Initialize fields from our parent.  This duplicates some
1257 	 * work with ether_ifattach() but allows for non-ethernet
1258 	 * interfaces to also work.
1259 	 */
1260 	ifp->if_mtu = p->if_mtu - ifv->ifv_mtufudge;
1261 	ifp->if_baudrate = p->if_baudrate;
1262 	ifp->if_output = p->if_output;
1263 	ifp->if_input = p->if_input;
1264 	ifp->if_resolvemulti = p->if_resolvemulti;
1265 	ifp->if_addrlen = p->if_addrlen;
1266 	ifp->if_broadcastaddr = p->if_broadcastaddr;
1267 
1268 	/*
1269 	 * Copy only a selected subset of flags from the parent.
1270 	 * Other flags are none of our business.
1271 	 */
1272 #define VLAN_COPY_FLAGS (IFF_SIMPLEX)
1273 	ifp->if_flags &= ~VLAN_COPY_FLAGS;
1274 	ifp->if_flags |= p->if_flags & VLAN_COPY_FLAGS;
1275 #undef VLAN_COPY_FLAGS
1276 
1277 	ifp->if_link_state = p->if_link_state;
1278 
1279 	vlan_capabilities(ifv);
1280 
1281 	/*
1282 	 * Set up our interface address to reflect the underlying
1283 	 * physical interface's.
1284 	 */
1285 	bcopy(IF_LLADDR(p), IF_LLADDR(ifp), p->if_addrlen);
1286 	((struct sockaddr_dl *)ifp->if_addr->ifa_addr)->sdl_alen =
1287 	    p->if_addrlen;
1288 
1289 	/*
1290 	 * Configure multicast addresses that may already be
1291 	 * joined on the vlan device.
1292 	 */
1293 	(void)vlan_setmulti(ifp); /* XXX: VLAN lock held */
1294 
1295 	/* We are ready for operation now. */
1296 	ifp->if_drv_flags |= IFF_DRV_RUNNING;
1297 done:
1298 	TRUNK_UNLOCK(trunk);
1299 	if (error == 0)
1300 		EVENTHANDLER_INVOKE(vlan_config, p, ifv->ifv_vid);
1301 	VLAN_UNLOCK();
1302 
1303 	return (error);
1304 }
1305 
1306 static void
1307 vlan_unconfig(struct ifnet *ifp)
1308 {
1309 
1310 	VLAN_LOCK();
1311 	vlan_unconfig_locked(ifp, 0);
1312 	VLAN_UNLOCK();
1313 }
1314 
1315 static void
1316 vlan_unconfig_locked(struct ifnet *ifp, int departing)
1317 {
1318 	struct ifvlantrunk *trunk;
1319 	struct vlan_mc_entry *mc;
1320 	struct ifvlan *ifv;
1321 	struct ifnet  *parent;
1322 	int error;
1323 
1324 	VLAN_LOCK_ASSERT();
1325 
1326 	ifv = ifp->if_softc;
1327 	trunk = ifv->ifv_trunk;
1328 	parent = NULL;
1329 
1330 	if (trunk != NULL) {
1331 
1332 		TRUNK_LOCK(trunk);
1333 		parent = trunk->parent;
1334 
1335 		/*
1336 		 * Since the interface is being unconfigured, we need to
1337 		 * empty the list of multicast groups that we may have joined
1338 		 * while we were alive from the parent's list.
1339 		 */
1340 		while ((mc = SLIST_FIRST(&ifv->vlan_mc_listhead)) != NULL) {
1341 			/*
1342 			 * If the parent interface is being detached,
1343 			 * all its multicast addresses have already
1344 			 * been removed.  Warn about errors if
1345 			 * if_delmulti() does fail, but don't abort as
1346 			 * all callers expect vlan destruction to
1347 			 * succeed.
1348 			 */
1349 			if (!departing) {
1350 				error = if_delmulti(parent,
1351 				    (struct sockaddr *)&mc->mc_addr);
1352 				if (error)
1353 					if_printf(ifp,
1354 		    "Failed to delete multicast address from parent: %d\n",
1355 					    error);
1356 			}
1357 			SLIST_REMOVE_HEAD(&ifv->vlan_mc_listhead, mc_entries);
1358 			free(mc, M_VLAN);
1359 		}
1360 
1361 		vlan_setflags(ifp, 0); /* clear special flags on parent */
1362 		vlan_remhash(trunk, ifv);
1363 		ifv->ifv_trunk = NULL;
1364 
1365 		/*
1366 		 * Check if we were the last.
1367 		 */
1368 		if (trunk->refcnt == 0) {
1369 			trunk->parent->if_vlantrunk = NULL;
1370 			/*
1371 			 * XXXGL: If some ithread has already entered
1372 			 * vlan_input() and is now blocked on the trunk
1373 			 * lock, then it should preempt us right after
1374 			 * unlock and finish its work. Then we will acquire
1375 			 * lock again in trunk_destroy().
1376 			 */
1377 			TRUNK_UNLOCK(trunk);
1378 			trunk_destroy(trunk);
1379 		} else
1380 			TRUNK_UNLOCK(trunk);
1381 	}
1382 
1383 	/* Disconnect from parent. */
1384 	if (ifv->ifv_pflags)
1385 		if_printf(ifp, "%s: ifv_pflags unclean\n", __func__);
1386 	ifp->if_mtu = ETHERMTU;
1387 	ifp->if_link_state = LINK_STATE_UNKNOWN;
1388 	ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1389 
1390 	/*
1391 	 * Only dispatch an event if vlan was
1392 	 * attached, otherwise there is nothing
1393 	 * to cleanup anyway.
1394 	 */
1395 	if (parent != NULL)
1396 		EVENTHANDLER_INVOKE(vlan_unconfig, parent, ifv->ifv_vid);
1397 }
1398 
1399 /* Handle a reference counted flag that should be set on the parent as well */
1400 static int
1401 vlan_setflag(struct ifnet *ifp, int flag, int status,
1402 	     int (*func)(struct ifnet *, int))
1403 {
1404 	struct ifvlan *ifv;
1405 	int error;
1406 
1407 	/* XXX VLAN_LOCK_ASSERT(); */
1408 
1409 	ifv = ifp->if_softc;
1410 	status = status ? (ifp->if_flags & flag) : 0;
1411 	/* Now "status" contains the flag value or 0 */
1412 
1413 	/*
1414 	 * See if recorded parent's status is different from what
1415 	 * we want it to be.  If it is, flip it.  We record parent's
1416 	 * status in ifv_pflags so that we won't clear parent's flag
1417 	 * we haven't set.  In fact, we don't clear or set parent's
1418 	 * flags directly, but get or release references to them.
1419 	 * That's why we can be sure that recorded flags still are
1420 	 * in accord with actual parent's flags.
1421 	 */
1422 	if (status != (ifv->ifv_pflags & flag)) {
1423 		error = (*func)(PARENT(ifv), status);
1424 		if (error)
1425 			return (error);
1426 		ifv->ifv_pflags &= ~flag;
1427 		ifv->ifv_pflags |= status;
1428 	}
1429 	return (0);
1430 }
1431 
1432 /*
1433  * Handle IFF_* flags that require certain changes on the parent:
1434  * if "status" is true, update parent's flags respective to our if_flags;
1435  * if "status" is false, forcedly clear the flags set on parent.
1436  */
1437 static int
1438 vlan_setflags(struct ifnet *ifp, int status)
1439 {
1440 	int error, i;
1441 
1442 	for (i = 0; vlan_pflags[i].flag; i++) {
1443 		error = vlan_setflag(ifp, vlan_pflags[i].flag,
1444 				     status, vlan_pflags[i].func);
1445 		if (error)
1446 			return (error);
1447 	}
1448 	return (0);
1449 }
1450 
1451 /* Inform all vlans that their parent has changed link state */
1452 static void
1453 vlan_link_state(struct ifnet *ifp)
1454 {
1455 	struct ifvlantrunk *trunk = ifp->if_vlantrunk;
1456 	struct ifvlan *ifv;
1457 	int i;
1458 
1459 	TRUNK_LOCK(trunk);
1460 #ifdef VLAN_ARRAY
1461 	for (i = 0; i < VLAN_ARRAY_SIZE; i++)
1462 		if (trunk->vlans[i] != NULL) {
1463 			ifv = trunk->vlans[i];
1464 #else
1465 	for (i = 0; i < (1 << trunk->hwidth); i++)
1466 		LIST_FOREACH(ifv, &trunk->hash[i], ifv_list) {
1467 #endif
1468 			ifv->ifv_ifp->if_baudrate = trunk->parent->if_baudrate;
1469 			if_link_state_change(ifv->ifv_ifp,
1470 			    trunk->parent->if_link_state);
1471 		}
1472 	TRUNK_UNLOCK(trunk);
1473 }
1474 
1475 static void
1476 vlan_capabilities(struct ifvlan *ifv)
1477 {
1478 	struct ifnet *p = PARENT(ifv);
1479 	struct ifnet *ifp = ifv->ifv_ifp;
1480 
1481 	TRUNK_LOCK_ASSERT(TRUNK(ifv));
1482 
1483 	/*
1484 	 * If the parent interface can do checksum offloading
1485 	 * on VLANs, then propagate its hardware-assisted
1486 	 * checksumming flags. Also assert that checksum
1487 	 * offloading requires hardware VLAN tagging.
1488 	 */
1489 	if (p->if_capabilities & IFCAP_VLAN_HWCSUM)
1490 		ifp->if_capabilities = p->if_capabilities & IFCAP_HWCSUM;
1491 
1492 	if (p->if_capenable & IFCAP_VLAN_HWCSUM &&
1493 	    p->if_capenable & IFCAP_VLAN_HWTAGGING) {
1494 		ifp->if_capenable = p->if_capenable & IFCAP_HWCSUM;
1495 		ifp->if_hwassist = p->if_hwassist & (CSUM_IP | CSUM_TCP |
1496 		    CSUM_UDP | CSUM_SCTP | CSUM_FRAGMENT);
1497 	} else {
1498 		ifp->if_capenable = 0;
1499 		ifp->if_hwassist = 0;
1500 	}
1501 	/*
1502 	 * If the parent interface can do TSO on VLANs then
1503 	 * propagate the hardware-assisted flag. TSO on VLANs
1504 	 * does not necessarily require hardware VLAN tagging.
1505 	 */
1506 	if (p->if_capabilities & IFCAP_VLAN_HWTSO)
1507 		ifp->if_capabilities |= p->if_capabilities & IFCAP_TSO;
1508 	if (p->if_capenable & IFCAP_VLAN_HWTSO) {
1509 		ifp->if_capenable |= p->if_capenable & IFCAP_TSO;
1510 		ifp->if_hwassist |= p->if_hwassist & CSUM_TSO;
1511 	} else {
1512 		ifp->if_capenable &= ~(p->if_capenable & IFCAP_TSO);
1513 		ifp->if_hwassist &= ~(p->if_hwassist & CSUM_TSO);
1514 	}
1515 
1516 	/*
1517 	 * If the parent interface can offload TCP connections over VLANs then
1518 	 * propagate its TOE capability to the VLAN interface.
1519 	 *
1520 	 * All TOE drivers in the tree today can deal with VLANs.  If this
1521 	 * changes then IFCAP_VLAN_TOE should be promoted to a full capability
1522 	 * with its own bit.
1523 	 */
1524 #define	IFCAP_VLAN_TOE IFCAP_TOE
1525 	if (p->if_capabilities & IFCAP_VLAN_TOE)
1526 		ifp->if_capabilities |= p->if_capabilities & IFCAP_TOE;
1527 	if (p->if_capenable & IFCAP_VLAN_TOE) {
1528 		TOEDEV(ifp) = TOEDEV(p);
1529 		ifp->if_capenable |= p->if_capenable & IFCAP_TOE;
1530 	}
1531 }
1532 
1533 static void
1534 vlan_trunk_capabilities(struct ifnet *ifp)
1535 {
1536 	struct ifvlantrunk *trunk = ifp->if_vlantrunk;
1537 	struct ifvlan *ifv;
1538 	int i;
1539 
1540 	TRUNK_LOCK(trunk);
1541 #ifdef VLAN_ARRAY
1542 	for (i = 0; i < VLAN_ARRAY_SIZE; i++)
1543 		if (trunk->vlans[i] != NULL) {
1544 			ifv = trunk->vlans[i];
1545 #else
1546 	for (i = 0; i < (1 << trunk->hwidth); i++) {
1547 		LIST_FOREACH(ifv, &trunk->hash[i], ifv_list)
1548 #endif
1549 			vlan_capabilities(ifv);
1550 	}
1551 	TRUNK_UNLOCK(trunk);
1552 }
1553 
1554 static int
1555 vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1556 {
1557 	struct ifnet *p;
1558 	struct ifreq *ifr;
1559 	struct ifaddr *ifa;
1560 	struct ifvlan *ifv;
1561 	struct vlanreq vlr;
1562 	int error = 0;
1563 
1564 	ifr = (struct ifreq *)data;
1565 	ifa = (struct ifaddr *) data;
1566 	ifv = ifp->if_softc;
1567 
1568 	switch (cmd) {
1569 	case SIOCSIFADDR:
1570 		ifp->if_flags |= IFF_UP;
1571 #ifdef INET
1572 		if (ifa->ifa_addr->sa_family == AF_INET)
1573 			arp_ifinit(ifp, ifa);
1574 #endif
1575 		break;
1576 	case SIOCGIFADDR:
1577                 {
1578 			struct sockaddr *sa;
1579 
1580 			sa = (struct sockaddr *)&ifr->ifr_data;
1581 			bcopy(IF_LLADDR(ifp), sa->sa_data, ifp->if_addrlen);
1582                 }
1583 		break;
1584 	case SIOCGIFMEDIA:
1585 		VLAN_LOCK();
1586 		if (TRUNK(ifv) != NULL) {
1587 			p = PARENT(ifv);
1588 			VLAN_UNLOCK();
1589 			error = (*p->if_ioctl)(p, SIOCGIFMEDIA, data);
1590 			/* Limit the result to the parent's current config. */
1591 			if (error == 0) {
1592 				struct ifmediareq *ifmr;
1593 
1594 				ifmr = (struct ifmediareq *)data;
1595 				if (ifmr->ifm_count >= 1 && ifmr->ifm_ulist) {
1596 					ifmr->ifm_count = 1;
1597 					error = copyout(&ifmr->ifm_current,
1598 						ifmr->ifm_ulist,
1599 						sizeof(int));
1600 				}
1601 			}
1602 		} else {
1603 			VLAN_UNLOCK();
1604 			error = EINVAL;
1605 		}
1606 		break;
1607 
1608 	case SIOCSIFMEDIA:
1609 		error = EINVAL;
1610 		break;
1611 
1612 	case SIOCSIFMTU:
1613 		/*
1614 		 * Set the interface MTU.
1615 		 */
1616 		VLAN_LOCK();
1617 		if (TRUNK(ifv) != NULL) {
1618 			if (ifr->ifr_mtu >
1619 			     (PARENT(ifv)->if_mtu - ifv->ifv_mtufudge) ||
1620 			    ifr->ifr_mtu <
1621 			     (ifv->ifv_mintu - ifv->ifv_mtufudge))
1622 				error = EINVAL;
1623 			else
1624 				ifp->if_mtu = ifr->ifr_mtu;
1625 		} else
1626 			error = EINVAL;
1627 		VLAN_UNLOCK();
1628 		break;
1629 
1630 	case SIOCSETVLAN:
1631 #ifdef VIMAGE
1632 		/*
1633 		 * XXXRW/XXXBZ: The goal in these checks is to allow a VLAN
1634 		 * interface to be delegated to a jail without allowing the
1635 		 * jail to change what underlying interface/VID it is
1636 		 * associated with.  We are not entirely convinced that this
1637 		 * is the right way to accomplish that policy goal.
1638 		 */
1639 		if (ifp->if_vnet != ifp->if_home_vnet) {
1640 			error = EPERM;
1641 			break;
1642 		}
1643 #endif
1644 		error = copyin(ifr->ifr_data, &vlr, sizeof(vlr));
1645 		if (error)
1646 			break;
1647 		if (vlr.vlr_parent[0] == '\0') {
1648 			vlan_unconfig(ifp);
1649 			break;
1650 		}
1651 		p = ifunit(vlr.vlr_parent);
1652 		if (p == NULL) {
1653 			error = ENOENT;
1654 			break;
1655 		}
1656 		/*
1657 		 * Don't let the caller set up a VLAN VID with
1658 		 * anything except VLID bits.
1659 		 */
1660 		if (vlr.vlr_tag & ~EVL_VLID_MASK) {
1661 			error = EINVAL;
1662 			break;
1663 		}
1664 		error = vlan_config(ifv, p, vlr.vlr_tag);
1665 		if (error)
1666 			break;
1667 
1668 		/* Update flags on the parent, if necessary. */
1669 		vlan_setflags(ifp, 1);
1670 		break;
1671 
1672 	case SIOCGETVLAN:
1673 #ifdef VIMAGE
1674 		if (ifp->if_vnet != ifp->if_home_vnet) {
1675 			error = EPERM;
1676 			break;
1677 		}
1678 #endif
1679 		bzero(&vlr, sizeof(vlr));
1680 		VLAN_LOCK();
1681 		if (TRUNK(ifv) != NULL) {
1682 			strlcpy(vlr.vlr_parent, PARENT(ifv)->if_xname,
1683 			    sizeof(vlr.vlr_parent));
1684 			vlr.vlr_tag = ifv->ifv_vid;
1685 		}
1686 		VLAN_UNLOCK();
1687 		error = copyout(&vlr, ifr->ifr_data, sizeof(vlr));
1688 		break;
1689 
1690 	case SIOCSIFFLAGS:
1691 		/*
1692 		 * We should propagate selected flags to the parent,
1693 		 * e.g., promiscuous mode.
1694 		 */
1695 		if (TRUNK(ifv) != NULL)
1696 			error = vlan_setflags(ifp, 1);
1697 		break;
1698 
1699 	case SIOCADDMULTI:
1700 	case SIOCDELMULTI:
1701 		/*
1702 		 * If we don't have a parent, just remember the membership for
1703 		 * when we do.
1704 		 */
1705 		if (TRUNK(ifv) != NULL)
1706 			error = vlan_setmulti(ifp);
1707 		break;
1708 
1709 	default:
1710 		error = EINVAL;
1711 		break;
1712 	}
1713 
1714 	return (error);
1715 }
1716