xref: /freebsd/sys/netgraph/ng_iface.c (revision bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
1 /*
2  * ng_iface.c
3  */
4 
5 /*-
6  * Copyright (c) 1996-1999 Whistle Communications, Inc.
7  * All rights reserved.
8  *
9  * Subject to the following obligations and disclaimer of warranty, use and
10  * redistribution of this software, in source or object code forms, with or
11  * without modifications are expressly permitted by Whistle Communications;
12  * provided, however, that:
13  * 1. Any and all reproductions of the source or object code must include the
14  *    copyright notice above and the following disclaimer of warranties; and
15  * 2. No rights are granted, in any manner or form, to use Whistle
16  *    Communications, Inc. trademarks, including the mark "WHISTLE
17  *    COMMUNICATIONS" on advertising, endorsements, or otherwise except as
18  *    such appears in the above copyright notice or in the software.
19  *
20  * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
21  * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
22  * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
23  * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
25  * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
26  * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
27  * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
28  * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
29  * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
30  * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
31  * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
32  * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
33  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35  * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
36  * OF SUCH DAMAGE.
37  *
38  * Author: Archie Cobbs <archie@freebsd.org>
39  * $Whistle: ng_iface.c,v 1.33 1999/11/01 09:24:51 julian Exp $
40  */
41 
42 /*
43  * This node is also a system networking interface. It has
44  * a hook for each protocol (IP, AppleTalk, etc). Packets
45  * are simply relayed between the interface and the hooks.
46  *
47  * Interfaces are named ng0, ng1, etc.  New nodes take the
48  * first available interface name.
49  *
50  * This node also includes Berkeley packet filter support.
51  */
52 
53 #include "opt_inet.h"
54 #include "opt_inet6.h"
55 
56 #include <sys/param.h>
57 #include <sys/systm.h>
58 #include <sys/errno.h>
59 #include <sys/kernel.h>
60 #include <sys/lock.h>
61 #include <sys/malloc.h>
62 #include <sys/mbuf.h>
63 #include <sys/errno.h>
64 #include <sys/proc.h>
65 #include <sys/random.h>
66 #include <sys/rmlock.h>
67 #include <sys/sockio.h>
68 #include <sys/socket.h>
69 #include <sys/sysctl.h>
70 #include <sys/syslog.h>
71 #include <sys/libkern.h>
72 
73 #include <net/if.h>
74 #include <net/if_var.h>
75 #include <net/if_private.h>
76 #include <net/if_types.h>
77 #include <net/bpf.h>
78 #include <net/netisr.h>
79 #include <net/route.h>
80 #include <net/vnet.h>
81 
82 #include <netinet/in.h>
83 
84 #include <netgraph/ng_message.h>
85 #include <netgraph/netgraph.h>
86 #include <netgraph/ng_parse.h>
87 #include <netgraph/ng_iface.h>
88 
89 #ifdef NG_SEPARATE_MALLOC
90 static MALLOC_DEFINE(M_NETGRAPH_IFACE, "netgraph_iface", "netgraph iface node");
91 #else
92 #define M_NETGRAPH_IFACE M_NETGRAPH
93 #endif
94 
95 static SYSCTL_NODE(_net_graph, OID_AUTO, iface, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
96     "Point to point netgraph interface");
97 VNET_DEFINE_STATIC(int, ng_iface_max_nest) = 2;
98 #define	V_ng_iface_max_nest	VNET(ng_iface_max_nest)
99 SYSCTL_INT(_net_graph_iface, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
100     &VNET_NAME(ng_iface_max_nest), 0, "Max nested tunnels");
101 
102 /* This struct describes one address family */
103 struct iffam {
104 	sa_family_t	family;		/* Address family */
105 	const char	*hookname;	/* Name for hook */
106 };
107 typedef const struct iffam *iffam_p;
108 
109 /* List of address families supported by our interface */
110 const static struct iffam gFamilies[] = {
111 	{ AF_INET,	NG_IFACE_HOOK_INET	},
112 	{ AF_INET6,	NG_IFACE_HOOK_INET6	},
113 };
114 #define	NUM_FAMILIES		nitems(gFamilies)
115 
116 /* Node private data */
117 struct ng_iface_private {
118 	struct	ifnet *ifp;		/* Our interface */
119 	int	unit;			/* Interface unit number */
120 	node_p	node;			/* Our netgraph node */
121 	hook_p	hooks[NUM_FAMILIES];	/* Hook for each address family */
122 	struct rmlock	lock;		/* Protect private data changes */
123 };
124 typedef struct ng_iface_private *priv_p;
125 
126 #define	PRIV_RLOCK(priv, t)	rm_rlock(&priv->lock, t)
127 #define	PRIV_RUNLOCK(priv, t)	rm_runlock(&priv->lock, t)
128 #define	PRIV_WLOCK(priv)	rm_wlock(&priv->lock)
129 #define	PRIV_WUNLOCK(priv)	rm_wunlock(&priv->lock)
130 
131 /* Interface methods */
132 static void	ng_iface_start(struct ifnet *ifp);
133 static int	ng_iface_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data);
134 static int	ng_iface_output(struct ifnet *ifp, struct mbuf *m0,
135     			const struct sockaddr *dst, struct route *ro);
136 static void	ng_iface_bpftap(struct ifnet *ifp,
137 			struct mbuf *m, sa_family_t family);
138 static int	ng_iface_send(struct ifnet *ifp, struct mbuf *m,
139 			sa_family_t sa);
140 #ifdef DEBUG
141 static void	ng_iface_print_ioctl(struct ifnet *ifp, int cmd, caddr_t data);
142 #endif
143 
144 /* Netgraph methods */
145 static int		ng_iface_mod_event(module_t, int, void *);
146 static ng_constructor_t	ng_iface_constructor;
147 static ng_rcvmsg_t	ng_iface_rcvmsg;
148 static ng_shutdown_t	ng_iface_shutdown;
149 static ng_newhook_t	ng_iface_newhook;
150 static ng_rcvdata_t	ng_iface_rcvdata;
151 static ng_disconnect_t	ng_iface_disconnect;
152 
153 /* Helper stuff */
154 static iffam_p	get_iffam_from_af(sa_family_t family);
155 static iffam_p	get_iffam_from_hook(priv_p priv, hook_p hook);
156 static iffam_p	get_iffam_from_name(const char *name);
157 static hook_p  *get_hook_from_iffam(priv_p priv, iffam_p iffam);
158 
159 /* List of commands and how to convert arguments to/from ASCII */
160 static const struct ng_cmdlist ng_iface_cmds[] = {
161 	{
162 	  NGM_IFACE_COOKIE,
163 	  NGM_IFACE_GET_IFNAME,
164 	  "getifname",
165 	  NULL,
166 	  &ng_parse_string_type
167 	},
168 	{
169 	  NGM_IFACE_COOKIE,
170 	  NGM_IFACE_POINT2POINT,
171 	  "point2point",
172 	  NULL,
173 	  NULL
174 	},
175 	{
176 	  NGM_IFACE_COOKIE,
177 	  NGM_IFACE_BROADCAST,
178 	  "broadcast",
179 	  NULL,
180 	  NULL
181 	},
182 	{
183 	  NGM_IFACE_COOKIE,
184 	  NGM_IFACE_GET_IFINDEX,
185 	  "getifindex",
186 	  NULL,
187 	  &ng_parse_uint32_type
188 	},
189 	{ 0 }
190 };
191 
192 /* Node type descriptor */
193 static struct ng_type typestruct = {
194 	.version =	NG_ABI_VERSION,
195 	.name =		NG_IFACE_NODE_TYPE,
196 	.mod_event =	ng_iface_mod_event,
197 	.constructor =	ng_iface_constructor,
198 	.rcvmsg =	ng_iface_rcvmsg,
199 	.shutdown =	ng_iface_shutdown,
200 	.newhook =	ng_iface_newhook,
201 	.rcvdata =	ng_iface_rcvdata,
202 	.disconnect =	ng_iface_disconnect,
203 	.cmdlist =	ng_iface_cmds,
204 };
205 NETGRAPH_INIT(iface, &typestruct);
206 
207 VNET_DEFINE_STATIC(struct unrhdr *, ng_iface_unit);
208 #define	V_ng_iface_unit			VNET(ng_iface_unit)
209 
210 /************************************************************************
211 			HELPER STUFF
212  ************************************************************************/
213 
214 /*
215  * Get the family descriptor from the family ID
216  */
217 static __inline iffam_p
218 get_iffam_from_af(sa_family_t family)
219 {
220 	iffam_p iffam;
221 	int k;
222 
223 	for (k = 0; k < NUM_FAMILIES; k++) {
224 		iffam = &gFamilies[k];
225 		if (iffam->family == family)
226 			return (iffam);
227 	}
228 	return (NULL);
229 }
230 
231 /*
232  * Get the family descriptor from the hook
233  */
234 static __inline iffam_p
235 get_iffam_from_hook(priv_p priv, hook_p hook)
236 {
237 	int k;
238 
239 	for (k = 0; k < NUM_FAMILIES; k++)
240 		if (priv->hooks[k] == hook)
241 			return (&gFamilies[k]);
242 	return (NULL);
243 }
244 
245 /*
246  * Get the hook from the iffam descriptor
247  */
248 
249 static __inline hook_p *
250 get_hook_from_iffam(priv_p priv, iffam_p iffam)
251 {
252 	return (&priv->hooks[iffam - gFamilies]);
253 }
254 
255 /*
256  * Get the iffam descriptor from the name
257  */
258 static __inline iffam_p
259 get_iffam_from_name(const char *name)
260 {
261 	iffam_p iffam;
262 	int k;
263 
264 	for (k = 0; k < NUM_FAMILIES; k++) {
265 		iffam = &gFamilies[k];
266 		if (!strcmp(iffam->hookname, name))
267 			return (iffam);
268 	}
269 	return (NULL);
270 }
271 
272 /************************************************************************
273 			INTERFACE STUFF
274  ************************************************************************/
275 
276 /*
277  * Process an ioctl for the virtual interface
278  */
279 static int
280 ng_iface_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
281 {
282 	struct ifreq *const ifr = (struct ifreq *) data;
283 	int error = 0;
284 
285 #ifdef DEBUG
286 	ng_iface_print_ioctl(ifp, command, data);
287 #endif
288 	switch (command) {
289 	/* These two are mostly handled at a higher layer */
290 	case SIOCSIFADDR:
291 		ifp->if_flags |= IFF_UP;
292 		ifp->if_drv_flags |= IFF_DRV_RUNNING;
293 		ifp->if_drv_flags &= ~(IFF_DRV_OACTIVE);
294 		break;
295 	case SIOCGIFADDR:
296 		break;
297 
298 	/* Set flags */
299 	case SIOCSIFFLAGS:
300 		/*
301 		 * If the interface is marked up and stopped, then start it.
302 		 * If it is marked down and running, then stop it.
303 		 */
304 		if (ifr->ifr_flags & IFF_UP) {
305 			if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
306 				ifp->if_drv_flags &= ~(IFF_DRV_OACTIVE);
307 				ifp->if_drv_flags |= IFF_DRV_RUNNING;
308 			}
309 		} else {
310 			if (ifp->if_drv_flags & IFF_DRV_RUNNING)
311 				ifp->if_drv_flags &= ~(IFF_DRV_RUNNING |
312 				    IFF_DRV_OACTIVE);
313 		}
314 		break;
315 
316 	/* Set the interface MTU */
317 	case SIOCSIFMTU:
318 		if (ifr->ifr_mtu > NG_IFACE_MTU_MAX
319 		    || ifr->ifr_mtu < NG_IFACE_MTU_MIN)
320 			error = EINVAL;
321 		else
322 			ifp->if_mtu = ifr->ifr_mtu;
323 		break;
324 
325 	/* Stuff that's not supported */
326 	case SIOCADDMULTI:
327 	case SIOCDELMULTI:
328 		error = 0;
329 		break;
330 	case SIOCSIFPHYS:
331 		error = EOPNOTSUPP;
332 		break;
333 
334 	default:
335 		error = EINVAL;
336 		break;
337 	}
338 	return (error);
339 }
340 
341 /*
342  * This routine is called to deliver a packet out the interface.
343  * We simply look at the address family and relay the packet to
344  * the corresponding hook, if it exists and is connected.
345  */
346 
347 static int
348 ng_iface_output(struct ifnet *ifp, struct mbuf *m,
349 	const struct sockaddr *dst, struct route *ro)
350 {
351 	uint32_t af;
352 	int error;
353 
354 	/* Check interface flags */
355 	if (!((ifp->if_flags & IFF_UP) &&
356 	    (ifp->if_drv_flags & IFF_DRV_RUNNING))) {
357 		m_freem(m);
358 		return (ENETDOWN);
359 	}
360 
361 	/* Protect from deadly infinite recursion. */
362 	error = if_tunnel_check_nesting(ifp, m, NGM_IFACE_COOKIE,
363 	    V_ng_iface_max_nest);
364 	if (error) {
365 		m_freem(m);
366 		return (error);
367 	}
368 
369 	/* BPF writes need to be handled specially. */
370 	if (dst->sa_family == AF_UNSPEC || dst->sa_family == pseudo_AF_HDRCMPLT)
371 		bcopy(dst->sa_data, &af, sizeof(af));
372 	else
373 		af = RO_GET_FAMILY(ro, dst);
374 
375 	/* Berkeley packet filter */
376 	ng_iface_bpftap(ifp, m, af);
377 
378 	if (ALTQ_IS_ENABLED(&ifp->if_snd)) {
379 		M_PREPEND(m, sizeof(sa_family_t), M_NOWAIT);
380 		if (m == NULL) {
381 			if_inc_counter(ifp, IFCOUNTER_OQDROPS, 1);
382 			return (ENOBUFS);
383 		}
384 		*(sa_family_t *)m->m_data = af;
385 		error = (ifp->if_transmit)(ifp, m);
386 	} else
387 		error = ng_iface_send(ifp, m, af);
388 
389 	return (error);
390 }
391 
392 /*
393  * Start method is used only when ALTQ is enabled.
394  */
395 static void
396 ng_iface_start(struct ifnet *ifp)
397 {
398 	struct mbuf *m;
399 	sa_family_t sa;
400 
401 	KASSERT(ALTQ_IS_ENABLED(&ifp->if_snd), ("%s without ALTQ", __func__));
402 
403 	for(;;) {
404 		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
405 		if (m == NULL)
406 			break;
407 		sa = *mtod(m, sa_family_t *);
408 		m_adj(m, sizeof(sa_family_t));
409 		ng_iface_send(ifp, m, sa);
410 	}
411 }
412 
413 /*
414  * Flash a packet by the BPF (requires prepending 4 byte AF header)
415  * Note the phoney mbuf; this is OK because BPF treats it read-only.
416  */
417 static void
418 ng_iface_bpftap(struct ifnet *ifp, struct mbuf *m, sa_family_t family)
419 {
420 	KASSERT(family != AF_UNSPEC, ("%s: family=AF_UNSPEC", __func__));
421 	if (bpf_peers_present(ifp->if_bpf)) {
422 		int32_t family4 = (int32_t)family;
423 		bpf_mtap2(ifp->if_bpf, &family4, sizeof(family4), m);
424 	}
425 }
426 
427 /*
428  * This routine does actual delivery of the packet into the
429  * netgraph(4). It is called from ng_iface_start() and
430  * ng_iface_output().
431  */
432 static int
433 ng_iface_send(struct ifnet *ifp, struct mbuf *m, sa_family_t sa)
434 {
435 	struct rm_priotracker priv_tracker;
436 	const priv_p priv = (priv_p) ifp->if_softc;
437 	const iffam_p iffam = get_iffam_from_af(sa);
438 	hook_p hook;
439 	int error;
440 	int len;
441 
442 	/* Check address family to determine hook (if known) */
443 	if (iffam == NULL) {
444 		m_freem(m);
445 		log(LOG_WARNING, "%s: can't handle af%d\n", ifp->if_xname, sa);
446 		return (EAFNOSUPPORT);
447 	}
448 
449 	/* Copy length before the mbuf gets invalidated. */
450 	len = m->m_pkthdr.len;
451 
452 	PRIV_RLOCK(priv, &priv_tracker);
453 	hook = *get_hook_from_iffam(priv, iffam);
454 	if (hook == NULL) {
455 		NG_FREE_M(m);
456 		PRIV_RUNLOCK(priv, &priv_tracker);
457 		return ENETDOWN;
458 	}
459 	NG_HOOK_REF(hook);
460 	PRIV_RUNLOCK(priv, &priv_tracker);
461 
462 	NG_OUTBOUND_THREAD_REF();
463 	NG_SEND_DATA_ONLY(error, hook, m);
464 	NG_OUTBOUND_THREAD_UNREF();
465 	NG_HOOK_UNREF(hook);
466 
467 	/* Update stats. */
468 	if (error == 0) {
469 		if_inc_counter(ifp, IFCOUNTER_OBYTES, len);
470 		if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
471 	}
472 
473 	return (error);
474 }
475 
476 #ifdef DEBUG
477 /*
478  * Display an ioctl to the virtual interface
479  */
480 
481 static void
482 ng_iface_print_ioctl(struct ifnet *ifp, int command, caddr_t data)
483 {
484 	char   *str;
485 
486 	switch (command & IOC_DIRMASK) {
487 	case IOC_VOID:
488 		str = "IO";
489 		break;
490 	case IOC_OUT:
491 		str = "IOR";
492 		break;
493 	case IOC_IN:
494 		str = "IOW";
495 		break;
496 	case IOC_INOUT:
497 		str = "IORW";
498 		break;
499 	default:
500 		str = "IO??";
501 	}
502 	log(LOG_DEBUG, "%s: %s('%c', %d, char[%d])\n",
503 	       ifp->if_xname,
504 	       str,
505 	       IOCGROUP(command),
506 	       command & 0xff,
507 	       IOCPARM_LEN(command));
508 }
509 #endif /* DEBUG */
510 
511 /************************************************************************
512 			NETGRAPH NODE STUFF
513  ************************************************************************/
514 
515 /*
516  * Constructor for a node
517  */
518 static int
519 ng_iface_constructor(node_p node)
520 {
521 	struct ifnet *ifp;
522 	priv_p priv;
523 
524 	/* Allocate node and interface private structures */
525 	priv = malloc(sizeof(*priv), M_NETGRAPH_IFACE, M_WAITOK | M_ZERO);
526 	ifp = if_alloc(IFT_PROPVIRTUAL);
527 
528 	rm_init(&priv->lock, "ng_iface private rmlock");
529 
530 	/* Link them together */
531 	ifp->if_softc = priv;
532 	priv->ifp = ifp;
533 
534 	/* Get an interface unit number */
535 	priv->unit = alloc_unr(V_ng_iface_unit);
536 
537 	/* Link together node and private info */
538 	NG_NODE_SET_PRIVATE(node, priv);
539 	priv->node = node;
540 
541 	/* Initialize interface structure */
542 	if_initname(ifp, NG_IFACE_IFACE_NAME, priv->unit);
543 	ifp->if_output = ng_iface_output;
544 	ifp->if_start = ng_iface_start;
545 	ifp->if_ioctl = ng_iface_ioctl;
546 	ifp->if_mtu = NG_IFACE_MTU_DEFAULT;
547 	ifp->if_flags = (IFF_SIMPLEX|IFF_POINTOPOINT|IFF_NOARP|IFF_MULTICAST);
548 	ifp->if_type = IFT_PROPVIRTUAL;		/* XXX */
549 	ifp->if_addrlen = 0;			/* XXX */
550 	ifp->if_hdrlen = 0;			/* XXX */
551 	ifp->if_baudrate = 64000;		/* XXX */
552 	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
553 	ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
554 	IFQ_SET_READY(&ifp->if_snd);
555 
556 	/* Give this node the same name as the interface (if possible) */
557 	if (ng_name_node(node, ifp->if_xname) != 0)
558 		log(LOG_WARNING, "%s: can't acquire netgraph name\n",
559 		    ifp->if_xname);
560 
561 	/* Attach the interface */
562 	if_attach(ifp);
563 	bpfattach(ifp, DLT_NULL, sizeof(u_int32_t));
564 
565 	/* Done */
566 	return (0);
567 }
568 
569 /*
570  * Give our ok for a hook to be added
571  */
572 static int
573 ng_iface_newhook(node_p node, hook_p hook, const char *name)
574 {
575 	const iffam_p iffam = get_iffam_from_name(name);
576 	const priv_p priv = NG_NODE_PRIVATE(node);
577 	hook_p *hookptr;
578 
579 	if (iffam == NULL)
580 		return (EPFNOSUPPORT);
581 	PRIV_WLOCK(priv);
582 	hookptr = get_hook_from_iffam(priv, iffam);
583 	if (*hookptr != NULL) {
584 		PRIV_WUNLOCK(priv);
585 		return (EISCONN);
586 	}
587 	*hookptr = hook;
588 	NG_HOOK_HI_STACK(hook);
589 	NG_HOOK_SET_TO_INBOUND(hook);
590 	PRIV_WUNLOCK(priv);
591 	return (0);
592 }
593 
594 /*
595  * Receive a control message
596  */
597 static int
598 ng_iface_rcvmsg(node_p node, item_p item, hook_p lasthook)
599 {
600 	const priv_p priv = NG_NODE_PRIVATE(node);
601 	struct ifnet *const ifp = priv->ifp;
602 	struct ng_mesg *resp = NULL;
603 	int error = 0;
604 	struct ng_mesg *msg;
605 
606 	NGI_GET_MSG(item, msg);
607 	switch (msg->header.typecookie) {
608 	case NGM_IFACE_COOKIE:
609 		switch (msg->header.cmd) {
610 		case NGM_IFACE_GET_IFNAME:
611 			NG_MKRESPONSE(resp, msg, IFNAMSIZ, M_NOWAIT);
612 			if (resp == NULL) {
613 				error = ENOMEM;
614 				break;
615 			}
616 			strlcpy(resp->data, ifp->if_xname, IFNAMSIZ);
617 			break;
618 
619 		case NGM_IFACE_POINT2POINT:
620 		case NGM_IFACE_BROADCAST:
621 		    {
622 			/* Deny request if interface is UP */
623 			if ((ifp->if_flags & IFF_UP) != 0)
624 				return (EBUSY);
625 
626 			/* Change flags */
627 			switch (msg->header.cmd) {
628 			case NGM_IFACE_POINT2POINT:
629 				ifp->if_flags |= IFF_POINTOPOINT;
630 				ifp->if_flags &= ~IFF_BROADCAST;
631 				break;
632 			case NGM_IFACE_BROADCAST:
633 				ifp->if_flags &= ~IFF_POINTOPOINT;
634 				ifp->if_flags |= IFF_BROADCAST;
635 				break;
636 			}
637 			break;
638 		    }
639 
640 		case NGM_IFACE_GET_IFINDEX:
641 			NG_MKRESPONSE(resp, msg, sizeof(uint32_t), M_NOWAIT);
642 			if (resp == NULL) {
643 				error = ENOMEM;
644 				break;
645 			}
646 			*((uint32_t *)resp->data) = priv->ifp->if_index;
647 			break;
648 
649 		default:
650 			error = EINVAL;
651 			break;
652 		}
653 		break;
654 	case NGM_FLOW_COOKIE:
655 		switch (msg->header.cmd) {
656 		case NGM_LINK_IS_UP:
657 			if_link_state_change(ifp, LINK_STATE_UP);
658 			break;
659 		case NGM_LINK_IS_DOWN:
660 			if_link_state_change(ifp, LINK_STATE_DOWN);
661 			break;
662 		default:
663 			break;
664 		}
665 		break;
666 	default:
667 		error = EINVAL;
668 		break;
669 	}
670 	NG_RESPOND_MSG(error, node, item, resp);
671 	NG_FREE_MSG(msg);
672 	return (error);
673 }
674 
675 /*
676  * Recive data from a hook. Pass the packet to the correct input routine.
677  */
678 static int
679 ng_iface_rcvdata(hook_p hook, item_p item)
680 {
681 	const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
682 	const iffam_p iffam = get_iffam_from_hook(priv, hook);
683 	struct ifnet *const ifp = priv->ifp;
684 	struct epoch_tracker et;
685 	struct mbuf *m;
686 	int isr;
687 
688 	NGI_GET_M(item, m);
689 	NG_FREE_ITEM(item);
690 	/* Sanity checks */
691 	KASSERT(iffam != NULL, ("%s: iffam", __func__));
692 	M_ASSERTPKTHDR(m);
693 	if ((ifp->if_flags & IFF_UP) == 0) {
694 		NG_FREE_M(m);
695 		return (ENETDOWN);
696 	}
697 
698 	/* Update interface stats */
699 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
700 	if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
701 
702 	/* Note receiving interface */
703 	m->m_pkthdr.rcvif = ifp;
704 
705 	/* Berkeley packet filter */
706 	ng_iface_bpftap(ifp, m, iffam->family);
707 
708 	/* Send packet */
709 	switch (iffam->family) {
710 #ifdef INET
711 	case AF_INET:
712 		isr = NETISR_IP;
713 		break;
714 #endif
715 #ifdef INET6
716 	case AF_INET6:
717 		isr = NETISR_IPV6;
718 		break;
719 #endif
720 	default:
721 		m_freem(m);
722 		return (EAFNOSUPPORT);
723 	}
724 	random_harvest_queue(m, sizeof(*m), RANDOM_NET_NG);
725 	M_SETFIB(m, ifp->if_fib);
726 	CURVNET_SET(ifp->if_vnet);
727 	NET_EPOCH_ENTER(et);
728 	netisr_dispatch(isr, m);
729 	NET_EPOCH_EXIT(et);
730 	CURVNET_RESTORE();
731 	return (0);
732 }
733 
734 /*
735  * Shutdown and remove the node and its associated interface.
736  */
737 static int
738 ng_iface_shutdown(node_p node)
739 {
740 	const priv_p priv = NG_NODE_PRIVATE(node);
741 
742 	/*
743 	 * The ifnet may be in a different vnet than the netgraph node,
744 	 * hence we have to change the current vnet context here.
745 	 */
746 	CURVNET_SET_QUIET(priv->ifp->if_vnet);
747 	bpfdetach(priv->ifp);
748 	if_detach(priv->ifp);
749 	if_free(priv->ifp);
750 	CURVNET_RESTORE();
751 	priv->ifp = NULL;
752 	free_unr(V_ng_iface_unit, priv->unit);
753 	rm_destroy(&priv->lock);
754 	free(priv, M_NETGRAPH_IFACE);
755 	NG_NODE_SET_PRIVATE(node, NULL);
756 	NG_NODE_UNREF(node);
757 	return (0);
758 }
759 
760 /*
761  * Hook disconnection. Note that we do *not* shutdown when all
762  * hooks have been disconnected.
763  */
764 static int
765 ng_iface_disconnect(hook_p hook)
766 {
767 	const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
768 	const iffam_p iffam = get_iffam_from_hook(priv, hook);
769 
770 	if (iffam == NULL)
771 		panic("%s", __func__);
772 	PRIV_WLOCK(priv);
773 	*get_hook_from_iffam(priv, iffam) = NULL;
774 	PRIV_WUNLOCK(priv);
775 	return (0);
776 }
777 
778 /*
779  * Handle loading and unloading for this node type.
780  */
781 static int
782 ng_iface_mod_event(module_t mod, int event, void *data)
783 {
784 	int error = 0;
785 
786 	switch (event) {
787 	case MOD_LOAD:
788 	case MOD_UNLOAD:
789 		break;
790 	default:
791 		error = EOPNOTSUPP;
792 		break;
793 	}
794 	return (error);
795 }
796 
797 static void
798 vnet_ng_iface_init(const void *unused)
799 {
800 
801 	V_ng_iface_unit = new_unrhdr(0, 0xffff, NULL);
802 }
803 VNET_SYSINIT(vnet_ng_iface_init, SI_SUB_PSEUDO, SI_ORDER_ANY,
804     vnet_ng_iface_init, NULL);
805 
806 static void
807 vnet_ng_iface_uninit(const void *unused)
808 {
809 
810 	delete_unrhdr(V_ng_iface_unit);
811 }
812 VNET_SYSUNINIT(vnet_ng_iface_uninit, SI_SUB_INIT_IF, SI_ORDER_ANY,
813     vnet_ng_iface_uninit, NULL);
814