| if_bridge.c (240071) | if_bridge.c (240099) |
|---|---|
| 1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * --- 61 unchanged lines hidden (view full) --- 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77#include <sys/cdefs.h> | 1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * --- 61 unchanged lines hidden (view full) --- 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77#include <sys/cdefs.h> |
| 78__FBSDID("$FreeBSD: head/sys/net/if_bridge.c 240071 2012-09-03 10:08:20Z glebius $"); | 78__FBSDID("$FreeBSD: head/sys/net/if_bridge.c 240099 2012-09-04 19:43:26Z melifaro $"); |
| 79 80#include "opt_inet.h" 81#include "opt_inet6.h" 82 83#include <sys/param.h> 84#include <sys/mbuf.h> 85#include <sys/malloc.h> 86#include <sys/protosw.h> --- 8 unchanged lines hidden (view full) --- 95#include <sys/syslog.h> 96#include <sys/sysctl.h> 97#include <vm/uma.h> 98#include <sys/module.h> 99#include <sys/priv.h> 100#include <sys/proc.h> 101#include <sys/lock.h> 102#include <sys/mutex.h> | 79 80#include "opt_inet.h" 81#include "opt_inet6.h" 82 83#include <sys/param.h> 84#include <sys/mbuf.h> 85#include <sys/malloc.h> 86#include <sys/protosw.h> --- 8 unchanged lines hidden (view full) --- 95#include <sys/syslog.h> 96#include <sys/sysctl.h> 97#include <vm/uma.h> 98#include <sys/module.h> 99#include <sys/priv.h> 100#include <sys/proc.h> 101#include <sys/lock.h> 102#include <sys/mutex.h> |
| 103#include <sys/rwlock.h> | |
| 104 105#include <net/bpf.h> 106#include <net/if.h> 107#include <net/if_clone.h> 108#include <net/if_dl.h> 109#include <net/if_types.h> 110#include <net/if_var.h> 111#include <net/pfil.h> --- 14 unchanged lines hidden (view full) --- 126#include <machine/in_cksum.h> 127#include <netinet/if_ether.h> /* for struct arpcom */ 128#include <net/bridgestp.h> 129#include <net/if_bridgevar.h> 130#include <net/if_llc.h> 131#include <net/if_vlan_var.h> 132 133#include <net/route.h> | 103 104#include <net/bpf.h> 105#include <net/if.h> 106#include <net/if_clone.h> 107#include <net/if_dl.h> 108#include <net/if_types.h> 109#include <net/if_var.h> 110#include <net/pfil.h> --- 14 unchanged lines hidden (view full) --- 125#include <machine/in_cksum.h> 126#include <netinet/if_ether.h> /* for struct arpcom */ 127#include <net/bridgestp.h> 128#include <net/if_bridgevar.h> 129#include <net/if_llc.h> 130#include <net/if_vlan_var.h> 131 132#include <net/route.h> |
| 134#include <netinet/ip_fw.h> 135#include <netinet/ipfw/ip_fw_private.h> | |
| 136 137/* 138 * Size of the route hash table. Must be a power of two. 139 */ 140#ifndef BRIDGE_RTHASH_SIZE 141#define BRIDGE_RTHASH_SIZE 1024 142#endif 143 --- 2832 unchanged lines hidden (view full) --- 2976 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2977 * that interface. 2978 */ 2979static int 2980bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2981{ 2982 int snap, error, i, hlen; 2983 struct ether_header *eh1, eh2; | 133 134/* 135 * Size of the route hash table. Must be a power of two. 136 */ 137#ifndef BRIDGE_RTHASH_SIZE 138#define BRIDGE_RTHASH_SIZE 1024 139#endif 140 --- 2832 unchanged lines hidden (view full) --- 2973 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2974 * that interface. 2975 */ 2976static int 2977bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2978{ 2979 int snap, error, i, hlen; 2980 struct ether_header *eh1, eh2; |
| 2984 struct ip_fw_args args; | |
| 2985 struct ip *ip; 2986 struct llc llc1; 2987 u_int16_t ether_type; 2988 2989 snap = 0; 2990 error = -1; /* Default error if not error == 0 */ 2991 2992#if 0 --- 57 unchanged lines hidden (view full) --- 3050 * Check to see if the user wants to pass non-ip 3051 * packets, these will not be checked by pfil(9) and 3052 * passed unconditionally so the default is to drop. 3053 */ 3054 if (pfil_onlyip) 3055 goto bad; 3056 } 3057 | 2981 struct ip *ip; 2982 struct llc llc1; 2983 u_int16_t ether_type; 2984 2985 snap = 0; 2986 error = -1; /* Default error if not error == 0 */ 2987 2988#if 0 --- 57 unchanged lines hidden (view full) --- 3046 * Check to see if the user wants to pass non-ip 3047 * packets, these will not be checked by pfil(9) and 3048 * passed unconditionally so the default is to drop. 3049 */ 3050 if (pfil_onlyip) 3051 goto bad; 3052 } 3053 |
| 3054 /* Run the packet through pfil before stripping link headers */ 3055 if (PFIL_HOOKED(&V_link_pfil_hook) && pfil_ipfw != 0 && 3056 dir == PFIL_OUT && ifp != NULL) { 3057 3058 error = pfil_run_hooks(&V_link_pfil_hook, mp, ifp, dir, NULL); 3059 3060 if (*mp == NULL || error != 0) /* packet consumed by filter */ 3061 return (error); 3062 } 3063 |
|
| 3058 /* Strip off the Ethernet header and keep a copy. */ 3059 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3060 m_adj(*mp, ETHER_HDR_LEN); 3061 3062 /* Strip off snap header, if present */ 3063 if (snap) { 3064 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3065 m_adj(*mp, sizeof(struct llc)); --- 14 unchanged lines hidden (view full) --- 3080#endif /* INET6 */ 3081 default: 3082 error = 0; 3083 } 3084 if (error) 3085 goto bad; 3086 } 3087 | 3064 /* Strip off the Ethernet header and keep a copy. */ 3065 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3066 m_adj(*mp, ETHER_HDR_LEN); 3067 3068 /* Strip off snap header, if present */ 3069 if (snap) { 3070 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3071 m_adj(*mp, sizeof(struct llc)); --- 14 unchanged lines hidden (view full) --- 3086#endif /* INET6 */ 3087 default: 3088 error = 0; 3089 } 3090 if (error) 3091 goto bad; 3092 } 3093 |
| 3088 /* XXX this section is also in if_ethersubr.c */ 3089 // XXX PFIL_OUT or DIR_OUT ? 3090 if (V_ip_fw_chk_ptr && pfil_ipfw != 0 && 3091 dir == PFIL_OUT && ifp != NULL) { 3092 struct m_tag *mtag; 3093 3094 error = -1; 3095 /* fetch the start point from existing tags, if any */ 3096 mtag = m_tag_locate(*mp, MTAG_IPFW_RULE, 0, NULL); 3097 if (mtag == NULL) { 3098 args.rule.slot = 0; 3099 } else { 3100 struct ipfw_rule_ref *r; 3101 3102 /* XXX can we free the tag after use ? */ 3103 mtag->m_tag_id = PACKET_TAG_NONE; 3104 r = (struct ipfw_rule_ref *)(mtag + 1); 3105 /* packet already partially processed ? */ 3106 if (r->info & IPFW_ONEPASS) 3107 goto ipfwpass; 3108 args.rule = *r; 3109 } 3110 3111 args.m = *mp; 3112 args.oif = ifp; 3113 args.next_hop = NULL; 3114 args.next_hop6 = NULL; 3115 args.eh = &eh2; 3116 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 3117 i = V_ip_fw_chk_ptr(&args); 3118 *mp = args.m; 3119 3120 if (*mp == NULL) 3121 return (error); 3122 3123 if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) { 3124 3125 /* put the Ethernet header back on */ 3126 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3127 if (*mp == NULL) 3128 return (error); 3129 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3130 3131 /* 3132 * Pass the pkt to dummynet, which consumes it. The 3133 * packet will return to us via bridge_dummynet(). 3134 */ 3135 args.oif = ifp; 3136 ip_dn_io_ptr(mp, DIR_FWD | PROTO_IFB, &args); 3137 return (error); 3138 } 3139 3140 if (i != IP_FW_PASS) /* drop */ 3141 goto bad; 3142 } 3143 3144ipfwpass: | |
| 3145 error = 0; 3146 3147 /* 3148 * Run the packet through pfil 3149 */ 3150 switch (ether_type) { 3151 case ETHERTYPE_IP: 3152 /* --- 376 unchanged lines hidden --- | 3094 error = 0; 3095 3096 /* 3097 * Run the packet through pfil 3098 */ 3099 switch (ether_type) { 3100 case ETHERTYPE_IP: 3101 /* --- 376 unchanged lines hidden --- |