Cross Reference: /freebsd-11.0-release/sys/net/if

Deleted Added

sdiff udiff text old ( 185164 ) new ( 185571 )

full compact

if_ethersubr.c (185164)	if_ethersubr.c (185571)
1/- 2 Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93	1/- 2 Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93
30 * $FreeBSD: head/sys/net/if_ethersubr.c 185164 2008-11-22 07:35:45Z kmacy $	30 * $FreeBSD: head/sys/net/if_ethersubr.c 185571 2008-12-02 21:37:28Z bz $
31 */ 32 33#include "opt_atalk.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36#include "opt_ipx.h" 37#include "opt_mac.h" 38#include "opt_netgraph.h" 39#include "opt_carp.h" 40#include "opt_mbuf_profiling.h" 41 42#include <sys/param.h> 43#include <sys/systm.h> 44#include <sys/kernel.h> 45#include <sys/malloc.h> 46#include <sys/module.h> 47#include <sys/mbuf.h> 48#include <sys/random.h> 49#include <sys/socket.h> 50#include <sys/sockio.h> 51#include <sys/sysctl.h> 52#include <sys/vimage.h> 53 54#include <net/if.h> 55#include <net/if_arp.h> 56#include <net/netisr.h> 57#include <net/route.h> 58#include <net/if_llc.h> 59#include <net/if_dl.h> 60#include <net/if_types.h> 61#include <net/bpf.h> 62#include <net/ethernet.h> 63#include <net/if_bridgevar.h> 64#include <net/if_vlan_var.h> 65#include <net/pf_mtag.h>	31 */ 32 33#include "opt_atalk.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36#include "opt_ipx.h" 37#include "opt_mac.h" 38#include "opt_netgraph.h" 39#include "opt_carp.h" 40#include "opt_mbuf_profiling.h" 41 42#include <sys/param.h> 43#include <sys/systm.h> 44#include <sys/kernel.h> 45#include <sys/malloc.h> 46#include <sys/module.h> 47#include <sys/mbuf.h> 48#include <sys/random.h> 49#include <sys/socket.h> 50#include <sys/sockio.h> 51#include <sys/sysctl.h> 52#include <sys/vimage.h> 53 54#include <net/if.h> 55#include <net/if_arp.h> 56#include <net/netisr.h> 57#include <net/route.h> 58#include <net/if_llc.h> 59#include <net/if_dl.h> 60#include <net/if_types.h> 61#include <net/bpf.h> 62#include <net/ethernet.h> 63#include <net/if_bridgevar.h> 64#include <net/if_vlan_var.h> 65#include <net/pf_mtag.h>
	66#include <net/vnet.h>
66 67#if defined(INET) \|\| defined(INET6) 68#include <netinet/in.h> 69#include <netinet/in_var.h> 70#include <netinet/if_ether.h> 71#include <netinet/ip_fw.h> 72#include <netinet/ip_dummynet.h> 73#endif 74#ifdef INET6 75#include <netinet6/nd6.h> 76#endif 77 78#ifdef DEV_CARP 79#include <netinet/ip_carp.h> 80#endif 81 82#ifdef IPX 83#include <netipx/ipx.h> 84#include <netipx/ipx_if.h> 85#endif 86int (ef_inputp)(struct ifnet, struct ether_header eh, struct mbuf m); 87int (ef_outputp)(struct ifnet ifp, struct mbuf *mp, 88 struct sockaddr dst, short tp, int hlen); 89 90#ifdef NETATALK 91#include <netatalk/at.h> 92#include <netatalk/at_var.h> 93#include <netatalk/at_extern.h> 94 95#define llc_snap_org_code llc_un.type_snap.org_code 96#define llc_snap_ether_type llc_un.type_snap.ether_type 97 98extern u_char at_org_code[3]; 99extern u_char aarp_org_code[3]; 100#endif /* NETATALK / 101* 102#include <security/mac/mac_framework.h> 103 104#ifdef CTASSERT 105CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2); 106CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN); 107#endif 108 109/* netgraph node hooks for ng_ether(4) / 110void (ng_ether_input_p)(struct ifnet ifp, struct mbuf mp); 111void (ng_ether_input_orphan_p)(struct ifnet ifp, struct mbuf m); 112int (ng_ether_output_p)(struct ifnet ifp, struct mbuf *mp); 113void (ng_ether_attach_p)(struct ifnet ifp); 114void (ng_ether_detach_p)(struct ifnet ifp); 115* 116void (vlan_input_p)(struct ifnet , struct mbuf ); 117* 118/* if_bridge(4) support / 119struct mbuf (bridge_input_p)(struct ifnet , struct mbuf ); 120int (bridge_output_p)(struct ifnet , struct mbuf , 121 struct sockaddr , struct rtentry ); 122void (bridge_dn_p)(struct mbuf , struct ifnet ); 123* 124/* if_lagg(4) support / 125struct mbuf (lagg_input_p)(struct ifnet , struct mbuf ); 126* 127static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 128 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 129 130static int ether_resolvemulti(struct ifnet , struct sockaddr , 131* struct sockaddr ); 132* 133/* XXX: should be in an arp support file, not here / 134MALLOC_DEFINE(M_ARPCOM, "arpcom", "802. interface internals"); 135 136#define ETHER_IS_BROADCAST(addr) \ 137 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 138 139#define senderr(e) do { error = (e); goto bad;} while (0) 140 141#if defined(INET) \|\| defined(INET6) 142int 143ether_ipfw_chk(struct mbuf *m0, struct ifnet dst, 144 struct ip_fw *rule, int shared); 145#ifdef VIMAGE_GLOBALS 146static int ether_ipfw; 147#endif 148#endif 149* 150/* 151 * Ethernet output routine. 152 * Encapsulate a packet of type family for the local net. 153 * Use trailer local net encapsulation if enough data in first 154 * packet leaves a multiple of 512 bytes of data in remainder. 155 / 156int 157ether_output(struct ifnet ifp, struct mbuf m, 158* struct sockaddr dst, struct rtentry rt0) 159{ 160 short type; 161 int error, hdrcmplt = 0; 162 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 163 struct ether_header eh; 164* struct pf_mtag t; 165* int loop_copy = 1; 166 int hlen; /* link layer header length / 167* 168#ifdef MAC 169 error = mac_ifnet_check_transmit(ifp, m); 170 if (error) 171 senderr(error); 172#endif 173 174 M_PROFILE(m); 175 if (ifp->if_flags & IFF_MONITOR) 176 senderr(ENETDOWN); 177 if (!((ifp->if_flags & IFF_UP) && 178 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 179 senderr(ENETDOWN); 180 181 hlen = ETHER_HDR_LEN; 182 switch (dst->sa_family) { 183#ifdef INET 184 case AF_INET: 185 error = arpresolve(ifp, rt0, m, dst, edst); 186 if (error) 187 return (error == EWOULDBLOCK ? 0 : error); 188 type = htons(ETHERTYPE_IP); 189 break; 190 case AF_ARP: 191 { 192 struct arphdr ah; 193* ah = mtod(m, struct arphdr ); 194* ah->ar_hrd = htons(ARPHRD_ETHER); 195 196 loop_copy = 0; /* if this is for us, don't do it / 197* 198 switch(ntohs(ah->ar_op)) { 199 case ARPOP_REVREQUEST: 200 case ARPOP_REVREPLY: 201 type = htons(ETHERTYPE_REVARP); 202 break; 203 case ARPOP_REQUEST: 204 case ARPOP_REPLY: 205 default: 206 type = htons(ETHERTYPE_ARP); 207 break; 208 } 209 210 if (m->m_flags & M_BCAST) 211 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 212 else 213 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 214 215 } 216 break; 217#endif 218#ifdef INET6 219 case AF_INET6: 220 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char )edst); 221* if (error) 222 return error; 223 type = htons(ETHERTYPE_IPV6); 224 break; 225#endif 226#ifdef IPX 227 case AF_IPX: 228 if (ef_outputp) { 229 error = ef_outputp(ifp, &m, dst, &type, &hlen); 230 if (error) 231 goto bad; 232 } else 233 type = htons(ETHERTYPE_IPX); 234 bcopy((caddr_t)&(((struct sockaddr_ipx )dst)->sipx_addr.x_host), 235* (caddr_t)edst, sizeof (edst)); 236 break; 237#endif 238#ifdef NETATALK 239 case AF_APPLETALK: 240 { 241 struct at_ifaddr aa; 242* 243 if ((aa = at_ifawithnet((struct sockaddr_at )dst)) == NULL) 244* senderr(EHOSTUNREACH); /* XXX / 245* if (!aarpresolve(ifp, m, (struct sockaddr_at )dst, edst)) 246* return (0); 247 /* 248 * In the phase 2 case, need to prepend an mbuf for the llc header. 249 / 250* if ( aa->aa_flags & AFA_PHASE2 ) { 251 struct llc llc; 252 253 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 254 if (m == NULL) 255 senderr(ENOBUFS); 256 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 257 llc.llc_control = LLC_UI; 258 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 259 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 260 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 261 type = htons(m->m_pkthdr.len); 262 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 263 } else { 264 type = htons(ETHERTYPE_AT); 265 } 266 break; 267 } 268#endif /* NETATALK / 269* 270 case pseudo_AF_HDRCMPLT: 271 hdrcmplt = 1; 272 eh = (struct ether_header )dst->sa_data; 273* (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 274 /* FALLTHROUGH / 275* 276 case AF_UNSPEC: 277 loop_copy = 0; /* if this is for us, don't do it / 278* eh = (struct ether_header )dst->sa_data; 279* (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 280 type = eh->ether_type; 281 break; 282 283 default: 284 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 285 senderr(EAFNOSUPPORT); 286 } 287 288 /* 289 * Add local net header. If no space in first mbuf, 290 * allocate another. 291 / 292* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 293 if (m == NULL) 294 senderr(ENOBUFS); 295 eh = mtod(m, struct ether_header ); 296* (void)memcpy(&eh->ether_type, &type, 297 sizeof(eh->ether_type)); 298 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 299 if (hdrcmplt) 300 (void)memcpy(eh->ether_shost, esrc, 301 sizeof(eh->ether_shost)); 302 else 303 (void)memcpy(eh->ether_shost, IF_LLADDR(ifp), 304 sizeof(eh->ether_shost)); 305 306 /* 307 * If a simplex interface, and the packet is being sent to our 308 * Ethernet address or a broadcast address, loopback a copy. 309 * XXX To make a simplex device behave exactly like a duplex 310 * device, we should copy in the case of sending to our own 311 * ethernet address (thus letting the original actually appear 312 * on the wire). However, we don't do that here for security 313 * reasons and compatibility with the original behavior. 314 / 315* if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy && 316 ((t = pf_find_mtag(m)) == NULL \|\| !t->routed)) { 317 int csum_flags = 0; 318 319 if (m->m_pkthdr.csum_flags & CSUM_IP) 320 csum_flags \|= (CSUM_IP_CHECKED\|CSUM_IP_VALID); 321 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 322 csum_flags \|= (CSUM_DATA_VALID\|CSUM_PSEUDO_HDR); 323 324 if (m->m_flags & M_BCAST) { 325 struct mbuf n; 326* 327 /* 328 * Because if_simloop() modifies the packet, we need a 329 * writable copy through m_dup() instead of a readonly 330 * one as m_copy[m] would give us. The alternative would 331 * be to modify if_simloop() to handle the readonly mbuf, 332 * but performancewise it is mostly equivalent (trading 333 * extra data copying vs. extra locking). 334 * 335 * XXX This is a local workaround. A number of less 336 * often used kernel parts suffer from the same bug. 337 * See PR kern/105943 for a proposed general solution. 338 / 339* if ((n = m_dup(m, M_DONTWAIT)) != NULL) { 340 n->m_pkthdr.csum_flags \|= csum_flags; 341 if (csum_flags & CSUM_DATA_VALID) 342 n->m_pkthdr.csum_data = 0xffff; 343 (void)if_simloop(ifp, n, dst->sa_family, hlen); 344 } else 345 ifp->if_iqdrops++; 346 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 347 ETHER_ADDR_LEN) == 0) { 348 m->m_pkthdr.csum_flags \|= csum_flags; 349 if (csum_flags & CSUM_DATA_VALID) 350 m->m_pkthdr.csum_data = 0xffff; 351 (void) if_simloop(ifp, m, dst->sa_family, hlen); 352 return (0); /* XXX / 353* } 354 } 355 356 /* 357 * Bridges require special output handling. 358 / 359* if (ifp->if_bridge) { 360 BRIDGE_OUTPUT(ifp, m, error); 361 return (error); 362 } 363 364#ifdef DEV_CARP 365 if (ifp->if_carp && 366 (error = carp_output(ifp, m, dst, NULL))) 367 goto bad; 368#endif 369 370 /* Handle ng_ether(4) processing, if any / 371* if (IFP2AC(ifp)->ac_netgraph != NULL) { 372 KASSERT(ng_ether_output_p != NULL, 373 ("ng_ether_output_p is NULL")); 374 if ((error = (ng_ether_output_p)(ifp, &m)) != 0) { 375bad: if (m != NULL) 376* m_freem(m); 377 return (error); 378 } 379 if (m == NULL) 380 return (0); 381 } 382 383 /* Continue with link-layer output / 384* return ether_output_frame(ifp, m); 385} 386 387/* 388 * Ethernet link layer output routine to send a raw frame to the device. 389 * 390 * This assumes that the 14 byte Ethernet header is present and contiguous 391 * in the first mbuf (if BRIDGE'ing). 392 / 393int 394ether_output_frame(struct ifnet ifp, struct mbuf m) 395{ 396#if defined(INET) \|\| defined(INET6) 397* INIT_VNET_NET(ifp->if_vnet); 398 struct ip_fw rule = ip_dn_claim_rule(m); 399* 400 if (IPFW_LOADED && V_ether_ipfw != 0) { 401 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 402 if (m) { 403 m_freem(m); 404 return EACCES; /* pkt dropped / 405* } else 406 return 0; /* consumed e.g. in a pipe / 407* } 408 } 409#endif 410 411 /* 412 * Queue message on interface, update output statistics if 413 * successful, and start output if interface not yet active. 414 / 415* return ((ifp->if_transmit)(ifp, m)); 416} 417 418#if defined(INET) \|\| defined(INET6) 419/* 420 * ipfw processing for ethernet packets (in and out). 421 * The second parameter is NULL from ether_demux, and ifp from 422 * ether_output_frame. 423 / 424int 425ether_ipfw_chk(struct mbuf m0, struct ifnet dst, 426 struct ip_fw *rule, int shared) 427{ 428* INIT_VNET_IPFW(dst->if_vnet); 429 struct ether_header eh; 430* struct ether_header save_eh; 431 struct mbuf m; 432* int i; 433 struct ip_fw_args args; 434 435 if (rule != NULL && V_fw_one_pass) 436* return 1; /* dummynet packet, already partially processed / 437* 438 /* 439 * I need some amt of data to be contiguous, and in case others need 440 * the packet (shared==1) also better be in the first mbuf. 441 / 442* m = m0; 443* i = min( m->m_pkthdr.len, max_protohdr); 444 if ( shared \|\| m->m_len < i) { 445 m = m_pullup(m, i); 446 if (m == NULL) { 447 m0 = m; 448* return 0; 449 } 450 } 451 eh = mtod(m, struct ether_header ); 452* save_eh = eh; / save copy for restore below / 453* m_adj(m, ETHER_HDR_LEN); /* strip ethernet header / 454* 455 args.m = m; /* the packet we are looking at / 456* args.oif = dst; /* destination, if any / 457* args.rule = rule; / matching rule to restart / 458* args.next_hop = NULL; /* we do not support forward yet / 459* args.eh = &save_eh; /* MAC header for bridged/MAC packets / 460* args.inp = NULL; /* used by ipfw uid/gid/jail rules / 461* i = ip_fw_chk_ptr(&args); 462 m = args.m; 463 if (m != NULL) { 464 /* 465 * Restore Ethernet header, as needed, in case the 466 * mbuf chain was replaced by ipfw. 467 / 468* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 469 if (m == NULL) { 470 m0 = m; 471* return 0; 472 } 473 if (eh != mtod(m, struct ether_header )) 474* bcopy(&save_eh, mtod(m, struct ether_header ), 475* ETHER_HDR_LEN); 476 } 477 m0 = m; 478* rule = args.rule; 479* 480 if (i == IP_FW_DENY) /* drop / 481* return 0; 482 483 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL")); 484 485 if (i == IP_FW_PASS) /* a PASS rule. / 486* return 1; 487 488 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 489 /* 490 * Pass the pkt to dummynet, which consumes it. 491 * If shared, make a copy and keep the original. 492 / 493* if (shared) { 494 m = m_copypacket(m, M_DONTWAIT); 495 if (m == NULL) 496 return 0; 497 } else { 498 /* 499 * Pass the original to dummynet and 500 * nothing back to the caller 501 / 502* m0 = NULL ; 503* } 504 ip_dn_io_ptr(&m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 505 return 0; 506 } 507 /* 508 * XXX at some point add support for divert/forward actions. 509 * If none of the above matches, we have to drop the pkt. 510 / 511* return 0; 512} 513#endif 514 515/* 516 * Process a received Ethernet packet; the packet is in the 517 * mbuf chain m with the ethernet header at the front. 518 / 519static void 520ether_input(struct ifnet ifp, struct mbuf m) 521{ 522* struct ether_header eh; 523* u_short etype; 524 525 if ((ifp->if_flags & IFF_UP) == 0) { 526 m_freem(m); 527 return; 528 } 529#ifdef DIAGNOSTIC 530 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 531 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n"); 532 m_freem(m); 533 return; 534 } 535#endif 536 /* 537 * Do consistency checks to verify assumptions 538 * made by code past this point. 539 / 540* if ((m->m_flags & M_PKTHDR) == 0) { 541 if_printf(ifp, "discard frame w/o packet header\n"); 542 ifp->if_ierrors++; 543 m_freem(m); 544 return; 545 } 546 if (m->m_len < ETHER_HDR_LEN) { 547 /* XXX maybe should pullup? / 548* if_printf(ifp, "discard frame w/o leading ethernet " 549 "header (len %u pkt len %u)\n", 550 m->m_len, m->m_pkthdr.len); 551 ifp->if_ierrors++; 552 m_freem(m); 553 return; 554 } 555 eh = mtod(m, struct ether_header ); 556* etype = ntohs(eh->ether_type); 557 if (m->m_pkthdr.rcvif == NULL) { 558 if_printf(ifp, "discard frame w/o interface pointer\n"); 559 ifp->if_ierrors++; 560 m_freem(m); 561 return; 562 } 563#ifdef DIAGNOSTIC 564 if (m->m_pkthdr.rcvif != ifp) { 565 if_printf(ifp, "Warning, frame marked as received on %s\n", 566 m->m_pkthdr.rcvif->if_xname); 567 } 568#endif 569 570 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 571 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 572 m->m_flags \|= M_BCAST; 573 else 574 m->m_flags \|= M_MCAST; 575 ifp->if_imcasts++; 576 } 577 578#ifdef MAC 579 /* 580 * Tag the mbuf with an appropriate MAC label before any other 581 * consumers can get to it. 582 / 583* mac_ifnet_create_mbuf(ifp, m); 584#endif 585 586 /* 587 * Give bpf a chance at the packet. 588 / 589* ETHER_BPF_MTAP(ifp, m); 590 591 /* 592 * If the CRC is still on the packet, trim it off. We do this once 593 * and once only in case we are re-entered. Nothing else on the 594 * Ethernet receive path expects to see the FCS. 595 / 596* if (m->m_flags & M_HASFCS) { 597 m_adj(m, -ETHER_CRC_LEN); 598 m->m_flags &= ~M_HASFCS; 599 } 600 601 ifp->if_ibytes += m->m_pkthdr.len; 602 603 /* Allow monitor mode to claim this frame, after stats are updated. / 604* if (ifp->if_flags & IFF_MONITOR) { 605 m_freem(m); 606 return; 607 } 608 609 /* Handle input from a lagg(4) port / 610* if (ifp->if_type == IFT_IEEE8023ADLAG) { 611 KASSERT(lagg_input_p != NULL, 612 ("%s: if_lagg not loaded!", __func__)); 613 m = (lagg_input_p)(ifp, m); 614* if (m != NULL) 615 ifp = m->m_pkthdr.rcvif; 616 else 617 return; 618 } 619 620 /* 621 * If the hardware did not process an 802.1Q tag, do this now, 622 * to allow 802.1P priority frames to be passed to the main input 623 * path correctly. 624 * TODO: Deal with Q-in-Q frames, but not arbitrary nesting levels. 625 / 626* if ((m->m_flags & M_VLANTAG) == 0 && etype == ETHERTYPE_VLAN) { 627 struct ether_vlan_header evl; 628* 629 if (m->m_len < sizeof(evl) && 630* (m = m_pullup(m, sizeof(evl))) == NULL) { 631#ifdef DIAGNOSTIC 632* if_printf(ifp, "cannot pullup VLAN header\n"); 633#endif 634 ifp->if_ierrors++; 635 m_freem(m); 636 return; 637 } 638 639 evl = mtod(m, struct ether_vlan_header ); 640* m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag); 641 m->m_flags \|= M_VLANTAG; 642 643 bcopy((char )evl, (char )evl + ETHER_VLAN_ENCAP_LEN, 644 ETHER_HDR_LEN - ETHER_TYPE_LEN); 645 m_adj(m, ETHER_VLAN_ENCAP_LEN); 646 } 647 648 /* Allow ng_ether(4) to claim this frame. / 649* if (IFP2AC(ifp)->ac_netgraph != NULL) { 650 KASSERT(ng_ether_input_p != NULL, 651 ("%s: ng_ether_input_p is NULL", __func__)); 652 m->m_flags &= ~M_PROMISC; 653 (ng_ether_input_p)(ifp, &m); 654* if (m == NULL) 655 return; 656 } 657 658 /* 659 * Allow if_bridge(4) to claim this frame. 660 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it 661 * and the frame should be delivered locally. 662 / 663* if (ifp->if_bridge != NULL) { 664 m->m_flags &= ~M_PROMISC; 665 BRIDGE_INPUT(ifp, m); 666 if (m == NULL) 667 return; 668 } 669 670#ifdef DEV_CARP 671 /* 672 * Clear M_PROMISC on frame so that carp(4) will see it when the 673 * mbuf flows up to Layer 3. 674 * FreeBSD's implementation of carp(4) uses the inprotosw 675 * to dispatch IPPROTO_CARP. carp(4) also allocates its own 676 * Ethernet addresses of the form 00:00:5e:00:01:xx, which 677 * is outside the scope of the M_PROMISC test below. 678 * TODO: Maintain a hash table of ethernet addresses other than 679 * ether_dhost which may be active on this ifp. 680 / 681* if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) { 682 m->m_flags &= ~M_PROMISC; 683 } else 684#endif 685 { 686 /* 687 * If the frame received was not for our MAC address, set the 688 * M_PROMISC flag on the mbuf chain. The frame may need to 689 * be seen by the rest of the Ethernet input path in case of 690 * re-entry (e.g. bridge, vlan, netgraph) but should not be 691 * seen by upper protocol layers. 692 / 693* if (!ETHER_IS_MULTICAST(eh->ether_dhost) && 694 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0) 695 m->m_flags \|= M_PROMISC; 696 } 697 698 /* First chunk of an mbuf contains good entropy / 699* if (harvest.ethernet) 700 random_harvest(m, 16, 3, 0, RANDOM_NET); 701 702 ether_demux(ifp, m); 703} 704 705/* 706 * Upper layer processing for a received Ethernet packet. 707 / 708void 709ether_demux(struct ifnet ifp, struct mbuf m) 710{ 711* struct ether_header eh; 712* int isr; 713 u_short ether_type; 714#if defined(NETATALK) 715 struct llc l; 716#endif 717* 718 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); 719 720#if defined(INET) \|\| defined(INET6) 721 INIT_VNET_NET(ifp->if_vnet); 722 /* 723 * Allow dummynet and/or ipfw to claim the frame. 724 * Do not do this for PROMISC frames in case we are re-entered. 725 / 726* if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { 727 struct ip_fw rule = ip_dn_claim_rule(m); 728* 729 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 730 if (m) 731 m_freem(m); /* dropped; free mbuf chain / 732* return; /* consumed / 733* } 734 } 735#endif 736 eh = mtod(m, struct ether_header ); 737* ether_type = ntohs(eh->ether_type); 738 739 /* 740 * If this frame has a VLAN tag other than 0, call vlan_input() 741 * if its module is loaded. Otherwise, drop. 742 / 743* if ((m->m_flags & M_VLANTAG) && 744 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) { 745 if (ifp->if_vlantrunk == NULL) { 746 ifp->if_noproto++; 747 m_freem(m); 748 return; 749 } 750 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!", 751 __func__)); 752 /* Clear before possibly re-entering ether_input(). / 753* m->m_flags &= ~M_PROMISC; 754 (vlan_input_p)(ifp, m); 755* return; 756 } 757 758 /* 759 * Pass promiscuously received frames to the upper layer if the user 760 * requested this by setting IFF_PPROMISC. Otherwise, drop them. 761 / 762* if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) { 763 m_freem(m); 764 return; 765 } 766 767 /* 768 * Reset layer specific mbuf flags to avoid confusing upper layers. 769 * Strip off Ethernet header. 770 / 771* m->m_flags &= ~M_VLANTAG; 772 m->m_flags &= ~(M_PROTOFLAGS); 773 m_adj(m, ETHER_HDR_LEN); 774 775 /* 776 * Dispatch frame to upper layer. 777 / 778* switch (ether_type) { 779#ifdef INET 780 case ETHERTYPE_IP: 781 if ((m = ip_fastforward(m)) == NULL) 782 return; 783 isr = NETISR_IP; 784 break; 785 786 case ETHERTYPE_ARP: 787 if (ifp->if_flags & IFF_NOARP) { 788 /* Discard packet if ARP is disabled on interface / 789* m_freem(m); 790 return; 791 } 792 isr = NETISR_ARP; 793 break; 794#endif 795#ifdef IPX 796 case ETHERTYPE_IPX: 797 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 798 return; 799 isr = NETISR_IPX; 800 break; 801#endif 802#ifdef INET6 803 case ETHERTYPE_IPV6: 804 isr = NETISR_IPV6; 805 break; 806#endif 807#ifdef NETATALK 808 case ETHERTYPE_AT: 809 isr = NETISR_ATALK1; 810 break; 811 case ETHERTYPE_AARP: 812 isr = NETISR_AARP; 813 break; 814#endif /* NETATALK / 815* default: 816#ifdef IPX 817 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 818 return; 819#endif /* IPX / 820#if defined(NETATALK) 821* if (ether_type > ETHERMTU) 822 goto discard; 823 l = mtod(m, struct llc ); 824* if (l->llc_dsap == LLC_SNAP_LSAP && 825 l->llc_ssap == LLC_SNAP_LSAP && 826 l->llc_control == LLC_UI) { 827 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 828 sizeof(at_org_code)) == 0 && 829 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 830 m_adj(m, LLC_SNAPFRAMELEN); 831 isr = NETISR_ATALK2; 832 break; 833 } 834 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 835 sizeof(aarp_org_code)) == 0 && 836 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 837 m_adj(m, LLC_SNAPFRAMELEN); 838 isr = NETISR_AARP; 839 break; 840 } 841 } 842#endif /* NETATALK / 843* goto discard; 844 } 845 netisr_dispatch(isr, m); 846 return; 847 848discard: 849 /* 850 * Packet is to be discarded. If netgraph is present, 851 * hand the packet to it for last chance processing; 852 * otherwise dispose of it. 853 / 854* if (IFP2AC(ifp)->ac_netgraph != NULL) { 855 KASSERT(ng_ether_input_orphan_p != NULL, 856 ("ng_ether_input_orphan_p is NULL")); 857 /* 858 * Put back the ethernet header so netgraph has a 859 * consistent view of inbound packets. 860 / 861* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 862 (ng_ether_input_orphan_p)(ifp, m); 863* return; 864 } 865 m_freem(m); 866} 867 868/* 869 * Convert Ethernet address to printable (loggable) representation. 870 * This routine is for compatibility; it's better to just use 871 * 872 * printf("%6D", <pointer to address>, ":"); 873 * 874 * since there's no static buffer involved. 875 / 876char 877ether_sprintf(const u_char ap) 878{ 879* static char etherbuf[18]; 880 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 881 return (etherbuf); 882} 883 884/* 885 * Perform common duties while attaching to interface list 886 / 887void 888ether_ifattach(struct ifnet ifp, const u_int8_t lla) 889{ 890* int i; 891 struct ifaddr ifa; 892* struct sockaddr_dl sdl; 893* 894 ifp->if_addrlen = ETHER_ADDR_LEN; 895 ifp->if_hdrlen = ETHER_HDR_LEN; 896 if_attach(ifp); 897 ifp->if_mtu = ETHERMTU; 898 ifp->if_output = ether_output; 899 ifp->if_input = ether_input; 900 ifp->if_resolvemulti = ether_resolvemulti; 901 if (ifp->if_baudrate == 0) 902 ifp->if_baudrate = IF_Mbps(10); /* just a default / 903* ifp->if_broadcastaddr = etherbroadcastaddr; 904 905 ifa = ifp->if_addr; 906 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 907 sdl = (struct sockaddr_dl )ifa->ifa_addr; 908* sdl->sdl_type = IFT_ETHER; 909 sdl->sdl_alen = ifp->if_addrlen; 910 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 911 912 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 913 if (ng_ether_attach_p != NULL) 914 (ng_ether_attach_p)(ifp); 915* 916 /* Announce Ethernet MAC address if non-zero. / 917* for (i = 0; i < ifp->if_addrlen; i++) 918 if (lla[i] != 0) 919 break; 920 if (i != ifp->if_addrlen) 921 if_printf(ifp, "Ethernet address: %6D\n", lla, ":"); 922} 923 924/* 925 * Perform common duties while detaching an Ethernet interface 926 / 927void 928ether_ifdetach(struct ifnet ifp) 929{ 930 if (IFP2AC(ifp)->ac_netgraph != NULL) { 931 KASSERT(ng_ether_detach_p != NULL, 932 ("ng_ether_detach_p is NULL")); 933 (ng_ether_detach_p)(ifp); 934* } 935 936 bpfdetach(ifp); 937 if_detach(ifp); 938} 939 940SYSCTL_DECL(_net_link); 941SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 942#if defined(INET) \|\| defined(INET6) 943SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 944 ether_ipfw, 0, "Pass ether pkts through firewall"); 945#endif 946 947#if 0 948/* 949 * This is for reference. We have a table-driven version 950 * of the little-endian crc32 generator, which is faster 951 * than the double-loop. 952 / 953uint32_t 954ether_crc32_le(const uint8_t buf, size_t len) 955{ 956 size_t i; 957 uint32_t crc; 958 int bit; 959 uint8_t data; 960 961 crc = 0xffffffff; /* initial value / 962* 963 for (i = 0; i < len; i++) { 964 for (data = buf++, bit = 0; bit < 8; bit++, data >>= 1) { 965* carry = (crc ^ data) & 1; 966 crc >>= 1; 967 if (carry) 968 crc = (crc ^ ETHER_CRC_POLY_LE); 969 } 970 } 971 972 return (crc); 973} 974#else 975uint32_t 976ether_crc32_le(const uint8_t buf, size_t len) 977{ 978* static const uint32_t crctab[] = { 979 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 980 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 981 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 982 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 983 }; 984 size_t i; 985 uint32_t crc; 986 987 crc = 0xffffffff; /* initial value / 988* 989 for (i = 0; i < len; i++) { 990 crc ^= buf[i]; 991 crc = (crc >> 4) ^ crctab[crc & 0xf]; 992 crc = (crc >> 4) ^ crctab[crc & 0xf]; 993 } 994 995 return (crc); 996} 997#endif 998 999uint32_t 1000ether_crc32_be(const uint8_t buf, size_t len) 1001{ 1002* size_t i; 1003 uint32_t crc, carry; 1004 int bit; 1005 uint8_t data; 1006 1007 crc = 0xffffffff; /* initial value / 1008* 1009 for (i = 0; i < len; i++) { 1010 for (data = buf++, bit = 0; bit < 8; bit++, data >>= 1) { 1011* carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 1012 crc <<= 1; 1013 if (carry) 1014 crc = (crc ^ ETHER_CRC_POLY_BE) \| carry; 1015 } 1016 } 1017 1018 return (crc); 1019} 1020 1021int 1022ether_ioctl(struct ifnet ifp, u_long command, caddr_t data) 1023{ 1024* struct ifaddr ifa = (struct ifaddr ) data; 1025 struct ifreq ifr = (struct ifreq ) data; 1026 int error = 0; 1027 1028 switch (command) { 1029 case SIOCSIFADDR: 1030 ifp->if_flags \|= IFF_UP; 1031 1032 switch (ifa->ifa_addr->sa_family) { 1033#ifdef INET 1034 case AF_INET: 1035 ifp->if_init(ifp->if_softc); /* before arpwhohas / 1036* arp_ifinit(ifp, ifa); 1037 break; 1038#endif 1039#ifdef IPX 1040 /* 1041 * XXX - This code is probably wrong 1042 / 1043* case AF_IPX: 1044 { 1045 struct ipx_addr ina = &(IA_SIPX(ifa)->sipx_addr); 1046* 1047 if (ipx_nullhost(ina)) 1048* ina->x_host = 1049 (union ipx_host ) 1050 IF_LLADDR(ifp); 1051 else { 1052 bcopy((caddr_t) ina->x_host.c_host, 1053 (caddr_t) IF_LLADDR(ifp), 1054 ETHER_ADDR_LEN); 1055 } 1056 1057 /* 1058 * Set new address 1059 / 1060* ifp->if_init(ifp->if_softc); 1061 break; 1062 } 1063#endif 1064 default: 1065 ifp->if_init(ifp->if_softc); 1066 break; 1067 } 1068 break; 1069 1070 case SIOCGIFADDR: 1071 { 1072 struct sockaddr sa; 1073* 1074 sa = (struct sockaddr ) & ifr->ifr_data; 1075* bcopy(IF_LLADDR(ifp), 1076 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1077 } 1078 break; 1079 1080 case SIOCSIFMTU: 1081 /* 1082 * Set the interface MTU. 1083 / 1084* if (ifr->ifr_mtu > ETHERMTU) { 1085 error = EINVAL; 1086 } else { 1087 ifp->if_mtu = ifr->ifr_mtu; 1088 } 1089 break; 1090 default: 1091 error = EINVAL; /* XXX netbsd has ENOTTY??? / 1092* break; 1093 } 1094 return (error); 1095} 1096 1097static int 1098ether_resolvemulti(struct ifnet ifp, struct sockaddr llsa, 1099* struct sockaddr sa) 1100{ 1101* struct sockaddr_dl sdl; 1102#ifdef INET 1103* struct sockaddr_in sin; 1104#endif 1105#ifdef INET6 1106* struct sockaddr_in6 sin6; 1107#endif 1108* u_char e_addr; 1109* 1110 switch(sa->sa_family) { 1111 case AF_LINK: 1112 /* 1113 * No mapping needed. Just check that it's a valid MC address. 1114 / 1115* sdl = (struct sockaddr_dl )sa; 1116* e_addr = LLADDR(sdl); 1117 if (!ETHER_IS_MULTICAST(e_addr)) 1118 return EADDRNOTAVAIL; 1119 llsa = 0; 1120* return 0; 1121 1122#ifdef INET 1123 case AF_INET: 1124 sin = (struct sockaddr_in )sa; 1125* if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1126 return EADDRNOTAVAIL; 1127 sdl = malloc(sizeof sdl, M_IFMADDR, 1128* M_NOWAIT\|M_ZERO); 1129 if (sdl == NULL) 1130 return ENOMEM; 1131 sdl->sdl_len = sizeof sdl; 1132* sdl->sdl_family = AF_LINK; 1133 sdl->sdl_index = ifp->if_index; 1134 sdl->sdl_type = IFT_ETHER; 1135 sdl->sdl_alen = ETHER_ADDR_LEN; 1136 e_addr = LLADDR(sdl); 1137 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1138 llsa = (struct sockaddr )sdl; 1139 return 0; 1140#endif 1141#ifdef INET6 1142 case AF_INET6: 1143 sin6 = (struct sockaddr_in6 )sa; 1144* if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1145 /* 1146 * An IP6 address of 0 means listen to all 1147 * of the Ethernet multicast address used for IP6. 1148 * (This is used for multicast routers.) 1149 / 1150* ifp->if_flags \|= IFF_ALLMULTI; 1151 llsa = 0; 1152* return 0; 1153 } 1154 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1155 return EADDRNOTAVAIL; 1156 sdl = malloc(sizeof sdl, M_IFMADDR, 1157* M_NOWAIT\|M_ZERO); 1158 if (sdl == NULL) 1159 return (ENOMEM); 1160 sdl->sdl_len = sizeof sdl; 1161* sdl->sdl_family = AF_LINK; 1162 sdl->sdl_index = ifp->if_index; 1163 sdl->sdl_type = IFT_ETHER; 1164 sdl->sdl_alen = ETHER_ADDR_LEN; 1165 e_addr = LLADDR(sdl); 1166 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1167 llsa = (struct sockaddr )sdl; 1168 return 0; 1169#endif 1170 1171 default: 1172 /* 1173 * Well, the text isn't quite right, but it's the name 1174 * that counts... 1175 / 1176* return EAFNOSUPPORT; 1177 } 1178} 1179 1180static void* 1181ether_alloc(u_char type, struct ifnet ifp) 1182{ 1183* struct arpcom ac; 1184* 1185 ac = malloc(sizeof(struct arpcom), M_ARPCOM, M_WAITOK \| M_ZERO); 1186 ac->ac_ifp = ifp; 1187 1188 return (ac); 1189} 1190 1191static void 1192ether_free(void com, u_char type) 1193{ 1194* 1195 free(com, M_ARPCOM); 1196} 1197 1198static int 1199ether_modevent(module_t mod, int type, void data) 1200{ 1201* 1202 switch (type) { 1203 case MOD_LOAD: 1204 if_register_com_alloc(IFT_ETHER, ether_alloc, ether_free); 1205 break; 1206 case MOD_UNLOAD: 1207 if_deregister_com_alloc(IFT_ETHER); 1208 break; 1209 default: 1210 return EOPNOTSUPP; 1211 } 1212 1213 return (0); 1214} 1215 1216static moduledata_t ether_mod = { 1217 "ether", 1218 ether_modevent, 1219 0 1220}; 1221 1222void 1223ether_vlan_mtap(struct bpf_if bp, struct mbuf m, void data, u_int dlen) 1224{ 1225* struct ether_vlan_header vlan; 1226 struct mbuf mv, mb; 1227 1228 KASSERT((m->m_flags & M_VLANTAG) != 0, 1229 ("%s: vlan information not present", __func__)); 1230 KASSERT(m->m_len >= sizeof(struct ether_header), 1231 ("%s: mbuf not large enough for header", __func__)); 1232 bcopy(mtod(m, char ), &vlan, sizeof(struct ether_header)); 1233* vlan.evl_proto = vlan.evl_encap_proto; 1234 vlan.evl_encap_proto = htons(ETHERTYPE_VLAN); 1235 vlan.evl_tag = htons(m->m_pkthdr.ether_vtag); 1236 m->m_len -= sizeof(struct ether_header); 1237 m->m_data += sizeof(struct ether_header); 1238 /* 1239 * If a data link has been supplied by the caller, then we will need to 1240 * re-create a stack allocated mbuf chain with the following structure: 1241 * 1242 * (1) mbuf #1 will contain the supplied data link 1243 * (2) mbuf #2 will contain the vlan header 1244 * (3) mbuf #3 will contain the original mbuf's packet data 1245 * 1246 * Otherwise, submit the packet and vlan header via bpf_mtap2(). 1247 / 1248* if (data != NULL) { 1249 mv.m_next = m; 1250 mv.m_data = (caddr_t)&vlan; 1251 mv.m_len = sizeof(vlan); 1252 mb.m_next = &mv; 1253 mb.m_data = data; 1254 mb.m_len = dlen; 1255 bpf_mtap(bp, &mb); 1256 } else 1257 bpf_mtap2(bp, &vlan, sizeof(vlan), m); 1258 m->m_len += sizeof(struct ether_header); 1259 m->m_data -= sizeof(struct ether_header); 1260} 1261 1262struct mbuf * 1263ether_vlanencap(struct mbuf m, uint16_t tag) 1264{ 1265* struct ether_vlan_header evl; 1266* 1267 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_DONTWAIT); 1268 if (m == NULL) 1269 return (NULL); 1270 /* M_PREPEND takes care of m_len, m_pkthdr.len for us / 1271* 1272 if (m->m_len < sizeof(evl)) { 1273* m = m_pullup(m, sizeof(evl)); 1274* if (m == NULL) 1275 return (NULL); 1276 } 1277 1278 /* 1279 * Transform the Ethernet header into an Ethernet header 1280 * with 802.1Q encapsulation. 1281 / 1282* evl = mtod(m, struct ether_vlan_header ); 1283* bcopy((char )evl + ETHER_VLAN_ENCAP_LEN, 1284* (char )evl, ETHER_HDR_LEN - ETHER_TYPE_LEN); 1285* evl->evl_encap_proto = htons(ETHERTYPE_VLAN); 1286 evl->evl_tag = htons(tag); 1287 return (m); 1288} 1289 1290DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY); 1291MODULE_VERSION(ether, 1);	67 68#if defined(INET) \|\| defined(INET6) 69#include <netinet/in.h> 70#include <netinet/in_var.h> 71#include <netinet/if_ether.h> 72#include <netinet/ip_fw.h> 73#include <netinet/ip_dummynet.h> 74#endif 75#ifdef INET6 76#include <netinet6/nd6.h> 77#endif 78 79#ifdef DEV_CARP 80#include <netinet/ip_carp.h> 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87int (ef_inputp)(struct ifnet, struct ether_header eh, struct mbuf m); 88int (ef_outputp)(struct ifnet ifp, struct mbuf *mp, 89 struct sockaddr dst, short tp, int hlen); 90 91#ifdef NETATALK 92#include <netatalk/at.h> 93#include <netatalk/at_var.h> 94#include <netatalk/at_extern.h> 95 96#define llc_snap_org_code llc_un.type_snap.org_code 97#define llc_snap_ether_type llc_un.type_snap.ether_type 98 99extern u_char at_org_code[3]; 100extern u_char aarp_org_code[3]; 101#endif /* NETATALK / 102* 103#include <security/mac/mac_framework.h> 104 105#ifdef CTASSERT 106CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2); 107CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN); 108#endif 109 110/* netgraph node hooks for ng_ether(4) / 111void (ng_ether_input_p)(struct ifnet ifp, struct mbuf mp); 112void (ng_ether_input_orphan_p)(struct ifnet ifp, struct mbuf m); 113int (ng_ether_output_p)(struct ifnet ifp, struct mbuf *mp); 114void (ng_ether_attach_p)(struct ifnet ifp); 115void (ng_ether_detach_p)(struct ifnet ifp); 116* 117void (vlan_input_p)(struct ifnet , struct mbuf ); 118* 119/* if_bridge(4) support / 120struct mbuf (bridge_input_p)(struct ifnet , struct mbuf ); 121int (bridge_output_p)(struct ifnet , struct mbuf , 122 struct sockaddr , struct rtentry ); 123void (bridge_dn_p)(struct mbuf , struct ifnet ); 124* 125/* if_lagg(4) support / 126struct mbuf (lagg_input_p)(struct ifnet , struct mbuf ); 127* 128static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 129 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 130 131static int ether_resolvemulti(struct ifnet , struct sockaddr , 132* struct sockaddr ); 133* 134/* XXX: should be in an arp support file, not here / 135MALLOC_DEFINE(M_ARPCOM, "arpcom", "802. interface internals"); 136 137#define ETHER_IS_BROADCAST(addr) \ 138 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 139 140#define senderr(e) do { error = (e); goto bad;} while (0) 141 142#if defined(INET) \|\| defined(INET6) 143int 144ether_ipfw_chk(struct mbuf *m0, struct ifnet dst, 145 struct ip_fw *rule, int shared); 146#ifdef VIMAGE_GLOBALS 147static int ether_ipfw; 148#endif 149#endif 150* 151/* 152 * Ethernet output routine. 153 * Encapsulate a packet of type family for the local net. 154 * Use trailer local net encapsulation if enough data in first 155 * packet leaves a multiple of 512 bytes of data in remainder. 156 / 157int 158ether_output(struct ifnet ifp, struct mbuf m, 159* struct sockaddr dst, struct rtentry rt0) 160{ 161 short type; 162 int error, hdrcmplt = 0; 163 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 164 struct ether_header eh; 165* struct pf_mtag t; 166* int loop_copy = 1; 167 int hlen; /* link layer header length / 168* 169#ifdef MAC 170 error = mac_ifnet_check_transmit(ifp, m); 171 if (error) 172 senderr(error); 173#endif 174 175 M_PROFILE(m); 176 if (ifp->if_flags & IFF_MONITOR) 177 senderr(ENETDOWN); 178 if (!((ifp->if_flags & IFF_UP) && 179 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 180 senderr(ENETDOWN); 181 182 hlen = ETHER_HDR_LEN; 183 switch (dst->sa_family) { 184#ifdef INET 185 case AF_INET: 186 error = arpresolve(ifp, rt0, m, dst, edst); 187 if (error) 188 return (error == EWOULDBLOCK ? 0 : error); 189 type = htons(ETHERTYPE_IP); 190 break; 191 case AF_ARP: 192 { 193 struct arphdr ah; 194* ah = mtod(m, struct arphdr ); 195* ah->ar_hrd = htons(ARPHRD_ETHER); 196 197 loop_copy = 0; /* if this is for us, don't do it / 198* 199 switch(ntohs(ah->ar_op)) { 200 case ARPOP_REVREQUEST: 201 case ARPOP_REVREPLY: 202 type = htons(ETHERTYPE_REVARP); 203 break; 204 case ARPOP_REQUEST: 205 case ARPOP_REPLY: 206 default: 207 type = htons(ETHERTYPE_ARP); 208 break; 209 } 210 211 if (m->m_flags & M_BCAST) 212 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 213 else 214 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 215 216 } 217 break; 218#endif 219#ifdef INET6 220 case AF_INET6: 221 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char )edst); 222* if (error) 223 return error; 224 type = htons(ETHERTYPE_IPV6); 225 break; 226#endif 227#ifdef IPX 228 case AF_IPX: 229 if (ef_outputp) { 230 error = ef_outputp(ifp, &m, dst, &type, &hlen); 231 if (error) 232 goto bad; 233 } else 234 type = htons(ETHERTYPE_IPX); 235 bcopy((caddr_t)&(((struct sockaddr_ipx )dst)->sipx_addr.x_host), 236* (caddr_t)edst, sizeof (edst)); 237 break; 238#endif 239#ifdef NETATALK 240 case AF_APPLETALK: 241 { 242 struct at_ifaddr aa; 243* 244 if ((aa = at_ifawithnet((struct sockaddr_at )dst)) == NULL) 245* senderr(EHOSTUNREACH); /* XXX / 246* if (!aarpresolve(ifp, m, (struct sockaddr_at )dst, edst)) 247* return (0); 248 /* 249 * In the phase 2 case, need to prepend an mbuf for the llc header. 250 / 251* if ( aa->aa_flags & AFA_PHASE2 ) { 252 struct llc llc; 253 254 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 255 if (m == NULL) 256 senderr(ENOBUFS); 257 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 258 llc.llc_control = LLC_UI; 259 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 260 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 261 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 262 type = htons(m->m_pkthdr.len); 263 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 264 } else { 265 type = htons(ETHERTYPE_AT); 266 } 267 break; 268 } 269#endif /* NETATALK / 270* 271 case pseudo_AF_HDRCMPLT: 272 hdrcmplt = 1; 273 eh = (struct ether_header )dst->sa_data; 274* (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 275 /* FALLTHROUGH / 276* 277 case AF_UNSPEC: 278 loop_copy = 0; /* if this is for us, don't do it / 279* eh = (struct ether_header )dst->sa_data; 280* (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 281 type = eh->ether_type; 282 break; 283 284 default: 285 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 286 senderr(EAFNOSUPPORT); 287 } 288 289 /* 290 * Add local net header. If no space in first mbuf, 291 * allocate another. 292 / 293* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 294 if (m == NULL) 295 senderr(ENOBUFS); 296 eh = mtod(m, struct ether_header ); 297* (void)memcpy(&eh->ether_type, &type, 298 sizeof(eh->ether_type)); 299 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 300 if (hdrcmplt) 301 (void)memcpy(eh->ether_shost, esrc, 302 sizeof(eh->ether_shost)); 303 else 304 (void)memcpy(eh->ether_shost, IF_LLADDR(ifp), 305 sizeof(eh->ether_shost)); 306 307 /* 308 * If a simplex interface, and the packet is being sent to our 309 * Ethernet address or a broadcast address, loopback a copy. 310 * XXX To make a simplex device behave exactly like a duplex 311 * device, we should copy in the case of sending to our own 312 * ethernet address (thus letting the original actually appear 313 * on the wire). However, we don't do that here for security 314 * reasons and compatibility with the original behavior. 315 / 316* if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy && 317 ((t = pf_find_mtag(m)) == NULL \|\| !t->routed)) { 318 int csum_flags = 0; 319 320 if (m->m_pkthdr.csum_flags & CSUM_IP) 321 csum_flags \|= (CSUM_IP_CHECKED\|CSUM_IP_VALID); 322 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 323 csum_flags \|= (CSUM_DATA_VALID\|CSUM_PSEUDO_HDR); 324 325 if (m->m_flags & M_BCAST) { 326 struct mbuf n; 327* 328 /* 329 * Because if_simloop() modifies the packet, we need a 330 * writable copy through m_dup() instead of a readonly 331 * one as m_copy[m] would give us. The alternative would 332 * be to modify if_simloop() to handle the readonly mbuf, 333 * but performancewise it is mostly equivalent (trading 334 * extra data copying vs. extra locking). 335 * 336 * XXX This is a local workaround. A number of less 337 * often used kernel parts suffer from the same bug. 338 * See PR kern/105943 for a proposed general solution. 339 / 340* if ((n = m_dup(m, M_DONTWAIT)) != NULL) { 341 n->m_pkthdr.csum_flags \|= csum_flags; 342 if (csum_flags & CSUM_DATA_VALID) 343 n->m_pkthdr.csum_data = 0xffff; 344 (void)if_simloop(ifp, n, dst->sa_family, hlen); 345 } else 346 ifp->if_iqdrops++; 347 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 348 ETHER_ADDR_LEN) == 0) { 349 m->m_pkthdr.csum_flags \|= csum_flags; 350 if (csum_flags & CSUM_DATA_VALID) 351 m->m_pkthdr.csum_data = 0xffff; 352 (void) if_simloop(ifp, m, dst->sa_family, hlen); 353 return (0); /* XXX / 354* } 355 } 356 357 /* 358 * Bridges require special output handling. 359 / 360* if (ifp->if_bridge) { 361 BRIDGE_OUTPUT(ifp, m, error); 362 return (error); 363 } 364 365#ifdef DEV_CARP 366 if (ifp->if_carp && 367 (error = carp_output(ifp, m, dst, NULL))) 368 goto bad; 369#endif 370 371 /* Handle ng_ether(4) processing, if any / 372* if (IFP2AC(ifp)->ac_netgraph != NULL) { 373 KASSERT(ng_ether_output_p != NULL, 374 ("ng_ether_output_p is NULL")); 375 if ((error = (ng_ether_output_p)(ifp, &m)) != 0) { 376bad: if (m != NULL) 377* m_freem(m); 378 return (error); 379 } 380 if (m == NULL) 381 return (0); 382 } 383 384 /* Continue with link-layer output / 385* return ether_output_frame(ifp, m); 386} 387 388/* 389 * Ethernet link layer output routine to send a raw frame to the device. 390 * 391 * This assumes that the 14 byte Ethernet header is present and contiguous 392 * in the first mbuf (if BRIDGE'ing). 393 / 394int 395ether_output_frame(struct ifnet ifp, struct mbuf m) 396{ 397#if defined(INET) \|\| defined(INET6) 398* INIT_VNET_NET(ifp->if_vnet); 399 struct ip_fw rule = ip_dn_claim_rule(m); 400* 401 if (IPFW_LOADED && V_ether_ipfw != 0) { 402 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 403 if (m) { 404 m_freem(m); 405 return EACCES; /* pkt dropped / 406* } else 407 return 0; /* consumed e.g. in a pipe / 408* } 409 } 410#endif 411 412 /* 413 * Queue message on interface, update output statistics if 414 * successful, and start output if interface not yet active. 415 / 416* return ((ifp->if_transmit)(ifp, m)); 417} 418 419#if defined(INET) \|\| defined(INET6) 420/* 421 * ipfw processing for ethernet packets (in and out). 422 * The second parameter is NULL from ether_demux, and ifp from 423 * ether_output_frame. 424 / 425int 426ether_ipfw_chk(struct mbuf m0, struct ifnet dst, 427 struct ip_fw *rule, int shared) 428{ 429* INIT_VNET_IPFW(dst->if_vnet); 430 struct ether_header eh; 431* struct ether_header save_eh; 432 struct mbuf m; 433* int i; 434 struct ip_fw_args args; 435 436 if (rule != NULL && V_fw_one_pass) 437* return 1; /* dummynet packet, already partially processed / 438* 439 /* 440 * I need some amt of data to be contiguous, and in case others need 441 * the packet (shared==1) also better be in the first mbuf. 442 / 443* m = m0; 444* i = min( m->m_pkthdr.len, max_protohdr); 445 if ( shared \|\| m->m_len < i) { 446 m = m_pullup(m, i); 447 if (m == NULL) { 448 m0 = m; 449* return 0; 450 } 451 } 452 eh = mtod(m, struct ether_header ); 453* save_eh = eh; / save copy for restore below / 454* m_adj(m, ETHER_HDR_LEN); /* strip ethernet header / 455* 456 args.m = m; /* the packet we are looking at / 457* args.oif = dst; /* destination, if any / 458* args.rule = rule; / matching rule to restart / 459* args.next_hop = NULL; /* we do not support forward yet / 460* args.eh = &save_eh; /* MAC header for bridged/MAC packets / 461* args.inp = NULL; /* used by ipfw uid/gid/jail rules / 462* i = ip_fw_chk_ptr(&args); 463 m = args.m; 464 if (m != NULL) { 465 /* 466 * Restore Ethernet header, as needed, in case the 467 * mbuf chain was replaced by ipfw. 468 / 469* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 470 if (m == NULL) { 471 m0 = m; 472* return 0; 473 } 474 if (eh != mtod(m, struct ether_header )) 475* bcopy(&save_eh, mtod(m, struct ether_header ), 476* ETHER_HDR_LEN); 477 } 478 m0 = m; 479* rule = args.rule; 480* 481 if (i == IP_FW_DENY) /* drop / 482* return 0; 483 484 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL")); 485 486 if (i == IP_FW_PASS) /* a PASS rule. / 487* return 1; 488 489 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 490 /* 491 * Pass the pkt to dummynet, which consumes it. 492 * If shared, make a copy and keep the original. 493 / 494* if (shared) { 495 m = m_copypacket(m, M_DONTWAIT); 496 if (m == NULL) 497 return 0; 498 } else { 499 /* 500 * Pass the original to dummynet and 501 * nothing back to the caller 502 / 503* m0 = NULL ; 504* } 505 ip_dn_io_ptr(&m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 506 return 0; 507 } 508 /* 509 * XXX at some point add support for divert/forward actions. 510 * If none of the above matches, we have to drop the pkt. 511 / 512* return 0; 513} 514#endif 515 516/* 517 * Process a received Ethernet packet; the packet is in the 518 * mbuf chain m with the ethernet header at the front. 519 / 520static void 521ether_input(struct ifnet ifp, struct mbuf m) 522{ 523* struct ether_header eh; 524* u_short etype; 525 526 if ((ifp->if_flags & IFF_UP) == 0) { 527 m_freem(m); 528 return; 529 } 530#ifdef DIAGNOSTIC 531 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 532 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n"); 533 m_freem(m); 534 return; 535 } 536#endif 537 /* 538 * Do consistency checks to verify assumptions 539 * made by code past this point. 540 / 541* if ((m->m_flags & M_PKTHDR) == 0) { 542 if_printf(ifp, "discard frame w/o packet header\n"); 543 ifp->if_ierrors++; 544 m_freem(m); 545 return; 546 } 547 if (m->m_len < ETHER_HDR_LEN) { 548 /* XXX maybe should pullup? / 549* if_printf(ifp, "discard frame w/o leading ethernet " 550 "header (len %u pkt len %u)\n", 551 m->m_len, m->m_pkthdr.len); 552 ifp->if_ierrors++; 553 m_freem(m); 554 return; 555 } 556 eh = mtod(m, struct ether_header ); 557* etype = ntohs(eh->ether_type); 558 if (m->m_pkthdr.rcvif == NULL) { 559 if_printf(ifp, "discard frame w/o interface pointer\n"); 560 ifp->if_ierrors++; 561 m_freem(m); 562 return; 563 } 564#ifdef DIAGNOSTIC 565 if (m->m_pkthdr.rcvif != ifp) { 566 if_printf(ifp, "Warning, frame marked as received on %s\n", 567 m->m_pkthdr.rcvif->if_xname); 568 } 569#endif 570 571 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 572 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 573 m->m_flags \|= M_BCAST; 574 else 575 m->m_flags \|= M_MCAST; 576 ifp->if_imcasts++; 577 } 578 579#ifdef MAC 580 /* 581 * Tag the mbuf with an appropriate MAC label before any other 582 * consumers can get to it. 583 / 584* mac_ifnet_create_mbuf(ifp, m); 585#endif 586 587 /* 588 * Give bpf a chance at the packet. 589 / 590* ETHER_BPF_MTAP(ifp, m); 591 592 /* 593 * If the CRC is still on the packet, trim it off. We do this once 594 * and once only in case we are re-entered. Nothing else on the 595 * Ethernet receive path expects to see the FCS. 596 / 597* if (m->m_flags & M_HASFCS) { 598 m_adj(m, -ETHER_CRC_LEN); 599 m->m_flags &= ~M_HASFCS; 600 } 601 602 ifp->if_ibytes += m->m_pkthdr.len; 603 604 /* Allow monitor mode to claim this frame, after stats are updated. / 605* if (ifp->if_flags & IFF_MONITOR) { 606 m_freem(m); 607 return; 608 } 609 610 /* Handle input from a lagg(4) port / 611* if (ifp->if_type == IFT_IEEE8023ADLAG) { 612 KASSERT(lagg_input_p != NULL, 613 ("%s: if_lagg not loaded!", __func__)); 614 m = (lagg_input_p)(ifp, m); 615* if (m != NULL) 616 ifp = m->m_pkthdr.rcvif; 617 else 618 return; 619 } 620 621 /* 622 * If the hardware did not process an 802.1Q tag, do this now, 623 * to allow 802.1P priority frames to be passed to the main input 624 * path correctly. 625 * TODO: Deal with Q-in-Q frames, but not arbitrary nesting levels. 626 / 627* if ((m->m_flags & M_VLANTAG) == 0 && etype == ETHERTYPE_VLAN) { 628 struct ether_vlan_header evl; 629* 630 if (m->m_len < sizeof(evl) && 631* (m = m_pullup(m, sizeof(evl))) == NULL) { 632#ifdef DIAGNOSTIC 633* if_printf(ifp, "cannot pullup VLAN header\n"); 634#endif 635 ifp->if_ierrors++; 636 m_freem(m); 637 return; 638 } 639 640 evl = mtod(m, struct ether_vlan_header ); 641* m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag); 642 m->m_flags \|= M_VLANTAG; 643 644 bcopy((char )evl, (char )evl + ETHER_VLAN_ENCAP_LEN, 645 ETHER_HDR_LEN - ETHER_TYPE_LEN); 646 m_adj(m, ETHER_VLAN_ENCAP_LEN); 647 } 648 649 /* Allow ng_ether(4) to claim this frame. / 650* if (IFP2AC(ifp)->ac_netgraph != NULL) { 651 KASSERT(ng_ether_input_p != NULL, 652 ("%s: ng_ether_input_p is NULL", __func__)); 653 m->m_flags &= ~M_PROMISC; 654 (ng_ether_input_p)(ifp, &m); 655* if (m == NULL) 656 return; 657 } 658 659 /* 660 * Allow if_bridge(4) to claim this frame. 661 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it 662 * and the frame should be delivered locally. 663 / 664* if (ifp->if_bridge != NULL) { 665 m->m_flags &= ~M_PROMISC; 666 BRIDGE_INPUT(ifp, m); 667 if (m == NULL) 668 return; 669 } 670 671#ifdef DEV_CARP 672 /* 673 * Clear M_PROMISC on frame so that carp(4) will see it when the 674 * mbuf flows up to Layer 3. 675 * FreeBSD's implementation of carp(4) uses the inprotosw 676 * to dispatch IPPROTO_CARP. carp(4) also allocates its own 677 * Ethernet addresses of the form 00:00:5e:00:01:xx, which 678 * is outside the scope of the M_PROMISC test below. 679 * TODO: Maintain a hash table of ethernet addresses other than 680 * ether_dhost which may be active on this ifp. 681 / 682* if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) { 683 m->m_flags &= ~M_PROMISC; 684 } else 685#endif 686 { 687 /* 688 * If the frame received was not for our MAC address, set the 689 * M_PROMISC flag on the mbuf chain. The frame may need to 690 * be seen by the rest of the Ethernet input path in case of 691 * re-entry (e.g. bridge, vlan, netgraph) but should not be 692 * seen by upper protocol layers. 693 / 694* if (!ETHER_IS_MULTICAST(eh->ether_dhost) && 695 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0) 696 m->m_flags \|= M_PROMISC; 697 } 698 699 /* First chunk of an mbuf contains good entropy / 700* if (harvest.ethernet) 701 random_harvest(m, 16, 3, 0, RANDOM_NET); 702 703 ether_demux(ifp, m); 704} 705 706/* 707 * Upper layer processing for a received Ethernet packet. 708 / 709void 710ether_demux(struct ifnet ifp, struct mbuf m) 711{ 712* struct ether_header eh; 713* int isr; 714 u_short ether_type; 715#if defined(NETATALK) 716 struct llc l; 717#endif 718* 719 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); 720 721#if defined(INET) \|\| defined(INET6) 722 INIT_VNET_NET(ifp->if_vnet); 723 /* 724 * Allow dummynet and/or ipfw to claim the frame. 725 * Do not do this for PROMISC frames in case we are re-entered. 726 / 727* if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { 728 struct ip_fw rule = ip_dn_claim_rule(m); 729* 730 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 731 if (m) 732 m_freem(m); /* dropped; free mbuf chain / 733* return; /* consumed / 734* } 735 } 736#endif 737 eh = mtod(m, struct ether_header ); 738* ether_type = ntohs(eh->ether_type); 739 740 /* 741 * If this frame has a VLAN tag other than 0, call vlan_input() 742 * if its module is loaded. Otherwise, drop. 743 / 744* if ((m->m_flags & M_VLANTAG) && 745 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) { 746 if (ifp->if_vlantrunk == NULL) { 747 ifp->if_noproto++; 748 m_freem(m); 749 return; 750 } 751 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!", 752 __func__)); 753 /* Clear before possibly re-entering ether_input(). / 754* m->m_flags &= ~M_PROMISC; 755 (vlan_input_p)(ifp, m); 756* return; 757 } 758 759 /* 760 * Pass promiscuously received frames to the upper layer if the user 761 * requested this by setting IFF_PPROMISC. Otherwise, drop them. 762 / 763* if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) { 764 m_freem(m); 765 return; 766 } 767 768 /* 769 * Reset layer specific mbuf flags to avoid confusing upper layers. 770 * Strip off Ethernet header. 771 / 772* m->m_flags &= ~M_VLANTAG; 773 m->m_flags &= ~(M_PROTOFLAGS); 774 m_adj(m, ETHER_HDR_LEN); 775 776 /* 777 * Dispatch frame to upper layer. 778 / 779* switch (ether_type) { 780#ifdef INET 781 case ETHERTYPE_IP: 782 if ((m = ip_fastforward(m)) == NULL) 783 return; 784 isr = NETISR_IP; 785 break; 786 787 case ETHERTYPE_ARP: 788 if (ifp->if_flags & IFF_NOARP) { 789 /* Discard packet if ARP is disabled on interface / 790* m_freem(m); 791 return; 792 } 793 isr = NETISR_ARP; 794 break; 795#endif 796#ifdef IPX 797 case ETHERTYPE_IPX: 798 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 799 return; 800 isr = NETISR_IPX; 801 break; 802#endif 803#ifdef INET6 804 case ETHERTYPE_IPV6: 805 isr = NETISR_IPV6; 806 break; 807#endif 808#ifdef NETATALK 809 case ETHERTYPE_AT: 810 isr = NETISR_ATALK1; 811 break; 812 case ETHERTYPE_AARP: 813 isr = NETISR_AARP; 814 break; 815#endif /* NETATALK / 816* default: 817#ifdef IPX 818 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 819 return; 820#endif /* IPX / 821#if defined(NETATALK) 822* if (ether_type > ETHERMTU) 823 goto discard; 824 l = mtod(m, struct llc ); 825* if (l->llc_dsap == LLC_SNAP_LSAP && 826 l->llc_ssap == LLC_SNAP_LSAP && 827 l->llc_control == LLC_UI) { 828 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 829 sizeof(at_org_code)) == 0 && 830 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 831 m_adj(m, LLC_SNAPFRAMELEN); 832 isr = NETISR_ATALK2; 833 break; 834 } 835 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 836 sizeof(aarp_org_code)) == 0 && 837 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 838 m_adj(m, LLC_SNAPFRAMELEN); 839 isr = NETISR_AARP; 840 break; 841 } 842 } 843#endif /* NETATALK / 844* goto discard; 845 } 846 netisr_dispatch(isr, m); 847 return; 848 849discard: 850 /* 851 * Packet is to be discarded. If netgraph is present, 852 * hand the packet to it for last chance processing; 853 * otherwise dispose of it. 854 / 855* if (IFP2AC(ifp)->ac_netgraph != NULL) { 856 KASSERT(ng_ether_input_orphan_p != NULL, 857 ("ng_ether_input_orphan_p is NULL")); 858 /* 859 * Put back the ethernet header so netgraph has a 860 * consistent view of inbound packets. 861 / 862* M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 863 (ng_ether_input_orphan_p)(ifp, m); 864* return; 865 } 866 m_freem(m); 867} 868 869/* 870 * Convert Ethernet address to printable (loggable) representation. 871 * This routine is for compatibility; it's better to just use 872 * 873 * printf("%6D", <pointer to address>, ":"); 874 * 875 * since there's no static buffer involved. 876 / 877char 878ether_sprintf(const u_char ap) 879{ 880* static char etherbuf[18]; 881 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 882 return (etherbuf); 883} 884 885/* 886 * Perform common duties while attaching to interface list 887 / 888void 889ether_ifattach(struct ifnet ifp, const u_int8_t lla) 890{ 891* int i; 892 struct ifaddr ifa; 893* struct sockaddr_dl sdl; 894* 895 ifp->if_addrlen = ETHER_ADDR_LEN; 896 ifp->if_hdrlen = ETHER_HDR_LEN; 897 if_attach(ifp); 898 ifp->if_mtu = ETHERMTU; 899 ifp->if_output = ether_output; 900 ifp->if_input = ether_input; 901 ifp->if_resolvemulti = ether_resolvemulti; 902 if (ifp->if_baudrate == 0) 903 ifp->if_baudrate = IF_Mbps(10); /* just a default / 904* ifp->if_broadcastaddr = etherbroadcastaddr; 905 906 ifa = ifp->if_addr; 907 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 908 sdl = (struct sockaddr_dl )ifa->ifa_addr; 909* sdl->sdl_type = IFT_ETHER; 910 sdl->sdl_alen = ifp->if_addrlen; 911 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 912 913 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 914 if (ng_ether_attach_p != NULL) 915 (ng_ether_attach_p)(ifp); 916* 917 /* Announce Ethernet MAC address if non-zero. / 918* for (i = 0; i < ifp->if_addrlen; i++) 919 if (lla[i] != 0) 920 break; 921 if (i != ifp->if_addrlen) 922 if_printf(ifp, "Ethernet address: %6D\n", lla, ":"); 923} 924 925/* 926 * Perform common duties while detaching an Ethernet interface 927 / 928void 929ether_ifdetach(struct ifnet ifp) 930{ 931 if (IFP2AC(ifp)->ac_netgraph != NULL) { 932 KASSERT(ng_ether_detach_p != NULL, 933 ("ng_ether_detach_p is NULL")); 934 (ng_ether_detach_p)(ifp); 935* } 936 937 bpfdetach(ifp); 938 if_detach(ifp); 939} 940 941SYSCTL_DECL(_net_link); 942SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 943#if defined(INET) \|\| defined(INET6) 944SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 945 ether_ipfw, 0, "Pass ether pkts through firewall"); 946#endif 947 948#if 0 949/* 950 * This is for reference. We have a table-driven version 951 * of the little-endian crc32 generator, which is faster 952 * than the double-loop. 953 / 954uint32_t 955ether_crc32_le(const uint8_t buf, size_t len) 956{ 957 size_t i; 958 uint32_t crc; 959 int bit; 960 uint8_t data; 961 962 crc = 0xffffffff; /* initial value / 963* 964 for (i = 0; i < len; i++) { 965 for (data = buf++, bit = 0; bit < 8; bit++, data >>= 1) { 966* carry = (crc ^ data) & 1; 967 crc >>= 1; 968 if (carry) 969 crc = (crc ^ ETHER_CRC_POLY_LE); 970 } 971 } 972 973 return (crc); 974} 975#else 976uint32_t 977ether_crc32_le(const uint8_t buf, size_t len) 978{ 979* static const uint32_t crctab[] = { 980 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 981 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 982 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 983 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 984 }; 985 size_t i; 986 uint32_t crc; 987 988 crc = 0xffffffff; /* initial value / 989* 990 for (i = 0; i < len; i++) { 991 crc ^= buf[i]; 992 crc = (crc >> 4) ^ crctab[crc & 0xf]; 993 crc = (crc >> 4) ^ crctab[crc & 0xf]; 994 } 995 996 return (crc); 997} 998#endif 999 1000uint32_t 1001ether_crc32_be(const uint8_t buf, size_t len) 1002{ 1003* size_t i; 1004 uint32_t crc, carry; 1005 int bit; 1006 uint8_t data; 1007 1008 crc = 0xffffffff; /* initial value / 1009* 1010 for (i = 0; i < len; i++) { 1011 for (data = buf++, bit = 0; bit < 8; bit++, data >>= 1) { 1012* carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 1013 crc <<= 1; 1014 if (carry) 1015 crc = (crc ^ ETHER_CRC_POLY_BE) \| carry; 1016 } 1017 } 1018 1019 return (crc); 1020} 1021 1022int 1023ether_ioctl(struct ifnet ifp, u_long command, caddr_t data) 1024{ 1025* struct ifaddr ifa = (struct ifaddr ) data; 1026 struct ifreq ifr = (struct ifreq ) data; 1027 int error = 0; 1028 1029 switch (command) { 1030 case SIOCSIFADDR: 1031 ifp->if_flags \|= IFF_UP; 1032 1033 switch (ifa->ifa_addr->sa_family) { 1034#ifdef INET 1035 case AF_INET: 1036 ifp->if_init(ifp->if_softc); /* before arpwhohas / 1037* arp_ifinit(ifp, ifa); 1038 break; 1039#endif 1040#ifdef IPX 1041 /* 1042 * XXX - This code is probably wrong 1043 / 1044* case AF_IPX: 1045 { 1046 struct ipx_addr ina = &(IA_SIPX(ifa)->sipx_addr); 1047* 1048 if (ipx_nullhost(ina)) 1049* ina->x_host = 1050 (union ipx_host ) 1051 IF_LLADDR(ifp); 1052 else { 1053 bcopy((caddr_t) ina->x_host.c_host, 1054 (caddr_t) IF_LLADDR(ifp), 1055 ETHER_ADDR_LEN); 1056 } 1057 1058 /* 1059 * Set new address 1060 / 1061* ifp->if_init(ifp->if_softc); 1062 break; 1063 } 1064#endif 1065 default: 1066 ifp->if_init(ifp->if_softc); 1067 break; 1068 } 1069 break; 1070 1071 case SIOCGIFADDR: 1072 { 1073 struct sockaddr sa; 1074* 1075 sa = (struct sockaddr ) & ifr->ifr_data; 1076* bcopy(IF_LLADDR(ifp), 1077 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1078 } 1079 break; 1080 1081 case SIOCSIFMTU: 1082 /* 1083 * Set the interface MTU. 1084 / 1085* if (ifr->ifr_mtu > ETHERMTU) { 1086 error = EINVAL; 1087 } else { 1088 ifp->if_mtu = ifr->ifr_mtu; 1089 } 1090 break; 1091 default: 1092 error = EINVAL; /* XXX netbsd has ENOTTY??? / 1093* break; 1094 } 1095 return (error); 1096} 1097 1098static int 1099ether_resolvemulti(struct ifnet ifp, struct sockaddr llsa, 1100* struct sockaddr sa) 1101{ 1102* struct sockaddr_dl sdl; 1103#ifdef INET 1104* struct sockaddr_in sin; 1105#endif 1106#ifdef INET6 1107* struct sockaddr_in6 sin6; 1108#endif 1109* u_char e_addr; 1110* 1111 switch(sa->sa_family) { 1112 case AF_LINK: 1113 /* 1114 * No mapping needed. Just check that it's a valid MC address. 1115 / 1116* sdl = (struct sockaddr_dl )sa; 1117* e_addr = LLADDR(sdl); 1118 if (!ETHER_IS_MULTICAST(e_addr)) 1119 return EADDRNOTAVAIL; 1120 llsa = 0; 1121* return 0; 1122 1123#ifdef INET 1124 case AF_INET: 1125 sin = (struct sockaddr_in )sa; 1126* if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1127 return EADDRNOTAVAIL; 1128 sdl = malloc(sizeof sdl, M_IFMADDR, 1129* M_NOWAIT\|M_ZERO); 1130 if (sdl == NULL) 1131 return ENOMEM; 1132 sdl->sdl_len = sizeof sdl; 1133* sdl->sdl_family = AF_LINK; 1134 sdl->sdl_index = ifp->if_index; 1135 sdl->sdl_type = IFT_ETHER; 1136 sdl->sdl_alen = ETHER_ADDR_LEN; 1137 e_addr = LLADDR(sdl); 1138 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1139 llsa = (struct sockaddr )sdl; 1140 return 0; 1141#endif 1142#ifdef INET6 1143 case AF_INET6: 1144 sin6 = (struct sockaddr_in6 )sa; 1145* if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1146 /* 1147 * An IP6 address of 0 means listen to all 1148 * of the Ethernet multicast address used for IP6. 1149 * (This is used for multicast routers.) 1150 / 1151* ifp->if_flags \|= IFF_ALLMULTI; 1152 llsa = 0; 1153* return 0; 1154 } 1155 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1156 return EADDRNOTAVAIL; 1157 sdl = malloc(sizeof sdl, M_IFMADDR, 1158* M_NOWAIT\|M_ZERO); 1159 if (sdl == NULL) 1160 return (ENOMEM); 1161 sdl->sdl_len = sizeof sdl; 1162* sdl->sdl_family = AF_LINK; 1163 sdl->sdl_index = ifp->if_index; 1164 sdl->sdl_type = IFT_ETHER; 1165 sdl->sdl_alen = ETHER_ADDR_LEN; 1166 e_addr = LLADDR(sdl); 1167 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1168 llsa = (struct sockaddr )sdl; 1169 return 0; 1170#endif 1171 1172 default: 1173 /* 1174 * Well, the text isn't quite right, but it's the name 1175 * that counts... 1176 / 1177* return EAFNOSUPPORT; 1178 } 1179} 1180 1181static void* 1182ether_alloc(u_char type, struct ifnet ifp) 1183{ 1184* struct arpcom ac; 1185* 1186 ac = malloc(sizeof(struct arpcom), M_ARPCOM, M_WAITOK \| M_ZERO); 1187 ac->ac_ifp = ifp; 1188 1189 return (ac); 1190} 1191 1192static void 1193ether_free(void com, u_char type) 1194{ 1195* 1196 free(com, M_ARPCOM); 1197} 1198 1199static int 1200ether_modevent(module_t mod, int type, void data) 1201{ 1202* 1203 switch (type) { 1204 case MOD_LOAD: 1205 if_register_com_alloc(IFT_ETHER, ether_alloc, ether_free); 1206 break; 1207 case MOD_UNLOAD: 1208 if_deregister_com_alloc(IFT_ETHER); 1209 break; 1210 default: 1211 return EOPNOTSUPP; 1212 } 1213 1214 return (0); 1215} 1216 1217static moduledata_t ether_mod = { 1218 "ether", 1219 ether_modevent, 1220 0 1221}; 1222 1223void 1224ether_vlan_mtap(struct bpf_if bp, struct mbuf m, void data, u_int dlen) 1225{ 1226* struct ether_vlan_header vlan; 1227 struct mbuf mv, mb; 1228 1229 KASSERT((m->m_flags & M_VLANTAG) != 0, 1230 ("%s: vlan information not present", __func__)); 1231 KASSERT(m->m_len >= sizeof(struct ether_header), 1232 ("%s: mbuf not large enough for header", __func__)); 1233 bcopy(mtod(m, char ), &vlan, sizeof(struct ether_header)); 1234* vlan.evl_proto = vlan.evl_encap_proto; 1235 vlan.evl_encap_proto = htons(ETHERTYPE_VLAN); 1236 vlan.evl_tag = htons(m->m_pkthdr.ether_vtag); 1237 m->m_len -= sizeof(struct ether_header); 1238 m->m_data += sizeof(struct ether_header); 1239 /* 1240 * If a data link has been supplied by the caller, then we will need to 1241 * re-create a stack allocated mbuf chain with the following structure: 1242 * 1243 * (1) mbuf #1 will contain the supplied data link 1244 * (2) mbuf #2 will contain the vlan header 1245 * (3) mbuf #3 will contain the original mbuf's packet data 1246 * 1247 * Otherwise, submit the packet and vlan header via bpf_mtap2(). 1248 / 1249* if (data != NULL) { 1250 mv.m_next = m; 1251 mv.m_data = (caddr_t)&vlan; 1252 mv.m_len = sizeof(vlan); 1253 mb.m_next = &mv; 1254 mb.m_data = data; 1255 mb.m_len = dlen; 1256 bpf_mtap(bp, &mb); 1257 } else 1258 bpf_mtap2(bp, &vlan, sizeof(vlan), m); 1259 m->m_len += sizeof(struct ether_header); 1260 m->m_data -= sizeof(struct ether_header); 1261} 1262 1263struct mbuf * 1264ether_vlanencap(struct mbuf m, uint16_t tag) 1265{ 1266* struct ether_vlan_header evl; 1267* 1268 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_DONTWAIT); 1269 if (m == NULL) 1270 return (NULL); 1271 /* M_PREPEND takes care of m_len, m_pkthdr.len for us / 1272* 1273 if (m->m_len < sizeof(evl)) { 1274* m = m_pullup(m, sizeof(evl)); 1275* if (m == NULL) 1276 return (NULL); 1277 } 1278 1279 /* 1280 * Transform the Ethernet header into an Ethernet header 1281 * with 802.1Q encapsulation. 1282 / 1283* evl = mtod(m, struct ether_vlan_header ); 1284* bcopy((char )evl + ETHER_VLAN_ENCAP_LEN, 1285* (char )evl, ETHER_HDR_LEN - ETHER_TYPE_LEN); 1286* evl->evl_encap_proto = htons(ETHERTYPE_VLAN); 1287 evl->evl_tag = htons(tag); 1288 return (m); 1289} 1290 1291DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY); 1292MODULE_VERSION(ether, 1);