66 67#if defined(INET) || defined(INET6) 68#include <netinet/in.h> 69#include <netinet/in_var.h> 70#include <netinet/if_ether.h> 71#include <netinet/ip_fw.h> 72#include <netinet/ip_dummynet.h> 73#endif 74#ifdef INET6 75#include <netinet6/nd6.h> 76#endif 77 78#ifdef DEV_CARP 79#include <netinet/ip_carp.h> 80#endif 81 82#ifdef IPX 83#include <netipx/ipx.h> 84#include <netipx/ipx_if.h> 85#endif 86int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 87int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, 88 struct sockaddr *dst, short *tp, int *hlen); 89 90#ifdef NETATALK 91#include <netatalk/at.h> 92#include <netatalk/at_var.h> 93#include <netatalk/at_extern.h> 94 95#define llc_snap_org_code llc_un.type_snap.org_code 96#define llc_snap_ether_type llc_un.type_snap.ether_type 97 98extern u_char at_org_code[3]; 99extern u_char aarp_org_code[3]; 100#endif /* NETATALK */ 101 102#include <security/mac/mac_framework.h> 103 104#ifdef CTASSERT 105CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2); 106CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN); 107#endif 108 109/* netgraph node hooks for ng_ether(4) */ 110void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp); 111void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m); 112int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 113void (*ng_ether_attach_p)(struct ifnet *ifp); 114void (*ng_ether_detach_p)(struct ifnet *ifp); 115 116void (*vlan_input_p)(struct ifnet *, struct mbuf *); 117 118/* if_bridge(4) support */ 119struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 120int (*bridge_output_p)(struct ifnet *, struct mbuf *, 121 struct sockaddr *, struct rtentry *); 122void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 123 124/* if_lagg(4) support */ 125struct mbuf *(*lagg_input_p)(struct ifnet *, struct mbuf *); 126 127static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 128 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 129 130static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 131 struct sockaddr *); 132 133/* XXX: should be in an arp support file, not here */ 134MALLOC_DEFINE(M_ARPCOM, "arpcom", "802.* interface internals"); 135 136#define ETHER_IS_BROADCAST(addr) \ 137 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 138 139#define senderr(e) do { error = (e); goto bad;} while (0) 140 141#if defined(INET) || defined(INET6) 142int 143ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 144 struct ip_fw **rule, int shared); 145#ifdef VIMAGE_GLOBALS 146static int ether_ipfw; 147#endif 148#endif 149 150/* 151 * Ethernet output routine. 152 * Encapsulate a packet of type family for the local net. 153 * Use trailer local net encapsulation if enough data in first 154 * packet leaves a multiple of 512 bytes of data in remainder. 155 */ 156int 157ether_output(struct ifnet *ifp, struct mbuf *m, 158 struct sockaddr *dst, struct rtentry *rt0) 159{ 160 short type; 161 int error, hdrcmplt = 0; 162 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 163 struct ether_header *eh; 164 struct pf_mtag *t; 165 int loop_copy = 1; 166 int hlen; /* link layer header length */ 167 168#ifdef MAC 169 error = mac_ifnet_check_transmit(ifp, m); 170 if (error) 171 senderr(error); 172#endif 173 174 M_PROFILE(m); 175 if (ifp->if_flags & IFF_MONITOR) 176 senderr(ENETDOWN); 177 if (!((ifp->if_flags & IFF_UP) && 178 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 179 senderr(ENETDOWN); 180 181 hlen = ETHER_HDR_LEN; 182 switch (dst->sa_family) { 183#ifdef INET 184 case AF_INET: 185 error = arpresolve(ifp, rt0, m, dst, edst); 186 if (error) 187 return (error == EWOULDBLOCK ? 0 : error); 188 type = htons(ETHERTYPE_IP); 189 break; 190 case AF_ARP: 191 { 192 struct arphdr *ah; 193 ah = mtod(m, struct arphdr *); 194 ah->ar_hrd = htons(ARPHRD_ETHER); 195 196 loop_copy = 0; /* if this is for us, don't do it */ 197 198 switch(ntohs(ah->ar_op)) { 199 case ARPOP_REVREQUEST: 200 case ARPOP_REVREPLY: 201 type = htons(ETHERTYPE_REVARP); 202 break; 203 case ARPOP_REQUEST: 204 case ARPOP_REPLY: 205 default: 206 type = htons(ETHERTYPE_ARP); 207 break; 208 } 209 210 if (m->m_flags & M_BCAST) 211 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 212 else 213 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 214 215 } 216 break; 217#endif 218#ifdef INET6 219 case AF_INET6: 220 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char *)edst); 221 if (error) 222 return error; 223 type = htons(ETHERTYPE_IPV6); 224 break; 225#endif 226#ifdef IPX 227 case AF_IPX: 228 if (ef_outputp) { 229 error = ef_outputp(ifp, &m, dst, &type, &hlen); 230 if (error) 231 goto bad; 232 } else 233 type = htons(ETHERTYPE_IPX); 234 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 235 (caddr_t)edst, sizeof (edst)); 236 break; 237#endif 238#ifdef NETATALK 239 case AF_APPLETALK: 240 { 241 struct at_ifaddr *aa; 242 243 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) 244 senderr(EHOSTUNREACH); /* XXX */ 245 if (!aarpresolve(ifp, m, (struct sockaddr_at *)dst, edst)) 246 return (0); 247 /* 248 * In the phase 2 case, need to prepend an mbuf for the llc header. 249 */ 250 if ( aa->aa_flags & AFA_PHASE2 ) { 251 struct llc llc; 252 253 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 254 if (m == NULL) 255 senderr(ENOBUFS); 256 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 257 llc.llc_control = LLC_UI; 258 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 259 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 260 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 261 type = htons(m->m_pkthdr.len); 262 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 263 } else { 264 type = htons(ETHERTYPE_AT); 265 } 266 break; 267 } 268#endif /* NETATALK */ 269 270 case pseudo_AF_HDRCMPLT: 271 hdrcmplt = 1; 272 eh = (struct ether_header *)dst->sa_data; 273 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 274 /* FALLTHROUGH */ 275 276 case AF_UNSPEC: 277 loop_copy = 0; /* if this is for us, don't do it */ 278 eh = (struct ether_header *)dst->sa_data; 279 (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 280 type = eh->ether_type; 281 break; 282 283 default: 284 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 285 senderr(EAFNOSUPPORT); 286 } 287 288 /* 289 * Add local net header. If no space in first mbuf, 290 * allocate another. 291 */ 292 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 293 if (m == NULL) 294 senderr(ENOBUFS); 295 eh = mtod(m, struct ether_header *); 296 (void)memcpy(&eh->ether_type, &type, 297 sizeof(eh->ether_type)); 298 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 299 if (hdrcmplt) 300 (void)memcpy(eh->ether_shost, esrc, 301 sizeof(eh->ether_shost)); 302 else 303 (void)memcpy(eh->ether_shost, IF_LLADDR(ifp), 304 sizeof(eh->ether_shost)); 305 306 /* 307 * If a simplex interface, and the packet is being sent to our 308 * Ethernet address or a broadcast address, loopback a copy. 309 * XXX To make a simplex device behave exactly like a duplex 310 * device, we should copy in the case of sending to our own 311 * ethernet address (thus letting the original actually appear 312 * on the wire). However, we don't do that here for security 313 * reasons and compatibility with the original behavior. 314 */ 315 if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy && 316 ((t = pf_find_mtag(m)) == NULL || !t->routed)) { 317 int csum_flags = 0; 318 319 if (m->m_pkthdr.csum_flags & CSUM_IP) 320 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID); 321 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 322 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); 323 324 if (m->m_flags & M_BCAST) { 325 struct mbuf *n; 326 327 /* 328 * Because if_simloop() modifies the packet, we need a 329 * writable copy through m_dup() instead of a readonly 330 * one as m_copy[m] would give us. The alternative would 331 * be to modify if_simloop() to handle the readonly mbuf, 332 * but performancewise it is mostly equivalent (trading 333 * extra data copying vs. extra locking). 334 * 335 * XXX This is a local workaround. A number of less 336 * often used kernel parts suffer from the same bug. 337 * See PR kern/105943 for a proposed general solution. 338 */ 339 if ((n = m_dup(m, M_DONTWAIT)) != NULL) { 340 n->m_pkthdr.csum_flags |= csum_flags; 341 if (csum_flags & CSUM_DATA_VALID) 342 n->m_pkthdr.csum_data = 0xffff; 343 (void)if_simloop(ifp, n, dst->sa_family, hlen); 344 } else 345 ifp->if_iqdrops++; 346 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 347 ETHER_ADDR_LEN) == 0) { 348 m->m_pkthdr.csum_flags |= csum_flags; 349 if (csum_flags & CSUM_DATA_VALID) 350 m->m_pkthdr.csum_data = 0xffff; 351 (void) if_simloop(ifp, m, dst->sa_family, hlen); 352 return (0); /* XXX */ 353 } 354 } 355 356 /* 357 * Bridges require special output handling. 358 */ 359 if (ifp->if_bridge) { 360 BRIDGE_OUTPUT(ifp, m, error); 361 return (error); 362 } 363 364#ifdef DEV_CARP 365 if (ifp->if_carp && 366 (error = carp_output(ifp, m, dst, NULL))) 367 goto bad; 368#endif 369 370 /* Handle ng_ether(4) processing, if any */ 371 if (IFP2AC(ifp)->ac_netgraph != NULL) { 372 KASSERT(ng_ether_output_p != NULL, 373 ("ng_ether_output_p is NULL")); 374 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 375bad: if (m != NULL) 376 m_freem(m); 377 return (error); 378 } 379 if (m == NULL) 380 return (0); 381 } 382 383 /* Continue with link-layer output */ 384 return ether_output_frame(ifp, m); 385} 386 387/* 388 * Ethernet link layer output routine to send a raw frame to the device. 389 * 390 * This assumes that the 14 byte Ethernet header is present and contiguous 391 * in the first mbuf (if BRIDGE'ing). 392 */ 393int 394ether_output_frame(struct ifnet *ifp, struct mbuf *m) 395{ 396#if defined(INET) || defined(INET6) 397 INIT_VNET_NET(ifp->if_vnet); 398 struct ip_fw *rule = ip_dn_claim_rule(m); 399 400 if (IPFW_LOADED && V_ether_ipfw != 0) { 401 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 402 if (m) { 403 m_freem(m); 404 return EACCES; /* pkt dropped */ 405 } else 406 return 0; /* consumed e.g. in a pipe */ 407 } 408 } 409#endif 410 411 /* 412 * Queue message on interface, update output statistics if 413 * successful, and start output if interface not yet active. 414 */ 415 return ((ifp->if_transmit)(ifp, m)); 416} 417 418#if defined(INET) || defined(INET6) 419/* 420 * ipfw processing for ethernet packets (in and out). 421 * The second parameter is NULL from ether_demux, and ifp from 422 * ether_output_frame. 423 */ 424int 425ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 426 struct ip_fw **rule, int shared) 427{ 428 INIT_VNET_IPFW(dst->if_vnet); 429 struct ether_header *eh; 430 struct ether_header save_eh; 431 struct mbuf *m; 432 int i; 433 struct ip_fw_args args; 434 435 if (*rule != NULL && V_fw_one_pass) 436 return 1; /* dummynet packet, already partially processed */ 437 438 /* 439 * I need some amt of data to be contiguous, and in case others need 440 * the packet (shared==1) also better be in the first mbuf. 441 */ 442 m = *m0; 443 i = min( m->m_pkthdr.len, max_protohdr); 444 if ( shared || m->m_len < i) { 445 m = m_pullup(m, i); 446 if (m == NULL) { 447 *m0 = m; 448 return 0; 449 } 450 } 451 eh = mtod(m, struct ether_header *); 452 save_eh = *eh; /* save copy for restore below */ 453 m_adj(m, ETHER_HDR_LEN); /* strip ethernet header */ 454 455 args.m = m; /* the packet we are looking at */ 456 args.oif = dst; /* destination, if any */ 457 args.rule = *rule; /* matching rule to restart */ 458 args.next_hop = NULL; /* we do not support forward yet */ 459 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 460 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 461 i = ip_fw_chk_ptr(&args); 462 m = args.m; 463 if (m != NULL) { 464 /* 465 * Restore Ethernet header, as needed, in case the 466 * mbuf chain was replaced by ipfw. 467 */ 468 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 469 if (m == NULL) { 470 *m0 = m; 471 return 0; 472 } 473 if (eh != mtod(m, struct ether_header *)) 474 bcopy(&save_eh, mtod(m, struct ether_header *), 475 ETHER_HDR_LEN); 476 } 477 *m0 = m; 478 *rule = args.rule; 479 480 if (i == IP_FW_DENY) /* drop */ 481 return 0; 482 483 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL")); 484 485 if (i == IP_FW_PASS) /* a PASS rule. */ 486 return 1; 487 488 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 489 /* 490 * Pass the pkt to dummynet, which consumes it. 491 * If shared, make a copy and keep the original. 492 */ 493 if (shared) { 494 m = m_copypacket(m, M_DONTWAIT); 495 if (m == NULL) 496 return 0; 497 } else { 498 /* 499 * Pass the original to dummynet and 500 * nothing back to the caller 501 */ 502 *m0 = NULL ; 503 } 504 ip_dn_io_ptr(&m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 505 return 0; 506 } 507 /* 508 * XXX at some point add support for divert/forward actions. 509 * If none of the above matches, we have to drop the pkt. 510 */ 511 return 0; 512} 513#endif 514 515/* 516 * Process a received Ethernet packet; the packet is in the 517 * mbuf chain m with the ethernet header at the front. 518 */ 519static void 520ether_input(struct ifnet *ifp, struct mbuf *m) 521{ 522 struct ether_header *eh; 523 u_short etype; 524 525 if ((ifp->if_flags & IFF_UP) == 0) { 526 m_freem(m); 527 return; 528 } 529#ifdef DIAGNOSTIC 530 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 531 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n"); 532 m_freem(m); 533 return; 534 } 535#endif 536 /* 537 * Do consistency checks to verify assumptions 538 * made by code past this point. 539 */ 540 if ((m->m_flags & M_PKTHDR) == 0) { 541 if_printf(ifp, "discard frame w/o packet header\n"); 542 ifp->if_ierrors++; 543 m_freem(m); 544 return; 545 } 546 if (m->m_len < ETHER_HDR_LEN) { 547 /* XXX maybe should pullup? */ 548 if_printf(ifp, "discard frame w/o leading ethernet " 549 "header (len %u pkt len %u)\n", 550 m->m_len, m->m_pkthdr.len); 551 ifp->if_ierrors++; 552 m_freem(m); 553 return; 554 } 555 eh = mtod(m, struct ether_header *); 556 etype = ntohs(eh->ether_type); 557 if (m->m_pkthdr.rcvif == NULL) { 558 if_printf(ifp, "discard frame w/o interface pointer\n"); 559 ifp->if_ierrors++; 560 m_freem(m); 561 return; 562 } 563#ifdef DIAGNOSTIC 564 if (m->m_pkthdr.rcvif != ifp) { 565 if_printf(ifp, "Warning, frame marked as received on %s\n", 566 m->m_pkthdr.rcvif->if_xname); 567 } 568#endif 569 570 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 571 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 572 m->m_flags |= M_BCAST; 573 else 574 m->m_flags |= M_MCAST; 575 ifp->if_imcasts++; 576 } 577 578#ifdef MAC 579 /* 580 * Tag the mbuf with an appropriate MAC label before any other 581 * consumers can get to it. 582 */ 583 mac_ifnet_create_mbuf(ifp, m); 584#endif 585 586 /* 587 * Give bpf a chance at the packet. 588 */ 589 ETHER_BPF_MTAP(ifp, m); 590 591 /* 592 * If the CRC is still on the packet, trim it off. We do this once 593 * and once only in case we are re-entered. Nothing else on the 594 * Ethernet receive path expects to see the FCS. 595 */ 596 if (m->m_flags & M_HASFCS) { 597 m_adj(m, -ETHER_CRC_LEN); 598 m->m_flags &= ~M_HASFCS; 599 } 600 601 ifp->if_ibytes += m->m_pkthdr.len; 602 603 /* Allow monitor mode to claim this frame, after stats are updated. */ 604 if (ifp->if_flags & IFF_MONITOR) { 605 m_freem(m); 606 return; 607 } 608 609 /* Handle input from a lagg(4) port */ 610 if (ifp->if_type == IFT_IEEE8023ADLAG) { 611 KASSERT(lagg_input_p != NULL, 612 ("%s: if_lagg not loaded!", __func__)); 613 m = (*lagg_input_p)(ifp, m); 614 if (m != NULL) 615 ifp = m->m_pkthdr.rcvif; 616 else 617 return; 618 } 619 620 /* 621 * If the hardware did not process an 802.1Q tag, do this now, 622 * to allow 802.1P priority frames to be passed to the main input 623 * path correctly. 624 * TODO: Deal with Q-in-Q frames, but not arbitrary nesting levels. 625 */ 626 if ((m->m_flags & M_VLANTAG) == 0 && etype == ETHERTYPE_VLAN) { 627 struct ether_vlan_header *evl; 628 629 if (m->m_len < sizeof(*evl) && 630 (m = m_pullup(m, sizeof(*evl))) == NULL) { 631#ifdef DIAGNOSTIC 632 if_printf(ifp, "cannot pullup VLAN header\n"); 633#endif 634 ifp->if_ierrors++; 635 m_freem(m); 636 return; 637 } 638 639 evl = mtod(m, struct ether_vlan_header *); 640 m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag); 641 m->m_flags |= M_VLANTAG; 642 643 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN, 644 ETHER_HDR_LEN - ETHER_TYPE_LEN); 645 m_adj(m, ETHER_VLAN_ENCAP_LEN); 646 } 647 648 /* Allow ng_ether(4) to claim this frame. */ 649 if (IFP2AC(ifp)->ac_netgraph != NULL) { 650 KASSERT(ng_ether_input_p != NULL, 651 ("%s: ng_ether_input_p is NULL", __func__)); 652 m->m_flags &= ~M_PROMISC; 653 (*ng_ether_input_p)(ifp, &m); 654 if (m == NULL) 655 return; 656 } 657 658 /* 659 * Allow if_bridge(4) to claim this frame. 660 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it 661 * and the frame should be delivered locally. 662 */ 663 if (ifp->if_bridge != NULL) { 664 m->m_flags &= ~M_PROMISC; 665 BRIDGE_INPUT(ifp, m); 666 if (m == NULL) 667 return; 668 } 669 670#ifdef DEV_CARP 671 /* 672 * Clear M_PROMISC on frame so that carp(4) will see it when the 673 * mbuf flows up to Layer 3. 674 * FreeBSD's implementation of carp(4) uses the inprotosw 675 * to dispatch IPPROTO_CARP. carp(4) also allocates its own 676 * Ethernet addresses of the form 00:00:5e:00:01:xx, which 677 * is outside the scope of the M_PROMISC test below. 678 * TODO: Maintain a hash table of ethernet addresses other than 679 * ether_dhost which may be active on this ifp. 680 */ 681 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) { 682 m->m_flags &= ~M_PROMISC; 683 } else 684#endif 685 { 686 /* 687 * If the frame received was not for our MAC address, set the 688 * M_PROMISC flag on the mbuf chain. The frame may need to 689 * be seen by the rest of the Ethernet input path in case of 690 * re-entry (e.g. bridge, vlan, netgraph) but should not be 691 * seen by upper protocol layers. 692 */ 693 if (!ETHER_IS_MULTICAST(eh->ether_dhost) && 694 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0) 695 m->m_flags |= M_PROMISC; 696 } 697 698 /* First chunk of an mbuf contains good entropy */ 699 if (harvest.ethernet) 700 random_harvest(m, 16, 3, 0, RANDOM_NET); 701 702 ether_demux(ifp, m); 703} 704 705/* 706 * Upper layer processing for a received Ethernet packet. 707 */ 708void 709ether_demux(struct ifnet *ifp, struct mbuf *m) 710{ 711 struct ether_header *eh; 712 int isr; 713 u_short ether_type; 714#if defined(NETATALK) 715 struct llc *l; 716#endif 717 718 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); 719 720#if defined(INET) || defined(INET6) 721 INIT_VNET_NET(ifp->if_vnet); 722 /* 723 * Allow dummynet and/or ipfw to claim the frame. 724 * Do not do this for PROMISC frames in case we are re-entered. 725 */ 726 if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { 727 struct ip_fw *rule = ip_dn_claim_rule(m); 728 729 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 730 if (m) 731 m_freem(m); /* dropped; free mbuf chain */ 732 return; /* consumed */ 733 } 734 } 735#endif 736 eh = mtod(m, struct ether_header *); 737 ether_type = ntohs(eh->ether_type); 738 739 /* 740 * If this frame has a VLAN tag other than 0, call vlan_input() 741 * if its module is loaded. Otherwise, drop. 742 */ 743 if ((m->m_flags & M_VLANTAG) && 744 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) { 745 if (ifp->if_vlantrunk == NULL) { 746 ifp->if_noproto++; 747 m_freem(m); 748 return; 749 } 750 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!", 751 __func__)); 752 /* Clear before possibly re-entering ether_input(). */ 753 m->m_flags &= ~M_PROMISC; 754 (*vlan_input_p)(ifp, m); 755 return; 756 } 757 758 /* 759 * Pass promiscuously received frames to the upper layer if the user 760 * requested this by setting IFF_PPROMISC. Otherwise, drop them. 761 */ 762 if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) { 763 m_freem(m); 764 return; 765 } 766 767 /* 768 * Reset layer specific mbuf flags to avoid confusing upper layers. 769 * Strip off Ethernet header. 770 */ 771 m->m_flags &= ~M_VLANTAG; 772 m->m_flags &= ~(M_PROTOFLAGS); 773 m_adj(m, ETHER_HDR_LEN); 774 775 /* 776 * Dispatch frame to upper layer. 777 */ 778 switch (ether_type) { 779#ifdef INET 780 case ETHERTYPE_IP: 781 if ((m = ip_fastforward(m)) == NULL) 782 return; 783 isr = NETISR_IP; 784 break; 785 786 case ETHERTYPE_ARP: 787 if (ifp->if_flags & IFF_NOARP) { 788 /* Discard packet if ARP is disabled on interface */ 789 m_freem(m); 790 return; 791 } 792 isr = NETISR_ARP; 793 break; 794#endif 795#ifdef IPX 796 case ETHERTYPE_IPX: 797 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 798 return; 799 isr = NETISR_IPX; 800 break; 801#endif 802#ifdef INET6 803 case ETHERTYPE_IPV6: 804 isr = NETISR_IPV6; 805 break; 806#endif 807#ifdef NETATALK 808 case ETHERTYPE_AT: 809 isr = NETISR_ATALK1; 810 break; 811 case ETHERTYPE_AARP: 812 isr = NETISR_AARP; 813 break; 814#endif /* NETATALK */ 815 default: 816#ifdef IPX 817 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 818 return; 819#endif /* IPX */ 820#if defined(NETATALK) 821 if (ether_type > ETHERMTU) 822 goto discard; 823 l = mtod(m, struct llc *); 824 if (l->llc_dsap == LLC_SNAP_LSAP && 825 l->llc_ssap == LLC_SNAP_LSAP && 826 l->llc_control == LLC_UI) { 827 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 828 sizeof(at_org_code)) == 0 && 829 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 830 m_adj(m, LLC_SNAPFRAMELEN); 831 isr = NETISR_ATALK2; 832 break; 833 } 834 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 835 sizeof(aarp_org_code)) == 0 && 836 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 837 m_adj(m, LLC_SNAPFRAMELEN); 838 isr = NETISR_AARP; 839 break; 840 } 841 } 842#endif /* NETATALK */ 843 goto discard; 844 } 845 netisr_dispatch(isr, m); 846 return; 847 848discard: 849 /* 850 * Packet is to be discarded. If netgraph is present, 851 * hand the packet to it for last chance processing; 852 * otherwise dispose of it. 853 */ 854 if (IFP2AC(ifp)->ac_netgraph != NULL) { 855 KASSERT(ng_ether_input_orphan_p != NULL, 856 ("ng_ether_input_orphan_p is NULL")); 857 /* 858 * Put back the ethernet header so netgraph has a 859 * consistent view of inbound packets. 860 */ 861 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 862 (*ng_ether_input_orphan_p)(ifp, m); 863 return; 864 } 865 m_freem(m); 866} 867 868/* 869 * Convert Ethernet address to printable (loggable) representation. 870 * This routine is for compatibility; it's better to just use 871 * 872 * printf("%6D", <pointer to address>, ":"); 873 * 874 * since there's no static buffer involved. 875 */ 876char * 877ether_sprintf(const u_char *ap) 878{ 879 static char etherbuf[18]; 880 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 881 return (etherbuf); 882} 883 884/* 885 * Perform common duties while attaching to interface list 886 */ 887void 888ether_ifattach(struct ifnet *ifp, const u_int8_t *lla) 889{ 890 int i; 891 struct ifaddr *ifa; 892 struct sockaddr_dl *sdl; 893 894 ifp->if_addrlen = ETHER_ADDR_LEN; 895 ifp->if_hdrlen = ETHER_HDR_LEN; 896 if_attach(ifp); 897 ifp->if_mtu = ETHERMTU; 898 ifp->if_output = ether_output; 899 ifp->if_input = ether_input; 900 ifp->if_resolvemulti = ether_resolvemulti; 901 if (ifp->if_baudrate == 0) 902 ifp->if_baudrate = IF_Mbps(10); /* just a default */ 903 ifp->if_broadcastaddr = etherbroadcastaddr; 904 905 ifa = ifp->if_addr; 906 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 907 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 908 sdl->sdl_type = IFT_ETHER; 909 sdl->sdl_alen = ifp->if_addrlen; 910 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 911 912 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 913 if (ng_ether_attach_p != NULL) 914 (*ng_ether_attach_p)(ifp); 915 916 /* Announce Ethernet MAC address if non-zero. */ 917 for (i = 0; i < ifp->if_addrlen; i++) 918 if (lla[i] != 0) 919 break; 920 if (i != ifp->if_addrlen) 921 if_printf(ifp, "Ethernet address: %6D\n", lla, ":"); 922} 923 924/* 925 * Perform common duties while detaching an Ethernet interface 926 */ 927void 928ether_ifdetach(struct ifnet *ifp) 929{ 930 if (IFP2AC(ifp)->ac_netgraph != NULL) { 931 KASSERT(ng_ether_detach_p != NULL, 932 ("ng_ether_detach_p is NULL")); 933 (*ng_ether_detach_p)(ifp); 934 } 935 936 bpfdetach(ifp); 937 if_detach(ifp); 938} 939 940SYSCTL_DECL(_net_link); 941SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 942#if defined(INET) || defined(INET6) 943SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 944 ether_ipfw, 0, "Pass ether pkts through firewall"); 945#endif 946 947#if 0 948/* 949 * This is for reference. We have a table-driven version 950 * of the little-endian crc32 generator, which is faster 951 * than the double-loop. 952 */ 953uint32_t 954ether_crc32_le(const uint8_t *buf, size_t len) 955{ 956 size_t i; 957 uint32_t crc; 958 int bit; 959 uint8_t data; 960 961 crc = 0xffffffff; /* initial value */ 962 963 for (i = 0; i < len; i++) { 964 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 965 carry = (crc ^ data) & 1; 966 crc >>= 1; 967 if (carry) 968 crc = (crc ^ ETHER_CRC_POLY_LE); 969 } 970 } 971 972 return (crc); 973} 974#else 975uint32_t 976ether_crc32_le(const uint8_t *buf, size_t len) 977{ 978 static const uint32_t crctab[] = { 979 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 980 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 981 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 982 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 983 }; 984 size_t i; 985 uint32_t crc; 986 987 crc = 0xffffffff; /* initial value */ 988 989 for (i = 0; i < len; i++) { 990 crc ^= buf[i]; 991 crc = (crc >> 4) ^ crctab[crc & 0xf]; 992 crc = (crc >> 4) ^ crctab[crc & 0xf]; 993 } 994 995 return (crc); 996} 997#endif 998 999uint32_t 1000ether_crc32_be(const uint8_t *buf, size_t len) 1001{ 1002 size_t i; 1003 uint32_t crc, carry; 1004 int bit; 1005 uint8_t data; 1006 1007 crc = 0xffffffff; /* initial value */ 1008 1009 for (i = 0; i < len; i++) { 1010 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 1011 carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 1012 crc <<= 1; 1013 if (carry) 1014 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 1015 } 1016 } 1017 1018 return (crc); 1019} 1020 1021int 1022ether_ioctl(struct ifnet *ifp, u_long command, caddr_t data) 1023{ 1024 struct ifaddr *ifa = (struct ifaddr *) data; 1025 struct ifreq *ifr = (struct ifreq *) data; 1026 int error = 0; 1027 1028 switch (command) { 1029 case SIOCSIFADDR: 1030 ifp->if_flags |= IFF_UP; 1031 1032 switch (ifa->ifa_addr->sa_family) { 1033#ifdef INET 1034 case AF_INET: 1035 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 1036 arp_ifinit(ifp, ifa); 1037 break; 1038#endif 1039#ifdef IPX 1040 /* 1041 * XXX - This code is probably wrong 1042 */ 1043 case AF_IPX: 1044 { 1045 struct ipx_addr *ina = &(IA_SIPX(ifa)->sipx_addr); 1046 1047 if (ipx_nullhost(*ina)) 1048 ina->x_host = 1049 *(union ipx_host *) 1050 IF_LLADDR(ifp); 1051 else { 1052 bcopy((caddr_t) ina->x_host.c_host, 1053 (caddr_t) IF_LLADDR(ifp), 1054 ETHER_ADDR_LEN); 1055 } 1056 1057 /* 1058 * Set new address 1059 */ 1060 ifp->if_init(ifp->if_softc); 1061 break; 1062 } 1063#endif 1064 default: 1065 ifp->if_init(ifp->if_softc); 1066 break; 1067 } 1068 break; 1069 1070 case SIOCGIFADDR: 1071 { 1072 struct sockaddr *sa; 1073 1074 sa = (struct sockaddr *) & ifr->ifr_data; 1075 bcopy(IF_LLADDR(ifp), 1076 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1077 } 1078 break; 1079 1080 case SIOCSIFMTU: 1081 /* 1082 * Set the interface MTU. 1083 */ 1084 if (ifr->ifr_mtu > ETHERMTU) { 1085 error = EINVAL; 1086 } else { 1087 ifp->if_mtu = ifr->ifr_mtu; 1088 } 1089 break; 1090 default: 1091 error = EINVAL; /* XXX netbsd has ENOTTY??? */ 1092 break; 1093 } 1094 return (error); 1095} 1096 1097static int 1098ether_resolvemulti(struct ifnet *ifp, struct sockaddr **llsa, 1099 struct sockaddr *sa) 1100{ 1101 struct sockaddr_dl *sdl; 1102#ifdef INET 1103 struct sockaddr_in *sin; 1104#endif 1105#ifdef INET6 1106 struct sockaddr_in6 *sin6; 1107#endif 1108 u_char *e_addr; 1109 1110 switch(sa->sa_family) { 1111 case AF_LINK: 1112 /* 1113 * No mapping needed. Just check that it's a valid MC address. 1114 */ 1115 sdl = (struct sockaddr_dl *)sa; 1116 e_addr = LLADDR(sdl); 1117 if (!ETHER_IS_MULTICAST(e_addr)) 1118 return EADDRNOTAVAIL; 1119 *llsa = 0; 1120 return 0; 1121 1122#ifdef INET 1123 case AF_INET: 1124 sin = (struct sockaddr_in *)sa; 1125 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1126 return EADDRNOTAVAIL; 1127 sdl = malloc(sizeof *sdl, M_IFMADDR, 1128 M_NOWAIT|M_ZERO); 1129 if (sdl == NULL) 1130 return ENOMEM; 1131 sdl->sdl_len = sizeof *sdl; 1132 sdl->sdl_family = AF_LINK; 1133 sdl->sdl_index = ifp->if_index; 1134 sdl->sdl_type = IFT_ETHER; 1135 sdl->sdl_alen = ETHER_ADDR_LEN; 1136 e_addr = LLADDR(sdl); 1137 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1138 *llsa = (struct sockaddr *)sdl; 1139 return 0; 1140#endif 1141#ifdef INET6 1142 case AF_INET6: 1143 sin6 = (struct sockaddr_in6 *)sa; 1144 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1145 /* 1146 * An IP6 address of 0 means listen to all 1147 * of the Ethernet multicast address used for IP6. 1148 * (This is used for multicast routers.) 1149 */ 1150 ifp->if_flags |= IFF_ALLMULTI; 1151 *llsa = 0; 1152 return 0; 1153 } 1154 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1155 return EADDRNOTAVAIL; 1156 sdl = malloc(sizeof *sdl, M_IFMADDR, 1157 M_NOWAIT|M_ZERO); 1158 if (sdl == NULL) 1159 return (ENOMEM); 1160 sdl->sdl_len = sizeof *sdl; 1161 sdl->sdl_family = AF_LINK; 1162 sdl->sdl_index = ifp->if_index; 1163 sdl->sdl_type = IFT_ETHER; 1164 sdl->sdl_alen = ETHER_ADDR_LEN; 1165 e_addr = LLADDR(sdl); 1166 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1167 *llsa = (struct sockaddr *)sdl; 1168 return 0; 1169#endif 1170 1171 default: 1172 /* 1173 * Well, the text isn't quite right, but it's the name 1174 * that counts... 1175 */ 1176 return EAFNOSUPPORT; 1177 } 1178} 1179 1180static void* 1181ether_alloc(u_char type, struct ifnet *ifp) 1182{ 1183 struct arpcom *ac; 1184 1185 ac = malloc(sizeof(struct arpcom), M_ARPCOM, M_WAITOK | M_ZERO); 1186 ac->ac_ifp = ifp; 1187 1188 return (ac); 1189} 1190 1191static void 1192ether_free(void *com, u_char type) 1193{ 1194 1195 free(com, M_ARPCOM); 1196} 1197 1198static int 1199ether_modevent(module_t mod, int type, void *data) 1200{ 1201 1202 switch (type) { 1203 case MOD_LOAD: 1204 if_register_com_alloc(IFT_ETHER, ether_alloc, ether_free); 1205 break; 1206 case MOD_UNLOAD: 1207 if_deregister_com_alloc(IFT_ETHER); 1208 break; 1209 default: 1210 return EOPNOTSUPP; 1211 } 1212 1213 return (0); 1214} 1215 1216static moduledata_t ether_mod = { 1217 "ether", 1218 ether_modevent, 1219 0 1220}; 1221 1222void 1223ether_vlan_mtap(struct bpf_if *bp, struct mbuf *m, void *data, u_int dlen) 1224{ 1225 struct ether_vlan_header vlan; 1226 struct mbuf mv, mb; 1227 1228 KASSERT((m->m_flags & M_VLANTAG) != 0, 1229 ("%s: vlan information not present", __func__)); 1230 KASSERT(m->m_len >= sizeof(struct ether_header), 1231 ("%s: mbuf not large enough for header", __func__)); 1232 bcopy(mtod(m, char *), &vlan, sizeof(struct ether_header)); 1233 vlan.evl_proto = vlan.evl_encap_proto; 1234 vlan.evl_encap_proto = htons(ETHERTYPE_VLAN); 1235 vlan.evl_tag = htons(m->m_pkthdr.ether_vtag); 1236 m->m_len -= sizeof(struct ether_header); 1237 m->m_data += sizeof(struct ether_header); 1238 /* 1239 * If a data link has been supplied by the caller, then we will need to 1240 * re-create a stack allocated mbuf chain with the following structure: 1241 * 1242 * (1) mbuf #1 will contain the supplied data link 1243 * (2) mbuf #2 will contain the vlan header 1244 * (3) mbuf #3 will contain the original mbuf's packet data 1245 * 1246 * Otherwise, submit the packet and vlan header via bpf_mtap2(). 1247 */ 1248 if (data != NULL) { 1249 mv.m_next = m; 1250 mv.m_data = (caddr_t)&vlan; 1251 mv.m_len = sizeof(vlan); 1252 mb.m_next = &mv; 1253 mb.m_data = data; 1254 mb.m_len = dlen; 1255 bpf_mtap(bp, &mb); 1256 } else 1257 bpf_mtap2(bp, &vlan, sizeof(vlan), m); 1258 m->m_len += sizeof(struct ether_header); 1259 m->m_data -= sizeof(struct ether_header); 1260} 1261 1262struct mbuf * 1263ether_vlanencap(struct mbuf *m, uint16_t tag) 1264{ 1265 struct ether_vlan_header *evl; 1266 1267 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_DONTWAIT); 1268 if (m == NULL) 1269 return (NULL); 1270 /* M_PREPEND takes care of m_len, m_pkthdr.len for us */ 1271 1272 if (m->m_len < sizeof(*evl)) { 1273 m = m_pullup(m, sizeof(*evl)); 1274 if (m == NULL) 1275 return (NULL); 1276 } 1277 1278 /* 1279 * Transform the Ethernet header into an Ethernet header 1280 * with 802.1Q encapsulation. 1281 */ 1282 evl = mtod(m, struct ether_vlan_header *); 1283 bcopy((char *)evl + ETHER_VLAN_ENCAP_LEN, 1284 (char *)evl, ETHER_HDR_LEN - ETHER_TYPE_LEN); 1285 evl->evl_encap_proto = htons(ETHERTYPE_VLAN); 1286 evl->evl_tag = htons(tag); 1287 return (m); 1288} 1289 1290DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY); 1291MODULE_VERSION(ether, 1);
| 67 68#if defined(INET) || defined(INET6) 69#include <netinet/in.h> 70#include <netinet/in_var.h> 71#include <netinet/if_ether.h> 72#include <netinet/ip_fw.h> 73#include <netinet/ip_dummynet.h> 74#endif 75#ifdef INET6 76#include <netinet6/nd6.h> 77#endif 78 79#ifdef DEV_CARP 80#include <netinet/ip_carp.h> 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 88int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, 89 struct sockaddr *dst, short *tp, int *hlen); 90 91#ifdef NETATALK 92#include <netatalk/at.h> 93#include <netatalk/at_var.h> 94#include <netatalk/at_extern.h> 95 96#define llc_snap_org_code llc_un.type_snap.org_code 97#define llc_snap_ether_type llc_un.type_snap.ether_type 98 99extern u_char at_org_code[3]; 100extern u_char aarp_org_code[3]; 101#endif /* NETATALK */ 102 103#include <security/mac/mac_framework.h> 104 105#ifdef CTASSERT 106CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2); 107CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN); 108#endif 109 110/* netgraph node hooks for ng_ether(4) */ 111void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp); 112void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m); 113int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 114void (*ng_ether_attach_p)(struct ifnet *ifp); 115void (*ng_ether_detach_p)(struct ifnet *ifp); 116 117void (*vlan_input_p)(struct ifnet *, struct mbuf *); 118 119/* if_bridge(4) support */ 120struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 121int (*bridge_output_p)(struct ifnet *, struct mbuf *, 122 struct sockaddr *, struct rtentry *); 123void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 124 125/* if_lagg(4) support */ 126struct mbuf *(*lagg_input_p)(struct ifnet *, struct mbuf *); 127 128static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 129 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 130 131static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 132 struct sockaddr *); 133 134/* XXX: should be in an arp support file, not here */ 135MALLOC_DEFINE(M_ARPCOM, "arpcom", "802.* interface internals"); 136 137#define ETHER_IS_BROADCAST(addr) \ 138 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 139 140#define senderr(e) do { error = (e); goto bad;} while (0) 141 142#if defined(INET) || defined(INET6) 143int 144ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 145 struct ip_fw **rule, int shared); 146#ifdef VIMAGE_GLOBALS 147static int ether_ipfw; 148#endif 149#endif 150 151/* 152 * Ethernet output routine. 153 * Encapsulate a packet of type family for the local net. 154 * Use trailer local net encapsulation if enough data in first 155 * packet leaves a multiple of 512 bytes of data in remainder. 156 */ 157int 158ether_output(struct ifnet *ifp, struct mbuf *m, 159 struct sockaddr *dst, struct rtentry *rt0) 160{ 161 short type; 162 int error, hdrcmplt = 0; 163 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN]; 164 struct ether_header *eh; 165 struct pf_mtag *t; 166 int loop_copy = 1; 167 int hlen; /* link layer header length */ 168 169#ifdef MAC 170 error = mac_ifnet_check_transmit(ifp, m); 171 if (error) 172 senderr(error); 173#endif 174 175 M_PROFILE(m); 176 if (ifp->if_flags & IFF_MONITOR) 177 senderr(ENETDOWN); 178 if (!((ifp->if_flags & IFF_UP) && 179 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 180 senderr(ENETDOWN); 181 182 hlen = ETHER_HDR_LEN; 183 switch (dst->sa_family) { 184#ifdef INET 185 case AF_INET: 186 error = arpresolve(ifp, rt0, m, dst, edst); 187 if (error) 188 return (error == EWOULDBLOCK ? 0 : error); 189 type = htons(ETHERTYPE_IP); 190 break; 191 case AF_ARP: 192 { 193 struct arphdr *ah; 194 ah = mtod(m, struct arphdr *); 195 ah->ar_hrd = htons(ARPHRD_ETHER); 196 197 loop_copy = 0; /* if this is for us, don't do it */ 198 199 switch(ntohs(ah->ar_op)) { 200 case ARPOP_REVREQUEST: 201 case ARPOP_REVREPLY: 202 type = htons(ETHERTYPE_REVARP); 203 break; 204 case ARPOP_REQUEST: 205 case ARPOP_REPLY: 206 default: 207 type = htons(ETHERTYPE_ARP); 208 break; 209 } 210 211 if (m->m_flags & M_BCAST) 212 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN); 213 else 214 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN); 215 216 } 217 break; 218#endif 219#ifdef INET6 220 case AF_INET6: 221 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char *)edst); 222 if (error) 223 return error; 224 type = htons(ETHERTYPE_IPV6); 225 break; 226#endif 227#ifdef IPX 228 case AF_IPX: 229 if (ef_outputp) { 230 error = ef_outputp(ifp, &m, dst, &type, &hlen); 231 if (error) 232 goto bad; 233 } else 234 type = htons(ETHERTYPE_IPX); 235 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 236 (caddr_t)edst, sizeof (edst)); 237 break; 238#endif 239#ifdef NETATALK 240 case AF_APPLETALK: 241 { 242 struct at_ifaddr *aa; 243 244 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) 245 senderr(EHOSTUNREACH); /* XXX */ 246 if (!aarpresolve(ifp, m, (struct sockaddr_at *)dst, edst)) 247 return (0); 248 /* 249 * In the phase 2 case, need to prepend an mbuf for the llc header. 250 */ 251 if ( aa->aa_flags & AFA_PHASE2 ) { 252 struct llc llc; 253 254 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 255 if (m == NULL) 256 senderr(ENOBUFS); 257 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 258 llc.llc_control = LLC_UI; 259 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code)); 260 llc.llc_snap_ether_type = htons( ETHERTYPE_AT ); 261 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 262 type = htons(m->m_pkthdr.len); 263 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN; 264 } else { 265 type = htons(ETHERTYPE_AT); 266 } 267 break; 268 } 269#endif /* NETATALK */ 270 271 case pseudo_AF_HDRCMPLT: 272 hdrcmplt = 1; 273 eh = (struct ether_header *)dst->sa_data; 274 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc)); 275 /* FALLTHROUGH */ 276 277 case AF_UNSPEC: 278 loop_copy = 0; /* if this is for us, don't do it */ 279 eh = (struct ether_header *)dst->sa_data; 280 (void)memcpy(edst, eh->ether_dhost, sizeof (edst)); 281 type = eh->ether_type; 282 break; 283 284 default: 285 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 286 senderr(EAFNOSUPPORT); 287 } 288 289 /* 290 * Add local net header. If no space in first mbuf, 291 * allocate another. 292 */ 293 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 294 if (m == NULL) 295 senderr(ENOBUFS); 296 eh = mtod(m, struct ether_header *); 297 (void)memcpy(&eh->ether_type, &type, 298 sizeof(eh->ether_type)); 299 (void)memcpy(eh->ether_dhost, edst, sizeof (edst)); 300 if (hdrcmplt) 301 (void)memcpy(eh->ether_shost, esrc, 302 sizeof(eh->ether_shost)); 303 else 304 (void)memcpy(eh->ether_shost, IF_LLADDR(ifp), 305 sizeof(eh->ether_shost)); 306 307 /* 308 * If a simplex interface, and the packet is being sent to our 309 * Ethernet address or a broadcast address, loopback a copy. 310 * XXX To make a simplex device behave exactly like a duplex 311 * device, we should copy in the case of sending to our own 312 * ethernet address (thus letting the original actually appear 313 * on the wire). However, we don't do that here for security 314 * reasons and compatibility with the original behavior. 315 */ 316 if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy && 317 ((t = pf_find_mtag(m)) == NULL || !t->routed)) { 318 int csum_flags = 0; 319 320 if (m->m_pkthdr.csum_flags & CSUM_IP) 321 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID); 322 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 323 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR); 324 325 if (m->m_flags & M_BCAST) { 326 struct mbuf *n; 327 328 /* 329 * Because if_simloop() modifies the packet, we need a 330 * writable copy through m_dup() instead of a readonly 331 * one as m_copy[m] would give us. The alternative would 332 * be to modify if_simloop() to handle the readonly mbuf, 333 * but performancewise it is mostly equivalent (trading 334 * extra data copying vs. extra locking). 335 * 336 * XXX This is a local workaround. A number of less 337 * often used kernel parts suffer from the same bug. 338 * See PR kern/105943 for a proposed general solution. 339 */ 340 if ((n = m_dup(m, M_DONTWAIT)) != NULL) { 341 n->m_pkthdr.csum_flags |= csum_flags; 342 if (csum_flags & CSUM_DATA_VALID) 343 n->m_pkthdr.csum_data = 0xffff; 344 (void)if_simloop(ifp, n, dst->sa_family, hlen); 345 } else 346 ifp->if_iqdrops++; 347 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 348 ETHER_ADDR_LEN) == 0) { 349 m->m_pkthdr.csum_flags |= csum_flags; 350 if (csum_flags & CSUM_DATA_VALID) 351 m->m_pkthdr.csum_data = 0xffff; 352 (void) if_simloop(ifp, m, dst->sa_family, hlen); 353 return (0); /* XXX */ 354 } 355 } 356 357 /* 358 * Bridges require special output handling. 359 */ 360 if (ifp->if_bridge) { 361 BRIDGE_OUTPUT(ifp, m, error); 362 return (error); 363 } 364 365#ifdef DEV_CARP 366 if (ifp->if_carp && 367 (error = carp_output(ifp, m, dst, NULL))) 368 goto bad; 369#endif 370 371 /* Handle ng_ether(4) processing, if any */ 372 if (IFP2AC(ifp)->ac_netgraph != NULL) { 373 KASSERT(ng_ether_output_p != NULL, 374 ("ng_ether_output_p is NULL")); 375 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 376bad: if (m != NULL) 377 m_freem(m); 378 return (error); 379 } 380 if (m == NULL) 381 return (0); 382 } 383 384 /* Continue with link-layer output */ 385 return ether_output_frame(ifp, m); 386} 387 388/* 389 * Ethernet link layer output routine to send a raw frame to the device. 390 * 391 * This assumes that the 14 byte Ethernet header is present and contiguous 392 * in the first mbuf (if BRIDGE'ing). 393 */ 394int 395ether_output_frame(struct ifnet *ifp, struct mbuf *m) 396{ 397#if defined(INET) || defined(INET6) 398 INIT_VNET_NET(ifp->if_vnet); 399 struct ip_fw *rule = ip_dn_claim_rule(m); 400 401 if (IPFW_LOADED && V_ether_ipfw != 0) { 402 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) { 403 if (m) { 404 m_freem(m); 405 return EACCES; /* pkt dropped */ 406 } else 407 return 0; /* consumed e.g. in a pipe */ 408 } 409 } 410#endif 411 412 /* 413 * Queue message on interface, update output statistics if 414 * successful, and start output if interface not yet active. 415 */ 416 return ((ifp->if_transmit)(ifp, m)); 417} 418 419#if defined(INET) || defined(INET6) 420/* 421 * ipfw processing for ethernet packets (in and out). 422 * The second parameter is NULL from ether_demux, and ifp from 423 * ether_output_frame. 424 */ 425int 426ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 427 struct ip_fw **rule, int shared) 428{ 429 INIT_VNET_IPFW(dst->if_vnet); 430 struct ether_header *eh; 431 struct ether_header save_eh; 432 struct mbuf *m; 433 int i; 434 struct ip_fw_args args; 435 436 if (*rule != NULL && V_fw_one_pass) 437 return 1; /* dummynet packet, already partially processed */ 438 439 /* 440 * I need some amt of data to be contiguous, and in case others need 441 * the packet (shared==1) also better be in the first mbuf. 442 */ 443 m = *m0; 444 i = min( m->m_pkthdr.len, max_protohdr); 445 if ( shared || m->m_len < i) { 446 m = m_pullup(m, i); 447 if (m == NULL) { 448 *m0 = m; 449 return 0; 450 } 451 } 452 eh = mtod(m, struct ether_header *); 453 save_eh = *eh; /* save copy for restore below */ 454 m_adj(m, ETHER_HDR_LEN); /* strip ethernet header */ 455 456 args.m = m; /* the packet we are looking at */ 457 args.oif = dst; /* destination, if any */ 458 args.rule = *rule; /* matching rule to restart */ 459 args.next_hop = NULL; /* we do not support forward yet */ 460 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 461 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 462 i = ip_fw_chk_ptr(&args); 463 m = args.m; 464 if (m != NULL) { 465 /* 466 * Restore Ethernet header, as needed, in case the 467 * mbuf chain was replaced by ipfw. 468 */ 469 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 470 if (m == NULL) { 471 *m0 = m; 472 return 0; 473 } 474 if (eh != mtod(m, struct ether_header *)) 475 bcopy(&save_eh, mtod(m, struct ether_header *), 476 ETHER_HDR_LEN); 477 } 478 *m0 = m; 479 *rule = args.rule; 480 481 if (i == IP_FW_DENY) /* drop */ 482 return 0; 483 484 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL")); 485 486 if (i == IP_FW_PASS) /* a PASS rule. */ 487 return 1; 488 489 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 490 /* 491 * Pass the pkt to dummynet, which consumes it. 492 * If shared, make a copy and keep the original. 493 */ 494 if (shared) { 495 m = m_copypacket(m, M_DONTWAIT); 496 if (m == NULL) 497 return 0; 498 } else { 499 /* 500 * Pass the original to dummynet and 501 * nothing back to the caller 502 */ 503 *m0 = NULL ; 504 } 505 ip_dn_io_ptr(&m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 506 return 0; 507 } 508 /* 509 * XXX at some point add support for divert/forward actions. 510 * If none of the above matches, we have to drop the pkt. 511 */ 512 return 0; 513} 514#endif 515 516/* 517 * Process a received Ethernet packet; the packet is in the 518 * mbuf chain m with the ethernet header at the front. 519 */ 520static void 521ether_input(struct ifnet *ifp, struct mbuf *m) 522{ 523 struct ether_header *eh; 524 u_short etype; 525 526 if ((ifp->if_flags & IFF_UP) == 0) { 527 m_freem(m); 528 return; 529 } 530#ifdef DIAGNOSTIC 531 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 532 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n"); 533 m_freem(m); 534 return; 535 } 536#endif 537 /* 538 * Do consistency checks to verify assumptions 539 * made by code past this point. 540 */ 541 if ((m->m_flags & M_PKTHDR) == 0) { 542 if_printf(ifp, "discard frame w/o packet header\n"); 543 ifp->if_ierrors++; 544 m_freem(m); 545 return; 546 } 547 if (m->m_len < ETHER_HDR_LEN) { 548 /* XXX maybe should pullup? */ 549 if_printf(ifp, "discard frame w/o leading ethernet " 550 "header (len %u pkt len %u)\n", 551 m->m_len, m->m_pkthdr.len); 552 ifp->if_ierrors++; 553 m_freem(m); 554 return; 555 } 556 eh = mtod(m, struct ether_header *); 557 etype = ntohs(eh->ether_type); 558 if (m->m_pkthdr.rcvif == NULL) { 559 if_printf(ifp, "discard frame w/o interface pointer\n"); 560 ifp->if_ierrors++; 561 m_freem(m); 562 return; 563 } 564#ifdef DIAGNOSTIC 565 if (m->m_pkthdr.rcvif != ifp) { 566 if_printf(ifp, "Warning, frame marked as received on %s\n", 567 m->m_pkthdr.rcvif->if_xname); 568 } 569#endif 570 571 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 572 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 573 m->m_flags |= M_BCAST; 574 else 575 m->m_flags |= M_MCAST; 576 ifp->if_imcasts++; 577 } 578 579#ifdef MAC 580 /* 581 * Tag the mbuf with an appropriate MAC label before any other 582 * consumers can get to it. 583 */ 584 mac_ifnet_create_mbuf(ifp, m); 585#endif 586 587 /* 588 * Give bpf a chance at the packet. 589 */ 590 ETHER_BPF_MTAP(ifp, m); 591 592 /* 593 * If the CRC is still on the packet, trim it off. We do this once 594 * and once only in case we are re-entered. Nothing else on the 595 * Ethernet receive path expects to see the FCS. 596 */ 597 if (m->m_flags & M_HASFCS) { 598 m_adj(m, -ETHER_CRC_LEN); 599 m->m_flags &= ~M_HASFCS; 600 } 601 602 ifp->if_ibytes += m->m_pkthdr.len; 603 604 /* Allow monitor mode to claim this frame, after stats are updated. */ 605 if (ifp->if_flags & IFF_MONITOR) { 606 m_freem(m); 607 return; 608 } 609 610 /* Handle input from a lagg(4) port */ 611 if (ifp->if_type == IFT_IEEE8023ADLAG) { 612 KASSERT(lagg_input_p != NULL, 613 ("%s: if_lagg not loaded!", __func__)); 614 m = (*lagg_input_p)(ifp, m); 615 if (m != NULL) 616 ifp = m->m_pkthdr.rcvif; 617 else 618 return; 619 } 620 621 /* 622 * If the hardware did not process an 802.1Q tag, do this now, 623 * to allow 802.1P priority frames to be passed to the main input 624 * path correctly. 625 * TODO: Deal with Q-in-Q frames, but not arbitrary nesting levels. 626 */ 627 if ((m->m_flags & M_VLANTAG) == 0 && etype == ETHERTYPE_VLAN) { 628 struct ether_vlan_header *evl; 629 630 if (m->m_len < sizeof(*evl) && 631 (m = m_pullup(m, sizeof(*evl))) == NULL) { 632#ifdef DIAGNOSTIC 633 if_printf(ifp, "cannot pullup VLAN header\n"); 634#endif 635 ifp->if_ierrors++; 636 m_freem(m); 637 return; 638 } 639 640 evl = mtod(m, struct ether_vlan_header *); 641 m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag); 642 m->m_flags |= M_VLANTAG; 643 644 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN, 645 ETHER_HDR_LEN - ETHER_TYPE_LEN); 646 m_adj(m, ETHER_VLAN_ENCAP_LEN); 647 } 648 649 /* Allow ng_ether(4) to claim this frame. */ 650 if (IFP2AC(ifp)->ac_netgraph != NULL) { 651 KASSERT(ng_ether_input_p != NULL, 652 ("%s: ng_ether_input_p is NULL", __func__)); 653 m->m_flags &= ~M_PROMISC; 654 (*ng_ether_input_p)(ifp, &m); 655 if (m == NULL) 656 return; 657 } 658 659 /* 660 * Allow if_bridge(4) to claim this frame. 661 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it 662 * and the frame should be delivered locally. 663 */ 664 if (ifp->if_bridge != NULL) { 665 m->m_flags &= ~M_PROMISC; 666 BRIDGE_INPUT(ifp, m); 667 if (m == NULL) 668 return; 669 } 670 671#ifdef DEV_CARP 672 /* 673 * Clear M_PROMISC on frame so that carp(4) will see it when the 674 * mbuf flows up to Layer 3. 675 * FreeBSD's implementation of carp(4) uses the inprotosw 676 * to dispatch IPPROTO_CARP. carp(4) also allocates its own 677 * Ethernet addresses of the form 00:00:5e:00:01:xx, which 678 * is outside the scope of the M_PROMISC test below. 679 * TODO: Maintain a hash table of ethernet addresses other than 680 * ether_dhost which may be active on this ifp. 681 */ 682 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) { 683 m->m_flags &= ~M_PROMISC; 684 } else 685#endif 686 { 687 /* 688 * If the frame received was not for our MAC address, set the 689 * M_PROMISC flag on the mbuf chain. The frame may need to 690 * be seen by the rest of the Ethernet input path in case of 691 * re-entry (e.g. bridge, vlan, netgraph) but should not be 692 * seen by upper protocol layers. 693 */ 694 if (!ETHER_IS_MULTICAST(eh->ether_dhost) && 695 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0) 696 m->m_flags |= M_PROMISC; 697 } 698 699 /* First chunk of an mbuf contains good entropy */ 700 if (harvest.ethernet) 701 random_harvest(m, 16, 3, 0, RANDOM_NET); 702 703 ether_demux(ifp, m); 704} 705 706/* 707 * Upper layer processing for a received Ethernet packet. 708 */ 709void 710ether_demux(struct ifnet *ifp, struct mbuf *m) 711{ 712 struct ether_header *eh; 713 int isr; 714 u_short ether_type; 715#if defined(NETATALK) 716 struct llc *l; 717#endif 718 719 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__)); 720 721#if defined(INET) || defined(INET6) 722 INIT_VNET_NET(ifp->if_vnet); 723 /* 724 * Allow dummynet and/or ipfw to claim the frame. 725 * Do not do this for PROMISC frames in case we are re-entered. 726 */ 727 if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) { 728 struct ip_fw *rule = ip_dn_claim_rule(m); 729 730 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) { 731 if (m) 732 m_freem(m); /* dropped; free mbuf chain */ 733 return; /* consumed */ 734 } 735 } 736#endif 737 eh = mtod(m, struct ether_header *); 738 ether_type = ntohs(eh->ether_type); 739 740 /* 741 * If this frame has a VLAN tag other than 0, call vlan_input() 742 * if its module is loaded. Otherwise, drop. 743 */ 744 if ((m->m_flags & M_VLANTAG) && 745 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) { 746 if (ifp->if_vlantrunk == NULL) { 747 ifp->if_noproto++; 748 m_freem(m); 749 return; 750 } 751 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!", 752 __func__)); 753 /* Clear before possibly re-entering ether_input(). */ 754 m->m_flags &= ~M_PROMISC; 755 (*vlan_input_p)(ifp, m); 756 return; 757 } 758 759 /* 760 * Pass promiscuously received frames to the upper layer if the user 761 * requested this by setting IFF_PPROMISC. Otherwise, drop them. 762 */ 763 if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) { 764 m_freem(m); 765 return; 766 } 767 768 /* 769 * Reset layer specific mbuf flags to avoid confusing upper layers. 770 * Strip off Ethernet header. 771 */ 772 m->m_flags &= ~M_VLANTAG; 773 m->m_flags &= ~(M_PROTOFLAGS); 774 m_adj(m, ETHER_HDR_LEN); 775 776 /* 777 * Dispatch frame to upper layer. 778 */ 779 switch (ether_type) { 780#ifdef INET 781 case ETHERTYPE_IP: 782 if ((m = ip_fastforward(m)) == NULL) 783 return; 784 isr = NETISR_IP; 785 break; 786 787 case ETHERTYPE_ARP: 788 if (ifp->if_flags & IFF_NOARP) { 789 /* Discard packet if ARP is disabled on interface */ 790 m_freem(m); 791 return; 792 } 793 isr = NETISR_ARP; 794 break; 795#endif 796#ifdef IPX 797 case ETHERTYPE_IPX: 798 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 799 return; 800 isr = NETISR_IPX; 801 break; 802#endif 803#ifdef INET6 804 case ETHERTYPE_IPV6: 805 isr = NETISR_IPV6; 806 break; 807#endif 808#ifdef NETATALK 809 case ETHERTYPE_AT: 810 isr = NETISR_ATALK1; 811 break; 812 case ETHERTYPE_AARP: 813 isr = NETISR_AARP; 814 break; 815#endif /* NETATALK */ 816 default: 817#ifdef IPX 818 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 819 return; 820#endif /* IPX */ 821#if defined(NETATALK) 822 if (ether_type > ETHERMTU) 823 goto discard; 824 l = mtod(m, struct llc *); 825 if (l->llc_dsap == LLC_SNAP_LSAP && 826 l->llc_ssap == LLC_SNAP_LSAP && 827 l->llc_control == LLC_UI) { 828 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 829 sizeof(at_org_code)) == 0 && 830 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 831 m_adj(m, LLC_SNAPFRAMELEN); 832 isr = NETISR_ATALK2; 833 break; 834 } 835 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 836 sizeof(aarp_org_code)) == 0 && 837 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 838 m_adj(m, LLC_SNAPFRAMELEN); 839 isr = NETISR_AARP; 840 break; 841 } 842 } 843#endif /* NETATALK */ 844 goto discard; 845 } 846 netisr_dispatch(isr, m); 847 return; 848 849discard: 850 /* 851 * Packet is to be discarded. If netgraph is present, 852 * hand the packet to it for last chance processing; 853 * otherwise dispose of it. 854 */ 855 if (IFP2AC(ifp)->ac_netgraph != NULL) { 856 KASSERT(ng_ether_input_orphan_p != NULL, 857 ("ng_ether_input_orphan_p is NULL")); 858 /* 859 * Put back the ethernet header so netgraph has a 860 * consistent view of inbound packets. 861 */ 862 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT); 863 (*ng_ether_input_orphan_p)(ifp, m); 864 return; 865 } 866 m_freem(m); 867} 868 869/* 870 * Convert Ethernet address to printable (loggable) representation. 871 * This routine is for compatibility; it's better to just use 872 * 873 * printf("%6D", <pointer to address>, ":"); 874 * 875 * since there's no static buffer involved. 876 */ 877char * 878ether_sprintf(const u_char *ap) 879{ 880 static char etherbuf[18]; 881 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":"); 882 return (etherbuf); 883} 884 885/* 886 * Perform common duties while attaching to interface list 887 */ 888void 889ether_ifattach(struct ifnet *ifp, const u_int8_t *lla) 890{ 891 int i; 892 struct ifaddr *ifa; 893 struct sockaddr_dl *sdl; 894 895 ifp->if_addrlen = ETHER_ADDR_LEN; 896 ifp->if_hdrlen = ETHER_HDR_LEN; 897 if_attach(ifp); 898 ifp->if_mtu = ETHERMTU; 899 ifp->if_output = ether_output; 900 ifp->if_input = ether_input; 901 ifp->if_resolvemulti = ether_resolvemulti; 902 if (ifp->if_baudrate == 0) 903 ifp->if_baudrate = IF_Mbps(10); /* just a default */ 904 ifp->if_broadcastaddr = etherbroadcastaddr; 905 906 ifa = ifp->if_addr; 907 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__)); 908 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 909 sdl->sdl_type = IFT_ETHER; 910 sdl->sdl_alen = ifp->if_addrlen; 911 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 912 913 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN); 914 if (ng_ether_attach_p != NULL) 915 (*ng_ether_attach_p)(ifp); 916 917 /* Announce Ethernet MAC address if non-zero. */ 918 for (i = 0; i < ifp->if_addrlen; i++) 919 if (lla[i] != 0) 920 break; 921 if (i != ifp->if_addrlen) 922 if_printf(ifp, "Ethernet address: %6D\n", lla, ":"); 923} 924 925/* 926 * Perform common duties while detaching an Ethernet interface 927 */ 928void 929ether_ifdetach(struct ifnet *ifp) 930{ 931 if (IFP2AC(ifp)->ac_netgraph != NULL) { 932 KASSERT(ng_ether_detach_p != NULL, 933 ("ng_ether_detach_p is NULL")); 934 (*ng_ether_detach_p)(ifp); 935 } 936 937 bpfdetach(ifp); 938 if_detach(ifp); 939} 940 941SYSCTL_DECL(_net_link); 942SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 943#if defined(INET) || defined(INET6) 944SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 945 ether_ipfw, 0, "Pass ether pkts through firewall"); 946#endif 947 948#if 0 949/* 950 * This is for reference. We have a table-driven version 951 * of the little-endian crc32 generator, which is faster 952 * than the double-loop. 953 */ 954uint32_t 955ether_crc32_le(const uint8_t *buf, size_t len) 956{ 957 size_t i; 958 uint32_t crc; 959 int bit; 960 uint8_t data; 961 962 crc = 0xffffffff; /* initial value */ 963 964 for (i = 0; i < len; i++) { 965 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 966 carry = (crc ^ data) & 1; 967 crc >>= 1; 968 if (carry) 969 crc = (crc ^ ETHER_CRC_POLY_LE); 970 } 971 } 972 973 return (crc); 974} 975#else 976uint32_t 977ether_crc32_le(const uint8_t *buf, size_t len) 978{ 979 static const uint32_t crctab[] = { 980 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 981 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 982 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 983 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 984 }; 985 size_t i; 986 uint32_t crc; 987 988 crc = 0xffffffff; /* initial value */ 989 990 for (i = 0; i < len; i++) { 991 crc ^= buf[i]; 992 crc = (crc >> 4) ^ crctab[crc & 0xf]; 993 crc = (crc >> 4) ^ crctab[crc & 0xf]; 994 } 995 996 return (crc); 997} 998#endif 999 1000uint32_t 1001ether_crc32_be(const uint8_t *buf, size_t len) 1002{ 1003 size_t i; 1004 uint32_t crc, carry; 1005 int bit; 1006 uint8_t data; 1007 1008 crc = 0xffffffff; /* initial value */ 1009 1010 for (i = 0; i < len; i++) { 1011 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) { 1012 carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01); 1013 crc <<= 1; 1014 if (carry) 1015 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 1016 } 1017 } 1018 1019 return (crc); 1020} 1021 1022int 1023ether_ioctl(struct ifnet *ifp, u_long command, caddr_t data) 1024{ 1025 struct ifaddr *ifa = (struct ifaddr *) data; 1026 struct ifreq *ifr = (struct ifreq *) data; 1027 int error = 0; 1028 1029 switch (command) { 1030 case SIOCSIFADDR: 1031 ifp->if_flags |= IFF_UP; 1032 1033 switch (ifa->ifa_addr->sa_family) { 1034#ifdef INET 1035 case AF_INET: 1036 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 1037 arp_ifinit(ifp, ifa); 1038 break; 1039#endif 1040#ifdef IPX 1041 /* 1042 * XXX - This code is probably wrong 1043 */ 1044 case AF_IPX: 1045 { 1046 struct ipx_addr *ina = &(IA_SIPX(ifa)->sipx_addr); 1047 1048 if (ipx_nullhost(*ina)) 1049 ina->x_host = 1050 *(union ipx_host *) 1051 IF_LLADDR(ifp); 1052 else { 1053 bcopy((caddr_t) ina->x_host.c_host, 1054 (caddr_t) IF_LLADDR(ifp), 1055 ETHER_ADDR_LEN); 1056 } 1057 1058 /* 1059 * Set new address 1060 */ 1061 ifp->if_init(ifp->if_softc); 1062 break; 1063 } 1064#endif 1065 default: 1066 ifp->if_init(ifp->if_softc); 1067 break; 1068 } 1069 break; 1070 1071 case SIOCGIFADDR: 1072 { 1073 struct sockaddr *sa; 1074 1075 sa = (struct sockaddr *) & ifr->ifr_data; 1076 bcopy(IF_LLADDR(ifp), 1077 (caddr_t) sa->sa_data, ETHER_ADDR_LEN); 1078 } 1079 break; 1080 1081 case SIOCSIFMTU: 1082 /* 1083 * Set the interface MTU. 1084 */ 1085 if (ifr->ifr_mtu > ETHERMTU) { 1086 error = EINVAL; 1087 } else { 1088 ifp->if_mtu = ifr->ifr_mtu; 1089 } 1090 break; 1091 default: 1092 error = EINVAL; /* XXX netbsd has ENOTTY??? */ 1093 break; 1094 } 1095 return (error); 1096} 1097 1098static int 1099ether_resolvemulti(struct ifnet *ifp, struct sockaddr **llsa, 1100 struct sockaddr *sa) 1101{ 1102 struct sockaddr_dl *sdl; 1103#ifdef INET 1104 struct sockaddr_in *sin; 1105#endif 1106#ifdef INET6 1107 struct sockaddr_in6 *sin6; 1108#endif 1109 u_char *e_addr; 1110 1111 switch(sa->sa_family) { 1112 case AF_LINK: 1113 /* 1114 * No mapping needed. Just check that it's a valid MC address. 1115 */ 1116 sdl = (struct sockaddr_dl *)sa; 1117 e_addr = LLADDR(sdl); 1118 if (!ETHER_IS_MULTICAST(e_addr)) 1119 return EADDRNOTAVAIL; 1120 *llsa = 0; 1121 return 0; 1122 1123#ifdef INET 1124 case AF_INET: 1125 sin = (struct sockaddr_in *)sa; 1126 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1127 return EADDRNOTAVAIL; 1128 sdl = malloc(sizeof *sdl, M_IFMADDR, 1129 M_NOWAIT|M_ZERO); 1130 if (sdl == NULL) 1131 return ENOMEM; 1132 sdl->sdl_len = sizeof *sdl; 1133 sdl->sdl_family = AF_LINK; 1134 sdl->sdl_index = ifp->if_index; 1135 sdl->sdl_type = IFT_ETHER; 1136 sdl->sdl_alen = ETHER_ADDR_LEN; 1137 e_addr = LLADDR(sdl); 1138 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1139 *llsa = (struct sockaddr *)sdl; 1140 return 0; 1141#endif 1142#ifdef INET6 1143 case AF_INET6: 1144 sin6 = (struct sockaddr_in6 *)sa; 1145 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1146 /* 1147 * An IP6 address of 0 means listen to all 1148 * of the Ethernet multicast address used for IP6. 1149 * (This is used for multicast routers.) 1150 */ 1151 ifp->if_flags |= IFF_ALLMULTI; 1152 *llsa = 0; 1153 return 0; 1154 } 1155 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1156 return EADDRNOTAVAIL; 1157 sdl = malloc(sizeof *sdl, M_IFMADDR, 1158 M_NOWAIT|M_ZERO); 1159 if (sdl == NULL) 1160 return (ENOMEM); 1161 sdl->sdl_len = sizeof *sdl; 1162 sdl->sdl_family = AF_LINK; 1163 sdl->sdl_index = ifp->if_index; 1164 sdl->sdl_type = IFT_ETHER; 1165 sdl->sdl_alen = ETHER_ADDR_LEN; 1166 e_addr = LLADDR(sdl); 1167 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1168 *llsa = (struct sockaddr *)sdl; 1169 return 0; 1170#endif 1171 1172 default: 1173 /* 1174 * Well, the text isn't quite right, but it's the name 1175 * that counts... 1176 */ 1177 return EAFNOSUPPORT; 1178 } 1179} 1180 1181static void* 1182ether_alloc(u_char type, struct ifnet *ifp) 1183{ 1184 struct arpcom *ac; 1185 1186 ac = malloc(sizeof(struct arpcom), M_ARPCOM, M_WAITOK | M_ZERO); 1187 ac->ac_ifp = ifp; 1188 1189 return (ac); 1190} 1191 1192static void 1193ether_free(void *com, u_char type) 1194{ 1195 1196 free(com, M_ARPCOM); 1197} 1198 1199static int 1200ether_modevent(module_t mod, int type, void *data) 1201{ 1202 1203 switch (type) { 1204 case MOD_LOAD: 1205 if_register_com_alloc(IFT_ETHER, ether_alloc, ether_free); 1206 break; 1207 case MOD_UNLOAD: 1208 if_deregister_com_alloc(IFT_ETHER); 1209 break; 1210 default: 1211 return EOPNOTSUPP; 1212 } 1213 1214 return (0); 1215} 1216 1217static moduledata_t ether_mod = { 1218 "ether", 1219 ether_modevent, 1220 0 1221}; 1222 1223void 1224ether_vlan_mtap(struct bpf_if *bp, struct mbuf *m, void *data, u_int dlen) 1225{ 1226 struct ether_vlan_header vlan; 1227 struct mbuf mv, mb; 1228 1229 KASSERT((m->m_flags & M_VLANTAG) != 0, 1230 ("%s: vlan information not present", __func__)); 1231 KASSERT(m->m_len >= sizeof(struct ether_header), 1232 ("%s: mbuf not large enough for header", __func__)); 1233 bcopy(mtod(m, char *), &vlan, sizeof(struct ether_header)); 1234 vlan.evl_proto = vlan.evl_encap_proto; 1235 vlan.evl_encap_proto = htons(ETHERTYPE_VLAN); 1236 vlan.evl_tag = htons(m->m_pkthdr.ether_vtag); 1237 m->m_len -= sizeof(struct ether_header); 1238 m->m_data += sizeof(struct ether_header); 1239 /* 1240 * If a data link has been supplied by the caller, then we will need to 1241 * re-create a stack allocated mbuf chain with the following structure: 1242 * 1243 * (1) mbuf #1 will contain the supplied data link 1244 * (2) mbuf #2 will contain the vlan header 1245 * (3) mbuf #3 will contain the original mbuf's packet data 1246 * 1247 * Otherwise, submit the packet and vlan header via bpf_mtap2(). 1248 */ 1249 if (data != NULL) { 1250 mv.m_next = m; 1251 mv.m_data = (caddr_t)&vlan; 1252 mv.m_len = sizeof(vlan); 1253 mb.m_next = &mv; 1254 mb.m_data = data; 1255 mb.m_len = dlen; 1256 bpf_mtap(bp, &mb); 1257 } else 1258 bpf_mtap2(bp, &vlan, sizeof(vlan), m); 1259 m->m_len += sizeof(struct ether_header); 1260 m->m_data -= sizeof(struct ether_header); 1261} 1262 1263struct mbuf * 1264ether_vlanencap(struct mbuf *m, uint16_t tag) 1265{ 1266 struct ether_vlan_header *evl; 1267 1268 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_DONTWAIT); 1269 if (m == NULL) 1270 return (NULL); 1271 /* M_PREPEND takes care of m_len, m_pkthdr.len for us */ 1272 1273 if (m->m_len < sizeof(*evl)) { 1274 m = m_pullup(m, sizeof(*evl)); 1275 if (m == NULL) 1276 return (NULL); 1277 } 1278 1279 /* 1280 * Transform the Ethernet header into an Ethernet header 1281 * with 802.1Q encapsulation. 1282 */ 1283 evl = mtod(m, struct ether_vlan_header *); 1284 bcopy((char *)evl + ETHER_VLAN_ENCAP_LEN, 1285 (char *)evl, ETHER_HDR_LEN - ETHER_TYPE_LEN); 1286 evl->evl_encap_proto = htons(ETHERTYPE_VLAN); 1287 evl->evl_tag = htons(tag); 1288 return (m); 1289} 1290 1291DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY); 1292MODULE_VERSION(ether, 1);
|