1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38/* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 51 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 52 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 53 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 54 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 55 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 56 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 57 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 60 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 61 * POSSIBILITY OF SUCH DAMAGE. 62 * 63 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 64 */ 65 66/* 67 * Network interface bridge support. 68 * 69 * TODO: 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77#include <sys/cdefs.h> 78__FBSDID("$FreeBSD$"); 79 80#include "opt_inet.h" 81#include "opt_inet6.h" 82 83#include <sys/param.h> 84#include <sys/mbuf.h> 85#include <sys/malloc.h> 86#include <sys/protosw.h> 87#include <sys/systm.h> 88#include <sys/jail.h> 89#include <sys/time.h> 90#include <sys/socket.h> /* for net/if.h */ 91#include <sys/sockio.h> 92#include <sys/ctype.h> /* string functions */ 93#include <sys/kernel.h> 94#include <sys/random.h> 95#include <sys/syslog.h> 96#include <sys/sysctl.h> 97#include <vm/uma.h> 98#include <sys/module.h> 99#include <sys/priv.h> 100#include <sys/proc.h> 101#include <sys/lock.h> 102#include <sys/mutex.h> 103 104#include <net/bpf.h> 105#include <net/if.h> 106#include <net/if_clone.h> 107#include <net/if_dl.h> 108#include <net/if_types.h> 109#include <net/if_var.h> 110#include <net/pfil.h> 111#include <net/vnet.h> 112 113#include <netinet/in.h> /* for struct arpcom */ 114#include <netinet/in_systm.h> 115#include <netinet/in_var.h> 116#include <netinet/ip.h> 117#include <netinet/ip_var.h> 118#ifdef INET6 119#include <netinet/ip6.h> 120#include <netinet6/ip6_var.h> 121#include <netinet6/in6_ifattach.h> 122#endif 123#if defined(INET) || defined(INET6) 124#include <netinet/ip_carp.h> 125#endif 126#include <machine/in_cksum.h> 127#include <netinet/if_ether.h> /* for struct arpcom */ 128#include <net/bridgestp.h> 129#include <net/if_bridgevar.h> 130#include <net/if_llc.h> 131#include <net/if_vlan_var.h> 132 133#include <net/route.h> 134 135/* 136 * Size of the route hash table. Must be a power of two. 137 */ 138#ifndef BRIDGE_RTHASH_SIZE 139#define BRIDGE_RTHASH_SIZE 1024 140#endif 141 142#define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 143 144/* 145 * Default maximum number of addresses to cache. 146 */ 147#ifndef BRIDGE_RTABLE_MAX 148#define BRIDGE_RTABLE_MAX 2000 149#endif 150 151/* 152 * Timeout (in seconds) for entries learned dynamically. 153 */ 154#ifndef BRIDGE_RTABLE_TIMEOUT 155#define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 156#endif 157 158/* 159 * Number of seconds between walks of the route list. 160 */ 161#ifndef BRIDGE_RTABLE_PRUNE_PERIOD 162#define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 163#endif 164 165/* 166 * List of capabilities to possibly mask on the member interface. 167 */ 168#define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM) 169 170/* 171 * List of capabilities to strip 172 */ 173#define BRIDGE_IFCAPS_STRIP IFCAP_LRO 174 175/* 176 * Bridge interface list entry. 177 */ 178struct bridge_iflist { 179 LIST_ENTRY(bridge_iflist) bif_next; 180 struct ifnet *bif_ifp; /* member if */ 181 struct bstp_port bif_stp; /* STP state */ 182 uint32_t bif_flags; /* member if flags */ 183 int bif_savedcaps; /* saved capabilities */ 184 uint32_t bif_addrmax; /* max # of addresses */ 185 uint32_t bif_addrcnt; /* cur. # of addresses */ 186 uint32_t bif_addrexceeded;/* # of address violations */ 187}; 188 189/* 190 * Bridge route node. 191 */ 192struct bridge_rtnode { 193 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 194 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 195 struct bridge_iflist *brt_dst; /* destination if */ 196 unsigned long brt_expire; /* expiration time */ 197 uint8_t brt_flags; /* address flags */ 198 uint8_t brt_addr[ETHER_ADDR_LEN]; 199 uint16_t brt_vlan; /* vlan id */ 200}; 201#define brt_ifp brt_dst->bif_ifp 202 203/* 204 * Software state for each bridge. 205 */ 206struct bridge_softc { 207 struct ifnet *sc_ifp; /* make this an interface */ 208 LIST_ENTRY(bridge_softc) sc_list; 209 struct mtx sc_mtx; 210 struct cv sc_cv; 211 uint32_t sc_brtmax; /* max # of addresses */ 212 uint32_t sc_brtcnt; /* cur. # of addresses */ 213 uint32_t sc_brttimeout; /* rt timeout in seconds */ 214 struct callout sc_brcallout; /* bridge callout */ 215 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 216 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 217 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 218 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 219 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 220 uint32_t sc_rthash_key; /* key for hash */ 221 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 222 struct bstp_state sc_stp; /* STP state */ 223 uint32_t sc_brtexceeded; /* # of cache drops */ 224 struct ifnet *sc_ifaddr; /* member mac copied from */ 225 u_char sc_defaddr[6]; /* Default MAC address */ 226}; 227 228static struct mtx bridge_list_mtx; 229eventhandler_tag bridge_detach_cookie = NULL; 230 231int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 232 233uma_zone_t bridge_rtnode_zone; 234 235static int bridge_clone_create(struct if_clone *, int, caddr_t); 236static void bridge_clone_destroy(struct ifnet *); 237 238static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 239static void bridge_mutecaps(struct bridge_softc *); 240static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *, 241 int); 242static void bridge_ifdetach(void *arg __unused, struct ifnet *); 243static void bridge_init(void *); 244static void bridge_dummynet(struct mbuf *, struct ifnet *); 245static void bridge_stop(struct ifnet *, int); 246static int bridge_transmit(struct ifnet *, struct mbuf *); 247static void bridge_qflush(struct ifnet *); 248static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 249static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 250 struct rtentry *); 251static int bridge_enqueue(struct bridge_softc *, struct ifnet *, 252 struct mbuf *); 253static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 254 255static void bridge_forward(struct bridge_softc *, struct bridge_iflist *, 256 struct mbuf *m); 257 258static void bridge_timer(void *); 259 260static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 261 struct mbuf *, int); 262static void bridge_span(struct bridge_softc *, struct mbuf *); 263 264static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 265 uint16_t, struct bridge_iflist *, int, uint8_t); 266static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 267 uint16_t); 268static void bridge_rttrim(struct bridge_softc *); 269static void bridge_rtage(struct bridge_softc *); 270static void bridge_rtflush(struct bridge_softc *, int); 271static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 272 uint16_t); 273 274static void bridge_rtable_init(struct bridge_softc *); 275static void bridge_rtable_fini(struct bridge_softc *); 276 277static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 278static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 279 const uint8_t *, uint16_t); 280static int bridge_rtnode_insert(struct bridge_softc *, 281 struct bridge_rtnode *); 282static void bridge_rtnode_destroy(struct bridge_softc *, 283 struct bridge_rtnode *); 284static void bridge_rtable_expire(struct ifnet *, int); 285static void bridge_state_change(struct ifnet *, int); 286 287static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 288 const char *name); 289static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 290 struct ifnet *ifp); 291static void bridge_delete_member(struct bridge_softc *, 292 struct bridge_iflist *, int); 293static void bridge_delete_span(struct bridge_softc *, 294 struct bridge_iflist *); 295 296static int bridge_ioctl_add(struct bridge_softc *, void *); 297static int bridge_ioctl_del(struct bridge_softc *, void *); 298static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 299static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 300static int bridge_ioctl_scache(struct bridge_softc *, void *); 301static int bridge_ioctl_gcache(struct bridge_softc *, void *); 302static int bridge_ioctl_gifs(struct bridge_softc *, void *); 303static int bridge_ioctl_rts(struct bridge_softc *, void *); 304static int bridge_ioctl_saddr(struct bridge_softc *, void *); 305static int bridge_ioctl_sto(struct bridge_softc *, void *); 306static int bridge_ioctl_gto(struct bridge_softc *, void *); 307static int bridge_ioctl_daddr(struct bridge_softc *, void *); 308static int bridge_ioctl_flush(struct bridge_softc *, void *); 309static int bridge_ioctl_gpri(struct bridge_softc *, void *); 310static int bridge_ioctl_spri(struct bridge_softc *, void *); 311static int bridge_ioctl_ght(struct bridge_softc *, void *); 312static int bridge_ioctl_sht(struct bridge_softc *, void *); 313static int bridge_ioctl_gfd(struct bridge_softc *, void *); 314static int bridge_ioctl_sfd(struct bridge_softc *, void *); 315static int bridge_ioctl_gma(struct bridge_softc *, void *); 316static int bridge_ioctl_sma(struct bridge_softc *, void *); 317static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 318static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 319static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *); 320static int bridge_ioctl_addspan(struct bridge_softc *, void *); 321static int bridge_ioctl_delspan(struct bridge_softc *, void *); 322static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 323static int bridge_ioctl_grte(struct bridge_softc *, void *); 324static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 325static int bridge_ioctl_sproto(struct bridge_softc *, void *); 326static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 327static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 328 int); 329static int bridge_ip_checkbasic(struct mbuf **mp); 330#ifdef INET6 331static int bridge_ip6_checkbasic(struct mbuf **mp); 332#endif /* INET6 */ 333static int bridge_fragment(struct ifnet *, struct mbuf *, 334 struct ether_header *, int, struct llc *); 335static void bridge_linkstate(struct ifnet *ifp); 336static void bridge_linkcheck(struct bridge_softc *sc); 337 338extern void (*bridge_linkstate_p)(struct ifnet *ifp); 339 340/* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 341#define VLANTAGOF(_m) \ 342 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 343 344static struct bstp_cb_ops bridge_ops = { 345 .bcb_state = bridge_state_change, 346 .bcb_rtage = bridge_rtable_expire 347}; 348 349SYSCTL_DECL(_net_link); 350static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 351 352static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 353static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 354static int pfil_member = 1; /* run pfil hooks on the member interface */ 355static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 356static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 357static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for 358 locally destined packets */ 359static int log_stp = 0; /* log STP state changes */ 360static int bridge_inherit_mac = 0; /* share MAC with first bridge member */ 361TUNABLE_INT("net.link.bridge.pfil_onlyip", &pfil_onlyip); 362SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 363 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 364TUNABLE_INT("net.link.bridge.ipfw_arp", &pfil_ipfw_arp); 365SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 366 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 367TUNABLE_INT("net.link.bridge.pfil_bridge", &pfil_bridge); 368SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 369 &pfil_bridge, 0, "Packet filter on the bridge interface"); 370TUNABLE_INT("net.link.bridge.pfil_member", &pfil_member); 371SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 372 &pfil_member, 0, "Packet filter on the member interface"); 373TUNABLE_INT("net.link.bridge.pfil_local_phys", &pfil_local_phys); 374SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, CTLFLAG_RW, 375 &pfil_local_phys, 0, 376 "Packet filter on the physical interface for locally destined packets"); 377TUNABLE_INT("net.link.bridge.log_stp", &log_stp); 378SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 379 &log_stp, 0, "Log STP state changes"); 380TUNABLE_INT("net.link.bridge.inherit_mac", &bridge_inherit_mac); 381SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW, 382 &bridge_inherit_mac, 0, 383 "Inherit MAC address from the first bridge member"); 384 385static VNET_DEFINE(int, allow_llz_overlap) = 0; 386#define V_allow_llz_overlap VNET(allow_llz_overlap) 387SYSCTL_VNET_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap, CTLFLAG_RW, 388 &VNET_NAME(allow_llz_overlap), 0, "Allow overlap of link-local scope " 389 "zones of a bridge interface and the member interfaces"); 390 391struct bridge_control { 392 int (*bc_func)(struct bridge_softc *, void *); 393 int bc_argsize; 394 int bc_flags; 395}; 396 397#define BC_F_COPYIN 0x01 /* copy arguments in */ 398#define BC_F_COPYOUT 0x02 /* copy arguments out */ 399#define BC_F_SUSER 0x04 /* do super-user check */ 400 401const struct bridge_control bridge_control_table[] = { 402 { bridge_ioctl_add, sizeof(struct ifbreq), 403 BC_F_COPYIN|BC_F_SUSER }, 404 { bridge_ioctl_del, sizeof(struct ifbreq), 405 BC_F_COPYIN|BC_F_SUSER }, 406 407 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 408 BC_F_COPYIN|BC_F_COPYOUT }, 409 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 410 BC_F_COPYIN|BC_F_SUSER }, 411 412 { bridge_ioctl_scache, sizeof(struct ifbrparam), 413 BC_F_COPYIN|BC_F_SUSER }, 414 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 415 BC_F_COPYOUT }, 416 417 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 418 BC_F_COPYIN|BC_F_COPYOUT }, 419 { bridge_ioctl_rts, sizeof(struct ifbaconf), 420 BC_F_COPYIN|BC_F_COPYOUT }, 421 422 { bridge_ioctl_saddr, sizeof(struct ifbareq), 423 BC_F_COPYIN|BC_F_SUSER }, 424 425 { bridge_ioctl_sto, sizeof(struct ifbrparam), 426 BC_F_COPYIN|BC_F_SUSER }, 427 { bridge_ioctl_gto, sizeof(struct ifbrparam), 428 BC_F_COPYOUT }, 429 430 { bridge_ioctl_daddr, sizeof(struct ifbareq), 431 BC_F_COPYIN|BC_F_SUSER }, 432 433 { bridge_ioctl_flush, sizeof(struct ifbreq), 434 BC_F_COPYIN|BC_F_SUSER }, 435 436 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 437 BC_F_COPYOUT }, 438 { bridge_ioctl_spri, sizeof(struct ifbrparam), 439 BC_F_COPYIN|BC_F_SUSER }, 440 441 { bridge_ioctl_ght, sizeof(struct ifbrparam), 442 BC_F_COPYOUT }, 443 { bridge_ioctl_sht, sizeof(struct ifbrparam), 444 BC_F_COPYIN|BC_F_SUSER }, 445 446 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 447 BC_F_COPYOUT }, 448 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 449 BC_F_COPYIN|BC_F_SUSER }, 450 451 { bridge_ioctl_gma, sizeof(struct ifbrparam), 452 BC_F_COPYOUT }, 453 { bridge_ioctl_sma, sizeof(struct ifbrparam), 454 BC_F_COPYIN|BC_F_SUSER }, 455 456 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 457 BC_F_COPYIN|BC_F_SUSER }, 458 459 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 460 BC_F_COPYIN|BC_F_SUSER }, 461 462 { bridge_ioctl_addspan, sizeof(struct ifbreq), 463 BC_F_COPYIN|BC_F_SUSER }, 464 { bridge_ioctl_delspan, sizeof(struct ifbreq), 465 BC_F_COPYIN|BC_F_SUSER }, 466 467 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 468 BC_F_COPYOUT }, 469 470 { bridge_ioctl_grte, sizeof(struct ifbrparam), 471 BC_F_COPYOUT }, 472 473 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 474 BC_F_COPYIN|BC_F_COPYOUT }, 475 476 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 477 BC_F_COPYIN|BC_F_SUSER }, 478 479 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 480 BC_F_COPYIN|BC_F_SUSER }, 481 482 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq), 483 BC_F_COPYIN|BC_F_SUSER }, 484 485}; 486const int bridge_control_table_size = 487 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 488 489LIST_HEAD(, bridge_softc) bridge_list; 490 491static struct if_clone *bridge_cloner; 492static const char bridge_name[] = "bridge"; 493 494static int 495bridge_modevent(module_t mod, int type, void *data) 496{ 497 498 switch (type) { 499 case MOD_LOAD: 500 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 501 bridge_cloner = if_clone_simple(bridge_name, 502 bridge_clone_create, bridge_clone_destroy, 0); 503 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 504 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 505 UMA_ALIGN_PTR, 0); 506 LIST_INIT(&bridge_list); 507 bridge_input_p = bridge_input; 508 bridge_output_p = bridge_output; 509 bridge_dn_p = bridge_dummynet; 510 bridge_linkstate_p = bridge_linkstate; 511 bridge_detach_cookie = EVENTHANDLER_REGISTER( 512 ifnet_departure_event, bridge_ifdetach, NULL, 513 EVENTHANDLER_PRI_ANY); 514 break; 515 case MOD_UNLOAD: 516 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 517 bridge_detach_cookie); 518 if_clone_detach(bridge_cloner); 519 uma_zdestroy(bridge_rtnode_zone); 520 bridge_input_p = NULL; 521 bridge_output_p = NULL; 522 bridge_dn_p = NULL; 523 bridge_linkstate_p = NULL; 524 mtx_destroy(&bridge_list_mtx); 525 break; 526 default: 527 return (EOPNOTSUPP); 528 } 529 return (0); 530} 531 532static moduledata_t bridge_mod = { 533 "if_bridge", 534 bridge_modevent, 535 0 536}; 537 538DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 539MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 540 541/* 542 * handler for net.link.bridge.ipfw 543 */ 544static int 545sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 546{ 547 int enable = pfil_ipfw; 548 int error; 549 550 error = sysctl_handle_int(oidp, &enable, 0, req); 551 enable = (enable) ? 1 : 0; 552 553 if (enable != pfil_ipfw) { 554 pfil_ipfw = enable; 555 556 /* 557 * Disable pfil so that ipfw doesnt run twice, if the user 558 * really wants both then they can re-enable pfil_bridge and/or 559 * pfil_member. Also allow non-ip packets as ipfw can filter by 560 * layer2 type. 561 */ 562 if (pfil_ipfw) { 563 pfil_onlyip = 0; 564 pfil_bridge = 0; 565 pfil_member = 0; 566 } 567 } 568 569 return (error); 570} 571SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 572 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 573 574/* 575 * bridge_clone_create: 576 * 577 * Create a new bridge instance. 578 */ 579static int 580bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 581{ 582 struct bridge_softc *sc, *sc2; 583 struct ifnet *bifp, *ifp; 584 int fb, retry; 585 unsigned long hostid; 586 587 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 588 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 589 if (ifp == NULL) { 590 free(sc, M_DEVBUF); 591 return (ENOSPC); 592 } 593 594 BRIDGE_LOCK_INIT(sc); 595 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 596 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 597 598 /* Initialize our routing table. */ 599 bridge_rtable_init(sc); 600 601 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 602 603 LIST_INIT(&sc->sc_iflist); 604 LIST_INIT(&sc->sc_spanlist); 605 606 ifp->if_softc = sc; 607 if_initname(ifp, bridge_name, unit); 608 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 609 ifp->if_ioctl = bridge_ioctl; 610 ifp->if_transmit = bridge_transmit; 611 ifp->if_qflush = bridge_qflush; 612 ifp->if_init = bridge_init; 613 ifp->if_type = IFT_BRIDGE; 614 615 /* 616 * Generate an ethernet address with a locally administered address. 617 * 618 * Since we are using random ethernet addresses for the bridge, it is 619 * possible that we might have address collisions, so make sure that 620 * this hardware address isn't already in use on another bridge. 621 * The first try uses the hostid and falls back to arc4rand(). 622 */ 623 fb = 0; 624 getcredhostid(curthread->td_ucred, &hostid); 625 do { 626 if (fb || hostid == 0) { 627 arc4rand(sc->sc_defaddr, ETHER_ADDR_LEN, 1); 628 sc->sc_defaddr[0] &= ~1;/* clear multicast bit */ 629 sc->sc_defaddr[0] |= 2; /* set the LAA bit */ 630 } else { 631 sc->sc_defaddr[0] = 0x2; 632 sc->sc_defaddr[1] = (hostid >> 24) & 0xff; 633 sc->sc_defaddr[2] = (hostid >> 16) & 0xff; 634 sc->sc_defaddr[3] = (hostid >> 8 ) & 0xff; 635 sc->sc_defaddr[4] = hostid & 0xff; 636 sc->sc_defaddr[5] = ifp->if_dunit & 0xff; 637 } 638 639 fb = 1; 640 retry = 0; 641 mtx_lock(&bridge_list_mtx); 642 LIST_FOREACH(sc2, &bridge_list, sc_list) { 643 bifp = sc2->sc_ifp; 644 if (memcmp(sc->sc_defaddr, 645 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 646 retry = 1; 647 break; 648 } 649 } 650 mtx_unlock(&bridge_list_mtx); 651 } while (retry == 1); 652 653 bstp_attach(&sc->sc_stp, &bridge_ops); 654 ether_ifattach(ifp, sc->sc_defaddr); 655 /* Now undo some of the damage... */ 656 ifp->if_baudrate = 0; 657 ifp->if_type = IFT_BRIDGE; 658 659 mtx_lock(&bridge_list_mtx); 660 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 661 mtx_unlock(&bridge_list_mtx); 662 663 return (0); 664} 665 666/* 667 * bridge_clone_destroy: 668 * 669 * Destroy a bridge instance. 670 */ 671static void 672bridge_clone_destroy(struct ifnet *ifp) 673{ 674 struct bridge_softc *sc = ifp->if_softc; 675 struct bridge_iflist *bif; 676 677 BRIDGE_LOCK(sc); 678 679 bridge_stop(ifp, 1); 680 ifp->if_flags &= ~IFF_UP; 681 682 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 683 bridge_delete_member(sc, bif, 0); 684 685 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 686 bridge_delete_span(sc, bif); 687 } 688 689 BRIDGE_UNLOCK(sc); 690 691 callout_drain(&sc->sc_brcallout); 692 693 mtx_lock(&bridge_list_mtx); 694 LIST_REMOVE(sc, sc_list); 695 mtx_unlock(&bridge_list_mtx); 696 697 bstp_detach(&sc->sc_stp); 698 ether_ifdetach(ifp); 699 if_free(ifp); 700 701 /* Tear down the routing table. */ 702 bridge_rtable_fini(sc); 703 704 BRIDGE_LOCK_DESTROY(sc); 705 free(sc, M_DEVBUF); 706} 707 708/* 709 * bridge_ioctl: 710 * 711 * Handle a control request from the operator. 712 */ 713static int 714bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 715{ 716 struct bridge_softc *sc = ifp->if_softc; 717 struct ifreq *ifr = (struct ifreq *)data; 718 struct bridge_iflist *bif; 719 struct thread *td = curthread; 720 union { 721 struct ifbreq ifbreq; 722 struct ifbifconf ifbifconf; 723 struct ifbareq ifbareq; 724 struct ifbaconf ifbaconf; 725 struct ifbrparam ifbrparam; 726 struct ifbropreq ifbropreq; 727 } args; 728 struct ifdrv *ifd = (struct ifdrv *) data; 729 const struct bridge_control *bc; 730 int error = 0; 731 732 switch (cmd) { 733 734 case SIOCADDMULTI: 735 case SIOCDELMULTI: 736 break; 737 738 case SIOCGDRVSPEC: 739 case SIOCSDRVSPEC: 740 if (ifd->ifd_cmd >= bridge_control_table_size) { 741 error = EINVAL; 742 break; 743 } 744 bc = &bridge_control_table[ifd->ifd_cmd]; 745 746 if (cmd == SIOCGDRVSPEC && 747 (bc->bc_flags & BC_F_COPYOUT) == 0) { 748 error = EINVAL; 749 break; 750 } 751 else if (cmd == SIOCSDRVSPEC && 752 (bc->bc_flags & BC_F_COPYOUT) != 0) { 753 error = EINVAL; 754 break; 755 } 756 757 if (bc->bc_flags & BC_F_SUSER) { 758 error = priv_check(td, PRIV_NET_BRIDGE); 759 if (error) 760 break; 761 } 762 763 if (ifd->ifd_len != bc->bc_argsize || 764 ifd->ifd_len > sizeof(args)) { 765 error = EINVAL; 766 break; 767 } 768 769 bzero(&args, sizeof(args)); 770 if (bc->bc_flags & BC_F_COPYIN) { 771 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 772 if (error) 773 break; 774 } 775 776 BRIDGE_LOCK(sc); 777 error = (*bc->bc_func)(sc, &args); 778 BRIDGE_UNLOCK(sc); 779 if (error) 780 break; 781 782 if (bc->bc_flags & BC_F_COPYOUT) 783 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 784 785 break; 786 787 case SIOCSIFFLAGS: 788 if (!(ifp->if_flags & IFF_UP) && 789 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 790 /* 791 * If interface is marked down and it is running, 792 * then stop and disable it. 793 */ 794 BRIDGE_LOCK(sc); 795 bridge_stop(ifp, 1); 796 BRIDGE_UNLOCK(sc); 797 } else if ((ifp->if_flags & IFF_UP) && 798 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 799 /* 800 * If interface is marked up and it is stopped, then 801 * start it. 802 */ 803 (*ifp->if_init)(sc); 804 } 805 break; 806 807 case SIOCSIFMTU: 808 if (ifr->ifr_mtu < 576) { 809 error = EINVAL; 810 break; 811 } 812 if (LIST_EMPTY(&sc->sc_iflist)) { 813 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 814 break; 815 } 816 BRIDGE_LOCK(sc); 817 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 818 if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) { 819 log(LOG_NOTICE, "%s: invalid MTU: %lu(%s)" 820 " != %d\n", sc->sc_ifp->if_xname, 821 bif->bif_ifp->if_mtu, 822 bif->bif_ifp->if_xname, ifr->ifr_mtu); 823 error = EINVAL; 824 break; 825 } 826 } 827 if (!error) 828 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 829 BRIDGE_UNLOCK(sc); 830 break; 831 default: 832 /* 833 * drop the lock as ether_ioctl() will call bridge_start() and 834 * cause the lock to be recursed. 835 */ 836 error = ether_ioctl(ifp, cmd, data); 837 break; 838 } 839 840 return (error); 841} 842 843/* 844 * bridge_mutecaps: 845 * 846 * Clear or restore unwanted capabilities on the member interface 847 */ 848static void 849bridge_mutecaps(struct bridge_softc *sc) 850{ 851 struct bridge_iflist *bif; 852 int enabled, mask; 853 854 /* Initial bitmask of capabilities to test */ 855 mask = BRIDGE_IFCAPS_MASK; 856 857 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 858 /* Every member must support it or its disabled */ 859 mask &= bif->bif_savedcaps; 860 } 861 862 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 863 enabled = bif->bif_ifp->if_capenable; 864 enabled &= ~BRIDGE_IFCAPS_STRIP; 865 /* strip off mask bits and enable them again if allowed */ 866 enabled &= ~BRIDGE_IFCAPS_MASK; 867 enabled |= mask; 868 bridge_set_ifcap(sc, bif, enabled); 869 } 870 871} 872 873static void 874bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set) 875{ 876 struct ifnet *ifp = bif->bif_ifp; 877 struct ifreq ifr; 878 int error; 879 880 bzero(&ifr, sizeof(ifr)); 881 ifr.ifr_reqcap = set; 882 883 if (ifp->if_capenable != set) { 884 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 885 if (error) 886 if_printf(sc->sc_ifp, 887 "error setting interface capabilities on %s\n", 888 ifp->if_xname); 889 } 890} 891 892/* 893 * bridge_lookup_member: 894 * 895 * Lookup a bridge member interface. 896 */ 897static struct bridge_iflist * 898bridge_lookup_member(struct bridge_softc *sc, const char *name) 899{ 900 struct bridge_iflist *bif; 901 struct ifnet *ifp; 902 903 BRIDGE_LOCK_ASSERT(sc); 904 905 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 906 ifp = bif->bif_ifp; 907 if (strcmp(ifp->if_xname, name) == 0) 908 return (bif); 909 } 910 911 return (NULL); 912} 913 914/* 915 * bridge_lookup_member_if: 916 * 917 * Lookup a bridge member interface by ifnet*. 918 */ 919static struct bridge_iflist * 920bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 921{ 922 struct bridge_iflist *bif; 923 924 BRIDGE_LOCK_ASSERT(sc); 925 926 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 927 if (bif->bif_ifp == member_ifp) 928 return (bif); 929 } 930 931 return (NULL); 932} 933 934/* 935 * bridge_delete_member: 936 * 937 * Delete the specified member interface. 938 */ 939static void 940bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 941 int gone) 942{ 943 struct ifnet *ifs = bif->bif_ifp; 944 struct ifnet *fif = NULL; 945 946 BRIDGE_LOCK_ASSERT(sc); 947 948 if (bif->bif_flags & IFBIF_STP) 949 bstp_disable(&bif->bif_stp); 950 951 ifs->if_bridge = NULL; 952 BRIDGE_XLOCK(sc); 953 LIST_REMOVE(bif, bif_next); 954 BRIDGE_XDROP(sc); 955 956 /* 957 * If removing the interface that gave the bridge its mac address, set 958 * the mac address of the bridge to the address of the next member, or 959 * to its default address if no members are left. 960 */ 961 if (bridge_inherit_mac && sc->sc_ifaddr == ifs) { 962 if (LIST_EMPTY(&sc->sc_iflist)) { 963 bcopy(sc->sc_defaddr, 964 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 965 sc->sc_ifaddr = NULL; 966 } else { 967 fif = LIST_FIRST(&sc->sc_iflist)->bif_ifp; 968 bcopy(IF_LLADDR(fif), 969 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 970 sc->sc_ifaddr = fif; 971 } 972 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 973 } 974 975 bridge_linkcheck(sc); 976 bridge_mutecaps(sc); /* recalcuate now this interface is removed */ 977 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 978 KASSERT(bif->bif_addrcnt == 0, 979 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt)); 980 981 BRIDGE_UNLOCK(sc); 982 if (!gone) { 983 switch (ifs->if_type) { 984 case IFT_ETHER: 985 case IFT_L2VLAN: 986 /* 987 * Take the interface out of promiscuous mode. 988 */ 989 (void) ifpromisc(ifs, 0); 990 break; 991 992 case IFT_GIF: 993 break; 994 995 default: 996#ifdef DIAGNOSTIC 997 panic("bridge_delete_member: impossible"); 998#endif 999 break; 1000 } 1001 /* reneable any interface capabilities */ 1002 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 1003 } 1004 bstp_destroy(&bif->bif_stp); /* prepare to free */ 1005 BRIDGE_LOCK(sc); 1006 free(bif, M_DEVBUF); 1007} 1008 1009/* 1010 * bridge_delete_span: 1011 * 1012 * Delete the specified span interface. 1013 */ 1014static void 1015bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1016{ 1017 BRIDGE_LOCK_ASSERT(sc); 1018 1019 KASSERT(bif->bif_ifp->if_bridge == NULL, 1020 ("%s: not a span interface", __func__)); 1021 1022 LIST_REMOVE(bif, bif_next); 1023 free(bif, M_DEVBUF); 1024} 1025 1026static int 1027bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1028{ 1029 struct ifbreq *req = arg; 1030 struct bridge_iflist *bif = NULL; 1031 struct ifnet *ifs; 1032 int error = 0; 1033 1034 ifs = ifunit(req->ifbr_ifsname); 1035 if (ifs == NULL) 1036 return (ENOENT); 1037 if (ifs->if_ioctl == NULL) /* must be supported */ 1038 return (EINVAL); 1039 1040 /* If it's in the span list, it can't be a member. */ 1041 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1042 if (ifs == bif->bif_ifp) 1043 return (EBUSY); 1044 1045 if (ifs->if_bridge == sc) 1046 return (EEXIST); 1047 1048 if (ifs->if_bridge != NULL) 1049 return (EBUSY); 1050 1051 switch (ifs->if_type) { 1052 case IFT_ETHER: 1053 case IFT_L2VLAN: 1054 case IFT_GIF: 1055 /* permitted interface types */ 1056 break; 1057 default: 1058 return (EINVAL); 1059 } 1060 1061#ifdef INET6 1062 /* 1063 * Two valid inet6 addresses with link-local scope must not be 1064 * on the parent interface and the member interfaces at the 1065 * same time. This restriction is needed to prevent violation 1066 * of link-local scope zone. Attempts to add a member 1067 * interface which has inet6 addresses when the parent has 1068 * inet6 triggers removal of all inet6 addresses on the member 1069 * interface. 1070 */ 1071 1072 /* Check if the parent interface has a link-local scope addr. */ 1073 if (V_allow_llz_overlap == 0 && 1074 in6ifa_llaonifp(sc->sc_ifp) != NULL) { 1075 /* 1076 * If any, remove all inet6 addresses from the member 1077 * interfaces. 1078 */ 1079 BRIDGE_XLOCK(sc); 1080 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1081 if (in6ifa_llaonifp(bif->bif_ifp)) { 1082 BRIDGE_UNLOCK(sc); 1083 in6_ifdetach(bif->bif_ifp); 1084 BRIDGE_LOCK(sc); 1085 if_printf(sc->sc_ifp, 1086 "IPv6 addresses on %s have been removed " 1087 "before adding it as a member to prevent " 1088 "IPv6 address scope violation.\n", 1089 bif->bif_ifp->if_xname); 1090 } 1091 } 1092 BRIDGE_XDROP(sc); 1093 if (in6ifa_llaonifp(ifs)) { 1094 BRIDGE_UNLOCK(sc); 1095 in6_ifdetach(ifs); 1096 BRIDGE_LOCK(sc); 1097 if_printf(sc->sc_ifp, 1098 "IPv6 addresses on %s have been removed " 1099 "before adding it as a member to prevent " 1100 "IPv6 address scope violation.\n", 1101 ifs->if_xname); 1102 } 1103 } 1104#endif 1105 /* Allow the first Ethernet member to define the MTU */ 1106 if (LIST_EMPTY(&sc->sc_iflist)) 1107 sc->sc_ifp->if_mtu = ifs->if_mtu; 1108 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 1109 if_printf(sc->sc_ifp, "invalid MTU: %lu(%s) != %lu\n", 1110 ifs->if_mtu, ifs->if_xname, sc->sc_ifp->if_mtu); 1111 return (EINVAL); 1112 } 1113 1114 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1115 if (bif == NULL) 1116 return (ENOMEM); 1117 1118 bif->bif_ifp = ifs; 1119 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 1120 bif->bif_savedcaps = ifs->if_capenable; 1121 1122 /* 1123 * Assign the interface's MAC address to the bridge if it's the first 1124 * member and the MAC address of the bridge has not been changed from 1125 * the default randomly generated one. 1126 */ 1127 if (bridge_inherit_mac && LIST_EMPTY(&sc->sc_iflist) && 1128 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN)) { 1129 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1130 sc->sc_ifaddr = ifs; 1131 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 1132 } 1133 1134 ifs->if_bridge = sc; 1135 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 1136 /* 1137 * XXX: XLOCK HERE!?! 1138 * 1139 * NOTE: insert_***HEAD*** should be safe for the traversals. 1140 */ 1141 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 1142 1143 /* Set interface capabilities to the intersection set of all members */ 1144 bridge_mutecaps(sc); 1145 bridge_linkcheck(sc); 1146 1147 /* Place the interface into promiscuous mode */ 1148 switch (ifs->if_type) { 1149 case IFT_ETHER: 1150 case IFT_L2VLAN: 1151 BRIDGE_UNLOCK(sc); 1152 error = ifpromisc(ifs, 1); 1153 BRIDGE_LOCK(sc); 1154 break; 1155 } 1156 1157 if (error) { 1158 bridge_delete_member(sc, bif, 0); 1159 free(bif, M_DEVBUF); 1160 } 1161 return (error); 1162} 1163 1164static int 1165bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1166{ 1167 struct ifbreq *req = arg; 1168 struct bridge_iflist *bif; 1169 1170 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1171 if (bif == NULL) 1172 return (ENOENT); 1173 1174 bridge_delete_member(sc, bif, 0); 1175 1176 return (0); 1177} 1178 1179static int 1180bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1181{ 1182 struct ifbreq *req = arg; 1183 struct bridge_iflist *bif; 1184 struct bstp_port *bp; 1185 1186 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1187 if (bif == NULL) 1188 return (ENOENT); 1189 1190 bp = &bif->bif_stp; 1191 req->ifbr_ifsflags = bif->bif_flags; 1192 req->ifbr_state = bp->bp_state; 1193 req->ifbr_priority = bp->bp_priority; 1194 req->ifbr_path_cost = bp->bp_path_cost; 1195 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1196 req->ifbr_proto = bp->bp_protover; 1197 req->ifbr_role = bp->bp_role; 1198 req->ifbr_stpflags = bp->bp_flags; 1199 req->ifbr_addrcnt = bif->bif_addrcnt; 1200 req->ifbr_addrmax = bif->bif_addrmax; 1201 req->ifbr_addrexceeded = bif->bif_addrexceeded; 1202 1203 /* Copy STP state options as flags */ 1204 if (bp->bp_operedge) 1205 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1206 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1207 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1208 if (bp->bp_ptp_link) 1209 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1210 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1211 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1212 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1213 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1214 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1215 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1216 return (0); 1217} 1218 1219static int 1220bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1221{ 1222 struct ifbreq *req = arg; 1223 struct bridge_iflist *bif; 1224 struct bstp_port *bp; 1225 int error; 1226 1227 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1228 if (bif == NULL) 1229 return (ENOENT); 1230 bp = &bif->bif_stp; 1231 1232 if (req->ifbr_ifsflags & IFBIF_SPAN) 1233 /* SPAN is readonly */ 1234 return (EINVAL); 1235 1236 if (req->ifbr_ifsflags & IFBIF_STP) { 1237 if ((bif->bif_flags & IFBIF_STP) == 0) { 1238 error = bstp_enable(&bif->bif_stp); 1239 if (error) 1240 return (error); 1241 } 1242 } else { 1243 if ((bif->bif_flags & IFBIF_STP) != 0) 1244 bstp_disable(&bif->bif_stp); 1245 } 1246 1247 /* Pass on STP flags */ 1248 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1249 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1250 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1251 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1252 1253 /* Save the bits relating to the bridge */ 1254 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1255 1256 return (0); 1257} 1258 1259static int 1260bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1261{ 1262 struct ifbrparam *param = arg; 1263 1264 sc->sc_brtmax = param->ifbrp_csize; 1265 bridge_rttrim(sc); 1266 1267 return (0); 1268} 1269 1270static int 1271bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1272{ 1273 struct ifbrparam *param = arg; 1274 1275 param->ifbrp_csize = sc->sc_brtmax; 1276 1277 return (0); 1278} 1279 1280static int 1281bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1282{ 1283 struct ifbifconf *bifc = arg; 1284 struct bridge_iflist *bif; 1285 struct ifbreq breq; 1286 char *buf, *outbuf; 1287 int count, buflen, len, error = 0; 1288 1289 count = 0; 1290 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1291 count++; 1292 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1293 count++; 1294 1295 buflen = sizeof(breq) * count; 1296 if (bifc->ifbic_len == 0) { 1297 bifc->ifbic_len = buflen; 1298 return (0); 1299 } 1300 BRIDGE_UNLOCK(sc); 1301 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1302 BRIDGE_LOCK(sc); 1303 1304 count = 0; 1305 buf = outbuf; 1306 len = min(bifc->ifbic_len, buflen); 1307 bzero(&breq, sizeof(breq)); 1308 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1309 if (len < sizeof(breq)) 1310 break; 1311 1312 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1313 sizeof(breq.ifbr_ifsname)); 1314 /* Fill in the ifbreq structure */ 1315 error = bridge_ioctl_gifflags(sc, &breq); 1316 if (error) 1317 break; 1318 memcpy(buf, &breq, sizeof(breq)); 1319 count++; 1320 buf += sizeof(breq); 1321 len -= sizeof(breq); 1322 } 1323 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1324 if (len < sizeof(breq)) 1325 break; 1326 1327 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1328 sizeof(breq.ifbr_ifsname)); 1329 breq.ifbr_ifsflags = bif->bif_flags; 1330 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1331 memcpy(buf, &breq, sizeof(breq)); 1332 count++; 1333 buf += sizeof(breq); 1334 len -= sizeof(breq); 1335 } 1336 1337 BRIDGE_UNLOCK(sc); 1338 bifc->ifbic_len = sizeof(breq) * count; 1339 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len); 1340 BRIDGE_LOCK(sc); 1341 free(outbuf, M_TEMP); 1342 return (error); 1343} 1344 1345static int 1346bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1347{ 1348 struct ifbaconf *bac = arg; 1349 struct bridge_rtnode *brt; 1350 struct ifbareq bareq; 1351 char *buf, *outbuf; 1352 int count, buflen, len, error = 0; 1353 1354 if (bac->ifbac_len == 0) 1355 return (0); 1356 1357 count = 0; 1358 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) 1359 count++; 1360 buflen = sizeof(bareq) * count; 1361 1362 BRIDGE_UNLOCK(sc); 1363 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1364 BRIDGE_LOCK(sc); 1365 1366 count = 0; 1367 buf = outbuf; 1368 len = min(bac->ifbac_len, buflen); 1369 bzero(&bareq, sizeof(bareq)); 1370 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1371 if (len < sizeof(bareq)) 1372 goto out; 1373 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1374 sizeof(bareq.ifba_ifsname)); 1375 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1376 bareq.ifba_vlan = brt->brt_vlan; 1377 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1378 time_uptime < brt->brt_expire) 1379 bareq.ifba_expire = brt->brt_expire - time_uptime; 1380 else 1381 bareq.ifba_expire = 0; 1382 bareq.ifba_flags = brt->brt_flags; 1383 1384 memcpy(buf, &bareq, sizeof(bareq)); 1385 count++; 1386 buf += sizeof(bareq); 1387 len -= sizeof(bareq); 1388 } 1389out: 1390 BRIDGE_UNLOCK(sc); 1391 bac->ifbac_len = sizeof(bareq) * count; 1392 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len); 1393 BRIDGE_LOCK(sc); 1394 free(outbuf, M_TEMP); 1395 return (error); 1396} 1397 1398static int 1399bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1400{ 1401 struct ifbareq *req = arg; 1402 struct bridge_iflist *bif; 1403 int error; 1404 1405 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1406 if (bif == NULL) 1407 return (ENOENT); 1408 1409 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1410 req->ifba_flags); 1411 1412 return (error); 1413} 1414 1415static int 1416bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1417{ 1418 struct ifbrparam *param = arg; 1419 1420 sc->sc_brttimeout = param->ifbrp_ctime; 1421 return (0); 1422} 1423 1424static int 1425bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1426{ 1427 struct ifbrparam *param = arg; 1428 1429 param->ifbrp_ctime = sc->sc_brttimeout; 1430 return (0); 1431} 1432 1433static int 1434bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1435{ 1436 struct ifbareq *req = arg; 1437 1438 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1439} 1440 1441static int 1442bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1443{ 1444 struct ifbreq *req = arg; 1445 1446 bridge_rtflush(sc, req->ifbr_ifsflags); 1447 return (0); 1448} 1449 1450static int 1451bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1452{ 1453 struct ifbrparam *param = arg; 1454 struct bstp_state *bs = &sc->sc_stp; 1455 1456 param->ifbrp_prio = bs->bs_bridge_priority; 1457 return (0); 1458} 1459 1460static int 1461bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1462{ 1463 struct ifbrparam *param = arg; 1464 1465 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1466} 1467 1468static int 1469bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1470{ 1471 struct ifbrparam *param = arg; 1472 struct bstp_state *bs = &sc->sc_stp; 1473 1474 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1475 return (0); 1476} 1477 1478static int 1479bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1480{ 1481 struct ifbrparam *param = arg; 1482 1483 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1484} 1485 1486static int 1487bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1488{ 1489 struct ifbrparam *param = arg; 1490 struct bstp_state *bs = &sc->sc_stp; 1491 1492 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1493 return (0); 1494} 1495 1496static int 1497bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1498{ 1499 struct ifbrparam *param = arg; 1500 1501 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1502} 1503 1504static int 1505bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1506{ 1507 struct ifbrparam *param = arg; 1508 struct bstp_state *bs = &sc->sc_stp; 1509 1510 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1511 return (0); 1512} 1513 1514static int 1515bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1516{ 1517 struct ifbrparam *param = arg; 1518 1519 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1520} 1521 1522static int 1523bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1524{ 1525 struct ifbreq *req = arg; 1526 struct bridge_iflist *bif; 1527 1528 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1529 if (bif == NULL) 1530 return (ENOENT); 1531 1532 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1533} 1534 1535static int 1536bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1537{ 1538 struct ifbreq *req = arg; 1539 struct bridge_iflist *bif; 1540 1541 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1542 if (bif == NULL) 1543 return (ENOENT); 1544 1545 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1546} 1547 1548static int 1549bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg) 1550{ 1551 struct ifbreq *req = arg; 1552 struct bridge_iflist *bif; 1553 1554 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1555 if (bif == NULL) 1556 return (ENOENT); 1557 1558 bif->bif_addrmax = req->ifbr_addrmax; 1559 return (0); 1560} 1561 1562static int 1563bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1564{ 1565 struct ifbreq *req = arg; 1566 struct bridge_iflist *bif = NULL; 1567 struct ifnet *ifs; 1568 1569 ifs = ifunit(req->ifbr_ifsname); 1570 if (ifs == NULL) 1571 return (ENOENT); 1572 1573 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1574 if (ifs == bif->bif_ifp) 1575 return (EBUSY); 1576 1577 if (ifs->if_bridge != NULL) 1578 return (EBUSY); 1579 1580 switch (ifs->if_type) { 1581 case IFT_ETHER: 1582 case IFT_GIF: 1583 case IFT_L2VLAN: 1584 break; 1585 default: 1586 return (EINVAL); 1587 } 1588 1589 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1590 if (bif == NULL) 1591 return (ENOMEM); 1592 1593 bif->bif_ifp = ifs; 1594 bif->bif_flags = IFBIF_SPAN; 1595 1596 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1597 1598 return (0); 1599} 1600 1601static int 1602bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1603{ 1604 struct ifbreq *req = arg; 1605 struct bridge_iflist *bif; 1606 struct ifnet *ifs; 1607 1608 ifs = ifunit(req->ifbr_ifsname); 1609 if (ifs == NULL) 1610 return (ENOENT); 1611 1612 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1613 if (ifs == bif->bif_ifp) 1614 break; 1615 1616 if (bif == NULL) 1617 return (ENOENT); 1618 1619 bridge_delete_span(sc, bif); 1620 1621 return (0); 1622} 1623 1624static int 1625bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1626{ 1627 struct ifbropreq *req = arg; 1628 struct bstp_state *bs = &sc->sc_stp; 1629 struct bstp_port *root_port; 1630 1631 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1632 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1633 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1634 1635 root_port = bs->bs_root_port; 1636 if (root_port == NULL) 1637 req->ifbop_root_port = 0; 1638 else 1639 req->ifbop_root_port = root_port->bp_ifp->if_index; 1640 1641 req->ifbop_holdcount = bs->bs_txholdcount; 1642 req->ifbop_priority = bs->bs_bridge_priority; 1643 req->ifbop_protocol = bs->bs_protover; 1644 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1645 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1646 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1647 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1648 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1649 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1650 1651 return (0); 1652} 1653 1654static int 1655bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1656{ 1657 struct ifbrparam *param = arg; 1658 1659 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1660 return (0); 1661} 1662 1663static int 1664bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1665{ 1666 struct ifbpstpconf *bifstp = arg; 1667 struct bridge_iflist *bif; 1668 struct bstp_port *bp; 1669 struct ifbpstpreq bpreq; 1670 char *buf, *outbuf; 1671 int count, buflen, len, error = 0; 1672 1673 count = 0; 1674 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1675 if ((bif->bif_flags & IFBIF_STP) != 0) 1676 count++; 1677 } 1678 1679 buflen = sizeof(bpreq) * count; 1680 if (bifstp->ifbpstp_len == 0) { 1681 bifstp->ifbpstp_len = buflen; 1682 return (0); 1683 } 1684 1685 BRIDGE_UNLOCK(sc); 1686 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1687 BRIDGE_LOCK(sc); 1688 1689 count = 0; 1690 buf = outbuf; 1691 len = min(bifstp->ifbpstp_len, buflen); 1692 bzero(&bpreq, sizeof(bpreq)); 1693 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1694 if (len < sizeof(bpreq)) 1695 break; 1696 1697 if ((bif->bif_flags & IFBIF_STP) == 0) 1698 continue; 1699 1700 bp = &bif->bif_stp; 1701 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1702 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1703 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1704 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1705 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1706 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1707 1708 memcpy(buf, &bpreq, sizeof(bpreq)); 1709 count++; 1710 buf += sizeof(bpreq); 1711 len -= sizeof(bpreq); 1712 } 1713 1714 BRIDGE_UNLOCK(sc); 1715 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1716 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len); 1717 BRIDGE_LOCK(sc); 1718 free(outbuf, M_TEMP); 1719 return (error); 1720} 1721 1722static int 1723bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1724{ 1725 struct ifbrparam *param = arg; 1726 1727 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1728} 1729 1730static int 1731bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1732{ 1733 struct ifbrparam *param = arg; 1734 1735 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1736} 1737 1738/* 1739 * bridge_ifdetach: 1740 * 1741 * Detach an interface from a bridge. Called when a member 1742 * interface is detaching. 1743 */ 1744static void 1745bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1746{ 1747 struct bridge_softc *sc = ifp->if_bridge; 1748 struct bridge_iflist *bif; 1749 1750 if (ifp->if_flags & IFF_RENAMING) 1751 return; 1752 1753 /* Check if the interface is a bridge member */ 1754 if (sc != NULL) { 1755 BRIDGE_LOCK(sc); 1756 1757 bif = bridge_lookup_member_if(sc, ifp); 1758 if (bif != NULL) 1759 bridge_delete_member(sc, bif, 1); 1760 1761 BRIDGE_UNLOCK(sc); 1762 return; 1763 } 1764 1765 /* Check if the interface is a span port */ 1766 mtx_lock(&bridge_list_mtx); 1767 LIST_FOREACH(sc, &bridge_list, sc_list) { 1768 BRIDGE_LOCK(sc); 1769 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1770 if (ifp == bif->bif_ifp) { 1771 bridge_delete_span(sc, bif); 1772 break; 1773 } 1774 1775 BRIDGE_UNLOCK(sc); 1776 } 1777 mtx_unlock(&bridge_list_mtx); 1778} 1779 1780/* 1781 * bridge_init: 1782 * 1783 * Initialize a bridge interface. 1784 */ 1785static void 1786bridge_init(void *xsc) 1787{ 1788 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1789 struct ifnet *ifp = sc->sc_ifp; 1790 1791 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1792 return; 1793 1794 BRIDGE_LOCK(sc); 1795 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1796 bridge_timer, sc); 1797 1798 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1799 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1800 1801 BRIDGE_UNLOCK(sc); 1802} 1803 1804/* 1805 * bridge_stop: 1806 * 1807 * Stop the bridge interface. 1808 */ 1809static void 1810bridge_stop(struct ifnet *ifp, int disable) 1811{ 1812 struct bridge_softc *sc = ifp->if_softc; 1813 1814 BRIDGE_LOCK_ASSERT(sc); 1815 1816 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1817 return; 1818 1819 callout_stop(&sc->sc_brcallout); 1820 bstp_stop(&sc->sc_stp); 1821 1822 bridge_rtflush(sc, IFBF_FLUSHDYN); 1823 1824 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1825} 1826 1827/* 1828 * bridge_enqueue: 1829 * 1830 * Enqueue a packet on a bridge member interface. 1831 * 1832 */ 1833static int 1834bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1835{ 1836 int len, err = 0; 1837 short mflags; 1838 struct mbuf *m0; 1839 1840 /* We may be sending a fragment so traverse the mbuf */ 1841 for (; m; m = m0) { 1842 m0 = m->m_nextpkt; 1843 m->m_nextpkt = NULL; 1844 len = m->m_pkthdr.len; 1845 mflags = m->m_flags; 1846 1847 /* 1848 * If underlying interface can not do VLAN tag insertion itself 1849 * then attach a packet tag that holds it. 1850 */ 1851 if ((m->m_flags & M_VLANTAG) && 1852 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) { 1853 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag); 1854 if (m == NULL) { 1855 if_printf(dst_ifp, 1856 "unable to prepend VLAN header\n"); 1857 dst_ifp->if_oerrors++; 1858 continue; 1859 } 1860 m->m_flags &= ~M_VLANTAG; 1861 } 1862 1863 if ((err = dst_ifp->if_transmit(dst_ifp, m))) { 1864 m_freem(m0); 1865 sc->sc_ifp->if_oerrors++; 1866 break; 1867 } 1868 1869 sc->sc_ifp->if_opackets++; 1870 sc->sc_ifp->if_obytes += len; 1871 if (mflags & M_MCAST) 1872 sc->sc_ifp->if_omcasts++; 1873 } 1874 1875 return (err); 1876} 1877 1878/* 1879 * bridge_dummynet: 1880 * 1881 * Receive a queued packet from dummynet and pass it on to the output 1882 * interface. 1883 * 1884 * The mbuf has the Ethernet header already attached. 1885 */ 1886static void 1887bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1888{ 1889 struct bridge_softc *sc; 1890 1891 sc = ifp->if_bridge; 1892 1893 /* 1894 * The packet didnt originate from a member interface. This should only 1895 * ever happen if a member interface is removed while packets are 1896 * queued for it. 1897 */ 1898 if (sc == NULL) { 1899 m_freem(m); 1900 return; 1901 } 1902 1903 if (PFIL_HOOKED(&V_inet_pfil_hook) 1904#ifdef INET6 1905 || PFIL_HOOKED(&V_inet6_pfil_hook) 1906#endif 1907 ) { 1908 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1909 return; 1910 if (m == NULL) 1911 return; 1912 } 1913 1914 bridge_enqueue(sc, ifp, m); 1915} 1916 1917/* 1918 * bridge_output: 1919 * 1920 * Send output from a bridge member interface. This 1921 * performs the bridging function for locally originated 1922 * packets. 1923 * 1924 * The mbuf has the Ethernet header already attached. We must 1925 * enqueue or free the mbuf before returning. 1926 */ 1927static int 1928bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1929 struct rtentry *rt) 1930{ 1931 struct ether_header *eh; 1932 struct ifnet *dst_if; 1933 struct bridge_softc *sc; 1934 uint16_t vlan; 1935 1936 if (m->m_len < ETHER_HDR_LEN) { 1937 m = m_pullup(m, ETHER_HDR_LEN); 1938 if (m == NULL) 1939 return (0); 1940 } 1941 1942 eh = mtod(m, struct ether_header *); 1943 sc = ifp->if_bridge; 1944 vlan = VLANTAGOF(m); 1945 1946 BRIDGE_LOCK(sc); 1947 1948 /* 1949 * If bridge is down, but the original output interface is up, 1950 * go ahead and send out that interface. Otherwise, the packet 1951 * is dropped below. 1952 */ 1953 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1954 dst_if = ifp; 1955 goto sendunicast; 1956 } 1957 1958 /* 1959 * If the packet is a multicast, or we don't know a better way to 1960 * get there, send to all interfaces. 1961 */ 1962 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1963 dst_if = NULL; 1964 else 1965 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1966 if (dst_if == NULL) { 1967 struct bridge_iflist *bif; 1968 struct mbuf *mc; 1969 int error = 0, used = 0; 1970 1971 bridge_span(sc, m); 1972 1973 BRIDGE_LOCK2REF(sc, error); 1974 if (error) { 1975 m_freem(m); 1976 return (0); 1977 } 1978 1979 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1980 dst_if = bif->bif_ifp; 1981 1982 if (dst_if->if_type == IFT_GIF) 1983 continue; 1984 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1985 continue; 1986 1987 /* 1988 * If this is not the original output interface, 1989 * and the interface is participating in spanning 1990 * tree, make sure the port is in a state that 1991 * allows forwarding. 1992 */ 1993 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1994 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1995 continue; 1996 1997 if (LIST_NEXT(bif, bif_next) == NULL) { 1998 used = 1; 1999 mc = m; 2000 } else { 2001 mc = m_copypacket(m, M_NOWAIT); 2002 if (mc == NULL) { 2003 sc->sc_ifp->if_oerrors++; 2004 continue; 2005 } 2006 } 2007 2008 bridge_enqueue(sc, dst_if, mc); 2009 } 2010 if (used == 0) 2011 m_freem(m); 2012 BRIDGE_UNREF(sc); 2013 return (0); 2014 } 2015 2016sendunicast: 2017 /* 2018 * XXX Spanning tree consideration here? 2019 */ 2020 2021 bridge_span(sc, m); 2022 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2023 m_freem(m); 2024 BRIDGE_UNLOCK(sc); 2025 return (0); 2026 } 2027 2028 BRIDGE_UNLOCK(sc); 2029 bridge_enqueue(sc, dst_if, m); 2030 return (0); 2031} 2032 2033/* 2034 * bridge_transmit: 2035 * 2036 * Do output on a bridge. 2037 * 2038 */ 2039static int 2040bridge_transmit(struct ifnet *ifp, struct mbuf *m) 2041{ 2042 struct bridge_softc *sc; 2043 struct ether_header *eh; 2044 struct ifnet *dst_if; 2045 int error = 0; 2046 2047 sc = ifp->if_softc; 2048 2049 ETHER_BPF_MTAP(ifp, m); 2050 2051 eh = mtod(m, struct ether_header *); 2052 2053 BRIDGE_LOCK(sc); 2054 if (((m->m_flags & (M_BCAST|M_MCAST)) == 0) && 2055 (dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1)) != NULL) { 2056 BRIDGE_UNLOCK(sc); 2057 error = bridge_enqueue(sc, dst_if, m); 2058 } else 2059 bridge_broadcast(sc, ifp, m, 0); 2060 2061 return (error); 2062} 2063 2064/* 2065 * The ifp->if_qflush entry point for if_bridge(4) is no-op. 2066 */ 2067static void 2068bridge_qflush(struct ifnet *ifp __unused) 2069{ 2070} 2071 2072/* 2073 * bridge_forward: 2074 * 2075 * The forwarding function of the bridge. 2076 * 2077 * NOTE: Releases the lock on return. 2078 */ 2079static void 2080bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif, 2081 struct mbuf *m) 2082{ 2083 struct bridge_iflist *dbif; 2084 struct ifnet *src_if, *dst_if, *ifp; 2085 struct ether_header *eh; 2086 uint16_t vlan; 2087 uint8_t *dst; 2088 int error; 2089 2090 src_if = m->m_pkthdr.rcvif; 2091 ifp = sc->sc_ifp; 2092 2093 ifp->if_ipackets++; 2094 ifp->if_ibytes += m->m_pkthdr.len; 2095 vlan = VLANTAGOF(m); 2096 2097 if ((sbif->bif_flags & IFBIF_STP) && 2098 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2099 goto drop; 2100 2101 eh = mtod(m, struct ether_header *); 2102 dst = eh->ether_dhost; 2103 2104 /* If the interface is learning, record the address. */ 2105 if (sbif->bif_flags & IFBIF_LEARNING) { 2106 error = bridge_rtupdate(sc, eh->ether_shost, vlan, 2107 sbif, 0, IFBAF_DYNAMIC); 2108 /* 2109 * If the interface has addresses limits then deny any source 2110 * that is not in the cache. 2111 */ 2112 if (error && sbif->bif_addrmax) 2113 goto drop; 2114 } 2115 2116 if ((sbif->bif_flags & IFBIF_STP) != 0 && 2117 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) 2118 goto drop; 2119 2120 /* 2121 * At this point, the port either doesn't participate 2122 * in spanning tree or it is in the forwarding state. 2123 */ 2124 2125 /* 2126 * If the packet is unicast, destined for someone on 2127 * "this" side of the bridge, drop it. 2128 */ 2129 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2130 dst_if = bridge_rtlookup(sc, dst, vlan); 2131 if (src_if == dst_if) 2132 goto drop; 2133 } else { 2134 /* 2135 * Check if its a reserved multicast address, any address 2136 * listed in 802.1D section 7.12.6 may not be forwarded by the 2137 * bridge. 2138 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F 2139 */ 2140 if (dst[0] == 0x01 && dst[1] == 0x80 && 2141 dst[2] == 0xc2 && dst[3] == 0x00 && 2142 dst[4] == 0x00 && dst[5] <= 0x0f) 2143 goto drop; 2144 2145 /* ...forward it to all interfaces. */ 2146 ifp->if_imcasts++; 2147 dst_if = NULL; 2148 } 2149 2150 /* 2151 * If we have a destination interface which is a member of our bridge, 2152 * OR this is a unicast packet, push it through the bpf(4) machinery. 2153 * For broadcast or multicast packets, don't bother because it will 2154 * be reinjected into ether_input. We do this before we pass the packets 2155 * through the pfil(9) framework, as it is possible that pfil(9) will 2156 * drop the packet, or possibly modify it, making it difficult to debug 2157 * firewall issues on the bridge. 2158 */ 2159 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 2160 ETHER_BPF_MTAP(ifp, m); 2161 2162 /* run the packet filter */ 2163 if (PFIL_HOOKED(&V_inet_pfil_hook) 2164#ifdef INET6 2165 || PFIL_HOOKED(&V_inet6_pfil_hook) 2166#endif 2167 ) { 2168 BRIDGE_UNLOCK(sc); 2169 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2170 return; 2171 if (m == NULL) 2172 return; 2173 BRIDGE_LOCK(sc); 2174 } 2175 2176 if (dst_if == NULL) { 2177 bridge_broadcast(sc, src_if, m, 1); 2178 return; 2179 } 2180 2181 /* 2182 * At this point, we're dealing with a unicast frame 2183 * going to a different interface. 2184 */ 2185 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2186 goto drop; 2187 2188 dbif = bridge_lookup_member_if(sc, dst_if); 2189 if (dbif == NULL) 2190 /* Not a member of the bridge (anymore?) */ 2191 goto drop; 2192 2193 /* Private segments can not talk to each other */ 2194 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE) 2195 goto drop; 2196 2197 if ((dbif->bif_flags & IFBIF_STP) && 2198 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2199 goto drop; 2200 2201 BRIDGE_UNLOCK(sc); 2202 2203 if (PFIL_HOOKED(&V_inet_pfil_hook) 2204#ifdef INET6 2205 || PFIL_HOOKED(&V_inet6_pfil_hook) 2206#endif 2207 ) { 2208 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2209 return; 2210 if (m == NULL) 2211 return; 2212 } 2213 2214 bridge_enqueue(sc, dst_if, m); 2215 return; 2216 2217drop: 2218 BRIDGE_UNLOCK(sc); 2219 m_freem(m); 2220} 2221 2222/* 2223 * bridge_input: 2224 * 2225 * Receive input from a member interface. Queue the packet for 2226 * bridging if it is not for us. 2227 */ 2228static struct mbuf * 2229bridge_input(struct ifnet *ifp, struct mbuf *m) 2230{ 2231 struct bridge_softc *sc = ifp->if_bridge; 2232 struct bridge_iflist *bif, *bif2; 2233 struct ifnet *bifp; 2234 struct ether_header *eh; 2235 struct mbuf *mc, *mc2; 2236 uint16_t vlan; 2237 int error; 2238 2239 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2240 return (m); 2241 2242 bifp = sc->sc_ifp; 2243 vlan = VLANTAGOF(m); 2244 2245 /* 2246 * Implement support for bridge monitoring. If this flag has been 2247 * set on this interface, discard the packet once we push it through 2248 * the bpf(4) machinery, but before we do, increment the byte and 2249 * packet counters associated with this interface. 2250 */ 2251 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2252 m->m_pkthdr.rcvif = bifp; 2253 ETHER_BPF_MTAP(bifp, m); 2254 bifp->if_ipackets++; 2255 bifp->if_ibytes += m->m_pkthdr.len; 2256 m_freem(m); 2257 return (NULL); 2258 } 2259 BRIDGE_LOCK(sc); 2260 bif = bridge_lookup_member_if(sc, ifp); 2261 if (bif == NULL) { 2262 BRIDGE_UNLOCK(sc); 2263 return (m); 2264 } 2265 2266 eh = mtod(m, struct ether_header *); 2267 2268 bridge_span(sc, m); 2269 2270 if (m->m_flags & (M_BCAST|M_MCAST)) { 2271 /* Tap off 802.1D packets; they do not get forwarded. */ 2272 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2273 ETHER_ADDR_LEN) == 0) { 2274 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */ 2275 BRIDGE_UNLOCK(sc); 2276 return (NULL); 2277 } 2278 2279 if ((bif->bif_flags & IFBIF_STP) && 2280 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2281 BRIDGE_UNLOCK(sc); 2282 return (m); 2283 } 2284 2285 /* 2286 * Make a deep copy of the packet and enqueue the copy 2287 * for bridge processing; return the original packet for 2288 * local processing. 2289 */ 2290 mc = m_dup(m, M_NOWAIT); 2291 if (mc == NULL) { 2292 BRIDGE_UNLOCK(sc); 2293 return (m); 2294 } 2295 2296 /* Perform the bridge forwarding function with the copy. */ 2297 bridge_forward(sc, bif, mc); 2298 2299 /* 2300 * Reinject the mbuf as arriving on the bridge so we have a 2301 * chance at claiming multicast packets. We can not loop back 2302 * here from ether_input as a bridge is never a member of a 2303 * bridge. 2304 */ 2305 KASSERT(bifp->if_bridge == NULL, 2306 ("loop created in bridge_input")); 2307 mc2 = m_dup(m, M_NOWAIT); 2308 if (mc2 != NULL) { 2309 /* Keep the layer3 header aligned */ 2310 int i = min(mc2->m_pkthdr.len, max_protohdr); 2311 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2312 } 2313 if (mc2 != NULL) { 2314 mc2->m_pkthdr.rcvif = bifp; 2315 (*bifp->if_input)(bifp, mc2); 2316 } 2317 2318 /* Return the original packet for local processing. */ 2319 return (m); 2320 } 2321 2322 if ((bif->bif_flags & IFBIF_STP) && 2323 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2324 BRIDGE_UNLOCK(sc); 2325 return (m); 2326 } 2327 2328#if (defined(INET) || defined(INET6)) 2329# define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2330 || ((iface)->if_carp \ 2331 && (*carp_forus_p)((iface), eh->ether_dhost)) 2332# define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2333 || ((iface)->if_carp \ 2334 && (*carp_forus_p)((iface), eh->ether_shost)) 2335#else 2336# define OR_CARP_CHECK_WE_ARE_DST(iface) 2337# define OR_CARP_CHECK_WE_ARE_SRC(iface) 2338#endif 2339 2340#ifdef INET6 2341# define OR_PFIL_HOOKED_INET6 \ 2342 || PFIL_HOOKED(&V_inet6_pfil_hook) 2343#else 2344# define OR_PFIL_HOOKED_INET6 2345#endif 2346 2347#define GRAB_OUR_PACKETS(iface) \ 2348 if ((iface)->if_type == IFT_GIF) \ 2349 continue; \ 2350 /* It is destined for us. */ \ 2351 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2352 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2353 ) { \ 2354 if ((iface)->if_type == IFT_BRIDGE) { \ 2355 ETHER_BPF_MTAP(iface, m); \ 2356 iface->if_ipackets++; \ 2357 iface->if_ibytes += m->m_pkthdr.len; \ 2358 /* Filter on the physical interface. */ \ 2359 if (pfil_local_phys && \ 2360 (PFIL_HOOKED(&V_inet_pfil_hook) \ 2361 OR_PFIL_HOOKED_INET6)) { \ 2362 if (bridge_pfil(&m, NULL, ifp, \ 2363 PFIL_IN) != 0 || m == NULL) { \ 2364 BRIDGE_UNLOCK(sc); \ 2365 return (NULL); \ 2366 } \ 2367 eh = mtod(m, struct ether_header *); \ 2368 } \ 2369 } \ 2370 if (bif->bif_flags & IFBIF_LEARNING) { \ 2371 error = bridge_rtupdate(sc, eh->ether_shost, \ 2372 vlan, bif, 0, IFBAF_DYNAMIC); \ 2373 if (error && bif->bif_addrmax) { \ 2374 BRIDGE_UNLOCK(sc); \ 2375 m_freem(m); \ 2376 return (NULL); \ 2377 } \ 2378 } \ 2379 m->m_pkthdr.rcvif = iface; \ 2380 BRIDGE_UNLOCK(sc); \ 2381 return (m); \ 2382 } \ 2383 \ 2384 /* We just received a packet that we sent out. */ \ 2385 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2386 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2387 ) { \ 2388 BRIDGE_UNLOCK(sc); \ 2389 m_freem(m); \ 2390 return (NULL); \ 2391 } 2392 2393 /* 2394 * Unicast. Make sure it's not for the bridge. 2395 */ 2396 do { GRAB_OUR_PACKETS(bifp) } while (0); 2397 2398 /* 2399 * Give a chance for ifp at first priority. This will help when the 2400 * packet comes through the interface like VLAN's with the same MACs 2401 * on several interfaces from the same bridge. This also will save 2402 * some CPU cycles in case the destination interface and the input 2403 * interface (eq ifp) are the same. 2404 */ 2405 do { GRAB_OUR_PACKETS(ifp) } while (0); 2406 2407 /* Now check the all bridge members. */ 2408 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2409 GRAB_OUR_PACKETS(bif2->bif_ifp) 2410 } 2411 2412#undef OR_CARP_CHECK_WE_ARE_DST 2413#undef OR_CARP_CHECK_WE_ARE_SRC 2414#undef OR_PFIL_HOOKED_INET6 2415#undef GRAB_OUR_PACKETS 2416 2417 /* Perform the bridge forwarding function. */ 2418 bridge_forward(sc, bif, m); 2419 2420 return (NULL); 2421} 2422 2423/* 2424 * bridge_broadcast: 2425 * 2426 * Send a frame to all interfaces that are members of 2427 * the bridge, except for the one on which the packet 2428 * arrived. 2429 * 2430 * NOTE: Releases the lock on return. 2431 */ 2432static void 2433bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2434 struct mbuf *m, int runfilt) 2435{ 2436 struct bridge_iflist *dbif, *sbif; 2437 struct mbuf *mc; 2438 struct ifnet *dst_if; 2439 int error = 0, used = 0, i; 2440 2441 sbif = bridge_lookup_member_if(sc, src_if); 2442 2443 BRIDGE_LOCK2REF(sc, error); 2444 if (error) { 2445 m_freem(m); 2446 return; 2447 } 2448 2449 /* Filter on the bridge interface before broadcasting */ 2450 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2451#ifdef INET6 2452 || PFIL_HOOKED(&V_inet6_pfil_hook) 2453#endif 2454 )) { 2455 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2456 goto out; 2457 if (m == NULL) 2458 goto out; 2459 } 2460 2461 LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) { 2462 dst_if = dbif->bif_ifp; 2463 if (dst_if == src_if) 2464 continue; 2465 2466 /* Private segments can not talk to each other */ 2467 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)) 2468 continue; 2469 2470 if ((dbif->bif_flags & IFBIF_STP) && 2471 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2472 continue; 2473 2474 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 && 2475 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2476 continue; 2477 2478 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2479 continue; 2480 2481 if (LIST_NEXT(dbif, bif_next) == NULL) { 2482 mc = m; 2483 used = 1; 2484 } else { 2485 mc = m_dup(m, M_NOWAIT); 2486 if (mc == NULL) { 2487 sc->sc_ifp->if_oerrors++; 2488 continue; 2489 } 2490 } 2491 2492 /* 2493 * Filter on the output interface. Pass a NULL bridge interface 2494 * pointer so we do not redundantly filter on the bridge for 2495 * each interface we broadcast on. 2496 */ 2497 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2498#ifdef INET6 2499 || PFIL_HOOKED(&V_inet6_pfil_hook) 2500#endif 2501 )) { 2502 if (used == 0) { 2503 /* Keep the layer3 header aligned */ 2504 i = min(mc->m_pkthdr.len, max_protohdr); 2505 mc = m_copyup(mc, i, ETHER_ALIGN); 2506 if (mc == NULL) { 2507 sc->sc_ifp->if_oerrors++; 2508 continue; 2509 } 2510 } 2511 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2512 continue; 2513 if (mc == NULL) 2514 continue; 2515 } 2516 2517 bridge_enqueue(sc, dst_if, mc); 2518 } 2519 if (used == 0) 2520 m_freem(m); 2521 2522out: 2523 BRIDGE_UNREF(sc); 2524} 2525 2526/* 2527 * bridge_span: 2528 * 2529 * Duplicate a packet out one or more interfaces that are in span mode, 2530 * the original mbuf is unmodified. 2531 */ 2532static void 2533bridge_span(struct bridge_softc *sc, struct mbuf *m) 2534{ 2535 struct bridge_iflist *bif; 2536 struct ifnet *dst_if; 2537 struct mbuf *mc; 2538 2539 if (LIST_EMPTY(&sc->sc_spanlist)) 2540 return; 2541 2542 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2543 dst_if = bif->bif_ifp; 2544 2545 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2546 continue; 2547 2548 mc = m_copypacket(m, M_NOWAIT); 2549 if (mc == NULL) { 2550 sc->sc_ifp->if_oerrors++; 2551 continue; 2552 } 2553 2554 bridge_enqueue(sc, dst_if, mc); 2555 } 2556} 2557 2558/* 2559 * bridge_rtupdate: 2560 * 2561 * Add a bridge routing entry. 2562 */ 2563static int 2564bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2565 struct bridge_iflist *bif, int setflags, uint8_t flags) 2566{ 2567 struct bridge_rtnode *brt; 2568 int error; 2569 2570 BRIDGE_LOCK_ASSERT(sc); 2571 2572 /* Check the source address is valid and not multicast. */ 2573 if (ETHER_IS_MULTICAST(dst) || 2574 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 && 2575 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0) 2576 return (EINVAL); 2577 2578 /* 802.1p frames map to vlan 1 */ 2579 if (vlan == 0) 2580 vlan = 1; 2581 2582 /* 2583 * A route for this destination might already exist. If so, 2584 * update it, otherwise create a new one. 2585 */ 2586 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2587 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2588 sc->sc_brtexceeded++; 2589 return (ENOSPC); 2590 } 2591 /* Check per interface address limits (if enabled) */ 2592 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) { 2593 bif->bif_addrexceeded++; 2594 return (ENOSPC); 2595 } 2596 2597 /* 2598 * Allocate a new bridge forwarding node, and 2599 * initialize the expiration time and Ethernet 2600 * address. 2601 */ 2602 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2603 if (brt == NULL) 2604 return (ENOMEM); 2605 2606 if (bif->bif_flags & IFBIF_STICKY) 2607 brt->brt_flags = IFBAF_STICKY; 2608 else 2609 brt->brt_flags = IFBAF_DYNAMIC; 2610 2611 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2612 brt->brt_vlan = vlan; 2613 2614 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2615 uma_zfree(bridge_rtnode_zone, brt); 2616 return (error); 2617 } 2618 brt->brt_dst = bif; 2619 bif->bif_addrcnt++; 2620 } 2621 2622 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2623 brt->brt_dst != bif) { 2624 brt->brt_dst->bif_addrcnt--; 2625 brt->brt_dst = bif; 2626 brt->brt_dst->bif_addrcnt++; 2627 } 2628 2629 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2630 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2631 if (setflags) 2632 brt->brt_flags = flags; 2633 2634 return (0); 2635} 2636 2637/* 2638 * bridge_rtlookup: 2639 * 2640 * Lookup the destination interface for an address. 2641 */ 2642static struct ifnet * 2643bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2644{ 2645 struct bridge_rtnode *brt; 2646 2647 BRIDGE_LOCK_ASSERT(sc); 2648 2649 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2650 return (NULL); 2651 2652 return (brt->brt_ifp); 2653} 2654 2655/* 2656 * bridge_rttrim: 2657 * 2658 * Trim the routine table so that we have a number 2659 * of routing entries less than or equal to the 2660 * maximum number. 2661 */ 2662static void 2663bridge_rttrim(struct bridge_softc *sc) 2664{ 2665 struct bridge_rtnode *brt, *nbrt; 2666 2667 BRIDGE_LOCK_ASSERT(sc); 2668 2669 /* Make sure we actually need to do this. */ 2670 if (sc->sc_brtcnt <= sc->sc_brtmax) 2671 return; 2672 2673 /* Force an aging cycle; this might trim enough addresses. */ 2674 bridge_rtage(sc); 2675 if (sc->sc_brtcnt <= sc->sc_brtmax) 2676 return; 2677 2678 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2679 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2680 bridge_rtnode_destroy(sc, brt); 2681 if (sc->sc_brtcnt <= sc->sc_brtmax) 2682 return; 2683 } 2684 } 2685} 2686 2687/* 2688 * bridge_timer: 2689 * 2690 * Aging timer for the bridge. 2691 */ 2692static void 2693bridge_timer(void *arg) 2694{ 2695 struct bridge_softc *sc = arg; 2696 2697 BRIDGE_LOCK_ASSERT(sc); 2698 2699 bridge_rtage(sc); 2700 2701 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2702 callout_reset(&sc->sc_brcallout, 2703 bridge_rtable_prune_period * hz, bridge_timer, sc); 2704} 2705 2706/* 2707 * bridge_rtage: 2708 * 2709 * Perform an aging cycle. 2710 */ 2711static void 2712bridge_rtage(struct bridge_softc *sc) 2713{ 2714 struct bridge_rtnode *brt, *nbrt; 2715 2716 BRIDGE_LOCK_ASSERT(sc); 2717 2718 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2719 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2720 if (time_uptime >= brt->brt_expire) 2721 bridge_rtnode_destroy(sc, brt); 2722 } 2723 } 2724} 2725 2726/* 2727 * bridge_rtflush: 2728 * 2729 * Remove all dynamic addresses from the bridge. 2730 */ 2731static void 2732bridge_rtflush(struct bridge_softc *sc, int full) 2733{ 2734 struct bridge_rtnode *brt, *nbrt; 2735 2736 BRIDGE_LOCK_ASSERT(sc); 2737 2738 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2739 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2740 bridge_rtnode_destroy(sc, brt); 2741 } 2742} 2743 2744/* 2745 * bridge_rtdaddr: 2746 * 2747 * Remove an address from the table. 2748 */ 2749static int 2750bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2751{ 2752 struct bridge_rtnode *brt; 2753 int found = 0; 2754 2755 BRIDGE_LOCK_ASSERT(sc); 2756 2757 /* 2758 * If vlan is zero then we want to delete for all vlans so the lookup 2759 * may return more than one. 2760 */ 2761 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2762 bridge_rtnode_destroy(sc, brt); 2763 found = 1; 2764 } 2765 2766 return (found ? 0 : ENOENT); 2767} 2768 2769/* 2770 * bridge_rtdelete: 2771 * 2772 * Delete routes to a speicifc member interface. 2773 */ 2774static void 2775bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2776{ 2777 struct bridge_rtnode *brt, *nbrt; 2778 2779 BRIDGE_LOCK_ASSERT(sc); 2780 2781 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2782 if (brt->brt_ifp == ifp && (full || 2783 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2784 bridge_rtnode_destroy(sc, brt); 2785 } 2786} 2787 2788/* 2789 * bridge_rtable_init: 2790 * 2791 * Initialize the route table for this bridge. 2792 */ 2793static void 2794bridge_rtable_init(struct bridge_softc *sc) 2795{ 2796 int i; 2797 2798 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2799 M_DEVBUF, M_WAITOK); 2800 2801 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2802 LIST_INIT(&sc->sc_rthash[i]); 2803 2804 sc->sc_rthash_key = arc4random(); 2805 LIST_INIT(&sc->sc_rtlist); 2806} 2807 2808/* 2809 * bridge_rtable_fini: 2810 * 2811 * Deconstruct the route table for this bridge. 2812 */ 2813static void 2814bridge_rtable_fini(struct bridge_softc *sc) 2815{ 2816 2817 KASSERT(sc->sc_brtcnt == 0, 2818 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt)); 2819 free(sc->sc_rthash, M_DEVBUF); 2820} 2821 2822/* 2823 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2824 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2825 */ 2826#define mix(a, b, c) \ 2827do { \ 2828 a -= b; a -= c; a ^= (c >> 13); \ 2829 b -= c; b -= a; b ^= (a << 8); \ 2830 c -= a; c -= b; c ^= (b >> 13); \ 2831 a -= b; a -= c; a ^= (c >> 12); \ 2832 b -= c; b -= a; b ^= (a << 16); \ 2833 c -= a; c -= b; c ^= (b >> 5); \ 2834 a -= b; a -= c; a ^= (c >> 3); \ 2835 b -= c; b -= a; b ^= (a << 10); \ 2836 c -= a; c -= b; c ^= (b >> 15); \ 2837} while (/*CONSTCOND*/0) 2838 2839static __inline uint32_t 2840bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2841{ 2842 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2843 2844 b += addr[5] << 8; 2845 b += addr[4]; 2846 a += addr[3] << 24; 2847 a += addr[2] << 16; 2848 a += addr[1] << 8; 2849 a += addr[0]; 2850 2851 mix(a, b, c); 2852 2853 return (c & BRIDGE_RTHASH_MASK); 2854} 2855 2856#undef mix 2857 2858static int 2859bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2860{ 2861 int i, d; 2862 2863 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2864 d = ((int)a[i]) - ((int)b[i]); 2865 } 2866 2867 return (d); 2868} 2869 2870/* 2871 * bridge_rtnode_lookup: 2872 * 2873 * Look up a bridge route node for the specified destination. Compare the 2874 * vlan id or if zero then just return the first match. 2875 */ 2876static struct bridge_rtnode * 2877bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2878{ 2879 struct bridge_rtnode *brt; 2880 uint32_t hash; 2881 int dir; 2882 2883 BRIDGE_LOCK_ASSERT(sc); 2884 2885 hash = bridge_rthash(sc, addr); 2886 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2887 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2888 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 2889 return (brt); 2890 if (dir > 0) 2891 return (NULL); 2892 } 2893 2894 return (NULL); 2895} 2896 2897/* 2898 * bridge_rtnode_insert: 2899 * 2900 * Insert the specified bridge node into the route table. We 2901 * assume the entry is not already in the table. 2902 */ 2903static int 2904bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2905{ 2906 struct bridge_rtnode *lbrt; 2907 uint32_t hash; 2908 int dir; 2909 2910 BRIDGE_LOCK_ASSERT(sc); 2911 2912 hash = bridge_rthash(sc, brt->brt_addr); 2913 2914 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2915 if (lbrt == NULL) { 2916 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2917 goto out; 2918 } 2919 2920 do { 2921 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2922 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 2923 return (EEXIST); 2924 if (dir > 0) { 2925 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2926 goto out; 2927 } 2928 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2929 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2930 goto out; 2931 } 2932 lbrt = LIST_NEXT(lbrt, brt_hash); 2933 } while (lbrt != NULL); 2934 2935#ifdef DIAGNOSTIC 2936 panic("bridge_rtnode_insert: impossible"); 2937#endif 2938 2939out: 2940 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2941 sc->sc_brtcnt++; 2942 2943 return (0); 2944} 2945 2946/* 2947 * bridge_rtnode_destroy: 2948 * 2949 * Destroy a bridge rtnode. 2950 */ 2951static void 2952bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2953{ 2954 BRIDGE_LOCK_ASSERT(sc); 2955 2956 LIST_REMOVE(brt, brt_hash); 2957 2958 LIST_REMOVE(brt, brt_list); 2959 sc->sc_brtcnt--; 2960 brt->brt_dst->bif_addrcnt--; 2961 uma_zfree(bridge_rtnode_zone, brt); 2962} 2963 2964/* 2965 * bridge_rtable_expire: 2966 * 2967 * Set the expiry time for all routes on an interface. 2968 */ 2969static void 2970bridge_rtable_expire(struct ifnet *ifp, int age) 2971{ 2972 struct bridge_softc *sc = ifp->if_bridge; 2973 struct bridge_rtnode *brt; 2974 2975 BRIDGE_LOCK(sc); 2976 2977 /* 2978 * If the age is zero then flush, otherwise set all the expiry times to 2979 * age for the interface 2980 */ 2981 if (age == 0) 2982 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2983 else { 2984 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2985 /* Cap the expiry time to 'age' */ 2986 if (brt->brt_ifp == ifp && 2987 brt->brt_expire > time_uptime + age && 2988 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2989 brt->brt_expire = time_uptime + age; 2990 } 2991 } 2992 BRIDGE_UNLOCK(sc); 2993} 2994 2995/* 2996 * bridge_state_change: 2997 * 2998 * Callback from the bridgestp code when a port changes states. 2999 */ 3000static void 3001bridge_state_change(struct ifnet *ifp, int state) 3002{ 3003 struct bridge_softc *sc = ifp->if_bridge; 3004 static const char *stpstates[] = { 3005 "disabled", 3006 "listening", 3007 "learning", 3008 "forwarding", 3009 "blocking", 3010 "discarding" 3011 }; 3012 3013 if (log_stp) 3014 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 3015 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 3016} 3017 3018/* 3019 * Send bridge packets through pfil if they are one of the types pfil can deal 3020 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3021 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3022 * that interface. 3023 */ 3024static int 3025bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3026{ 3027 int snap, error, i, hlen; 3028 struct ether_header *eh1, eh2; 3029 struct ip *ip; 3030 struct llc llc1; 3031 u_int16_t ether_type; 3032 3033 snap = 0; 3034 error = -1; /* Default error if not error == 0 */ 3035 3036#if 0 3037 /* we may return with the IP fields swapped, ensure its not shared */ 3038 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 3039#endif 3040 3041 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 3042 return (0); /* filtering is disabled */ 3043 3044 i = min((*mp)->m_pkthdr.len, max_protohdr); 3045 if ((*mp)->m_len < i) { 3046 *mp = m_pullup(*mp, i); 3047 if (*mp == NULL) { 3048 printf("%s: m_pullup failed\n", __func__); 3049 return (-1); 3050 } 3051 } 3052 3053 eh1 = mtod(*mp, struct ether_header *); 3054 ether_type = ntohs(eh1->ether_type); 3055 3056 /* 3057 * Check for SNAP/LLC. 3058 */ 3059 if (ether_type < ETHERMTU) { 3060 struct llc *llc2 = (struct llc *)(eh1 + 1); 3061 3062 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3063 llc2->llc_dsap == LLC_SNAP_LSAP && 3064 llc2->llc_ssap == LLC_SNAP_LSAP && 3065 llc2->llc_control == LLC_UI) { 3066 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3067 snap = 1; 3068 } 3069 } 3070 3071 /* 3072 * If we're trying to filter bridge traffic, don't look at anything 3073 * other than IP and ARP traffic. If the filter doesn't understand 3074 * IPv6, don't allow IPv6 through the bridge either. This is lame 3075 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3076 * but of course we don't have an AppleTalk filter to begin with. 3077 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3078 * ARP traffic.) 3079 */ 3080 switch (ether_type) { 3081 case ETHERTYPE_ARP: 3082 case ETHERTYPE_REVARP: 3083 if (pfil_ipfw_arp == 0) 3084 return (0); /* Automatically pass */ 3085 break; 3086 3087 case ETHERTYPE_IP: 3088#ifdef INET6 3089 case ETHERTYPE_IPV6: 3090#endif /* INET6 */ 3091 break; 3092 default: 3093 /* 3094 * Check to see if the user wants to pass non-ip 3095 * packets, these will not be checked by pfil(9) and 3096 * passed unconditionally so the default is to drop. 3097 */ 3098 if (pfil_onlyip) 3099 goto bad; 3100 } 3101 3102 /* Run the packet through pfil before stripping link headers */ 3103 if (PFIL_HOOKED(&V_link_pfil_hook) && pfil_ipfw != 0 && 3104 dir == PFIL_OUT && ifp != NULL) { 3105 3106 error = pfil_run_hooks(&V_link_pfil_hook, mp, ifp, dir, NULL); 3107 3108 if (*mp == NULL || error != 0) /* packet consumed by filter */ 3109 return (error); 3110 } 3111 3112 /* Strip off the Ethernet header and keep a copy. */ 3113 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3114 m_adj(*mp, ETHER_HDR_LEN); 3115 3116 /* Strip off snap header, if present */ 3117 if (snap) { 3118 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3119 m_adj(*mp, sizeof(struct llc)); 3120 } 3121 3122 /* 3123 * Check the IP header for alignment and errors 3124 */ 3125 if (dir == PFIL_IN) { 3126 switch (ether_type) { 3127 case ETHERTYPE_IP: 3128 error = bridge_ip_checkbasic(mp); 3129 break; 3130#ifdef INET6 3131 case ETHERTYPE_IPV6: 3132 error = bridge_ip6_checkbasic(mp); 3133 break; 3134#endif /* INET6 */ 3135 default: 3136 error = 0; 3137 } 3138 if (error) 3139 goto bad; 3140 } 3141 3142 error = 0; 3143 3144 /* 3145 * Run the packet through pfil 3146 */ 3147 switch (ether_type) { 3148 case ETHERTYPE_IP: 3149 /* 3150 * Run pfil on the member interface and the bridge, both can 3151 * be skipped by clearing pfil_member or pfil_bridge. 3152 * 3153 * Keep the order: 3154 * in_if -> bridge_if -> out_if 3155 */ 3156 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3157 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3158 dir, NULL); 3159 3160 if (*mp == NULL || error != 0) /* filter may consume */ 3161 break; 3162 3163 if (pfil_member && ifp != NULL) 3164 error = pfil_run_hooks(&V_inet_pfil_hook, mp, ifp, 3165 dir, NULL); 3166 3167 if (*mp == NULL || error != 0) /* filter may consume */ 3168 break; 3169 3170 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3171 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3172 dir, NULL); 3173 3174 if (*mp == NULL || error != 0) /* filter may consume */ 3175 break; 3176 3177 /* check if we need to fragment the packet */ 3178 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 3179 i = (*mp)->m_pkthdr.len; 3180 if (i > ifp->if_mtu) { 3181 error = bridge_fragment(ifp, *mp, &eh2, snap, 3182 &llc1); 3183 return (error); 3184 } 3185 } 3186 3187 /* Recalculate the ip checksum. */ 3188 ip = mtod(*mp, struct ip *); 3189 hlen = ip->ip_hl << 2; 3190 if (hlen < sizeof(struct ip)) 3191 goto bad; 3192 if (hlen > (*mp)->m_len) { 3193 if ((*mp = m_pullup(*mp, hlen)) == 0) 3194 goto bad; 3195 ip = mtod(*mp, struct ip *); 3196 if (ip == NULL) 3197 goto bad; 3198 } 3199 ip->ip_sum = 0; 3200 if (hlen == sizeof(struct ip)) 3201 ip->ip_sum = in_cksum_hdr(ip); 3202 else 3203 ip->ip_sum = in_cksum(*mp, hlen); 3204 3205 break; 3206#ifdef INET6 3207 case ETHERTYPE_IPV6: 3208 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3209 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3210 dir, NULL); 3211 3212 if (*mp == NULL || error != 0) /* filter may consume */ 3213 break; 3214 3215 if (pfil_member && ifp != NULL) 3216 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, ifp, 3217 dir, NULL); 3218 3219 if (*mp == NULL || error != 0) /* filter may consume */ 3220 break; 3221 3222 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3223 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3224 dir, NULL); 3225 break; 3226#endif 3227 default: 3228 error = 0; 3229 break; 3230 } 3231 3232 if (*mp == NULL) 3233 return (error); 3234 if (error != 0) 3235 goto bad; 3236 3237 error = -1; 3238 3239 /* 3240 * Finally, put everything back the way it was and return 3241 */ 3242 if (snap) { 3243 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT); 3244 if (*mp == NULL) 3245 return (error); 3246 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3247 } 3248 3249 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT); 3250 if (*mp == NULL) 3251 return (error); 3252 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3253 3254 return (0); 3255 3256bad: 3257 m_freem(*mp); 3258 *mp = NULL; 3259 return (error); 3260} 3261 3262/* 3263 * Perform basic checks on header size since 3264 * pfil assumes ip_input has already processed 3265 * it for it. Cut-and-pasted from ip_input.c. 3266 * Given how simple the IPv6 version is, 3267 * does the IPv4 version really need to be 3268 * this complicated? 3269 * 3270 * XXX Should we update ipstat here, or not? 3271 * XXX Right now we update ipstat but not 3272 * XXX csum_counter. 3273 */ 3274static int 3275bridge_ip_checkbasic(struct mbuf **mp) 3276{ 3277 struct mbuf *m = *mp; 3278 struct ip *ip; 3279 int len, hlen; 3280 u_short sum; 3281 3282 if (*mp == NULL) 3283 return (-1); 3284 3285 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3286 if ((m = m_copyup(m, sizeof(struct ip), 3287 (max_linkhdr + 3) & ~3)) == NULL) { 3288 /* XXXJRT new stat, please */ 3289 KMOD_IPSTAT_INC(ips_toosmall); 3290 goto bad; 3291 } 3292 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3293 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3294 KMOD_IPSTAT_INC(ips_toosmall); 3295 goto bad; 3296 } 3297 } 3298 ip = mtod(m, struct ip *); 3299 if (ip == NULL) goto bad; 3300 3301 if (ip->ip_v != IPVERSION) { 3302 KMOD_IPSTAT_INC(ips_badvers); 3303 goto bad; 3304 } 3305 hlen = ip->ip_hl << 2; 3306 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3307 KMOD_IPSTAT_INC(ips_badhlen); 3308 goto bad; 3309 } 3310 if (hlen > m->m_len) { 3311 if ((m = m_pullup(m, hlen)) == 0) { 3312 KMOD_IPSTAT_INC(ips_badhlen); 3313 goto bad; 3314 } 3315 ip = mtod(m, struct ip *); 3316 if (ip == NULL) goto bad; 3317 } 3318 3319 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3320 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3321 } else { 3322 if (hlen == sizeof(struct ip)) { 3323 sum = in_cksum_hdr(ip); 3324 } else { 3325 sum = in_cksum(m, hlen); 3326 } 3327 } 3328 if (sum) { 3329 KMOD_IPSTAT_INC(ips_badsum); 3330 goto bad; 3331 } 3332 3333 /* Retrieve the packet length. */ 3334 len = ntohs(ip->ip_len); 3335 3336 /* 3337 * Check for additional length bogosity 3338 */ 3339 if (len < hlen) { 3340 KMOD_IPSTAT_INC(ips_badlen); 3341 goto bad; 3342 } 3343 3344 /* 3345 * Check that the amount of data in the buffers 3346 * is as at least much as the IP header would have us expect. 3347 * Drop packet if shorter than we expect. 3348 */ 3349 if (m->m_pkthdr.len < len) { 3350 KMOD_IPSTAT_INC(ips_tooshort); 3351 goto bad; 3352 } 3353 3354 /* Checks out, proceed */ 3355 *mp = m; 3356 return (0); 3357 3358bad: 3359 *mp = m; 3360 return (-1); 3361} 3362 3363#ifdef INET6 3364/* 3365 * Same as above, but for IPv6. 3366 * Cut-and-pasted from ip6_input.c. 3367 * XXX Should we update ip6stat, or not? 3368 */ 3369static int 3370bridge_ip6_checkbasic(struct mbuf **mp) 3371{ 3372 struct mbuf *m = *mp; 3373 struct ip6_hdr *ip6; 3374 3375 /* 3376 * If the IPv6 header is not aligned, slurp it up into a new 3377 * mbuf with space for link headers, in the event we forward 3378 * it. Otherwise, if it is aligned, make sure the entire base 3379 * IPv6 header is in the first mbuf of the chain. 3380 */ 3381 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3382 struct ifnet *inifp = m->m_pkthdr.rcvif; 3383 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3384 (max_linkhdr + 3) & ~3)) == NULL) { 3385 /* XXXJRT new stat, please */ 3386 IP6STAT_INC(ip6s_toosmall); 3387 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3388 goto bad; 3389 } 3390 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3391 struct ifnet *inifp = m->m_pkthdr.rcvif; 3392 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3393 IP6STAT_INC(ip6s_toosmall); 3394 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3395 goto bad; 3396 } 3397 } 3398 3399 ip6 = mtod(m, struct ip6_hdr *); 3400 3401 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3402 IP6STAT_INC(ip6s_badvers); 3403 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3404 goto bad; 3405 } 3406 3407 /* Checks out, proceed */ 3408 *mp = m; 3409 return (0); 3410 3411bad: 3412 *mp = m; 3413 return (-1); 3414} 3415#endif /* INET6 */ 3416 3417/* 3418 * bridge_fragment: 3419 * 3420 * Return a fragmented mbuf chain. 3421 */ 3422static int 3423bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3424 int snap, struct llc *llc) 3425{ 3426 struct mbuf *m0; 3427 struct ip *ip; 3428 int error = -1; 3429 3430 if (m->m_len < sizeof(struct ip) && 3431 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3432 goto out; 3433 ip = mtod(m, struct ip *); 3434 3435 m->m_pkthdr.csum_flags |= CSUM_IP; 3436 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist); 3437 if (error) 3438 goto out; 3439 3440 /* walk the chain and re-add the Ethernet header */ 3441 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3442 if (error == 0) { 3443 if (snap) { 3444 M_PREPEND(m0, sizeof(struct llc), M_NOWAIT); 3445 if (m0 == NULL) { 3446 error = ENOBUFS; 3447 continue; 3448 } 3449 bcopy(llc, mtod(m0, caddr_t), 3450 sizeof(struct llc)); 3451 } 3452 M_PREPEND(m0, ETHER_HDR_LEN, M_NOWAIT); 3453 if (m0 == NULL) { 3454 error = ENOBUFS; 3455 continue; 3456 } 3457 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3458 } else 3459 m_freem(m); 3460 } 3461 3462 if (error == 0) 3463 KMOD_IPSTAT_INC(ips_fragmented); 3464 3465 return (error); 3466 3467out: 3468 if (m != NULL) 3469 m_freem(m); 3470 return (error); 3471} 3472 3473static void 3474bridge_linkstate(struct ifnet *ifp) 3475{ 3476 struct bridge_softc *sc = ifp->if_bridge; 3477 struct bridge_iflist *bif; 3478 3479 BRIDGE_LOCK(sc); 3480 bif = bridge_lookup_member_if(sc, ifp); 3481 if (bif == NULL) { 3482 BRIDGE_UNLOCK(sc); 3483 return; 3484 } 3485 bridge_linkcheck(sc); 3486 BRIDGE_UNLOCK(sc); 3487 3488 bstp_linkstate(&bif->bif_stp); 3489} 3490 3491static void 3492bridge_linkcheck(struct bridge_softc *sc) 3493{ 3494 struct bridge_iflist *bif; 3495 int new_link, hasls; 3496 3497 BRIDGE_LOCK_ASSERT(sc); 3498 new_link = LINK_STATE_DOWN; 3499 hasls = 0; 3500 /* Our link is considered up if at least one of our ports is active */ 3501 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 3502 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE) 3503 hasls++; 3504 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) { 3505 new_link = LINK_STATE_UP; 3506 break; 3507 } 3508 } 3509 if (!LIST_EMPTY(&sc->sc_iflist) && !hasls) { 3510 /* If no interfaces support link-state then we default to up */ 3511 new_link = LINK_STATE_UP; 3512 } 3513 if_link_state_change(sc->sc_ifp, new_link); 3514} 3515