if_bridge.c revision 164033
1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38/* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71/* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82#include <sys/cdefs.h> 83__FBSDID("$FreeBSD: head/sys/net/if_bridge.c 164033 2006-11-06 13:42:10Z rwatson $"); 84 85#include "opt_inet.h" 86#include "opt_inet6.h" 87#include "opt_carp.h" 88 89#include <sys/param.h> 90#include <sys/mbuf.h> 91#include <sys/malloc.h> 92#include <sys/protosw.h> 93#include <sys/systm.h> 94#include <sys/time.h> 95#include <sys/socket.h> /* for net/if.h */ 96#include <sys/sockio.h> 97#include <sys/ctype.h> /* string functions */ 98#include <sys/kernel.h> 99#include <sys/random.h> 100#include <sys/syslog.h> 101#include <sys/sysctl.h> 102#include <vm/uma.h> 103#include <sys/module.h> 104#include <sys/priv.h> 105#include <sys/proc.h> 106#include <sys/lock.h> 107#include <sys/mutex.h> 108 109#include <net/bpf.h> 110#include <net/if.h> 111#include <net/if_clone.h> 112#include <net/if_dl.h> 113#include <net/if_types.h> 114#include <net/if_var.h> 115#include <net/pfil.h> 116 117#include <netinet/in.h> /* for struct arpcom */ 118#include <netinet/in_systm.h> 119#include <netinet/in_var.h> 120#include <netinet/ip.h> 121#include <netinet/ip_var.h> 122#ifdef INET6 123#include <netinet/ip6.h> 124#include <netinet6/ip6_var.h> 125#endif 126#ifdef DEV_CARP 127#include <netinet/ip_carp.h> 128#endif 129#include <machine/in_cksum.h> 130#include <netinet/if_ether.h> /* for struct arpcom */ 131#include <net/bridgestp.h> 132#include <net/if_bridgevar.h> 133#include <net/if_llc.h> 134 135#include <net/route.h> 136#include <netinet/ip_fw.h> 137#include <netinet/ip_dummynet.h> 138 139/* 140 * Size of the route hash table. Must be a power of two. 141 */ 142#ifndef BRIDGE_RTHASH_SIZE 143#define BRIDGE_RTHASH_SIZE 1024 144#endif 145 146#define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 147 148/* 149 * Maximum number of addresses to cache. 150 */ 151#ifndef BRIDGE_RTABLE_MAX 152#define BRIDGE_RTABLE_MAX 100 153#endif 154 155/* 156 * Timeout (in seconds) for entries learned dynamically. 157 */ 158#ifndef BRIDGE_RTABLE_TIMEOUT 159#define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 160#endif 161 162/* 163 * Number of seconds between walks of the route list. 164 */ 165#ifndef BRIDGE_RTABLE_PRUNE_PERIOD 166#define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 167#endif 168 169/* 170 * List of capabilities to mask on the member interface. 171 */ 172#define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 173 174/* 175 * Bridge interface list entry. 176 */ 177struct bridge_iflist { 178 LIST_ENTRY(bridge_iflist) bif_next; 179 struct ifnet *bif_ifp; /* member if */ 180 struct bstp_port bif_stp; /* STP state */ 181 uint32_t bif_flags; /* member if flags */ 182 int bif_mutecap; /* member muted caps */ 183}; 184 185/* 186 * Bridge route node. 187 */ 188struct bridge_rtnode { 189 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 190 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 191 struct ifnet *brt_ifp; /* destination if */ 192 unsigned long brt_expire; /* expiration time */ 193 uint8_t brt_flags; /* address flags */ 194 uint8_t brt_addr[ETHER_ADDR_LEN]; 195}; 196 197/* 198 * Software state for each bridge. 199 */ 200struct bridge_softc { 201 struct ifnet *sc_ifp; /* make this an interface */ 202 LIST_ENTRY(bridge_softc) sc_list; 203 struct mtx sc_mtx; 204 struct cv sc_cv; 205 uint32_t sc_brtmax; /* max # of addresses */ 206 uint32_t sc_brtcnt; /* cur. # of addresses */ 207 uint32_t sc_brttimeout; /* rt timeout in seconds */ 208 struct callout sc_brcallout; /* bridge callout */ 209 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 210 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 211 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 212 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 213 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 214 uint32_t sc_rthash_key; /* key for hash */ 215 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 216 struct bstp_state sc_stp; /* STP state */ 217 uint32_t sc_brtexceeded; /* # of cache drops */ 218}; 219 220static struct mtx bridge_list_mtx; 221eventhandler_tag bridge_detach_cookie = NULL; 222 223int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 224 225uma_zone_t bridge_rtnode_zone; 226 227static int bridge_clone_create(struct if_clone *, int, caddr_t); 228static void bridge_clone_destroy(struct ifnet *); 229 230static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 231static void bridge_mutecaps(struct bridge_iflist *, int); 232static void bridge_ifdetach(void *arg __unused, struct ifnet *); 233static void bridge_init(void *); 234static void bridge_dummynet(struct mbuf *, struct ifnet *); 235static void bridge_stop(struct ifnet *, int); 236static void bridge_start(struct ifnet *); 237static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 238static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 239 struct rtentry *); 240static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 241 struct mbuf *); 242static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 243 244static void bridge_forward(struct bridge_softc *, struct mbuf *m); 245 246static void bridge_timer(void *); 247 248static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 249 struct mbuf *, int); 250static void bridge_span(struct bridge_softc *, struct mbuf *); 251 252static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 253 struct ifnet *, int, uint8_t); 254static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 255static void bridge_rttrim(struct bridge_softc *); 256static void bridge_rtage(struct bridge_softc *); 257static void bridge_rtflush(struct bridge_softc *, int); 258static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 259 260static int bridge_rtable_init(struct bridge_softc *); 261static void bridge_rtable_fini(struct bridge_softc *); 262 263static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 264static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 265 const uint8_t *); 266static int bridge_rtnode_insert(struct bridge_softc *, 267 struct bridge_rtnode *); 268static void bridge_rtnode_destroy(struct bridge_softc *, 269 struct bridge_rtnode *); 270static void bridge_rtable_expire(struct ifnet *, int); 271static void bridge_state_change(struct ifnet *, int); 272 273static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 274 const char *name); 275static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 276 struct ifnet *ifp); 277static void bridge_delete_member(struct bridge_softc *, 278 struct bridge_iflist *, int); 279static void bridge_delete_span(struct bridge_softc *, 280 struct bridge_iflist *); 281 282static int bridge_ioctl_add(struct bridge_softc *, void *); 283static int bridge_ioctl_del(struct bridge_softc *, void *); 284static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 285static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 286static int bridge_ioctl_scache(struct bridge_softc *, void *); 287static int bridge_ioctl_gcache(struct bridge_softc *, void *); 288static int bridge_ioctl_gifs(struct bridge_softc *, void *); 289static int bridge_ioctl_rts(struct bridge_softc *, void *); 290static int bridge_ioctl_saddr(struct bridge_softc *, void *); 291static int bridge_ioctl_sto(struct bridge_softc *, void *); 292static int bridge_ioctl_gto(struct bridge_softc *, void *); 293static int bridge_ioctl_daddr(struct bridge_softc *, void *); 294static int bridge_ioctl_flush(struct bridge_softc *, void *); 295static int bridge_ioctl_gpri(struct bridge_softc *, void *); 296static int bridge_ioctl_spri(struct bridge_softc *, void *); 297static int bridge_ioctl_ght(struct bridge_softc *, void *); 298static int bridge_ioctl_sht(struct bridge_softc *, void *); 299static int bridge_ioctl_gfd(struct bridge_softc *, void *); 300static int bridge_ioctl_sfd(struct bridge_softc *, void *); 301static int bridge_ioctl_gma(struct bridge_softc *, void *); 302static int bridge_ioctl_sma(struct bridge_softc *, void *); 303static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 304static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 305static int bridge_ioctl_addspan(struct bridge_softc *, void *); 306static int bridge_ioctl_delspan(struct bridge_softc *, void *); 307static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 308static int bridge_ioctl_grte(struct bridge_softc *, void *); 309static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 310static int bridge_ioctl_sproto(struct bridge_softc *, void *); 311static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 312static int bridge_ioctl_sedge(struct bridge_softc *, void *); 313static int bridge_ioctl_saedge(struct bridge_softc *, void *); 314static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 315 int); 316static int bridge_ip_checkbasic(struct mbuf **mp); 317#ifdef INET6 318static int bridge_ip6_checkbasic(struct mbuf **mp); 319#endif /* INET6 */ 320static int bridge_fragment(struct ifnet *, struct mbuf *, 321 struct ether_header *, int, struct llc *); 322 323SYSCTL_DECL(_net_link); 324SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 325 326static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 327static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 328static int pfil_member = 1; /* run pfil hooks on the member interface */ 329static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 330static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 331static int log_stp = 0; /* log STP state changes */ 332SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 333 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 334SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 335 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 336SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 337 &pfil_bridge, 0, "Packet filter on the bridge interface"); 338SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 339 &pfil_member, 0, "Packet filter on the member interface"); 340SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 341 &log_stp, 0, "Log STP state changes"); 342 343struct bridge_control { 344 int (*bc_func)(struct bridge_softc *, void *); 345 int bc_argsize; 346 int bc_flags; 347}; 348 349#define BC_F_COPYIN 0x01 /* copy arguments in */ 350#define BC_F_COPYOUT 0x02 /* copy arguments out */ 351#define BC_F_SUSER 0x04 /* do super-user check */ 352 353const struct bridge_control bridge_control_table[] = { 354 { bridge_ioctl_add, sizeof(struct ifbreq), 355 BC_F_COPYIN|BC_F_SUSER }, 356 { bridge_ioctl_del, sizeof(struct ifbreq), 357 BC_F_COPYIN|BC_F_SUSER }, 358 359 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_COPYOUT }, 361 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 362 BC_F_COPYIN|BC_F_SUSER }, 363 364 { bridge_ioctl_scache, sizeof(struct ifbrparam), 365 BC_F_COPYIN|BC_F_SUSER }, 366 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 367 BC_F_COPYOUT }, 368 369 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 370 BC_F_COPYIN|BC_F_COPYOUT }, 371 { bridge_ioctl_rts, sizeof(struct ifbaconf), 372 BC_F_COPYIN|BC_F_COPYOUT }, 373 374 { bridge_ioctl_saddr, sizeof(struct ifbareq), 375 BC_F_COPYIN|BC_F_SUSER }, 376 377 { bridge_ioctl_sto, sizeof(struct ifbrparam), 378 BC_F_COPYIN|BC_F_SUSER }, 379 { bridge_ioctl_gto, sizeof(struct ifbrparam), 380 BC_F_COPYOUT }, 381 382 { bridge_ioctl_daddr, sizeof(struct ifbareq), 383 BC_F_COPYIN|BC_F_SUSER }, 384 385 { bridge_ioctl_flush, sizeof(struct ifbreq), 386 BC_F_COPYIN|BC_F_SUSER }, 387 388 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 389 BC_F_COPYOUT }, 390 { bridge_ioctl_spri, sizeof(struct ifbrparam), 391 BC_F_COPYIN|BC_F_SUSER }, 392 393 { bridge_ioctl_ght, sizeof(struct ifbrparam), 394 BC_F_COPYOUT }, 395 { bridge_ioctl_sht, sizeof(struct ifbrparam), 396 BC_F_COPYIN|BC_F_SUSER }, 397 398 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 399 BC_F_COPYOUT }, 400 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 401 BC_F_COPYIN|BC_F_SUSER }, 402 403 { bridge_ioctl_gma, sizeof(struct ifbrparam), 404 BC_F_COPYOUT }, 405 { bridge_ioctl_sma, sizeof(struct ifbrparam), 406 BC_F_COPYIN|BC_F_SUSER }, 407 408 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 409 BC_F_COPYIN|BC_F_SUSER }, 410 411 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 412 BC_F_COPYIN|BC_F_SUSER }, 413 414 { bridge_ioctl_addspan, sizeof(struct ifbreq), 415 BC_F_COPYIN|BC_F_SUSER }, 416 { bridge_ioctl_delspan, sizeof(struct ifbreq), 417 BC_F_COPYIN|BC_F_SUSER }, 418 419 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 420 BC_F_COPYOUT }, 421 422 { bridge_ioctl_grte, sizeof(struct ifbrparam), 423 BC_F_COPYOUT }, 424 425 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 426 BC_F_COPYOUT }, 427 428 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 429 BC_F_COPYIN|BC_F_SUSER }, 430 431 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 432 BC_F_COPYIN|BC_F_SUSER }, 433 434 { bridge_ioctl_sedge, sizeof(struct ifbreq), 435 BC_F_COPYIN|BC_F_SUSER }, 436 437 { bridge_ioctl_saedge, sizeof(struct ifbreq), 438 BC_F_COPYIN|BC_F_SUSER }, 439}; 440const int bridge_control_table_size = 441 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 442 443static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 444 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 445 446LIST_HEAD(, bridge_softc) bridge_list; 447 448IFC_SIMPLE_DECLARE(bridge, 0); 449 450static int 451bridge_modevent(module_t mod, int type, void *data) 452{ 453 454 switch (type) { 455 case MOD_LOAD: 456 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 457 if_clone_attach(&bridge_cloner); 458 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 459 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 460 UMA_ALIGN_PTR, 0); 461 LIST_INIT(&bridge_list); 462 bridge_input_p = bridge_input; 463 bridge_output_p = bridge_output; 464 bridge_dn_p = bridge_dummynet; 465 bstp_linkstate_p = bstp_linkstate; 466 bridge_detach_cookie = EVENTHANDLER_REGISTER( 467 ifnet_departure_event, bridge_ifdetach, NULL, 468 EVENTHANDLER_PRI_ANY); 469 break; 470 case MOD_UNLOAD: 471 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 472 bridge_detach_cookie); 473 if_clone_detach(&bridge_cloner); 474 uma_zdestroy(bridge_rtnode_zone); 475 bridge_input_p = NULL; 476 bridge_output_p = NULL; 477 bridge_dn_p = NULL; 478 bstp_linkstate_p = NULL; 479 mtx_destroy(&bridge_list_mtx); 480 break; 481 default: 482 return (EOPNOTSUPP); 483 } 484 return (0); 485} 486 487static moduledata_t bridge_mod = { 488 "if_bridge", 489 bridge_modevent, 490 0 491}; 492 493DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 494MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 495 496/* 497 * handler for net.link.bridge.pfil_ipfw 498 */ 499static int 500sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 501{ 502 int enable = pfil_ipfw; 503 int error; 504 505 error = sysctl_handle_int(oidp, &enable, 0, req); 506 enable = (enable) ? 1 : 0; 507 508 if (enable != pfil_ipfw) { 509 pfil_ipfw = enable; 510 511 /* 512 * Disable pfil so that ipfw doesnt run twice, if the user 513 * really wants both then they can re-enable pfil_bridge and/or 514 * pfil_member. Also allow non-ip packets as ipfw can filter by 515 * layer2 type. 516 */ 517 if (pfil_ipfw) { 518 pfil_onlyip = 0; 519 pfil_bridge = 0; 520 pfil_member = 0; 521 } 522 } 523 524 return (error); 525} 526SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 527 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 528 529/* 530 * bridge_clone_create: 531 * 532 * Create a new bridge instance. 533 */ 534static int 535bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 536{ 537 struct bridge_softc *sc, *sc2; 538 struct ifnet *bifp, *ifp; 539 u_char eaddr[6]; 540 int retry; 541 542 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 543 BRIDGE_LOCK_INIT(sc); 544 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 545 if (ifp == NULL) { 546 free(sc, M_DEVBUF); 547 return (ENOSPC); 548 } 549 550 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 551 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 552 553 /* Initialize our routing table. */ 554 bridge_rtable_init(sc); 555 556 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 557 558 LIST_INIT(&sc->sc_iflist); 559 LIST_INIT(&sc->sc_spanlist); 560 561 ifp->if_softc = sc; 562 if_initname(ifp, ifc->ifc_name, unit); 563 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 564 ifp->if_ioctl = bridge_ioctl; 565 ifp->if_start = bridge_start; 566 ifp->if_init = bridge_init; 567 ifp->if_type = IFT_BRIDGE; 568 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 569 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 570 IFQ_SET_READY(&ifp->if_snd); 571 572 /* 573 * Generate a random ethernet address with a locally administered 574 * address. 575 * 576 * Since we are using random ethernet addresses for the bridge, it is 577 * possible that we might have address collisions, so make sure that 578 * this hardware address isn't already in use on another bridge. 579 */ 580 for (retry = 1; retry != 0;) { 581 arc4rand(eaddr, ETHER_ADDR_LEN, 1); 582 eaddr[0] &= ~1; /* clear multicast bit */ 583 eaddr[0] |= 2; /* set the LAA bit */ 584 retry = 0; 585 mtx_lock(&bridge_list_mtx); 586 LIST_FOREACH(sc2, &bridge_list, sc_list) { 587 bifp = sc2->sc_ifp; 588 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 589 retry = 1; 590 } 591 mtx_unlock(&bridge_list_mtx); 592 } 593 594 bstp_attach(&sc->sc_stp, bridge_state_change, bridge_rtable_expire); 595 ether_ifattach(ifp, eaddr); 596 /* Now undo some of the damage... */ 597 ifp->if_baudrate = 0; 598 ifp->if_type = IFT_BRIDGE; 599 600 mtx_lock(&bridge_list_mtx); 601 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 602 mtx_unlock(&bridge_list_mtx); 603 604 return (0); 605} 606 607/* 608 * bridge_clone_destroy: 609 * 610 * Destroy a bridge instance. 611 */ 612static void 613bridge_clone_destroy(struct ifnet *ifp) 614{ 615 struct bridge_softc *sc = ifp->if_softc; 616 struct bridge_iflist *bif; 617 618 BRIDGE_LOCK(sc); 619 620 bridge_stop(ifp, 1); 621 ifp->if_flags &= ~IFF_UP; 622 623 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 624 bridge_delete_member(sc, bif, 0); 625 626 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 627 bridge_delete_span(sc, bif); 628 } 629 630 BRIDGE_UNLOCK(sc); 631 632 callout_drain(&sc->sc_brcallout); 633 634 mtx_lock(&bridge_list_mtx); 635 LIST_REMOVE(sc, sc_list); 636 mtx_unlock(&bridge_list_mtx); 637 638 bstp_detach(&sc->sc_stp); 639 ether_ifdetach(ifp); 640 if_free_type(ifp, IFT_ETHER); 641 642 /* Tear down the routing table. */ 643 bridge_rtable_fini(sc); 644 645 BRIDGE_LOCK_DESTROY(sc); 646 free(sc, M_DEVBUF); 647} 648 649/* 650 * bridge_ioctl: 651 * 652 * Handle a control request from the operator. 653 */ 654static int 655bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 656{ 657 struct bridge_softc *sc = ifp->if_softc; 658 struct thread *td = curthread; 659 union { 660 struct ifbreq ifbreq; 661 struct ifbifconf ifbifconf; 662 struct ifbareq ifbareq; 663 struct ifbaconf ifbaconf; 664 struct ifbrparam ifbrparam; 665 } args; 666 struct ifdrv *ifd = (struct ifdrv *) data; 667 const struct bridge_control *bc; 668 int error = 0; 669 670 BRIDGE_LOCK(sc); 671 672 switch (cmd) { 673 674 case SIOCADDMULTI: 675 case SIOCDELMULTI: 676 break; 677 678 case SIOCGDRVSPEC: 679 case SIOCSDRVSPEC: 680 if (ifd->ifd_cmd >= bridge_control_table_size) { 681 error = EINVAL; 682 break; 683 } 684 bc = &bridge_control_table[ifd->ifd_cmd]; 685 686 if (cmd == SIOCGDRVSPEC && 687 (bc->bc_flags & BC_F_COPYOUT) == 0) { 688 error = EINVAL; 689 break; 690 } 691 else if (cmd == SIOCSDRVSPEC && 692 (bc->bc_flags & BC_F_COPYOUT) != 0) { 693 error = EINVAL; 694 break; 695 } 696 697 if (bc->bc_flags & BC_F_SUSER) { 698 error = priv_check(td, PRIV_NET_BRIDGE); 699 if (error) 700 break; 701 } 702 703 if (ifd->ifd_len != bc->bc_argsize || 704 ifd->ifd_len > sizeof(args)) { 705 error = EINVAL; 706 break; 707 } 708 709 bzero(&args, sizeof(args)); 710 if (bc->bc_flags & BC_F_COPYIN) { 711 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 712 if (error) 713 break; 714 } 715 716 error = (*bc->bc_func)(sc, &args); 717 if (error) 718 break; 719 720 if (bc->bc_flags & BC_F_COPYOUT) 721 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 722 723 break; 724 725 case SIOCSIFFLAGS: 726 if (!(ifp->if_flags & IFF_UP) && 727 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 728 /* 729 * If interface is marked down and it is running, 730 * then stop and disable it. 731 */ 732 bridge_stop(ifp, 1); 733 } else if ((ifp->if_flags & IFF_UP) && 734 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 735 /* 736 * If interface is marked up and it is stopped, then 737 * start it. 738 */ 739 BRIDGE_UNLOCK(sc); 740 (*ifp->if_init)(sc); 741 } 742 break; 743 744 case SIOCSIFMTU: 745 /* Do not allow the MTU to be changed on the bridge */ 746 error = EINVAL; 747 break; 748 749 default: 750 /* 751 * drop the lock as ether_ioctl() will call bridge_start() and 752 * cause the lock to be recursed. 753 */ 754 BRIDGE_UNLOCK(sc); 755 error = ether_ioctl(ifp, cmd, data); 756 break; 757 } 758 759 if (BRIDGE_LOCKED(sc)) 760 BRIDGE_UNLOCK(sc); 761 762 return (error); 763} 764 765/* 766 * bridge_mutecaps: 767 * 768 * Clear or restore unwanted capabilities on the member interface 769 */ 770static void 771bridge_mutecaps(struct bridge_iflist *bif, int mute) 772{ 773 struct ifnet *ifp = bif->bif_ifp; 774 struct ifreq ifr; 775 int error; 776 777 if (ifp->if_ioctl == NULL) 778 return; 779 780 bzero(&ifr, sizeof(ifr)); 781 ifr.ifr_reqcap = ifp->if_capenable; 782 783 if (mute) { 784 /* mask off and save capabilities */ 785 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 786 if (bif->bif_mutecap != 0) 787 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 788 } else 789 /* restore muted capabilities */ 790 ifr.ifr_reqcap |= bif->bif_mutecap; 791 792 793 if (bif->bif_mutecap != 0) { 794 IFF_LOCKGIANT(ifp); 795 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 796 IFF_UNLOCKGIANT(ifp); 797 } 798} 799 800/* 801 * bridge_lookup_member: 802 * 803 * Lookup a bridge member interface. 804 */ 805static struct bridge_iflist * 806bridge_lookup_member(struct bridge_softc *sc, const char *name) 807{ 808 struct bridge_iflist *bif; 809 struct ifnet *ifp; 810 811 BRIDGE_LOCK_ASSERT(sc); 812 813 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 814 ifp = bif->bif_ifp; 815 if (strcmp(ifp->if_xname, name) == 0) 816 return (bif); 817 } 818 819 return (NULL); 820} 821 822/* 823 * bridge_lookup_member_if: 824 * 825 * Lookup a bridge member interface by ifnet*. 826 */ 827static struct bridge_iflist * 828bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 829{ 830 struct bridge_iflist *bif; 831 832 BRIDGE_LOCK_ASSERT(sc); 833 834 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 835 if (bif->bif_ifp == member_ifp) 836 return (bif); 837 } 838 839 return (NULL); 840} 841 842/* 843 * bridge_delete_member: 844 * 845 * Delete the specified member interface. 846 */ 847static void 848bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 849 int gone) 850{ 851 struct ifnet *ifs = bif->bif_ifp; 852 853 BRIDGE_LOCK_ASSERT(sc); 854 855 if (!gone) { 856 switch (ifs->if_type) { 857 case IFT_ETHER: 858 case IFT_L2VLAN: 859 /* 860 * Take the interface out of promiscuous mode. 861 */ 862 (void) ifpromisc(ifs, 0); 863 bridge_mutecaps(bif, 0); 864 break; 865 866 case IFT_GIF: 867 break; 868 869 default: 870#ifdef DIAGNOSTIC 871 panic("bridge_delete_member: impossible"); 872#endif 873 break; 874 } 875 } 876 877 if (bif->bif_flags & IFBIF_STP) 878 bstp_delete(&bif->bif_stp); 879 880 ifs->if_bridge = NULL; 881 BRIDGE_XLOCK(sc); 882 LIST_REMOVE(bif, bif_next); 883 BRIDGE_XDROP(sc); 884 885 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 886 887 BRIDGE_UNLOCK(sc); 888 bstp_drain(&bif->bif_stp); /* prepare to free */ 889 BRIDGE_LOCK(sc); 890 free(bif, M_DEVBUF); 891} 892 893/* 894 * bridge_delete_span: 895 * 896 * Delete the specified span interface. 897 */ 898static void 899bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 900{ 901 BRIDGE_LOCK_ASSERT(sc); 902 903 KASSERT(bif->bif_ifp->if_bridge == NULL, 904 ("%s: not a span interface", __func__)); 905 906 LIST_REMOVE(bif, bif_next); 907 free(bif, M_DEVBUF); 908} 909 910static int 911bridge_ioctl_add(struct bridge_softc *sc, void *arg) 912{ 913 struct ifbreq *req = arg; 914 struct bridge_iflist *bif = NULL; 915 struct ifnet *ifs; 916 int error = 0; 917 918 ifs = ifunit(req->ifbr_ifsname); 919 if (ifs == NULL) 920 return (ENOENT); 921 922 /* If it's in the span list, it can't be a member. */ 923 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 924 if (ifs == bif->bif_ifp) 925 return (EBUSY); 926 927 /* Allow the first Ethernet member to define the MTU */ 928 if (ifs->if_type != IFT_GIF) { 929 if (LIST_EMPTY(&sc->sc_iflist)) 930 sc->sc_ifp->if_mtu = ifs->if_mtu; 931 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 932 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 933 ifs->if_xname); 934 return (EINVAL); 935 } 936 } 937 938 if (ifs->if_bridge == sc) 939 return (EEXIST); 940 941 if (ifs->if_bridge != NULL) 942 return (EBUSY); 943 944 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 945 if (bif == NULL) 946 return (ENOMEM); 947 948 bif->bif_ifp = ifs; 949 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 950 951 switch (ifs->if_type) { 952 case IFT_ETHER: 953 case IFT_L2VLAN: 954 /* 955 * Place the interface into promiscuous mode. 956 */ 957 error = ifpromisc(ifs, 1); 958 if (error) 959 goto out; 960 961 bridge_mutecaps(bif, 1); 962 break; 963 964 case IFT_GIF: 965 break; 966 967 default: 968 error = EINVAL; 969 goto out; 970 } 971 972 ifs->if_bridge = sc; 973 /* 974 * XXX: XLOCK HERE!?! 975 * 976 * NOTE: insert_***HEAD*** should be safe for the traversals. 977 */ 978 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 979 980out: 981 if (error) { 982 if (bif != NULL) 983 free(bif, M_DEVBUF); 984 } 985 return (error); 986} 987 988static int 989bridge_ioctl_del(struct bridge_softc *sc, void *arg) 990{ 991 struct ifbreq *req = arg; 992 struct bridge_iflist *bif; 993 994 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 995 if (bif == NULL) 996 return (ENOENT); 997 998 bridge_delete_member(sc, bif, 0); 999 1000 return (0); 1001} 1002 1003static int 1004bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1005{ 1006 struct ifbreq *req = arg; 1007 struct bridge_iflist *bif; 1008 struct bstp_port *bp; 1009 1010 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1011 if (bif == NULL) 1012 return (ENOENT); 1013 1014 bp = &bif->bif_stp; 1015 req->ifbr_ifsflags = bif->bif_flags; 1016 req->ifbr_state = bp->bp_state; 1017 req->ifbr_priority = bp->bp_priority; 1018 req->ifbr_path_cost = bp->bp_path_cost; 1019 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1020 req->ifbr_proto = bp->bp_protover; 1021 req->ifbr_role = bp->bp_role; 1022 req->ifbr_stpflags = bp->bp_flags; 1023 req->ifbr_edge = bp->bp_operedge; 1024 req->ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1 : 0; 1025 req->ifbr_p2p = bp->bp_p2p_link; 1026 1027 return (0); 1028} 1029 1030static int 1031bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1032{ 1033 struct ifbreq *req = arg; 1034 struct bridge_iflist *bif; 1035 int error; 1036 1037 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1038 if (bif == NULL) 1039 return (ENOENT); 1040 1041 if (req->ifbr_ifsflags & IFBIF_SPAN) 1042 /* SPAN is readonly */ 1043 return (EINVAL); 1044 1045 if (req->ifbr_ifsflags & IFBIF_STP) { 1046 if ((bif->bif_flags & IFBIF_STP) == 0) { 1047 error = bstp_add(&sc->sc_stp, &bif->bif_stp, 1048 bif->bif_ifp); 1049 if (error) 1050 return (error); 1051 } 1052 } else { 1053 if ((bif->bif_flags & IFBIF_STP) != 0) 1054 bstp_delete(&bif->bif_stp); 1055 } 1056 1057 bif->bif_flags = req->ifbr_ifsflags; 1058 1059 return (0); 1060} 1061 1062static int 1063bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1064{ 1065 struct ifbrparam *param = arg; 1066 1067 sc->sc_brtmax = param->ifbrp_csize; 1068 bridge_rttrim(sc); 1069 1070 return (0); 1071} 1072 1073static int 1074bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1075{ 1076 struct ifbrparam *param = arg; 1077 1078 param->ifbrp_csize = sc->sc_brtmax; 1079 1080 return (0); 1081} 1082 1083static int 1084bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1085{ 1086 struct ifbifconf *bifc = arg; 1087 struct bridge_iflist *bif; 1088 struct bstp_port *bp; 1089 struct ifbreq breq; 1090 int count, len, error = 0; 1091 1092 count = 0; 1093 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1094 count++; 1095 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1096 count++; 1097 1098 if (bifc->ifbic_len == 0) { 1099 bifc->ifbic_len = sizeof(breq) * count; 1100 return (0); 1101 } 1102 1103 count = 0; 1104 len = bifc->ifbic_len; 1105 bzero(&breq, sizeof(breq)); 1106 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1107 if (len < sizeof(breq)) 1108 break; 1109 1110 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1111 sizeof(breq.ifbr_ifsname)); 1112 bp = &bif->bif_stp; 1113 breq.ifbr_ifsflags = bif->bif_flags; 1114 breq.ifbr_state = bp->bp_state; 1115 breq.ifbr_priority = bp->bp_priority; 1116 breq.ifbr_path_cost = bp->bp_path_cost; 1117 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1118 breq.ifbr_proto = bp->bp_protover; 1119 breq.ifbr_role = bp->bp_role; 1120 breq.ifbr_stpflags = bp->bp_flags; 1121 breq.ifbr_edge = bp->bp_operedge; 1122 breq.ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1:0; 1123 breq.ifbr_p2p = bp->bp_p2p_link; 1124 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1125 if (error) 1126 break; 1127 count++; 1128 len -= sizeof(breq); 1129 } 1130 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1131 if (len < sizeof(breq)) 1132 break; 1133 1134 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1135 sizeof(breq.ifbr_ifsname)); 1136 breq.ifbr_ifsflags = bif->bif_flags; 1137 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1138 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1139 if (error) 1140 break; 1141 count++; 1142 len -= sizeof(breq); 1143 } 1144 1145 bifc->ifbic_len = sizeof(breq) * count; 1146 return (error); 1147} 1148 1149static int 1150bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1151{ 1152 struct ifbaconf *bac = arg; 1153 struct bridge_rtnode *brt; 1154 struct ifbareq bareq; 1155 int count = 0, error = 0, len; 1156 1157 if (bac->ifbac_len == 0) 1158 return (0); 1159 1160 len = bac->ifbac_len; 1161 bzero(&bareq, sizeof(bareq)); 1162 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1163 if (len < sizeof(bareq)) 1164 goto out; 1165 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1166 sizeof(bareq.ifba_ifsname)); 1167 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1168 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1169 time_uptime < brt->brt_expire) 1170 bareq.ifba_expire = brt->brt_expire - time_uptime; 1171 else 1172 bareq.ifba_expire = 0; 1173 bareq.ifba_flags = brt->brt_flags; 1174 1175 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1176 if (error) 1177 goto out; 1178 count++; 1179 len -= sizeof(bareq); 1180 } 1181out: 1182 bac->ifbac_len = sizeof(bareq) * count; 1183 return (error); 1184} 1185 1186static int 1187bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1188{ 1189 struct ifbareq *req = arg; 1190 struct bridge_iflist *bif; 1191 int error; 1192 1193 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1194 if (bif == NULL) 1195 return (ENOENT); 1196 1197 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1198 req->ifba_flags); 1199 1200 return (error); 1201} 1202 1203static int 1204bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1205{ 1206 struct ifbrparam *param = arg; 1207 1208 sc->sc_brttimeout = param->ifbrp_ctime; 1209 return (0); 1210} 1211 1212static int 1213bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1214{ 1215 struct ifbrparam *param = arg; 1216 1217 param->ifbrp_ctime = sc->sc_brttimeout; 1218 return (0); 1219} 1220 1221static int 1222bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1223{ 1224 struct ifbareq *req = arg; 1225 1226 return (bridge_rtdaddr(sc, req->ifba_dst)); 1227} 1228 1229static int 1230bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1231{ 1232 struct ifbreq *req = arg; 1233 1234 bridge_rtflush(sc, req->ifbr_ifsflags); 1235 return (0); 1236} 1237 1238static int 1239bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1240{ 1241 struct ifbrparam *param = arg; 1242 struct bstp_state *bs = &sc->sc_stp; 1243 1244 param->ifbrp_prio = bs->bs_bridge_priority; 1245 return (0); 1246} 1247 1248static int 1249bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1250{ 1251 struct ifbrparam *param = arg; 1252 1253 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1254} 1255 1256static int 1257bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1258{ 1259 struct ifbrparam *param = arg; 1260 struct bstp_state *bs = &sc->sc_stp; 1261 1262 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1263 return (0); 1264} 1265 1266static int 1267bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1268{ 1269 struct ifbrparam *param = arg; 1270 1271 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1272} 1273 1274static int 1275bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1276{ 1277 struct ifbrparam *param = arg; 1278 struct bstp_state *bs = &sc->sc_stp; 1279 1280 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1281 return (0); 1282} 1283 1284static int 1285bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1286{ 1287 struct ifbrparam *param = arg; 1288 1289 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1290} 1291 1292static int 1293bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1294{ 1295 struct ifbrparam *param = arg; 1296 struct bstp_state *bs = &sc->sc_stp; 1297 1298 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1299 return (0); 1300} 1301 1302static int 1303bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1304{ 1305 struct ifbrparam *param = arg; 1306 1307 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1308} 1309 1310static int 1311bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1312{ 1313 struct ifbreq *req = arg; 1314 struct bridge_iflist *bif; 1315 1316 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1317 if (bif == NULL) 1318 return (ENOENT); 1319 1320 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1321} 1322 1323static int 1324bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1325{ 1326 struct ifbreq *req = arg; 1327 struct bridge_iflist *bif; 1328 1329 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1330 if (bif == NULL) 1331 return (ENOENT); 1332 1333 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1334} 1335 1336static int 1337bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1338{ 1339 struct ifbreq *req = arg; 1340 struct bridge_iflist *bif = NULL; 1341 struct ifnet *ifs; 1342 1343 ifs = ifunit(req->ifbr_ifsname); 1344 if (ifs == NULL) 1345 return (ENOENT); 1346 1347 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1348 if (ifs == bif->bif_ifp) 1349 return (EBUSY); 1350 1351 if (ifs->if_bridge != NULL) 1352 return (EBUSY); 1353 1354 switch (ifs->if_type) { 1355 case IFT_ETHER: 1356 case IFT_GIF: 1357 case IFT_L2VLAN: 1358 break; 1359 default: 1360 return (EINVAL); 1361 } 1362 1363 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1364 if (bif == NULL) 1365 return (ENOMEM); 1366 1367 bif->bif_ifp = ifs; 1368 bif->bif_flags = IFBIF_SPAN; 1369 1370 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1371 1372 return (0); 1373} 1374 1375static int 1376bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1377{ 1378 struct ifbreq *req = arg; 1379 struct bridge_iflist *bif; 1380 struct ifnet *ifs; 1381 1382 ifs = ifunit(req->ifbr_ifsname); 1383 if (ifs == NULL) 1384 return (ENOENT); 1385 1386 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1387 if (ifs == bif->bif_ifp) 1388 break; 1389 1390 if (bif == NULL) 1391 return (ENOENT); 1392 1393 bridge_delete_span(sc, bif); 1394 1395 return (0); 1396} 1397 1398static int 1399bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1400{ 1401 struct ifbropreq *req = arg; 1402 struct bstp_state *bs = &sc->sc_stp; 1403 struct bstp_port *root_port; 1404 1405 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1406 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1407 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1408 1409 root_port = bs->bs_root_port; 1410 if (root_port == NULL) 1411 req->ifbop_root_port = 0; 1412 else 1413 req->ifbop_root_port = root_port->bp_ifp->if_index; 1414 1415 req->ifbop_holdcount = bs->bs_txholdcount; 1416 req->ifbop_priority = bs->bs_bridge_priority; 1417 req->ifbop_protocol = bs->bs_protover; 1418 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1419 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1420 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1421 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1422 1423 return (0); 1424} 1425 1426static int 1427bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1428{ 1429 struct ifbrparam *param = arg; 1430 1431 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1432 return (0); 1433} 1434 1435static int 1436bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1437{ 1438 struct ifbpstpconf *bifstp = arg; 1439 struct bridge_iflist *bif; 1440 struct bstp_port *bp; 1441 struct ifbpstpreq bpreq; 1442 int count, len, error = 0; 1443 1444 count = 0; 1445 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1446 if ((bif->bif_flags & IFBIF_STP) != 0) 1447 count++; 1448 } 1449 1450 if (bifstp->ifbpstp_len == 0) { 1451 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1452 return (0); 1453 } 1454 1455 count = 0; 1456 len = bifstp->ifbpstp_len; 1457 bzero(&bpreq, sizeof(bpreq)); 1458 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1459 if (len < sizeof(bpreq)) 1460 break; 1461 1462 if ((bif->bif_flags & IFBIF_STP) == 0) 1463 continue; 1464 1465 bp = &bif->bif_stp; 1466 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1467 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1468 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1469 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1470 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1471 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1472 1473 error = copyout(&bpreq, bifstp->ifbpstp_req + count, 1474 sizeof(bpreq)); 1475 if (error != 0) 1476 break; 1477 1478 count++; 1479 len -= sizeof(bpreq); 1480 } 1481 1482 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1483 return (error); 1484} 1485 1486static int 1487bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1488{ 1489 struct ifbrparam *param = arg; 1490 1491 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1492} 1493 1494static int 1495bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1496{ 1497 struct ifbrparam *param = arg; 1498 1499 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1500} 1501 1502static int 1503bridge_ioctl_sedge(struct bridge_softc *sc, void *arg) 1504{ 1505 struct ifbreq *req = arg; 1506 struct bridge_iflist *bif; 1507 1508 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1509 if (bif == NULL) 1510 return (ENOENT); 1511 1512 return (bstp_set_edge(&bif->bif_stp, req->ifbr_edge)); 1513} 1514 1515static int 1516bridge_ioctl_saedge(struct bridge_softc *sc, void *arg) 1517{ 1518 struct ifbreq *req = arg; 1519 struct bridge_iflist *bif; 1520 1521 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1522 if (bif == NULL) 1523 return (ENOENT); 1524 1525 return (bstp_set_autoedge(&bif->bif_stp, req->ifbr_autoedge)); 1526} 1527 1528/* 1529 * bridge_ifdetach: 1530 * 1531 * Detach an interface from a bridge. Called when a member 1532 * interface is detaching. 1533 */ 1534static void 1535bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1536{ 1537 struct bridge_softc *sc = ifp->if_bridge; 1538 struct bridge_iflist *bif; 1539 1540 /* Check if the interface is a bridge member */ 1541 if (sc != NULL) { 1542 BRIDGE_LOCK(sc); 1543 1544 bif = bridge_lookup_member_if(sc, ifp); 1545 if (bif != NULL) 1546 bridge_delete_member(sc, bif, 1); 1547 1548 BRIDGE_UNLOCK(sc); 1549 return; 1550 } 1551 1552 /* Check if the interface is a span port */ 1553 mtx_lock(&bridge_list_mtx); 1554 LIST_FOREACH(sc, &bridge_list, sc_list) { 1555 BRIDGE_LOCK(sc); 1556 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1557 if (ifp == bif->bif_ifp) { 1558 bridge_delete_span(sc, bif); 1559 break; 1560 } 1561 1562 BRIDGE_UNLOCK(sc); 1563 } 1564 mtx_unlock(&bridge_list_mtx); 1565} 1566 1567/* 1568 * bridge_init: 1569 * 1570 * Initialize a bridge interface. 1571 */ 1572static void 1573bridge_init(void *xsc) 1574{ 1575 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1576 struct ifnet *ifp = sc->sc_ifp; 1577 1578 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1579 return; 1580 1581 BRIDGE_LOCK(sc); 1582 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1583 bridge_timer, sc); 1584 1585 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1586 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1587 1588 BRIDGE_UNLOCK(sc); 1589} 1590 1591/* 1592 * bridge_stop: 1593 * 1594 * Stop the bridge interface. 1595 */ 1596static void 1597bridge_stop(struct ifnet *ifp, int disable) 1598{ 1599 struct bridge_softc *sc = ifp->if_softc; 1600 1601 BRIDGE_LOCK_ASSERT(sc); 1602 1603 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1604 return; 1605 1606 callout_stop(&sc->sc_brcallout); 1607 bstp_stop(&sc->sc_stp); 1608 1609 bridge_rtflush(sc, IFBF_FLUSHDYN); 1610 1611 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1612} 1613 1614/* 1615 * bridge_enqueue: 1616 * 1617 * Enqueue a packet on a bridge member interface. 1618 * 1619 */ 1620static void 1621bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1622{ 1623 int len, err = 0; 1624 short mflags; 1625 struct mbuf *m0; 1626 1627 len = m->m_pkthdr.len; 1628 mflags = m->m_flags; 1629 1630 /* We may be sending a fragment so traverse the mbuf */ 1631 for (; m; m = m0) { 1632 m0 = m->m_nextpkt; 1633 m->m_nextpkt = NULL; 1634 1635 if (err == 0) 1636 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err); 1637 } 1638 1639 if (err == 0) { 1640 1641 sc->sc_ifp->if_opackets++; 1642 sc->sc_ifp->if_obytes += len; 1643 1644 dst_ifp->if_obytes += len; 1645 1646 if (mflags & M_MCAST) { 1647 sc->sc_ifp->if_omcasts++; 1648 dst_ifp->if_omcasts++; 1649 } 1650 } 1651 1652 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0) 1653 (*dst_ifp->if_start)(dst_ifp); 1654} 1655 1656/* 1657 * bridge_dummynet: 1658 * 1659 * Receive a queued packet from dummynet and pass it on to the output 1660 * interface. 1661 * 1662 * The mbuf has the Ethernet header already attached. 1663 */ 1664static void 1665bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1666{ 1667 struct bridge_softc *sc; 1668 1669 sc = ifp->if_bridge; 1670 1671 /* 1672 * The packet didnt originate from a member interface. This should only 1673 * ever happen if a member interface is removed while packets are 1674 * queued for it. 1675 */ 1676 if (sc == NULL) { 1677 m_freem(m); 1678 return; 1679 } 1680 1681 if (PFIL_HOOKED(&inet_pfil_hook) 1682#ifdef INET6 1683 || PFIL_HOOKED(&inet6_pfil_hook) 1684#endif 1685 ) { 1686 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1687 return; 1688 if (m == NULL) 1689 return; 1690 } 1691 1692 bridge_enqueue(sc, ifp, m); 1693} 1694 1695/* 1696 * bridge_output: 1697 * 1698 * Send output from a bridge member interface. This 1699 * performs the bridging function for locally originated 1700 * packets. 1701 * 1702 * The mbuf has the Ethernet header already attached. We must 1703 * enqueue or free the mbuf before returning. 1704 */ 1705static int 1706bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1707 struct rtentry *rt) 1708{ 1709 struct ether_header *eh; 1710 struct ifnet *dst_if; 1711 struct bridge_softc *sc; 1712 1713 if (m->m_len < ETHER_HDR_LEN) { 1714 m = m_pullup(m, ETHER_HDR_LEN); 1715 if (m == NULL) 1716 return (0); 1717 } 1718 1719 eh = mtod(m, struct ether_header *); 1720 sc = ifp->if_bridge; 1721 1722 BRIDGE_LOCK(sc); 1723 1724 /* 1725 * If bridge is down, but the original output interface is up, 1726 * go ahead and send out that interface. Otherwise, the packet 1727 * is dropped below. 1728 */ 1729 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1730 dst_if = ifp; 1731 goto sendunicast; 1732 } 1733 1734 /* 1735 * If the packet is a multicast, or we don't know a better way to 1736 * get there, send to all interfaces. 1737 */ 1738 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1739 dst_if = NULL; 1740 else 1741 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1742 if (dst_if == NULL) { 1743 struct bridge_iflist *bif; 1744 struct mbuf *mc; 1745 int error = 0, used = 0; 1746 1747 bridge_span(sc, m); 1748 1749 BRIDGE_LOCK2REF(sc, error); 1750 if (error) { 1751 m_freem(m); 1752 return (0); 1753 } 1754 1755 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1756 dst_if = bif->bif_ifp; 1757 1758 if (dst_if->if_type == IFT_GIF) 1759 continue; 1760 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1761 continue; 1762 1763 /* 1764 * If this is not the original output interface, 1765 * and the interface is participating in spanning 1766 * tree, make sure the port is in a state that 1767 * allows forwarding. 1768 */ 1769 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1770 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1771 continue; 1772 1773 if (LIST_NEXT(bif, bif_next) == NULL) { 1774 used = 1; 1775 mc = m; 1776 } else { 1777 mc = m_copypacket(m, M_DONTWAIT); 1778 if (mc == NULL) { 1779 sc->sc_ifp->if_oerrors++; 1780 continue; 1781 } 1782 } 1783 1784 bridge_enqueue(sc, dst_if, mc); 1785 } 1786 if (used == 0) 1787 m_freem(m); 1788 BRIDGE_UNREF(sc); 1789 return (0); 1790 } 1791 1792sendunicast: 1793 /* 1794 * XXX Spanning tree consideration here? 1795 */ 1796 1797 bridge_span(sc, m); 1798 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1799 m_freem(m); 1800 BRIDGE_UNLOCK(sc); 1801 return (0); 1802 } 1803 1804 BRIDGE_UNLOCK(sc); 1805 bridge_enqueue(sc, dst_if, m); 1806 return (0); 1807} 1808 1809/* 1810 * bridge_start: 1811 * 1812 * Start output on a bridge. 1813 * 1814 */ 1815static void 1816bridge_start(struct ifnet *ifp) 1817{ 1818 struct bridge_softc *sc; 1819 struct mbuf *m; 1820 struct ether_header *eh; 1821 struct ifnet *dst_if; 1822 1823 sc = ifp->if_softc; 1824 1825 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 1826 for (;;) { 1827 IFQ_DEQUEUE(&ifp->if_snd, m); 1828 if (m == 0) 1829 break; 1830 BPF_MTAP(ifp, m); 1831 1832 eh = mtod(m, struct ether_header *); 1833 dst_if = NULL; 1834 1835 BRIDGE_LOCK(sc); 1836 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1837 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1838 } 1839 1840 if (dst_if == NULL) 1841 bridge_broadcast(sc, ifp, m, 0); 1842 else { 1843 BRIDGE_UNLOCK(sc); 1844 bridge_enqueue(sc, dst_if, m); 1845 } 1846 } 1847 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 1848} 1849 1850/* 1851 * bridge_forward: 1852 * 1853 * The forwarding function of the bridge. 1854 * 1855 * NOTE: Releases the lock on return. 1856 */ 1857static void 1858bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1859{ 1860 struct bridge_iflist *bif; 1861 struct ifnet *src_if, *dst_if, *ifp; 1862 struct ether_header *eh; 1863 1864 src_if = m->m_pkthdr.rcvif; 1865 ifp = sc->sc_ifp; 1866 1867 sc->sc_ifp->if_ipackets++; 1868 sc->sc_ifp->if_ibytes += m->m_pkthdr.len; 1869 1870 /* 1871 * Look up the bridge_iflist. 1872 */ 1873 bif = bridge_lookup_member_if(sc, src_if); 1874 if (bif == NULL) { 1875 /* Interface is not a bridge member (anymore?) */ 1876 BRIDGE_UNLOCK(sc); 1877 m_freem(m); 1878 return; 1879 } 1880 1881 if ((bif->bif_flags & IFBIF_STP) && 1882 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1883 BRIDGE_UNLOCK(sc); 1884 m_freem(m); 1885 return; 1886 } 1887 1888 eh = mtod(m, struct ether_header *); 1889 1890 /* 1891 * If the interface is learning, and the source 1892 * address is valid and not multicast, record 1893 * the address. 1894 */ 1895 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1896 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1897 (eh->ether_shost[0] == 0 && 1898 eh->ether_shost[1] == 0 && 1899 eh->ether_shost[2] == 0 && 1900 eh->ether_shost[3] == 0 && 1901 eh->ether_shost[4] == 0 && 1902 eh->ether_shost[5] == 0) == 0) { 1903 (void) bridge_rtupdate(sc, eh->ether_shost, 1904 src_if, 0, IFBAF_DYNAMIC); 1905 } 1906 1907 if ((bif->bif_flags & IFBIF_STP) != 0 && 1908 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) { 1909 m_freem(m); 1910 BRIDGE_UNLOCK(sc); 1911 return; 1912 } 1913 1914 /* 1915 * At this point, the port either doesn't participate 1916 * in spanning tree or it is in the forwarding state. 1917 */ 1918 1919 /* 1920 * If the packet is unicast, destined for someone on 1921 * "this" side of the bridge, drop it. 1922 */ 1923 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1924 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1925 if (src_if == dst_if) { 1926 BRIDGE_UNLOCK(sc); 1927 m_freem(m); 1928 return; 1929 } 1930 } else { 1931 /* ...forward it to all interfaces. */ 1932 sc->sc_ifp->if_imcasts++; 1933 dst_if = NULL; 1934 } 1935 1936 /* 1937 * If we have a destination interface which is a member of our bridge, 1938 * OR this is a unicast packet, push it through the bpf(4) machinery. 1939 * For broadcast or multicast packets, don't bother because it will 1940 * be reinjected into ether_input. We do this before we pass the packets 1941 * through the pfil(9) framework, as it is possible that pfil(9) will 1942 * drop the packet, or possibly modify it, making it difficult to debug 1943 * firewall issues on the bridge. 1944 */ 1945 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1946 BPF_MTAP(ifp, m); 1947 1948 /* run the packet filter */ 1949 if (PFIL_HOOKED(&inet_pfil_hook) 1950#ifdef INET6 1951 || PFIL_HOOKED(&inet6_pfil_hook) 1952#endif 1953 ) { 1954 BRIDGE_UNLOCK(sc); 1955 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1956 return; 1957 if (m == NULL) 1958 return; 1959 BRIDGE_LOCK(sc); 1960 } 1961 1962 if (dst_if == NULL) { 1963 bridge_broadcast(sc, src_if, m, 1); 1964 return; 1965 } 1966 1967 /* 1968 * At this point, we're dealing with a unicast frame 1969 * going to a different interface. 1970 */ 1971 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1972 BRIDGE_UNLOCK(sc); 1973 m_freem(m); 1974 return; 1975 } 1976 bif = bridge_lookup_member_if(sc, dst_if); 1977 if (bif == NULL) { 1978 /* Not a member of the bridge (anymore?) */ 1979 BRIDGE_UNLOCK(sc); 1980 m_freem(m); 1981 return; 1982 } 1983 1984 if ((bif->bif_flags & IFBIF_STP) && 1985 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 1986 BRIDGE_UNLOCK(sc); 1987 m_freem(m); 1988 return; 1989 } 1990 1991 BRIDGE_UNLOCK(sc); 1992 1993 if (PFIL_HOOKED(&inet_pfil_hook) 1994#ifdef INET6 1995 || PFIL_HOOKED(&inet6_pfil_hook) 1996#endif 1997 ) { 1998 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0) 1999 return; 2000 if (m == NULL) 2001 return; 2002 } 2003 2004 bridge_enqueue(sc, dst_if, m); 2005} 2006 2007/* 2008 * bridge_input: 2009 * 2010 * Receive input from a member interface. Queue the packet for 2011 * bridging if it is not for us. 2012 */ 2013static struct mbuf * 2014bridge_input(struct ifnet *ifp, struct mbuf *m) 2015{ 2016 struct bridge_softc *sc = ifp->if_bridge; 2017 struct bridge_iflist *bif; 2018 struct ifnet *bifp; 2019 struct ether_header *eh; 2020 struct mbuf *mc, *mc2; 2021 2022 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2023 return (m); 2024 2025 bifp = sc->sc_ifp; 2026 2027 /* 2028 * Implement support for bridge monitoring. If this flag has been 2029 * set on this interface, discard the packet once we push it through 2030 * the bpf(4) machinery, but before we do, increment the byte and 2031 * packet counters associated with this interface. 2032 */ 2033 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2034 m->m_pkthdr.rcvif = bifp; 2035 BPF_MTAP(bifp, m); 2036 bifp->if_ipackets++; 2037 bifp->if_ibytes += m->m_pkthdr.len; 2038 m_freem(m); 2039 return (NULL); 2040 } 2041 BRIDGE_LOCK(sc); 2042 bif = bridge_lookup_member_if(sc, ifp); 2043 if (bif == NULL) { 2044 BRIDGE_UNLOCK(sc); 2045 return (m); 2046 } 2047 2048 eh = mtod(m, struct ether_header *); 2049 2050 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), 2051 ETHER_ADDR_LEN) == 0) { 2052 /* 2053 * If the packet is for us, set the packets source as the 2054 * bridge, and return the packet back to ether_input for 2055 * local processing. 2056 */ 2057 2058 /* Note where to send the reply to */ 2059 if (bif->bif_flags & IFBIF_LEARNING) 2060 (void) bridge_rtupdate(sc, 2061 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 2062 2063 /* Mark the packet as arriving on the bridge interface */ 2064 m->m_pkthdr.rcvif = bifp; 2065 BPF_MTAP(bifp, m); 2066 bifp->if_ipackets++; 2067 2068 BRIDGE_UNLOCK(sc); 2069 return (m); 2070 } 2071 2072 bridge_span(sc, m); 2073 2074 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 2075 /* Tap off 802.1D packets; they do not get forwarded. */ 2076 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2077 ETHER_ADDR_LEN) == 0) { 2078 m = bstp_input(&bif->bif_stp, ifp, m); 2079 if (m == NULL) { 2080 BRIDGE_UNLOCK(sc); 2081 return (NULL); 2082 } 2083 } 2084 2085 if ((bif->bif_flags & IFBIF_STP) && 2086 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2087 BRIDGE_UNLOCK(sc); 2088 return (m); 2089 } 2090 2091 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 2092 sizeof(etherbroadcastaddr)) == 0) 2093 m->m_flags |= M_BCAST; 2094 else 2095 m->m_flags |= M_MCAST; 2096 2097 /* 2098 * Make a deep copy of the packet and enqueue the copy 2099 * for bridge processing; return the original packet for 2100 * local processing. 2101 */ 2102 mc = m_dup(m, M_DONTWAIT); 2103 if (mc == NULL) { 2104 BRIDGE_UNLOCK(sc); 2105 return (m); 2106 } 2107 2108 /* Perform the bridge forwarding function with the copy. */ 2109 bridge_forward(sc, mc); 2110 2111 /* 2112 * Reinject the mbuf as arriving on the bridge so we have a 2113 * chance at claiming multicast packets. We can not loop back 2114 * here from ether_input as a bridge is never a member of a 2115 * bridge. 2116 */ 2117 KASSERT(bifp->if_bridge == NULL, 2118 ("loop created in bridge_input")); 2119 mc2 = m_dup(m, M_DONTWAIT); 2120 if (mc2 != NULL) { 2121 /* Keep the layer3 header aligned */ 2122 int i = min(mc2->m_pkthdr.len, max_protohdr); 2123 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2124 } 2125 if (mc2 != NULL) { 2126 mc2->m_pkthdr.rcvif = bifp; 2127 (*bifp->if_input)(bifp, mc2); 2128 } 2129 2130 /* Return the original packet for local processing. */ 2131 return (m); 2132 } 2133 2134 if ((bif->bif_flags & IFBIF_STP) && 2135 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2136 BRIDGE_UNLOCK(sc); 2137 return (m); 2138 } 2139 2140 /* 2141 * Unicast. Make sure it's not for us. 2142 */ 2143 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2144 if (bif->bif_ifp->if_type == IFT_GIF) 2145 continue; 2146 /* It is destined for us. */ 2147 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2148 ETHER_ADDR_LEN) == 0 2149#ifdef DEV_CARP 2150 || (bif->bif_ifp->if_carp 2151 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost)) 2152#endif 2153 ) { 2154 if (bif->bif_flags & IFBIF_LEARNING) 2155 (void) bridge_rtupdate(sc, 2156 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 2157 m->m_pkthdr.rcvif = bif->bif_ifp; 2158 BRIDGE_UNLOCK(sc); 2159 return (m); 2160 } 2161 2162 /* We just received a packet that we sent out. */ 2163 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2164 ETHER_ADDR_LEN) == 0 2165#ifdef DEV_CARP 2166 || (bif->bif_ifp->if_carp 2167 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost)) 2168#endif 2169 ) { 2170 BRIDGE_UNLOCK(sc); 2171 m_freem(m); 2172 return (NULL); 2173 } 2174 } 2175 2176 /* Perform the bridge forwarding function. */ 2177 bridge_forward(sc, m); 2178 2179 return (NULL); 2180} 2181 2182/* 2183 * bridge_broadcast: 2184 * 2185 * Send a frame to all interfaces that are members of 2186 * the bridge, except for the one on which the packet 2187 * arrived. 2188 * 2189 * NOTE: Releases the lock on return. 2190 */ 2191static void 2192bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2193 struct mbuf *m, int runfilt) 2194{ 2195 struct bridge_iflist *bif; 2196 struct mbuf *mc; 2197 struct ifnet *dst_if; 2198 int error = 0, used = 0, i; 2199 2200 BRIDGE_LOCK2REF(sc, error); 2201 if (error) { 2202 m_freem(m); 2203 return; 2204 } 2205 2206 /* Filter on the bridge interface before broadcasting */ 2207 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2208#ifdef INET6 2209 || PFIL_HOOKED(&inet6_pfil_hook) 2210#endif 2211 )) { 2212 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2213 goto out; 2214 if (m == NULL) 2215 goto out; 2216 } 2217 2218 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2219 dst_if = bif->bif_ifp; 2220 if (dst_if == src_if) 2221 continue; 2222 2223 if ((bif->bif_flags & IFBIF_STP) && 2224 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2225 continue; 2226 2227 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2228 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2229 continue; 2230 2231 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2232 continue; 2233 2234 if (LIST_NEXT(bif, bif_next) == NULL) { 2235 mc = m; 2236 used = 1; 2237 } else { 2238 mc = m_dup(m, M_DONTWAIT); 2239 if (mc == NULL) { 2240 sc->sc_ifp->if_oerrors++; 2241 continue; 2242 } 2243 } 2244 2245 /* 2246 * Filter on the output interface. Pass a NULL bridge interface 2247 * pointer so we do not redundantly filter on the bridge for 2248 * each interface we broadcast on. 2249 */ 2250 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook) 2251#ifdef INET6 2252 || PFIL_HOOKED(&inet6_pfil_hook) 2253#endif 2254 )) { 2255 if (used == 0) { 2256 /* Keep the layer3 header aligned */ 2257 i = min(mc->m_pkthdr.len, max_protohdr); 2258 mc = m_copyup(mc, i, ETHER_ALIGN); 2259 if (mc == NULL) { 2260 sc->sc_ifp->if_oerrors++; 2261 continue; 2262 } 2263 } 2264 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2265 continue; 2266 if (mc == NULL) 2267 continue; 2268 } 2269 2270 bridge_enqueue(sc, dst_if, mc); 2271 } 2272 if (used == 0) 2273 m_freem(m); 2274 2275out: 2276 BRIDGE_UNREF(sc); 2277} 2278 2279/* 2280 * bridge_span: 2281 * 2282 * Duplicate a packet out one or more interfaces that are in span mode, 2283 * the original mbuf is unmodified. 2284 */ 2285static void 2286bridge_span(struct bridge_softc *sc, struct mbuf *m) 2287{ 2288 struct bridge_iflist *bif; 2289 struct ifnet *dst_if; 2290 struct mbuf *mc; 2291 2292 if (LIST_EMPTY(&sc->sc_spanlist)) 2293 return; 2294 2295 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2296 dst_if = bif->bif_ifp; 2297 2298 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2299 continue; 2300 2301 mc = m_copypacket(m, M_DONTWAIT); 2302 if (mc == NULL) { 2303 sc->sc_ifp->if_oerrors++; 2304 continue; 2305 } 2306 2307 bridge_enqueue(sc, dst_if, mc); 2308 } 2309} 2310 2311/* 2312 * bridge_rtupdate: 2313 * 2314 * Add a bridge routing entry. 2315 */ 2316static int 2317bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2318 struct ifnet *dst_if, int setflags, uint8_t flags) 2319{ 2320 struct bridge_rtnode *brt; 2321 int error; 2322 2323 BRIDGE_LOCK_ASSERT(sc); 2324 2325 /* 2326 * A route for this destination might already exist. If so, 2327 * update it, otherwise create a new one. 2328 */ 2329 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2330 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2331 sc->sc_brtexceeded++; 2332 return (ENOSPC); 2333 } 2334 2335 /* 2336 * Allocate a new bridge forwarding node, and 2337 * initialize the expiration time and Ethernet 2338 * address. 2339 */ 2340 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2341 if (brt == NULL) 2342 return (ENOMEM); 2343 2344 brt->brt_flags = IFBAF_DYNAMIC; 2345 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2346 2347 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2348 uma_zfree(bridge_rtnode_zone, brt); 2349 return (error); 2350 } 2351 } 2352 2353 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2354 brt->brt_ifp = dst_if; 2355 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2356 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2357 if (setflags) 2358 brt->brt_flags = flags; 2359 2360 return (0); 2361} 2362 2363/* 2364 * bridge_rtlookup: 2365 * 2366 * Lookup the destination interface for an address. 2367 */ 2368static struct ifnet * 2369bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2370{ 2371 struct bridge_rtnode *brt; 2372 2373 BRIDGE_LOCK_ASSERT(sc); 2374 2375 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2376 return (NULL); 2377 2378 return (brt->brt_ifp); 2379} 2380 2381/* 2382 * bridge_rttrim: 2383 * 2384 * Trim the routine table so that we have a number 2385 * of routing entries less than or equal to the 2386 * maximum number. 2387 */ 2388static void 2389bridge_rttrim(struct bridge_softc *sc) 2390{ 2391 struct bridge_rtnode *brt, *nbrt; 2392 2393 BRIDGE_LOCK_ASSERT(sc); 2394 2395 /* Make sure we actually need to do this. */ 2396 if (sc->sc_brtcnt <= sc->sc_brtmax) 2397 return; 2398 2399 /* Force an aging cycle; this might trim enough addresses. */ 2400 bridge_rtage(sc); 2401 if (sc->sc_brtcnt <= sc->sc_brtmax) 2402 return; 2403 2404 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2405 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2406 bridge_rtnode_destroy(sc, brt); 2407 if (sc->sc_brtcnt <= sc->sc_brtmax) 2408 return; 2409 } 2410 } 2411} 2412 2413/* 2414 * bridge_timer: 2415 * 2416 * Aging timer for the bridge. 2417 */ 2418static void 2419bridge_timer(void *arg) 2420{ 2421 struct bridge_softc *sc = arg; 2422 2423 BRIDGE_LOCK_ASSERT(sc); 2424 2425 bridge_rtage(sc); 2426 2427 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2428 callout_reset(&sc->sc_brcallout, 2429 bridge_rtable_prune_period * hz, bridge_timer, sc); 2430} 2431 2432/* 2433 * bridge_rtage: 2434 * 2435 * Perform an aging cycle. 2436 */ 2437static void 2438bridge_rtage(struct bridge_softc *sc) 2439{ 2440 struct bridge_rtnode *brt, *nbrt; 2441 2442 BRIDGE_LOCK_ASSERT(sc); 2443 2444 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2445 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2446 if (time_uptime >= brt->brt_expire) 2447 bridge_rtnode_destroy(sc, brt); 2448 } 2449 } 2450} 2451 2452/* 2453 * bridge_rtflush: 2454 * 2455 * Remove all dynamic addresses from the bridge. 2456 */ 2457static void 2458bridge_rtflush(struct bridge_softc *sc, int full) 2459{ 2460 struct bridge_rtnode *brt, *nbrt; 2461 2462 BRIDGE_LOCK_ASSERT(sc); 2463 2464 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2465 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2466 bridge_rtnode_destroy(sc, brt); 2467 } 2468} 2469 2470/* 2471 * bridge_rtdaddr: 2472 * 2473 * Remove an address from the table. 2474 */ 2475static int 2476bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2477{ 2478 struct bridge_rtnode *brt; 2479 2480 BRIDGE_LOCK_ASSERT(sc); 2481 2482 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2483 return (ENOENT); 2484 2485 bridge_rtnode_destroy(sc, brt); 2486 return (0); 2487} 2488 2489/* 2490 * bridge_rtdelete: 2491 * 2492 * Delete routes to a speicifc member interface. 2493 */ 2494static void 2495bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2496{ 2497 struct bridge_rtnode *brt, *nbrt; 2498 2499 BRIDGE_LOCK_ASSERT(sc); 2500 2501 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2502 if (brt->brt_ifp == ifp && (full || 2503 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2504 bridge_rtnode_destroy(sc, brt); 2505 } 2506} 2507 2508/* 2509 * bridge_rtable_init: 2510 * 2511 * Initialize the route table for this bridge. 2512 */ 2513static int 2514bridge_rtable_init(struct bridge_softc *sc) 2515{ 2516 int i; 2517 2518 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2519 M_DEVBUF, M_NOWAIT); 2520 if (sc->sc_rthash == NULL) 2521 return (ENOMEM); 2522 2523 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2524 LIST_INIT(&sc->sc_rthash[i]); 2525 2526 sc->sc_rthash_key = arc4random(); 2527 2528 LIST_INIT(&sc->sc_rtlist); 2529 2530 return (0); 2531} 2532 2533/* 2534 * bridge_rtable_fini: 2535 * 2536 * Deconstruct the route table for this bridge. 2537 */ 2538static void 2539bridge_rtable_fini(struct bridge_softc *sc) 2540{ 2541 2542 free(sc->sc_rthash, M_DEVBUF); 2543} 2544 2545/* 2546 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2547 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2548 */ 2549#define mix(a, b, c) \ 2550do { \ 2551 a -= b; a -= c; a ^= (c >> 13); \ 2552 b -= c; b -= a; b ^= (a << 8); \ 2553 c -= a; c -= b; c ^= (b >> 13); \ 2554 a -= b; a -= c; a ^= (c >> 12); \ 2555 b -= c; b -= a; b ^= (a << 16); \ 2556 c -= a; c -= b; c ^= (b >> 5); \ 2557 a -= b; a -= c; a ^= (c >> 3); \ 2558 b -= c; b -= a; b ^= (a << 10); \ 2559 c -= a; c -= b; c ^= (b >> 15); \ 2560} while (/*CONSTCOND*/0) 2561 2562static __inline uint32_t 2563bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2564{ 2565 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2566 2567 b += addr[5] << 8; 2568 b += addr[4]; 2569 a += addr[3] << 24; 2570 a += addr[2] << 16; 2571 a += addr[1] << 8; 2572 a += addr[0]; 2573 2574 mix(a, b, c); 2575 2576 return (c & BRIDGE_RTHASH_MASK); 2577} 2578 2579#undef mix 2580 2581static int 2582bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2583{ 2584 int i, d; 2585 2586 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2587 d = ((int)a[i]) - ((int)b[i]); 2588 } 2589 2590 return (d); 2591} 2592 2593/* 2594 * bridge_rtnode_lookup: 2595 * 2596 * Look up a bridge route node for the specified destination. 2597 */ 2598static struct bridge_rtnode * 2599bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2600{ 2601 struct bridge_rtnode *brt; 2602 uint32_t hash; 2603 int dir; 2604 2605 BRIDGE_LOCK_ASSERT(sc); 2606 2607 hash = bridge_rthash(sc, addr); 2608 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2609 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2610 if (dir == 0) 2611 return (brt); 2612 if (dir > 0) 2613 return (NULL); 2614 } 2615 2616 return (NULL); 2617} 2618 2619/* 2620 * bridge_rtnode_insert: 2621 * 2622 * Insert the specified bridge node into the route table. We 2623 * assume the entry is not already in the table. 2624 */ 2625static int 2626bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2627{ 2628 struct bridge_rtnode *lbrt; 2629 uint32_t hash; 2630 int dir; 2631 2632 BRIDGE_LOCK_ASSERT(sc); 2633 2634 hash = bridge_rthash(sc, brt->brt_addr); 2635 2636 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2637 if (lbrt == NULL) { 2638 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2639 goto out; 2640 } 2641 2642 do { 2643 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2644 if (dir == 0) 2645 return (EEXIST); 2646 if (dir > 0) { 2647 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2648 goto out; 2649 } 2650 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2651 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2652 goto out; 2653 } 2654 lbrt = LIST_NEXT(lbrt, brt_hash); 2655 } while (lbrt != NULL); 2656 2657#ifdef DIAGNOSTIC 2658 panic("bridge_rtnode_insert: impossible"); 2659#endif 2660 2661out: 2662 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2663 sc->sc_brtcnt++; 2664 2665 return (0); 2666} 2667 2668/* 2669 * bridge_rtnode_destroy: 2670 * 2671 * Destroy a bridge rtnode. 2672 */ 2673static void 2674bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2675{ 2676 BRIDGE_LOCK_ASSERT(sc); 2677 2678 LIST_REMOVE(brt, brt_hash); 2679 2680 LIST_REMOVE(brt, brt_list); 2681 sc->sc_brtcnt--; 2682 uma_zfree(bridge_rtnode_zone, brt); 2683} 2684 2685/* 2686 * bridge_rtable_expire: 2687 * 2688 * Set the expiry time for all routes on an interface. 2689 */ 2690static void 2691bridge_rtable_expire(struct ifnet *ifp, int age) 2692{ 2693 struct bridge_softc *sc = ifp->if_bridge; 2694 struct bridge_rtnode *brt; 2695 2696 BRIDGE_LOCK(sc); 2697 2698 /* 2699 * If the age is zero then flush, otherwise set all the expiry times to 2700 * age for the interface 2701 */ 2702 if (age == 0) 2703 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2704 else { 2705 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2706 /* Cap the expiry time to 'age' */ 2707 if (brt->brt_ifp == ifp && 2708 brt->brt_expire > time_uptime + age && 2709 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2710 brt->brt_expire = time_uptime + age; 2711 } 2712 } 2713 BRIDGE_UNLOCK(sc); 2714} 2715 2716/* 2717 * bridge_state_change: 2718 * 2719 * Callback from the bridgestp code when a port changes states. 2720 */ 2721static void 2722bridge_state_change(struct ifnet *ifp, int state) 2723{ 2724 struct bridge_softc *sc = ifp->if_bridge; 2725 static const char *stpstates[] = { 2726 "disabled", 2727 "listening", 2728 "learning", 2729 "forwarding", 2730 "blocking", 2731 "discarding" 2732 }; 2733 2734 if (log_stp) 2735 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2736 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2737} 2738 2739/* 2740 * Send bridge packets through pfil if they are one of the types pfil can deal 2741 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2742 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2743 * that interface. 2744 */ 2745static int 2746bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2747{ 2748 int snap, error, i, hlen; 2749 struct ether_header *eh1, eh2; 2750 struct ip_fw_args args; 2751 struct ip *ip; 2752 struct llc llc1; 2753 u_int16_t ether_type; 2754 2755 snap = 0; 2756 error = -1; /* Default error if not error == 0 */ 2757 2758 /* we may return with the IP fields swapped, ensure its not shared */ 2759 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2760 2761 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 2762 return (0); /* filtering is disabled */ 2763 2764 i = min((*mp)->m_pkthdr.len, max_protohdr); 2765 if ((*mp)->m_len < i) { 2766 *mp = m_pullup(*mp, i); 2767 if (*mp == NULL) { 2768 printf("%s: m_pullup failed\n", __func__); 2769 return (-1); 2770 } 2771 } 2772 2773 eh1 = mtod(*mp, struct ether_header *); 2774 ether_type = ntohs(eh1->ether_type); 2775 2776 /* 2777 * Check for SNAP/LLC. 2778 */ 2779 if (ether_type < ETHERMTU) { 2780 struct llc *llc2 = (struct llc *)(eh1 + 1); 2781 2782 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2783 llc2->llc_dsap == LLC_SNAP_LSAP && 2784 llc2->llc_ssap == LLC_SNAP_LSAP && 2785 llc2->llc_control == LLC_UI) { 2786 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2787 snap = 1; 2788 } 2789 } 2790 2791 /* 2792 * If we're trying to filter bridge traffic, don't look at anything 2793 * other than IP and ARP traffic. If the filter doesn't understand 2794 * IPv6, don't allow IPv6 through the bridge either. This is lame 2795 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2796 * but of course we don't have an AppleTalk filter to begin with. 2797 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2798 * ARP traffic.) 2799 */ 2800 switch (ether_type) { 2801 case ETHERTYPE_ARP: 2802 case ETHERTYPE_REVARP: 2803 if (pfil_ipfw_arp == 0) 2804 return (0); /* Automatically pass */ 2805 break; 2806 2807 case ETHERTYPE_IP: 2808#ifdef INET6 2809 case ETHERTYPE_IPV6: 2810#endif /* INET6 */ 2811 break; 2812 default: 2813 /* 2814 * Check to see if the user wants to pass non-ip 2815 * packets, these will not be checked by pfil(9) and 2816 * passed unconditionally so the default is to drop. 2817 */ 2818 if (pfil_onlyip) 2819 goto bad; 2820 } 2821 2822 /* Strip off the Ethernet header and keep a copy. */ 2823 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2824 m_adj(*mp, ETHER_HDR_LEN); 2825 2826 /* Strip off snap header, if present */ 2827 if (snap) { 2828 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2829 m_adj(*mp, sizeof(struct llc)); 2830 } 2831 2832 /* 2833 * Check the IP header for alignment and errors 2834 */ 2835 if (dir == PFIL_IN) { 2836 switch (ether_type) { 2837 case ETHERTYPE_IP: 2838 error = bridge_ip_checkbasic(mp); 2839 break; 2840#ifdef INET6 2841 case ETHERTYPE_IPV6: 2842 error = bridge_ip6_checkbasic(mp); 2843 break; 2844#endif /* INET6 */ 2845 default: 2846 error = 0; 2847 } 2848 if (error) 2849 goto bad; 2850 } 2851 2852 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) { 2853 error = -1; 2854 args.rule = ip_dn_claim_rule(*mp); 2855 if (args.rule != NULL && fw_one_pass) 2856 goto ipfwpass; /* packet already partially processed */ 2857 2858 args.m = *mp; 2859 args.oif = ifp; 2860 args.next_hop = NULL; 2861 args.eh = &eh2; 2862 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 2863 i = ip_fw_chk_ptr(&args); 2864 *mp = args.m; 2865 2866 if (*mp == NULL) 2867 return (error); 2868 2869 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) { 2870 2871 /* put the Ethernet header back on */ 2872 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2873 if (*mp == NULL) 2874 return (error); 2875 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2876 2877 /* 2878 * Pass the pkt to dummynet, which consumes it. The 2879 * packet will return to us via bridge_dummynet(). 2880 */ 2881 args.oif = ifp; 2882 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args); 2883 return (error); 2884 } 2885 2886 if (i != IP_FW_PASS) /* drop */ 2887 goto bad; 2888 } 2889 2890ipfwpass: 2891 error = 0; 2892 2893 /* 2894 * Run the packet through pfil 2895 */ 2896 switch (ether_type) { 2897 case ETHERTYPE_IP: 2898 /* 2899 * before calling the firewall, swap fields the same as 2900 * IP does. here we assume the header is contiguous 2901 */ 2902 ip = mtod(*mp, struct ip *); 2903 2904 ip->ip_len = ntohs(ip->ip_len); 2905 ip->ip_off = ntohs(ip->ip_off); 2906 2907 /* 2908 * Run pfil on the member interface and the bridge, both can 2909 * be skipped by clearing pfil_member or pfil_bridge. 2910 * 2911 * Keep the order: 2912 * in_if -> bridge_if -> out_if 2913 */ 2914 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2915 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2916 dir, NULL); 2917 2918 if (*mp == NULL || error != 0) /* filter may consume */ 2919 break; 2920 2921 if (pfil_member && ifp != NULL) 2922 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2923 dir, NULL); 2924 2925 if (*mp == NULL || error != 0) /* filter may consume */ 2926 break; 2927 2928 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2929 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2930 dir, NULL); 2931 2932 if (*mp == NULL || error != 0) /* filter may consume */ 2933 break; 2934 2935 /* check if we need to fragment the packet */ 2936 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2937 i = (*mp)->m_pkthdr.len; 2938 if (i > ifp->if_mtu) { 2939 error = bridge_fragment(ifp, *mp, &eh2, snap, 2940 &llc1); 2941 return (error); 2942 } 2943 } 2944 2945 /* Recalculate the ip checksum and restore byte ordering */ 2946 ip = mtod(*mp, struct ip *); 2947 hlen = ip->ip_hl << 2; 2948 if (hlen < sizeof(struct ip)) 2949 goto bad; 2950 if (hlen > (*mp)->m_len) { 2951 if ((*mp = m_pullup(*mp, hlen)) == 0) 2952 goto bad; 2953 ip = mtod(*mp, struct ip *); 2954 if (ip == NULL) 2955 goto bad; 2956 } 2957 ip->ip_len = htons(ip->ip_len); 2958 ip->ip_off = htons(ip->ip_off); 2959 ip->ip_sum = 0; 2960 if (hlen == sizeof(struct ip)) 2961 ip->ip_sum = in_cksum_hdr(ip); 2962 else 2963 ip->ip_sum = in_cksum(*mp, hlen); 2964 2965 break; 2966#ifdef INET6 2967 case ETHERTYPE_IPV6: 2968 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2969 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2970 dir, NULL); 2971 2972 if (*mp == NULL || error != 0) /* filter may consume */ 2973 break; 2974 2975 if (pfil_member && ifp != NULL) 2976 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2977 dir, NULL); 2978 2979 if (*mp == NULL || error != 0) /* filter may consume */ 2980 break; 2981 2982 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2983 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2984 dir, NULL); 2985 break; 2986#endif 2987 default: 2988 error = 0; 2989 break; 2990 } 2991 2992 if (*mp == NULL) 2993 return (error); 2994 if (error != 0) 2995 goto bad; 2996 2997 error = -1; 2998 2999 /* 3000 * Finally, put everything back the way it was and return 3001 */ 3002 if (snap) { 3003 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3004 if (*mp == NULL) 3005 return (error); 3006 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3007 } 3008 3009 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3010 if (*mp == NULL) 3011 return (error); 3012 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3013 3014 return (0); 3015 3016bad: 3017 m_freem(*mp); 3018 *mp = NULL; 3019 return (error); 3020} 3021 3022/* 3023 * Perform basic checks on header size since 3024 * pfil assumes ip_input has already processed 3025 * it for it. Cut-and-pasted from ip_input.c. 3026 * Given how simple the IPv6 version is, 3027 * does the IPv4 version really need to be 3028 * this complicated? 3029 * 3030 * XXX Should we update ipstat here, or not? 3031 * XXX Right now we update ipstat but not 3032 * XXX csum_counter. 3033 */ 3034static int 3035bridge_ip_checkbasic(struct mbuf **mp) 3036{ 3037 struct mbuf *m = *mp; 3038 struct ip *ip; 3039 int len, hlen; 3040 u_short sum; 3041 3042 if (*mp == NULL) 3043 return (-1); 3044 3045 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3046 if ((m = m_copyup(m, sizeof(struct ip), 3047 (max_linkhdr + 3) & ~3)) == NULL) { 3048 /* XXXJRT new stat, please */ 3049 ipstat.ips_toosmall++; 3050 goto bad; 3051 } 3052 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3053 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3054 ipstat.ips_toosmall++; 3055 goto bad; 3056 } 3057 } 3058 ip = mtod(m, struct ip *); 3059 if (ip == NULL) goto bad; 3060 3061 if (ip->ip_v != IPVERSION) { 3062 ipstat.ips_badvers++; 3063 goto bad; 3064 } 3065 hlen = ip->ip_hl << 2; 3066 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3067 ipstat.ips_badhlen++; 3068 goto bad; 3069 } 3070 if (hlen > m->m_len) { 3071 if ((m = m_pullup(m, hlen)) == 0) { 3072 ipstat.ips_badhlen++; 3073 goto bad; 3074 } 3075 ip = mtod(m, struct ip *); 3076 if (ip == NULL) goto bad; 3077 } 3078 3079 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3080 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3081 } else { 3082 if (hlen == sizeof(struct ip)) { 3083 sum = in_cksum_hdr(ip); 3084 } else { 3085 sum = in_cksum(m, hlen); 3086 } 3087 } 3088 if (sum) { 3089 ipstat.ips_badsum++; 3090 goto bad; 3091 } 3092 3093 /* Retrieve the packet length. */ 3094 len = ntohs(ip->ip_len); 3095 3096 /* 3097 * Check for additional length bogosity 3098 */ 3099 if (len < hlen) { 3100 ipstat.ips_badlen++; 3101 goto bad; 3102 } 3103 3104 /* 3105 * Check that the amount of data in the buffers 3106 * is as at least much as the IP header would have us expect. 3107 * Drop packet if shorter than we expect. 3108 */ 3109 if (m->m_pkthdr.len < len) { 3110 ipstat.ips_tooshort++; 3111 goto bad; 3112 } 3113 3114 /* Checks out, proceed */ 3115 *mp = m; 3116 return (0); 3117 3118bad: 3119 *mp = m; 3120 return (-1); 3121} 3122 3123#ifdef INET6 3124/* 3125 * Same as above, but for IPv6. 3126 * Cut-and-pasted from ip6_input.c. 3127 * XXX Should we update ip6stat, or not? 3128 */ 3129static int 3130bridge_ip6_checkbasic(struct mbuf **mp) 3131{ 3132 struct mbuf *m = *mp; 3133 struct ip6_hdr *ip6; 3134 3135 /* 3136 * If the IPv6 header is not aligned, slurp it up into a new 3137 * mbuf with space for link headers, in the event we forward 3138 * it. Otherwise, if it is aligned, make sure the entire base 3139 * IPv6 header is in the first mbuf of the chain. 3140 */ 3141 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3142 struct ifnet *inifp = m->m_pkthdr.rcvif; 3143 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3144 (max_linkhdr + 3) & ~3)) == NULL) { 3145 /* XXXJRT new stat, please */ 3146 ip6stat.ip6s_toosmall++; 3147 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3148 goto bad; 3149 } 3150 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3151 struct ifnet *inifp = m->m_pkthdr.rcvif; 3152 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3153 ip6stat.ip6s_toosmall++; 3154 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3155 goto bad; 3156 } 3157 } 3158 3159 ip6 = mtod(m, struct ip6_hdr *); 3160 3161 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3162 ip6stat.ip6s_badvers++; 3163 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3164 goto bad; 3165 } 3166 3167 /* Checks out, proceed */ 3168 *mp = m; 3169 return (0); 3170 3171bad: 3172 *mp = m; 3173 return (-1); 3174} 3175#endif /* INET6 */ 3176 3177/* 3178 * bridge_fragment: 3179 * 3180 * Return a fragmented mbuf chain. 3181 */ 3182static int 3183bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3184 int snap, struct llc *llc) 3185{ 3186 struct mbuf *m0; 3187 struct ip *ip; 3188 int error = -1; 3189 3190 if (m->m_len < sizeof(struct ip) && 3191 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3192 goto out; 3193 ip = mtod(m, struct ip *); 3194 3195 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3196 CSUM_DELAY_IP); 3197 if (error) 3198 goto out; 3199 3200 /* walk the chain and re-add the Ethernet header */ 3201 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3202 if (error == 0) { 3203 if (snap) { 3204 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3205 if (m0 == NULL) { 3206 error = ENOBUFS; 3207 continue; 3208 } 3209 bcopy(llc, mtod(m0, caddr_t), 3210 sizeof(struct llc)); 3211 } 3212 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3213 if (m0 == NULL) { 3214 error = ENOBUFS; 3215 continue; 3216 } 3217 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3218 } else 3219 m_freem(m); 3220 } 3221 3222 if (error == 0) 3223 ipstat.ips_fragmented++; 3224 3225 return (error); 3226 3227out: 3228 if (m != NULL) 3229 m_freem(m); 3230 return (error); 3231} 3232