if_bridge.c revision 252149
1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38/* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 51 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 52 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 53 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 54 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 55 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 56 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 57 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 60 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 61 * POSSIBILITY OF SUCH DAMAGE. 62 * 63 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 64 */ 65 66/* 67 * Network interface bridge support. 68 * 69 * TODO: 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77#include <sys/cdefs.h> 78__FBSDID("$FreeBSD: stable/9/sys/net/if_bridge.c 252149 2013-06-24 09:21:55Z glebius $"); 79 80#include "opt_inet.h" 81#include "opt_inet6.h" 82 83#include <sys/param.h> 84#include <sys/mbuf.h> 85#include <sys/malloc.h> 86#include <sys/protosw.h> 87#include <sys/systm.h> 88#include <sys/jail.h> 89#include <sys/time.h> 90#include <sys/socket.h> /* for net/if.h */ 91#include <sys/sockio.h> 92#include <sys/ctype.h> /* string functions */ 93#include <sys/kernel.h> 94#include <sys/random.h> 95#include <sys/syslog.h> 96#include <sys/sysctl.h> 97#include <vm/uma.h> 98#include <sys/module.h> 99#include <sys/priv.h> 100#include <sys/proc.h> 101#include <sys/lock.h> 102#include <sys/mutex.h> 103#include <sys/rwlock.h> 104 105#include <net/bpf.h> 106#include <net/if.h> 107#include <net/if_clone.h> 108#include <net/if_dl.h> 109#include <net/if_types.h> 110#include <net/if_var.h> 111#include <net/pfil.h> 112#include <net/vnet.h> 113 114#include <netinet/in.h> /* for struct arpcom */ 115#include <netinet/in_systm.h> 116#include <netinet/in_var.h> 117#include <netinet/ip.h> 118#include <netinet/ip_var.h> 119#ifdef INET6 120#include <netinet/ip6.h> 121#include <netinet6/ip6_var.h> 122#endif 123#if defined(INET) || defined(INET6) 124#include <netinet/ip_carp.h> 125#endif 126#include <machine/in_cksum.h> 127#include <netinet/if_ether.h> /* for struct arpcom */ 128#include <net/bridgestp.h> 129#include <net/if_bridgevar.h> 130#include <net/if_llc.h> 131#include <net/if_vlan_var.h> 132 133#include <net/route.h> 134#include <netinet/ip_fw.h> 135#include <netpfil/ipfw/ip_fw_private.h> 136 137/* 138 * Size of the route hash table. Must be a power of two. 139 */ 140#ifndef BRIDGE_RTHASH_SIZE 141#define BRIDGE_RTHASH_SIZE 1024 142#endif 143 144#define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 145 146/* 147 * Default maximum number of addresses to cache. 148 */ 149#ifndef BRIDGE_RTABLE_MAX 150#define BRIDGE_RTABLE_MAX 2000 151#endif 152 153/* 154 * Timeout (in seconds) for entries learned dynamically. 155 */ 156#ifndef BRIDGE_RTABLE_TIMEOUT 157#define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 158#endif 159 160/* 161 * Number of seconds between walks of the route list. 162 */ 163#ifndef BRIDGE_RTABLE_PRUNE_PERIOD 164#define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 165#endif 166 167/* 168 * List of capabilities to possibly mask on the member interface. 169 */ 170#define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM) 171 172/* 173 * List of capabilities to strip 174 */ 175#define BRIDGE_IFCAPS_STRIP IFCAP_LRO 176 177/* 178 * Bridge interface list entry. 179 */ 180struct bridge_iflist { 181 LIST_ENTRY(bridge_iflist) bif_next; 182 struct ifnet *bif_ifp; /* member if */ 183 struct bstp_port bif_stp; /* STP state */ 184 uint32_t bif_flags; /* member if flags */ 185 int bif_savedcaps; /* saved capabilities */ 186 uint32_t bif_addrmax; /* max # of addresses */ 187 uint32_t bif_addrcnt; /* cur. # of addresses */ 188 uint32_t bif_addrexceeded;/* # of address violations */ 189}; 190 191/* 192 * Bridge route node. 193 */ 194struct bridge_rtnode { 195 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 196 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 197 struct bridge_iflist *brt_dst; /* destination if */ 198 unsigned long brt_expire; /* expiration time */ 199 uint8_t brt_flags; /* address flags */ 200 uint8_t brt_addr[ETHER_ADDR_LEN]; 201 uint16_t brt_vlan; /* vlan id */ 202}; 203#define brt_ifp brt_dst->bif_ifp 204 205/* 206 * Software state for each bridge. 207 */ 208struct bridge_softc { 209 struct ifnet *sc_ifp; /* make this an interface */ 210 LIST_ENTRY(bridge_softc) sc_list; 211 struct mtx sc_mtx; 212 struct cv sc_cv; 213 uint32_t sc_brtmax; /* max # of addresses */ 214 uint32_t sc_brtcnt; /* cur. # of addresses */ 215 uint32_t sc_brttimeout; /* rt timeout in seconds */ 216 struct callout sc_brcallout; /* bridge callout */ 217 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 218 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 219 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 220 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 221 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 222 uint32_t sc_rthash_key; /* key for hash */ 223 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 224 struct bstp_state sc_stp; /* STP state */ 225 uint32_t sc_brtexceeded; /* # of cache drops */ 226 struct ifnet *sc_ifaddr; /* member mac copied from */ 227 u_char sc_defaddr[6]; /* Default MAC address */ 228}; 229 230static struct mtx bridge_list_mtx; 231eventhandler_tag bridge_detach_cookie = NULL; 232 233int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 234 235uma_zone_t bridge_rtnode_zone; 236 237static int bridge_clone_create(struct if_clone *, int, caddr_t); 238static void bridge_clone_destroy(struct ifnet *); 239 240static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 241static void bridge_mutecaps(struct bridge_softc *); 242static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *, 243 int); 244static void bridge_ifdetach(void *arg __unused, struct ifnet *); 245static void bridge_init(void *); 246static void bridge_dummynet(struct mbuf *, struct ifnet *); 247static void bridge_stop(struct ifnet *, int); 248static void bridge_start(struct ifnet *); 249static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 250static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 251 struct rtentry *); 252static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 253 struct mbuf *); 254static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 255 256static void bridge_forward(struct bridge_softc *, struct bridge_iflist *, 257 struct mbuf *m); 258 259static void bridge_timer(void *); 260 261static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 262 struct mbuf *, int); 263static void bridge_span(struct bridge_softc *, struct mbuf *); 264 265static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 266 uint16_t, struct bridge_iflist *, int, uint8_t); 267static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 268 uint16_t); 269static void bridge_rttrim(struct bridge_softc *); 270static void bridge_rtage(struct bridge_softc *); 271static void bridge_rtflush(struct bridge_softc *, int); 272static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 273 uint16_t); 274 275static int bridge_rtable_init(struct bridge_softc *); 276static void bridge_rtable_fini(struct bridge_softc *); 277 278static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 279static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 280 const uint8_t *, uint16_t); 281static int bridge_rtnode_insert(struct bridge_softc *, 282 struct bridge_rtnode *); 283static void bridge_rtnode_destroy(struct bridge_softc *, 284 struct bridge_rtnode *); 285static void bridge_rtable_expire(struct ifnet *, int); 286static void bridge_state_change(struct ifnet *, int); 287 288static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 289 const char *name); 290static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 291 struct ifnet *ifp); 292static void bridge_delete_member(struct bridge_softc *, 293 struct bridge_iflist *, int); 294static void bridge_delete_span(struct bridge_softc *, 295 struct bridge_iflist *); 296 297static int bridge_ioctl_add(struct bridge_softc *, void *); 298static int bridge_ioctl_del(struct bridge_softc *, void *); 299static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 300static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 301static int bridge_ioctl_scache(struct bridge_softc *, void *); 302static int bridge_ioctl_gcache(struct bridge_softc *, void *); 303static int bridge_ioctl_gifs(struct bridge_softc *, void *); 304static int bridge_ioctl_rts(struct bridge_softc *, void *); 305static int bridge_ioctl_saddr(struct bridge_softc *, void *); 306static int bridge_ioctl_sto(struct bridge_softc *, void *); 307static int bridge_ioctl_gto(struct bridge_softc *, void *); 308static int bridge_ioctl_daddr(struct bridge_softc *, void *); 309static int bridge_ioctl_flush(struct bridge_softc *, void *); 310static int bridge_ioctl_gpri(struct bridge_softc *, void *); 311static int bridge_ioctl_spri(struct bridge_softc *, void *); 312static int bridge_ioctl_ght(struct bridge_softc *, void *); 313static int bridge_ioctl_sht(struct bridge_softc *, void *); 314static int bridge_ioctl_gfd(struct bridge_softc *, void *); 315static int bridge_ioctl_sfd(struct bridge_softc *, void *); 316static int bridge_ioctl_gma(struct bridge_softc *, void *); 317static int bridge_ioctl_sma(struct bridge_softc *, void *); 318static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 319static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 320static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *); 321static int bridge_ioctl_addspan(struct bridge_softc *, void *); 322static int bridge_ioctl_delspan(struct bridge_softc *, void *); 323static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 324static int bridge_ioctl_grte(struct bridge_softc *, void *); 325static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 326static int bridge_ioctl_sproto(struct bridge_softc *, void *); 327static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 328static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 329 int); 330static int bridge_ip_checkbasic(struct mbuf **mp); 331#ifdef INET6 332static int bridge_ip6_checkbasic(struct mbuf **mp); 333#endif /* INET6 */ 334static int bridge_fragment(struct ifnet *, struct mbuf *, 335 struct ether_header *, int, struct llc *); 336static void bridge_linkstate(struct ifnet *ifp); 337static void bridge_linkcheck(struct bridge_softc *sc); 338 339extern void (*bridge_linkstate_p)(struct ifnet *ifp); 340 341/* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 342#define VLANTAGOF(_m) \ 343 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 344 345static struct bstp_cb_ops bridge_ops = { 346 .bcb_state = bridge_state_change, 347 .bcb_rtage = bridge_rtable_expire 348}; 349 350SYSCTL_DECL(_net_link); 351static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 352 353static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 354static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 355static int pfil_member = 1; /* run pfil hooks on the member interface */ 356static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 357static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 358static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for 359 locally destined packets */ 360static int log_stp = 0; /* log STP state changes */ 361static int bridge_inherit_mac = 0; /* share MAC with first bridge member */ 362TUNABLE_INT("net.link.bridge.pfil_onlyip", &pfil_onlyip); 363SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 364 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 365TUNABLE_INT("net.link.bridge.ipfw_arp", &pfil_ipfw_arp); 366SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 367 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 368TUNABLE_INT("net.link.bridge.pfil_bridge", &pfil_bridge); 369SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 370 &pfil_bridge, 0, "Packet filter on the bridge interface"); 371TUNABLE_INT("net.link.bridge.pfil_member", &pfil_member); 372SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 373 &pfil_member, 0, "Packet filter on the member interface"); 374TUNABLE_INT("net.link.bridge.pfil_local_phys", &pfil_local_phys); 375SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, CTLFLAG_RW, 376 &pfil_local_phys, 0, 377 "Packet filter on the physical interface for locally destined packets"); 378TUNABLE_INT("net.link.bridge.log_stp", &log_stp); 379SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 380 &log_stp, 0, "Log STP state changes"); 381TUNABLE_INT("net.link.bridge.inherit_mac", &bridge_inherit_mac); 382SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW, 383 &bridge_inherit_mac, 0, 384 "Inherit MAC address from the first bridge member"); 385 386struct bridge_control { 387 int (*bc_func)(struct bridge_softc *, void *); 388 int bc_argsize; 389 int bc_flags; 390}; 391 392#define BC_F_COPYIN 0x01 /* copy arguments in */ 393#define BC_F_COPYOUT 0x02 /* copy arguments out */ 394#define BC_F_SUSER 0x04 /* do super-user check */ 395 396const struct bridge_control bridge_control_table[] = { 397 { bridge_ioctl_add, sizeof(struct ifbreq), 398 BC_F_COPYIN|BC_F_SUSER }, 399 { bridge_ioctl_del, sizeof(struct ifbreq), 400 BC_F_COPYIN|BC_F_SUSER }, 401 402 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 403 BC_F_COPYIN|BC_F_COPYOUT }, 404 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 405 BC_F_COPYIN|BC_F_SUSER }, 406 407 { bridge_ioctl_scache, sizeof(struct ifbrparam), 408 BC_F_COPYIN|BC_F_SUSER }, 409 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 410 BC_F_COPYOUT }, 411 412 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 413 BC_F_COPYIN|BC_F_COPYOUT }, 414 { bridge_ioctl_rts, sizeof(struct ifbaconf), 415 BC_F_COPYIN|BC_F_COPYOUT }, 416 417 { bridge_ioctl_saddr, sizeof(struct ifbareq), 418 BC_F_COPYIN|BC_F_SUSER }, 419 420 { bridge_ioctl_sto, sizeof(struct ifbrparam), 421 BC_F_COPYIN|BC_F_SUSER }, 422 { bridge_ioctl_gto, sizeof(struct ifbrparam), 423 BC_F_COPYOUT }, 424 425 { bridge_ioctl_daddr, sizeof(struct ifbareq), 426 BC_F_COPYIN|BC_F_SUSER }, 427 428 { bridge_ioctl_flush, sizeof(struct ifbreq), 429 BC_F_COPYIN|BC_F_SUSER }, 430 431 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 432 BC_F_COPYOUT }, 433 { bridge_ioctl_spri, sizeof(struct ifbrparam), 434 BC_F_COPYIN|BC_F_SUSER }, 435 436 { bridge_ioctl_ght, sizeof(struct ifbrparam), 437 BC_F_COPYOUT }, 438 { bridge_ioctl_sht, sizeof(struct ifbrparam), 439 BC_F_COPYIN|BC_F_SUSER }, 440 441 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 442 BC_F_COPYOUT }, 443 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 444 BC_F_COPYIN|BC_F_SUSER }, 445 446 { bridge_ioctl_gma, sizeof(struct ifbrparam), 447 BC_F_COPYOUT }, 448 { bridge_ioctl_sma, sizeof(struct ifbrparam), 449 BC_F_COPYIN|BC_F_SUSER }, 450 451 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 452 BC_F_COPYIN|BC_F_SUSER }, 453 454 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 455 BC_F_COPYIN|BC_F_SUSER }, 456 457 { bridge_ioctl_addspan, sizeof(struct ifbreq), 458 BC_F_COPYIN|BC_F_SUSER }, 459 { bridge_ioctl_delspan, sizeof(struct ifbreq), 460 BC_F_COPYIN|BC_F_SUSER }, 461 462 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 463 BC_F_COPYOUT }, 464 465 { bridge_ioctl_grte, sizeof(struct ifbrparam), 466 BC_F_COPYOUT }, 467 468 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 469 BC_F_COPYIN|BC_F_COPYOUT }, 470 471 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 472 BC_F_COPYIN|BC_F_SUSER }, 473 474 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 475 BC_F_COPYIN|BC_F_SUSER }, 476 477 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq), 478 BC_F_COPYIN|BC_F_SUSER }, 479 480}; 481const int bridge_control_table_size = 482 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 483 484LIST_HEAD(, bridge_softc) bridge_list; 485 486IFC_SIMPLE_DECLARE(bridge, 0); 487 488static int 489bridge_modevent(module_t mod, int type, void *data) 490{ 491 492 switch (type) { 493 case MOD_LOAD: 494 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 495 if_clone_attach(&bridge_cloner); 496 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 497 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 498 UMA_ALIGN_PTR, 0); 499 LIST_INIT(&bridge_list); 500 bridge_input_p = bridge_input; 501 bridge_output_p = bridge_output; 502 bridge_dn_p = bridge_dummynet; 503 bridge_linkstate_p = bridge_linkstate; 504 bridge_detach_cookie = EVENTHANDLER_REGISTER( 505 ifnet_departure_event, bridge_ifdetach, NULL, 506 EVENTHANDLER_PRI_ANY); 507 break; 508 case MOD_UNLOAD: 509 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 510 bridge_detach_cookie); 511 if_clone_detach(&bridge_cloner); 512 uma_zdestroy(bridge_rtnode_zone); 513 bridge_input_p = NULL; 514 bridge_output_p = NULL; 515 bridge_dn_p = NULL; 516 bridge_linkstate_p = NULL; 517 mtx_destroy(&bridge_list_mtx); 518 break; 519 default: 520 return (EOPNOTSUPP); 521 } 522 return (0); 523} 524 525static moduledata_t bridge_mod = { 526 "if_bridge", 527 bridge_modevent, 528 0 529}; 530 531DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 532MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 533 534/* 535 * handler for net.link.bridge.pfil_ipfw 536 */ 537static int 538sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 539{ 540 int enable = pfil_ipfw; 541 int error; 542 543 error = sysctl_handle_int(oidp, &enable, 0, req); 544 enable = (enable) ? 1 : 0; 545 546 if (enable != pfil_ipfw) { 547 pfil_ipfw = enable; 548 549 /* 550 * Disable pfil so that ipfw doesnt run twice, if the user 551 * really wants both then they can re-enable pfil_bridge and/or 552 * pfil_member. Also allow non-ip packets as ipfw can filter by 553 * layer2 type. 554 */ 555 if (pfil_ipfw) { 556 pfil_onlyip = 0; 557 pfil_bridge = 0; 558 pfil_member = 0; 559 } 560 } 561 562 return (error); 563} 564SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 565 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 566 567/* 568 * bridge_clone_create: 569 * 570 * Create a new bridge instance. 571 */ 572static int 573bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 574{ 575 struct bridge_softc *sc, *sc2; 576 struct ifnet *bifp, *ifp; 577 int fb, retry; 578 unsigned long hostid; 579 580 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 581 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 582 if (ifp == NULL) { 583 free(sc, M_DEVBUF); 584 return (ENOSPC); 585 } 586 587 BRIDGE_LOCK_INIT(sc); 588 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 589 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 590 591 /* Initialize our routing table. */ 592 bridge_rtable_init(sc); 593 594 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 595 596 LIST_INIT(&sc->sc_iflist); 597 LIST_INIT(&sc->sc_spanlist); 598 599 ifp->if_softc = sc; 600 if_initname(ifp, ifc->ifc_name, unit); 601 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 602 ifp->if_ioctl = bridge_ioctl; 603 ifp->if_start = bridge_start; 604 ifp->if_init = bridge_init; 605 ifp->if_type = IFT_BRIDGE; 606 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 607 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 608 IFQ_SET_READY(&ifp->if_snd); 609 610 /* 611 * Generate an ethernet address with a locally administered address. 612 * 613 * Since we are using random ethernet addresses for the bridge, it is 614 * possible that we might have address collisions, so make sure that 615 * this hardware address isn't already in use on another bridge. 616 * The first try uses the hostid and falls back to arc4rand(). 617 */ 618 fb = 0; 619 getcredhostid(curthread->td_ucred, &hostid); 620 for (retry = 1; retry != 0;) { 621 if (fb || hostid == 0) { 622 arc4rand(sc->sc_defaddr, ETHER_ADDR_LEN, 1); 623 sc->sc_defaddr[0] &= ~1;/* clear multicast bit */ 624 sc->sc_defaddr[0] |= 2; /* set the LAA bit */ 625 } else { 626 sc->sc_defaddr[0] = 0x2; 627 sc->sc_defaddr[1] = (hostid >> 24) & 0xff; 628 sc->sc_defaddr[2] = (hostid >> 16) & 0xff; 629 sc->sc_defaddr[3] = (hostid >> 8 ) & 0xff; 630 sc->sc_defaddr[4] = hostid & 0xff; 631 sc->sc_defaddr[5] = ifp->if_dunit & 0xff; 632 } 633 634 fb = 1; 635 retry = 0; 636 mtx_lock(&bridge_list_mtx); 637 LIST_FOREACH(sc2, &bridge_list, sc_list) { 638 bifp = sc2->sc_ifp; 639 if (memcmp(sc->sc_defaddr, 640 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 641 retry = 1; 642 } 643 mtx_unlock(&bridge_list_mtx); 644 } 645 646 bstp_attach(&sc->sc_stp, &bridge_ops); 647 ether_ifattach(ifp, sc->sc_defaddr); 648 /* Now undo some of the damage... */ 649 ifp->if_baudrate = 0; 650 ifp->if_type = IFT_BRIDGE; 651 652 mtx_lock(&bridge_list_mtx); 653 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 654 mtx_unlock(&bridge_list_mtx); 655 656 return (0); 657} 658 659/* 660 * bridge_clone_destroy: 661 * 662 * Destroy a bridge instance. 663 */ 664static void 665bridge_clone_destroy(struct ifnet *ifp) 666{ 667 struct bridge_softc *sc = ifp->if_softc; 668 struct bridge_iflist *bif; 669 670 BRIDGE_LOCK(sc); 671 672 bridge_stop(ifp, 1); 673 ifp->if_flags &= ~IFF_UP; 674 675 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 676 bridge_delete_member(sc, bif, 0); 677 678 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 679 bridge_delete_span(sc, bif); 680 } 681 682 BRIDGE_UNLOCK(sc); 683 684 callout_drain(&sc->sc_brcallout); 685 686 mtx_lock(&bridge_list_mtx); 687 LIST_REMOVE(sc, sc_list); 688 mtx_unlock(&bridge_list_mtx); 689 690 bstp_detach(&sc->sc_stp); 691 ether_ifdetach(ifp); 692 if_free_type(ifp, IFT_ETHER); 693 694 /* Tear down the routing table. */ 695 bridge_rtable_fini(sc); 696 697 BRIDGE_LOCK_DESTROY(sc); 698 free(sc, M_DEVBUF); 699} 700 701/* 702 * bridge_ioctl: 703 * 704 * Handle a control request from the operator. 705 */ 706static int 707bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 708{ 709 struct bridge_softc *sc = ifp->if_softc; 710 struct ifreq *ifr = (struct ifreq *)data; 711 struct bridge_iflist *bif; 712 struct thread *td = curthread; 713 union { 714 struct ifbreq ifbreq; 715 struct ifbifconf ifbifconf; 716 struct ifbareq ifbareq; 717 struct ifbaconf ifbaconf; 718 struct ifbrparam ifbrparam; 719 struct ifbropreq ifbropreq; 720 } args; 721 struct ifdrv *ifd = (struct ifdrv *) data; 722 const struct bridge_control *bc; 723 int error = 0; 724 725 switch (cmd) { 726 727 case SIOCADDMULTI: 728 case SIOCDELMULTI: 729 break; 730 731 case SIOCGDRVSPEC: 732 case SIOCSDRVSPEC: 733 if (ifd->ifd_cmd >= bridge_control_table_size) { 734 error = EINVAL; 735 break; 736 } 737 bc = &bridge_control_table[ifd->ifd_cmd]; 738 739 if (cmd == SIOCGDRVSPEC && 740 (bc->bc_flags & BC_F_COPYOUT) == 0) { 741 error = EINVAL; 742 break; 743 } 744 else if (cmd == SIOCSDRVSPEC && 745 (bc->bc_flags & BC_F_COPYOUT) != 0) { 746 error = EINVAL; 747 break; 748 } 749 750 if (bc->bc_flags & BC_F_SUSER) { 751 error = priv_check(td, PRIV_NET_BRIDGE); 752 if (error) 753 break; 754 } 755 756 if (ifd->ifd_len != bc->bc_argsize || 757 ifd->ifd_len > sizeof(args)) { 758 error = EINVAL; 759 break; 760 } 761 762 bzero(&args, sizeof(args)); 763 if (bc->bc_flags & BC_F_COPYIN) { 764 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 765 if (error) 766 break; 767 } 768 769 BRIDGE_LOCK(sc); 770 error = (*bc->bc_func)(sc, &args); 771 BRIDGE_UNLOCK(sc); 772 if (error) 773 break; 774 775 if (bc->bc_flags & BC_F_COPYOUT) 776 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 777 778 break; 779 780 case SIOCSIFFLAGS: 781 if (!(ifp->if_flags & IFF_UP) && 782 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 783 /* 784 * If interface is marked down and it is running, 785 * then stop and disable it. 786 */ 787 BRIDGE_LOCK(sc); 788 bridge_stop(ifp, 1); 789 BRIDGE_UNLOCK(sc); 790 } else if ((ifp->if_flags & IFF_UP) && 791 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 792 /* 793 * If interface is marked up and it is stopped, then 794 * start it. 795 */ 796 (*ifp->if_init)(sc); 797 } 798 break; 799 800 case SIOCSIFMTU: 801 if (ifr->ifr_mtu < 576) { 802 error = EINVAL; 803 break; 804 } 805 if (LIST_EMPTY(&sc->sc_iflist)) { 806 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 807 break; 808 } 809 BRIDGE_LOCK(sc); 810 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 811 if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) { 812 log(LOG_NOTICE, "%s: invalid MTU: %lu(%s)" 813 " != %d\n", sc->sc_ifp->if_xname, 814 bif->bif_ifp->if_mtu, 815 bif->bif_ifp->if_xname, ifr->ifr_mtu); 816 error = EINVAL; 817 break; 818 } 819 } 820 if (!error) 821 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 822 BRIDGE_UNLOCK(sc); 823 break; 824 default: 825 /* 826 * drop the lock as ether_ioctl() will call bridge_start() and 827 * cause the lock to be recursed. 828 */ 829 error = ether_ioctl(ifp, cmd, data); 830 break; 831 } 832 833 return (error); 834} 835 836/* 837 * bridge_mutecaps: 838 * 839 * Clear or restore unwanted capabilities on the member interface 840 */ 841static void 842bridge_mutecaps(struct bridge_softc *sc) 843{ 844 struct bridge_iflist *bif; 845 int enabled, mask; 846 847 /* Initial bitmask of capabilities to test */ 848 mask = BRIDGE_IFCAPS_MASK; 849 850 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 851 /* Every member must support it or its disabled */ 852 mask &= bif->bif_savedcaps; 853 } 854 855 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 856 enabled = bif->bif_ifp->if_capenable; 857 enabled &= ~BRIDGE_IFCAPS_STRIP; 858 /* strip off mask bits and enable them again if allowed */ 859 enabled &= ~BRIDGE_IFCAPS_MASK; 860 enabled |= mask; 861 bridge_set_ifcap(sc, bif, enabled); 862 } 863 864} 865 866static void 867bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set) 868{ 869 struct ifnet *ifp = bif->bif_ifp; 870 struct ifreq ifr; 871 int error; 872 873 bzero(&ifr, sizeof(ifr)); 874 ifr.ifr_reqcap = set; 875 876 if (ifp->if_capenable != set) { 877 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 878 if (error) 879 if_printf(sc->sc_ifp, 880 "error setting interface capabilities on %s\n", 881 ifp->if_xname); 882 } 883} 884 885/* 886 * bridge_lookup_member: 887 * 888 * Lookup a bridge member interface. 889 */ 890static struct bridge_iflist * 891bridge_lookup_member(struct bridge_softc *sc, const char *name) 892{ 893 struct bridge_iflist *bif; 894 struct ifnet *ifp; 895 896 BRIDGE_LOCK_ASSERT(sc); 897 898 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 899 ifp = bif->bif_ifp; 900 if (strcmp(ifp->if_xname, name) == 0) 901 return (bif); 902 } 903 904 return (NULL); 905} 906 907/* 908 * bridge_lookup_member_if: 909 * 910 * Lookup a bridge member interface by ifnet*. 911 */ 912static struct bridge_iflist * 913bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 914{ 915 struct bridge_iflist *bif; 916 917 BRIDGE_LOCK_ASSERT(sc); 918 919 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 920 if (bif->bif_ifp == member_ifp) 921 return (bif); 922 } 923 924 return (NULL); 925} 926 927/* 928 * bridge_delete_member: 929 * 930 * Delete the specified member interface. 931 */ 932static void 933bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 934 int gone) 935{ 936 struct ifnet *ifs = bif->bif_ifp; 937 struct ifnet *fif = NULL; 938 939 BRIDGE_LOCK_ASSERT(sc); 940 941 if (bif->bif_flags & IFBIF_STP) 942 bstp_disable(&bif->bif_stp); 943 944 ifs->if_bridge = NULL; 945 BRIDGE_XLOCK(sc); 946 LIST_REMOVE(bif, bif_next); 947 BRIDGE_XDROP(sc); 948 949 /* 950 * If removing the interface that gave the bridge its mac address, set 951 * the mac address of the bridge to the address of the next member, or 952 * to its default address if no members are left. 953 */ 954 if (bridge_inherit_mac && sc->sc_ifaddr == ifs) { 955 if (LIST_EMPTY(&sc->sc_iflist)) { 956 bcopy(sc->sc_defaddr, 957 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 958 sc->sc_ifaddr = NULL; 959 } else { 960 fif = LIST_FIRST(&sc->sc_iflist)->bif_ifp; 961 bcopy(IF_LLADDR(fif), 962 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 963 sc->sc_ifaddr = fif; 964 } 965 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 966 } 967 968 bridge_linkcheck(sc); 969 bridge_mutecaps(sc); /* recalcuate now this interface is removed */ 970 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 971 KASSERT(bif->bif_addrcnt == 0, 972 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt)); 973 974 BRIDGE_UNLOCK(sc); 975 if (!gone) { 976 switch (ifs->if_type) { 977 case IFT_ETHER: 978 case IFT_L2VLAN: 979 /* 980 * Take the interface out of promiscuous mode. 981 */ 982 (void) ifpromisc(ifs, 0); 983 break; 984 985 case IFT_GIF: 986 break; 987 988 default: 989#ifdef DIAGNOSTIC 990 panic("bridge_delete_member: impossible"); 991#endif 992 break; 993 } 994 /* reneable any interface capabilities */ 995 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 996 } 997 bstp_destroy(&bif->bif_stp); /* prepare to free */ 998 BRIDGE_LOCK(sc); 999 free(bif, M_DEVBUF); 1000} 1001 1002/* 1003 * bridge_delete_span: 1004 * 1005 * Delete the specified span interface. 1006 */ 1007static void 1008bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1009{ 1010 BRIDGE_LOCK_ASSERT(sc); 1011 1012 KASSERT(bif->bif_ifp->if_bridge == NULL, 1013 ("%s: not a span interface", __func__)); 1014 1015 LIST_REMOVE(bif, bif_next); 1016 free(bif, M_DEVBUF); 1017} 1018 1019static int 1020bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1021{ 1022 struct ifbreq *req = arg; 1023 struct bridge_iflist *bif = NULL; 1024 struct ifnet *ifs; 1025 int error = 0; 1026 1027 ifs = ifunit(req->ifbr_ifsname); 1028 if (ifs == NULL) 1029 return (ENOENT); 1030 if (ifs->if_ioctl == NULL) /* must be supported */ 1031 return (EINVAL); 1032 1033 /* If it's in the span list, it can't be a member. */ 1034 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1035 if (ifs == bif->bif_ifp) 1036 return (EBUSY); 1037 1038 if (ifs->if_bridge == sc) 1039 return (EEXIST); 1040 1041 if (ifs->if_bridge != NULL) 1042 return (EBUSY); 1043 1044 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1045 if (bif == NULL) 1046 return (ENOMEM); 1047 1048 bif->bif_ifp = ifs; 1049 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 1050 bif->bif_savedcaps = ifs->if_capenable; 1051 1052 switch (ifs->if_type) { 1053 case IFT_ETHER: 1054 case IFT_L2VLAN: 1055 case IFT_GIF: 1056 /* permitted interface types */ 1057 break; 1058 default: 1059 error = EINVAL; 1060 goto out; 1061 } 1062 1063 /* Allow the first Ethernet member to define the MTU */ 1064 if (LIST_EMPTY(&sc->sc_iflist)) 1065 sc->sc_ifp->if_mtu = ifs->if_mtu; 1066 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 1067 if_printf(sc->sc_ifp, "invalid MTU: %lu(%s) != %lu\n", 1068 ifs->if_mtu, ifs->if_xname, sc->sc_ifp->if_mtu); 1069 error = EINVAL; 1070 goto out; 1071 } 1072 1073 /* 1074 * Assign the interface's MAC address to the bridge if it's the first 1075 * member and the MAC address of the bridge has not been changed from 1076 * the default randomly generated one. 1077 */ 1078 if (bridge_inherit_mac && LIST_EMPTY(&sc->sc_iflist) && 1079 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN)) { 1080 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1081 sc->sc_ifaddr = ifs; 1082 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 1083 } 1084 1085 ifs->if_bridge = sc; 1086 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 1087 /* 1088 * XXX: XLOCK HERE!?! 1089 * 1090 * NOTE: insert_***HEAD*** should be safe for the traversals. 1091 */ 1092 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 1093 1094 /* Set interface capabilities to the intersection set of all members */ 1095 bridge_mutecaps(sc); 1096 bridge_linkcheck(sc); 1097 1098 /* Place the interface into promiscuous mode */ 1099 switch (ifs->if_type) { 1100 case IFT_ETHER: 1101 case IFT_L2VLAN: 1102 BRIDGE_UNLOCK(sc); 1103 error = ifpromisc(ifs, 1); 1104 BRIDGE_LOCK(sc); 1105 break; 1106 } 1107 if (error) 1108 bridge_delete_member(sc, bif, 0); 1109out: 1110 if (error) { 1111 if (bif != NULL) 1112 free(bif, M_DEVBUF); 1113 } 1114 return (error); 1115} 1116 1117static int 1118bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1119{ 1120 struct ifbreq *req = arg; 1121 struct bridge_iflist *bif; 1122 1123 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1124 if (bif == NULL) 1125 return (ENOENT); 1126 1127 bridge_delete_member(sc, bif, 0); 1128 1129 return (0); 1130} 1131 1132static int 1133bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1134{ 1135 struct ifbreq *req = arg; 1136 struct bridge_iflist *bif; 1137 struct bstp_port *bp; 1138 1139 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1140 if (bif == NULL) 1141 return (ENOENT); 1142 1143 bp = &bif->bif_stp; 1144 req->ifbr_ifsflags = bif->bif_flags; 1145 req->ifbr_state = bp->bp_state; 1146 req->ifbr_priority = bp->bp_priority; 1147 req->ifbr_path_cost = bp->bp_path_cost; 1148 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1149 req->ifbr_proto = bp->bp_protover; 1150 req->ifbr_role = bp->bp_role; 1151 req->ifbr_stpflags = bp->bp_flags; 1152 req->ifbr_addrcnt = bif->bif_addrcnt; 1153 req->ifbr_addrmax = bif->bif_addrmax; 1154 req->ifbr_addrexceeded = bif->bif_addrexceeded; 1155 1156 /* Copy STP state options as flags */ 1157 if (bp->bp_operedge) 1158 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1159 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1160 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1161 if (bp->bp_ptp_link) 1162 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1163 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1164 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1165 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1166 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1167 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1168 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1169 return (0); 1170} 1171 1172static int 1173bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1174{ 1175 struct ifbreq *req = arg; 1176 struct bridge_iflist *bif; 1177 struct bstp_port *bp; 1178 int error; 1179 1180 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1181 if (bif == NULL) 1182 return (ENOENT); 1183 bp = &bif->bif_stp; 1184 1185 if (req->ifbr_ifsflags & IFBIF_SPAN) 1186 /* SPAN is readonly */ 1187 return (EINVAL); 1188 1189 if (req->ifbr_ifsflags & IFBIF_STP) { 1190 if ((bif->bif_flags & IFBIF_STP) == 0) { 1191 error = bstp_enable(&bif->bif_stp); 1192 if (error) 1193 return (error); 1194 } 1195 } else { 1196 if ((bif->bif_flags & IFBIF_STP) != 0) 1197 bstp_disable(&bif->bif_stp); 1198 } 1199 1200 /* Pass on STP flags */ 1201 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1202 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1203 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1204 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1205 1206 /* Save the bits relating to the bridge */ 1207 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1208 1209 return (0); 1210} 1211 1212static int 1213bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1214{ 1215 struct ifbrparam *param = arg; 1216 1217 sc->sc_brtmax = param->ifbrp_csize; 1218 bridge_rttrim(sc); 1219 1220 return (0); 1221} 1222 1223static int 1224bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1225{ 1226 struct ifbrparam *param = arg; 1227 1228 param->ifbrp_csize = sc->sc_brtmax; 1229 1230 return (0); 1231} 1232 1233static int 1234bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1235{ 1236 struct ifbifconf *bifc = arg; 1237 struct bridge_iflist *bif; 1238 struct ifbreq breq; 1239 char *buf, *outbuf; 1240 int count, buflen, len, error = 0; 1241 1242 count = 0; 1243 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1244 count++; 1245 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1246 count++; 1247 1248 buflen = sizeof(breq) * count; 1249 if (bifc->ifbic_len == 0) { 1250 bifc->ifbic_len = buflen; 1251 return (0); 1252 } 1253 BRIDGE_UNLOCK(sc); 1254 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1255 BRIDGE_LOCK(sc); 1256 1257 count = 0; 1258 buf = outbuf; 1259 len = min(bifc->ifbic_len, buflen); 1260 bzero(&breq, sizeof(breq)); 1261 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1262 if (len < sizeof(breq)) 1263 break; 1264 1265 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1266 sizeof(breq.ifbr_ifsname)); 1267 /* Fill in the ifbreq structure */ 1268 error = bridge_ioctl_gifflags(sc, &breq); 1269 if (error) 1270 break; 1271 memcpy(buf, &breq, sizeof(breq)); 1272 count++; 1273 buf += sizeof(breq); 1274 len -= sizeof(breq); 1275 } 1276 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1277 if (len < sizeof(breq)) 1278 break; 1279 1280 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1281 sizeof(breq.ifbr_ifsname)); 1282 breq.ifbr_ifsflags = bif->bif_flags; 1283 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1284 memcpy(buf, &breq, sizeof(breq)); 1285 count++; 1286 buf += sizeof(breq); 1287 len -= sizeof(breq); 1288 } 1289 1290 BRIDGE_UNLOCK(sc); 1291 bifc->ifbic_len = sizeof(breq) * count; 1292 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len); 1293 BRIDGE_LOCK(sc); 1294 free(outbuf, M_TEMP); 1295 return (error); 1296} 1297 1298static int 1299bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1300{ 1301 struct ifbaconf *bac = arg; 1302 struct bridge_rtnode *brt; 1303 struct ifbareq bareq; 1304 char *buf, *outbuf; 1305 int count, buflen, len, error = 0; 1306 1307 if (bac->ifbac_len == 0) 1308 return (0); 1309 1310 count = 0; 1311 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) 1312 count++; 1313 buflen = sizeof(bareq) * count; 1314 1315 BRIDGE_UNLOCK(sc); 1316 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1317 BRIDGE_LOCK(sc); 1318 1319 count = 0; 1320 buf = outbuf; 1321 len = min(bac->ifbac_len, buflen); 1322 bzero(&bareq, sizeof(bareq)); 1323 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1324 if (len < sizeof(bareq)) 1325 goto out; 1326 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1327 sizeof(bareq.ifba_ifsname)); 1328 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1329 bareq.ifba_vlan = brt->brt_vlan; 1330 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1331 time_uptime < brt->brt_expire) 1332 bareq.ifba_expire = brt->brt_expire - time_uptime; 1333 else 1334 bareq.ifba_expire = 0; 1335 bareq.ifba_flags = brt->brt_flags; 1336 1337 memcpy(buf, &bareq, sizeof(bareq)); 1338 count++; 1339 buf += sizeof(bareq); 1340 len -= sizeof(bareq); 1341 } 1342out: 1343 BRIDGE_UNLOCK(sc); 1344 bac->ifbac_len = sizeof(bareq) * count; 1345 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len); 1346 BRIDGE_LOCK(sc); 1347 free(outbuf, M_TEMP); 1348 return (error); 1349} 1350 1351static int 1352bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1353{ 1354 struct ifbareq *req = arg; 1355 struct bridge_iflist *bif; 1356 int error; 1357 1358 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1359 if (bif == NULL) 1360 return (ENOENT); 1361 1362 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1363 req->ifba_flags); 1364 1365 return (error); 1366} 1367 1368static int 1369bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1370{ 1371 struct ifbrparam *param = arg; 1372 1373 sc->sc_brttimeout = param->ifbrp_ctime; 1374 return (0); 1375} 1376 1377static int 1378bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1379{ 1380 struct ifbrparam *param = arg; 1381 1382 param->ifbrp_ctime = sc->sc_brttimeout; 1383 return (0); 1384} 1385 1386static int 1387bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1388{ 1389 struct ifbareq *req = arg; 1390 1391 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1392} 1393 1394static int 1395bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1396{ 1397 struct ifbreq *req = arg; 1398 1399 bridge_rtflush(sc, req->ifbr_ifsflags); 1400 return (0); 1401} 1402 1403static int 1404bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1405{ 1406 struct ifbrparam *param = arg; 1407 struct bstp_state *bs = &sc->sc_stp; 1408 1409 param->ifbrp_prio = bs->bs_bridge_priority; 1410 return (0); 1411} 1412 1413static int 1414bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1415{ 1416 struct ifbrparam *param = arg; 1417 1418 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1419} 1420 1421static int 1422bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1423{ 1424 struct ifbrparam *param = arg; 1425 struct bstp_state *bs = &sc->sc_stp; 1426 1427 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1428 return (0); 1429} 1430 1431static int 1432bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1433{ 1434 struct ifbrparam *param = arg; 1435 1436 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1437} 1438 1439static int 1440bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1441{ 1442 struct ifbrparam *param = arg; 1443 struct bstp_state *bs = &sc->sc_stp; 1444 1445 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1446 return (0); 1447} 1448 1449static int 1450bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1451{ 1452 struct ifbrparam *param = arg; 1453 1454 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1455} 1456 1457static int 1458bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1459{ 1460 struct ifbrparam *param = arg; 1461 struct bstp_state *bs = &sc->sc_stp; 1462 1463 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1464 return (0); 1465} 1466 1467static int 1468bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1469{ 1470 struct ifbrparam *param = arg; 1471 1472 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1473} 1474 1475static int 1476bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1477{ 1478 struct ifbreq *req = arg; 1479 struct bridge_iflist *bif; 1480 1481 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1482 if (bif == NULL) 1483 return (ENOENT); 1484 1485 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1486} 1487 1488static int 1489bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1490{ 1491 struct ifbreq *req = arg; 1492 struct bridge_iflist *bif; 1493 1494 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1495 if (bif == NULL) 1496 return (ENOENT); 1497 1498 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1499} 1500 1501static int 1502bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg) 1503{ 1504 struct ifbreq *req = arg; 1505 struct bridge_iflist *bif; 1506 1507 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1508 if (bif == NULL) 1509 return (ENOENT); 1510 1511 bif->bif_addrmax = req->ifbr_addrmax; 1512 return (0); 1513} 1514 1515static int 1516bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1517{ 1518 struct ifbreq *req = arg; 1519 struct bridge_iflist *bif = NULL; 1520 struct ifnet *ifs; 1521 1522 ifs = ifunit(req->ifbr_ifsname); 1523 if (ifs == NULL) 1524 return (ENOENT); 1525 1526 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1527 if (ifs == bif->bif_ifp) 1528 return (EBUSY); 1529 1530 if (ifs->if_bridge != NULL) 1531 return (EBUSY); 1532 1533 switch (ifs->if_type) { 1534 case IFT_ETHER: 1535 case IFT_GIF: 1536 case IFT_L2VLAN: 1537 break; 1538 default: 1539 return (EINVAL); 1540 } 1541 1542 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1543 if (bif == NULL) 1544 return (ENOMEM); 1545 1546 bif->bif_ifp = ifs; 1547 bif->bif_flags = IFBIF_SPAN; 1548 1549 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1550 1551 return (0); 1552} 1553 1554static int 1555bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1556{ 1557 struct ifbreq *req = arg; 1558 struct bridge_iflist *bif; 1559 struct ifnet *ifs; 1560 1561 ifs = ifunit(req->ifbr_ifsname); 1562 if (ifs == NULL) 1563 return (ENOENT); 1564 1565 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1566 if (ifs == bif->bif_ifp) 1567 break; 1568 1569 if (bif == NULL) 1570 return (ENOENT); 1571 1572 bridge_delete_span(sc, bif); 1573 1574 return (0); 1575} 1576 1577static int 1578bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1579{ 1580 struct ifbropreq *req = arg; 1581 struct bstp_state *bs = &sc->sc_stp; 1582 struct bstp_port *root_port; 1583 1584 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1585 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1586 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1587 1588 root_port = bs->bs_root_port; 1589 if (root_port == NULL) 1590 req->ifbop_root_port = 0; 1591 else 1592 req->ifbop_root_port = root_port->bp_ifp->if_index; 1593 1594 req->ifbop_holdcount = bs->bs_txholdcount; 1595 req->ifbop_priority = bs->bs_bridge_priority; 1596 req->ifbop_protocol = bs->bs_protover; 1597 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1598 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1599 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1600 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1601 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1602 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1603 1604 return (0); 1605} 1606 1607static int 1608bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1609{ 1610 struct ifbrparam *param = arg; 1611 1612 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1613 return (0); 1614} 1615 1616static int 1617bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1618{ 1619 struct ifbpstpconf *bifstp = arg; 1620 struct bridge_iflist *bif; 1621 struct bstp_port *bp; 1622 struct ifbpstpreq bpreq; 1623 char *buf, *outbuf; 1624 int count, buflen, len, error = 0; 1625 1626 count = 0; 1627 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1628 if ((bif->bif_flags & IFBIF_STP) != 0) 1629 count++; 1630 } 1631 1632 buflen = sizeof(bpreq) * count; 1633 if (bifstp->ifbpstp_len == 0) { 1634 bifstp->ifbpstp_len = buflen; 1635 return (0); 1636 } 1637 1638 BRIDGE_UNLOCK(sc); 1639 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1640 BRIDGE_LOCK(sc); 1641 1642 count = 0; 1643 buf = outbuf; 1644 len = min(bifstp->ifbpstp_len, buflen); 1645 bzero(&bpreq, sizeof(bpreq)); 1646 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1647 if (len < sizeof(bpreq)) 1648 break; 1649 1650 if ((bif->bif_flags & IFBIF_STP) == 0) 1651 continue; 1652 1653 bp = &bif->bif_stp; 1654 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1655 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1656 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1657 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1658 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1659 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1660 1661 memcpy(buf, &bpreq, sizeof(bpreq)); 1662 count++; 1663 buf += sizeof(bpreq); 1664 len -= sizeof(bpreq); 1665 } 1666 1667 BRIDGE_UNLOCK(sc); 1668 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1669 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len); 1670 BRIDGE_LOCK(sc); 1671 free(outbuf, M_TEMP); 1672 return (error); 1673} 1674 1675static int 1676bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1677{ 1678 struct ifbrparam *param = arg; 1679 1680 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1681} 1682 1683static int 1684bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1685{ 1686 struct ifbrparam *param = arg; 1687 1688 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1689} 1690 1691/* 1692 * bridge_ifdetach: 1693 * 1694 * Detach an interface from a bridge. Called when a member 1695 * interface is detaching. 1696 */ 1697static void 1698bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1699{ 1700 struct bridge_softc *sc = ifp->if_bridge; 1701 struct bridge_iflist *bif; 1702 1703 if (ifp->if_flags & IFF_RENAMING) 1704 return; 1705 1706 /* Check if the interface is a bridge member */ 1707 if (sc != NULL) { 1708 BRIDGE_LOCK(sc); 1709 1710 bif = bridge_lookup_member_if(sc, ifp); 1711 if (bif != NULL) 1712 bridge_delete_member(sc, bif, 1); 1713 1714 BRIDGE_UNLOCK(sc); 1715 return; 1716 } 1717 1718 /* Check if the interface is a span port */ 1719 mtx_lock(&bridge_list_mtx); 1720 LIST_FOREACH(sc, &bridge_list, sc_list) { 1721 BRIDGE_LOCK(sc); 1722 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1723 if (ifp == bif->bif_ifp) { 1724 bridge_delete_span(sc, bif); 1725 break; 1726 } 1727 1728 BRIDGE_UNLOCK(sc); 1729 } 1730 mtx_unlock(&bridge_list_mtx); 1731} 1732 1733/* 1734 * bridge_init: 1735 * 1736 * Initialize a bridge interface. 1737 */ 1738static void 1739bridge_init(void *xsc) 1740{ 1741 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1742 struct ifnet *ifp = sc->sc_ifp; 1743 1744 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1745 return; 1746 1747 BRIDGE_LOCK(sc); 1748 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1749 bridge_timer, sc); 1750 1751 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1752 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1753 1754 BRIDGE_UNLOCK(sc); 1755} 1756 1757/* 1758 * bridge_stop: 1759 * 1760 * Stop the bridge interface. 1761 */ 1762static void 1763bridge_stop(struct ifnet *ifp, int disable) 1764{ 1765 struct bridge_softc *sc = ifp->if_softc; 1766 1767 BRIDGE_LOCK_ASSERT(sc); 1768 1769 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1770 return; 1771 1772 callout_stop(&sc->sc_brcallout); 1773 bstp_stop(&sc->sc_stp); 1774 1775 bridge_rtflush(sc, IFBF_FLUSHDYN); 1776 1777 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1778} 1779 1780/* 1781 * bridge_enqueue: 1782 * 1783 * Enqueue a packet on a bridge member interface. 1784 * 1785 */ 1786static void 1787bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1788{ 1789 int len, err = 0; 1790 short mflags; 1791 struct mbuf *m0; 1792 1793 len = m->m_pkthdr.len; 1794 mflags = m->m_flags; 1795 1796 /* We may be sending a fragment so traverse the mbuf */ 1797 for (; m; m = m0) { 1798 m0 = m->m_nextpkt; 1799 m->m_nextpkt = NULL; 1800 1801 /* 1802 * If underlying interface can not do VLAN tag insertion itself 1803 * then attach a packet tag that holds it. 1804 */ 1805 if ((m->m_flags & M_VLANTAG) && 1806 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) { 1807 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag); 1808 if (m == NULL) { 1809 if_printf(dst_ifp, 1810 "unable to prepend VLAN header\n"); 1811 dst_ifp->if_oerrors++; 1812 continue; 1813 } 1814 m->m_flags &= ~M_VLANTAG; 1815 } 1816 1817 if ((err = dst_ifp->if_transmit(dst_ifp, m))) { 1818 m_freem(m0); 1819 break; 1820 } 1821 } 1822 1823 if (err == 0) { 1824 sc->sc_ifp->if_opackets++; 1825 sc->sc_ifp->if_obytes += len; 1826 if (mflags & M_MCAST) 1827 sc->sc_ifp->if_omcasts++; 1828 } 1829} 1830 1831/* 1832 * bridge_dummynet: 1833 * 1834 * Receive a queued packet from dummynet and pass it on to the output 1835 * interface. 1836 * 1837 * The mbuf has the Ethernet header already attached. 1838 */ 1839static void 1840bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1841{ 1842 struct bridge_softc *sc; 1843 1844 sc = ifp->if_bridge; 1845 1846 /* 1847 * The packet didnt originate from a member interface. This should only 1848 * ever happen if a member interface is removed while packets are 1849 * queued for it. 1850 */ 1851 if (sc == NULL) { 1852 m_freem(m); 1853 return; 1854 } 1855 1856 if (PFIL_HOOKED(&V_inet_pfil_hook) 1857#ifdef INET6 1858 || PFIL_HOOKED(&V_inet6_pfil_hook) 1859#endif 1860 ) { 1861 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1862 return; 1863 if (m == NULL) 1864 return; 1865 } 1866 1867 bridge_enqueue(sc, ifp, m); 1868} 1869 1870/* 1871 * bridge_output: 1872 * 1873 * Send output from a bridge member interface. This 1874 * performs the bridging function for locally originated 1875 * packets. 1876 * 1877 * The mbuf has the Ethernet header already attached. We must 1878 * enqueue or free the mbuf before returning. 1879 */ 1880static int 1881bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1882 struct rtentry *rt) 1883{ 1884 struct ether_header *eh; 1885 struct ifnet *dst_if; 1886 struct bridge_softc *sc; 1887 uint16_t vlan; 1888 1889 if (m->m_len < ETHER_HDR_LEN) { 1890 m = m_pullup(m, ETHER_HDR_LEN); 1891 if (m == NULL) 1892 return (0); 1893 } 1894 1895 eh = mtod(m, struct ether_header *); 1896 sc = ifp->if_bridge; 1897 vlan = VLANTAGOF(m); 1898 1899 BRIDGE_LOCK(sc); 1900 1901 /* 1902 * If bridge is down, but the original output interface is up, 1903 * go ahead and send out that interface. Otherwise, the packet 1904 * is dropped below. 1905 */ 1906 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1907 dst_if = ifp; 1908 goto sendunicast; 1909 } 1910 1911 /* 1912 * If the packet is a multicast, or we don't know a better way to 1913 * get there, send to all interfaces. 1914 */ 1915 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1916 dst_if = NULL; 1917 else 1918 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1919 if (dst_if == NULL) { 1920 struct bridge_iflist *bif; 1921 struct mbuf *mc; 1922 int error = 0, used = 0; 1923 1924 bridge_span(sc, m); 1925 1926 BRIDGE_LOCK2REF(sc, error); 1927 if (error) { 1928 m_freem(m); 1929 return (0); 1930 } 1931 1932 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1933 dst_if = bif->bif_ifp; 1934 1935 if (dst_if->if_type == IFT_GIF) 1936 continue; 1937 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 1938 continue; 1939 1940 /* 1941 * If this is not the original output interface, 1942 * and the interface is participating in spanning 1943 * tree, make sure the port is in a state that 1944 * allows forwarding. 1945 */ 1946 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 1947 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 1948 continue; 1949 1950 if (LIST_NEXT(bif, bif_next) == NULL) { 1951 used = 1; 1952 mc = m; 1953 } else { 1954 mc = m_copypacket(m, M_DONTWAIT); 1955 if (mc == NULL) { 1956 sc->sc_ifp->if_oerrors++; 1957 continue; 1958 } 1959 } 1960 1961 bridge_enqueue(sc, dst_if, mc); 1962 } 1963 if (used == 0) 1964 m_freem(m); 1965 BRIDGE_UNREF(sc); 1966 return (0); 1967 } 1968 1969sendunicast: 1970 /* 1971 * XXX Spanning tree consideration here? 1972 */ 1973 1974 bridge_span(sc, m); 1975 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1976 m_freem(m); 1977 BRIDGE_UNLOCK(sc); 1978 return (0); 1979 } 1980 1981 BRIDGE_UNLOCK(sc); 1982 bridge_enqueue(sc, dst_if, m); 1983 return (0); 1984} 1985 1986/* 1987 * bridge_start: 1988 * 1989 * Start output on a bridge. 1990 * 1991 */ 1992static void 1993bridge_start(struct ifnet *ifp) 1994{ 1995 struct bridge_softc *sc; 1996 struct mbuf *m; 1997 struct ether_header *eh; 1998 struct ifnet *dst_if; 1999 2000 sc = ifp->if_softc; 2001 2002 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2003 for (;;) { 2004 IFQ_DEQUEUE(&ifp->if_snd, m); 2005 if (m == 0) 2006 break; 2007 ETHER_BPF_MTAP(ifp, m); 2008 2009 eh = mtod(m, struct ether_header *); 2010 dst_if = NULL; 2011 2012 BRIDGE_LOCK(sc); 2013 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2014 dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1); 2015 } 2016 2017 if (dst_if == NULL) 2018 bridge_broadcast(sc, ifp, m, 0); 2019 else { 2020 BRIDGE_UNLOCK(sc); 2021 bridge_enqueue(sc, dst_if, m); 2022 } 2023 } 2024 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2025} 2026 2027/* 2028 * bridge_forward: 2029 * 2030 * The forwarding function of the bridge. 2031 * 2032 * NOTE: Releases the lock on return. 2033 */ 2034static void 2035bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif, 2036 struct mbuf *m) 2037{ 2038 struct bridge_iflist *dbif; 2039 struct ifnet *src_if, *dst_if, *ifp; 2040 struct ether_header *eh; 2041 uint16_t vlan; 2042 uint8_t *dst; 2043 int error; 2044 2045 src_if = m->m_pkthdr.rcvif; 2046 ifp = sc->sc_ifp; 2047 2048 ifp->if_ipackets++; 2049 ifp->if_ibytes += m->m_pkthdr.len; 2050 vlan = VLANTAGOF(m); 2051 2052 if ((sbif->bif_flags & IFBIF_STP) && 2053 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2054 goto drop; 2055 2056 eh = mtod(m, struct ether_header *); 2057 dst = eh->ether_dhost; 2058 2059 /* If the interface is learning, record the address. */ 2060 if (sbif->bif_flags & IFBIF_LEARNING) { 2061 error = bridge_rtupdate(sc, eh->ether_shost, vlan, 2062 sbif, 0, IFBAF_DYNAMIC); 2063 /* 2064 * If the interface has addresses limits then deny any source 2065 * that is not in the cache. 2066 */ 2067 if (error && sbif->bif_addrmax) 2068 goto drop; 2069 } 2070 2071 if ((sbif->bif_flags & IFBIF_STP) != 0 && 2072 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) 2073 goto drop; 2074 2075 /* 2076 * At this point, the port either doesn't participate 2077 * in spanning tree or it is in the forwarding state. 2078 */ 2079 2080 /* 2081 * If the packet is unicast, destined for someone on 2082 * "this" side of the bridge, drop it. 2083 */ 2084 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2085 dst_if = bridge_rtlookup(sc, dst, vlan); 2086 if (src_if == dst_if) 2087 goto drop; 2088 } else { 2089 /* 2090 * Check if its a reserved multicast address, any address 2091 * listed in 802.1D section 7.12.6 may not be forwarded by the 2092 * bridge. 2093 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F 2094 */ 2095 if (dst[0] == 0x01 && dst[1] == 0x80 && 2096 dst[2] == 0xc2 && dst[3] == 0x00 && 2097 dst[4] == 0x00 && dst[5] <= 0x0f) 2098 goto drop; 2099 2100 /* ...forward it to all interfaces. */ 2101 ifp->if_imcasts++; 2102 dst_if = NULL; 2103 } 2104 2105 /* 2106 * If we have a destination interface which is a member of our bridge, 2107 * OR this is a unicast packet, push it through the bpf(4) machinery. 2108 * For broadcast or multicast packets, don't bother because it will 2109 * be reinjected into ether_input. We do this before we pass the packets 2110 * through the pfil(9) framework, as it is possible that pfil(9) will 2111 * drop the packet, or possibly modify it, making it difficult to debug 2112 * firewall issues on the bridge. 2113 */ 2114 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 2115 ETHER_BPF_MTAP(ifp, m); 2116 2117 /* run the packet filter */ 2118 if (PFIL_HOOKED(&V_inet_pfil_hook) 2119#ifdef INET6 2120 || PFIL_HOOKED(&V_inet6_pfil_hook) 2121#endif 2122 ) { 2123 BRIDGE_UNLOCK(sc); 2124 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2125 return; 2126 if (m == NULL) 2127 return; 2128 BRIDGE_LOCK(sc); 2129 } 2130 2131 if (dst_if == NULL) { 2132 bridge_broadcast(sc, src_if, m, 1); 2133 return; 2134 } 2135 2136 /* 2137 * At this point, we're dealing with a unicast frame 2138 * going to a different interface. 2139 */ 2140 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2141 goto drop; 2142 2143 dbif = bridge_lookup_member_if(sc, dst_if); 2144 if (dbif == NULL) 2145 /* Not a member of the bridge (anymore?) */ 2146 goto drop; 2147 2148 /* Private segments can not talk to each other */ 2149 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE) 2150 goto drop; 2151 2152 if ((dbif->bif_flags & IFBIF_STP) && 2153 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2154 goto drop; 2155 2156 BRIDGE_UNLOCK(sc); 2157 2158 if (PFIL_HOOKED(&V_inet_pfil_hook) 2159#ifdef INET6 2160 || PFIL_HOOKED(&V_inet6_pfil_hook) 2161#endif 2162 ) { 2163 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2164 return; 2165 if (m == NULL) 2166 return; 2167 } 2168 2169 bridge_enqueue(sc, dst_if, m); 2170 return; 2171 2172drop: 2173 BRIDGE_UNLOCK(sc); 2174 m_freem(m); 2175} 2176 2177/* 2178 * bridge_input: 2179 * 2180 * Receive input from a member interface. Queue the packet for 2181 * bridging if it is not for us. 2182 */ 2183static struct mbuf * 2184bridge_input(struct ifnet *ifp, struct mbuf *m) 2185{ 2186 struct bridge_softc *sc = ifp->if_bridge; 2187 struct bridge_iflist *bif, *bif2; 2188 struct ifnet *bifp; 2189 struct ether_header *eh; 2190 struct mbuf *mc, *mc2; 2191 uint16_t vlan; 2192 int error; 2193 2194 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2195 return (m); 2196 2197 bifp = sc->sc_ifp; 2198 vlan = VLANTAGOF(m); 2199 2200 /* 2201 * Implement support for bridge monitoring. If this flag has been 2202 * set on this interface, discard the packet once we push it through 2203 * the bpf(4) machinery, but before we do, increment the byte and 2204 * packet counters associated with this interface. 2205 */ 2206 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2207 m->m_pkthdr.rcvif = bifp; 2208 ETHER_BPF_MTAP(bifp, m); 2209 bifp->if_ipackets++; 2210 bifp->if_ibytes += m->m_pkthdr.len; 2211 m_freem(m); 2212 return (NULL); 2213 } 2214 BRIDGE_LOCK(sc); 2215 bif = bridge_lookup_member_if(sc, ifp); 2216 if (bif == NULL) { 2217 BRIDGE_UNLOCK(sc); 2218 return (m); 2219 } 2220 2221 eh = mtod(m, struct ether_header *); 2222 2223 bridge_span(sc, m); 2224 2225 if (m->m_flags & (M_BCAST|M_MCAST)) { 2226 /* Tap off 802.1D packets; they do not get forwarded. */ 2227 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2228 ETHER_ADDR_LEN) == 0) { 2229 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */ 2230 BRIDGE_UNLOCK(sc); 2231 return (NULL); 2232 } 2233 2234 if ((bif->bif_flags & IFBIF_STP) && 2235 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2236 BRIDGE_UNLOCK(sc); 2237 return (m); 2238 } 2239 2240 /* 2241 * Make a deep copy of the packet and enqueue the copy 2242 * for bridge processing; return the original packet for 2243 * local processing. 2244 */ 2245 mc = m_dup(m, M_DONTWAIT); 2246 if (mc == NULL) { 2247 BRIDGE_UNLOCK(sc); 2248 return (m); 2249 } 2250 2251 /* Perform the bridge forwarding function with the copy. */ 2252 bridge_forward(sc, bif, mc); 2253 2254 /* 2255 * Reinject the mbuf as arriving on the bridge so we have a 2256 * chance at claiming multicast packets. We can not loop back 2257 * here from ether_input as a bridge is never a member of a 2258 * bridge. 2259 */ 2260 KASSERT(bifp->if_bridge == NULL, 2261 ("loop created in bridge_input")); 2262 mc2 = m_dup(m, M_DONTWAIT); 2263 if (mc2 != NULL) { 2264 /* Keep the layer3 header aligned */ 2265 int i = min(mc2->m_pkthdr.len, max_protohdr); 2266 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2267 } 2268 if (mc2 != NULL) { 2269 mc2->m_pkthdr.rcvif = bifp; 2270 (*bifp->if_input)(bifp, mc2); 2271 } 2272 2273 /* Return the original packet for local processing. */ 2274 return (m); 2275 } 2276 2277 if ((bif->bif_flags & IFBIF_STP) && 2278 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2279 BRIDGE_UNLOCK(sc); 2280 return (m); 2281 } 2282 2283#if (defined(INET) || defined(INET6)) 2284# define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2285 || ((iface)->if_carp \ 2286 && (*carp_forus_p)((iface), eh->ether_dhost)) 2287# define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2288 || ((iface)->if_carp \ 2289 && (*carp_forus_p)((iface), eh->ether_shost)) 2290#else 2291# define OR_CARP_CHECK_WE_ARE_DST(iface) 2292# define OR_CARP_CHECK_WE_ARE_SRC(iface) 2293#endif 2294 2295#ifdef INET6 2296# define OR_PFIL_HOOKED_INET6 \ 2297 || PFIL_HOOKED(&V_inet6_pfil_hook) 2298#else 2299# define OR_PFIL_HOOKED_INET6 2300#endif 2301 2302#define GRAB_OUR_PACKETS(iface) \ 2303 if ((iface)->if_type == IFT_GIF) \ 2304 continue; \ 2305 /* It is destined for us. */ \ 2306 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2307 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2308 ) { \ 2309 if ((iface)->if_type == IFT_BRIDGE) { \ 2310 ETHER_BPF_MTAP(iface, m); \ 2311 iface->if_ipackets++; \ 2312 /* Filter on the physical interface. */ \ 2313 if (pfil_local_phys && \ 2314 (PFIL_HOOKED(&V_inet_pfil_hook) \ 2315 OR_PFIL_HOOKED_INET6)) { \ 2316 if (bridge_pfil(&m, NULL, ifp, \ 2317 PFIL_IN) != 0 || m == NULL) { \ 2318 BRIDGE_UNLOCK(sc); \ 2319 return (NULL); \ 2320 } \ 2321 eh = mtod(m, struct ether_header *); \ 2322 } \ 2323 } \ 2324 if (bif->bif_flags & IFBIF_LEARNING) { \ 2325 error = bridge_rtupdate(sc, eh->ether_shost, \ 2326 vlan, bif, 0, IFBAF_DYNAMIC); \ 2327 if (error && bif->bif_addrmax) { \ 2328 BRIDGE_UNLOCK(sc); \ 2329 m_freem(m); \ 2330 return (NULL); \ 2331 } \ 2332 } \ 2333 m->m_pkthdr.rcvif = iface; \ 2334 BRIDGE_UNLOCK(sc); \ 2335 return (m); \ 2336 } \ 2337 \ 2338 /* We just received a packet that we sent out. */ \ 2339 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2340 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2341 ) { \ 2342 BRIDGE_UNLOCK(sc); \ 2343 m_freem(m); \ 2344 return (NULL); \ 2345 } 2346 2347 /* 2348 * Unicast. Make sure it's not for the bridge. 2349 */ 2350 do { GRAB_OUR_PACKETS(bifp) } while (0); 2351 2352 /* 2353 * Give a chance for ifp at first priority. This will help when the 2354 * packet comes through the interface like VLAN's with the same MACs 2355 * on several interfaces from the same bridge. This also will save 2356 * some CPU cycles in case the destination interface and the input 2357 * interface (eq ifp) are the same. 2358 */ 2359 do { GRAB_OUR_PACKETS(ifp) } while (0); 2360 2361 /* Now check the all bridge members. */ 2362 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2363 GRAB_OUR_PACKETS(bif2->bif_ifp) 2364 } 2365 2366#undef OR_CARP_CHECK_WE_ARE_DST 2367#undef OR_CARP_CHECK_WE_ARE_SRC 2368#undef OR_PFIL_HOOKED_INET6 2369#undef GRAB_OUR_PACKETS 2370 2371 /* Perform the bridge forwarding function. */ 2372 bridge_forward(sc, bif, m); 2373 2374 return (NULL); 2375} 2376 2377/* 2378 * bridge_broadcast: 2379 * 2380 * Send a frame to all interfaces that are members of 2381 * the bridge, except for the one on which the packet 2382 * arrived. 2383 * 2384 * NOTE: Releases the lock on return. 2385 */ 2386static void 2387bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2388 struct mbuf *m, int runfilt) 2389{ 2390 struct bridge_iflist *dbif, *sbif; 2391 struct mbuf *mc; 2392 struct ifnet *dst_if; 2393 int error = 0, used = 0, i; 2394 2395 sbif = bridge_lookup_member_if(sc, src_if); 2396 2397 BRIDGE_LOCK2REF(sc, error); 2398 if (error) { 2399 m_freem(m); 2400 return; 2401 } 2402 2403 /* Filter on the bridge interface before broadcasting */ 2404 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2405#ifdef INET6 2406 || PFIL_HOOKED(&V_inet6_pfil_hook) 2407#endif 2408 )) { 2409 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2410 goto out; 2411 if (m == NULL) 2412 goto out; 2413 } 2414 2415 LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) { 2416 dst_if = dbif->bif_ifp; 2417 if (dst_if == src_if) 2418 continue; 2419 2420 /* Private segments can not talk to each other */ 2421 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)) 2422 continue; 2423 2424 if ((dbif->bif_flags & IFBIF_STP) && 2425 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2426 continue; 2427 2428 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 && 2429 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2430 continue; 2431 2432 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2433 continue; 2434 2435 if (LIST_NEXT(dbif, bif_next) == NULL) { 2436 mc = m; 2437 used = 1; 2438 } else { 2439 mc = m_dup(m, M_DONTWAIT); 2440 if (mc == NULL) { 2441 sc->sc_ifp->if_oerrors++; 2442 continue; 2443 } 2444 } 2445 2446 /* 2447 * Filter on the output interface. Pass a NULL bridge interface 2448 * pointer so we do not redundantly filter on the bridge for 2449 * each interface we broadcast on. 2450 */ 2451 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2452#ifdef INET6 2453 || PFIL_HOOKED(&V_inet6_pfil_hook) 2454#endif 2455 )) { 2456 if (used == 0) { 2457 /* Keep the layer3 header aligned */ 2458 i = min(mc->m_pkthdr.len, max_protohdr); 2459 mc = m_copyup(mc, i, ETHER_ALIGN); 2460 if (mc == NULL) { 2461 sc->sc_ifp->if_oerrors++; 2462 continue; 2463 } 2464 } 2465 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2466 continue; 2467 if (mc == NULL) 2468 continue; 2469 } 2470 2471 bridge_enqueue(sc, dst_if, mc); 2472 } 2473 if (used == 0) 2474 m_freem(m); 2475 2476out: 2477 BRIDGE_UNREF(sc); 2478} 2479 2480/* 2481 * bridge_span: 2482 * 2483 * Duplicate a packet out one or more interfaces that are in span mode, 2484 * the original mbuf is unmodified. 2485 */ 2486static void 2487bridge_span(struct bridge_softc *sc, struct mbuf *m) 2488{ 2489 struct bridge_iflist *bif; 2490 struct ifnet *dst_if; 2491 struct mbuf *mc; 2492 2493 if (LIST_EMPTY(&sc->sc_spanlist)) 2494 return; 2495 2496 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2497 dst_if = bif->bif_ifp; 2498 2499 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2500 continue; 2501 2502 mc = m_copypacket(m, M_DONTWAIT); 2503 if (mc == NULL) { 2504 sc->sc_ifp->if_oerrors++; 2505 continue; 2506 } 2507 2508 bridge_enqueue(sc, dst_if, mc); 2509 } 2510} 2511 2512/* 2513 * bridge_rtupdate: 2514 * 2515 * Add a bridge routing entry. 2516 */ 2517static int 2518bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2519 struct bridge_iflist *bif, int setflags, uint8_t flags) 2520{ 2521 struct bridge_rtnode *brt; 2522 int error; 2523 2524 BRIDGE_LOCK_ASSERT(sc); 2525 2526 /* Check the source address is valid and not multicast. */ 2527 if (ETHER_IS_MULTICAST(dst) || 2528 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 && 2529 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0) 2530 return (EINVAL); 2531 2532 /* 802.1p frames map to vlan 1 */ 2533 if (vlan == 0) 2534 vlan = 1; 2535 2536 /* 2537 * A route for this destination might already exist. If so, 2538 * update it, otherwise create a new one. 2539 */ 2540 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2541 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2542 sc->sc_brtexceeded++; 2543 return (ENOSPC); 2544 } 2545 /* Check per interface address limits (if enabled) */ 2546 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) { 2547 bif->bif_addrexceeded++; 2548 return (ENOSPC); 2549 } 2550 2551 /* 2552 * Allocate a new bridge forwarding node, and 2553 * initialize the expiration time and Ethernet 2554 * address. 2555 */ 2556 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2557 if (brt == NULL) 2558 return (ENOMEM); 2559 2560 if (bif->bif_flags & IFBIF_STICKY) 2561 brt->brt_flags = IFBAF_STICKY; 2562 else 2563 brt->brt_flags = IFBAF_DYNAMIC; 2564 2565 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2566 brt->brt_vlan = vlan; 2567 2568 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2569 uma_zfree(bridge_rtnode_zone, brt); 2570 return (error); 2571 } 2572 brt->brt_dst = bif; 2573 bif->bif_addrcnt++; 2574 } 2575 2576 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2577 brt->brt_dst != bif) { 2578 brt->brt_dst->bif_addrcnt--; 2579 brt->brt_dst = bif; 2580 brt->brt_dst->bif_addrcnt++; 2581 } 2582 2583 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2584 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2585 if (setflags) 2586 brt->brt_flags = flags; 2587 2588 return (0); 2589} 2590 2591/* 2592 * bridge_rtlookup: 2593 * 2594 * Lookup the destination interface for an address. 2595 */ 2596static struct ifnet * 2597bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2598{ 2599 struct bridge_rtnode *brt; 2600 2601 BRIDGE_LOCK_ASSERT(sc); 2602 2603 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2604 return (NULL); 2605 2606 return (brt->brt_ifp); 2607} 2608 2609/* 2610 * bridge_rttrim: 2611 * 2612 * Trim the routine table so that we have a number 2613 * of routing entries less than or equal to the 2614 * maximum number. 2615 */ 2616static void 2617bridge_rttrim(struct bridge_softc *sc) 2618{ 2619 struct bridge_rtnode *brt, *nbrt; 2620 2621 BRIDGE_LOCK_ASSERT(sc); 2622 2623 /* Make sure we actually need to do this. */ 2624 if (sc->sc_brtcnt <= sc->sc_brtmax) 2625 return; 2626 2627 /* Force an aging cycle; this might trim enough addresses. */ 2628 bridge_rtage(sc); 2629 if (sc->sc_brtcnt <= sc->sc_brtmax) 2630 return; 2631 2632 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2633 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2634 bridge_rtnode_destroy(sc, brt); 2635 if (sc->sc_brtcnt <= sc->sc_brtmax) 2636 return; 2637 } 2638 } 2639} 2640 2641/* 2642 * bridge_timer: 2643 * 2644 * Aging timer for the bridge. 2645 */ 2646static void 2647bridge_timer(void *arg) 2648{ 2649 struct bridge_softc *sc = arg; 2650 2651 BRIDGE_LOCK_ASSERT(sc); 2652 2653 bridge_rtage(sc); 2654 2655 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2656 callout_reset(&sc->sc_brcallout, 2657 bridge_rtable_prune_period * hz, bridge_timer, sc); 2658} 2659 2660/* 2661 * bridge_rtage: 2662 * 2663 * Perform an aging cycle. 2664 */ 2665static void 2666bridge_rtage(struct bridge_softc *sc) 2667{ 2668 struct bridge_rtnode *brt, *nbrt; 2669 2670 BRIDGE_LOCK_ASSERT(sc); 2671 2672 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2673 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2674 if (time_uptime >= brt->brt_expire) 2675 bridge_rtnode_destroy(sc, brt); 2676 } 2677 } 2678} 2679 2680/* 2681 * bridge_rtflush: 2682 * 2683 * Remove all dynamic addresses from the bridge. 2684 */ 2685static void 2686bridge_rtflush(struct bridge_softc *sc, int full) 2687{ 2688 struct bridge_rtnode *brt, *nbrt; 2689 2690 BRIDGE_LOCK_ASSERT(sc); 2691 2692 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2693 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2694 bridge_rtnode_destroy(sc, brt); 2695 } 2696} 2697 2698/* 2699 * bridge_rtdaddr: 2700 * 2701 * Remove an address from the table. 2702 */ 2703static int 2704bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2705{ 2706 struct bridge_rtnode *brt; 2707 int found = 0; 2708 2709 BRIDGE_LOCK_ASSERT(sc); 2710 2711 /* 2712 * If vlan is zero then we want to delete for all vlans so the lookup 2713 * may return more than one. 2714 */ 2715 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2716 bridge_rtnode_destroy(sc, brt); 2717 found = 1; 2718 } 2719 2720 return (found ? 0 : ENOENT); 2721} 2722 2723/* 2724 * bridge_rtdelete: 2725 * 2726 * Delete routes to a speicifc member interface. 2727 */ 2728static void 2729bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2730{ 2731 struct bridge_rtnode *brt, *nbrt; 2732 2733 BRIDGE_LOCK_ASSERT(sc); 2734 2735 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2736 if (brt->brt_ifp == ifp && (full || 2737 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2738 bridge_rtnode_destroy(sc, brt); 2739 } 2740} 2741 2742/* 2743 * bridge_rtable_init: 2744 * 2745 * Initialize the route table for this bridge. 2746 */ 2747static int 2748bridge_rtable_init(struct bridge_softc *sc) 2749{ 2750 int i; 2751 2752 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2753 M_DEVBUF, M_NOWAIT); 2754 if (sc->sc_rthash == NULL) 2755 return (ENOMEM); 2756 2757 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2758 LIST_INIT(&sc->sc_rthash[i]); 2759 2760 sc->sc_rthash_key = arc4random(); 2761 2762 LIST_INIT(&sc->sc_rtlist); 2763 2764 return (0); 2765} 2766 2767/* 2768 * bridge_rtable_fini: 2769 * 2770 * Deconstruct the route table for this bridge. 2771 */ 2772static void 2773bridge_rtable_fini(struct bridge_softc *sc) 2774{ 2775 2776 KASSERT(sc->sc_brtcnt == 0, 2777 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt)); 2778 free(sc->sc_rthash, M_DEVBUF); 2779} 2780 2781/* 2782 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2783 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2784 */ 2785#define mix(a, b, c) \ 2786do { \ 2787 a -= b; a -= c; a ^= (c >> 13); \ 2788 b -= c; b -= a; b ^= (a << 8); \ 2789 c -= a; c -= b; c ^= (b >> 13); \ 2790 a -= b; a -= c; a ^= (c >> 12); \ 2791 b -= c; b -= a; b ^= (a << 16); \ 2792 c -= a; c -= b; c ^= (b >> 5); \ 2793 a -= b; a -= c; a ^= (c >> 3); \ 2794 b -= c; b -= a; b ^= (a << 10); \ 2795 c -= a; c -= b; c ^= (b >> 15); \ 2796} while (/*CONSTCOND*/0) 2797 2798static __inline uint32_t 2799bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2800{ 2801 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2802 2803 b += addr[5] << 8; 2804 b += addr[4]; 2805 a += addr[3] << 24; 2806 a += addr[2] << 16; 2807 a += addr[1] << 8; 2808 a += addr[0]; 2809 2810 mix(a, b, c); 2811 2812 return (c & BRIDGE_RTHASH_MASK); 2813} 2814 2815#undef mix 2816 2817static int 2818bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2819{ 2820 int i, d; 2821 2822 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2823 d = ((int)a[i]) - ((int)b[i]); 2824 } 2825 2826 return (d); 2827} 2828 2829/* 2830 * bridge_rtnode_lookup: 2831 * 2832 * Look up a bridge route node for the specified destination. Compare the 2833 * vlan id or if zero then just return the first match. 2834 */ 2835static struct bridge_rtnode * 2836bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2837{ 2838 struct bridge_rtnode *brt; 2839 uint32_t hash; 2840 int dir; 2841 2842 BRIDGE_LOCK_ASSERT(sc); 2843 2844 hash = bridge_rthash(sc, addr); 2845 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2846 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2847 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 2848 return (brt); 2849 if (dir > 0) 2850 return (NULL); 2851 } 2852 2853 return (NULL); 2854} 2855 2856/* 2857 * bridge_rtnode_insert: 2858 * 2859 * Insert the specified bridge node into the route table. We 2860 * assume the entry is not already in the table. 2861 */ 2862static int 2863bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2864{ 2865 struct bridge_rtnode *lbrt; 2866 uint32_t hash; 2867 int dir; 2868 2869 BRIDGE_LOCK_ASSERT(sc); 2870 2871 hash = bridge_rthash(sc, brt->brt_addr); 2872 2873 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2874 if (lbrt == NULL) { 2875 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2876 goto out; 2877 } 2878 2879 do { 2880 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2881 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 2882 return (EEXIST); 2883 if (dir > 0) { 2884 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2885 goto out; 2886 } 2887 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2888 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2889 goto out; 2890 } 2891 lbrt = LIST_NEXT(lbrt, brt_hash); 2892 } while (lbrt != NULL); 2893 2894#ifdef DIAGNOSTIC 2895 panic("bridge_rtnode_insert: impossible"); 2896#endif 2897 2898out: 2899 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2900 sc->sc_brtcnt++; 2901 2902 return (0); 2903} 2904 2905/* 2906 * bridge_rtnode_destroy: 2907 * 2908 * Destroy a bridge rtnode. 2909 */ 2910static void 2911bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2912{ 2913 BRIDGE_LOCK_ASSERT(sc); 2914 2915 LIST_REMOVE(brt, brt_hash); 2916 2917 LIST_REMOVE(brt, brt_list); 2918 sc->sc_brtcnt--; 2919 brt->brt_dst->bif_addrcnt--; 2920 uma_zfree(bridge_rtnode_zone, brt); 2921} 2922 2923/* 2924 * bridge_rtable_expire: 2925 * 2926 * Set the expiry time for all routes on an interface. 2927 */ 2928static void 2929bridge_rtable_expire(struct ifnet *ifp, int age) 2930{ 2931 struct bridge_softc *sc = ifp->if_bridge; 2932 struct bridge_rtnode *brt; 2933 2934 BRIDGE_LOCK(sc); 2935 2936 /* 2937 * If the age is zero then flush, otherwise set all the expiry times to 2938 * age for the interface 2939 */ 2940 if (age == 0) 2941 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 2942 else { 2943 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 2944 /* Cap the expiry time to 'age' */ 2945 if (brt->brt_ifp == ifp && 2946 brt->brt_expire > time_uptime + age && 2947 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2948 brt->brt_expire = time_uptime + age; 2949 } 2950 } 2951 BRIDGE_UNLOCK(sc); 2952} 2953 2954/* 2955 * bridge_state_change: 2956 * 2957 * Callback from the bridgestp code when a port changes states. 2958 */ 2959static void 2960bridge_state_change(struct ifnet *ifp, int state) 2961{ 2962 struct bridge_softc *sc = ifp->if_bridge; 2963 static const char *stpstates[] = { 2964 "disabled", 2965 "listening", 2966 "learning", 2967 "forwarding", 2968 "blocking", 2969 "discarding" 2970 }; 2971 2972 if (log_stp) 2973 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 2974 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 2975} 2976 2977/* 2978 * Send bridge packets through pfil if they are one of the types pfil can deal 2979 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2980 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2981 * that interface. 2982 */ 2983static int 2984bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2985{ 2986 int snap, error, i, hlen; 2987 struct ether_header *eh1, eh2; 2988 struct ip_fw_args args; 2989 struct ip *ip; 2990 struct llc llc1; 2991 u_int16_t ether_type; 2992 2993 snap = 0; 2994 error = -1; /* Default error if not error == 0 */ 2995 2996#if 0 2997 /* we may return with the IP fields swapped, ensure its not shared */ 2998 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 2999#endif 3000 3001 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 3002 return (0); /* filtering is disabled */ 3003 3004 i = min((*mp)->m_pkthdr.len, max_protohdr); 3005 if ((*mp)->m_len < i) { 3006 *mp = m_pullup(*mp, i); 3007 if (*mp == NULL) { 3008 printf("%s: m_pullup failed\n", __func__); 3009 return (-1); 3010 } 3011 } 3012 3013 eh1 = mtod(*mp, struct ether_header *); 3014 ether_type = ntohs(eh1->ether_type); 3015 3016 /* 3017 * Check for SNAP/LLC. 3018 */ 3019 if (ether_type < ETHERMTU) { 3020 struct llc *llc2 = (struct llc *)(eh1 + 1); 3021 3022 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3023 llc2->llc_dsap == LLC_SNAP_LSAP && 3024 llc2->llc_ssap == LLC_SNAP_LSAP && 3025 llc2->llc_control == LLC_UI) { 3026 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3027 snap = 1; 3028 } 3029 } 3030 3031 /* 3032 * If we're trying to filter bridge traffic, don't look at anything 3033 * other than IP and ARP traffic. If the filter doesn't understand 3034 * IPv6, don't allow IPv6 through the bridge either. This is lame 3035 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3036 * but of course we don't have an AppleTalk filter to begin with. 3037 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3038 * ARP traffic.) 3039 */ 3040 switch (ether_type) { 3041 case ETHERTYPE_ARP: 3042 case ETHERTYPE_REVARP: 3043 if (pfil_ipfw_arp == 0) 3044 return (0); /* Automatically pass */ 3045 break; 3046 3047 case ETHERTYPE_IP: 3048#ifdef INET6 3049 case ETHERTYPE_IPV6: 3050#endif /* INET6 */ 3051 break; 3052 default: 3053 /* 3054 * Check to see if the user wants to pass non-ip 3055 * packets, these will not be checked by pfil(9) and 3056 * passed unconditionally so the default is to drop. 3057 */ 3058 if (pfil_onlyip) 3059 goto bad; 3060 } 3061 3062 /* Strip off the Ethernet header and keep a copy. */ 3063 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3064 m_adj(*mp, ETHER_HDR_LEN); 3065 3066 /* Strip off snap header, if present */ 3067 if (snap) { 3068 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3069 m_adj(*mp, sizeof(struct llc)); 3070 } 3071 3072 /* 3073 * Check the IP header for alignment and errors 3074 */ 3075 if (dir == PFIL_IN) { 3076 switch (ether_type) { 3077 case ETHERTYPE_IP: 3078 error = bridge_ip_checkbasic(mp); 3079 break; 3080#ifdef INET6 3081 case ETHERTYPE_IPV6: 3082 error = bridge_ip6_checkbasic(mp); 3083 break; 3084#endif /* INET6 */ 3085 default: 3086 error = 0; 3087 } 3088 if (error) 3089 goto bad; 3090 } 3091 3092 /* XXX this section is also in if_ethersubr.c */ 3093 // XXX PFIL_OUT or DIR_OUT ? 3094 if (V_ip_fw_chk_ptr && pfil_ipfw != 0 && 3095 dir == PFIL_OUT && ifp != NULL) { 3096 struct m_tag *mtag; 3097 3098 error = -1; 3099 /* fetch the start point from existing tags, if any */ 3100 mtag = m_tag_locate(*mp, MTAG_IPFW_RULE, 0, NULL); 3101 if (mtag == NULL) { 3102 args.rule.slot = 0; 3103 } else { 3104 struct ipfw_rule_ref *r; 3105 3106 /* XXX can we free the tag after use ? */ 3107 mtag->m_tag_id = PACKET_TAG_NONE; 3108 r = (struct ipfw_rule_ref *)(mtag + 1); 3109 /* packet already partially processed ? */ 3110 if (r->info & IPFW_ONEPASS) 3111 goto ipfwpass; 3112 args.rule = *r; 3113 } 3114 3115 args.m = *mp; 3116 args.oif = ifp; 3117 args.next_hop = NULL; 3118 args.next_hop6 = NULL; 3119 args.eh = &eh2; 3120 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 3121 i = V_ip_fw_chk_ptr(&args); 3122 *mp = args.m; 3123 3124 if (*mp == NULL) 3125 return (error); 3126 3127 if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) { 3128 3129 /* put the Ethernet header back on */ 3130 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3131 if (*mp == NULL) 3132 return (error); 3133 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3134 3135 /* 3136 * Pass the pkt to dummynet, which consumes it. The 3137 * packet will return to us via bridge_dummynet(). 3138 */ 3139 args.oif = ifp; 3140 ip_dn_io_ptr(mp, DIR_FWD | PROTO_IFB, &args); 3141 return (error); 3142 } 3143 3144 if (i != IP_FW_PASS) /* drop */ 3145 goto bad; 3146 } 3147 3148ipfwpass: 3149 error = 0; 3150 3151 /* 3152 * Run the packet through pfil 3153 */ 3154 switch (ether_type) { 3155 case ETHERTYPE_IP: 3156 /* 3157 * before calling the firewall, swap fields the same as 3158 * IP does. here we assume the header is contiguous 3159 */ 3160 ip = mtod(*mp, struct ip *); 3161 3162 ip->ip_len = ntohs(ip->ip_len); 3163 ip->ip_off = ntohs(ip->ip_off); 3164 3165 /* 3166 * Run pfil on the member interface and the bridge, both can 3167 * be skipped by clearing pfil_member or pfil_bridge. 3168 * 3169 * Keep the order: 3170 * in_if -> bridge_if -> out_if 3171 */ 3172 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3173 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3174 dir, NULL); 3175 3176 if (*mp == NULL || error != 0) /* filter may consume */ 3177 break; 3178 3179 if (pfil_member && ifp != NULL) 3180 error = pfil_run_hooks(&V_inet_pfil_hook, mp, ifp, 3181 dir, NULL); 3182 3183 if (*mp == NULL || error != 0) /* filter may consume */ 3184 break; 3185 3186 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3187 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3188 dir, NULL); 3189 3190 if (*mp == NULL || error != 0) /* filter may consume */ 3191 break; 3192 3193 /* check if we need to fragment the packet */ 3194 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 3195 i = (*mp)->m_pkthdr.len; 3196 if (i > ifp->if_mtu) { 3197 error = bridge_fragment(ifp, *mp, &eh2, snap, 3198 &llc1); 3199 return (error); 3200 } 3201 } 3202 3203 /* Recalculate the ip checksum and restore byte ordering */ 3204 ip = mtod(*mp, struct ip *); 3205 hlen = ip->ip_hl << 2; 3206 if (hlen < sizeof(struct ip)) 3207 goto bad; 3208 if (hlen > (*mp)->m_len) { 3209 if ((*mp = m_pullup(*mp, hlen)) == 0) 3210 goto bad; 3211 ip = mtod(*mp, struct ip *); 3212 if (ip == NULL) 3213 goto bad; 3214 } 3215 ip->ip_len = htons(ip->ip_len); 3216 ip->ip_off = htons(ip->ip_off); 3217 ip->ip_sum = 0; 3218 if (hlen == sizeof(struct ip)) 3219 ip->ip_sum = in_cksum_hdr(ip); 3220 else 3221 ip->ip_sum = in_cksum(*mp, hlen); 3222 3223 break; 3224#ifdef INET6 3225 case ETHERTYPE_IPV6: 3226 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3227 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3228 dir, NULL); 3229 3230 if (*mp == NULL || error != 0) /* filter may consume */ 3231 break; 3232 3233 if (pfil_member && ifp != NULL) 3234 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, ifp, 3235 dir, NULL); 3236 3237 if (*mp == NULL || error != 0) /* filter may consume */ 3238 break; 3239 3240 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3241 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3242 dir, NULL); 3243 break; 3244#endif 3245 default: 3246 error = 0; 3247 break; 3248 } 3249 3250 if (*mp == NULL) 3251 return (error); 3252 if (error != 0) 3253 goto bad; 3254 3255 error = -1; 3256 3257 /* 3258 * Finally, put everything back the way it was and return 3259 */ 3260 if (snap) { 3261 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3262 if (*mp == NULL) 3263 return (error); 3264 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3265 } 3266 3267 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3268 if (*mp == NULL) 3269 return (error); 3270 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3271 3272 return (0); 3273 3274bad: 3275 m_freem(*mp); 3276 *mp = NULL; 3277 return (error); 3278} 3279 3280/* 3281 * Perform basic checks on header size since 3282 * pfil assumes ip_input has already processed 3283 * it for it. Cut-and-pasted from ip_input.c. 3284 * Given how simple the IPv6 version is, 3285 * does the IPv4 version really need to be 3286 * this complicated? 3287 * 3288 * XXX Should we update ipstat here, or not? 3289 * XXX Right now we update ipstat but not 3290 * XXX csum_counter. 3291 */ 3292static int 3293bridge_ip_checkbasic(struct mbuf **mp) 3294{ 3295 struct mbuf *m = *mp; 3296 struct ip *ip; 3297 int len, hlen; 3298 u_short sum; 3299 3300 if (*mp == NULL) 3301 return (-1); 3302 3303 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3304 if ((m = m_copyup(m, sizeof(struct ip), 3305 (max_linkhdr + 3) & ~3)) == NULL) { 3306 /* XXXJRT new stat, please */ 3307 KMOD_IPSTAT_INC(ips_toosmall); 3308 goto bad; 3309 } 3310 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3311 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3312 KMOD_IPSTAT_INC(ips_toosmall); 3313 goto bad; 3314 } 3315 } 3316 ip = mtod(m, struct ip *); 3317 if (ip == NULL) goto bad; 3318 3319 if (ip->ip_v != IPVERSION) { 3320 KMOD_IPSTAT_INC(ips_badvers); 3321 goto bad; 3322 } 3323 hlen = ip->ip_hl << 2; 3324 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3325 KMOD_IPSTAT_INC(ips_badhlen); 3326 goto bad; 3327 } 3328 if (hlen > m->m_len) { 3329 if ((m = m_pullup(m, hlen)) == 0) { 3330 KMOD_IPSTAT_INC(ips_badhlen); 3331 goto bad; 3332 } 3333 ip = mtod(m, struct ip *); 3334 if (ip == NULL) goto bad; 3335 } 3336 3337 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3338 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3339 } else { 3340 if (hlen == sizeof(struct ip)) { 3341 sum = in_cksum_hdr(ip); 3342 } else { 3343 sum = in_cksum(m, hlen); 3344 } 3345 } 3346 if (sum) { 3347 KMOD_IPSTAT_INC(ips_badsum); 3348 goto bad; 3349 } 3350 3351 /* Retrieve the packet length. */ 3352 len = ntohs(ip->ip_len); 3353 3354 /* 3355 * Check for additional length bogosity 3356 */ 3357 if (len < hlen) { 3358 KMOD_IPSTAT_INC(ips_badlen); 3359 goto bad; 3360 } 3361 3362 /* 3363 * Check that the amount of data in the buffers 3364 * is as at least much as the IP header would have us expect. 3365 * Drop packet if shorter than we expect. 3366 */ 3367 if (m->m_pkthdr.len < len) { 3368 KMOD_IPSTAT_INC(ips_tooshort); 3369 goto bad; 3370 } 3371 3372 /* Checks out, proceed */ 3373 *mp = m; 3374 return (0); 3375 3376bad: 3377 *mp = m; 3378 return (-1); 3379} 3380 3381#ifdef INET6 3382/* 3383 * Same as above, but for IPv6. 3384 * Cut-and-pasted from ip6_input.c. 3385 * XXX Should we update ip6stat, or not? 3386 */ 3387static int 3388bridge_ip6_checkbasic(struct mbuf **mp) 3389{ 3390 struct mbuf *m = *mp; 3391 struct ip6_hdr *ip6; 3392 3393 /* 3394 * If the IPv6 header is not aligned, slurp it up into a new 3395 * mbuf with space for link headers, in the event we forward 3396 * it. Otherwise, if it is aligned, make sure the entire base 3397 * IPv6 header is in the first mbuf of the chain. 3398 */ 3399 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3400 struct ifnet *inifp = m->m_pkthdr.rcvif; 3401 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3402 (max_linkhdr + 3) & ~3)) == NULL) { 3403 /* XXXJRT new stat, please */ 3404 IP6STAT_INC(ip6s_toosmall); 3405 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3406 goto bad; 3407 } 3408 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3409 struct ifnet *inifp = m->m_pkthdr.rcvif; 3410 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3411 IP6STAT_INC(ip6s_toosmall); 3412 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3413 goto bad; 3414 } 3415 } 3416 3417 ip6 = mtod(m, struct ip6_hdr *); 3418 3419 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3420 IP6STAT_INC(ip6s_badvers); 3421 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3422 goto bad; 3423 } 3424 3425 /* Checks out, proceed */ 3426 *mp = m; 3427 return (0); 3428 3429bad: 3430 *mp = m; 3431 return (-1); 3432} 3433#endif /* INET6 */ 3434 3435/* 3436 * bridge_fragment: 3437 * 3438 * Return a fragmented mbuf chain. 3439 */ 3440static int 3441bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3442 int snap, struct llc *llc) 3443{ 3444 struct mbuf *m0; 3445 struct ip *ip; 3446 int error = -1; 3447 3448 if (m->m_len < sizeof(struct ip) && 3449 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3450 goto out; 3451 ip = mtod(m, struct ip *); 3452 3453 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3454 CSUM_DELAY_IP); 3455 if (error) 3456 goto out; 3457 3458 /* walk the chain and re-add the Ethernet header */ 3459 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3460 if (error == 0) { 3461 if (snap) { 3462 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3463 if (m0 == NULL) { 3464 error = ENOBUFS; 3465 continue; 3466 } 3467 bcopy(llc, mtod(m0, caddr_t), 3468 sizeof(struct llc)); 3469 } 3470 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3471 if (m0 == NULL) { 3472 error = ENOBUFS; 3473 continue; 3474 } 3475 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3476 } else 3477 m_freem(m); 3478 } 3479 3480 if (error == 0) 3481 KMOD_IPSTAT_INC(ips_fragmented); 3482 3483 return (error); 3484 3485out: 3486 if (m != NULL) 3487 m_freem(m); 3488 return (error); 3489} 3490 3491static void 3492bridge_linkstate(struct ifnet *ifp) 3493{ 3494 struct bridge_softc *sc = ifp->if_bridge; 3495 struct bridge_iflist *bif; 3496 3497 BRIDGE_LOCK(sc); 3498 bif = bridge_lookup_member_if(sc, ifp); 3499 if (bif == NULL) { 3500 BRIDGE_UNLOCK(sc); 3501 return; 3502 } 3503 bridge_linkcheck(sc); 3504 BRIDGE_UNLOCK(sc); 3505 3506 bstp_linkstate(&bif->bif_stp); 3507} 3508 3509static void 3510bridge_linkcheck(struct bridge_softc *sc) 3511{ 3512 struct bridge_iflist *bif; 3513 int new_link, hasls; 3514 3515 BRIDGE_LOCK_ASSERT(sc); 3516 new_link = LINK_STATE_DOWN; 3517 hasls = 0; 3518 /* Our link is considered up if at least one of our ports is active */ 3519 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 3520 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE) 3521 hasls++; 3522 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) { 3523 new_link = LINK_STATE_UP; 3524 break; 3525 } 3526 } 3527 if (!LIST_EMPTY(&sc->sc_iflist) && !hasls) { 3528 /* If no interfaces support link-state then we default to up */ 3529 new_link = LINK_STATE_UP; 3530 } 3531 if_link_state_change(sc->sc_ifp, new_link); 3532} 3533