if_bridge.c revision 253239
1/* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */ 2 3/* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38/* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 51 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 52 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 53 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 54 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 55 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 56 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 57 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 60 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 61 * POSSIBILITY OF SUCH DAMAGE. 62 * 63 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 64 */ 65 66/* 67 * Network interface bridge support. 68 * 69 * TODO: 70 * 71 * - Currently only supports Ethernet-like interfaces (Ethernet, 72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 73 * to bridge other types of interfaces (FDDI-FDDI, and maybe 74 * consider heterogenous bridges). 75 */ 76 77#include <sys/cdefs.h> 78__FBSDID("$FreeBSD: stable/9/sys/net/if_bridge.c 253239 2013-07-12 01:52:31Z hrs $"); 79 80#include "opt_inet.h" 81#include "opt_inet6.h" 82 83#include <sys/param.h> 84#include <sys/mbuf.h> 85#include <sys/malloc.h> 86#include <sys/protosw.h> 87#include <sys/systm.h> 88#include <sys/jail.h> 89#include <sys/time.h> 90#include <sys/socket.h> /* for net/if.h */ 91#include <sys/sockio.h> 92#include <sys/ctype.h> /* string functions */ 93#include <sys/kernel.h> 94#include <sys/random.h> 95#include <sys/syslog.h> 96#include <sys/sysctl.h> 97#include <vm/uma.h> 98#include <sys/module.h> 99#include <sys/priv.h> 100#include <sys/proc.h> 101#include <sys/lock.h> 102#include <sys/mutex.h> 103#include <sys/rwlock.h> 104 105#include <net/bpf.h> 106#include <net/if.h> 107#include <net/if_clone.h> 108#include <net/if_dl.h> 109#include <net/if_types.h> 110#include <net/if_var.h> 111#include <net/pfil.h> 112#include <net/vnet.h> 113 114#include <netinet/in.h> /* for struct arpcom */ 115#include <netinet/in_systm.h> 116#include <netinet/in_var.h> 117#include <netinet/ip.h> 118#include <netinet/ip_var.h> 119#ifdef INET6 120#include <netinet/ip6.h> 121#include <netinet6/ip6_var.h> 122#include <netinet6/in6_ifattach.h> 123#endif 124#if defined(INET) || defined(INET6) 125#include <netinet/ip_carp.h> 126#endif 127#include <machine/in_cksum.h> 128#include <netinet/if_ether.h> /* for struct arpcom */ 129#include <net/bridgestp.h> 130#include <net/if_bridgevar.h> 131#include <net/if_llc.h> 132#include <net/if_vlan_var.h> 133 134#include <net/route.h> 135#include <netinet/ip_fw.h> 136#include <netpfil/ipfw/ip_fw_private.h> 137 138/* 139 * Size of the route hash table. Must be a power of two. 140 */ 141#ifndef BRIDGE_RTHASH_SIZE 142#define BRIDGE_RTHASH_SIZE 1024 143#endif 144 145#define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 146 147/* 148 * Default maximum number of addresses to cache. 149 */ 150#ifndef BRIDGE_RTABLE_MAX 151#define BRIDGE_RTABLE_MAX 2000 152#endif 153 154/* 155 * Timeout (in seconds) for entries learned dynamically. 156 */ 157#ifndef BRIDGE_RTABLE_TIMEOUT 158#define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 159#endif 160 161/* 162 * Number of seconds between walks of the route list. 163 */ 164#ifndef BRIDGE_RTABLE_PRUNE_PERIOD 165#define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 166#endif 167 168/* 169 * List of capabilities to possibly mask on the member interface. 170 */ 171#define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM) 172 173/* 174 * List of capabilities to strip 175 */ 176#define BRIDGE_IFCAPS_STRIP IFCAP_LRO 177 178/* 179 * Bridge interface list entry. 180 */ 181struct bridge_iflist { 182 LIST_ENTRY(bridge_iflist) bif_next; 183 struct ifnet *bif_ifp; /* member if */ 184 struct bstp_port bif_stp; /* STP state */ 185 uint32_t bif_flags; /* member if flags */ 186 int bif_savedcaps; /* saved capabilities */ 187 uint32_t bif_addrmax; /* max # of addresses */ 188 uint32_t bif_addrcnt; /* cur. # of addresses */ 189 uint32_t bif_addrexceeded;/* # of address violations */ 190}; 191 192/* 193 * Bridge route node. 194 */ 195struct bridge_rtnode { 196 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */ 197 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */ 198 struct bridge_iflist *brt_dst; /* destination if */ 199 unsigned long brt_expire; /* expiration time */ 200 uint8_t brt_flags; /* address flags */ 201 uint8_t brt_addr[ETHER_ADDR_LEN]; 202 uint16_t brt_vlan; /* vlan id */ 203}; 204#define brt_ifp brt_dst->bif_ifp 205 206/* 207 * Software state for each bridge. 208 */ 209struct bridge_softc { 210 struct ifnet *sc_ifp; /* make this an interface */ 211 LIST_ENTRY(bridge_softc) sc_list; 212 struct mtx sc_mtx; 213 struct cv sc_cv; 214 uint32_t sc_brtmax; /* max # of addresses */ 215 uint32_t sc_brtcnt; /* cur. # of addresses */ 216 uint32_t sc_brttimeout; /* rt timeout in seconds */ 217 struct callout sc_brcallout; /* bridge callout */ 218 uint32_t sc_iflist_ref; /* refcount for sc_iflist */ 219 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */ 220 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */ 221 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */ 222 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */ 223 uint32_t sc_rthash_key; /* key for hash */ 224 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */ 225 struct bstp_state sc_stp; /* STP state */ 226 uint32_t sc_brtexceeded; /* # of cache drops */ 227 struct ifnet *sc_ifaddr; /* member mac copied from */ 228 u_char sc_defaddr[6]; /* Default MAC address */ 229}; 230 231static struct mtx bridge_list_mtx; 232eventhandler_tag bridge_detach_cookie = NULL; 233 234int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 235 236uma_zone_t bridge_rtnode_zone; 237 238static int bridge_clone_create(struct if_clone *, int, caddr_t); 239static void bridge_clone_destroy(struct ifnet *); 240 241static int bridge_ioctl(struct ifnet *, u_long, caddr_t); 242static void bridge_mutecaps(struct bridge_softc *); 243static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *, 244 int); 245static void bridge_ifdetach(void *arg __unused, struct ifnet *); 246static void bridge_init(void *); 247static void bridge_dummynet(struct mbuf *, struct ifnet *); 248static void bridge_stop(struct ifnet *, int); 249static void bridge_start(struct ifnet *); 250static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 251static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *, 252 struct rtentry *); 253static void bridge_enqueue(struct bridge_softc *, struct ifnet *, 254 struct mbuf *); 255static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int); 256 257static void bridge_forward(struct bridge_softc *, struct bridge_iflist *, 258 struct mbuf *m); 259 260static void bridge_timer(void *); 261 262static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 263 struct mbuf *, int); 264static void bridge_span(struct bridge_softc *, struct mbuf *); 265 266static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 267 uint16_t, struct bridge_iflist *, int, uint8_t); 268static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *, 269 uint16_t); 270static void bridge_rttrim(struct bridge_softc *); 271static void bridge_rtage(struct bridge_softc *); 272static void bridge_rtflush(struct bridge_softc *, int); 273static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *, 274 uint16_t); 275 276static int bridge_rtable_init(struct bridge_softc *); 277static void bridge_rtable_fini(struct bridge_softc *); 278 279static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 280static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 281 const uint8_t *, uint16_t); 282static int bridge_rtnode_insert(struct bridge_softc *, 283 struct bridge_rtnode *); 284static void bridge_rtnode_destroy(struct bridge_softc *, 285 struct bridge_rtnode *); 286static void bridge_rtable_expire(struct ifnet *, int); 287static void bridge_state_change(struct ifnet *, int); 288 289static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 290 const char *name); 291static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 292 struct ifnet *ifp); 293static void bridge_delete_member(struct bridge_softc *, 294 struct bridge_iflist *, int); 295static void bridge_delete_span(struct bridge_softc *, 296 struct bridge_iflist *); 297 298static int bridge_ioctl_add(struct bridge_softc *, void *); 299static int bridge_ioctl_del(struct bridge_softc *, void *); 300static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 301static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 302static int bridge_ioctl_scache(struct bridge_softc *, void *); 303static int bridge_ioctl_gcache(struct bridge_softc *, void *); 304static int bridge_ioctl_gifs(struct bridge_softc *, void *); 305static int bridge_ioctl_rts(struct bridge_softc *, void *); 306static int bridge_ioctl_saddr(struct bridge_softc *, void *); 307static int bridge_ioctl_sto(struct bridge_softc *, void *); 308static int bridge_ioctl_gto(struct bridge_softc *, void *); 309static int bridge_ioctl_daddr(struct bridge_softc *, void *); 310static int bridge_ioctl_flush(struct bridge_softc *, void *); 311static int bridge_ioctl_gpri(struct bridge_softc *, void *); 312static int bridge_ioctl_spri(struct bridge_softc *, void *); 313static int bridge_ioctl_ght(struct bridge_softc *, void *); 314static int bridge_ioctl_sht(struct bridge_softc *, void *); 315static int bridge_ioctl_gfd(struct bridge_softc *, void *); 316static int bridge_ioctl_sfd(struct bridge_softc *, void *); 317static int bridge_ioctl_gma(struct bridge_softc *, void *); 318static int bridge_ioctl_sma(struct bridge_softc *, void *); 319static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 320static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 321static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *); 322static int bridge_ioctl_addspan(struct bridge_softc *, void *); 323static int bridge_ioctl_delspan(struct bridge_softc *, void *); 324static int bridge_ioctl_gbparam(struct bridge_softc *, void *); 325static int bridge_ioctl_grte(struct bridge_softc *, void *); 326static int bridge_ioctl_gifsstp(struct bridge_softc *, void *); 327static int bridge_ioctl_sproto(struct bridge_softc *, void *); 328static int bridge_ioctl_stxhc(struct bridge_softc *, void *); 329static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 330 int); 331static int bridge_ip_checkbasic(struct mbuf **mp); 332#ifdef INET6 333static int bridge_ip6_checkbasic(struct mbuf **mp); 334#endif /* INET6 */ 335static int bridge_fragment(struct ifnet *, struct mbuf *, 336 struct ether_header *, int, struct llc *); 337static void bridge_linkstate(struct ifnet *ifp); 338static void bridge_linkcheck(struct bridge_softc *sc); 339 340extern void (*bridge_linkstate_p)(struct ifnet *ifp); 341 342/* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */ 343#define VLANTAGOF(_m) \ 344 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1 345 346static struct bstp_cb_ops bridge_ops = { 347 .bcb_state = bridge_state_change, 348 .bcb_rtage = bridge_rtable_expire 349}; 350 351SYSCTL_DECL(_net_link); 352static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 353 354static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 355static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 356static int pfil_member = 1; /* run pfil hooks on the member interface */ 357static int pfil_ipfw = 0; /* layer2 filter with ipfw */ 358static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */ 359static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for 360 locally destined packets */ 361static int log_stp = 0; /* log STP state changes */ 362static int bridge_inherit_mac = 0; /* share MAC with first bridge member */ 363TUNABLE_INT("net.link.bridge.pfil_onlyip", &pfil_onlyip); 364SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 365 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 366TUNABLE_INT("net.link.bridge.ipfw_arp", &pfil_ipfw_arp); 367SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW, 368 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2"); 369TUNABLE_INT("net.link.bridge.pfil_bridge", &pfil_bridge); 370SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 371 &pfil_bridge, 0, "Packet filter on the bridge interface"); 372TUNABLE_INT("net.link.bridge.pfil_member", &pfil_member); 373SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 374 &pfil_member, 0, "Packet filter on the member interface"); 375TUNABLE_INT("net.link.bridge.pfil_local_phys", &pfil_local_phys); 376SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, CTLFLAG_RW, 377 &pfil_local_phys, 0, 378 "Packet filter on the physical interface for locally destined packets"); 379TUNABLE_INT("net.link.bridge.log_stp", &log_stp); 380SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW, 381 &log_stp, 0, "Log STP state changes"); 382TUNABLE_INT("net.link.bridge.inherit_mac", &bridge_inherit_mac); 383SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW, 384 &bridge_inherit_mac, 0, 385 "Inherit MAC address from the first bridge member"); 386 387struct bridge_control { 388 int (*bc_func)(struct bridge_softc *, void *); 389 int bc_argsize; 390 int bc_flags; 391}; 392 393#define BC_F_COPYIN 0x01 /* copy arguments in */ 394#define BC_F_COPYOUT 0x02 /* copy arguments out */ 395#define BC_F_SUSER 0x04 /* do super-user check */ 396 397const struct bridge_control bridge_control_table[] = { 398 { bridge_ioctl_add, sizeof(struct ifbreq), 399 BC_F_COPYIN|BC_F_SUSER }, 400 { bridge_ioctl_del, sizeof(struct ifbreq), 401 BC_F_COPYIN|BC_F_SUSER }, 402 403 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 404 BC_F_COPYIN|BC_F_COPYOUT }, 405 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 406 BC_F_COPYIN|BC_F_SUSER }, 407 408 { bridge_ioctl_scache, sizeof(struct ifbrparam), 409 BC_F_COPYIN|BC_F_SUSER }, 410 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 411 BC_F_COPYOUT }, 412 413 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 414 BC_F_COPYIN|BC_F_COPYOUT }, 415 { bridge_ioctl_rts, sizeof(struct ifbaconf), 416 BC_F_COPYIN|BC_F_COPYOUT }, 417 418 { bridge_ioctl_saddr, sizeof(struct ifbareq), 419 BC_F_COPYIN|BC_F_SUSER }, 420 421 { bridge_ioctl_sto, sizeof(struct ifbrparam), 422 BC_F_COPYIN|BC_F_SUSER }, 423 { bridge_ioctl_gto, sizeof(struct ifbrparam), 424 BC_F_COPYOUT }, 425 426 { bridge_ioctl_daddr, sizeof(struct ifbareq), 427 BC_F_COPYIN|BC_F_SUSER }, 428 429 { bridge_ioctl_flush, sizeof(struct ifbreq), 430 BC_F_COPYIN|BC_F_SUSER }, 431 432 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 433 BC_F_COPYOUT }, 434 { bridge_ioctl_spri, sizeof(struct ifbrparam), 435 BC_F_COPYIN|BC_F_SUSER }, 436 437 { bridge_ioctl_ght, sizeof(struct ifbrparam), 438 BC_F_COPYOUT }, 439 { bridge_ioctl_sht, sizeof(struct ifbrparam), 440 BC_F_COPYIN|BC_F_SUSER }, 441 442 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 443 BC_F_COPYOUT }, 444 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 445 BC_F_COPYIN|BC_F_SUSER }, 446 447 { bridge_ioctl_gma, sizeof(struct ifbrparam), 448 BC_F_COPYOUT }, 449 { bridge_ioctl_sma, sizeof(struct ifbrparam), 450 BC_F_COPYIN|BC_F_SUSER }, 451 452 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 453 BC_F_COPYIN|BC_F_SUSER }, 454 455 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 456 BC_F_COPYIN|BC_F_SUSER }, 457 458 { bridge_ioctl_addspan, sizeof(struct ifbreq), 459 BC_F_COPYIN|BC_F_SUSER }, 460 { bridge_ioctl_delspan, sizeof(struct ifbreq), 461 BC_F_COPYIN|BC_F_SUSER }, 462 463 { bridge_ioctl_gbparam, sizeof(struct ifbropreq), 464 BC_F_COPYOUT }, 465 466 { bridge_ioctl_grte, sizeof(struct ifbrparam), 467 BC_F_COPYOUT }, 468 469 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf), 470 BC_F_COPYIN|BC_F_COPYOUT }, 471 472 { bridge_ioctl_sproto, sizeof(struct ifbrparam), 473 BC_F_COPYIN|BC_F_SUSER }, 474 475 { bridge_ioctl_stxhc, sizeof(struct ifbrparam), 476 BC_F_COPYIN|BC_F_SUSER }, 477 478 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq), 479 BC_F_COPYIN|BC_F_SUSER }, 480 481}; 482const int bridge_control_table_size = 483 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 484 485LIST_HEAD(, bridge_softc) bridge_list; 486 487IFC_SIMPLE_DECLARE(bridge, 0); 488 489static int 490bridge_modevent(module_t mod, int type, void *data) 491{ 492 493 switch (type) { 494 case MOD_LOAD: 495 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF); 496 if_clone_attach(&bridge_cloner); 497 bridge_rtnode_zone = uma_zcreate("bridge_rtnode", 498 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL, 499 UMA_ALIGN_PTR, 0); 500 LIST_INIT(&bridge_list); 501 bridge_input_p = bridge_input; 502 bridge_output_p = bridge_output; 503 bridge_dn_p = bridge_dummynet; 504 bridge_linkstate_p = bridge_linkstate; 505 bridge_detach_cookie = EVENTHANDLER_REGISTER( 506 ifnet_departure_event, bridge_ifdetach, NULL, 507 EVENTHANDLER_PRI_ANY); 508 break; 509 case MOD_UNLOAD: 510 EVENTHANDLER_DEREGISTER(ifnet_departure_event, 511 bridge_detach_cookie); 512 if_clone_detach(&bridge_cloner); 513 uma_zdestroy(bridge_rtnode_zone); 514 bridge_input_p = NULL; 515 bridge_output_p = NULL; 516 bridge_dn_p = NULL; 517 bridge_linkstate_p = NULL; 518 mtx_destroy(&bridge_list_mtx); 519 break; 520 default: 521 return (EOPNOTSUPP); 522 } 523 return (0); 524} 525 526static moduledata_t bridge_mod = { 527 "if_bridge", 528 bridge_modevent, 529 0 530}; 531 532DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 533MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1); 534 535/* 536 * handler for net.link.bridge.pfil_ipfw 537 */ 538static int 539sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS) 540{ 541 int enable = pfil_ipfw; 542 int error; 543 544 error = sysctl_handle_int(oidp, &enable, 0, req); 545 enable = (enable) ? 1 : 0; 546 547 if (enable != pfil_ipfw) { 548 pfil_ipfw = enable; 549 550 /* 551 * Disable pfil so that ipfw doesnt run twice, if the user 552 * really wants both then they can re-enable pfil_bridge and/or 553 * pfil_member. Also allow non-ip packets as ipfw can filter by 554 * layer2 type. 555 */ 556 if (pfil_ipfw) { 557 pfil_onlyip = 0; 558 pfil_bridge = 0; 559 pfil_member = 0; 560 } 561 } 562 563 return (error); 564} 565SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW, 566 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW"); 567 568/* 569 * bridge_clone_create: 570 * 571 * Create a new bridge instance. 572 */ 573static int 574bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params) 575{ 576 struct bridge_softc *sc, *sc2; 577 struct ifnet *bifp, *ifp; 578 int fb, retry; 579 unsigned long hostid; 580 581 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 582 ifp = sc->sc_ifp = if_alloc(IFT_ETHER); 583 if (ifp == NULL) { 584 free(sc, M_DEVBUF); 585 return (ENOSPC); 586 } 587 588 BRIDGE_LOCK_INIT(sc); 589 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 590 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 591 592 /* Initialize our routing table. */ 593 bridge_rtable_init(sc); 594 595 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0); 596 597 LIST_INIT(&sc->sc_iflist); 598 LIST_INIT(&sc->sc_spanlist); 599 600 ifp->if_softc = sc; 601 if_initname(ifp, ifc->ifc_name, unit); 602 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 603 ifp->if_ioctl = bridge_ioctl; 604 ifp->if_start = bridge_start; 605 ifp->if_init = bridge_init; 606 ifp->if_type = IFT_BRIDGE; 607 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 608 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 609 IFQ_SET_READY(&ifp->if_snd); 610 611 /* 612 * Generate an ethernet address with a locally administered address. 613 * 614 * Since we are using random ethernet addresses for the bridge, it is 615 * possible that we might have address collisions, so make sure that 616 * this hardware address isn't already in use on another bridge. 617 * The first try uses the hostid and falls back to arc4rand(). 618 */ 619 fb = 0; 620 getcredhostid(curthread->td_ucred, &hostid); 621 for (retry = 1; retry != 0;) { 622 if (fb || hostid == 0) { 623 arc4rand(sc->sc_defaddr, ETHER_ADDR_LEN, 1); 624 sc->sc_defaddr[0] &= ~1;/* clear multicast bit */ 625 sc->sc_defaddr[0] |= 2; /* set the LAA bit */ 626 } else { 627 sc->sc_defaddr[0] = 0x2; 628 sc->sc_defaddr[1] = (hostid >> 24) & 0xff; 629 sc->sc_defaddr[2] = (hostid >> 16) & 0xff; 630 sc->sc_defaddr[3] = (hostid >> 8 ) & 0xff; 631 sc->sc_defaddr[4] = hostid & 0xff; 632 sc->sc_defaddr[5] = ifp->if_dunit & 0xff; 633 } 634 635 fb = 1; 636 retry = 0; 637 mtx_lock(&bridge_list_mtx); 638 LIST_FOREACH(sc2, &bridge_list, sc_list) { 639 bifp = sc2->sc_ifp; 640 if (memcmp(sc->sc_defaddr, 641 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) 642 retry = 1; 643 } 644 mtx_unlock(&bridge_list_mtx); 645 } 646 647 bstp_attach(&sc->sc_stp, &bridge_ops); 648 ether_ifattach(ifp, sc->sc_defaddr); 649 /* Now undo some of the damage... */ 650 ifp->if_baudrate = 0; 651 ifp->if_type = IFT_BRIDGE; 652 653 mtx_lock(&bridge_list_mtx); 654 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 655 mtx_unlock(&bridge_list_mtx); 656 657 return (0); 658} 659 660/* 661 * bridge_clone_destroy: 662 * 663 * Destroy a bridge instance. 664 */ 665static void 666bridge_clone_destroy(struct ifnet *ifp) 667{ 668 struct bridge_softc *sc = ifp->if_softc; 669 struct bridge_iflist *bif; 670 671 BRIDGE_LOCK(sc); 672 673 bridge_stop(ifp, 1); 674 ifp->if_flags &= ~IFF_UP; 675 676 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 677 bridge_delete_member(sc, bif, 0); 678 679 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 680 bridge_delete_span(sc, bif); 681 } 682 683 BRIDGE_UNLOCK(sc); 684 685 callout_drain(&sc->sc_brcallout); 686 687 mtx_lock(&bridge_list_mtx); 688 LIST_REMOVE(sc, sc_list); 689 mtx_unlock(&bridge_list_mtx); 690 691 bstp_detach(&sc->sc_stp); 692 ether_ifdetach(ifp); 693 if_free_type(ifp, IFT_ETHER); 694 695 /* Tear down the routing table. */ 696 bridge_rtable_fini(sc); 697 698 BRIDGE_LOCK_DESTROY(sc); 699 free(sc, M_DEVBUF); 700} 701 702/* 703 * bridge_ioctl: 704 * 705 * Handle a control request from the operator. 706 */ 707static int 708bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 709{ 710 struct bridge_softc *sc = ifp->if_softc; 711 struct ifreq *ifr = (struct ifreq *)data; 712 struct bridge_iflist *bif; 713 struct thread *td = curthread; 714 union { 715 struct ifbreq ifbreq; 716 struct ifbifconf ifbifconf; 717 struct ifbareq ifbareq; 718 struct ifbaconf ifbaconf; 719 struct ifbrparam ifbrparam; 720 struct ifbropreq ifbropreq; 721 } args; 722 struct ifdrv *ifd = (struct ifdrv *) data; 723 const struct bridge_control *bc; 724 int error = 0; 725 726 switch (cmd) { 727 728 case SIOCADDMULTI: 729 case SIOCDELMULTI: 730 break; 731 732 case SIOCGDRVSPEC: 733 case SIOCSDRVSPEC: 734 if (ifd->ifd_cmd >= bridge_control_table_size) { 735 error = EINVAL; 736 break; 737 } 738 bc = &bridge_control_table[ifd->ifd_cmd]; 739 740 if (cmd == SIOCGDRVSPEC && 741 (bc->bc_flags & BC_F_COPYOUT) == 0) { 742 error = EINVAL; 743 break; 744 } 745 else if (cmd == SIOCSDRVSPEC && 746 (bc->bc_flags & BC_F_COPYOUT) != 0) { 747 error = EINVAL; 748 break; 749 } 750 751 if (bc->bc_flags & BC_F_SUSER) { 752 error = priv_check(td, PRIV_NET_BRIDGE); 753 if (error) 754 break; 755 } 756 757 if (ifd->ifd_len != bc->bc_argsize || 758 ifd->ifd_len > sizeof(args)) { 759 error = EINVAL; 760 break; 761 } 762 763 bzero(&args, sizeof(args)); 764 if (bc->bc_flags & BC_F_COPYIN) { 765 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 766 if (error) 767 break; 768 } 769 770 BRIDGE_LOCK(sc); 771 error = (*bc->bc_func)(sc, &args); 772 BRIDGE_UNLOCK(sc); 773 if (error) 774 break; 775 776 if (bc->bc_flags & BC_F_COPYOUT) 777 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 778 779 break; 780 781 case SIOCSIFFLAGS: 782 if (!(ifp->if_flags & IFF_UP) && 783 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 784 /* 785 * If interface is marked down and it is running, 786 * then stop and disable it. 787 */ 788 BRIDGE_LOCK(sc); 789 bridge_stop(ifp, 1); 790 BRIDGE_UNLOCK(sc); 791 } else if ((ifp->if_flags & IFF_UP) && 792 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 793 /* 794 * If interface is marked up and it is stopped, then 795 * start it. 796 */ 797 (*ifp->if_init)(sc); 798 } 799 break; 800 801 case SIOCSIFMTU: 802 if (ifr->ifr_mtu < 576) { 803 error = EINVAL; 804 break; 805 } 806 if (LIST_EMPTY(&sc->sc_iflist)) { 807 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 808 break; 809 } 810 BRIDGE_LOCK(sc); 811 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 812 if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) { 813 log(LOG_NOTICE, "%s: invalid MTU: %lu(%s)" 814 " != %d\n", sc->sc_ifp->if_xname, 815 bif->bif_ifp->if_mtu, 816 bif->bif_ifp->if_xname, ifr->ifr_mtu); 817 error = EINVAL; 818 break; 819 } 820 } 821 if (!error) 822 sc->sc_ifp->if_mtu = ifr->ifr_mtu; 823 BRIDGE_UNLOCK(sc); 824 break; 825 default: 826 /* 827 * drop the lock as ether_ioctl() will call bridge_start() and 828 * cause the lock to be recursed. 829 */ 830 error = ether_ioctl(ifp, cmd, data); 831 break; 832 } 833 834 return (error); 835} 836 837/* 838 * bridge_mutecaps: 839 * 840 * Clear or restore unwanted capabilities on the member interface 841 */ 842static void 843bridge_mutecaps(struct bridge_softc *sc) 844{ 845 struct bridge_iflist *bif; 846 int enabled, mask; 847 848 /* Initial bitmask of capabilities to test */ 849 mask = BRIDGE_IFCAPS_MASK; 850 851 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 852 /* Every member must support it or its disabled */ 853 mask &= bif->bif_savedcaps; 854 } 855 856 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 857 enabled = bif->bif_ifp->if_capenable; 858 enabled &= ~BRIDGE_IFCAPS_STRIP; 859 /* strip off mask bits and enable them again if allowed */ 860 enabled &= ~BRIDGE_IFCAPS_MASK; 861 enabled |= mask; 862 bridge_set_ifcap(sc, bif, enabled); 863 } 864 865} 866 867static void 868bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set) 869{ 870 struct ifnet *ifp = bif->bif_ifp; 871 struct ifreq ifr; 872 int error; 873 874 bzero(&ifr, sizeof(ifr)); 875 ifr.ifr_reqcap = set; 876 877 if (ifp->if_capenable != set) { 878 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr); 879 if (error) 880 if_printf(sc->sc_ifp, 881 "error setting interface capabilities on %s\n", 882 ifp->if_xname); 883 } 884} 885 886/* 887 * bridge_lookup_member: 888 * 889 * Lookup a bridge member interface. 890 */ 891static struct bridge_iflist * 892bridge_lookup_member(struct bridge_softc *sc, const char *name) 893{ 894 struct bridge_iflist *bif; 895 struct ifnet *ifp; 896 897 BRIDGE_LOCK_ASSERT(sc); 898 899 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 900 ifp = bif->bif_ifp; 901 if (strcmp(ifp->if_xname, name) == 0) 902 return (bif); 903 } 904 905 return (NULL); 906} 907 908/* 909 * bridge_lookup_member_if: 910 * 911 * Lookup a bridge member interface by ifnet*. 912 */ 913static struct bridge_iflist * 914bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 915{ 916 struct bridge_iflist *bif; 917 918 BRIDGE_LOCK_ASSERT(sc); 919 920 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 921 if (bif->bif_ifp == member_ifp) 922 return (bif); 923 } 924 925 return (NULL); 926} 927 928/* 929 * bridge_delete_member: 930 * 931 * Delete the specified member interface. 932 */ 933static void 934bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 935 int gone) 936{ 937 struct ifnet *ifs = bif->bif_ifp; 938 struct ifnet *fif = NULL; 939 940 BRIDGE_LOCK_ASSERT(sc); 941 942 if (bif->bif_flags & IFBIF_STP) 943 bstp_disable(&bif->bif_stp); 944 945 ifs->if_bridge = NULL; 946 BRIDGE_XLOCK(sc); 947 LIST_REMOVE(bif, bif_next); 948 BRIDGE_XDROP(sc); 949 950 /* 951 * If removing the interface that gave the bridge its mac address, set 952 * the mac address of the bridge to the address of the next member, or 953 * to its default address if no members are left. 954 */ 955 if (bridge_inherit_mac && sc->sc_ifaddr == ifs) { 956 if (LIST_EMPTY(&sc->sc_iflist)) { 957 bcopy(sc->sc_defaddr, 958 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 959 sc->sc_ifaddr = NULL; 960 } else { 961 fif = LIST_FIRST(&sc->sc_iflist)->bif_ifp; 962 bcopy(IF_LLADDR(fif), 963 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 964 sc->sc_ifaddr = fif; 965 } 966 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 967 } 968 969 bridge_linkcheck(sc); 970 bridge_mutecaps(sc); /* recalcuate now this interface is removed */ 971 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 972 KASSERT(bif->bif_addrcnt == 0, 973 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt)); 974 975 BRIDGE_UNLOCK(sc); 976 if (!gone) { 977 switch (ifs->if_type) { 978 case IFT_ETHER: 979 case IFT_L2VLAN: 980 /* 981 * Take the interface out of promiscuous mode. 982 */ 983 (void) ifpromisc(ifs, 0); 984 break; 985 986 case IFT_GIF: 987 break; 988 989 default: 990#ifdef DIAGNOSTIC 991 panic("bridge_delete_member: impossible"); 992#endif 993 break; 994 } 995 /* reneable any interface capabilities */ 996 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 997 } 998 bstp_destroy(&bif->bif_stp); /* prepare to free */ 999 BRIDGE_LOCK(sc); 1000 free(bif, M_DEVBUF); 1001} 1002 1003/* 1004 * bridge_delete_span: 1005 * 1006 * Delete the specified span interface. 1007 */ 1008static void 1009bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1010{ 1011 BRIDGE_LOCK_ASSERT(sc); 1012 1013 KASSERT(bif->bif_ifp->if_bridge == NULL, 1014 ("%s: not a span interface", __func__)); 1015 1016 LIST_REMOVE(bif, bif_next); 1017 free(bif, M_DEVBUF); 1018} 1019 1020static int 1021bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1022{ 1023 struct ifbreq *req = arg; 1024 struct bridge_iflist *bif = NULL; 1025 struct ifnet *ifs; 1026 int error = 0; 1027 1028 ifs = ifunit(req->ifbr_ifsname); 1029 if (ifs == NULL) 1030 return (ENOENT); 1031 if (ifs->if_ioctl == NULL) /* must be supported */ 1032 return (EINVAL); 1033 1034 /* If it's in the span list, it can't be a member. */ 1035 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1036 if (ifs == bif->bif_ifp) 1037 return (EBUSY); 1038 1039 if (ifs->if_bridge == sc) 1040 return (EEXIST); 1041 1042 if (ifs->if_bridge != NULL) 1043 return (EBUSY); 1044 1045 switch (ifs->if_type) { 1046 case IFT_ETHER: 1047 case IFT_L2VLAN: 1048 case IFT_GIF: 1049 /* permitted interface types */ 1050 break; 1051 default: 1052 return (EINVAL); 1053 } 1054 1055#ifdef INET6 1056 /* 1057 * Two valid inet6 addresses with link-local scope must not be 1058 * on the parent interface and the member interfaces at the 1059 * same time. This restriction is needed to prevent violation 1060 * of link-local scope zone. Attempts to add a member 1061 * interface which has inet6 addresses when the parent has 1062 * inet6 triggers removal of all inet6 addresses on the member 1063 * interface. 1064 */ 1065 1066 /* Check if the parent interface has a link-local scope addr. */ 1067 if (in6ifa_llaonifp(sc->sc_ifp) != NULL) { 1068 /* 1069 * If any, remove all inet6 addresses from the member 1070 * interfaces. 1071 */ 1072 BRIDGE_XLOCK(sc); 1073 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1074 if (in6ifa_llaonifp(bif->bif_ifp)) { 1075 BRIDGE_UNLOCK(sc); 1076 in6_ifdetach(bif->bif_ifp); 1077 BRIDGE_LOCK(sc); 1078 if_printf(sc->sc_ifp, 1079 "IPv6 addresses on %s have been removed " 1080 "before adding it as a member to prevent " 1081 "IPv6 address scope violation.\n", 1082 bif->bif_ifp->if_xname); 1083 } 1084 } 1085 BRIDGE_XDROP(sc); 1086 if (in6ifa_llaonifp(ifs)) { 1087 BRIDGE_UNLOCK(sc); 1088 in6_ifdetach(ifs); 1089 BRIDGE_LOCK(sc); 1090 if_printf(sc->sc_ifp, 1091 "IPv6 addresses on %s have been removed " 1092 "before adding it as a member to prevent " 1093 "IPv6 address scope violation.\n", 1094 ifs->if_xname); 1095 } 1096 } else { 1097 struct in6_ifaddr *ia6_m, *ia6_s; 1098 /* 1099 * If not, check whether one of the existing member 1100 * interfaces have inet6 address. If any, remove 1101 * inet6 addresses on the interface to be added. 1102 */ 1103 ia6_m = NULL; 1104 BRIDGE_XLOCK(sc); 1105 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1106 ia6_m = in6ifa_llaonifp(bif->bif_ifp); 1107 if (ia6_m != NULL) 1108 break; 1109 } 1110 BRIDGE_XDROP(sc); 1111 ia6_s = in6ifa_llaonifp(ifs); 1112 1113 if (ia6_m != NULL && ia6_s != NULL) { 1114 BRIDGE_UNLOCK(sc); 1115 in6_ifdetach(ifs); 1116 BRIDGE_LOCK(sc); 1117 if_printf(sc->sc_ifp, "IPv6 addresses on %s have " 1118 "been removed before adding it as a member " 1119 "to prevent IPv6 address scope violation.\n", 1120 ifs->if_xname); 1121 } 1122 } 1123#endif 1124 /* Allow the first Ethernet member to define the MTU */ 1125 if (LIST_EMPTY(&sc->sc_iflist)) 1126 sc->sc_ifp->if_mtu = ifs->if_mtu; 1127 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 1128 if_printf(sc->sc_ifp, "invalid MTU: %lu(%s) != %lu\n", 1129 ifs->if_mtu, ifs->if_xname, sc->sc_ifp->if_mtu); 1130 return (EINVAL); 1131 } 1132 1133 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1134 if (bif == NULL) 1135 return (ENOMEM); 1136 1137 bif->bif_ifp = ifs; 1138 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 1139 bif->bif_savedcaps = ifs->if_capenable; 1140 1141 /* 1142 * Assign the interface's MAC address to the bridge if it's the first 1143 * member and the MAC address of the bridge has not been changed from 1144 * the default randomly generated one. 1145 */ 1146 if (bridge_inherit_mac && LIST_EMPTY(&sc->sc_iflist) && 1147 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN)) { 1148 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN); 1149 sc->sc_ifaddr = ifs; 1150 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp); 1151 } 1152 1153 ifs->if_bridge = sc; 1154 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp); 1155 /* 1156 * XXX: XLOCK HERE!?! 1157 * 1158 * NOTE: insert_***HEAD*** should be safe for the traversals. 1159 */ 1160 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 1161 1162 /* Set interface capabilities to the intersection set of all members */ 1163 bridge_mutecaps(sc); 1164 bridge_linkcheck(sc); 1165 1166 /* Place the interface into promiscuous mode */ 1167 switch (ifs->if_type) { 1168 case IFT_ETHER: 1169 case IFT_L2VLAN: 1170 BRIDGE_UNLOCK(sc); 1171 error = ifpromisc(ifs, 1); 1172 BRIDGE_LOCK(sc); 1173 break; 1174 } 1175 1176 if (error) { 1177 bridge_delete_member(sc, bif, 0); 1178 free(bif, M_DEVBUF); 1179 } 1180 return (error); 1181} 1182 1183static int 1184bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1185{ 1186 struct ifbreq *req = arg; 1187 struct bridge_iflist *bif; 1188 1189 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1190 if (bif == NULL) 1191 return (ENOENT); 1192 1193 bridge_delete_member(sc, bif, 0); 1194 1195 return (0); 1196} 1197 1198static int 1199bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1200{ 1201 struct ifbreq *req = arg; 1202 struct bridge_iflist *bif; 1203 struct bstp_port *bp; 1204 1205 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1206 if (bif == NULL) 1207 return (ENOENT); 1208 1209 bp = &bif->bif_stp; 1210 req->ifbr_ifsflags = bif->bif_flags; 1211 req->ifbr_state = bp->bp_state; 1212 req->ifbr_priority = bp->bp_priority; 1213 req->ifbr_path_cost = bp->bp_path_cost; 1214 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1215 req->ifbr_proto = bp->bp_protover; 1216 req->ifbr_role = bp->bp_role; 1217 req->ifbr_stpflags = bp->bp_flags; 1218 req->ifbr_addrcnt = bif->bif_addrcnt; 1219 req->ifbr_addrmax = bif->bif_addrmax; 1220 req->ifbr_addrexceeded = bif->bif_addrexceeded; 1221 1222 /* Copy STP state options as flags */ 1223 if (bp->bp_operedge) 1224 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 1225 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 1226 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 1227 if (bp->bp_ptp_link) 1228 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 1229 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 1230 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 1231 if (bp->bp_flags & BSTP_PORT_ADMEDGE) 1232 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE; 1233 if (bp->bp_flags & BSTP_PORT_ADMCOST) 1234 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST; 1235 return (0); 1236} 1237 1238static int 1239bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1240{ 1241 struct ifbreq *req = arg; 1242 struct bridge_iflist *bif; 1243 struct bstp_port *bp; 1244 int error; 1245 1246 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1247 if (bif == NULL) 1248 return (ENOENT); 1249 bp = &bif->bif_stp; 1250 1251 if (req->ifbr_ifsflags & IFBIF_SPAN) 1252 /* SPAN is readonly */ 1253 return (EINVAL); 1254 1255 if (req->ifbr_ifsflags & IFBIF_STP) { 1256 if ((bif->bif_flags & IFBIF_STP) == 0) { 1257 error = bstp_enable(&bif->bif_stp); 1258 if (error) 1259 return (error); 1260 } 1261 } else { 1262 if ((bif->bif_flags & IFBIF_STP) != 0) 1263 bstp_disable(&bif->bif_stp); 1264 } 1265 1266 /* Pass on STP flags */ 1267 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0); 1268 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0); 1269 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0); 1270 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0); 1271 1272 /* Save the bits relating to the bridge */ 1273 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK; 1274 1275 return (0); 1276} 1277 1278static int 1279bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1280{ 1281 struct ifbrparam *param = arg; 1282 1283 sc->sc_brtmax = param->ifbrp_csize; 1284 bridge_rttrim(sc); 1285 1286 return (0); 1287} 1288 1289static int 1290bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1291{ 1292 struct ifbrparam *param = arg; 1293 1294 param->ifbrp_csize = sc->sc_brtmax; 1295 1296 return (0); 1297} 1298 1299static int 1300bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1301{ 1302 struct ifbifconf *bifc = arg; 1303 struct bridge_iflist *bif; 1304 struct ifbreq breq; 1305 char *buf, *outbuf; 1306 int count, buflen, len, error = 0; 1307 1308 count = 0; 1309 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 1310 count++; 1311 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1312 count++; 1313 1314 buflen = sizeof(breq) * count; 1315 if (bifc->ifbic_len == 0) { 1316 bifc->ifbic_len = buflen; 1317 return (0); 1318 } 1319 BRIDGE_UNLOCK(sc); 1320 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1321 BRIDGE_LOCK(sc); 1322 1323 count = 0; 1324 buf = outbuf; 1325 len = min(bifc->ifbic_len, buflen); 1326 bzero(&breq, sizeof(breq)); 1327 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1328 if (len < sizeof(breq)) 1329 break; 1330 1331 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1332 sizeof(breq.ifbr_ifsname)); 1333 /* Fill in the ifbreq structure */ 1334 error = bridge_ioctl_gifflags(sc, &breq); 1335 if (error) 1336 break; 1337 memcpy(buf, &breq, sizeof(breq)); 1338 count++; 1339 buf += sizeof(breq); 1340 len -= sizeof(breq); 1341 } 1342 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1343 if (len < sizeof(breq)) 1344 break; 1345 1346 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1347 sizeof(breq.ifbr_ifsname)); 1348 breq.ifbr_ifsflags = bif->bif_flags; 1349 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff; 1350 memcpy(buf, &breq, sizeof(breq)); 1351 count++; 1352 buf += sizeof(breq); 1353 len -= sizeof(breq); 1354 } 1355 1356 BRIDGE_UNLOCK(sc); 1357 bifc->ifbic_len = sizeof(breq) * count; 1358 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len); 1359 BRIDGE_LOCK(sc); 1360 free(outbuf, M_TEMP); 1361 return (error); 1362} 1363 1364static int 1365bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1366{ 1367 struct ifbaconf *bac = arg; 1368 struct bridge_rtnode *brt; 1369 struct ifbareq bareq; 1370 char *buf, *outbuf; 1371 int count, buflen, len, error = 0; 1372 1373 if (bac->ifbac_len == 0) 1374 return (0); 1375 1376 count = 0; 1377 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) 1378 count++; 1379 buflen = sizeof(bareq) * count; 1380 1381 BRIDGE_UNLOCK(sc); 1382 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1383 BRIDGE_LOCK(sc); 1384 1385 count = 0; 1386 buf = outbuf; 1387 len = min(bac->ifbac_len, buflen); 1388 bzero(&bareq, sizeof(bareq)); 1389 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1390 if (len < sizeof(bareq)) 1391 goto out; 1392 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1393 sizeof(bareq.ifba_ifsname)); 1394 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1395 bareq.ifba_vlan = brt->brt_vlan; 1396 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1397 time_uptime < brt->brt_expire) 1398 bareq.ifba_expire = brt->brt_expire - time_uptime; 1399 else 1400 bareq.ifba_expire = 0; 1401 bareq.ifba_flags = brt->brt_flags; 1402 1403 memcpy(buf, &bareq, sizeof(bareq)); 1404 count++; 1405 buf += sizeof(bareq); 1406 len -= sizeof(bareq); 1407 } 1408out: 1409 BRIDGE_UNLOCK(sc); 1410 bac->ifbac_len = sizeof(bareq) * count; 1411 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len); 1412 BRIDGE_LOCK(sc); 1413 free(outbuf, M_TEMP); 1414 return (error); 1415} 1416 1417static int 1418bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1419{ 1420 struct ifbareq *req = arg; 1421 struct bridge_iflist *bif; 1422 int error; 1423 1424 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1425 if (bif == NULL) 1426 return (ENOENT); 1427 1428 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1, 1429 req->ifba_flags); 1430 1431 return (error); 1432} 1433 1434static int 1435bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1436{ 1437 struct ifbrparam *param = arg; 1438 1439 sc->sc_brttimeout = param->ifbrp_ctime; 1440 return (0); 1441} 1442 1443static int 1444bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1445{ 1446 struct ifbrparam *param = arg; 1447 1448 param->ifbrp_ctime = sc->sc_brttimeout; 1449 return (0); 1450} 1451 1452static int 1453bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1454{ 1455 struct ifbareq *req = arg; 1456 1457 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan)); 1458} 1459 1460static int 1461bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1462{ 1463 struct ifbreq *req = arg; 1464 1465 bridge_rtflush(sc, req->ifbr_ifsflags); 1466 return (0); 1467} 1468 1469static int 1470bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1471{ 1472 struct ifbrparam *param = arg; 1473 struct bstp_state *bs = &sc->sc_stp; 1474 1475 param->ifbrp_prio = bs->bs_bridge_priority; 1476 return (0); 1477} 1478 1479static int 1480bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1481{ 1482 struct ifbrparam *param = arg; 1483 1484 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio)); 1485} 1486 1487static int 1488bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1489{ 1490 struct ifbrparam *param = arg; 1491 struct bstp_state *bs = &sc->sc_stp; 1492 1493 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8; 1494 return (0); 1495} 1496 1497static int 1498bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1499{ 1500 struct ifbrparam *param = arg; 1501 1502 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime)); 1503} 1504 1505static int 1506bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1507{ 1508 struct ifbrparam *param = arg; 1509 struct bstp_state *bs = &sc->sc_stp; 1510 1511 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8; 1512 return (0); 1513} 1514 1515static int 1516bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1517{ 1518 struct ifbrparam *param = arg; 1519 1520 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay)); 1521} 1522 1523static int 1524bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1525{ 1526 struct ifbrparam *param = arg; 1527 struct bstp_state *bs = &sc->sc_stp; 1528 1529 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8; 1530 return (0); 1531} 1532 1533static int 1534bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1535{ 1536 struct ifbrparam *param = arg; 1537 1538 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage)); 1539} 1540 1541static int 1542bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1543{ 1544 struct ifbreq *req = arg; 1545 struct bridge_iflist *bif; 1546 1547 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1548 if (bif == NULL) 1549 return (ENOENT); 1550 1551 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority)); 1552} 1553 1554static int 1555bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1556{ 1557 struct ifbreq *req = arg; 1558 struct bridge_iflist *bif; 1559 1560 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1561 if (bif == NULL) 1562 return (ENOENT); 1563 1564 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost)); 1565} 1566 1567static int 1568bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg) 1569{ 1570 struct ifbreq *req = arg; 1571 struct bridge_iflist *bif; 1572 1573 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1574 if (bif == NULL) 1575 return (ENOENT); 1576 1577 bif->bif_addrmax = req->ifbr_addrmax; 1578 return (0); 1579} 1580 1581static int 1582bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1583{ 1584 struct ifbreq *req = arg; 1585 struct bridge_iflist *bif = NULL; 1586 struct ifnet *ifs; 1587 1588 ifs = ifunit(req->ifbr_ifsname); 1589 if (ifs == NULL) 1590 return (ENOENT); 1591 1592 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1593 if (ifs == bif->bif_ifp) 1594 return (EBUSY); 1595 1596 if (ifs->if_bridge != NULL) 1597 return (EBUSY); 1598 1599 switch (ifs->if_type) { 1600 case IFT_ETHER: 1601 case IFT_GIF: 1602 case IFT_L2VLAN: 1603 break; 1604 default: 1605 return (EINVAL); 1606 } 1607 1608 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 1609 if (bif == NULL) 1610 return (ENOMEM); 1611 1612 bif->bif_ifp = ifs; 1613 bif->bif_flags = IFBIF_SPAN; 1614 1615 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1616 1617 return (0); 1618} 1619 1620static int 1621bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1622{ 1623 struct ifbreq *req = arg; 1624 struct bridge_iflist *bif; 1625 struct ifnet *ifs; 1626 1627 ifs = ifunit(req->ifbr_ifsname); 1628 if (ifs == NULL) 1629 return (ENOENT); 1630 1631 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1632 if (ifs == bif->bif_ifp) 1633 break; 1634 1635 if (bif == NULL) 1636 return (ENOENT); 1637 1638 bridge_delete_span(sc, bif); 1639 1640 return (0); 1641} 1642 1643static int 1644bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg) 1645{ 1646 struct ifbropreq *req = arg; 1647 struct bstp_state *bs = &sc->sc_stp; 1648 struct bstp_port *root_port; 1649 1650 req->ifbop_maxage = bs->bs_bridge_max_age >> 8; 1651 req->ifbop_hellotime = bs->bs_bridge_htime >> 8; 1652 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 1653 1654 root_port = bs->bs_root_port; 1655 if (root_port == NULL) 1656 req->ifbop_root_port = 0; 1657 else 1658 req->ifbop_root_port = root_port->bp_ifp->if_index; 1659 1660 req->ifbop_holdcount = bs->bs_txholdcount; 1661 req->ifbop_priority = bs->bs_bridge_priority; 1662 req->ifbop_protocol = bs->bs_protover; 1663 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 1664 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id; 1665 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id; 1666 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id; 1667 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 1668 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 1669 1670 return (0); 1671} 1672 1673static int 1674bridge_ioctl_grte(struct bridge_softc *sc, void *arg) 1675{ 1676 struct ifbrparam *param = arg; 1677 1678 param->ifbrp_cexceeded = sc->sc_brtexceeded; 1679 return (0); 1680} 1681 1682static int 1683bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg) 1684{ 1685 struct ifbpstpconf *bifstp = arg; 1686 struct bridge_iflist *bif; 1687 struct bstp_port *bp; 1688 struct ifbpstpreq bpreq; 1689 char *buf, *outbuf; 1690 int count, buflen, len, error = 0; 1691 1692 count = 0; 1693 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1694 if ((bif->bif_flags & IFBIF_STP) != 0) 1695 count++; 1696 } 1697 1698 buflen = sizeof(bpreq) * count; 1699 if (bifstp->ifbpstp_len == 0) { 1700 bifstp->ifbpstp_len = buflen; 1701 return (0); 1702 } 1703 1704 BRIDGE_UNLOCK(sc); 1705 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO); 1706 BRIDGE_LOCK(sc); 1707 1708 count = 0; 1709 buf = outbuf; 1710 len = min(bifstp->ifbpstp_len, buflen); 1711 bzero(&bpreq, sizeof(bpreq)); 1712 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1713 if (len < sizeof(bpreq)) 1714 break; 1715 1716 if ((bif->bif_flags & IFBIF_STP) == 0) 1717 continue; 1718 1719 bp = &bif->bif_stp; 1720 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff; 1721 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions; 1722 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost; 1723 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id; 1724 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id; 1725 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id; 1726 1727 memcpy(buf, &bpreq, sizeof(bpreq)); 1728 count++; 1729 buf += sizeof(bpreq); 1730 len -= sizeof(bpreq); 1731 } 1732 1733 BRIDGE_UNLOCK(sc); 1734 bifstp->ifbpstp_len = sizeof(bpreq) * count; 1735 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len); 1736 BRIDGE_LOCK(sc); 1737 free(outbuf, M_TEMP); 1738 return (error); 1739} 1740 1741static int 1742bridge_ioctl_sproto(struct bridge_softc *sc, void *arg) 1743{ 1744 struct ifbrparam *param = arg; 1745 1746 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto)); 1747} 1748 1749static int 1750bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg) 1751{ 1752 struct ifbrparam *param = arg; 1753 1754 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc)); 1755} 1756 1757/* 1758 * bridge_ifdetach: 1759 * 1760 * Detach an interface from a bridge. Called when a member 1761 * interface is detaching. 1762 */ 1763static void 1764bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1765{ 1766 struct bridge_softc *sc = ifp->if_bridge; 1767 struct bridge_iflist *bif; 1768 1769 if (ifp->if_flags & IFF_RENAMING) 1770 return; 1771 1772 /* Check if the interface is a bridge member */ 1773 if (sc != NULL) { 1774 BRIDGE_LOCK(sc); 1775 1776 bif = bridge_lookup_member_if(sc, ifp); 1777 if (bif != NULL) 1778 bridge_delete_member(sc, bif, 1); 1779 1780 BRIDGE_UNLOCK(sc); 1781 return; 1782 } 1783 1784 /* Check if the interface is a span port */ 1785 mtx_lock(&bridge_list_mtx); 1786 LIST_FOREACH(sc, &bridge_list, sc_list) { 1787 BRIDGE_LOCK(sc); 1788 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1789 if (ifp == bif->bif_ifp) { 1790 bridge_delete_span(sc, bif); 1791 break; 1792 } 1793 1794 BRIDGE_UNLOCK(sc); 1795 } 1796 mtx_unlock(&bridge_list_mtx); 1797} 1798 1799/* 1800 * bridge_init: 1801 * 1802 * Initialize a bridge interface. 1803 */ 1804static void 1805bridge_init(void *xsc) 1806{ 1807 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1808 struct ifnet *ifp = sc->sc_ifp; 1809 1810 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 1811 return; 1812 1813 BRIDGE_LOCK(sc); 1814 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1815 bridge_timer, sc); 1816 1817 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1818 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */ 1819 1820 BRIDGE_UNLOCK(sc); 1821} 1822 1823/* 1824 * bridge_stop: 1825 * 1826 * Stop the bridge interface. 1827 */ 1828static void 1829bridge_stop(struct ifnet *ifp, int disable) 1830{ 1831 struct bridge_softc *sc = ifp->if_softc; 1832 1833 BRIDGE_LOCK_ASSERT(sc); 1834 1835 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 1836 return; 1837 1838 callout_stop(&sc->sc_brcallout); 1839 bstp_stop(&sc->sc_stp); 1840 1841 bridge_rtflush(sc, IFBF_FLUSHDYN); 1842 1843 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1844} 1845 1846/* 1847 * bridge_enqueue: 1848 * 1849 * Enqueue a packet on a bridge member interface. 1850 * 1851 */ 1852static void 1853bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) 1854{ 1855 int len, err = 0; 1856 short mflags; 1857 struct mbuf *m0; 1858 1859 len = m->m_pkthdr.len; 1860 mflags = m->m_flags; 1861 1862 /* We may be sending a fragment so traverse the mbuf */ 1863 for (; m; m = m0) { 1864 m0 = m->m_nextpkt; 1865 m->m_nextpkt = NULL; 1866 1867 /* 1868 * If underlying interface can not do VLAN tag insertion itself 1869 * then attach a packet tag that holds it. 1870 */ 1871 if ((m->m_flags & M_VLANTAG) && 1872 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) { 1873 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag); 1874 if (m == NULL) { 1875 if_printf(dst_ifp, 1876 "unable to prepend VLAN header\n"); 1877 dst_ifp->if_oerrors++; 1878 continue; 1879 } 1880 m->m_flags &= ~M_VLANTAG; 1881 } 1882 1883 if ((err = dst_ifp->if_transmit(dst_ifp, m))) { 1884 m_freem(m0); 1885 break; 1886 } 1887 } 1888 1889 if (err == 0) { 1890 sc->sc_ifp->if_opackets++; 1891 sc->sc_ifp->if_obytes += len; 1892 if (mflags & M_MCAST) 1893 sc->sc_ifp->if_omcasts++; 1894 } 1895} 1896 1897/* 1898 * bridge_dummynet: 1899 * 1900 * Receive a queued packet from dummynet and pass it on to the output 1901 * interface. 1902 * 1903 * The mbuf has the Ethernet header already attached. 1904 */ 1905static void 1906bridge_dummynet(struct mbuf *m, struct ifnet *ifp) 1907{ 1908 struct bridge_softc *sc; 1909 1910 sc = ifp->if_bridge; 1911 1912 /* 1913 * The packet didnt originate from a member interface. This should only 1914 * ever happen if a member interface is removed while packets are 1915 * queued for it. 1916 */ 1917 if (sc == NULL) { 1918 m_freem(m); 1919 return; 1920 } 1921 1922 if (PFIL_HOOKED(&V_inet_pfil_hook) 1923#ifdef INET6 1924 || PFIL_HOOKED(&V_inet6_pfil_hook) 1925#endif 1926 ) { 1927 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) 1928 return; 1929 if (m == NULL) 1930 return; 1931 } 1932 1933 bridge_enqueue(sc, ifp, m); 1934} 1935 1936/* 1937 * bridge_output: 1938 * 1939 * Send output from a bridge member interface. This 1940 * performs the bridging function for locally originated 1941 * packets. 1942 * 1943 * The mbuf has the Ethernet header already attached. We must 1944 * enqueue or free the mbuf before returning. 1945 */ 1946static int 1947bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 1948 struct rtentry *rt) 1949{ 1950 struct ether_header *eh; 1951 struct ifnet *dst_if; 1952 struct bridge_softc *sc; 1953 uint16_t vlan; 1954 1955 if (m->m_len < ETHER_HDR_LEN) { 1956 m = m_pullup(m, ETHER_HDR_LEN); 1957 if (m == NULL) 1958 return (0); 1959 } 1960 1961 eh = mtod(m, struct ether_header *); 1962 sc = ifp->if_bridge; 1963 vlan = VLANTAGOF(m); 1964 1965 BRIDGE_LOCK(sc); 1966 1967 /* 1968 * If bridge is down, but the original output interface is up, 1969 * go ahead and send out that interface. Otherwise, the packet 1970 * is dropped below. 1971 */ 1972 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1973 dst_if = ifp; 1974 goto sendunicast; 1975 } 1976 1977 /* 1978 * If the packet is a multicast, or we don't know a better way to 1979 * get there, send to all interfaces. 1980 */ 1981 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1982 dst_if = NULL; 1983 else 1984 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan); 1985 if (dst_if == NULL) { 1986 struct bridge_iflist *bif; 1987 struct mbuf *mc; 1988 int error = 0, used = 0; 1989 1990 bridge_span(sc, m); 1991 1992 BRIDGE_LOCK2REF(sc, error); 1993 if (error) { 1994 m_freem(m); 1995 return (0); 1996 } 1997 1998 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1999 dst_if = bif->bif_ifp; 2000 2001 if (dst_if->if_type == IFT_GIF) 2002 continue; 2003 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2004 continue; 2005 2006 /* 2007 * If this is not the original output interface, 2008 * and the interface is participating in spanning 2009 * tree, make sure the port is in a state that 2010 * allows forwarding. 2011 */ 2012 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) && 2013 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2014 continue; 2015 2016 if (LIST_NEXT(bif, bif_next) == NULL) { 2017 used = 1; 2018 mc = m; 2019 } else { 2020 mc = m_copypacket(m, M_DONTWAIT); 2021 if (mc == NULL) { 2022 sc->sc_ifp->if_oerrors++; 2023 continue; 2024 } 2025 } 2026 2027 bridge_enqueue(sc, dst_if, mc); 2028 } 2029 if (used == 0) 2030 m_freem(m); 2031 BRIDGE_UNREF(sc); 2032 return (0); 2033 } 2034 2035sendunicast: 2036 /* 2037 * XXX Spanning tree consideration here? 2038 */ 2039 2040 bridge_span(sc, m); 2041 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) { 2042 m_freem(m); 2043 BRIDGE_UNLOCK(sc); 2044 return (0); 2045 } 2046 2047 BRIDGE_UNLOCK(sc); 2048 bridge_enqueue(sc, dst_if, m); 2049 return (0); 2050} 2051 2052/* 2053 * bridge_start: 2054 * 2055 * Start output on a bridge. 2056 * 2057 */ 2058static void 2059bridge_start(struct ifnet *ifp) 2060{ 2061 struct bridge_softc *sc; 2062 struct mbuf *m; 2063 struct ether_header *eh; 2064 struct ifnet *dst_if; 2065 2066 sc = ifp->if_softc; 2067 2068 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 2069 for (;;) { 2070 IFQ_DEQUEUE(&ifp->if_snd, m); 2071 if (m == 0) 2072 break; 2073 ETHER_BPF_MTAP(ifp, m); 2074 2075 eh = mtod(m, struct ether_header *); 2076 dst_if = NULL; 2077 2078 BRIDGE_LOCK(sc); 2079 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2080 dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1); 2081 } 2082 2083 if (dst_if == NULL) 2084 bridge_broadcast(sc, ifp, m, 0); 2085 else { 2086 BRIDGE_UNLOCK(sc); 2087 bridge_enqueue(sc, dst_if, m); 2088 } 2089 } 2090 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2091} 2092 2093/* 2094 * bridge_forward: 2095 * 2096 * The forwarding function of the bridge. 2097 * 2098 * NOTE: Releases the lock on return. 2099 */ 2100static void 2101bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif, 2102 struct mbuf *m) 2103{ 2104 struct bridge_iflist *dbif; 2105 struct ifnet *src_if, *dst_if, *ifp; 2106 struct ether_header *eh; 2107 uint16_t vlan; 2108 uint8_t *dst; 2109 int error; 2110 2111 src_if = m->m_pkthdr.rcvif; 2112 ifp = sc->sc_ifp; 2113 2114 ifp->if_ipackets++; 2115 ifp->if_ibytes += m->m_pkthdr.len; 2116 vlan = VLANTAGOF(m); 2117 2118 if ((sbif->bif_flags & IFBIF_STP) && 2119 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2120 goto drop; 2121 2122 eh = mtod(m, struct ether_header *); 2123 dst = eh->ether_dhost; 2124 2125 /* If the interface is learning, record the address. */ 2126 if (sbif->bif_flags & IFBIF_LEARNING) { 2127 error = bridge_rtupdate(sc, eh->ether_shost, vlan, 2128 sbif, 0, IFBAF_DYNAMIC); 2129 /* 2130 * If the interface has addresses limits then deny any source 2131 * that is not in the cache. 2132 */ 2133 if (error && sbif->bif_addrmax) 2134 goto drop; 2135 } 2136 2137 if ((sbif->bif_flags & IFBIF_STP) != 0 && 2138 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) 2139 goto drop; 2140 2141 /* 2142 * At this point, the port either doesn't participate 2143 * in spanning tree or it is in the forwarding state. 2144 */ 2145 2146 /* 2147 * If the packet is unicast, destined for someone on 2148 * "this" side of the bridge, drop it. 2149 */ 2150 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2151 dst_if = bridge_rtlookup(sc, dst, vlan); 2152 if (src_if == dst_if) 2153 goto drop; 2154 } else { 2155 /* 2156 * Check if its a reserved multicast address, any address 2157 * listed in 802.1D section 7.12.6 may not be forwarded by the 2158 * bridge. 2159 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F 2160 */ 2161 if (dst[0] == 0x01 && dst[1] == 0x80 && 2162 dst[2] == 0xc2 && dst[3] == 0x00 && 2163 dst[4] == 0x00 && dst[5] <= 0x0f) 2164 goto drop; 2165 2166 /* ...forward it to all interfaces. */ 2167 ifp->if_imcasts++; 2168 dst_if = NULL; 2169 } 2170 2171 /* 2172 * If we have a destination interface which is a member of our bridge, 2173 * OR this is a unicast packet, push it through the bpf(4) machinery. 2174 * For broadcast or multicast packets, don't bother because it will 2175 * be reinjected into ether_input. We do this before we pass the packets 2176 * through the pfil(9) framework, as it is possible that pfil(9) will 2177 * drop the packet, or possibly modify it, making it difficult to debug 2178 * firewall issues on the bridge. 2179 */ 2180 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0) 2181 ETHER_BPF_MTAP(ifp, m); 2182 2183 /* run the packet filter */ 2184 if (PFIL_HOOKED(&V_inet_pfil_hook) 2185#ifdef INET6 2186 || PFIL_HOOKED(&V_inet6_pfil_hook) 2187#endif 2188 ) { 2189 BRIDGE_UNLOCK(sc); 2190 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2191 return; 2192 if (m == NULL) 2193 return; 2194 BRIDGE_LOCK(sc); 2195 } 2196 2197 if (dst_if == NULL) { 2198 bridge_broadcast(sc, src_if, m, 1); 2199 return; 2200 } 2201 2202 /* 2203 * At this point, we're dealing with a unicast frame 2204 * going to a different interface. 2205 */ 2206 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2207 goto drop; 2208 2209 dbif = bridge_lookup_member_if(sc, dst_if); 2210 if (dbif == NULL) 2211 /* Not a member of the bridge (anymore?) */ 2212 goto drop; 2213 2214 /* Private segments can not talk to each other */ 2215 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE) 2216 goto drop; 2217 2218 if ((dbif->bif_flags & IFBIF_STP) && 2219 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2220 goto drop; 2221 2222 BRIDGE_UNLOCK(sc); 2223 2224 if (PFIL_HOOKED(&V_inet_pfil_hook) 2225#ifdef INET6 2226 || PFIL_HOOKED(&V_inet6_pfil_hook) 2227#endif 2228 ) { 2229 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2230 return; 2231 if (m == NULL) 2232 return; 2233 } 2234 2235 bridge_enqueue(sc, dst_if, m); 2236 return; 2237 2238drop: 2239 BRIDGE_UNLOCK(sc); 2240 m_freem(m); 2241} 2242 2243/* 2244 * bridge_input: 2245 * 2246 * Receive input from a member interface. Queue the packet for 2247 * bridging if it is not for us. 2248 */ 2249static struct mbuf * 2250bridge_input(struct ifnet *ifp, struct mbuf *m) 2251{ 2252 struct bridge_softc *sc = ifp->if_bridge; 2253 struct bridge_iflist *bif, *bif2; 2254 struct ifnet *bifp; 2255 struct ether_header *eh; 2256 struct mbuf *mc, *mc2; 2257 uint16_t vlan; 2258 int error; 2259 2260 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 2261 return (m); 2262 2263 bifp = sc->sc_ifp; 2264 vlan = VLANTAGOF(m); 2265 2266 /* 2267 * Implement support for bridge monitoring. If this flag has been 2268 * set on this interface, discard the packet once we push it through 2269 * the bpf(4) machinery, but before we do, increment the byte and 2270 * packet counters associated with this interface. 2271 */ 2272 if ((bifp->if_flags & IFF_MONITOR) != 0) { 2273 m->m_pkthdr.rcvif = bifp; 2274 ETHER_BPF_MTAP(bifp, m); 2275 bifp->if_ipackets++; 2276 bifp->if_ibytes += m->m_pkthdr.len; 2277 m_freem(m); 2278 return (NULL); 2279 } 2280 BRIDGE_LOCK(sc); 2281 bif = bridge_lookup_member_if(sc, ifp); 2282 if (bif == NULL) { 2283 BRIDGE_UNLOCK(sc); 2284 return (m); 2285 } 2286 2287 eh = mtod(m, struct ether_header *); 2288 2289 bridge_span(sc, m); 2290 2291 if (m->m_flags & (M_BCAST|M_MCAST)) { 2292 /* Tap off 802.1D packets; they do not get forwarded. */ 2293 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2294 ETHER_ADDR_LEN) == 0) { 2295 bstp_input(&bif->bif_stp, ifp, m); /* consumes mbuf */ 2296 BRIDGE_UNLOCK(sc); 2297 return (NULL); 2298 } 2299 2300 if ((bif->bif_flags & IFBIF_STP) && 2301 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2302 BRIDGE_UNLOCK(sc); 2303 return (m); 2304 } 2305 2306 /* 2307 * Make a deep copy of the packet and enqueue the copy 2308 * for bridge processing; return the original packet for 2309 * local processing. 2310 */ 2311 mc = m_dup(m, M_DONTWAIT); 2312 if (mc == NULL) { 2313 BRIDGE_UNLOCK(sc); 2314 return (m); 2315 } 2316 2317 /* Perform the bridge forwarding function with the copy. */ 2318 bridge_forward(sc, bif, mc); 2319 2320 /* 2321 * Reinject the mbuf as arriving on the bridge so we have a 2322 * chance at claiming multicast packets. We can not loop back 2323 * here from ether_input as a bridge is never a member of a 2324 * bridge. 2325 */ 2326 KASSERT(bifp->if_bridge == NULL, 2327 ("loop created in bridge_input")); 2328 mc2 = m_dup(m, M_DONTWAIT); 2329 if (mc2 != NULL) { 2330 /* Keep the layer3 header aligned */ 2331 int i = min(mc2->m_pkthdr.len, max_protohdr); 2332 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2333 } 2334 if (mc2 != NULL) { 2335 mc2->m_pkthdr.rcvif = bifp; 2336 (*bifp->if_input)(bifp, mc2); 2337 } 2338 2339 /* Return the original packet for local processing. */ 2340 return (m); 2341 } 2342 2343 if ((bif->bif_flags & IFBIF_STP) && 2344 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) { 2345 BRIDGE_UNLOCK(sc); 2346 return (m); 2347 } 2348 2349#if (defined(INET) || defined(INET6)) 2350# define OR_CARP_CHECK_WE_ARE_DST(iface) \ 2351 || ((iface)->if_carp \ 2352 && (*carp_forus_p)((iface), eh->ether_dhost)) 2353# define OR_CARP_CHECK_WE_ARE_SRC(iface) \ 2354 || ((iface)->if_carp \ 2355 && (*carp_forus_p)((iface), eh->ether_shost)) 2356#else 2357# define OR_CARP_CHECK_WE_ARE_DST(iface) 2358# define OR_CARP_CHECK_WE_ARE_SRC(iface) 2359#endif 2360 2361#ifdef INET6 2362# define OR_PFIL_HOOKED_INET6 \ 2363 || PFIL_HOOKED(&V_inet6_pfil_hook) 2364#else 2365# define OR_PFIL_HOOKED_INET6 2366#endif 2367 2368#define GRAB_OUR_PACKETS(iface) \ 2369 if ((iface)->if_type == IFT_GIF) \ 2370 continue; \ 2371 /* It is destined for us. */ \ 2372 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \ 2373 OR_CARP_CHECK_WE_ARE_DST((iface)) \ 2374 ) { \ 2375 if ((iface)->if_type == IFT_BRIDGE) { \ 2376 ETHER_BPF_MTAP(iface, m); \ 2377 iface->if_ipackets++; \ 2378 /* Filter on the physical interface. */ \ 2379 if (pfil_local_phys && \ 2380 (PFIL_HOOKED(&V_inet_pfil_hook) \ 2381 OR_PFIL_HOOKED_INET6)) { \ 2382 if (bridge_pfil(&m, NULL, ifp, \ 2383 PFIL_IN) != 0 || m == NULL) { \ 2384 BRIDGE_UNLOCK(sc); \ 2385 return (NULL); \ 2386 } \ 2387 eh = mtod(m, struct ether_header *); \ 2388 } \ 2389 } \ 2390 if (bif->bif_flags & IFBIF_LEARNING) { \ 2391 error = bridge_rtupdate(sc, eh->ether_shost, \ 2392 vlan, bif, 0, IFBAF_DYNAMIC); \ 2393 if (error && bif->bif_addrmax) { \ 2394 BRIDGE_UNLOCK(sc); \ 2395 m_freem(m); \ 2396 return (NULL); \ 2397 } \ 2398 } \ 2399 m->m_pkthdr.rcvif = iface; \ 2400 BRIDGE_UNLOCK(sc); \ 2401 return (m); \ 2402 } \ 2403 \ 2404 /* We just received a packet that we sent out. */ \ 2405 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \ 2406 OR_CARP_CHECK_WE_ARE_SRC((iface)) \ 2407 ) { \ 2408 BRIDGE_UNLOCK(sc); \ 2409 m_freem(m); \ 2410 return (NULL); \ 2411 } 2412 2413 /* 2414 * Unicast. Make sure it's not for the bridge. 2415 */ 2416 do { GRAB_OUR_PACKETS(bifp) } while (0); 2417 2418 /* 2419 * Give a chance for ifp at first priority. This will help when the 2420 * packet comes through the interface like VLAN's with the same MACs 2421 * on several interfaces from the same bridge. This also will save 2422 * some CPU cycles in case the destination interface and the input 2423 * interface (eq ifp) are the same. 2424 */ 2425 do { GRAB_OUR_PACKETS(ifp) } while (0); 2426 2427 /* Now check the all bridge members. */ 2428 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) { 2429 GRAB_OUR_PACKETS(bif2->bif_ifp) 2430 } 2431 2432#undef OR_CARP_CHECK_WE_ARE_DST 2433#undef OR_CARP_CHECK_WE_ARE_SRC 2434#undef OR_PFIL_HOOKED_INET6 2435#undef GRAB_OUR_PACKETS 2436 2437 /* Perform the bridge forwarding function. */ 2438 bridge_forward(sc, bif, m); 2439 2440 return (NULL); 2441} 2442 2443/* 2444 * bridge_broadcast: 2445 * 2446 * Send a frame to all interfaces that are members of 2447 * the bridge, except for the one on which the packet 2448 * arrived. 2449 * 2450 * NOTE: Releases the lock on return. 2451 */ 2452static void 2453bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2454 struct mbuf *m, int runfilt) 2455{ 2456 struct bridge_iflist *dbif, *sbif; 2457 struct mbuf *mc; 2458 struct ifnet *dst_if; 2459 int error = 0, used = 0, i; 2460 2461 sbif = bridge_lookup_member_if(sc, src_if); 2462 2463 BRIDGE_LOCK2REF(sc, error); 2464 if (error) { 2465 m_freem(m); 2466 return; 2467 } 2468 2469 /* Filter on the bridge interface before broadcasting */ 2470 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2471#ifdef INET6 2472 || PFIL_HOOKED(&V_inet6_pfil_hook) 2473#endif 2474 )) { 2475 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0) 2476 goto out; 2477 if (m == NULL) 2478 goto out; 2479 } 2480 2481 LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) { 2482 dst_if = dbif->bif_ifp; 2483 if (dst_if == src_if) 2484 continue; 2485 2486 /* Private segments can not talk to each other */ 2487 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)) 2488 continue; 2489 2490 if ((dbif->bif_flags & IFBIF_STP) && 2491 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) 2492 continue; 2493 2494 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 && 2495 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2496 continue; 2497 2498 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2499 continue; 2500 2501 if (LIST_NEXT(dbif, bif_next) == NULL) { 2502 mc = m; 2503 used = 1; 2504 } else { 2505 mc = m_dup(m, M_DONTWAIT); 2506 if (mc == NULL) { 2507 sc->sc_ifp->if_oerrors++; 2508 continue; 2509 } 2510 } 2511 2512 /* 2513 * Filter on the output interface. Pass a NULL bridge interface 2514 * pointer so we do not redundantly filter on the bridge for 2515 * each interface we broadcast on. 2516 */ 2517 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook) 2518#ifdef INET6 2519 || PFIL_HOOKED(&V_inet6_pfil_hook) 2520#endif 2521 )) { 2522 if (used == 0) { 2523 /* Keep the layer3 header aligned */ 2524 i = min(mc->m_pkthdr.len, max_protohdr); 2525 mc = m_copyup(mc, i, ETHER_ALIGN); 2526 if (mc == NULL) { 2527 sc->sc_ifp->if_oerrors++; 2528 continue; 2529 } 2530 } 2531 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 2532 continue; 2533 if (mc == NULL) 2534 continue; 2535 } 2536 2537 bridge_enqueue(sc, dst_if, mc); 2538 } 2539 if (used == 0) 2540 m_freem(m); 2541 2542out: 2543 BRIDGE_UNREF(sc); 2544} 2545 2546/* 2547 * bridge_span: 2548 * 2549 * Duplicate a packet out one or more interfaces that are in span mode, 2550 * the original mbuf is unmodified. 2551 */ 2552static void 2553bridge_span(struct bridge_softc *sc, struct mbuf *m) 2554{ 2555 struct bridge_iflist *bif; 2556 struct ifnet *dst_if; 2557 struct mbuf *mc; 2558 2559 if (LIST_EMPTY(&sc->sc_spanlist)) 2560 return; 2561 2562 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2563 dst_if = bif->bif_ifp; 2564 2565 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) 2566 continue; 2567 2568 mc = m_copypacket(m, M_DONTWAIT); 2569 if (mc == NULL) { 2570 sc->sc_ifp->if_oerrors++; 2571 continue; 2572 } 2573 2574 bridge_enqueue(sc, dst_if, mc); 2575 } 2576} 2577 2578/* 2579 * bridge_rtupdate: 2580 * 2581 * Add a bridge routing entry. 2582 */ 2583static int 2584bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, 2585 struct bridge_iflist *bif, int setflags, uint8_t flags) 2586{ 2587 struct bridge_rtnode *brt; 2588 int error; 2589 2590 BRIDGE_LOCK_ASSERT(sc); 2591 2592 /* Check the source address is valid and not multicast. */ 2593 if (ETHER_IS_MULTICAST(dst) || 2594 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 && 2595 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0) 2596 return (EINVAL); 2597 2598 /* 802.1p frames map to vlan 1 */ 2599 if (vlan == 0) 2600 vlan = 1; 2601 2602 /* 2603 * A route for this destination might already exist. If so, 2604 * update it, otherwise create a new one. 2605 */ 2606 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) { 2607 if (sc->sc_brtcnt >= sc->sc_brtmax) { 2608 sc->sc_brtexceeded++; 2609 return (ENOSPC); 2610 } 2611 /* Check per interface address limits (if enabled) */ 2612 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) { 2613 bif->bif_addrexceeded++; 2614 return (ENOSPC); 2615 } 2616 2617 /* 2618 * Allocate a new bridge forwarding node, and 2619 * initialize the expiration time and Ethernet 2620 * address. 2621 */ 2622 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO); 2623 if (brt == NULL) 2624 return (ENOMEM); 2625 2626 if (bif->bif_flags & IFBIF_STICKY) 2627 brt->brt_flags = IFBAF_STICKY; 2628 else 2629 brt->brt_flags = IFBAF_DYNAMIC; 2630 2631 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2632 brt->brt_vlan = vlan; 2633 2634 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2635 uma_zfree(bridge_rtnode_zone, brt); 2636 return (error); 2637 } 2638 brt->brt_dst = bif; 2639 bif->bif_addrcnt++; 2640 } 2641 2642 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2643 brt->brt_dst != bif) { 2644 brt->brt_dst->bif_addrcnt--; 2645 brt->brt_dst = bif; 2646 brt->brt_dst->bif_addrcnt++; 2647 } 2648 2649 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2650 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2651 if (setflags) 2652 brt->brt_flags = flags; 2653 2654 return (0); 2655} 2656 2657/* 2658 * bridge_rtlookup: 2659 * 2660 * Lookup the destination interface for an address. 2661 */ 2662static struct ifnet * 2663bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2664{ 2665 struct bridge_rtnode *brt; 2666 2667 BRIDGE_LOCK_ASSERT(sc); 2668 2669 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL) 2670 return (NULL); 2671 2672 return (brt->brt_ifp); 2673} 2674 2675/* 2676 * bridge_rttrim: 2677 * 2678 * Trim the routine table so that we have a number 2679 * of routing entries less than or equal to the 2680 * maximum number. 2681 */ 2682static void 2683bridge_rttrim(struct bridge_softc *sc) 2684{ 2685 struct bridge_rtnode *brt, *nbrt; 2686 2687 BRIDGE_LOCK_ASSERT(sc); 2688 2689 /* Make sure we actually need to do this. */ 2690 if (sc->sc_brtcnt <= sc->sc_brtmax) 2691 return; 2692 2693 /* Force an aging cycle; this might trim enough addresses. */ 2694 bridge_rtage(sc); 2695 if (sc->sc_brtcnt <= sc->sc_brtmax) 2696 return; 2697 2698 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2699 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2700 bridge_rtnode_destroy(sc, brt); 2701 if (sc->sc_brtcnt <= sc->sc_brtmax) 2702 return; 2703 } 2704 } 2705} 2706 2707/* 2708 * bridge_timer: 2709 * 2710 * Aging timer for the bridge. 2711 */ 2712static void 2713bridge_timer(void *arg) 2714{ 2715 struct bridge_softc *sc = arg; 2716 2717 BRIDGE_LOCK_ASSERT(sc); 2718 2719 bridge_rtage(sc); 2720 2721 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) 2722 callout_reset(&sc->sc_brcallout, 2723 bridge_rtable_prune_period * hz, bridge_timer, sc); 2724} 2725 2726/* 2727 * bridge_rtage: 2728 * 2729 * Perform an aging cycle. 2730 */ 2731static void 2732bridge_rtage(struct bridge_softc *sc) 2733{ 2734 struct bridge_rtnode *brt, *nbrt; 2735 2736 BRIDGE_LOCK_ASSERT(sc); 2737 2738 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2739 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2740 if (time_uptime >= brt->brt_expire) 2741 bridge_rtnode_destroy(sc, brt); 2742 } 2743 } 2744} 2745 2746/* 2747 * bridge_rtflush: 2748 * 2749 * Remove all dynamic addresses from the bridge. 2750 */ 2751static void 2752bridge_rtflush(struct bridge_softc *sc, int full) 2753{ 2754 struct bridge_rtnode *brt, *nbrt; 2755 2756 BRIDGE_LOCK_ASSERT(sc); 2757 2758 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2759 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2760 bridge_rtnode_destroy(sc, brt); 2761 } 2762} 2763 2764/* 2765 * bridge_rtdaddr: 2766 * 2767 * Remove an address from the table. 2768 */ 2769static int 2770bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2771{ 2772 struct bridge_rtnode *brt; 2773 int found = 0; 2774 2775 BRIDGE_LOCK_ASSERT(sc); 2776 2777 /* 2778 * If vlan is zero then we want to delete for all vlans so the lookup 2779 * may return more than one. 2780 */ 2781 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) { 2782 bridge_rtnode_destroy(sc, brt); 2783 found = 1; 2784 } 2785 2786 return (found ? 0 : ENOENT); 2787} 2788 2789/* 2790 * bridge_rtdelete: 2791 * 2792 * Delete routes to a speicifc member interface. 2793 */ 2794static void 2795bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2796{ 2797 struct bridge_rtnode *brt, *nbrt; 2798 2799 BRIDGE_LOCK_ASSERT(sc); 2800 2801 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) { 2802 if (brt->brt_ifp == ifp && (full || 2803 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2804 bridge_rtnode_destroy(sc, brt); 2805 } 2806} 2807 2808/* 2809 * bridge_rtable_init: 2810 * 2811 * Initialize the route table for this bridge. 2812 */ 2813static int 2814bridge_rtable_init(struct bridge_softc *sc) 2815{ 2816 int i; 2817 2818 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2819 M_DEVBUF, M_NOWAIT); 2820 if (sc->sc_rthash == NULL) 2821 return (ENOMEM); 2822 2823 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2824 LIST_INIT(&sc->sc_rthash[i]); 2825 2826 sc->sc_rthash_key = arc4random(); 2827 2828 LIST_INIT(&sc->sc_rtlist); 2829 2830 return (0); 2831} 2832 2833/* 2834 * bridge_rtable_fini: 2835 * 2836 * Deconstruct the route table for this bridge. 2837 */ 2838static void 2839bridge_rtable_fini(struct bridge_softc *sc) 2840{ 2841 2842 KASSERT(sc->sc_brtcnt == 0, 2843 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt)); 2844 free(sc->sc_rthash, M_DEVBUF); 2845} 2846 2847/* 2848 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2849 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2850 */ 2851#define mix(a, b, c) \ 2852do { \ 2853 a -= b; a -= c; a ^= (c >> 13); \ 2854 b -= c; b -= a; b ^= (a << 8); \ 2855 c -= a; c -= b; c ^= (b >> 13); \ 2856 a -= b; a -= c; a ^= (c >> 12); \ 2857 b -= c; b -= a; b ^= (a << 16); \ 2858 c -= a; c -= b; c ^= (b >> 5); \ 2859 a -= b; a -= c; a ^= (c >> 3); \ 2860 b -= c; b -= a; b ^= (a << 10); \ 2861 c -= a; c -= b; c ^= (b >> 15); \ 2862} while (/*CONSTCOND*/0) 2863 2864static __inline uint32_t 2865bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2866{ 2867 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2868 2869 b += addr[5] << 8; 2870 b += addr[4]; 2871 a += addr[3] << 24; 2872 a += addr[2] << 16; 2873 a += addr[1] << 8; 2874 a += addr[0]; 2875 2876 mix(a, b, c); 2877 2878 return (c & BRIDGE_RTHASH_MASK); 2879} 2880 2881#undef mix 2882 2883static int 2884bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2885{ 2886 int i, d; 2887 2888 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2889 d = ((int)a[i]) - ((int)b[i]); 2890 } 2891 2892 return (d); 2893} 2894 2895/* 2896 * bridge_rtnode_lookup: 2897 * 2898 * Look up a bridge route node for the specified destination. Compare the 2899 * vlan id or if zero then just return the first match. 2900 */ 2901static struct bridge_rtnode * 2902bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan) 2903{ 2904 struct bridge_rtnode *brt; 2905 uint32_t hash; 2906 int dir; 2907 2908 BRIDGE_LOCK_ASSERT(sc); 2909 2910 hash = bridge_rthash(sc, addr); 2911 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2912 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2913 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0)) 2914 return (brt); 2915 if (dir > 0) 2916 return (NULL); 2917 } 2918 2919 return (NULL); 2920} 2921 2922/* 2923 * bridge_rtnode_insert: 2924 * 2925 * Insert the specified bridge node into the route table. We 2926 * assume the entry is not already in the table. 2927 */ 2928static int 2929bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2930{ 2931 struct bridge_rtnode *lbrt; 2932 uint32_t hash; 2933 int dir; 2934 2935 BRIDGE_LOCK_ASSERT(sc); 2936 2937 hash = bridge_rthash(sc, brt->brt_addr); 2938 2939 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2940 if (lbrt == NULL) { 2941 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2942 goto out; 2943 } 2944 2945 do { 2946 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2947 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan) 2948 return (EEXIST); 2949 if (dir > 0) { 2950 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2951 goto out; 2952 } 2953 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2954 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2955 goto out; 2956 } 2957 lbrt = LIST_NEXT(lbrt, brt_hash); 2958 } while (lbrt != NULL); 2959 2960#ifdef DIAGNOSTIC 2961 panic("bridge_rtnode_insert: impossible"); 2962#endif 2963 2964out: 2965 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2966 sc->sc_brtcnt++; 2967 2968 return (0); 2969} 2970 2971/* 2972 * bridge_rtnode_destroy: 2973 * 2974 * Destroy a bridge rtnode. 2975 */ 2976static void 2977bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2978{ 2979 BRIDGE_LOCK_ASSERT(sc); 2980 2981 LIST_REMOVE(brt, brt_hash); 2982 2983 LIST_REMOVE(brt, brt_list); 2984 sc->sc_brtcnt--; 2985 brt->brt_dst->bif_addrcnt--; 2986 uma_zfree(bridge_rtnode_zone, brt); 2987} 2988 2989/* 2990 * bridge_rtable_expire: 2991 * 2992 * Set the expiry time for all routes on an interface. 2993 */ 2994static void 2995bridge_rtable_expire(struct ifnet *ifp, int age) 2996{ 2997 struct bridge_softc *sc = ifp->if_bridge; 2998 struct bridge_rtnode *brt; 2999 3000 BRIDGE_LOCK(sc); 3001 3002 /* 3003 * If the age is zero then flush, otherwise set all the expiry times to 3004 * age for the interface 3005 */ 3006 if (age == 0) 3007 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN); 3008 else { 3009 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 3010 /* Cap the expiry time to 'age' */ 3011 if (brt->brt_ifp == ifp && 3012 brt->brt_expire > time_uptime + age && 3013 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 3014 brt->brt_expire = time_uptime + age; 3015 } 3016 } 3017 BRIDGE_UNLOCK(sc); 3018} 3019 3020/* 3021 * bridge_state_change: 3022 * 3023 * Callback from the bridgestp code when a port changes states. 3024 */ 3025static void 3026bridge_state_change(struct ifnet *ifp, int state) 3027{ 3028 struct bridge_softc *sc = ifp->if_bridge; 3029 static const char *stpstates[] = { 3030 "disabled", 3031 "listening", 3032 "learning", 3033 "forwarding", 3034 "blocking", 3035 "discarding" 3036 }; 3037 3038 if (log_stp) 3039 log(LOG_NOTICE, "%s: state changed to %s on %s\n", 3040 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname); 3041} 3042 3043/* 3044 * Send bridge packets through pfil if they are one of the types pfil can deal 3045 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3046 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3047 * that interface. 3048 */ 3049static int 3050bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3051{ 3052 int snap, error, i, hlen; 3053 struct ether_header *eh1, eh2; 3054 struct ip_fw_args args; 3055 struct ip *ip; 3056 struct llc llc1; 3057 u_int16_t ether_type; 3058 3059 snap = 0; 3060 error = -1; /* Default error if not error == 0 */ 3061 3062#if 0 3063 /* we may return with the IP fields swapped, ensure its not shared */ 3064 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); 3065#endif 3066 3067 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0) 3068 return (0); /* filtering is disabled */ 3069 3070 i = min((*mp)->m_pkthdr.len, max_protohdr); 3071 if ((*mp)->m_len < i) { 3072 *mp = m_pullup(*mp, i); 3073 if (*mp == NULL) { 3074 printf("%s: m_pullup failed\n", __func__); 3075 return (-1); 3076 } 3077 } 3078 3079 eh1 = mtod(*mp, struct ether_header *); 3080 ether_type = ntohs(eh1->ether_type); 3081 3082 /* 3083 * Check for SNAP/LLC. 3084 */ 3085 if (ether_type < ETHERMTU) { 3086 struct llc *llc2 = (struct llc *)(eh1 + 1); 3087 3088 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3089 llc2->llc_dsap == LLC_SNAP_LSAP && 3090 llc2->llc_ssap == LLC_SNAP_LSAP && 3091 llc2->llc_control == LLC_UI) { 3092 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3093 snap = 1; 3094 } 3095 } 3096 3097 /* 3098 * If we're trying to filter bridge traffic, don't look at anything 3099 * other than IP and ARP traffic. If the filter doesn't understand 3100 * IPv6, don't allow IPv6 through the bridge either. This is lame 3101 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3102 * but of course we don't have an AppleTalk filter to begin with. 3103 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3104 * ARP traffic.) 3105 */ 3106 switch (ether_type) { 3107 case ETHERTYPE_ARP: 3108 case ETHERTYPE_REVARP: 3109 if (pfil_ipfw_arp == 0) 3110 return (0); /* Automatically pass */ 3111 break; 3112 3113 case ETHERTYPE_IP: 3114#ifdef INET6 3115 case ETHERTYPE_IPV6: 3116#endif /* INET6 */ 3117 break; 3118 default: 3119 /* 3120 * Check to see if the user wants to pass non-ip 3121 * packets, these will not be checked by pfil(9) and 3122 * passed unconditionally so the default is to drop. 3123 */ 3124 if (pfil_onlyip) 3125 goto bad; 3126 } 3127 3128 /* Strip off the Ethernet header and keep a copy. */ 3129 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3130 m_adj(*mp, ETHER_HDR_LEN); 3131 3132 /* Strip off snap header, if present */ 3133 if (snap) { 3134 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3135 m_adj(*mp, sizeof(struct llc)); 3136 } 3137 3138 /* 3139 * Check the IP header for alignment and errors 3140 */ 3141 if (dir == PFIL_IN) { 3142 switch (ether_type) { 3143 case ETHERTYPE_IP: 3144 error = bridge_ip_checkbasic(mp); 3145 break; 3146#ifdef INET6 3147 case ETHERTYPE_IPV6: 3148 error = bridge_ip6_checkbasic(mp); 3149 break; 3150#endif /* INET6 */ 3151 default: 3152 error = 0; 3153 } 3154 if (error) 3155 goto bad; 3156 } 3157 3158 /* XXX this section is also in if_ethersubr.c */ 3159 // XXX PFIL_OUT or DIR_OUT ? 3160 if (V_ip_fw_chk_ptr && pfil_ipfw != 0 && 3161 dir == PFIL_OUT && ifp != NULL) { 3162 struct m_tag *mtag; 3163 3164 error = -1; 3165 /* fetch the start point from existing tags, if any */ 3166 mtag = m_tag_locate(*mp, MTAG_IPFW_RULE, 0, NULL); 3167 if (mtag == NULL) { 3168 args.rule.slot = 0; 3169 } else { 3170 struct ipfw_rule_ref *r; 3171 3172 /* XXX can we free the tag after use ? */ 3173 mtag->m_tag_id = PACKET_TAG_NONE; 3174 r = (struct ipfw_rule_ref *)(mtag + 1); 3175 /* packet already partially processed ? */ 3176 if (r->info & IPFW_ONEPASS) 3177 goto ipfwpass; 3178 args.rule = *r; 3179 } 3180 3181 args.m = *mp; 3182 args.oif = ifp; 3183 args.next_hop = NULL; 3184 args.next_hop6 = NULL; 3185 args.eh = &eh2; 3186 args.inp = NULL; /* used by ipfw uid/gid/jail rules */ 3187 i = V_ip_fw_chk_ptr(&args); 3188 *mp = args.m; 3189 3190 if (*mp == NULL) 3191 return (error); 3192 3193 if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) { 3194 3195 /* put the Ethernet header back on */ 3196 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3197 if (*mp == NULL) 3198 return (error); 3199 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3200 3201 /* 3202 * Pass the pkt to dummynet, which consumes it. The 3203 * packet will return to us via bridge_dummynet(). 3204 */ 3205 args.oif = ifp; 3206 ip_dn_io_ptr(mp, DIR_FWD | PROTO_IFB, &args); 3207 return (error); 3208 } 3209 3210 if (i != IP_FW_PASS) /* drop */ 3211 goto bad; 3212 } 3213 3214ipfwpass: 3215 error = 0; 3216 3217 /* 3218 * Run the packet through pfil 3219 */ 3220 switch (ether_type) { 3221 case ETHERTYPE_IP: 3222 /* 3223 * before calling the firewall, swap fields the same as 3224 * IP does. here we assume the header is contiguous 3225 */ 3226 ip = mtod(*mp, struct ip *); 3227 3228 ip->ip_len = ntohs(ip->ip_len); 3229 ip->ip_off = ntohs(ip->ip_off); 3230 3231 /* 3232 * Run pfil on the member interface and the bridge, both can 3233 * be skipped by clearing pfil_member or pfil_bridge. 3234 * 3235 * Keep the order: 3236 * in_if -> bridge_if -> out_if 3237 */ 3238 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3239 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3240 dir, NULL); 3241 3242 if (*mp == NULL || error != 0) /* filter may consume */ 3243 break; 3244 3245 if (pfil_member && ifp != NULL) 3246 error = pfil_run_hooks(&V_inet_pfil_hook, mp, ifp, 3247 dir, NULL); 3248 3249 if (*mp == NULL || error != 0) /* filter may consume */ 3250 break; 3251 3252 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3253 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp, 3254 dir, NULL); 3255 3256 if (*mp == NULL || error != 0) /* filter may consume */ 3257 break; 3258 3259 /* check if we need to fragment the packet */ 3260 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 3261 i = (*mp)->m_pkthdr.len; 3262 if (i > ifp->if_mtu) { 3263 error = bridge_fragment(ifp, *mp, &eh2, snap, 3264 &llc1); 3265 return (error); 3266 } 3267 } 3268 3269 /* Recalculate the ip checksum and restore byte ordering */ 3270 ip = mtod(*mp, struct ip *); 3271 hlen = ip->ip_hl << 2; 3272 if (hlen < sizeof(struct ip)) 3273 goto bad; 3274 if (hlen > (*mp)->m_len) { 3275 if ((*mp = m_pullup(*mp, hlen)) == 0) 3276 goto bad; 3277 ip = mtod(*mp, struct ip *); 3278 if (ip == NULL) 3279 goto bad; 3280 } 3281 ip->ip_len = htons(ip->ip_len); 3282 ip->ip_off = htons(ip->ip_off); 3283 ip->ip_sum = 0; 3284 if (hlen == sizeof(struct ip)) 3285 ip->ip_sum = in_cksum_hdr(ip); 3286 else 3287 ip->ip_sum = in_cksum(*mp, hlen); 3288 3289 break; 3290#ifdef INET6 3291 case ETHERTYPE_IPV6: 3292 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 3293 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3294 dir, NULL); 3295 3296 if (*mp == NULL || error != 0) /* filter may consume */ 3297 break; 3298 3299 if (pfil_member && ifp != NULL) 3300 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, ifp, 3301 dir, NULL); 3302 3303 if (*mp == NULL || error != 0) /* filter may consume */ 3304 break; 3305 3306 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 3307 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp, 3308 dir, NULL); 3309 break; 3310#endif 3311 default: 3312 error = 0; 3313 break; 3314 } 3315 3316 if (*mp == NULL) 3317 return (error); 3318 if (error != 0) 3319 goto bad; 3320 3321 error = -1; 3322 3323 /* 3324 * Finally, put everything back the way it was and return 3325 */ 3326 if (snap) { 3327 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 3328 if (*mp == NULL) 3329 return (error); 3330 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 3331 } 3332 3333 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 3334 if (*mp == NULL) 3335 return (error); 3336 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 3337 3338 return (0); 3339 3340bad: 3341 m_freem(*mp); 3342 *mp = NULL; 3343 return (error); 3344} 3345 3346/* 3347 * Perform basic checks on header size since 3348 * pfil assumes ip_input has already processed 3349 * it for it. Cut-and-pasted from ip_input.c. 3350 * Given how simple the IPv6 version is, 3351 * does the IPv4 version really need to be 3352 * this complicated? 3353 * 3354 * XXX Should we update ipstat here, or not? 3355 * XXX Right now we update ipstat but not 3356 * XXX csum_counter. 3357 */ 3358static int 3359bridge_ip_checkbasic(struct mbuf **mp) 3360{ 3361 struct mbuf *m = *mp; 3362 struct ip *ip; 3363 int len, hlen; 3364 u_short sum; 3365 3366 if (*mp == NULL) 3367 return (-1); 3368 3369 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3370 if ((m = m_copyup(m, sizeof(struct ip), 3371 (max_linkhdr + 3) & ~3)) == NULL) { 3372 /* XXXJRT new stat, please */ 3373 KMOD_IPSTAT_INC(ips_toosmall); 3374 goto bad; 3375 } 3376 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 3377 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 3378 KMOD_IPSTAT_INC(ips_toosmall); 3379 goto bad; 3380 } 3381 } 3382 ip = mtod(m, struct ip *); 3383 if (ip == NULL) goto bad; 3384 3385 if (ip->ip_v != IPVERSION) { 3386 KMOD_IPSTAT_INC(ips_badvers); 3387 goto bad; 3388 } 3389 hlen = ip->ip_hl << 2; 3390 if (hlen < sizeof(struct ip)) { /* minimum header length */ 3391 KMOD_IPSTAT_INC(ips_badhlen); 3392 goto bad; 3393 } 3394 if (hlen > m->m_len) { 3395 if ((m = m_pullup(m, hlen)) == 0) { 3396 KMOD_IPSTAT_INC(ips_badhlen); 3397 goto bad; 3398 } 3399 ip = mtod(m, struct ip *); 3400 if (ip == NULL) goto bad; 3401 } 3402 3403 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 3404 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 3405 } else { 3406 if (hlen == sizeof(struct ip)) { 3407 sum = in_cksum_hdr(ip); 3408 } else { 3409 sum = in_cksum(m, hlen); 3410 } 3411 } 3412 if (sum) { 3413 KMOD_IPSTAT_INC(ips_badsum); 3414 goto bad; 3415 } 3416 3417 /* Retrieve the packet length. */ 3418 len = ntohs(ip->ip_len); 3419 3420 /* 3421 * Check for additional length bogosity 3422 */ 3423 if (len < hlen) { 3424 KMOD_IPSTAT_INC(ips_badlen); 3425 goto bad; 3426 } 3427 3428 /* 3429 * Check that the amount of data in the buffers 3430 * is as at least much as the IP header would have us expect. 3431 * Drop packet if shorter than we expect. 3432 */ 3433 if (m->m_pkthdr.len < len) { 3434 KMOD_IPSTAT_INC(ips_tooshort); 3435 goto bad; 3436 } 3437 3438 /* Checks out, proceed */ 3439 *mp = m; 3440 return (0); 3441 3442bad: 3443 *mp = m; 3444 return (-1); 3445} 3446 3447#ifdef INET6 3448/* 3449 * Same as above, but for IPv6. 3450 * Cut-and-pasted from ip6_input.c. 3451 * XXX Should we update ip6stat, or not? 3452 */ 3453static int 3454bridge_ip6_checkbasic(struct mbuf **mp) 3455{ 3456 struct mbuf *m = *mp; 3457 struct ip6_hdr *ip6; 3458 3459 /* 3460 * If the IPv6 header is not aligned, slurp it up into a new 3461 * mbuf with space for link headers, in the event we forward 3462 * it. Otherwise, if it is aligned, make sure the entire base 3463 * IPv6 header is in the first mbuf of the chain. 3464 */ 3465 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 3466 struct ifnet *inifp = m->m_pkthdr.rcvif; 3467 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 3468 (max_linkhdr + 3) & ~3)) == NULL) { 3469 /* XXXJRT new stat, please */ 3470 IP6STAT_INC(ip6s_toosmall); 3471 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3472 goto bad; 3473 } 3474 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 3475 struct ifnet *inifp = m->m_pkthdr.rcvif; 3476 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 3477 IP6STAT_INC(ip6s_toosmall); 3478 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 3479 goto bad; 3480 } 3481 } 3482 3483 ip6 = mtod(m, struct ip6_hdr *); 3484 3485 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 3486 IP6STAT_INC(ip6s_badvers); 3487 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 3488 goto bad; 3489 } 3490 3491 /* Checks out, proceed */ 3492 *mp = m; 3493 return (0); 3494 3495bad: 3496 *mp = m; 3497 return (-1); 3498} 3499#endif /* INET6 */ 3500 3501/* 3502 * bridge_fragment: 3503 * 3504 * Return a fragmented mbuf chain. 3505 */ 3506static int 3507bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 3508 int snap, struct llc *llc) 3509{ 3510 struct mbuf *m0; 3511 struct ip *ip; 3512 int error = -1; 3513 3514 if (m->m_len < sizeof(struct ip) && 3515 (m = m_pullup(m, sizeof(struct ip))) == NULL) 3516 goto out; 3517 ip = mtod(m, struct ip *); 3518 3519 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 3520 CSUM_DELAY_IP); 3521 if (error) 3522 goto out; 3523 3524 /* walk the chain and re-add the Ethernet header */ 3525 for (m0 = m; m0; m0 = m0->m_nextpkt) { 3526 if (error == 0) { 3527 if (snap) { 3528 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT); 3529 if (m0 == NULL) { 3530 error = ENOBUFS; 3531 continue; 3532 } 3533 bcopy(llc, mtod(m0, caddr_t), 3534 sizeof(struct llc)); 3535 } 3536 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT); 3537 if (m0 == NULL) { 3538 error = ENOBUFS; 3539 continue; 3540 } 3541 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 3542 } else 3543 m_freem(m); 3544 } 3545 3546 if (error == 0) 3547 KMOD_IPSTAT_INC(ips_fragmented); 3548 3549 return (error); 3550 3551out: 3552 if (m != NULL) 3553 m_freem(m); 3554 return (error); 3555} 3556 3557static void 3558bridge_linkstate(struct ifnet *ifp) 3559{ 3560 struct bridge_softc *sc = ifp->if_bridge; 3561 struct bridge_iflist *bif; 3562 3563 BRIDGE_LOCK(sc); 3564 bif = bridge_lookup_member_if(sc, ifp); 3565 if (bif == NULL) { 3566 BRIDGE_UNLOCK(sc); 3567 return; 3568 } 3569 bridge_linkcheck(sc); 3570 BRIDGE_UNLOCK(sc); 3571 3572 bstp_linkstate(&bif->bif_stp); 3573} 3574 3575static void 3576bridge_linkcheck(struct bridge_softc *sc) 3577{ 3578 struct bridge_iflist *bif; 3579 int new_link, hasls; 3580 3581 BRIDGE_LOCK_ASSERT(sc); 3582 new_link = LINK_STATE_DOWN; 3583 hasls = 0; 3584 /* Our link is considered up if at least one of our ports is active */ 3585 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 3586 if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE) 3587 hasls++; 3588 if (bif->bif_ifp->if_link_state == LINK_STATE_UP) { 3589 new_link = LINK_STATE_UP; 3590 break; 3591 } 3592 } 3593 if (!LIST_EMPTY(&sc->sc_iflist) && !hasls) { 3594 /* If no interfaces support link-state then we default to up */ 3595 new_link = LINK_STATE_UP; 3596 } 3597 if_link_state_change(sc->sc_ifp, new_link); 3598} 3599