1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 * $DragonFly: src/sys/net/bridge/if_bridge.c,v 1.28 2008/01/11 11:59:40 sephe Exp $ 70 */ 71 72 /* 73 * Network interface bridge support. 74 * 75 * TODO: 76 * 77 * - Currently only supports Ethernet-like interfaces (Ethernet, 78 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 79 * to bridge other types of interfaces (FDDI-FDDI, and maybe 80 * consider heterogenous bridges). 81 */ 82 83 #include <sys/cdefs.h> 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <sys/module.h> 101 #include <sys/proc.h> 102 #include <sys/lock.h> 103 #include <sys/thread.h> 104 #include <sys/thread2.h> 105 #include <sys/mpipe.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 #include <net/ifq_var.h> 114 #include <net/if_clone.h> 115 116 #include <netinet/in.h> /* for struct arpcom */ 117 #include <netinet/in_systm.h> 118 #include <netinet/in_var.h> 119 #include <netinet/ip.h> 120 #include <netinet/ip_var.h> 121 #ifdef INET6 122 #include <netinet/ip6.h> 123 #include <netinet6/ip6_var.h> 124 #endif 125 #include <netinet/if_ether.h> /* for struct arpcom */ 126 #include <net/bridge/if_bridgevar.h> 127 #include <net/if_llc.h> 128 #include <net/netmsg2.h> 129 130 #include <net/route.h> 131 #include <sys/in_cksum.h> 132 133 /* 134 * Size of the route hash table. Must be a power of two. 135 */ 136 #ifndef BRIDGE_RTHASH_SIZE 137 #define BRIDGE_RTHASH_SIZE 1024 138 #endif 139 140 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 141 142 /* 143 * Maximum number of addresses to cache. 144 */ 145 #ifndef BRIDGE_RTABLE_MAX 146 #define BRIDGE_RTABLE_MAX 100 147 #endif 148 149 /* 150 * Spanning tree defaults. 151 */ 152 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 153 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 154 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 155 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 156 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 157 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 158 #define BSTP_DEFAULT_PATH_COST 55 159 160 /* 161 * Timeout (in seconds) for entries learned dynamically. 162 */ 163 #ifndef BRIDGE_RTABLE_TIMEOUT 164 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 165 #endif 166 167 /* 168 * Number of seconds between walks of the route list. 169 */ 170 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 171 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 172 #endif 173 174 /* 175 * List of capabilities to mask on the member interface. 176 */ 177 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 178 179 eventhandler_tag bridge_detach_cookie = NULL; 180 181 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 182 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *, 183 struct sockaddr *, struct rtentry *); 184 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 185 186 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 187 188 static int bridge_clone_create(struct if_clone *, int); 189 static void bridge_clone_destroy(struct ifnet *); 190 191 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 192 static void bridge_mutecaps(struct bridge_iflist *, int); 193 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 194 static void bridge_init(void *); 195 static void bridge_stop(struct ifnet *); 196 static void bridge_start(struct ifnet *); 197 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 198 static int bridge_output_serialized(struct ifnet *, struct mbuf *, 199 struct sockaddr *, struct rtentry *); 200 201 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 202 203 static void bridge_timer(void *); 204 205 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 206 struct mbuf *, int); 207 static void bridge_span(struct bridge_softc *, struct mbuf *); 208 209 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 210 struct ifnet *, int, uint8_t); 211 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 212 static void bridge_rttrim(struct bridge_softc *); 213 static void bridge_rtage(struct bridge_softc *); 214 static void bridge_rtflush(struct bridge_softc *, int); 215 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 216 217 static int bridge_rtable_init(struct bridge_softc *); 218 static void bridge_rtable_fini(struct bridge_softc *); 219 220 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 221 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 222 const uint8_t *); 223 static int bridge_rtnode_insert(struct bridge_softc *, 224 struct bridge_rtnode *); 225 static void bridge_rtnode_destroy(struct bridge_softc *, 226 struct bridge_rtnode *); 227 228 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 229 const char *name); 230 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 231 struct ifnet *ifp); 232 static void bridge_delete_member(struct bridge_softc *, 233 struct bridge_iflist *, int); 234 static void bridge_delete_span(struct bridge_softc *, 235 struct bridge_iflist *); 236 237 static int bridge_ioctl_add(struct bridge_softc *, void *); 238 static int bridge_ioctl_del(struct bridge_softc *, void *); 239 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 240 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 241 static int bridge_ioctl_scache(struct bridge_softc *, void *); 242 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 243 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 244 static int bridge_ioctl_rts(struct bridge_softc *, void *); 245 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 246 static int bridge_ioctl_sto(struct bridge_softc *, void *); 247 static int bridge_ioctl_gto(struct bridge_softc *, void *); 248 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 249 static int bridge_ioctl_flush(struct bridge_softc *, void *); 250 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 251 static int bridge_ioctl_spri(struct bridge_softc *, void *); 252 static int bridge_ioctl_ght(struct bridge_softc *, void *); 253 static int bridge_ioctl_sht(struct bridge_softc *, void *); 254 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 255 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 256 static int bridge_ioctl_gma(struct bridge_softc *, void *); 257 static int bridge_ioctl_sma(struct bridge_softc *, void *); 258 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 259 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 260 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 261 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 262 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 263 int); 264 static int bridge_ip_checkbasic(struct mbuf **mp); 265 #ifdef INET6 266 static int bridge_ip6_checkbasic(struct mbuf **mp); 267 #endif /* INET6 */ 268 static int bridge_fragment(struct ifnet *, struct mbuf *, 269 struct ether_header *, int, struct llc *); 270 static void bridge_enqueue_internal(struct ifnet *, struct mbuf *m, 271 netisr_fn_t); 272 static void bridge_enqueue_handler(struct netmsg *); 273 static void bridge_pfil_enqueue_handler(struct netmsg *); 274 static void bridge_pfil_enqueue(struct ifnet *, struct mbuf *, int); 275 static void bridge_handoff_notags(struct ifnet *, struct mbuf *); 276 static void bridge_handoff(struct ifnet *, struct mbuf *); 277 278 SYSCTL_DECL(_net_link); 279 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 280 281 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 282 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 283 static int pfil_member = 1; /* run pfil hooks on the member interface */ 284 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 285 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 286 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 287 &pfil_bridge, 0, "Packet filter on the bridge interface"); 288 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 289 &pfil_member, 0, "Packet filter on the member interface"); 290 291 struct bridge_control { 292 int (*bc_func)(struct bridge_softc *, void *); 293 int bc_argsize; 294 int bc_flags; 295 }; 296 297 #define BC_F_COPYIN 0x01 /* copy arguments in */ 298 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 299 #define BC_F_SUSER 0x04 /* do super-user check */ 300 301 const struct bridge_control bridge_control_table[] = { 302 { bridge_ioctl_add, sizeof(struct ifbreq), 303 BC_F_COPYIN|BC_F_SUSER }, 304 { bridge_ioctl_del, sizeof(struct ifbreq), 305 BC_F_COPYIN|BC_F_SUSER }, 306 307 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 308 BC_F_COPYIN|BC_F_COPYOUT }, 309 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 310 BC_F_COPYIN|BC_F_SUSER }, 311 312 { bridge_ioctl_scache, sizeof(struct ifbrparam), 313 BC_F_COPYIN|BC_F_SUSER }, 314 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 315 BC_F_COPYOUT }, 316 317 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 318 BC_F_COPYIN|BC_F_COPYOUT }, 319 { bridge_ioctl_rts, sizeof(struct ifbaconf), 320 BC_F_COPYIN|BC_F_COPYOUT }, 321 322 { bridge_ioctl_saddr, sizeof(struct ifbareq), 323 BC_F_COPYIN|BC_F_SUSER }, 324 325 { bridge_ioctl_sto, sizeof(struct ifbrparam), 326 BC_F_COPYIN|BC_F_SUSER }, 327 { bridge_ioctl_gto, sizeof(struct ifbrparam), 328 BC_F_COPYOUT }, 329 330 { bridge_ioctl_daddr, sizeof(struct ifbareq), 331 BC_F_COPYIN|BC_F_SUSER }, 332 333 { bridge_ioctl_flush, sizeof(struct ifbreq), 334 BC_F_COPYIN|BC_F_SUSER }, 335 336 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 337 BC_F_COPYOUT }, 338 { bridge_ioctl_spri, sizeof(struct ifbrparam), 339 BC_F_COPYIN|BC_F_SUSER }, 340 341 { bridge_ioctl_ght, sizeof(struct ifbrparam), 342 BC_F_COPYOUT }, 343 { bridge_ioctl_sht, sizeof(struct ifbrparam), 344 BC_F_COPYIN|BC_F_SUSER }, 345 346 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 347 BC_F_COPYOUT }, 348 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 349 BC_F_COPYIN|BC_F_SUSER }, 350 351 { bridge_ioctl_gma, sizeof(struct ifbrparam), 352 BC_F_COPYOUT }, 353 { bridge_ioctl_sma, sizeof(struct ifbrparam), 354 BC_F_COPYIN|BC_F_SUSER }, 355 356 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 357 BC_F_COPYIN|BC_F_SUSER }, 358 359 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 360 BC_F_COPYIN|BC_F_SUSER }, 361 362 { bridge_ioctl_addspan, sizeof(struct ifbreq), 363 BC_F_COPYIN|BC_F_SUSER }, 364 { bridge_ioctl_delspan, sizeof(struct ifbreq), 365 BC_F_COPYIN|BC_F_SUSER }, 366 }; 367 const int bridge_control_table_size = 368 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 369 370 LIST_HEAD(, bridge_softc) bridge_list; 371 372 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 373 bridge_clone_create, 374 bridge_clone_destroy, 0, IF_MAXUNIT); 375 376 static int 377 bridge_modevent(module_t mod, int type, void *data) 378 { 379 switch (type) { 380 case MOD_LOAD: 381 LIST_INIT(&bridge_list); 382 if_clone_attach(&bridge_cloner); 383 bridge_input_p = bridge_input; 384 bridge_output_p = bridge_output_serialized; 385 bridge_detach_cookie = EVENTHANDLER_REGISTER( 386 ifnet_detach_event, bridge_ifdetach, NULL, 387 EVENTHANDLER_PRI_ANY); 388 #if notyet 389 bstp_linkstate_p = bstp_linkstate; 390 #endif 391 break; 392 case MOD_UNLOAD: 393 if (!LIST_EMPTY(&bridge_list)) 394 return (EBUSY); 395 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 396 bridge_detach_cookie); 397 if_clone_detach(&bridge_cloner); 398 bridge_input_p = NULL; 399 bridge_output_p = NULL; 400 #if notyet 401 bstp_linkstate_p = NULL; 402 #endif 403 break; 404 default: 405 return (EOPNOTSUPP); 406 } 407 return (0); 408 } 409 410 static moduledata_t bridge_mod = { 411 "if_bridge", 412 bridge_modevent, 413 0 414 }; 415 416 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 417 418 419 /* 420 * bridge_clone_create: 421 * 422 * Create a new bridge instance. 423 */ 424 static int 425 bridge_clone_create(struct if_clone *ifc, int unit) 426 { 427 struct bridge_softc *sc; 428 struct ifnet *ifp; 429 u_char eaddr[6]; 430 431 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 432 ifp = sc->sc_ifp = &sc->sc_if; 433 434 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 435 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 436 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 437 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 438 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 439 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 440 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 441 442 /* Initialize our routing table. */ 443 bridge_rtable_init(sc); 444 445 callout_init(&sc->sc_brcallout); 446 callout_init(&sc->sc_bstpcallout); 447 448 LIST_INIT(&sc->sc_iflist); 449 LIST_INIT(&sc->sc_spanlist); 450 451 ifp->if_softc = sc; 452 if_initname(ifp, ifc->ifc_name, unit); 453 ifp->if_mtu = ETHERMTU; 454 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 455 ifp->if_ioctl = bridge_ioctl; 456 ifp->if_start = bridge_start; 457 ifp->if_init = bridge_init; 458 ifp->if_type = IFT_BRIDGE; 459 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 460 ifp->if_snd.ifq_maxlen = ifqmaxlen; 461 ifq_set_ready(&ifp->if_snd); 462 ifp->if_hdrlen = ETHER_HDR_LEN; 463 464 /* 465 * Generate a random ethernet address and use the private AC:DE:48 466 * OUI code. 467 */ 468 { 469 int rnd = karc4random(); 470 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 471 rnd = karc4random(); 472 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 473 } 474 eaddr[0] &= ~1; /* clear multicast bit */ 475 eaddr[0] |= 2; /* set the LAA bit */ 476 477 ether_ifattach(ifp, eaddr, NULL); 478 /* Now undo some of the damage... */ 479 ifp->if_baudrate = 0; 480 ifp->if_type = IFT_BRIDGE; 481 482 crit_enter(); 483 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 484 crit_exit(); 485 486 return (0); 487 } 488 489 /* 490 * bridge_clone_destroy: 491 * 492 * Destroy a bridge instance. 493 */ 494 static void 495 bridge_clone_destroy(struct ifnet *ifp) 496 { 497 struct bridge_softc *sc = ifp->if_softc; 498 struct bridge_iflist *bif; 499 500 lwkt_serialize_enter(ifp->if_serializer); 501 502 bridge_stop(ifp); 503 ifp->if_flags &= ~IFF_UP; 504 505 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 506 bridge_delete_member(sc, bif, 0); 507 508 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 509 bridge_delete_span(sc, bif); 510 } 511 512 callout_stop(&sc->sc_brcallout); 513 callout_stop(&sc->sc_bstpcallout); 514 515 lwkt_serialize_exit(ifp->if_serializer); 516 517 crit_enter(); 518 LIST_REMOVE(sc, sc_list); 519 crit_exit(); 520 521 ether_ifdetach(ifp); 522 523 /* Tear down the routing table. */ 524 bridge_rtable_fini(sc); 525 526 kfree(sc, M_DEVBUF); 527 } 528 529 /* 530 * bridge_ioctl: 531 * 532 * Handle a control request from the operator. 533 */ 534 static int 535 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 536 { 537 struct bridge_softc *sc = ifp->if_softc; 538 union { 539 struct ifbreq ifbreq; 540 struct ifbifconf ifbifconf; 541 struct ifbareq ifbareq; 542 struct ifbaconf ifbaconf; 543 struct ifbrparam ifbrparam; 544 } args; 545 struct ifdrv *ifd = (struct ifdrv *) data; 546 const struct bridge_control *bc; 547 int error = 0; 548 549 ASSERT_SERIALIZED(ifp->if_serializer); 550 551 switch (cmd) { 552 case SIOCADDMULTI: 553 case SIOCDELMULTI: 554 break; 555 556 case SIOCGDRVSPEC: 557 case SIOCSDRVSPEC: 558 if (ifd->ifd_cmd >= bridge_control_table_size) { 559 error = EINVAL; 560 break; 561 } 562 bc = &bridge_control_table[ifd->ifd_cmd]; 563 564 if (cmd == SIOCGDRVSPEC && 565 (bc->bc_flags & BC_F_COPYOUT) == 0) { 566 error = EINVAL; 567 break; 568 } else if (cmd == SIOCSDRVSPEC && 569 (bc->bc_flags & BC_F_COPYOUT) != 0) { 570 error = EINVAL; 571 break; 572 } 573 574 if (bc->bc_flags & BC_F_SUSER) { 575 error = suser_cred(cr, NULL_CRED_OKAY); 576 if (error) 577 break; 578 } 579 580 if (ifd->ifd_len != bc->bc_argsize || 581 ifd->ifd_len > sizeof(args)) { 582 error = EINVAL; 583 break; 584 } 585 586 memset(&args, 0, sizeof(args)); 587 if (bc->bc_flags & BC_F_COPYIN) { 588 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 589 if (error) 590 break; 591 } 592 593 error = bc->bc_func(sc, &args); 594 if (error) 595 break; 596 597 if (bc->bc_flags & BC_F_COPYOUT) 598 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 599 break; 600 601 case SIOCSIFFLAGS: 602 if (!(ifp->if_flags & IFF_UP) && 603 (ifp->if_flags & IFF_RUNNING)) { 604 /* 605 * If interface is marked down and it is running, 606 * then stop it. 607 */ 608 bridge_stop(ifp); 609 } else if ((ifp->if_flags & IFF_UP) && 610 !(ifp->if_flags & IFF_RUNNING)) { 611 /* 612 * If interface is marked up and it is stopped, then 613 * start it. 614 */ 615 ifp->if_init(sc); 616 } 617 break; 618 619 case SIOCSIFMTU: 620 /* Do not allow the MTU to be changed on the bridge */ 621 error = EINVAL; 622 break; 623 624 default: 625 error = ether_ioctl(ifp, cmd, data); 626 break; 627 } 628 return (error); 629 } 630 631 /* 632 * bridge_mutecaps: 633 * 634 * Clear or restore unwanted capabilities on the member interface 635 */ 636 static void 637 bridge_mutecaps(struct bridge_iflist *bif, int mute) 638 { 639 struct ifnet *ifp = bif->bif_ifp; 640 struct ifreq ifr; 641 int error; 642 643 if (ifp->if_ioctl == NULL) 644 return; 645 646 bzero(&ifr, sizeof(ifr)); 647 ifr.ifr_reqcap = ifp->if_capenable; 648 649 if (mute) { 650 /* mask off and save capabilities */ 651 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 652 if (bif->bif_mutecap != 0) 653 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 654 } else 655 /* restore muted capabilities */ 656 ifr.ifr_reqcap |= bif->bif_mutecap; 657 658 if (bif->bif_mutecap != 0) { 659 lwkt_serialize_enter(ifp->if_serializer); 660 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 661 lwkt_serialize_exit(ifp->if_serializer); 662 } 663 } 664 665 /* 666 * bridge_lookup_member: 667 * 668 * Lookup a bridge member interface. 669 */ 670 static struct bridge_iflist * 671 bridge_lookup_member(struct bridge_softc *sc, const char *name) 672 { 673 struct bridge_iflist *bif; 674 struct ifnet *ifp; 675 676 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 677 ifp = bif->bif_ifp; 678 if (strcmp(ifp->if_xname, name) == 0) 679 return (bif); 680 } 681 682 return (NULL); 683 } 684 685 /* 686 * bridge_lookup_member_if: 687 * 688 * Lookup a bridge member interface by ifnet*. 689 */ 690 static struct bridge_iflist * 691 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 692 { 693 struct bridge_iflist *bif; 694 695 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 696 if (bif->bif_ifp == member_ifp) 697 return (bif); 698 } 699 700 return (NULL); 701 } 702 703 /* 704 * bridge_delete_member: 705 * 706 * Delete the specified member interface. 707 */ 708 static void 709 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 710 int gone) 711 { 712 struct ifnet *ifs = bif->bif_ifp; 713 714 if (!gone) { 715 switch (ifs->if_type) { 716 case IFT_ETHER: 717 case IFT_L2VLAN: 718 /* 719 * Take the interface out of promiscuous mode. 720 */ 721 (void) ifpromisc(ifs, 0); 722 bridge_mutecaps(bif, 0); 723 break; 724 725 case IFT_GIF: 726 break; 727 728 default: 729 #ifdef DIAGNOSTIC 730 panic("bridge_delete_member: impossible"); 731 #endif 732 break; 733 } 734 } 735 736 ifs->if_bridge = NULL; 737 LIST_REMOVE(bif, bif_next); 738 739 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 740 741 kfree(bif, M_DEVBUF); 742 743 if (sc->sc_ifp->if_flags & IFF_RUNNING) 744 bstp_initialization(sc); 745 } 746 747 /* 748 * bridge_delete_span: 749 * 750 * Delete the specified span interface. 751 */ 752 static void 753 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 754 { 755 KASSERT(bif->bif_ifp->if_bridge == NULL, 756 ("%s: not a span interface", __func__)); 757 758 LIST_REMOVE(bif, bif_next); 759 kfree(bif, M_DEVBUF); 760 } 761 762 static int 763 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 764 { 765 struct ifbreq *req = arg; 766 struct bridge_iflist *bif = NULL; 767 struct ifnet *ifs; 768 int error = 0; 769 770 ifs = ifunit(req->ifbr_ifsname); 771 if (ifs == NULL) 772 return (ENOENT); 773 774 /* If it's in the span list, it can't be a member. */ 775 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 776 if (ifs == bif->bif_ifp) 777 return (EBUSY); 778 779 /* Allow the first Ethernet member to define the MTU */ 780 if (ifs->if_type != IFT_GIF) { 781 if (LIST_EMPTY(&sc->sc_iflist)) 782 sc->sc_ifp->if_mtu = ifs->if_mtu; 783 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 784 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 785 ifs->if_xname); 786 return (EINVAL); 787 } 788 } 789 790 if (ifs->if_bridge == sc) 791 return (EEXIST); 792 793 if (ifs->if_bridge != NULL) 794 return (EBUSY); 795 796 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 797 bif->bif_ifp = ifs; 798 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 799 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 800 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 801 802 switch (ifs->if_type) { 803 case IFT_ETHER: 804 case IFT_L2VLAN: 805 /* 806 * Place the interface into promiscuous mode. 807 */ 808 error = ifpromisc(ifs, 1); 809 if (error) 810 goto out; 811 812 bridge_mutecaps(bif, 1); 813 break; 814 815 case IFT_GIF: /* :^) */ 816 break; 817 818 default: 819 error = EINVAL; 820 goto out; 821 } 822 823 ifs->if_bridge = sc; 824 825 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 826 827 if (sc->sc_ifp->if_flags & IFF_RUNNING) 828 bstp_initialization(sc); 829 else 830 bstp_stop(sc); 831 832 out: 833 if (error) { 834 if (bif != NULL) 835 kfree(bif, M_DEVBUF); 836 } 837 return (error); 838 } 839 840 static int 841 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 842 { 843 struct ifbreq *req = arg; 844 struct bridge_iflist *bif; 845 846 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 847 if (bif == NULL) 848 return (ENOENT); 849 850 bridge_delete_member(sc, bif, 0); 851 852 return (0); 853 } 854 855 static int 856 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 857 { 858 struct ifbreq *req = arg; 859 struct bridge_iflist *bif; 860 861 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 862 if (bif == NULL) 863 return (ENOENT); 864 865 req->ifbr_ifsflags = bif->bif_flags; 866 req->ifbr_state = bif->bif_state; 867 req->ifbr_priority = bif->bif_priority; 868 req->ifbr_path_cost = bif->bif_path_cost; 869 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 870 871 return (0); 872 } 873 874 static int 875 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 876 { 877 struct ifbreq *req = arg; 878 struct bridge_iflist *bif; 879 880 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 881 if (bif == NULL) 882 return (ENOENT); 883 884 if (req->ifbr_ifsflags & IFBIF_SPAN) 885 /* SPAN is readonly */ 886 return (EINVAL); 887 888 if (req->ifbr_ifsflags & IFBIF_STP) { 889 switch (bif->bif_ifp->if_type) { 890 case IFT_ETHER: 891 /* These can do spanning tree. */ 892 break; 893 894 default: 895 /* Nothing else can. */ 896 return (EINVAL); 897 } 898 } 899 900 bif->bif_flags = req->ifbr_ifsflags; 901 902 if (sc->sc_ifp->if_flags & IFF_RUNNING) 903 bstp_initialization(sc); 904 905 return (0); 906 } 907 908 static int 909 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 910 { 911 struct ifbrparam *param = arg; 912 913 sc->sc_brtmax = param->ifbrp_csize; 914 bridge_rttrim(sc); 915 916 return (0); 917 } 918 919 static int 920 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 921 { 922 struct ifbrparam *param = arg; 923 924 param->ifbrp_csize = sc->sc_brtmax; 925 926 return (0); 927 } 928 929 static int 930 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 931 { 932 struct ifbifconf *bifc = arg; 933 struct bridge_iflist *bif; 934 struct ifbreq breq; 935 int count, len, error = 0; 936 937 count = 0; 938 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 939 count++; 940 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 941 count++; 942 943 if (bifc->ifbic_len == 0) { 944 bifc->ifbic_len = sizeof(breq) * count; 945 return (0); 946 } 947 948 count = 0; 949 len = bifc->ifbic_len; 950 memset(&breq, 0, sizeof breq); 951 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 952 if (len < sizeof(breq)) 953 break; 954 955 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 956 sizeof(breq.ifbr_ifsname)); 957 breq.ifbr_ifsflags = bif->bif_flags; 958 breq.ifbr_state = bif->bif_state; 959 breq.ifbr_priority = bif->bif_priority; 960 breq.ifbr_path_cost = bif->bif_path_cost; 961 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 962 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 963 if (error) 964 break; 965 count++; 966 len -= sizeof(breq); 967 } 968 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 969 if (len < sizeof(breq)) 970 break; 971 972 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 973 sizeof(breq.ifbr_ifsname)); 974 breq.ifbr_ifsflags = bif->bif_flags; 975 breq.ifbr_state = bif->bif_state; 976 breq.ifbr_priority = bif->bif_priority; 977 breq.ifbr_path_cost = bif->bif_path_cost; 978 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 979 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 980 if (error) 981 break; 982 count++; 983 len -= sizeof(breq); 984 } 985 986 bifc->ifbic_len = sizeof(breq) * count; 987 return (error); 988 } 989 990 static int 991 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 992 { 993 struct ifbaconf *bac = arg; 994 struct bridge_rtnode *brt; 995 struct ifbareq bareq; 996 int count = 0, error = 0, len; 997 998 if (bac->ifbac_len == 0) 999 return (0); 1000 1001 len = bac->ifbac_len; 1002 memset(&bareq, 0, sizeof(bareq)); 1003 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1004 if (len < sizeof(bareq)) 1005 goto out; 1006 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1007 sizeof(bareq.ifba_ifsname)); 1008 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1009 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1010 time_second < brt->brt_expire) 1011 bareq.ifba_expire = brt->brt_expire - time_second; 1012 else 1013 bareq.ifba_expire = 0; 1014 bareq.ifba_flags = brt->brt_flags; 1015 1016 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1017 if (error) 1018 goto out; 1019 count++; 1020 len -= sizeof(bareq); 1021 } 1022 out: 1023 bac->ifbac_len = sizeof(bareq) * count; 1024 return (error); 1025 } 1026 1027 static int 1028 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1029 { 1030 struct ifbareq *req = arg; 1031 struct bridge_iflist *bif; 1032 int error; 1033 1034 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1035 if (bif == NULL) 1036 return (ENOENT); 1037 1038 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1039 req->ifba_flags); 1040 1041 return (error); 1042 } 1043 1044 static int 1045 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1046 { 1047 struct ifbrparam *param = arg; 1048 1049 sc->sc_brttimeout = param->ifbrp_ctime; 1050 1051 return (0); 1052 } 1053 1054 static int 1055 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1056 { 1057 struct ifbrparam *param = arg; 1058 1059 param->ifbrp_ctime = sc->sc_brttimeout; 1060 1061 return (0); 1062 } 1063 1064 static int 1065 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1066 { 1067 struct ifbareq *req = arg; 1068 1069 return (bridge_rtdaddr(sc, req->ifba_dst)); 1070 } 1071 1072 static int 1073 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1074 { 1075 struct ifbreq *req = arg; 1076 1077 bridge_rtflush(sc, req->ifbr_ifsflags); 1078 1079 return (0); 1080 } 1081 1082 static int 1083 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1084 { 1085 struct ifbrparam *param = arg; 1086 1087 param->ifbrp_prio = sc->sc_bridge_priority; 1088 1089 return (0); 1090 } 1091 1092 static int 1093 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1094 { 1095 struct ifbrparam *param = arg; 1096 1097 sc->sc_bridge_priority = param->ifbrp_prio; 1098 1099 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1100 bstp_initialization(sc); 1101 1102 return (0); 1103 } 1104 1105 static int 1106 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1107 { 1108 struct ifbrparam *param = arg; 1109 1110 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1111 1112 return (0); 1113 } 1114 1115 static int 1116 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1117 { 1118 struct ifbrparam *param = arg; 1119 1120 if (param->ifbrp_hellotime == 0) 1121 return (EINVAL); 1122 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1123 1124 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1125 bstp_initialization(sc); 1126 1127 return (0); 1128 } 1129 1130 static int 1131 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1132 { 1133 struct ifbrparam *param = arg; 1134 1135 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1136 1137 return (0); 1138 } 1139 1140 static int 1141 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1142 { 1143 struct ifbrparam *param = arg; 1144 1145 if (param->ifbrp_fwddelay == 0) 1146 return (EINVAL); 1147 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1148 1149 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1150 bstp_initialization(sc); 1151 1152 return (0); 1153 } 1154 1155 static int 1156 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1157 { 1158 struct ifbrparam *param = arg; 1159 1160 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1161 1162 return (0); 1163 } 1164 1165 static int 1166 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1167 { 1168 struct ifbrparam *param = arg; 1169 1170 if (param->ifbrp_maxage == 0) 1171 return (EINVAL); 1172 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1173 1174 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1175 bstp_initialization(sc); 1176 1177 return (0); 1178 } 1179 1180 static int 1181 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1182 { 1183 struct ifbreq *req = arg; 1184 struct bridge_iflist *bif; 1185 1186 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1187 if (bif == NULL) 1188 return (ENOENT); 1189 1190 bif->bif_priority = req->ifbr_priority; 1191 1192 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1193 bstp_initialization(sc); 1194 1195 return (0); 1196 } 1197 1198 static int 1199 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1200 { 1201 struct ifbreq *req = arg; 1202 struct bridge_iflist *bif; 1203 1204 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1205 if (bif == NULL) 1206 return (ENOENT); 1207 1208 bif->bif_path_cost = req->ifbr_path_cost; 1209 1210 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1211 bstp_initialization(sc); 1212 1213 return (0); 1214 } 1215 1216 static int 1217 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1218 { 1219 struct ifbreq *req = arg; 1220 struct bridge_iflist *bif = NULL; 1221 struct ifnet *ifs; 1222 1223 ifs = ifunit(req->ifbr_ifsname); 1224 if (ifs == NULL) 1225 return (ENOENT); 1226 1227 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1228 if (ifs == bif->bif_ifp) 1229 return (EBUSY); 1230 1231 if (ifs->if_bridge != NULL) 1232 return (EBUSY); 1233 1234 switch (ifs->if_type) { 1235 case IFT_ETHER: 1236 case IFT_GIF: 1237 case IFT_L2VLAN: 1238 break; 1239 default: 1240 return (EINVAL); 1241 } 1242 1243 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 1244 1245 bif->bif_ifp = ifs; 1246 bif->bif_flags = IFBIF_SPAN; 1247 1248 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1249 1250 return (0); 1251 } 1252 1253 static int 1254 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1255 { 1256 struct ifbreq *req = arg; 1257 struct bridge_iflist *bif; 1258 struct ifnet *ifs; 1259 1260 ifs = ifunit(req->ifbr_ifsname); 1261 if (ifs == NULL) 1262 return (ENOENT); 1263 1264 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1265 if (ifs == bif->bif_ifp) 1266 break; 1267 1268 if (bif == NULL) 1269 return (ENOENT); 1270 1271 bridge_delete_span(sc, bif); 1272 1273 return (0); 1274 } 1275 1276 /* 1277 * bridge_ifdetach: 1278 * 1279 * Detach an interface from a bridge. Called when a member 1280 * interface is detaching. 1281 */ 1282 static void 1283 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1284 { 1285 struct bridge_softc *sc = ifp->if_bridge; 1286 struct bridge_iflist *bif; 1287 1288 /* Check if the interface is a bridge member */ 1289 if (sc != NULL) { 1290 lwkt_serialize_enter(ifp->if_serializer); 1291 1292 bif = bridge_lookup_member_if(sc, ifp); 1293 if (bif != NULL) 1294 bridge_delete_member(sc, bif, 1); 1295 1296 lwkt_serialize_exit(ifp->if_serializer); 1297 return; 1298 } 1299 1300 /* Check if the interface is a span port */ 1301 LIST_FOREACH(sc, &bridge_list, sc_list) { 1302 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1303 if (ifp == bif->bif_ifp) { 1304 bridge_delete_span(sc, bif); 1305 break; 1306 } 1307 } 1308 } 1309 1310 /* 1311 * bridge_init: 1312 * 1313 * Initialize a bridge interface. 1314 */ 1315 static void 1316 bridge_init(void *xsc) 1317 { 1318 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1319 struct ifnet *ifp = sc->sc_ifp; 1320 1321 ASSERT_SERIALIZED(ifp->if_serializer); 1322 1323 if (ifp->if_flags & IFF_RUNNING) 1324 return; 1325 1326 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1327 bridge_timer, sc); 1328 1329 ifp->if_flags |= IFF_RUNNING; 1330 bstp_initialization(sc); 1331 return; 1332 } 1333 1334 /* 1335 * bridge_stop: 1336 * 1337 * Stop the bridge interface. 1338 */ 1339 static void 1340 bridge_stop(struct ifnet *ifp) 1341 { 1342 struct bridge_softc *sc = ifp->if_softc; 1343 1344 ASSERT_SERIALIZED(ifp->if_serializer); 1345 1346 if ((ifp->if_flags & IFF_RUNNING) == 0) 1347 return; 1348 1349 callout_stop(&sc->sc_brcallout); 1350 bstp_stop(sc); 1351 1352 bridge_rtflush(sc, IFBF_FLUSHDYN); 1353 1354 ifp->if_flags &= ~IFF_RUNNING; 1355 } 1356 1357 static void 1358 bridge_enqueue_internal(struct ifnet *dst_ifp, struct mbuf *m, 1359 netisr_fn_t handler) 1360 { 1361 struct netmsg_packet *nmp; 1362 lwkt_port_t port; 1363 int cpu = mycpu->gd_cpuid; 1364 1365 while (m->m_type == MT_TAG) { 1366 /* XXX see ether_output_frame for full rules check */ 1367 m = m->m_next; 1368 } 1369 1370 nmp = &m->m_hdr.mh_netmsg; 1371 netmsg_init(&nmp->nm_netmsg, &netisr_apanic_rport, 0, handler); 1372 nmp->nm_packet = m; 1373 nmp->nm_netmsg.nm_lmsg.u.ms_resultp = dst_ifp; 1374 1375 port = cpu_portfn(cpu); 1376 lwkt_sendmsg(port, &nmp->nm_netmsg.nm_lmsg); 1377 } 1378 1379 static void 1380 bridge_pfil_enqueue(struct ifnet *dst_ifp, struct mbuf *m, 1381 int runfilt) 1382 { 1383 netisr_fn_t handler; 1384 1385 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1386 #ifdef INET6 1387 || inet6_pfil_hook.ph_hashooks > 0 1388 #endif 1389 )) { 1390 handler = bridge_pfil_enqueue_handler; 1391 } else { 1392 handler = bridge_enqueue_handler; 1393 } 1394 bridge_enqueue_internal(dst_ifp, m, handler); 1395 } 1396 1397 /* 1398 * bridge_enqueue: 1399 * 1400 * Enqueue a packet on a bridge member interface. 1401 * 1402 */ 1403 void 1404 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1405 { 1406 bridge_enqueue_internal(dst_ifp, m, bridge_enqueue_handler); 1407 } 1408 1409 /* 1410 * bridge_output_serialized: 1411 * 1412 * Send output from a bridge member interface. This 1413 * performs the bridging function for locally originated 1414 * packets. 1415 * 1416 * The mbuf has the Ethernet header already attached. We must 1417 * enqueue or free the mbuf before returning. 1418 */ 1419 static int 1420 bridge_output_serialized(struct ifnet *ifp, struct mbuf *m, 1421 struct sockaddr *sa, struct rtentry *rt) 1422 { 1423 struct ether_header *eh; 1424 struct ifnet *dst_if; 1425 struct bridge_softc *sc; 1426 1427 sc = ifp->if_bridge; 1428 1429 ASSERT_SERIALIZED(ifp->if_serializer); 1430 1431 if (m->m_len < ETHER_HDR_LEN) { 1432 m = m_pullup(m, ETHER_HDR_LEN); 1433 if (m == NULL) 1434 return (0); 1435 } 1436 1437 /* 1438 * Serialize our bridge interface. We have to get rid of the 1439 * originating interface lock to avoid a deadlock. 1440 */ 1441 lwkt_serialize_exit(ifp->if_serializer); 1442 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 1443 1444 eh = mtod(m, struct ether_header *); 1445 1446 /* 1447 * If bridge is down, but the original output interface is up, 1448 * go ahead and send out that interface. Otherwise, the packet 1449 * is dropped below. 1450 */ 1451 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0) { 1452 dst_if = ifp; 1453 goto sendunicast; 1454 } 1455 1456 /* 1457 * If the packet is a multicast, or we don't know a better way to 1458 * get there, send to all interfaces. 1459 */ 1460 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1461 dst_if = NULL; 1462 else 1463 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1464 if (dst_if == NULL) { 1465 struct bridge_iflist *bif; 1466 struct mbuf *mc; 1467 int used = 0; 1468 1469 bridge_span(sc, m); 1470 1471 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1472 dst_if = bif->bif_ifp; 1473 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1474 continue; 1475 1476 /* 1477 * If this is not the original output interface, 1478 * and the interface is participating in spanning 1479 * tree, make sure the port is in a state that 1480 * allows forwarding. 1481 */ 1482 if (dst_if != ifp && 1483 (bif->bif_flags & IFBIF_STP) != 0) { 1484 switch (bif->bif_state) { 1485 case BSTP_IFSTATE_BLOCKING: 1486 case BSTP_IFSTATE_LISTENING: 1487 case BSTP_IFSTATE_DISABLED: 1488 continue; 1489 } 1490 } 1491 1492 if (LIST_NEXT(bif, bif_next) == NULL) { 1493 used = 1; 1494 mc = m; 1495 } else { 1496 mc = m_copypacket(m, MB_DONTWAIT); 1497 if (mc == NULL) { 1498 sc->sc_ifp->if_oerrors++; 1499 continue; 1500 } 1501 } 1502 bridge_enqueue(dst_if, mc); 1503 } 1504 if (used == 0) 1505 m_freem(m); 1506 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1507 goto done; 1508 } 1509 1510 sendunicast: 1511 /* 1512 * XXX Spanning tree consideration here? 1513 */ 1514 1515 bridge_span(sc, m); 1516 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1517 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1518 m_freem(m); 1519 } else { 1520 bridge_enqueue(dst_if, m); 1521 } 1522 done: 1523 lwkt_serialize_enter(ifp->if_serializer); 1524 return (0); 1525 } 1526 1527 /* 1528 * bridge_start: 1529 * 1530 * Start output on a bridge. 1531 * 1532 */ 1533 static void 1534 bridge_start(struct ifnet *ifp) 1535 { 1536 struct bridge_softc *sc = ifp->if_softc; 1537 1538 ASSERT_SERIALIZED(ifp->if_serializer); 1539 1540 ifp->if_flags |= IFF_OACTIVE; 1541 for (;;) { 1542 struct ifnet *dst_if = NULL; 1543 struct ether_header *eh; 1544 struct mbuf *m; 1545 1546 m = ifq_dequeue(&ifp->if_snd, NULL); 1547 if (m == NULL) 1548 break; 1549 1550 if (m->m_len < sizeof(*eh)) { 1551 m = m_pullup(m, sizeof(*eh)); 1552 if (m == NULL) { 1553 ifp->if_oerrors++; 1554 continue; 1555 } 1556 } 1557 eh = mtod(m, struct ether_header *); 1558 1559 BPF_MTAP(ifp, m); 1560 ifp->if_opackets++; 1561 1562 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 1563 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1564 1565 if (dst_if == NULL) 1566 bridge_broadcast(sc, ifp, m, 0); 1567 else 1568 bridge_enqueue(dst_if, m); 1569 } 1570 ifp->if_flags &= ~IFF_OACTIVE; 1571 } 1572 1573 /* 1574 * bridge_forward: 1575 * 1576 * The forwarding function of the bridge. 1577 */ 1578 static void 1579 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1580 { 1581 struct bridge_iflist *bif; 1582 struct ifnet *src_if, *dst_if, *ifp; 1583 struct ether_header *eh; 1584 1585 src_if = m->m_pkthdr.rcvif; 1586 ifp = sc->sc_ifp; 1587 1588 ASSERT_SERIALIZED(ifp->if_serializer); 1589 1590 ifp->if_ipackets++; 1591 ifp->if_ibytes += m->m_pkthdr.len; 1592 1593 /* 1594 * Look up the bridge_iflist. 1595 */ 1596 bif = bridge_lookup_member_if(sc, src_if); 1597 if (bif == NULL) { 1598 /* Interface is not a bridge member (anymore?) */ 1599 m_freem(m); 1600 return; 1601 } 1602 1603 if (bif->bif_flags & IFBIF_STP) { 1604 switch (bif->bif_state) { 1605 case BSTP_IFSTATE_BLOCKING: 1606 case BSTP_IFSTATE_LISTENING: 1607 case BSTP_IFSTATE_DISABLED: 1608 m_freem(m); 1609 return; 1610 } 1611 } 1612 1613 eh = mtod(m, struct ether_header *); 1614 1615 /* 1616 * If the interface is learning, and the source 1617 * address is valid and not multicast, record 1618 * the address. 1619 */ 1620 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1621 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1622 (eh->ether_shost[0] == 0 && 1623 eh->ether_shost[1] == 0 && 1624 eh->ether_shost[2] == 0 && 1625 eh->ether_shost[3] == 0 && 1626 eh->ether_shost[4] == 0 && 1627 eh->ether_shost[5] == 0) == 0) { 1628 bridge_rtupdate(sc, eh->ether_shost, src_if, 0, IFBAF_DYNAMIC); 1629 } 1630 1631 if ((bif->bif_flags & IFBIF_STP) != 0 && 1632 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1633 m_freem(m); 1634 return; 1635 } 1636 1637 /* 1638 * At this point, the port either doesn't participate 1639 * in spanning tree or it is in the forwarding state. 1640 */ 1641 1642 /* 1643 * If the packet is unicast, destined for someone on 1644 * "this" side of the bridge, drop it. 1645 */ 1646 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1647 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1648 if (src_if == dst_if) { 1649 m_freem(m); 1650 return; 1651 } 1652 } else { 1653 /* ...forward it to all interfaces. */ 1654 sc->sc_ifp->if_imcasts++; 1655 dst_if = NULL; 1656 } 1657 1658 if (dst_if == NULL) { 1659 bridge_broadcast(sc, src_if, m, 1); 1660 return; 1661 } 1662 1663 /* 1664 * At this point, we're dealing with a unicast frame 1665 * going to a different interface. 1666 */ 1667 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1668 m_freem(m); 1669 return; 1670 } 1671 bif = bridge_lookup_member_if(sc, dst_if); 1672 if (bif == NULL) { 1673 /* Not a member of the bridge (anymore?) */ 1674 m_freem(m); 1675 return; 1676 } 1677 1678 if (bif->bif_flags & IFBIF_STP) { 1679 switch (bif->bif_state) { 1680 case BSTP_IFSTATE_DISABLED: 1681 case BSTP_IFSTATE_BLOCKING: 1682 m_freem(m); 1683 return; 1684 } 1685 } 1686 1687 lwkt_serialize_exit(ifp->if_serializer); 1688 1689 /* run the packet filter */ 1690 if (inet_pfil_hook.ph_hashooks > 0 1691 #ifdef INET6 1692 || inet6_pfil_hook.ph_hashooks > 0 1693 #endif 1694 ) { 1695 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1696 goto done; 1697 if (m == NULL) 1698 goto done; 1699 1700 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 1701 goto done; 1702 if (m == NULL) 1703 goto done; 1704 } 1705 bridge_handoff(dst_if, m); 1706 1707 /* 1708 * ifp's serializer was held on entry and is expected to be held 1709 * on return. 1710 */ 1711 done: 1712 lwkt_serialize_enter(ifp->if_serializer); 1713 } 1714 1715 /* 1716 * bridge_input: 1717 * 1718 * Receive input from a member interface. Queue the packet for 1719 * bridging if it is not for us. 1720 */ 1721 static struct mbuf * 1722 bridge_input(struct ifnet *ifp, struct mbuf *m) 1723 { 1724 struct bridge_softc *sc = ifp->if_bridge; 1725 struct bridge_iflist *bif; 1726 struct ifnet *bifp, *new_ifp; 1727 struct ether_header *eh; 1728 struct mbuf *mc, *mc2; 1729 1730 new_ifp = NULL; 1731 bifp = sc->sc_ifp; 1732 1733 lwkt_serialize_enter(bifp->if_serializer); 1734 1735 if ((bifp->if_flags & IFF_RUNNING) == 0) 1736 goto out; 1737 1738 /* 1739 * Implement support for bridge monitoring. If this flag has been 1740 * set on this interface, discard the packet once we push it through 1741 * the bpf(4) machinery, but before we do, increment the byte and 1742 * packet counters associated with this interface. 1743 */ 1744 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1745 m->m_pkthdr.rcvif = bifp; 1746 BPF_MTAP(bifp, m); 1747 bifp->if_ipackets++; 1748 bifp->if_ibytes += m->m_pkthdr.len; 1749 m_freem(m); 1750 m = NULL; 1751 goto out; 1752 } 1753 1754 eh = mtod(m, struct ether_header *); 1755 1756 m->m_flags &= ~M_PROTO1; /* XXX Hack - loop prevention */ 1757 1758 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 1759 /* 1760 * If the packet is for us, set the packets source as the 1761 * bridge, and return the packet back to ifnet.if_input for 1762 * local processing. 1763 */ 1764 KASSERT(bifp->if_bridge == NULL, 1765 ("loop created in bridge_input")); 1766 new_ifp = bifp; 1767 goto out; 1768 } 1769 1770 /* 1771 * Tap all packets arriving on the bridge, no matter if 1772 * they are local destinations or not. In is in. 1773 */ 1774 BPF_MTAP(bifp, m); 1775 1776 bif = bridge_lookup_member_if(sc, ifp); 1777 if (bif == NULL) 1778 goto out; 1779 1780 bridge_span(sc, m); 1781 1782 if (m->m_flags & (M_BCAST | M_MCAST)) { 1783 /* Tap off 802.1D packets; they do not get forwarded. */ 1784 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1785 ETHER_ADDR_LEN) == 0) { 1786 m = bstp_input(ifp, m); 1787 KASSERT(m == NULL, 1788 ("attempt to deliver 802.1D packet\n")); 1789 goto out; 1790 } 1791 1792 if (bif->bif_flags & IFBIF_STP) { 1793 switch (bif->bif_state) { 1794 case BSTP_IFSTATE_BLOCKING: 1795 case BSTP_IFSTATE_LISTENING: 1796 case BSTP_IFSTATE_DISABLED: 1797 goto out; 1798 } 1799 } 1800 1801 /* 1802 * Make a deep copy of the packet and enqueue the copy 1803 * for bridge processing; return the original packet for 1804 * local processing. 1805 */ 1806 mc = m_dup(m, MB_DONTWAIT); 1807 if (mc == NULL) 1808 goto out; 1809 1810 bridge_forward(sc, mc); 1811 1812 /* 1813 * Reinject the mbuf as arriving on the bridge so we have a 1814 * chance at claiming multicast packets. We can not loop back 1815 * here from ether_input as a bridge is never a member of a 1816 * bridge. 1817 */ 1818 KASSERT(bifp->if_bridge == NULL, 1819 ("loop created in bridge_input")); 1820 mc2 = m_dup(m, MB_DONTWAIT); 1821 #ifdef notyet 1822 if (mc2 != NULL) { 1823 /* Keep the layer3 header aligned */ 1824 int i = min(mc2->m_pkthdr.len, max_protohdr); 1825 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 1826 } 1827 #endif 1828 if (mc2 != NULL) { 1829 mc2->m_pkthdr.rcvif = bifp; 1830 bifp->if_ipackets++; 1831 bifp->if_input(bifp, mc2); 1832 } 1833 1834 /* Return the original packet for local processing. */ 1835 goto out; 1836 } 1837 1838 if (bif->bif_flags & IFBIF_STP) { 1839 switch (bif->bif_state) { 1840 case BSTP_IFSTATE_BLOCKING: 1841 case BSTP_IFSTATE_LISTENING: 1842 case BSTP_IFSTATE_DISABLED: 1843 goto out; 1844 } 1845 } 1846 1847 /* 1848 * Unicast. Make sure it's not for us. 1849 */ 1850 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1851 if (bif->bif_ifp->if_type != IFT_ETHER) 1852 continue; 1853 1854 /* It is destined for us. */ 1855 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1856 ETHER_ADDR_LEN) == 0) { 1857 if (bif->bif_flags & IFBIF_LEARNING) { 1858 bridge_rtupdate(sc, 1859 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1860 } 1861 1862 if (bif->bif_ifp != ifp) { 1863 /* XXX loop prevention */ 1864 m->m_flags |= M_PROTO1; 1865 new_ifp = bif->bif_ifp; 1866 } 1867 goto out; 1868 } 1869 1870 /* We just received a packet that we sent out. */ 1871 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1872 ETHER_ADDR_LEN) == 0) { 1873 m_freem(m); 1874 m = NULL; 1875 goto out; 1876 } 1877 } 1878 1879 /* Perform the bridge forwarding function. */ 1880 bridge_forward(sc, m); 1881 m = NULL; 1882 out: 1883 lwkt_serialize_exit(bifp->if_serializer); 1884 1885 if (new_ifp != NULL) { 1886 lwkt_serialize_enter(new_ifp->if_serializer); 1887 1888 m->m_pkthdr.rcvif = new_ifp; 1889 new_ifp->if_ipackets++; 1890 new_ifp->if_input(new_ifp, m); 1891 m = NULL; 1892 1893 lwkt_serialize_exit(new_ifp->if_serializer); 1894 } 1895 return (m); 1896 } 1897 1898 /* 1899 * bridge_broadcast: 1900 * 1901 * Send a frame to all interfaces that are members of 1902 * the bridge, except for the one on which the packet 1903 * arrived. 1904 */ 1905 static void 1906 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1907 struct mbuf *m, int runfilt) 1908 { 1909 struct bridge_iflist *bif; 1910 struct mbuf *mc; 1911 struct ifnet *dst_if, *bifp; 1912 int used = 0; 1913 1914 bifp = sc->sc_ifp; 1915 1916 ASSERT_SERIALIZED(bifp->if_serializer); 1917 1918 /* run the packet filter */ 1919 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1920 #ifdef INET6 1921 || inet6_pfil_hook.ph_hashooks > 0 1922 #endif 1923 )) { 1924 lwkt_serialize_exit(bifp->if_serializer); 1925 1926 /* Filter on the bridge interface before broadcasting */ 1927 1928 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 1929 goto filt; 1930 if (m == NULL) 1931 goto filt; 1932 1933 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 1934 m = NULL; 1935 filt: 1936 lwkt_serialize_enter(bifp->if_serializer); 1937 if (m == NULL) 1938 return; 1939 } 1940 1941 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1942 dst_if = bif->bif_ifp; 1943 if (dst_if == src_if) 1944 continue; 1945 1946 if (bif->bif_flags & IFBIF_STP) { 1947 switch (bif->bif_state) { 1948 case BSTP_IFSTATE_BLOCKING: 1949 case BSTP_IFSTATE_DISABLED: 1950 continue; 1951 } 1952 } 1953 1954 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1955 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 1956 continue; 1957 1958 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1959 continue; 1960 1961 if (LIST_NEXT(bif, bif_next) == NULL) { 1962 mc = m; 1963 used = 1; 1964 } else { 1965 mc = m_copypacket(m, MB_DONTWAIT); 1966 if (mc == NULL) { 1967 sc->sc_ifp->if_oerrors++; 1968 continue; 1969 } 1970 } 1971 bridge_pfil_enqueue(dst_if, mc, runfilt); 1972 } 1973 if (used == 0) 1974 m_freem(m); 1975 } 1976 1977 /* 1978 * bridge_span: 1979 * 1980 * Duplicate a packet out one or more interfaces that are in span mode, 1981 * the original mbuf is unmodified. 1982 */ 1983 static void 1984 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1985 { 1986 struct bridge_iflist *bif; 1987 struct ifnet *dst_if; 1988 struct mbuf *mc; 1989 1990 if (LIST_EMPTY(&sc->sc_spanlist)) 1991 return; 1992 1993 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1994 dst_if = bif->bif_ifp; 1995 1996 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1997 continue; 1998 1999 mc = m_copypacket(m, MB_DONTWAIT); 2000 if (mc == NULL) { 2001 sc->sc_ifp->if_oerrors++; 2002 continue; 2003 } 2004 2005 bridge_enqueue(dst_if, mc); 2006 } 2007 } 2008 2009 /* 2010 * bridge_rtupdate: 2011 * 2012 * Add a bridge routing entry. 2013 * Can be called from interrupt context. 2014 */ 2015 static int 2016 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2017 struct ifnet *dst_if, int setflags, uint8_t flags) 2018 { 2019 struct bridge_rtnode *brt; 2020 int error; 2021 2022 /* 2023 * A route for this destination might already exist. If so, 2024 * update it, otherwise create a new one. 2025 */ 2026 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2027 if (sc->sc_brtcnt >= sc->sc_brtmax) 2028 return (ENOSPC); 2029 2030 /* 2031 * Allocate a new bridge forwarding node, and 2032 * initialize the expiration time and Ethernet 2033 * address. 2034 */ 2035 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 2036 M_INTNOWAIT|M_ZERO); 2037 if (brt == NULL) 2038 return (ENOMEM); 2039 2040 brt->brt_flags = IFBAF_DYNAMIC; 2041 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2042 2043 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2044 kfree(brt, M_DEVBUF); 2045 return (error); 2046 } 2047 } 2048 2049 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2050 brt->brt_ifp = dst_if; 2051 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2052 brt->brt_expire = time_second + sc->sc_brttimeout; 2053 if (setflags) 2054 brt->brt_flags = flags; 2055 2056 return (0); 2057 } 2058 2059 /* 2060 * bridge_rtlookup: 2061 * 2062 * Lookup the destination interface for an address. 2063 */ 2064 static struct ifnet * 2065 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2066 { 2067 struct bridge_rtnode *brt; 2068 2069 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2070 return (NULL); 2071 2072 return (brt->brt_ifp); 2073 } 2074 2075 /* 2076 * bridge_rttrim: 2077 * 2078 * Trim the routine table so that we have a number 2079 * of routing entries less than or equal to the 2080 * maximum number. 2081 */ 2082 static void 2083 bridge_rttrim(struct bridge_softc *sc) 2084 { 2085 struct bridge_rtnode *brt, *nbrt; 2086 2087 /* Make sure we actually need to do this. */ 2088 if (sc->sc_brtcnt <= sc->sc_brtmax) 2089 return; 2090 2091 /* Force an aging cycle; this might trim enough addresses. */ 2092 bridge_rtage(sc); 2093 if (sc->sc_brtcnt <= sc->sc_brtmax) 2094 return; 2095 2096 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2097 nbrt = LIST_NEXT(brt, brt_list); 2098 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2099 bridge_rtnode_destroy(sc, brt); 2100 if (sc->sc_brtcnt <= sc->sc_brtmax) 2101 return; 2102 } 2103 } 2104 } 2105 2106 /* 2107 * bridge_timer: 2108 * 2109 * Aging timer for the bridge. 2110 */ 2111 static void 2112 bridge_timer(void *arg) 2113 { 2114 struct bridge_softc *sc = arg; 2115 2116 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 2117 2118 bridge_rtage(sc); 2119 2120 if (sc->sc_ifp->if_flags & IFF_RUNNING) 2121 callout_reset(&sc->sc_brcallout, 2122 bridge_rtable_prune_period * hz, bridge_timer, sc); 2123 2124 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 2125 } 2126 2127 /* 2128 * bridge_rtage: 2129 * 2130 * Perform an aging cycle. 2131 */ 2132 static void 2133 bridge_rtage(struct bridge_softc *sc) 2134 { 2135 struct bridge_rtnode *brt, *nbrt; 2136 2137 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2138 nbrt = LIST_NEXT(brt, brt_list); 2139 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2140 if (time_second >= brt->brt_expire) 2141 bridge_rtnode_destroy(sc, brt); 2142 } 2143 } 2144 } 2145 2146 /* 2147 * bridge_rtflush: 2148 * 2149 * Remove all dynamic addresses from the bridge. 2150 */ 2151 static void 2152 bridge_rtflush(struct bridge_softc *sc, int full) 2153 { 2154 struct bridge_rtnode *brt, *nbrt; 2155 2156 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2157 nbrt = LIST_NEXT(brt, brt_list); 2158 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2159 bridge_rtnode_destroy(sc, brt); 2160 } 2161 } 2162 2163 /* 2164 * bridge_rtdaddr: 2165 * 2166 * Remove an address from the table. 2167 */ 2168 static int 2169 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2170 { 2171 struct bridge_rtnode *brt; 2172 2173 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2174 return (ENOENT); 2175 2176 bridge_rtnode_destroy(sc, brt); 2177 return (0); 2178 } 2179 2180 /* 2181 * bridge_rtdelete: 2182 * 2183 * Delete routes to a speicifc member interface. 2184 */ 2185 void 2186 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2187 { 2188 struct bridge_rtnode *brt, *nbrt; 2189 2190 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2191 nbrt = LIST_NEXT(brt, brt_list); 2192 if (brt->brt_ifp == ifp && (full || 2193 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2194 bridge_rtnode_destroy(sc, brt); 2195 } 2196 } 2197 2198 /* 2199 * bridge_rtable_init: 2200 * 2201 * Initialize the route table for this bridge. 2202 */ 2203 static int 2204 bridge_rtable_init(struct bridge_softc *sc) 2205 { 2206 int i; 2207 2208 sc->sc_rthash = kmalloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2209 M_DEVBUF, M_WAITOK); 2210 2211 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2212 LIST_INIT(&sc->sc_rthash[i]); 2213 2214 sc->sc_rthash_key = karc4random(); 2215 2216 LIST_INIT(&sc->sc_rtlist); 2217 2218 return (0); 2219 } 2220 2221 /* 2222 * bridge_rtable_fini: 2223 * 2224 * Deconstruct the route table for this bridge. 2225 */ 2226 static void 2227 bridge_rtable_fini(struct bridge_softc *sc) 2228 { 2229 2230 kfree(sc->sc_rthash, M_DEVBUF); 2231 } 2232 2233 /* 2234 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2235 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2236 */ 2237 #define mix(a, b, c) \ 2238 do { \ 2239 a -= b; a -= c; a ^= (c >> 13); \ 2240 b -= c; b -= a; b ^= (a << 8); \ 2241 c -= a; c -= b; c ^= (b >> 13); \ 2242 a -= b; a -= c; a ^= (c >> 12); \ 2243 b -= c; b -= a; b ^= (a << 16); \ 2244 c -= a; c -= b; c ^= (b >> 5); \ 2245 a -= b; a -= c; a ^= (c >> 3); \ 2246 b -= c; b -= a; b ^= (a << 10); \ 2247 c -= a; c -= b; c ^= (b >> 15); \ 2248 } while (/*CONSTCOND*/0) 2249 2250 static __inline uint32_t 2251 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2252 { 2253 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2254 2255 b += addr[5] << 8; 2256 b += addr[4]; 2257 a += addr[3] << 24; 2258 a += addr[2] << 16; 2259 a += addr[1] << 8; 2260 a += addr[0]; 2261 2262 mix(a, b, c); 2263 2264 return (c & BRIDGE_RTHASH_MASK); 2265 } 2266 2267 #undef mix 2268 2269 static int 2270 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2271 { 2272 int i, d; 2273 2274 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2275 d = ((int)a[i]) - ((int)b[i]); 2276 } 2277 2278 return (d); 2279 } 2280 2281 /* 2282 * bridge_rtnode_lookup: 2283 * 2284 * Look up a bridge route node for the specified destination. 2285 */ 2286 static struct bridge_rtnode * 2287 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2288 { 2289 struct bridge_rtnode *brt; 2290 uint32_t hash; 2291 int dir; 2292 2293 hash = bridge_rthash(sc, addr); 2294 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2295 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2296 if (dir == 0) 2297 return (brt); 2298 if (dir > 0) 2299 return (NULL); 2300 } 2301 2302 return (NULL); 2303 } 2304 2305 /* 2306 * bridge_rtnode_insert: 2307 * 2308 * Insert the specified bridge node into the route table. We 2309 * assume the entry is not already in the table. 2310 */ 2311 static int 2312 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2313 { 2314 struct bridge_rtnode *lbrt; 2315 uint32_t hash; 2316 int dir; 2317 2318 hash = bridge_rthash(sc, brt->brt_addr); 2319 2320 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2321 if (lbrt == NULL) { 2322 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2323 goto out; 2324 } 2325 2326 do { 2327 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2328 if (dir == 0) 2329 return (EEXIST); 2330 if (dir > 0) { 2331 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2332 goto out; 2333 } 2334 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2335 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2336 goto out; 2337 } 2338 lbrt = LIST_NEXT(lbrt, brt_hash); 2339 } while (lbrt != NULL); 2340 2341 #ifdef DIAGNOSTIC 2342 panic("bridge_rtnode_insert: impossible"); 2343 #endif 2344 2345 out: 2346 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2347 sc->sc_brtcnt++; 2348 2349 return (0); 2350 } 2351 2352 /* 2353 * bridge_rtnode_destroy: 2354 * 2355 * Destroy a bridge rtnode. 2356 */ 2357 static void 2358 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2359 { 2360 2361 LIST_REMOVE(brt, brt_hash); 2362 2363 LIST_REMOVE(brt, brt_list); 2364 sc->sc_brtcnt--; 2365 kfree(brt, M_DEVBUF); 2366 } 2367 2368 /* 2369 * Send bridge packets through pfil if they are one of the types pfil can deal 2370 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2371 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2372 * that interface. 2373 */ 2374 static int 2375 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2376 { 2377 int snap, error, i, hlen; 2378 struct ether_header *eh1, eh2; 2379 struct ip *ip; 2380 struct llc llc1; 2381 u_int16_t ether_type; 2382 2383 snap = 0; 2384 error = -1; /* Default error if not error == 0 */ 2385 2386 if (pfil_bridge == 0 && pfil_member == 0) 2387 return (0); /* filtering is disabled */ 2388 2389 i = min((*mp)->m_pkthdr.len, max_protohdr); 2390 if ((*mp)->m_len < i) { 2391 *mp = m_pullup(*mp, i); 2392 if (*mp == NULL) { 2393 kprintf("%s: m_pullup failed\n", __func__); 2394 return (-1); 2395 } 2396 } 2397 2398 eh1 = mtod(*mp, struct ether_header *); 2399 ether_type = ntohs(eh1->ether_type); 2400 2401 /* 2402 * Check for SNAP/LLC. 2403 */ 2404 if (ether_type < ETHERMTU) { 2405 struct llc *llc2 = (struct llc *)(eh1 + 1); 2406 2407 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2408 llc2->llc_dsap == LLC_SNAP_LSAP && 2409 llc2->llc_ssap == LLC_SNAP_LSAP && 2410 llc2->llc_control == LLC_UI) { 2411 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2412 snap = 1; 2413 } 2414 } 2415 2416 /* 2417 * If we're trying to filter bridge traffic, don't look at anything 2418 * other than IP and ARP traffic. If the filter doesn't understand 2419 * IPv6, don't allow IPv6 through the bridge either. This is lame 2420 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2421 * but of course we don't have an AppleTalk filter to begin with. 2422 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2423 * ARP traffic.) 2424 */ 2425 switch (ether_type) { 2426 case ETHERTYPE_ARP: 2427 case ETHERTYPE_REVARP: 2428 return (0); /* Automatically pass */ 2429 case ETHERTYPE_IP: 2430 #ifdef INET6 2431 case ETHERTYPE_IPV6: 2432 #endif /* INET6 */ 2433 break; 2434 default: 2435 /* 2436 * Check to see if the user wants to pass non-ip 2437 * packets, these will not be checked by pfil(9) and 2438 * passed unconditionally so the default is to drop. 2439 */ 2440 if (pfil_onlyip) 2441 goto bad; 2442 } 2443 2444 /* Strip off the Ethernet header and keep a copy. */ 2445 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2446 m_adj(*mp, ETHER_HDR_LEN); 2447 2448 /* Strip off snap header, if present */ 2449 if (snap) { 2450 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2451 m_adj(*mp, sizeof(struct llc)); 2452 } 2453 2454 /* 2455 * Check the IP header for alignment and errors 2456 */ 2457 if (dir == PFIL_IN) { 2458 switch (ether_type) { 2459 case ETHERTYPE_IP: 2460 error = bridge_ip_checkbasic(mp); 2461 break; 2462 #ifdef INET6 2463 case ETHERTYPE_IPV6: 2464 error = bridge_ip6_checkbasic(mp); 2465 break; 2466 #endif /* INET6 */ 2467 default: 2468 error = 0; 2469 } 2470 if (error) 2471 goto bad; 2472 } 2473 2474 error = 0; 2475 2476 /* 2477 * Run the packet through pfil 2478 */ 2479 switch (ether_type) 2480 { 2481 case ETHERTYPE_IP : 2482 /* 2483 * before calling the firewall, swap fields the same as 2484 * IP does. here we assume the header is contiguous 2485 */ 2486 ip = mtod(*mp, struct ip *); 2487 2488 ip->ip_len = ntohs(ip->ip_len); 2489 ip->ip_off = ntohs(ip->ip_off); 2490 2491 /* 2492 * Run pfil on the member interface and the bridge, both can 2493 * be skipped by clearing pfil_member or pfil_bridge. 2494 * 2495 * Keep the order: 2496 * in_if -> bridge_if -> out_if 2497 */ 2498 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2499 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2500 dir); 2501 2502 if (*mp == NULL || error != 0) /* filter may consume */ 2503 break; 2504 2505 if (pfil_member && ifp != NULL) 2506 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2507 dir); 2508 2509 if (*mp == NULL || error != 0) /* filter may consume */ 2510 break; 2511 2512 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2513 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2514 dir); 2515 2516 if (*mp == NULL || error != 0) /* filter may consume */ 2517 break; 2518 2519 /* check if we need to fragment the packet */ 2520 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2521 i = (*mp)->m_pkthdr.len; 2522 if (i > ifp->if_mtu) { 2523 error = bridge_fragment(ifp, *mp, &eh2, snap, 2524 &llc1); 2525 return (error); 2526 } 2527 } 2528 2529 /* Recalculate the ip checksum and restore byte ordering */ 2530 ip = mtod(*mp, struct ip *); 2531 hlen = ip->ip_hl << 2; 2532 if (hlen < sizeof(struct ip)) 2533 goto bad; 2534 if (hlen > (*mp)->m_len) { 2535 if ((*mp = m_pullup(*mp, hlen)) == 0) 2536 goto bad; 2537 ip = mtod(*mp, struct ip *); 2538 if (ip == NULL) 2539 goto bad; 2540 } 2541 ip->ip_len = htons(ip->ip_len); 2542 ip->ip_off = htons(ip->ip_off); 2543 ip->ip_sum = 0; 2544 if (hlen == sizeof(struct ip)) 2545 ip->ip_sum = in_cksum_hdr(ip); 2546 else 2547 ip->ip_sum = in_cksum(*mp, hlen); 2548 2549 break; 2550 #ifdef INET6 2551 case ETHERTYPE_IPV6 : 2552 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2553 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2554 dir); 2555 2556 if (*mp == NULL || error != 0) /* filter may consume */ 2557 break; 2558 2559 if (pfil_member && ifp != NULL) 2560 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2561 dir); 2562 2563 if (*mp == NULL || error != 0) /* filter may consume */ 2564 break; 2565 2566 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2567 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2568 dir); 2569 break; 2570 #endif 2571 default : 2572 error = 0; 2573 break; 2574 } 2575 2576 if (*mp == NULL) 2577 return (error); 2578 if (error != 0) 2579 goto bad; 2580 2581 error = -1; 2582 2583 /* 2584 * Finally, put everything back the way it was and return 2585 */ 2586 if (snap) { 2587 M_PREPEND(*mp, sizeof(struct llc), MB_DONTWAIT); 2588 if (*mp == NULL) 2589 return (error); 2590 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2591 } 2592 2593 M_PREPEND(*mp, ETHER_HDR_LEN, MB_DONTWAIT); 2594 if (*mp == NULL) 2595 return (error); 2596 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2597 2598 return (0); 2599 2600 bad: 2601 m_freem(*mp); 2602 *mp = NULL; 2603 return (error); 2604 } 2605 2606 /* 2607 * Perform basic checks on header size since 2608 * pfil assumes ip_input has already processed 2609 * it for it. Cut-and-pasted from ip_input.c. 2610 * Given how simple the IPv6 version is, 2611 * does the IPv4 version really need to be 2612 * this complicated? 2613 * 2614 * XXX Should we update ipstat here, or not? 2615 * XXX Right now we update ipstat but not 2616 * XXX csum_counter. 2617 */ 2618 static int 2619 bridge_ip_checkbasic(struct mbuf **mp) 2620 { 2621 struct mbuf *m = *mp; 2622 struct ip *ip; 2623 int len, hlen; 2624 u_short sum; 2625 2626 if (*mp == NULL) 2627 return (-1); 2628 #if notyet 2629 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2630 if ((m = m_copyup(m, sizeof(struct ip), 2631 (max_linkhdr + 3) & ~3)) == NULL) { 2632 /* XXXJRT new stat, please */ 2633 ipstat.ips_toosmall++; 2634 goto bad; 2635 } 2636 } else 2637 #endif 2638 #ifndef __predict_false 2639 #define __predict_false(x) x 2640 #endif 2641 if (__predict_false(m->m_len < sizeof (struct ip))) { 2642 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2643 ipstat.ips_toosmall++; 2644 goto bad; 2645 } 2646 } 2647 ip = mtod(m, struct ip *); 2648 if (ip == NULL) goto bad; 2649 2650 if (ip->ip_v != IPVERSION) { 2651 ipstat.ips_badvers++; 2652 goto bad; 2653 } 2654 hlen = ip->ip_hl << 2; 2655 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2656 ipstat.ips_badhlen++; 2657 goto bad; 2658 } 2659 if (hlen > m->m_len) { 2660 if ((m = m_pullup(m, hlen)) == 0) { 2661 ipstat.ips_badhlen++; 2662 goto bad; 2663 } 2664 ip = mtod(m, struct ip *); 2665 if (ip == NULL) goto bad; 2666 } 2667 2668 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2669 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2670 } else { 2671 if (hlen == sizeof(struct ip)) { 2672 sum = in_cksum_hdr(ip); 2673 } else { 2674 sum = in_cksum(m, hlen); 2675 } 2676 } 2677 if (sum) { 2678 ipstat.ips_badsum++; 2679 goto bad; 2680 } 2681 2682 /* Retrieve the packet length. */ 2683 len = ntohs(ip->ip_len); 2684 2685 /* 2686 * Check for additional length bogosity 2687 */ 2688 if (len < hlen) { 2689 ipstat.ips_badlen++; 2690 goto bad; 2691 } 2692 2693 /* 2694 * Check that the amount of data in the buffers 2695 * is as at least much as the IP header would have us expect. 2696 * Drop packet if shorter than we expect. 2697 */ 2698 if (m->m_pkthdr.len < len) { 2699 ipstat.ips_tooshort++; 2700 goto bad; 2701 } 2702 2703 /* Checks out, proceed */ 2704 *mp = m; 2705 return (0); 2706 2707 bad: 2708 *mp = m; 2709 return (-1); 2710 } 2711 2712 #ifdef INET6 2713 /* 2714 * Same as above, but for IPv6. 2715 * Cut-and-pasted from ip6_input.c. 2716 * XXX Should we update ip6stat, or not? 2717 */ 2718 static int 2719 bridge_ip6_checkbasic(struct mbuf **mp) 2720 { 2721 struct mbuf *m = *mp; 2722 struct ip6_hdr *ip6; 2723 2724 /* 2725 * If the IPv6 header is not aligned, slurp it up into a new 2726 * mbuf with space for link headers, in the event we forward 2727 * it. Otherwise, if it is aligned, make sure the entire base 2728 * IPv6 header is in the first mbuf of the chain. 2729 */ 2730 #if notyet 2731 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2732 struct ifnet *inifp = m->m_pkthdr.rcvif; 2733 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2734 (max_linkhdr + 3) & ~3)) == NULL) { 2735 /* XXXJRT new stat, please */ 2736 ip6stat.ip6s_toosmall++; 2737 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2738 goto bad; 2739 } 2740 } else 2741 #endif 2742 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2743 struct ifnet *inifp = m->m_pkthdr.rcvif; 2744 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2745 ip6stat.ip6s_toosmall++; 2746 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2747 goto bad; 2748 } 2749 } 2750 2751 ip6 = mtod(m, struct ip6_hdr *); 2752 2753 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2754 ip6stat.ip6s_badvers++; 2755 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2756 goto bad; 2757 } 2758 2759 /* Checks out, proceed */ 2760 *mp = m; 2761 return (0); 2762 2763 bad: 2764 *mp = m; 2765 return (-1); 2766 } 2767 #endif /* INET6 */ 2768 2769 /* 2770 * bridge_fragment: 2771 * 2772 * Return a fragmented mbuf chain. 2773 */ 2774 static int 2775 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 2776 int snap, struct llc *llc) 2777 { 2778 struct mbuf *m0; 2779 struct ip *ip; 2780 int error = -1; 2781 2782 if (m->m_len < sizeof(struct ip) && 2783 (m = m_pullup(m, sizeof(struct ip))) == NULL) 2784 goto out; 2785 ip = mtod(m, struct ip *); 2786 2787 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 2788 CSUM_DELAY_IP); 2789 if (error) 2790 goto out; 2791 2792 /* walk the chain and re-add the Ethernet header */ 2793 for (m0 = m; m0; m0 = m0->m_nextpkt) { 2794 if (error == 0) { 2795 if (snap) { 2796 M_PREPEND(m0, sizeof(struct llc), MB_DONTWAIT); 2797 if (m0 == NULL) { 2798 error = ENOBUFS; 2799 continue; 2800 } 2801 bcopy(llc, mtod(m0, caddr_t), 2802 sizeof(struct llc)); 2803 } 2804 M_PREPEND(m0, ETHER_HDR_LEN, MB_DONTWAIT); 2805 if (m0 == NULL) { 2806 error = ENOBUFS; 2807 continue; 2808 } 2809 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 2810 } else 2811 m_freem(m); 2812 } 2813 2814 if (error == 0) 2815 ipstat.ips_fragmented++; 2816 2817 return (error); 2818 2819 out: 2820 if (m != NULL) 2821 m_freem(m); 2822 return (error); 2823 } 2824 2825 static void 2826 bridge_enqueue_handler(struct netmsg *nmsg) 2827 { 2828 struct netmsg_packet *nmp; 2829 struct ifnet *dst_ifp; 2830 struct mbuf *m; 2831 2832 nmp = (struct netmsg_packet *)nmsg; 2833 m = nmp->nm_packet; 2834 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2835 2836 bridge_handoff_notags(dst_ifp, m); 2837 } 2838 2839 static void 2840 bridge_pfil_enqueue_handler(struct netmsg *nmsg) 2841 { 2842 struct netmsg_packet *nmp; 2843 struct ifnet *dst_ifp; 2844 struct mbuf *m; 2845 2846 nmp = (struct netmsg_packet *)nmsg; 2847 m = nmp->nm_packet; 2848 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2849 2850 /* 2851 * Filter on the output interface. Pass a NULL bridge interface 2852 * pointer so we do not redundantly filter on the bridge for 2853 * each interface we broadcast on. 2854 */ 2855 if (inet_pfil_hook.ph_hashooks > 0 2856 #ifdef INET6 2857 || inet6_pfil_hook.ph_hashooks > 0 2858 #endif 2859 ) { 2860 if (bridge_pfil(&m, NULL, dst_ifp, PFIL_OUT) != 0) 2861 return; 2862 if (m == NULL) 2863 return; 2864 } 2865 bridge_handoff_notags(dst_ifp, m); 2866 } 2867 2868 static void 2869 bridge_handoff(struct ifnet *dst_ifp, struct mbuf *m) 2870 { 2871 while (m->m_type == MT_TAG) { 2872 /* XXX see ether_output_frame for full rules check */ 2873 m = m->m_next; 2874 } 2875 bridge_handoff_notags(dst_ifp, m); 2876 } 2877 2878 static void 2879 bridge_handoff_notags(struct ifnet *dst_ifp, struct mbuf *m) 2880 { 2881 struct mbuf *m0; 2882 2883 KKASSERT(m->m_type != MT_TAG); 2884 2885 lwkt_serialize_enter(dst_ifp->if_serializer); 2886 2887 /* We may be sending a fragment so traverse the mbuf */ 2888 for (; m; m = m0) { 2889 struct altq_pktattr pktattr; 2890 2891 m0 = m->m_nextpkt; 2892 m->m_nextpkt = NULL; 2893 2894 if (ifq_is_enabled(&dst_ifp->if_snd)) 2895 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 2896 2897 ifq_handoff(dst_ifp, m, &pktattr); 2898 } 2899 2900 lwkt_serialize_exit(dst_ifp->if_serializer); 2901 } 2902