1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 * $DragonFly: src/sys/net/bridge/if_bridge.c,v 1.41 2008/06/19 15:51:57 sephe Exp $ 70 */ 71 72 /* 73 * Network interface bridge support. 74 * 75 * TODO: 76 * 77 * - Currently only supports Ethernet-like interfaces (Ethernet, 78 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 79 * to bridge other types of interfaces (FDDI-FDDI, and maybe 80 * consider heterogenous bridges). 81 */ 82 83 #include <sys/cdefs.h> 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <sys/module.h> 101 #include <sys/proc.h> 102 #include <sys/lock.h> 103 #include <sys/thread.h> 104 #include <sys/thread2.h> 105 #include <sys/mpipe.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 #include <net/ifq_var.h> 114 #include <net/if_clone.h> 115 116 #include <netinet/in.h> /* for struct arpcom */ 117 #include <netinet/in_systm.h> 118 #include <netinet/in_var.h> 119 #include <netinet/ip.h> 120 #include <netinet/ip_var.h> 121 #ifdef INET6 122 #include <netinet/ip6.h> 123 #include <netinet6/ip6_var.h> 124 #endif 125 #include <netinet/if_ether.h> /* for struct arpcom */ 126 #include <net/bridge/if_bridgevar.h> 127 #include <net/if_llc.h> 128 #include <net/netmsg2.h> 129 130 #include <net/route.h> 131 #include <sys/in_cksum.h> 132 133 /* 134 * Size of the route hash table. Must be a power of two. 135 */ 136 #ifndef BRIDGE_RTHASH_SIZE 137 #define BRIDGE_RTHASH_SIZE 1024 138 #endif 139 140 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 141 142 /* 143 * Maximum number of addresses to cache. 144 */ 145 #ifndef BRIDGE_RTABLE_MAX 146 #define BRIDGE_RTABLE_MAX 100 147 #endif 148 149 /* 150 * Spanning tree defaults. 151 */ 152 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 153 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 154 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 155 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 156 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 157 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 158 #define BSTP_DEFAULT_PATH_COST 55 159 160 /* 161 * Timeout (in seconds) for entries learned dynamically. 162 */ 163 #ifndef BRIDGE_RTABLE_TIMEOUT 164 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 165 #endif 166 167 /* 168 * Number of seconds between walks of the route list. 169 */ 170 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 171 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 172 #endif 173 174 /* 175 * List of capabilities to mask on the member interface. 176 */ 177 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 178 179 eventhandler_tag bridge_detach_cookie = NULL; 180 181 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 182 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *); 183 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 184 185 typedef int (*bridge_ctl_t)(struct bridge_softc *, void *); 186 187 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 188 189 static int bridge_clone_create(struct if_clone *, int); 190 static void bridge_clone_destroy(struct ifnet *); 191 192 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 193 static void bridge_mutecaps(struct bridge_iflist *, int); 194 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 195 static void bridge_init(void *); 196 static void bridge_stop(struct ifnet *); 197 static void bridge_start(struct ifnet *); 198 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 199 static int bridge_output(struct ifnet *, struct mbuf *); 200 201 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 202 203 static void bridge_timer(void *); 204 205 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 206 struct mbuf *, int); 207 static void bridge_span(struct bridge_softc *, struct mbuf *); 208 209 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 210 struct ifnet *, int, uint8_t); 211 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 212 static void bridge_rttrim(struct bridge_softc *); 213 static void bridge_rtage(struct bridge_softc *); 214 static void bridge_rtflush(struct bridge_softc *, int); 215 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 216 217 static int bridge_rtable_init(struct bridge_softc *); 218 static void bridge_rtable_fini(struct bridge_softc *); 219 220 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 221 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 222 const uint8_t *); 223 static int bridge_rtnode_insert(struct bridge_softc *, 224 struct bridge_rtnode *); 225 static void bridge_rtnode_destroy(struct bridge_softc *, 226 struct bridge_rtnode *); 227 228 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 229 const char *name); 230 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 231 struct ifnet *ifp); 232 static void bridge_delete_member(struct bridge_softc *, 233 struct bridge_iflist *, int); 234 static void bridge_delete_span(struct bridge_softc *, 235 struct bridge_iflist *); 236 237 static int bridge_control(struct bridge_softc *, u_long, 238 bridge_ctl_t, void *); 239 static int bridge_ioctl_add(struct bridge_softc *, void *); 240 static int bridge_ioctl_del(struct bridge_softc *, void *); 241 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 242 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 243 static int bridge_ioctl_scache(struct bridge_softc *, void *); 244 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 245 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 246 static int bridge_ioctl_rts(struct bridge_softc *, void *); 247 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 248 static int bridge_ioctl_sto(struct bridge_softc *, void *); 249 static int bridge_ioctl_gto(struct bridge_softc *, void *); 250 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 251 static int bridge_ioctl_flush(struct bridge_softc *, void *); 252 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 253 static int bridge_ioctl_spri(struct bridge_softc *, void *); 254 static int bridge_ioctl_ght(struct bridge_softc *, void *); 255 static int bridge_ioctl_sht(struct bridge_softc *, void *); 256 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 257 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 258 static int bridge_ioctl_gma(struct bridge_softc *, void *); 259 static int bridge_ioctl_sma(struct bridge_softc *, void *); 260 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 261 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 262 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 263 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 264 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 265 int); 266 static int bridge_ip_checkbasic(struct mbuf **mp); 267 #ifdef INET6 268 static int bridge_ip6_checkbasic(struct mbuf **mp); 269 #endif /* INET6 */ 270 static int bridge_fragment(struct ifnet *, struct mbuf *, 271 struct ether_header *, int, struct llc *); 272 static void bridge_enqueue_internal(struct ifnet *, struct mbuf *m, 273 netisr_fn_t); 274 static void bridge_enqueue_handler(struct netmsg *); 275 static void bridge_pfil_enqueue_handler(struct netmsg *); 276 static void bridge_pfil_enqueue(struct ifnet *, struct mbuf *, int); 277 static void bridge_handoff_notags(struct ifnet *, struct mbuf *); 278 static void bridge_handoff(struct ifnet *, struct mbuf *); 279 280 SYSCTL_DECL(_net_link); 281 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 282 283 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 284 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 285 static int pfil_member = 1; /* run pfil hooks on the member interface */ 286 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 287 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 288 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 289 &pfil_bridge, 0, "Packet filter on the bridge interface"); 290 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 291 &pfil_member, 0, "Packet filter on the member interface"); 292 293 struct bridge_control { 294 bridge_ctl_t bc_func; 295 int bc_argsize; 296 int bc_flags; 297 }; 298 299 #define BC_F_COPYIN 0x01 /* copy arguments in */ 300 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 301 #define BC_F_SUSER 0x04 /* do super-user check */ 302 303 const struct bridge_control bridge_control_table[] = { 304 { bridge_ioctl_add, sizeof(struct ifbreq), 305 BC_F_COPYIN|BC_F_SUSER }, 306 { bridge_ioctl_del, sizeof(struct ifbreq), 307 BC_F_COPYIN|BC_F_SUSER }, 308 309 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 310 BC_F_COPYIN|BC_F_COPYOUT }, 311 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 312 BC_F_COPYIN|BC_F_SUSER }, 313 314 { bridge_ioctl_scache, sizeof(struct ifbrparam), 315 BC_F_COPYIN|BC_F_SUSER }, 316 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 317 BC_F_COPYOUT }, 318 319 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 320 BC_F_COPYIN|BC_F_COPYOUT }, 321 { bridge_ioctl_rts, sizeof(struct ifbaconf), 322 BC_F_COPYIN|BC_F_COPYOUT }, 323 324 { bridge_ioctl_saddr, sizeof(struct ifbareq), 325 BC_F_COPYIN|BC_F_SUSER }, 326 327 { bridge_ioctl_sto, sizeof(struct ifbrparam), 328 BC_F_COPYIN|BC_F_SUSER }, 329 { bridge_ioctl_gto, sizeof(struct ifbrparam), 330 BC_F_COPYOUT }, 331 332 { bridge_ioctl_daddr, sizeof(struct ifbareq), 333 BC_F_COPYIN|BC_F_SUSER }, 334 335 { bridge_ioctl_flush, sizeof(struct ifbreq), 336 BC_F_COPYIN|BC_F_SUSER }, 337 338 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 339 BC_F_COPYOUT }, 340 { bridge_ioctl_spri, sizeof(struct ifbrparam), 341 BC_F_COPYIN|BC_F_SUSER }, 342 343 { bridge_ioctl_ght, sizeof(struct ifbrparam), 344 BC_F_COPYOUT }, 345 { bridge_ioctl_sht, sizeof(struct ifbrparam), 346 BC_F_COPYIN|BC_F_SUSER }, 347 348 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 349 BC_F_COPYOUT }, 350 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 351 BC_F_COPYIN|BC_F_SUSER }, 352 353 { bridge_ioctl_gma, sizeof(struct ifbrparam), 354 BC_F_COPYOUT }, 355 { bridge_ioctl_sma, sizeof(struct ifbrparam), 356 BC_F_COPYIN|BC_F_SUSER }, 357 358 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 359 BC_F_COPYIN|BC_F_SUSER }, 360 361 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 362 BC_F_COPYIN|BC_F_SUSER }, 363 364 { bridge_ioctl_addspan, sizeof(struct ifbreq), 365 BC_F_COPYIN|BC_F_SUSER }, 366 { bridge_ioctl_delspan, sizeof(struct ifbreq), 367 BC_F_COPYIN|BC_F_SUSER }, 368 }; 369 const int bridge_control_table_size = 370 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 371 372 LIST_HEAD(, bridge_softc) bridge_list; 373 374 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 375 bridge_clone_create, 376 bridge_clone_destroy, 0, IF_MAXUNIT); 377 378 static int 379 bridge_modevent(module_t mod, int type, void *data) 380 { 381 switch (type) { 382 case MOD_LOAD: 383 LIST_INIT(&bridge_list); 384 if_clone_attach(&bridge_cloner); 385 bridge_input_p = bridge_input; 386 bridge_output_p = bridge_output; 387 bridge_detach_cookie = EVENTHANDLER_REGISTER( 388 ifnet_detach_event, bridge_ifdetach, NULL, 389 EVENTHANDLER_PRI_ANY); 390 #if notyet 391 bstp_linkstate_p = bstp_linkstate; 392 #endif 393 break; 394 case MOD_UNLOAD: 395 if (!LIST_EMPTY(&bridge_list)) 396 return (EBUSY); 397 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 398 bridge_detach_cookie); 399 if_clone_detach(&bridge_cloner); 400 bridge_input_p = NULL; 401 bridge_output_p = NULL; 402 #if notyet 403 bstp_linkstate_p = NULL; 404 #endif 405 break; 406 default: 407 return (EOPNOTSUPP); 408 } 409 return (0); 410 } 411 412 static moduledata_t bridge_mod = { 413 "if_bridge", 414 bridge_modevent, 415 0 416 }; 417 418 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 419 420 421 /* 422 * bridge_clone_create: 423 * 424 * Create a new bridge instance. 425 */ 426 static int 427 bridge_clone_create(struct if_clone *ifc, int unit) 428 { 429 struct bridge_softc *sc; 430 struct ifnet *ifp; 431 u_char eaddr[6]; 432 433 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 434 ifp = sc->sc_ifp = &sc->sc_if; 435 436 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 437 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 438 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 439 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 440 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 441 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 442 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 443 444 /* Initialize our routing table. */ 445 bridge_rtable_init(sc); 446 447 callout_init(&sc->sc_brcallout); 448 callout_init(&sc->sc_bstpcallout); 449 450 LIST_INIT(&sc->sc_iflist); 451 LIST_INIT(&sc->sc_spanlist); 452 453 ifp->if_softc = sc; 454 if_initname(ifp, ifc->ifc_name, unit); 455 ifp->if_mtu = ETHERMTU; 456 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 457 ifp->if_ioctl = bridge_ioctl; 458 ifp->if_start = bridge_start; 459 ifp->if_init = bridge_init; 460 ifp->if_type = IFT_BRIDGE; 461 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 462 ifp->if_snd.ifq_maxlen = ifqmaxlen; 463 ifq_set_ready(&ifp->if_snd); 464 ifp->if_hdrlen = ETHER_HDR_LEN; 465 466 /* 467 * Generate a random ethernet address and use the private AC:DE:48 468 * OUI code. 469 */ 470 { 471 int rnd = karc4random(); 472 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 473 rnd = karc4random(); 474 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 475 } 476 eaddr[0] &= ~1; /* clear multicast bit */ 477 eaddr[0] |= 2; /* set the LAA bit */ 478 479 ether_ifattach(ifp, eaddr, NULL); 480 /* Now undo some of the damage... */ 481 ifp->if_baudrate = 0; 482 ifp->if_type = IFT_BRIDGE; 483 484 crit_enter(); /* XXX MP */ 485 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 486 crit_exit(); 487 488 return (0); 489 } 490 491 static void 492 bridge_delete_dispatch(struct netmsg *nmsg) 493 { 494 struct lwkt_msg *lmsg = &nmsg->nm_lmsg; 495 struct bridge_softc *sc = lmsg->u.ms_resultp; 496 struct ifnet *bifp = sc->sc_ifp; 497 struct bridge_iflist *bif; 498 499 lwkt_serialize_enter(bifp->if_serializer); 500 501 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 502 bridge_delete_member(sc, bif, 0); 503 504 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) 505 bridge_delete_span(sc, bif); 506 507 lwkt_serialize_exit(bifp->if_serializer); 508 509 lwkt_replymsg(lmsg, 0); 510 } 511 512 /* 513 * bridge_clone_destroy: 514 * 515 * Destroy a bridge instance. 516 */ 517 static void 518 bridge_clone_destroy(struct ifnet *ifp) 519 { 520 struct bridge_softc *sc = ifp->if_softc; 521 struct lwkt_msg *lmsg; 522 struct netmsg nmsg; 523 524 lwkt_serialize_enter(ifp->if_serializer); 525 526 bridge_stop(ifp); 527 ifp->if_flags &= ~IFF_UP; 528 529 callout_stop(&sc->sc_brcallout); 530 callout_stop(&sc->sc_bstpcallout); 531 532 lwkt_serialize_exit(ifp->if_serializer); 533 534 netmsg_init(&nmsg, &curthread->td_msgport, 0, bridge_delete_dispatch); 535 lmsg = &nmsg.nm_lmsg; 536 lmsg->u.ms_resultp = sc; 537 lwkt_domsg(cpu_portfn(0), lmsg, 0); 538 539 crit_enter(); /* XXX MP */ 540 LIST_REMOVE(sc, sc_list); 541 crit_exit(); 542 543 ether_ifdetach(ifp); 544 545 /* Tear down the routing table. */ 546 bridge_rtable_fini(sc); 547 548 kfree(sc, M_DEVBUF); 549 } 550 551 /* 552 * bridge_ioctl: 553 * 554 * Handle a control request from the operator. 555 */ 556 static int 557 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 558 { 559 struct bridge_softc *sc = ifp->if_softc; 560 union { 561 struct ifbreq ifbreq; 562 struct ifbifconf ifbifconf; 563 struct ifbareq ifbareq; 564 struct ifbaconf ifbaconf; 565 struct ifbrparam ifbrparam; 566 } args; 567 struct ifdrv *ifd = (struct ifdrv *) data; 568 const struct bridge_control *bc; 569 int error = 0; 570 571 ASSERT_SERIALIZED(ifp->if_serializer); 572 573 switch (cmd) { 574 case SIOCADDMULTI: 575 case SIOCDELMULTI: 576 break; 577 578 case SIOCGDRVSPEC: 579 case SIOCSDRVSPEC: 580 if (ifd->ifd_cmd >= bridge_control_table_size) { 581 error = EINVAL; 582 break; 583 } 584 bc = &bridge_control_table[ifd->ifd_cmd]; 585 586 if (cmd == SIOCGDRVSPEC && 587 (bc->bc_flags & BC_F_COPYOUT) == 0) { 588 error = EINVAL; 589 break; 590 } else if (cmd == SIOCSDRVSPEC && 591 (bc->bc_flags & BC_F_COPYOUT) != 0) { 592 error = EINVAL; 593 break; 594 } 595 596 if (bc->bc_flags & BC_F_SUSER) { 597 error = suser_cred(cr, NULL_CRED_OKAY); 598 if (error) 599 break; 600 } 601 602 if (ifd->ifd_len != bc->bc_argsize || 603 ifd->ifd_len > sizeof(args)) { 604 error = EINVAL; 605 break; 606 } 607 608 memset(&args, 0, sizeof(args)); 609 if (bc->bc_flags & BC_F_COPYIN) { 610 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 611 if (error) 612 break; 613 } 614 615 error = bridge_control(sc, cmd, bc->bc_func, &args); 616 if (error) 617 break; 618 619 if (bc->bc_flags & BC_F_COPYOUT) 620 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 621 break; 622 623 case SIOCSIFFLAGS: 624 if (!(ifp->if_flags & IFF_UP) && 625 (ifp->if_flags & IFF_RUNNING)) { 626 /* 627 * If interface is marked down and it is running, 628 * then stop it. 629 */ 630 bridge_stop(ifp); 631 } else if ((ifp->if_flags & IFF_UP) && 632 !(ifp->if_flags & IFF_RUNNING)) { 633 /* 634 * If interface is marked up and it is stopped, then 635 * start it. 636 */ 637 ifp->if_init(sc); 638 } 639 break; 640 641 case SIOCSIFMTU: 642 /* Do not allow the MTU to be changed on the bridge */ 643 error = EINVAL; 644 break; 645 646 default: 647 error = ether_ioctl(ifp, cmd, data); 648 break; 649 } 650 return (error); 651 } 652 653 /* 654 * bridge_mutecaps: 655 * 656 * Clear or restore unwanted capabilities on the member interface 657 */ 658 static void 659 bridge_mutecaps(struct bridge_iflist *bif, int mute) 660 { 661 struct ifnet *ifp = bif->bif_ifp; 662 struct ifreq ifr; 663 int error; 664 665 if (ifp->if_ioctl == NULL) 666 return; 667 668 bzero(&ifr, sizeof(ifr)); 669 ifr.ifr_reqcap = ifp->if_capenable; 670 671 if (mute) { 672 /* mask off and save capabilities */ 673 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 674 if (bif->bif_mutecap != 0) 675 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 676 } else { 677 /* restore muted capabilities */ 678 ifr.ifr_reqcap |= bif->bif_mutecap; 679 } 680 681 if (bif->bif_mutecap != 0) { 682 lwkt_serialize_enter(ifp->if_serializer); 683 error = ifp->if_ioctl(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 684 lwkt_serialize_exit(ifp->if_serializer); 685 } 686 } 687 688 /* 689 * bridge_lookup_member: 690 * 691 * Lookup a bridge member interface. 692 */ 693 static struct bridge_iflist * 694 bridge_lookup_member(struct bridge_softc *sc, const char *name) 695 { 696 struct bridge_iflist *bif; 697 struct ifnet *ifp; 698 699 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 700 ifp = bif->bif_ifp; 701 if (strcmp(ifp->if_xname, name) == 0) 702 return (bif); 703 } 704 705 return (NULL); 706 } 707 708 /* 709 * bridge_lookup_member_if: 710 * 711 * Lookup a bridge member interface by ifnet*. 712 */ 713 static struct bridge_iflist * 714 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 715 { 716 struct bridge_iflist *bif; 717 718 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 719 if (bif->bif_ifp == member_ifp) 720 return (bif); 721 } 722 723 return (NULL); 724 } 725 726 /* 727 * bridge_delete_member: 728 * 729 * Delete the specified member interface. 730 */ 731 static void 732 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 733 int gone) 734 { 735 struct ifnet *ifs = bif->bif_ifp; 736 struct ifnet *bifp = sc->sc_ifp; 737 738 ASSERT_SERIALIZED(bifp->if_serializer); 739 740 ifs->if_bridge = NULL; 741 #ifdef notyet 742 netmsg_service_sync(); 743 #endif 744 745 if (!gone) { 746 switch (ifs->if_type) { 747 case IFT_ETHER: 748 case IFT_L2VLAN: 749 /* 750 * Release bridge interface's serializer to 751 * avoid possible dead lock. 752 */ 753 lwkt_serialize_exit(bifp->if_serializer); 754 755 /* 756 * Take the interface out of promiscuous mode. 757 */ 758 ifpromisc(ifs, 0); 759 bridge_mutecaps(bif, 0); 760 761 lwkt_serialize_enter(bifp->if_serializer); 762 break; 763 764 case IFT_GIF: 765 break; 766 767 default: 768 panic("bridge_delete_member: impossible"); 769 break; 770 } 771 } 772 773 LIST_REMOVE(bif, bif_next); 774 775 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 776 777 kfree(bif, M_DEVBUF); 778 779 if (sc->sc_ifp->if_flags & IFF_RUNNING) 780 bstp_initialization(sc); 781 } 782 783 /* 784 * bridge_delete_span: 785 * 786 * Delete the specified span interface. 787 */ 788 static void 789 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 790 { 791 KASSERT(bif->bif_ifp->if_bridge == NULL, 792 ("%s: not a span interface", __func__)); 793 794 LIST_REMOVE(bif, bif_next); 795 kfree(bif, M_DEVBUF); 796 } 797 798 static int 799 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 800 { 801 struct ifbreq *req = arg; 802 struct bridge_iflist *bif = NULL; 803 struct ifnet *ifs, *bifp; 804 int error = 0; 805 806 bifp = sc->sc_ifp; 807 ASSERT_SERIALIZED(bifp->if_serializer); 808 809 ifs = ifunit(req->ifbr_ifsname); 810 if (ifs == NULL) 811 return (ENOENT); 812 813 /* If it's in the span list, it can't be a member. */ 814 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 815 if (ifs == bif->bif_ifp) 816 return (EBUSY); 817 818 /* Allow the first Ethernet member to define the MTU */ 819 if (ifs->if_type != IFT_GIF) { 820 if (LIST_EMPTY(&sc->sc_iflist)) { 821 bifp->if_mtu = ifs->if_mtu; 822 } else if (bifp->if_mtu != ifs->if_mtu) { 823 if_printf(bifp, "invalid MTU for %s\n", ifs->if_xname); 824 return (EINVAL); 825 } 826 } 827 828 if (ifs->if_bridge == sc) 829 return (EEXIST); 830 831 if (ifs->if_bridge != NULL) 832 return (EBUSY); 833 834 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 835 bif->bif_ifp = ifs; 836 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 837 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 838 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 839 840 switch (ifs->if_type) { 841 case IFT_ETHER: 842 case IFT_L2VLAN: 843 /* 844 * Release bridge interface's serializer to 845 * avoid possible dead lock. 846 */ 847 lwkt_serialize_exit(bifp->if_serializer); 848 849 /* 850 * Place the interface into promiscuous mode. 851 */ 852 error = ifpromisc(ifs, 1); 853 if (error) { 854 lwkt_serialize_enter(bifp->if_serializer); 855 goto out; 856 } 857 858 bridge_mutecaps(bif, 1); 859 860 lwkt_serialize_enter(bifp->if_serializer); 861 break; 862 863 case IFT_GIF: /* :^) */ 864 break; 865 866 default: 867 error = EINVAL; 868 goto out; 869 } 870 871 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 872 873 if (bifp->if_flags & IFF_RUNNING) 874 bstp_initialization(sc); 875 else 876 bstp_stop(sc); 877 878 /* 879 * Everything has been setup, so let the member interface 880 * deliver packets to this bridge on its input/output path. 881 */ 882 ifs->if_bridge = sc; 883 out: 884 if (error) { 885 if (bif != NULL) 886 kfree(bif, M_DEVBUF); 887 } 888 return (error); 889 } 890 891 static int 892 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 893 { 894 struct ifbreq *req = arg; 895 struct bridge_iflist *bif; 896 897 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 898 if (bif == NULL) 899 return (ENOENT); 900 901 bridge_delete_member(sc, bif, 0); 902 903 return (0); 904 } 905 906 static int 907 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 908 { 909 struct ifbreq *req = arg; 910 struct bridge_iflist *bif; 911 912 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 913 if (bif == NULL) 914 return (ENOENT); 915 916 req->ifbr_ifsflags = bif->bif_flags; 917 req->ifbr_state = bif->bif_state; 918 req->ifbr_priority = bif->bif_priority; 919 req->ifbr_path_cost = bif->bif_path_cost; 920 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 921 922 return (0); 923 } 924 925 static int 926 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 927 { 928 struct ifbreq *req = arg; 929 struct bridge_iflist *bif; 930 931 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 932 if (bif == NULL) 933 return (ENOENT); 934 935 if (req->ifbr_ifsflags & IFBIF_SPAN) 936 /* SPAN is readonly */ 937 return (EINVAL); 938 939 if (req->ifbr_ifsflags & IFBIF_STP) { 940 switch (bif->bif_ifp->if_type) { 941 case IFT_ETHER: 942 /* These can do spanning tree. */ 943 break; 944 945 default: 946 /* Nothing else can. */ 947 return (EINVAL); 948 } 949 } 950 951 bif->bif_flags = req->ifbr_ifsflags; 952 953 if (sc->sc_ifp->if_flags & IFF_RUNNING) 954 bstp_initialization(sc); 955 956 return (0); 957 } 958 959 static int 960 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 961 { 962 struct ifbrparam *param = arg; 963 964 sc->sc_brtmax = param->ifbrp_csize; 965 bridge_rttrim(sc); 966 967 return (0); 968 } 969 970 static int 971 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 972 { 973 struct ifbrparam *param = arg; 974 975 param->ifbrp_csize = sc->sc_brtmax; 976 977 return (0); 978 } 979 980 static int 981 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 982 { 983 struct ifbifconf *bifc = arg; 984 struct bridge_iflist *bif; 985 struct ifbreq breq; 986 int count, len, error = 0; 987 988 count = 0; 989 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 990 count++; 991 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 992 count++; 993 994 if (bifc->ifbic_len == 0) { 995 bifc->ifbic_len = sizeof(breq) * count; 996 return (0); 997 } 998 999 count = 0; 1000 len = bifc->ifbic_len; 1001 memset(&breq, 0, sizeof breq); 1002 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1003 if (len < sizeof(breq)) 1004 break; 1005 1006 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1007 sizeof(breq.ifbr_ifsname)); 1008 breq.ifbr_ifsflags = bif->bif_flags; 1009 breq.ifbr_state = bif->bif_state; 1010 breq.ifbr_priority = bif->bif_priority; 1011 breq.ifbr_path_cost = bif->bif_path_cost; 1012 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1013 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1014 if (error) 1015 break; 1016 count++; 1017 len -= sizeof(breq); 1018 } 1019 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1020 if (len < sizeof(breq)) 1021 break; 1022 1023 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 1024 sizeof(breq.ifbr_ifsname)); 1025 breq.ifbr_ifsflags = bif->bif_flags; 1026 breq.ifbr_state = bif->bif_state; 1027 breq.ifbr_priority = bif->bif_priority; 1028 breq.ifbr_path_cost = bif->bif_path_cost; 1029 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 1030 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 1031 if (error) 1032 break; 1033 count++; 1034 len -= sizeof(breq); 1035 } 1036 1037 bifc->ifbic_len = sizeof(breq) * count; 1038 return (error); 1039 } 1040 1041 static int 1042 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1043 { 1044 struct ifbaconf *bac = arg; 1045 struct bridge_rtnode *brt; 1046 struct ifbareq bareq; 1047 int count = 0, error = 0, len; 1048 1049 if (bac->ifbac_len == 0) 1050 return (0); 1051 1052 len = bac->ifbac_len; 1053 memset(&bareq, 0, sizeof(bareq)); 1054 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1055 if (len < sizeof(bareq)) 1056 goto out; 1057 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1058 sizeof(bareq.ifba_ifsname)); 1059 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1060 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1061 time_second < brt->brt_expire) 1062 bareq.ifba_expire = brt->brt_expire - time_second; 1063 else 1064 bareq.ifba_expire = 0; 1065 bareq.ifba_flags = brt->brt_flags; 1066 1067 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1068 if (error) 1069 goto out; 1070 count++; 1071 len -= sizeof(bareq); 1072 } 1073 out: 1074 bac->ifbac_len = sizeof(bareq) * count; 1075 return (error); 1076 } 1077 1078 static int 1079 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1080 { 1081 struct ifbareq *req = arg; 1082 struct bridge_iflist *bif; 1083 int error; 1084 1085 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1086 if (bif == NULL) 1087 return (ENOENT); 1088 1089 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1090 req->ifba_flags); 1091 1092 return (error); 1093 } 1094 1095 static int 1096 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1097 { 1098 struct ifbrparam *param = arg; 1099 1100 sc->sc_brttimeout = param->ifbrp_ctime; 1101 1102 return (0); 1103 } 1104 1105 static int 1106 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1107 { 1108 struct ifbrparam *param = arg; 1109 1110 param->ifbrp_ctime = sc->sc_brttimeout; 1111 1112 return (0); 1113 } 1114 1115 static int 1116 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1117 { 1118 struct ifbareq *req = arg; 1119 1120 return (bridge_rtdaddr(sc, req->ifba_dst)); 1121 } 1122 1123 static int 1124 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1125 { 1126 struct ifbreq *req = arg; 1127 1128 bridge_rtflush(sc, req->ifbr_ifsflags); 1129 1130 return (0); 1131 } 1132 1133 static int 1134 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1135 { 1136 struct ifbrparam *param = arg; 1137 1138 param->ifbrp_prio = sc->sc_bridge_priority; 1139 1140 return (0); 1141 } 1142 1143 static int 1144 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1145 { 1146 struct ifbrparam *param = arg; 1147 1148 sc->sc_bridge_priority = param->ifbrp_prio; 1149 1150 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1151 bstp_initialization(sc); 1152 1153 return (0); 1154 } 1155 1156 static int 1157 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1158 { 1159 struct ifbrparam *param = arg; 1160 1161 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1162 1163 return (0); 1164 } 1165 1166 static int 1167 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1168 { 1169 struct ifbrparam *param = arg; 1170 1171 if (param->ifbrp_hellotime == 0) 1172 return (EINVAL); 1173 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1174 1175 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1176 bstp_initialization(sc); 1177 1178 return (0); 1179 } 1180 1181 static int 1182 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1183 { 1184 struct ifbrparam *param = arg; 1185 1186 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1187 1188 return (0); 1189 } 1190 1191 static int 1192 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1193 { 1194 struct ifbrparam *param = arg; 1195 1196 if (param->ifbrp_fwddelay == 0) 1197 return (EINVAL); 1198 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1199 1200 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1201 bstp_initialization(sc); 1202 1203 return (0); 1204 } 1205 1206 static int 1207 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1208 { 1209 struct ifbrparam *param = arg; 1210 1211 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1212 1213 return (0); 1214 } 1215 1216 static int 1217 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1218 { 1219 struct ifbrparam *param = arg; 1220 1221 if (param->ifbrp_maxage == 0) 1222 return (EINVAL); 1223 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1224 1225 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1226 bstp_initialization(sc); 1227 1228 return (0); 1229 } 1230 1231 static int 1232 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1233 { 1234 struct ifbreq *req = arg; 1235 struct bridge_iflist *bif; 1236 1237 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1238 if (bif == NULL) 1239 return (ENOENT); 1240 1241 bif->bif_priority = req->ifbr_priority; 1242 1243 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1244 bstp_initialization(sc); 1245 1246 return (0); 1247 } 1248 1249 static int 1250 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1251 { 1252 struct ifbreq *req = arg; 1253 struct bridge_iflist *bif; 1254 1255 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1256 if (bif == NULL) 1257 return (ENOENT); 1258 1259 bif->bif_path_cost = req->ifbr_path_cost; 1260 1261 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1262 bstp_initialization(sc); 1263 1264 return (0); 1265 } 1266 1267 static int 1268 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1269 { 1270 struct ifbreq *req = arg; 1271 struct bridge_iflist *bif = NULL; 1272 struct ifnet *ifs; 1273 1274 ifs = ifunit(req->ifbr_ifsname); 1275 if (ifs == NULL) 1276 return (ENOENT); 1277 1278 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1279 if (ifs == bif->bif_ifp) 1280 return (EBUSY); 1281 1282 if (ifs->if_bridge != NULL) 1283 return (EBUSY); 1284 1285 switch (ifs->if_type) { 1286 case IFT_ETHER: 1287 case IFT_GIF: 1288 case IFT_L2VLAN: 1289 break; 1290 default: 1291 return (EINVAL); 1292 } 1293 1294 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 1295 1296 bif->bif_ifp = ifs; 1297 bif->bif_flags = IFBIF_SPAN; 1298 1299 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1300 1301 return (0); 1302 } 1303 1304 static int 1305 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1306 { 1307 struct ifbreq *req = arg; 1308 struct bridge_iflist *bif; 1309 struct ifnet *ifs; 1310 1311 ifs = ifunit(req->ifbr_ifsname); 1312 if (ifs == NULL) 1313 return (ENOENT); 1314 1315 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1316 if (ifs == bif->bif_ifp) 1317 break; 1318 1319 if (bif == NULL) 1320 return (ENOENT); 1321 1322 bridge_delete_span(sc, bif); 1323 1324 return (0); 1325 } 1326 1327 static void 1328 bridge_ifdetach_dispatch(struct netmsg *nmsg) 1329 { 1330 struct lwkt_msg *lmsg = &nmsg->nm_lmsg; 1331 struct ifnet *ifp, *bifp; 1332 struct bridge_softc *sc; 1333 struct bridge_iflist *bif; 1334 1335 ifp = lmsg->u.ms_resultp; 1336 sc = ifp->if_bridge; 1337 1338 /* Check if the interface is a bridge member */ 1339 if (sc != NULL) { 1340 bifp = sc->sc_ifp; 1341 1342 lwkt_serialize_enter(bifp->if_serializer); 1343 1344 bif = bridge_lookup_member_if(sc, ifp); 1345 if (bif != NULL) { 1346 bridge_delete_member(sc, bif, 1); 1347 } else { 1348 /* XXX Why bif will be NULL? */ 1349 } 1350 1351 lwkt_serialize_exit(bifp->if_serializer); 1352 goto reply; 1353 } 1354 1355 crit_enter(); /* XXX MP */ 1356 1357 /* Check if the interface is a span port */ 1358 LIST_FOREACH(sc, &bridge_list, sc_list) { 1359 bifp = sc->sc_ifp; 1360 1361 lwkt_serialize_enter(bifp->if_serializer); 1362 1363 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1364 if (ifp == bif->bif_ifp) { 1365 bridge_delete_span(sc, bif); 1366 break; 1367 } 1368 1369 lwkt_serialize_exit(bifp->if_serializer); 1370 } 1371 1372 crit_exit(); 1373 1374 reply: 1375 lwkt_replymsg(lmsg, 0); 1376 } 1377 1378 /* 1379 * bridge_ifdetach: 1380 * 1381 * Detach an interface from a bridge. Called when a member 1382 * interface is detaching. 1383 */ 1384 static void 1385 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1386 { 1387 struct lwkt_msg *lmsg; 1388 struct netmsg nmsg; 1389 1390 netmsg_init(&nmsg, &curthread->td_msgport, 0, bridge_ifdetach_dispatch); 1391 lmsg = &nmsg.nm_lmsg; 1392 lmsg->u.ms_resultp = ifp; 1393 1394 lwkt_domsg(cpu_portfn(0), lmsg, 0); 1395 } 1396 1397 /* 1398 * bridge_init: 1399 * 1400 * Initialize a bridge interface. 1401 */ 1402 static void 1403 bridge_init(void *xsc) 1404 { 1405 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1406 struct ifnet *ifp = sc->sc_ifp; 1407 1408 ASSERT_SERIALIZED(ifp->if_serializer); 1409 1410 if (ifp->if_flags & IFF_RUNNING) 1411 return; 1412 1413 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1414 bridge_timer, sc); 1415 1416 ifp->if_flags |= IFF_RUNNING; 1417 bstp_initialization(sc); 1418 return; 1419 } 1420 1421 /* 1422 * bridge_stop: 1423 * 1424 * Stop the bridge interface. 1425 */ 1426 static void 1427 bridge_stop(struct ifnet *ifp) 1428 { 1429 struct bridge_softc *sc = ifp->if_softc; 1430 1431 ASSERT_SERIALIZED(ifp->if_serializer); 1432 1433 if ((ifp->if_flags & IFF_RUNNING) == 0) 1434 return; 1435 1436 callout_stop(&sc->sc_brcallout); 1437 bstp_stop(sc); 1438 1439 bridge_rtflush(sc, IFBF_FLUSHDYN); 1440 1441 ifp->if_flags &= ~IFF_RUNNING; 1442 } 1443 1444 static void 1445 bridge_enqueue_internal(struct ifnet *dst_ifp, struct mbuf *m, 1446 netisr_fn_t handler) 1447 { 1448 struct netmsg_packet *nmp; 1449 lwkt_port_t port; 1450 int cpu = mycpu->gd_cpuid; 1451 1452 while (m->m_type == MT_TAG) { 1453 /* XXX see ether_output_frame for full rules check */ 1454 m = m->m_next; 1455 } 1456 1457 nmp = &m->m_hdr.mh_netmsg; 1458 netmsg_init(&nmp->nm_netmsg, &netisr_apanic_rport, 0, handler); 1459 nmp->nm_packet = m; 1460 nmp->nm_netmsg.nm_lmsg.u.ms_resultp = dst_ifp; 1461 1462 port = cpu_portfn(cpu); 1463 lwkt_sendmsg(port, &nmp->nm_netmsg.nm_lmsg); 1464 } 1465 1466 static void 1467 bridge_pfil_enqueue(struct ifnet *dst_ifp, struct mbuf *m, 1468 int runfilt) 1469 { 1470 netisr_fn_t handler; 1471 1472 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1473 #ifdef INET6 1474 || inet6_pfil_hook.ph_hashooks > 0 1475 #endif 1476 )) { 1477 handler = bridge_pfil_enqueue_handler; 1478 } else { 1479 handler = bridge_enqueue_handler; 1480 } 1481 bridge_enqueue_internal(dst_ifp, m, handler); 1482 } 1483 1484 /* 1485 * bridge_enqueue: 1486 * 1487 * Enqueue a packet on a bridge member interface. 1488 * 1489 */ 1490 void 1491 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1492 { 1493 bridge_enqueue_internal(dst_ifp, m, bridge_enqueue_handler); 1494 } 1495 1496 /* 1497 * bridge_output: 1498 * 1499 * Send output from a bridge member interface. This 1500 * performs the bridging function for locally originated 1501 * packets. 1502 * 1503 * The mbuf has the Ethernet header already attached. We must 1504 * enqueue or free the mbuf before returning. 1505 */ 1506 static int 1507 bridge_output(struct ifnet *ifp, struct mbuf *m) 1508 { 1509 struct bridge_softc *sc = ifp->if_bridge; 1510 struct ether_header *eh; 1511 struct ifnet *dst_if; 1512 1513 ASSERT_NOT_SERIALIZED(ifp->if_serializer); 1514 1515 /* 1516 * Make sure that we are still a member of a bridge interface. 1517 */ 1518 if (sc == NULL) { 1519 m_freem(m); 1520 return (0); 1521 } 1522 1523 if (m->m_len < ETHER_HDR_LEN) { 1524 m = m_pullup(m, ETHER_HDR_LEN); 1525 if (m == NULL) 1526 return (0); 1527 } 1528 1529 /* Serialize our bridge interface. */ 1530 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 1531 1532 eh = mtod(m, struct ether_header *); 1533 1534 /* 1535 * If bridge is down, but the original output interface is up, 1536 * go ahead and send out that interface. Otherwise, the packet 1537 * is dropped below. 1538 */ 1539 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0) { 1540 dst_if = ifp; 1541 goto sendunicast; 1542 } 1543 1544 /* 1545 * If the packet is a multicast, or we don't know a better way to 1546 * get there, send to all interfaces. 1547 */ 1548 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1549 dst_if = NULL; 1550 else 1551 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1552 if (dst_if == NULL) { 1553 struct bridge_iflist *bif; 1554 struct mbuf *mc; 1555 int used = 0; 1556 1557 bridge_span(sc, m); 1558 1559 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1560 dst_if = bif->bif_ifp; 1561 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1562 continue; 1563 1564 /* 1565 * If this is not the original output interface, 1566 * and the interface is participating in spanning 1567 * tree, make sure the port is in a state that 1568 * allows forwarding. 1569 */ 1570 if (dst_if != ifp && 1571 (bif->bif_flags & IFBIF_STP) != 0) { 1572 switch (bif->bif_state) { 1573 case BSTP_IFSTATE_BLOCKING: 1574 case BSTP_IFSTATE_LISTENING: 1575 case BSTP_IFSTATE_DISABLED: 1576 continue; 1577 } 1578 } 1579 1580 if (LIST_NEXT(bif, bif_next) == NULL) { 1581 used = 1; 1582 mc = m; 1583 } else { 1584 mc = m_copypacket(m, MB_DONTWAIT); 1585 if (mc == NULL) { 1586 sc->sc_ifp->if_oerrors++; 1587 continue; 1588 } 1589 } 1590 bridge_enqueue(dst_if, mc); 1591 } 1592 if (used == 0) 1593 m_freem(m); 1594 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1595 return (0); 1596 } 1597 1598 sendunicast: 1599 /* 1600 * XXX Spanning tree consideration here? 1601 */ 1602 1603 bridge_span(sc, m); 1604 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1605 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1606 m_freem(m); 1607 else 1608 bridge_enqueue(dst_if, m); 1609 return (0); 1610 } 1611 1612 /* 1613 * bridge_start: 1614 * 1615 * Start output on a bridge. 1616 * 1617 */ 1618 static void 1619 bridge_start(struct ifnet *ifp) 1620 { 1621 struct bridge_softc *sc = ifp->if_softc; 1622 1623 ASSERT_SERIALIZED(ifp->if_serializer); 1624 1625 ifp->if_flags |= IFF_OACTIVE; 1626 for (;;) { 1627 struct ifnet *dst_if = NULL; 1628 struct ether_header *eh; 1629 struct mbuf *m; 1630 1631 m = ifq_dequeue(&ifp->if_snd, NULL); 1632 if (m == NULL) 1633 break; 1634 1635 if (m->m_len < sizeof(*eh)) { 1636 m = m_pullup(m, sizeof(*eh)); 1637 if (m == NULL) { 1638 ifp->if_oerrors++; 1639 continue; 1640 } 1641 } 1642 eh = mtod(m, struct ether_header *); 1643 1644 BPF_MTAP(ifp, m); 1645 ifp->if_opackets++; 1646 1647 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 1648 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1649 1650 if (dst_if == NULL) 1651 bridge_broadcast(sc, ifp, m, 0); 1652 else 1653 bridge_enqueue(dst_if, m); 1654 } 1655 ifp->if_flags &= ~IFF_OACTIVE; 1656 } 1657 1658 /* 1659 * bridge_forward: 1660 * 1661 * The forwarding function of the bridge. 1662 */ 1663 static void 1664 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1665 { 1666 struct bridge_iflist *bif; 1667 struct ifnet *src_if, *dst_if, *ifp; 1668 struct ether_header *eh; 1669 1670 src_if = m->m_pkthdr.rcvif; 1671 ifp = sc->sc_ifp; 1672 1673 ASSERT_SERIALIZED(ifp->if_serializer); 1674 1675 ifp->if_ipackets++; 1676 ifp->if_ibytes += m->m_pkthdr.len; 1677 1678 /* 1679 * Look up the bridge_iflist. 1680 */ 1681 bif = bridge_lookup_member_if(sc, src_if); 1682 if (bif == NULL) { 1683 /* Interface is not a bridge member (anymore?) */ 1684 m_freem(m); 1685 return; 1686 } 1687 1688 if (bif->bif_flags & IFBIF_STP) { 1689 switch (bif->bif_state) { 1690 case BSTP_IFSTATE_BLOCKING: 1691 case BSTP_IFSTATE_LISTENING: 1692 case BSTP_IFSTATE_DISABLED: 1693 m_freem(m); 1694 return; 1695 } 1696 } 1697 1698 eh = mtod(m, struct ether_header *); 1699 1700 /* 1701 * If the interface is learning, and the source 1702 * address is valid and not multicast, record 1703 * the address. 1704 */ 1705 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1706 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1707 (eh->ether_shost[0] == 0 && 1708 eh->ether_shost[1] == 0 && 1709 eh->ether_shost[2] == 0 && 1710 eh->ether_shost[3] == 0 && 1711 eh->ether_shost[4] == 0 && 1712 eh->ether_shost[5] == 0) == 0) { 1713 bridge_rtupdate(sc, eh->ether_shost, src_if, 0, IFBAF_DYNAMIC); 1714 } 1715 1716 if ((bif->bif_flags & IFBIF_STP) != 0 && 1717 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1718 m_freem(m); 1719 return; 1720 } 1721 1722 /* 1723 * At this point, the port either doesn't participate 1724 * in spanning tree or it is in the forwarding state. 1725 */ 1726 1727 /* 1728 * If the packet is unicast, destined for someone on 1729 * "this" side of the bridge, drop it. 1730 */ 1731 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1732 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1733 if (src_if == dst_if) { 1734 m_freem(m); 1735 return; 1736 } 1737 } else { 1738 /* ...forward it to all interfaces. */ 1739 sc->sc_ifp->if_imcasts++; 1740 dst_if = NULL; 1741 } 1742 1743 if (dst_if == NULL) { 1744 bridge_broadcast(sc, src_if, m, 1); 1745 return; 1746 } 1747 1748 /* 1749 * At this point, we're dealing with a unicast frame 1750 * going to a different interface. 1751 */ 1752 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1753 m_freem(m); 1754 return; 1755 } 1756 bif = bridge_lookup_member_if(sc, dst_if); 1757 if (bif == NULL) { 1758 /* Not a member of the bridge (anymore?) */ 1759 m_freem(m); 1760 return; 1761 } 1762 1763 if (bif->bif_flags & IFBIF_STP) { 1764 switch (bif->bif_state) { 1765 case BSTP_IFSTATE_DISABLED: 1766 case BSTP_IFSTATE_BLOCKING: 1767 m_freem(m); 1768 return; 1769 } 1770 } 1771 1772 lwkt_serialize_exit(ifp->if_serializer); 1773 1774 /* run the packet filter */ 1775 if (inet_pfil_hook.ph_hashooks > 0 1776 #ifdef INET6 1777 || inet6_pfil_hook.ph_hashooks > 0 1778 #endif 1779 ) { 1780 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1781 goto done; 1782 if (m == NULL) 1783 goto done; 1784 1785 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 1786 goto done; 1787 if (m == NULL) 1788 goto done; 1789 } 1790 bridge_handoff(dst_if, m); 1791 1792 /* 1793 * ifp's serializer was held on entry and is expected to be held 1794 * on return. 1795 */ 1796 done: 1797 lwkt_serialize_enter(ifp->if_serializer); 1798 } 1799 1800 /* 1801 * bridge_input: 1802 * 1803 * Receive input from a member interface. Queue the packet for 1804 * bridging if it is not for us. 1805 */ 1806 static struct mbuf * 1807 bridge_input(struct ifnet *ifp, struct mbuf *m) 1808 { 1809 struct bridge_softc *sc = ifp->if_bridge; 1810 struct bridge_iflist *bif; 1811 struct ifnet *bifp, *new_ifp; 1812 struct ether_header *eh; 1813 struct mbuf *mc, *mc2; 1814 1815 /* 1816 * Make sure that we are still a member of a bridge interface. 1817 */ 1818 if (sc == NULL) 1819 return m; 1820 1821 new_ifp = NULL; 1822 bifp = sc->sc_ifp; 1823 1824 lwkt_serialize_enter(bifp->if_serializer); 1825 1826 if ((bifp->if_flags & IFF_RUNNING) == 0) 1827 goto out; 1828 1829 /* 1830 * Implement support for bridge monitoring. If this flag has been 1831 * set on this interface, discard the packet once we push it through 1832 * the bpf(4) machinery, but before we do, increment the byte and 1833 * packet counters associated with this interface. 1834 */ 1835 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1836 m->m_pkthdr.rcvif = bifp; 1837 BPF_MTAP(bifp, m); 1838 bifp->if_ipackets++; 1839 bifp->if_ibytes += m->m_pkthdr.len; 1840 m_freem(m); 1841 m = NULL; 1842 goto out; 1843 } 1844 1845 eh = mtod(m, struct ether_header *); 1846 1847 m->m_flags &= ~M_PROTO1; /* XXX Hack - loop prevention */ 1848 1849 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 1850 /* 1851 * If the packet is for us, set the packets source as the 1852 * bridge, and return the packet back to ifnet.if_input for 1853 * local processing. 1854 */ 1855 KASSERT(bifp->if_bridge == NULL, 1856 ("loop created in bridge_input")); 1857 new_ifp = bifp; 1858 goto out; 1859 } 1860 1861 /* 1862 * Tap all packets arriving on the bridge, no matter if 1863 * they are local destinations or not. In is in. 1864 */ 1865 BPF_MTAP(bifp, m); 1866 1867 bif = bridge_lookup_member_if(sc, ifp); 1868 if (bif == NULL) 1869 goto out; 1870 1871 bridge_span(sc, m); 1872 1873 if (m->m_flags & (M_BCAST | M_MCAST)) { 1874 /* Tap off 802.1D packets; they do not get forwarded. */ 1875 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1876 ETHER_ADDR_LEN) == 0) { 1877 m = bstp_input(sc, bif, m); 1878 KASSERT(m == NULL, 1879 ("attempt to deliver 802.1D packet\n")); 1880 goto out; 1881 } 1882 1883 if (bif->bif_flags & IFBIF_STP) { 1884 switch (bif->bif_state) { 1885 case BSTP_IFSTATE_BLOCKING: 1886 case BSTP_IFSTATE_LISTENING: 1887 case BSTP_IFSTATE_DISABLED: 1888 goto out; 1889 } 1890 } 1891 1892 /* 1893 * Make a deep copy of the packet and enqueue the copy 1894 * for bridge processing; return the original packet for 1895 * local processing. 1896 */ 1897 mc = m_dup(m, MB_DONTWAIT); 1898 if (mc == NULL) 1899 goto out; 1900 1901 bridge_forward(sc, mc); 1902 1903 /* 1904 * Reinject the mbuf as arriving on the bridge so we have a 1905 * chance at claiming multicast packets. We can not loop back 1906 * here from ether_input as a bridge is never a member of a 1907 * bridge. 1908 */ 1909 KASSERT(bifp->if_bridge == NULL, 1910 ("loop created in bridge_input")); 1911 mc2 = m_dup(m, MB_DONTWAIT); 1912 #ifdef notyet 1913 if (mc2 != NULL) { 1914 /* Keep the layer3 header aligned */ 1915 int i = min(mc2->m_pkthdr.len, max_protohdr); 1916 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 1917 } 1918 #endif 1919 if (mc2 != NULL) { 1920 mc2->m_pkthdr.rcvif = bifp; 1921 bifp->if_ipackets++; 1922 bifp->if_input(bifp, mc2); 1923 } 1924 1925 /* Return the original packet for local processing. */ 1926 goto out; 1927 } 1928 1929 if (bif->bif_flags & IFBIF_STP) { 1930 switch (bif->bif_state) { 1931 case BSTP_IFSTATE_BLOCKING: 1932 case BSTP_IFSTATE_LISTENING: 1933 case BSTP_IFSTATE_DISABLED: 1934 goto out; 1935 } 1936 } 1937 1938 /* 1939 * Unicast. Make sure it's not for us. 1940 */ 1941 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1942 if (bif->bif_ifp->if_type != IFT_ETHER) 1943 continue; 1944 1945 /* It is destined for us. */ 1946 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1947 ETHER_ADDR_LEN) == 0) { 1948 if (bif->bif_flags & IFBIF_LEARNING) { 1949 bridge_rtupdate(sc, 1950 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1951 } 1952 1953 if (bif->bif_ifp != ifp) { 1954 /* XXX loop prevention */ 1955 m->m_flags |= M_PROTO1; 1956 new_ifp = bif->bif_ifp; 1957 } 1958 goto out; 1959 } 1960 1961 /* We just received a packet that we sent out. */ 1962 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1963 ETHER_ADDR_LEN) == 0) { 1964 m_freem(m); 1965 m = NULL; 1966 goto out; 1967 } 1968 } 1969 1970 /* Perform the bridge forwarding function. */ 1971 bridge_forward(sc, m); 1972 m = NULL; 1973 out: 1974 lwkt_serialize_exit(bifp->if_serializer); 1975 1976 if (new_ifp != NULL) { 1977 lwkt_serialize_enter(new_ifp->if_serializer); 1978 1979 m->m_pkthdr.rcvif = new_ifp; 1980 new_ifp->if_ipackets++; 1981 new_ifp->if_input(new_ifp, m); 1982 m = NULL; 1983 1984 lwkt_serialize_exit(new_ifp->if_serializer); 1985 } 1986 return (m); 1987 } 1988 1989 /* 1990 * bridge_broadcast: 1991 * 1992 * Send a frame to all interfaces that are members of 1993 * the bridge, except for the one on which the packet 1994 * arrived. 1995 */ 1996 static void 1997 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1998 struct mbuf *m, int runfilt) 1999 { 2000 struct bridge_iflist *bif; 2001 struct mbuf *mc; 2002 struct ifnet *dst_if, *bifp; 2003 int used = 0; 2004 2005 bifp = sc->sc_ifp; 2006 2007 ASSERT_SERIALIZED(bifp->if_serializer); 2008 2009 /* run the packet filter */ 2010 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 2011 #ifdef INET6 2012 || inet6_pfil_hook.ph_hashooks > 0 2013 #endif 2014 )) { 2015 lwkt_serialize_exit(bifp->if_serializer); 2016 2017 /* Filter on the bridge interface before broadcasting */ 2018 2019 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 2020 goto filt; 2021 if (m == NULL) 2022 goto filt; 2023 2024 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 2025 m = NULL; 2026 filt: 2027 lwkt_serialize_enter(bifp->if_serializer); 2028 if (m == NULL) 2029 return; 2030 } 2031 2032 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 2033 dst_if = bif->bif_ifp; 2034 if (dst_if == src_if) 2035 continue; 2036 2037 if (bif->bif_flags & IFBIF_STP) { 2038 switch (bif->bif_state) { 2039 case BSTP_IFSTATE_BLOCKING: 2040 case BSTP_IFSTATE_DISABLED: 2041 continue; 2042 } 2043 } 2044 2045 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2046 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2047 continue; 2048 2049 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2050 continue; 2051 2052 if (LIST_NEXT(bif, bif_next) == NULL) { 2053 mc = m; 2054 used = 1; 2055 } else { 2056 mc = m_copypacket(m, MB_DONTWAIT); 2057 if (mc == NULL) { 2058 sc->sc_ifp->if_oerrors++; 2059 continue; 2060 } 2061 } 2062 bridge_pfil_enqueue(dst_if, mc, runfilt); 2063 } 2064 if (used == 0) 2065 m_freem(m); 2066 } 2067 2068 /* 2069 * bridge_span: 2070 * 2071 * Duplicate a packet out one or more interfaces that are in span mode, 2072 * the original mbuf is unmodified. 2073 */ 2074 static void 2075 bridge_span(struct bridge_softc *sc, struct mbuf *m) 2076 { 2077 struct bridge_iflist *bif; 2078 struct ifnet *dst_if; 2079 struct mbuf *mc; 2080 2081 if (LIST_EMPTY(&sc->sc_spanlist)) 2082 return; 2083 2084 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2085 dst_if = bif->bif_ifp; 2086 2087 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2088 continue; 2089 2090 mc = m_copypacket(m, MB_DONTWAIT); 2091 if (mc == NULL) { 2092 sc->sc_ifp->if_oerrors++; 2093 continue; 2094 } 2095 2096 bridge_enqueue(dst_if, mc); 2097 } 2098 } 2099 2100 /* 2101 * bridge_rtupdate: 2102 * 2103 * Add a bridge routing entry. 2104 * Can be called from interrupt context. 2105 */ 2106 static int 2107 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2108 struct ifnet *dst_if, int setflags, uint8_t flags) 2109 { 2110 struct bridge_rtnode *brt; 2111 int error; 2112 2113 /* 2114 * A route for this destination might already exist. If so, 2115 * update it, otherwise create a new one. 2116 */ 2117 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2118 if (sc->sc_brtcnt >= sc->sc_brtmax) 2119 return (ENOSPC); 2120 2121 /* 2122 * Allocate a new bridge forwarding node, and 2123 * initialize the expiration time and Ethernet 2124 * address. 2125 */ 2126 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 2127 M_INTNOWAIT|M_ZERO); 2128 if (brt == NULL) 2129 return (ENOMEM); 2130 2131 brt->brt_flags = IFBAF_DYNAMIC; 2132 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2133 2134 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2135 kfree(brt, M_DEVBUF); 2136 return (error); 2137 } 2138 } 2139 2140 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2141 brt->brt_ifp = dst_if; 2142 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2143 brt->brt_expire = time_second + sc->sc_brttimeout; 2144 if (setflags) 2145 brt->brt_flags = flags; 2146 2147 return (0); 2148 } 2149 2150 /* 2151 * bridge_rtlookup: 2152 * 2153 * Lookup the destination interface for an address. 2154 */ 2155 static struct ifnet * 2156 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2157 { 2158 struct bridge_rtnode *brt; 2159 2160 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2161 return (NULL); 2162 2163 return (brt->brt_ifp); 2164 } 2165 2166 /* 2167 * bridge_rttrim: 2168 * 2169 * Trim the routine table so that we have a number 2170 * of routing entries less than or equal to the 2171 * maximum number. 2172 */ 2173 static void 2174 bridge_rttrim(struct bridge_softc *sc) 2175 { 2176 struct bridge_rtnode *brt, *nbrt; 2177 2178 /* Make sure we actually need to do this. */ 2179 if (sc->sc_brtcnt <= sc->sc_brtmax) 2180 return; 2181 2182 /* Force an aging cycle; this might trim enough addresses. */ 2183 bridge_rtage(sc); 2184 if (sc->sc_brtcnt <= sc->sc_brtmax) 2185 return; 2186 2187 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2188 nbrt = LIST_NEXT(brt, brt_list); 2189 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2190 bridge_rtnode_destroy(sc, brt); 2191 if (sc->sc_brtcnt <= sc->sc_brtmax) 2192 return; 2193 } 2194 } 2195 } 2196 2197 /* 2198 * bridge_timer: 2199 * 2200 * Aging timer for the bridge. 2201 */ 2202 static void 2203 bridge_timer(void *arg) 2204 { 2205 struct bridge_softc *sc = arg; 2206 2207 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 2208 2209 bridge_rtage(sc); 2210 2211 if (sc->sc_ifp->if_flags & IFF_RUNNING) 2212 callout_reset(&sc->sc_brcallout, 2213 bridge_rtable_prune_period * hz, bridge_timer, sc); 2214 2215 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 2216 } 2217 2218 /* 2219 * bridge_rtage: 2220 * 2221 * Perform an aging cycle. 2222 */ 2223 static void 2224 bridge_rtage(struct bridge_softc *sc) 2225 { 2226 struct bridge_rtnode *brt, *nbrt; 2227 2228 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2229 nbrt = LIST_NEXT(brt, brt_list); 2230 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2231 if (time_second >= brt->brt_expire) 2232 bridge_rtnode_destroy(sc, brt); 2233 } 2234 } 2235 } 2236 2237 /* 2238 * bridge_rtflush: 2239 * 2240 * Remove all dynamic addresses from the bridge. 2241 */ 2242 static void 2243 bridge_rtflush(struct bridge_softc *sc, int full) 2244 { 2245 struct bridge_rtnode *brt, *nbrt; 2246 2247 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2248 nbrt = LIST_NEXT(brt, brt_list); 2249 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2250 bridge_rtnode_destroy(sc, brt); 2251 } 2252 } 2253 2254 /* 2255 * bridge_rtdaddr: 2256 * 2257 * Remove an address from the table. 2258 */ 2259 static int 2260 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2261 { 2262 struct bridge_rtnode *brt; 2263 2264 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2265 return (ENOENT); 2266 2267 bridge_rtnode_destroy(sc, brt); 2268 return (0); 2269 } 2270 2271 /* 2272 * bridge_rtdelete: 2273 * 2274 * Delete routes to a speicifc member interface. 2275 */ 2276 void 2277 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2278 { 2279 struct bridge_rtnode *brt, *nbrt; 2280 2281 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2282 nbrt = LIST_NEXT(brt, brt_list); 2283 if (brt->brt_ifp == ifp && (full || 2284 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2285 bridge_rtnode_destroy(sc, brt); 2286 } 2287 } 2288 2289 /* 2290 * bridge_rtable_init: 2291 * 2292 * Initialize the route table for this bridge. 2293 */ 2294 static int 2295 bridge_rtable_init(struct bridge_softc *sc) 2296 { 2297 int i; 2298 2299 sc->sc_rthash = kmalloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2300 M_DEVBUF, M_WAITOK); 2301 2302 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2303 LIST_INIT(&sc->sc_rthash[i]); 2304 2305 sc->sc_rthash_key = karc4random(); 2306 2307 LIST_INIT(&sc->sc_rtlist); 2308 2309 return (0); 2310 } 2311 2312 /* 2313 * bridge_rtable_fini: 2314 * 2315 * Deconstruct the route table for this bridge. 2316 */ 2317 static void 2318 bridge_rtable_fini(struct bridge_softc *sc) 2319 { 2320 2321 kfree(sc->sc_rthash, M_DEVBUF); 2322 } 2323 2324 /* 2325 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2326 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2327 */ 2328 #define mix(a, b, c) \ 2329 do { \ 2330 a -= b; a -= c; a ^= (c >> 13); \ 2331 b -= c; b -= a; b ^= (a << 8); \ 2332 c -= a; c -= b; c ^= (b >> 13); \ 2333 a -= b; a -= c; a ^= (c >> 12); \ 2334 b -= c; b -= a; b ^= (a << 16); \ 2335 c -= a; c -= b; c ^= (b >> 5); \ 2336 a -= b; a -= c; a ^= (c >> 3); \ 2337 b -= c; b -= a; b ^= (a << 10); \ 2338 c -= a; c -= b; c ^= (b >> 15); \ 2339 } while (/*CONSTCOND*/0) 2340 2341 static __inline uint32_t 2342 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2343 { 2344 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2345 2346 b += addr[5] << 8; 2347 b += addr[4]; 2348 a += addr[3] << 24; 2349 a += addr[2] << 16; 2350 a += addr[1] << 8; 2351 a += addr[0]; 2352 2353 mix(a, b, c); 2354 2355 return (c & BRIDGE_RTHASH_MASK); 2356 } 2357 2358 #undef mix 2359 2360 static int 2361 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2362 { 2363 int i, d; 2364 2365 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2366 d = ((int)a[i]) - ((int)b[i]); 2367 } 2368 2369 return (d); 2370 } 2371 2372 /* 2373 * bridge_rtnode_lookup: 2374 * 2375 * Look up a bridge route node for the specified destination. 2376 */ 2377 static struct bridge_rtnode * 2378 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2379 { 2380 struct bridge_rtnode *brt; 2381 uint32_t hash; 2382 int dir; 2383 2384 hash = bridge_rthash(sc, addr); 2385 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2386 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2387 if (dir == 0) 2388 return (brt); 2389 if (dir > 0) 2390 return (NULL); 2391 } 2392 2393 return (NULL); 2394 } 2395 2396 /* 2397 * bridge_rtnode_insert: 2398 * 2399 * Insert the specified bridge node into the route table. We 2400 * assume the entry is not already in the table. 2401 */ 2402 static int 2403 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2404 { 2405 struct bridge_rtnode *lbrt; 2406 uint32_t hash; 2407 int dir; 2408 2409 hash = bridge_rthash(sc, brt->brt_addr); 2410 2411 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2412 if (lbrt == NULL) { 2413 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2414 goto out; 2415 } 2416 2417 do { 2418 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2419 if (dir == 0) 2420 return (EEXIST); 2421 if (dir > 0) { 2422 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2423 goto out; 2424 } 2425 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2426 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2427 goto out; 2428 } 2429 lbrt = LIST_NEXT(lbrt, brt_hash); 2430 } while (lbrt != NULL); 2431 2432 #ifdef DIAGNOSTIC 2433 panic("bridge_rtnode_insert: impossible"); 2434 #endif 2435 2436 out: 2437 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2438 sc->sc_brtcnt++; 2439 2440 return (0); 2441 } 2442 2443 /* 2444 * bridge_rtnode_destroy: 2445 * 2446 * Destroy a bridge rtnode. 2447 */ 2448 static void 2449 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2450 { 2451 2452 LIST_REMOVE(brt, brt_hash); 2453 2454 LIST_REMOVE(brt, brt_list); 2455 sc->sc_brtcnt--; 2456 kfree(brt, M_DEVBUF); 2457 } 2458 2459 /* 2460 * Send bridge packets through pfil if they are one of the types pfil can deal 2461 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2462 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2463 * that interface. 2464 */ 2465 static int 2466 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2467 { 2468 int snap, error, i, hlen; 2469 struct ether_header *eh1, eh2; 2470 struct ip *ip; 2471 struct llc llc1; 2472 u_int16_t ether_type; 2473 2474 snap = 0; 2475 error = -1; /* Default error if not error == 0 */ 2476 2477 if (pfil_bridge == 0 && pfil_member == 0) 2478 return (0); /* filtering is disabled */ 2479 2480 i = min((*mp)->m_pkthdr.len, max_protohdr); 2481 if ((*mp)->m_len < i) { 2482 *mp = m_pullup(*mp, i); 2483 if (*mp == NULL) { 2484 kprintf("%s: m_pullup failed\n", __func__); 2485 return (-1); 2486 } 2487 } 2488 2489 eh1 = mtod(*mp, struct ether_header *); 2490 ether_type = ntohs(eh1->ether_type); 2491 2492 /* 2493 * Check for SNAP/LLC. 2494 */ 2495 if (ether_type < ETHERMTU) { 2496 struct llc *llc2 = (struct llc *)(eh1 + 1); 2497 2498 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2499 llc2->llc_dsap == LLC_SNAP_LSAP && 2500 llc2->llc_ssap == LLC_SNAP_LSAP && 2501 llc2->llc_control == LLC_UI) { 2502 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2503 snap = 1; 2504 } 2505 } 2506 2507 /* 2508 * If we're trying to filter bridge traffic, don't look at anything 2509 * other than IP and ARP traffic. If the filter doesn't understand 2510 * IPv6, don't allow IPv6 through the bridge either. This is lame 2511 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2512 * but of course we don't have an AppleTalk filter to begin with. 2513 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2514 * ARP traffic.) 2515 */ 2516 switch (ether_type) { 2517 case ETHERTYPE_ARP: 2518 case ETHERTYPE_REVARP: 2519 return (0); /* Automatically pass */ 2520 case ETHERTYPE_IP: 2521 #ifdef INET6 2522 case ETHERTYPE_IPV6: 2523 #endif /* INET6 */ 2524 break; 2525 default: 2526 /* 2527 * Check to see if the user wants to pass non-ip 2528 * packets, these will not be checked by pfil(9) and 2529 * passed unconditionally so the default is to drop. 2530 */ 2531 if (pfil_onlyip) 2532 goto bad; 2533 } 2534 2535 /* Strip off the Ethernet header and keep a copy. */ 2536 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2537 m_adj(*mp, ETHER_HDR_LEN); 2538 2539 /* Strip off snap header, if present */ 2540 if (snap) { 2541 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2542 m_adj(*mp, sizeof(struct llc)); 2543 } 2544 2545 /* 2546 * Check the IP header for alignment and errors 2547 */ 2548 if (dir == PFIL_IN) { 2549 switch (ether_type) { 2550 case ETHERTYPE_IP: 2551 error = bridge_ip_checkbasic(mp); 2552 break; 2553 #ifdef INET6 2554 case ETHERTYPE_IPV6: 2555 error = bridge_ip6_checkbasic(mp); 2556 break; 2557 #endif /* INET6 */ 2558 default: 2559 error = 0; 2560 } 2561 if (error) 2562 goto bad; 2563 } 2564 2565 error = 0; 2566 2567 /* 2568 * Run the packet through pfil 2569 */ 2570 switch (ether_type) 2571 { 2572 case ETHERTYPE_IP : 2573 /* 2574 * before calling the firewall, swap fields the same as 2575 * IP does. here we assume the header is contiguous 2576 */ 2577 ip = mtod(*mp, struct ip *); 2578 2579 ip->ip_len = ntohs(ip->ip_len); 2580 ip->ip_off = ntohs(ip->ip_off); 2581 2582 /* 2583 * Run pfil on the member interface and the bridge, both can 2584 * be skipped by clearing pfil_member or pfil_bridge. 2585 * 2586 * Keep the order: 2587 * in_if -> bridge_if -> out_if 2588 */ 2589 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2590 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2591 dir); 2592 2593 if (*mp == NULL || error != 0) /* filter may consume */ 2594 break; 2595 2596 if (pfil_member && ifp != NULL) 2597 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2598 dir); 2599 2600 if (*mp == NULL || error != 0) /* filter may consume */ 2601 break; 2602 2603 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2604 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2605 dir); 2606 2607 if (*mp == NULL || error != 0) /* filter may consume */ 2608 break; 2609 2610 /* check if we need to fragment the packet */ 2611 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2612 i = (*mp)->m_pkthdr.len; 2613 if (i > ifp->if_mtu) { 2614 error = bridge_fragment(ifp, *mp, &eh2, snap, 2615 &llc1); 2616 return (error); 2617 } 2618 } 2619 2620 /* Recalculate the ip checksum and restore byte ordering */ 2621 ip = mtod(*mp, struct ip *); 2622 hlen = ip->ip_hl << 2; 2623 if (hlen < sizeof(struct ip)) 2624 goto bad; 2625 if (hlen > (*mp)->m_len) { 2626 if ((*mp = m_pullup(*mp, hlen)) == 0) 2627 goto bad; 2628 ip = mtod(*mp, struct ip *); 2629 if (ip == NULL) 2630 goto bad; 2631 } 2632 ip->ip_len = htons(ip->ip_len); 2633 ip->ip_off = htons(ip->ip_off); 2634 ip->ip_sum = 0; 2635 if (hlen == sizeof(struct ip)) 2636 ip->ip_sum = in_cksum_hdr(ip); 2637 else 2638 ip->ip_sum = in_cksum(*mp, hlen); 2639 2640 break; 2641 #ifdef INET6 2642 case ETHERTYPE_IPV6 : 2643 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2644 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2645 dir); 2646 2647 if (*mp == NULL || error != 0) /* filter may consume */ 2648 break; 2649 2650 if (pfil_member && ifp != NULL) 2651 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2652 dir); 2653 2654 if (*mp == NULL || error != 0) /* filter may consume */ 2655 break; 2656 2657 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2658 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2659 dir); 2660 break; 2661 #endif 2662 default : 2663 error = 0; 2664 break; 2665 } 2666 2667 if (*mp == NULL) 2668 return (error); 2669 if (error != 0) 2670 goto bad; 2671 2672 error = -1; 2673 2674 /* 2675 * Finally, put everything back the way it was and return 2676 */ 2677 if (snap) { 2678 M_PREPEND(*mp, sizeof(struct llc), MB_DONTWAIT); 2679 if (*mp == NULL) 2680 return (error); 2681 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2682 } 2683 2684 M_PREPEND(*mp, ETHER_HDR_LEN, MB_DONTWAIT); 2685 if (*mp == NULL) 2686 return (error); 2687 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2688 2689 return (0); 2690 2691 bad: 2692 m_freem(*mp); 2693 *mp = NULL; 2694 return (error); 2695 } 2696 2697 /* 2698 * Perform basic checks on header size since 2699 * pfil assumes ip_input has already processed 2700 * it for it. Cut-and-pasted from ip_input.c. 2701 * Given how simple the IPv6 version is, 2702 * does the IPv4 version really need to be 2703 * this complicated? 2704 * 2705 * XXX Should we update ipstat here, or not? 2706 * XXX Right now we update ipstat but not 2707 * XXX csum_counter. 2708 */ 2709 static int 2710 bridge_ip_checkbasic(struct mbuf **mp) 2711 { 2712 struct mbuf *m = *mp; 2713 struct ip *ip; 2714 int len, hlen; 2715 u_short sum; 2716 2717 if (*mp == NULL) 2718 return (-1); 2719 #if notyet 2720 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2721 if ((m = m_copyup(m, sizeof(struct ip), 2722 (max_linkhdr + 3) & ~3)) == NULL) { 2723 /* XXXJRT new stat, please */ 2724 ipstat.ips_toosmall++; 2725 goto bad; 2726 } 2727 } else 2728 #endif 2729 #ifndef __predict_false 2730 #define __predict_false(x) x 2731 #endif 2732 if (__predict_false(m->m_len < sizeof (struct ip))) { 2733 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2734 ipstat.ips_toosmall++; 2735 goto bad; 2736 } 2737 } 2738 ip = mtod(m, struct ip *); 2739 if (ip == NULL) goto bad; 2740 2741 if (ip->ip_v != IPVERSION) { 2742 ipstat.ips_badvers++; 2743 goto bad; 2744 } 2745 hlen = ip->ip_hl << 2; 2746 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2747 ipstat.ips_badhlen++; 2748 goto bad; 2749 } 2750 if (hlen > m->m_len) { 2751 if ((m = m_pullup(m, hlen)) == 0) { 2752 ipstat.ips_badhlen++; 2753 goto bad; 2754 } 2755 ip = mtod(m, struct ip *); 2756 if (ip == NULL) goto bad; 2757 } 2758 2759 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2760 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2761 } else { 2762 if (hlen == sizeof(struct ip)) { 2763 sum = in_cksum_hdr(ip); 2764 } else { 2765 sum = in_cksum(m, hlen); 2766 } 2767 } 2768 if (sum) { 2769 ipstat.ips_badsum++; 2770 goto bad; 2771 } 2772 2773 /* Retrieve the packet length. */ 2774 len = ntohs(ip->ip_len); 2775 2776 /* 2777 * Check for additional length bogosity 2778 */ 2779 if (len < hlen) { 2780 ipstat.ips_badlen++; 2781 goto bad; 2782 } 2783 2784 /* 2785 * Check that the amount of data in the buffers 2786 * is as at least much as the IP header would have us expect. 2787 * Drop packet if shorter than we expect. 2788 */ 2789 if (m->m_pkthdr.len < len) { 2790 ipstat.ips_tooshort++; 2791 goto bad; 2792 } 2793 2794 /* Checks out, proceed */ 2795 *mp = m; 2796 return (0); 2797 2798 bad: 2799 *mp = m; 2800 return (-1); 2801 } 2802 2803 #ifdef INET6 2804 /* 2805 * Same as above, but for IPv6. 2806 * Cut-and-pasted from ip6_input.c. 2807 * XXX Should we update ip6stat, or not? 2808 */ 2809 static int 2810 bridge_ip6_checkbasic(struct mbuf **mp) 2811 { 2812 struct mbuf *m = *mp; 2813 struct ip6_hdr *ip6; 2814 2815 /* 2816 * If the IPv6 header is not aligned, slurp it up into a new 2817 * mbuf with space for link headers, in the event we forward 2818 * it. Otherwise, if it is aligned, make sure the entire base 2819 * IPv6 header is in the first mbuf of the chain. 2820 */ 2821 #if notyet 2822 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2823 struct ifnet *inifp = m->m_pkthdr.rcvif; 2824 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2825 (max_linkhdr + 3) & ~3)) == NULL) { 2826 /* XXXJRT new stat, please */ 2827 ip6stat.ip6s_toosmall++; 2828 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2829 goto bad; 2830 } 2831 } else 2832 #endif 2833 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2834 struct ifnet *inifp = m->m_pkthdr.rcvif; 2835 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2836 ip6stat.ip6s_toosmall++; 2837 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2838 goto bad; 2839 } 2840 } 2841 2842 ip6 = mtod(m, struct ip6_hdr *); 2843 2844 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2845 ip6stat.ip6s_badvers++; 2846 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2847 goto bad; 2848 } 2849 2850 /* Checks out, proceed */ 2851 *mp = m; 2852 return (0); 2853 2854 bad: 2855 *mp = m; 2856 return (-1); 2857 } 2858 #endif /* INET6 */ 2859 2860 /* 2861 * bridge_fragment: 2862 * 2863 * Return a fragmented mbuf chain. 2864 */ 2865 static int 2866 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 2867 int snap, struct llc *llc) 2868 { 2869 struct mbuf *m0; 2870 struct ip *ip; 2871 int error = -1; 2872 2873 if (m->m_len < sizeof(struct ip) && 2874 (m = m_pullup(m, sizeof(struct ip))) == NULL) 2875 goto out; 2876 ip = mtod(m, struct ip *); 2877 2878 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 2879 CSUM_DELAY_IP); 2880 if (error) 2881 goto out; 2882 2883 /* walk the chain and re-add the Ethernet header */ 2884 for (m0 = m; m0; m0 = m0->m_nextpkt) { 2885 if (error == 0) { 2886 if (snap) { 2887 M_PREPEND(m0, sizeof(struct llc), MB_DONTWAIT); 2888 if (m0 == NULL) { 2889 error = ENOBUFS; 2890 continue; 2891 } 2892 bcopy(llc, mtod(m0, caddr_t), 2893 sizeof(struct llc)); 2894 } 2895 M_PREPEND(m0, ETHER_HDR_LEN, MB_DONTWAIT); 2896 if (m0 == NULL) { 2897 error = ENOBUFS; 2898 continue; 2899 } 2900 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 2901 } else 2902 m_freem(m); 2903 } 2904 2905 if (error == 0) 2906 ipstat.ips_fragmented++; 2907 2908 return (error); 2909 2910 out: 2911 if (m != NULL) 2912 m_freem(m); 2913 return (error); 2914 } 2915 2916 static void 2917 bridge_enqueue_handler(struct netmsg *nmsg) 2918 { 2919 struct netmsg_packet *nmp; 2920 struct ifnet *dst_ifp; 2921 struct mbuf *m; 2922 2923 nmp = (struct netmsg_packet *)nmsg; 2924 m = nmp->nm_packet; 2925 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2926 2927 bridge_handoff_notags(dst_ifp, m); 2928 } 2929 2930 static void 2931 bridge_pfil_enqueue_handler(struct netmsg *nmsg) 2932 { 2933 struct netmsg_packet *nmp; 2934 struct ifnet *dst_ifp; 2935 struct mbuf *m; 2936 2937 nmp = (struct netmsg_packet *)nmsg; 2938 m = nmp->nm_packet; 2939 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2940 2941 /* 2942 * Filter on the output interface. Pass a NULL bridge interface 2943 * pointer so we do not redundantly filter on the bridge for 2944 * each interface we broadcast on. 2945 */ 2946 if (inet_pfil_hook.ph_hashooks > 0 2947 #ifdef INET6 2948 || inet6_pfil_hook.ph_hashooks > 0 2949 #endif 2950 ) { 2951 if (bridge_pfil(&m, NULL, dst_ifp, PFIL_OUT) != 0) 2952 return; 2953 if (m == NULL) 2954 return; 2955 } 2956 bridge_handoff_notags(dst_ifp, m); 2957 } 2958 2959 static void 2960 bridge_handoff(struct ifnet *dst_ifp, struct mbuf *m) 2961 { 2962 while (m->m_type == MT_TAG) { 2963 /* XXX see ether_output_frame for full rules check */ 2964 m = m->m_next; 2965 } 2966 bridge_handoff_notags(dst_ifp, m); 2967 } 2968 2969 static void 2970 bridge_handoff_notags(struct ifnet *dst_ifp, struct mbuf *m) 2971 { 2972 struct mbuf *m0; 2973 2974 KKASSERT(m->m_type != MT_TAG); 2975 2976 lwkt_serialize_enter(dst_ifp->if_serializer); 2977 2978 /* We may be sending a fragment so traverse the mbuf */ 2979 for (; m; m = m0) { 2980 struct altq_pktattr pktattr; 2981 2982 m0 = m->m_nextpkt; 2983 m->m_nextpkt = NULL; 2984 2985 if (ifq_is_enabled(&dst_ifp->if_snd)) 2986 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 2987 2988 ifq_handoff(dst_ifp, m, &pktattr); 2989 } 2990 2991 lwkt_serialize_exit(dst_ifp->if_serializer); 2992 } 2993 2994 struct netmsg_brgctl { 2995 struct netmsg bc_nmsg; 2996 bridge_ctl_t bc_func; 2997 struct bridge_softc *bc_sc; 2998 void *bc_arg; 2999 }; 3000 3001 static void 3002 bridge_control_dispatch(struct netmsg *nmsg) 3003 { 3004 struct netmsg_brgctl *bc_msg = (struct netmsg_brgctl *)nmsg; 3005 struct ifnet *bifp = bc_msg->bc_sc->sc_ifp; 3006 int error; 3007 3008 lwkt_serialize_enter(bifp->if_serializer); 3009 error = bc_msg->bc_func(bc_msg->bc_sc, bc_msg->bc_arg); 3010 lwkt_serialize_exit(bifp->if_serializer); 3011 3012 lwkt_replymsg(&nmsg->nm_lmsg, error); 3013 } 3014 3015 static int 3016 bridge_control(struct bridge_softc *sc, u_long cmd, 3017 bridge_ctl_t bc_func, void *bc_arg) 3018 { 3019 struct ifnet *bifp = sc->sc_ifp; 3020 struct netmsg_brgctl bc_msg; 3021 struct netmsg *nmsg; 3022 int error; 3023 3024 ASSERT_SERIALIZED(bifp->if_serializer); 3025 3026 if (cmd == SIOCGDRVSPEC) { 3027 /* 3028 * Don't dispatch 'get' ioctl to netisr0; 3029 * there are copyouts down deep inside 3030 * specific bridge ioctl functions. 3031 */ 3032 return bc_func(sc, bc_arg); 3033 } 3034 3035 bzero(&bc_msg, sizeof(bc_msg)); 3036 nmsg = &bc_msg.bc_nmsg; 3037 3038 netmsg_init(nmsg, &curthread->td_msgport, 0, bridge_control_dispatch); 3039 bc_msg.bc_func = bc_func; 3040 bc_msg.bc_sc = sc; 3041 bc_msg.bc_arg = bc_arg; 3042 3043 lwkt_serialize_exit(bifp->if_serializer); 3044 error = lwkt_domsg(cpu_portfn(0), &nmsg->nm_lmsg, 0); 3045 lwkt_serialize_enter(bifp->if_serializer); 3046 return error; 3047 } 3048