1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 * $DragonFly: src/sys/net/bridge/if_bridge.c,v 1.26 2007/11/27 11:15:30 sephe Exp $ 70 */ 71 72 /* 73 * Network interface bridge support. 74 * 75 * TODO: 76 * 77 * - Currently only supports Ethernet-like interfaces (Ethernet, 78 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 79 * to bridge other types of interfaces (FDDI-FDDI, and maybe 80 * consider heterogenous bridges). 81 */ 82 83 #include <sys/cdefs.h> 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <sys/module.h> 101 #include <sys/proc.h> 102 #include <sys/lock.h> 103 #include <sys/thread.h> 104 #include <sys/thread2.h> 105 #include <sys/mpipe.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 #include <net/ifq_var.h> 114 115 #include <netinet/in.h> /* for struct arpcom */ 116 #include <netinet/in_systm.h> 117 #include <netinet/in_var.h> 118 #include <netinet/ip.h> 119 #include <netinet/ip_var.h> 120 #ifdef INET6 121 #include <netinet/ip6.h> 122 #include <netinet6/ip6_var.h> 123 #endif 124 #include <netinet/if_ether.h> /* for struct arpcom */ 125 #include <net/bridge/if_bridgevar.h> 126 #include <net/if_llc.h> 127 #include <net/netmsg2.h> 128 129 #include <net/route.h> 130 #include <sys/in_cksum.h> 131 132 /* 133 * Size of the route hash table. Must be a power of two. 134 */ 135 #ifndef BRIDGE_RTHASH_SIZE 136 #define BRIDGE_RTHASH_SIZE 1024 137 #endif 138 139 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 140 141 /* 142 * Maximum number of addresses to cache. 143 */ 144 #ifndef BRIDGE_RTABLE_MAX 145 #define BRIDGE_RTABLE_MAX 100 146 #endif 147 148 /* 149 * Spanning tree defaults. 150 */ 151 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 152 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 153 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 154 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 155 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 156 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 157 #define BSTP_DEFAULT_PATH_COST 55 158 159 /* 160 * Timeout (in seconds) for entries learned dynamically. 161 */ 162 #ifndef BRIDGE_RTABLE_TIMEOUT 163 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 164 #endif 165 166 /* 167 * Number of seconds between walks of the route list. 168 */ 169 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 170 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 171 #endif 172 173 /* 174 * List of capabilities to mask on the member interface. 175 */ 176 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 177 178 eventhandler_tag bridge_detach_cookie = NULL; 179 180 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 181 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *, 182 struct sockaddr *, struct rtentry *); 183 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 184 185 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 186 187 static int bridge_clone_create(struct if_clone *, int); 188 static void bridge_clone_destroy(struct ifnet *); 189 190 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 191 static void bridge_mutecaps(struct bridge_iflist *, int); 192 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 193 static void bridge_init(void *); 194 static void bridge_stop(struct ifnet *); 195 static void bridge_start(struct ifnet *); 196 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 197 static int bridge_output_serialized(struct ifnet *, struct mbuf *, 198 struct sockaddr *, struct rtentry *); 199 200 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 201 202 static void bridge_timer(void *); 203 204 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 205 struct mbuf *, int); 206 static void bridge_span(struct bridge_softc *, struct mbuf *); 207 208 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 209 struct ifnet *, int, uint8_t); 210 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 211 static void bridge_rttrim(struct bridge_softc *); 212 static void bridge_rtage(struct bridge_softc *); 213 static void bridge_rtflush(struct bridge_softc *, int); 214 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 215 216 static int bridge_rtable_init(struct bridge_softc *); 217 static void bridge_rtable_fini(struct bridge_softc *); 218 219 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 220 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 221 const uint8_t *); 222 static int bridge_rtnode_insert(struct bridge_softc *, 223 struct bridge_rtnode *); 224 static void bridge_rtnode_destroy(struct bridge_softc *, 225 struct bridge_rtnode *); 226 227 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 228 const char *name); 229 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 230 struct ifnet *ifp); 231 static void bridge_delete_member(struct bridge_softc *, 232 struct bridge_iflist *, int); 233 static void bridge_delete_span(struct bridge_softc *, 234 struct bridge_iflist *); 235 236 static int bridge_ioctl_add(struct bridge_softc *, void *); 237 static int bridge_ioctl_del(struct bridge_softc *, void *); 238 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 239 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 240 static int bridge_ioctl_scache(struct bridge_softc *, void *); 241 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 242 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 243 static int bridge_ioctl_rts(struct bridge_softc *, void *); 244 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 245 static int bridge_ioctl_sto(struct bridge_softc *, void *); 246 static int bridge_ioctl_gto(struct bridge_softc *, void *); 247 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 248 static int bridge_ioctl_flush(struct bridge_softc *, void *); 249 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 250 static int bridge_ioctl_spri(struct bridge_softc *, void *); 251 static int bridge_ioctl_ght(struct bridge_softc *, void *); 252 static int bridge_ioctl_sht(struct bridge_softc *, void *); 253 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 254 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 255 static int bridge_ioctl_gma(struct bridge_softc *, void *); 256 static int bridge_ioctl_sma(struct bridge_softc *, void *); 257 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 258 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 259 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 260 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 261 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 262 int); 263 static int bridge_ip_checkbasic(struct mbuf **mp); 264 #ifdef INET6 265 static int bridge_ip6_checkbasic(struct mbuf **mp); 266 #endif /* INET6 */ 267 static int bridge_fragment(struct ifnet *, struct mbuf *, 268 struct ether_header *, int, struct llc *); 269 static void bridge_enqueue_internal(struct ifnet *, struct mbuf *m, 270 netisr_fn_t); 271 static void bridge_enqueue_handler(struct netmsg *); 272 static void bridge_pfil_enqueue_handler(struct netmsg *); 273 static void bridge_pfil_enqueue(struct ifnet *, struct mbuf *, int); 274 static void bridge_handoff_notags(struct ifnet *, struct mbuf *); 275 static void bridge_handoff(struct ifnet *, struct mbuf *); 276 277 SYSCTL_DECL(_net_link); 278 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 279 280 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 281 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 282 static int pfil_member = 1; /* run pfil hooks on the member interface */ 283 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 284 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 285 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 286 &pfil_bridge, 0, "Packet filter on the bridge interface"); 287 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 288 &pfil_member, 0, "Packet filter on the member interface"); 289 290 struct bridge_control { 291 int (*bc_func)(struct bridge_softc *, void *); 292 int bc_argsize; 293 int bc_flags; 294 }; 295 296 #define BC_F_COPYIN 0x01 /* copy arguments in */ 297 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 298 #define BC_F_SUSER 0x04 /* do super-user check */ 299 300 const struct bridge_control bridge_control_table[] = { 301 { bridge_ioctl_add, sizeof(struct ifbreq), 302 BC_F_COPYIN|BC_F_SUSER }, 303 { bridge_ioctl_del, sizeof(struct ifbreq), 304 BC_F_COPYIN|BC_F_SUSER }, 305 306 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 307 BC_F_COPYIN|BC_F_COPYOUT }, 308 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 309 BC_F_COPYIN|BC_F_SUSER }, 310 311 { bridge_ioctl_scache, sizeof(struct ifbrparam), 312 BC_F_COPYIN|BC_F_SUSER }, 313 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 314 BC_F_COPYOUT }, 315 316 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 317 BC_F_COPYIN|BC_F_COPYOUT }, 318 { bridge_ioctl_rts, sizeof(struct ifbaconf), 319 BC_F_COPYIN|BC_F_COPYOUT }, 320 321 { bridge_ioctl_saddr, sizeof(struct ifbareq), 322 BC_F_COPYIN|BC_F_SUSER }, 323 324 { bridge_ioctl_sto, sizeof(struct ifbrparam), 325 BC_F_COPYIN|BC_F_SUSER }, 326 { bridge_ioctl_gto, sizeof(struct ifbrparam), 327 BC_F_COPYOUT }, 328 329 { bridge_ioctl_daddr, sizeof(struct ifbareq), 330 BC_F_COPYIN|BC_F_SUSER }, 331 332 { bridge_ioctl_flush, sizeof(struct ifbreq), 333 BC_F_COPYIN|BC_F_SUSER }, 334 335 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 336 BC_F_COPYOUT }, 337 { bridge_ioctl_spri, sizeof(struct ifbrparam), 338 BC_F_COPYIN|BC_F_SUSER }, 339 340 { bridge_ioctl_ght, sizeof(struct ifbrparam), 341 BC_F_COPYOUT }, 342 { bridge_ioctl_sht, sizeof(struct ifbrparam), 343 BC_F_COPYIN|BC_F_SUSER }, 344 345 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 346 BC_F_COPYOUT }, 347 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 348 BC_F_COPYIN|BC_F_SUSER }, 349 350 { bridge_ioctl_gma, sizeof(struct ifbrparam), 351 BC_F_COPYOUT }, 352 { bridge_ioctl_sma, sizeof(struct ifbrparam), 353 BC_F_COPYIN|BC_F_SUSER }, 354 355 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 356 BC_F_COPYIN|BC_F_SUSER }, 357 358 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 359 BC_F_COPYIN|BC_F_SUSER }, 360 361 { bridge_ioctl_addspan, sizeof(struct ifbreq), 362 BC_F_COPYIN|BC_F_SUSER }, 363 { bridge_ioctl_delspan, sizeof(struct ifbreq), 364 BC_F_COPYIN|BC_F_SUSER }, 365 }; 366 const int bridge_control_table_size = 367 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 368 369 LIST_HEAD(, bridge_softc) bridge_list; 370 371 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 372 bridge_clone_create, 373 bridge_clone_destroy, 0, IF_MAXUNIT); 374 375 static int 376 bridge_modevent(module_t mod, int type, void *data) 377 { 378 switch (type) { 379 case MOD_LOAD: 380 LIST_INIT(&bridge_list); 381 if_clone_attach(&bridge_cloner); 382 bridge_input_p = bridge_input; 383 bridge_output_p = bridge_output_serialized; 384 bridge_detach_cookie = EVENTHANDLER_REGISTER( 385 ifnet_detach_event, bridge_ifdetach, NULL, 386 EVENTHANDLER_PRI_ANY); 387 #if notyet 388 bstp_linkstate_p = bstp_linkstate; 389 #endif 390 break; 391 case MOD_UNLOAD: 392 if (!LIST_EMPTY(&bridge_list)) 393 return (EBUSY); 394 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 395 bridge_detach_cookie); 396 if_clone_detach(&bridge_cloner); 397 bridge_input_p = NULL; 398 bridge_output_p = NULL; 399 #if notyet 400 bstp_linkstate_p = NULL; 401 #endif 402 break; 403 default: 404 return (EOPNOTSUPP); 405 } 406 return (0); 407 } 408 409 static moduledata_t bridge_mod = { 410 "if_bridge", 411 bridge_modevent, 412 0 413 }; 414 415 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 416 417 418 /* 419 * bridge_clone_create: 420 * 421 * Create a new bridge instance. 422 */ 423 static int 424 bridge_clone_create(struct if_clone *ifc, int unit) 425 { 426 struct bridge_softc *sc; 427 struct ifnet *ifp; 428 u_char eaddr[6]; 429 430 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 431 ifp = sc->sc_ifp = &sc->sc_if; 432 433 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 434 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 435 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 436 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 437 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 438 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 439 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 440 441 /* Initialize our routing table. */ 442 bridge_rtable_init(sc); 443 444 callout_init(&sc->sc_brcallout); 445 callout_init(&sc->sc_bstpcallout); 446 447 LIST_INIT(&sc->sc_iflist); 448 LIST_INIT(&sc->sc_spanlist); 449 450 ifp->if_softc = sc; 451 if_initname(ifp, ifc->ifc_name, unit); 452 ifp->if_mtu = ETHERMTU; 453 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 454 ifp->if_ioctl = bridge_ioctl; 455 ifp->if_start = bridge_start; 456 ifp->if_init = bridge_init; 457 ifp->if_type = IFT_BRIDGE; 458 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 459 ifp->if_snd.ifq_maxlen = ifqmaxlen; 460 ifq_set_ready(&ifp->if_snd); 461 ifp->if_hdrlen = ETHER_HDR_LEN; 462 463 /* 464 * Generate a random ethernet address and use the private AC:DE:48 465 * OUI code. 466 */ 467 { 468 int rnd = karc4random(); 469 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 470 rnd = karc4random(); 471 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 472 } 473 eaddr[0] &= ~1; /* clear multicast bit */ 474 eaddr[0] |= 2; /* set the LAA bit */ 475 476 ether_ifattach(ifp, eaddr, NULL); 477 /* Now undo some of the damage... */ 478 ifp->if_baudrate = 0; 479 ifp->if_type = IFT_BRIDGE; 480 481 crit_enter(); 482 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 483 crit_exit(); 484 485 return (0); 486 } 487 488 /* 489 * bridge_clone_destroy: 490 * 491 * Destroy a bridge instance. 492 */ 493 static void 494 bridge_clone_destroy(struct ifnet *ifp) 495 { 496 struct bridge_softc *sc = ifp->if_softc; 497 struct bridge_iflist *bif; 498 499 lwkt_serialize_enter(ifp->if_serializer); 500 501 bridge_stop(ifp); 502 ifp->if_flags &= ~IFF_UP; 503 504 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 505 bridge_delete_member(sc, bif, 0); 506 507 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 508 bridge_delete_span(sc, bif); 509 } 510 511 callout_stop(&sc->sc_brcallout); 512 callout_stop(&sc->sc_bstpcallout); 513 514 lwkt_serialize_exit(ifp->if_serializer); 515 516 crit_enter(); 517 LIST_REMOVE(sc, sc_list); 518 crit_exit(); 519 520 ether_ifdetach(ifp); 521 522 /* Tear down the routing table. */ 523 bridge_rtable_fini(sc); 524 525 kfree(sc, M_DEVBUF); 526 } 527 528 /* 529 * bridge_ioctl: 530 * 531 * Handle a control request from the operator. 532 */ 533 static int 534 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 535 { 536 struct bridge_softc *sc = ifp->if_softc; 537 union { 538 struct ifbreq ifbreq; 539 struct ifbifconf ifbifconf; 540 struct ifbareq ifbareq; 541 struct ifbaconf ifbaconf; 542 struct ifbrparam ifbrparam; 543 } args; 544 struct ifdrv *ifd = (struct ifdrv *) data; 545 const struct bridge_control *bc; 546 int error = 0; 547 548 ASSERT_SERIALIZED(ifp->if_serializer); 549 550 switch (cmd) { 551 case SIOCADDMULTI: 552 case SIOCDELMULTI: 553 break; 554 555 case SIOCGDRVSPEC: 556 case SIOCSDRVSPEC: 557 if (ifd->ifd_cmd >= bridge_control_table_size) { 558 error = EINVAL; 559 break; 560 } 561 bc = &bridge_control_table[ifd->ifd_cmd]; 562 563 if (cmd == SIOCGDRVSPEC && 564 (bc->bc_flags & BC_F_COPYOUT) == 0) { 565 error = EINVAL; 566 break; 567 } else if (cmd == SIOCSDRVSPEC && 568 (bc->bc_flags & BC_F_COPYOUT) != 0) { 569 error = EINVAL; 570 break; 571 } 572 573 if (bc->bc_flags & BC_F_SUSER) { 574 error = suser_cred(cr, NULL_CRED_OKAY); 575 if (error) 576 break; 577 } 578 579 if (ifd->ifd_len != bc->bc_argsize || 580 ifd->ifd_len > sizeof(args)) { 581 error = EINVAL; 582 break; 583 } 584 585 memset(&args, 0, sizeof(args)); 586 if (bc->bc_flags & BC_F_COPYIN) { 587 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 588 if (error) 589 break; 590 } 591 592 error = bc->bc_func(sc, &args); 593 if (error) 594 break; 595 596 if (bc->bc_flags & BC_F_COPYOUT) 597 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 598 break; 599 600 case SIOCSIFFLAGS: 601 if (!(ifp->if_flags & IFF_UP) && 602 (ifp->if_flags & IFF_RUNNING)) { 603 /* 604 * If interface is marked down and it is running, 605 * then stop it. 606 */ 607 bridge_stop(ifp); 608 } else if ((ifp->if_flags & IFF_UP) && 609 !(ifp->if_flags & IFF_RUNNING)) { 610 /* 611 * If interface is marked up and it is stopped, then 612 * start it. 613 */ 614 ifp->if_init(sc); 615 } 616 break; 617 618 case SIOCSIFMTU: 619 /* Do not allow the MTU to be changed on the bridge */ 620 error = EINVAL; 621 break; 622 623 default: 624 error = ether_ioctl(ifp, cmd, data); 625 break; 626 } 627 return (error); 628 } 629 630 /* 631 * bridge_mutecaps: 632 * 633 * Clear or restore unwanted capabilities on the member interface 634 */ 635 static void 636 bridge_mutecaps(struct bridge_iflist *bif, int mute) 637 { 638 struct ifnet *ifp = bif->bif_ifp; 639 struct ifreq ifr; 640 int error; 641 642 if (ifp->if_ioctl == NULL) 643 return; 644 645 bzero(&ifr, sizeof(ifr)); 646 ifr.ifr_reqcap = ifp->if_capenable; 647 648 if (mute) { 649 /* mask off and save capabilities */ 650 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 651 if (bif->bif_mutecap != 0) 652 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 653 } else 654 /* restore muted capabilities */ 655 ifr.ifr_reqcap |= bif->bif_mutecap; 656 657 if (bif->bif_mutecap != 0) { 658 lwkt_serialize_enter(ifp->if_serializer); 659 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 660 lwkt_serialize_exit(ifp->if_serializer); 661 } 662 } 663 664 /* 665 * bridge_lookup_member: 666 * 667 * Lookup a bridge member interface. 668 */ 669 static struct bridge_iflist * 670 bridge_lookup_member(struct bridge_softc *sc, const char *name) 671 { 672 struct bridge_iflist *bif; 673 struct ifnet *ifp; 674 675 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 676 ifp = bif->bif_ifp; 677 if (strcmp(ifp->if_xname, name) == 0) 678 return (bif); 679 } 680 681 return (NULL); 682 } 683 684 /* 685 * bridge_lookup_member_if: 686 * 687 * Lookup a bridge member interface by ifnet*. 688 */ 689 static struct bridge_iflist * 690 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 691 { 692 struct bridge_iflist *bif; 693 694 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 695 if (bif->bif_ifp == member_ifp) 696 return (bif); 697 } 698 699 return (NULL); 700 } 701 702 /* 703 * bridge_delete_member: 704 * 705 * Delete the specified member interface. 706 */ 707 static void 708 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 709 int gone) 710 { 711 struct ifnet *ifs = bif->bif_ifp; 712 713 if (!gone) { 714 switch (ifs->if_type) { 715 case IFT_ETHER: 716 case IFT_L2VLAN: 717 /* 718 * Take the interface out of promiscuous mode. 719 */ 720 (void) ifpromisc(ifs, 0); 721 bridge_mutecaps(bif, 0); 722 break; 723 724 case IFT_GIF: 725 break; 726 727 default: 728 #ifdef DIAGNOSTIC 729 panic("bridge_delete_member: impossible"); 730 #endif 731 break; 732 } 733 } 734 735 ifs->if_bridge = NULL; 736 LIST_REMOVE(bif, bif_next); 737 738 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 739 740 kfree(bif, M_DEVBUF); 741 742 if (sc->sc_ifp->if_flags & IFF_RUNNING) 743 bstp_initialization(sc); 744 } 745 746 /* 747 * bridge_delete_span: 748 * 749 * Delete the specified span interface. 750 */ 751 static void 752 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 753 { 754 KASSERT(bif->bif_ifp->if_bridge == NULL, 755 ("%s: not a span interface", __func__)); 756 757 LIST_REMOVE(bif, bif_next); 758 kfree(bif, M_DEVBUF); 759 } 760 761 static int 762 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 763 { 764 struct ifbreq *req = arg; 765 struct bridge_iflist *bif = NULL; 766 struct ifnet *ifs; 767 int error = 0; 768 769 ifs = ifunit(req->ifbr_ifsname); 770 if (ifs == NULL) 771 return (ENOENT); 772 773 /* If it's in the span list, it can't be a member. */ 774 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 775 if (ifs == bif->bif_ifp) 776 return (EBUSY); 777 778 /* Allow the first Ethernet member to define the MTU */ 779 if (ifs->if_type != IFT_GIF) { 780 if (LIST_EMPTY(&sc->sc_iflist)) 781 sc->sc_ifp->if_mtu = ifs->if_mtu; 782 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 783 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 784 ifs->if_xname); 785 return (EINVAL); 786 } 787 } 788 789 if (ifs->if_bridge == sc) 790 return (EEXIST); 791 792 if (ifs->if_bridge != NULL) 793 return (EBUSY); 794 795 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 796 bif->bif_ifp = ifs; 797 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 798 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 799 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 800 801 switch (ifs->if_type) { 802 case IFT_ETHER: 803 case IFT_L2VLAN: 804 /* 805 * Place the interface into promiscuous mode. 806 */ 807 error = ifpromisc(ifs, 1); 808 if (error) 809 goto out; 810 811 bridge_mutecaps(bif, 1); 812 break; 813 814 case IFT_GIF: /* :^) */ 815 break; 816 817 default: 818 error = EINVAL; 819 goto out; 820 } 821 822 ifs->if_bridge = sc; 823 824 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 825 826 if (sc->sc_ifp->if_flags & IFF_RUNNING) 827 bstp_initialization(sc); 828 else 829 bstp_stop(sc); 830 831 out: 832 if (error) { 833 if (bif != NULL) 834 kfree(bif, M_DEVBUF); 835 } 836 return (error); 837 } 838 839 static int 840 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 841 { 842 struct ifbreq *req = arg; 843 struct bridge_iflist *bif; 844 845 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 846 if (bif == NULL) 847 return (ENOENT); 848 849 bridge_delete_member(sc, bif, 0); 850 851 return (0); 852 } 853 854 static int 855 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 856 { 857 struct ifbreq *req = arg; 858 struct bridge_iflist *bif; 859 860 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 861 if (bif == NULL) 862 return (ENOENT); 863 864 req->ifbr_ifsflags = bif->bif_flags; 865 req->ifbr_state = bif->bif_state; 866 req->ifbr_priority = bif->bif_priority; 867 req->ifbr_path_cost = bif->bif_path_cost; 868 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 869 870 return (0); 871 } 872 873 static int 874 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 875 { 876 struct ifbreq *req = arg; 877 struct bridge_iflist *bif; 878 879 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 880 if (bif == NULL) 881 return (ENOENT); 882 883 if (req->ifbr_ifsflags & IFBIF_SPAN) 884 /* SPAN is readonly */ 885 return (EINVAL); 886 887 if (req->ifbr_ifsflags & IFBIF_STP) { 888 switch (bif->bif_ifp->if_type) { 889 case IFT_ETHER: 890 /* These can do spanning tree. */ 891 break; 892 893 default: 894 /* Nothing else can. */ 895 return (EINVAL); 896 } 897 } 898 899 bif->bif_flags = req->ifbr_ifsflags; 900 901 if (sc->sc_ifp->if_flags & IFF_RUNNING) 902 bstp_initialization(sc); 903 904 return (0); 905 } 906 907 static int 908 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 909 { 910 struct ifbrparam *param = arg; 911 912 sc->sc_brtmax = param->ifbrp_csize; 913 bridge_rttrim(sc); 914 915 return (0); 916 } 917 918 static int 919 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 920 { 921 struct ifbrparam *param = arg; 922 923 param->ifbrp_csize = sc->sc_brtmax; 924 925 return (0); 926 } 927 928 static int 929 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 930 { 931 struct ifbifconf *bifc = arg; 932 struct bridge_iflist *bif; 933 struct ifbreq breq; 934 int count, len, error = 0; 935 936 count = 0; 937 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 938 count++; 939 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 940 count++; 941 942 if (bifc->ifbic_len == 0) { 943 bifc->ifbic_len = sizeof(breq) * count; 944 return (0); 945 } 946 947 count = 0; 948 len = bifc->ifbic_len; 949 memset(&breq, 0, sizeof breq); 950 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 951 if (len < sizeof(breq)) 952 break; 953 954 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 955 sizeof(breq.ifbr_ifsname)); 956 breq.ifbr_ifsflags = bif->bif_flags; 957 breq.ifbr_state = bif->bif_state; 958 breq.ifbr_priority = bif->bif_priority; 959 breq.ifbr_path_cost = bif->bif_path_cost; 960 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 961 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 962 if (error) 963 break; 964 count++; 965 len -= sizeof(breq); 966 } 967 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 968 if (len < sizeof(breq)) 969 break; 970 971 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 972 sizeof(breq.ifbr_ifsname)); 973 breq.ifbr_ifsflags = bif->bif_flags; 974 breq.ifbr_state = bif->bif_state; 975 breq.ifbr_priority = bif->bif_priority; 976 breq.ifbr_path_cost = bif->bif_path_cost; 977 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 978 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 979 if (error) 980 break; 981 count++; 982 len -= sizeof(breq); 983 } 984 985 bifc->ifbic_len = sizeof(breq) * count; 986 return (error); 987 } 988 989 static int 990 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 991 { 992 struct ifbaconf *bac = arg; 993 struct bridge_rtnode *brt; 994 struct ifbareq bareq; 995 int count = 0, error = 0, len; 996 997 if (bac->ifbac_len == 0) 998 return (0); 999 1000 len = bac->ifbac_len; 1001 memset(&bareq, 0, sizeof(bareq)); 1002 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1003 if (len < sizeof(bareq)) 1004 goto out; 1005 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1006 sizeof(bareq.ifba_ifsname)); 1007 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1008 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1009 time_second < brt->brt_expire) 1010 bareq.ifba_expire = brt->brt_expire - time_second; 1011 else 1012 bareq.ifba_expire = 0; 1013 bareq.ifba_flags = brt->brt_flags; 1014 1015 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1016 if (error) 1017 goto out; 1018 count++; 1019 len -= sizeof(bareq); 1020 } 1021 out: 1022 bac->ifbac_len = sizeof(bareq) * count; 1023 return (error); 1024 } 1025 1026 static int 1027 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1028 { 1029 struct ifbareq *req = arg; 1030 struct bridge_iflist *bif; 1031 int error; 1032 1033 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1034 if (bif == NULL) 1035 return (ENOENT); 1036 1037 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1038 req->ifba_flags); 1039 1040 return (error); 1041 } 1042 1043 static int 1044 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1045 { 1046 struct ifbrparam *param = arg; 1047 1048 sc->sc_brttimeout = param->ifbrp_ctime; 1049 1050 return (0); 1051 } 1052 1053 static int 1054 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1055 { 1056 struct ifbrparam *param = arg; 1057 1058 param->ifbrp_ctime = sc->sc_brttimeout; 1059 1060 return (0); 1061 } 1062 1063 static int 1064 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1065 { 1066 struct ifbareq *req = arg; 1067 1068 return (bridge_rtdaddr(sc, req->ifba_dst)); 1069 } 1070 1071 static int 1072 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1073 { 1074 struct ifbreq *req = arg; 1075 1076 bridge_rtflush(sc, req->ifbr_ifsflags); 1077 1078 return (0); 1079 } 1080 1081 static int 1082 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1083 { 1084 struct ifbrparam *param = arg; 1085 1086 param->ifbrp_prio = sc->sc_bridge_priority; 1087 1088 return (0); 1089 } 1090 1091 static int 1092 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1093 { 1094 struct ifbrparam *param = arg; 1095 1096 sc->sc_bridge_priority = param->ifbrp_prio; 1097 1098 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1099 bstp_initialization(sc); 1100 1101 return (0); 1102 } 1103 1104 static int 1105 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1106 { 1107 struct ifbrparam *param = arg; 1108 1109 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1110 1111 return (0); 1112 } 1113 1114 static int 1115 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1116 { 1117 struct ifbrparam *param = arg; 1118 1119 if (param->ifbrp_hellotime == 0) 1120 return (EINVAL); 1121 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1122 1123 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1124 bstp_initialization(sc); 1125 1126 return (0); 1127 } 1128 1129 static int 1130 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1131 { 1132 struct ifbrparam *param = arg; 1133 1134 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1135 1136 return (0); 1137 } 1138 1139 static int 1140 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1141 { 1142 struct ifbrparam *param = arg; 1143 1144 if (param->ifbrp_fwddelay == 0) 1145 return (EINVAL); 1146 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1147 1148 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1149 bstp_initialization(sc); 1150 1151 return (0); 1152 } 1153 1154 static int 1155 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1156 { 1157 struct ifbrparam *param = arg; 1158 1159 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1160 1161 return (0); 1162 } 1163 1164 static int 1165 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1166 { 1167 struct ifbrparam *param = arg; 1168 1169 if (param->ifbrp_maxage == 0) 1170 return (EINVAL); 1171 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1172 1173 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1174 bstp_initialization(sc); 1175 1176 return (0); 1177 } 1178 1179 static int 1180 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1181 { 1182 struct ifbreq *req = arg; 1183 struct bridge_iflist *bif; 1184 1185 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1186 if (bif == NULL) 1187 return (ENOENT); 1188 1189 bif->bif_priority = req->ifbr_priority; 1190 1191 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1192 bstp_initialization(sc); 1193 1194 return (0); 1195 } 1196 1197 static int 1198 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1199 { 1200 struct ifbreq *req = arg; 1201 struct bridge_iflist *bif; 1202 1203 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1204 if (bif == NULL) 1205 return (ENOENT); 1206 1207 bif->bif_path_cost = req->ifbr_path_cost; 1208 1209 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1210 bstp_initialization(sc); 1211 1212 return (0); 1213 } 1214 1215 static int 1216 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1217 { 1218 struct ifbreq *req = arg; 1219 struct bridge_iflist *bif = NULL; 1220 struct ifnet *ifs; 1221 1222 ifs = ifunit(req->ifbr_ifsname); 1223 if (ifs == NULL) 1224 return (ENOENT); 1225 1226 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1227 if (ifs == bif->bif_ifp) 1228 return (EBUSY); 1229 1230 if (ifs->if_bridge != NULL) 1231 return (EBUSY); 1232 1233 switch (ifs->if_type) { 1234 case IFT_ETHER: 1235 case IFT_GIF: 1236 case IFT_L2VLAN: 1237 break; 1238 default: 1239 return (EINVAL); 1240 } 1241 1242 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 1243 if (bif == NULL) 1244 return (ENOMEM); 1245 1246 bif->bif_ifp = ifs; 1247 bif->bif_flags = IFBIF_SPAN; 1248 1249 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1250 1251 return (0); 1252 } 1253 1254 static int 1255 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1256 { 1257 struct ifbreq *req = arg; 1258 struct bridge_iflist *bif; 1259 struct ifnet *ifs; 1260 1261 ifs = ifunit(req->ifbr_ifsname); 1262 if (ifs == NULL) 1263 return (ENOENT); 1264 1265 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1266 if (ifs == bif->bif_ifp) 1267 break; 1268 1269 if (bif == NULL) 1270 return (ENOENT); 1271 1272 bridge_delete_span(sc, bif); 1273 1274 return (0); 1275 } 1276 1277 /* 1278 * bridge_ifdetach: 1279 * 1280 * Detach an interface from a bridge. Called when a member 1281 * interface is detaching. 1282 */ 1283 static void 1284 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1285 { 1286 struct bridge_softc *sc = ifp->if_bridge; 1287 struct bridge_iflist *bif; 1288 1289 /* Check if the interface is a bridge member */ 1290 if (sc != NULL) { 1291 lwkt_serialize_enter(ifp->if_serializer); 1292 1293 bif = bridge_lookup_member_if(sc, ifp); 1294 if (bif != NULL) 1295 bridge_delete_member(sc, bif, 1); 1296 1297 lwkt_serialize_exit(ifp->if_serializer); 1298 return; 1299 } 1300 1301 /* Check if the interface is a span port */ 1302 LIST_FOREACH(sc, &bridge_list, sc_list) { 1303 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1304 if (ifp == bif->bif_ifp) { 1305 bridge_delete_span(sc, bif); 1306 break; 1307 } 1308 } 1309 } 1310 1311 /* 1312 * bridge_init: 1313 * 1314 * Initialize a bridge interface. 1315 */ 1316 static void 1317 bridge_init(void *xsc) 1318 { 1319 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1320 struct ifnet *ifp = sc->sc_ifp; 1321 1322 ASSERT_SERIALIZED(ifp->if_serializer); 1323 1324 if (ifp->if_flags & IFF_RUNNING) 1325 return; 1326 1327 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1328 bridge_timer, sc); 1329 1330 ifp->if_flags |= IFF_RUNNING; 1331 bstp_initialization(sc); 1332 return; 1333 } 1334 1335 /* 1336 * bridge_stop: 1337 * 1338 * Stop the bridge interface. 1339 */ 1340 static void 1341 bridge_stop(struct ifnet *ifp) 1342 { 1343 struct bridge_softc *sc = ifp->if_softc; 1344 1345 ASSERT_SERIALIZED(ifp->if_serializer); 1346 1347 if ((ifp->if_flags & IFF_RUNNING) == 0) 1348 return; 1349 1350 callout_stop(&sc->sc_brcallout); 1351 bstp_stop(sc); 1352 1353 bridge_rtflush(sc, IFBF_FLUSHDYN); 1354 1355 ifp->if_flags &= ~IFF_RUNNING; 1356 } 1357 1358 static void 1359 bridge_enqueue_internal(struct ifnet *dst_ifp, struct mbuf *m, 1360 netisr_fn_t handler) 1361 { 1362 struct netmsg_packet *nmp; 1363 lwkt_port_t port; 1364 int cpu = mycpu->gd_cpuid; 1365 1366 while (m->m_type == MT_TAG) { 1367 /* XXX see ether_output_frame for full rules check */ 1368 m = m->m_next; 1369 } 1370 1371 nmp = &m->m_hdr.mh_netmsg; 1372 netmsg_init(&nmp->nm_netmsg, &netisr_apanic_rport, 0, handler); 1373 nmp->nm_packet = m; 1374 nmp->nm_netmsg.nm_lmsg.u.ms_resultp = dst_ifp; 1375 1376 port = cpu_portfn(cpu); 1377 lwkt_sendmsg(port, &nmp->nm_netmsg.nm_lmsg); 1378 } 1379 1380 static void 1381 bridge_pfil_enqueue(struct ifnet *dst_ifp, struct mbuf *m, 1382 int runfilt) 1383 { 1384 netisr_fn_t handler; 1385 1386 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1387 #ifdef INET6 1388 || inet6_pfil_hook.ph_hashooks > 0 1389 #endif 1390 )) { 1391 handler = bridge_pfil_enqueue_handler; 1392 } else { 1393 handler = bridge_enqueue_handler; 1394 } 1395 bridge_enqueue_internal(dst_ifp, m, handler); 1396 } 1397 1398 /* 1399 * bridge_enqueue: 1400 * 1401 * Enqueue a packet on a bridge member interface. 1402 * 1403 */ 1404 void 1405 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1406 { 1407 bridge_enqueue_internal(dst_ifp, m, bridge_enqueue_handler); 1408 } 1409 1410 /* 1411 * bridge_output_serialized: 1412 * 1413 * Send output from a bridge member interface. This 1414 * performs the bridging function for locally originated 1415 * packets. 1416 * 1417 * The mbuf has the Ethernet header already attached. We must 1418 * enqueue or free the mbuf before returning. 1419 */ 1420 static int 1421 bridge_output_serialized(struct ifnet *ifp, struct mbuf *m, 1422 struct sockaddr *sa, struct rtentry *rt) 1423 { 1424 struct ether_header *eh; 1425 struct ifnet *dst_if; 1426 struct bridge_softc *sc; 1427 1428 sc = ifp->if_bridge; 1429 1430 ASSERT_SERIALIZED(ifp->if_serializer); 1431 1432 if (m->m_len < ETHER_HDR_LEN) { 1433 m = m_pullup(m, ETHER_HDR_LEN); 1434 if (m == NULL) 1435 return (0); 1436 } 1437 1438 /* 1439 * Serialize our bridge interface. We have to get rid of the 1440 * originating interface lock to avoid a deadlock. 1441 */ 1442 lwkt_serialize_exit(ifp->if_serializer); 1443 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 1444 1445 eh = mtod(m, struct ether_header *); 1446 1447 /* 1448 * If bridge is down, but the original output interface is up, 1449 * go ahead and send out that interface. Otherwise, the packet 1450 * is dropped below. 1451 */ 1452 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0) { 1453 dst_if = ifp; 1454 goto sendunicast; 1455 } 1456 1457 /* 1458 * If the packet is a multicast, or we don't know a better way to 1459 * get there, send to all interfaces. 1460 */ 1461 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1462 dst_if = NULL; 1463 else 1464 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1465 if (dst_if == NULL) { 1466 struct bridge_iflist *bif; 1467 struct mbuf *mc; 1468 int used = 0; 1469 1470 bridge_span(sc, m); 1471 1472 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1473 dst_if = bif->bif_ifp; 1474 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1475 continue; 1476 1477 /* 1478 * If this is not the original output interface, 1479 * and the interface is participating in spanning 1480 * tree, make sure the port is in a state that 1481 * allows forwarding. 1482 */ 1483 if (dst_if != ifp && 1484 (bif->bif_flags & IFBIF_STP) != 0) { 1485 switch (bif->bif_state) { 1486 case BSTP_IFSTATE_BLOCKING: 1487 case BSTP_IFSTATE_LISTENING: 1488 case BSTP_IFSTATE_DISABLED: 1489 continue; 1490 } 1491 } 1492 1493 if (LIST_NEXT(bif, bif_next) == NULL) { 1494 used = 1; 1495 mc = m; 1496 } else { 1497 mc = m_copypacket(m, MB_DONTWAIT); 1498 if (mc == NULL) { 1499 sc->sc_ifp->if_oerrors++; 1500 continue; 1501 } 1502 } 1503 bridge_enqueue(dst_if, mc); 1504 } 1505 if (used == 0) 1506 m_freem(m); 1507 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1508 goto done; 1509 } 1510 1511 sendunicast: 1512 /* 1513 * XXX Spanning tree consideration here? 1514 */ 1515 1516 bridge_span(sc, m); 1517 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1518 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1519 m_freem(m); 1520 } else { 1521 bridge_enqueue(dst_if, m); 1522 } 1523 done: 1524 lwkt_serialize_enter(ifp->if_serializer); 1525 return (0); 1526 } 1527 1528 /* 1529 * bridge_start: 1530 * 1531 * Start output on a bridge. 1532 * 1533 */ 1534 static void 1535 bridge_start(struct ifnet *ifp) 1536 { 1537 struct bridge_softc *sc = ifp->if_softc; 1538 1539 ASSERT_SERIALIZED(ifp->if_serializer); 1540 1541 ifp->if_flags |= IFF_OACTIVE; 1542 for (;;) { 1543 struct ifnet *dst_if = NULL; 1544 struct ether_header *eh; 1545 struct mbuf *m; 1546 1547 m = ifq_dequeue(&ifp->if_snd, NULL); 1548 if (m == NULL) 1549 break; 1550 1551 if (m->m_len < sizeof(*eh)) { 1552 m = m_pullup(m, sizeof(*eh)); 1553 if (m == NULL) { 1554 ifp->if_oerrors++; 1555 continue; 1556 } 1557 } 1558 eh = mtod(m, struct ether_header *); 1559 1560 BPF_MTAP(ifp, m); 1561 ifp->if_opackets++; 1562 1563 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 1564 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1565 1566 if (dst_if == NULL) 1567 bridge_broadcast(sc, ifp, m, 0); 1568 else 1569 bridge_enqueue(dst_if, m); 1570 } 1571 ifp->if_flags &= ~IFF_OACTIVE; 1572 } 1573 1574 /* 1575 * bridge_forward: 1576 * 1577 * The forwarding function of the bridge. 1578 */ 1579 static void 1580 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1581 { 1582 struct bridge_iflist *bif; 1583 struct ifnet *src_if, *dst_if, *ifp; 1584 struct ether_header *eh; 1585 1586 src_if = m->m_pkthdr.rcvif; 1587 ifp = sc->sc_ifp; 1588 1589 ASSERT_SERIALIZED(ifp->if_serializer); 1590 1591 ifp->if_ipackets++; 1592 ifp->if_ibytes += m->m_pkthdr.len; 1593 1594 /* 1595 * Look up the bridge_iflist. 1596 */ 1597 bif = bridge_lookup_member_if(sc, src_if); 1598 if (bif == NULL) { 1599 /* Interface is not a bridge member (anymore?) */ 1600 m_freem(m); 1601 return; 1602 } 1603 1604 if (bif->bif_flags & IFBIF_STP) { 1605 switch (bif->bif_state) { 1606 case BSTP_IFSTATE_BLOCKING: 1607 case BSTP_IFSTATE_LISTENING: 1608 case BSTP_IFSTATE_DISABLED: 1609 m_freem(m); 1610 return; 1611 } 1612 } 1613 1614 eh = mtod(m, struct ether_header *); 1615 1616 /* 1617 * If the interface is learning, and the source 1618 * address is valid and not multicast, record 1619 * the address. 1620 */ 1621 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1622 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1623 (eh->ether_shost[0] == 0 && 1624 eh->ether_shost[1] == 0 && 1625 eh->ether_shost[2] == 0 && 1626 eh->ether_shost[3] == 0 && 1627 eh->ether_shost[4] == 0 && 1628 eh->ether_shost[5] == 0) == 0) { 1629 bridge_rtupdate(sc, eh->ether_shost, src_if, 0, IFBAF_DYNAMIC); 1630 } 1631 1632 if ((bif->bif_flags & IFBIF_STP) != 0 && 1633 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1634 m_freem(m); 1635 return; 1636 } 1637 1638 /* 1639 * At this point, the port either doesn't participate 1640 * in spanning tree or it is in the forwarding state. 1641 */ 1642 1643 /* 1644 * If the packet is unicast, destined for someone on 1645 * "this" side of the bridge, drop it. 1646 */ 1647 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1648 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1649 if (src_if == dst_if) { 1650 m_freem(m); 1651 return; 1652 } 1653 } else { 1654 /* ...forward it to all interfaces. */ 1655 sc->sc_ifp->if_imcasts++; 1656 dst_if = NULL; 1657 } 1658 1659 if (dst_if == NULL) { 1660 bridge_broadcast(sc, src_if, m, 1); 1661 return; 1662 } 1663 1664 /* 1665 * At this point, we're dealing with a unicast frame 1666 * going to a different interface. 1667 */ 1668 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1669 m_freem(m); 1670 return; 1671 } 1672 bif = bridge_lookup_member_if(sc, dst_if); 1673 if (bif == NULL) { 1674 /* Not a member of the bridge (anymore?) */ 1675 m_freem(m); 1676 return; 1677 } 1678 1679 if (bif->bif_flags & IFBIF_STP) { 1680 switch (bif->bif_state) { 1681 case BSTP_IFSTATE_DISABLED: 1682 case BSTP_IFSTATE_BLOCKING: 1683 m_freem(m); 1684 return; 1685 } 1686 } 1687 1688 lwkt_serialize_exit(ifp->if_serializer); 1689 1690 /* run the packet filter */ 1691 if (inet_pfil_hook.ph_hashooks > 0 1692 #ifdef INET6 1693 || inet6_pfil_hook.ph_hashooks > 0 1694 #endif 1695 ) { 1696 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1697 goto done; 1698 if (m == NULL) 1699 goto done; 1700 1701 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 1702 goto done; 1703 if (m == NULL) 1704 goto done; 1705 } 1706 bridge_handoff(dst_if, m); 1707 1708 /* 1709 * ifp's serializer was held on entry and is expected to be held 1710 * on return. 1711 */ 1712 done: 1713 lwkt_serialize_enter(ifp->if_serializer); 1714 } 1715 1716 /* 1717 * bridge_input: 1718 * 1719 * Receive input from a member interface. Queue the packet for 1720 * bridging if it is not for us. 1721 */ 1722 static struct mbuf * 1723 bridge_input(struct ifnet *ifp, struct mbuf *m) 1724 { 1725 struct bridge_softc *sc = ifp->if_bridge; 1726 struct bridge_iflist *bif; 1727 struct ifnet *bifp, *new_ifp; 1728 struct ether_header *eh; 1729 struct mbuf *mc, *mc2; 1730 1731 new_ifp = NULL; 1732 bifp = sc->sc_ifp; 1733 1734 lwkt_serialize_enter(bifp->if_serializer); 1735 1736 if ((bifp->if_flags & IFF_RUNNING) == 0) 1737 goto out; 1738 1739 /* 1740 * Implement support for bridge monitoring. If this flag has been 1741 * set on this interface, discard the packet once we push it through 1742 * the bpf(4) machinery, but before we do, increment the byte and 1743 * packet counters associated with this interface. 1744 */ 1745 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1746 m->m_pkthdr.rcvif = bifp; 1747 BPF_MTAP(bifp, m); 1748 bifp->if_ipackets++; 1749 bifp->if_ibytes += m->m_pkthdr.len; 1750 m_freem(m); 1751 m = NULL; 1752 goto out; 1753 } 1754 1755 eh = mtod(m, struct ether_header *); 1756 1757 m->m_flags &= ~M_PROTO1; /* XXX Hack - loop prevention */ 1758 1759 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 1760 /* 1761 * If the packet is for us, set the packets source as the 1762 * bridge, and return the packet back to ifnet.if_input for 1763 * local processing. 1764 */ 1765 KASSERT(bifp->if_bridge == NULL, 1766 ("loop created in bridge_input")); 1767 new_ifp = bifp; 1768 goto out; 1769 } 1770 1771 /* 1772 * Tap all packets arriving on the bridge, no matter if 1773 * they are local destinations or not. In is in. 1774 */ 1775 BPF_MTAP(bifp, m); 1776 1777 bif = bridge_lookup_member_if(sc, ifp); 1778 if (bif == NULL) 1779 goto out; 1780 1781 bridge_span(sc, m); 1782 1783 if (m->m_flags & (M_BCAST | M_MCAST)) { 1784 /* Tap off 802.1D packets; they do not get forwarded. */ 1785 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1786 ETHER_ADDR_LEN) == 0) { 1787 m = bstp_input(ifp, m); 1788 KASSERT(m == NULL, 1789 ("attempt to deliver 802.1D packet\n")); 1790 goto out; 1791 } 1792 1793 if (bif->bif_flags & IFBIF_STP) { 1794 switch (bif->bif_state) { 1795 case BSTP_IFSTATE_BLOCKING: 1796 case BSTP_IFSTATE_LISTENING: 1797 case BSTP_IFSTATE_DISABLED: 1798 goto out; 1799 } 1800 } 1801 1802 /* 1803 * Make a deep copy of the packet and enqueue the copy 1804 * for bridge processing; return the original packet for 1805 * local processing. 1806 */ 1807 mc = m_dup(m, MB_DONTWAIT); 1808 if (mc == NULL) 1809 goto out; 1810 1811 bridge_forward(sc, mc); 1812 1813 /* 1814 * Reinject the mbuf as arriving on the bridge so we have a 1815 * chance at claiming multicast packets. We can not loop back 1816 * here from ether_input as a bridge is never a member of a 1817 * bridge. 1818 */ 1819 KASSERT(bifp->if_bridge == NULL, 1820 ("loop created in bridge_input")); 1821 mc2 = m_dup(m, MB_DONTWAIT); 1822 #ifdef notyet 1823 if (mc2 != NULL) { 1824 /* Keep the layer3 header aligned */ 1825 int i = min(mc2->m_pkthdr.len, max_protohdr); 1826 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 1827 } 1828 #endif 1829 if (mc2 != NULL) { 1830 mc2->m_pkthdr.rcvif = bifp; 1831 bifp->if_ipackets++; 1832 bifp->if_input(bifp, mc2); 1833 } 1834 1835 /* Return the original packet for local processing. */ 1836 goto out; 1837 } 1838 1839 if (bif->bif_flags & IFBIF_STP) { 1840 switch (bif->bif_state) { 1841 case BSTP_IFSTATE_BLOCKING: 1842 case BSTP_IFSTATE_LISTENING: 1843 case BSTP_IFSTATE_DISABLED: 1844 goto out; 1845 } 1846 } 1847 1848 /* 1849 * Unicast. Make sure it's not for us. 1850 */ 1851 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1852 if (bif->bif_ifp->if_type != IFT_ETHER) 1853 continue; 1854 1855 /* It is destined for us. */ 1856 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1857 ETHER_ADDR_LEN) == 0) { 1858 if (bif->bif_flags & IFBIF_LEARNING) { 1859 bridge_rtupdate(sc, 1860 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1861 } 1862 1863 if (bif->bif_ifp != ifp) { 1864 /* XXX loop prevention */ 1865 m->m_flags |= M_PROTO1; 1866 new_ifp = bif->bif_ifp; 1867 } 1868 goto out; 1869 } 1870 1871 /* We just received a packet that we sent out. */ 1872 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1873 ETHER_ADDR_LEN) == 0) { 1874 m_freem(m); 1875 m = NULL; 1876 goto out; 1877 } 1878 } 1879 1880 /* Perform the bridge forwarding function. */ 1881 bridge_forward(sc, m); 1882 m = NULL; 1883 out: 1884 lwkt_serialize_exit(bifp->if_serializer); 1885 1886 if (new_ifp != NULL) { 1887 lwkt_serialize_enter(new_ifp->if_serializer); 1888 1889 m->m_pkthdr.rcvif = new_ifp; 1890 new_ifp->if_ipackets++; 1891 new_ifp->if_input(new_ifp, m); 1892 m = NULL; 1893 1894 lwkt_serialize_exit(new_ifp->if_serializer); 1895 } 1896 return (m); 1897 } 1898 1899 /* 1900 * bridge_broadcast: 1901 * 1902 * Send a frame to all interfaces that are members of 1903 * the bridge, except for the one on which the packet 1904 * arrived. 1905 */ 1906 static void 1907 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1908 struct mbuf *m, int runfilt) 1909 { 1910 struct bridge_iflist *bif; 1911 struct mbuf *mc; 1912 struct ifnet *dst_if, *bifp; 1913 int used = 0; 1914 1915 bifp = sc->sc_ifp; 1916 1917 ASSERT_SERIALIZED(bifp->if_serializer); 1918 1919 /* run the packet filter */ 1920 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1921 #ifdef INET6 1922 || inet6_pfil_hook.ph_hashooks > 0 1923 #endif 1924 )) { 1925 lwkt_serialize_exit(bifp->if_serializer); 1926 1927 /* Filter on the bridge interface before broadcasting */ 1928 1929 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 1930 goto filt; 1931 if (m == NULL) 1932 goto filt; 1933 1934 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 1935 m = NULL; 1936 filt: 1937 lwkt_serialize_enter(bifp->if_serializer); 1938 if (m == NULL) 1939 return; 1940 } 1941 1942 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1943 dst_if = bif->bif_ifp; 1944 if (dst_if == src_if) 1945 continue; 1946 1947 if (bif->bif_flags & IFBIF_STP) { 1948 switch (bif->bif_state) { 1949 case BSTP_IFSTATE_BLOCKING: 1950 case BSTP_IFSTATE_DISABLED: 1951 continue; 1952 } 1953 } 1954 1955 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1956 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 1957 continue; 1958 1959 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1960 continue; 1961 1962 if (LIST_NEXT(bif, bif_next) == NULL) { 1963 mc = m; 1964 used = 1; 1965 } else { 1966 mc = m_copypacket(m, MB_DONTWAIT); 1967 if (mc == NULL) { 1968 sc->sc_ifp->if_oerrors++; 1969 continue; 1970 } 1971 } 1972 bridge_pfil_enqueue(dst_if, mc, runfilt); 1973 } 1974 if (used == 0) 1975 m_freem(m); 1976 } 1977 1978 /* 1979 * bridge_span: 1980 * 1981 * Duplicate a packet out one or more interfaces that are in span mode, 1982 * the original mbuf is unmodified. 1983 */ 1984 static void 1985 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1986 { 1987 struct bridge_iflist *bif; 1988 struct ifnet *dst_if; 1989 struct mbuf *mc; 1990 1991 if (LIST_EMPTY(&sc->sc_spanlist)) 1992 return; 1993 1994 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1995 dst_if = bif->bif_ifp; 1996 1997 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1998 continue; 1999 2000 mc = m_copypacket(m, MB_DONTWAIT); 2001 if (mc == NULL) { 2002 sc->sc_ifp->if_oerrors++; 2003 continue; 2004 } 2005 2006 bridge_enqueue(dst_if, mc); 2007 } 2008 } 2009 2010 /* 2011 * bridge_rtupdate: 2012 * 2013 * Add a bridge routing entry. 2014 * Can be called from interrupt context. 2015 */ 2016 static int 2017 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2018 struct ifnet *dst_if, int setflags, uint8_t flags) 2019 { 2020 struct bridge_rtnode *brt; 2021 int error; 2022 2023 /* 2024 * A route for this destination might already exist. If so, 2025 * update it, otherwise create a new one. 2026 */ 2027 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2028 if (sc->sc_brtcnt >= sc->sc_brtmax) 2029 return (ENOSPC); 2030 2031 /* 2032 * Allocate a new bridge forwarding node, and 2033 * initialize the expiration time and Ethernet 2034 * address. 2035 */ 2036 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 2037 M_INTNOWAIT|M_ZERO); 2038 if (brt == NULL) 2039 return (ENOMEM); 2040 2041 brt->brt_flags = IFBAF_DYNAMIC; 2042 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2043 2044 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2045 kfree(brt, M_DEVBUF); 2046 return (error); 2047 } 2048 } 2049 2050 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2051 brt->brt_ifp = dst_if; 2052 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2053 brt->brt_expire = time_second + sc->sc_brttimeout; 2054 if (setflags) 2055 brt->brt_flags = flags; 2056 2057 return (0); 2058 } 2059 2060 /* 2061 * bridge_rtlookup: 2062 * 2063 * Lookup the destination interface for an address. 2064 */ 2065 static struct ifnet * 2066 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2067 { 2068 struct bridge_rtnode *brt; 2069 2070 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2071 return (NULL); 2072 2073 return (brt->brt_ifp); 2074 } 2075 2076 /* 2077 * bridge_rttrim: 2078 * 2079 * Trim the routine table so that we have a number 2080 * of routing entries less than or equal to the 2081 * maximum number. 2082 */ 2083 static void 2084 bridge_rttrim(struct bridge_softc *sc) 2085 { 2086 struct bridge_rtnode *brt, *nbrt; 2087 2088 /* Make sure we actually need to do this. */ 2089 if (sc->sc_brtcnt <= sc->sc_brtmax) 2090 return; 2091 2092 /* Force an aging cycle; this might trim enough addresses. */ 2093 bridge_rtage(sc); 2094 if (sc->sc_brtcnt <= sc->sc_brtmax) 2095 return; 2096 2097 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2098 nbrt = LIST_NEXT(brt, brt_list); 2099 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2100 bridge_rtnode_destroy(sc, brt); 2101 if (sc->sc_brtcnt <= sc->sc_brtmax) 2102 return; 2103 } 2104 } 2105 } 2106 2107 /* 2108 * bridge_timer: 2109 * 2110 * Aging timer for the bridge. 2111 */ 2112 static void 2113 bridge_timer(void *arg) 2114 { 2115 struct bridge_softc *sc = arg; 2116 2117 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 2118 2119 bridge_rtage(sc); 2120 2121 if (sc->sc_ifp->if_flags & IFF_RUNNING) 2122 callout_reset(&sc->sc_brcallout, 2123 bridge_rtable_prune_period * hz, bridge_timer, sc); 2124 2125 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 2126 } 2127 2128 /* 2129 * bridge_rtage: 2130 * 2131 * Perform an aging cycle. 2132 */ 2133 static void 2134 bridge_rtage(struct bridge_softc *sc) 2135 { 2136 struct bridge_rtnode *brt, *nbrt; 2137 2138 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2139 nbrt = LIST_NEXT(brt, brt_list); 2140 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2141 if (time_second >= brt->brt_expire) 2142 bridge_rtnode_destroy(sc, brt); 2143 } 2144 } 2145 } 2146 2147 /* 2148 * bridge_rtflush: 2149 * 2150 * Remove all dynamic addresses from the bridge. 2151 */ 2152 static void 2153 bridge_rtflush(struct bridge_softc *sc, int full) 2154 { 2155 struct bridge_rtnode *brt, *nbrt; 2156 2157 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2158 nbrt = LIST_NEXT(brt, brt_list); 2159 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2160 bridge_rtnode_destroy(sc, brt); 2161 } 2162 } 2163 2164 /* 2165 * bridge_rtdaddr: 2166 * 2167 * Remove an address from the table. 2168 */ 2169 static int 2170 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2171 { 2172 struct bridge_rtnode *brt; 2173 2174 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2175 return (ENOENT); 2176 2177 bridge_rtnode_destroy(sc, brt); 2178 return (0); 2179 } 2180 2181 /* 2182 * bridge_rtdelete: 2183 * 2184 * Delete routes to a speicifc member interface. 2185 */ 2186 void 2187 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2188 { 2189 struct bridge_rtnode *brt, *nbrt; 2190 2191 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2192 nbrt = LIST_NEXT(brt, brt_list); 2193 if (brt->brt_ifp == ifp && (full || 2194 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2195 bridge_rtnode_destroy(sc, brt); 2196 } 2197 } 2198 2199 /* 2200 * bridge_rtable_init: 2201 * 2202 * Initialize the route table for this bridge. 2203 */ 2204 static int 2205 bridge_rtable_init(struct bridge_softc *sc) 2206 { 2207 int i; 2208 2209 sc->sc_rthash = kmalloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2210 M_DEVBUF, M_WAITOK); 2211 2212 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2213 LIST_INIT(&sc->sc_rthash[i]); 2214 2215 sc->sc_rthash_key = karc4random(); 2216 2217 LIST_INIT(&sc->sc_rtlist); 2218 2219 return (0); 2220 } 2221 2222 /* 2223 * bridge_rtable_fini: 2224 * 2225 * Deconstruct the route table for this bridge. 2226 */ 2227 static void 2228 bridge_rtable_fini(struct bridge_softc *sc) 2229 { 2230 2231 kfree(sc->sc_rthash, M_DEVBUF); 2232 } 2233 2234 /* 2235 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2236 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2237 */ 2238 #define mix(a, b, c) \ 2239 do { \ 2240 a -= b; a -= c; a ^= (c >> 13); \ 2241 b -= c; b -= a; b ^= (a << 8); \ 2242 c -= a; c -= b; c ^= (b >> 13); \ 2243 a -= b; a -= c; a ^= (c >> 12); \ 2244 b -= c; b -= a; b ^= (a << 16); \ 2245 c -= a; c -= b; c ^= (b >> 5); \ 2246 a -= b; a -= c; a ^= (c >> 3); \ 2247 b -= c; b -= a; b ^= (a << 10); \ 2248 c -= a; c -= b; c ^= (b >> 15); \ 2249 } while (/*CONSTCOND*/0) 2250 2251 static __inline uint32_t 2252 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2253 { 2254 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2255 2256 b += addr[5] << 8; 2257 b += addr[4]; 2258 a += addr[3] << 24; 2259 a += addr[2] << 16; 2260 a += addr[1] << 8; 2261 a += addr[0]; 2262 2263 mix(a, b, c); 2264 2265 return (c & BRIDGE_RTHASH_MASK); 2266 } 2267 2268 #undef mix 2269 2270 static int 2271 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2272 { 2273 int i, d; 2274 2275 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2276 d = ((int)a[i]) - ((int)b[i]); 2277 } 2278 2279 return (d); 2280 } 2281 2282 /* 2283 * bridge_rtnode_lookup: 2284 * 2285 * Look up a bridge route node for the specified destination. 2286 */ 2287 static struct bridge_rtnode * 2288 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2289 { 2290 struct bridge_rtnode *brt; 2291 uint32_t hash; 2292 int dir; 2293 2294 hash = bridge_rthash(sc, addr); 2295 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2296 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2297 if (dir == 0) 2298 return (brt); 2299 if (dir > 0) 2300 return (NULL); 2301 } 2302 2303 return (NULL); 2304 } 2305 2306 /* 2307 * bridge_rtnode_insert: 2308 * 2309 * Insert the specified bridge node into the route table. We 2310 * assume the entry is not already in the table. 2311 */ 2312 static int 2313 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2314 { 2315 struct bridge_rtnode *lbrt; 2316 uint32_t hash; 2317 int dir; 2318 2319 hash = bridge_rthash(sc, brt->brt_addr); 2320 2321 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2322 if (lbrt == NULL) { 2323 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2324 goto out; 2325 } 2326 2327 do { 2328 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2329 if (dir == 0) 2330 return (EEXIST); 2331 if (dir > 0) { 2332 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2333 goto out; 2334 } 2335 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2336 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2337 goto out; 2338 } 2339 lbrt = LIST_NEXT(lbrt, brt_hash); 2340 } while (lbrt != NULL); 2341 2342 #ifdef DIAGNOSTIC 2343 panic("bridge_rtnode_insert: impossible"); 2344 #endif 2345 2346 out: 2347 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2348 sc->sc_brtcnt++; 2349 2350 return (0); 2351 } 2352 2353 /* 2354 * bridge_rtnode_destroy: 2355 * 2356 * Destroy a bridge rtnode. 2357 */ 2358 static void 2359 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2360 { 2361 2362 LIST_REMOVE(brt, brt_hash); 2363 2364 LIST_REMOVE(brt, brt_list); 2365 sc->sc_brtcnt--; 2366 kfree(brt, M_DEVBUF); 2367 } 2368 2369 /* 2370 * Send bridge packets through pfil if they are one of the types pfil can deal 2371 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2372 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2373 * that interface. 2374 */ 2375 static int 2376 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2377 { 2378 int snap, error, i, hlen; 2379 struct ether_header *eh1, eh2; 2380 struct ip *ip; 2381 struct llc llc1; 2382 u_int16_t ether_type; 2383 2384 snap = 0; 2385 error = -1; /* Default error if not error == 0 */ 2386 2387 if (pfil_bridge == 0 && pfil_member == 0) 2388 return (0); /* filtering is disabled */ 2389 2390 i = min((*mp)->m_pkthdr.len, max_protohdr); 2391 if ((*mp)->m_len < i) { 2392 *mp = m_pullup(*mp, i); 2393 if (*mp == NULL) { 2394 kprintf("%s: m_pullup failed\n", __func__); 2395 return (-1); 2396 } 2397 } 2398 2399 eh1 = mtod(*mp, struct ether_header *); 2400 ether_type = ntohs(eh1->ether_type); 2401 2402 /* 2403 * Check for SNAP/LLC. 2404 */ 2405 if (ether_type < ETHERMTU) { 2406 struct llc *llc2 = (struct llc *)(eh1 + 1); 2407 2408 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2409 llc2->llc_dsap == LLC_SNAP_LSAP && 2410 llc2->llc_ssap == LLC_SNAP_LSAP && 2411 llc2->llc_control == LLC_UI) { 2412 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2413 snap = 1; 2414 } 2415 } 2416 2417 /* 2418 * If we're trying to filter bridge traffic, don't look at anything 2419 * other than IP and ARP traffic. If the filter doesn't understand 2420 * IPv6, don't allow IPv6 through the bridge either. This is lame 2421 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2422 * but of course we don't have an AppleTalk filter to begin with. 2423 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2424 * ARP traffic.) 2425 */ 2426 switch (ether_type) { 2427 case ETHERTYPE_ARP: 2428 case ETHERTYPE_REVARP: 2429 return (0); /* Automatically pass */ 2430 case ETHERTYPE_IP: 2431 #ifdef INET6 2432 case ETHERTYPE_IPV6: 2433 #endif /* INET6 */ 2434 break; 2435 default: 2436 /* 2437 * Check to see if the user wants to pass non-ip 2438 * packets, these will not be checked by pfil(9) and 2439 * passed unconditionally so the default is to drop. 2440 */ 2441 if (pfil_onlyip) 2442 goto bad; 2443 } 2444 2445 /* Strip off the Ethernet header and keep a copy. */ 2446 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2447 m_adj(*mp, ETHER_HDR_LEN); 2448 2449 /* Strip off snap header, if present */ 2450 if (snap) { 2451 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2452 m_adj(*mp, sizeof(struct llc)); 2453 } 2454 2455 /* 2456 * Check the IP header for alignment and errors 2457 */ 2458 if (dir == PFIL_IN) { 2459 switch (ether_type) { 2460 case ETHERTYPE_IP: 2461 error = bridge_ip_checkbasic(mp); 2462 break; 2463 #ifdef INET6 2464 case ETHERTYPE_IPV6: 2465 error = bridge_ip6_checkbasic(mp); 2466 break; 2467 #endif /* INET6 */ 2468 default: 2469 error = 0; 2470 } 2471 if (error) 2472 goto bad; 2473 } 2474 2475 error = 0; 2476 2477 /* 2478 * Run the packet through pfil 2479 */ 2480 switch (ether_type) 2481 { 2482 case ETHERTYPE_IP : 2483 /* 2484 * before calling the firewall, swap fields the same as 2485 * IP does. here we assume the header is contiguous 2486 */ 2487 ip = mtod(*mp, struct ip *); 2488 2489 ip->ip_len = ntohs(ip->ip_len); 2490 ip->ip_off = ntohs(ip->ip_off); 2491 2492 /* 2493 * Run pfil on the member interface and the bridge, both can 2494 * be skipped by clearing pfil_member or pfil_bridge. 2495 * 2496 * Keep the order: 2497 * in_if -> bridge_if -> out_if 2498 */ 2499 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2500 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2501 dir); 2502 2503 if (*mp == NULL || error != 0) /* filter may consume */ 2504 break; 2505 2506 if (pfil_member && ifp != NULL) 2507 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2508 dir); 2509 2510 if (*mp == NULL || error != 0) /* filter may consume */ 2511 break; 2512 2513 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2514 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2515 dir); 2516 2517 if (*mp == NULL || error != 0) /* filter may consume */ 2518 break; 2519 2520 /* check if we need to fragment the packet */ 2521 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2522 i = (*mp)->m_pkthdr.len; 2523 if (i > ifp->if_mtu) { 2524 error = bridge_fragment(ifp, *mp, &eh2, snap, 2525 &llc1); 2526 return (error); 2527 } 2528 } 2529 2530 /* Recalculate the ip checksum and restore byte ordering */ 2531 ip = mtod(*mp, struct ip *); 2532 hlen = ip->ip_hl << 2; 2533 if (hlen < sizeof(struct ip)) 2534 goto bad; 2535 if (hlen > (*mp)->m_len) { 2536 if ((*mp = m_pullup(*mp, hlen)) == 0) 2537 goto bad; 2538 ip = mtod(*mp, struct ip *); 2539 if (ip == NULL) 2540 goto bad; 2541 } 2542 ip->ip_len = htons(ip->ip_len); 2543 ip->ip_off = htons(ip->ip_off); 2544 ip->ip_sum = 0; 2545 if (hlen == sizeof(struct ip)) 2546 ip->ip_sum = in_cksum_hdr(ip); 2547 else 2548 ip->ip_sum = in_cksum(*mp, hlen); 2549 2550 break; 2551 #ifdef INET6 2552 case ETHERTYPE_IPV6 : 2553 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2554 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2555 dir); 2556 2557 if (*mp == NULL || error != 0) /* filter may consume */ 2558 break; 2559 2560 if (pfil_member && ifp != NULL) 2561 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2562 dir); 2563 2564 if (*mp == NULL || error != 0) /* filter may consume */ 2565 break; 2566 2567 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2568 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2569 dir); 2570 break; 2571 #endif 2572 default : 2573 error = 0; 2574 break; 2575 } 2576 2577 if (*mp == NULL) 2578 return (error); 2579 if (error != 0) 2580 goto bad; 2581 2582 error = -1; 2583 2584 /* 2585 * Finally, put everything back the way it was and return 2586 */ 2587 if (snap) { 2588 M_PREPEND(*mp, sizeof(struct llc), MB_DONTWAIT); 2589 if (*mp == NULL) 2590 return (error); 2591 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2592 } 2593 2594 M_PREPEND(*mp, ETHER_HDR_LEN, MB_DONTWAIT); 2595 if (*mp == NULL) 2596 return (error); 2597 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2598 2599 return (0); 2600 2601 bad: 2602 m_freem(*mp); 2603 *mp = NULL; 2604 return (error); 2605 } 2606 2607 /* 2608 * Perform basic checks on header size since 2609 * pfil assumes ip_input has already processed 2610 * it for it. Cut-and-pasted from ip_input.c. 2611 * Given how simple the IPv6 version is, 2612 * does the IPv4 version really need to be 2613 * this complicated? 2614 * 2615 * XXX Should we update ipstat here, or not? 2616 * XXX Right now we update ipstat but not 2617 * XXX csum_counter. 2618 */ 2619 static int 2620 bridge_ip_checkbasic(struct mbuf **mp) 2621 { 2622 struct mbuf *m = *mp; 2623 struct ip *ip; 2624 int len, hlen; 2625 u_short sum; 2626 2627 if (*mp == NULL) 2628 return (-1); 2629 #if notyet 2630 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2631 if ((m = m_copyup(m, sizeof(struct ip), 2632 (max_linkhdr + 3) & ~3)) == NULL) { 2633 /* XXXJRT new stat, please */ 2634 ipstat.ips_toosmall++; 2635 goto bad; 2636 } 2637 } else 2638 #endif 2639 #ifndef __predict_false 2640 #define __predict_false(x) x 2641 #endif 2642 if (__predict_false(m->m_len < sizeof (struct ip))) { 2643 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2644 ipstat.ips_toosmall++; 2645 goto bad; 2646 } 2647 } 2648 ip = mtod(m, struct ip *); 2649 if (ip == NULL) goto bad; 2650 2651 if (ip->ip_v != IPVERSION) { 2652 ipstat.ips_badvers++; 2653 goto bad; 2654 } 2655 hlen = ip->ip_hl << 2; 2656 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2657 ipstat.ips_badhlen++; 2658 goto bad; 2659 } 2660 if (hlen > m->m_len) { 2661 if ((m = m_pullup(m, hlen)) == 0) { 2662 ipstat.ips_badhlen++; 2663 goto bad; 2664 } 2665 ip = mtod(m, struct ip *); 2666 if (ip == NULL) goto bad; 2667 } 2668 2669 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2670 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2671 } else { 2672 if (hlen == sizeof(struct ip)) { 2673 sum = in_cksum_hdr(ip); 2674 } else { 2675 sum = in_cksum(m, hlen); 2676 } 2677 } 2678 if (sum) { 2679 ipstat.ips_badsum++; 2680 goto bad; 2681 } 2682 2683 /* Retrieve the packet length. */ 2684 len = ntohs(ip->ip_len); 2685 2686 /* 2687 * Check for additional length bogosity 2688 */ 2689 if (len < hlen) { 2690 ipstat.ips_badlen++; 2691 goto bad; 2692 } 2693 2694 /* 2695 * Check that the amount of data in the buffers 2696 * is as at least much as the IP header would have us expect. 2697 * Drop packet if shorter than we expect. 2698 */ 2699 if (m->m_pkthdr.len < len) { 2700 ipstat.ips_tooshort++; 2701 goto bad; 2702 } 2703 2704 /* Checks out, proceed */ 2705 *mp = m; 2706 return (0); 2707 2708 bad: 2709 *mp = m; 2710 return (-1); 2711 } 2712 2713 #ifdef INET6 2714 /* 2715 * Same as above, but for IPv6. 2716 * Cut-and-pasted from ip6_input.c. 2717 * XXX Should we update ip6stat, or not? 2718 */ 2719 static int 2720 bridge_ip6_checkbasic(struct mbuf **mp) 2721 { 2722 struct mbuf *m = *mp; 2723 struct ip6_hdr *ip6; 2724 2725 /* 2726 * If the IPv6 header is not aligned, slurp it up into a new 2727 * mbuf with space for link headers, in the event we forward 2728 * it. Otherwise, if it is aligned, make sure the entire base 2729 * IPv6 header is in the first mbuf of the chain. 2730 */ 2731 #if notyet 2732 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2733 struct ifnet *inifp = m->m_pkthdr.rcvif; 2734 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2735 (max_linkhdr + 3) & ~3)) == NULL) { 2736 /* XXXJRT new stat, please */ 2737 ip6stat.ip6s_toosmall++; 2738 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2739 goto bad; 2740 } 2741 } else 2742 #endif 2743 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2744 struct ifnet *inifp = m->m_pkthdr.rcvif; 2745 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2746 ip6stat.ip6s_toosmall++; 2747 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2748 goto bad; 2749 } 2750 } 2751 2752 ip6 = mtod(m, struct ip6_hdr *); 2753 2754 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2755 ip6stat.ip6s_badvers++; 2756 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2757 goto bad; 2758 } 2759 2760 /* Checks out, proceed */ 2761 *mp = m; 2762 return (0); 2763 2764 bad: 2765 *mp = m; 2766 return (-1); 2767 } 2768 #endif /* INET6 */ 2769 2770 /* 2771 * bridge_fragment: 2772 * 2773 * Return a fragmented mbuf chain. 2774 */ 2775 static int 2776 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 2777 int snap, struct llc *llc) 2778 { 2779 struct mbuf *m0; 2780 struct ip *ip; 2781 int error = -1; 2782 2783 if (m->m_len < sizeof(struct ip) && 2784 (m = m_pullup(m, sizeof(struct ip))) == NULL) 2785 goto out; 2786 ip = mtod(m, struct ip *); 2787 2788 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 2789 CSUM_DELAY_IP); 2790 if (error) 2791 goto out; 2792 2793 /* walk the chain and re-add the Ethernet header */ 2794 for (m0 = m; m0; m0 = m0->m_nextpkt) { 2795 if (error == 0) { 2796 if (snap) { 2797 M_PREPEND(m0, sizeof(struct llc), MB_DONTWAIT); 2798 if (m0 == NULL) { 2799 error = ENOBUFS; 2800 continue; 2801 } 2802 bcopy(llc, mtod(m0, caddr_t), 2803 sizeof(struct llc)); 2804 } 2805 M_PREPEND(m0, ETHER_HDR_LEN, MB_DONTWAIT); 2806 if (m0 == NULL) { 2807 error = ENOBUFS; 2808 continue; 2809 } 2810 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 2811 } else 2812 m_freem(m); 2813 } 2814 2815 if (error == 0) 2816 ipstat.ips_fragmented++; 2817 2818 return (error); 2819 2820 out: 2821 if (m != NULL) 2822 m_freem(m); 2823 return (error); 2824 } 2825 2826 static void 2827 bridge_enqueue_handler(struct netmsg *nmsg) 2828 { 2829 struct netmsg_packet *nmp; 2830 struct ifnet *dst_ifp; 2831 struct mbuf *m; 2832 2833 nmp = (struct netmsg_packet *)nmsg; 2834 m = nmp->nm_packet; 2835 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2836 2837 bridge_handoff_notags(dst_ifp, m); 2838 } 2839 2840 static void 2841 bridge_pfil_enqueue_handler(struct netmsg *nmsg) 2842 { 2843 struct netmsg_packet *nmp; 2844 struct ifnet *dst_ifp; 2845 struct mbuf *m; 2846 2847 nmp = (struct netmsg_packet *)nmsg; 2848 m = nmp->nm_packet; 2849 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2850 2851 /* 2852 * Filter on the output interface. Pass a NULL bridge interface 2853 * pointer so we do not redundantly filter on the bridge for 2854 * each interface we broadcast on. 2855 */ 2856 if (inet_pfil_hook.ph_hashooks > 0 2857 #ifdef INET6 2858 || inet6_pfil_hook.ph_hashooks > 0 2859 #endif 2860 ) { 2861 if (bridge_pfil(&m, NULL, dst_ifp, PFIL_OUT) != 0) 2862 return; 2863 if (m == NULL) 2864 return; 2865 } 2866 bridge_handoff_notags(dst_ifp, m); 2867 } 2868 2869 static void 2870 bridge_handoff(struct ifnet *dst_ifp, struct mbuf *m) 2871 { 2872 while (m->m_type == MT_TAG) { 2873 /* XXX see ether_output_frame for full rules check */ 2874 m = m->m_next; 2875 } 2876 bridge_handoff_notags(dst_ifp, m); 2877 } 2878 2879 static void 2880 bridge_handoff_notags(struct ifnet *dst_ifp, struct mbuf *m) 2881 { 2882 struct mbuf *m0; 2883 2884 KKASSERT(m->m_type != MT_TAG); 2885 2886 lwkt_serialize_enter(dst_ifp->if_serializer); 2887 2888 /* We may be sending a fragment so traverse the mbuf */ 2889 for (; m; m = m0) { 2890 struct altq_pktattr pktattr; 2891 2892 m0 = m->m_nextpkt; 2893 m->m_nextpkt = NULL; 2894 2895 if (ifq_is_enabled(&dst_ifp->if_snd)) 2896 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 2897 2898 ifq_handoff(dst_ifp, m, &pktattr); 2899 } 2900 2901 lwkt_serialize_exit(dst_ifp->if_serializer); 2902 } 2903