1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 * 81 * 82 * Bridge's route information is duplicated to each CPUs: 83 * 84 * CPU0 CPU1 CPU2 CPU3 85 * +-----------+ +-----------+ +-----------+ +-----------+ 86 * | rtnode | | rtnode | | rtnode | | rtnode | 87 * | | | | | | | | 88 * | dst eaddr | | dst eaddr | | dst eaddr | | dst eaddr | 89 * +-----------+ +-----------+ +-----------+ +-----------+ 90 * | | | | 91 * | | | | 92 * | | +----------+ | | 93 * | | | rtinfo | | | 94 * | +---->| |<---+ | 95 * | | flags | | 96 * +-------------->| timeout |<-------------+ 97 * | dst_ifp | 98 * +----------+ 99 * 100 * We choose to put timeout and dst_ifp into shared part, so updating 101 * them will be cheaper than using message forwarding. Also there is 102 * not need to use spinlock to protect the updating: timeout and dst_ifp 103 * is not related and specific field's updating order has no importance. 104 * The cache pollution by the share part should not be heavy: in a stable 105 * setup, dst_ifp probably will be not changed in rtnode's life time, 106 * while timeout is refreshed once per second; most of the time, timeout 107 * and dst_ifp are read-only accessed. 108 * 109 * 110 * Bridge route information installation on bridge_input path: 111 * 112 * CPU0 CPU1 CPU2 CPU3 113 * 114 * netisr2 115 * | 116 * alloc nmsg 117 * snd nmsg | 118 * w/o rtinfo | 119 * netisr0<-----------------------+ 120 * | : 121 * lookup dst : 122 * rtnode exists?(Y)free nmsg : 123 * |(N) : 124 * | : 125 * alloc rtinfo : 126 * alloc rtnode : 127 * install rtnode : 128 * | : 129 * +---------->netisr1 : 130 * : fwd nmsg | : 131 * : w/ rtinfo | : 132 * : | : 133 * : | : 134 * alloc rtnode : 135 * (w/ nmsg's rtinfo) : 136 * install rtnode : 137 * | : 138 * +----------->| 139 * : fwd nmsg | 140 * : w/ rtinfo | 141 * : | 142 * : same as netisr1 143 * | 144 * +---------->netisr3 145 * : fwd nmsg | 146 * : w/ rtinfo | 147 * : | 148 * : same as netisr1 149 * free nmsg 150 * : 151 * : 152 * 153 * The netmsgs forwarded between netisr2 are allocated with 154 * (M_WAITOK|M_NULLOK), so it will not fail under most cases (route 155 * information is too precious to be not installed :). Since multiple 156 * netisrs may try to install route information for the same dst eaddr, 157 * we look up route information in netisr0. However, this looking up 158 * only need to be performed on netisr0, which is the start point of 159 * the route information installation process. 160 * 161 * 162 * Bridge route information deleting/flushing: 163 * 164 * CPU0 CPU1 CPU2 CPU3 165 * 166 * netisr0 167 * | 168 * find suitable rtnodes, 169 * mark their rtinfo dead 170 * | 171 * | domsg <-------------------------------------------+ 172 * : delete rtnodes | replymsg 173 * : w/ dead rtinfo | 174 * : | 175 * : fwdmsg fwdmsg fwdmsg | 176 * :----------> netisr1 --------> netisr2 --------> netisr3 177 * delete rtnodes delete rtnodes delete rtnodes 178 * w/ dead rtinfo w/ dead rtinfo w/ dead rtinfo 179 * free dead rtinfos 180 * 181 * All deleting/flushing operations are serialized by netisr0, so each 182 * operation only reaps the route information marked dead by itself. 183 * 184 * 185 * Bridge route information adding/deleting/flushing: 186 * Since all operation is serialized by the fixed message flow between 187 * netisrs, it is not possible to create corrupted per-cpu route 188 * information. 189 * 190 * 191 * 192 * XXX This no longer applies. 193 * Percpu member interface list iteration with blocking operation: 194 * Since one bridge could only delete one member interface at a time and 195 * the deleted member interface is not freed after netmsg_service_sync(), 196 * following way is used to make sure that even if the certain member 197 * interface is ripped from the percpu list during the blocking operation, 198 * the iteration still could keep going: 199 * 200 * TAILQ_FOREACH_MUTABLE(bif, sc->sc_iflists[mycpuid], bif_next, nbif) { 201 * blocking operation; 202 * blocking operation; 203 * ... 204 * ... 205 * if (nbif != NULL && !nbif->bif_onlist) { 206 * KKASSERT(bif->bif_onlist); 207 * nbif = TAILQ_NEXT(bif, bif_next); 208 * } 209 * } 210 * 211 * As mentioned above only one member interface could be unlinked from the 212 * percpu member interface list, so either bif or nbif may be not on the list, 213 * but _not_ both. To keep the list iteration, we don't care about bif, but 214 * only nbif. Since removed member interface will only be freed after we 215 * finish our work, it is safe to access any field in an unlinked bif (here 216 * bif_onlist). If nbif is no longer on the list, then bif must be on the 217 * list, so we change nbif to the next element of bif and keep going. 218 */ 219 220 #include "opt_inet.h" 221 #include "opt_inet6.h" 222 223 #include <sys/param.h> 224 #include <sys/mbuf.h> 225 #include <sys/malloc.h> 226 #include <sys/protosw.h> 227 #include <sys/systm.h> 228 #include <sys/time.h> 229 #include <sys/socket.h> /* for net/if.h */ 230 #include <sys/sockio.h> 231 #include <sys/ctype.h> /* string functions */ 232 #include <sys/kernel.h> 233 #include <sys/random.h> 234 #include <sys/sysctl.h> 235 #include <sys/module.h> 236 #include <sys/proc.h> 237 #include <sys/caps.h> 238 #include <sys/lock.h> 239 #include <sys/thread.h> 240 #include <sys/thread2.h> 241 #include <sys/mpipe.h> 242 243 #include <net/bpf.h> 244 #include <net/if.h> 245 #include <net/if_dl.h> 246 #include <net/if_types.h> 247 #include <net/if_var.h> 248 #include <net/pfil.h> 249 #include <net/ifq_var.h> 250 #include <net/if_clone.h> 251 252 #include <netinet/in.h> /* for struct arpcom */ 253 #include <netinet/in_systm.h> 254 #include <netinet/in_var.h> 255 #include <netinet/ip.h> 256 #include <netinet/ip_var.h> 257 #ifdef INET6 258 #include <netinet/ip6.h> 259 #include <netinet6/ip6_var.h> 260 #endif 261 #include <netinet/if_ether.h> /* for struct arpcom */ 262 #include <net/bridge/if_bridgevar.h> 263 #include <net/if_llc.h> 264 #include <net/netmsg2.h> 265 #include <net/netisr2.h> 266 267 #include <net/route.h> 268 #include <sys/in_cksum.h> 269 270 /* 271 * Size of the route hash table. Must be a power of two. 272 */ 273 #ifndef BRIDGE_RTHASH_SIZE 274 #define BRIDGE_RTHASH_SIZE 1024 275 #endif 276 277 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 278 279 /* 280 * Maximum number of addresses to cache. 281 */ 282 #ifndef BRIDGE_RTABLE_MAX 283 #define BRIDGE_RTABLE_MAX 4096 284 #endif 285 286 /* 287 * Spanning tree defaults. 288 */ 289 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 290 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 291 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 292 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 293 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 294 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 295 #define BSTP_DEFAULT_PATH_COST 55 296 297 /* 298 * Timeout (in seconds) for entries learned dynamically. 299 */ 300 #ifndef BRIDGE_RTABLE_TIMEOUT 301 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 302 #endif 303 304 /* 305 * Number of seconds between walks of the route list. 306 */ 307 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 308 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 309 #endif 310 311 /* 312 * List of capabilities to mask on the member interface. 313 */ 314 #define BRIDGE_IFCAPS_MASK (IFCAP_TXCSUM | IFCAP_TSO) 315 316 typedef int (*bridge_ctl_t)(struct bridge_softc *, void *); 317 318 struct netmsg_brctl { 319 struct netmsg_base base; 320 bridge_ctl_t bc_func; 321 struct bridge_softc *bc_sc; 322 void *bc_arg; 323 }; 324 325 struct netmsg_brsaddr { 326 struct netmsg_base base; 327 struct bridge_softc *br_softc; 328 struct ifnet *br_dst_if; 329 struct bridge_rtinfo *br_rtinfo; 330 int br_setflags; 331 uint8_t br_dst[ETHER_ADDR_LEN]; 332 uint8_t br_flags; 333 }; 334 335 struct netmsg_braddbif { 336 struct netmsg_base base; 337 struct bridge_softc *br_softc; 338 struct bridge_ifinfo *br_bif_info; 339 struct ifnet *br_bif_ifp; 340 }; 341 342 struct netmsg_brdelbif { 343 struct netmsg_base base; 344 struct bridge_softc *br_softc; 345 struct bridge_ifinfo *br_bif_info; 346 struct bridge_iflist_head *br_bif_list; 347 }; 348 349 struct netmsg_brsflags { 350 struct netmsg_base base; 351 struct bridge_softc *br_softc; 352 struct bridge_ifinfo *br_bif_info; 353 uint32_t br_bif_flags; 354 }; 355 356 eventhandler_tag bridge_detach_cookie = NULL; 357 358 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 359 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *); 360 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 361 extern struct ifnet *(*bridge_interface_p)(void *if_bridge); 362 363 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 364 365 static int bridge_clone_create(struct if_clone *, int, caddr_t, caddr_t); 366 static int bridge_clone_destroy(struct ifnet *); 367 368 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 369 static void bridge_mutecaps(struct bridge_ifinfo *, struct ifnet *, int); 370 static void bridge_ifdetach(void *, struct ifnet *); 371 static void bridge_init(void *); 372 static int bridge_from_us(struct bridge_softc *, struct ether_header *); 373 static void bridge_stop(struct ifnet *); 374 static void bridge_start(struct ifnet *, struct ifaltq_subque *); 375 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 376 static int bridge_output(struct ifnet *, struct mbuf *); 377 static struct ifnet *bridge_interface(void *if_bridge); 378 379 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 380 381 static void bridge_timer_handler(netmsg_t); 382 static void bridge_timer(void *); 383 384 static void bridge_start_bcast(struct bridge_softc *, struct mbuf *); 385 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 386 struct mbuf *); 387 static void bridge_span(struct bridge_softc *, struct mbuf *); 388 389 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 390 struct ifnet *, uint8_t); 391 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 392 static void bridge_rtreap(struct bridge_softc *); 393 static void bridge_rtreap_async(struct bridge_softc *); 394 static void bridge_rttrim(struct bridge_softc *); 395 static int bridge_rtage_finddead(struct bridge_softc *); 396 static void bridge_rtage(struct bridge_softc *); 397 static void bridge_rtflush(struct bridge_softc *, int); 398 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 399 static int bridge_rtsaddr(struct bridge_softc *, const uint8_t *, 400 struct ifnet *, uint8_t); 401 static void bridge_rtmsg_sync(struct bridge_softc *sc); 402 static void bridge_rtreap_handler(netmsg_t); 403 static void bridge_rtinstall_handler(netmsg_t); 404 static int bridge_rtinstall_oncpu(struct bridge_softc *, const uint8_t *, 405 struct ifnet *, int, uint8_t, struct bridge_rtinfo **); 406 407 static void bridge_rtable_init(struct bridge_softc *); 408 static void bridge_rtable_fini(struct bridge_softc *); 409 410 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 411 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 412 const uint8_t *); 413 static void bridge_rtnode_insert(struct bridge_softc *, 414 struct bridge_rtnode *); 415 static void bridge_rtnode_destroy(struct bridge_softc *, 416 struct bridge_rtnode *); 417 418 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 419 const char *name); 420 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 421 struct ifnet *ifp); 422 static struct bridge_iflist *bridge_lookup_member_ifinfo(struct bridge_softc *, 423 struct bridge_ifinfo *); 424 static void bridge_delete_member(struct bridge_softc *, 425 struct bridge_iflist *, int); 426 static void bridge_delete_span(struct bridge_softc *, 427 struct bridge_iflist *); 428 429 static int bridge_control(struct bridge_softc *, u_long, 430 bridge_ctl_t, void *); 431 static int bridge_ioctl_init(struct bridge_softc *, void *); 432 static int bridge_ioctl_stop(struct bridge_softc *, void *); 433 static int bridge_ioctl_add(struct bridge_softc *, void *); 434 static int bridge_ioctl_del(struct bridge_softc *, void *); 435 static void bridge_ioctl_fillflags(struct bridge_softc *sc, 436 struct bridge_iflist *bif, struct ifbreq *req); 437 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 438 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 439 static int bridge_ioctl_scache(struct bridge_softc *, void *); 440 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 441 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 442 static int bridge_ioctl_rts(struct bridge_softc *, void *); 443 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 444 static int bridge_ioctl_sto(struct bridge_softc *, void *); 445 static int bridge_ioctl_gto(struct bridge_softc *, void *); 446 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 447 static int bridge_ioctl_flush(struct bridge_softc *, void *); 448 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 449 static int bridge_ioctl_spri(struct bridge_softc *, void *); 450 static int bridge_ioctl_reinit(struct bridge_softc *, void *); 451 static int bridge_ioctl_ght(struct bridge_softc *, void *); 452 static int bridge_ioctl_sht(struct bridge_softc *, void *); 453 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 454 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 455 static int bridge_ioctl_gma(struct bridge_softc *, void *); 456 static int bridge_ioctl_sma(struct bridge_softc *, void *); 457 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 458 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 459 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 460 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 461 static int bridge_ioctl_sifbondwght(struct bridge_softc *, void *); 462 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 463 int); 464 static int bridge_ip_checkbasic(struct mbuf **mp); 465 #ifdef INET6 466 static int bridge_ip6_checkbasic(struct mbuf **mp); 467 #endif /* INET6 */ 468 static int bridge_fragment(struct ifnet *, struct mbuf *, 469 struct ether_header *, int, struct llc *); 470 static void bridge_enqueue_handler(netmsg_t); 471 static void bridge_handoff(struct bridge_softc *, struct ifnet *, 472 struct mbuf *, int); 473 474 static void bridge_del_bif_handler(netmsg_t); 475 static void bridge_add_bif_handler(netmsg_t); 476 static void bridge_del_bif(struct bridge_softc *, struct bridge_ifinfo *, 477 struct bridge_iflist_head *); 478 static void bridge_add_bif(struct bridge_softc *, struct bridge_ifinfo *, 479 struct ifnet *); 480 481 SYSCTL_DECL(_net_link); 482 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 483 484 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 485 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 486 static int pfil_member = 1; /* run pfil hooks on the member interface */ 487 static int bridge_debug; 488 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 489 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 490 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 491 &pfil_bridge, 0, "Packet filter on the bridge interface"); 492 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 493 &pfil_member, 0, "Packet filter on the member interface"); 494 SYSCTL_INT(_net_link_bridge, OID_AUTO, debug, CTLFLAG_RW, 495 &bridge_debug, 0, "Bridge debug mode"); 496 497 struct bridge_control_arg { 498 union { 499 struct ifbreq ifbreq; 500 struct ifbifconf ifbifconf; 501 struct ifbareq ifbareq; 502 struct ifbaconf ifbaconf; 503 struct ifbrparam ifbrparam; 504 } bca_u; 505 int bca_len; 506 void *bca_uptr; 507 void *bca_kptr; 508 }; 509 510 struct bridge_control { 511 bridge_ctl_t bc_func; 512 int bc_argsize; 513 int bc_flags; 514 }; 515 516 #define BC_F_COPYIN 0x01 /* copy arguments in */ 517 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 518 #define BC_F_SUSER 0x04 /* do super-user check */ 519 520 const struct bridge_control bridge_control_table[] = { 521 { bridge_ioctl_add, sizeof(struct ifbreq), 522 BC_F_COPYIN|BC_F_SUSER }, 523 { bridge_ioctl_del, sizeof(struct ifbreq), 524 BC_F_COPYIN|BC_F_SUSER }, 525 526 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 527 BC_F_COPYIN|BC_F_COPYOUT }, 528 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 529 BC_F_COPYIN|BC_F_SUSER }, 530 531 { bridge_ioctl_scache, sizeof(struct ifbrparam), 532 BC_F_COPYIN|BC_F_SUSER }, 533 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 534 BC_F_COPYOUT }, 535 536 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 537 BC_F_COPYIN|BC_F_COPYOUT }, 538 { bridge_ioctl_rts, sizeof(struct ifbaconf), 539 BC_F_COPYIN|BC_F_COPYOUT }, 540 541 { bridge_ioctl_saddr, sizeof(struct ifbareq), 542 BC_F_COPYIN|BC_F_SUSER }, 543 544 { bridge_ioctl_sto, sizeof(struct ifbrparam), 545 BC_F_COPYIN|BC_F_SUSER }, 546 { bridge_ioctl_gto, sizeof(struct ifbrparam), 547 BC_F_COPYOUT }, 548 549 { bridge_ioctl_daddr, sizeof(struct ifbareq), 550 BC_F_COPYIN|BC_F_SUSER }, 551 552 { bridge_ioctl_flush, sizeof(struct ifbreq), 553 BC_F_COPYIN|BC_F_SUSER }, 554 555 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 556 BC_F_COPYOUT }, 557 { bridge_ioctl_spri, sizeof(struct ifbrparam), 558 BC_F_COPYIN|BC_F_SUSER }, 559 560 { bridge_ioctl_ght, sizeof(struct ifbrparam), 561 BC_F_COPYOUT }, 562 { bridge_ioctl_sht, sizeof(struct ifbrparam), 563 BC_F_COPYIN|BC_F_SUSER }, 564 565 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 566 BC_F_COPYOUT }, 567 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 568 BC_F_COPYIN|BC_F_SUSER }, 569 570 { bridge_ioctl_gma, sizeof(struct ifbrparam), 571 BC_F_COPYOUT }, 572 { bridge_ioctl_sma, sizeof(struct ifbrparam), 573 BC_F_COPYIN|BC_F_SUSER }, 574 575 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 576 BC_F_COPYIN|BC_F_SUSER }, 577 578 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 579 BC_F_COPYIN|BC_F_SUSER }, 580 581 { bridge_ioctl_addspan, sizeof(struct ifbreq), 582 BC_F_COPYIN|BC_F_SUSER }, 583 { bridge_ioctl_delspan, sizeof(struct ifbreq), 584 BC_F_COPYIN|BC_F_SUSER }, 585 586 { bridge_ioctl_sifbondwght, sizeof(struct ifbreq), 587 BC_F_COPYIN|BC_F_SUSER }, 588 589 }; 590 static const int bridge_control_table_size = NELEM(bridge_control_table); 591 592 LIST_HEAD(, bridge_softc) bridge_list; 593 594 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 595 bridge_clone_create, 596 bridge_clone_destroy, 0, IF_MAXUNIT); 597 598 static int 599 bridge_modevent(module_t mod, int type, void *data) 600 { 601 switch (type) { 602 case MOD_LOAD: 603 LIST_INIT(&bridge_list); 604 if_clone_attach(&bridge_cloner); 605 bridge_input_p = bridge_input; 606 bridge_output_p = bridge_output; 607 bridge_interface_p = bridge_interface; 608 bridge_detach_cookie = EVENTHANDLER_REGISTER( 609 ifnet_detach_event, bridge_ifdetach, NULL, 610 EVENTHANDLER_PRI_ANY); 611 #if 0 /* notyet */ 612 bstp_linkstate_p = bstp_linkstate; 613 #endif 614 break; 615 case MOD_UNLOAD: 616 if (!LIST_EMPTY(&bridge_list)) 617 return (EBUSY); 618 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 619 bridge_detach_cookie); 620 if_clone_detach(&bridge_cloner); 621 bridge_input_p = NULL; 622 bridge_output_p = NULL; 623 bridge_interface_p = NULL; 624 #if 0 /* notyet */ 625 bstp_linkstate_p = NULL; 626 #endif 627 break; 628 default: 629 return (EOPNOTSUPP); 630 } 631 return (0); 632 } 633 634 static moduledata_t bridge_mod = { 635 "if_bridge", 636 bridge_modevent, 637 0 638 }; 639 640 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 641 642 /*#define BRIDGE_DEBUG_ENABLE*/ 643 #ifdef BRIDGE_DEBUG_ENABLE 644 645 static void 646 BRIDGE_DEBUG(const char *str, struct ifnet *src_if, struct ifnet *dst_if, 647 struct mbuf *m) 648 { 649 if ((bridge_debug & 2) == 0) 650 return; 651 652 if (str) 653 kprintf("%s", str); 654 if (src_if) 655 kprintf(" src={%s,%s%d}", 656 src_if->if_xname, src_if->if_dname, src_if->if_dunit); 657 if (dst_if) 658 kprintf(" dst={%s,%s%d}", 659 dst_if->if_xname, dst_if->if_dname, dst_if->if_dunit); 660 if (m) { 661 struct ether_header *eh; 662 struct ip *ip; 663 664 eh = mtod(m, struct ether_header *); 665 666 kprintf(" %02x:%02x:%02x:%02x:%02x:%02x " 667 "%02x:%02x:%02x:%02x:%02x:%02x type %04x ", 668 eh->ether_dhost[0], 669 eh->ether_dhost[1], 670 eh->ether_dhost[2], 671 eh->ether_dhost[3], 672 eh->ether_dhost[4], 673 eh->ether_dhost[5], 674 eh->ether_shost[0], 675 eh->ether_shost[1], 676 eh->ether_shost[2], 677 eh->ether_shost[3], 678 eh->ether_shost[4], 679 eh->ether_shost[5], 680 eh->ether_type); 681 ip = (void *)(eh + 1); 682 kprintf("%u.%u.%u.%u -> %u.%u.%u.%u", 683 (uint8_t)(ip->ip_src.s_addr >> 24), 684 (uint8_t)(ip->ip_src.s_addr >> 16), 685 (uint8_t)(ip->ip_src.s_addr >> 8), 686 (uint8_t)(ip->ip_src.s_addr), 687 (uint8_t)(ip->ip_dst.s_addr >> 24), 688 (uint8_t)(ip->ip_dst.s_addr >> 16), 689 (uint8_t)(ip->ip_dst.s_addr >> 8), 690 (uint8_t)(ip->ip_dst.s_addr)); 691 kprintf("\n"); 692 } 693 } 694 695 #else 696 697 #define BRIDGE_DEBUG(ctl, sif, dif, m) 698 699 #endif 700 701 /* 702 * bridge_clone_create: 703 * 704 * Create a new bridge instance. 705 */ 706 static int 707 bridge_clone_create(struct if_clone *ifc, int unit, 708 caddr_t params __unused, caddr_t data __unused) 709 { 710 struct bridge_softc *sc; 711 struct ifnet *ifp; 712 u_char eaddr[6]; 713 int cpu, rnd; 714 715 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK | M_ZERO); 716 ifp = sc->sc_ifp = &sc->sc_if; 717 718 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 719 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 720 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 721 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 722 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 723 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 724 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 725 726 /* Initialize our routing table. */ 727 bridge_rtable_init(sc); 728 729 callout_init_mp(&sc->sc_brcallout); 730 netmsg_init(&sc->sc_brtimemsg, NULL, &netisr_adone_rport, 731 MSGF_DROPABLE, bridge_timer_handler); 732 sc->sc_brtimemsg.lmsg.u.ms_resultp = sc; 733 734 callout_init_mp(&sc->sc_bstpcallout); 735 netmsg_init(&sc->sc_bstptimemsg, NULL, &netisr_adone_rport, 736 MSGF_DROPABLE, bstp_tick_handler); 737 sc->sc_bstptimemsg.lmsg.u.ms_resultp = sc; 738 739 /* Initialize per-cpu member iface lists */ 740 sc->sc_iflists = kmalloc(sizeof(*sc->sc_iflists) * netisr_ncpus, 741 M_DEVBUF, M_WAITOK); 742 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 743 TAILQ_INIT(&sc->sc_iflists[cpu]); 744 745 TAILQ_INIT(&sc->sc_spanlist); 746 747 ifp->if_softc = sc; 748 if_initname(ifp, ifc->ifc_name, unit); 749 ifp->if_mtu = ETHERMTU; 750 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST | IFF_ISBRIDGE; 751 ifp->if_ioctl = bridge_ioctl; 752 ifp->if_start = bridge_start; 753 ifp->if_init = bridge_init; 754 ifp->if_type = IFT_ETHER; 755 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 756 ifq_set_ready(&ifp->if_snd); 757 ifp->if_hdrlen = ETHER_HDR_LEN; 758 759 /* 760 * Generate a random ethernet address and use the private AC:DE:48 761 * OUI code. 762 */ 763 rnd = karc4random(); 764 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 765 rnd = karc4random(); 766 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 767 768 eaddr[0] &= ~1; /* clear multicast bit */ 769 eaddr[0] |= 2; /* set the LAA bit */ 770 771 ether_ifattach(ifp, eaddr, NULL); 772 /* Now undo some of the damage... */ 773 ifp->if_baudrate = 0; 774 /*ifp->if_type = IFT_BRIDGE;*/ 775 776 crit_enter(); /* XXX MP */ 777 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 778 crit_exit(); 779 780 return (0); 781 } 782 783 static void 784 bridge_delete_dispatch(netmsg_t msg) 785 { 786 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 787 struct ifnet *bifp = sc->sc_ifp; 788 struct bridge_iflist *bif; 789 790 ifnet_serialize_all(bifp); 791 792 while ((bif = TAILQ_FIRST(&sc->sc_iflists[mycpuid])) != NULL) 793 bridge_delete_member(sc, bif, 0); 794 795 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) 796 bridge_delete_span(sc, bif); 797 798 ifnet_deserialize_all(bifp); 799 800 lwkt_replymsg(&msg->lmsg, 0); 801 } 802 803 /* 804 * bridge_clone_destroy: 805 * 806 * Destroy a bridge instance. 807 */ 808 static int 809 bridge_clone_destroy(struct ifnet *ifp) 810 { 811 struct bridge_softc *sc = ifp->if_softc; 812 struct netmsg_base msg; 813 814 ifnet_serialize_all(ifp); 815 816 bridge_stop(ifp); 817 ifp->if_flags &= ~IFF_UP; 818 819 ifnet_deserialize_all(ifp); 820 821 netmsg_init(&msg, NULL, &curthread->td_msgport, 822 0, bridge_delete_dispatch); 823 msg.lmsg.u.ms_resultp = sc; 824 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 825 826 crit_enter(); /* XXX MP */ 827 LIST_REMOVE(sc, sc_list); 828 crit_exit(); 829 830 ether_ifdetach(ifp); 831 832 /* Tear down the routing table. */ 833 bridge_rtable_fini(sc); 834 835 /* Free per-cpu member iface lists */ 836 kfree(sc->sc_iflists, M_DEVBUF); 837 838 kfree(sc, M_DEVBUF); 839 840 return 0; 841 } 842 843 /* 844 * bridge_ioctl: 845 * 846 * Handle a control request from the operator. 847 */ 848 static int 849 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 850 { 851 struct bridge_softc *sc = ifp->if_softc; 852 struct bridge_control_arg args; 853 struct ifdrv *ifd = (struct ifdrv *) data; 854 const struct bridge_control *bc; 855 int error = 0; 856 857 ASSERT_IFNET_SERIALIZED_ALL(ifp); 858 859 switch (cmd) { 860 case SIOCADDMULTI: 861 case SIOCDELMULTI: 862 break; 863 864 case SIOCGDRVSPEC: 865 case SIOCSDRVSPEC: 866 if (ifd->ifd_cmd >= bridge_control_table_size) { 867 error = EINVAL; 868 break; 869 } 870 bc = &bridge_control_table[ifd->ifd_cmd]; 871 872 if (cmd == SIOCGDRVSPEC && 873 (bc->bc_flags & BC_F_COPYOUT) == 0) { 874 error = EINVAL; 875 break; 876 } else if (cmd == SIOCSDRVSPEC && 877 (bc->bc_flags & BC_F_COPYOUT)) { 878 error = EINVAL; 879 break; 880 } 881 882 if (bc->bc_flags & BC_F_SUSER) { 883 error = caps_priv_check(cr, SYSCAP_RESTRICTEDROOT | 884 __SYSCAP_NULLCRED); 885 if (error) 886 break; 887 } 888 889 if (ifd->ifd_len != bc->bc_argsize || 890 ifd->ifd_len > sizeof(args.bca_u)) { 891 error = EINVAL; 892 break; 893 } 894 895 memset(&args, 0, sizeof(args)); 896 if (bc->bc_flags & BC_F_COPYIN) { 897 error = copyin(ifd->ifd_data, &args.bca_u, 898 ifd->ifd_len); 899 if (error) 900 break; 901 } 902 903 error = bridge_control(sc, cmd, bc->bc_func, &args); 904 if (error) { 905 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 906 break; 907 } 908 909 if (bc->bc_flags & BC_F_COPYOUT) { 910 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 911 if (args.bca_len != 0) { 912 KKASSERT(args.bca_kptr != NULL); 913 if (!error) { 914 error = copyout(args.bca_kptr, 915 args.bca_uptr, args.bca_len); 916 } 917 kfree(args.bca_kptr, M_TEMP); 918 } else { 919 KKASSERT(args.bca_kptr == NULL); 920 } 921 } else { 922 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 923 } 924 break; 925 926 case SIOCSIFFLAGS: 927 if (!(ifp->if_flags & IFF_UP) && 928 (ifp->if_flags & IFF_RUNNING)) { 929 /* 930 * If interface is marked down and it is running, 931 * then stop it. 932 */ 933 bridge_stop(ifp); 934 } else if ((ifp->if_flags & IFF_UP) && 935 !(ifp->if_flags & IFF_RUNNING)) { 936 /* 937 * If interface is marked up and it is stopped, then 938 * start it. 939 */ 940 ifp->if_init(sc); 941 } 942 943 /* 944 * If running and link flag state change we have to 945 * reinitialize as well. 946 */ 947 if ((ifp->if_flags & IFF_RUNNING) && 948 (ifp->if_flags & (IFF_LINK0|IFF_LINK1|IFF_LINK2)) != 949 sc->sc_copy_flags) { 950 sc->sc_copy_flags = ifp->if_flags & 951 (IFF_LINK0|IFF_LINK1|IFF_LINK2); 952 bridge_control(sc, 0, bridge_ioctl_reinit, NULL); 953 } 954 955 break; 956 957 case SIOCSIFMTU: 958 /* Do not allow the MTU to be changed on the bridge */ 959 error = EINVAL; 960 break; 961 962 default: 963 error = ether_ioctl(ifp, cmd, data); 964 break; 965 } 966 return (error); 967 } 968 969 /* 970 * bridge_mutecaps: 971 * 972 * Clear or restore unwanted capabilities on the member interface 973 */ 974 static void 975 bridge_mutecaps(struct bridge_ifinfo *bif_info, struct ifnet *ifp, int mute) 976 { 977 struct ifreq ifr; 978 979 if (ifp->if_ioctl == NULL) 980 return; 981 982 bzero(&ifr, sizeof(ifr)); 983 ifr.ifr_reqcap = ifp->if_capenable; 984 985 if (mute) { 986 /* mask off and save capabilities */ 987 bif_info->bifi_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 988 if (bif_info->bifi_mutecap != 0) 989 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 990 } else { 991 /* restore muted capabilities */ 992 ifr.ifr_reqcap |= bif_info->bifi_mutecap; 993 } 994 995 if (bif_info->bifi_mutecap != 0) { 996 ifnet_serialize_all(ifp); 997 ifp->if_ioctl(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 998 ifnet_deserialize_all(ifp); 999 } 1000 } 1001 1002 /* 1003 * bridge_lookup_member: 1004 * 1005 * Lookup a bridge member interface. 1006 */ 1007 static struct bridge_iflist * 1008 bridge_lookup_member(struct bridge_softc *sc, const char *name) 1009 { 1010 struct bridge_iflist *bif; 1011 1012 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1013 if (strcmp(bif->bif_ifp->if_xname, name) == 0) 1014 return (bif); 1015 } 1016 return (NULL); 1017 } 1018 1019 /* 1020 * bridge_lookup_member_if: 1021 * 1022 * Lookup a bridge member interface by ifnet*. 1023 */ 1024 static struct bridge_iflist * 1025 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 1026 { 1027 struct bridge_iflist *bif; 1028 1029 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1030 if (bif->bif_ifp == member_ifp) 1031 return (bif); 1032 } 1033 return (NULL); 1034 } 1035 1036 /* 1037 * bridge_lookup_member_ifinfo: 1038 * 1039 * Lookup a bridge member interface by bridge_ifinfo. 1040 */ 1041 static struct bridge_iflist * 1042 bridge_lookup_member_ifinfo(struct bridge_softc *sc, 1043 struct bridge_ifinfo *bif_info) 1044 { 1045 struct bridge_iflist *bif; 1046 1047 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1048 if (bif->bif_info == bif_info) 1049 return (bif); 1050 } 1051 return (NULL); 1052 } 1053 1054 /* 1055 * bridge_delete_member: 1056 * 1057 * Delete the specified member interface. 1058 */ 1059 static void 1060 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 1061 int gone) 1062 { 1063 struct ifnet *ifs = bif->bif_ifp; 1064 struct ifnet *bifp = sc->sc_ifp; 1065 struct bridge_ifinfo *bif_info = bif->bif_info; 1066 struct bridge_iflist_head saved_bifs; 1067 1068 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1069 KKASSERT(bif_info != NULL); 1070 1071 ifs->if_bridge = NULL; 1072 1073 /* 1074 * Release bridge interface's serializer: 1075 * - To avoid possible dead lock. 1076 * - Various sync operation will block the current thread. 1077 */ 1078 ifnet_deserialize_all(bifp); 1079 1080 if (!gone) { 1081 switch (ifs->if_type) { 1082 case IFT_ETHER: 1083 case IFT_L2VLAN: 1084 /* 1085 * Take the interface out of promiscuous mode. 1086 */ 1087 ifpromisc(ifs, 0); 1088 bridge_mutecaps(bif_info, ifs, 0); 1089 break; 1090 1091 case IFT_GIF: 1092 break; 1093 1094 default: 1095 panic("bridge_delete_member: impossible"); 1096 break; 1097 } 1098 } 1099 1100 /* 1101 * Remove bifs from percpu linked list. 1102 * 1103 * Removed bifs are not freed immediately, instead, 1104 * they are saved in saved_bifs. They will be freed 1105 * after we make sure that no one is accessing them, 1106 * i.e. after following netmsg_service_sync() 1107 */ 1108 TAILQ_INIT(&saved_bifs); 1109 bridge_del_bif(sc, bif_info, &saved_bifs); 1110 1111 /* 1112 * Make sure that all protocol threads: 1113 * o see 'ifs' if_bridge is changed 1114 * o know that bif is removed from the percpu linked list 1115 */ 1116 netmsg_service_sync(); 1117 1118 /* 1119 * Free the removed bifs 1120 */ 1121 KKASSERT(!TAILQ_EMPTY(&saved_bifs)); 1122 while ((bif = TAILQ_FIRST(&saved_bifs)) != NULL) { 1123 TAILQ_REMOVE(&saved_bifs, bif, bif_next); 1124 kfree(bif, M_DEVBUF); 1125 } 1126 1127 /* See the comment in bridge_ioctl_stop() */ 1128 bridge_rtmsg_sync(sc); 1129 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL | IFBF_FLUSHSYNC); 1130 1131 ifnet_serialize_all(bifp); 1132 1133 if (bifp->if_flags & IFF_RUNNING) 1134 bstp_initialization(sc); 1135 1136 /* 1137 * Free the bif_info after bstp_initialization(), so that 1138 * bridge_softc.sc_root_port will not reference a dangling 1139 * pointer. 1140 */ 1141 kfree(bif_info, M_DEVBUF); 1142 } 1143 1144 /* 1145 * bridge_delete_span: 1146 * 1147 * Delete the specified span interface. 1148 */ 1149 static void 1150 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1151 { 1152 KASSERT(bif->bif_ifp->if_bridge == NULL, 1153 ("%s: not a span interface", __func__)); 1154 1155 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], bif, bif_next); 1156 kfree(bif, M_DEVBUF); 1157 } 1158 1159 static int 1160 bridge_ioctl_init(struct bridge_softc *sc, void *arg __unused) 1161 { 1162 struct ifnet *ifp = sc->sc_ifp; 1163 1164 if (ifp->if_flags & IFF_RUNNING) 1165 return 0; 1166 1167 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1168 bridge_timer, sc); 1169 1170 ifp->if_flags |= IFF_RUNNING; 1171 bstp_initialization(sc); 1172 return 0; 1173 } 1174 1175 static int 1176 bridge_ioctl_stop(struct bridge_softc *sc, void *arg __unused) 1177 { 1178 struct ifnet *ifp = sc->sc_ifp; 1179 1180 if ((ifp->if_flags & IFF_RUNNING) == 0) 1181 return 0; 1182 1183 callout_stop(&sc->sc_brcallout); 1184 1185 crit_enter(); 1186 lwkt_dropmsg(&sc->sc_brtimemsg.lmsg); 1187 crit_exit(); 1188 1189 bstp_stop(sc); 1190 1191 ifp->if_flags &= ~IFF_RUNNING; 1192 1193 ifnet_deserialize_all(ifp); 1194 1195 /* Let everyone know that we are stopped */ 1196 netmsg_service_sync(); 1197 1198 /* 1199 * Sync ifnetX msgports in the order we forward rtnode 1200 * installation message. This is used to make sure that 1201 * all rtnode installation messages sent by bridge_rtupdate() 1202 * during above netmsg_service_sync() are flushed. 1203 */ 1204 bridge_rtmsg_sync(sc); 1205 bridge_rtflush(sc, IFBF_FLUSHDYN | IFBF_FLUSHSYNC); 1206 1207 ifnet_serialize_all(ifp); 1208 return 0; 1209 } 1210 1211 static int 1212 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1213 { 1214 struct ifbreq *req = arg; 1215 struct bridge_iflist *bif; 1216 struct bridge_ifinfo *bif_info; 1217 struct ifnet *ifs, *bifp; 1218 int error = 0; 1219 1220 bifp = sc->sc_ifp; 1221 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1222 1223 ifs = ifunit_netisr(req->ifbr_ifsname); 1224 if (ifs == NULL) 1225 return (ENOENT); 1226 1227 /* If it's in the span list, it can't be a member. */ 1228 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1229 if (ifs == bif->bif_ifp) 1230 return (EBUSY); 1231 1232 /* Allow the first Ethernet member to define the MTU */ 1233 if (ifs->if_type != IFT_GIF) { 1234 if (TAILQ_EMPTY(&sc->sc_iflists[mycpuid])) { 1235 bifp->if_mtu = ifs->if_mtu; 1236 } else if (bifp->if_mtu != ifs->if_mtu) { 1237 if_printf(bifp, "invalid MTU for %s\n", ifs->if_xname); 1238 return (EINVAL); 1239 } 1240 } 1241 1242 if (ifs->if_bridge == sc) 1243 return (EEXIST); 1244 1245 if (ifs->if_bridge != NULL) 1246 return (EBUSY); 1247 1248 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1249 bif_info->bifi_priority = BSTP_DEFAULT_PORT_PRIORITY; 1250 bif_info->bifi_path_cost = BSTP_DEFAULT_PATH_COST; 1251 bif_info->bifi_ifp = ifs; 1252 bif_info->bifi_bond_weight = 1; 1253 1254 /* 1255 * Release bridge interface's serializer: 1256 * - To avoid possible dead lock. 1257 * - Various sync operation will block the current thread. 1258 */ 1259 ifnet_deserialize_all(bifp); 1260 1261 switch (ifs->if_type) { 1262 case IFT_ETHER: 1263 case IFT_L2VLAN: 1264 /* 1265 * Place the interface into promiscuous mode. 1266 */ 1267 error = ifpromisc(ifs, 1); 1268 if (error) { 1269 ifnet_serialize_all(bifp); 1270 goto out; 1271 } 1272 bridge_mutecaps(bif_info, ifs, 1); 1273 break; 1274 1275 case IFT_GIF: /* :^) */ 1276 break; 1277 1278 default: 1279 error = EINVAL; 1280 ifnet_serialize_all(bifp); 1281 goto out; 1282 } 1283 1284 /* 1285 * Add bifs to percpu linked lists 1286 */ 1287 bridge_add_bif(sc, bif_info, ifs); 1288 1289 ifnet_serialize_all(bifp); 1290 1291 if (bifp->if_flags & IFF_RUNNING) 1292 bstp_initialization(sc); 1293 else 1294 bstp_stop(sc); 1295 1296 /* 1297 * Everything has been setup, so let the member interface 1298 * deliver packets to this bridge on its input/output path. 1299 */ 1300 ifs->if_bridge = sc; 1301 out: 1302 if (error) { 1303 if (bif_info != NULL) 1304 kfree(bif_info, M_DEVBUF); 1305 } 1306 return (error); 1307 } 1308 1309 static int 1310 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1311 { 1312 struct ifbreq *req = arg; 1313 struct bridge_iflist *bif; 1314 1315 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1316 if (bif == NULL) 1317 return (ENOENT); 1318 1319 bridge_delete_member(sc, bif, 0); 1320 1321 return (0); 1322 } 1323 1324 static int 1325 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1326 { 1327 struct ifbreq *req = arg; 1328 struct bridge_iflist *bif; 1329 1330 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1331 if (bif == NULL) 1332 return (ENOENT); 1333 bridge_ioctl_fillflags(sc, bif, req); 1334 return (0); 1335 } 1336 1337 static void 1338 bridge_ioctl_fillflags(struct bridge_softc *sc, struct bridge_iflist *bif, 1339 struct ifbreq *req) 1340 { 1341 req->ifbr_ifsflags = bif->bif_flags; 1342 req->ifbr_state = bif->bif_state; 1343 req->ifbr_priority = bif->bif_priority; 1344 req->ifbr_path_cost = bif->bif_path_cost; 1345 req->ifbr_bond_weight = bif->bif_bond_weight; 1346 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1347 if (bif->bif_flags & IFBIF_STP) { 1348 req->ifbr_peer_root = bif->bif_peer_root; 1349 req->ifbr_peer_bridge = bif->bif_peer_bridge; 1350 req->ifbr_peer_cost = bif->bif_peer_cost; 1351 req->ifbr_peer_port = bif->bif_peer_port; 1352 if (bstp_supersedes_port_info(sc, bif)) { 1353 req->ifbr_designated_root = bif->bif_peer_root; 1354 req->ifbr_designated_bridge = bif->bif_peer_bridge; 1355 req->ifbr_designated_cost = bif->bif_peer_cost; 1356 req->ifbr_designated_port = bif->bif_peer_port; 1357 } else { 1358 req->ifbr_designated_root = sc->sc_bridge_id; 1359 req->ifbr_designated_bridge = sc->sc_bridge_id; 1360 req->ifbr_designated_cost = bif->bif_path_cost + 1361 bif->bif_peer_cost; 1362 req->ifbr_designated_port = bif->bif_port_id; 1363 } 1364 } else { 1365 req->ifbr_peer_root = 0; 1366 req->ifbr_peer_bridge = 0; 1367 req->ifbr_peer_cost = 0; 1368 req->ifbr_peer_port = 0; 1369 req->ifbr_designated_root = 0; 1370 req->ifbr_designated_bridge = 0; 1371 req->ifbr_designated_cost = 0; 1372 req->ifbr_designated_port = 0; 1373 } 1374 } 1375 1376 static int 1377 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1378 { 1379 struct ifbreq *req = arg; 1380 struct bridge_iflist *bif; 1381 struct ifnet *bifp = sc->sc_ifp; 1382 1383 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1384 if (bif == NULL) 1385 return (ENOENT); 1386 1387 if (req->ifbr_ifsflags & IFBIF_SPAN) { 1388 /* SPAN is readonly */ 1389 return (EINVAL); 1390 } 1391 1392 if (req->ifbr_ifsflags & IFBIF_STP) { 1393 switch (bif->bif_ifp->if_type) { 1394 case IFT_ETHER: 1395 /* These can do spanning tree. */ 1396 break; 1397 1398 default: 1399 /* Nothing else can. */ 1400 return (EINVAL); 1401 } 1402 } 1403 1404 bif->bif_flags = (bif->bif_flags & IFBIF_KEEPMASK) | 1405 (req->ifbr_ifsflags & ~IFBIF_KEEPMASK); 1406 if (bifp->if_flags & IFF_RUNNING) 1407 bstp_initialization(sc); 1408 1409 return (0); 1410 } 1411 1412 static int 1413 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1414 { 1415 struct ifbrparam *param = arg; 1416 struct ifnet *ifp = sc->sc_ifp; 1417 1418 sc->sc_brtmax = param->ifbrp_csize; 1419 1420 ifnet_deserialize_all(ifp); 1421 bridge_rttrim(sc); 1422 ifnet_serialize_all(ifp); 1423 1424 return (0); 1425 } 1426 1427 static int 1428 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1429 { 1430 struct ifbrparam *param = arg; 1431 1432 param->ifbrp_csize = sc->sc_brtmax; 1433 1434 return (0); 1435 } 1436 1437 static int 1438 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1439 { 1440 struct bridge_control_arg *bc_arg = arg; 1441 struct ifbifconf *bifc = arg; 1442 struct bridge_iflist *bif; 1443 struct ifbreq *breq; 1444 int count, len; 1445 1446 count = 0; 1447 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) 1448 count++; 1449 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1450 count++; 1451 1452 if (bifc->ifbic_len == 0) { 1453 bifc->ifbic_len = sizeof(*breq) * count; 1454 return 0; 1455 } else if (count == 0 || bifc->ifbic_len < sizeof(*breq)) { 1456 bifc->ifbic_len = 0; 1457 return 0; 1458 } 1459 1460 len = min(bifc->ifbic_len, sizeof(*breq) * count); 1461 KKASSERT(len >= sizeof(*breq)); 1462 1463 breq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1464 if (breq == NULL) { 1465 bifc->ifbic_len = 0; 1466 return ENOMEM; 1467 } 1468 bc_arg->bca_kptr = breq; 1469 1470 count = 0; 1471 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1472 if (len < sizeof(*breq)) 1473 break; 1474 1475 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1476 sizeof(breq->ifbr_ifsname)); 1477 bridge_ioctl_fillflags(sc, bif, breq); 1478 breq++; 1479 count++; 1480 len -= sizeof(*breq); 1481 } 1482 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1483 if (len < sizeof(*breq)) 1484 break; 1485 1486 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1487 sizeof(breq->ifbr_ifsname)); 1488 breq->ifbr_ifsflags = bif->bif_flags; 1489 breq->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1490 breq++; 1491 count++; 1492 len -= sizeof(*breq); 1493 } 1494 1495 bifc->ifbic_len = sizeof(*breq) * count; 1496 KKASSERT(bifc->ifbic_len > 0); 1497 1498 bc_arg->bca_len = bifc->ifbic_len; 1499 bc_arg->bca_uptr = bifc->ifbic_req; 1500 return 0; 1501 } 1502 1503 static int 1504 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1505 { 1506 struct bridge_control_arg *bc_arg = arg; 1507 struct ifbaconf *bac = arg; 1508 struct bridge_rtnode *brt; 1509 struct ifbareq *bareq; 1510 int count, len; 1511 1512 count = 0; 1513 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) 1514 count++; 1515 1516 if (bac->ifbac_len == 0) { 1517 bac->ifbac_len = sizeof(*bareq) * count; 1518 return 0; 1519 } else if (count == 0 || bac->ifbac_len < sizeof(*bareq)) { 1520 bac->ifbac_len = 0; 1521 return 0; 1522 } 1523 1524 len = min(bac->ifbac_len, sizeof(*bareq) * count); 1525 KKASSERT(len >= sizeof(*bareq)); 1526 1527 bareq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1528 if (bareq == NULL) { 1529 bac->ifbac_len = 0; 1530 return ENOMEM; 1531 } 1532 bc_arg->bca_kptr = bareq; 1533 1534 count = 0; 1535 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 1536 struct bridge_rtinfo *bri = brt->brt_info; 1537 time_t expire; 1538 1539 if (len < sizeof(*bareq)) 1540 break; 1541 1542 strlcpy(bareq->ifba_ifsname, bri->bri_ifp->if_xname, 1543 sizeof(bareq->ifba_ifsname)); 1544 memcpy(bareq->ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1545 expire = bri->bri_expire; 1546 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1547 time_uptime < expire) 1548 bareq->ifba_expire = expire - time_uptime; 1549 else 1550 bareq->ifba_expire = 0; 1551 bareq->ifba_flags = bri->bri_flags; 1552 bareq++; 1553 count++; 1554 len -= sizeof(*bareq); 1555 } 1556 1557 bac->ifbac_len = sizeof(*bareq) * count; 1558 KKASSERT(bac->ifbac_len > 0); 1559 1560 bc_arg->bca_len = bac->ifbac_len; 1561 bc_arg->bca_uptr = bac->ifbac_req; 1562 return 0; 1563 } 1564 1565 static int 1566 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1567 { 1568 struct ifbareq *req = arg; 1569 struct bridge_iflist *bif; 1570 struct ifnet *ifp = sc->sc_ifp; 1571 int error; 1572 1573 ASSERT_IFNET_SERIALIZED_ALL(ifp); 1574 1575 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1576 if (bif == NULL) 1577 return (ENOENT); 1578 1579 ifnet_deserialize_all(ifp); 1580 error = bridge_rtsaddr(sc, req->ifba_dst, bif->bif_ifp, 1581 req->ifba_flags); 1582 ifnet_serialize_all(ifp); 1583 return (error); 1584 } 1585 1586 static int 1587 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1588 { 1589 struct ifbrparam *param = arg; 1590 1591 sc->sc_brttimeout = param->ifbrp_ctime; 1592 1593 return (0); 1594 } 1595 1596 static int 1597 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1598 { 1599 struct ifbrparam *param = arg; 1600 1601 param->ifbrp_ctime = sc->sc_brttimeout; 1602 1603 return (0); 1604 } 1605 1606 static int 1607 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1608 { 1609 struct ifbareq *req = arg; 1610 struct ifnet *ifp = sc->sc_ifp; 1611 int error; 1612 1613 ifnet_deserialize_all(ifp); 1614 error = bridge_rtdaddr(sc, req->ifba_dst); 1615 ifnet_serialize_all(ifp); 1616 return error; 1617 } 1618 1619 static int 1620 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1621 { 1622 struct ifbreq *req = arg; 1623 struct ifnet *ifp = sc->sc_ifp; 1624 1625 ifnet_deserialize_all(ifp); 1626 bridge_rtflush(sc, req->ifbr_ifsflags | IFBF_FLUSHSYNC); 1627 ifnet_serialize_all(ifp); 1628 1629 return (0); 1630 } 1631 1632 static int 1633 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1634 { 1635 struct ifbrparam *param = arg; 1636 1637 param->ifbrp_prio = sc->sc_bridge_priority; 1638 1639 return (0); 1640 } 1641 1642 static int 1643 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1644 { 1645 struct ifbrparam *param = arg; 1646 1647 sc->sc_bridge_priority = param->ifbrp_prio; 1648 1649 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1650 bstp_initialization(sc); 1651 1652 return (0); 1653 } 1654 1655 static int 1656 bridge_ioctl_reinit(struct bridge_softc *sc, void *arg __unused) 1657 { 1658 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1659 bstp_initialization(sc); 1660 return (0); 1661 } 1662 1663 static int 1664 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1665 { 1666 struct ifbrparam *param = arg; 1667 1668 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1669 1670 return (0); 1671 } 1672 1673 static int 1674 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1675 { 1676 struct ifbrparam *param = arg; 1677 1678 if (param->ifbrp_hellotime == 0) 1679 return (EINVAL); 1680 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1681 1682 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1683 bstp_initialization(sc); 1684 1685 return (0); 1686 } 1687 1688 static int 1689 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1690 { 1691 struct ifbrparam *param = arg; 1692 1693 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1694 1695 return (0); 1696 } 1697 1698 static int 1699 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1700 { 1701 struct ifbrparam *param = arg; 1702 1703 if (param->ifbrp_fwddelay == 0) 1704 return (EINVAL); 1705 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1706 1707 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1708 bstp_initialization(sc); 1709 1710 return (0); 1711 } 1712 1713 static int 1714 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1715 { 1716 struct ifbrparam *param = arg; 1717 1718 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1719 1720 return (0); 1721 } 1722 1723 static int 1724 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1725 { 1726 struct ifbrparam *param = arg; 1727 1728 if (param->ifbrp_maxage == 0) 1729 return (EINVAL); 1730 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1731 1732 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1733 bstp_initialization(sc); 1734 1735 return (0); 1736 } 1737 1738 static int 1739 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1740 { 1741 struct ifbreq *req = arg; 1742 struct bridge_iflist *bif; 1743 1744 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1745 if (bif == NULL) 1746 return (ENOENT); 1747 1748 bif->bif_priority = req->ifbr_priority; 1749 1750 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1751 bstp_initialization(sc); 1752 1753 return (0); 1754 } 1755 1756 static int 1757 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1758 { 1759 struct ifbreq *req = arg; 1760 struct bridge_iflist *bif; 1761 1762 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1763 if (bif == NULL) 1764 return (ENOENT); 1765 1766 bif->bif_path_cost = req->ifbr_path_cost; 1767 1768 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1769 bstp_initialization(sc); 1770 1771 return (0); 1772 } 1773 1774 static int 1775 bridge_ioctl_sifbondwght(struct bridge_softc *sc, void *arg) 1776 { 1777 struct ifbreq *req = arg; 1778 struct bridge_iflist *bif; 1779 1780 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1781 if (bif == NULL) 1782 return (ENOENT); 1783 1784 bif->bif_bond_weight = req->ifbr_bond_weight; 1785 1786 /* no reinit needed */ 1787 1788 return (0); 1789 } 1790 1791 static int 1792 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1793 { 1794 struct ifbreq *req = arg; 1795 struct bridge_iflist *bif; 1796 struct ifnet *ifs; 1797 struct bridge_ifinfo *bif_info; 1798 1799 ifs = ifunit_netisr(req->ifbr_ifsname); 1800 if (ifs == NULL) 1801 return (ENOENT); 1802 1803 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1804 if (ifs == bif->bif_ifp) 1805 return (EBUSY); 1806 1807 if (ifs->if_bridge != NULL) 1808 return (EBUSY); 1809 1810 switch (ifs->if_type) { 1811 case IFT_ETHER: 1812 case IFT_GIF: 1813 case IFT_L2VLAN: 1814 break; 1815 1816 default: 1817 return (EINVAL); 1818 } 1819 1820 /* 1821 * bif_info is needed for bif_flags 1822 */ 1823 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1824 bif_info->bifi_ifp = ifs; 1825 1826 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 1827 bif->bif_ifp = ifs; 1828 bif->bif_info = bif_info; 1829 bif->bif_flags = IFBIF_SPAN; 1830 /* NOTE: span bif does not need bridge_ifinfo */ 1831 1832 TAILQ_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1833 1834 sc->sc_span = 1; 1835 1836 return (0); 1837 } 1838 1839 static int 1840 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1841 { 1842 struct ifbreq *req = arg; 1843 struct bridge_iflist *bif; 1844 struct ifnet *ifs; 1845 1846 ifs = ifunit_netisr(req->ifbr_ifsname); 1847 if (ifs == NULL) 1848 return (ENOENT); 1849 1850 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1851 if (ifs == bif->bif_ifp) 1852 break; 1853 1854 if (bif == NULL) 1855 return (ENOENT); 1856 1857 bridge_delete_span(sc, bif); 1858 1859 if (TAILQ_EMPTY(&sc->sc_spanlist)) 1860 sc->sc_span = 0; 1861 1862 return (0); 1863 } 1864 1865 static void 1866 bridge_ifdetach_dispatch(netmsg_t msg) 1867 { 1868 struct ifnet *ifp, *bifp; 1869 struct bridge_softc *sc; 1870 struct bridge_iflist *bif; 1871 1872 ifp = msg->lmsg.u.ms_resultp; 1873 sc = ifp->if_bridge; 1874 1875 /* Check if the interface is a bridge member */ 1876 if (sc != NULL) { 1877 bifp = sc->sc_ifp; 1878 1879 ifnet_serialize_all(bifp); 1880 1881 bif = bridge_lookup_member_if(sc, ifp); 1882 if (bif != NULL) { 1883 bridge_delete_member(sc, bif, 1); 1884 } else { 1885 /* XXX Why bif will be NULL? */ 1886 } 1887 1888 ifnet_deserialize_all(bifp); 1889 goto reply; 1890 } 1891 1892 crit_enter(); /* XXX MP */ 1893 1894 /* Check if the interface is a span port */ 1895 LIST_FOREACH(sc, &bridge_list, sc_list) { 1896 bifp = sc->sc_ifp; 1897 1898 ifnet_serialize_all(bifp); 1899 1900 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1901 if (ifp == bif->bif_ifp) { 1902 bridge_delete_span(sc, bif); 1903 break; 1904 } 1905 1906 ifnet_deserialize_all(bifp); 1907 } 1908 1909 crit_exit(); 1910 1911 reply: 1912 lwkt_replymsg(&msg->lmsg, 0); 1913 } 1914 1915 /* 1916 * bridge_ifdetach: 1917 * 1918 * Detach an interface from a bridge. Called when a member 1919 * interface is detaching. 1920 */ 1921 static void 1922 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1923 { 1924 struct netmsg_base msg; 1925 1926 netmsg_init(&msg, NULL, &curthread->td_msgport, 1927 0, bridge_ifdetach_dispatch); 1928 msg.lmsg.u.ms_resultp = ifp; 1929 1930 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 1931 } 1932 1933 /* 1934 * bridge_init: 1935 * 1936 * Initialize a bridge interface. 1937 */ 1938 static void 1939 bridge_init(void *xsc) 1940 { 1941 bridge_control(xsc, SIOCSIFFLAGS, bridge_ioctl_init, NULL); 1942 } 1943 1944 /* 1945 * bridge_stop: 1946 * 1947 * Stop the bridge interface. 1948 */ 1949 static void 1950 bridge_stop(struct ifnet *ifp) 1951 { 1952 bridge_control(ifp->if_softc, SIOCSIFFLAGS, bridge_ioctl_stop, NULL); 1953 } 1954 1955 /* 1956 * Returns TRUE if the packet is being sent 'from us'... from our bridge 1957 * interface or from any member of our bridge interface. This is used 1958 * later on to force the MAC to be the MAC of our bridge interface. 1959 */ 1960 static int 1961 bridge_from_us(struct bridge_softc *sc, struct ether_header *eh) 1962 { 1963 struct bridge_iflist *bif; 1964 1965 if (memcmp(eh->ether_shost, IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN) == 0) 1966 return (1); 1967 1968 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1969 if (memcmp(eh->ether_shost, IF_LLADDR(bif->bif_ifp), 1970 ETHER_ADDR_LEN) == 0) 1971 { 1972 return (1); 1973 } 1974 } 1975 return (0); 1976 } 1977 1978 /* 1979 * bridge_enqueue: 1980 * 1981 * Enqueue a packet on a bridge member interface. 1982 * 1983 */ 1984 void 1985 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1986 { 1987 struct netmsg_packet *nmp; 1988 1989 mbuftrackid(m, 64); 1990 1991 nmp = &m->m_hdr.mh_netmsg; 1992 netmsg_init(&nmp->base, NULL, &netisr_apanic_rport, 1993 0, bridge_enqueue_handler); 1994 nmp->nm_packet = m; 1995 nmp->base.lmsg.u.ms_resultp = dst_ifp; 1996 1997 lwkt_sendmsg_oncpu(netisr_cpuport(mycpuid), &nmp->base.lmsg); 1998 } 1999 2000 /* 2001 * After looking up dst_if in our forwarding table we still have to 2002 * deal with channel bonding. Find the best interface in the bonding set. 2003 */ 2004 static struct ifnet * 2005 bridge_select_unicast(struct bridge_softc *sc, struct ifnet *dst_if, 2006 int from_blocking, struct mbuf *m) 2007 { 2008 struct bridge_iflist *bif, *alt_bif, *nbif; 2009 int alt_priority, alt_count; 2010 uint8_t alt_state; 2011 2012 /* 2013 * Unicast, kinda replicates the output side of bridge_output(). 2014 * 2015 * Even though this is a uni-cast packet we may have to select 2016 * an interface from a bonding set. 2017 */ 2018 bif = bridge_lookup_member_if(sc, dst_if); 2019 if (bif == NULL) { 2020 /* Not a member of the bridge (anymore?) */ 2021 return NULL; 2022 } 2023 2024 /* 2025 * Send directly if the interface is not part of the spanning 2026 * tree. 2027 */ 2028 if ((bif->bif_flags & IFBIF_STP) == 0) { 2029 goto sendunicast; 2030 } 2031 2032 /* 2033 * If STP is enabled on the target we are an equal opportunity 2034 * employer and do not necessarily output to dst_if. Instead 2035 * scan available links with the same MAC as the current dst_if 2036 * and choose the best one. 2037 * 2038 * We also need to do this because arp or other cached entries might 2039 * be tagged to the wrong port after a fail-over. We don't want to 2040 * route packets to dead ports when perfectly good ones exist. 2041 * 2042 * If LINK2 is set on the bridge, any interfaces in the same bonding 2043 * set as dst_if with the same priority will be round-robined. If 2044 * different priorities, only the highest priority is chosen. In 2045 * this case links in a STP FORWARDING or BONDED state are allowed 2046 * for unicast packets. 2047 */ 2048 alt_state = BSTP_IFSTATE_LEARNING; 2049 alt_bif = NULL; 2050 alt_priority = 0; 2051 alt_count = 0; 2052 2053 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], bif_next, nbif) { 2054 /* 2055 * Ignore interfaces not in the same bonding set as dst_if 2056 * or which are not running. 2057 */ 2058 if (memcmp(IF_LLADDR(bif->bif_ifp), IF_LLADDR(dst_if), 2059 ETHER_ADDR_LEN) != 0) 2060 { 2061 continue; 2062 } 2063 2064 if ((bif->bif_ifp->if_flags & IFF_RUNNING) == 0) 2065 continue; 2066 2067 /* 2068 * NOTE: We allow tranmissions through a BLOCKING 2069 * or LEARNING interface only as a last resort. 2070 * We DISALLOW both cases if the receiving 2071 * 2072 * NOTE: If we send a packet through a learning 2073 * interface the receiving end (if also in 2074 * LEARNING) will throw it away, so this is 2075 * the ultimate last resort. 2076 */ 2077 switch(bif->bif_state) { 2078 case BSTP_IFSTATE_LEARNING: 2079 if (from_blocking == 0 && 2080 alt_state == BSTP_IFSTATE_LEARNING && 2081 bif->bif_priority > alt_priority) 2082 { 2083 alt_priority = bif->bif_priority; 2084 alt_bif = bif; 2085 } 2086 break; 2087 case BSTP_IFSTATE_BLOCKING: 2088 if (from_blocking == 0 && 2089 (alt_state == BSTP_IFSTATE_LEARNING || 2090 (alt_state == BSTP_IFSTATE_BLOCKING && 2091 bif->bif_priority > alt_priority))) 2092 { 2093 alt_state = BSTP_IFSTATE_BLOCKING; 2094 alt_priority = bif->bif_priority; 2095 alt_bif = bif; 2096 } 2097 break; 2098 case BSTP_IFSTATE_L1BLOCKING: 2099 case BSTP_IFSTATE_LISTENING: 2100 case BSTP_IFSTATE_DISABLED: 2101 break; 2102 default: 2103 /* 2104 * Select the best interface in the FORWARDING 2105 * set (or BONDING, but there shouldn't be any 2106 * when LINK2 is not set). 2107 */ 2108 if (alt_state != BSTP_IFSTATE_BONDED || 2109 bif->bif_priority > alt_priority) 2110 { 2111 alt_state = BSTP_IFSTATE_BONDED; 2112 alt_priority = bif->bif_priority; 2113 alt_bif = bif; 2114 alt_count = 0; 2115 } else if (alt_state == BSTP_IFSTATE_BONDED && 2116 bif->bif_priority == alt_priority) 2117 { 2118 /* 2119 * Round-robin 2120 */ 2121 ++alt_count; 2122 } 2123 break; 2124 } 2125 } 2126 2127 /* 2128 * If bonding is enabled (LINK2) and there were multiple interfaces 2129 * at the selected priority level, count packets and switch the 2130 * output interface. 2131 * 2132 * XXX need to use the toepliz hash or something like that instead 2133 * of a dumb packet round-robin. 2134 */ 2135 if (alt_count && (sc->sc_ifp->if_flags & IFF_LINK2)) { 2136 if (++alt_bif->bif_bond_count >= alt_bif->bif_bond_weight) { 2137 alt_bif->bif_bond_count = 0; 2138 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], 2139 alt_bif, bif_next); 2140 TAILQ_INSERT_TAIL( 2141 &sc->sc_iflists[mycpuid], 2142 alt_bif, bif_next); 2143 } 2144 } 2145 2146 /* 2147 * After loop, alt_if is the interface we selected. alt_if can 2148 * be NULL. 2149 */ 2150 if (alt_bif) 2151 dst_if = alt_bif->bif_ifp; 2152 2153 sendunicast: 2154 /* 2155 * At this point, we're dealing with a unicast frame 2156 * going to a different interface. 2157 */ 2158 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2159 dst_if = NULL; 2160 return (dst_if); 2161 } 2162 2163 2164 /* 2165 * bridge_output 2166 * 2167 * Issue locally originated (not forwarded) packet to the bridge. ifp 2168 * is the nominal interface the system route table is trying to send 2169 * it to, but we get here because that interface is part of the bridge 2170 * so really the packet is being sent to the whole bridge. 2171 * 2172 * The mbuf has the Ethernet header already attached. We must 2173 * enqueue or free the mbuf before returning. 2174 */ 2175 static int 2176 bridge_output(struct ifnet *ifp, struct mbuf *m) 2177 { 2178 struct bridge_softc *sc = ifp->if_bridge; 2179 struct bridge_iflist *bif, *nbif; 2180 struct ether_header *eh; 2181 struct ifnet *dst_if, *alt_if, *bifp; 2182 int from_us; 2183 int alt_priority; 2184 uint8_t alt_state; 2185 struct mbuf *mc; 2186 int used; 2187 int found; 2188 2189 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2190 ASSERT_NETISR_NCPUS(mycpuid); 2191 mbuftrackid(m, 65); 2192 2193 /* 2194 * Make sure that we are still a member of a bridge interface. 2195 */ 2196 if (sc == NULL) { 2197 m_freem(m); 2198 return (0); 2199 } 2200 bifp = sc->sc_ifp; 2201 2202 /* 2203 * Acquire header 2204 */ 2205 if (m->m_len < ETHER_HDR_LEN) { 2206 m = m_pullup(m, ETHER_HDR_LEN); 2207 if (m == NULL) { 2208 IFNET_STAT_INC(bifp, oerrors, 1); 2209 return (0); 2210 } 2211 } 2212 eh = mtod(m, struct ether_header *); 2213 from_us = bridge_from_us(sc, eh); 2214 2215 /* 2216 * If bridge is down, but the original output interface is up, 2217 * go ahead and send out that interface. Otherwise, the packet 2218 * is dropped below. 2219 */ 2220 if ((bifp->if_flags & IFF_RUNNING) == 0) { 2221 dst_if = ifp; 2222 goto sendunicast; 2223 } 2224 2225 /* 2226 * If the packet is a broadcast or multicast, or we don't know a better 2227 * way to get there, send to all interfaces except the originating one. 2228 */ 2229 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 2230 dst_if = NULL; 2231 else 2232 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2233 2234 if (dst_if) 2235 goto sendunicast; 2236 2237 used = 0; 2238 found = 0; 2239 2240 if (sc->sc_span) 2241 bridge_span(sc, m); 2242 2243 alt_if = NULL; 2244 alt_priority = 0; 2245 alt_state = BSTP_IFSTATE_LEARNING; 2246 2247 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], bif_next, nbif) { 2248 dst_if = bif->bif_ifp; 2249 2250 /* 2251 * Ignore interfaces marked down 2252 * 2253 * NOTE: Since the packet is originated on the machine, the 2254 * original interface the system tried to send it to 2255 * (ifp), which is part of the bridge, is not treated 2256 * specially verses other interfaces on the bridge. 2257 */ 2258 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2259 continue; 2260 2261 /* 2262 * Issue to all FORWARDING STP-enabled interfaces and 2263 * to all non-STP interfaces. Keep track of a possible 2264 * backup to a BONDED, BLOCKING, or LEARNING interfaces 2265 * (in that priority) in case no other interfaces are found. 2266 */ 2267 if (bif->bif_flags & IFBIF_STP) { 2268 switch (bif->bif_state) { 2269 case BSTP_IFSTATE_BONDED: 2270 if (alt_state != BSTP_IFSTATE_BONDED || 2271 bif->bif_priority > alt_priority) 2272 { 2273 alt_state = BSTP_IFSTATE_BONDED; 2274 alt_priority = bif->bif_priority; 2275 alt_if = bif->bif_ifp; 2276 } 2277 continue; 2278 case BSTP_IFSTATE_BLOCKING: 2279 if (alt_state == BSTP_IFSTATE_LEARNING || 2280 (alt_state == BSTP_IFSTATE_BLOCKING && 2281 bif->bif_priority > alt_priority)) 2282 { 2283 alt_state = BSTP_IFSTATE_BLOCKING; 2284 alt_priority = bif->bif_priority; 2285 alt_if = bif->bif_ifp; 2286 } 2287 continue; 2288 case BSTP_IFSTATE_LEARNING: 2289 if (alt_state == BSTP_IFSTATE_LEARNING && 2290 bif->bif_priority > alt_priority) 2291 { 2292 alt_priority = bif->bif_priority; 2293 alt_if = bif->bif_ifp; 2294 } 2295 continue; 2296 case BSTP_IFSTATE_L1BLOCKING: 2297 case BSTP_IFSTATE_LISTENING: 2298 case BSTP_IFSTATE_DISABLED: 2299 /* 2300 * Ignore interfaces in these states 2301 */ 2302 continue; 2303 default: 2304 /* FORWARDING */ 2305 break; 2306 } 2307 } 2308 2309 /* 2310 * Copy the packet to dstif 2311 */ 2312 KKASSERT(used == 0); 2313 if (TAILQ_NEXT(bif, bif_next) == NULL) { 2314 used = 1; 2315 mc = m; 2316 } else { 2317 mc = m_copypacket(m, M_NOWAIT); 2318 if (mc == NULL) { 2319 IFNET_STAT_INC(bifp, oerrors, 1); 2320 continue; 2321 } 2322 } 2323 2324 /* 2325 * If the packet is 'from' us override ether_shost. 2326 */ 2327 bridge_handoff(sc, dst_if, mc, from_us); 2328 found = 1; 2329 2330 if (nbif != NULL && !nbif->bif_onlist) { 2331 KKASSERT(bif->bif_onlist); 2332 nbif = TAILQ_NEXT(bif, bif_next); 2333 } 2334 } 2335 2336 /* 2337 * If we couldn't find anything use the backup interface 2338 * if we have one. 2339 */ 2340 if (found == 0 && alt_if) { 2341 KKASSERT(used == 0); 2342 mc = m; 2343 used = 1; 2344 bridge_handoff(sc, alt_if, mc, from_us); 2345 } 2346 2347 if (used == 0) 2348 m_freem(m); 2349 return (0); 2350 2351 /* 2352 * Unicast 2353 */ 2354 sendunicast: 2355 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2356 2357 if (sc->sc_span) 2358 bridge_span(sc, m); 2359 if (dst_if == NULL) 2360 m_freem(m); 2361 else 2362 bridge_handoff(sc, dst_if, m, from_us); 2363 return (0); 2364 } 2365 2366 /* 2367 * Returns the bridge interface associated with an ifc. 2368 * Pass ifp->if_bridge (must not be NULL). Used by the ARP 2369 * code to supply the bridge for the is-at info, making 2370 * the bridge responsible for matching local addresses. 2371 * 2372 * Without this the ARP code will supply bridge member interfaces 2373 * for the is-at which makes it difficult the bridge to fail-over 2374 * interfaces (among other things). 2375 */ 2376 static struct ifnet * 2377 bridge_interface(void *if_bridge) 2378 { 2379 struct bridge_softc *sc = if_bridge; 2380 return (sc->sc_ifp); 2381 } 2382 2383 /* 2384 * bridge_start: 2385 * 2386 * Start output on a bridge. 2387 */ 2388 static void 2389 bridge_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 2390 { 2391 struct bridge_softc *sc = ifp->if_softc; 2392 2393 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 2394 ASSERT_ALTQ_SQ_SERIALIZED_HW(ifsq); 2395 ASSERT_NETISR_NCPUS(mycpuid); 2396 2397 ifsq_set_oactive(ifsq); 2398 for (;;) { 2399 struct ifnet *dst_if = NULL; 2400 struct ether_header *eh; 2401 struct mbuf *m; 2402 2403 m = ifsq_dequeue(ifsq); 2404 if (m == NULL) 2405 break; 2406 mbuftrackid(m, 75); 2407 2408 if (m->m_len < sizeof(*eh)) { 2409 m = m_pullup(m, sizeof(*eh)); 2410 if (m == NULL) { 2411 IFNET_STAT_INC(ifp, oerrors, 1); 2412 continue; 2413 } 2414 } 2415 eh = mtod(m, struct ether_header *); 2416 2417 BPF_MTAP(ifp, m); 2418 IFNET_STAT_INC(ifp, opackets, 1); 2419 2420 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 2421 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2422 2423 /* 2424 * Multicast or broadcast 2425 */ 2426 if (dst_if == NULL) { 2427 bridge_start_bcast(sc, m); 2428 continue; 2429 } 2430 2431 /* 2432 * Unicast 2433 */ 2434 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2435 2436 if (dst_if == NULL) 2437 m_freem(m); 2438 else 2439 bridge_enqueue(dst_if, m); 2440 } 2441 ifsq_clr_oactive(ifsq); 2442 } 2443 2444 /* 2445 * bridge_forward: 2446 * 2447 * Forward packets received on a bridge interface via the input 2448 * path. 2449 * 2450 * This implements the forwarding function of the bridge. 2451 */ 2452 static void 2453 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 2454 { 2455 struct bridge_iflist *bif; 2456 struct ifnet *src_if, *dst_if, *ifp; 2457 struct ether_header *eh; 2458 int from_blocking; 2459 2460 mbuftrackid(m, 66); 2461 src_if = m->m_pkthdr.rcvif; 2462 ifp = sc->sc_ifp; 2463 2464 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2465 2466 /* 2467 * packet coming in on the bridge is also going out on the bridge, 2468 * but ether code won't adjust output stats for the bridge because 2469 * we are changing the interface to something else. 2470 */ 2471 IFNET_STAT_INC(ifp, opackets, 1); 2472 IFNET_STAT_INC(ifp, obytes, m->m_pkthdr.len); 2473 2474 /* 2475 * Look up the bridge_iflist. 2476 */ 2477 bif = bridge_lookup_member_if(sc, src_if); 2478 if (bif == NULL) { 2479 /* Interface is not a bridge member (anymore?) */ 2480 m_freem(m); 2481 return; 2482 } 2483 2484 /* 2485 * In spanning tree mode receiving a packet from an interface 2486 * in a BLOCKING state is allowed, it could be a member of last 2487 * resort from the sender's point of view, but forwarding it is 2488 * not allowed. 2489 * 2490 * The sender's spanning tree will eventually sync up and the 2491 * sender will go into a BLOCKING state too (but this still may be 2492 * an interface of last resort during state changes). 2493 */ 2494 if (bif->bif_flags & IFBIF_STP) { 2495 switch (bif->bif_state) { 2496 case BSTP_IFSTATE_L1BLOCKING: 2497 case BSTP_IFSTATE_LISTENING: 2498 case BSTP_IFSTATE_DISABLED: 2499 m_freem(m); 2500 return; 2501 default: 2502 /* learning, blocking, bonded, forwarding */ 2503 break; 2504 } 2505 from_blocking = (bif->bif_state == BSTP_IFSTATE_BLOCKING); 2506 } else { 2507 from_blocking = 0; 2508 } 2509 2510 eh = mtod(m, struct ether_header *); 2511 2512 /* 2513 * If the interface is learning, and the source 2514 * address is valid and not multicast, record 2515 * the address. 2516 */ 2517 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 2518 from_blocking == 0 && 2519 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 2520 (eh->ether_shost[0] == 0 && 2521 eh->ether_shost[1] == 0 && 2522 eh->ether_shost[2] == 0 && 2523 eh->ether_shost[3] == 0 && 2524 eh->ether_shost[4] == 0 && 2525 eh->ether_shost[5] == 0) == 0) 2526 { 2527 bridge_rtupdate(sc, eh->ether_shost, src_if, IFBAF_DYNAMIC); 2528 } 2529 2530 /* 2531 * Don't forward from an interface in the listening or learning 2532 * state. That is, in the learning state we learn information 2533 * but we throw away the packets. 2534 * 2535 * We let through packets on interfaces in the blocking state. 2536 * The blocking state is applicable to the send side, not the 2537 * receive side. 2538 */ 2539 if ((bif->bif_flags & IFBIF_STP) != 0 && 2540 (bif->bif_state == BSTP_IFSTATE_LISTENING || 2541 bif->bif_state == BSTP_IFSTATE_LEARNING)) { 2542 m_freem(m); 2543 return; 2544 } 2545 2546 /* 2547 * At this point, the port either doesn't participate 2548 * in spanning tree or it is in the forwarding state. 2549 */ 2550 2551 /* 2552 * If the packet is unicast, destined for someone on 2553 * "this" side of the bridge, drop it. 2554 * 2555 * src_if implies the entire bonding set so we have to compare MAC 2556 * addresses and not just if pointers. 2557 */ 2558 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2559 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2560 if (dst_if && memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 2561 ETHER_ADDR_LEN) == 0) { 2562 m_freem(m); 2563 return; 2564 } 2565 } else { 2566 /* ...forward it to all interfaces. */ 2567 IFNET_STAT_INC(ifp, imcasts, 1); 2568 dst_if = NULL; 2569 } 2570 2571 /* 2572 * Brodcast if we do not have forwarding information. However, if 2573 * we received the packet on a blocking interface we do not do this 2574 * (unless you really want to blow up your network). 2575 */ 2576 if (dst_if == NULL) { 2577 if (from_blocking) 2578 m_freem(m); 2579 else 2580 bridge_broadcast(sc, src_if, m); 2581 return; 2582 } 2583 2584 dst_if = bridge_select_unicast(sc, dst_if, from_blocking, m); 2585 2586 if (dst_if == NULL) { 2587 m_freem(m); 2588 return; 2589 } 2590 2591 if (inet_pfil_hook.ph_hashooks > 0 2592 #ifdef INET6 2593 || inet6_pfil_hook.ph_hashooks > 0 2594 #endif 2595 ) { 2596 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2597 return; 2598 if (m == NULL) 2599 return; 2600 2601 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2602 return; 2603 if (m == NULL) 2604 return; 2605 } 2606 bridge_handoff(sc, dst_if, m, 0); 2607 } 2608 2609 /* 2610 * bridge_input: 2611 * 2612 * Receive input from a member interface. Queue the packet for 2613 * bridging if it is not for us. 2614 */ 2615 static struct mbuf * 2616 bridge_input(struct ifnet *ifp, struct mbuf *m) 2617 { 2618 struct bridge_softc *sc = ifp->if_bridge; 2619 struct bridge_iflist *bif; 2620 struct ifnet *bifp, *new_ifp; 2621 struct ether_header *eh; 2622 struct mbuf *mc, *mc2; 2623 2624 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2625 ASSERT_NETISR_NCPUS(mycpuid); 2626 mbuftrackid(m, 67); 2627 2628 /* 2629 * Make sure that we are still a member of a bridge interface. 2630 */ 2631 if (sc == NULL) 2632 return m; 2633 2634 new_ifp = NULL; 2635 bifp = sc->sc_ifp; 2636 2637 if ((bifp->if_flags & IFF_RUNNING) == 0) 2638 goto out; 2639 2640 /* 2641 * Implement support for bridge monitoring. If this flag has been 2642 * set on this interface, discard the packet once we push it through 2643 * the bpf(4) machinery, but before we do, increment various counters 2644 * associated with this bridge. 2645 */ 2646 if (bifp->if_flags & IFF_MONITOR) { 2647 /* 2648 * Change input interface to this bridge 2649 * 2650 * Update bridge's ifnet statistics 2651 */ 2652 m->m_pkthdr.rcvif = bifp; 2653 2654 BPF_MTAP(bifp, m); 2655 IFNET_STAT_INC(bifp, ipackets, 1); 2656 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2657 if (m->m_flags & (M_MCAST | M_BCAST)) 2658 IFNET_STAT_INC(bifp, imcasts, 1); 2659 2660 m_freem(m); 2661 m = NULL; 2662 goto out; 2663 } 2664 2665 /* 2666 * Handle the ether_header 2667 * 2668 * In all cases if the packet is destined for us via our MAC 2669 * we must clear BRIDGE_MBUF_TAGGED to ensure that we don't 2670 * repeat the source MAC out the same interface. 2671 * 2672 * This first test against our bridge MAC is the fast-path. 2673 * 2674 * NOTE! The bridge interface can serve as an endpoint for 2675 * communication but normally there are no IPs associated 2676 * with it so you cannot route through it. Instead what 2677 * you do is point your default route *THROUGH* the bridge 2678 * to the actual default router for one of the bridged spaces. 2679 * 2680 * Another possibility is to put all your IP specifications 2681 * on the bridge instead of on the individual interfaces. If 2682 * you do this it should be possible to use the bridge as an 2683 * end point and route (rather than switch) through it using 2684 * the default route or ipfw forwarding rules. 2685 */ 2686 2687 /* 2688 * Acquire header 2689 */ 2690 if (m->m_len < ETHER_HDR_LEN) { 2691 m = m_pullup(m, ETHER_HDR_LEN); 2692 if (m == NULL) 2693 goto out; 2694 } 2695 eh = mtod(m, struct ether_header *); 2696 m->m_pkthdr.fw_flags |= BRIDGE_MBUF_TAGGED; 2697 bcopy(eh->ether_shost, m->m_pkthdr.ether_br_shost, ETHER_ADDR_LEN); 2698 2699 if ((bridge_debug & 1) && 2700 (ntohs(eh->ether_type) == ETHERTYPE_ARP || 2701 ntohs(eh->ether_type) == ETHERTYPE_REVARP)) { 2702 kprintf("%02x:%02x:%02x:%02x:%02x:%02x " 2703 "%02x:%02x:%02x:%02x:%02x:%02x type %04x " 2704 "lla %02x:%02x:%02x:%02x:%02x:%02x\n", 2705 eh->ether_dhost[0], 2706 eh->ether_dhost[1], 2707 eh->ether_dhost[2], 2708 eh->ether_dhost[3], 2709 eh->ether_dhost[4], 2710 eh->ether_dhost[5], 2711 eh->ether_shost[0], 2712 eh->ether_shost[1], 2713 eh->ether_shost[2], 2714 eh->ether_shost[3], 2715 eh->ether_shost[4], 2716 eh->ether_shost[5], 2717 eh->ether_type, 2718 ((u_char *)IF_LLADDR(bifp))[0], 2719 ((u_char *)IF_LLADDR(bifp))[1], 2720 ((u_char *)IF_LLADDR(bifp))[2], 2721 ((u_char *)IF_LLADDR(bifp))[3], 2722 ((u_char *)IF_LLADDR(bifp))[4], 2723 ((u_char *)IF_LLADDR(bifp))[5] 2724 ); 2725 } 2726 2727 /* 2728 * If the packet is for us, set the packets source as the 2729 * bridge, and return the packet back to ifnet.if_input for 2730 * local processing. 2731 */ 2732 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 2733 /* 2734 * We must still record the source interface in our 2735 * addr cache, otherwise our bridge won't know where 2736 * to send responses and will broadcast them. 2737 */ 2738 bif = bridge_lookup_member_if(sc, ifp); 2739 if ((bif->bif_flags & IFBIF_LEARNING) && 2740 ((bif->bif_flags & IFBIF_STP) == 0 || 2741 bif->bif_state != BSTP_IFSTATE_BLOCKING)) 2742 { 2743 bridge_rtupdate(sc, eh->ether_shost, 2744 ifp, IFBAF_DYNAMIC); 2745 } 2746 2747 /* 2748 * Perform pfil hooks. 2749 */ 2750 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2751 KASSERT(bifp->if_bridge == NULL, 2752 ("loop created in bridge_input")); 2753 if (pfil_member != 0) { 2754 if (inet_pfil_hook.ph_hashooks > 0 2755 #ifdef INET6 2756 || inet6_pfil_hook.ph_hashooks > 0 2757 #endif 2758 ) { 2759 if (bridge_pfil(&m, NULL, ifp, PFIL_IN) != 0) 2760 goto out; 2761 if (m == NULL) 2762 goto out; 2763 } 2764 } 2765 2766 /* 2767 * Set new_ifp and skip to the end. This will trigger code 2768 * to reinput the packet and run it into our stack. 2769 */ 2770 new_ifp = bifp; 2771 goto out; 2772 } 2773 2774 /* 2775 * Tap all packets arriving on the bridge, no matter if 2776 * they are local destinations or not. In is in. 2777 * 2778 * Update bridge's ifnet statistics 2779 */ 2780 BPF_MTAP(bifp, m); 2781 IFNET_STAT_INC(bifp, ipackets, 1); 2782 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2783 if (m->m_flags & (M_MCAST | M_BCAST)) 2784 IFNET_STAT_INC(bifp, imcasts, 1); 2785 2786 bif = bridge_lookup_member_if(sc, ifp); 2787 if (bif == NULL) 2788 goto out; 2789 2790 if (sc->sc_span) 2791 bridge_span(sc, m); 2792 2793 if (m->m_flags & (M_BCAST | M_MCAST)) { 2794 /* 2795 * Tap off 802.1D packets; they do not get forwarded. 2796 */ 2797 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2798 ETHER_ADDR_LEN) == 0) { 2799 ifnet_serialize_all(bifp); 2800 bstp_input(sc, bif, m); 2801 ifnet_deserialize_all(bifp); 2802 2803 /* m is freed by bstp_input */ 2804 m = NULL; 2805 goto out; 2806 } 2807 2808 /* 2809 * Other than 802.11d packets, ignore packets if the 2810 * interface is not in a good state. 2811 * 2812 * NOTE: Broadcast/mcast packets received on a blocking or 2813 * learning interface are allowed for local processing. 2814 * 2815 * The sending side of a blocked port will stop 2816 * transmitting when a better alternative is found. 2817 * However, later on we will disallow the forwarding 2818 * of bcast/mcsat packets over a blocking interface. 2819 */ 2820 if (bif->bif_flags & IFBIF_STP) { 2821 switch (bif->bif_state) { 2822 case BSTP_IFSTATE_L1BLOCKING: 2823 case BSTP_IFSTATE_LISTENING: 2824 case BSTP_IFSTATE_DISABLED: 2825 goto out; 2826 default: 2827 /* blocking, learning, bonded, forwarding */ 2828 break; 2829 } 2830 } 2831 2832 /* 2833 * Make a deep copy of the packet and enqueue the copy 2834 * for bridge processing; return the original packet for 2835 * local processing. 2836 */ 2837 mc = m_dup(m, M_NOWAIT); 2838 if (mc == NULL) 2839 goto out; 2840 2841 /* 2842 * It's just too dangerous to allow bcast/mcast over a 2843 * blocked interface, eventually the network will sort 2844 * itself out and a better path will be found. 2845 */ 2846 if ((bif->bif_flags & IFBIF_STP) == 0 || 2847 bif->bif_state != BSTP_IFSTATE_BLOCKING) 2848 { 2849 bridge_forward(sc, mc); 2850 } 2851 2852 /* 2853 * Reinject the mbuf as arriving on the bridge so we have a 2854 * chance at claiming multicast packets. We can not loop back 2855 * here from ether_input as a bridge is never a member of a 2856 * bridge. 2857 */ 2858 KASSERT(bifp->if_bridge == NULL, 2859 ("loop created in bridge_input")); 2860 mc2 = m_dup(m, M_NOWAIT); 2861 #ifdef notyet 2862 if (mc2 != NULL) { 2863 /* Keep the layer3 header aligned */ 2864 int i = min(mc2->m_pkthdr.len, max_protohdr); 2865 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2866 } 2867 #endif 2868 if (mc2 != NULL) { 2869 /* 2870 * Don't tap to bpf(4) again; we have already done 2871 * the tapping. 2872 * 2873 * Leave m_pkthdr.rcvif alone, so ARP replies are 2874 * processed as coming in on the correct interface. 2875 * 2876 * Clear the bridge flag for local processing in 2877 * case the packet gets routed. 2878 */ 2879 mc2->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2880 ether_reinput_oncpu(bifp, mc2, 0); 2881 } 2882 2883 /* Return the original packet for local processing. */ 2884 goto out; 2885 } 2886 2887 /* 2888 * Input of a unicast packet. We have to allow unicast packets 2889 * input from links in the BLOCKING state as this might be an 2890 * interface of last resort. 2891 * 2892 * NOTE: We explicitly ignore normal packets received on a link 2893 * in the BLOCKING state. The point of being in that state 2894 * is to avoid getting duplicate packets. 2895 * 2896 * HOWEVER, if LINK2 is set the normal spanning tree code 2897 * will mark an interface BLOCKING to avoid multi-cast/broadcast 2898 * loops. Unicast packets CAN still loop if we allow the 2899 * case (hence we only do it in LINK2), but it isn't quite as 2900 * bad as a broadcast packet looping. 2901 */ 2902 if (bif->bif_flags & IFBIF_STP) { 2903 switch (bif->bif_state) { 2904 case BSTP_IFSTATE_L1BLOCKING: 2905 case BSTP_IFSTATE_LISTENING: 2906 case BSTP_IFSTATE_DISABLED: 2907 goto out; 2908 default: 2909 /* blocking, bonded, forwarding, learning */ 2910 break; 2911 } 2912 } 2913 2914 /* 2915 * Unicast. Make sure it's not for us. 2916 * 2917 * This loop is MPSAFE; the only blocking operation (bridge_rtupdate) 2918 * is followed by breaking out of the loop. 2919 */ 2920 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 2921 if (bif->bif_ifp->if_type != IFT_ETHER) 2922 continue; 2923 2924 /* 2925 * It is destined for an interface linked to the bridge. 2926 * We want the bridge itself to take care of link level 2927 * forwarding to member interfaces so reinput on the bridge. 2928 * i.e. if you ping an IP on a target interface associated 2929 * with the bridge, the arp is-at response should indicate 2930 * the bridge MAC. 2931 * 2932 * Only update our addr list when learning if the port 2933 * is not in a blocking state. If it is we still allow 2934 * the packet but we do not try to learn from it. 2935 */ 2936 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2937 ETHER_ADDR_LEN) == 0) { 2938 if (bif->bif_ifp != ifp) { 2939 /* XXX loop prevention */ 2940 m->m_flags |= M_ETHER_BRIDGED; 2941 } 2942 if ((bif->bif_flags & IFBIF_LEARNING) && 2943 ((bif->bif_flags & IFBIF_STP) == 0 || 2944 bif->bif_state != BSTP_IFSTATE_BLOCKING)) { 2945 bridge_rtupdate(sc, eh->ether_shost, 2946 ifp, IFBAF_DYNAMIC); 2947 } 2948 new_ifp = bifp; /* not bif->bif_ifp */ 2949 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2950 goto out; 2951 } 2952 2953 /* 2954 * Ignore received packets that were sent by us. 2955 */ 2956 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2957 ETHER_ADDR_LEN) == 0) { 2958 m_freem(m); 2959 m = NULL; 2960 goto out; 2961 } 2962 } 2963 2964 /* 2965 * It isn't for us. 2966 * 2967 * Perform the bridge forwarding function, but disallow bridging 2968 * to interfaces in the blocking state if the packet came in on 2969 * an interface in the blocking state. 2970 * 2971 * (bridge_forward also updates the addr cache). 2972 */ 2973 bridge_forward(sc, m); 2974 m = NULL; 2975 2976 /* 2977 * ether_reinput_oncpu() will reprocess rcvif as 2978 * coming from new_ifp (since we do not specify 2979 * REINPUT_KEEPRCVIF). 2980 */ 2981 out: 2982 if (new_ifp != NULL) { 2983 /* 2984 * Clear the bridge flag for local processing in 2985 * case the packet gets routed. 2986 */ 2987 ether_reinput_oncpu(new_ifp, m, REINPUT_RUNBPF); 2988 m = NULL; 2989 } 2990 return (m); 2991 } 2992 2993 /* 2994 * bridge_start_bcast: 2995 * 2996 * Broadcast the packet sent from bridge to all member 2997 * interfaces. 2998 * This is a simplified version of bridge_broadcast(), however, 2999 * this function expects caller to hold bridge's serializer. 3000 */ 3001 static void 3002 bridge_start_bcast(struct bridge_softc *sc, struct mbuf *m) 3003 { 3004 struct bridge_iflist *bif; 3005 struct mbuf *mc; 3006 struct ifnet *dst_if, *alt_if, *bifp; 3007 int used = 0; 3008 int found = 0; 3009 int alt_priority; 3010 3011 mbuftrackid(m, 68); 3012 bifp = sc->sc_ifp; 3013 ASSERT_IFNET_SERIALIZED_ALL(bifp); 3014 3015 /* 3016 * Following loop is MPSAFE; nothing is blocking 3017 * in the loop body. 3018 * 3019 * NOTE: We transmit through an member in the BLOCKING state only 3020 * as a last resort. 3021 */ 3022 alt_if = NULL; 3023 alt_priority = 0; 3024 3025 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 3026 dst_if = bif->bif_ifp; 3027 3028 if (bif->bif_flags & IFBIF_STP) { 3029 switch (bif->bif_state) { 3030 case BSTP_IFSTATE_BLOCKING: 3031 if (bif->bif_priority > alt_priority) { 3032 alt_priority = bif->bif_priority; 3033 alt_if = bif->bif_ifp; 3034 } 3035 /* fall through */ 3036 case BSTP_IFSTATE_L1BLOCKING: 3037 case BSTP_IFSTATE_DISABLED: 3038 continue; 3039 default: 3040 /* listening, learning, bonded, forwarding */ 3041 break; 3042 } 3043 } 3044 3045 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 3046 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 3047 continue; 3048 3049 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3050 continue; 3051 3052 if (TAILQ_NEXT(bif, bif_next) == NULL) { 3053 mc = m; 3054 used = 1; 3055 } else { 3056 mc = m_copypacket(m, M_NOWAIT); 3057 if (mc == NULL) { 3058 IFNET_STAT_INC(bifp, oerrors, 1); 3059 continue; 3060 } 3061 } 3062 found = 1; 3063 bridge_enqueue(dst_if, mc); 3064 } 3065 3066 if (found == 0 && alt_if) { 3067 KKASSERT(used == 0); 3068 mc = m; 3069 used = 1; 3070 bridge_enqueue(alt_if, mc); 3071 } 3072 3073 if (used == 0) 3074 m_freem(m); 3075 } 3076 3077 /* 3078 * bridge_broadcast: 3079 * 3080 * Send a frame to all interfaces that are members of the bridge, except 3081 * for the one on which the packet arrived. 3082 */ 3083 static void 3084 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, struct mbuf *m) 3085 { 3086 struct bridge_iflist *bif, *nbif; 3087 struct ether_header *eh; 3088 struct mbuf *mc; 3089 struct ifnet *dst_if, *alt_if, *bifp; 3090 int used; 3091 int found; 3092 int alt_priority; 3093 int from_us; 3094 uint8_t alt_state; 3095 3096 mbuftrackid(m, 69); 3097 bifp = sc->sc_ifp; 3098 ASSERT_IFNET_NOT_SERIALIZED_ALL(bifp); 3099 3100 eh = mtod(m, struct ether_header *); 3101 from_us = bridge_from_us(sc, eh); 3102 3103 if (inet_pfil_hook.ph_hashooks > 0 3104 #ifdef INET6 3105 || inet6_pfil_hook.ph_hashooks > 0 3106 #endif 3107 ) 3108 { 3109 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 3110 return; 3111 if (m == NULL) 3112 return; 3113 3114 /* Filter on the bridge interface before broadcasting */ 3115 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 3116 return; 3117 if (m == NULL) 3118 return; 3119 } 3120 3121 alt_state = BSTP_IFSTATE_LEARNING; 3122 alt_if = NULL; 3123 alt_priority = 0; 3124 found = 0; 3125 used = 0; 3126 3127 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], bif_next, nbif) { 3128 dst_if = bif->bif_ifp; 3129 3130 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3131 continue; 3132 3133 /* 3134 * Don't bounce the packet out the same interface it came 3135 * in on. We have to test MAC addresses because a packet 3136 * can come in a bonded interface and we don't want it to 3137 * be echod out the forwarding interface for the same bonding 3138 * set. 3139 */ 3140 if (src_if && 3141 memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 3142 ETHER_ADDR_LEN) == 0) 3143 { 3144 continue; 3145 } 3146 3147 /* 3148 * Generally speaking we only broadcast through forwarding 3149 * interfaces. If no interfaces are available we select 3150 * a BONDED, BLOCKING, or LEARNING interface to forward 3151 * through. 3152 */ 3153 if (bif->bif_flags & IFBIF_STP) { 3154 switch (bif->bif_state) { 3155 case BSTP_IFSTATE_LEARNING: 3156 if (alt_state == BSTP_IFSTATE_LEARNING && 3157 bif->bif_priority > alt_priority) 3158 { 3159 alt_priority = bif->bif_priority; 3160 alt_if = bif->bif_ifp; 3161 } 3162 continue; 3163 case BSTP_IFSTATE_BLOCKING: 3164 if (alt_state == BSTP_IFSTATE_LEARNING || 3165 (alt_state == BSTP_IFSTATE_BLOCKING && 3166 bif->bif_priority > alt_priority)) 3167 { 3168 alt_state = BSTP_IFSTATE_BLOCKING; 3169 alt_priority = bif->bif_priority; 3170 alt_if = bif->bif_ifp; 3171 } 3172 continue; 3173 case BSTP_IFSTATE_BONDED: 3174 if (alt_state != BSTP_IFSTATE_BONDED || 3175 bif->bif_priority > alt_priority) 3176 { 3177 alt_state = BSTP_IFSTATE_BONDED; 3178 alt_priority = bif->bif_priority; 3179 alt_if = bif->bif_ifp; 3180 } 3181 continue; 3182 case BSTP_IFSTATE_L1BLOCKING: 3183 case BSTP_IFSTATE_DISABLED: 3184 case BSTP_IFSTATE_LISTENING: 3185 continue; 3186 default: 3187 /* forwarding */ 3188 break; 3189 } 3190 } 3191 3192 /* 3193 * FORWARDING 3194 */ 3195 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 3196 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 3197 { 3198 continue; 3199 } 3200 3201 /* 3202 * Last interface in list? 3203 */ 3204 if (TAILQ_NEXT(bif, bif_next) == NULL) { 3205 mc = m; 3206 used = 1; 3207 } else { 3208 mc = m_copypacket(m, M_NOWAIT); 3209 if (mc == NULL) { 3210 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3211 continue; 3212 } 3213 } 3214 found = 1; 3215 3216 /* 3217 * Filter on the output interface. Pass a NULL bridge 3218 * interface pointer so we do not redundantly filter on 3219 * the bridge for each interface we broadcast on. 3220 */ 3221 if (inet_pfil_hook.ph_hashooks > 0 3222 #ifdef INET6 3223 || inet6_pfil_hook.ph_hashooks > 0 3224 #endif 3225 ) 3226 { 3227 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 3228 continue; 3229 if (mc == NULL) 3230 continue; 3231 } 3232 bridge_handoff(sc, dst_if, mc, from_us); 3233 3234 if (nbif != NULL && !nbif->bif_onlist) { 3235 KKASSERT(bif->bif_onlist); 3236 nbif = TAILQ_NEXT(bif, bif_next); 3237 } 3238 } 3239 3240 if (found == 0 && alt_if) { 3241 KKASSERT(used == 0); 3242 mc = m; 3243 used = 1; 3244 bridge_enqueue(alt_if, mc); 3245 } 3246 3247 if (used == 0) 3248 m_freem(m); 3249 } 3250 3251 /* 3252 * bridge_span: 3253 * 3254 * Duplicate a packet out one or more interfaces that are in span mode, 3255 * the original mbuf is unmodified. 3256 */ 3257 static void 3258 bridge_span(struct bridge_softc *sc, struct mbuf *m) 3259 { 3260 struct bridge_iflist *bif; 3261 struct ifnet *dst_if, *bifp; 3262 struct mbuf *mc; 3263 3264 mbuftrackid(m, 70); 3265 bifp = sc->sc_ifp; 3266 ifnet_serialize_all(bifp); 3267 3268 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 3269 dst_if = bif->bif_ifp; 3270 3271 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3272 continue; 3273 3274 mc = m_copypacket(m, M_NOWAIT); 3275 if (mc == NULL) { 3276 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3277 continue; 3278 } 3279 bridge_enqueue(dst_if, mc); 3280 } 3281 3282 ifnet_deserialize_all(bifp); 3283 } 3284 3285 static void 3286 bridge_rtmsg_sync_handler(netmsg_t msg) 3287 { 3288 netisr_forwardmsg(&msg->base, mycpuid + 1); 3289 } 3290 3291 static void 3292 bridge_rtmsg_sync(struct bridge_softc *sc) 3293 { 3294 struct netmsg_base msg; 3295 3296 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3297 3298 /* XXX use netmsg_service_sync */ 3299 netmsg_init(&msg, NULL, &curthread->td_msgport, 3300 0, bridge_rtmsg_sync_handler); 3301 netisr_domsg(&msg, 0); 3302 } 3303 3304 static __inline void 3305 bridge_rtinfo_update(struct bridge_rtinfo *bri, struct ifnet *dst_if, 3306 int setflags, uint8_t flags, uint32_t timeo) 3307 { 3308 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3309 bri->bri_ifp != dst_if) 3310 bri->bri_ifp = dst_if; 3311 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3312 bri->bri_expire != time_uptime + timeo) 3313 bri->bri_expire = time_uptime + timeo; 3314 if (setflags) 3315 bri->bri_flags = flags; 3316 } 3317 3318 static int 3319 bridge_rtinstall_oncpu(struct bridge_softc *sc, const uint8_t *dst, 3320 struct ifnet *dst_if, int setflags, uint8_t flags, 3321 struct bridge_rtinfo **bri0) 3322 { 3323 struct bridge_rtnode *brt; 3324 struct bridge_rtinfo *bri; 3325 3326 if (mycpuid == 0) { 3327 brt = bridge_rtnode_lookup(sc, dst); 3328 if (brt != NULL) { 3329 /* 3330 * rtnode for 'dst' already exists. We inform the 3331 * caller about this by leaving bri0 as NULL. The 3332 * caller will terminate the intallation upon getting 3333 * NULL bri0. However, we still need to update the 3334 * rtinfo. 3335 */ 3336 KKASSERT(*bri0 == NULL); 3337 3338 /* Update rtinfo */ 3339 bridge_rtinfo_update(brt->brt_info, dst_if, setflags, 3340 flags, sc->sc_brttimeout); 3341 return 0; 3342 } 3343 3344 /* 3345 * We only need to check brtcnt on CPU0, since if limit 3346 * is to be exceeded, ENOSPC is returned. Caller knows 3347 * this and will terminate the installation. 3348 */ 3349 if (sc->sc_brtcnt >= sc->sc_brtmax) 3350 return ENOSPC; 3351 3352 KKASSERT(*bri0 == NULL); 3353 bri = kmalloc(sizeof(struct bridge_rtinfo), M_DEVBUF, 3354 M_WAITOK | M_ZERO); 3355 *bri0 = bri; 3356 3357 /* Setup rtinfo */ 3358 bri->bri_flags = IFBAF_DYNAMIC; 3359 bridge_rtinfo_update(bri, dst_if, setflags, flags, 3360 sc->sc_brttimeout); 3361 } else { 3362 bri = *bri0; 3363 KKASSERT(bri != NULL); 3364 } 3365 3366 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 3367 M_WAITOK | M_ZERO); 3368 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 3369 brt->brt_info = bri; 3370 atomic_add_int(&bri->bri_refs, 1); 3371 3372 bridge_rtnode_insert(sc, brt); 3373 return 0; 3374 } 3375 3376 static void 3377 bridge_rtinstall_handler(netmsg_t msg) 3378 { 3379 struct netmsg_brsaddr *brmsg = (struct netmsg_brsaddr *)msg; 3380 int error; 3381 3382 error = bridge_rtinstall_oncpu(brmsg->br_softc, 3383 brmsg->br_dst, brmsg->br_dst_if, 3384 brmsg->br_setflags, brmsg->br_flags, 3385 &brmsg->br_rtinfo); 3386 if (error) { 3387 KKASSERT(mycpuid == 0 && brmsg->br_rtinfo == NULL); 3388 netisr_replymsg(&brmsg->base, error); 3389 return; 3390 } else if (brmsg->br_rtinfo == NULL) { 3391 /* rtnode already exists for 'dst' */ 3392 KKASSERT(mycpuid == 0); 3393 netisr_replymsg(&brmsg->base, 0); 3394 return; 3395 } 3396 netisr_forwardmsg(&brmsg->base, mycpuid + 1); 3397 } 3398 3399 /* 3400 * bridge_rtupdate: 3401 * 3402 * Add/Update a bridge routing entry. 3403 */ 3404 static int 3405 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 3406 struct ifnet *dst_if, uint8_t flags) 3407 { 3408 struct bridge_rtnode *brt; 3409 3410 /* 3411 * A route for this destination might already exist. If so, 3412 * update it, otherwise create a new one. 3413 */ 3414 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 3415 struct netmsg_brsaddr *brmsg; 3416 3417 if (sc->sc_brtcnt >= sc->sc_brtmax) 3418 return ENOSPC; 3419 3420 brmsg = kmalloc(sizeof(*brmsg), M_LWKTMSG, M_WAITOK | M_NULLOK); 3421 if (brmsg == NULL) 3422 return ENOMEM; 3423 3424 netmsg_init(&brmsg->base, NULL, &netisr_afree_rport, 3425 0, bridge_rtinstall_handler); 3426 memcpy(brmsg->br_dst, dst, ETHER_ADDR_LEN); 3427 brmsg->br_dst_if = dst_if; 3428 brmsg->br_flags = flags; 3429 brmsg->br_setflags = 0; 3430 brmsg->br_softc = sc; 3431 brmsg->br_rtinfo = NULL; 3432 3433 netisr_sendmsg(&brmsg->base, 0); 3434 return 0; 3435 } 3436 bridge_rtinfo_update(brt->brt_info, dst_if, 0, flags, 3437 sc->sc_brttimeout); 3438 return 0; 3439 } 3440 3441 static int 3442 bridge_rtsaddr(struct bridge_softc *sc, const uint8_t *dst, 3443 struct ifnet *dst_if, uint8_t flags) 3444 { 3445 struct netmsg_brsaddr brmsg; 3446 3447 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3448 3449 netmsg_init(&brmsg.base, NULL, &curthread->td_msgport, 3450 0, bridge_rtinstall_handler); 3451 memcpy(brmsg.br_dst, dst, ETHER_ADDR_LEN); 3452 brmsg.br_dst_if = dst_if; 3453 brmsg.br_flags = flags; 3454 brmsg.br_setflags = 1; 3455 brmsg.br_softc = sc; 3456 brmsg.br_rtinfo = NULL; 3457 3458 return netisr_domsg(&brmsg.base, 0); 3459 } 3460 3461 /* 3462 * bridge_rtlookup: 3463 * 3464 * Lookup the destination interface for an address. 3465 */ 3466 static struct ifnet * 3467 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 3468 { 3469 struct bridge_rtnode *brt; 3470 3471 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3472 return NULL; 3473 return brt->brt_info->bri_ifp; 3474 } 3475 3476 static void 3477 bridge_rtreap_handler(netmsg_t msg) 3478 { 3479 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3480 struct bridge_rtnode *brt, *nbrt; 3481 3482 LIST_FOREACH_MUTABLE(brt, &sc->sc_rtlists[mycpuid], brt_list, nbrt) { 3483 if (brt->brt_info->bri_dead) 3484 bridge_rtnode_destroy(sc, brt); 3485 } 3486 netisr_forwardmsg(&msg->base, mycpuid + 1); 3487 } 3488 3489 static void 3490 bridge_rtreap(struct bridge_softc *sc) 3491 { 3492 struct netmsg_base msg; 3493 3494 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3495 3496 netmsg_init(&msg, NULL, &curthread->td_msgport, 3497 0, bridge_rtreap_handler); 3498 msg.lmsg.u.ms_resultp = sc; 3499 3500 netisr_domsg(&msg, 0); 3501 } 3502 3503 static void 3504 bridge_rtreap_async(struct bridge_softc *sc) 3505 { 3506 struct netmsg_base *msg; 3507 3508 msg = kmalloc(sizeof(*msg), M_LWKTMSG, M_WAITOK); 3509 3510 netmsg_init(msg, NULL, &netisr_afree_rport, 3511 0, bridge_rtreap_handler); 3512 msg->lmsg.u.ms_resultp = sc; 3513 3514 netisr_sendmsg(msg, 0); 3515 } 3516 3517 /* 3518 * bridge_rttrim: 3519 * 3520 * Trim the routine table so that we have a number 3521 * of routing entries less than or equal to the 3522 * maximum number. 3523 */ 3524 static void 3525 bridge_rttrim(struct bridge_softc *sc) 3526 { 3527 struct bridge_rtnode *brt; 3528 int dead; 3529 3530 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3531 3532 /* Make sure we actually need to do this. */ 3533 if (sc->sc_brtcnt <= sc->sc_brtmax) 3534 return; 3535 3536 /* 3537 * Find out how many rtnodes are dead 3538 */ 3539 dead = bridge_rtage_finddead(sc); 3540 KKASSERT(dead <= sc->sc_brtcnt); 3541 3542 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3543 /* Enough dead rtnodes are found */ 3544 bridge_rtreap(sc); 3545 return; 3546 } 3547 3548 /* 3549 * Kill some dynamic rtnodes to meet the brtmax 3550 */ 3551 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3552 struct bridge_rtinfo *bri = brt->brt_info; 3553 3554 if (bri->bri_dead) { 3555 /* 3556 * We have counted this rtnode in 3557 * bridge_rtage_finddead() 3558 */ 3559 continue; 3560 } 3561 3562 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3563 bri->bri_dead = 1; 3564 ++dead; 3565 KKASSERT(dead <= sc->sc_brtcnt); 3566 3567 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3568 /* Enough rtnodes are collected */ 3569 break; 3570 } 3571 } 3572 } 3573 if (dead) 3574 bridge_rtreap(sc); 3575 } 3576 3577 /* 3578 * bridge_timer: 3579 * 3580 * Aging timer for the bridge. 3581 */ 3582 static void 3583 bridge_timer(void *arg) 3584 { 3585 struct bridge_softc *sc = arg; 3586 struct netmsg_base *msg; 3587 3588 KKASSERT(mycpuid == BRIDGE_CFGCPU); 3589 3590 crit_enter(); 3591 3592 if (callout_pending(&sc->sc_brcallout) || 3593 !callout_active(&sc->sc_brcallout)) { 3594 crit_exit(); 3595 return; 3596 } 3597 callout_deactivate(&sc->sc_brcallout); 3598 3599 msg = &sc->sc_brtimemsg; 3600 KKASSERT(msg->lmsg.ms_flags & MSGF_DONE); 3601 lwkt_sendmsg_oncpu(BRIDGE_CFGPORT, &msg->lmsg); 3602 3603 crit_exit(); 3604 } 3605 3606 static void 3607 bridge_timer_handler(netmsg_t msg) 3608 { 3609 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3610 3611 KKASSERT(&curthread->td_msgport == BRIDGE_CFGPORT); 3612 3613 crit_enter(); 3614 /* Reply ASAP */ 3615 lwkt_replymsg(&msg->lmsg, 0); 3616 crit_exit(); 3617 3618 bridge_rtage(sc); 3619 if (sc->sc_ifp->if_flags & IFF_RUNNING) { 3620 callout_reset(&sc->sc_brcallout, 3621 bridge_rtable_prune_period * hz, bridge_timer, sc); 3622 } 3623 } 3624 3625 static int 3626 bridge_rtage_finddead(struct bridge_softc *sc) 3627 { 3628 struct bridge_rtnode *brt; 3629 int dead = 0; 3630 3631 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3632 struct bridge_rtinfo *bri = brt->brt_info; 3633 3634 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3635 time_uptime >= bri->bri_expire) { 3636 bri->bri_dead = 1; 3637 ++dead; 3638 KKASSERT(dead <= sc->sc_brtcnt); 3639 } 3640 } 3641 return dead; 3642 } 3643 3644 /* 3645 * bridge_rtage: 3646 * 3647 * Perform an aging cycle. 3648 */ 3649 static void 3650 bridge_rtage(struct bridge_softc *sc) 3651 { 3652 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3653 3654 if (bridge_rtage_finddead(sc)) 3655 bridge_rtreap(sc); 3656 } 3657 3658 /* 3659 * bridge_rtflush: 3660 * 3661 * Remove all dynamic addresses from the bridge. 3662 */ 3663 static void 3664 bridge_rtflush(struct bridge_softc *sc, int bf) 3665 { 3666 struct bridge_rtnode *brt; 3667 int reap; 3668 3669 reap = 0; 3670 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3671 struct bridge_rtinfo *bri = brt->brt_info; 3672 3673 if ((bf & IFBF_FLUSHALL) || 3674 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3675 bri->bri_dead = 1; 3676 reap = 1; 3677 } 3678 } 3679 if (reap) { 3680 if (bf & IFBF_FLUSHSYNC) 3681 bridge_rtreap(sc); 3682 else 3683 bridge_rtreap_async(sc); 3684 } 3685 } 3686 3687 /* 3688 * bridge_rtdaddr: 3689 * 3690 * Remove an address from the table. 3691 */ 3692 static int 3693 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 3694 { 3695 struct bridge_rtnode *brt; 3696 3697 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3698 3699 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3700 return (ENOENT); 3701 3702 /* TODO: add a cheaper delete operation */ 3703 brt->brt_info->bri_dead = 1; 3704 bridge_rtreap(sc); 3705 return (0); 3706 } 3707 3708 /* 3709 * bridge_rtdelete: 3710 * 3711 * Delete routes to a speicifc member interface. 3712 */ 3713 void 3714 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int bf) 3715 { 3716 struct bridge_rtnode *brt; 3717 int reap; 3718 3719 reap = 0; 3720 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3721 struct bridge_rtinfo *bri = brt->brt_info; 3722 3723 if (bri->bri_ifp == ifp && 3724 ((bf & IFBF_FLUSHALL) || 3725 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) { 3726 bri->bri_dead = 1; 3727 reap = 1; 3728 } 3729 } 3730 if (reap) { 3731 if (bf & IFBF_FLUSHSYNC) 3732 bridge_rtreap(sc); 3733 else 3734 bridge_rtreap_async(sc); 3735 } 3736 } 3737 3738 /* 3739 * bridge_rtable_init: 3740 * 3741 * Initialize the route table for this bridge. 3742 */ 3743 static void 3744 bridge_rtable_init(struct bridge_softc *sc) 3745 { 3746 int cpu; 3747 3748 /* 3749 * Initialize per-cpu hash tables 3750 */ 3751 sc->sc_rthashs = kmalloc(sizeof(*sc->sc_rthashs) * netisr_ncpus, 3752 M_DEVBUF, M_WAITOK); 3753 for (cpu = 0; cpu < netisr_ncpus; ++cpu) { 3754 int i; 3755 3756 sc->sc_rthashs[cpu] = 3757 kmalloc(sizeof(struct bridge_rtnode_head) * BRIDGE_RTHASH_SIZE, 3758 M_DEVBUF, M_WAITOK); 3759 3760 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 3761 LIST_INIT(&sc->sc_rthashs[cpu][i]); 3762 } 3763 sc->sc_rthash_key = karc4random(); 3764 3765 /* 3766 * Initialize per-cpu lists 3767 */ 3768 sc->sc_rtlists = 3769 kmalloc(sizeof(struct bridge_rtnode_head) * netisr_ncpus, 3770 M_DEVBUF, M_WAITOK); 3771 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3772 LIST_INIT(&sc->sc_rtlists[cpu]); 3773 } 3774 3775 /* 3776 * bridge_rtable_fini: 3777 * 3778 * Deconstruct the route table for this bridge. 3779 */ 3780 static void 3781 bridge_rtable_fini(struct bridge_softc *sc) 3782 { 3783 int cpu; 3784 3785 /* 3786 * Free per-cpu hash tables 3787 */ 3788 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3789 kfree(sc->sc_rthashs[cpu], M_DEVBUF); 3790 kfree(sc->sc_rthashs, M_DEVBUF); 3791 3792 /* 3793 * Free per-cpu lists 3794 */ 3795 kfree(sc->sc_rtlists, M_DEVBUF); 3796 } 3797 3798 /* 3799 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 3800 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 3801 */ 3802 #define mix(a, b, c) \ 3803 do { \ 3804 a -= b; a -= c; a ^= (c >> 13); \ 3805 b -= c; b -= a; b ^= (a << 8); \ 3806 c -= a; c -= b; c ^= (b >> 13); \ 3807 a -= b; a -= c; a ^= (c >> 12); \ 3808 b -= c; b -= a; b ^= (a << 16); \ 3809 c -= a; c -= b; c ^= (b >> 5); \ 3810 a -= b; a -= c; a ^= (c >> 3); \ 3811 b -= c; b -= a; b ^= (a << 10); \ 3812 c -= a; c -= b; c ^= (b >> 15); \ 3813 } while (/*CONSTCOND*/0) 3814 3815 static __inline uint32_t 3816 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 3817 { 3818 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 3819 3820 b += addr[5] << 8; 3821 b += addr[4]; 3822 a += addr[3] << 24; 3823 a += addr[2] << 16; 3824 a += addr[1] << 8; 3825 a += addr[0]; 3826 3827 mix(a, b, c); 3828 3829 return (c & BRIDGE_RTHASH_MASK); 3830 } 3831 3832 #undef mix 3833 3834 static int 3835 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 3836 { 3837 int i, d; 3838 3839 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 3840 d = ((int)a[i]) - ((int)b[i]); 3841 } 3842 3843 return (d); 3844 } 3845 3846 /* 3847 * bridge_rtnode_lookup: 3848 * 3849 * Look up a bridge route node for the specified destination. 3850 */ 3851 static struct bridge_rtnode * 3852 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 3853 { 3854 struct bridge_rtnode *brt; 3855 uint32_t hash; 3856 int dir; 3857 3858 hash = bridge_rthash(sc, addr); 3859 LIST_FOREACH(brt, &sc->sc_rthashs[mycpuid][hash], brt_hash) { 3860 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 3861 if (dir == 0) 3862 return (brt); 3863 if (dir > 0) 3864 return (NULL); 3865 } 3866 3867 return (NULL); 3868 } 3869 3870 /* 3871 * bridge_rtnode_insert: 3872 * 3873 * Insert the specified bridge node into the route table. 3874 * Caller has to make sure that rtnode does not exist. 3875 */ 3876 static void 3877 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 3878 { 3879 struct bridge_rtnode *lbrt; 3880 uint32_t hash; 3881 int dir; 3882 3883 hash = bridge_rthash(sc, brt->brt_addr); 3884 3885 lbrt = LIST_FIRST(&sc->sc_rthashs[mycpuid][hash]); 3886 if (lbrt == NULL) { 3887 LIST_INSERT_HEAD(&sc->sc_rthashs[mycpuid][hash], 3888 brt, brt_hash); 3889 goto out; 3890 } 3891 3892 do { 3893 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 3894 KASSERT(dir != 0, ("rtnode already exist")); 3895 3896 if (dir > 0) { 3897 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 3898 goto out; 3899 } 3900 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 3901 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 3902 goto out; 3903 } 3904 lbrt = LIST_NEXT(lbrt, brt_hash); 3905 } while (lbrt != NULL); 3906 3907 panic("no suitable position found for rtnode"); 3908 out: 3909 LIST_INSERT_HEAD(&sc->sc_rtlists[mycpuid], brt, brt_list); 3910 if (mycpuid == 0) { 3911 /* 3912 * Update the brtcnt. 3913 * We only need to do it once and we do it on CPU0. 3914 */ 3915 sc->sc_brtcnt++; 3916 } 3917 } 3918 3919 /* 3920 * bridge_rtnode_destroy: 3921 * 3922 * Destroy a bridge rtnode. 3923 */ 3924 static void 3925 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 3926 { 3927 struct bridge_rtinfo *bri; 3928 3929 LIST_REMOVE(brt, brt_hash); 3930 LIST_REMOVE(brt, brt_list); 3931 3932 bri = brt->brt_info; 3933 3934 /* 3935 * The bri_dead flag can be set asynchronously and catch some gc's 3936 * in the middle, don't free bri until all references have actually 3937 * gone away. 3938 */ 3939 if (atomic_fetchadd_int(&bri->bri_refs, -1) == 1) { 3940 /* Free rtinfo associated with rtnode on the last cpu */ 3941 kfree(bri, M_DEVBUF); 3942 brt->brt_info = NULL; /* safety */ 3943 } 3944 kfree(brt, M_DEVBUF); 3945 3946 if (mycpuid == 0) { 3947 /* Update brtcnt only on CPU0 */ 3948 sc->sc_brtcnt--; 3949 } 3950 } 3951 3952 static __inline int 3953 bridge_post_pfil(struct mbuf *m) 3954 { 3955 if (m->m_pkthdr.fw_flags & IPFORWARD_MBUF_TAGGED) 3956 return EOPNOTSUPP; 3957 3958 /* Not yet */ 3959 if (m->m_pkthdr.fw_flags & DUMMYNET_MBUF_TAGGED) 3960 return EOPNOTSUPP; 3961 3962 return 0; 3963 } 3964 3965 /* 3966 * Send bridge packets through pfil if they are one of the types pfil can deal 3967 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3968 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3969 * that interface. 3970 */ 3971 static int 3972 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3973 { 3974 int snap, error, i, hlen; 3975 struct ether_header *eh1, eh2; 3976 struct ip *ip; 3977 struct llc llc1; 3978 u_int16_t ether_type; 3979 3980 snap = 0; 3981 error = -1; /* Default error if not error == 0 */ 3982 3983 if (pfil_bridge == 0 && pfil_member == 0) 3984 return (0); /* filtering is disabled */ 3985 3986 i = min((*mp)->m_pkthdr.len, max_protohdr); 3987 if ((*mp)->m_len < i) { 3988 *mp = m_pullup(*mp, i); 3989 if (*mp == NULL) { 3990 kprintf("%s: m_pullup failed\n", __func__); 3991 return (-1); 3992 } 3993 } 3994 3995 eh1 = mtod(*mp, struct ether_header *); 3996 ether_type = ntohs(eh1->ether_type); 3997 3998 /* 3999 * Check for SNAP/LLC. 4000 */ 4001 if (ether_type < ETHERMTU) { 4002 struct llc *llc2 = (struct llc *)(eh1 + 1); 4003 4004 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 4005 llc2->llc_dsap == LLC_SNAP_LSAP && 4006 llc2->llc_ssap == LLC_SNAP_LSAP && 4007 llc2->llc_control == LLC_UI) { 4008 ether_type = htons(llc2->llc_un.type_snap.ether_type); 4009 snap = 1; 4010 } 4011 } 4012 4013 /* 4014 * If we're trying to filter bridge traffic, don't look at anything 4015 * other than IP and ARP traffic. If the filter doesn't understand 4016 * IPv6, don't allow IPv6 through the bridge either. This is lame 4017 * since if we really wanted, say, an AppleTalk filter, we are hosed, 4018 * but of course we don't have an AppleTalk filter to begin with. 4019 * (Note that since pfil doesn't understand ARP it will pass *ALL* 4020 * ARP traffic.) 4021 */ 4022 switch (ether_type) { 4023 case ETHERTYPE_ARP: 4024 case ETHERTYPE_REVARP: 4025 return (0); /* Automatically pass */ 4026 4027 case ETHERTYPE_IP: 4028 #ifdef INET6 4029 case ETHERTYPE_IPV6: 4030 #endif /* INET6 */ 4031 break; 4032 4033 default: 4034 /* 4035 * Check to see if the user wants to pass non-ip 4036 * packets, these will not be checked by pfil(9) 4037 * and passed unconditionally so the default is to drop. 4038 */ 4039 if (pfil_onlyip) 4040 goto bad; 4041 } 4042 4043 /* Strip off the Ethernet header and keep a copy. */ 4044 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 4045 m_adj(*mp, ETHER_HDR_LEN); 4046 4047 /* Strip off snap header, if present */ 4048 if (snap) { 4049 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 4050 m_adj(*mp, sizeof(struct llc)); 4051 } 4052 4053 /* 4054 * Check the IP header for alignment and errors 4055 */ 4056 if (dir == PFIL_IN) { 4057 switch (ether_type) { 4058 case ETHERTYPE_IP: 4059 error = bridge_ip_checkbasic(mp); 4060 break; 4061 #ifdef INET6 4062 case ETHERTYPE_IPV6: 4063 error = bridge_ip6_checkbasic(mp); 4064 break; 4065 #endif /* INET6 */ 4066 default: 4067 error = 0; 4068 } 4069 if (error) 4070 goto bad; 4071 } 4072 4073 error = 0; 4074 4075 /* 4076 * Run the packet through pfil 4077 */ 4078 switch (ether_type) { 4079 case ETHERTYPE_IP: 4080 /* 4081 * Run pfil on the member interface and the bridge, both can 4082 * be skipped by clearing pfil_member or pfil_bridge. 4083 * 4084 * Keep the order: 4085 * in_if -> bridge_if -> out_if 4086 */ 4087 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) { 4088 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 4089 if (*mp == NULL || error != 0) /* filter may consume */ 4090 break; 4091 error = bridge_post_pfil(*mp); 4092 if (error) 4093 break; 4094 } 4095 4096 if (pfil_member && ifp != NULL) { 4097 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, dir); 4098 if (*mp == NULL || error != 0) /* filter may consume */ 4099 break; 4100 error = bridge_post_pfil(*mp); 4101 if (error) 4102 break; 4103 } 4104 4105 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) { 4106 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 4107 if (*mp == NULL || error != 0) /* filter may consume */ 4108 break; 4109 error = bridge_post_pfil(*mp); 4110 if (error) 4111 break; 4112 } 4113 4114 /* check if we need to fragment the packet */ 4115 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 4116 i = (*mp)->m_pkthdr.len; 4117 if (i > ifp->if_mtu) { 4118 error = bridge_fragment(ifp, *mp, &eh2, snap, 4119 &llc1); 4120 return (error); 4121 } 4122 } 4123 4124 /* Recalculate the ip checksum and restore byte ordering */ 4125 ip = mtod(*mp, struct ip *); 4126 hlen = ip->ip_hl << 2; 4127 if (hlen < sizeof(struct ip)) 4128 goto bad; 4129 if (hlen > (*mp)->m_len) { 4130 if ((*mp = m_pullup(*mp, hlen)) == NULL) 4131 goto bad; 4132 ip = mtod(*mp, struct ip *); 4133 if (ip == NULL) 4134 goto bad; 4135 } 4136 ip->ip_sum = 0; 4137 if (hlen == sizeof(struct ip)) 4138 ip->ip_sum = in_cksum_hdr(ip); 4139 else 4140 ip->ip_sum = in_cksum(*mp, hlen); 4141 4142 break; 4143 #ifdef INET6 4144 case ETHERTYPE_IPV6: 4145 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 4146 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4147 dir); 4148 4149 if (*mp == NULL || error != 0) /* filter may consume */ 4150 break; 4151 4152 if (pfil_member && ifp != NULL) 4153 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 4154 dir); 4155 4156 if (*mp == NULL || error != 0) /* filter may consume */ 4157 break; 4158 4159 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 4160 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4161 dir); 4162 break; 4163 #endif 4164 default: 4165 error = 0; 4166 break; 4167 } 4168 4169 if (*mp == NULL) 4170 return (error); 4171 if (error != 0) 4172 goto bad; 4173 4174 error = -1; 4175 4176 /* 4177 * Finally, put everything back the way it was and return 4178 */ 4179 if (snap) { 4180 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT); 4181 if (*mp == NULL) 4182 return (error); 4183 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 4184 } 4185 4186 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT); 4187 if (*mp == NULL) 4188 return (error); 4189 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 4190 4191 return (0); 4192 4193 bad: 4194 m_freem(*mp); 4195 *mp = NULL; 4196 return (error); 4197 } 4198 4199 /* 4200 * Perform basic checks on header size since 4201 * pfil assumes ip_input has already processed 4202 * it for it. Cut-and-pasted from ip_input.c. 4203 * Given how simple the IPv6 version is, 4204 * does the IPv4 version really need to be 4205 * this complicated? 4206 * 4207 * XXX Should we update ipstat here, or not? 4208 * XXX Right now we update ipstat but not 4209 * XXX csum_counter. 4210 */ 4211 static int 4212 bridge_ip_checkbasic(struct mbuf **mp) 4213 { 4214 struct mbuf *m = *mp; 4215 struct ip *ip; 4216 int len, hlen; 4217 u_short sum; 4218 4219 if (*mp == NULL) 4220 return (-1); 4221 #if 0 /* notyet */ 4222 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4223 if ((m = m_copyup(m, sizeof(struct ip), 4224 (max_linkhdr + 3) & ~3)) == NULL) { 4225 /* XXXJRT new stat, please */ 4226 ipstat.ips_toosmall++; 4227 goto bad; 4228 } 4229 } else 4230 #endif 4231 #ifndef __predict_false 4232 #define __predict_false(x) x 4233 #endif 4234 if (__predict_false(m->m_len < sizeof (struct ip))) { 4235 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 4236 ipstat.ips_toosmall++; 4237 goto bad; 4238 } 4239 } 4240 ip = mtod(m, struct ip *); 4241 if (ip == NULL) goto bad; 4242 4243 if (ip->ip_v != IPVERSION) { 4244 ipstat.ips_badvers++; 4245 goto bad; 4246 } 4247 hlen = ip->ip_hl << 2; 4248 if (hlen < sizeof(struct ip)) { /* minimum header length */ 4249 ipstat.ips_badhlen++; 4250 goto bad; 4251 } 4252 if (hlen > m->m_len) { 4253 if ((m = m_pullup(m, hlen)) == NULL) { 4254 ipstat.ips_badhlen++; 4255 goto bad; 4256 } 4257 ip = mtod(m, struct ip *); 4258 if (ip == NULL) goto bad; 4259 } 4260 4261 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 4262 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 4263 } else { 4264 if (hlen == sizeof(struct ip)) { 4265 sum = in_cksum_hdr(ip); 4266 } else { 4267 sum = in_cksum(m, hlen); 4268 } 4269 } 4270 if (sum) { 4271 ipstat.ips_badsum++; 4272 goto bad; 4273 } 4274 4275 /* Retrieve the packet length. */ 4276 len = ntohs(ip->ip_len); 4277 4278 /* 4279 * Check for additional length bogosity 4280 */ 4281 if (len < hlen) { 4282 ipstat.ips_badlen++; 4283 goto bad; 4284 } 4285 4286 /* 4287 * Check that the amount of data in the buffers 4288 * is as at least much as the IP header would have us expect. 4289 * Drop packet if shorter than we expect. 4290 */ 4291 if (m->m_pkthdr.len < len) { 4292 ipstat.ips_tooshort++; 4293 goto bad; 4294 } 4295 4296 /* Checks out, proceed */ 4297 *mp = m; 4298 return (0); 4299 4300 bad: 4301 *mp = m; 4302 return (-1); 4303 } 4304 4305 #ifdef INET6 4306 /* 4307 * Same as above, but for IPv6. 4308 * Cut-and-pasted from ip6_input.c. 4309 * XXX Should we update ip6stat, or not? 4310 */ 4311 static int 4312 bridge_ip6_checkbasic(struct mbuf **mp) 4313 { 4314 struct mbuf *m = *mp; 4315 struct ip6_hdr *ip6; 4316 4317 /* 4318 * If the IPv6 header is not aligned, slurp it up into a new 4319 * mbuf with space for link headers, in the event we forward 4320 * it. Otherwise, if it is aligned, make sure the entire base 4321 * IPv6 header is in the first mbuf of the chain. 4322 */ 4323 #if 0 /* notyet */ 4324 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4325 struct ifnet *inifp = m->m_pkthdr.rcvif; 4326 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 4327 (max_linkhdr + 3) & ~3)) == NULL) { 4328 /* XXXJRT new stat, please */ 4329 ip6stat.ip6s_toosmall++; 4330 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4331 goto bad; 4332 } 4333 } else 4334 #endif 4335 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 4336 struct ifnet *inifp = m->m_pkthdr.rcvif; 4337 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 4338 ip6stat.ip6s_toosmall++; 4339 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4340 goto bad; 4341 } 4342 } 4343 4344 ip6 = mtod(m, struct ip6_hdr *); 4345 4346 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 4347 ip6stat.ip6s_badvers++; 4348 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 4349 goto bad; 4350 } 4351 4352 /* Checks out, proceed */ 4353 *mp = m; 4354 return (0); 4355 4356 bad: 4357 *mp = m; 4358 return (-1); 4359 } 4360 #endif /* INET6 */ 4361 4362 /* 4363 * bridge_fragment: 4364 * 4365 * Return a fragmented mbuf chain. 4366 */ 4367 static int 4368 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 4369 int snap, struct llc *llc) 4370 { 4371 struct mbuf *m0; 4372 struct ip *ip; 4373 int error = -1; 4374 4375 if (m->m_len < sizeof(struct ip) && 4376 (m = m_pullup(m, sizeof(struct ip))) == NULL) 4377 goto out; 4378 ip = mtod(m, struct ip *); 4379 4380 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 4381 CSUM_DELAY_IP); 4382 if (error) 4383 goto out; 4384 4385 /* walk the chain and re-add the Ethernet header */ 4386 for (m0 = m; m0; m0 = m0->m_nextpkt) { 4387 if (error == 0) { 4388 if (snap) { 4389 M_PREPEND(m0, sizeof(struct llc), M_NOWAIT); 4390 if (m0 == NULL) { 4391 error = ENOBUFS; 4392 continue; 4393 } 4394 bcopy(llc, mtod(m0, caddr_t), 4395 sizeof(struct llc)); 4396 } 4397 M_PREPEND(m0, ETHER_HDR_LEN, M_NOWAIT); 4398 if (m0 == NULL) { 4399 error = ENOBUFS; 4400 continue; 4401 } 4402 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 4403 } else 4404 m_freem(m); 4405 } 4406 4407 if (error == 0) 4408 ipstat.ips_fragmented++; 4409 4410 return (error); 4411 4412 out: 4413 if (m != NULL) 4414 m_freem(m); 4415 return (error); 4416 } 4417 4418 static void 4419 bridge_enqueue_handler(netmsg_t msg) 4420 { 4421 struct netmsg_packet *nmp; 4422 struct ifnet *dst_ifp; 4423 struct mbuf *m; 4424 4425 nmp = &msg->packet; 4426 m = nmp->nm_packet; 4427 dst_ifp = nmp->base.lmsg.u.ms_resultp; 4428 mbuftrackid(m, 71); 4429 4430 bridge_handoff(dst_ifp->if_bridge, dst_ifp, m, 1); 4431 } 4432 4433 static void 4434 bridge_handoff(struct bridge_softc *sc, struct ifnet *dst_ifp, 4435 struct mbuf *m, int from_us) 4436 { 4437 struct mbuf *m0; 4438 struct ifnet *bifp; 4439 4440 bifp = sc->sc_ifp; 4441 mbuftrackid(m, 72); 4442 4443 /* We may be sending a fragment so traverse the mbuf */ 4444 for (; m; m = m0) { 4445 struct altq_pktattr pktattr; 4446 4447 m0 = m->m_nextpkt; 4448 m->m_nextpkt = NULL; 4449 4450 /* 4451 * If being sent from our host override ether_shost 4452 * with the bridge MAC. This is mandatory for ARP 4453 * so things don't get confused. In particular we 4454 * don't want ARPs to get associated with link interfaces 4455 * under the bridge which might or might not stay valid. 4456 * 4457 * Also override ether_shost when relaying a packet out 4458 * the same interface it came in on, due to multi-homed 4459 * addresses & default routes, otherwise switches will 4460 * get very confused. 4461 * 4462 * Otherwise if we are in transparent mode. 4463 */ 4464 if (from_us || m->m_pkthdr.rcvif == dst_ifp) { 4465 m_copyback(m, 4466 offsetof(struct ether_header, ether_shost), 4467 ETHER_ADDR_LEN, IF_LLADDR(sc->sc_ifp)); 4468 } else if ((bifp->if_flags & IFF_LINK0) && 4469 (m->m_pkthdr.fw_flags & BRIDGE_MBUF_TAGGED)) { 4470 m_copyback(m, 4471 offsetof(struct ether_header, ether_shost), 4472 ETHER_ADDR_LEN, 4473 m->m_pkthdr.ether_br_shost); 4474 } /* else retain shost */ 4475 4476 if (ifq_is_enabled(&dst_ifp->if_snd)) 4477 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 4478 4479 ifq_dispatch(dst_ifp, m, &pktattr); 4480 } 4481 } 4482 4483 static void 4484 bridge_control_dispatch(netmsg_t msg) 4485 { 4486 struct netmsg_brctl *bc_msg = (struct netmsg_brctl *)msg; 4487 struct ifnet *bifp = bc_msg->bc_sc->sc_ifp; 4488 int error; 4489 4490 ifnet_serialize_all(bifp); 4491 error = bc_msg->bc_func(bc_msg->bc_sc, bc_msg->bc_arg); 4492 ifnet_deserialize_all(bifp); 4493 4494 lwkt_replymsg(&bc_msg->base.lmsg, error); 4495 } 4496 4497 static int 4498 bridge_control(struct bridge_softc *sc, u_long cmd, 4499 bridge_ctl_t bc_func, void *bc_arg) 4500 { 4501 struct ifnet *bifp = sc->sc_ifp; 4502 struct netmsg_brctl bc_msg; 4503 int error; 4504 4505 ASSERT_IFNET_SERIALIZED_ALL(bifp); 4506 4507 bzero(&bc_msg, sizeof(bc_msg)); 4508 4509 netmsg_init(&bc_msg.base, NULL, &curthread->td_msgport, 4510 0, bridge_control_dispatch); 4511 bc_msg.bc_func = bc_func; 4512 bc_msg.bc_sc = sc; 4513 bc_msg.bc_arg = bc_arg; 4514 4515 ifnet_deserialize_all(bifp); 4516 error = lwkt_domsg(BRIDGE_CFGPORT, &bc_msg.base.lmsg, 0); 4517 ifnet_serialize_all(bifp); 4518 return error; 4519 } 4520 4521 static void 4522 bridge_add_bif_handler(netmsg_t msg) 4523 { 4524 struct netmsg_braddbif *amsg = (struct netmsg_braddbif *)msg; 4525 struct bridge_softc *sc; 4526 struct bridge_iflist *bif; 4527 4528 sc = amsg->br_softc; 4529 4530 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 4531 bif->bif_ifp = amsg->br_bif_ifp; 4532 bif->bif_onlist = 1; 4533 bif->bif_info = amsg->br_bif_info; 4534 4535 /* 4536 * runs through bif_info 4537 */ 4538 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 4539 4540 TAILQ_INSERT_HEAD(&sc->sc_iflists[mycpuid], bif, bif_next); 4541 4542 netisr_forwardmsg(&amsg->base, mycpuid + 1); 4543 } 4544 4545 static void 4546 bridge_add_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4547 struct ifnet *ifp) 4548 { 4549 struct netmsg_braddbif amsg; 4550 4551 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4552 4553 netmsg_init(&amsg.base, NULL, &curthread->td_msgport, 4554 0, bridge_add_bif_handler); 4555 amsg.br_softc = sc; 4556 amsg.br_bif_info = bif_info; 4557 amsg.br_bif_ifp = ifp; 4558 4559 netisr_domsg(&amsg.base, 0); 4560 } 4561 4562 static void 4563 bridge_del_bif_handler(netmsg_t msg) 4564 { 4565 struct netmsg_brdelbif *dmsg = (struct netmsg_brdelbif *)msg; 4566 struct bridge_softc *sc; 4567 struct bridge_iflist *bif; 4568 4569 sc = dmsg->br_softc; 4570 4571 /* 4572 * Locate the bif associated with the br_bif_info 4573 * on the current CPU 4574 */ 4575 bif = bridge_lookup_member_ifinfo(sc, dmsg->br_bif_info); 4576 KKASSERT(bif != NULL && bif->bif_onlist); 4577 4578 /* Remove the bif from the current CPU's iflist */ 4579 bif->bif_onlist = 0; 4580 TAILQ_REMOVE(dmsg->br_bif_list, bif, bif_next); 4581 4582 /* Save the removed bif for later freeing */ 4583 TAILQ_INSERT_HEAD(dmsg->br_bif_list, bif, bif_next); 4584 4585 netisr_forwardmsg(&dmsg->base, mycpuid + 1); 4586 } 4587 4588 static void 4589 bridge_del_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4590 struct bridge_iflist_head *saved_bifs) 4591 { 4592 struct netmsg_brdelbif dmsg; 4593 4594 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4595 4596 netmsg_init(&dmsg.base, NULL, &curthread->td_msgport, 4597 0, bridge_del_bif_handler); 4598 dmsg.br_softc = sc; 4599 dmsg.br_bif_info = bif_info; 4600 dmsg.br_bif_list = saved_bifs; 4601 4602 netisr_domsg(&dmsg.base, 0); 4603 } 4604