1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 * 81 * 82 * Bridge's route information is duplicated to each CPUs: 83 * 84 * CPU0 CPU1 CPU2 CPU3 85 * +-----------+ +-----------+ +-----------+ +-----------+ 86 * | rtnode | | rtnode | | rtnode | | rtnode | 87 * | | | | | | | | 88 * | dst eaddr | | dst eaddr | | dst eaddr | | dst eaddr | 89 * +-----------+ +-----------+ +-----------+ +-----------+ 90 * | | | | 91 * | | | | 92 * | | +----------+ | | 93 * | | | rtinfo | | | 94 * | +---->| |<---+ | 95 * | | flags | | 96 * +-------------->| timeout |<-------------+ 97 * | dst_ifp | 98 * +----------+ 99 * 100 * We choose to put timeout and dst_ifp into shared part, so updating 101 * them will be cheaper than using message forwarding. Also there is 102 * not need to use spinlock to protect the updating: timeout and dst_ifp 103 * is not related and specific field's updating order has no importance. 104 * The cache pollution by the share part should not be heavy: in a stable 105 * setup, dst_ifp probably will be not changed in rtnode's life time, 106 * while timeout is refreshed once per second; most of the time, timeout 107 * and dst_ifp are read-only accessed. 108 * 109 * 110 * Bridge route information installation on bridge_input path: 111 * 112 * CPU0 CPU1 CPU2 CPU3 113 * 114 * netisr2 115 * | 116 * alloc nmsg 117 * snd nmsg | 118 * w/o rtinfo | 119 * netisr0<-----------------------+ 120 * | : 121 * lookup dst : 122 * rtnode exists?(Y)free nmsg : 123 * |(N) : 124 * | : 125 * alloc rtinfo : 126 * alloc rtnode : 127 * install rtnode : 128 * | : 129 * +---------->netisr1 : 130 * : fwd nmsg | : 131 * : w/ rtinfo | : 132 * : | : 133 * : | : 134 * alloc rtnode : 135 * (w/ nmsg's rtinfo) : 136 * install rtnode : 137 * | : 138 * +----------->| 139 * : fwd nmsg | 140 * : w/ rtinfo | 141 * : | 142 * : same as netisr1 143 * | 144 * +---------->netisr3 145 * : fwd nmsg | 146 * : w/ rtinfo | 147 * : | 148 * : same as netisr1 149 * free nmsg 150 * : 151 * : 152 * 153 * The netmsgs forwarded between netisr2 are allocated with 154 * (M_WAITOK|M_NULLOK), so it will not fail under most cases (route 155 * information is too precious to be not installed :). Since multiple 156 * netisrs may try to install route information for the same dst eaddr, 157 * we look up route information in netisr0. However, this looking up 158 * only need to be performed on netisr0, which is the start point of 159 * the route information installation process. 160 * 161 * 162 * Bridge route information deleting/flushing: 163 * 164 * CPU0 CPU1 CPU2 CPU3 165 * 166 * netisr0 167 * | 168 * find suitable rtnodes, 169 * mark their rtinfo dead 170 * | 171 * | domsg <-------------------------------------------+ 172 * : delete rtnodes | replymsg 173 * : w/ dead rtinfo | 174 * : | 175 * : fwdmsg fwdmsg fwdmsg | 176 * :----------> netisr1 --------> netisr2 --------> netisr3 177 * delete rtnodes delete rtnodes delete rtnodes 178 * w/ dead rtinfo w/ dead rtinfo w/ dead rtinfo 179 * free dead rtinfos 180 * 181 * All deleting/flushing operations are serialized by netisr0, so each 182 * operation only reaps the route information marked dead by itself. 183 * 184 * 185 * Bridge route information adding/deleting/flushing: 186 * Since all operation is serialized by the fixed message flow between 187 * netisrs, it is not possible to create corrupted per-cpu route 188 * information. 189 * 190 * 191 * 192 * XXX This no longer applies. 193 * Percpu member interface list iteration with blocking operation: 194 * Since one bridge could only delete one member interface at a time and 195 * the deleted member interface is not freed after netmsg_service_sync(), 196 * following way is used to make sure that even if the certain member 197 * interface is ripped from the percpu list during the blocking operation, 198 * the iteration still could keep going: 199 * 200 * TAILQ_FOREACH_MUTABLE(bif, sc->sc_iflists[mycpuid], bif_next, nbif) { 201 * blocking operation; 202 * blocking operation; 203 * ... 204 * ... 205 * if (nbif != NULL && !nbif->bif_onlist) { 206 * KKASSERT(bif->bif_onlist); 207 * nbif = TAILQ_NEXT(bif, bif_next); 208 * } 209 * } 210 * 211 * As mentioned above only one member interface could be unlinked from the 212 * percpu member interface list, so either bif or nbif may be not on the list, 213 * but _not_ both. To keep the list iteration, we don't care about bif, but 214 * only nbif. Since removed member interface will only be freed after we 215 * finish our work, it is safe to access any field in an unlinked bif (here 216 * bif_onlist). If nbif is no longer on the list, then bif must be on the 217 * list, so we change nbif to the next element of bif and keep going. 218 */ 219 220 #include "opt_inet.h" 221 #include "opt_inet6.h" 222 223 #include <sys/param.h> 224 #include <sys/mbuf.h> 225 #include <sys/malloc.h> 226 #include <sys/protosw.h> 227 #include <sys/systm.h> 228 #include <sys/time.h> 229 #include <sys/socket.h> /* for net/if.h */ 230 #include <sys/sockio.h> 231 #include <sys/ctype.h> /* string functions */ 232 #include <sys/kernel.h> 233 #include <sys/random.h> 234 #include <sys/sysctl.h> 235 #include <sys/module.h> 236 #include <sys/proc.h> 237 #include <sys/priv.h> 238 #include <sys/lock.h> 239 #include <sys/thread.h> 240 #include <sys/thread2.h> 241 #include <sys/mpipe.h> 242 243 #include <net/bpf.h> 244 #include <net/if.h> 245 #include <net/if_dl.h> 246 #include <net/if_types.h> 247 #include <net/if_var.h> 248 #include <net/pfil.h> 249 #include <net/ifq_var.h> 250 #include <net/if_clone.h> 251 252 #include <netinet/in.h> /* for struct arpcom */ 253 #include <netinet/in_systm.h> 254 #include <netinet/in_var.h> 255 #include <netinet/ip.h> 256 #include <netinet/ip_var.h> 257 #ifdef INET6 258 #include <netinet/ip6.h> 259 #include <netinet6/ip6_var.h> 260 #endif 261 #include <netinet/if_ether.h> /* for struct arpcom */ 262 #include <net/bridge/if_bridgevar.h> 263 #include <net/if_llc.h> 264 #include <net/netmsg2.h> 265 #include <net/netisr2.h> 266 267 #include <net/route.h> 268 #include <sys/in_cksum.h> 269 270 /* 271 * Size of the route hash table. Must be a power of two. 272 */ 273 #ifndef BRIDGE_RTHASH_SIZE 274 #define BRIDGE_RTHASH_SIZE 1024 275 #endif 276 277 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 278 279 /* 280 * Maximum number of addresses to cache. 281 */ 282 #ifndef BRIDGE_RTABLE_MAX 283 #define BRIDGE_RTABLE_MAX 4096 284 #endif 285 286 /* 287 * Spanning tree defaults. 288 */ 289 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 290 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 291 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 292 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 293 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 294 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 295 #define BSTP_DEFAULT_PATH_COST 55 296 297 /* 298 * Timeout (in seconds) for entries learned dynamically. 299 */ 300 #ifndef BRIDGE_RTABLE_TIMEOUT 301 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 302 #endif 303 304 /* 305 * Number of seconds between walks of the route list. 306 */ 307 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 308 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 309 #endif 310 311 /* 312 * List of capabilities to mask on the member interface. 313 */ 314 #define BRIDGE_IFCAPS_MASK (IFCAP_TXCSUM | IFCAP_TSO) 315 316 typedef int (*bridge_ctl_t)(struct bridge_softc *, void *); 317 318 struct netmsg_brctl { 319 struct netmsg_base base; 320 bridge_ctl_t bc_func; 321 struct bridge_softc *bc_sc; 322 void *bc_arg; 323 }; 324 325 struct netmsg_brsaddr { 326 struct netmsg_base base; 327 struct bridge_softc *br_softc; 328 struct ifnet *br_dst_if; 329 struct bridge_rtinfo *br_rtinfo; 330 int br_setflags; 331 uint8_t br_dst[ETHER_ADDR_LEN]; 332 uint8_t br_flags; 333 }; 334 335 struct netmsg_braddbif { 336 struct netmsg_base base; 337 struct bridge_softc *br_softc; 338 struct bridge_ifinfo *br_bif_info; 339 struct ifnet *br_bif_ifp; 340 }; 341 342 struct netmsg_brdelbif { 343 struct netmsg_base base; 344 struct bridge_softc *br_softc; 345 struct bridge_ifinfo *br_bif_info; 346 struct bridge_iflist_head *br_bif_list; 347 }; 348 349 struct netmsg_brsflags { 350 struct netmsg_base base; 351 struct bridge_softc *br_softc; 352 struct bridge_ifinfo *br_bif_info; 353 uint32_t br_bif_flags; 354 }; 355 356 eventhandler_tag bridge_detach_cookie = NULL; 357 358 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 359 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *); 360 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 361 extern struct ifnet *(*bridge_interface_p)(void *if_bridge); 362 363 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 364 365 static int bridge_clone_create(struct if_clone *, int, caddr_t); 366 static int bridge_clone_destroy(struct ifnet *); 367 368 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 369 static void bridge_mutecaps(struct bridge_ifinfo *, struct ifnet *, int); 370 static void bridge_ifdetach(void *, struct ifnet *); 371 static void bridge_init(void *); 372 static int bridge_from_us(struct bridge_softc *, struct ether_header *); 373 static void bridge_stop(struct ifnet *); 374 static void bridge_start(struct ifnet *, struct ifaltq_subque *); 375 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 376 static int bridge_output(struct ifnet *, struct mbuf *); 377 static struct ifnet *bridge_interface(void *if_bridge); 378 379 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 380 381 static void bridge_timer_handler(netmsg_t); 382 static void bridge_timer(void *); 383 384 static void bridge_start_bcast(struct bridge_softc *, struct mbuf *); 385 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 386 struct mbuf *); 387 static void bridge_span(struct bridge_softc *, struct mbuf *); 388 389 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 390 struct ifnet *, uint8_t); 391 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 392 static void bridge_rtreap(struct bridge_softc *); 393 static void bridge_rtreap_async(struct bridge_softc *); 394 static void bridge_rttrim(struct bridge_softc *); 395 static int bridge_rtage_finddead(struct bridge_softc *); 396 static void bridge_rtage(struct bridge_softc *); 397 static void bridge_rtflush(struct bridge_softc *, int); 398 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 399 static int bridge_rtsaddr(struct bridge_softc *, const uint8_t *, 400 struct ifnet *, uint8_t); 401 static void bridge_rtmsg_sync(struct bridge_softc *sc); 402 static void bridge_rtreap_handler(netmsg_t); 403 static void bridge_rtinstall_handler(netmsg_t); 404 static int bridge_rtinstall_oncpu(struct bridge_softc *, const uint8_t *, 405 struct ifnet *, int, uint8_t, struct bridge_rtinfo **); 406 407 static void bridge_rtable_init(struct bridge_softc *); 408 static void bridge_rtable_fini(struct bridge_softc *); 409 410 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 411 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 412 const uint8_t *); 413 static void bridge_rtnode_insert(struct bridge_softc *, 414 struct bridge_rtnode *); 415 static void bridge_rtnode_destroy(struct bridge_softc *, 416 struct bridge_rtnode *); 417 418 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 419 const char *name); 420 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 421 struct ifnet *ifp); 422 static struct bridge_iflist *bridge_lookup_member_ifinfo(struct bridge_softc *, 423 struct bridge_ifinfo *); 424 static void bridge_delete_member(struct bridge_softc *, 425 struct bridge_iflist *, int); 426 static void bridge_delete_span(struct bridge_softc *, 427 struct bridge_iflist *); 428 429 static int bridge_control(struct bridge_softc *, u_long, 430 bridge_ctl_t, void *); 431 static int bridge_ioctl_init(struct bridge_softc *, void *); 432 static int bridge_ioctl_stop(struct bridge_softc *, void *); 433 static int bridge_ioctl_add(struct bridge_softc *, void *); 434 static int bridge_ioctl_del(struct bridge_softc *, void *); 435 static void bridge_ioctl_fillflags(struct bridge_softc *sc, 436 struct bridge_iflist *bif, struct ifbreq *req); 437 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 438 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 439 static int bridge_ioctl_scache(struct bridge_softc *, void *); 440 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 441 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 442 static int bridge_ioctl_rts(struct bridge_softc *, void *); 443 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 444 static int bridge_ioctl_sto(struct bridge_softc *, void *); 445 static int bridge_ioctl_gto(struct bridge_softc *, void *); 446 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 447 static int bridge_ioctl_flush(struct bridge_softc *, void *); 448 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 449 static int bridge_ioctl_spri(struct bridge_softc *, void *); 450 static int bridge_ioctl_reinit(struct bridge_softc *, void *); 451 static int bridge_ioctl_ght(struct bridge_softc *, void *); 452 static int bridge_ioctl_sht(struct bridge_softc *, void *); 453 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 454 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 455 static int bridge_ioctl_gma(struct bridge_softc *, void *); 456 static int bridge_ioctl_sma(struct bridge_softc *, void *); 457 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 458 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 459 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 460 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 461 static int bridge_ioctl_sifbondwght(struct bridge_softc *, void *); 462 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 463 int); 464 static int bridge_ip_checkbasic(struct mbuf **mp); 465 #ifdef INET6 466 static int bridge_ip6_checkbasic(struct mbuf **mp); 467 #endif /* INET6 */ 468 static int bridge_fragment(struct ifnet *, struct mbuf *, 469 struct ether_header *, int, struct llc *); 470 static void bridge_enqueue_handler(netmsg_t); 471 static void bridge_handoff(struct bridge_softc *, struct ifnet *, 472 struct mbuf *, int); 473 474 static void bridge_del_bif_handler(netmsg_t); 475 static void bridge_add_bif_handler(netmsg_t); 476 static void bridge_del_bif(struct bridge_softc *, struct bridge_ifinfo *, 477 struct bridge_iflist_head *); 478 static void bridge_add_bif(struct bridge_softc *, struct bridge_ifinfo *, 479 struct ifnet *); 480 481 SYSCTL_DECL(_net_link); 482 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 483 484 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 485 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 486 static int pfil_member = 1; /* run pfil hooks on the member interface */ 487 static int bridge_debug; 488 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 489 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 490 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 491 &pfil_bridge, 0, "Packet filter on the bridge interface"); 492 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 493 &pfil_member, 0, "Packet filter on the member interface"); 494 SYSCTL_INT(_net_link_bridge, OID_AUTO, debug, CTLFLAG_RW, 495 &bridge_debug, 0, "Bridge debug mode"); 496 497 struct bridge_control_arg { 498 union { 499 struct ifbreq ifbreq; 500 struct ifbifconf ifbifconf; 501 struct ifbareq ifbareq; 502 struct ifbaconf ifbaconf; 503 struct ifbrparam ifbrparam; 504 } bca_u; 505 int bca_len; 506 void *bca_uptr; 507 void *bca_kptr; 508 }; 509 510 struct bridge_control { 511 bridge_ctl_t bc_func; 512 int bc_argsize; 513 int bc_flags; 514 }; 515 516 #define BC_F_COPYIN 0x01 /* copy arguments in */ 517 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 518 #define BC_F_SUSER 0x04 /* do super-user check */ 519 520 const struct bridge_control bridge_control_table[] = { 521 { bridge_ioctl_add, sizeof(struct ifbreq), 522 BC_F_COPYIN|BC_F_SUSER }, 523 { bridge_ioctl_del, sizeof(struct ifbreq), 524 BC_F_COPYIN|BC_F_SUSER }, 525 526 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 527 BC_F_COPYIN|BC_F_COPYOUT }, 528 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 529 BC_F_COPYIN|BC_F_SUSER }, 530 531 { bridge_ioctl_scache, sizeof(struct ifbrparam), 532 BC_F_COPYIN|BC_F_SUSER }, 533 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 534 BC_F_COPYOUT }, 535 536 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 537 BC_F_COPYIN|BC_F_COPYOUT }, 538 { bridge_ioctl_rts, sizeof(struct ifbaconf), 539 BC_F_COPYIN|BC_F_COPYOUT }, 540 541 { bridge_ioctl_saddr, sizeof(struct ifbareq), 542 BC_F_COPYIN|BC_F_SUSER }, 543 544 { bridge_ioctl_sto, sizeof(struct ifbrparam), 545 BC_F_COPYIN|BC_F_SUSER }, 546 { bridge_ioctl_gto, sizeof(struct ifbrparam), 547 BC_F_COPYOUT }, 548 549 { bridge_ioctl_daddr, sizeof(struct ifbareq), 550 BC_F_COPYIN|BC_F_SUSER }, 551 552 { bridge_ioctl_flush, sizeof(struct ifbreq), 553 BC_F_COPYIN|BC_F_SUSER }, 554 555 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 556 BC_F_COPYOUT }, 557 { bridge_ioctl_spri, sizeof(struct ifbrparam), 558 BC_F_COPYIN|BC_F_SUSER }, 559 560 { bridge_ioctl_ght, sizeof(struct ifbrparam), 561 BC_F_COPYOUT }, 562 { bridge_ioctl_sht, sizeof(struct ifbrparam), 563 BC_F_COPYIN|BC_F_SUSER }, 564 565 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 566 BC_F_COPYOUT }, 567 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 568 BC_F_COPYIN|BC_F_SUSER }, 569 570 { bridge_ioctl_gma, sizeof(struct ifbrparam), 571 BC_F_COPYOUT }, 572 { bridge_ioctl_sma, sizeof(struct ifbrparam), 573 BC_F_COPYIN|BC_F_SUSER }, 574 575 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 576 BC_F_COPYIN|BC_F_SUSER }, 577 578 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 579 BC_F_COPYIN|BC_F_SUSER }, 580 581 { bridge_ioctl_addspan, sizeof(struct ifbreq), 582 BC_F_COPYIN|BC_F_SUSER }, 583 { bridge_ioctl_delspan, sizeof(struct ifbreq), 584 BC_F_COPYIN|BC_F_SUSER }, 585 586 { bridge_ioctl_sifbondwght, sizeof(struct ifbreq), 587 BC_F_COPYIN|BC_F_SUSER }, 588 589 }; 590 static const int bridge_control_table_size = NELEM(bridge_control_table); 591 592 LIST_HEAD(, bridge_softc) bridge_list; 593 594 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 595 bridge_clone_create, 596 bridge_clone_destroy, 0, IF_MAXUNIT); 597 598 static int 599 bridge_modevent(module_t mod, int type, void *data) 600 { 601 switch (type) { 602 case MOD_LOAD: 603 LIST_INIT(&bridge_list); 604 if_clone_attach(&bridge_cloner); 605 bridge_input_p = bridge_input; 606 bridge_output_p = bridge_output; 607 bridge_interface_p = bridge_interface; 608 bridge_detach_cookie = EVENTHANDLER_REGISTER( 609 ifnet_detach_event, bridge_ifdetach, NULL, 610 EVENTHANDLER_PRI_ANY); 611 #if 0 /* notyet */ 612 bstp_linkstate_p = bstp_linkstate; 613 #endif 614 break; 615 case MOD_UNLOAD: 616 if (!LIST_EMPTY(&bridge_list)) 617 return (EBUSY); 618 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 619 bridge_detach_cookie); 620 if_clone_detach(&bridge_cloner); 621 bridge_input_p = NULL; 622 bridge_output_p = NULL; 623 bridge_interface_p = NULL; 624 #if 0 /* notyet */ 625 bstp_linkstate_p = NULL; 626 #endif 627 break; 628 default: 629 return (EOPNOTSUPP); 630 } 631 return (0); 632 } 633 634 static moduledata_t bridge_mod = { 635 "if_bridge", 636 bridge_modevent, 637 0 638 }; 639 640 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 641 642 643 /* 644 * bridge_clone_create: 645 * 646 * Create a new bridge instance. 647 */ 648 static int 649 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t param __unused) 650 { 651 struct bridge_softc *sc; 652 struct ifnet *ifp; 653 u_char eaddr[6]; 654 int cpu, rnd; 655 656 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK | M_ZERO); 657 ifp = sc->sc_ifp = &sc->sc_if; 658 659 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 660 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 661 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 662 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 663 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 664 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 665 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 666 667 /* Initialize our routing table. */ 668 bridge_rtable_init(sc); 669 670 callout_init_mp(&sc->sc_brcallout); 671 netmsg_init(&sc->sc_brtimemsg, NULL, &netisr_adone_rport, 672 MSGF_DROPABLE, bridge_timer_handler); 673 sc->sc_brtimemsg.lmsg.u.ms_resultp = sc; 674 675 callout_init_mp(&sc->sc_bstpcallout); 676 netmsg_init(&sc->sc_bstptimemsg, NULL, &netisr_adone_rport, 677 MSGF_DROPABLE, bstp_tick_handler); 678 sc->sc_bstptimemsg.lmsg.u.ms_resultp = sc; 679 680 /* Initialize per-cpu member iface lists */ 681 sc->sc_iflists = kmalloc(sizeof(*sc->sc_iflists) * netisr_ncpus, 682 M_DEVBUF, M_WAITOK); 683 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 684 TAILQ_INIT(&sc->sc_iflists[cpu]); 685 686 TAILQ_INIT(&sc->sc_spanlist); 687 688 ifp->if_softc = sc; 689 if_initname(ifp, ifc->ifc_name, unit); 690 ifp->if_mtu = ETHERMTU; 691 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 692 ifp->if_ioctl = bridge_ioctl; 693 ifp->if_start = bridge_start; 694 ifp->if_init = bridge_init; 695 ifp->if_type = IFT_ETHER; 696 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 697 ifq_set_ready(&ifp->if_snd); 698 ifp->if_hdrlen = ETHER_HDR_LEN; 699 700 /* 701 * Generate a random ethernet address and use the private AC:DE:48 702 * OUI code. 703 */ 704 rnd = karc4random(); 705 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 706 rnd = karc4random(); 707 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 708 709 eaddr[0] &= ~1; /* clear multicast bit */ 710 eaddr[0] |= 2; /* set the LAA bit */ 711 712 ether_ifattach(ifp, eaddr, NULL); 713 /* Now undo some of the damage... */ 714 ifp->if_baudrate = 0; 715 /*ifp->if_type = IFT_BRIDGE;*/ 716 717 crit_enter(); /* XXX MP */ 718 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 719 crit_exit(); 720 721 return (0); 722 } 723 724 static void 725 bridge_delete_dispatch(netmsg_t msg) 726 { 727 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 728 struct ifnet *bifp = sc->sc_ifp; 729 struct bridge_iflist *bif; 730 731 ifnet_serialize_all(bifp); 732 733 while ((bif = TAILQ_FIRST(&sc->sc_iflists[mycpuid])) != NULL) 734 bridge_delete_member(sc, bif, 0); 735 736 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) 737 bridge_delete_span(sc, bif); 738 739 ifnet_deserialize_all(bifp); 740 741 lwkt_replymsg(&msg->lmsg, 0); 742 } 743 744 /* 745 * bridge_clone_destroy: 746 * 747 * Destroy a bridge instance. 748 */ 749 static int 750 bridge_clone_destroy(struct ifnet *ifp) 751 { 752 struct bridge_softc *sc = ifp->if_softc; 753 struct netmsg_base msg; 754 755 ifnet_serialize_all(ifp); 756 757 bridge_stop(ifp); 758 ifp->if_flags &= ~IFF_UP; 759 760 ifnet_deserialize_all(ifp); 761 762 netmsg_init(&msg, NULL, &curthread->td_msgport, 763 0, bridge_delete_dispatch); 764 msg.lmsg.u.ms_resultp = sc; 765 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 766 767 crit_enter(); /* XXX MP */ 768 LIST_REMOVE(sc, sc_list); 769 crit_exit(); 770 771 ether_ifdetach(ifp); 772 773 /* Tear down the routing table. */ 774 bridge_rtable_fini(sc); 775 776 /* Free per-cpu member iface lists */ 777 kfree(sc->sc_iflists, M_DEVBUF); 778 779 kfree(sc, M_DEVBUF); 780 781 return 0; 782 } 783 784 /* 785 * bridge_ioctl: 786 * 787 * Handle a control request from the operator. 788 */ 789 static int 790 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 791 { 792 struct bridge_softc *sc = ifp->if_softc; 793 struct bridge_control_arg args; 794 struct ifdrv *ifd = (struct ifdrv *) data; 795 const struct bridge_control *bc; 796 int error = 0; 797 798 ASSERT_IFNET_SERIALIZED_ALL(ifp); 799 800 switch (cmd) { 801 case SIOCADDMULTI: 802 case SIOCDELMULTI: 803 break; 804 805 case SIOCGDRVSPEC: 806 case SIOCSDRVSPEC: 807 if (ifd->ifd_cmd >= bridge_control_table_size) { 808 error = EINVAL; 809 break; 810 } 811 bc = &bridge_control_table[ifd->ifd_cmd]; 812 813 if (cmd == SIOCGDRVSPEC && 814 (bc->bc_flags & BC_F_COPYOUT) == 0) { 815 error = EINVAL; 816 break; 817 } else if (cmd == SIOCSDRVSPEC && 818 (bc->bc_flags & BC_F_COPYOUT)) { 819 error = EINVAL; 820 break; 821 } 822 823 if (bc->bc_flags & BC_F_SUSER) { 824 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY); 825 if (error) 826 break; 827 } 828 829 if (ifd->ifd_len != bc->bc_argsize || 830 ifd->ifd_len > sizeof(args.bca_u)) { 831 error = EINVAL; 832 break; 833 } 834 835 memset(&args, 0, sizeof(args)); 836 if (bc->bc_flags & BC_F_COPYIN) { 837 error = copyin(ifd->ifd_data, &args.bca_u, 838 ifd->ifd_len); 839 if (error) 840 break; 841 } 842 843 error = bridge_control(sc, cmd, bc->bc_func, &args); 844 if (error) { 845 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 846 break; 847 } 848 849 if (bc->bc_flags & BC_F_COPYOUT) { 850 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 851 if (args.bca_len != 0) { 852 KKASSERT(args.bca_kptr != NULL); 853 if (!error) { 854 error = copyout(args.bca_kptr, 855 args.bca_uptr, args.bca_len); 856 } 857 kfree(args.bca_kptr, M_TEMP); 858 } else { 859 KKASSERT(args.bca_kptr == NULL); 860 } 861 } else { 862 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 863 } 864 break; 865 866 case SIOCSIFFLAGS: 867 if (!(ifp->if_flags & IFF_UP) && 868 (ifp->if_flags & IFF_RUNNING)) { 869 /* 870 * If interface is marked down and it is running, 871 * then stop it. 872 */ 873 bridge_stop(ifp); 874 } else if ((ifp->if_flags & IFF_UP) && 875 !(ifp->if_flags & IFF_RUNNING)) { 876 /* 877 * If interface is marked up and it is stopped, then 878 * start it. 879 */ 880 ifp->if_init(sc); 881 } 882 883 /* 884 * If running and link flag state change we have to 885 * reinitialize as well. 886 */ 887 if ((ifp->if_flags & IFF_RUNNING) && 888 (ifp->if_flags & (IFF_LINK0|IFF_LINK1|IFF_LINK2)) != 889 sc->sc_copy_flags) { 890 sc->sc_copy_flags = ifp->if_flags & 891 (IFF_LINK0|IFF_LINK1|IFF_LINK2); 892 bridge_control(sc, 0, bridge_ioctl_reinit, NULL); 893 } 894 895 break; 896 897 case SIOCSIFMTU: 898 /* Do not allow the MTU to be changed on the bridge */ 899 error = EINVAL; 900 break; 901 902 default: 903 error = ether_ioctl(ifp, cmd, data); 904 break; 905 } 906 return (error); 907 } 908 909 /* 910 * bridge_mutecaps: 911 * 912 * Clear or restore unwanted capabilities on the member interface 913 */ 914 static void 915 bridge_mutecaps(struct bridge_ifinfo *bif_info, struct ifnet *ifp, int mute) 916 { 917 struct ifreq ifr; 918 919 if (ifp->if_ioctl == NULL) 920 return; 921 922 bzero(&ifr, sizeof(ifr)); 923 ifr.ifr_reqcap = ifp->if_capenable; 924 925 if (mute) { 926 /* mask off and save capabilities */ 927 bif_info->bifi_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 928 if (bif_info->bifi_mutecap != 0) 929 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 930 } else { 931 /* restore muted capabilities */ 932 ifr.ifr_reqcap |= bif_info->bifi_mutecap; 933 } 934 935 if (bif_info->bifi_mutecap != 0) { 936 ifnet_serialize_all(ifp); 937 ifp->if_ioctl(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 938 ifnet_deserialize_all(ifp); 939 } 940 } 941 942 /* 943 * bridge_lookup_member: 944 * 945 * Lookup a bridge member interface. 946 */ 947 static struct bridge_iflist * 948 bridge_lookup_member(struct bridge_softc *sc, const char *name) 949 { 950 struct bridge_iflist *bif; 951 952 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 953 if (strcmp(bif->bif_ifp->if_xname, name) == 0) 954 return (bif); 955 } 956 return (NULL); 957 } 958 959 /* 960 * bridge_lookup_member_if: 961 * 962 * Lookup a bridge member interface by ifnet*. 963 */ 964 static struct bridge_iflist * 965 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 966 { 967 struct bridge_iflist *bif; 968 969 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 970 if (bif->bif_ifp == member_ifp) 971 return (bif); 972 } 973 return (NULL); 974 } 975 976 /* 977 * bridge_lookup_member_ifinfo: 978 * 979 * Lookup a bridge member interface by bridge_ifinfo. 980 */ 981 static struct bridge_iflist * 982 bridge_lookup_member_ifinfo(struct bridge_softc *sc, 983 struct bridge_ifinfo *bif_info) 984 { 985 struct bridge_iflist *bif; 986 987 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 988 if (bif->bif_info == bif_info) 989 return (bif); 990 } 991 return (NULL); 992 } 993 994 /* 995 * bridge_delete_member: 996 * 997 * Delete the specified member interface. 998 */ 999 static void 1000 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 1001 int gone) 1002 { 1003 struct ifnet *ifs = bif->bif_ifp; 1004 struct ifnet *bifp = sc->sc_ifp; 1005 struct bridge_ifinfo *bif_info = bif->bif_info; 1006 struct bridge_iflist_head saved_bifs; 1007 1008 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1009 KKASSERT(bif_info != NULL); 1010 1011 ifs->if_bridge = NULL; 1012 1013 /* 1014 * Release bridge interface's serializer: 1015 * - To avoid possible dead lock. 1016 * - Various sync operation will block the current thread. 1017 */ 1018 ifnet_deserialize_all(bifp); 1019 1020 if (!gone) { 1021 switch (ifs->if_type) { 1022 case IFT_ETHER: 1023 case IFT_L2VLAN: 1024 /* 1025 * Take the interface out of promiscuous mode. 1026 */ 1027 ifpromisc(ifs, 0); 1028 bridge_mutecaps(bif_info, ifs, 0); 1029 break; 1030 1031 case IFT_GIF: 1032 break; 1033 1034 default: 1035 panic("bridge_delete_member: impossible"); 1036 break; 1037 } 1038 } 1039 1040 /* 1041 * Remove bifs from percpu linked list. 1042 * 1043 * Removed bifs are not freed immediately, instead, 1044 * they are saved in saved_bifs. They will be freed 1045 * after we make sure that no one is accessing them, 1046 * i.e. after following netmsg_service_sync() 1047 */ 1048 TAILQ_INIT(&saved_bifs); 1049 bridge_del_bif(sc, bif_info, &saved_bifs); 1050 1051 /* 1052 * Make sure that all protocol threads: 1053 * o see 'ifs' if_bridge is changed 1054 * o know that bif is removed from the percpu linked list 1055 */ 1056 netmsg_service_sync(); 1057 1058 /* 1059 * Free the removed bifs 1060 */ 1061 KKASSERT(!TAILQ_EMPTY(&saved_bifs)); 1062 while ((bif = TAILQ_FIRST(&saved_bifs)) != NULL) { 1063 TAILQ_REMOVE(&saved_bifs, bif, bif_next); 1064 kfree(bif, M_DEVBUF); 1065 } 1066 1067 /* See the comment in bridge_ioctl_stop() */ 1068 bridge_rtmsg_sync(sc); 1069 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL | IFBF_FLUSHSYNC); 1070 1071 ifnet_serialize_all(bifp); 1072 1073 if (bifp->if_flags & IFF_RUNNING) 1074 bstp_initialization(sc); 1075 1076 /* 1077 * Free the bif_info after bstp_initialization(), so that 1078 * bridge_softc.sc_root_port will not reference a dangling 1079 * pointer. 1080 */ 1081 kfree(bif_info, M_DEVBUF); 1082 } 1083 1084 /* 1085 * bridge_delete_span: 1086 * 1087 * Delete the specified span interface. 1088 */ 1089 static void 1090 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1091 { 1092 KASSERT(bif->bif_ifp->if_bridge == NULL, 1093 ("%s: not a span interface", __func__)); 1094 1095 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], bif, bif_next); 1096 kfree(bif, M_DEVBUF); 1097 } 1098 1099 static int 1100 bridge_ioctl_init(struct bridge_softc *sc, void *arg __unused) 1101 { 1102 struct ifnet *ifp = sc->sc_ifp; 1103 1104 if (ifp->if_flags & IFF_RUNNING) 1105 return 0; 1106 1107 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1108 bridge_timer, sc); 1109 1110 ifp->if_flags |= IFF_RUNNING; 1111 bstp_initialization(sc); 1112 return 0; 1113 } 1114 1115 static int 1116 bridge_ioctl_stop(struct bridge_softc *sc, void *arg __unused) 1117 { 1118 struct ifnet *ifp = sc->sc_ifp; 1119 1120 if ((ifp->if_flags & IFF_RUNNING) == 0) 1121 return 0; 1122 1123 callout_stop(&sc->sc_brcallout); 1124 1125 crit_enter(); 1126 lwkt_dropmsg(&sc->sc_brtimemsg.lmsg); 1127 crit_exit(); 1128 1129 bstp_stop(sc); 1130 1131 ifp->if_flags &= ~IFF_RUNNING; 1132 1133 ifnet_deserialize_all(ifp); 1134 1135 /* Let everyone know that we are stopped */ 1136 netmsg_service_sync(); 1137 1138 /* 1139 * Sync ifnetX msgports in the order we forward rtnode 1140 * installation message. This is used to make sure that 1141 * all rtnode installation messages sent by bridge_rtupdate() 1142 * during above netmsg_service_sync() are flushed. 1143 */ 1144 bridge_rtmsg_sync(sc); 1145 bridge_rtflush(sc, IFBF_FLUSHDYN | IFBF_FLUSHSYNC); 1146 1147 ifnet_serialize_all(ifp); 1148 return 0; 1149 } 1150 1151 static int 1152 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1153 { 1154 struct ifbreq *req = arg; 1155 struct bridge_iflist *bif; 1156 struct bridge_ifinfo *bif_info; 1157 struct ifnet *ifs, *bifp; 1158 int error = 0; 1159 1160 bifp = sc->sc_ifp; 1161 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1162 1163 ifs = ifunit_netisr(req->ifbr_ifsname); 1164 if (ifs == NULL) 1165 return (ENOENT); 1166 1167 /* If it's in the span list, it can't be a member. */ 1168 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1169 if (ifs == bif->bif_ifp) 1170 return (EBUSY); 1171 1172 /* Allow the first Ethernet member to define the MTU */ 1173 if (ifs->if_type != IFT_GIF) { 1174 if (TAILQ_EMPTY(&sc->sc_iflists[mycpuid])) { 1175 bifp->if_mtu = ifs->if_mtu; 1176 } else if (bifp->if_mtu != ifs->if_mtu) { 1177 if_printf(bifp, "invalid MTU for %s\n", ifs->if_xname); 1178 return (EINVAL); 1179 } 1180 } 1181 1182 if (ifs->if_bridge == sc) 1183 return (EEXIST); 1184 1185 if (ifs->if_bridge != NULL) 1186 return (EBUSY); 1187 1188 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1189 bif_info->bifi_priority = BSTP_DEFAULT_PORT_PRIORITY; 1190 bif_info->bifi_path_cost = BSTP_DEFAULT_PATH_COST; 1191 bif_info->bifi_ifp = ifs; 1192 bif_info->bifi_bond_weight = 1; 1193 1194 /* 1195 * Release bridge interface's serializer: 1196 * - To avoid possible dead lock. 1197 * - Various sync operation will block the current thread. 1198 */ 1199 ifnet_deserialize_all(bifp); 1200 1201 switch (ifs->if_type) { 1202 case IFT_ETHER: 1203 case IFT_L2VLAN: 1204 /* 1205 * Place the interface into promiscuous mode. 1206 */ 1207 error = ifpromisc(ifs, 1); 1208 if (error) { 1209 ifnet_serialize_all(bifp); 1210 goto out; 1211 } 1212 bridge_mutecaps(bif_info, ifs, 1); 1213 break; 1214 1215 case IFT_GIF: /* :^) */ 1216 break; 1217 1218 default: 1219 error = EINVAL; 1220 ifnet_serialize_all(bifp); 1221 goto out; 1222 } 1223 1224 /* 1225 * Add bifs to percpu linked lists 1226 */ 1227 bridge_add_bif(sc, bif_info, ifs); 1228 1229 ifnet_serialize_all(bifp); 1230 1231 if (bifp->if_flags & IFF_RUNNING) 1232 bstp_initialization(sc); 1233 else 1234 bstp_stop(sc); 1235 1236 /* 1237 * Everything has been setup, so let the member interface 1238 * deliver packets to this bridge on its input/output path. 1239 */ 1240 ifs->if_bridge = sc; 1241 out: 1242 if (error) { 1243 if (bif_info != NULL) 1244 kfree(bif_info, M_DEVBUF); 1245 } 1246 return (error); 1247 } 1248 1249 static int 1250 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1251 { 1252 struct ifbreq *req = arg; 1253 struct bridge_iflist *bif; 1254 1255 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1256 if (bif == NULL) 1257 return (ENOENT); 1258 1259 bridge_delete_member(sc, bif, 0); 1260 1261 return (0); 1262 } 1263 1264 static int 1265 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1266 { 1267 struct ifbreq *req = arg; 1268 struct bridge_iflist *bif; 1269 1270 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1271 if (bif == NULL) 1272 return (ENOENT); 1273 bridge_ioctl_fillflags(sc, bif, req); 1274 return (0); 1275 } 1276 1277 static void 1278 bridge_ioctl_fillflags(struct bridge_softc *sc, struct bridge_iflist *bif, 1279 struct ifbreq *req) 1280 { 1281 req->ifbr_ifsflags = bif->bif_flags; 1282 req->ifbr_state = bif->bif_state; 1283 req->ifbr_priority = bif->bif_priority; 1284 req->ifbr_path_cost = bif->bif_path_cost; 1285 req->ifbr_bond_weight = bif->bif_bond_weight; 1286 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1287 if (bif->bif_flags & IFBIF_STP) { 1288 req->ifbr_peer_root = bif->bif_peer_root; 1289 req->ifbr_peer_bridge = bif->bif_peer_bridge; 1290 req->ifbr_peer_cost = bif->bif_peer_cost; 1291 req->ifbr_peer_port = bif->bif_peer_port; 1292 if (bstp_supersedes_port_info(sc, bif)) { 1293 req->ifbr_designated_root = bif->bif_peer_root; 1294 req->ifbr_designated_bridge = bif->bif_peer_bridge; 1295 req->ifbr_designated_cost = bif->bif_peer_cost; 1296 req->ifbr_designated_port = bif->bif_peer_port; 1297 } else { 1298 req->ifbr_designated_root = sc->sc_bridge_id; 1299 req->ifbr_designated_bridge = sc->sc_bridge_id; 1300 req->ifbr_designated_cost = bif->bif_path_cost + 1301 bif->bif_peer_cost; 1302 req->ifbr_designated_port = bif->bif_port_id; 1303 } 1304 } else { 1305 req->ifbr_peer_root = 0; 1306 req->ifbr_peer_bridge = 0; 1307 req->ifbr_peer_cost = 0; 1308 req->ifbr_peer_port = 0; 1309 req->ifbr_designated_root = 0; 1310 req->ifbr_designated_bridge = 0; 1311 req->ifbr_designated_cost = 0; 1312 req->ifbr_designated_port = 0; 1313 } 1314 } 1315 1316 static int 1317 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1318 { 1319 struct ifbreq *req = arg; 1320 struct bridge_iflist *bif; 1321 struct ifnet *bifp = sc->sc_ifp; 1322 1323 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1324 if (bif == NULL) 1325 return (ENOENT); 1326 1327 if (req->ifbr_ifsflags & IFBIF_SPAN) { 1328 /* SPAN is readonly */ 1329 return (EINVAL); 1330 } 1331 1332 if (req->ifbr_ifsflags & IFBIF_STP) { 1333 switch (bif->bif_ifp->if_type) { 1334 case IFT_ETHER: 1335 /* These can do spanning tree. */ 1336 break; 1337 1338 default: 1339 /* Nothing else can. */ 1340 return (EINVAL); 1341 } 1342 } 1343 1344 bif->bif_flags = (bif->bif_flags & IFBIF_KEEPMASK) | 1345 (req->ifbr_ifsflags & ~IFBIF_KEEPMASK); 1346 if (bifp->if_flags & IFF_RUNNING) 1347 bstp_initialization(sc); 1348 1349 return (0); 1350 } 1351 1352 static int 1353 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1354 { 1355 struct ifbrparam *param = arg; 1356 struct ifnet *ifp = sc->sc_ifp; 1357 1358 sc->sc_brtmax = param->ifbrp_csize; 1359 1360 ifnet_deserialize_all(ifp); 1361 bridge_rttrim(sc); 1362 ifnet_serialize_all(ifp); 1363 1364 return (0); 1365 } 1366 1367 static int 1368 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1369 { 1370 struct ifbrparam *param = arg; 1371 1372 param->ifbrp_csize = sc->sc_brtmax; 1373 1374 return (0); 1375 } 1376 1377 static int 1378 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1379 { 1380 struct bridge_control_arg *bc_arg = arg; 1381 struct ifbifconf *bifc = arg; 1382 struct bridge_iflist *bif; 1383 struct ifbreq *breq; 1384 int count, len; 1385 1386 count = 0; 1387 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) 1388 count++; 1389 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1390 count++; 1391 1392 if (bifc->ifbic_len == 0) { 1393 bifc->ifbic_len = sizeof(*breq) * count; 1394 return 0; 1395 } else if (count == 0 || bifc->ifbic_len < sizeof(*breq)) { 1396 bifc->ifbic_len = 0; 1397 return 0; 1398 } 1399 1400 len = min(bifc->ifbic_len, sizeof(*breq) * count); 1401 KKASSERT(len >= sizeof(*breq)); 1402 1403 breq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1404 if (breq == NULL) { 1405 bifc->ifbic_len = 0; 1406 return ENOMEM; 1407 } 1408 bc_arg->bca_kptr = breq; 1409 1410 count = 0; 1411 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1412 if (len < sizeof(*breq)) 1413 break; 1414 1415 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1416 sizeof(breq->ifbr_ifsname)); 1417 bridge_ioctl_fillflags(sc, bif, breq); 1418 breq++; 1419 count++; 1420 len -= sizeof(*breq); 1421 } 1422 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1423 if (len < sizeof(*breq)) 1424 break; 1425 1426 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1427 sizeof(breq->ifbr_ifsname)); 1428 breq->ifbr_ifsflags = bif->bif_flags; 1429 breq->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1430 breq++; 1431 count++; 1432 len -= sizeof(*breq); 1433 } 1434 1435 bifc->ifbic_len = sizeof(*breq) * count; 1436 KKASSERT(bifc->ifbic_len > 0); 1437 1438 bc_arg->bca_len = bifc->ifbic_len; 1439 bc_arg->bca_uptr = bifc->ifbic_req; 1440 return 0; 1441 } 1442 1443 static int 1444 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1445 { 1446 struct bridge_control_arg *bc_arg = arg; 1447 struct ifbaconf *bac = arg; 1448 struct bridge_rtnode *brt; 1449 struct ifbareq *bareq; 1450 int count, len; 1451 1452 count = 0; 1453 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) 1454 count++; 1455 1456 if (bac->ifbac_len == 0) { 1457 bac->ifbac_len = sizeof(*bareq) * count; 1458 return 0; 1459 } else if (count == 0 || bac->ifbac_len < sizeof(*bareq)) { 1460 bac->ifbac_len = 0; 1461 return 0; 1462 } 1463 1464 len = min(bac->ifbac_len, sizeof(*bareq) * count); 1465 KKASSERT(len >= sizeof(*bareq)); 1466 1467 bareq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1468 if (bareq == NULL) { 1469 bac->ifbac_len = 0; 1470 return ENOMEM; 1471 } 1472 bc_arg->bca_kptr = bareq; 1473 1474 count = 0; 1475 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 1476 struct bridge_rtinfo *bri = brt->brt_info; 1477 time_t expire; 1478 1479 if (len < sizeof(*bareq)) 1480 break; 1481 1482 strlcpy(bareq->ifba_ifsname, bri->bri_ifp->if_xname, 1483 sizeof(bareq->ifba_ifsname)); 1484 memcpy(bareq->ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1485 expire = bri->bri_expire; 1486 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1487 time_uptime < expire) 1488 bareq->ifba_expire = expire - time_uptime; 1489 else 1490 bareq->ifba_expire = 0; 1491 bareq->ifba_flags = bri->bri_flags; 1492 bareq++; 1493 count++; 1494 len -= sizeof(*bareq); 1495 } 1496 1497 bac->ifbac_len = sizeof(*bareq) * count; 1498 KKASSERT(bac->ifbac_len > 0); 1499 1500 bc_arg->bca_len = bac->ifbac_len; 1501 bc_arg->bca_uptr = bac->ifbac_req; 1502 return 0; 1503 } 1504 1505 static int 1506 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1507 { 1508 struct ifbareq *req = arg; 1509 struct bridge_iflist *bif; 1510 struct ifnet *ifp = sc->sc_ifp; 1511 int error; 1512 1513 ASSERT_IFNET_SERIALIZED_ALL(ifp); 1514 1515 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1516 if (bif == NULL) 1517 return (ENOENT); 1518 1519 ifnet_deserialize_all(ifp); 1520 error = bridge_rtsaddr(sc, req->ifba_dst, bif->bif_ifp, 1521 req->ifba_flags); 1522 ifnet_serialize_all(ifp); 1523 return (error); 1524 } 1525 1526 static int 1527 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1528 { 1529 struct ifbrparam *param = arg; 1530 1531 sc->sc_brttimeout = param->ifbrp_ctime; 1532 1533 return (0); 1534 } 1535 1536 static int 1537 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1538 { 1539 struct ifbrparam *param = arg; 1540 1541 param->ifbrp_ctime = sc->sc_brttimeout; 1542 1543 return (0); 1544 } 1545 1546 static int 1547 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1548 { 1549 struct ifbareq *req = arg; 1550 struct ifnet *ifp = sc->sc_ifp; 1551 int error; 1552 1553 ifnet_deserialize_all(ifp); 1554 error = bridge_rtdaddr(sc, req->ifba_dst); 1555 ifnet_serialize_all(ifp); 1556 return error; 1557 } 1558 1559 static int 1560 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1561 { 1562 struct ifbreq *req = arg; 1563 struct ifnet *ifp = sc->sc_ifp; 1564 1565 ifnet_deserialize_all(ifp); 1566 bridge_rtflush(sc, req->ifbr_ifsflags | IFBF_FLUSHSYNC); 1567 ifnet_serialize_all(ifp); 1568 1569 return (0); 1570 } 1571 1572 static int 1573 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1574 { 1575 struct ifbrparam *param = arg; 1576 1577 param->ifbrp_prio = sc->sc_bridge_priority; 1578 1579 return (0); 1580 } 1581 1582 static int 1583 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1584 { 1585 struct ifbrparam *param = arg; 1586 1587 sc->sc_bridge_priority = param->ifbrp_prio; 1588 1589 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1590 bstp_initialization(sc); 1591 1592 return (0); 1593 } 1594 1595 static int 1596 bridge_ioctl_reinit(struct bridge_softc *sc, void *arg __unused) 1597 { 1598 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1599 bstp_initialization(sc); 1600 return (0); 1601 } 1602 1603 static int 1604 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1605 { 1606 struct ifbrparam *param = arg; 1607 1608 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1609 1610 return (0); 1611 } 1612 1613 static int 1614 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1615 { 1616 struct ifbrparam *param = arg; 1617 1618 if (param->ifbrp_hellotime == 0) 1619 return (EINVAL); 1620 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1621 1622 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1623 bstp_initialization(sc); 1624 1625 return (0); 1626 } 1627 1628 static int 1629 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1630 { 1631 struct ifbrparam *param = arg; 1632 1633 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1634 1635 return (0); 1636 } 1637 1638 static int 1639 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1640 { 1641 struct ifbrparam *param = arg; 1642 1643 if (param->ifbrp_fwddelay == 0) 1644 return (EINVAL); 1645 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1646 1647 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1648 bstp_initialization(sc); 1649 1650 return (0); 1651 } 1652 1653 static int 1654 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1655 { 1656 struct ifbrparam *param = arg; 1657 1658 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1659 1660 return (0); 1661 } 1662 1663 static int 1664 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1665 { 1666 struct ifbrparam *param = arg; 1667 1668 if (param->ifbrp_maxage == 0) 1669 return (EINVAL); 1670 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1671 1672 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1673 bstp_initialization(sc); 1674 1675 return (0); 1676 } 1677 1678 static int 1679 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1680 { 1681 struct ifbreq *req = arg; 1682 struct bridge_iflist *bif; 1683 1684 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1685 if (bif == NULL) 1686 return (ENOENT); 1687 1688 bif->bif_priority = req->ifbr_priority; 1689 1690 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1691 bstp_initialization(sc); 1692 1693 return (0); 1694 } 1695 1696 static int 1697 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1698 { 1699 struct ifbreq *req = arg; 1700 struct bridge_iflist *bif; 1701 1702 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1703 if (bif == NULL) 1704 return (ENOENT); 1705 1706 bif->bif_path_cost = req->ifbr_path_cost; 1707 1708 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1709 bstp_initialization(sc); 1710 1711 return (0); 1712 } 1713 1714 static int 1715 bridge_ioctl_sifbondwght(struct bridge_softc *sc, void *arg) 1716 { 1717 struct ifbreq *req = arg; 1718 struct bridge_iflist *bif; 1719 1720 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1721 if (bif == NULL) 1722 return (ENOENT); 1723 1724 bif->bif_bond_weight = req->ifbr_bond_weight; 1725 1726 /* no reinit needed */ 1727 1728 return (0); 1729 } 1730 1731 static int 1732 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1733 { 1734 struct ifbreq *req = arg; 1735 struct bridge_iflist *bif; 1736 struct ifnet *ifs; 1737 struct bridge_ifinfo *bif_info; 1738 1739 ifs = ifunit_netisr(req->ifbr_ifsname); 1740 if (ifs == NULL) 1741 return (ENOENT); 1742 1743 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1744 if (ifs == bif->bif_ifp) 1745 return (EBUSY); 1746 1747 if (ifs->if_bridge != NULL) 1748 return (EBUSY); 1749 1750 switch (ifs->if_type) { 1751 case IFT_ETHER: 1752 case IFT_GIF: 1753 case IFT_L2VLAN: 1754 break; 1755 1756 default: 1757 return (EINVAL); 1758 } 1759 1760 /* 1761 * bif_info is needed for bif_flags 1762 */ 1763 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1764 bif_info->bifi_ifp = ifs; 1765 1766 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 1767 bif->bif_ifp = ifs; 1768 bif->bif_info = bif_info; 1769 bif->bif_flags = IFBIF_SPAN; 1770 /* NOTE: span bif does not need bridge_ifinfo */ 1771 1772 TAILQ_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1773 1774 sc->sc_span = 1; 1775 1776 return (0); 1777 } 1778 1779 static int 1780 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1781 { 1782 struct ifbreq *req = arg; 1783 struct bridge_iflist *bif; 1784 struct ifnet *ifs; 1785 1786 ifs = ifunit_netisr(req->ifbr_ifsname); 1787 if (ifs == NULL) 1788 return (ENOENT); 1789 1790 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1791 if (ifs == bif->bif_ifp) 1792 break; 1793 1794 if (bif == NULL) 1795 return (ENOENT); 1796 1797 bridge_delete_span(sc, bif); 1798 1799 if (TAILQ_EMPTY(&sc->sc_spanlist)) 1800 sc->sc_span = 0; 1801 1802 return (0); 1803 } 1804 1805 static void 1806 bridge_ifdetach_dispatch(netmsg_t msg) 1807 { 1808 struct ifnet *ifp, *bifp; 1809 struct bridge_softc *sc; 1810 struct bridge_iflist *bif; 1811 1812 ifp = msg->lmsg.u.ms_resultp; 1813 sc = ifp->if_bridge; 1814 1815 /* Check if the interface is a bridge member */ 1816 if (sc != NULL) { 1817 bifp = sc->sc_ifp; 1818 1819 ifnet_serialize_all(bifp); 1820 1821 bif = bridge_lookup_member_if(sc, ifp); 1822 if (bif != NULL) { 1823 bridge_delete_member(sc, bif, 1); 1824 } else { 1825 /* XXX Why bif will be NULL? */ 1826 } 1827 1828 ifnet_deserialize_all(bifp); 1829 goto reply; 1830 } 1831 1832 crit_enter(); /* XXX MP */ 1833 1834 /* Check if the interface is a span port */ 1835 LIST_FOREACH(sc, &bridge_list, sc_list) { 1836 bifp = sc->sc_ifp; 1837 1838 ifnet_serialize_all(bifp); 1839 1840 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1841 if (ifp == bif->bif_ifp) { 1842 bridge_delete_span(sc, bif); 1843 break; 1844 } 1845 1846 ifnet_deserialize_all(bifp); 1847 } 1848 1849 crit_exit(); 1850 1851 reply: 1852 lwkt_replymsg(&msg->lmsg, 0); 1853 } 1854 1855 /* 1856 * bridge_ifdetach: 1857 * 1858 * Detach an interface from a bridge. Called when a member 1859 * interface is detaching. 1860 */ 1861 static void 1862 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1863 { 1864 struct netmsg_base msg; 1865 1866 netmsg_init(&msg, NULL, &curthread->td_msgport, 1867 0, bridge_ifdetach_dispatch); 1868 msg.lmsg.u.ms_resultp = ifp; 1869 1870 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 1871 } 1872 1873 /* 1874 * bridge_init: 1875 * 1876 * Initialize a bridge interface. 1877 */ 1878 static void 1879 bridge_init(void *xsc) 1880 { 1881 bridge_control(xsc, SIOCSIFFLAGS, bridge_ioctl_init, NULL); 1882 } 1883 1884 /* 1885 * bridge_stop: 1886 * 1887 * Stop the bridge interface. 1888 */ 1889 static void 1890 bridge_stop(struct ifnet *ifp) 1891 { 1892 bridge_control(ifp->if_softc, SIOCSIFFLAGS, bridge_ioctl_stop, NULL); 1893 } 1894 1895 /* 1896 * Returns TRUE if the packet is being sent 'from us'... from our bridge 1897 * interface or from any member of our bridge interface. This is used 1898 * later on to force the MAC to be the MAC of our bridge interface. 1899 */ 1900 static int 1901 bridge_from_us(struct bridge_softc *sc, struct ether_header *eh) 1902 { 1903 struct bridge_iflist *bif; 1904 1905 if (memcmp(eh->ether_shost, IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN) == 0) 1906 return (1); 1907 1908 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1909 if (memcmp(eh->ether_shost, IF_LLADDR(bif->bif_ifp), 1910 ETHER_ADDR_LEN) == 0) { 1911 return (1); 1912 } 1913 } 1914 return (0); 1915 } 1916 1917 /* 1918 * bridge_enqueue: 1919 * 1920 * Enqueue a packet on a bridge member interface. 1921 * 1922 */ 1923 void 1924 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1925 { 1926 struct netmsg_packet *nmp; 1927 1928 mbuftrackid(m, 64); 1929 1930 nmp = &m->m_hdr.mh_netmsg; 1931 netmsg_init(&nmp->base, NULL, &netisr_apanic_rport, 1932 0, bridge_enqueue_handler); 1933 nmp->nm_packet = m; 1934 nmp->base.lmsg.u.ms_resultp = dst_ifp; 1935 1936 lwkt_sendmsg_oncpu(netisr_cpuport(mycpuid), &nmp->base.lmsg); 1937 } 1938 1939 /* 1940 * After looking up dst_if in our forwarding table we still have to 1941 * deal with channel bonding. Find the best interface in the bonding set. 1942 */ 1943 static struct ifnet * 1944 bridge_select_unicast(struct bridge_softc *sc, struct ifnet *dst_if, 1945 int from_blocking, struct mbuf *m) 1946 { 1947 struct bridge_iflist *bif, *nbif; 1948 struct ifnet *alt_if; 1949 int alt_priority; 1950 int priority; 1951 1952 /* 1953 * Unicast, kinda replicates the output side of bridge_output(). 1954 * 1955 * Even though this is a uni-cast packet we may have to select 1956 * an interface from a bonding set. 1957 */ 1958 bif = bridge_lookup_member_if(sc, dst_if); 1959 if (bif == NULL) { 1960 /* Not a member of the bridge (anymore?) */ 1961 return NULL; 1962 } 1963 1964 /* 1965 * If STP is enabled on the target we are an equal opportunity 1966 * employer and do not necessarily output to dst_if. Instead 1967 * scan available links with the same MAC as the current dst_if 1968 * and choose the best one. 1969 * 1970 * We also need to do this because arp entries tag onto a particular 1971 * interface and if it happens to be dead then the packets will 1972 * go into a bit bucket. 1973 * 1974 * If LINK2 is set the matching links are bonded and we-round robin. 1975 * (the MAC address must be the same for the participating links). 1976 * In this case links in a STP FORWARDING or BONDED state are 1977 * allowed for unicast packets. 1978 */ 1979 if (bif->bif_flags & IFBIF_STP) { 1980 alt_if = NULL; 1981 alt_priority = 0; 1982 priority = 0; 1983 1984 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], 1985 bif_next, nbif) { 1986 /* 1987 * dst_if may imply a bonding set so we must compare 1988 * MAC addresses. 1989 */ 1990 if (memcmp(IF_LLADDR(bif->bif_ifp), 1991 IF_LLADDR(dst_if), 1992 ETHER_ADDR_LEN) != 0) { 1993 continue; 1994 } 1995 1996 if ((bif->bif_ifp->if_flags & IFF_RUNNING) == 0) 1997 continue; 1998 1999 /* 2000 * NOTE: We allow tranmissions through a BLOCKING 2001 * or LEARNING interface only as a last resort. 2002 * We DISALLOW both cases if the receiving 2003 * 2004 * NOTE: If we send a packet through a learning 2005 * interface the receiving end (if also in 2006 * LEARNING) will throw it away, so this is 2007 * the ultimate last resort. 2008 */ 2009 switch(bif->bif_state) { 2010 case BSTP_IFSTATE_BLOCKING: 2011 if (from_blocking == 0 && 2012 bif->bif_priority + 256 > alt_priority) { 2013 alt_priority = bif->bif_priority + 256; 2014 alt_if = bif->bif_ifp; 2015 } 2016 continue; 2017 case BSTP_IFSTATE_LEARNING: 2018 if (from_blocking == 0 && 2019 bif->bif_priority > alt_priority) { 2020 alt_priority = bif->bif_priority; 2021 alt_if = bif->bif_ifp; 2022 } 2023 continue; 2024 case BSTP_IFSTATE_L1BLOCKING: 2025 case BSTP_IFSTATE_LISTENING: 2026 case BSTP_IFSTATE_DISABLED: 2027 continue; 2028 default: 2029 /* FORWARDING, BONDED */ 2030 break; 2031 } 2032 2033 /* 2034 * XXX we need to use the toepliz hash or 2035 * something like that instead of 2036 * round-robining. 2037 */ 2038 if (sc->sc_ifp->if_flags & IFF_LINK2) { 2039 dst_if = bif->bif_ifp; 2040 if (++bif->bif_bond_count >= 2041 bif->bif_bond_weight) { 2042 bif->bif_bond_count = 0; 2043 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], 2044 bif, bif_next); 2045 TAILQ_INSERT_TAIL( 2046 &sc->sc_iflists[mycpuid], 2047 bif, bif_next); 2048 } 2049 priority = 1; 2050 break; 2051 } 2052 2053 /* 2054 * Select best interface in the FORWARDING or 2055 * BONDED set. Well, there shouldn't be any 2056 * in a BONDED state if LINK2 is not set (they 2057 * will all be in a BLOCKING) state, but there 2058 * could be a transitory condition here. 2059 */ 2060 if (bif->bif_priority > priority) { 2061 priority = bif->bif_priority; 2062 dst_if = bif->bif_ifp; 2063 } 2064 } 2065 2066 /* 2067 * If no suitable interfaces were found but a suitable 2068 * alternative interface was found, use the alternative 2069 * interface. 2070 */ 2071 if (priority == 0 && alt_if) 2072 dst_if = alt_if; 2073 } 2074 2075 /* 2076 * At this point, we're dealing with a unicast frame 2077 * going to a different interface. 2078 */ 2079 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2080 dst_if = NULL; 2081 return (dst_if); 2082 } 2083 2084 2085 /* 2086 * bridge_output: 2087 * 2088 * Send output from a bridge member interface. This 2089 * performs the bridging function for locally originated 2090 * packets. 2091 * 2092 * The mbuf has the Ethernet header already attached. We must 2093 * enqueue or free the mbuf before returning. 2094 */ 2095 static int 2096 bridge_output(struct ifnet *ifp, struct mbuf *m) 2097 { 2098 struct bridge_softc *sc = ifp->if_bridge; 2099 struct bridge_iflist *bif, *nbif; 2100 struct ether_header *eh; 2101 struct ifnet *dst_if, *alt_if, *bifp; 2102 int from_us; 2103 int alt_priority; 2104 2105 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2106 ASSERT_NETISR_NCPUS(mycpuid); 2107 mbuftrackid(m, 65); 2108 2109 /* 2110 * Make sure that we are still a member of a bridge interface. 2111 */ 2112 if (sc == NULL) { 2113 m_freem(m); 2114 return (0); 2115 } 2116 bifp = sc->sc_ifp; 2117 2118 /* 2119 * Acquire header 2120 */ 2121 if (m->m_len < ETHER_HDR_LEN) { 2122 m = m_pullup(m, ETHER_HDR_LEN); 2123 if (m == NULL) { 2124 IFNET_STAT_INC(bifp, oerrors, 1); 2125 return (0); 2126 } 2127 } 2128 eh = mtod(m, struct ether_header *); 2129 from_us = bridge_from_us(sc, eh); 2130 2131 /* 2132 * If bridge is down, but the original output interface is up, 2133 * go ahead and send out that interface. Otherwise, the packet 2134 * is dropped below. 2135 */ 2136 if ((bifp->if_flags & IFF_RUNNING) == 0) { 2137 dst_if = ifp; 2138 goto sendunicast; 2139 } 2140 2141 /* 2142 * If the packet is a multicast, or we don't know a better way to 2143 * get there, send to all interfaces except the originating one. 2144 */ 2145 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 2146 dst_if = NULL; 2147 else 2148 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2149 2150 if (dst_if == NULL) { 2151 struct mbuf *mc; 2152 int used = 0; 2153 int found = 0; 2154 2155 if (sc->sc_span) 2156 bridge_span(sc, m); 2157 2158 alt_if = NULL; 2159 alt_priority = 0; 2160 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], 2161 bif_next, nbif) { 2162 dst_if = bif->bif_ifp; 2163 2164 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2165 continue; 2166 2167 /* 2168 * If this is not the original output interface, 2169 * and the interface is participating in spanning 2170 * tree, make sure the port is in a state that 2171 * allows forwarding. 2172 * 2173 * We keep track of a possible backup IF if we are 2174 * unable to find any interfaces to forward through. 2175 * 2176 * NOTE: Currently round-robining is not implemented 2177 * across bonded interface groups (needs an 2178 * algorithm to track each group somehow). 2179 * 2180 * Similarly we track only one alternative 2181 * interface if no suitable interfaces are 2182 * found. 2183 */ 2184 if (dst_if != ifp && 2185 (bif->bif_flags & IFBIF_STP) != 0) { 2186 switch (bif->bif_state) { 2187 case BSTP_IFSTATE_BONDED: 2188 if (bif->bif_priority + 512 > 2189 alt_priority) { 2190 alt_priority = 2191 bif->bif_priority + 512; 2192 alt_if = bif->bif_ifp; 2193 } 2194 continue; 2195 case BSTP_IFSTATE_BLOCKING: 2196 if (bif->bif_priority + 256 > 2197 alt_priority) { 2198 alt_priority = 2199 bif->bif_priority + 256; 2200 alt_if = bif->bif_ifp; 2201 } 2202 continue; 2203 case BSTP_IFSTATE_LEARNING: 2204 if (bif->bif_priority > alt_priority) { 2205 alt_priority = 2206 bif->bif_priority; 2207 alt_if = bif->bif_ifp; 2208 } 2209 continue; 2210 case BSTP_IFSTATE_L1BLOCKING: 2211 case BSTP_IFSTATE_LISTENING: 2212 case BSTP_IFSTATE_DISABLED: 2213 continue; 2214 default: 2215 /* FORWARDING */ 2216 break; 2217 } 2218 } 2219 2220 KKASSERT(used == 0); 2221 if (TAILQ_NEXT(bif, bif_next) == NULL) { 2222 used = 1; 2223 mc = m; 2224 } else { 2225 mc = m_copypacket(m, M_NOWAIT); 2226 if (mc == NULL) { 2227 IFNET_STAT_INC(bifp, oerrors, 1); 2228 continue; 2229 } 2230 } 2231 2232 /* 2233 * If the packet is 'from' us override ether_shost. 2234 */ 2235 bridge_handoff(sc, dst_if, mc, from_us); 2236 found = 1; 2237 2238 if (nbif != NULL && !nbif->bif_onlist) { 2239 KKASSERT(bif->bif_onlist); 2240 nbif = TAILQ_NEXT(bif, bif_next); 2241 } 2242 } 2243 2244 /* 2245 * If we couldn't find anything use the backup interface 2246 * if we have one. 2247 */ 2248 if (found == 0 && alt_if) { 2249 KKASSERT(used == 0); 2250 mc = m; 2251 used = 1; 2252 bridge_handoff(sc, alt_if, mc, from_us); 2253 } 2254 2255 if (used == 0) 2256 m_freem(m); 2257 return (0); 2258 } 2259 2260 /* 2261 * Unicast 2262 */ 2263 sendunicast: 2264 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2265 2266 if (sc->sc_span) 2267 bridge_span(sc, m); 2268 if (dst_if == NULL) 2269 m_freem(m); 2270 else 2271 bridge_handoff(sc, dst_if, m, from_us); 2272 return (0); 2273 } 2274 2275 /* 2276 * Returns the bridge interface associated with an ifc. 2277 * Pass ifp->if_bridge (must not be NULL). Used by the ARP 2278 * code to supply the bridge for the is-at info, making 2279 * the bridge responsible for matching local addresses. 2280 * 2281 * Without this the ARP code will supply bridge member interfaces 2282 * for the is-at which makes it difficult the bridge to fail-over 2283 * interfaces (among other things). 2284 */ 2285 static struct ifnet * 2286 bridge_interface(void *if_bridge) 2287 { 2288 struct bridge_softc *sc = if_bridge; 2289 return (sc->sc_ifp); 2290 } 2291 2292 /* 2293 * bridge_start: 2294 * 2295 * Start output on a bridge. 2296 */ 2297 static void 2298 bridge_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 2299 { 2300 struct bridge_softc *sc = ifp->if_softc; 2301 2302 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 2303 ASSERT_ALTQ_SQ_SERIALIZED_HW(ifsq); 2304 ASSERT_NETISR_NCPUS(mycpuid); 2305 2306 ifsq_set_oactive(ifsq); 2307 for (;;) { 2308 struct ifnet *dst_if = NULL; 2309 struct ether_header *eh; 2310 struct mbuf *m; 2311 2312 m = ifsq_dequeue(ifsq); 2313 if (m == NULL) 2314 break; 2315 mbuftrackid(m, 75); 2316 2317 if (m->m_len < sizeof(*eh)) { 2318 m = m_pullup(m, sizeof(*eh)); 2319 if (m == NULL) { 2320 IFNET_STAT_INC(ifp, oerrors, 1); 2321 continue; 2322 } 2323 } 2324 eh = mtod(m, struct ether_header *); 2325 2326 BPF_MTAP(ifp, m); 2327 IFNET_STAT_INC(ifp, opackets, 1); 2328 2329 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 2330 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2331 2332 /* 2333 * Multicast or broadcast 2334 */ 2335 if (dst_if == NULL) { 2336 bridge_start_bcast(sc, m); 2337 continue; 2338 } 2339 2340 /* 2341 * Unicast 2342 */ 2343 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2344 2345 if (dst_if == NULL) 2346 m_freem(m); 2347 else 2348 bridge_enqueue(dst_if, m); 2349 } 2350 ifsq_clr_oactive(ifsq); 2351 } 2352 2353 /* 2354 * bridge_forward: 2355 * 2356 * Forward packets received on a bridge interface via the input 2357 * path. 2358 * 2359 * This implements the forwarding function of the bridge. 2360 */ 2361 static void 2362 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 2363 { 2364 struct bridge_iflist *bif; 2365 struct ifnet *src_if, *dst_if, *ifp; 2366 struct ether_header *eh; 2367 int from_blocking; 2368 2369 mbuftrackid(m, 66); 2370 src_if = m->m_pkthdr.rcvif; 2371 ifp = sc->sc_ifp; 2372 2373 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2374 2375 /* 2376 * packet coming in on the bridge is also going out on the bridge, 2377 * but ether code won't adjust output stats for the bridge because 2378 * we are changing the interface to something else. 2379 */ 2380 IFNET_STAT_INC(ifp, opackets, 1); 2381 IFNET_STAT_INC(ifp, obytes, m->m_pkthdr.len); 2382 2383 /* 2384 * Look up the bridge_iflist. 2385 */ 2386 bif = bridge_lookup_member_if(sc, src_if); 2387 if (bif == NULL) { 2388 /* Interface is not a bridge member (anymore?) */ 2389 m_freem(m); 2390 return; 2391 } 2392 2393 /* 2394 * In spanning tree mode receiving a packet from an interface 2395 * in a BLOCKING state is allowed, it could be a member of last 2396 * resort from the sender's point of view, but forwarding it is 2397 * not allowed. 2398 * 2399 * The sender's spanning tree will eventually sync up and the 2400 * sender will go into a BLOCKING state too (but this still may be 2401 * an interface of last resort during state changes). 2402 */ 2403 if (bif->bif_flags & IFBIF_STP) { 2404 switch (bif->bif_state) { 2405 case BSTP_IFSTATE_L1BLOCKING: 2406 case BSTP_IFSTATE_LISTENING: 2407 case BSTP_IFSTATE_DISABLED: 2408 m_freem(m); 2409 return; 2410 default: 2411 /* learning, blocking, bonded, forwarding */ 2412 break; 2413 } 2414 from_blocking = (bif->bif_state == BSTP_IFSTATE_BLOCKING); 2415 } else { 2416 from_blocking = 0; 2417 } 2418 2419 eh = mtod(m, struct ether_header *); 2420 2421 /* 2422 * If the interface is learning, and the source 2423 * address is valid and not multicast, record 2424 * the address. 2425 */ 2426 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 2427 from_blocking == 0 && 2428 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 2429 (eh->ether_shost[0] == 0 && 2430 eh->ether_shost[1] == 0 && 2431 eh->ether_shost[2] == 0 && 2432 eh->ether_shost[3] == 0 && 2433 eh->ether_shost[4] == 0 && 2434 eh->ether_shost[5] == 0) == 0) { 2435 bridge_rtupdate(sc, eh->ether_shost, src_if, IFBAF_DYNAMIC); 2436 } 2437 2438 /* 2439 * Don't forward from an interface in the listening or learning 2440 * state. That is, in the learning state we learn information 2441 * but we throw away the packets. 2442 * 2443 * We let through packets on interfaces in the blocking state. 2444 * The blocking state is applicable to the send side, not the 2445 * receive side. 2446 */ 2447 if ((bif->bif_flags & IFBIF_STP) != 0 && 2448 (bif->bif_state == BSTP_IFSTATE_LISTENING || 2449 bif->bif_state == BSTP_IFSTATE_LEARNING)) { 2450 m_freem(m); 2451 return; 2452 } 2453 2454 /* 2455 * At this point, the port either doesn't participate 2456 * in spanning tree or it is in the forwarding state. 2457 */ 2458 2459 /* 2460 * If the packet is unicast, destined for someone on 2461 * "this" side of the bridge, drop it. 2462 * 2463 * src_if implies the entire bonding set so we have to compare MAC 2464 * addresses and not just if pointers. 2465 */ 2466 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2467 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2468 if (dst_if && memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 2469 ETHER_ADDR_LEN) == 0) { 2470 m_freem(m); 2471 return; 2472 } 2473 } else { 2474 /* ...forward it to all interfaces. */ 2475 IFNET_STAT_INC(ifp, imcasts, 1); 2476 dst_if = NULL; 2477 } 2478 2479 /* 2480 * Brodcast if we do not have forwarding information. However, if 2481 * we received the packet on a blocking interface we do not do this 2482 * (unless you really want to blow up your network). 2483 */ 2484 if (dst_if == NULL) { 2485 if (from_blocking) 2486 m_freem(m); 2487 else 2488 bridge_broadcast(sc, src_if, m); 2489 return; 2490 } 2491 2492 dst_if = bridge_select_unicast(sc, dst_if, from_blocking, m); 2493 2494 if (dst_if == NULL) { 2495 m_freem(m); 2496 return; 2497 } 2498 2499 if (inet_pfil_hook.ph_hashooks > 0 2500 #ifdef INET6 2501 || inet6_pfil_hook.ph_hashooks > 0 2502 #endif 2503 ) { 2504 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2505 return; 2506 if (m == NULL) 2507 return; 2508 2509 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2510 return; 2511 if (m == NULL) 2512 return; 2513 } 2514 bridge_handoff(sc, dst_if, m, 0); 2515 } 2516 2517 /* 2518 * bridge_input: 2519 * 2520 * Receive input from a member interface. Queue the packet for 2521 * bridging if it is not for us. 2522 */ 2523 static struct mbuf * 2524 bridge_input(struct ifnet *ifp, struct mbuf *m) 2525 { 2526 struct bridge_softc *sc = ifp->if_bridge; 2527 struct bridge_iflist *bif; 2528 struct ifnet *bifp, *new_ifp; 2529 struct ether_header *eh; 2530 struct mbuf *mc, *mc2; 2531 2532 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2533 ASSERT_NETISR_NCPUS(mycpuid); 2534 mbuftrackid(m, 67); 2535 2536 /* 2537 * Make sure that we are still a member of a bridge interface. 2538 */ 2539 if (sc == NULL) 2540 return m; 2541 2542 new_ifp = NULL; 2543 bifp = sc->sc_ifp; 2544 2545 if ((bifp->if_flags & IFF_RUNNING) == 0) 2546 goto out; 2547 2548 /* 2549 * Implement support for bridge monitoring. If this flag has been 2550 * set on this interface, discard the packet once we push it through 2551 * the bpf(4) machinery, but before we do, increment various counters 2552 * associated with this bridge. 2553 */ 2554 if (bifp->if_flags & IFF_MONITOR) { 2555 /* 2556 * Change input interface to this bridge 2557 * 2558 * Update bridge's ifnet statistics 2559 */ 2560 m->m_pkthdr.rcvif = bifp; 2561 2562 BPF_MTAP(bifp, m); 2563 IFNET_STAT_INC(bifp, ipackets, 1); 2564 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2565 if (m->m_flags & (M_MCAST | M_BCAST)) 2566 IFNET_STAT_INC(bifp, imcasts, 1); 2567 2568 m_freem(m); 2569 m = NULL; 2570 goto out; 2571 } 2572 2573 /* 2574 * Handle the ether_header 2575 * 2576 * In all cases if the packet is destined for us via our MAC 2577 * we must clear BRIDGE_MBUF_TAGGED to ensure that we don't 2578 * repeat the source MAC out the same interface. 2579 * 2580 * This first test against our bridge MAC is the fast-path. 2581 * 2582 * NOTE! The bridge interface can serve as an endpoint for 2583 * communication but normally there are no IPs associated 2584 * with it so you cannot route through it. Instead what 2585 * you do is point your default route *THROUGH* the bridge 2586 * to the actual default router for one of the bridged spaces. 2587 * 2588 * Another possibility is to put all your IP specifications 2589 * on the bridge instead of on the individual interfaces. If 2590 * you do this it should be possible to use the bridge as an 2591 * end point and route (rather than switch) through it using 2592 * the default route or ipfw forwarding rules. 2593 */ 2594 2595 /* 2596 * Acquire header 2597 */ 2598 if (m->m_len < ETHER_HDR_LEN) { 2599 m = m_pullup(m, ETHER_HDR_LEN); 2600 if (m == NULL) 2601 goto out; 2602 } 2603 eh = mtod(m, struct ether_header *); 2604 m->m_pkthdr.fw_flags |= BRIDGE_MBUF_TAGGED; 2605 bcopy(eh->ether_shost, m->m_pkthdr.ether_br_shost, ETHER_ADDR_LEN); 2606 2607 if ((bridge_debug & 1) && 2608 (ntohs(eh->ether_type) == ETHERTYPE_ARP || 2609 ntohs(eh->ether_type) == ETHERTYPE_REVARP)) { 2610 kprintf("%02x:%02x:%02x:%02x:%02x:%02x " 2611 "%02x:%02x:%02x:%02x:%02x:%02x type %04x " 2612 "lla %02x:%02x:%02x:%02x:%02x:%02x\n", 2613 eh->ether_dhost[0], 2614 eh->ether_dhost[1], 2615 eh->ether_dhost[2], 2616 eh->ether_dhost[3], 2617 eh->ether_dhost[4], 2618 eh->ether_dhost[5], 2619 eh->ether_shost[0], 2620 eh->ether_shost[1], 2621 eh->ether_shost[2], 2622 eh->ether_shost[3], 2623 eh->ether_shost[4], 2624 eh->ether_shost[5], 2625 eh->ether_type, 2626 ((u_char *)IF_LLADDR(bifp))[0], 2627 ((u_char *)IF_LLADDR(bifp))[1], 2628 ((u_char *)IF_LLADDR(bifp))[2], 2629 ((u_char *)IF_LLADDR(bifp))[3], 2630 ((u_char *)IF_LLADDR(bifp))[4], 2631 ((u_char *)IF_LLADDR(bifp))[5] 2632 ); 2633 } 2634 2635 /* 2636 * If the packet is for us, set the packets source as the 2637 * bridge, and return the packet back to ifnet.if_input for 2638 * local processing. 2639 */ 2640 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 2641 /* 2642 * We must still record the source interface in our 2643 * addr cache, otherwise our bridge won't know where 2644 * to send responses and will broadcast them. 2645 */ 2646 bif = bridge_lookup_member_if(sc, ifp); 2647 if ((bif->bif_flags & IFBIF_LEARNING) && 2648 ((bif->bif_flags & IFBIF_STP) == 0 || 2649 bif->bif_state != BSTP_IFSTATE_BLOCKING)) { 2650 bridge_rtupdate(sc, eh->ether_shost, 2651 ifp, IFBAF_DYNAMIC); 2652 } 2653 2654 /* 2655 * Perform pfil hooks. 2656 */ 2657 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2658 KASSERT(bifp->if_bridge == NULL, 2659 ("loop created in bridge_input")); 2660 if (pfil_member != 0) { 2661 if (inet_pfil_hook.ph_hashooks > 0 2662 #ifdef INET6 2663 || inet6_pfil_hook.ph_hashooks > 0 2664 #endif 2665 ) { 2666 if (bridge_pfil(&m, NULL, ifp, PFIL_IN) != 0) 2667 goto out; 2668 if (m == NULL) 2669 goto out; 2670 } 2671 } 2672 2673 /* 2674 * Set new_ifp and skip to the end. This will trigger code 2675 * to reinput the packet and run it into our stack. 2676 */ 2677 new_ifp = bifp; 2678 goto out; 2679 } 2680 2681 /* 2682 * Tap all packets arriving on the bridge, no matter if 2683 * they are local destinations or not. In is in. 2684 * 2685 * Update bridge's ifnet statistics 2686 */ 2687 BPF_MTAP(bifp, m); 2688 IFNET_STAT_INC(bifp, ipackets, 1); 2689 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2690 if (m->m_flags & (M_MCAST | M_BCAST)) 2691 IFNET_STAT_INC(bifp, imcasts, 1); 2692 2693 bif = bridge_lookup_member_if(sc, ifp); 2694 if (bif == NULL) 2695 goto out; 2696 2697 if (sc->sc_span) 2698 bridge_span(sc, m); 2699 2700 if (m->m_flags & (M_BCAST | M_MCAST)) { 2701 /* 2702 * Tap off 802.1D packets; they do not get forwarded. 2703 */ 2704 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2705 ETHER_ADDR_LEN) == 0) { 2706 ifnet_serialize_all(bifp); 2707 bstp_input(sc, bif, m); 2708 ifnet_deserialize_all(bifp); 2709 2710 /* m is freed by bstp_input */ 2711 m = NULL; 2712 goto out; 2713 } 2714 2715 /* 2716 * Other than 802.11d packets, ignore packets if the 2717 * interface is not in a good state. 2718 * 2719 * NOTE: Broadcast/mcast packets received on a blocking or 2720 * learning interface are allowed for local processing. 2721 * 2722 * The sending side of a blocked port will stop 2723 * transmitting when a better alternative is found. 2724 * However, later on we will disallow the forwarding 2725 * of bcast/mcsat packets over a blocking interface. 2726 */ 2727 if (bif->bif_flags & IFBIF_STP) { 2728 switch (bif->bif_state) { 2729 case BSTP_IFSTATE_L1BLOCKING: 2730 case BSTP_IFSTATE_LISTENING: 2731 case BSTP_IFSTATE_DISABLED: 2732 goto out; 2733 default: 2734 /* blocking, learning, bonded, forwarding */ 2735 break; 2736 } 2737 } 2738 2739 /* 2740 * Make a deep copy of the packet and enqueue the copy 2741 * for bridge processing; return the original packet for 2742 * local processing. 2743 */ 2744 mc = m_dup(m, M_NOWAIT); 2745 if (mc == NULL) 2746 goto out; 2747 2748 /* 2749 * It's just too dangerous to allow bcast/mcast over a 2750 * blocked interface, eventually the network will sort 2751 * itself out and a better path will be found. 2752 */ 2753 if ((bif->bif_flags & IFBIF_STP) == 0 || 2754 bif->bif_state != BSTP_IFSTATE_BLOCKING) { 2755 bridge_forward(sc, mc); 2756 } 2757 2758 /* 2759 * Reinject the mbuf as arriving on the bridge so we have a 2760 * chance at claiming multicast packets. We can not loop back 2761 * here from ether_input as a bridge is never a member of a 2762 * bridge. 2763 */ 2764 KASSERT(bifp->if_bridge == NULL, 2765 ("loop created in bridge_input")); 2766 mc2 = m_dup(m, M_NOWAIT); 2767 #ifdef notyet 2768 if (mc2 != NULL) { 2769 /* Keep the layer3 header aligned */ 2770 int i = min(mc2->m_pkthdr.len, max_protohdr); 2771 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2772 } 2773 #endif 2774 if (mc2 != NULL) { 2775 /* 2776 * Don't tap to bpf(4) again; we have already done 2777 * the tapping. 2778 * 2779 * Leave m_pkthdr.rcvif alone, so ARP replies are 2780 * processed as coming in on the correct interface. 2781 * 2782 * Clear the bridge flag for local processing in 2783 * case the packet gets routed. 2784 */ 2785 mc2->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2786 ether_reinput_oncpu(bifp, mc2, 0); 2787 } 2788 2789 /* Return the original packet for local processing. */ 2790 goto out; 2791 } 2792 2793 /* 2794 * Input of a unicast packet. We have to allow unicast packets 2795 * input from links in the BLOCKING state as this might be an 2796 * interface of last resort. 2797 * 2798 * NOTE: We explicitly ignore normal packets received on a link 2799 * in the BLOCKING state. The point of being in that state 2800 * is to avoid getting duplicate packets. 2801 * 2802 * HOWEVER, if LINK2 is set the normal spanning tree code 2803 * will mark an interface BLOCKING to avoid multi-cast/broadcast 2804 * loops. Unicast packets CAN still loop if we allow the 2805 * case (hence we only do it in LINK2), but it isn't quite as 2806 * bad as a broadcast packet looping. 2807 */ 2808 if (bif->bif_flags & IFBIF_STP) { 2809 switch (bif->bif_state) { 2810 case BSTP_IFSTATE_L1BLOCKING: 2811 case BSTP_IFSTATE_LISTENING: 2812 case BSTP_IFSTATE_DISABLED: 2813 goto out; 2814 default: 2815 /* blocking, bonded, forwarding, learning */ 2816 break; 2817 } 2818 } 2819 2820 /* 2821 * Unicast. Make sure it's not for us. 2822 * 2823 * This loop is MPSAFE; the only blocking operation (bridge_rtupdate) 2824 * is followed by breaking out of the loop. 2825 */ 2826 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 2827 if (bif->bif_ifp->if_type != IFT_ETHER) 2828 continue; 2829 2830 /* 2831 * It is destined for an interface linked to the bridge. 2832 * We want the bridge itself to take care of link level 2833 * forwarding to member interfaces so reinput on the bridge. 2834 * i.e. if you ping an IP on a target interface associated 2835 * with the bridge, the arp is-at response should indicate 2836 * the bridge MAC. 2837 * 2838 * Only update our addr list when learning if the port 2839 * is not in a blocking state. If it is we still allow 2840 * the packet but we do not try to learn from it. 2841 */ 2842 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2843 ETHER_ADDR_LEN) == 0) { 2844 if (bif->bif_ifp != ifp) { 2845 /* XXX loop prevention */ 2846 m->m_flags |= M_ETHER_BRIDGED; 2847 } 2848 if ((bif->bif_flags & IFBIF_LEARNING) && 2849 ((bif->bif_flags & IFBIF_STP) == 0 || 2850 bif->bif_state != BSTP_IFSTATE_BLOCKING)) { 2851 bridge_rtupdate(sc, eh->ether_shost, 2852 ifp, IFBAF_DYNAMIC); 2853 } 2854 new_ifp = bifp; /* not bif->bif_ifp */ 2855 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2856 goto out; 2857 } 2858 2859 /* 2860 * Ignore received packets that were sent by us. 2861 */ 2862 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2863 ETHER_ADDR_LEN) == 0) { 2864 m_freem(m); 2865 m = NULL; 2866 goto out; 2867 } 2868 } 2869 2870 /* 2871 * It isn't for us. 2872 * 2873 * Perform the bridge forwarding function, but disallow bridging 2874 * to interfaces in the blocking state if the packet came in on 2875 * an interface in the blocking state. 2876 * 2877 * (bridge_forward also updates the addr cache). 2878 */ 2879 bridge_forward(sc, m); 2880 m = NULL; 2881 2882 /* 2883 * ether_reinput_oncpu() will reprocess rcvif as 2884 * coming from new_ifp (since we do not specify 2885 * REINPUT_KEEPRCVIF). 2886 */ 2887 out: 2888 if (new_ifp != NULL) { 2889 /* 2890 * Clear the bridge flag for local processing in 2891 * case the packet gets routed. 2892 */ 2893 ether_reinput_oncpu(new_ifp, m, REINPUT_RUNBPF); 2894 m = NULL; 2895 } 2896 return (m); 2897 } 2898 2899 /* 2900 * bridge_start_bcast: 2901 * 2902 * Broadcast the packet sent from bridge to all member 2903 * interfaces. 2904 * This is a simplified version of bridge_broadcast(), however, 2905 * this function expects caller to hold bridge's serializer. 2906 */ 2907 static void 2908 bridge_start_bcast(struct bridge_softc *sc, struct mbuf *m) 2909 { 2910 struct bridge_iflist *bif; 2911 struct mbuf *mc; 2912 struct ifnet *dst_if, *alt_if, *bifp; 2913 int used = 0; 2914 int found = 0; 2915 int alt_priority; 2916 2917 mbuftrackid(m, 68); 2918 bifp = sc->sc_ifp; 2919 ASSERT_IFNET_SERIALIZED_ALL(bifp); 2920 2921 /* 2922 * Following loop is MPSAFE; nothing is blocking 2923 * in the loop body. 2924 * 2925 * NOTE: We transmit through an member in the BLOCKING state only 2926 * as a last resort. 2927 */ 2928 alt_if = NULL; 2929 alt_priority = 0; 2930 2931 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 2932 dst_if = bif->bif_ifp; 2933 2934 if (bif->bif_flags & IFBIF_STP) { 2935 switch (bif->bif_state) { 2936 case BSTP_IFSTATE_BLOCKING: 2937 if (bif->bif_priority > alt_priority) { 2938 alt_priority = bif->bif_priority; 2939 alt_if = bif->bif_ifp; 2940 } 2941 /* fall through */ 2942 case BSTP_IFSTATE_L1BLOCKING: 2943 case BSTP_IFSTATE_DISABLED: 2944 continue; 2945 default: 2946 /* listening, learning, bonded, forwarding */ 2947 break; 2948 } 2949 } 2950 2951 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2952 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2953 continue; 2954 2955 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2956 continue; 2957 2958 if (TAILQ_NEXT(bif, bif_next) == NULL) { 2959 mc = m; 2960 used = 1; 2961 } else { 2962 mc = m_copypacket(m, M_NOWAIT); 2963 if (mc == NULL) { 2964 IFNET_STAT_INC(bifp, oerrors, 1); 2965 continue; 2966 } 2967 } 2968 found = 1; 2969 bridge_enqueue(dst_if, mc); 2970 } 2971 2972 if (found == 0 && alt_if) { 2973 KKASSERT(used == 0); 2974 mc = m; 2975 used = 1; 2976 bridge_enqueue(alt_if, mc); 2977 } 2978 2979 if (used == 0) 2980 m_freem(m); 2981 } 2982 2983 /* 2984 * bridge_broadcast: 2985 * 2986 * Send a frame to all interfaces that are members of 2987 * the bridge, except for the one on which the packet 2988 * arrived. 2989 */ 2990 static void 2991 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2992 struct mbuf *m) 2993 { 2994 struct bridge_iflist *bif, *nbif; 2995 struct ether_header *eh; 2996 struct mbuf *mc; 2997 struct ifnet *dst_if, *alt_if, *bifp; 2998 int used; 2999 int found; 3000 int alt_priority; 3001 int from_us; 3002 3003 mbuftrackid(m, 69); 3004 bifp = sc->sc_ifp; 3005 ASSERT_IFNET_NOT_SERIALIZED_ALL(bifp); 3006 3007 eh = mtod(m, struct ether_header *); 3008 from_us = bridge_from_us(sc, eh); 3009 3010 if (inet_pfil_hook.ph_hashooks > 0 3011 #ifdef INET6 3012 || inet6_pfil_hook.ph_hashooks > 0 3013 #endif 3014 ) { 3015 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 3016 return; 3017 if (m == NULL) 3018 return; 3019 3020 /* Filter on the bridge interface before broadcasting */ 3021 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 3022 return; 3023 if (m == NULL) 3024 return; 3025 } 3026 3027 alt_if = NULL; 3028 alt_priority = 0; 3029 found = 0; 3030 used = 0; 3031 3032 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], bif_next, nbif) { 3033 dst_if = bif->bif_ifp; 3034 3035 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3036 continue; 3037 3038 /* 3039 * Don't bounce the packet out the same interface it came 3040 * in on. We have to test MAC addresses because a packet 3041 * can come in a bonded interface and we don't want it to 3042 * be echod out the forwarding interface for the same bonding 3043 * set. 3044 */ 3045 if (src_if && memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 3046 ETHER_ADDR_LEN) == 0) { 3047 continue; 3048 } 3049 3050 /* 3051 * Generally speaking we only broadcast through forwarding 3052 * interfaces. If no interfaces are available we select 3053 * a BONDED, BLOCKING, or LEARNING interface to forward 3054 * through. 3055 */ 3056 if (bif->bif_flags & IFBIF_STP) { 3057 switch (bif->bif_state) { 3058 case BSTP_IFSTATE_BONDED: 3059 if (bif->bif_priority + 512 > alt_priority) { 3060 alt_priority = bif->bif_priority + 512; 3061 alt_if = bif->bif_ifp; 3062 } 3063 continue; 3064 case BSTP_IFSTATE_BLOCKING: 3065 if (bif->bif_priority + 256 > alt_priority) { 3066 alt_priority = bif->bif_priority + 256; 3067 alt_if = bif->bif_ifp; 3068 } 3069 continue; 3070 case BSTP_IFSTATE_LEARNING: 3071 if (bif->bif_priority > alt_priority) { 3072 alt_priority = bif->bif_priority; 3073 alt_if = bif->bif_ifp; 3074 } 3075 continue; 3076 case BSTP_IFSTATE_L1BLOCKING: 3077 case BSTP_IFSTATE_DISABLED: 3078 case BSTP_IFSTATE_LISTENING: 3079 continue; 3080 default: 3081 /* forwarding */ 3082 break; 3083 } 3084 } 3085 3086 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 3087 (m->m_flags & (M_BCAST|M_MCAST)) == 0) { 3088 continue; 3089 } 3090 3091 if (TAILQ_NEXT(bif, bif_next) == NULL) { 3092 mc = m; 3093 used = 1; 3094 } else { 3095 mc = m_copypacket(m, M_NOWAIT); 3096 if (mc == NULL) { 3097 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3098 continue; 3099 } 3100 } 3101 found = 1; 3102 3103 /* 3104 * Filter on the output interface. Pass a NULL bridge 3105 * interface pointer so we do not redundantly filter on 3106 * the bridge for each interface we broadcast on. 3107 */ 3108 if (inet_pfil_hook.ph_hashooks > 0 3109 #ifdef INET6 3110 || inet6_pfil_hook.ph_hashooks > 0 3111 #endif 3112 ) { 3113 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 3114 continue; 3115 if (mc == NULL) 3116 continue; 3117 } 3118 bridge_handoff(sc, dst_if, mc, from_us); 3119 3120 if (nbif != NULL && !nbif->bif_onlist) { 3121 KKASSERT(bif->bif_onlist); 3122 nbif = TAILQ_NEXT(bif, bif_next); 3123 } 3124 } 3125 3126 if (found == 0 && alt_if) { 3127 KKASSERT(used == 0); 3128 mc = m; 3129 used = 1; 3130 bridge_enqueue(alt_if, mc); 3131 } 3132 3133 if (used == 0) 3134 m_freem(m); 3135 } 3136 3137 /* 3138 * bridge_span: 3139 * 3140 * Duplicate a packet out one or more interfaces that are in span mode, 3141 * the original mbuf is unmodified. 3142 */ 3143 static void 3144 bridge_span(struct bridge_softc *sc, struct mbuf *m) 3145 { 3146 struct bridge_iflist *bif; 3147 struct ifnet *dst_if, *bifp; 3148 struct mbuf *mc; 3149 3150 mbuftrackid(m, 70); 3151 bifp = sc->sc_ifp; 3152 ifnet_serialize_all(bifp); 3153 3154 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 3155 dst_if = bif->bif_ifp; 3156 3157 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3158 continue; 3159 3160 mc = m_copypacket(m, M_NOWAIT); 3161 if (mc == NULL) { 3162 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3163 continue; 3164 } 3165 bridge_enqueue(dst_if, mc); 3166 } 3167 3168 ifnet_deserialize_all(bifp); 3169 } 3170 3171 static void 3172 bridge_rtmsg_sync_handler(netmsg_t msg) 3173 { 3174 netisr_forwardmsg(&msg->base, mycpuid + 1); 3175 } 3176 3177 static void 3178 bridge_rtmsg_sync(struct bridge_softc *sc) 3179 { 3180 struct netmsg_base msg; 3181 3182 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3183 3184 /* XXX use netmsg_service_sync */ 3185 netmsg_init(&msg, NULL, &curthread->td_msgport, 3186 0, bridge_rtmsg_sync_handler); 3187 netisr_domsg(&msg, 0); 3188 } 3189 3190 static __inline void 3191 bridge_rtinfo_update(struct bridge_rtinfo *bri, struct ifnet *dst_if, 3192 int setflags, uint8_t flags, uint32_t timeo) 3193 { 3194 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3195 bri->bri_ifp != dst_if) 3196 bri->bri_ifp = dst_if; 3197 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3198 bri->bri_expire != time_uptime + timeo) 3199 bri->bri_expire = time_uptime + timeo; 3200 if (setflags) 3201 bri->bri_flags = flags; 3202 } 3203 3204 static int 3205 bridge_rtinstall_oncpu(struct bridge_softc *sc, const uint8_t *dst, 3206 struct ifnet *dst_if, int setflags, uint8_t flags, 3207 struct bridge_rtinfo **bri0) 3208 { 3209 struct bridge_rtnode *brt; 3210 struct bridge_rtinfo *bri; 3211 3212 if (mycpuid == 0) { 3213 brt = bridge_rtnode_lookup(sc, dst); 3214 if (brt != NULL) { 3215 /* 3216 * rtnode for 'dst' already exists. We inform the 3217 * caller about this by leaving bri0 as NULL. The 3218 * caller will terminate the intallation upon getting 3219 * NULL bri0. However, we still need to update the 3220 * rtinfo. 3221 */ 3222 KKASSERT(*bri0 == NULL); 3223 3224 /* Update rtinfo */ 3225 bridge_rtinfo_update(brt->brt_info, dst_if, setflags, 3226 flags, sc->sc_brttimeout); 3227 return 0; 3228 } 3229 3230 /* 3231 * We only need to check brtcnt on CPU0, since if limit 3232 * is to be exceeded, ENOSPC is returned. Caller knows 3233 * this and will terminate the installation. 3234 */ 3235 if (sc->sc_brtcnt >= sc->sc_brtmax) 3236 return ENOSPC; 3237 3238 KKASSERT(*bri0 == NULL); 3239 bri = kmalloc(sizeof(struct bridge_rtinfo), M_DEVBUF, 3240 M_WAITOK | M_ZERO); 3241 *bri0 = bri; 3242 3243 /* Setup rtinfo */ 3244 bri->bri_flags = IFBAF_DYNAMIC; 3245 bridge_rtinfo_update(bri, dst_if, setflags, flags, 3246 sc->sc_brttimeout); 3247 } else { 3248 bri = *bri0; 3249 KKASSERT(bri != NULL); 3250 } 3251 3252 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 3253 M_WAITOK | M_ZERO); 3254 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 3255 brt->brt_info = bri; 3256 atomic_add_int(&bri->bri_refs, 1); 3257 3258 bridge_rtnode_insert(sc, brt); 3259 return 0; 3260 } 3261 3262 static void 3263 bridge_rtinstall_handler(netmsg_t msg) 3264 { 3265 struct netmsg_brsaddr *brmsg = (struct netmsg_brsaddr *)msg; 3266 int error; 3267 3268 error = bridge_rtinstall_oncpu(brmsg->br_softc, 3269 brmsg->br_dst, brmsg->br_dst_if, 3270 brmsg->br_setflags, brmsg->br_flags, 3271 &brmsg->br_rtinfo); 3272 if (error) { 3273 KKASSERT(mycpuid == 0 && brmsg->br_rtinfo == NULL); 3274 netisr_replymsg(&brmsg->base, error); 3275 return; 3276 } else if (brmsg->br_rtinfo == NULL) { 3277 /* rtnode already exists for 'dst' */ 3278 KKASSERT(mycpuid == 0); 3279 netisr_replymsg(&brmsg->base, 0); 3280 return; 3281 } 3282 netisr_forwardmsg(&brmsg->base, mycpuid + 1); 3283 } 3284 3285 /* 3286 * bridge_rtupdate: 3287 * 3288 * Add/Update a bridge routing entry. 3289 */ 3290 static int 3291 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 3292 struct ifnet *dst_if, uint8_t flags) 3293 { 3294 struct bridge_rtnode *brt; 3295 3296 /* 3297 * A route for this destination might already exist. If so, 3298 * update it, otherwise create a new one. 3299 */ 3300 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 3301 struct netmsg_brsaddr *brmsg; 3302 3303 if (sc->sc_brtcnt >= sc->sc_brtmax) 3304 return ENOSPC; 3305 3306 brmsg = kmalloc(sizeof(*brmsg), M_LWKTMSG, M_WAITOK | M_NULLOK); 3307 if (brmsg == NULL) 3308 return ENOMEM; 3309 3310 netmsg_init(&brmsg->base, NULL, &netisr_afree_rport, 3311 0, bridge_rtinstall_handler); 3312 memcpy(brmsg->br_dst, dst, ETHER_ADDR_LEN); 3313 brmsg->br_dst_if = dst_if; 3314 brmsg->br_flags = flags; 3315 brmsg->br_setflags = 0; 3316 brmsg->br_softc = sc; 3317 brmsg->br_rtinfo = NULL; 3318 3319 netisr_sendmsg(&brmsg->base, 0); 3320 return 0; 3321 } 3322 bridge_rtinfo_update(brt->brt_info, dst_if, 0, flags, 3323 sc->sc_brttimeout); 3324 return 0; 3325 } 3326 3327 static int 3328 bridge_rtsaddr(struct bridge_softc *sc, const uint8_t *dst, 3329 struct ifnet *dst_if, uint8_t flags) 3330 { 3331 struct netmsg_brsaddr brmsg; 3332 3333 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3334 3335 netmsg_init(&brmsg.base, NULL, &curthread->td_msgport, 3336 0, bridge_rtinstall_handler); 3337 memcpy(brmsg.br_dst, dst, ETHER_ADDR_LEN); 3338 brmsg.br_dst_if = dst_if; 3339 brmsg.br_flags = flags; 3340 brmsg.br_setflags = 1; 3341 brmsg.br_softc = sc; 3342 brmsg.br_rtinfo = NULL; 3343 3344 return netisr_domsg(&brmsg.base, 0); 3345 } 3346 3347 /* 3348 * bridge_rtlookup: 3349 * 3350 * Lookup the destination interface for an address. 3351 */ 3352 static struct ifnet * 3353 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 3354 { 3355 struct bridge_rtnode *brt; 3356 3357 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3358 return NULL; 3359 return brt->brt_info->bri_ifp; 3360 } 3361 3362 static void 3363 bridge_rtreap_handler(netmsg_t msg) 3364 { 3365 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3366 struct bridge_rtnode *brt, *nbrt; 3367 3368 LIST_FOREACH_MUTABLE(brt, &sc->sc_rtlists[mycpuid], brt_list, nbrt) { 3369 if (brt->brt_info->bri_dead) 3370 bridge_rtnode_destroy(sc, brt); 3371 } 3372 netisr_forwardmsg(&msg->base, mycpuid + 1); 3373 } 3374 3375 static void 3376 bridge_rtreap(struct bridge_softc *sc) 3377 { 3378 struct netmsg_base msg; 3379 3380 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3381 3382 netmsg_init(&msg, NULL, &curthread->td_msgport, 3383 0, bridge_rtreap_handler); 3384 msg.lmsg.u.ms_resultp = sc; 3385 3386 netisr_domsg(&msg, 0); 3387 } 3388 3389 static void 3390 bridge_rtreap_async(struct bridge_softc *sc) 3391 { 3392 struct netmsg_base *msg; 3393 3394 msg = kmalloc(sizeof(*msg), M_LWKTMSG, M_WAITOK); 3395 3396 netmsg_init(msg, NULL, &netisr_afree_rport, 3397 0, bridge_rtreap_handler); 3398 msg->lmsg.u.ms_resultp = sc; 3399 3400 netisr_sendmsg(msg, 0); 3401 } 3402 3403 /* 3404 * bridge_rttrim: 3405 * 3406 * Trim the routine table so that we have a number 3407 * of routing entries less than or equal to the 3408 * maximum number. 3409 */ 3410 static void 3411 bridge_rttrim(struct bridge_softc *sc) 3412 { 3413 struct bridge_rtnode *brt; 3414 int dead; 3415 3416 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3417 3418 /* Make sure we actually need to do this. */ 3419 if (sc->sc_brtcnt <= sc->sc_brtmax) 3420 return; 3421 3422 /* 3423 * Find out how many rtnodes are dead 3424 */ 3425 dead = bridge_rtage_finddead(sc); 3426 KKASSERT(dead <= sc->sc_brtcnt); 3427 3428 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3429 /* Enough dead rtnodes are found */ 3430 bridge_rtreap(sc); 3431 return; 3432 } 3433 3434 /* 3435 * Kill some dynamic rtnodes to meet the brtmax 3436 */ 3437 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3438 struct bridge_rtinfo *bri = brt->brt_info; 3439 3440 if (bri->bri_dead) { 3441 /* 3442 * We have counted this rtnode in 3443 * bridge_rtage_finddead() 3444 */ 3445 continue; 3446 } 3447 3448 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3449 bri->bri_dead = 1; 3450 ++dead; 3451 KKASSERT(dead <= sc->sc_brtcnt); 3452 3453 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3454 /* Enough rtnodes are collected */ 3455 break; 3456 } 3457 } 3458 } 3459 if (dead) 3460 bridge_rtreap(sc); 3461 } 3462 3463 /* 3464 * bridge_timer: 3465 * 3466 * Aging timer for the bridge. 3467 */ 3468 static void 3469 bridge_timer(void *arg) 3470 { 3471 struct bridge_softc *sc = arg; 3472 struct netmsg_base *msg; 3473 3474 KKASSERT(mycpuid == BRIDGE_CFGCPU); 3475 3476 crit_enter(); 3477 3478 if (callout_pending(&sc->sc_brcallout) || 3479 !callout_active(&sc->sc_brcallout)) { 3480 crit_exit(); 3481 return; 3482 } 3483 callout_deactivate(&sc->sc_brcallout); 3484 3485 msg = &sc->sc_brtimemsg; 3486 KKASSERT(msg->lmsg.ms_flags & MSGF_DONE); 3487 lwkt_sendmsg_oncpu(BRIDGE_CFGPORT, &msg->lmsg); 3488 3489 crit_exit(); 3490 } 3491 3492 static void 3493 bridge_timer_handler(netmsg_t msg) 3494 { 3495 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3496 3497 KKASSERT(&curthread->td_msgport == BRIDGE_CFGPORT); 3498 3499 crit_enter(); 3500 /* Reply ASAP */ 3501 lwkt_replymsg(&msg->lmsg, 0); 3502 crit_exit(); 3503 3504 bridge_rtage(sc); 3505 if (sc->sc_ifp->if_flags & IFF_RUNNING) { 3506 callout_reset(&sc->sc_brcallout, 3507 bridge_rtable_prune_period * hz, bridge_timer, sc); 3508 } 3509 } 3510 3511 static int 3512 bridge_rtage_finddead(struct bridge_softc *sc) 3513 { 3514 struct bridge_rtnode *brt; 3515 int dead = 0; 3516 3517 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3518 struct bridge_rtinfo *bri = brt->brt_info; 3519 3520 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3521 time_uptime >= bri->bri_expire) { 3522 bri->bri_dead = 1; 3523 ++dead; 3524 KKASSERT(dead <= sc->sc_brtcnt); 3525 } 3526 } 3527 return dead; 3528 } 3529 3530 /* 3531 * bridge_rtage: 3532 * 3533 * Perform an aging cycle. 3534 */ 3535 static void 3536 bridge_rtage(struct bridge_softc *sc) 3537 { 3538 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3539 3540 if (bridge_rtage_finddead(sc)) 3541 bridge_rtreap(sc); 3542 } 3543 3544 /* 3545 * bridge_rtflush: 3546 * 3547 * Remove all dynamic addresses from the bridge. 3548 */ 3549 static void 3550 bridge_rtflush(struct bridge_softc *sc, int bf) 3551 { 3552 struct bridge_rtnode *brt; 3553 int reap; 3554 3555 reap = 0; 3556 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3557 struct bridge_rtinfo *bri = brt->brt_info; 3558 3559 if ((bf & IFBF_FLUSHALL) || 3560 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3561 bri->bri_dead = 1; 3562 reap = 1; 3563 } 3564 } 3565 if (reap) { 3566 if (bf & IFBF_FLUSHSYNC) 3567 bridge_rtreap(sc); 3568 else 3569 bridge_rtreap_async(sc); 3570 } 3571 } 3572 3573 /* 3574 * bridge_rtdaddr: 3575 * 3576 * Remove an address from the table. 3577 */ 3578 static int 3579 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 3580 { 3581 struct bridge_rtnode *brt; 3582 3583 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3584 3585 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3586 return (ENOENT); 3587 3588 /* TODO: add a cheaper delete operation */ 3589 brt->brt_info->bri_dead = 1; 3590 bridge_rtreap(sc); 3591 return (0); 3592 } 3593 3594 /* 3595 * bridge_rtdelete: 3596 * 3597 * Delete routes to a speicifc member interface. 3598 */ 3599 void 3600 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int bf) 3601 { 3602 struct bridge_rtnode *brt; 3603 int reap; 3604 3605 reap = 0; 3606 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3607 struct bridge_rtinfo *bri = brt->brt_info; 3608 3609 if (bri->bri_ifp == ifp && 3610 ((bf & IFBF_FLUSHALL) || 3611 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) { 3612 bri->bri_dead = 1; 3613 reap = 1; 3614 } 3615 } 3616 if (reap) { 3617 if (bf & IFBF_FLUSHSYNC) 3618 bridge_rtreap(sc); 3619 else 3620 bridge_rtreap_async(sc); 3621 } 3622 } 3623 3624 /* 3625 * bridge_rtable_init: 3626 * 3627 * Initialize the route table for this bridge. 3628 */ 3629 static void 3630 bridge_rtable_init(struct bridge_softc *sc) 3631 { 3632 int cpu; 3633 3634 /* 3635 * Initialize per-cpu hash tables 3636 */ 3637 sc->sc_rthashs = kmalloc(sizeof(*sc->sc_rthashs) * netisr_ncpus, 3638 M_DEVBUF, M_WAITOK); 3639 for (cpu = 0; cpu < netisr_ncpus; ++cpu) { 3640 int i; 3641 3642 sc->sc_rthashs[cpu] = 3643 kmalloc(sizeof(struct bridge_rtnode_head) * BRIDGE_RTHASH_SIZE, 3644 M_DEVBUF, M_WAITOK); 3645 3646 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 3647 LIST_INIT(&sc->sc_rthashs[cpu][i]); 3648 } 3649 sc->sc_rthash_key = karc4random(); 3650 3651 /* 3652 * Initialize per-cpu lists 3653 */ 3654 sc->sc_rtlists = 3655 kmalloc(sizeof(struct bridge_rtnode_head) * netisr_ncpus, 3656 M_DEVBUF, M_WAITOK); 3657 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3658 LIST_INIT(&sc->sc_rtlists[cpu]); 3659 } 3660 3661 /* 3662 * bridge_rtable_fini: 3663 * 3664 * Deconstruct the route table for this bridge. 3665 */ 3666 static void 3667 bridge_rtable_fini(struct bridge_softc *sc) 3668 { 3669 int cpu; 3670 3671 /* 3672 * Free per-cpu hash tables 3673 */ 3674 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3675 kfree(sc->sc_rthashs[cpu], M_DEVBUF); 3676 kfree(sc->sc_rthashs, M_DEVBUF); 3677 3678 /* 3679 * Free per-cpu lists 3680 */ 3681 kfree(sc->sc_rtlists, M_DEVBUF); 3682 } 3683 3684 /* 3685 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 3686 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 3687 */ 3688 #define mix(a, b, c) \ 3689 do { \ 3690 a -= b; a -= c; a ^= (c >> 13); \ 3691 b -= c; b -= a; b ^= (a << 8); \ 3692 c -= a; c -= b; c ^= (b >> 13); \ 3693 a -= b; a -= c; a ^= (c >> 12); \ 3694 b -= c; b -= a; b ^= (a << 16); \ 3695 c -= a; c -= b; c ^= (b >> 5); \ 3696 a -= b; a -= c; a ^= (c >> 3); \ 3697 b -= c; b -= a; b ^= (a << 10); \ 3698 c -= a; c -= b; c ^= (b >> 15); \ 3699 } while (/*CONSTCOND*/0) 3700 3701 static __inline uint32_t 3702 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 3703 { 3704 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 3705 3706 b += addr[5] << 8; 3707 b += addr[4]; 3708 a += addr[3] << 24; 3709 a += addr[2] << 16; 3710 a += addr[1] << 8; 3711 a += addr[0]; 3712 3713 mix(a, b, c); 3714 3715 return (c & BRIDGE_RTHASH_MASK); 3716 } 3717 3718 #undef mix 3719 3720 static int 3721 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 3722 { 3723 int i, d; 3724 3725 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 3726 d = ((int)a[i]) - ((int)b[i]); 3727 } 3728 3729 return (d); 3730 } 3731 3732 /* 3733 * bridge_rtnode_lookup: 3734 * 3735 * Look up a bridge route node for the specified destination. 3736 */ 3737 static struct bridge_rtnode * 3738 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 3739 { 3740 struct bridge_rtnode *brt; 3741 uint32_t hash; 3742 int dir; 3743 3744 hash = bridge_rthash(sc, addr); 3745 LIST_FOREACH(brt, &sc->sc_rthashs[mycpuid][hash], brt_hash) { 3746 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 3747 if (dir == 0) 3748 return (brt); 3749 if (dir > 0) 3750 return (NULL); 3751 } 3752 3753 return (NULL); 3754 } 3755 3756 /* 3757 * bridge_rtnode_insert: 3758 * 3759 * Insert the specified bridge node into the route table. 3760 * Caller has to make sure that rtnode does not exist. 3761 */ 3762 static void 3763 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 3764 { 3765 struct bridge_rtnode *lbrt; 3766 uint32_t hash; 3767 int dir; 3768 3769 hash = bridge_rthash(sc, brt->brt_addr); 3770 3771 lbrt = LIST_FIRST(&sc->sc_rthashs[mycpuid][hash]); 3772 if (lbrt == NULL) { 3773 LIST_INSERT_HEAD(&sc->sc_rthashs[mycpuid][hash], 3774 brt, brt_hash); 3775 goto out; 3776 } 3777 3778 do { 3779 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 3780 KASSERT(dir != 0, ("rtnode already exist")); 3781 3782 if (dir > 0) { 3783 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 3784 goto out; 3785 } 3786 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 3787 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 3788 goto out; 3789 } 3790 lbrt = LIST_NEXT(lbrt, brt_hash); 3791 } while (lbrt != NULL); 3792 3793 panic("no suitable position found for rtnode"); 3794 out: 3795 LIST_INSERT_HEAD(&sc->sc_rtlists[mycpuid], brt, brt_list); 3796 if (mycpuid == 0) { 3797 /* 3798 * Update the brtcnt. 3799 * We only need to do it once and we do it on CPU0. 3800 */ 3801 sc->sc_brtcnt++; 3802 } 3803 } 3804 3805 /* 3806 * bridge_rtnode_destroy: 3807 * 3808 * Destroy a bridge rtnode. 3809 */ 3810 static void 3811 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 3812 { 3813 struct bridge_rtinfo *bri; 3814 3815 LIST_REMOVE(brt, brt_hash); 3816 LIST_REMOVE(brt, brt_list); 3817 3818 bri = brt->brt_info; 3819 3820 /* 3821 * The bri_dead flag can be set asynchronously and catch some gc's 3822 * in the middle, don't free bri until all references have actually 3823 * gone away. 3824 */ 3825 if (atomic_fetchadd_int(&bri->bri_refs, -1) == 1) { 3826 /* Free rtinfo associated with rtnode on the last cpu */ 3827 kfree(bri, M_DEVBUF); 3828 brt->brt_info = NULL; /* safety */ 3829 } 3830 kfree(brt, M_DEVBUF); 3831 3832 if (mycpuid == 0) { 3833 /* Update brtcnt only on CPU0 */ 3834 sc->sc_brtcnt--; 3835 } 3836 } 3837 3838 static __inline int 3839 bridge_post_pfil(struct mbuf *m) 3840 { 3841 if (m->m_pkthdr.fw_flags & IPFORWARD_MBUF_TAGGED) 3842 return EOPNOTSUPP; 3843 3844 /* Not yet */ 3845 if (m->m_pkthdr.fw_flags & DUMMYNET_MBUF_TAGGED) 3846 return EOPNOTSUPP; 3847 3848 return 0; 3849 } 3850 3851 /* 3852 * Send bridge packets through pfil if they are one of the types pfil can deal 3853 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3854 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3855 * that interface. 3856 */ 3857 static int 3858 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3859 { 3860 int snap, error, i, hlen; 3861 struct ether_header *eh1, eh2; 3862 struct ip *ip; 3863 struct llc llc1; 3864 u_int16_t ether_type; 3865 3866 snap = 0; 3867 error = -1; /* Default error if not error == 0 */ 3868 3869 if (pfil_bridge == 0 && pfil_member == 0) 3870 return (0); /* filtering is disabled */ 3871 3872 i = min((*mp)->m_pkthdr.len, max_protohdr); 3873 if ((*mp)->m_len < i) { 3874 *mp = m_pullup(*mp, i); 3875 if (*mp == NULL) { 3876 kprintf("%s: m_pullup failed\n", __func__); 3877 return (-1); 3878 } 3879 } 3880 3881 eh1 = mtod(*mp, struct ether_header *); 3882 ether_type = ntohs(eh1->ether_type); 3883 3884 /* 3885 * Check for SNAP/LLC. 3886 */ 3887 if (ether_type < ETHERMTU) { 3888 struct llc *llc2 = (struct llc *)(eh1 + 1); 3889 3890 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3891 llc2->llc_dsap == LLC_SNAP_LSAP && 3892 llc2->llc_ssap == LLC_SNAP_LSAP && 3893 llc2->llc_control == LLC_UI) { 3894 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3895 snap = 1; 3896 } 3897 } 3898 3899 /* 3900 * If we're trying to filter bridge traffic, don't look at anything 3901 * other than IP and ARP traffic. If the filter doesn't understand 3902 * IPv6, don't allow IPv6 through the bridge either. This is lame 3903 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3904 * but of course we don't have an AppleTalk filter to begin with. 3905 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3906 * ARP traffic.) 3907 */ 3908 switch (ether_type) { 3909 case ETHERTYPE_ARP: 3910 case ETHERTYPE_REVARP: 3911 return (0); /* Automatically pass */ 3912 3913 case ETHERTYPE_IP: 3914 #ifdef INET6 3915 case ETHERTYPE_IPV6: 3916 #endif /* INET6 */ 3917 break; 3918 3919 default: 3920 /* 3921 * Check to see if the user wants to pass non-ip 3922 * packets, these will not be checked by pfil(9) 3923 * and passed unconditionally so the default is to drop. 3924 */ 3925 if (pfil_onlyip) 3926 goto bad; 3927 } 3928 3929 /* Strip off the Ethernet header and keep a copy. */ 3930 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3931 m_adj(*mp, ETHER_HDR_LEN); 3932 3933 /* Strip off snap header, if present */ 3934 if (snap) { 3935 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3936 m_adj(*mp, sizeof(struct llc)); 3937 } 3938 3939 /* 3940 * Check the IP header for alignment and errors 3941 */ 3942 if (dir == PFIL_IN) { 3943 switch (ether_type) { 3944 case ETHERTYPE_IP: 3945 error = bridge_ip_checkbasic(mp); 3946 break; 3947 #ifdef INET6 3948 case ETHERTYPE_IPV6: 3949 error = bridge_ip6_checkbasic(mp); 3950 break; 3951 #endif /* INET6 */ 3952 default: 3953 error = 0; 3954 } 3955 if (error) 3956 goto bad; 3957 } 3958 3959 error = 0; 3960 3961 /* 3962 * Run the packet through pfil 3963 */ 3964 switch (ether_type) { 3965 case ETHERTYPE_IP: 3966 /* 3967 * before calling the firewall, swap fields the same as 3968 * IP does. here we assume the header is contiguous 3969 */ 3970 ip = mtod(*mp, struct ip *); 3971 3972 ip->ip_len = ntohs(ip->ip_len); 3973 ip->ip_off = ntohs(ip->ip_off); 3974 3975 /* 3976 * Run pfil on the member interface and the bridge, both can 3977 * be skipped by clearing pfil_member or pfil_bridge. 3978 * 3979 * Keep the order: 3980 * in_if -> bridge_if -> out_if 3981 */ 3982 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) { 3983 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 3984 if (*mp == NULL || error != 0) /* filter may consume */ 3985 break; 3986 error = bridge_post_pfil(*mp); 3987 if (error) 3988 break; 3989 } 3990 3991 if (pfil_member && ifp != NULL) { 3992 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, dir); 3993 if (*mp == NULL || error != 0) /* filter may consume */ 3994 break; 3995 error = bridge_post_pfil(*mp); 3996 if (error) 3997 break; 3998 } 3999 4000 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) { 4001 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 4002 if (*mp == NULL || error != 0) /* filter may consume */ 4003 break; 4004 error = bridge_post_pfil(*mp); 4005 if (error) 4006 break; 4007 } 4008 4009 /* check if we need to fragment the packet */ 4010 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 4011 i = (*mp)->m_pkthdr.len; 4012 if (i > ifp->if_mtu) { 4013 error = bridge_fragment(ifp, *mp, &eh2, snap, 4014 &llc1); 4015 return (error); 4016 } 4017 } 4018 4019 /* Recalculate the ip checksum and restore byte ordering */ 4020 ip = mtod(*mp, struct ip *); 4021 hlen = ip->ip_hl << 2; 4022 if (hlen < sizeof(struct ip)) 4023 goto bad; 4024 if (hlen > (*mp)->m_len) { 4025 if ((*mp = m_pullup(*mp, hlen)) == NULL) 4026 goto bad; 4027 ip = mtod(*mp, struct ip *); 4028 if (ip == NULL) 4029 goto bad; 4030 } 4031 ip->ip_len = htons(ip->ip_len); 4032 ip->ip_off = htons(ip->ip_off); 4033 ip->ip_sum = 0; 4034 if (hlen == sizeof(struct ip)) 4035 ip->ip_sum = in_cksum_hdr(ip); 4036 else 4037 ip->ip_sum = in_cksum(*mp, hlen); 4038 4039 break; 4040 #ifdef INET6 4041 case ETHERTYPE_IPV6: 4042 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 4043 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4044 dir); 4045 4046 if (*mp == NULL || error != 0) /* filter may consume */ 4047 break; 4048 4049 if (pfil_member && ifp != NULL) 4050 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 4051 dir); 4052 4053 if (*mp == NULL || error != 0) /* filter may consume */ 4054 break; 4055 4056 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 4057 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4058 dir); 4059 break; 4060 #endif 4061 default: 4062 error = 0; 4063 break; 4064 } 4065 4066 if (*mp == NULL) 4067 return (error); 4068 if (error != 0) 4069 goto bad; 4070 4071 error = -1; 4072 4073 /* 4074 * Finally, put everything back the way it was and return 4075 */ 4076 if (snap) { 4077 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT); 4078 if (*mp == NULL) 4079 return (error); 4080 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 4081 } 4082 4083 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT); 4084 if (*mp == NULL) 4085 return (error); 4086 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 4087 4088 return (0); 4089 4090 bad: 4091 m_freem(*mp); 4092 *mp = NULL; 4093 return (error); 4094 } 4095 4096 /* 4097 * Perform basic checks on header size since 4098 * pfil assumes ip_input has already processed 4099 * it for it. Cut-and-pasted from ip_input.c. 4100 * Given how simple the IPv6 version is, 4101 * does the IPv4 version really need to be 4102 * this complicated? 4103 * 4104 * XXX Should we update ipstat here, or not? 4105 * XXX Right now we update ipstat but not 4106 * XXX csum_counter. 4107 */ 4108 static int 4109 bridge_ip_checkbasic(struct mbuf **mp) 4110 { 4111 struct mbuf *m = *mp; 4112 struct ip *ip; 4113 int len, hlen; 4114 u_short sum; 4115 4116 if (*mp == NULL) 4117 return (-1); 4118 #if 0 /* notyet */ 4119 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4120 if ((m = m_copyup(m, sizeof(struct ip), 4121 (max_linkhdr + 3) & ~3)) == NULL) { 4122 /* XXXJRT new stat, please */ 4123 ipstat.ips_toosmall++; 4124 goto bad; 4125 } 4126 } else 4127 #endif 4128 #ifndef __predict_false 4129 #define __predict_false(x) x 4130 #endif 4131 if (__predict_false(m->m_len < sizeof (struct ip))) { 4132 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 4133 ipstat.ips_toosmall++; 4134 goto bad; 4135 } 4136 } 4137 ip = mtod(m, struct ip *); 4138 if (ip == NULL) goto bad; 4139 4140 if (ip->ip_v != IPVERSION) { 4141 ipstat.ips_badvers++; 4142 goto bad; 4143 } 4144 hlen = ip->ip_hl << 2; 4145 if (hlen < sizeof(struct ip)) { /* minimum header length */ 4146 ipstat.ips_badhlen++; 4147 goto bad; 4148 } 4149 if (hlen > m->m_len) { 4150 if ((m = m_pullup(m, hlen)) == NULL) { 4151 ipstat.ips_badhlen++; 4152 goto bad; 4153 } 4154 ip = mtod(m, struct ip *); 4155 if (ip == NULL) goto bad; 4156 } 4157 4158 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 4159 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 4160 } else { 4161 if (hlen == sizeof(struct ip)) { 4162 sum = in_cksum_hdr(ip); 4163 } else { 4164 sum = in_cksum(m, hlen); 4165 } 4166 } 4167 if (sum) { 4168 ipstat.ips_badsum++; 4169 goto bad; 4170 } 4171 4172 /* Retrieve the packet length. */ 4173 len = ntohs(ip->ip_len); 4174 4175 /* 4176 * Check for additional length bogosity 4177 */ 4178 if (len < hlen) { 4179 ipstat.ips_badlen++; 4180 goto bad; 4181 } 4182 4183 /* 4184 * Check that the amount of data in the buffers 4185 * is as at least much as the IP header would have us expect. 4186 * Drop packet if shorter than we expect. 4187 */ 4188 if (m->m_pkthdr.len < len) { 4189 ipstat.ips_tooshort++; 4190 goto bad; 4191 } 4192 4193 /* Checks out, proceed */ 4194 *mp = m; 4195 return (0); 4196 4197 bad: 4198 *mp = m; 4199 return (-1); 4200 } 4201 4202 #ifdef INET6 4203 /* 4204 * Same as above, but for IPv6. 4205 * Cut-and-pasted from ip6_input.c. 4206 * XXX Should we update ip6stat, or not? 4207 */ 4208 static int 4209 bridge_ip6_checkbasic(struct mbuf **mp) 4210 { 4211 struct mbuf *m = *mp; 4212 struct ip6_hdr *ip6; 4213 4214 /* 4215 * If the IPv6 header is not aligned, slurp it up into a new 4216 * mbuf with space for link headers, in the event we forward 4217 * it. Otherwise, if it is aligned, make sure the entire base 4218 * IPv6 header is in the first mbuf of the chain. 4219 */ 4220 #if 0 /* notyet */ 4221 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4222 struct ifnet *inifp = m->m_pkthdr.rcvif; 4223 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 4224 (max_linkhdr + 3) & ~3)) == NULL) { 4225 /* XXXJRT new stat, please */ 4226 ip6stat.ip6s_toosmall++; 4227 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4228 goto bad; 4229 } 4230 } else 4231 #endif 4232 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 4233 struct ifnet *inifp = m->m_pkthdr.rcvif; 4234 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 4235 ip6stat.ip6s_toosmall++; 4236 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4237 goto bad; 4238 } 4239 } 4240 4241 ip6 = mtod(m, struct ip6_hdr *); 4242 4243 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 4244 ip6stat.ip6s_badvers++; 4245 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 4246 goto bad; 4247 } 4248 4249 /* Checks out, proceed */ 4250 *mp = m; 4251 return (0); 4252 4253 bad: 4254 *mp = m; 4255 return (-1); 4256 } 4257 #endif /* INET6 */ 4258 4259 /* 4260 * bridge_fragment: 4261 * 4262 * Return a fragmented mbuf chain. 4263 */ 4264 static int 4265 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 4266 int snap, struct llc *llc) 4267 { 4268 struct mbuf *m0; 4269 struct ip *ip; 4270 int error = -1; 4271 4272 if (m->m_len < sizeof(struct ip) && 4273 (m = m_pullup(m, sizeof(struct ip))) == NULL) 4274 goto out; 4275 ip = mtod(m, struct ip *); 4276 4277 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 4278 CSUM_DELAY_IP); 4279 if (error) 4280 goto out; 4281 4282 /* walk the chain and re-add the Ethernet header */ 4283 for (m0 = m; m0; m0 = m0->m_nextpkt) { 4284 if (error == 0) { 4285 if (snap) { 4286 M_PREPEND(m0, sizeof(struct llc), M_NOWAIT); 4287 if (m0 == NULL) { 4288 error = ENOBUFS; 4289 continue; 4290 } 4291 bcopy(llc, mtod(m0, caddr_t), 4292 sizeof(struct llc)); 4293 } 4294 M_PREPEND(m0, ETHER_HDR_LEN, M_NOWAIT); 4295 if (m0 == NULL) { 4296 error = ENOBUFS; 4297 continue; 4298 } 4299 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 4300 } else 4301 m_freem(m); 4302 } 4303 4304 if (error == 0) 4305 ipstat.ips_fragmented++; 4306 4307 return (error); 4308 4309 out: 4310 if (m != NULL) 4311 m_freem(m); 4312 return (error); 4313 } 4314 4315 static void 4316 bridge_enqueue_handler(netmsg_t msg) 4317 { 4318 struct netmsg_packet *nmp; 4319 struct ifnet *dst_ifp; 4320 struct mbuf *m; 4321 4322 nmp = &msg->packet; 4323 m = nmp->nm_packet; 4324 dst_ifp = nmp->base.lmsg.u.ms_resultp; 4325 mbuftrackid(m, 71); 4326 4327 bridge_handoff(dst_ifp->if_bridge, dst_ifp, m, 1); 4328 } 4329 4330 static void 4331 bridge_handoff(struct bridge_softc *sc, struct ifnet *dst_ifp, 4332 struct mbuf *m, int from_us) 4333 { 4334 struct mbuf *m0; 4335 struct ifnet *bifp; 4336 4337 bifp = sc->sc_ifp; 4338 mbuftrackid(m, 72); 4339 4340 /* We may be sending a fragment so traverse the mbuf */ 4341 for (; m; m = m0) { 4342 struct altq_pktattr pktattr; 4343 4344 m0 = m->m_nextpkt; 4345 m->m_nextpkt = NULL; 4346 4347 /* 4348 * If being sent from our host override ether_shost 4349 * with the bridge MAC. This is mandatory for ARP 4350 * so things don't get confused. In particular we 4351 * don't want ARPs to get associated with link interfaces 4352 * under the bridge which might or might not stay valid. 4353 * 4354 * Also override ether_shost when relaying a packet out 4355 * the same interface it came in on, due to multi-homed 4356 * addresses & default routes, otherwise switches will 4357 * get very confused. 4358 * 4359 * Otherwise if we are in transparent mode. 4360 */ 4361 if (from_us || m->m_pkthdr.rcvif == dst_ifp) { 4362 m_copyback(m, 4363 offsetof(struct ether_header, ether_shost), 4364 ETHER_ADDR_LEN, IF_LLADDR(sc->sc_ifp)); 4365 } else if ((bifp->if_flags & IFF_LINK0) && 4366 (m->m_pkthdr.fw_flags & BRIDGE_MBUF_TAGGED)) { 4367 m_copyback(m, 4368 offsetof(struct ether_header, ether_shost), 4369 ETHER_ADDR_LEN, 4370 m->m_pkthdr.ether_br_shost); 4371 } /* else retain shost */ 4372 4373 if (ifq_is_enabled(&dst_ifp->if_snd)) 4374 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 4375 4376 ifq_dispatch(dst_ifp, m, &pktattr); 4377 } 4378 } 4379 4380 static void 4381 bridge_control_dispatch(netmsg_t msg) 4382 { 4383 struct netmsg_brctl *bc_msg = (struct netmsg_brctl *)msg; 4384 struct ifnet *bifp = bc_msg->bc_sc->sc_ifp; 4385 int error; 4386 4387 ifnet_serialize_all(bifp); 4388 error = bc_msg->bc_func(bc_msg->bc_sc, bc_msg->bc_arg); 4389 ifnet_deserialize_all(bifp); 4390 4391 lwkt_replymsg(&bc_msg->base.lmsg, error); 4392 } 4393 4394 static int 4395 bridge_control(struct bridge_softc *sc, u_long cmd, 4396 bridge_ctl_t bc_func, void *bc_arg) 4397 { 4398 struct ifnet *bifp = sc->sc_ifp; 4399 struct netmsg_brctl bc_msg; 4400 int error; 4401 4402 ASSERT_IFNET_SERIALIZED_ALL(bifp); 4403 4404 bzero(&bc_msg, sizeof(bc_msg)); 4405 4406 netmsg_init(&bc_msg.base, NULL, &curthread->td_msgport, 4407 0, bridge_control_dispatch); 4408 bc_msg.bc_func = bc_func; 4409 bc_msg.bc_sc = sc; 4410 bc_msg.bc_arg = bc_arg; 4411 4412 ifnet_deserialize_all(bifp); 4413 error = lwkt_domsg(BRIDGE_CFGPORT, &bc_msg.base.lmsg, 0); 4414 ifnet_serialize_all(bifp); 4415 return error; 4416 } 4417 4418 static void 4419 bridge_add_bif_handler(netmsg_t msg) 4420 { 4421 struct netmsg_braddbif *amsg = (struct netmsg_braddbif *)msg; 4422 struct bridge_softc *sc; 4423 struct bridge_iflist *bif; 4424 4425 sc = amsg->br_softc; 4426 4427 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 4428 bif->bif_ifp = amsg->br_bif_ifp; 4429 bif->bif_onlist = 1; 4430 bif->bif_info = amsg->br_bif_info; 4431 4432 /* 4433 * runs through bif_info 4434 */ 4435 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 4436 4437 TAILQ_INSERT_HEAD(&sc->sc_iflists[mycpuid], bif, bif_next); 4438 4439 netisr_forwardmsg(&amsg->base, mycpuid + 1); 4440 } 4441 4442 static void 4443 bridge_add_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4444 struct ifnet *ifp) 4445 { 4446 struct netmsg_braddbif amsg; 4447 4448 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4449 4450 netmsg_init(&amsg.base, NULL, &curthread->td_msgport, 4451 0, bridge_add_bif_handler); 4452 amsg.br_softc = sc; 4453 amsg.br_bif_info = bif_info; 4454 amsg.br_bif_ifp = ifp; 4455 4456 netisr_domsg(&amsg.base, 0); 4457 } 4458 4459 static void 4460 bridge_del_bif_handler(netmsg_t msg) 4461 { 4462 struct netmsg_brdelbif *dmsg = (struct netmsg_brdelbif *)msg; 4463 struct bridge_softc *sc; 4464 struct bridge_iflist *bif; 4465 4466 sc = dmsg->br_softc; 4467 4468 /* 4469 * Locate the bif associated with the br_bif_info 4470 * on the current CPU 4471 */ 4472 bif = bridge_lookup_member_ifinfo(sc, dmsg->br_bif_info); 4473 KKASSERT(bif != NULL && bif->bif_onlist); 4474 4475 /* Remove the bif from the current CPU's iflist */ 4476 bif->bif_onlist = 0; 4477 TAILQ_REMOVE(dmsg->br_bif_list, bif, bif_next); 4478 4479 /* Save the removed bif for later freeing */ 4480 TAILQ_INSERT_HEAD(dmsg->br_bif_list, bif, bif_next); 4481 4482 netisr_forwardmsg(&dmsg->base, mycpuid + 1); 4483 } 4484 4485 static void 4486 bridge_del_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4487 struct bridge_iflist_head *saved_bifs) 4488 { 4489 struct netmsg_brdelbif dmsg; 4490 4491 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4492 4493 netmsg_init(&dmsg.base, NULL, &curthread->td_msgport, 4494 0, bridge_del_bif_handler); 4495 dmsg.br_softc = sc; 4496 dmsg.br_bif_info = bif_info; 4497 dmsg.br_bif_list = saved_bifs; 4498 4499 netisr_domsg(&dmsg.base, 0); 4500 } 4501