1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 * 81 * 82 * Bridge's route information is duplicated to each CPUs: 83 * 84 * CPU0 CPU1 CPU2 CPU3 85 * +-----------+ +-----------+ +-----------+ +-----------+ 86 * | rtnode | | rtnode | | rtnode | | rtnode | 87 * | | | | | | | | 88 * | dst eaddr | | dst eaddr | | dst eaddr | | dst eaddr | 89 * +-----------+ +-----------+ +-----------+ +-----------+ 90 * | | | | 91 * | | | | 92 * | | +----------+ | | 93 * | | | rtinfo | | | 94 * | +---->| |<---+ | 95 * | | flags | | 96 * +-------------->| timeout |<-------------+ 97 * | dst_ifp | 98 * +----------+ 99 * 100 * We choose to put timeout and dst_ifp into shared part, so updating 101 * them will be cheaper than using message forwarding. Also there is 102 * not need to use spinlock to protect the updating: timeout and dst_ifp 103 * is not related and specific field's updating order has no importance. 104 * The cache pollution by the share part should not be heavy: in a stable 105 * setup, dst_ifp probably will be not changed in rtnode's life time, 106 * while timeout is refreshed once per second; most of the time, timeout 107 * and dst_ifp are read-only accessed. 108 * 109 * 110 * Bridge route information installation on bridge_input path: 111 * 112 * CPU0 CPU1 CPU2 CPU3 113 * 114 * netisr2 115 * | 116 * alloc nmsg 117 * snd nmsg | 118 * w/o rtinfo | 119 * netisr0<-----------------------+ 120 * | : 121 * lookup dst : 122 * rtnode exists?(Y)free nmsg : 123 * |(N) : 124 * | : 125 * alloc rtinfo : 126 * alloc rtnode : 127 * install rtnode : 128 * | : 129 * +---------->netisr1 : 130 * : fwd nmsg | : 131 * : w/ rtinfo | : 132 * : | : 133 * : | : 134 * alloc rtnode : 135 * (w/ nmsg's rtinfo) : 136 * install rtnode : 137 * | : 138 * +----------->| 139 * : fwd nmsg | 140 * : w/ rtinfo | 141 * : | 142 * : same as netisr1 143 * | 144 * +---------->netisr3 145 * : fwd nmsg | 146 * : w/ rtinfo | 147 * : | 148 * : same as netisr1 149 * free nmsg 150 * : 151 * : 152 * 153 * The netmsgs forwarded between netisr2 are allocated with 154 * (M_WAITOK|M_NULLOK), so it will not fail under most cases (route 155 * information is too precious to be not installed :). Since multiple 156 * netisrs may try to install route information for the same dst eaddr, 157 * we look up route information in netisr0. However, this looking up 158 * only need to be performed on netisr0, which is the start point of 159 * the route information installation process. 160 * 161 * 162 * Bridge route information deleting/flushing: 163 * 164 * CPU0 CPU1 CPU2 CPU3 165 * 166 * netisr0 167 * | 168 * find suitable rtnodes, 169 * mark their rtinfo dead 170 * | 171 * | domsg <-------------------------------------------+ 172 * : delete rtnodes | replymsg 173 * : w/ dead rtinfo | 174 * : | 175 * : fwdmsg fwdmsg fwdmsg | 176 * :----------> netisr1 --------> netisr2 --------> netisr3 177 * delete rtnodes delete rtnodes delete rtnodes 178 * w/ dead rtinfo w/ dead rtinfo w/ dead rtinfo 179 * free dead rtinfos 180 * 181 * All deleting/flushing operations are serialized by netisr0, so each 182 * operation only reaps the route information marked dead by itself. 183 * 184 * 185 * Bridge route information adding/deleting/flushing: 186 * Since all operation is serialized by the fixed message flow between 187 * netisrs, it is not possible to create corrupted per-cpu route 188 * information. 189 * 190 * 191 * 192 * XXX This no longer applies. 193 * Percpu member interface list iteration with blocking operation: 194 * Since one bridge could only delete one member interface at a time and 195 * the deleted member interface is not freed after netmsg_service_sync(), 196 * following way is used to make sure that even if the certain member 197 * interface is ripped from the percpu list during the blocking operation, 198 * the iteration still could keep going: 199 * 200 * TAILQ_FOREACH_MUTABLE(bif, sc->sc_iflists[mycpuid], bif_next, nbif) { 201 * blocking operation; 202 * blocking operation; 203 * ... 204 * ... 205 * if (nbif != NULL && !nbif->bif_onlist) { 206 * KKASSERT(bif->bif_onlist); 207 * nbif = TAILQ_NEXT(bif, bif_next); 208 * } 209 * } 210 * 211 * As mentioned above only one member interface could be unlinked from the 212 * percpu member interface list, so either bif or nbif may be not on the list, 213 * but _not_ both. To keep the list iteration, we don't care about bif, but 214 * only nbif. Since removed member interface will only be freed after we 215 * finish our work, it is safe to access any field in an unlinked bif (here 216 * bif_onlist). If nbif is no longer on the list, then bif must be on the 217 * list, so we change nbif to the next element of bif and keep going. 218 */ 219 220 #include "opt_inet.h" 221 #include "opt_inet6.h" 222 223 #include <sys/param.h> 224 #include <sys/mbuf.h> 225 #include <sys/malloc.h> 226 #include <sys/protosw.h> 227 #include <sys/systm.h> 228 #include <sys/time.h> 229 #include <sys/socket.h> /* for net/if.h */ 230 #include <sys/sockio.h> 231 #include <sys/ctype.h> /* string functions */ 232 #include <sys/kernel.h> 233 #include <sys/random.h> 234 #include <sys/sysctl.h> 235 #include <sys/module.h> 236 #include <sys/proc.h> 237 #include <sys/priv.h> 238 #include <sys/lock.h> 239 #include <sys/thread.h> 240 #include <sys/thread2.h> 241 #include <sys/mpipe.h> 242 243 #include <net/bpf.h> 244 #include <net/if.h> 245 #include <net/if_dl.h> 246 #include <net/if_types.h> 247 #include <net/if_var.h> 248 #include <net/pfil.h> 249 #include <net/ifq_var.h> 250 #include <net/if_clone.h> 251 252 #include <netinet/in.h> /* for struct arpcom */ 253 #include <netinet/in_systm.h> 254 #include <netinet/in_var.h> 255 #include <netinet/ip.h> 256 #include <netinet/ip_var.h> 257 #ifdef INET6 258 #include <netinet/ip6.h> 259 #include <netinet6/ip6_var.h> 260 #endif 261 #include <netinet/if_ether.h> /* for struct arpcom */ 262 #include <net/bridge/if_bridgevar.h> 263 #include <net/if_llc.h> 264 #include <net/netmsg2.h> 265 #include <net/netisr2.h> 266 267 #include <net/route.h> 268 #include <sys/in_cksum.h> 269 270 /* 271 * Size of the route hash table. Must be a power of two. 272 */ 273 #ifndef BRIDGE_RTHASH_SIZE 274 #define BRIDGE_RTHASH_SIZE 1024 275 #endif 276 277 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 278 279 /* 280 * Maximum number of addresses to cache. 281 */ 282 #ifndef BRIDGE_RTABLE_MAX 283 #define BRIDGE_RTABLE_MAX 4096 284 #endif 285 286 /* 287 * Spanning tree defaults. 288 */ 289 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 290 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 291 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 292 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 293 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 294 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 295 #define BSTP_DEFAULT_PATH_COST 55 296 297 /* 298 * Timeout (in seconds) for entries learned dynamically. 299 */ 300 #ifndef BRIDGE_RTABLE_TIMEOUT 301 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 302 #endif 303 304 /* 305 * Number of seconds between walks of the route list. 306 */ 307 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 308 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 309 #endif 310 311 /* 312 * List of capabilities to mask on the member interface. 313 */ 314 #define BRIDGE_IFCAPS_MASK (IFCAP_TXCSUM | IFCAP_TSO) 315 316 typedef int (*bridge_ctl_t)(struct bridge_softc *, void *); 317 318 struct netmsg_brctl { 319 struct netmsg_base base; 320 bridge_ctl_t bc_func; 321 struct bridge_softc *bc_sc; 322 void *bc_arg; 323 }; 324 325 struct netmsg_brsaddr { 326 struct netmsg_base base; 327 struct bridge_softc *br_softc; 328 struct ifnet *br_dst_if; 329 struct bridge_rtinfo *br_rtinfo; 330 int br_setflags; 331 uint8_t br_dst[ETHER_ADDR_LEN]; 332 uint8_t br_flags; 333 }; 334 335 struct netmsg_braddbif { 336 struct netmsg_base base; 337 struct bridge_softc *br_softc; 338 struct bridge_ifinfo *br_bif_info; 339 struct ifnet *br_bif_ifp; 340 }; 341 342 struct netmsg_brdelbif { 343 struct netmsg_base base; 344 struct bridge_softc *br_softc; 345 struct bridge_ifinfo *br_bif_info; 346 struct bridge_iflist_head *br_bif_list; 347 }; 348 349 struct netmsg_brsflags { 350 struct netmsg_base base; 351 struct bridge_softc *br_softc; 352 struct bridge_ifinfo *br_bif_info; 353 uint32_t br_bif_flags; 354 }; 355 356 eventhandler_tag bridge_detach_cookie = NULL; 357 358 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 359 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *); 360 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 361 extern struct ifnet *(*bridge_interface_p)(void *if_bridge); 362 363 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 364 365 static int bridge_clone_create(struct if_clone *, int, caddr_t, caddr_t); 366 static int bridge_clone_destroy(struct ifnet *); 367 368 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 369 static void bridge_mutecaps(struct bridge_ifinfo *, struct ifnet *, int); 370 static void bridge_ifdetach(void *, struct ifnet *); 371 static void bridge_init(void *); 372 static int bridge_from_us(struct bridge_softc *, struct ether_header *); 373 static void bridge_stop(struct ifnet *); 374 static void bridge_start(struct ifnet *, struct ifaltq_subque *); 375 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 376 static int bridge_output(struct ifnet *, struct mbuf *); 377 static struct ifnet *bridge_interface(void *if_bridge); 378 379 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 380 381 static void bridge_timer_handler(netmsg_t); 382 static void bridge_timer(void *); 383 384 static void bridge_start_bcast(struct bridge_softc *, struct mbuf *); 385 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 386 struct mbuf *); 387 static void bridge_span(struct bridge_softc *, struct mbuf *); 388 389 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 390 struct ifnet *, uint8_t); 391 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 392 static void bridge_rtreap(struct bridge_softc *); 393 static void bridge_rtreap_async(struct bridge_softc *); 394 static void bridge_rttrim(struct bridge_softc *); 395 static int bridge_rtage_finddead(struct bridge_softc *); 396 static void bridge_rtage(struct bridge_softc *); 397 static void bridge_rtflush(struct bridge_softc *, int); 398 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 399 static int bridge_rtsaddr(struct bridge_softc *, const uint8_t *, 400 struct ifnet *, uint8_t); 401 static void bridge_rtmsg_sync(struct bridge_softc *sc); 402 static void bridge_rtreap_handler(netmsg_t); 403 static void bridge_rtinstall_handler(netmsg_t); 404 static int bridge_rtinstall_oncpu(struct bridge_softc *, const uint8_t *, 405 struct ifnet *, int, uint8_t, struct bridge_rtinfo **); 406 407 static void bridge_rtable_init(struct bridge_softc *); 408 static void bridge_rtable_fini(struct bridge_softc *); 409 410 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 411 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 412 const uint8_t *); 413 static void bridge_rtnode_insert(struct bridge_softc *, 414 struct bridge_rtnode *); 415 static void bridge_rtnode_destroy(struct bridge_softc *, 416 struct bridge_rtnode *); 417 418 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 419 const char *name); 420 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 421 struct ifnet *ifp); 422 static struct bridge_iflist *bridge_lookup_member_ifinfo(struct bridge_softc *, 423 struct bridge_ifinfo *); 424 static void bridge_delete_member(struct bridge_softc *, 425 struct bridge_iflist *, int); 426 static void bridge_delete_span(struct bridge_softc *, 427 struct bridge_iflist *); 428 429 static int bridge_control(struct bridge_softc *, u_long, 430 bridge_ctl_t, void *); 431 static int bridge_ioctl_init(struct bridge_softc *, void *); 432 static int bridge_ioctl_stop(struct bridge_softc *, void *); 433 static int bridge_ioctl_add(struct bridge_softc *, void *); 434 static int bridge_ioctl_del(struct bridge_softc *, void *); 435 static void bridge_ioctl_fillflags(struct bridge_softc *sc, 436 struct bridge_iflist *bif, struct ifbreq *req); 437 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 438 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 439 static int bridge_ioctl_scache(struct bridge_softc *, void *); 440 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 441 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 442 static int bridge_ioctl_rts(struct bridge_softc *, void *); 443 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 444 static int bridge_ioctl_sto(struct bridge_softc *, void *); 445 static int bridge_ioctl_gto(struct bridge_softc *, void *); 446 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 447 static int bridge_ioctl_flush(struct bridge_softc *, void *); 448 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 449 static int bridge_ioctl_spri(struct bridge_softc *, void *); 450 static int bridge_ioctl_reinit(struct bridge_softc *, void *); 451 static int bridge_ioctl_ght(struct bridge_softc *, void *); 452 static int bridge_ioctl_sht(struct bridge_softc *, void *); 453 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 454 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 455 static int bridge_ioctl_gma(struct bridge_softc *, void *); 456 static int bridge_ioctl_sma(struct bridge_softc *, void *); 457 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 458 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 459 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 460 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 461 static int bridge_ioctl_sifbondwght(struct bridge_softc *, void *); 462 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 463 int); 464 static int bridge_ip_checkbasic(struct mbuf **mp); 465 #ifdef INET6 466 static int bridge_ip6_checkbasic(struct mbuf **mp); 467 #endif /* INET6 */ 468 static int bridge_fragment(struct ifnet *, struct mbuf *, 469 struct ether_header *, int, struct llc *); 470 static void bridge_enqueue_handler(netmsg_t); 471 static void bridge_handoff(struct bridge_softc *, struct ifnet *, 472 struct mbuf *, int); 473 474 static void bridge_del_bif_handler(netmsg_t); 475 static void bridge_add_bif_handler(netmsg_t); 476 static void bridge_del_bif(struct bridge_softc *, struct bridge_ifinfo *, 477 struct bridge_iflist_head *); 478 static void bridge_add_bif(struct bridge_softc *, struct bridge_ifinfo *, 479 struct ifnet *); 480 481 SYSCTL_DECL(_net_link); 482 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 483 484 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 485 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 486 static int pfil_member = 1; /* run pfil hooks on the member interface */ 487 static int bridge_debug; 488 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 489 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 490 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 491 &pfil_bridge, 0, "Packet filter on the bridge interface"); 492 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 493 &pfil_member, 0, "Packet filter on the member interface"); 494 SYSCTL_INT(_net_link_bridge, OID_AUTO, debug, CTLFLAG_RW, 495 &bridge_debug, 0, "Bridge debug mode"); 496 497 struct bridge_control_arg { 498 union { 499 struct ifbreq ifbreq; 500 struct ifbifconf ifbifconf; 501 struct ifbareq ifbareq; 502 struct ifbaconf ifbaconf; 503 struct ifbrparam ifbrparam; 504 } bca_u; 505 int bca_len; 506 void *bca_uptr; 507 void *bca_kptr; 508 }; 509 510 struct bridge_control { 511 bridge_ctl_t bc_func; 512 int bc_argsize; 513 int bc_flags; 514 }; 515 516 #define BC_F_COPYIN 0x01 /* copy arguments in */ 517 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 518 #define BC_F_SUSER 0x04 /* do super-user check */ 519 520 const struct bridge_control bridge_control_table[] = { 521 { bridge_ioctl_add, sizeof(struct ifbreq), 522 BC_F_COPYIN|BC_F_SUSER }, 523 { bridge_ioctl_del, sizeof(struct ifbreq), 524 BC_F_COPYIN|BC_F_SUSER }, 525 526 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 527 BC_F_COPYIN|BC_F_COPYOUT }, 528 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 529 BC_F_COPYIN|BC_F_SUSER }, 530 531 { bridge_ioctl_scache, sizeof(struct ifbrparam), 532 BC_F_COPYIN|BC_F_SUSER }, 533 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 534 BC_F_COPYOUT }, 535 536 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 537 BC_F_COPYIN|BC_F_COPYOUT }, 538 { bridge_ioctl_rts, sizeof(struct ifbaconf), 539 BC_F_COPYIN|BC_F_COPYOUT }, 540 541 { bridge_ioctl_saddr, sizeof(struct ifbareq), 542 BC_F_COPYIN|BC_F_SUSER }, 543 544 { bridge_ioctl_sto, sizeof(struct ifbrparam), 545 BC_F_COPYIN|BC_F_SUSER }, 546 { bridge_ioctl_gto, sizeof(struct ifbrparam), 547 BC_F_COPYOUT }, 548 549 { bridge_ioctl_daddr, sizeof(struct ifbareq), 550 BC_F_COPYIN|BC_F_SUSER }, 551 552 { bridge_ioctl_flush, sizeof(struct ifbreq), 553 BC_F_COPYIN|BC_F_SUSER }, 554 555 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 556 BC_F_COPYOUT }, 557 { bridge_ioctl_spri, sizeof(struct ifbrparam), 558 BC_F_COPYIN|BC_F_SUSER }, 559 560 { bridge_ioctl_ght, sizeof(struct ifbrparam), 561 BC_F_COPYOUT }, 562 { bridge_ioctl_sht, sizeof(struct ifbrparam), 563 BC_F_COPYIN|BC_F_SUSER }, 564 565 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 566 BC_F_COPYOUT }, 567 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 568 BC_F_COPYIN|BC_F_SUSER }, 569 570 { bridge_ioctl_gma, sizeof(struct ifbrparam), 571 BC_F_COPYOUT }, 572 { bridge_ioctl_sma, sizeof(struct ifbrparam), 573 BC_F_COPYIN|BC_F_SUSER }, 574 575 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 576 BC_F_COPYIN|BC_F_SUSER }, 577 578 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 579 BC_F_COPYIN|BC_F_SUSER }, 580 581 { bridge_ioctl_addspan, sizeof(struct ifbreq), 582 BC_F_COPYIN|BC_F_SUSER }, 583 { bridge_ioctl_delspan, sizeof(struct ifbreq), 584 BC_F_COPYIN|BC_F_SUSER }, 585 586 { bridge_ioctl_sifbondwght, sizeof(struct ifbreq), 587 BC_F_COPYIN|BC_F_SUSER }, 588 589 }; 590 static const int bridge_control_table_size = NELEM(bridge_control_table); 591 592 LIST_HEAD(, bridge_softc) bridge_list; 593 594 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 595 bridge_clone_create, 596 bridge_clone_destroy, 0, IF_MAXUNIT); 597 598 static int 599 bridge_modevent(module_t mod, int type, void *data) 600 { 601 switch (type) { 602 case MOD_LOAD: 603 LIST_INIT(&bridge_list); 604 if_clone_attach(&bridge_cloner); 605 bridge_input_p = bridge_input; 606 bridge_output_p = bridge_output; 607 bridge_interface_p = bridge_interface; 608 bridge_detach_cookie = EVENTHANDLER_REGISTER( 609 ifnet_detach_event, bridge_ifdetach, NULL, 610 EVENTHANDLER_PRI_ANY); 611 #if 0 /* notyet */ 612 bstp_linkstate_p = bstp_linkstate; 613 #endif 614 break; 615 case MOD_UNLOAD: 616 if (!LIST_EMPTY(&bridge_list)) 617 return (EBUSY); 618 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 619 bridge_detach_cookie); 620 if_clone_detach(&bridge_cloner); 621 bridge_input_p = NULL; 622 bridge_output_p = NULL; 623 bridge_interface_p = NULL; 624 #if 0 /* notyet */ 625 bstp_linkstate_p = NULL; 626 #endif 627 break; 628 default: 629 return (EOPNOTSUPP); 630 } 631 return (0); 632 } 633 634 static moduledata_t bridge_mod = { 635 "if_bridge", 636 bridge_modevent, 637 0 638 }; 639 640 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 641 642 643 /* 644 * bridge_clone_create: 645 * 646 * Create a new bridge instance. 647 */ 648 static int 649 bridge_clone_create(struct if_clone *ifc, int unit, 650 caddr_t params __unused, caddr_t data __unused) 651 { 652 struct bridge_softc *sc; 653 struct ifnet *ifp; 654 u_char eaddr[6]; 655 int cpu, rnd; 656 657 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK | M_ZERO); 658 ifp = sc->sc_ifp = &sc->sc_if; 659 660 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 661 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 662 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 663 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 664 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 665 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 666 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 667 668 /* Initialize our routing table. */ 669 bridge_rtable_init(sc); 670 671 callout_init_mp(&sc->sc_brcallout); 672 netmsg_init(&sc->sc_brtimemsg, NULL, &netisr_adone_rport, 673 MSGF_DROPABLE, bridge_timer_handler); 674 sc->sc_brtimemsg.lmsg.u.ms_resultp = sc; 675 676 callout_init_mp(&sc->sc_bstpcallout); 677 netmsg_init(&sc->sc_bstptimemsg, NULL, &netisr_adone_rport, 678 MSGF_DROPABLE, bstp_tick_handler); 679 sc->sc_bstptimemsg.lmsg.u.ms_resultp = sc; 680 681 /* Initialize per-cpu member iface lists */ 682 sc->sc_iflists = kmalloc(sizeof(*sc->sc_iflists) * netisr_ncpus, 683 M_DEVBUF, M_WAITOK); 684 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 685 TAILQ_INIT(&sc->sc_iflists[cpu]); 686 687 TAILQ_INIT(&sc->sc_spanlist); 688 689 ifp->if_softc = sc; 690 if_initname(ifp, ifc->ifc_name, unit); 691 ifp->if_mtu = ETHERMTU; 692 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 693 ifp->if_ioctl = bridge_ioctl; 694 ifp->if_start = bridge_start; 695 ifp->if_init = bridge_init; 696 ifp->if_type = IFT_ETHER; 697 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 698 ifq_set_ready(&ifp->if_snd); 699 ifp->if_hdrlen = ETHER_HDR_LEN; 700 701 /* 702 * Generate a random ethernet address and use the private AC:DE:48 703 * OUI code. 704 */ 705 rnd = karc4random(); 706 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 707 rnd = karc4random(); 708 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 709 710 eaddr[0] &= ~1; /* clear multicast bit */ 711 eaddr[0] |= 2; /* set the LAA bit */ 712 713 ether_ifattach(ifp, eaddr, NULL); 714 /* Now undo some of the damage... */ 715 ifp->if_baudrate = 0; 716 /*ifp->if_type = IFT_BRIDGE;*/ 717 718 crit_enter(); /* XXX MP */ 719 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 720 crit_exit(); 721 722 return (0); 723 } 724 725 static void 726 bridge_delete_dispatch(netmsg_t msg) 727 { 728 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 729 struct ifnet *bifp = sc->sc_ifp; 730 struct bridge_iflist *bif; 731 732 ifnet_serialize_all(bifp); 733 734 while ((bif = TAILQ_FIRST(&sc->sc_iflists[mycpuid])) != NULL) 735 bridge_delete_member(sc, bif, 0); 736 737 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) 738 bridge_delete_span(sc, bif); 739 740 ifnet_deserialize_all(bifp); 741 742 lwkt_replymsg(&msg->lmsg, 0); 743 } 744 745 /* 746 * bridge_clone_destroy: 747 * 748 * Destroy a bridge instance. 749 */ 750 static int 751 bridge_clone_destroy(struct ifnet *ifp) 752 { 753 struct bridge_softc *sc = ifp->if_softc; 754 struct netmsg_base msg; 755 756 ifnet_serialize_all(ifp); 757 758 bridge_stop(ifp); 759 ifp->if_flags &= ~IFF_UP; 760 761 ifnet_deserialize_all(ifp); 762 763 netmsg_init(&msg, NULL, &curthread->td_msgport, 764 0, bridge_delete_dispatch); 765 msg.lmsg.u.ms_resultp = sc; 766 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 767 768 crit_enter(); /* XXX MP */ 769 LIST_REMOVE(sc, sc_list); 770 crit_exit(); 771 772 ether_ifdetach(ifp); 773 774 /* Tear down the routing table. */ 775 bridge_rtable_fini(sc); 776 777 /* Free per-cpu member iface lists */ 778 kfree(sc->sc_iflists, M_DEVBUF); 779 780 kfree(sc, M_DEVBUF); 781 782 return 0; 783 } 784 785 /* 786 * bridge_ioctl: 787 * 788 * Handle a control request from the operator. 789 */ 790 static int 791 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 792 { 793 struct bridge_softc *sc = ifp->if_softc; 794 struct bridge_control_arg args; 795 struct ifdrv *ifd = (struct ifdrv *) data; 796 const struct bridge_control *bc; 797 int error = 0; 798 799 ASSERT_IFNET_SERIALIZED_ALL(ifp); 800 801 switch (cmd) { 802 case SIOCADDMULTI: 803 case SIOCDELMULTI: 804 break; 805 806 case SIOCGDRVSPEC: 807 case SIOCSDRVSPEC: 808 if (ifd->ifd_cmd >= bridge_control_table_size) { 809 error = EINVAL; 810 break; 811 } 812 bc = &bridge_control_table[ifd->ifd_cmd]; 813 814 if (cmd == SIOCGDRVSPEC && 815 (bc->bc_flags & BC_F_COPYOUT) == 0) { 816 error = EINVAL; 817 break; 818 } else if (cmd == SIOCSDRVSPEC && 819 (bc->bc_flags & BC_F_COPYOUT)) { 820 error = EINVAL; 821 break; 822 } 823 824 if (bc->bc_flags & BC_F_SUSER) { 825 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY); 826 if (error) 827 break; 828 } 829 830 if (ifd->ifd_len != bc->bc_argsize || 831 ifd->ifd_len > sizeof(args.bca_u)) { 832 error = EINVAL; 833 break; 834 } 835 836 memset(&args, 0, sizeof(args)); 837 if (bc->bc_flags & BC_F_COPYIN) { 838 error = copyin(ifd->ifd_data, &args.bca_u, 839 ifd->ifd_len); 840 if (error) 841 break; 842 } 843 844 error = bridge_control(sc, cmd, bc->bc_func, &args); 845 if (error) { 846 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 847 break; 848 } 849 850 if (bc->bc_flags & BC_F_COPYOUT) { 851 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 852 if (args.bca_len != 0) { 853 KKASSERT(args.bca_kptr != NULL); 854 if (!error) { 855 error = copyout(args.bca_kptr, 856 args.bca_uptr, args.bca_len); 857 } 858 kfree(args.bca_kptr, M_TEMP); 859 } else { 860 KKASSERT(args.bca_kptr == NULL); 861 } 862 } else { 863 KKASSERT(args.bca_len == 0 && args.bca_kptr == NULL); 864 } 865 break; 866 867 case SIOCSIFFLAGS: 868 if (!(ifp->if_flags & IFF_UP) && 869 (ifp->if_flags & IFF_RUNNING)) { 870 /* 871 * If interface is marked down and it is running, 872 * then stop it. 873 */ 874 bridge_stop(ifp); 875 } else if ((ifp->if_flags & IFF_UP) && 876 !(ifp->if_flags & IFF_RUNNING)) { 877 /* 878 * If interface is marked up and it is stopped, then 879 * start it. 880 */ 881 ifp->if_init(sc); 882 } 883 884 /* 885 * If running and link flag state change we have to 886 * reinitialize as well. 887 */ 888 if ((ifp->if_flags & IFF_RUNNING) && 889 (ifp->if_flags & (IFF_LINK0|IFF_LINK1|IFF_LINK2)) != 890 sc->sc_copy_flags) { 891 sc->sc_copy_flags = ifp->if_flags & 892 (IFF_LINK0|IFF_LINK1|IFF_LINK2); 893 bridge_control(sc, 0, bridge_ioctl_reinit, NULL); 894 } 895 896 break; 897 898 case SIOCSIFMTU: 899 /* Do not allow the MTU to be changed on the bridge */ 900 error = EINVAL; 901 break; 902 903 default: 904 error = ether_ioctl(ifp, cmd, data); 905 break; 906 } 907 return (error); 908 } 909 910 /* 911 * bridge_mutecaps: 912 * 913 * Clear or restore unwanted capabilities on the member interface 914 */ 915 static void 916 bridge_mutecaps(struct bridge_ifinfo *bif_info, struct ifnet *ifp, int mute) 917 { 918 struct ifreq ifr; 919 920 if (ifp->if_ioctl == NULL) 921 return; 922 923 bzero(&ifr, sizeof(ifr)); 924 ifr.ifr_reqcap = ifp->if_capenable; 925 926 if (mute) { 927 /* mask off and save capabilities */ 928 bif_info->bifi_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 929 if (bif_info->bifi_mutecap != 0) 930 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 931 } else { 932 /* restore muted capabilities */ 933 ifr.ifr_reqcap |= bif_info->bifi_mutecap; 934 } 935 936 if (bif_info->bifi_mutecap != 0) { 937 ifnet_serialize_all(ifp); 938 ifp->if_ioctl(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 939 ifnet_deserialize_all(ifp); 940 } 941 } 942 943 /* 944 * bridge_lookup_member: 945 * 946 * Lookup a bridge member interface. 947 */ 948 static struct bridge_iflist * 949 bridge_lookup_member(struct bridge_softc *sc, const char *name) 950 { 951 struct bridge_iflist *bif; 952 953 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 954 if (strcmp(bif->bif_ifp->if_xname, name) == 0) 955 return (bif); 956 } 957 return (NULL); 958 } 959 960 /* 961 * bridge_lookup_member_if: 962 * 963 * Lookup a bridge member interface by ifnet*. 964 */ 965 static struct bridge_iflist * 966 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 967 { 968 struct bridge_iflist *bif; 969 970 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 971 if (bif->bif_ifp == member_ifp) 972 return (bif); 973 } 974 return (NULL); 975 } 976 977 /* 978 * bridge_lookup_member_ifinfo: 979 * 980 * Lookup a bridge member interface by bridge_ifinfo. 981 */ 982 static struct bridge_iflist * 983 bridge_lookup_member_ifinfo(struct bridge_softc *sc, 984 struct bridge_ifinfo *bif_info) 985 { 986 struct bridge_iflist *bif; 987 988 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 989 if (bif->bif_info == bif_info) 990 return (bif); 991 } 992 return (NULL); 993 } 994 995 /* 996 * bridge_delete_member: 997 * 998 * Delete the specified member interface. 999 */ 1000 static void 1001 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 1002 int gone) 1003 { 1004 struct ifnet *ifs = bif->bif_ifp; 1005 struct ifnet *bifp = sc->sc_ifp; 1006 struct bridge_ifinfo *bif_info = bif->bif_info; 1007 struct bridge_iflist_head saved_bifs; 1008 1009 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1010 KKASSERT(bif_info != NULL); 1011 1012 ifs->if_bridge = NULL; 1013 1014 /* 1015 * Release bridge interface's serializer: 1016 * - To avoid possible dead lock. 1017 * - Various sync operation will block the current thread. 1018 */ 1019 ifnet_deserialize_all(bifp); 1020 1021 if (!gone) { 1022 switch (ifs->if_type) { 1023 case IFT_ETHER: 1024 case IFT_L2VLAN: 1025 /* 1026 * Take the interface out of promiscuous mode. 1027 */ 1028 ifpromisc(ifs, 0); 1029 bridge_mutecaps(bif_info, ifs, 0); 1030 break; 1031 1032 case IFT_GIF: 1033 break; 1034 1035 default: 1036 panic("bridge_delete_member: impossible"); 1037 break; 1038 } 1039 } 1040 1041 /* 1042 * Remove bifs from percpu linked list. 1043 * 1044 * Removed bifs are not freed immediately, instead, 1045 * they are saved in saved_bifs. They will be freed 1046 * after we make sure that no one is accessing them, 1047 * i.e. after following netmsg_service_sync() 1048 */ 1049 TAILQ_INIT(&saved_bifs); 1050 bridge_del_bif(sc, bif_info, &saved_bifs); 1051 1052 /* 1053 * Make sure that all protocol threads: 1054 * o see 'ifs' if_bridge is changed 1055 * o know that bif is removed from the percpu linked list 1056 */ 1057 netmsg_service_sync(); 1058 1059 /* 1060 * Free the removed bifs 1061 */ 1062 KKASSERT(!TAILQ_EMPTY(&saved_bifs)); 1063 while ((bif = TAILQ_FIRST(&saved_bifs)) != NULL) { 1064 TAILQ_REMOVE(&saved_bifs, bif, bif_next); 1065 kfree(bif, M_DEVBUF); 1066 } 1067 1068 /* See the comment in bridge_ioctl_stop() */ 1069 bridge_rtmsg_sync(sc); 1070 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL | IFBF_FLUSHSYNC); 1071 1072 ifnet_serialize_all(bifp); 1073 1074 if (bifp->if_flags & IFF_RUNNING) 1075 bstp_initialization(sc); 1076 1077 /* 1078 * Free the bif_info after bstp_initialization(), so that 1079 * bridge_softc.sc_root_port will not reference a dangling 1080 * pointer. 1081 */ 1082 kfree(bif_info, M_DEVBUF); 1083 } 1084 1085 /* 1086 * bridge_delete_span: 1087 * 1088 * Delete the specified span interface. 1089 */ 1090 static void 1091 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 1092 { 1093 KASSERT(bif->bif_ifp->if_bridge == NULL, 1094 ("%s: not a span interface", __func__)); 1095 1096 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], bif, bif_next); 1097 kfree(bif, M_DEVBUF); 1098 } 1099 1100 static int 1101 bridge_ioctl_init(struct bridge_softc *sc, void *arg __unused) 1102 { 1103 struct ifnet *ifp = sc->sc_ifp; 1104 1105 if (ifp->if_flags & IFF_RUNNING) 1106 return 0; 1107 1108 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1109 bridge_timer, sc); 1110 1111 ifp->if_flags |= IFF_RUNNING; 1112 bstp_initialization(sc); 1113 return 0; 1114 } 1115 1116 static int 1117 bridge_ioctl_stop(struct bridge_softc *sc, void *arg __unused) 1118 { 1119 struct ifnet *ifp = sc->sc_ifp; 1120 1121 if ((ifp->if_flags & IFF_RUNNING) == 0) 1122 return 0; 1123 1124 callout_stop(&sc->sc_brcallout); 1125 1126 crit_enter(); 1127 lwkt_dropmsg(&sc->sc_brtimemsg.lmsg); 1128 crit_exit(); 1129 1130 bstp_stop(sc); 1131 1132 ifp->if_flags &= ~IFF_RUNNING; 1133 1134 ifnet_deserialize_all(ifp); 1135 1136 /* Let everyone know that we are stopped */ 1137 netmsg_service_sync(); 1138 1139 /* 1140 * Sync ifnetX msgports in the order we forward rtnode 1141 * installation message. This is used to make sure that 1142 * all rtnode installation messages sent by bridge_rtupdate() 1143 * during above netmsg_service_sync() are flushed. 1144 */ 1145 bridge_rtmsg_sync(sc); 1146 bridge_rtflush(sc, IFBF_FLUSHDYN | IFBF_FLUSHSYNC); 1147 1148 ifnet_serialize_all(ifp); 1149 return 0; 1150 } 1151 1152 static int 1153 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 1154 { 1155 struct ifbreq *req = arg; 1156 struct bridge_iflist *bif; 1157 struct bridge_ifinfo *bif_info; 1158 struct ifnet *ifs, *bifp; 1159 int error = 0; 1160 1161 bifp = sc->sc_ifp; 1162 ASSERT_IFNET_SERIALIZED_ALL(bifp); 1163 1164 ifs = ifunit_netisr(req->ifbr_ifsname); 1165 if (ifs == NULL) 1166 return (ENOENT); 1167 1168 /* If it's in the span list, it can't be a member. */ 1169 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1170 if (ifs == bif->bif_ifp) 1171 return (EBUSY); 1172 1173 /* Allow the first Ethernet member to define the MTU */ 1174 if (ifs->if_type != IFT_GIF) { 1175 if (TAILQ_EMPTY(&sc->sc_iflists[mycpuid])) { 1176 bifp->if_mtu = ifs->if_mtu; 1177 } else if (bifp->if_mtu != ifs->if_mtu) { 1178 if_printf(bifp, "invalid MTU for %s\n", ifs->if_xname); 1179 return (EINVAL); 1180 } 1181 } 1182 1183 if (ifs->if_bridge == sc) 1184 return (EEXIST); 1185 1186 if (ifs->if_bridge != NULL) 1187 return (EBUSY); 1188 1189 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1190 bif_info->bifi_priority = BSTP_DEFAULT_PORT_PRIORITY; 1191 bif_info->bifi_path_cost = BSTP_DEFAULT_PATH_COST; 1192 bif_info->bifi_ifp = ifs; 1193 bif_info->bifi_bond_weight = 1; 1194 1195 /* 1196 * Release bridge interface's serializer: 1197 * - To avoid possible dead lock. 1198 * - Various sync operation will block the current thread. 1199 */ 1200 ifnet_deserialize_all(bifp); 1201 1202 switch (ifs->if_type) { 1203 case IFT_ETHER: 1204 case IFT_L2VLAN: 1205 /* 1206 * Place the interface into promiscuous mode. 1207 */ 1208 error = ifpromisc(ifs, 1); 1209 if (error) { 1210 ifnet_serialize_all(bifp); 1211 goto out; 1212 } 1213 bridge_mutecaps(bif_info, ifs, 1); 1214 break; 1215 1216 case IFT_GIF: /* :^) */ 1217 break; 1218 1219 default: 1220 error = EINVAL; 1221 ifnet_serialize_all(bifp); 1222 goto out; 1223 } 1224 1225 /* 1226 * Add bifs to percpu linked lists 1227 */ 1228 bridge_add_bif(sc, bif_info, ifs); 1229 1230 ifnet_serialize_all(bifp); 1231 1232 if (bifp->if_flags & IFF_RUNNING) 1233 bstp_initialization(sc); 1234 else 1235 bstp_stop(sc); 1236 1237 /* 1238 * Everything has been setup, so let the member interface 1239 * deliver packets to this bridge on its input/output path. 1240 */ 1241 ifs->if_bridge = sc; 1242 out: 1243 if (error) { 1244 if (bif_info != NULL) 1245 kfree(bif_info, M_DEVBUF); 1246 } 1247 return (error); 1248 } 1249 1250 static int 1251 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 1252 { 1253 struct ifbreq *req = arg; 1254 struct bridge_iflist *bif; 1255 1256 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1257 if (bif == NULL) 1258 return (ENOENT); 1259 1260 bridge_delete_member(sc, bif, 0); 1261 1262 return (0); 1263 } 1264 1265 static int 1266 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 1267 { 1268 struct ifbreq *req = arg; 1269 struct bridge_iflist *bif; 1270 1271 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1272 if (bif == NULL) 1273 return (ENOENT); 1274 bridge_ioctl_fillflags(sc, bif, req); 1275 return (0); 1276 } 1277 1278 static void 1279 bridge_ioctl_fillflags(struct bridge_softc *sc, struct bridge_iflist *bif, 1280 struct ifbreq *req) 1281 { 1282 req->ifbr_ifsflags = bif->bif_flags; 1283 req->ifbr_state = bif->bif_state; 1284 req->ifbr_priority = bif->bif_priority; 1285 req->ifbr_path_cost = bif->bif_path_cost; 1286 req->ifbr_bond_weight = bif->bif_bond_weight; 1287 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1288 if (bif->bif_flags & IFBIF_STP) { 1289 req->ifbr_peer_root = bif->bif_peer_root; 1290 req->ifbr_peer_bridge = bif->bif_peer_bridge; 1291 req->ifbr_peer_cost = bif->bif_peer_cost; 1292 req->ifbr_peer_port = bif->bif_peer_port; 1293 if (bstp_supersedes_port_info(sc, bif)) { 1294 req->ifbr_designated_root = bif->bif_peer_root; 1295 req->ifbr_designated_bridge = bif->bif_peer_bridge; 1296 req->ifbr_designated_cost = bif->bif_peer_cost; 1297 req->ifbr_designated_port = bif->bif_peer_port; 1298 } else { 1299 req->ifbr_designated_root = sc->sc_bridge_id; 1300 req->ifbr_designated_bridge = sc->sc_bridge_id; 1301 req->ifbr_designated_cost = bif->bif_path_cost + 1302 bif->bif_peer_cost; 1303 req->ifbr_designated_port = bif->bif_port_id; 1304 } 1305 } else { 1306 req->ifbr_peer_root = 0; 1307 req->ifbr_peer_bridge = 0; 1308 req->ifbr_peer_cost = 0; 1309 req->ifbr_peer_port = 0; 1310 req->ifbr_designated_root = 0; 1311 req->ifbr_designated_bridge = 0; 1312 req->ifbr_designated_cost = 0; 1313 req->ifbr_designated_port = 0; 1314 } 1315 } 1316 1317 static int 1318 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 1319 { 1320 struct ifbreq *req = arg; 1321 struct bridge_iflist *bif; 1322 struct ifnet *bifp = sc->sc_ifp; 1323 1324 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1325 if (bif == NULL) 1326 return (ENOENT); 1327 1328 if (req->ifbr_ifsflags & IFBIF_SPAN) { 1329 /* SPAN is readonly */ 1330 return (EINVAL); 1331 } 1332 1333 if (req->ifbr_ifsflags & IFBIF_STP) { 1334 switch (bif->bif_ifp->if_type) { 1335 case IFT_ETHER: 1336 /* These can do spanning tree. */ 1337 break; 1338 1339 default: 1340 /* Nothing else can. */ 1341 return (EINVAL); 1342 } 1343 } 1344 1345 bif->bif_flags = (bif->bif_flags & IFBIF_KEEPMASK) | 1346 (req->ifbr_ifsflags & ~IFBIF_KEEPMASK); 1347 if (bifp->if_flags & IFF_RUNNING) 1348 bstp_initialization(sc); 1349 1350 return (0); 1351 } 1352 1353 static int 1354 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1355 { 1356 struct ifbrparam *param = arg; 1357 struct ifnet *ifp = sc->sc_ifp; 1358 1359 sc->sc_brtmax = param->ifbrp_csize; 1360 1361 ifnet_deserialize_all(ifp); 1362 bridge_rttrim(sc); 1363 ifnet_serialize_all(ifp); 1364 1365 return (0); 1366 } 1367 1368 static int 1369 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1370 { 1371 struct ifbrparam *param = arg; 1372 1373 param->ifbrp_csize = sc->sc_brtmax; 1374 1375 return (0); 1376 } 1377 1378 static int 1379 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1380 { 1381 struct bridge_control_arg *bc_arg = arg; 1382 struct ifbifconf *bifc = arg; 1383 struct bridge_iflist *bif; 1384 struct ifbreq *breq; 1385 int count, len; 1386 1387 count = 0; 1388 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) 1389 count++; 1390 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1391 count++; 1392 1393 if (bifc->ifbic_len == 0) { 1394 bifc->ifbic_len = sizeof(*breq) * count; 1395 return 0; 1396 } else if (count == 0 || bifc->ifbic_len < sizeof(*breq)) { 1397 bifc->ifbic_len = 0; 1398 return 0; 1399 } 1400 1401 len = min(bifc->ifbic_len, sizeof(*breq) * count); 1402 KKASSERT(len >= sizeof(*breq)); 1403 1404 breq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1405 if (breq == NULL) { 1406 bifc->ifbic_len = 0; 1407 return ENOMEM; 1408 } 1409 bc_arg->bca_kptr = breq; 1410 1411 count = 0; 1412 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1413 if (len < sizeof(*breq)) 1414 break; 1415 1416 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1417 sizeof(breq->ifbr_ifsname)); 1418 bridge_ioctl_fillflags(sc, bif, breq); 1419 breq++; 1420 count++; 1421 len -= sizeof(*breq); 1422 } 1423 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1424 if (len < sizeof(*breq)) 1425 break; 1426 1427 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1428 sizeof(breq->ifbr_ifsname)); 1429 breq->ifbr_ifsflags = bif->bif_flags; 1430 breq->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1431 breq++; 1432 count++; 1433 len -= sizeof(*breq); 1434 } 1435 1436 bifc->ifbic_len = sizeof(*breq) * count; 1437 KKASSERT(bifc->ifbic_len > 0); 1438 1439 bc_arg->bca_len = bifc->ifbic_len; 1440 bc_arg->bca_uptr = bifc->ifbic_req; 1441 return 0; 1442 } 1443 1444 static int 1445 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1446 { 1447 struct bridge_control_arg *bc_arg = arg; 1448 struct ifbaconf *bac = arg; 1449 struct bridge_rtnode *brt; 1450 struct ifbareq *bareq; 1451 int count, len; 1452 1453 count = 0; 1454 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) 1455 count++; 1456 1457 if (bac->ifbac_len == 0) { 1458 bac->ifbac_len = sizeof(*bareq) * count; 1459 return 0; 1460 } else if (count == 0 || bac->ifbac_len < sizeof(*bareq)) { 1461 bac->ifbac_len = 0; 1462 return 0; 1463 } 1464 1465 len = min(bac->ifbac_len, sizeof(*bareq) * count); 1466 KKASSERT(len >= sizeof(*bareq)); 1467 1468 bareq = kmalloc(len, M_TEMP, M_WAITOK | M_NULLOK | M_ZERO); 1469 if (bareq == NULL) { 1470 bac->ifbac_len = 0; 1471 return ENOMEM; 1472 } 1473 bc_arg->bca_kptr = bareq; 1474 1475 count = 0; 1476 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 1477 struct bridge_rtinfo *bri = brt->brt_info; 1478 time_t expire; 1479 1480 if (len < sizeof(*bareq)) 1481 break; 1482 1483 strlcpy(bareq->ifba_ifsname, bri->bri_ifp->if_xname, 1484 sizeof(bareq->ifba_ifsname)); 1485 memcpy(bareq->ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1486 expire = bri->bri_expire; 1487 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1488 time_uptime < expire) 1489 bareq->ifba_expire = expire - time_uptime; 1490 else 1491 bareq->ifba_expire = 0; 1492 bareq->ifba_flags = bri->bri_flags; 1493 bareq++; 1494 count++; 1495 len -= sizeof(*bareq); 1496 } 1497 1498 bac->ifbac_len = sizeof(*bareq) * count; 1499 KKASSERT(bac->ifbac_len > 0); 1500 1501 bc_arg->bca_len = bac->ifbac_len; 1502 bc_arg->bca_uptr = bac->ifbac_req; 1503 return 0; 1504 } 1505 1506 static int 1507 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1508 { 1509 struct ifbareq *req = arg; 1510 struct bridge_iflist *bif; 1511 struct ifnet *ifp = sc->sc_ifp; 1512 int error; 1513 1514 ASSERT_IFNET_SERIALIZED_ALL(ifp); 1515 1516 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1517 if (bif == NULL) 1518 return (ENOENT); 1519 1520 ifnet_deserialize_all(ifp); 1521 error = bridge_rtsaddr(sc, req->ifba_dst, bif->bif_ifp, 1522 req->ifba_flags); 1523 ifnet_serialize_all(ifp); 1524 return (error); 1525 } 1526 1527 static int 1528 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1529 { 1530 struct ifbrparam *param = arg; 1531 1532 sc->sc_brttimeout = param->ifbrp_ctime; 1533 1534 return (0); 1535 } 1536 1537 static int 1538 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1539 { 1540 struct ifbrparam *param = arg; 1541 1542 param->ifbrp_ctime = sc->sc_brttimeout; 1543 1544 return (0); 1545 } 1546 1547 static int 1548 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1549 { 1550 struct ifbareq *req = arg; 1551 struct ifnet *ifp = sc->sc_ifp; 1552 int error; 1553 1554 ifnet_deserialize_all(ifp); 1555 error = bridge_rtdaddr(sc, req->ifba_dst); 1556 ifnet_serialize_all(ifp); 1557 return error; 1558 } 1559 1560 static int 1561 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1562 { 1563 struct ifbreq *req = arg; 1564 struct ifnet *ifp = sc->sc_ifp; 1565 1566 ifnet_deserialize_all(ifp); 1567 bridge_rtflush(sc, req->ifbr_ifsflags | IFBF_FLUSHSYNC); 1568 ifnet_serialize_all(ifp); 1569 1570 return (0); 1571 } 1572 1573 static int 1574 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1575 { 1576 struct ifbrparam *param = arg; 1577 1578 param->ifbrp_prio = sc->sc_bridge_priority; 1579 1580 return (0); 1581 } 1582 1583 static int 1584 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1585 { 1586 struct ifbrparam *param = arg; 1587 1588 sc->sc_bridge_priority = param->ifbrp_prio; 1589 1590 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1591 bstp_initialization(sc); 1592 1593 return (0); 1594 } 1595 1596 static int 1597 bridge_ioctl_reinit(struct bridge_softc *sc, void *arg __unused) 1598 { 1599 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1600 bstp_initialization(sc); 1601 return (0); 1602 } 1603 1604 static int 1605 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1606 { 1607 struct ifbrparam *param = arg; 1608 1609 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1610 1611 return (0); 1612 } 1613 1614 static int 1615 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1616 { 1617 struct ifbrparam *param = arg; 1618 1619 if (param->ifbrp_hellotime == 0) 1620 return (EINVAL); 1621 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1622 1623 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1624 bstp_initialization(sc); 1625 1626 return (0); 1627 } 1628 1629 static int 1630 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1631 { 1632 struct ifbrparam *param = arg; 1633 1634 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1635 1636 return (0); 1637 } 1638 1639 static int 1640 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1641 { 1642 struct ifbrparam *param = arg; 1643 1644 if (param->ifbrp_fwddelay == 0) 1645 return (EINVAL); 1646 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1647 1648 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1649 bstp_initialization(sc); 1650 1651 return (0); 1652 } 1653 1654 static int 1655 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1656 { 1657 struct ifbrparam *param = arg; 1658 1659 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1660 1661 return (0); 1662 } 1663 1664 static int 1665 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1666 { 1667 struct ifbrparam *param = arg; 1668 1669 if (param->ifbrp_maxage == 0) 1670 return (EINVAL); 1671 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1672 1673 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1674 bstp_initialization(sc); 1675 1676 return (0); 1677 } 1678 1679 static int 1680 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1681 { 1682 struct ifbreq *req = arg; 1683 struct bridge_iflist *bif; 1684 1685 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1686 if (bif == NULL) 1687 return (ENOENT); 1688 1689 bif->bif_priority = req->ifbr_priority; 1690 1691 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1692 bstp_initialization(sc); 1693 1694 return (0); 1695 } 1696 1697 static int 1698 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1699 { 1700 struct ifbreq *req = arg; 1701 struct bridge_iflist *bif; 1702 1703 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1704 if (bif == NULL) 1705 return (ENOENT); 1706 1707 bif->bif_path_cost = req->ifbr_path_cost; 1708 1709 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1710 bstp_initialization(sc); 1711 1712 return (0); 1713 } 1714 1715 static int 1716 bridge_ioctl_sifbondwght(struct bridge_softc *sc, void *arg) 1717 { 1718 struct ifbreq *req = arg; 1719 struct bridge_iflist *bif; 1720 1721 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1722 if (bif == NULL) 1723 return (ENOENT); 1724 1725 bif->bif_bond_weight = req->ifbr_bond_weight; 1726 1727 /* no reinit needed */ 1728 1729 return (0); 1730 } 1731 1732 static int 1733 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1734 { 1735 struct ifbreq *req = arg; 1736 struct bridge_iflist *bif; 1737 struct ifnet *ifs; 1738 struct bridge_ifinfo *bif_info; 1739 1740 ifs = ifunit_netisr(req->ifbr_ifsname); 1741 if (ifs == NULL) 1742 return (ENOENT); 1743 1744 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1745 if (ifs == bif->bif_ifp) 1746 return (EBUSY); 1747 1748 if (ifs->if_bridge != NULL) 1749 return (EBUSY); 1750 1751 switch (ifs->if_type) { 1752 case IFT_ETHER: 1753 case IFT_GIF: 1754 case IFT_L2VLAN: 1755 break; 1756 1757 default: 1758 return (EINVAL); 1759 } 1760 1761 /* 1762 * bif_info is needed for bif_flags 1763 */ 1764 bif_info = kmalloc(sizeof(*bif_info), M_DEVBUF, M_WAITOK | M_ZERO); 1765 bif_info->bifi_ifp = ifs; 1766 1767 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 1768 bif->bif_ifp = ifs; 1769 bif->bif_info = bif_info; 1770 bif->bif_flags = IFBIF_SPAN; 1771 /* NOTE: span bif does not need bridge_ifinfo */ 1772 1773 TAILQ_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1774 1775 sc->sc_span = 1; 1776 1777 return (0); 1778 } 1779 1780 static int 1781 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1782 { 1783 struct ifbreq *req = arg; 1784 struct bridge_iflist *bif; 1785 struct ifnet *ifs; 1786 1787 ifs = ifunit_netisr(req->ifbr_ifsname); 1788 if (ifs == NULL) 1789 return (ENOENT); 1790 1791 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1792 if (ifs == bif->bif_ifp) 1793 break; 1794 1795 if (bif == NULL) 1796 return (ENOENT); 1797 1798 bridge_delete_span(sc, bif); 1799 1800 if (TAILQ_EMPTY(&sc->sc_spanlist)) 1801 sc->sc_span = 0; 1802 1803 return (0); 1804 } 1805 1806 static void 1807 bridge_ifdetach_dispatch(netmsg_t msg) 1808 { 1809 struct ifnet *ifp, *bifp; 1810 struct bridge_softc *sc; 1811 struct bridge_iflist *bif; 1812 1813 ifp = msg->lmsg.u.ms_resultp; 1814 sc = ifp->if_bridge; 1815 1816 /* Check if the interface is a bridge member */ 1817 if (sc != NULL) { 1818 bifp = sc->sc_ifp; 1819 1820 ifnet_serialize_all(bifp); 1821 1822 bif = bridge_lookup_member_if(sc, ifp); 1823 if (bif != NULL) { 1824 bridge_delete_member(sc, bif, 1); 1825 } else { 1826 /* XXX Why bif will be NULL? */ 1827 } 1828 1829 ifnet_deserialize_all(bifp); 1830 goto reply; 1831 } 1832 1833 crit_enter(); /* XXX MP */ 1834 1835 /* Check if the interface is a span port */ 1836 LIST_FOREACH(sc, &bridge_list, sc_list) { 1837 bifp = sc->sc_ifp; 1838 1839 ifnet_serialize_all(bifp); 1840 1841 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) 1842 if (ifp == bif->bif_ifp) { 1843 bridge_delete_span(sc, bif); 1844 break; 1845 } 1846 1847 ifnet_deserialize_all(bifp); 1848 } 1849 1850 crit_exit(); 1851 1852 reply: 1853 lwkt_replymsg(&msg->lmsg, 0); 1854 } 1855 1856 /* 1857 * bridge_ifdetach: 1858 * 1859 * Detach an interface from a bridge. Called when a member 1860 * interface is detaching. 1861 */ 1862 static void 1863 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1864 { 1865 struct netmsg_base msg; 1866 1867 netmsg_init(&msg, NULL, &curthread->td_msgport, 1868 0, bridge_ifdetach_dispatch); 1869 msg.lmsg.u.ms_resultp = ifp; 1870 1871 lwkt_domsg(BRIDGE_CFGPORT, &msg.lmsg, 0); 1872 } 1873 1874 /* 1875 * bridge_init: 1876 * 1877 * Initialize a bridge interface. 1878 */ 1879 static void 1880 bridge_init(void *xsc) 1881 { 1882 bridge_control(xsc, SIOCSIFFLAGS, bridge_ioctl_init, NULL); 1883 } 1884 1885 /* 1886 * bridge_stop: 1887 * 1888 * Stop the bridge interface. 1889 */ 1890 static void 1891 bridge_stop(struct ifnet *ifp) 1892 { 1893 bridge_control(ifp->if_softc, SIOCSIFFLAGS, bridge_ioctl_stop, NULL); 1894 } 1895 1896 /* 1897 * Returns TRUE if the packet is being sent 'from us'... from our bridge 1898 * interface or from any member of our bridge interface. This is used 1899 * later on to force the MAC to be the MAC of our bridge interface. 1900 */ 1901 static int 1902 bridge_from_us(struct bridge_softc *sc, struct ether_header *eh) 1903 { 1904 struct bridge_iflist *bif; 1905 1906 if (memcmp(eh->ether_shost, IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN) == 0) 1907 return (1); 1908 1909 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 1910 if (memcmp(eh->ether_shost, IF_LLADDR(bif->bif_ifp), 1911 ETHER_ADDR_LEN) == 0) { 1912 return (1); 1913 } 1914 } 1915 return (0); 1916 } 1917 1918 /* 1919 * bridge_enqueue: 1920 * 1921 * Enqueue a packet on a bridge member interface. 1922 * 1923 */ 1924 void 1925 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1926 { 1927 struct netmsg_packet *nmp; 1928 1929 mbuftrackid(m, 64); 1930 1931 nmp = &m->m_hdr.mh_netmsg; 1932 netmsg_init(&nmp->base, NULL, &netisr_apanic_rport, 1933 0, bridge_enqueue_handler); 1934 nmp->nm_packet = m; 1935 nmp->base.lmsg.u.ms_resultp = dst_ifp; 1936 1937 lwkt_sendmsg_oncpu(netisr_cpuport(mycpuid), &nmp->base.lmsg); 1938 } 1939 1940 /* 1941 * After looking up dst_if in our forwarding table we still have to 1942 * deal with channel bonding. Find the best interface in the bonding set. 1943 */ 1944 static struct ifnet * 1945 bridge_select_unicast(struct bridge_softc *sc, struct ifnet *dst_if, 1946 int from_blocking, struct mbuf *m) 1947 { 1948 struct bridge_iflist *bif, *nbif; 1949 struct ifnet *alt_if; 1950 int alt_priority; 1951 int priority; 1952 1953 /* 1954 * Unicast, kinda replicates the output side of bridge_output(). 1955 * 1956 * Even though this is a uni-cast packet we may have to select 1957 * an interface from a bonding set. 1958 */ 1959 bif = bridge_lookup_member_if(sc, dst_if); 1960 if (bif == NULL) { 1961 /* Not a member of the bridge (anymore?) */ 1962 return NULL; 1963 } 1964 1965 /* 1966 * If STP is enabled on the target we are an equal opportunity 1967 * employer and do not necessarily output to dst_if. Instead 1968 * scan available links with the same MAC as the current dst_if 1969 * and choose the best one. 1970 * 1971 * We also need to do this because arp entries tag onto a particular 1972 * interface and if it happens to be dead then the packets will 1973 * go into a bit bucket. 1974 * 1975 * If LINK2 is set the matching links are bonded and we-round robin. 1976 * (the MAC address must be the same for the participating links). 1977 * In this case links in a STP FORWARDING or BONDED state are 1978 * allowed for unicast packets. 1979 */ 1980 if (bif->bif_flags & IFBIF_STP) { 1981 alt_if = NULL; 1982 alt_priority = 0; 1983 priority = 0; 1984 1985 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], 1986 bif_next, nbif) { 1987 /* 1988 * dst_if may imply a bonding set so we must compare 1989 * MAC addresses. 1990 */ 1991 if (memcmp(IF_LLADDR(bif->bif_ifp), 1992 IF_LLADDR(dst_if), 1993 ETHER_ADDR_LEN) != 0) { 1994 continue; 1995 } 1996 1997 if ((bif->bif_ifp->if_flags & IFF_RUNNING) == 0) 1998 continue; 1999 2000 /* 2001 * NOTE: We allow tranmissions through a BLOCKING 2002 * or LEARNING interface only as a last resort. 2003 * We DISALLOW both cases if the receiving 2004 * 2005 * NOTE: If we send a packet through a learning 2006 * interface the receiving end (if also in 2007 * LEARNING) will throw it away, so this is 2008 * the ultimate last resort. 2009 */ 2010 switch(bif->bif_state) { 2011 case BSTP_IFSTATE_BLOCKING: 2012 if (from_blocking == 0 && 2013 bif->bif_priority + 256 > alt_priority) { 2014 alt_priority = bif->bif_priority + 256; 2015 alt_if = bif->bif_ifp; 2016 } 2017 continue; 2018 case BSTP_IFSTATE_LEARNING: 2019 if (from_blocking == 0 && 2020 bif->bif_priority > alt_priority) { 2021 alt_priority = bif->bif_priority; 2022 alt_if = bif->bif_ifp; 2023 } 2024 continue; 2025 case BSTP_IFSTATE_L1BLOCKING: 2026 case BSTP_IFSTATE_LISTENING: 2027 case BSTP_IFSTATE_DISABLED: 2028 continue; 2029 default: 2030 /* FORWARDING, BONDED */ 2031 break; 2032 } 2033 2034 /* 2035 * XXX we need to use the toepliz hash or 2036 * something like that instead of 2037 * round-robining. 2038 */ 2039 if (sc->sc_ifp->if_flags & IFF_LINK2) { 2040 dst_if = bif->bif_ifp; 2041 if (++bif->bif_bond_count >= 2042 bif->bif_bond_weight) { 2043 bif->bif_bond_count = 0; 2044 TAILQ_REMOVE(&sc->sc_iflists[mycpuid], 2045 bif, bif_next); 2046 TAILQ_INSERT_TAIL( 2047 &sc->sc_iflists[mycpuid], 2048 bif, bif_next); 2049 } 2050 priority = 1; 2051 break; 2052 } 2053 2054 /* 2055 * Select best interface in the FORWARDING or 2056 * BONDED set. Well, there shouldn't be any 2057 * in a BONDED state if LINK2 is not set (they 2058 * will all be in a BLOCKING) state, but there 2059 * could be a transitory condition here. 2060 */ 2061 if (bif->bif_priority > priority) { 2062 priority = bif->bif_priority; 2063 dst_if = bif->bif_ifp; 2064 } 2065 } 2066 2067 /* 2068 * If no suitable interfaces were found but a suitable 2069 * alternative interface was found, use the alternative 2070 * interface. 2071 */ 2072 if (priority == 0 && alt_if) 2073 dst_if = alt_if; 2074 } 2075 2076 /* 2077 * At this point, we're dealing with a unicast frame 2078 * going to a different interface. 2079 */ 2080 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2081 dst_if = NULL; 2082 return (dst_if); 2083 } 2084 2085 2086 /* 2087 * bridge_output: 2088 * 2089 * Send output from a bridge member interface. This 2090 * performs the bridging function for locally originated 2091 * packets. 2092 * 2093 * The mbuf has the Ethernet header already attached. We must 2094 * enqueue or free the mbuf before returning. 2095 */ 2096 static int 2097 bridge_output(struct ifnet *ifp, struct mbuf *m) 2098 { 2099 struct bridge_softc *sc = ifp->if_bridge; 2100 struct bridge_iflist *bif, *nbif; 2101 struct ether_header *eh; 2102 struct ifnet *dst_if, *alt_if, *bifp; 2103 int from_us; 2104 int alt_priority; 2105 2106 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2107 ASSERT_NETISR_NCPUS(mycpuid); 2108 mbuftrackid(m, 65); 2109 2110 /* 2111 * Make sure that we are still a member of a bridge interface. 2112 */ 2113 if (sc == NULL) { 2114 m_freem(m); 2115 return (0); 2116 } 2117 bifp = sc->sc_ifp; 2118 2119 /* 2120 * Acquire header 2121 */ 2122 if (m->m_len < ETHER_HDR_LEN) { 2123 m = m_pullup(m, ETHER_HDR_LEN); 2124 if (m == NULL) { 2125 IFNET_STAT_INC(bifp, oerrors, 1); 2126 return (0); 2127 } 2128 } 2129 eh = mtod(m, struct ether_header *); 2130 from_us = bridge_from_us(sc, eh); 2131 2132 /* 2133 * If bridge is down, but the original output interface is up, 2134 * go ahead and send out that interface. Otherwise, the packet 2135 * is dropped below. 2136 */ 2137 if ((bifp->if_flags & IFF_RUNNING) == 0) { 2138 dst_if = ifp; 2139 goto sendunicast; 2140 } 2141 2142 /* 2143 * If the packet is a multicast, or we don't know a better way to 2144 * get there, send to all interfaces except the originating one. 2145 */ 2146 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 2147 dst_if = NULL; 2148 else 2149 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2150 2151 if (dst_if == NULL) { 2152 struct mbuf *mc; 2153 int used = 0; 2154 int found = 0; 2155 2156 if (sc->sc_span) 2157 bridge_span(sc, m); 2158 2159 alt_if = NULL; 2160 alt_priority = 0; 2161 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], 2162 bif_next, nbif) { 2163 dst_if = bif->bif_ifp; 2164 2165 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2166 continue; 2167 2168 /* 2169 * If this is not the original output interface, 2170 * and the interface is participating in spanning 2171 * tree, make sure the port is in a state that 2172 * allows forwarding. 2173 * 2174 * We keep track of a possible backup IF if we are 2175 * unable to find any interfaces to forward through. 2176 * 2177 * NOTE: Currently round-robining is not implemented 2178 * across bonded interface groups (needs an 2179 * algorithm to track each group somehow). 2180 * 2181 * Similarly we track only one alternative 2182 * interface if no suitable interfaces are 2183 * found. 2184 */ 2185 if (dst_if != ifp && 2186 (bif->bif_flags & IFBIF_STP) != 0) { 2187 switch (bif->bif_state) { 2188 case BSTP_IFSTATE_BONDED: 2189 if (bif->bif_priority + 512 > 2190 alt_priority) { 2191 alt_priority = 2192 bif->bif_priority + 512; 2193 alt_if = bif->bif_ifp; 2194 } 2195 continue; 2196 case BSTP_IFSTATE_BLOCKING: 2197 if (bif->bif_priority + 256 > 2198 alt_priority) { 2199 alt_priority = 2200 bif->bif_priority + 256; 2201 alt_if = bif->bif_ifp; 2202 } 2203 continue; 2204 case BSTP_IFSTATE_LEARNING: 2205 if (bif->bif_priority > alt_priority) { 2206 alt_priority = 2207 bif->bif_priority; 2208 alt_if = bif->bif_ifp; 2209 } 2210 continue; 2211 case BSTP_IFSTATE_L1BLOCKING: 2212 case BSTP_IFSTATE_LISTENING: 2213 case BSTP_IFSTATE_DISABLED: 2214 continue; 2215 default: 2216 /* FORWARDING */ 2217 break; 2218 } 2219 } 2220 2221 KKASSERT(used == 0); 2222 if (TAILQ_NEXT(bif, bif_next) == NULL) { 2223 used = 1; 2224 mc = m; 2225 } else { 2226 mc = m_copypacket(m, M_NOWAIT); 2227 if (mc == NULL) { 2228 IFNET_STAT_INC(bifp, oerrors, 1); 2229 continue; 2230 } 2231 } 2232 2233 /* 2234 * If the packet is 'from' us override ether_shost. 2235 */ 2236 bridge_handoff(sc, dst_if, mc, from_us); 2237 found = 1; 2238 2239 if (nbif != NULL && !nbif->bif_onlist) { 2240 KKASSERT(bif->bif_onlist); 2241 nbif = TAILQ_NEXT(bif, bif_next); 2242 } 2243 } 2244 2245 /* 2246 * If we couldn't find anything use the backup interface 2247 * if we have one. 2248 */ 2249 if (found == 0 && alt_if) { 2250 KKASSERT(used == 0); 2251 mc = m; 2252 used = 1; 2253 bridge_handoff(sc, alt_if, mc, from_us); 2254 } 2255 2256 if (used == 0) 2257 m_freem(m); 2258 return (0); 2259 } 2260 2261 /* 2262 * Unicast 2263 */ 2264 sendunicast: 2265 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2266 2267 if (sc->sc_span) 2268 bridge_span(sc, m); 2269 if (dst_if == NULL) 2270 m_freem(m); 2271 else 2272 bridge_handoff(sc, dst_if, m, from_us); 2273 return (0); 2274 } 2275 2276 /* 2277 * Returns the bridge interface associated with an ifc. 2278 * Pass ifp->if_bridge (must not be NULL). Used by the ARP 2279 * code to supply the bridge for the is-at info, making 2280 * the bridge responsible for matching local addresses. 2281 * 2282 * Without this the ARP code will supply bridge member interfaces 2283 * for the is-at which makes it difficult the bridge to fail-over 2284 * interfaces (among other things). 2285 */ 2286 static struct ifnet * 2287 bridge_interface(void *if_bridge) 2288 { 2289 struct bridge_softc *sc = if_bridge; 2290 return (sc->sc_ifp); 2291 } 2292 2293 /* 2294 * bridge_start: 2295 * 2296 * Start output on a bridge. 2297 */ 2298 static void 2299 bridge_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 2300 { 2301 struct bridge_softc *sc = ifp->if_softc; 2302 2303 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 2304 ASSERT_ALTQ_SQ_SERIALIZED_HW(ifsq); 2305 ASSERT_NETISR_NCPUS(mycpuid); 2306 2307 ifsq_set_oactive(ifsq); 2308 for (;;) { 2309 struct ifnet *dst_if = NULL; 2310 struct ether_header *eh; 2311 struct mbuf *m; 2312 2313 m = ifsq_dequeue(ifsq); 2314 if (m == NULL) 2315 break; 2316 mbuftrackid(m, 75); 2317 2318 if (m->m_len < sizeof(*eh)) { 2319 m = m_pullup(m, sizeof(*eh)); 2320 if (m == NULL) { 2321 IFNET_STAT_INC(ifp, oerrors, 1); 2322 continue; 2323 } 2324 } 2325 eh = mtod(m, struct ether_header *); 2326 2327 BPF_MTAP(ifp, m); 2328 IFNET_STAT_INC(ifp, opackets, 1); 2329 2330 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 2331 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2332 2333 /* 2334 * Multicast or broadcast 2335 */ 2336 if (dst_if == NULL) { 2337 bridge_start_bcast(sc, m); 2338 continue; 2339 } 2340 2341 /* 2342 * Unicast 2343 */ 2344 dst_if = bridge_select_unicast(sc, dst_if, 0, m); 2345 2346 if (dst_if == NULL) 2347 m_freem(m); 2348 else 2349 bridge_enqueue(dst_if, m); 2350 } 2351 ifsq_clr_oactive(ifsq); 2352 } 2353 2354 /* 2355 * bridge_forward: 2356 * 2357 * Forward packets received on a bridge interface via the input 2358 * path. 2359 * 2360 * This implements the forwarding function of the bridge. 2361 */ 2362 static void 2363 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 2364 { 2365 struct bridge_iflist *bif; 2366 struct ifnet *src_if, *dst_if, *ifp; 2367 struct ether_header *eh; 2368 int from_blocking; 2369 2370 mbuftrackid(m, 66); 2371 src_if = m->m_pkthdr.rcvif; 2372 ifp = sc->sc_ifp; 2373 2374 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2375 2376 /* 2377 * packet coming in on the bridge is also going out on the bridge, 2378 * but ether code won't adjust output stats for the bridge because 2379 * we are changing the interface to something else. 2380 */ 2381 IFNET_STAT_INC(ifp, opackets, 1); 2382 IFNET_STAT_INC(ifp, obytes, m->m_pkthdr.len); 2383 2384 /* 2385 * Look up the bridge_iflist. 2386 */ 2387 bif = bridge_lookup_member_if(sc, src_if); 2388 if (bif == NULL) { 2389 /* Interface is not a bridge member (anymore?) */ 2390 m_freem(m); 2391 return; 2392 } 2393 2394 /* 2395 * In spanning tree mode receiving a packet from an interface 2396 * in a BLOCKING state is allowed, it could be a member of last 2397 * resort from the sender's point of view, but forwarding it is 2398 * not allowed. 2399 * 2400 * The sender's spanning tree will eventually sync up and the 2401 * sender will go into a BLOCKING state too (but this still may be 2402 * an interface of last resort during state changes). 2403 */ 2404 if (bif->bif_flags & IFBIF_STP) { 2405 switch (bif->bif_state) { 2406 case BSTP_IFSTATE_L1BLOCKING: 2407 case BSTP_IFSTATE_LISTENING: 2408 case BSTP_IFSTATE_DISABLED: 2409 m_freem(m); 2410 return; 2411 default: 2412 /* learning, blocking, bonded, forwarding */ 2413 break; 2414 } 2415 from_blocking = (bif->bif_state == BSTP_IFSTATE_BLOCKING); 2416 } else { 2417 from_blocking = 0; 2418 } 2419 2420 eh = mtod(m, struct ether_header *); 2421 2422 /* 2423 * If the interface is learning, and the source 2424 * address is valid and not multicast, record 2425 * the address. 2426 */ 2427 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 2428 from_blocking == 0 && 2429 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 2430 (eh->ether_shost[0] == 0 && 2431 eh->ether_shost[1] == 0 && 2432 eh->ether_shost[2] == 0 && 2433 eh->ether_shost[3] == 0 && 2434 eh->ether_shost[4] == 0 && 2435 eh->ether_shost[5] == 0) == 0) { 2436 bridge_rtupdate(sc, eh->ether_shost, src_if, IFBAF_DYNAMIC); 2437 } 2438 2439 /* 2440 * Don't forward from an interface in the listening or learning 2441 * state. That is, in the learning state we learn information 2442 * but we throw away the packets. 2443 * 2444 * We let through packets on interfaces in the blocking state. 2445 * The blocking state is applicable to the send side, not the 2446 * receive side. 2447 */ 2448 if ((bif->bif_flags & IFBIF_STP) != 0 && 2449 (bif->bif_state == BSTP_IFSTATE_LISTENING || 2450 bif->bif_state == BSTP_IFSTATE_LEARNING)) { 2451 m_freem(m); 2452 return; 2453 } 2454 2455 /* 2456 * At this point, the port either doesn't participate 2457 * in spanning tree or it is in the forwarding state. 2458 */ 2459 2460 /* 2461 * If the packet is unicast, destined for someone on 2462 * "this" side of the bridge, drop it. 2463 * 2464 * src_if implies the entire bonding set so we have to compare MAC 2465 * addresses and not just if pointers. 2466 */ 2467 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 2468 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 2469 if (dst_if && memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 2470 ETHER_ADDR_LEN) == 0) { 2471 m_freem(m); 2472 return; 2473 } 2474 } else { 2475 /* ...forward it to all interfaces. */ 2476 IFNET_STAT_INC(ifp, imcasts, 1); 2477 dst_if = NULL; 2478 } 2479 2480 /* 2481 * Brodcast if we do not have forwarding information. However, if 2482 * we received the packet on a blocking interface we do not do this 2483 * (unless you really want to blow up your network). 2484 */ 2485 if (dst_if == NULL) { 2486 if (from_blocking) 2487 m_freem(m); 2488 else 2489 bridge_broadcast(sc, src_if, m); 2490 return; 2491 } 2492 2493 dst_if = bridge_select_unicast(sc, dst_if, from_blocking, m); 2494 2495 if (dst_if == NULL) { 2496 m_freem(m); 2497 return; 2498 } 2499 2500 if (inet_pfil_hook.ph_hashooks > 0 2501 #ifdef INET6 2502 || inet6_pfil_hook.ph_hashooks > 0 2503 #endif 2504 ) { 2505 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 2506 return; 2507 if (m == NULL) 2508 return; 2509 2510 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 2511 return; 2512 if (m == NULL) 2513 return; 2514 } 2515 bridge_handoff(sc, dst_if, m, 0); 2516 } 2517 2518 /* 2519 * bridge_input: 2520 * 2521 * Receive input from a member interface. Queue the packet for 2522 * bridging if it is not for us. 2523 */ 2524 static struct mbuf * 2525 bridge_input(struct ifnet *ifp, struct mbuf *m) 2526 { 2527 struct bridge_softc *sc = ifp->if_bridge; 2528 struct bridge_iflist *bif; 2529 struct ifnet *bifp, *new_ifp; 2530 struct ether_header *eh; 2531 struct mbuf *mc, *mc2; 2532 2533 ASSERT_IFNET_NOT_SERIALIZED_ALL(ifp); 2534 ASSERT_NETISR_NCPUS(mycpuid); 2535 mbuftrackid(m, 67); 2536 2537 /* 2538 * Make sure that we are still a member of a bridge interface. 2539 */ 2540 if (sc == NULL) 2541 return m; 2542 2543 new_ifp = NULL; 2544 bifp = sc->sc_ifp; 2545 2546 if ((bifp->if_flags & IFF_RUNNING) == 0) 2547 goto out; 2548 2549 /* 2550 * Implement support for bridge monitoring. If this flag has been 2551 * set on this interface, discard the packet once we push it through 2552 * the bpf(4) machinery, but before we do, increment various counters 2553 * associated with this bridge. 2554 */ 2555 if (bifp->if_flags & IFF_MONITOR) { 2556 /* 2557 * Change input interface to this bridge 2558 * 2559 * Update bridge's ifnet statistics 2560 */ 2561 m->m_pkthdr.rcvif = bifp; 2562 2563 BPF_MTAP(bifp, m); 2564 IFNET_STAT_INC(bifp, ipackets, 1); 2565 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2566 if (m->m_flags & (M_MCAST | M_BCAST)) 2567 IFNET_STAT_INC(bifp, imcasts, 1); 2568 2569 m_freem(m); 2570 m = NULL; 2571 goto out; 2572 } 2573 2574 /* 2575 * Handle the ether_header 2576 * 2577 * In all cases if the packet is destined for us via our MAC 2578 * we must clear BRIDGE_MBUF_TAGGED to ensure that we don't 2579 * repeat the source MAC out the same interface. 2580 * 2581 * This first test against our bridge MAC is the fast-path. 2582 * 2583 * NOTE! The bridge interface can serve as an endpoint for 2584 * communication but normally there are no IPs associated 2585 * with it so you cannot route through it. Instead what 2586 * you do is point your default route *THROUGH* the bridge 2587 * to the actual default router for one of the bridged spaces. 2588 * 2589 * Another possibility is to put all your IP specifications 2590 * on the bridge instead of on the individual interfaces. If 2591 * you do this it should be possible to use the bridge as an 2592 * end point and route (rather than switch) through it using 2593 * the default route or ipfw forwarding rules. 2594 */ 2595 2596 /* 2597 * Acquire header 2598 */ 2599 if (m->m_len < ETHER_HDR_LEN) { 2600 m = m_pullup(m, ETHER_HDR_LEN); 2601 if (m == NULL) 2602 goto out; 2603 } 2604 eh = mtod(m, struct ether_header *); 2605 m->m_pkthdr.fw_flags |= BRIDGE_MBUF_TAGGED; 2606 bcopy(eh->ether_shost, m->m_pkthdr.ether_br_shost, ETHER_ADDR_LEN); 2607 2608 if ((bridge_debug & 1) && 2609 (ntohs(eh->ether_type) == ETHERTYPE_ARP || 2610 ntohs(eh->ether_type) == ETHERTYPE_REVARP)) { 2611 kprintf("%02x:%02x:%02x:%02x:%02x:%02x " 2612 "%02x:%02x:%02x:%02x:%02x:%02x type %04x " 2613 "lla %02x:%02x:%02x:%02x:%02x:%02x\n", 2614 eh->ether_dhost[0], 2615 eh->ether_dhost[1], 2616 eh->ether_dhost[2], 2617 eh->ether_dhost[3], 2618 eh->ether_dhost[4], 2619 eh->ether_dhost[5], 2620 eh->ether_shost[0], 2621 eh->ether_shost[1], 2622 eh->ether_shost[2], 2623 eh->ether_shost[3], 2624 eh->ether_shost[4], 2625 eh->ether_shost[5], 2626 eh->ether_type, 2627 ((u_char *)IF_LLADDR(bifp))[0], 2628 ((u_char *)IF_LLADDR(bifp))[1], 2629 ((u_char *)IF_LLADDR(bifp))[2], 2630 ((u_char *)IF_LLADDR(bifp))[3], 2631 ((u_char *)IF_LLADDR(bifp))[4], 2632 ((u_char *)IF_LLADDR(bifp))[5] 2633 ); 2634 } 2635 2636 /* 2637 * If the packet is for us, set the packets source as the 2638 * bridge, and return the packet back to ifnet.if_input for 2639 * local processing. 2640 */ 2641 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 2642 /* 2643 * We must still record the source interface in our 2644 * addr cache, otherwise our bridge won't know where 2645 * to send responses and will broadcast them. 2646 */ 2647 bif = bridge_lookup_member_if(sc, ifp); 2648 if ((bif->bif_flags & IFBIF_LEARNING) && 2649 ((bif->bif_flags & IFBIF_STP) == 0 || 2650 bif->bif_state != BSTP_IFSTATE_BLOCKING)) { 2651 bridge_rtupdate(sc, eh->ether_shost, 2652 ifp, IFBAF_DYNAMIC); 2653 } 2654 2655 /* 2656 * Perform pfil hooks. 2657 */ 2658 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2659 KASSERT(bifp->if_bridge == NULL, 2660 ("loop created in bridge_input")); 2661 if (pfil_member != 0) { 2662 if (inet_pfil_hook.ph_hashooks > 0 2663 #ifdef INET6 2664 || inet6_pfil_hook.ph_hashooks > 0 2665 #endif 2666 ) { 2667 if (bridge_pfil(&m, NULL, ifp, PFIL_IN) != 0) 2668 goto out; 2669 if (m == NULL) 2670 goto out; 2671 } 2672 } 2673 2674 /* 2675 * Set new_ifp and skip to the end. This will trigger code 2676 * to reinput the packet and run it into our stack. 2677 */ 2678 new_ifp = bifp; 2679 goto out; 2680 } 2681 2682 /* 2683 * Tap all packets arriving on the bridge, no matter if 2684 * they are local destinations or not. In is in. 2685 * 2686 * Update bridge's ifnet statistics 2687 */ 2688 BPF_MTAP(bifp, m); 2689 IFNET_STAT_INC(bifp, ipackets, 1); 2690 IFNET_STAT_INC(bifp, ibytes, m->m_pkthdr.len); 2691 if (m->m_flags & (M_MCAST | M_BCAST)) 2692 IFNET_STAT_INC(bifp, imcasts, 1); 2693 2694 bif = bridge_lookup_member_if(sc, ifp); 2695 if (bif == NULL) 2696 goto out; 2697 2698 if (sc->sc_span) 2699 bridge_span(sc, m); 2700 2701 if (m->m_flags & (M_BCAST | M_MCAST)) { 2702 /* 2703 * Tap off 802.1D packets; they do not get forwarded. 2704 */ 2705 if (memcmp(eh->ether_dhost, bstp_etheraddr, 2706 ETHER_ADDR_LEN) == 0) { 2707 ifnet_serialize_all(bifp); 2708 bstp_input(sc, bif, m); 2709 ifnet_deserialize_all(bifp); 2710 2711 /* m is freed by bstp_input */ 2712 m = NULL; 2713 goto out; 2714 } 2715 2716 /* 2717 * Other than 802.11d packets, ignore packets if the 2718 * interface is not in a good state. 2719 * 2720 * NOTE: Broadcast/mcast packets received on a blocking or 2721 * learning interface are allowed for local processing. 2722 * 2723 * The sending side of a blocked port will stop 2724 * transmitting when a better alternative is found. 2725 * However, later on we will disallow the forwarding 2726 * of bcast/mcsat packets over a blocking interface. 2727 */ 2728 if (bif->bif_flags & IFBIF_STP) { 2729 switch (bif->bif_state) { 2730 case BSTP_IFSTATE_L1BLOCKING: 2731 case BSTP_IFSTATE_LISTENING: 2732 case BSTP_IFSTATE_DISABLED: 2733 goto out; 2734 default: 2735 /* blocking, learning, bonded, forwarding */ 2736 break; 2737 } 2738 } 2739 2740 /* 2741 * Make a deep copy of the packet and enqueue the copy 2742 * for bridge processing; return the original packet for 2743 * local processing. 2744 */ 2745 mc = m_dup(m, M_NOWAIT); 2746 if (mc == NULL) 2747 goto out; 2748 2749 /* 2750 * It's just too dangerous to allow bcast/mcast over a 2751 * blocked interface, eventually the network will sort 2752 * itself out and a better path will be found. 2753 */ 2754 if ((bif->bif_flags & IFBIF_STP) == 0 || 2755 bif->bif_state != BSTP_IFSTATE_BLOCKING) { 2756 bridge_forward(sc, mc); 2757 } 2758 2759 /* 2760 * Reinject the mbuf as arriving on the bridge so we have a 2761 * chance at claiming multicast packets. We can not loop back 2762 * here from ether_input as a bridge is never a member of a 2763 * bridge. 2764 */ 2765 KASSERT(bifp->if_bridge == NULL, 2766 ("loop created in bridge_input")); 2767 mc2 = m_dup(m, M_NOWAIT); 2768 #ifdef notyet 2769 if (mc2 != NULL) { 2770 /* Keep the layer3 header aligned */ 2771 int i = min(mc2->m_pkthdr.len, max_protohdr); 2772 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 2773 } 2774 #endif 2775 if (mc2 != NULL) { 2776 /* 2777 * Don't tap to bpf(4) again; we have already done 2778 * the tapping. 2779 * 2780 * Leave m_pkthdr.rcvif alone, so ARP replies are 2781 * processed as coming in on the correct interface. 2782 * 2783 * Clear the bridge flag for local processing in 2784 * case the packet gets routed. 2785 */ 2786 mc2->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2787 ether_reinput_oncpu(bifp, mc2, 0); 2788 } 2789 2790 /* Return the original packet for local processing. */ 2791 goto out; 2792 } 2793 2794 /* 2795 * Input of a unicast packet. We have to allow unicast packets 2796 * input from links in the BLOCKING state as this might be an 2797 * interface of last resort. 2798 * 2799 * NOTE: We explicitly ignore normal packets received on a link 2800 * in the BLOCKING state. The point of being in that state 2801 * is to avoid getting duplicate packets. 2802 * 2803 * HOWEVER, if LINK2 is set the normal spanning tree code 2804 * will mark an interface BLOCKING to avoid multi-cast/broadcast 2805 * loops. Unicast packets CAN still loop if we allow the 2806 * case (hence we only do it in LINK2), but it isn't quite as 2807 * bad as a broadcast packet looping. 2808 */ 2809 if (bif->bif_flags & IFBIF_STP) { 2810 switch (bif->bif_state) { 2811 case BSTP_IFSTATE_L1BLOCKING: 2812 case BSTP_IFSTATE_LISTENING: 2813 case BSTP_IFSTATE_DISABLED: 2814 goto out; 2815 default: 2816 /* blocking, bonded, forwarding, learning */ 2817 break; 2818 } 2819 } 2820 2821 /* 2822 * Unicast. Make sure it's not for us. 2823 * 2824 * This loop is MPSAFE; the only blocking operation (bridge_rtupdate) 2825 * is followed by breaking out of the loop. 2826 */ 2827 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 2828 if (bif->bif_ifp->if_type != IFT_ETHER) 2829 continue; 2830 2831 /* 2832 * It is destined for an interface linked to the bridge. 2833 * We want the bridge itself to take care of link level 2834 * forwarding to member interfaces so reinput on the bridge. 2835 * i.e. if you ping an IP on a target interface associated 2836 * with the bridge, the arp is-at response should indicate 2837 * the bridge MAC. 2838 * 2839 * Only update our addr list when learning if the port 2840 * is not in a blocking state. If it is we still allow 2841 * the packet but we do not try to learn from it. 2842 */ 2843 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 2844 ETHER_ADDR_LEN) == 0) { 2845 if (bif->bif_ifp != ifp) { 2846 /* XXX loop prevention */ 2847 m->m_flags |= M_ETHER_BRIDGED; 2848 } 2849 if ((bif->bif_flags & IFBIF_LEARNING) && 2850 ((bif->bif_flags & IFBIF_STP) == 0 || 2851 bif->bif_state != BSTP_IFSTATE_BLOCKING)) { 2852 bridge_rtupdate(sc, eh->ether_shost, 2853 ifp, IFBAF_DYNAMIC); 2854 } 2855 new_ifp = bifp; /* not bif->bif_ifp */ 2856 m->m_pkthdr.fw_flags &= ~BRIDGE_MBUF_TAGGED; 2857 goto out; 2858 } 2859 2860 /* 2861 * Ignore received packets that were sent by us. 2862 */ 2863 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 2864 ETHER_ADDR_LEN) == 0) { 2865 m_freem(m); 2866 m = NULL; 2867 goto out; 2868 } 2869 } 2870 2871 /* 2872 * It isn't for us. 2873 * 2874 * Perform the bridge forwarding function, but disallow bridging 2875 * to interfaces in the blocking state if the packet came in on 2876 * an interface in the blocking state. 2877 * 2878 * (bridge_forward also updates the addr cache). 2879 */ 2880 bridge_forward(sc, m); 2881 m = NULL; 2882 2883 /* 2884 * ether_reinput_oncpu() will reprocess rcvif as 2885 * coming from new_ifp (since we do not specify 2886 * REINPUT_KEEPRCVIF). 2887 */ 2888 out: 2889 if (new_ifp != NULL) { 2890 /* 2891 * Clear the bridge flag for local processing in 2892 * case the packet gets routed. 2893 */ 2894 ether_reinput_oncpu(new_ifp, m, REINPUT_RUNBPF); 2895 m = NULL; 2896 } 2897 return (m); 2898 } 2899 2900 /* 2901 * bridge_start_bcast: 2902 * 2903 * Broadcast the packet sent from bridge to all member 2904 * interfaces. 2905 * This is a simplified version of bridge_broadcast(), however, 2906 * this function expects caller to hold bridge's serializer. 2907 */ 2908 static void 2909 bridge_start_bcast(struct bridge_softc *sc, struct mbuf *m) 2910 { 2911 struct bridge_iflist *bif; 2912 struct mbuf *mc; 2913 struct ifnet *dst_if, *alt_if, *bifp; 2914 int used = 0; 2915 int found = 0; 2916 int alt_priority; 2917 2918 mbuftrackid(m, 68); 2919 bifp = sc->sc_ifp; 2920 ASSERT_IFNET_SERIALIZED_ALL(bifp); 2921 2922 /* 2923 * Following loop is MPSAFE; nothing is blocking 2924 * in the loop body. 2925 * 2926 * NOTE: We transmit through an member in the BLOCKING state only 2927 * as a last resort. 2928 */ 2929 alt_if = NULL; 2930 alt_priority = 0; 2931 2932 TAILQ_FOREACH(bif, &sc->sc_iflists[mycpuid], bif_next) { 2933 dst_if = bif->bif_ifp; 2934 2935 if (bif->bif_flags & IFBIF_STP) { 2936 switch (bif->bif_state) { 2937 case BSTP_IFSTATE_BLOCKING: 2938 if (bif->bif_priority > alt_priority) { 2939 alt_priority = bif->bif_priority; 2940 alt_if = bif->bif_ifp; 2941 } 2942 /* fall through */ 2943 case BSTP_IFSTATE_L1BLOCKING: 2944 case BSTP_IFSTATE_DISABLED: 2945 continue; 2946 default: 2947 /* listening, learning, bonded, forwarding */ 2948 break; 2949 } 2950 } 2951 2952 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 2953 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 2954 continue; 2955 2956 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2957 continue; 2958 2959 if (TAILQ_NEXT(bif, bif_next) == NULL) { 2960 mc = m; 2961 used = 1; 2962 } else { 2963 mc = m_copypacket(m, M_NOWAIT); 2964 if (mc == NULL) { 2965 IFNET_STAT_INC(bifp, oerrors, 1); 2966 continue; 2967 } 2968 } 2969 found = 1; 2970 bridge_enqueue(dst_if, mc); 2971 } 2972 2973 if (found == 0 && alt_if) { 2974 KKASSERT(used == 0); 2975 mc = m; 2976 used = 1; 2977 bridge_enqueue(alt_if, mc); 2978 } 2979 2980 if (used == 0) 2981 m_freem(m); 2982 } 2983 2984 /* 2985 * bridge_broadcast: 2986 * 2987 * Send a frame to all interfaces that are members of 2988 * the bridge, except for the one on which the packet 2989 * arrived. 2990 */ 2991 static void 2992 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2993 struct mbuf *m) 2994 { 2995 struct bridge_iflist *bif, *nbif; 2996 struct ether_header *eh; 2997 struct mbuf *mc; 2998 struct ifnet *dst_if, *alt_if, *bifp; 2999 int used; 3000 int found; 3001 int alt_priority; 3002 int from_us; 3003 3004 mbuftrackid(m, 69); 3005 bifp = sc->sc_ifp; 3006 ASSERT_IFNET_NOT_SERIALIZED_ALL(bifp); 3007 3008 eh = mtod(m, struct ether_header *); 3009 from_us = bridge_from_us(sc, eh); 3010 3011 if (inet_pfil_hook.ph_hashooks > 0 3012 #ifdef INET6 3013 || inet6_pfil_hook.ph_hashooks > 0 3014 #endif 3015 ) { 3016 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 3017 return; 3018 if (m == NULL) 3019 return; 3020 3021 /* Filter on the bridge interface before broadcasting */ 3022 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 3023 return; 3024 if (m == NULL) 3025 return; 3026 } 3027 3028 alt_if = NULL; 3029 alt_priority = 0; 3030 found = 0; 3031 used = 0; 3032 3033 TAILQ_FOREACH_MUTABLE(bif, &sc->sc_iflists[mycpuid], bif_next, nbif) { 3034 dst_if = bif->bif_ifp; 3035 3036 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3037 continue; 3038 3039 /* 3040 * Don't bounce the packet out the same interface it came 3041 * in on. We have to test MAC addresses because a packet 3042 * can come in a bonded interface and we don't want it to 3043 * be echod out the forwarding interface for the same bonding 3044 * set. 3045 */ 3046 if (src_if && memcmp(IF_LLADDR(src_if), IF_LLADDR(dst_if), 3047 ETHER_ADDR_LEN) == 0) { 3048 continue; 3049 } 3050 3051 /* 3052 * Generally speaking we only broadcast through forwarding 3053 * interfaces. If no interfaces are available we select 3054 * a BONDED, BLOCKING, or LEARNING interface to forward 3055 * through. 3056 */ 3057 if (bif->bif_flags & IFBIF_STP) { 3058 switch (bif->bif_state) { 3059 case BSTP_IFSTATE_BONDED: 3060 if (bif->bif_priority + 512 > alt_priority) { 3061 alt_priority = bif->bif_priority + 512; 3062 alt_if = bif->bif_ifp; 3063 } 3064 continue; 3065 case BSTP_IFSTATE_BLOCKING: 3066 if (bif->bif_priority + 256 > alt_priority) { 3067 alt_priority = bif->bif_priority + 256; 3068 alt_if = bif->bif_ifp; 3069 } 3070 continue; 3071 case BSTP_IFSTATE_LEARNING: 3072 if (bif->bif_priority > alt_priority) { 3073 alt_priority = bif->bif_priority; 3074 alt_if = bif->bif_ifp; 3075 } 3076 continue; 3077 case BSTP_IFSTATE_L1BLOCKING: 3078 case BSTP_IFSTATE_DISABLED: 3079 case BSTP_IFSTATE_LISTENING: 3080 continue; 3081 default: 3082 /* forwarding */ 3083 break; 3084 } 3085 } 3086 3087 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 3088 (m->m_flags & (M_BCAST|M_MCAST)) == 0) { 3089 continue; 3090 } 3091 3092 if (TAILQ_NEXT(bif, bif_next) == NULL) { 3093 mc = m; 3094 used = 1; 3095 } else { 3096 mc = m_copypacket(m, M_NOWAIT); 3097 if (mc == NULL) { 3098 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3099 continue; 3100 } 3101 } 3102 found = 1; 3103 3104 /* 3105 * Filter on the output interface. Pass a NULL bridge 3106 * interface pointer so we do not redundantly filter on 3107 * the bridge for each interface we broadcast on. 3108 */ 3109 if (inet_pfil_hook.ph_hashooks > 0 3110 #ifdef INET6 3111 || inet6_pfil_hook.ph_hashooks > 0 3112 #endif 3113 ) { 3114 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0) 3115 continue; 3116 if (mc == NULL) 3117 continue; 3118 } 3119 bridge_handoff(sc, dst_if, mc, from_us); 3120 3121 if (nbif != NULL && !nbif->bif_onlist) { 3122 KKASSERT(bif->bif_onlist); 3123 nbif = TAILQ_NEXT(bif, bif_next); 3124 } 3125 } 3126 3127 if (found == 0 && alt_if) { 3128 KKASSERT(used == 0); 3129 mc = m; 3130 used = 1; 3131 bridge_enqueue(alt_if, mc); 3132 } 3133 3134 if (used == 0) 3135 m_freem(m); 3136 } 3137 3138 /* 3139 * bridge_span: 3140 * 3141 * Duplicate a packet out one or more interfaces that are in span mode, 3142 * the original mbuf is unmodified. 3143 */ 3144 static void 3145 bridge_span(struct bridge_softc *sc, struct mbuf *m) 3146 { 3147 struct bridge_iflist *bif; 3148 struct ifnet *dst_if, *bifp; 3149 struct mbuf *mc; 3150 3151 mbuftrackid(m, 70); 3152 bifp = sc->sc_ifp; 3153 ifnet_serialize_all(bifp); 3154 3155 TAILQ_FOREACH(bif, &sc->sc_spanlist, bif_next) { 3156 dst_if = bif->bif_ifp; 3157 3158 if ((dst_if->if_flags & IFF_RUNNING) == 0) 3159 continue; 3160 3161 mc = m_copypacket(m, M_NOWAIT); 3162 if (mc == NULL) { 3163 IFNET_STAT_INC(sc->sc_ifp, oerrors, 1); 3164 continue; 3165 } 3166 bridge_enqueue(dst_if, mc); 3167 } 3168 3169 ifnet_deserialize_all(bifp); 3170 } 3171 3172 static void 3173 bridge_rtmsg_sync_handler(netmsg_t msg) 3174 { 3175 netisr_forwardmsg(&msg->base, mycpuid + 1); 3176 } 3177 3178 static void 3179 bridge_rtmsg_sync(struct bridge_softc *sc) 3180 { 3181 struct netmsg_base msg; 3182 3183 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3184 3185 /* XXX use netmsg_service_sync */ 3186 netmsg_init(&msg, NULL, &curthread->td_msgport, 3187 0, bridge_rtmsg_sync_handler); 3188 netisr_domsg(&msg, 0); 3189 } 3190 3191 static __inline void 3192 bridge_rtinfo_update(struct bridge_rtinfo *bri, struct ifnet *dst_if, 3193 int setflags, uint8_t flags, uint32_t timeo) 3194 { 3195 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3196 bri->bri_ifp != dst_if) 3197 bri->bri_ifp = dst_if; 3198 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3199 bri->bri_expire != time_uptime + timeo) 3200 bri->bri_expire = time_uptime + timeo; 3201 if (setflags) 3202 bri->bri_flags = flags; 3203 } 3204 3205 static int 3206 bridge_rtinstall_oncpu(struct bridge_softc *sc, const uint8_t *dst, 3207 struct ifnet *dst_if, int setflags, uint8_t flags, 3208 struct bridge_rtinfo **bri0) 3209 { 3210 struct bridge_rtnode *brt; 3211 struct bridge_rtinfo *bri; 3212 3213 if (mycpuid == 0) { 3214 brt = bridge_rtnode_lookup(sc, dst); 3215 if (brt != NULL) { 3216 /* 3217 * rtnode for 'dst' already exists. We inform the 3218 * caller about this by leaving bri0 as NULL. The 3219 * caller will terminate the intallation upon getting 3220 * NULL bri0. However, we still need to update the 3221 * rtinfo. 3222 */ 3223 KKASSERT(*bri0 == NULL); 3224 3225 /* Update rtinfo */ 3226 bridge_rtinfo_update(brt->brt_info, dst_if, setflags, 3227 flags, sc->sc_brttimeout); 3228 return 0; 3229 } 3230 3231 /* 3232 * We only need to check brtcnt on CPU0, since if limit 3233 * is to be exceeded, ENOSPC is returned. Caller knows 3234 * this and will terminate the installation. 3235 */ 3236 if (sc->sc_brtcnt >= sc->sc_brtmax) 3237 return ENOSPC; 3238 3239 KKASSERT(*bri0 == NULL); 3240 bri = kmalloc(sizeof(struct bridge_rtinfo), M_DEVBUF, 3241 M_WAITOK | M_ZERO); 3242 *bri0 = bri; 3243 3244 /* Setup rtinfo */ 3245 bri->bri_flags = IFBAF_DYNAMIC; 3246 bridge_rtinfo_update(bri, dst_if, setflags, flags, 3247 sc->sc_brttimeout); 3248 } else { 3249 bri = *bri0; 3250 KKASSERT(bri != NULL); 3251 } 3252 3253 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 3254 M_WAITOK | M_ZERO); 3255 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 3256 brt->brt_info = bri; 3257 atomic_add_int(&bri->bri_refs, 1); 3258 3259 bridge_rtnode_insert(sc, brt); 3260 return 0; 3261 } 3262 3263 static void 3264 bridge_rtinstall_handler(netmsg_t msg) 3265 { 3266 struct netmsg_brsaddr *brmsg = (struct netmsg_brsaddr *)msg; 3267 int error; 3268 3269 error = bridge_rtinstall_oncpu(brmsg->br_softc, 3270 brmsg->br_dst, brmsg->br_dst_if, 3271 brmsg->br_setflags, brmsg->br_flags, 3272 &brmsg->br_rtinfo); 3273 if (error) { 3274 KKASSERT(mycpuid == 0 && brmsg->br_rtinfo == NULL); 3275 netisr_replymsg(&brmsg->base, error); 3276 return; 3277 } else if (brmsg->br_rtinfo == NULL) { 3278 /* rtnode already exists for 'dst' */ 3279 KKASSERT(mycpuid == 0); 3280 netisr_replymsg(&brmsg->base, 0); 3281 return; 3282 } 3283 netisr_forwardmsg(&brmsg->base, mycpuid + 1); 3284 } 3285 3286 /* 3287 * bridge_rtupdate: 3288 * 3289 * Add/Update a bridge routing entry. 3290 */ 3291 static int 3292 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 3293 struct ifnet *dst_if, uint8_t flags) 3294 { 3295 struct bridge_rtnode *brt; 3296 3297 /* 3298 * A route for this destination might already exist. If so, 3299 * update it, otherwise create a new one. 3300 */ 3301 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 3302 struct netmsg_brsaddr *brmsg; 3303 3304 if (sc->sc_brtcnt >= sc->sc_brtmax) 3305 return ENOSPC; 3306 3307 brmsg = kmalloc(sizeof(*brmsg), M_LWKTMSG, M_WAITOK | M_NULLOK); 3308 if (brmsg == NULL) 3309 return ENOMEM; 3310 3311 netmsg_init(&brmsg->base, NULL, &netisr_afree_rport, 3312 0, bridge_rtinstall_handler); 3313 memcpy(brmsg->br_dst, dst, ETHER_ADDR_LEN); 3314 brmsg->br_dst_if = dst_if; 3315 brmsg->br_flags = flags; 3316 brmsg->br_setflags = 0; 3317 brmsg->br_softc = sc; 3318 brmsg->br_rtinfo = NULL; 3319 3320 netisr_sendmsg(&brmsg->base, 0); 3321 return 0; 3322 } 3323 bridge_rtinfo_update(brt->brt_info, dst_if, 0, flags, 3324 sc->sc_brttimeout); 3325 return 0; 3326 } 3327 3328 static int 3329 bridge_rtsaddr(struct bridge_softc *sc, const uint8_t *dst, 3330 struct ifnet *dst_if, uint8_t flags) 3331 { 3332 struct netmsg_brsaddr brmsg; 3333 3334 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3335 3336 netmsg_init(&brmsg.base, NULL, &curthread->td_msgport, 3337 0, bridge_rtinstall_handler); 3338 memcpy(brmsg.br_dst, dst, ETHER_ADDR_LEN); 3339 brmsg.br_dst_if = dst_if; 3340 brmsg.br_flags = flags; 3341 brmsg.br_setflags = 1; 3342 brmsg.br_softc = sc; 3343 brmsg.br_rtinfo = NULL; 3344 3345 return netisr_domsg(&brmsg.base, 0); 3346 } 3347 3348 /* 3349 * bridge_rtlookup: 3350 * 3351 * Lookup the destination interface for an address. 3352 */ 3353 static struct ifnet * 3354 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 3355 { 3356 struct bridge_rtnode *brt; 3357 3358 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3359 return NULL; 3360 return brt->brt_info->bri_ifp; 3361 } 3362 3363 static void 3364 bridge_rtreap_handler(netmsg_t msg) 3365 { 3366 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3367 struct bridge_rtnode *brt, *nbrt; 3368 3369 LIST_FOREACH_MUTABLE(brt, &sc->sc_rtlists[mycpuid], brt_list, nbrt) { 3370 if (brt->brt_info->bri_dead) 3371 bridge_rtnode_destroy(sc, brt); 3372 } 3373 netisr_forwardmsg(&msg->base, mycpuid + 1); 3374 } 3375 3376 static void 3377 bridge_rtreap(struct bridge_softc *sc) 3378 { 3379 struct netmsg_base msg; 3380 3381 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3382 3383 netmsg_init(&msg, NULL, &curthread->td_msgport, 3384 0, bridge_rtreap_handler); 3385 msg.lmsg.u.ms_resultp = sc; 3386 3387 netisr_domsg(&msg, 0); 3388 } 3389 3390 static void 3391 bridge_rtreap_async(struct bridge_softc *sc) 3392 { 3393 struct netmsg_base *msg; 3394 3395 msg = kmalloc(sizeof(*msg), M_LWKTMSG, M_WAITOK); 3396 3397 netmsg_init(msg, NULL, &netisr_afree_rport, 3398 0, bridge_rtreap_handler); 3399 msg->lmsg.u.ms_resultp = sc; 3400 3401 netisr_sendmsg(msg, 0); 3402 } 3403 3404 /* 3405 * bridge_rttrim: 3406 * 3407 * Trim the routine table so that we have a number 3408 * of routing entries less than or equal to the 3409 * maximum number. 3410 */ 3411 static void 3412 bridge_rttrim(struct bridge_softc *sc) 3413 { 3414 struct bridge_rtnode *brt; 3415 int dead; 3416 3417 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3418 3419 /* Make sure we actually need to do this. */ 3420 if (sc->sc_brtcnt <= sc->sc_brtmax) 3421 return; 3422 3423 /* 3424 * Find out how many rtnodes are dead 3425 */ 3426 dead = bridge_rtage_finddead(sc); 3427 KKASSERT(dead <= sc->sc_brtcnt); 3428 3429 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3430 /* Enough dead rtnodes are found */ 3431 bridge_rtreap(sc); 3432 return; 3433 } 3434 3435 /* 3436 * Kill some dynamic rtnodes to meet the brtmax 3437 */ 3438 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3439 struct bridge_rtinfo *bri = brt->brt_info; 3440 3441 if (bri->bri_dead) { 3442 /* 3443 * We have counted this rtnode in 3444 * bridge_rtage_finddead() 3445 */ 3446 continue; 3447 } 3448 3449 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3450 bri->bri_dead = 1; 3451 ++dead; 3452 KKASSERT(dead <= sc->sc_brtcnt); 3453 3454 if (sc->sc_brtcnt - dead <= sc->sc_brtmax) { 3455 /* Enough rtnodes are collected */ 3456 break; 3457 } 3458 } 3459 } 3460 if (dead) 3461 bridge_rtreap(sc); 3462 } 3463 3464 /* 3465 * bridge_timer: 3466 * 3467 * Aging timer for the bridge. 3468 */ 3469 static void 3470 bridge_timer(void *arg) 3471 { 3472 struct bridge_softc *sc = arg; 3473 struct netmsg_base *msg; 3474 3475 KKASSERT(mycpuid == BRIDGE_CFGCPU); 3476 3477 crit_enter(); 3478 3479 if (callout_pending(&sc->sc_brcallout) || 3480 !callout_active(&sc->sc_brcallout)) { 3481 crit_exit(); 3482 return; 3483 } 3484 callout_deactivate(&sc->sc_brcallout); 3485 3486 msg = &sc->sc_brtimemsg; 3487 KKASSERT(msg->lmsg.ms_flags & MSGF_DONE); 3488 lwkt_sendmsg_oncpu(BRIDGE_CFGPORT, &msg->lmsg); 3489 3490 crit_exit(); 3491 } 3492 3493 static void 3494 bridge_timer_handler(netmsg_t msg) 3495 { 3496 struct bridge_softc *sc = msg->lmsg.u.ms_resultp; 3497 3498 KKASSERT(&curthread->td_msgport == BRIDGE_CFGPORT); 3499 3500 crit_enter(); 3501 /* Reply ASAP */ 3502 lwkt_replymsg(&msg->lmsg, 0); 3503 crit_exit(); 3504 3505 bridge_rtage(sc); 3506 if (sc->sc_ifp->if_flags & IFF_RUNNING) { 3507 callout_reset(&sc->sc_brcallout, 3508 bridge_rtable_prune_period * hz, bridge_timer, sc); 3509 } 3510 } 3511 3512 static int 3513 bridge_rtage_finddead(struct bridge_softc *sc) 3514 { 3515 struct bridge_rtnode *brt; 3516 int dead = 0; 3517 3518 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3519 struct bridge_rtinfo *bri = brt->brt_info; 3520 3521 if ((bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 3522 time_uptime >= bri->bri_expire) { 3523 bri->bri_dead = 1; 3524 ++dead; 3525 KKASSERT(dead <= sc->sc_brtcnt); 3526 } 3527 } 3528 return dead; 3529 } 3530 3531 /* 3532 * bridge_rtage: 3533 * 3534 * Perform an aging cycle. 3535 */ 3536 static void 3537 bridge_rtage(struct bridge_softc *sc) 3538 { 3539 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3540 3541 if (bridge_rtage_finddead(sc)) 3542 bridge_rtreap(sc); 3543 } 3544 3545 /* 3546 * bridge_rtflush: 3547 * 3548 * Remove all dynamic addresses from the bridge. 3549 */ 3550 static void 3551 bridge_rtflush(struct bridge_softc *sc, int bf) 3552 { 3553 struct bridge_rtnode *brt; 3554 int reap; 3555 3556 reap = 0; 3557 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3558 struct bridge_rtinfo *bri = brt->brt_info; 3559 3560 if ((bf & IFBF_FLUSHALL) || 3561 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 3562 bri->bri_dead = 1; 3563 reap = 1; 3564 } 3565 } 3566 if (reap) { 3567 if (bf & IFBF_FLUSHSYNC) 3568 bridge_rtreap(sc); 3569 else 3570 bridge_rtreap_async(sc); 3571 } 3572 } 3573 3574 /* 3575 * bridge_rtdaddr: 3576 * 3577 * Remove an address from the table. 3578 */ 3579 static int 3580 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 3581 { 3582 struct bridge_rtnode *brt; 3583 3584 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 3585 3586 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 3587 return (ENOENT); 3588 3589 /* TODO: add a cheaper delete operation */ 3590 brt->brt_info->bri_dead = 1; 3591 bridge_rtreap(sc); 3592 return (0); 3593 } 3594 3595 /* 3596 * bridge_rtdelete: 3597 * 3598 * Delete routes to a speicifc member interface. 3599 */ 3600 void 3601 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int bf) 3602 { 3603 struct bridge_rtnode *brt; 3604 int reap; 3605 3606 reap = 0; 3607 LIST_FOREACH(brt, &sc->sc_rtlists[mycpuid], brt_list) { 3608 struct bridge_rtinfo *bri = brt->brt_info; 3609 3610 if (bri->bri_ifp == ifp && 3611 ((bf & IFBF_FLUSHALL) || 3612 (bri->bri_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) { 3613 bri->bri_dead = 1; 3614 reap = 1; 3615 } 3616 } 3617 if (reap) { 3618 if (bf & IFBF_FLUSHSYNC) 3619 bridge_rtreap(sc); 3620 else 3621 bridge_rtreap_async(sc); 3622 } 3623 } 3624 3625 /* 3626 * bridge_rtable_init: 3627 * 3628 * Initialize the route table for this bridge. 3629 */ 3630 static void 3631 bridge_rtable_init(struct bridge_softc *sc) 3632 { 3633 int cpu; 3634 3635 /* 3636 * Initialize per-cpu hash tables 3637 */ 3638 sc->sc_rthashs = kmalloc(sizeof(*sc->sc_rthashs) * netisr_ncpus, 3639 M_DEVBUF, M_WAITOK); 3640 for (cpu = 0; cpu < netisr_ncpus; ++cpu) { 3641 int i; 3642 3643 sc->sc_rthashs[cpu] = 3644 kmalloc(sizeof(struct bridge_rtnode_head) * BRIDGE_RTHASH_SIZE, 3645 M_DEVBUF, M_WAITOK); 3646 3647 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 3648 LIST_INIT(&sc->sc_rthashs[cpu][i]); 3649 } 3650 sc->sc_rthash_key = karc4random(); 3651 3652 /* 3653 * Initialize per-cpu lists 3654 */ 3655 sc->sc_rtlists = 3656 kmalloc(sizeof(struct bridge_rtnode_head) * netisr_ncpus, 3657 M_DEVBUF, M_WAITOK); 3658 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3659 LIST_INIT(&sc->sc_rtlists[cpu]); 3660 } 3661 3662 /* 3663 * bridge_rtable_fini: 3664 * 3665 * Deconstruct the route table for this bridge. 3666 */ 3667 static void 3668 bridge_rtable_fini(struct bridge_softc *sc) 3669 { 3670 int cpu; 3671 3672 /* 3673 * Free per-cpu hash tables 3674 */ 3675 for (cpu = 0; cpu < netisr_ncpus; ++cpu) 3676 kfree(sc->sc_rthashs[cpu], M_DEVBUF); 3677 kfree(sc->sc_rthashs, M_DEVBUF); 3678 3679 /* 3680 * Free per-cpu lists 3681 */ 3682 kfree(sc->sc_rtlists, M_DEVBUF); 3683 } 3684 3685 /* 3686 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 3687 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 3688 */ 3689 #define mix(a, b, c) \ 3690 do { \ 3691 a -= b; a -= c; a ^= (c >> 13); \ 3692 b -= c; b -= a; b ^= (a << 8); \ 3693 c -= a; c -= b; c ^= (b >> 13); \ 3694 a -= b; a -= c; a ^= (c >> 12); \ 3695 b -= c; b -= a; b ^= (a << 16); \ 3696 c -= a; c -= b; c ^= (b >> 5); \ 3697 a -= b; a -= c; a ^= (c >> 3); \ 3698 b -= c; b -= a; b ^= (a << 10); \ 3699 c -= a; c -= b; c ^= (b >> 15); \ 3700 } while (/*CONSTCOND*/0) 3701 3702 static __inline uint32_t 3703 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 3704 { 3705 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 3706 3707 b += addr[5] << 8; 3708 b += addr[4]; 3709 a += addr[3] << 24; 3710 a += addr[2] << 16; 3711 a += addr[1] << 8; 3712 a += addr[0]; 3713 3714 mix(a, b, c); 3715 3716 return (c & BRIDGE_RTHASH_MASK); 3717 } 3718 3719 #undef mix 3720 3721 static int 3722 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 3723 { 3724 int i, d; 3725 3726 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 3727 d = ((int)a[i]) - ((int)b[i]); 3728 } 3729 3730 return (d); 3731 } 3732 3733 /* 3734 * bridge_rtnode_lookup: 3735 * 3736 * Look up a bridge route node for the specified destination. 3737 */ 3738 static struct bridge_rtnode * 3739 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 3740 { 3741 struct bridge_rtnode *brt; 3742 uint32_t hash; 3743 int dir; 3744 3745 hash = bridge_rthash(sc, addr); 3746 LIST_FOREACH(brt, &sc->sc_rthashs[mycpuid][hash], brt_hash) { 3747 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 3748 if (dir == 0) 3749 return (brt); 3750 if (dir > 0) 3751 return (NULL); 3752 } 3753 3754 return (NULL); 3755 } 3756 3757 /* 3758 * bridge_rtnode_insert: 3759 * 3760 * Insert the specified bridge node into the route table. 3761 * Caller has to make sure that rtnode does not exist. 3762 */ 3763 static void 3764 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 3765 { 3766 struct bridge_rtnode *lbrt; 3767 uint32_t hash; 3768 int dir; 3769 3770 hash = bridge_rthash(sc, brt->brt_addr); 3771 3772 lbrt = LIST_FIRST(&sc->sc_rthashs[mycpuid][hash]); 3773 if (lbrt == NULL) { 3774 LIST_INSERT_HEAD(&sc->sc_rthashs[mycpuid][hash], 3775 brt, brt_hash); 3776 goto out; 3777 } 3778 3779 do { 3780 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 3781 KASSERT(dir != 0, ("rtnode already exist")); 3782 3783 if (dir > 0) { 3784 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 3785 goto out; 3786 } 3787 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 3788 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 3789 goto out; 3790 } 3791 lbrt = LIST_NEXT(lbrt, brt_hash); 3792 } while (lbrt != NULL); 3793 3794 panic("no suitable position found for rtnode"); 3795 out: 3796 LIST_INSERT_HEAD(&sc->sc_rtlists[mycpuid], brt, brt_list); 3797 if (mycpuid == 0) { 3798 /* 3799 * Update the brtcnt. 3800 * We only need to do it once and we do it on CPU0. 3801 */ 3802 sc->sc_brtcnt++; 3803 } 3804 } 3805 3806 /* 3807 * bridge_rtnode_destroy: 3808 * 3809 * Destroy a bridge rtnode. 3810 */ 3811 static void 3812 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 3813 { 3814 struct bridge_rtinfo *bri; 3815 3816 LIST_REMOVE(brt, brt_hash); 3817 LIST_REMOVE(brt, brt_list); 3818 3819 bri = brt->brt_info; 3820 3821 /* 3822 * The bri_dead flag can be set asynchronously and catch some gc's 3823 * in the middle, don't free bri until all references have actually 3824 * gone away. 3825 */ 3826 if (atomic_fetchadd_int(&bri->bri_refs, -1) == 1) { 3827 /* Free rtinfo associated with rtnode on the last cpu */ 3828 kfree(bri, M_DEVBUF); 3829 brt->brt_info = NULL; /* safety */ 3830 } 3831 kfree(brt, M_DEVBUF); 3832 3833 if (mycpuid == 0) { 3834 /* Update brtcnt only on CPU0 */ 3835 sc->sc_brtcnt--; 3836 } 3837 } 3838 3839 static __inline int 3840 bridge_post_pfil(struct mbuf *m) 3841 { 3842 if (m->m_pkthdr.fw_flags & IPFORWARD_MBUF_TAGGED) 3843 return EOPNOTSUPP; 3844 3845 /* Not yet */ 3846 if (m->m_pkthdr.fw_flags & DUMMYNET_MBUF_TAGGED) 3847 return EOPNOTSUPP; 3848 3849 return 0; 3850 } 3851 3852 /* 3853 * Send bridge packets through pfil if they are one of the types pfil can deal 3854 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 3855 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 3856 * that interface. 3857 */ 3858 static int 3859 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 3860 { 3861 int snap, error, i, hlen; 3862 struct ether_header *eh1, eh2; 3863 struct ip *ip; 3864 struct llc llc1; 3865 u_int16_t ether_type; 3866 3867 snap = 0; 3868 error = -1; /* Default error if not error == 0 */ 3869 3870 if (pfil_bridge == 0 && pfil_member == 0) 3871 return (0); /* filtering is disabled */ 3872 3873 i = min((*mp)->m_pkthdr.len, max_protohdr); 3874 if ((*mp)->m_len < i) { 3875 *mp = m_pullup(*mp, i); 3876 if (*mp == NULL) { 3877 kprintf("%s: m_pullup failed\n", __func__); 3878 return (-1); 3879 } 3880 } 3881 3882 eh1 = mtod(*mp, struct ether_header *); 3883 ether_type = ntohs(eh1->ether_type); 3884 3885 /* 3886 * Check for SNAP/LLC. 3887 */ 3888 if (ether_type < ETHERMTU) { 3889 struct llc *llc2 = (struct llc *)(eh1 + 1); 3890 3891 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 3892 llc2->llc_dsap == LLC_SNAP_LSAP && 3893 llc2->llc_ssap == LLC_SNAP_LSAP && 3894 llc2->llc_control == LLC_UI) { 3895 ether_type = htons(llc2->llc_un.type_snap.ether_type); 3896 snap = 1; 3897 } 3898 } 3899 3900 /* 3901 * If we're trying to filter bridge traffic, don't look at anything 3902 * other than IP and ARP traffic. If the filter doesn't understand 3903 * IPv6, don't allow IPv6 through the bridge either. This is lame 3904 * since if we really wanted, say, an AppleTalk filter, we are hosed, 3905 * but of course we don't have an AppleTalk filter to begin with. 3906 * (Note that since pfil doesn't understand ARP it will pass *ALL* 3907 * ARP traffic.) 3908 */ 3909 switch (ether_type) { 3910 case ETHERTYPE_ARP: 3911 case ETHERTYPE_REVARP: 3912 return (0); /* Automatically pass */ 3913 3914 case ETHERTYPE_IP: 3915 #ifdef INET6 3916 case ETHERTYPE_IPV6: 3917 #endif /* INET6 */ 3918 break; 3919 3920 default: 3921 /* 3922 * Check to see if the user wants to pass non-ip 3923 * packets, these will not be checked by pfil(9) 3924 * and passed unconditionally so the default is to drop. 3925 */ 3926 if (pfil_onlyip) 3927 goto bad; 3928 } 3929 3930 /* Strip off the Ethernet header and keep a copy. */ 3931 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 3932 m_adj(*mp, ETHER_HDR_LEN); 3933 3934 /* Strip off snap header, if present */ 3935 if (snap) { 3936 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 3937 m_adj(*mp, sizeof(struct llc)); 3938 } 3939 3940 /* 3941 * Check the IP header for alignment and errors 3942 */ 3943 if (dir == PFIL_IN) { 3944 switch (ether_type) { 3945 case ETHERTYPE_IP: 3946 error = bridge_ip_checkbasic(mp); 3947 break; 3948 #ifdef INET6 3949 case ETHERTYPE_IPV6: 3950 error = bridge_ip6_checkbasic(mp); 3951 break; 3952 #endif /* INET6 */ 3953 default: 3954 error = 0; 3955 } 3956 if (error) 3957 goto bad; 3958 } 3959 3960 error = 0; 3961 3962 /* 3963 * Run the packet through pfil 3964 */ 3965 switch (ether_type) { 3966 case ETHERTYPE_IP: 3967 /* 3968 * before calling the firewall, swap fields the same as 3969 * IP does. here we assume the header is contiguous 3970 */ 3971 ip = mtod(*mp, struct ip *); 3972 3973 ip->ip_len = ntohs(ip->ip_len); 3974 ip->ip_off = ntohs(ip->ip_off); 3975 3976 /* 3977 * Run pfil on the member interface and the bridge, both can 3978 * be skipped by clearing pfil_member or pfil_bridge. 3979 * 3980 * Keep the order: 3981 * in_if -> bridge_if -> out_if 3982 */ 3983 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) { 3984 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 3985 if (*mp == NULL || error != 0) /* filter may consume */ 3986 break; 3987 error = bridge_post_pfil(*mp); 3988 if (error) 3989 break; 3990 } 3991 3992 if (pfil_member && ifp != NULL) { 3993 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, dir); 3994 if (*mp == NULL || error != 0) /* filter may consume */ 3995 break; 3996 error = bridge_post_pfil(*mp); 3997 if (error) 3998 break; 3999 } 4000 4001 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) { 4002 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, dir); 4003 if (*mp == NULL || error != 0) /* filter may consume */ 4004 break; 4005 error = bridge_post_pfil(*mp); 4006 if (error) 4007 break; 4008 } 4009 4010 /* check if we need to fragment the packet */ 4011 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 4012 i = (*mp)->m_pkthdr.len; 4013 if (i > ifp->if_mtu) { 4014 error = bridge_fragment(ifp, *mp, &eh2, snap, 4015 &llc1); 4016 return (error); 4017 } 4018 } 4019 4020 /* Recalculate the ip checksum and restore byte ordering */ 4021 ip = mtod(*mp, struct ip *); 4022 hlen = ip->ip_hl << 2; 4023 if (hlen < sizeof(struct ip)) 4024 goto bad; 4025 if (hlen > (*mp)->m_len) { 4026 if ((*mp = m_pullup(*mp, hlen)) == NULL) 4027 goto bad; 4028 ip = mtod(*mp, struct ip *); 4029 if (ip == NULL) 4030 goto bad; 4031 } 4032 ip->ip_len = htons(ip->ip_len); 4033 ip->ip_off = htons(ip->ip_off); 4034 ip->ip_sum = 0; 4035 if (hlen == sizeof(struct ip)) 4036 ip->ip_sum = in_cksum_hdr(ip); 4037 else 4038 ip->ip_sum = in_cksum(*mp, hlen); 4039 4040 break; 4041 #ifdef INET6 4042 case ETHERTYPE_IPV6: 4043 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 4044 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4045 dir); 4046 4047 if (*mp == NULL || error != 0) /* filter may consume */ 4048 break; 4049 4050 if (pfil_member && ifp != NULL) 4051 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 4052 dir); 4053 4054 if (*mp == NULL || error != 0) /* filter may consume */ 4055 break; 4056 4057 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 4058 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 4059 dir); 4060 break; 4061 #endif 4062 default: 4063 error = 0; 4064 break; 4065 } 4066 4067 if (*mp == NULL) 4068 return (error); 4069 if (error != 0) 4070 goto bad; 4071 4072 error = -1; 4073 4074 /* 4075 * Finally, put everything back the way it was and return 4076 */ 4077 if (snap) { 4078 M_PREPEND(*mp, sizeof(struct llc), M_NOWAIT); 4079 if (*mp == NULL) 4080 return (error); 4081 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 4082 } 4083 4084 M_PREPEND(*mp, ETHER_HDR_LEN, M_NOWAIT); 4085 if (*mp == NULL) 4086 return (error); 4087 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 4088 4089 return (0); 4090 4091 bad: 4092 m_freem(*mp); 4093 *mp = NULL; 4094 return (error); 4095 } 4096 4097 /* 4098 * Perform basic checks on header size since 4099 * pfil assumes ip_input has already processed 4100 * it for it. Cut-and-pasted from ip_input.c. 4101 * Given how simple the IPv6 version is, 4102 * does the IPv4 version really need to be 4103 * this complicated? 4104 * 4105 * XXX Should we update ipstat here, or not? 4106 * XXX Right now we update ipstat but not 4107 * XXX csum_counter. 4108 */ 4109 static int 4110 bridge_ip_checkbasic(struct mbuf **mp) 4111 { 4112 struct mbuf *m = *mp; 4113 struct ip *ip; 4114 int len, hlen; 4115 u_short sum; 4116 4117 if (*mp == NULL) 4118 return (-1); 4119 #if 0 /* notyet */ 4120 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4121 if ((m = m_copyup(m, sizeof(struct ip), 4122 (max_linkhdr + 3) & ~3)) == NULL) { 4123 /* XXXJRT new stat, please */ 4124 ipstat.ips_toosmall++; 4125 goto bad; 4126 } 4127 } else 4128 #endif 4129 #ifndef __predict_false 4130 #define __predict_false(x) x 4131 #endif 4132 if (__predict_false(m->m_len < sizeof (struct ip))) { 4133 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 4134 ipstat.ips_toosmall++; 4135 goto bad; 4136 } 4137 } 4138 ip = mtod(m, struct ip *); 4139 if (ip == NULL) goto bad; 4140 4141 if (ip->ip_v != IPVERSION) { 4142 ipstat.ips_badvers++; 4143 goto bad; 4144 } 4145 hlen = ip->ip_hl << 2; 4146 if (hlen < sizeof(struct ip)) { /* minimum header length */ 4147 ipstat.ips_badhlen++; 4148 goto bad; 4149 } 4150 if (hlen > m->m_len) { 4151 if ((m = m_pullup(m, hlen)) == NULL) { 4152 ipstat.ips_badhlen++; 4153 goto bad; 4154 } 4155 ip = mtod(m, struct ip *); 4156 if (ip == NULL) goto bad; 4157 } 4158 4159 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 4160 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 4161 } else { 4162 if (hlen == sizeof(struct ip)) { 4163 sum = in_cksum_hdr(ip); 4164 } else { 4165 sum = in_cksum(m, hlen); 4166 } 4167 } 4168 if (sum) { 4169 ipstat.ips_badsum++; 4170 goto bad; 4171 } 4172 4173 /* Retrieve the packet length. */ 4174 len = ntohs(ip->ip_len); 4175 4176 /* 4177 * Check for additional length bogosity 4178 */ 4179 if (len < hlen) { 4180 ipstat.ips_badlen++; 4181 goto bad; 4182 } 4183 4184 /* 4185 * Check that the amount of data in the buffers 4186 * is as at least much as the IP header would have us expect. 4187 * Drop packet if shorter than we expect. 4188 */ 4189 if (m->m_pkthdr.len < len) { 4190 ipstat.ips_tooshort++; 4191 goto bad; 4192 } 4193 4194 /* Checks out, proceed */ 4195 *mp = m; 4196 return (0); 4197 4198 bad: 4199 *mp = m; 4200 return (-1); 4201 } 4202 4203 #ifdef INET6 4204 /* 4205 * Same as above, but for IPv6. 4206 * Cut-and-pasted from ip6_input.c. 4207 * XXX Should we update ip6stat, or not? 4208 */ 4209 static int 4210 bridge_ip6_checkbasic(struct mbuf **mp) 4211 { 4212 struct mbuf *m = *mp; 4213 struct ip6_hdr *ip6; 4214 4215 /* 4216 * If the IPv6 header is not aligned, slurp it up into a new 4217 * mbuf with space for link headers, in the event we forward 4218 * it. Otherwise, if it is aligned, make sure the entire base 4219 * IPv6 header is in the first mbuf of the chain. 4220 */ 4221 #if 0 /* notyet */ 4222 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 4223 struct ifnet *inifp = m->m_pkthdr.rcvif; 4224 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 4225 (max_linkhdr + 3) & ~3)) == NULL) { 4226 /* XXXJRT new stat, please */ 4227 ip6stat.ip6s_toosmall++; 4228 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4229 goto bad; 4230 } 4231 } else 4232 #endif 4233 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 4234 struct ifnet *inifp = m->m_pkthdr.rcvif; 4235 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 4236 ip6stat.ip6s_toosmall++; 4237 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 4238 goto bad; 4239 } 4240 } 4241 4242 ip6 = mtod(m, struct ip6_hdr *); 4243 4244 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 4245 ip6stat.ip6s_badvers++; 4246 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 4247 goto bad; 4248 } 4249 4250 /* Checks out, proceed */ 4251 *mp = m; 4252 return (0); 4253 4254 bad: 4255 *mp = m; 4256 return (-1); 4257 } 4258 #endif /* INET6 */ 4259 4260 /* 4261 * bridge_fragment: 4262 * 4263 * Return a fragmented mbuf chain. 4264 */ 4265 static int 4266 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 4267 int snap, struct llc *llc) 4268 { 4269 struct mbuf *m0; 4270 struct ip *ip; 4271 int error = -1; 4272 4273 if (m->m_len < sizeof(struct ip) && 4274 (m = m_pullup(m, sizeof(struct ip))) == NULL) 4275 goto out; 4276 ip = mtod(m, struct ip *); 4277 4278 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 4279 CSUM_DELAY_IP); 4280 if (error) 4281 goto out; 4282 4283 /* walk the chain and re-add the Ethernet header */ 4284 for (m0 = m; m0; m0 = m0->m_nextpkt) { 4285 if (error == 0) { 4286 if (snap) { 4287 M_PREPEND(m0, sizeof(struct llc), M_NOWAIT); 4288 if (m0 == NULL) { 4289 error = ENOBUFS; 4290 continue; 4291 } 4292 bcopy(llc, mtod(m0, caddr_t), 4293 sizeof(struct llc)); 4294 } 4295 M_PREPEND(m0, ETHER_HDR_LEN, M_NOWAIT); 4296 if (m0 == NULL) { 4297 error = ENOBUFS; 4298 continue; 4299 } 4300 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 4301 } else 4302 m_freem(m); 4303 } 4304 4305 if (error == 0) 4306 ipstat.ips_fragmented++; 4307 4308 return (error); 4309 4310 out: 4311 if (m != NULL) 4312 m_freem(m); 4313 return (error); 4314 } 4315 4316 static void 4317 bridge_enqueue_handler(netmsg_t msg) 4318 { 4319 struct netmsg_packet *nmp; 4320 struct ifnet *dst_ifp; 4321 struct mbuf *m; 4322 4323 nmp = &msg->packet; 4324 m = nmp->nm_packet; 4325 dst_ifp = nmp->base.lmsg.u.ms_resultp; 4326 mbuftrackid(m, 71); 4327 4328 bridge_handoff(dst_ifp->if_bridge, dst_ifp, m, 1); 4329 } 4330 4331 static void 4332 bridge_handoff(struct bridge_softc *sc, struct ifnet *dst_ifp, 4333 struct mbuf *m, int from_us) 4334 { 4335 struct mbuf *m0; 4336 struct ifnet *bifp; 4337 4338 bifp = sc->sc_ifp; 4339 mbuftrackid(m, 72); 4340 4341 /* We may be sending a fragment so traverse the mbuf */ 4342 for (; m; m = m0) { 4343 struct altq_pktattr pktattr; 4344 4345 m0 = m->m_nextpkt; 4346 m->m_nextpkt = NULL; 4347 4348 /* 4349 * If being sent from our host override ether_shost 4350 * with the bridge MAC. This is mandatory for ARP 4351 * so things don't get confused. In particular we 4352 * don't want ARPs to get associated with link interfaces 4353 * under the bridge which might or might not stay valid. 4354 * 4355 * Also override ether_shost when relaying a packet out 4356 * the same interface it came in on, due to multi-homed 4357 * addresses & default routes, otherwise switches will 4358 * get very confused. 4359 * 4360 * Otherwise if we are in transparent mode. 4361 */ 4362 if (from_us || m->m_pkthdr.rcvif == dst_ifp) { 4363 m_copyback(m, 4364 offsetof(struct ether_header, ether_shost), 4365 ETHER_ADDR_LEN, IF_LLADDR(sc->sc_ifp)); 4366 } else if ((bifp->if_flags & IFF_LINK0) && 4367 (m->m_pkthdr.fw_flags & BRIDGE_MBUF_TAGGED)) { 4368 m_copyback(m, 4369 offsetof(struct ether_header, ether_shost), 4370 ETHER_ADDR_LEN, 4371 m->m_pkthdr.ether_br_shost); 4372 } /* else retain shost */ 4373 4374 if (ifq_is_enabled(&dst_ifp->if_snd)) 4375 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 4376 4377 ifq_dispatch(dst_ifp, m, &pktattr); 4378 } 4379 } 4380 4381 static void 4382 bridge_control_dispatch(netmsg_t msg) 4383 { 4384 struct netmsg_brctl *bc_msg = (struct netmsg_brctl *)msg; 4385 struct ifnet *bifp = bc_msg->bc_sc->sc_ifp; 4386 int error; 4387 4388 ifnet_serialize_all(bifp); 4389 error = bc_msg->bc_func(bc_msg->bc_sc, bc_msg->bc_arg); 4390 ifnet_deserialize_all(bifp); 4391 4392 lwkt_replymsg(&bc_msg->base.lmsg, error); 4393 } 4394 4395 static int 4396 bridge_control(struct bridge_softc *sc, u_long cmd, 4397 bridge_ctl_t bc_func, void *bc_arg) 4398 { 4399 struct ifnet *bifp = sc->sc_ifp; 4400 struct netmsg_brctl bc_msg; 4401 int error; 4402 4403 ASSERT_IFNET_SERIALIZED_ALL(bifp); 4404 4405 bzero(&bc_msg, sizeof(bc_msg)); 4406 4407 netmsg_init(&bc_msg.base, NULL, &curthread->td_msgport, 4408 0, bridge_control_dispatch); 4409 bc_msg.bc_func = bc_func; 4410 bc_msg.bc_sc = sc; 4411 bc_msg.bc_arg = bc_arg; 4412 4413 ifnet_deserialize_all(bifp); 4414 error = lwkt_domsg(BRIDGE_CFGPORT, &bc_msg.base.lmsg, 0); 4415 ifnet_serialize_all(bifp); 4416 return error; 4417 } 4418 4419 static void 4420 bridge_add_bif_handler(netmsg_t msg) 4421 { 4422 struct netmsg_braddbif *amsg = (struct netmsg_braddbif *)msg; 4423 struct bridge_softc *sc; 4424 struct bridge_iflist *bif; 4425 4426 sc = amsg->br_softc; 4427 4428 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK | M_ZERO); 4429 bif->bif_ifp = amsg->br_bif_ifp; 4430 bif->bif_onlist = 1; 4431 bif->bif_info = amsg->br_bif_info; 4432 4433 /* 4434 * runs through bif_info 4435 */ 4436 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 4437 4438 TAILQ_INSERT_HEAD(&sc->sc_iflists[mycpuid], bif, bif_next); 4439 4440 netisr_forwardmsg(&amsg->base, mycpuid + 1); 4441 } 4442 4443 static void 4444 bridge_add_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4445 struct ifnet *ifp) 4446 { 4447 struct netmsg_braddbif amsg; 4448 4449 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4450 4451 netmsg_init(&amsg.base, NULL, &curthread->td_msgport, 4452 0, bridge_add_bif_handler); 4453 amsg.br_softc = sc; 4454 amsg.br_bif_info = bif_info; 4455 amsg.br_bif_ifp = ifp; 4456 4457 netisr_domsg(&amsg.base, 0); 4458 } 4459 4460 static void 4461 bridge_del_bif_handler(netmsg_t msg) 4462 { 4463 struct netmsg_brdelbif *dmsg = (struct netmsg_brdelbif *)msg; 4464 struct bridge_softc *sc; 4465 struct bridge_iflist *bif; 4466 4467 sc = dmsg->br_softc; 4468 4469 /* 4470 * Locate the bif associated with the br_bif_info 4471 * on the current CPU 4472 */ 4473 bif = bridge_lookup_member_ifinfo(sc, dmsg->br_bif_info); 4474 KKASSERT(bif != NULL && bif->bif_onlist); 4475 4476 /* Remove the bif from the current CPU's iflist */ 4477 bif->bif_onlist = 0; 4478 TAILQ_REMOVE(dmsg->br_bif_list, bif, bif_next); 4479 4480 /* Save the removed bif for later freeing */ 4481 TAILQ_INSERT_HEAD(dmsg->br_bif_list, bif, bif_next); 4482 4483 netisr_forwardmsg(&dmsg->base, mycpuid + 1); 4484 } 4485 4486 static void 4487 bridge_del_bif(struct bridge_softc *sc, struct bridge_ifinfo *bif_info, 4488 struct bridge_iflist_head *saved_bifs) 4489 { 4490 struct netmsg_brdelbif dmsg; 4491 4492 ASSERT_IFNET_NOT_SERIALIZED_ALL(sc->sc_ifp); 4493 4494 netmsg_init(&dmsg.base, NULL, &curthread->td_msgport, 4495 0, bridge_del_bif_handler); 4496 dmsg.br_softc = sc; 4497 dmsg.br_bif_info = bif_info; 4498 dmsg.br_bif_list = saved_bifs; 4499 4500 netisr_domsg(&dmsg.base, 0); 4501 } 4502