1 /* 2 * Copyright 2001 Wasabi Systems, Inc. 3 * All rights reserved. 4 * 5 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed for the NetBSD Project by 18 * Wasabi Systems, Inc. 19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 20 * or promote products derived from this software without specific prior 21 * written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /* 37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 38 * All rights reserved. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. All advertising materials mentioning features or use of this software 49 * must display the following acknowledgement: 50 * This product includes software developed by Jason L. Wright 51 * 4. The name of the author may not be used to endorse or promote products 52 * derived from this software without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 64 * POSSIBILITY OF SUCH DAMAGE. 65 * 66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $ 67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ 68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $ 69 * $DragonFly: src/sys/net/bridge/if_bridge.c,v 1.25 2007/06/16 15:27:27 sephe Exp $ 70 */ 71 72 /* 73 * Network interface bridge support. 74 * 75 * TODO: 76 * 77 * - Currently only supports Ethernet-like interfaces (Ethernet, 78 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 79 * to bridge other types of interfaces (FDDI-FDDI, and maybe 80 * consider heterogenous bridges). 81 */ 82 83 #include <sys/cdefs.h> 84 85 #include "opt_inet.h" 86 #include "opt_inet6.h" 87 88 #include <sys/param.h> 89 #include <sys/mbuf.h> 90 #include <sys/malloc.h> 91 #include <sys/protosw.h> 92 #include <sys/systm.h> 93 #include <sys/time.h> 94 #include <sys/socket.h> /* for net/if.h */ 95 #include <sys/sockio.h> 96 #include <sys/ctype.h> /* string functions */ 97 #include <sys/kernel.h> 98 #include <sys/random.h> 99 #include <sys/sysctl.h> 100 #include <sys/module.h> 101 #include <sys/proc.h> 102 #include <sys/lock.h> 103 #include <sys/thread.h> 104 #include <sys/thread2.h> 105 #include <sys/mpipe.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_var.h> 112 #include <net/pfil.h> 113 #include <net/ifq_var.h> 114 115 #include <netinet/in.h> /* for struct arpcom */ 116 #include <netinet/in_systm.h> 117 #include <netinet/in_var.h> 118 #include <netinet/ip.h> 119 #include <netinet/ip_var.h> 120 #ifdef INET6 121 #include <netinet/ip6.h> 122 #include <netinet6/ip6_var.h> 123 #endif 124 #include <netinet/if_ether.h> /* for struct arpcom */ 125 #include <net/bridge/if_bridgevar.h> 126 #include <net/if_llc.h> 127 #include <net/netmsg2.h> 128 129 #include <net/route.h> 130 #include <sys/in_cksum.h> 131 132 /* 133 * Size of the route hash table. Must be a power of two. 134 */ 135 #ifndef BRIDGE_RTHASH_SIZE 136 #define BRIDGE_RTHASH_SIZE 1024 137 #endif 138 139 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 140 141 /* 142 * Maximum number of addresses to cache. 143 */ 144 #ifndef BRIDGE_RTABLE_MAX 145 #define BRIDGE_RTABLE_MAX 100 146 #endif 147 148 /* 149 * Spanning tree defaults. 150 */ 151 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 152 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 153 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 154 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 155 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 156 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 157 #define BSTP_DEFAULT_PATH_COST 55 158 159 /* 160 * Timeout (in seconds) for entries learned dynamically. 161 */ 162 #ifndef BRIDGE_RTABLE_TIMEOUT 163 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 164 #endif 165 166 /* 167 * Number of seconds between walks of the route list. 168 */ 169 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 170 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 171 #endif 172 173 /* 174 * List of capabilities to mask on the member interface. 175 */ 176 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM 177 178 eventhandler_tag bridge_detach_cookie = NULL; 179 180 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 181 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *, 182 struct sockaddr *, struct rtentry *); 183 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 184 185 static int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 186 187 static int bridge_clone_create(struct if_clone *, int); 188 static void bridge_clone_destroy(struct ifnet *); 189 190 static int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 191 static void bridge_mutecaps(struct bridge_iflist *, int); 192 static void bridge_ifdetach(void *arg __unused, struct ifnet *); 193 static void bridge_init(void *); 194 static void bridge_stop(struct ifnet *); 195 static void bridge_start(struct ifnet *); 196 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *); 197 static int bridge_output_serialized(struct ifnet *, struct mbuf *, 198 struct sockaddr *, struct rtentry *); 199 200 static void bridge_forward(struct bridge_softc *, struct mbuf *m); 201 202 static void bridge_timer(void *); 203 204 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 205 struct mbuf *, int); 206 static void bridge_span(struct bridge_softc *, struct mbuf *); 207 208 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 209 struct ifnet *, int, uint8_t); 210 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 211 static void bridge_rttrim(struct bridge_softc *); 212 static void bridge_rtage(struct bridge_softc *); 213 static void bridge_rtflush(struct bridge_softc *, int); 214 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 215 216 static int bridge_rtable_init(struct bridge_softc *); 217 static void bridge_rtable_fini(struct bridge_softc *); 218 219 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *); 220 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 221 const uint8_t *); 222 static int bridge_rtnode_insert(struct bridge_softc *, 223 struct bridge_rtnode *); 224 static void bridge_rtnode_destroy(struct bridge_softc *, 225 struct bridge_rtnode *); 226 227 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 228 const char *name); 229 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 230 struct ifnet *ifp); 231 static void bridge_delete_member(struct bridge_softc *, 232 struct bridge_iflist *, int); 233 static void bridge_delete_span(struct bridge_softc *, 234 struct bridge_iflist *); 235 236 static int bridge_ioctl_add(struct bridge_softc *, void *); 237 static int bridge_ioctl_del(struct bridge_softc *, void *); 238 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 239 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 240 static int bridge_ioctl_scache(struct bridge_softc *, void *); 241 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 242 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 243 static int bridge_ioctl_rts(struct bridge_softc *, void *); 244 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 245 static int bridge_ioctl_sto(struct bridge_softc *, void *); 246 static int bridge_ioctl_gto(struct bridge_softc *, void *); 247 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 248 static int bridge_ioctl_flush(struct bridge_softc *, void *); 249 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 250 static int bridge_ioctl_spri(struct bridge_softc *, void *); 251 static int bridge_ioctl_ght(struct bridge_softc *, void *); 252 static int bridge_ioctl_sht(struct bridge_softc *, void *); 253 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 254 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 255 static int bridge_ioctl_gma(struct bridge_softc *, void *); 256 static int bridge_ioctl_sma(struct bridge_softc *, void *); 257 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 258 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 259 static int bridge_ioctl_addspan(struct bridge_softc *, void *); 260 static int bridge_ioctl_delspan(struct bridge_softc *, void *); 261 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, 262 int); 263 static int bridge_ip_checkbasic(struct mbuf **mp); 264 #ifdef INET6 265 static int bridge_ip6_checkbasic(struct mbuf **mp); 266 #endif /* INET6 */ 267 static int bridge_fragment(struct ifnet *, struct mbuf *, 268 struct ether_header *, int, struct llc *); 269 static void bridge_enqueue_internal(struct ifnet *, struct mbuf *m, 270 netisr_fn_t); 271 static void bridge_enqueue_handler(struct netmsg *); 272 static void bridge_pfil_enqueue_handler(struct netmsg *); 273 static void bridge_pfil_enqueue(struct ifnet *, struct mbuf *, int); 274 static void bridge_handoff_notags(struct ifnet *, struct mbuf *); 275 static void bridge_handoff(struct ifnet *, struct mbuf *); 276 277 SYSCTL_DECL(_net_link); 278 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge"); 279 280 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ 281 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ 282 static int pfil_member = 1; /* run pfil hooks on the member interface */ 283 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, 284 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); 285 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, 286 &pfil_bridge, 0, "Packet filter on the bridge interface"); 287 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW, 288 &pfil_member, 0, "Packet filter on the member interface"); 289 290 struct bridge_control { 291 int (*bc_func)(struct bridge_softc *, void *); 292 int bc_argsize; 293 int bc_flags; 294 }; 295 296 #define BC_F_COPYIN 0x01 /* copy arguments in */ 297 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 298 #define BC_F_SUSER 0x04 /* do super-user check */ 299 300 const struct bridge_control bridge_control_table[] = { 301 { bridge_ioctl_add, sizeof(struct ifbreq), 302 BC_F_COPYIN|BC_F_SUSER }, 303 { bridge_ioctl_del, sizeof(struct ifbreq), 304 BC_F_COPYIN|BC_F_SUSER }, 305 306 { bridge_ioctl_gifflags, sizeof(struct ifbreq), 307 BC_F_COPYIN|BC_F_COPYOUT }, 308 { bridge_ioctl_sifflags, sizeof(struct ifbreq), 309 BC_F_COPYIN|BC_F_SUSER }, 310 311 { bridge_ioctl_scache, sizeof(struct ifbrparam), 312 BC_F_COPYIN|BC_F_SUSER }, 313 { bridge_ioctl_gcache, sizeof(struct ifbrparam), 314 BC_F_COPYOUT }, 315 316 { bridge_ioctl_gifs, sizeof(struct ifbifconf), 317 BC_F_COPYIN|BC_F_COPYOUT }, 318 { bridge_ioctl_rts, sizeof(struct ifbaconf), 319 BC_F_COPYIN|BC_F_COPYOUT }, 320 321 { bridge_ioctl_saddr, sizeof(struct ifbareq), 322 BC_F_COPYIN|BC_F_SUSER }, 323 324 { bridge_ioctl_sto, sizeof(struct ifbrparam), 325 BC_F_COPYIN|BC_F_SUSER }, 326 { bridge_ioctl_gto, sizeof(struct ifbrparam), 327 BC_F_COPYOUT }, 328 329 { bridge_ioctl_daddr, sizeof(struct ifbareq), 330 BC_F_COPYIN|BC_F_SUSER }, 331 332 { bridge_ioctl_flush, sizeof(struct ifbreq), 333 BC_F_COPYIN|BC_F_SUSER }, 334 335 { bridge_ioctl_gpri, sizeof(struct ifbrparam), 336 BC_F_COPYOUT }, 337 { bridge_ioctl_spri, sizeof(struct ifbrparam), 338 BC_F_COPYIN|BC_F_SUSER }, 339 340 { bridge_ioctl_ght, sizeof(struct ifbrparam), 341 BC_F_COPYOUT }, 342 { bridge_ioctl_sht, sizeof(struct ifbrparam), 343 BC_F_COPYIN|BC_F_SUSER }, 344 345 { bridge_ioctl_gfd, sizeof(struct ifbrparam), 346 BC_F_COPYOUT }, 347 { bridge_ioctl_sfd, sizeof(struct ifbrparam), 348 BC_F_COPYIN|BC_F_SUSER }, 349 350 { bridge_ioctl_gma, sizeof(struct ifbrparam), 351 BC_F_COPYOUT }, 352 { bridge_ioctl_sma, sizeof(struct ifbrparam), 353 BC_F_COPYIN|BC_F_SUSER }, 354 355 { bridge_ioctl_sifprio, sizeof(struct ifbreq), 356 BC_F_COPYIN|BC_F_SUSER }, 357 358 { bridge_ioctl_sifcost, sizeof(struct ifbreq), 359 BC_F_COPYIN|BC_F_SUSER }, 360 361 { bridge_ioctl_addspan, sizeof(struct ifbreq), 362 BC_F_COPYIN|BC_F_SUSER }, 363 { bridge_ioctl_delspan, sizeof(struct ifbreq), 364 BC_F_COPYIN|BC_F_SUSER }, 365 }; 366 const int bridge_control_table_size = 367 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]); 368 369 LIST_HEAD(, bridge_softc) bridge_list; 370 371 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge", 372 bridge_clone_create, 373 bridge_clone_destroy, 0, IF_MAXUNIT); 374 375 static int 376 bridge_modevent(module_t mod, int type, void *data) 377 { 378 switch (type) { 379 case MOD_LOAD: 380 LIST_INIT(&bridge_list); 381 if_clone_attach(&bridge_cloner); 382 bridge_input_p = bridge_input; 383 bridge_output_p = bridge_output_serialized; 384 bridge_detach_cookie = EVENTHANDLER_REGISTER( 385 ifnet_detach_event, bridge_ifdetach, NULL, 386 EVENTHANDLER_PRI_ANY); 387 #if notyet 388 bstp_linkstate_p = bstp_linkstate; 389 #endif 390 break; 391 case MOD_UNLOAD: 392 if (!LIST_EMPTY(&bridge_list)) 393 return (EBUSY); 394 EVENTHANDLER_DEREGISTER(ifnet_detach_event, 395 bridge_detach_cookie); 396 if_clone_detach(&bridge_cloner); 397 bridge_input_p = NULL; 398 bridge_output_p = NULL; 399 #if notyet 400 bstp_linkstate_p = NULL; 401 #endif 402 break; 403 default: 404 return (EOPNOTSUPP); 405 } 406 return (0); 407 } 408 409 static moduledata_t bridge_mod = { 410 "if_bridge", 411 bridge_modevent, 412 0 413 }; 414 415 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 416 417 418 /* 419 * bridge_clone_create: 420 * 421 * Create a new bridge instance. 422 */ 423 static int 424 bridge_clone_create(struct if_clone *ifc, int unit) 425 { 426 struct bridge_softc *sc; 427 struct ifnet *ifp; 428 u_char eaddr[6]; 429 430 sc = kmalloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 431 ifp = sc->sc_ifp = &sc->sc_if; 432 433 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 434 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 435 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 436 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 437 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 438 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 439 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 440 441 /* Initialize our routing table. */ 442 bridge_rtable_init(sc); 443 444 callout_init(&sc->sc_brcallout); 445 callout_init(&sc->sc_bstpcallout); 446 447 LIST_INIT(&sc->sc_iflist); 448 LIST_INIT(&sc->sc_spanlist); 449 450 ifp->if_softc = sc; 451 if_initname(ifp, ifc->ifc_name, unit); 452 ifp->if_mtu = ETHERMTU; 453 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST; 454 ifp->if_ioctl = bridge_ioctl; 455 ifp->if_start = bridge_start; 456 ifp->if_init = bridge_init; 457 ifp->if_type = IFT_BRIDGE; 458 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 459 ifp->if_snd.ifq_maxlen = ifqmaxlen; 460 ifq_set_ready(&ifp->if_snd); 461 ifp->if_hdrlen = ETHER_HDR_LEN; 462 463 /* 464 * Generate a random ethernet address and use the private AC:DE:48 465 * OUI code. 466 */ 467 { 468 int rnd = karc4random(); 469 bcopy(&rnd, &eaddr[0], 4); /* ETHER_ADDR_LEN == 6 */ 470 rnd = karc4random(); 471 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */ 472 } 473 eaddr[0] &= ~1; /* clear multicast bit */ 474 eaddr[0] |= 2; /* set the LAA bit */ 475 476 ether_ifattach(ifp, eaddr, NULL); 477 /* Now undo some of the damage... */ 478 ifp->if_baudrate = 0; 479 ifp->if_type = IFT_BRIDGE; 480 481 crit_enter(); 482 LIST_INSERT_HEAD(&bridge_list, sc, sc_list); 483 crit_exit(); 484 485 return (0); 486 } 487 488 /* 489 * bridge_clone_destroy: 490 * 491 * Destroy a bridge instance. 492 */ 493 static void 494 bridge_clone_destroy(struct ifnet *ifp) 495 { 496 struct bridge_softc *sc = ifp->if_softc; 497 struct bridge_iflist *bif; 498 499 lwkt_serialize_enter(ifp->if_serializer); 500 501 bridge_stop(ifp); 502 ifp->if_flags &= ~IFF_UP; 503 504 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL) 505 bridge_delete_member(sc, bif, 0); 506 507 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) { 508 bridge_delete_span(sc, bif); 509 } 510 511 callout_stop(&sc->sc_brcallout); 512 callout_stop(&sc->sc_bstpcallout); 513 514 lwkt_serialize_exit(ifp->if_serializer); 515 516 crit_enter(); 517 LIST_REMOVE(sc, sc_list); 518 crit_exit(); 519 520 ether_ifdetach(ifp); 521 522 /* Tear down the routing table. */ 523 bridge_rtable_fini(sc); 524 525 kfree(sc, M_DEVBUF); 526 } 527 528 /* 529 * bridge_ioctl: 530 * 531 * Handle a control request from the operator. 532 */ 533 static int 534 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 535 { 536 struct bridge_softc *sc = ifp->if_softc; 537 union { 538 struct ifbreq ifbreq; 539 struct ifbifconf ifbifconf; 540 struct ifbareq ifbareq; 541 struct ifbaconf ifbaconf; 542 struct ifbrparam ifbrparam; 543 } args; 544 struct ifdrv *ifd = (struct ifdrv *) data; 545 const struct bridge_control *bc; 546 int error = 0; 547 548 ASSERT_SERIALIZED(ifp->if_serializer); 549 550 switch (cmd) { 551 case SIOCADDMULTI: 552 case SIOCDELMULTI: 553 break; 554 555 case SIOCGDRVSPEC: 556 case SIOCSDRVSPEC: 557 if (ifd->ifd_cmd >= bridge_control_table_size) { 558 error = EINVAL; 559 break; 560 } 561 bc = &bridge_control_table[ifd->ifd_cmd]; 562 563 if (cmd == SIOCGDRVSPEC && 564 (bc->bc_flags & BC_F_COPYOUT) == 0) { 565 error = EINVAL; 566 break; 567 } else if (cmd == SIOCSDRVSPEC && 568 (bc->bc_flags & BC_F_COPYOUT) != 0) { 569 error = EINVAL; 570 break; 571 } 572 573 if (bc->bc_flags & BC_F_SUSER) { 574 error = suser_cred(cr, NULL_CRED_OKAY); 575 if (error) 576 break; 577 } 578 579 if (ifd->ifd_len != bc->bc_argsize || 580 ifd->ifd_len > sizeof(args)) { 581 error = EINVAL; 582 break; 583 } 584 585 memset(&args, 0, sizeof(args)); 586 if (bc->bc_flags & BC_F_COPYIN) { 587 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 588 if (error) 589 break; 590 } 591 592 error = bc->bc_func(sc, &args); 593 if (error) 594 break; 595 596 if (bc->bc_flags & BC_F_COPYOUT) 597 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 598 break; 599 600 case SIOCSIFFLAGS: 601 if (!(ifp->if_flags & IFF_UP) && 602 (ifp->if_flags & IFF_RUNNING)) { 603 /* 604 * If interface is marked down and it is running, 605 * then stop it. 606 */ 607 bridge_stop(ifp); 608 } else if ((ifp->if_flags & IFF_UP) && 609 !(ifp->if_flags & IFF_RUNNING)) { 610 /* 611 * If interface is marked up and it is stopped, then 612 * start it. 613 */ 614 ifp->if_init(sc); 615 } 616 break; 617 618 case SIOCSIFMTU: 619 /* Do not allow the MTU to be changed on the bridge */ 620 error = EINVAL; 621 break; 622 623 default: 624 error = ether_ioctl(ifp, cmd, data); 625 break; 626 } 627 return (error); 628 } 629 630 /* 631 * bridge_mutecaps: 632 * 633 * Clear or restore unwanted capabilities on the member interface 634 */ 635 static void 636 bridge_mutecaps(struct bridge_iflist *bif, int mute) 637 { 638 struct ifnet *ifp = bif->bif_ifp; 639 struct ifreq ifr; 640 int error; 641 642 if (ifp->if_ioctl == NULL) 643 return; 644 645 bzero(&ifr, sizeof(ifr)); 646 ifr.ifr_reqcap = ifp->if_capenable; 647 648 if (mute) { 649 /* mask off and save capabilities */ 650 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK; 651 if (bif->bif_mutecap != 0) 652 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK; 653 } else 654 /* restore muted capabilities */ 655 ifr.ifr_reqcap |= bif->bif_mutecap; 656 657 if (bif->bif_mutecap != 0) { 658 lwkt_serialize_enter(ifp->if_serializer); 659 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr, NULL); 660 lwkt_serialize_exit(ifp->if_serializer); 661 } 662 } 663 664 /* 665 * bridge_lookup_member: 666 * 667 * Lookup a bridge member interface. 668 */ 669 static struct bridge_iflist * 670 bridge_lookup_member(struct bridge_softc *sc, const char *name) 671 { 672 struct bridge_iflist *bif; 673 struct ifnet *ifp; 674 675 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 676 ifp = bif->bif_ifp; 677 if (strcmp(ifp->if_xname, name) == 0) 678 return (bif); 679 } 680 681 return (NULL); 682 } 683 684 /* 685 * bridge_lookup_member_if: 686 * 687 * Lookup a bridge member interface by ifnet*. 688 */ 689 static struct bridge_iflist * 690 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp) 691 { 692 struct bridge_iflist *bif; 693 694 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 695 if (bif->bif_ifp == member_ifp) 696 return (bif); 697 } 698 699 return (NULL); 700 } 701 702 /* 703 * bridge_delete_member: 704 * 705 * Delete the specified member interface. 706 */ 707 static void 708 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif, 709 int gone) 710 { 711 struct ifnet *ifs = bif->bif_ifp; 712 713 if (!gone) { 714 switch (ifs->if_type) { 715 case IFT_ETHER: 716 case IFT_L2VLAN: 717 /* 718 * Take the interface out of promiscuous mode. 719 */ 720 (void) ifpromisc(ifs, 0); 721 bridge_mutecaps(bif, 0); 722 break; 723 724 case IFT_GIF: 725 break; 726 727 default: 728 #ifdef DIAGNOSTIC 729 panic("bridge_delete_member: impossible"); 730 #endif 731 break; 732 } 733 } 734 735 ifs->if_bridge = NULL; 736 LIST_REMOVE(bif, bif_next); 737 738 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL); 739 740 kfree(bif, M_DEVBUF); 741 742 if (sc->sc_ifp->if_flags & IFF_RUNNING) 743 bstp_initialization(sc); 744 } 745 746 /* 747 * bridge_delete_span: 748 * 749 * Delete the specified span interface. 750 */ 751 static void 752 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif) 753 { 754 KASSERT(bif->bif_ifp->if_bridge == NULL, 755 ("%s: not a span interface", __func__)); 756 757 LIST_REMOVE(bif, bif_next); 758 kfree(bif, M_DEVBUF); 759 } 760 761 static int 762 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 763 { 764 struct ifbreq *req = arg; 765 struct bridge_iflist *bif = NULL; 766 struct ifnet *ifs; 767 int error = 0; 768 769 ifs = ifunit(req->ifbr_ifsname); 770 if (ifs == NULL) 771 return (ENOENT); 772 773 /* If it's in the span list, it can't be a member. */ 774 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 775 if (ifs == bif->bif_ifp) 776 return (EBUSY); 777 778 /* Allow the first Ethernet member to define the MTU */ 779 if (ifs->if_type != IFT_GIF) { 780 if (LIST_EMPTY(&sc->sc_iflist)) 781 sc->sc_ifp->if_mtu = ifs->if_mtu; 782 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) { 783 if_printf(sc->sc_ifp, "invalid MTU for %s\n", 784 ifs->if_xname); 785 return (EINVAL); 786 } 787 } 788 789 if (ifs->if_bridge == sc) 790 return (EEXIST); 791 792 if (ifs->if_bridge != NULL) 793 return (EBUSY); 794 795 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 796 bif->bif_ifp = ifs; 797 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 798 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 799 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 800 801 switch (ifs->if_type) { 802 case IFT_ETHER: 803 case IFT_L2VLAN: 804 /* 805 * Place the interface into promiscuous mode. 806 */ 807 error = ifpromisc(ifs, 1); 808 if (error) 809 goto out; 810 811 bridge_mutecaps(bif, 1); 812 break; 813 814 case IFT_GIF: /* :^) */ 815 break; 816 817 default: 818 error = EINVAL; 819 goto out; 820 } 821 822 ifs->if_bridge = sc; 823 824 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next); 825 826 if (sc->sc_ifp->if_flags & IFF_RUNNING) 827 bstp_initialization(sc); 828 else 829 bstp_stop(sc); 830 831 out: 832 if (error) { 833 if (bif != NULL) 834 kfree(bif, M_DEVBUF); 835 } 836 return (error); 837 } 838 839 static int 840 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 841 { 842 struct ifbreq *req = arg; 843 struct bridge_iflist *bif; 844 845 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 846 if (bif == NULL) 847 return (ENOENT); 848 849 bridge_delete_member(sc, bif, 0); 850 851 return (0); 852 } 853 854 static int 855 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 856 { 857 struct ifbreq *req = arg; 858 struct bridge_iflist *bif; 859 860 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 861 if (bif == NULL) 862 return (ENOENT); 863 864 req->ifbr_ifsflags = bif->bif_flags; 865 req->ifbr_state = bif->bif_state; 866 req->ifbr_priority = bif->bif_priority; 867 req->ifbr_path_cost = bif->bif_path_cost; 868 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 869 870 return (0); 871 } 872 873 static int 874 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 875 { 876 struct ifbreq *req = arg; 877 struct bridge_iflist *bif; 878 879 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 880 if (bif == NULL) 881 return (ENOENT); 882 883 if (req->ifbr_ifsflags & IFBIF_SPAN) 884 /* SPAN is readonly */ 885 return (EINVAL); 886 887 if (req->ifbr_ifsflags & IFBIF_STP) { 888 switch (bif->bif_ifp->if_type) { 889 case IFT_ETHER: 890 /* These can do spanning tree. */ 891 break; 892 893 default: 894 /* Nothing else can. */ 895 return (EINVAL); 896 } 897 } 898 899 bif->bif_flags = req->ifbr_ifsflags; 900 901 if (sc->sc_ifp->if_flags & IFF_RUNNING) 902 bstp_initialization(sc); 903 904 return (0); 905 } 906 907 static int 908 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 909 { 910 struct ifbrparam *param = arg; 911 912 sc->sc_brtmax = param->ifbrp_csize; 913 bridge_rttrim(sc); 914 915 return (0); 916 } 917 918 static int 919 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 920 { 921 struct ifbrparam *param = arg; 922 923 param->ifbrp_csize = sc->sc_brtmax; 924 925 return (0); 926 } 927 928 static int 929 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 930 { 931 struct ifbifconf *bifc = arg; 932 struct bridge_iflist *bif; 933 struct ifbreq breq; 934 int count, len, error = 0; 935 936 count = 0; 937 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) 938 count++; 939 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 940 count++; 941 942 if (bifc->ifbic_len == 0) { 943 bifc->ifbic_len = sizeof(breq) * count; 944 return (0); 945 } 946 947 count = 0; 948 len = bifc->ifbic_len; 949 memset(&breq, 0, sizeof breq); 950 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 951 if (len < sizeof(breq)) 952 break; 953 954 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 955 sizeof(breq.ifbr_ifsname)); 956 breq.ifbr_ifsflags = bif->bif_flags; 957 breq.ifbr_state = bif->bif_state; 958 breq.ifbr_priority = bif->bif_priority; 959 breq.ifbr_path_cost = bif->bif_path_cost; 960 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 961 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 962 if (error) 963 break; 964 count++; 965 len -= sizeof(breq); 966 } 967 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 968 if (len < sizeof(breq)) 969 break; 970 971 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname, 972 sizeof(breq.ifbr_ifsname)); 973 breq.ifbr_ifsflags = bif->bif_flags; 974 breq.ifbr_state = bif->bif_state; 975 breq.ifbr_priority = bif->bif_priority; 976 breq.ifbr_path_cost = bif->bif_path_cost; 977 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff; 978 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq)); 979 if (error) 980 break; 981 count++; 982 len -= sizeof(breq); 983 } 984 985 bifc->ifbic_len = sizeof(breq) * count; 986 return (error); 987 } 988 989 static int 990 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 991 { 992 struct ifbaconf *bac = arg; 993 struct bridge_rtnode *brt; 994 struct ifbareq bareq; 995 int count = 0, error = 0, len; 996 997 if (bac->ifbac_len == 0) 998 return (0); 999 1000 len = bac->ifbac_len; 1001 memset(&bareq, 0, sizeof(bareq)); 1002 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { 1003 if (len < sizeof(bareq)) 1004 goto out; 1005 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1006 sizeof(bareq.ifba_ifsname)); 1007 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1008 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 1009 time_second < brt->brt_expire) 1010 bareq.ifba_expire = brt->brt_expire - time_second; 1011 else 1012 bareq.ifba_expire = 0; 1013 bareq.ifba_flags = brt->brt_flags; 1014 1015 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1016 if (error) 1017 goto out; 1018 count++; 1019 len -= sizeof(bareq); 1020 } 1021 out: 1022 bac->ifbac_len = sizeof(bareq) * count; 1023 return (error); 1024 } 1025 1026 static int 1027 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1028 { 1029 struct ifbareq *req = arg; 1030 struct bridge_iflist *bif; 1031 int error; 1032 1033 bif = bridge_lookup_member(sc, req->ifba_ifsname); 1034 if (bif == NULL) 1035 return (ENOENT); 1036 1037 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1038 req->ifba_flags); 1039 1040 return (error); 1041 } 1042 1043 static int 1044 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1045 { 1046 struct ifbrparam *param = arg; 1047 1048 sc->sc_brttimeout = param->ifbrp_ctime; 1049 1050 return (0); 1051 } 1052 1053 static int 1054 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1055 { 1056 struct ifbrparam *param = arg; 1057 1058 param->ifbrp_ctime = sc->sc_brttimeout; 1059 1060 return (0); 1061 } 1062 1063 static int 1064 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1065 { 1066 struct ifbareq *req = arg; 1067 1068 return (bridge_rtdaddr(sc, req->ifba_dst)); 1069 } 1070 1071 static int 1072 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1073 { 1074 struct ifbreq *req = arg; 1075 1076 bridge_rtflush(sc, req->ifbr_ifsflags); 1077 1078 return (0); 1079 } 1080 1081 static int 1082 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1083 { 1084 struct ifbrparam *param = arg; 1085 1086 param->ifbrp_prio = sc->sc_bridge_priority; 1087 1088 return (0); 1089 } 1090 1091 static int 1092 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1093 { 1094 struct ifbrparam *param = arg; 1095 1096 sc->sc_bridge_priority = param->ifbrp_prio; 1097 1098 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1099 bstp_initialization(sc); 1100 1101 return (0); 1102 } 1103 1104 static int 1105 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1106 { 1107 struct ifbrparam *param = arg; 1108 1109 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1110 1111 return (0); 1112 } 1113 1114 static int 1115 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1116 { 1117 struct ifbrparam *param = arg; 1118 1119 if (param->ifbrp_hellotime == 0) 1120 return (EINVAL); 1121 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1122 1123 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1124 bstp_initialization(sc); 1125 1126 return (0); 1127 } 1128 1129 static int 1130 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1131 { 1132 struct ifbrparam *param = arg; 1133 1134 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1135 1136 return (0); 1137 } 1138 1139 static int 1140 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1141 { 1142 struct ifbrparam *param = arg; 1143 1144 if (param->ifbrp_fwddelay == 0) 1145 return (EINVAL); 1146 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1147 1148 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1149 bstp_initialization(sc); 1150 1151 return (0); 1152 } 1153 1154 static int 1155 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1156 { 1157 struct ifbrparam *param = arg; 1158 1159 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1160 1161 return (0); 1162 } 1163 1164 static int 1165 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1166 { 1167 struct ifbrparam *param = arg; 1168 1169 if (param->ifbrp_maxage == 0) 1170 return (EINVAL); 1171 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1172 1173 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1174 bstp_initialization(sc); 1175 1176 return (0); 1177 } 1178 1179 static int 1180 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1181 { 1182 struct ifbreq *req = arg; 1183 struct bridge_iflist *bif; 1184 1185 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1186 if (bif == NULL) 1187 return (ENOENT); 1188 1189 bif->bif_priority = req->ifbr_priority; 1190 1191 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1192 bstp_initialization(sc); 1193 1194 return (0); 1195 } 1196 1197 static int 1198 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1199 { 1200 struct ifbreq *req = arg; 1201 struct bridge_iflist *bif; 1202 1203 bif = bridge_lookup_member(sc, req->ifbr_ifsname); 1204 if (bif == NULL) 1205 return (ENOENT); 1206 1207 bif->bif_path_cost = req->ifbr_path_cost; 1208 1209 if (sc->sc_ifp->if_flags & IFF_RUNNING) 1210 bstp_initialization(sc); 1211 1212 return (0); 1213 } 1214 1215 static int 1216 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg) 1217 { 1218 struct ifbreq *req = arg; 1219 struct bridge_iflist *bif = NULL; 1220 struct ifnet *ifs; 1221 1222 ifs = ifunit(req->ifbr_ifsname); 1223 if (ifs == NULL) 1224 return (ENOENT); 1225 1226 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1227 if (ifs == bif->bif_ifp) 1228 return (EBUSY); 1229 1230 if (ifs->if_bridge != NULL) 1231 return (EBUSY); 1232 1233 switch (ifs->if_type) { 1234 case IFT_ETHER: 1235 case IFT_GIF: 1236 case IFT_L2VLAN: 1237 break; 1238 default: 1239 return (EINVAL); 1240 } 1241 1242 bif = kmalloc(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO); 1243 if (bif == NULL) 1244 return (ENOMEM); 1245 1246 bif->bif_ifp = ifs; 1247 bif->bif_flags = IFBIF_SPAN; 1248 1249 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next); 1250 1251 return (0); 1252 } 1253 1254 static int 1255 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg) 1256 { 1257 struct ifbreq *req = arg; 1258 struct bridge_iflist *bif; 1259 struct ifnet *ifs; 1260 1261 ifs = ifunit(req->ifbr_ifsname); 1262 if (ifs == NULL) 1263 return (ENOENT); 1264 1265 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1266 if (ifs == bif->bif_ifp) 1267 break; 1268 1269 if (bif == NULL) 1270 return (ENOENT); 1271 1272 bridge_delete_span(sc, bif); 1273 1274 return (0); 1275 } 1276 1277 /* 1278 * bridge_ifdetach: 1279 * 1280 * Detach an interface from a bridge. Called when a member 1281 * interface is detaching. 1282 */ 1283 static void 1284 bridge_ifdetach(void *arg __unused, struct ifnet *ifp) 1285 { 1286 struct bridge_softc *sc = ifp->if_bridge; 1287 struct bridge_iflist *bif; 1288 1289 /* Check if the interface is a bridge member */ 1290 if (sc != NULL) { 1291 lwkt_serialize_enter(ifp->if_serializer); 1292 1293 bif = bridge_lookup_member_if(sc, ifp); 1294 if (bif != NULL) 1295 bridge_delete_member(sc, bif, 1); 1296 1297 lwkt_serialize_exit(ifp->if_serializer); 1298 return; 1299 } 1300 1301 /* Check if the interface is a span port */ 1302 LIST_FOREACH(sc, &bridge_list, sc_list) { 1303 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) 1304 if (ifp == bif->bif_ifp) { 1305 bridge_delete_span(sc, bif); 1306 break; 1307 } 1308 } 1309 } 1310 1311 /* 1312 * bridge_init: 1313 * 1314 * Initialize a bridge interface. 1315 */ 1316 static void 1317 bridge_init(void *xsc) 1318 { 1319 struct bridge_softc *sc = (struct bridge_softc *)xsc; 1320 struct ifnet *ifp = sc->sc_ifp; 1321 1322 ASSERT_SERIALIZED(ifp->if_serializer); 1323 1324 if (ifp->if_flags & IFF_RUNNING) 1325 return; 1326 1327 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1328 bridge_timer, sc); 1329 1330 ifp->if_flags |= IFF_RUNNING; 1331 bstp_initialization(sc); 1332 return; 1333 } 1334 1335 /* 1336 * bridge_stop: 1337 * 1338 * Stop the bridge interface. 1339 */ 1340 static void 1341 bridge_stop(struct ifnet *ifp) 1342 { 1343 struct bridge_softc *sc = ifp->if_softc; 1344 1345 ASSERT_SERIALIZED(ifp->if_serializer); 1346 1347 if ((ifp->if_flags & IFF_RUNNING) == 0) 1348 return; 1349 1350 callout_stop(&sc->sc_brcallout); 1351 bstp_stop(sc); 1352 1353 bridge_rtflush(sc, IFBF_FLUSHDYN); 1354 1355 ifp->if_flags &= ~IFF_RUNNING; 1356 } 1357 1358 static void 1359 bridge_enqueue_internal(struct ifnet *dst_ifp, struct mbuf *m, 1360 netisr_fn_t handler) 1361 { 1362 struct netmsg_packet *nmp; 1363 lwkt_port_t port; 1364 int cpu = mycpu->gd_cpuid; 1365 1366 while (m->m_type == MT_TAG) { 1367 /* XXX see ether_output_frame for full rules check */ 1368 m = m->m_next; 1369 } 1370 1371 nmp = &m->m_hdr.mh_netmsg; 1372 netmsg_init(&nmp->nm_netmsg, &netisr_apanic_rport, 0, handler); 1373 nmp->nm_packet = m; 1374 nmp->nm_netmsg.nm_lmsg.u.ms_resultp = dst_ifp; 1375 1376 port = cpu_portfn(cpu); 1377 lwkt_sendmsg(port, &nmp->nm_netmsg.nm_lmsg); 1378 } 1379 1380 static void 1381 bridge_pfil_enqueue(struct ifnet *dst_ifp, struct mbuf *m, 1382 int runfilt) 1383 { 1384 netisr_fn_t handler; 1385 1386 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1387 #ifdef INET6 1388 || inet6_pfil_hook.ph_hashooks > 0 1389 #endif 1390 )) { 1391 handler = bridge_pfil_enqueue_handler; 1392 } else { 1393 handler = bridge_enqueue_handler; 1394 } 1395 bridge_enqueue_internal(dst_ifp, m, handler); 1396 } 1397 1398 /* 1399 * bridge_enqueue: 1400 * 1401 * Enqueue a packet on a bridge member interface. 1402 * 1403 */ 1404 void 1405 bridge_enqueue(struct ifnet *dst_ifp, struct mbuf *m) 1406 { 1407 bridge_enqueue_internal(dst_ifp, m, bridge_enqueue_handler); 1408 } 1409 1410 /* 1411 * bridge_output_serialized: 1412 * 1413 * Send output from a bridge member interface. This 1414 * performs the bridging function for locally originated 1415 * packets. 1416 * 1417 * The mbuf has the Ethernet header already attached. We must 1418 * enqueue or free the mbuf before returning. 1419 */ 1420 static int 1421 bridge_output_serialized(struct ifnet *ifp, struct mbuf *m, 1422 struct sockaddr *sa, struct rtentry *rt) 1423 { 1424 struct ether_header *eh; 1425 struct ifnet *dst_if; 1426 struct bridge_softc *sc; 1427 1428 sc = ifp->if_bridge; 1429 1430 ASSERT_SERIALIZED(ifp->if_serializer); 1431 1432 if (m->m_len < ETHER_HDR_LEN) { 1433 m = m_pullup(m, ETHER_HDR_LEN); 1434 if (m == NULL) 1435 return (0); 1436 } 1437 1438 /* 1439 * Serialize our bridge interface. We have to get rid of the 1440 * originating interface lock to avoid a deadlock. 1441 */ 1442 lwkt_serialize_exit(ifp->if_serializer); 1443 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 1444 1445 eh = mtod(m, struct ether_header *); 1446 1447 /* 1448 * If bridge is down, but the original output interface is up, 1449 * go ahead and send out that interface. Otherwise, the packet 1450 * is dropped below. 1451 */ 1452 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0) { 1453 dst_if = ifp; 1454 goto sendunicast; 1455 } 1456 1457 /* 1458 * If the packet is a multicast, or we don't know a better way to 1459 * get there, send to all interfaces. 1460 */ 1461 if (ETHER_IS_MULTICAST(eh->ether_dhost)) 1462 dst_if = NULL; 1463 else 1464 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1465 if (dst_if == NULL) { 1466 struct bridge_iflist *bif; 1467 struct mbuf *mc; 1468 int used = 0; 1469 1470 bridge_span(sc, m); 1471 1472 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1473 dst_if = bif->bif_ifp; 1474 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1475 continue; 1476 1477 /* 1478 * If this is not the original output interface, 1479 * and the interface is participating in spanning 1480 * tree, make sure the port is in a state that 1481 * allows forwarding. 1482 */ 1483 if (dst_if != ifp && 1484 (bif->bif_flags & IFBIF_STP) != 0) { 1485 switch (bif->bif_state) { 1486 case BSTP_IFSTATE_BLOCKING: 1487 case BSTP_IFSTATE_LISTENING: 1488 case BSTP_IFSTATE_DISABLED: 1489 continue; 1490 } 1491 } 1492 1493 if (LIST_NEXT(bif, bif_next) == NULL) { 1494 used = 1; 1495 mc = m; 1496 } else { 1497 mc = m_copypacket(m, MB_DONTWAIT); 1498 if (mc == NULL) { 1499 sc->sc_ifp->if_oerrors++; 1500 continue; 1501 } 1502 } 1503 bridge_enqueue(dst_if, mc); 1504 } 1505 if (used == 0) 1506 m_freem(m); 1507 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1508 goto done; 1509 } 1510 1511 sendunicast: 1512 /* 1513 * XXX Spanning tree consideration here? 1514 */ 1515 1516 bridge_span(sc, m); 1517 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 1518 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1519 m_freem(m); 1520 } else { 1521 bridge_enqueue(dst_if, m); 1522 } 1523 done: 1524 lwkt_serialize_enter(ifp->if_serializer); 1525 return (0); 1526 } 1527 1528 /* 1529 * bridge_start: 1530 * 1531 * Start output on a bridge. 1532 * 1533 */ 1534 static void 1535 bridge_start(struct ifnet *ifp) 1536 { 1537 struct bridge_softc *sc = ifp->if_softc; 1538 1539 ASSERT_SERIALIZED(ifp->if_serializer); 1540 1541 ifp->if_flags |= IFF_OACTIVE; 1542 for (;;) { 1543 struct ifnet *dst_if = NULL; 1544 struct ether_header *eh; 1545 struct mbuf *m; 1546 1547 m = ifq_dequeue(&ifp->if_snd, NULL); 1548 if (m == NULL) 1549 break; 1550 1551 if (m->m_len < sizeof(*eh)) { 1552 m = m_pullup(m, sizeof(*eh)); 1553 if (m == NULL) { 1554 ifp->if_oerrors++; 1555 continue; 1556 } 1557 } 1558 eh = mtod(m, struct ether_header *); 1559 1560 BPF_MTAP(ifp, m); 1561 ifp->if_opackets++; 1562 1563 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) 1564 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1565 1566 if (dst_if == NULL) 1567 bridge_broadcast(sc, ifp, m, 0); 1568 else 1569 bridge_enqueue(dst_if, m); 1570 } 1571 ifp->if_flags &= ~IFF_OACTIVE; 1572 } 1573 1574 /* 1575 * bridge_forward: 1576 * 1577 * The forwarding function of the bridge. 1578 */ 1579 static void 1580 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1581 { 1582 struct bridge_iflist *bif; 1583 struct ifnet *src_if, *dst_if, *ifp; 1584 struct ether_header *eh; 1585 1586 src_if = m->m_pkthdr.rcvif; 1587 ifp = sc->sc_ifp; 1588 1589 ASSERT_SERIALIZED(ifp->if_serializer); 1590 1591 ifp->if_ipackets++; 1592 ifp->if_ibytes += m->m_pkthdr.len; 1593 1594 /* 1595 * Look up the bridge_iflist. 1596 */ 1597 bif = bridge_lookup_member_if(sc, src_if); 1598 if (bif == NULL) { 1599 /* Interface is not a bridge member (anymore?) */ 1600 m_freem(m); 1601 return; 1602 } 1603 1604 if (bif->bif_flags & IFBIF_STP) { 1605 switch (bif->bif_state) { 1606 case BSTP_IFSTATE_BLOCKING: 1607 case BSTP_IFSTATE_LISTENING: 1608 case BSTP_IFSTATE_DISABLED: 1609 m_freem(m); 1610 return; 1611 } 1612 } 1613 1614 eh = mtod(m, struct ether_header *); 1615 1616 /* 1617 * If the interface is learning, and the source 1618 * address is valid and not multicast, record 1619 * the address. 1620 */ 1621 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1622 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1623 (eh->ether_shost[0] == 0 && 1624 eh->ether_shost[1] == 0 && 1625 eh->ether_shost[2] == 0 && 1626 eh->ether_shost[3] == 0 && 1627 eh->ether_shost[4] == 0 && 1628 eh->ether_shost[5] == 0) == 0) { 1629 bridge_rtupdate(sc, eh->ether_shost, src_if, 0, IFBAF_DYNAMIC); 1630 } 1631 1632 if ((bif->bif_flags & IFBIF_STP) != 0 && 1633 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1634 m_freem(m); 1635 return; 1636 } 1637 1638 /* 1639 * At this point, the port either doesn't participate 1640 * in spanning tree or it is in the forwarding state. 1641 */ 1642 1643 /* 1644 * If the packet is unicast, destined for someone on 1645 * "this" side of the bridge, drop it. 1646 */ 1647 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1648 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1649 if (src_if == dst_if) { 1650 m_freem(m); 1651 return; 1652 } 1653 } else { 1654 /* ...forward it to all interfaces. */ 1655 sc->sc_ifp->if_imcasts++; 1656 dst_if = NULL; 1657 } 1658 1659 if (dst_if == NULL) { 1660 bridge_broadcast(sc, src_if, m, 1); 1661 return; 1662 } 1663 1664 /* 1665 * At this point, we're dealing with a unicast frame 1666 * going to a different interface. 1667 */ 1668 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1669 m_freem(m); 1670 return; 1671 } 1672 bif = bridge_lookup_member_if(sc, dst_if); 1673 if (bif == NULL) { 1674 /* Not a member of the bridge (anymore?) */ 1675 m_freem(m); 1676 return; 1677 } 1678 1679 if (bif->bif_flags & IFBIF_STP) { 1680 switch (bif->bif_state) { 1681 case BSTP_IFSTATE_DISABLED: 1682 case BSTP_IFSTATE_BLOCKING: 1683 m_freem(m); 1684 return; 1685 } 1686 } 1687 1688 lwkt_serialize_exit(ifp->if_serializer); 1689 1690 /* run the packet filter */ 1691 if (inet_pfil_hook.ph_hashooks > 0 1692 #ifdef INET6 1693 || inet6_pfil_hook.ph_hashooks > 0 1694 #endif 1695 ) { 1696 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0) 1697 goto done; 1698 if (m == NULL) 1699 goto done; 1700 1701 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0) 1702 goto done; 1703 if (m == NULL) 1704 goto done; 1705 } 1706 bridge_handoff(dst_if, m); 1707 1708 /* 1709 * ifp's serializer was held on entry and is expected to be held 1710 * on return. 1711 */ 1712 done: 1713 lwkt_serialize_enter(ifp->if_serializer); 1714 } 1715 1716 /* 1717 * bridge_input: 1718 * 1719 * Receive input from a member interface. Queue the packet for 1720 * bridging if it is not for us. 1721 */ 1722 static struct mbuf * 1723 bridge_input(struct ifnet *ifp, struct mbuf *m) 1724 { 1725 struct bridge_softc *sc = ifp->if_bridge; 1726 struct bridge_iflist *bif; 1727 struct ifnet *bifp, *new_ifp; 1728 struct ether_header *eh; 1729 struct mbuf *mc, *mc2; 1730 1731 new_ifp = NULL; 1732 bifp = sc->sc_ifp; 1733 1734 lwkt_serialize_enter(bifp->if_serializer); 1735 1736 if ((bifp->if_flags & IFF_RUNNING) == 0) 1737 goto out; 1738 1739 /* 1740 * Implement support for bridge monitoring. If this flag has been 1741 * set on this interface, discard the packet once we push it through 1742 * the bpf(4) machinery, but before we do, increment the byte and 1743 * packet counters associated with this interface. 1744 */ 1745 if ((bifp->if_flags & IFF_MONITOR) != 0) { 1746 m->m_pkthdr.rcvif = bifp; 1747 BPF_MTAP(bifp, m); 1748 bifp->if_ipackets++; 1749 bifp->if_ibytes += m->m_pkthdr.len; 1750 m_freem(m); 1751 m = NULL; 1752 goto out; 1753 } 1754 1755 eh = mtod(m, struct ether_header *); 1756 1757 m->m_flags &= ~M_PROTO1; /* XXX Hack - loop prevention */ 1758 1759 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0) { 1760 /* 1761 * If the packet is for us, set the packets source as the 1762 * bridge, and return the packet back to ifnet.if_input for 1763 * local processing. 1764 */ 1765 KASSERT(bifp->if_bridge == NULL, 1766 ("loop created in bridge_input")); 1767 new_ifp = bifp; 1768 goto out; 1769 } 1770 1771 /* 1772 * Tap all packets arriving on the bridge, no matter if 1773 * they are local destinations or not. In is in. 1774 */ 1775 BPF_MTAP(bifp, m); 1776 1777 bif = bridge_lookup_member_if(sc, ifp); 1778 if (bif == NULL) 1779 goto out; 1780 1781 bridge_span(sc, m); 1782 1783 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1784 /* Tap off 802.1D packets; they do not get forwarded. */ 1785 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1786 ETHER_ADDR_LEN) == 0) { 1787 m = bstp_input(ifp, m); 1788 KASSERT(m == NULL, 1789 ("attempt to deliver 802.1D packet\n")); 1790 goto out; 1791 } 1792 1793 if (bif->bif_flags & IFBIF_STP) { 1794 switch (bif->bif_state) { 1795 case BSTP_IFSTATE_BLOCKING: 1796 case BSTP_IFSTATE_LISTENING: 1797 case BSTP_IFSTATE_DISABLED: 1798 goto out; 1799 } 1800 } 1801 1802 if (bcmp(etherbroadcastaddr, eh->ether_dhost, 1803 sizeof(etherbroadcastaddr)) == 0) 1804 m->m_flags |= M_BCAST; 1805 else 1806 m->m_flags |= M_MCAST; 1807 1808 /* 1809 * Make a deep copy of the packet and enqueue the copy 1810 * for bridge processing; return the original packet for 1811 * local processing. 1812 */ 1813 mc = m_dup(m, MB_DONTWAIT); 1814 if (mc == NULL) 1815 goto out; 1816 1817 bridge_forward(sc, mc); 1818 1819 /* 1820 * Reinject the mbuf as arriving on the bridge so we have a 1821 * chance at claiming multicast packets. We can not loop back 1822 * here from ether_input as a bridge is never a member of a 1823 * bridge. 1824 */ 1825 KASSERT(bifp->if_bridge == NULL, 1826 ("loop created in bridge_input")); 1827 mc2 = m_dup(m, MB_DONTWAIT); 1828 #ifdef notyet 1829 if (mc2 != NULL) { 1830 /* Keep the layer3 header aligned */ 1831 int i = min(mc2->m_pkthdr.len, max_protohdr); 1832 mc2 = m_copyup(mc2, i, ETHER_ALIGN); 1833 } 1834 #endif 1835 if (mc2 != NULL) { 1836 mc2->m_pkthdr.rcvif = bifp; 1837 bifp->if_ipackets++; 1838 bifp->if_input(bifp, mc2); 1839 } 1840 1841 /* Return the original packet for local processing. */ 1842 goto out; 1843 } 1844 1845 if (bif->bif_flags & IFBIF_STP) { 1846 switch (bif->bif_state) { 1847 case BSTP_IFSTATE_BLOCKING: 1848 case BSTP_IFSTATE_LISTENING: 1849 case BSTP_IFSTATE_DISABLED: 1850 goto out; 1851 } 1852 } 1853 1854 /* 1855 * Unicast. Make sure it's not for us. 1856 */ 1857 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1858 if (bif->bif_ifp->if_type != IFT_ETHER) 1859 continue; 1860 1861 /* It is destined for us. */ 1862 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost, 1863 ETHER_ADDR_LEN) == 0) { 1864 if (bif->bif_flags & IFBIF_LEARNING) { 1865 bridge_rtupdate(sc, 1866 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1867 } 1868 1869 if (bif->bif_ifp != ifp) { 1870 /* XXX loop prevention */ 1871 m->m_flags |= M_PROTO1; 1872 new_ifp = bif->bif_ifp; 1873 } 1874 goto out; 1875 } 1876 1877 /* We just received a packet that we sent out. */ 1878 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost, 1879 ETHER_ADDR_LEN) == 0) { 1880 m_freem(m); 1881 m = NULL; 1882 goto out; 1883 } 1884 } 1885 1886 /* Perform the bridge forwarding function. */ 1887 bridge_forward(sc, m); 1888 m = NULL; 1889 out: 1890 lwkt_serialize_exit(bifp->if_serializer); 1891 1892 if (new_ifp != NULL) { 1893 lwkt_serialize_enter(new_ifp->if_serializer); 1894 1895 m->m_pkthdr.rcvif = new_ifp; 1896 new_ifp->if_ipackets++; 1897 new_ifp->if_input(new_ifp, m); 1898 m = NULL; 1899 1900 lwkt_serialize_exit(new_ifp->if_serializer); 1901 } 1902 return (m); 1903 } 1904 1905 /* 1906 * bridge_broadcast: 1907 * 1908 * Send a frame to all interfaces that are members of 1909 * the bridge, except for the one on which the packet 1910 * arrived. 1911 */ 1912 static void 1913 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 1914 struct mbuf *m, int runfilt) 1915 { 1916 struct bridge_iflist *bif; 1917 struct mbuf *mc; 1918 struct ifnet *dst_if, *bifp; 1919 int used = 0; 1920 1921 bifp = sc->sc_ifp; 1922 1923 ASSERT_SERIALIZED(bifp->if_serializer); 1924 1925 /* run the packet filter */ 1926 if (runfilt && (inet_pfil_hook.ph_hashooks > 0 1927 #ifdef INET6 1928 || inet6_pfil_hook.ph_hashooks > 0 1929 #endif 1930 )) { 1931 lwkt_serialize_exit(bifp->if_serializer); 1932 1933 /* Filter on the bridge interface before broadcasting */ 1934 1935 if (bridge_pfil(&m, bifp, src_if, PFIL_IN) != 0) 1936 goto filt; 1937 if (m == NULL) 1938 goto filt; 1939 1940 if (bridge_pfil(&m, bifp, NULL, PFIL_OUT) != 0) 1941 m = NULL; 1942 filt: 1943 lwkt_serialize_enter(bifp->if_serializer); 1944 if (m == NULL) 1945 return; 1946 } 1947 1948 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 1949 dst_if = bif->bif_ifp; 1950 if (dst_if == src_if) 1951 continue; 1952 1953 if (bif->bif_flags & IFBIF_STP) { 1954 switch (bif->bif_state) { 1955 case BSTP_IFSTATE_BLOCKING: 1956 case BSTP_IFSTATE_DISABLED: 1957 continue; 1958 } 1959 } 1960 1961 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1962 (m->m_flags & (M_BCAST|M_MCAST)) == 0) 1963 continue; 1964 1965 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1966 continue; 1967 1968 if (LIST_NEXT(bif, bif_next) == NULL) { 1969 mc = m; 1970 used = 1; 1971 } else { 1972 mc = m_copypacket(m, MB_DONTWAIT); 1973 if (mc == NULL) { 1974 sc->sc_ifp->if_oerrors++; 1975 continue; 1976 } 1977 } 1978 bridge_pfil_enqueue(dst_if, mc, runfilt); 1979 } 1980 if (used == 0) 1981 m_freem(m); 1982 } 1983 1984 /* 1985 * bridge_span: 1986 * 1987 * Duplicate a packet out one or more interfaces that are in span mode, 1988 * the original mbuf is unmodified. 1989 */ 1990 static void 1991 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1992 { 1993 struct bridge_iflist *bif; 1994 struct ifnet *dst_if; 1995 struct mbuf *mc; 1996 1997 if (LIST_EMPTY(&sc->sc_spanlist)) 1998 return; 1999 2000 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 2001 dst_if = bif->bif_ifp; 2002 2003 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2004 continue; 2005 2006 mc = m_copypacket(m, MB_DONTWAIT); 2007 if (mc == NULL) { 2008 sc->sc_ifp->if_oerrors++; 2009 continue; 2010 } 2011 2012 bridge_enqueue(dst_if, mc); 2013 } 2014 } 2015 2016 /* 2017 * bridge_rtupdate: 2018 * 2019 * Add a bridge routing entry. 2020 * Can be called from interrupt context. 2021 */ 2022 static int 2023 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2024 struct ifnet *dst_if, int setflags, uint8_t flags) 2025 { 2026 struct bridge_rtnode *brt; 2027 int error; 2028 2029 /* 2030 * A route for this destination might already exist. If so, 2031 * update it, otherwise create a new one. 2032 */ 2033 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) { 2034 if (sc->sc_brtcnt >= sc->sc_brtmax) 2035 return (ENOSPC); 2036 2037 /* 2038 * Allocate a new bridge forwarding node, and 2039 * initialize the expiration time and Ethernet 2040 * address. 2041 */ 2042 brt = kmalloc(sizeof(struct bridge_rtnode), M_DEVBUF, 2043 M_INTNOWAIT|M_ZERO); 2044 if (brt == NULL) 2045 return (ENOMEM); 2046 2047 brt->brt_flags = IFBAF_DYNAMIC; 2048 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2049 2050 if ((error = bridge_rtnode_insert(sc, brt)) != 0) { 2051 kfree(brt, M_DEVBUF); 2052 return (error); 2053 } 2054 } 2055 2056 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2057 brt->brt_ifp = dst_if; 2058 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2059 brt->brt_expire = time_second + sc->sc_brttimeout; 2060 if (setflags) 2061 brt->brt_flags = flags; 2062 2063 return (0); 2064 } 2065 2066 /* 2067 * bridge_rtlookup: 2068 * 2069 * Lookup the destination interface for an address. 2070 */ 2071 static struct ifnet * 2072 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2073 { 2074 struct bridge_rtnode *brt; 2075 2076 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2077 return (NULL); 2078 2079 return (brt->brt_ifp); 2080 } 2081 2082 /* 2083 * bridge_rttrim: 2084 * 2085 * Trim the routine table so that we have a number 2086 * of routing entries less than or equal to the 2087 * maximum number. 2088 */ 2089 static void 2090 bridge_rttrim(struct bridge_softc *sc) 2091 { 2092 struct bridge_rtnode *brt, *nbrt; 2093 2094 /* Make sure we actually need to do this. */ 2095 if (sc->sc_brtcnt <= sc->sc_brtmax) 2096 return; 2097 2098 /* Force an aging cycle; this might trim enough addresses. */ 2099 bridge_rtage(sc); 2100 if (sc->sc_brtcnt <= sc->sc_brtmax) 2101 return; 2102 2103 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2104 nbrt = LIST_NEXT(brt, brt_list); 2105 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2106 bridge_rtnode_destroy(sc, brt); 2107 if (sc->sc_brtcnt <= sc->sc_brtmax) 2108 return; 2109 } 2110 } 2111 } 2112 2113 /* 2114 * bridge_timer: 2115 * 2116 * Aging timer for the bridge. 2117 */ 2118 static void 2119 bridge_timer(void *arg) 2120 { 2121 struct bridge_softc *sc = arg; 2122 2123 lwkt_serialize_enter(sc->sc_ifp->if_serializer); 2124 2125 bridge_rtage(sc); 2126 2127 if (sc->sc_ifp->if_flags & IFF_RUNNING) 2128 callout_reset(&sc->sc_brcallout, 2129 bridge_rtable_prune_period * hz, bridge_timer, sc); 2130 2131 lwkt_serialize_exit(sc->sc_ifp->if_serializer); 2132 } 2133 2134 /* 2135 * bridge_rtage: 2136 * 2137 * Perform an aging cycle. 2138 */ 2139 static void 2140 bridge_rtage(struct bridge_softc *sc) 2141 { 2142 struct bridge_rtnode *brt, *nbrt; 2143 2144 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2145 nbrt = LIST_NEXT(brt, brt_list); 2146 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2147 if (time_second >= brt->brt_expire) 2148 bridge_rtnode_destroy(sc, brt); 2149 } 2150 } 2151 } 2152 2153 /* 2154 * bridge_rtflush: 2155 * 2156 * Remove all dynamic addresses from the bridge. 2157 */ 2158 static void 2159 bridge_rtflush(struct bridge_softc *sc, int full) 2160 { 2161 struct bridge_rtnode *brt, *nbrt; 2162 2163 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2164 nbrt = LIST_NEXT(brt, brt_list); 2165 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2166 bridge_rtnode_destroy(sc, brt); 2167 } 2168 } 2169 2170 /* 2171 * bridge_rtdaddr: 2172 * 2173 * Remove an address from the table. 2174 */ 2175 static int 2176 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2177 { 2178 struct bridge_rtnode *brt; 2179 2180 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) 2181 return (ENOENT); 2182 2183 bridge_rtnode_destroy(sc, brt); 2184 return (0); 2185 } 2186 2187 /* 2188 * bridge_rtdelete: 2189 * 2190 * Delete routes to a speicifc member interface. 2191 */ 2192 void 2193 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full) 2194 { 2195 struct bridge_rtnode *brt, *nbrt; 2196 2197 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) { 2198 nbrt = LIST_NEXT(brt, brt_list); 2199 if (brt->brt_ifp == ifp && (full || 2200 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)) 2201 bridge_rtnode_destroy(sc, brt); 2202 } 2203 } 2204 2205 /* 2206 * bridge_rtable_init: 2207 * 2208 * Initialize the route table for this bridge. 2209 */ 2210 static int 2211 bridge_rtable_init(struct bridge_softc *sc) 2212 { 2213 int i; 2214 2215 sc->sc_rthash = kmalloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2216 M_DEVBUF, M_WAITOK); 2217 2218 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2219 LIST_INIT(&sc->sc_rthash[i]); 2220 2221 sc->sc_rthash_key = karc4random(); 2222 2223 LIST_INIT(&sc->sc_rtlist); 2224 2225 return (0); 2226 } 2227 2228 /* 2229 * bridge_rtable_fini: 2230 * 2231 * Deconstruct the route table for this bridge. 2232 */ 2233 static void 2234 bridge_rtable_fini(struct bridge_softc *sc) 2235 { 2236 2237 kfree(sc->sc_rthash, M_DEVBUF); 2238 } 2239 2240 /* 2241 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2242 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2243 */ 2244 #define mix(a, b, c) \ 2245 do { \ 2246 a -= b; a -= c; a ^= (c >> 13); \ 2247 b -= c; b -= a; b ^= (a << 8); \ 2248 c -= a; c -= b; c ^= (b >> 13); \ 2249 a -= b; a -= c; a ^= (c >> 12); \ 2250 b -= c; b -= a; b ^= (a << 16); \ 2251 c -= a; c -= b; c ^= (b >> 5); \ 2252 a -= b; a -= c; a ^= (c >> 3); \ 2253 b -= c; b -= a; b ^= (a << 10); \ 2254 c -= a; c -= b; c ^= (b >> 15); \ 2255 } while (/*CONSTCOND*/0) 2256 2257 static __inline uint32_t 2258 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2259 { 2260 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2261 2262 b += addr[5] << 8; 2263 b += addr[4]; 2264 a += addr[3] << 24; 2265 a += addr[2] << 16; 2266 a += addr[1] << 8; 2267 a += addr[0]; 2268 2269 mix(a, b, c); 2270 2271 return (c & BRIDGE_RTHASH_MASK); 2272 } 2273 2274 #undef mix 2275 2276 static int 2277 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b) 2278 { 2279 int i, d; 2280 2281 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) { 2282 d = ((int)a[i]) - ((int)b[i]); 2283 } 2284 2285 return (d); 2286 } 2287 2288 /* 2289 * bridge_rtnode_lookup: 2290 * 2291 * Look up a bridge route node for the specified destination. 2292 */ 2293 static struct bridge_rtnode * 2294 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2295 { 2296 struct bridge_rtnode *brt; 2297 uint32_t hash; 2298 int dir; 2299 2300 hash = bridge_rthash(sc, addr); 2301 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) { 2302 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr); 2303 if (dir == 0) 2304 return (brt); 2305 if (dir > 0) 2306 return (NULL); 2307 } 2308 2309 return (NULL); 2310 } 2311 2312 /* 2313 * bridge_rtnode_insert: 2314 * 2315 * Insert the specified bridge node into the route table. We 2316 * assume the entry is not already in the table. 2317 */ 2318 static int 2319 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2320 { 2321 struct bridge_rtnode *lbrt; 2322 uint32_t hash; 2323 int dir; 2324 2325 hash = bridge_rthash(sc, brt->brt_addr); 2326 2327 lbrt = LIST_FIRST(&sc->sc_rthash[hash]); 2328 if (lbrt == NULL) { 2329 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash); 2330 goto out; 2331 } 2332 2333 do { 2334 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr); 2335 if (dir == 0) 2336 return (EEXIST); 2337 if (dir > 0) { 2338 LIST_INSERT_BEFORE(lbrt, brt, brt_hash); 2339 goto out; 2340 } 2341 if (LIST_NEXT(lbrt, brt_hash) == NULL) { 2342 LIST_INSERT_AFTER(lbrt, brt, brt_hash); 2343 goto out; 2344 } 2345 lbrt = LIST_NEXT(lbrt, brt_hash); 2346 } while (lbrt != NULL); 2347 2348 #ifdef DIAGNOSTIC 2349 panic("bridge_rtnode_insert: impossible"); 2350 #endif 2351 2352 out: 2353 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list); 2354 sc->sc_brtcnt++; 2355 2356 return (0); 2357 } 2358 2359 /* 2360 * bridge_rtnode_destroy: 2361 * 2362 * Destroy a bridge rtnode. 2363 */ 2364 static void 2365 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt) 2366 { 2367 2368 LIST_REMOVE(brt, brt_hash); 2369 2370 LIST_REMOVE(brt, brt_list); 2371 sc->sc_brtcnt--; 2372 kfree(brt, M_DEVBUF); 2373 } 2374 2375 /* 2376 * Send bridge packets through pfil if they are one of the types pfil can deal 2377 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without 2378 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for 2379 * that interface. 2380 */ 2381 static int 2382 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) 2383 { 2384 int snap, error, i, hlen; 2385 struct ether_header *eh1, eh2; 2386 struct ip *ip; 2387 struct llc llc1; 2388 u_int16_t ether_type; 2389 2390 snap = 0; 2391 error = -1; /* Default error if not error == 0 */ 2392 2393 if (pfil_bridge == 0 && pfil_member == 0) 2394 return (0); /* filtering is disabled */ 2395 2396 i = min((*mp)->m_pkthdr.len, max_protohdr); 2397 if ((*mp)->m_len < i) { 2398 *mp = m_pullup(*mp, i); 2399 if (*mp == NULL) { 2400 kprintf("%s: m_pullup failed\n", __func__); 2401 return (-1); 2402 } 2403 } 2404 2405 eh1 = mtod(*mp, struct ether_header *); 2406 ether_type = ntohs(eh1->ether_type); 2407 2408 /* 2409 * Check for SNAP/LLC. 2410 */ 2411 if (ether_type < ETHERMTU) { 2412 struct llc *llc2 = (struct llc *)(eh1 + 1); 2413 2414 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2415 llc2->llc_dsap == LLC_SNAP_LSAP && 2416 llc2->llc_ssap == LLC_SNAP_LSAP && 2417 llc2->llc_control == LLC_UI) { 2418 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2419 snap = 1; 2420 } 2421 } 2422 2423 /* 2424 * If we're trying to filter bridge traffic, don't look at anything 2425 * other than IP and ARP traffic. If the filter doesn't understand 2426 * IPv6, don't allow IPv6 through the bridge either. This is lame 2427 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2428 * but of course we don't have an AppleTalk filter to begin with. 2429 * (Note that since pfil doesn't understand ARP it will pass *ALL* 2430 * ARP traffic.) 2431 */ 2432 switch (ether_type) { 2433 case ETHERTYPE_ARP: 2434 case ETHERTYPE_REVARP: 2435 return (0); /* Automatically pass */ 2436 case ETHERTYPE_IP: 2437 #ifdef INET6 2438 case ETHERTYPE_IPV6: 2439 #endif /* INET6 */ 2440 break; 2441 default: 2442 /* 2443 * Check to see if the user wants to pass non-ip 2444 * packets, these will not be checked by pfil(9) and 2445 * passed unconditionally so the default is to drop. 2446 */ 2447 if (pfil_onlyip) 2448 goto bad; 2449 } 2450 2451 /* Strip off the Ethernet header and keep a copy. */ 2452 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2); 2453 m_adj(*mp, ETHER_HDR_LEN); 2454 2455 /* Strip off snap header, if present */ 2456 if (snap) { 2457 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1); 2458 m_adj(*mp, sizeof(struct llc)); 2459 } 2460 2461 /* 2462 * Check the IP header for alignment and errors 2463 */ 2464 if (dir == PFIL_IN) { 2465 switch (ether_type) { 2466 case ETHERTYPE_IP: 2467 error = bridge_ip_checkbasic(mp); 2468 break; 2469 #ifdef INET6 2470 case ETHERTYPE_IPV6: 2471 error = bridge_ip6_checkbasic(mp); 2472 break; 2473 #endif /* INET6 */ 2474 default: 2475 error = 0; 2476 } 2477 if (error) 2478 goto bad; 2479 } 2480 2481 error = 0; 2482 2483 /* 2484 * Run the packet through pfil 2485 */ 2486 switch (ether_type) 2487 { 2488 case ETHERTYPE_IP : 2489 /* 2490 * before calling the firewall, swap fields the same as 2491 * IP does. here we assume the header is contiguous 2492 */ 2493 ip = mtod(*mp, struct ip *); 2494 2495 ip->ip_len = ntohs(ip->ip_len); 2496 ip->ip_off = ntohs(ip->ip_off); 2497 2498 /* 2499 * Run pfil on the member interface and the bridge, both can 2500 * be skipped by clearing pfil_member or pfil_bridge. 2501 * 2502 * Keep the order: 2503 * in_if -> bridge_if -> out_if 2504 */ 2505 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2506 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2507 dir); 2508 2509 if (*mp == NULL || error != 0) /* filter may consume */ 2510 break; 2511 2512 if (pfil_member && ifp != NULL) 2513 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp, 2514 dir); 2515 2516 if (*mp == NULL || error != 0) /* filter may consume */ 2517 break; 2518 2519 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2520 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp, 2521 dir); 2522 2523 if (*mp == NULL || error != 0) /* filter may consume */ 2524 break; 2525 2526 /* check if we need to fragment the packet */ 2527 if (pfil_member && ifp != NULL && dir == PFIL_OUT) { 2528 i = (*mp)->m_pkthdr.len; 2529 if (i > ifp->if_mtu) { 2530 error = bridge_fragment(ifp, *mp, &eh2, snap, 2531 &llc1); 2532 return (error); 2533 } 2534 } 2535 2536 /* Recalculate the ip checksum and restore byte ordering */ 2537 ip = mtod(*mp, struct ip *); 2538 hlen = ip->ip_hl << 2; 2539 if (hlen < sizeof(struct ip)) 2540 goto bad; 2541 if (hlen > (*mp)->m_len) { 2542 if ((*mp = m_pullup(*mp, hlen)) == 0) 2543 goto bad; 2544 ip = mtod(*mp, struct ip *); 2545 if (ip == NULL) 2546 goto bad; 2547 } 2548 ip->ip_len = htons(ip->ip_len); 2549 ip->ip_off = htons(ip->ip_off); 2550 ip->ip_sum = 0; 2551 if (hlen == sizeof(struct ip)) 2552 ip->ip_sum = in_cksum_hdr(ip); 2553 else 2554 ip->ip_sum = in_cksum(*mp, hlen); 2555 2556 break; 2557 #ifdef INET6 2558 case ETHERTYPE_IPV6 : 2559 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL) 2560 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2561 dir); 2562 2563 if (*mp == NULL || error != 0) /* filter may consume */ 2564 break; 2565 2566 if (pfil_member && ifp != NULL) 2567 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp, 2568 dir); 2569 2570 if (*mp == NULL || error != 0) /* filter may consume */ 2571 break; 2572 2573 if (pfil_bridge && dir == PFIL_IN && bifp != NULL) 2574 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp, 2575 dir); 2576 break; 2577 #endif 2578 default : 2579 error = 0; 2580 break; 2581 } 2582 2583 if (*mp == NULL) 2584 return (error); 2585 if (error != 0) 2586 goto bad; 2587 2588 error = -1; 2589 2590 /* 2591 * Finally, put everything back the way it was and return 2592 */ 2593 if (snap) { 2594 M_PREPEND(*mp, sizeof(struct llc), MB_DONTWAIT); 2595 if (*mp == NULL) 2596 return (error); 2597 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc)); 2598 } 2599 2600 M_PREPEND(*mp, ETHER_HDR_LEN, MB_DONTWAIT); 2601 if (*mp == NULL) 2602 return (error); 2603 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN); 2604 2605 return (0); 2606 2607 bad: 2608 m_freem(*mp); 2609 *mp = NULL; 2610 return (error); 2611 } 2612 2613 /* 2614 * Perform basic checks on header size since 2615 * pfil assumes ip_input has already processed 2616 * it for it. Cut-and-pasted from ip_input.c. 2617 * Given how simple the IPv6 version is, 2618 * does the IPv4 version really need to be 2619 * this complicated? 2620 * 2621 * XXX Should we update ipstat here, or not? 2622 * XXX Right now we update ipstat but not 2623 * XXX csum_counter. 2624 */ 2625 static int 2626 bridge_ip_checkbasic(struct mbuf **mp) 2627 { 2628 struct mbuf *m = *mp; 2629 struct ip *ip; 2630 int len, hlen; 2631 u_short sum; 2632 2633 if (*mp == NULL) 2634 return (-1); 2635 #if notyet 2636 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2637 if ((m = m_copyup(m, sizeof(struct ip), 2638 (max_linkhdr + 3) & ~3)) == NULL) { 2639 /* XXXJRT new stat, please */ 2640 ipstat.ips_toosmall++; 2641 goto bad; 2642 } 2643 } else 2644 #endif 2645 #ifndef __predict_false 2646 #define __predict_false(x) x 2647 #endif 2648 if (__predict_false(m->m_len < sizeof (struct ip))) { 2649 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2650 ipstat.ips_toosmall++; 2651 goto bad; 2652 } 2653 } 2654 ip = mtod(m, struct ip *); 2655 if (ip == NULL) goto bad; 2656 2657 if (ip->ip_v != IPVERSION) { 2658 ipstat.ips_badvers++; 2659 goto bad; 2660 } 2661 hlen = ip->ip_hl << 2; 2662 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2663 ipstat.ips_badhlen++; 2664 goto bad; 2665 } 2666 if (hlen > m->m_len) { 2667 if ((m = m_pullup(m, hlen)) == 0) { 2668 ipstat.ips_badhlen++; 2669 goto bad; 2670 } 2671 ip = mtod(m, struct ip *); 2672 if (ip == NULL) goto bad; 2673 } 2674 2675 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 2676 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 2677 } else { 2678 if (hlen == sizeof(struct ip)) { 2679 sum = in_cksum_hdr(ip); 2680 } else { 2681 sum = in_cksum(m, hlen); 2682 } 2683 } 2684 if (sum) { 2685 ipstat.ips_badsum++; 2686 goto bad; 2687 } 2688 2689 /* Retrieve the packet length. */ 2690 len = ntohs(ip->ip_len); 2691 2692 /* 2693 * Check for additional length bogosity 2694 */ 2695 if (len < hlen) { 2696 ipstat.ips_badlen++; 2697 goto bad; 2698 } 2699 2700 /* 2701 * Check that the amount of data in the buffers 2702 * is as at least much as the IP header would have us expect. 2703 * Drop packet if shorter than we expect. 2704 */ 2705 if (m->m_pkthdr.len < len) { 2706 ipstat.ips_tooshort++; 2707 goto bad; 2708 } 2709 2710 /* Checks out, proceed */ 2711 *mp = m; 2712 return (0); 2713 2714 bad: 2715 *mp = m; 2716 return (-1); 2717 } 2718 2719 #ifdef INET6 2720 /* 2721 * Same as above, but for IPv6. 2722 * Cut-and-pasted from ip6_input.c. 2723 * XXX Should we update ip6stat, or not? 2724 */ 2725 static int 2726 bridge_ip6_checkbasic(struct mbuf **mp) 2727 { 2728 struct mbuf *m = *mp; 2729 struct ip6_hdr *ip6; 2730 2731 /* 2732 * If the IPv6 header is not aligned, slurp it up into a new 2733 * mbuf with space for link headers, in the event we forward 2734 * it. Otherwise, if it is aligned, make sure the entire base 2735 * IPv6 header is in the first mbuf of the chain. 2736 */ 2737 #if notyet 2738 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 2739 struct ifnet *inifp = m->m_pkthdr.rcvif; 2740 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2741 (max_linkhdr + 3) & ~3)) == NULL) { 2742 /* XXXJRT new stat, please */ 2743 ip6stat.ip6s_toosmall++; 2744 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2745 goto bad; 2746 } 2747 } else 2748 #endif 2749 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2750 struct ifnet *inifp = m->m_pkthdr.rcvif; 2751 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2752 ip6stat.ip6s_toosmall++; 2753 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2754 goto bad; 2755 } 2756 } 2757 2758 ip6 = mtod(m, struct ip6_hdr *); 2759 2760 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2761 ip6stat.ip6s_badvers++; 2762 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2763 goto bad; 2764 } 2765 2766 /* Checks out, proceed */ 2767 *mp = m; 2768 return (0); 2769 2770 bad: 2771 *mp = m; 2772 return (-1); 2773 } 2774 #endif /* INET6 */ 2775 2776 /* 2777 * bridge_fragment: 2778 * 2779 * Return a fragmented mbuf chain. 2780 */ 2781 static int 2782 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh, 2783 int snap, struct llc *llc) 2784 { 2785 struct mbuf *m0; 2786 struct ip *ip; 2787 int error = -1; 2788 2789 if (m->m_len < sizeof(struct ip) && 2790 (m = m_pullup(m, sizeof(struct ip))) == NULL) 2791 goto out; 2792 ip = mtod(m, struct ip *); 2793 2794 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, 2795 CSUM_DELAY_IP); 2796 if (error) 2797 goto out; 2798 2799 /* walk the chain and re-add the Ethernet header */ 2800 for (m0 = m; m0; m0 = m0->m_nextpkt) { 2801 if (error == 0) { 2802 if (snap) { 2803 M_PREPEND(m0, sizeof(struct llc), MB_DONTWAIT); 2804 if (m0 == NULL) { 2805 error = ENOBUFS; 2806 continue; 2807 } 2808 bcopy(llc, mtod(m0, caddr_t), 2809 sizeof(struct llc)); 2810 } 2811 M_PREPEND(m0, ETHER_HDR_LEN, MB_DONTWAIT); 2812 if (m0 == NULL) { 2813 error = ENOBUFS; 2814 continue; 2815 } 2816 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN); 2817 } else 2818 m_freem(m); 2819 } 2820 2821 if (error == 0) 2822 ipstat.ips_fragmented++; 2823 2824 return (error); 2825 2826 out: 2827 if (m != NULL) 2828 m_freem(m); 2829 return (error); 2830 } 2831 2832 static void 2833 bridge_enqueue_handler(struct netmsg *nmsg) 2834 { 2835 struct netmsg_packet *nmp; 2836 struct ifnet *dst_ifp; 2837 struct mbuf *m; 2838 2839 nmp = (struct netmsg_packet *)nmsg; 2840 m = nmp->nm_packet; 2841 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2842 2843 bridge_handoff_notags(dst_ifp, m); 2844 } 2845 2846 static void 2847 bridge_pfil_enqueue_handler(struct netmsg *nmsg) 2848 { 2849 struct netmsg_packet *nmp; 2850 struct ifnet *dst_ifp; 2851 struct mbuf *m; 2852 2853 nmp = (struct netmsg_packet *)nmsg; 2854 m = nmp->nm_packet; 2855 dst_ifp = nmp->nm_netmsg.nm_lmsg.u.ms_resultp; 2856 2857 /* 2858 * Filter on the output interface. Pass a NULL bridge interface 2859 * pointer so we do not redundantly filter on the bridge for 2860 * each interface we broadcast on. 2861 */ 2862 if (inet_pfil_hook.ph_hashooks > 0 2863 #ifdef INET6 2864 || inet6_pfil_hook.ph_hashooks > 0 2865 #endif 2866 ) { 2867 if (bridge_pfil(&m, NULL, dst_ifp, PFIL_OUT) != 0) 2868 return; 2869 if (m == NULL) 2870 return; 2871 } 2872 bridge_handoff_notags(dst_ifp, m); 2873 } 2874 2875 static void 2876 bridge_handoff(struct ifnet *dst_ifp, struct mbuf *m) 2877 { 2878 while (m->m_type == MT_TAG) { 2879 /* XXX see ether_output_frame for full rules check */ 2880 m = m->m_next; 2881 } 2882 bridge_handoff_notags(dst_ifp, m); 2883 } 2884 2885 static void 2886 bridge_handoff_notags(struct ifnet *dst_ifp, struct mbuf *m) 2887 { 2888 struct mbuf *m0; 2889 2890 KKASSERT(m->m_type != MT_TAG); 2891 2892 lwkt_serialize_enter(dst_ifp->if_serializer); 2893 2894 /* We may be sending a fragment so traverse the mbuf */ 2895 for (; m; m = m0) { 2896 struct altq_pktattr pktattr; 2897 2898 m0 = m->m_nextpkt; 2899 m->m_nextpkt = NULL; 2900 2901 if (ifq_is_enabled(&dst_ifp->if_snd)) 2902 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr); 2903 2904 ifq_handoff(dst_ifp, m, &pktattr); 2905 } 2906 2907 lwkt_serialize_exit(dst_ifp->if_serializer); 2908 } 2909