if_bridge.c revision 1.172
1 /* $NetBSD: if_bridge.c,v 1.172 2020/04/30 10:04:54 jdolecek Exp $ */ 2 3 /* 4 * Copyright 2001 Wasabi Systems, Inc. 5 * All rights reserved. 6 * 7 * Written by Jason R. Thorpe for Wasabi Systems, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed for the NetBSD Project by 20 * Wasabi Systems, Inc. 21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 22 * or promote products derived from this software without specific prior 23 * written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 /* 39 * Copyright (c) 1999, 2000 Jason L. Wright (jason (at) thought.net) 40 * All rights reserved. 41 * 42 * Redistribution and use in source and binary forms, with or without 43 * modification, are permitted provided that the following conditions 44 * are met: 45 * 1. Redistributions of source code must retain the above copyright 46 * notice, this list of conditions and the following disclaimer. 47 * 2. Redistributions in binary form must reproduce the above copyright 48 * notice, this list of conditions and the following disclaimer in the 49 * documentation and/or other materials provided with the distribution. 50 * 3. All advertising materials mentioning features or use of this software 51 * must display the following acknowledgement: 52 * This product includes software developed by Jason L. Wright 53 * 4. The name of the author may not be used to endorse or promote products 54 * derived from this software without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 66 * POSSIBILITY OF SUCH DAMAGE. 67 * 68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp 69 */ 70 71 /* 72 * Network interface bridge support. 73 * 74 * TODO: 75 * 76 * - Currently only supports Ethernet-like interfaces (Ethernet, 77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way 78 * to bridge other types of interfaces (FDDI-FDDI, and maybe 79 * consider heterogenous bridges). 80 */ 81 82 #include <sys/cdefs.h> 83 __KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.172 2020/04/30 10:04:54 jdolecek Exp $"); 84 85 #ifdef _KERNEL_OPT 86 #include "opt_bridge_ipf.h" 87 #include "opt_inet.h" 88 #include "opt_net_mpsafe.h" 89 #endif /* _KERNEL_OPT */ 90 91 #include <sys/param.h> 92 #include <sys/kernel.h> 93 #include <sys/mbuf.h> 94 #include <sys/queue.h> 95 #include <sys/socket.h> 96 #include <sys/socketvar.h> /* for softnet_lock */ 97 #include <sys/sockio.h> 98 #include <sys/systm.h> 99 #include <sys/proc.h> 100 #include <sys/pool.h> 101 #include <sys/kauth.h> 102 #include <sys/cpu.h> 103 #include <sys/cprng.h> 104 #include <sys/mutex.h> 105 #include <sys/kmem.h> 106 107 #include <net/bpf.h> 108 #include <net/if.h> 109 #include <net/if_dl.h> 110 #include <net/if_types.h> 111 #include <net/if_llc.h> 112 113 #include <net/if_ether.h> 114 #include <net/if_bridgevar.h> 115 #include <net/ether_sw_offload.h> 116 117 #if defined(BRIDGE_IPF) 118 /* Used for bridge_ip[6]_checkbasic */ 119 #include <netinet/in.h> 120 #include <netinet/in_systm.h> 121 #include <netinet/ip.h> 122 #include <netinet/ip_var.h> 123 #include <netinet/ip_private.h> /* XXX */ 124 125 #include <netinet/ip6.h> 126 #include <netinet6/in6_var.h> 127 #include <netinet6/ip6_var.h> 128 #include <netinet6/ip6_private.h> /* XXX */ 129 #endif /* BRIDGE_IPF */ 130 131 /* 132 * Size of the route hash table. Must be a power of two. 133 */ 134 #ifndef BRIDGE_RTHASH_SIZE 135 #define BRIDGE_RTHASH_SIZE 1024 136 #endif 137 138 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1) 139 140 #include "carp.h" 141 #if NCARP > 0 142 #include <netinet/in.h> 143 #include <netinet/in_var.h> 144 #include <netinet/ip_carp.h> 145 #endif 146 147 #include "ioconf.h" 148 149 __CTASSERT(sizeof(struct ifbifconf) == sizeof(struct ifbaconf)); 150 __CTASSERT(offsetof(struct ifbifconf, ifbic_len) == offsetof(struct ifbaconf, ifbac_len)); 151 __CTASSERT(offsetof(struct ifbifconf, ifbic_buf) == offsetof(struct ifbaconf, ifbac_buf)); 152 153 /* 154 * Maximum number of addresses to cache. 155 */ 156 #ifndef BRIDGE_RTABLE_MAX 157 #define BRIDGE_RTABLE_MAX 100 158 #endif 159 160 /* 161 * Spanning tree defaults. 162 */ 163 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 164 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 165 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 166 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 167 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 168 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 169 #define BSTP_DEFAULT_PATH_COST 55 170 171 /* 172 * Timeout (in seconds) for entries learned dynamically. 173 */ 174 #ifndef BRIDGE_RTABLE_TIMEOUT 175 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */ 176 #endif 177 178 /* 179 * Number of seconds between walks of the route list. 180 */ 181 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD 182 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60) 183 #endif 184 185 #define BRIDGE_RT_LOCK(_sc) mutex_enter((_sc)->sc_rtlist_lock) 186 #define BRIDGE_RT_UNLOCK(_sc) mutex_exit((_sc)->sc_rtlist_lock) 187 #define BRIDGE_RT_LOCKED(_sc) mutex_owned((_sc)->sc_rtlist_lock) 188 189 #define BRIDGE_RT_PSZ_PERFORM(_sc) \ 190 pserialize_perform((_sc)->sc_rtlist_psz) 191 192 #define BRIDGE_RT_RENTER(__s) do { __s = pserialize_read_enter(); } while (0) 193 #define BRIDGE_RT_REXIT(__s) do { pserialize_read_exit(__s); } while (0) 194 195 #define BRIDGE_RTLIST_READER_FOREACH(_brt, _sc) \ 196 PSLIST_READER_FOREACH((_brt), &((_sc)->sc_rtlist), \ 197 struct bridge_rtnode, brt_list) 198 #define BRIDGE_RTLIST_WRITER_FOREACH(_brt, _sc) \ 199 PSLIST_WRITER_FOREACH((_brt), &((_sc)->sc_rtlist), \ 200 struct bridge_rtnode, brt_list) 201 #define BRIDGE_RTLIST_WRITER_INSERT_HEAD(_sc, _brt) \ 202 PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rtlist, brt, brt_list) 203 #define BRIDGE_RTLIST_WRITER_REMOVE(_brt) \ 204 PSLIST_WRITER_REMOVE((_brt), brt_list) 205 206 #define BRIDGE_RTHASH_READER_FOREACH(_brt, _sc, _hash) \ 207 PSLIST_READER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)], \ 208 struct bridge_rtnode, brt_hash) 209 #define BRIDGE_RTHASH_WRITER_FOREACH(_brt, _sc, _hash) \ 210 PSLIST_WRITER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)], \ 211 struct bridge_rtnode, brt_hash) 212 #define BRIDGE_RTHASH_WRITER_INSERT_HEAD(_sc, _hash, _brt) \ 213 PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rthash[(_hash)], brt, brt_hash) 214 #define BRIDGE_RTHASH_WRITER_INSERT_AFTER(_brt, _new) \ 215 PSLIST_WRITER_INSERT_AFTER((_brt), (_new), brt_hash) 216 #define BRIDGE_RTHASH_WRITER_REMOVE(_brt) \ 217 PSLIST_WRITER_REMOVE((_brt), brt_hash) 218 219 #ifdef NET_MPSAFE 220 #define DECLARE_LOCK_VARIABLE 221 #define ACQUIRE_GLOBAL_LOCKS() do { } while (0) 222 #define RELEASE_GLOBAL_LOCKS() do { } while (0) 223 #else 224 #define DECLARE_LOCK_VARIABLE int __s 225 #define ACQUIRE_GLOBAL_LOCKS() do { \ 226 KERNEL_LOCK(1, NULL); \ 227 mutex_enter(softnet_lock); \ 228 __s = splsoftnet(); \ 229 } while (0) 230 #define RELEASE_GLOBAL_LOCKS() do { \ 231 splx(__s); \ 232 mutex_exit(softnet_lock); \ 233 KERNEL_UNLOCK_ONE(NULL); \ 234 } while (0) 235 #endif 236 237 struct psref_class *bridge_psref_class __read_mostly; 238 239 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD; 240 241 static struct pool bridge_rtnode_pool; 242 243 static int bridge_clone_create(struct if_clone *, int); 244 static int bridge_clone_destroy(struct ifnet *); 245 246 static int bridge_ioctl(struct ifnet *, u_long, void *); 247 static int bridge_init(struct ifnet *); 248 static void bridge_stop(struct ifnet *, int); 249 static void bridge_start(struct ifnet *); 250 251 static void bridge_input(struct ifnet *, struct mbuf *); 252 static void bridge_forward(struct bridge_softc *, struct mbuf *); 253 254 static void bridge_timer(void *); 255 256 static void bridge_broadcast(struct bridge_softc *, struct ifnet *, 257 struct mbuf *); 258 259 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *, 260 struct ifnet *, int, uint8_t); 261 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *); 262 static void bridge_rttrim(struct bridge_softc *); 263 static void bridge_rtage(struct bridge_softc *); 264 static void bridge_rtage_work(struct work *, void *); 265 static void bridge_rtflush(struct bridge_softc *, int); 266 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *); 267 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp); 268 269 static void bridge_rtable_init(struct bridge_softc *); 270 static void bridge_rtable_fini(struct bridge_softc *); 271 272 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *, 273 const uint8_t *); 274 static int bridge_rtnode_insert(struct bridge_softc *, 275 struct bridge_rtnode *); 276 static void bridge_rtnode_remove(struct bridge_softc *, 277 struct bridge_rtnode *); 278 static void bridge_rtnode_destroy(struct bridge_rtnode *); 279 280 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *, 281 const char *name, 282 struct psref *); 283 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *, 284 struct ifnet *ifp, 285 struct psref *); 286 static void bridge_release_member(struct bridge_softc *, struct bridge_iflist *, 287 struct psref *); 288 static void bridge_delete_member(struct bridge_softc *, 289 struct bridge_iflist *); 290 static void bridge_acquire_member(struct bridge_softc *sc, 291 struct bridge_iflist *, 292 struct psref *); 293 294 static int bridge_ioctl_add(struct bridge_softc *, void *); 295 static int bridge_ioctl_del(struct bridge_softc *, void *); 296 static int bridge_ioctl_gifflags(struct bridge_softc *, void *); 297 static int bridge_ioctl_sifflags(struct bridge_softc *, void *); 298 static int bridge_ioctl_scache(struct bridge_softc *, void *); 299 static int bridge_ioctl_gcache(struct bridge_softc *, void *); 300 static int bridge_ioctl_gifs(struct bridge_softc *, void *); 301 static int bridge_ioctl_rts(struct bridge_softc *, void *); 302 static int bridge_ioctl_saddr(struct bridge_softc *, void *); 303 static int bridge_ioctl_sto(struct bridge_softc *, void *); 304 static int bridge_ioctl_gto(struct bridge_softc *, void *); 305 static int bridge_ioctl_daddr(struct bridge_softc *, void *); 306 static int bridge_ioctl_flush(struct bridge_softc *, void *); 307 static int bridge_ioctl_gpri(struct bridge_softc *, void *); 308 static int bridge_ioctl_spri(struct bridge_softc *, void *); 309 static int bridge_ioctl_ght(struct bridge_softc *, void *); 310 static int bridge_ioctl_sht(struct bridge_softc *, void *); 311 static int bridge_ioctl_gfd(struct bridge_softc *, void *); 312 static int bridge_ioctl_sfd(struct bridge_softc *, void *); 313 static int bridge_ioctl_gma(struct bridge_softc *, void *); 314 static int bridge_ioctl_sma(struct bridge_softc *, void *); 315 static int bridge_ioctl_sifprio(struct bridge_softc *, void *); 316 static int bridge_ioctl_sifcost(struct bridge_softc *, void *); 317 #if defined(BRIDGE_IPF) 318 static int bridge_ioctl_gfilt(struct bridge_softc *, void *); 319 static int bridge_ioctl_sfilt(struct bridge_softc *, void *); 320 static int bridge_ipf(void *, struct mbuf **, struct ifnet *, int); 321 static int bridge_ip_checkbasic(struct mbuf **mp); 322 # ifdef INET6 323 static int bridge_ip6_checkbasic(struct mbuf **mp); 324 # endif /* INET6 */ 325 #endif /* BRIDGE_IPF */ 326 327 struct bridge_control { 328 int (*bc_func)(struct bridge_softc *, void *); 329 int bc_argsize; 330 int bc_flags; 331 }; 332 333 #define BC_F_COPYIN 0x01 /* copy arguments in */ 334 #define BC_F_COPYOUT 0x02 /* copy arguments out */ 335 #define BC_F_SUSER 0x04 /* do super-user check */ 336 #define BC_F_XLATEIN 0x08 /* xlate arguments in */ 337 #define BC_F_XLATEOUT 0x10 /* xlate arguments out */ 338 339 static const struct bridge_control bridge_control_table[] = { 340 [BRDGADD] = {bridge_ioctl_add, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 341 [BRDGDEL] = {bridge_ioctl_del, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 342 343 [BRDGGIFFLGS] = {bridge_ioctl_gifflags, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_COPYOUT}, 344 [BRDGSIFFLGS] = {bridge_ioctl_sifflags, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 345 346 [BRDGSCACHE] = {bridge_ioctl_scache, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 347 [BRDGGCACHE] = {bridge_ioctl_gcache, sizeof(struct ifbrparam), BC_F_COPYOUT}, 348 349 [OBRDGGIFS] = {bridge_ioctl_gifs, sizeof(struct ifbifconf), BC_F_COPYIN|BC_F_COPYOUT}, 350 [OBRDGRTS] = {bridge_ioctl_rts, sizeof(struct ifbaconf), BC_F_COPYIN|BC_F_COPYOUT}, 351 352 [BRDGSADDR] = {bridge_ioctl_saddr, sizeof(struct ifbareq), BC_F_COPYIN|BC_F_SUSER}, 353 354 [BRDGSTO] = {bridge_ioctl_sto, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 355 [BRDGGTO] = {bridge_ioctl_gto, sizeof(struct ifbrparam), BC_F_COPYOUT}, 356 357 [BRDGDADDR] = {bridge_ioctl_daddr, sizeof(struct ifbareq), BC_F_COPYIN|BC_F_SUSER}, 358 359 [BRDGFLUSH] = {bridge_ioctl_flush, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 360 361 [BRDGGPRI] = {bridge_ioctl_gpri, sizeof(struct ifbrparam), BC_F_COPYOUT}, 362 [BRDGSPRI] = {bridge_ioctl_spri, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 363 364 [BRDGGHT] = {bridge_ioctl_ght, sizeof(struct ifbrparam), BC_F_COPYOUT}, 365 [BRDGSHT] = {bridge_ioctl_sht, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 366 367 [BRDGGFD] = {bridge_ioctl_gfd, sizeof(struct ifbrparam), BC_F_COPYOUT}, 368 [BRDGSFD] = {bridge_ioctl_sfd, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 369 370 [BRDGGMA] = {bridge_ioctl_gma, sizeof(struct ifbrparam), BC_F_COPYOUT}, 371 [BRDGSMA] = {bridge_ioctl_sma, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 372 373 [BRDGSIFPRIO] = {bridge_ioctl_sifprio, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 374 375 [BRDGSIFCOST] = {bridge_ioctl_sifcost, sizeof(struct ifbreq), BC_F_COPYIN|BC_F_SUSER}, 376 #if defined(BRIDGE_IPF) 377 [BRDGGFILT] = {bridge_ioctl_gfilt, sizeof(struct ifbrparam), BC_F_COPYOUT}, 378 [BRDGSFILT] = {bridge_ioctl_sfilt, sizeof(struct ifbrparam), BC_F_COPYIN|BC_F_SUSER}, 379 #endif /* BRIDGE_IPF */ 380 [BRDGGIFS] = {bridge_ioctl_gifs, sizeof(struct ifbifconf), BC_F_XLATEIN|BC_F_XLATEOUT}, 381 [BRDGRTS] = {bridge_ioctl_rts, sizeof(struct ifbaconf), BC_F_XLATEIN|BC_F_XLATEOUT}, 382 }; 383 384 static const int bridge_control_table_size = __arraycount(bridge_control_table); 385 386 static struct if_clone bridge_cloner = 387 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 388 389 /* 390 * bridgeattach: 391 * 392 * Pseudo-device attach routine. 393 */ 394 void 395 bridgeattach(int n) 396 { 397 398 pool_init(&bridge_rtnode_pool, sizeof(struct bridge_rtnode), 399 0, 0, 0, "brtpl", NULL, IPL_NET); 400 401 bridge_psref_class = psref_class_create("bridge", IPL_SOFTNET); 402 403 if_clone_attach(&bridge_cloner); 404 } 405 406 /* 407 * bridge_clone_create: 408 * 409 * Create a new bridge instance. 410 */ 411 static int 412 bridge_clone_create(struct if_clone *ifc, int unit) 413 { 414 struct bridge_softc *sc; 415 struct ifnet *ifp; 416 int error; 417 418 sc = kmem_zalloc(sizeof(*sc), KM_SLEEP); 419 ifp = &sc->sc_if; 420 421 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 422 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 423 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 424 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 425 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY; 426 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 427 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 428 sc->sc_filter_flags = 0; 429 430 /* Initialize our routing table. */ 431 bridge_rtable_init(sc); 432 433 error = workqueue_create(&sc->sc_rtage_wq, "bridge_rtage", 434 bridge_rtage_work, sc, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 435 if (error) 436 panic("%s: workqueue_create %d\n", __func__, error); 437 438 callout_init(&sc->sc_brcallout, CALLOUT_MPSAFE); 439 callout_init(&sc->sc_bstpcallout, CALLOUT_MPSAFE); 440 441 mutex_init(&sc->sc_iflist_psref.bip_lock, MUTEX_DEFAULT, IPL_NONE); 442 PSLIST_INIT(&sc->sc_iflist_psref.bip_iflist); 443 sc->sc_iflist_psref.bip_psz = pserialize_create(); 444 445 if_initname(ifp, ifc->ifc_name, unit); 446 ifp->if_softc = sc; 447 ifp->if_extflags = IFEF_NO_LINK_STATE_CHANGE; 448 #ifdef NET_MPSAFE 449 ifp->if_extflags |= IFEF_MPSAFE; 450 #endif 451 ifp->if_mtu = ETHERMTU; 452 ifp->if_ioctl = bridge_ioctl; 453 ifp->if_output = bridge_output; 454 ifp->if_start = bridge_start; 455 ifp->if_stop = bridge_stop; 456 ifp->if_init = bridge_init; 457 ifp->if_type = IFT_BRIDGE; 458 ifp->if_addrlen = 0; 459 ifp->if_dlt = DLT_EN10MB; 460 ifp->if_hdrlen = ETHER_HDR_LEN; 461 462 error = if_initialize(ifp); 463 if (error != 0) { 464 pserialize_destroy(sc->sc_iflist_psref.bip_psz); 465 mutex_destroy(&sc->sc_iflist_psref.bip_lock); 466 callout_destroy(&sc->sc_brcallout); 467 callout_destroy(&sc->sc_bstpcallout); 468 workqueue_destroy(sc->sc_rtage_wq); 469 bridge_rtable_fini(sc); 470 kmem_free(sc, sizeof(*sc)); 471 472 return error; 473 } 474 if_alloc_sadl(ifp); 475 if_register(ifp); 476 477 return 0; 478 } 479 480 /* 481 * bridge_clone_destroy: 482 * 483 * Destroy a bridge instance. 484 */ 485 static int 486 bridge_clone_destroy(struct ifnet *ifp) 487 { 488 struct bridge_softc *sc = ifp->if_softc; 489 struct bridge_iflist *bif; 490 491 if ((ifp->if_flags & IFF_RUNNING) != 0) 492 bridge_stop(ifp, 1); 493 494 BRIDGE_LOCK(sc); 495 for (;;) { 496 bif = PSLIST_WRITER_FIRST(&sc->sc_iflist_psref.bip_iflist, struct bridge_iflist, 497 bif_next); 498 if (bif == NULL) 499 break; 500 bridge_delete_member(sc, bif); 501 } 502 PSLIST_DESTROY(&sc->sc_iflist_psref.bip_iflist); 503 BRIDGE_UNLOCK(sc); 504 505 if_detach(ifp); 506 507 /* Tear down the routing table. */ 508 bridge_rtable_fini(sc); 509 510 pserialize_destroy(sc->sc_iflist_psref.bip_psz); 511 mutex_destroy(&sc->sc_iflist_psref.bip_lock); 512 callout_destroy(&sc->sc_brcallout); 513 callout_destroy(&sc->sc_bstpcallout); 514 workqueue_destroy(sc->sc_rtage_wq); 515 kmem_free(sc, sizeof(*sc)); 516 517 return 0; 518 } 519 520 /* 521 * bridge_ioctl: 522 * 523 * Handle a control request from the operator. 524 */ 525 static int 526 bridge_ioctl(struct ifnet *ifp, u_long cmd, void *data) 527 { 528 struct bridge_softc *sc = ifp->if_softc; 529 struct lwp *l = curlwp; /* XXX */ 530 union { 531 struct ifbreq ifbreq; 532 struct ifbifconf ifbifconf; 533 struct ifbareq ifbareq; 534 struct ifbaconf ifbaconf; 535 struct ifbrparam ifbrparam; 536 } args; 537 struct ifdrv *ifd = (struct ifdrv *) data; 538 const struct bridge_control *bc = NULL; /* XXXGCC */ 539 int s, error = 0; 540 541 /* Authorize command before calling splsoftnet(). */ 542 switch (cmd) { 543 case SIOCGDRVSPEC: 544 case SIOCSDRVSPEC: 545 if (ifd->ifd_cmd >= bridge_control_table_size 546 || (bc = &bridge_control_table[ifd->ifd_cmd]) == NULL) { 547 error = EINVAL; 548 return error; 549 } 550 551 /* We only care about BC_F_SUSER at this point. */ 552 if ((bc->bc_flags & BC_F_SUSER) == 0) 553 break; 554 555 error = kauth_authorize_network(l->l_cred, 556 KAUTH_NETWORK_INTERFACE_BRIDGE, 557 cmd == SIOCGDRVSPEC ? 558 KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV : 559 KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV, 560 ifd, NULL, NULL); 561 if (error) 562 return error; 563 564 break; 565 } 566 567 s = splsoftnet(); 568 569 switch (cmd) { 570 case SIOCGDRVSPEC: 571 case SIOCSDRVSPEC: 572 KASSERT(bc != NULL); 573 if (cmd == SIOCGDRVSPEC && 574 (bc->bc_flags & (BC_F_COPYOUT|BC_F_XLATEOUT)) == 0) { 575 error = EINVAL; 576 break; 577 } 578 else if (cmd == SIOCSDRVSPEC && 579 (bc->bc_flags & (BC_F_COPYOUT|BC_F_XLATEOUT)) != 0) { 580 error = EINVAL; 581 break; 582 } 583 584 /* BC_F_SUSER is checked above, before splsoftnet(). */ 585 586 if ((bc->bc_flags & (BC_F_XLATEIN|BC_F_XLATEOUT)) == 0 587 && (ifd->ifd_len != bc->bc_argsize 588 || ifd->ifd_len > sizeof(args))) { 589 error = EINVAL; 590 break; 591 } 592 593 memset(&args, 0, sizeof(args)); 594 if (bc->bc_flags & BC_F_COPYIN) { 595 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 596 if (error) 597 break; 598 } else if (bc->bc_flags & BC_F_XLATEIN) { 599 args.ifbifconf.ifbic_len = ifd->ifd_len; 600 args.ifbifconf.ifbic_buf = ifd->ifd_data; 601 } 602 603 error = (*bc->bc_func)(sc, &args); 604 if (error) 605 break; 606 607 if (bc->bc_flags & BC_F_COPYOUT) { 608 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 609 } else if (bc->bc_flags & BC_F_XLATEOUT) { 610 ifd->ifd_len = args.ifbifconf.ifbic_len; 611 ifd->ifd_data = args.ifbifconf.ifbic_buf; 612 } 613 break; 614 615 case SIOCSIFFLAGS: 616 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 617 break; 618 switch (ifp->if_flags & (IFF_UP|IFF_RUNNING)) { 619 case IFF_RUNNING: 620 /* 621 * If interface is marked down and it is running, 622 * then stop and disable it. 623 */ 624 (*ifp->if_stop)(ifp, 1); 625 break; 626 case IFF_UP: 627 /* 628 * If interface is marked up and it is stopped, then 629 * start it. 630 */ 631 error = (*ifp->if_init)(ifp); 632 break; 633 default: 634 break; 635 } 636 break; 637 638 case SIOCSIFMTU: 639 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 640 error = 0; 641 break; 642 643 case SIOCGIFCAP: 644 { 645 struct ifcapreq *ifcr = (struct ifcapreq *)data; 646 ifcr->ifcr_capabilities = sc->sc_capenable; 647 ifcr->ifcr_capenable = sc->sc_capenable; 648 break; 649 } 650 651 default: 652 error = ifioctl_common(ifp, cmd, data); 653 break; 654 } 655 656 splx(s); 657 658 return error; 659 } 660 661 /* 662 * bridge_lookup_member: 663 * 664 * Lookup a bridge member interface. 665 */ 666 static struct bridge_iflist * 667 bridge_lookup_member(struct bridge_softc *sc, const char *name, struct psref *psref) 668 { 669 struct bridge_iflist *bif; 670 struct ifnet *ifp; 671 int s; 672 673 BRIDGE_PSZ_RENTER(s); 674 675 BRIDGE_IFLIST_READER_FOREACH(bif, sc) { 676 ifp = bif->bif_ifp; 677 if (strcmp(ifp->if_xname, name) == 0) 678 break; 679 } 680 if (bif != NULL) 681 bridge_acquire_member(sc, bif, psref); 682 683 BRIDGE_PSZ_REXIT(s); 684 685 return bif; 686 } 687 688 /* 689 * bridge_lookup_member_if: 690 * 691 * Lookup a bridge member interface by ifnet*. 692 */ 693 static struct bridge_iflist * 694 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp, 695 struct psref *psref) 696 { 697 struct bridge_iflist *bif; 698 int s; 699 700 BRIDGE_PSZ_RENTER(s); 701 702 bif = member_ifp->if_bridgeif; 703 if (bif != NULL) { 704 psref_acquire(psref, &bif->bif_psref, 705 bridge_psref_class); 706 } 707 708 BRIDGE_PSZ_REXIT(s); 709 710 return bif; 711 } 712 713 static void 714 bridge_acquire_member(struct bridge_softc *sc, struct bridge_iflist *bif, 715 struct psref *psref) 716 { 717 718 psref_acquire(psref, &bif->bif_psref, bridge_psref_class); 719 } 720 721 /* 722 * bridge_release_member: 723 * 724 * Release the specified member interface. 725 */ 726 static void 727 bridge_release_member(struct bridge_softc *sc, struct bridge_iflist *bif, 728 struct psref *psref) 729 { 730 731 psref_release(psref, &bif->bif_psref, bridge_psref_class); 732 } 733 734 /* 735 * bridge_delete_member: 736 * 737 * Delete the specified member interface. 738 */ 739 static void 740 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif) 741 { 742 struct ifnet *ifs = bif->bif_ifp; 743 744 KASSERT(BRIDGE_LOCKED(sc)); 745 746 ifs->_if_input = ether_input; 747 ifs->if_bridge = NULL; 748 ifs->if_bridgeif = NULL; 749 750 PSLIST_WRITER_REMOVE(bif, bif_next); 751 BRIDGE_PSZ_PERFORM(sc); 752 BRIDGE_UNLOCK(sc); 753 754 switch (ifs->if_type) { 755 case IFT_ETHER: 756 case IFT_L2TP: 757 /* 758 * Take the interface out of promiscuous mode. 759 * Don't call it with holding a spin lock. 760 */ 761 (void) ifpromisc(ifs, 0); 762 IFNET_LOCK(ifs); 763 (void) ether_disable_vlan_mtu(ifs); 764 IFNET_UNLOCK(ifs); 765 break; 766 default: 767 #ifdef DIAGNOSTIC 768 panic("%s: impossible", __func__); 769 #endif 770 break; 771 } 772 773 psref_target_destroy(&bif->bif_psref, bridge_psref_class); 774 775 PSLIST_ENTRY_DESTROY(bif, bif_next); 776 kmem_free(bif, sizeof(*bif)); 777 778 BRIDGE_LOCK(sc); 779 } 780 781 /* 782 * bridge_calc_csum_flags: 783 * 784 * Calculate logical and b/w csum flags each member interface supports. 785 */ 786 void 787 bridge_calc_csum_flags(struct bridge_softc *sc) 788 { 789 struct bridge_iflist *bif; 790 struct ifnet *ifs; 791 int flags = ~0; 792 int capenable = ~0; 793 794 BRIDGE_LOCK(sc); 795 BRIDGE_IFLIST_READER_FOREACH(bif, sc) { 796 ifs = bif->bif_ifp; 797 flags &= ifs->if_csum_flags_tx; 798 capenable &= ifs->if_capenable; 799 } 800 sc->sc_csum_flags_tx = flags; 801 sc->sc_capenable = capenable; 802 BRIDGE_UNLOCK(sc); 803 } 804 805 static int 806 bridge_ioctl_add(struct bridge_softc *sc, void *arg) 807 { 808 struct ifbreq *req = arg; 809 struct bridge_iflist *bif = NULL; 810 struct ifnet *ifs; 811 int error = 0; 812 struct psref psref; 813 814 ifs = if_get(req->ifbr_ifsname, &psref); 815 if (ifs == NULL) 816 return ENOENT; 817 818 if (ifs->if_bridge == sc) { 819 error = EEXIST; 820 goto out; 821 } 822 823 if (ifs->if_bridge != NULL) { 824 error = EBUSY; 825 goto out; 826 } 827 828 if (ifs->_if_input != ether_input) { 829 error = EINVAL; 830 goto out; 831 } 832 833 /* FIXME: doesn't work with non-IFF_SIMPLEX interfaces */ 834 if ((ifs->if_flags & IFF_SIMPLEX) == 0) { 835 error = EINVAL; 836 goto out; 837 } 838 839 bif = kmem_alloc(sizeof(*bif), KM_SLEEP); 840 841 switch (ifs->if_type) { 842 case IFT_ETHER: 843 if (sc->sc_if.if_mtu != ifs->if_mtu) { 844 /* Change MTU of added interface to bridge MTU */ 845 struct ifreq ifr; 846 memset(&ifr, 0, sizeof(ifr)); 847 ifr.ifr_mtu = sc->sc_if.if_mtu; 848 IFNET_LOCK(ifs); 849 error = ether_ioctl(ifs, SIOCSIFMTU, &ifr); 850 IFNET_UNLOCK(ifs); 851 if (error != 0) 852 goto out; 853 } 854 /* FALLTHROUGH */ 855 case IFT_L2TP: 856 IFNET_LOCK(ifs); 857 error = ether_enable_vlan_mtu(ifs); 858 IFNET_UNLOCK(ifs); 859 if (error > 0) 860 goto out; 861 /* 862 * Place the interface into promiscuous mode. 863 */ 864 error = ifpromisc(ifs, 1); 865 if (error) 866 goto out; 867 break; 868 default: 869 error = EINVAL; 870 goto out; 871 } 872 873 bif->bif_ifp = ifs; 874 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 875 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 876 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST; 877 PSLIST_ENTRY_INIT(bif, bif_next); 878 psref_target_init(&bif->bif_psref, bridge_psref_class); 879 880 BRIDGE_LOCK(sc); 881 882 ifs->if_bridge = sc; 883 ifs->if_bridgeif = bif; 884 PSLIST_WRITER_INSERT_HEAD(&sc->sc_iflist_psref.bip_iflist, bif, bif_next); 885 ifs->_if_input = bridge_input; 886 887 BRIDGE_UNLOCK(sc); 888 889 bridge_calc_csum_flags(sc); 890 891 if (sc->sc_if.if_flags & IFF_RUNNING) 892 bstp_initialization(sc); 893 else 894 bstp_stop(sc); 895 896 out: 897 if_put(ifs, &psref); 898 if (error) { 899 if (bif != NULL) 900 kmem_free(bif, sizeof(*bif)); 901 } 902 return error; 903 } 904 905 static int 906 bridge_ioctl_del(struct bridge_softc *sc, void *arg) 907 { 908 struct ifbreq *req = arg; 909 const char *name = req->ifbr_ifsname; 910 struct bridge_iflist *bif; 911 struct ifnet *ifs; 912 913 BRIDGE_LOCK(sc); 914 915 /* 916 * Don't use bridge_lookup_member. We want to get a member 917 * with bif_refs == 0. 918 */ 919 BRIDGE_IFLIST_WRITER_FOREACH(bif, sc) { 920 ifs = bif->bif_ifp; 921 if (strcmp(ifs->if_xname, name) == 0) 922 break; 923 } 924 925 if (bif == NULL) { 926 BRIDGE_UNLOCK(sc); 927 return ENOENT; 928 } 929 930 bridge_delete_member(sc, bif); 931 932 BRIDGE_UNLOCK(sc); 933 934 bridge_rtdelete(sc, ifs); 935 bridge_calc_csum_flags(sc); 936 937 if (sc->sc_if.if_flags & IFF_RUNNING) 938 bstp_initialization(sc); 939 940 return 0; 941 } 942 943 static int 944 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg) 945 { 946 struct ifbreq *req = arg; 947 struct bridge_iflist *bif; 948 struct psref psref; 949 950 bif = bridge_lookup_member(sc, req->ifbr_ifsname, &psref); 951 if (bif == NULL) 952 return ENOENT; 953 954 req->ifbr_ifsflags = bif->bif_flags; 955 req->ifbr_state = bif->bif_state; 956 req->ifbr_priority = bif->bif_priority; 957 req->ifbr_path_cost = bif->bif_path_cost; 958 req->ifbr_portno = bif->bif_ifp->if_index & 0xff; 959 960 bridge_release_member(sc, bif, &psref); 961 962 return 0; 963 } 964 965 static int 966 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg) 967 { 968 struct ifbreq *req = arg; 969 struct bridge_iflist *bif; 970 struct psref psref; 971 972 bif = bridge_lookup_member(sc, req->ifbr_ifsname, &psref); 973 if (bif == NULL) 974 return ENOENT; 975 976 if (req->ifbr_ifsflags & IFBIF_STP) { 977 switch (bif->bif_ifp->if_type) { 978 case IFT_ETHER: 979 case IFT_L2TP: 980 /* These can do spanning tree. */ 981 break; 982 983 default: 984 /* Nothing else can. */ 985 bridge_release_member(sc, bif, &psref); 986 return EINVAL; 987 } 988 } 989 990 bif->bif_flags = req->ifbr_ifsflags; 991 992 bridge_release_member(sc, bif, &psref); 993 994 if (sc->sc_if.if_flags & IFF_RUNNING) 995 bstp_initialization(sc); 996 997 return 0; 998 } 999 1000 static int 1001 bridge_ioctl_scache(struct bridge_softc *sc, void *arg) 1002 { 1003 struct ifbrparam *param = arg; 1004 1005 sc->sc_brtmax = param->ifbrp_csize; 1006 bridge_rttrim(sc); 1007 1008 return 0; 1009 } 1010 1011 static int 1012 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg) 1013 { 1014 struct ifbrparam *param = arg; 1015 1016 param->ifbrp_csize = sc->sc_brtmax; 1017 1018 return 0; 1019 } 1020 1021 static int 1022 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg) 1023 { 1024 struct ifbifconf *bifc = arg; 1025 struct bridge_iflist *bif; 1026 struct ifbreq *breqs; 1027 int i, count, error = 0; 1028 1029 retry: 1030 BRIDGE_LOCK(sc); 1031 count = 0; 1032 BRIDGE_IFLIST_WRITER_FOREACH(bif, sc) 1033 count++; 1034 BRIDGE_UNLOCK(sc); 1035 1036 if (count == 0) { 1037 bifc->ifbic_len = 0; 1038 return 0; 1039 } 1040 1041 if (bifc->ifbic_len == 0 || bifc->ifbic_len < (sizeof(*breqs) * count)) { 1042 /* Tell that a larger buffer is needed */ 1043 bifc->ifbic_len = sizeof(*breqs) * count; 1044 return 0; 1045 } 1046 1047 breqs = kmem_alloc(sizeof(*breqs) * count, KM_SLEEP); 1048 1049 BRIDGE_LOCK(sc); 1050 1051 i = 0; 1052 BRIDGE_IFLIST_WRITER_FOREACH(bif, sc) 1053 i++; 1054 if (i > count) { 1055 /* 1056 * The number of members has been increased. 1057 * We need more memory! 1058 */ 1059 BRIDGE_UNLOCK(sc); 1060 kmem_free(breqs, sizeof(*breqs) * count); 1061 goto retry; 1062 } 1063 1064 i = 0; 1065 BRIDGE_IFLIST_WRITER_FOREACH(bif, sc) { 1066 struct ifbreq *breq = &breqs[i++]; 1067 memset(breq, 0, sizeof(*breq)); 1068 1069 strlcpy(breq->ifbr_ifsname, bif->bif_ifp->if_xname, 1070 sizeof(breq->ifbr_ifsname)); 1071 breq->ifbr_ifsflags = bif->bif_flags; 1072 breq->ifbr_state = bif->bif_state; 1073 breq->ifbr_priority = bif->bif_priority; 1074 breq->ifbr_path_cost = bif->bif_path_cost; 1075 breq->ifbr_portno = bif->bif_ifp->if_index & 0xff; 1076 } 1077 1078 /* Don't call copyout with holding the mutex */ 1079 BRIDGE_UNLOCK(sc); 1080 1081 for (i = 0; i < count; i++) { 1082 error = copyout(&breqs[i], bifc->ifbic_req + i, sizeof(*breqs)); 1083 if (error) 1084 break; 1085 } 1086 bifc->ifbic_len = sizeof(*breqs) * i; 1087 1088 kmem_free(breqs, sizeof(*breqs) * count); 1089 1090 return error; 1091 } 1092 1093 static int 1094 bridge_ioctl_rts(struct bridge_softc *sc, void *arg) 1095 { 1096 struct ifbaconf *bac = arg; 1097 struct bridge_rtnode *brt; 1098 struct ifbareq bareq; 1099 int count = 0, error = 0, len; 1100 1101 if (bac->ifbac_len == 0) 1102 return 0; 1103 1104 BRIDGE_RT_LOCK(sc); 1105 1106 /* The passed buffer is not enough, tell a required size. */ 1107 if (bac->ifbac_len < (sizeof(bareq) * sc->sc_brtcnt)) { 1108 count = sc->sc_brtcnt; 1109 goto out; 1110 } 1111 1112 len = bac->ifbac_len; 1113 BRIDGE_RTLIST_WRITER_FOREACH(brt, sc) { 1114 if (len < sizeof(bareq)) 1115 goto out; 1116 memset(&bareq, 0, sizeof(bareq)); 1117 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname, 1118 sizeof(bareq.ifba_ifsname)); 1119 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); 1120 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1121 bareq.ifba_expire = brt->brt_expire - time_uptime; 1122 } else 1123 bareq.ifba_expire = 0; 1124 bareq.ifba_flags = brt->brt_flags; 1125 1126 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq)); 1127 if (error) 1128 goto out; 1129 count++; 1130 len -= sizeof(bareq); 1131 } 1132 out: 1133 BRIDGE_RT_UNLOCK(sc); 1134 1135 bac->ifbac_len = sizeof(bareq) * count; 1136 return error; 1137 } 1138 1139 static int 1140 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg) 1141 { 1142 struct ifbareq *req = arg; 1143 struct bridge_iflist *bif; 1144 int error; 1145 struct psref psref; 1146 1147 bif = bridge_lookup_member(sc, req->ifba_ifsname, &psref); 1148 if (bif == NULL) 1149 return ENOENT; 1150 1151 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1, 1152 req->ifba_flags); 1153 1154 bridge_release_member(sc, bif, &psref); 1155 1156 return error; 1157 } 1158 1159 static int 1160 bridge_ioctl_sto(struct bridge_softc *sc, void *arg) 1161 { 1162 struct ifbrparam *param = arg; 1163 1164 sc->sc_brttimeout = param->ifbrp_ctime; 1165 1166 return 0; 1167 } 1168 1169 static int 1170 bridge_ioctl_gto(struct bridge_softc *sc, void *arg) 1171 { 1172 struct ifbrparam *param = arg; 1173 1174 param->ifbrp_ctime = sc->sc_brttimeout; 1175 1176 return 0; 1177 } 1178 1179 static int 1180 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg) 1181 { 1182 struct ifbareq *req = arg; 1183 1184 return (bridge_rtdaddr(sc, req->ifba_dst)); 1185 } 1186 1187 static int 1188 bridge_ioctl_flush(struct bridge_softc *sc, void *arg) 1189 { 1190 struct ifbreq *req = arg; 1191 1192 bridge_rtflush(sc, req->ifbr_ifsflags); 1193 1194 return 0; 1195 } 1196 1197 static int 1198 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg) 1199 { 1200 struct ifbrparam *param = arg; 1201 1202 param->ifbrp_prio = sc->sc_bridge_priority; 1203 1204 return 0; 1205 } 1206 1207 static int 1208 bridge_ioctl_spri(struct bridge_softc *sc, void *arg) 1209 { 1210 struct ifbrparam *param = arg; 1211 1212 sc->sc_bridge_priority = param->ifbrp_prio; 1213 1214 if (sc->sc_if.if_flags & IFF_RUNNING) 1215 bstp_initialization(sc); 1216 1217 return 0; 1218 } 1219 1220 static int 1221 bridge_ioctl_ght(struct bridge_softc *sc, void *arg) 1222 { 1223 struct ifbrparam *param = arg; 1224 1225 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8; 1226 1227 return 0; 1228 } 1229 1230 static int 1231 bridge_ioctl_sht(struct bridge_softc *sc, void *arg) 1232 { 1233 struct ifbrparam *param = arg; 1234 1235 if (param->ifbrp_hellotime == 0) 1236 return EINVAL; 1237 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8; 1238 1239 if (sc->sc_if.if_flags & IFF_RUNNING) 1240 bstp_initialization(sc); 1241 1242 return 0; 1243 } 1244 1245 static int 1246 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg) 1247 { 1248 struct ifbrparam *param = arg; 1249 1250 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8; 1251 1252 return 0; 1253 } 1254 1255 static int 1256 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg) 1257 { 1258 struct ifbrparam *param = arg; 1259 1260 if (param->ifbrp_fwddelay == 0) 1261 return EINVAL; 1262 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8; 1263 1264 if (sc->sc_if.if_flags & IFF_RUNNING) 1265 bstp_initialization(sc); 1266 1267 return 0; 1268 } 1269 1270 static int 1271 bridge_ioctl_gma(struct bridge_softc *sc, void *arg) 1272 { 1273 struct ifbrparam *param = arg; 1274 1275 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8; 1276 1277 return 0; 1278 } 1279 1280 static int 1281 bridge_ioctl_sma(struct bridge_softc *sc, void *arg) 1282 { 1283 struct ifbrparam *param = arg; 1284 1285 if (param->ifbrp_maxage == 0) 1286 return EINVAL; 1287 sc->sc_bridge_max_age = param->ifbrp_maxage << 8; 1288 1289 if (sc->sc_if.if_flags & IFF_RUNNING) 1290 bstp_initialization(sc); 1291 1292 return 0; 1293 } 1294 1295 static int 1296 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg) 1297 { 1298 struct ifbreq *req = arg; 1299 struct bridge_iflist *bif; 1300 struct psref psref; 1301 1302 bif = bridge_lookup_member(sc, req->ifbr_ifsname, &psref); 1303 if (bif == NULL) 1304 return ENOENT; 1305 1306 bif->bif_priority = req->ifbr_priority; 1307 1308 if (sc->sc_if.if_flags & IFF_RUNNING) 1309 bstp_initialization(sc); 1310 1311 bridge_release_member(sc, bif, &psref); 1312 1313 return 0; 1314 } 1315 1316 #if defined(BRIDGE_IPF) 1317 static int 1318 bridge_ioctl_gfilt(struct bridge_softc *sc, void *arg) 1319 { 1320 struct ifbrparam *param = arg; 1321 1322 param->ifbrp_filter = sc->sc_filter_flags; 1323 1324 return 0; 1325 } 1326 1327 static int 1328 bridge_ioctl_sfilt(struct bridge_softc *sc, void *arg) 1329 { 1330 struct ifbrparam *param = arg; 1331 uint32_t nflags, oflags; 1332 1333 if (param->ifbrp_filter & ~IFBF_FILT_MASK) 1334 return EINVAL; 1335 1336 nflags = param->ifbrp_filter; 1337 oflags = sc->sc_filter_flags; 1338 1339 if ((nflags & IFBF_FILT_USEIPF) && !(oflags & IFBF_FILT_USEIPF)) { 1340 pfil_add_hook((void *)bridge_ipf, NULL, PFIL_IN|PFIL_OUT, 1341 sc->sc_if.if_pfil); 1342 } 1343 if (!(nflags & IFBF_FILT_USEIPF) && (oflags & IFBF_FILT_USEIPF)) { 1344 pfil_remove_hook((void *)bridge_ipf, NULL, PFIL_IN|PFIL_OUT, 1345 sc->sc_if.if_pfil); 1346 } 1347 1348 sc->sc_filter_flags = nflags; 1349 1350 return 0; 1351 } 1352 #endif /* BRIDGE_IPF */ 1353 1354 static int 1355 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg) 1356 { 1357 struct ifbreq *req = arg; 1358 struct bridge_iflist *bif; 1359 struct psref psref; 1360 1361 bif = bridge_lookup_member(sc, req->ifbr_ifsname, &psref); 1362 if (bif == NULL) 1363 return ENOENT; 1364 1365 bif->bif_path_cost = req->ifbr_path_cost; 1366 1367 if (sc->sc_if.if_flags & IFF_RUNNING) 1368 bstp_initialization(sc); 1369 1370 bridge_release_member(sc, bif, &psref); 1371 1372 return 0; 1373 } 1374 1375 /* 1376 * bridge_ifdetach: 1377 * 1378 * Detach an interface from a bridge. Called when a member 1379 * interface is detaching. 1380 */ 1381 void 1382 bridge_ifdetach(struct ifnet *ifp) 1383 { 1384 struct bridge_softc *sc = ifp->if_bridge; 1385 struct ifbreq breq; 1386 1387 /* ioctl_lock should prevent this from happening */ 1388 KASSERT(sc != NULL); 1389 1390 memset(&breq, 0, sizeof(breq)); 1391 strlcpy(breq.ifbr_ifsname, ifp->if_xname, sizeof(breq.ifbr_ifsname)); 1392 1393 (void) bridge_ioctl_del(sc, &breq); 1394 } 1395 1396 /* 1397 * bridge_init: 1398 * 1399 * Initialize a bridge interface. 1400 */ 1401 static int 1402 bridge_init(struct ifnet *ifp) 1403 { 1404 struct bridge_softc *sc = ifp->if_softc; 1405 1406 KASSERT((ifp->if_flags & IFF_RUNNING) == 0); 1407 1408 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz, 1409 bridge_timer, sc); 1410 bstp_initialization(sc); 1411 1412 ifp->if_flags |= IFF_RUNNING; 1413 return 0; 1414 } 1415 1416 /* 1417 * bridge_stop: 1418 * 1419 * Stop the bridge interface. 1420 */ 1421 static void 1422 bridge_stop(struct ifnet *ifp, int disable) 1423 { 1424 struct bridge_softc *sc = ifp->if_softc; 1425 1426 KASSERT((ifp->if_flags & IFF_RUNNING) != 0); 1427 ifp->if_flags &= ~IFF_RUNNING; 1428 1429 callout_halt(&sc->sc_brcallout, NULL); 1430 workqueue_wait(sc->sc_rtage_wq, &sc->sc_rtage_wk); 1431 bstp_stop(sc); 1432 bridge_rtflush(sc, IFBF_FLUSHDYN); 1433 } 1434 1435 /* 1436 * bridge_enqueue: 1437 * 1438 * Enqueue a packet on a bridge member interface. 1439 */ 1440 void 1441 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m, 1442 int runfilt) 1443 { 1444 int len, error; 1445 short mflags; 1446 1447 if (runfilt) { 1448 if (pfil_run_hooks(sc->sc_if.if_pfil, &m, 1449 dst_ifp, PFIL_OUT) != 0) { 1450 if (m != NULL) 1451 m_freem(m); 1452 return; 1453 } 1454 if (m == NULL) 1455 return; 1456 } 1457 1458 #ifdef ALTQ 1459 KERNEL_LOCK(1, NULL); 1460 /* 1461 * If ALTQ is enabled on the member interface, do 1462 * classification; the queueing discipline might 1463 * not require classification, but might require 1464 * the address family/header pointer in the pktattr. 1465 */ 1466 if (ALTQ_IS_ENABLED(&dst_ifp->if_snd)) { 1467 /* XXX IFT_ETHER */ 1468 altq_etherclassify(&dst_ifp->if_snd, m); 1469 } 1470 KERNEL_UNLOCK_ONE(NULL); 1471 #endif /* ALTQ */ 1472 1473 len = m->m_pkthdr.len; 1474 mflags = m->m_flags; 1475 1476 error = if_transmit_lock(dst_ifp, m); 1477 if (error) { 1478 /* mbuf is already freed */ 1479 if_statinc(&sc->sc_if, if_oerrors); 1480 return; 1481 } 1482 1483 net_stat_ref_t nsr = IF_STAT_GETREF(&sc->sc_if); 1484 if_statinc_ref(nsr, if_opackets); 1485 if_statadd_ref(nsr, if_obytes, len); 1486 if (mflags & M_MCAST) 1487 if_statinc_ref(nsr, if_omcasts); 1488 IF_STAT_PUTREF(&sc->sc_if); 1489 } 1490 1491 /* 1492 * bridge_output: 1493 * 1494 * Send output from a bridge member interface. This 1495 * performs the bridging function for locally originated 1496 * packets. 1497 * 1498 * The mbuf has the Ethernet header already attached. We must 1499 * enqueue or free the mbuf before returning. 1500 */ 1501 int 1502 bridge_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *sa, 1503 const struct rtentry *rt) 1504 { 1505 struct ether_header *eh; 1506 struct ifnet *dst_if; 1507 struct bridge_softc *sc; 1508 struct mbuf *n; 1509 int s; 1510 1511 /* 1512 * bridge_output() is called from ether_output(), furthermore 1513 * ifp argument doesn't point to bridge(4). So, don't assert 1514 * IFEF_MPSAFE here. 1515 */ 1516 1517 KASSERT(m->m_len >= ETHER_HDR_LEN); 1518 1519 eh = mtod(m, struct ether_header *); 1520 sc = ifp->if_bridge; 1521 1522 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1523 if (memcmp(etherbroadcastaddr, 1524 eh->ether_dhost, ETHER_ADDR_LEN) == 0) 1525 m->m_flags |= M_BCAST; 1526 else 1527 m->m_flags |= M_MCAST; 1528 } 1529 1530 /* 1531 * If bridge is down, but the original output interface is up, 1532 * go ahead and send out that interface. Otherwise, the packet 1533 * is dropped below. 1534 */ 1535 if (__predict_false(sc == NULL) || 1536 (sc->sc_if.if_flags & IFF_RUNNING) == 0) { 1537 dst_if = ifp; 1538 goto unicast_asis; 1539 } 1540 1541 /* 1542 * If the packet is a multicast, or we don't know a better way to 1543 * get there, send to all interfaces. 1544 */ 1545 if ((m->m_flags & (M_MCAST | M_BCAST)) != 0) 1546 dst_if = NULL; 1547 else 1548 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1549 1550 /* 1551 * In general, we need to handle TX offload in software before 1552 * enqueueing a packet. However, we can send it as is in the 1553 * cases of unicast via (1) the source interface, or (2) an 1554 * interface which supports the specified offload options. 1555 * For multicast or broadcast, send it as is only if (3) all 1556 * the member interfaces support the specified options. 1557 */ 1558 1559 /* 1560 * Unicast via the source interface. 1561 */ 1562 if (dst_if == ifp) 1563 goto unicast_asis; 1564 1565 /* 1566 * Unicast via other interface. 1567 */ 1568 if (dst_if != NULL) { 1569 KASSERT(m->m_flags & M_PKTHDR); 1570 if (TX_OFFLOAD_SUPPORTED(dst_if->if_csum_flags_tx, 1571 m->m_pkthdr.csum_flags)) { 1572 /* 1573 * Unicast via an interface which supports the 1574 * specified offload options. 1575 */ 1576 goto unicast_asis; 1577 } 1578 1579 /* 1580 * Handle TX offload in software. For TSO, a packet is 1581 * split into multiple chunks. Thus, the return value of 1582 * ether_sw_offload_tx() is mbuf queue consists of them. 1583 */ 1584 m = ether_sw_offload_tx(ifp, m); 1585 if (m == NULL) 1586 return 0; 1587 1588 do { 1589 n = m->m_nextpkt; 1590 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1591 m_freem(m); 1592 else 1593 bridge_enqueue(sc, dst_if, m, 0); 1594 m = n; 1595 } while (m != NULL); 1596 1597 return 0; 1598 } 1599 1600 /* 1601 * Multicast or broadcast. 1602 */ 1603 if (TX_OFFLOAD_SUPPORTED(sc->sc_csum_flags_tx, 1604 m->m_pkthdr.csum_flags)) { 1605 /* 1606 * Specified TX offload options are supported by all 1607 * the member interfaces of this bridge. 1608 */ 1609 m->m_nextpkt = NULL; /* XXX */ 1610 } else { 1611 /* 1612 * Otherwise, handle TX offload in software. 1613 */ 1614 m = ether_sw_offload_tx(ifp, m); 1615 if (m == NULL) 1616 return 0; 1617 } 1618 1619 do { 1620 /* XXX Should call bridge_broadcast, but there are locking 1621 * issues which need resolving first. */ 1622 struct bridge_iflist *bif; 1623 struct mbuf *mc; 1624 bool used = false; 1625 1626 n = m->m_nextpkt; 1627 1628 BRIDGE_PSZ_RENTER(s); 1629 BRIDGE_IFLIST_READER_FOREACH(bif, sc) { 1630 struct psref psref; 1631 1632 bridge_acquire_member(sc, bif, &psref); 1633 BRIDGE_PSZ_REXIT(s); 1634 1635 dst_if = bif->bif_ifp; 1636 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1637 goto next; 1638 1639 /* 1640 * If this is not the original output interface, 1641 * and the interface is participating in spanning 1642 * tree, make sure the port is in a state that 1643 * allows forwarding. 1644 */ 1645 if (dst_if != ifp && 1646 (bif->bif_flags & IFBIF_STP) != 0) { 1647 switch (bif->bif_state) { 1648 case BSTP_IFSTATE_BLOCKING: 1649 case BSTP_IFSTATE_LISTENING: 1650 case BSTP_IFSTATE_DISABLED: 1651 goto next; 1652 } 1653 } 1654 1655 if (PSLIST_READER_NEXT(bif, struct bridge_iflist, 1656 bif_next) == NULL && 1657 ((m->m_flags & (M_MCAST | M_BCAST)) == 0 || 1658 dst_if == ifp)) 1659 { 1660 used = true; 1661 mc = m; 1662 } else { 1663 mc = m_copypacket(m, M_DONTWAIT); 1664 if (mc == NULL) { 1665 if_statinc(&sc->sc_if, if_oerrors); 1666 goto next; 1667 } 1668 } 1669 1670 bridge_enqueue(sc, dst_if, mc, 0); 1671 1672 if ((m->m_flags & (M_MCAST | M_BCAST)) != 0 && 1673 dst_if != ifp) 1674 { 1675 if (PSLIST_READER_NEXT(bif, 1676 struct bridge_iflist, bif_next) == NULL) 1677 { 1678 used = true; 1679 mc = m; 1680 } else { 1681 mc = m_copypacket(m, M_DONTWAIT); 1682 if (mc == NULL) { 1683 if_statinc(&sc->sc_if, 1684 if_oerrors); 1685 goto next; 1686 } 1687 } 1688 1689 m_set_rcvif(mc, dst_if); 1690 mc->m_flags &= ~M_PROMISC; 1691 1692 s = splsoftnet(); 1693 KERNEL_LOCK_UNLESS_IFP_MPSAFE(dst_if); 1694 ether_input(dst_if, mc); 1695 KERNEL_UNLOCK_UNLESS_IFP_MPSAFE(dst_if); 1696 splx(s); 1697 } 1698 1699 next: 1700 BRIDGE_PSZ_RENTER(s); 1701 bridge_release_member(sc, bif, &psref); 1702 1703 /* Guarantee we don't re-enter the loop as we already 1704 * decided we're at the end. */ 1705 if (used) 1706 break; 1707 } 1708 BRIDGE_PSZ_REXIT(s); 1709 1710 if (!used) 1711 m_freem(m); 1712 1713 m = n; 1714 } while (m != NULL); 1715 return 0; 1716 1717 unicast_asis: 1718 /* 1719 * XXX Spanning tree consideration here? 1720 */ 1721 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1722 m_freem(m); 1723 else 1724 bridge_enqueue(sc, dst_if, m, 0); 1725 return 0; 1726 } 1727 1728 /* 1729 * bridge_start: 1730 * 1731 * Start output on a bridge. 1732 * 1733 * NOTE: This routine should never be called in this implementation. 1734 */ 1735 static void 1736 bridge_start(struct ifnet *ifp) 1737 { 1738 1739 printf("%s: bridge_start() called\n", ifp->if_xname); 1740 } 1741 1742 /* 1743 * bridge_forward: 1744 * 1745 * The forwarding function of the bridge. 1746 */ 1747 static void 1748 bridge_forward(struct bridge_softc *sc, struct mbuf *m) 1749 { 1750 struct bridge_iflist *bif; 1751 struct ifnet *src_if, *dst_if; 1752 struct ether_header *eh; 1753 struct psref psref; 1754 struct psref psref_src; 1755 DECLARE_LOCK_VARIABLE; 1756 1757 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) 1758 return; 1759 1760 src_if = m_get_rcvif_psref(m, &psref_src); 1761 if (src_if == NULL) { 1762 /* Interface is being destroyed? */ 1763 m_freem(m); 1764 goto out; 1765 } 1766 1767 if_statadd2(&sc->sc_if, if_ipackets, 1, if_ibytes, m->m_pkthdr.len); 1768 1769 /* 1770 * Look up the bridge_iflist. 1771 */ 1772 bif = bridge_lookup_member_if(sc, src_if, &psref); 1773 if (bif == NULL) { 1774 /* Interface is not a bridge member (anymore?) */ 1775 m_freem(m); 1776 goto out; 1777 } 1778 1779 if (bif->bif_flags & IFBIF_STP) { 1780 switch (bif->bif_state) { 1781 case BSTP_IFSTATE_BLOCKING: 1782 case BSTP_IFSTATE_LISTENING: 1783 case BSTP_IFSTATE_DISABLED: 1784 m_freem(m); 1785 bridge_release_member(sc, bif, &psref); 1786 goto out; 1787 } 1788 } 1789 1790 eh = mtod(m, struct ether_header *); 1791 1792 /* 1793 * If the interface is learning, and the source 1794 * address is valid and not multicast, record 1795 * the address. 1796 */ 1797 if ((bif->bif_flags & IFBIF_LEARNING) != 0 && 1798 ETHER_IS_MULTICAST(eh->ether_shost) == 0 && 1799 (eh->ether_shost[0] == 0 && 1800 eh->ether_shost[1] == 0 && 1801 eh->ether_shost[2] == 0 && 1802 eh->ether_shost[3] == 0 && 1803 eh->ether_shost[4] == 0 && 1804 eh->ether_shost[5] == 0) == 0) { 1805 (void) bridge_rtupdate(sc, eh->ether_shost, 1806 src_if, 0, IFBAF_DYNAMIC); 1807 } 1808 1809 if ((bif->bif_flags & IFBIF_STP) != 0 && 1810 bif->bif_state == BSTP_IFSTATE_LEARNING) { 1811 m_freem(m); 1812 bridge_release_member(sc, bif, &psref); 1813 goto out; 1814 } 1815 1816 bridge_release_member(sc, bif, &psref); 1817 1818 /* 1819 * At this point, the port either doesn't participate 1820 * in spanning tree or it is in the forwarding state. 1821 */ 1822 1823 /* 1824 * If the packet is unicast, destined for someone on 1825 * "this" side of the bridge, drop it. 1826 */ 1827 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) { 1828 dst_if = bridge_rtlookup(sc, eh->ether_dhost); 1829 if (src_if == dst_if) { 1830 m_freem(m); 1831 goto out; 1832 } 1833 } else { 1834 /* ...forward it to all interfaces. */ 1835 if_statinc(&sc->sc_if, if_imcasts); 1836 dst_if = NULL; 1837 } 1838 1839 if (pfil_run_hooks(sc->sc_if.if_pfil, &m, src_if, PFIL_IN) != 0) { 1840 if (m != NULL) 1841 m_freem(m); 1842 goto out; 1843 } 1844 if (m == NULL) 1845 goto out; 1846 1847 if (dst_if == NULL) { 1848 bridge_broadcast(sc, src_if, m); 1849 goto out; 1850 } 1851 1852 m_put_rcvif_psref(src_if, &psref_src); 1853 src_if = NULL; 1854 1855 /* 1856 * At this point, we're dealing with a unicast frame 1857 * going to a different interface. 1858 */ 1859 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1860 m_freem(m); 1861 goto out; 1862 } 1863 1864 bif = bridge_lookup_member_if(sc, dst_if, &psref); 1865 if (bif == NULL) { 1866 /* Not a member of the bridge (anymore?) */ 1867 m_freem(m); 1868 goto out; 1869 } 1870 1871 if (bif->bif_flags & IFBIF_STP) { 1872 switch (bif->bif_state) { 1873 case BSTP_IFSTATE_DISABLED: 1874 case BSTP_IFSTATE_BLOCKING: 1875 m_freem(m); 1876 bridge_release_member(sc, bif, &psref); 1877 goto out; 1878 } 1879 } 1880 1881 bridge_release_member(sc, bif, &psref); 1882 1883 /* 1884 * Before enqueueing this packet to the destination interface, 1885 * clear any in-bound checksum flags to prevent them from being 1886 * misused as out-bound flags. 1887 */ 1888 m->m_pkthdr.csum_flags = 0; 1889 1890 ACQUIRE_GLOBAL_LOCKS(); 1891 bridge_enqueue(sc, dst_if, m, 1); 1892 RELEASE_GLOBAL_LOCKS(); 1893 out: 1894 if (src_if != NULL) 1895 m_put_rcvif_psref(src_if, &psref_src); 1896 return; 1897 } 1898 1899 static bool 1900 bstp_state_before_learning(struct bridge_iflist *bif) 1901 { 1902 if (bif->bif_flags & IFBIF_STP) { 1903 switch (bif->bif_state) { 1904 case BSTP_IFSTATE_BLOCKING: 1905 case BSTP_IFSTATE_LISTENING: 1906 case BSTP_IFSTATE_DISABLED: 1907 return true; 1908 } 1909 } 1910 return false; 1911 } 1912 1913 static bool 1914 bridge_ourether(struct bridge_iflist *bif, struct ether_header *eh, int src) 1915 { 1916 uint8_t *ether = src ? eh->ether_shost : eh->ether_dhost; 1917 1918 if (memcmp(CLLADDR(bif->bif_ifp->if_sadl), ether, ETHER_ADDR_LEN) == 0 1919 #if NCARP > 0 1920 || (bif->bif_ifp->if_carp && 1921 carp_ourether(bif->bif_ifp->if_carp, eh, IFT_ETHER, src) != NULL) 1922 #endif /* NCARP > 0 */ 1923 ) 1924 return true; 1925 1926 return false; 1927 } 1928 1929 /* 1930 * bridge_input: 1931 * 1932 * Receive input from a member interface. Queue the packet for 1933 * bridging if it is not for us. 1934 */ 1935 static void 1936 bridge_input(struct ifnet *ifp, struct mbuf *m) 1937 { 1938 struct bridge_softc *sc = ifp->if_bridge; 1939 struct bridge_iflist *bif; 1940 struct ether_header *eh; 1941 struct psref psref; 1942 int bound; 1943 DECLARE_LOCK_VARIABLE; 1944 1945 KASSERT(!cpu_intr_p()); 1946 1947 if (__predict_false(sc == NULL) || 1948 (sc->sc_if.if_flags & IFF_RUNNING) == 0) { 1949 ACQUIRE_GLOBAL_LOCKS(); 1950 ether_input(ifp, m); 1951 RELEASE_GLOBAL_LOCKS(); 1952 return; 1953 } 1954 1955 bound = curlwp_bind(); 1956 bif = bridge_lookup_member_if(sc, ifp, &psref); 1957 if (bif == NULL) { 1958 curlwp_bindx(bound); 1959 ACQUIRE_GLOBAL_LOCKS(); 1960 ether_input(ifp, m); 1961 RELEASE_GLOBAL_LOCKS(); 1962 return; 1963 } 1964 1965 eh = mtod(m, struct ether_header *); 1966 1967 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1968 if (memcmp(etherbroadcastaddr, 1969 eh->ether_dhost, ETHER_ADDR_LEN) == 0) 1970 m->m_flags |= M_BCAST; 1971 else 1972 m->m_flags |= M_MCAST; 1973 } 1974 1975 /* 1976 * A 'fast' path for packets addressed to interfaces that are 1977 * part of this bridge. 1978 */ 1979 if (!(m->m_flags & (M_BCAST|M_MCAST)) && 1980 !bstp_state_before_learning(bif)) { 1981 struct bridge_iflist *_bif; 1982 struct ifnet *_ifp = NULL; 1983 int s; 1984 struct psref _psref; 1985 1986 BRIDGE_PSZ_RENTER(s); 1987 BRIDGE_IFLIST_READER_FOREACH(_bif, sc) { 1988 /* It is destined for us. */ 1989 if (bridge_ourether(_bif, eh, 0)) { 1990 bridge_acquire_member(sc, _bif, &_psref); 1991 BRIDGE_PSZ_REXIT(s); 1992 if (_bif->bif_flags & IFBIF_LEARNING) 1993 (void) bridge_rtupdate(sc, 1994 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC); 1995 m_set_rcvif(m, _bif->bif_ifp); 1996 _ifp = _bif->bif_ifp; 1997 bridge_release_member(sc, _bif, &_psref); 1998 goto out; 1999 } 2000 2001 /* We just received a packet that we sent out. */ 2002 if (bridge_ourether(_bif, eh, 1)) 2003 break; 2004 } 2005 BRIDGE_PSZ_REXIT(s); 2006 out: 2007 2008 if (_bif != NULL) { 2009 bridge_release_member(sc, bif, &psref); 2010 curlwp_bindx(bound); 2011 if (_ifp != NULL) { 2012 m->m_flags &= ~M_PROMISC; 2013 ACQUIRE_GLOBAL_LOCKS(); 2014 ether_input(_ifp, m); 2015 RELEASE_GLOBAL_LOCKS(); 2016 } else 2017 m_freem(m); 2018 return; 2019 } 2020 } 2021 2022 /* Tap off 802.1D packets; they do not get forwarded. */ 2023 if (bif->bif_flags & IFBIF_STP && 2024 memcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN) == 0) { 2025 bstp_input(sc, bif, m); 2026 bridge_release_member(sc, bif, &psref); 2027 curlwp_bindx(bound); 2028 return; 2029 } 2030 2031 /* 2032 * A normal switch would discard the packet here, but that's not what 2033 * we've done historically. This also prevents some obnoxious behaviour. 2034 */ 2035 if (bstp_state_before_learning(bif)) { 2036 bridge_release_member(sc, bif, &psref); 2037 curlwp_bindx(bound); 2038 ACQUIRE_GLOBAL_LOCKS(); 2039 ether_input(ifp, m); 2040 RELEASE_GLOBAL_LOCKS(); 2041 return; 2042 } 2043 2044 bridge_release_member(sc, bif, &psref); 2045 2046 bridge_forward(sc, m); 2047 2048 curlwp_bindx(bound); 2049 } 2050 2051 /* 2052 * bridge_broadcast: 2053 * 2054 * Send a frame to all interfaces that are members of 2055 * the bridge, except for the one on which the packet 2056 * arrived. 2057 */ 2058 static void 2059 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if, 2060 struct mbuf *m) 2061 { 2062 struct bridge_iflist *bif; 2063 struct mbuf *mc; 2064 struct ifnet *dst_if; 2065 bool bmcast; 2066 int s; 2067 DECLARE_LOCK_VARIABLE; 2068 2069 bmcast = m->m_flags & (M_BCAST|M_MCAST); 2070 2071 BRIDGE_PSZ_RENTER(s); 2072 BRIDGE_IFLIST_READER_FOREACH(bif, sc) { 2073 struct psref psref; 2074 2075 bridge_acquire_member(sc, bif, &psref); 2076 BRIDGE_PSZ_REXIT(s); 2077 2078 dst_if = bif->bif_ifp; 2079 2080 if (bif->bif_flags & IFBIF_STP) { 2081 switch (bif->bif_state) { 2082 case BSTP_IFSTATE_BLOCKING: 2083 case BSTP_IFSTATE_DISABLED: 2084 goto next; 2085 } 2086 } 2087 2088 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && !bmcast) 2089 goto next; 2090 2091 if ((dst_if->if_flags & IFF_RUNNING) == 0) 2092 goto next; 2093 2094 if (dst_if != src_if) { 2095 mc = m_copypacket(m, M_DONTWAIT); 2096 if (mc == NULL) { 2097 if_statinc(&sc->sc_if, if_oerrors); 2098 goto next; 2099 } 2100 /* 2101 * Before enqueueing this packet to the destination 2102 * interface, clear any in-bound checksum flags to 2103 * prevent them from being misused as out-bound flags. 2104 */ 2105 mc->m_pkthdr.csum_flags = 0; 2106 2107 ACQUIRE_GLOBAL_LOCKS(); 2108 bridge_enqueue(sc, dst_if, mc, 1); 2109 RELEASE_GLOBAL_LOCKS(); 2110 } 2111 2112 if (bmcast) { 2113 mc = m_copypacket(m, M_DONTWAIT); 2114 if (mc == NULL) { 2115 if_statinc(&sc->sc_if, if_oerrors); 2116 goto next; 2117 } 2118 /* 2119 * Before enqueueing this packet to the destination 2120 * interface, clear any in-bound checksum flags to 2121 * prevent them from being misused as out-bound flags. 2122 */ 2123 mc->m_pkthdr.csum_flags = 0; 2124 2125 m_set_rcvif(mc, dst_if); 2126 mc->m_flags &= ~M_PROMISC; 2127 2128 ACQUIRE_GLOBAL_LOCKS(); 2129 ether_input(dst_if, mc); 2130 RELEASE_GLOBAL_LOCKS(); 2131 } 2132 next: 2133 BRIDGE_PSZ_RENTER(s); 2134 bridge_release_member(sc, bif, &psref); 2135 } 2136 BRIDGE_PSZ_REXIT(s); 2137 2138 m_freem(m); 2139 } 2140 2141 static int 2142 bridge_rtalloc(struct bridge_softc *sc, const uint8_t *dst, 2143 struct bridge_rtnode **brtp) 2144 { 2145 struct bridge_rtnode *brt; 2146 int error; 2147 2148 if (sc->sc_brtcnt >= sc->sc_brtmax) 2149 return ENOSPC; 2150 2151 /* 2152 * Allocate a new bridge forwarding node, and 2153 * initialize the expiration time and Ethernet 2154 * address. 2155 */ 2156 brt = pool_get(&bridge_rtnode_pool, PR_NOWAIT); 2157 if (brt == NULL) 2158 return ENOMEM; 2159 2160 memset(brt, 0, sizeof(*brt)); 2161 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2162 brt->brt_flags = IFBAF_DYNAMIC; 2163 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN); 2164 PSLIST_ENTRY_INIT(brt, brt_list); 2165 PSLIST_ENTRY_INIT(brt, brt_hash); 2166 2167 BRIDGE_RT_LOCK(sc); 2168 error = bridge_rtnode_insert(sc, brt); 2169 BRIDGE_RT_UNLOCK(sc); 2170 2171 if (error != 0) { 2172 pool_put(&bridge_rtnode_pool, brt); 2173 return error; 2174 } 2175 2176 *brtp = brt; 2177 return 0; 2178 } 2179 2180 /* 2181 * bridge_rtupdate: 2182 * 2183 * Add a bridge routing entry. 2184 */ 2185 static int 2186 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, 2187 struct ifnet *dst_if, int setflags, uint8_t flags) 2188 { 2189 struct bridge_rtnode *brt; 2190 int s; 2191 2192 again: 2193 /* 2194 * A route for this destination might already exist. If so, 2195 * update it, otherwise create a new one. 2196 */ 2197 BRIDGE_RT_RENTER(s); 2198 brt = bridge_rtnode_lookup(sc, dst); 2199 2200 if (brt != NULL) { 2201 brt->brt_ifp = dst_if; 2202 if (setflags) { 2203 brt->brt_flags = flags; 2204 if (flags & IFBAF_STATIC) 2205 brt->brt_expire = 0; 2206 else 2207 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2208 } else { 2209 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2210 brt->brt_expire = time_uptime + sc->sc_brttimeout; 2211 } 2212 } 2213 BRIDGE_RT_REXIT(s); 2214 2215 if (brt == NULL) { 2216 int r; 2217 2218 r = bridge_rtalloc(sc, dst, &brt); 2219 if (r != 0) 2220 return r; 2221 goto again; 2222 } 2223 2224 return 0; 2225 } 2226 2227 /* 2228 * bridge_rtlookup: 2229 * 2230 * Lookup the destination interface for an address. 2231 */ 2232 static struct ifnet * 2233 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr) 2234 { 2235 struct bridge_rtnode *brt; 2236 struct ifnet *ifs = NULL; 2237 int s; 2238 2239 BRIDGE_RT_RENTER(s); 2240 brt = bridge_rtnode_lookup(sc, addr); 2241 if (brt != NULL) 2242 ifs = brt->brt_ifp; 2243 BRIDGE_RT_REXIT(s); 2244 2245 return ifs; 2246 } 2247 2248 typedef bool (*bridge_iterate_cb_t) 2249 (struct bridge_softc *, struct bridge_rtnode *, bool *, void *); 2250 2251 /* 2252 * bridge_rtlist_iterate_remove: 2253 * 2254 * It iterates on sc->sc_rtlist and removes rtnodes of it which func 2255 * callback judges to remove. Removals of rtnodes are done in a manner 2256 * of pserialize. To this end, all kmem_* operations are placed out of 2257 * mutexes. 2258 */ 2259 static void 2260 bridge_rtlist_iterate_remove(struct bridge_softc *sc, bridge_iterate_cb_t func, void *arg) 2261 { 2262 struct bridge_rtnode *brt; 2263 struct bridge_rtnode **brt_list; 2264 int i, count; 2265 2266 retry: 2267 count = sc->sc_brtcnt; 2268 if (count == 0) 2269 return; 2270 brt_list = kmem_alloc(sizeof(*brt_list) * count, KM_SLEEP); 2271 2272 BRIDGE_RT_LOCK(sc); 2273 if (__predict_false(sc->sc_brtcnt > count)) { 2274 /* The rtnodes increased, we need more memory */ 2275 BRIDGE_RT_UNLOCK(sc); 2276 kmem_free(brt_list, sizeof(*brt_list) * count); 2277 goto retry; 2278 } 2279 2280 i = 0; 2281 /* 2282 * We don't need to use a _SAFE variant here because we know 2283 * that a removed item keeps its next pointer as-is thanks to 2284 * pslist(9) and isn't freed in the loop. 2285 */ 2286 BRIDGE_RTLIST_WRITER_FOREACH(brt, sc) { 2287 bool need_break = false; 2288 if (func(sc, brt, &need_break, arg)) { 2289 bridge_rtnode_remove(sc, brt); 2290 brt_list[i++] = brt; 2291 } 2292 if (need_break) 2293 break; 2294 } 2295 2296 if (i > 0) 2297 BRIDGE_RT_PSZ_PERFORM(sc); 2298 BRIDGE_RT_UNLOCK(sc); 2299 2300 while (--i >= 0) 2301 bridge_rtnode_destroy(brt_list[i]); 2302 2303 kmem_free(brt_list, sizeof(*brt_list) * count); 2304 } 2305 2306 static bool 2307 bridge_rttrim0_cb(struct bridge_softc *sc, struct bridge_rtnode *brt, 2308 bool *need_break, void *arg) 2309 { 2310 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 2311 /* Take into account of the subsequent removal */ 2312 if ((sc->sc_brtcnt - 1) <= sc->sc_brtmax) 2313 *need_break = true; 2314 return true; 2315 } else 2316 return false; 2317 } 2318 2319 static void 2320 bridge_rttrim0(struct bridge_softc *sc) 2321 { 2322 bridge_rtlist_iterate_remove(sc, bridge_rttrim0_cb, NULL); 2323 } 2324 2325 /* 2326 * bridge_rttrim: 2327 * 2328 * Trim the routine table so that we have a number 2329 * of routing entries less than or equal to the 2330 * maximum number. 2331 */ 2332 static void 2333 bridge_rttrim(struct bridge_softc *sc) 2334 { 2335 2336 /* Make sure we actually need to do this. */ 2337 if (sc->sc_brtcnt <= sc->sc_brtmax) 2338 return; 2339 2340 /* Force an aging cycle; this might trim enough addresses. */ 2341 bridge_rtage(sc); 2342 if (sc->sc_brtcnt <= sc->sc_brtmax) 2343 return; 2344 2345 bridge_rttrim0(sc); 2346 2347 return; 2348 } 2349 2350 /* 2351 * bridge_timer: 2352 * 2353 * Aging timer for the bridge. 2354 */ 2355 static void 2356 bridge_timer(void *arg) 2357 { 2358 struct bridge_softc *sc = arg; 2359 2360 workqueue_enqueue(sc->sc_rtage_wq, &sc->sc_rtage_wk, NULL); 2361 } 2362 2363 static void 2364 bridge_rtage_work(struct work *wk, void *arg) 2365 { 2366 struct bridge_softc *sc = arg; 2367 2368 KASSERT(wk == &sc->sc_rtage_wk); 2369 2370 bridge_rtage(sc); 2371 2372 if (sc->sc_if.if_flags & IFF_RUNNING) 2373 callout_reset(&sc->sc_brcallout, 2374 bridge_rtable_prune_period * hz, bridge_timer, sc); 2375 } 2376 2377 static bool 2378 bridge_rtage_cb(struct bridge_softc *sc, struct bridge_rtnode *brt, 2379 bool *need_break, void *arg) 2380 { 2381 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && 2382 time_uptime >= brt->brt_expire) 2383 return true; 2384 else 2385 return false; 2386 } 2387 2388 /* 2389 * bridge_rtage: 2390 * 2391 * Perform an aging cycle. 2392 */ 2393 static void 2394 bridge_rtage(struct bridge_softc *sc) 2395 { 2396 bridge_rtlist_iterate_remove(sc, bridge_rtage_cb, NULL); 2397 } 2398 2399 2400 static bool 2401 bridge_rtflush_cb(struct bridge_softc *sc, struct bridge_rtnode *brt, 2402 bool *need_break, void *arg) 2403 { 2404 int full = *(int*)arg; 2405 2406 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) 2407 return true; 2408 else 2409 return false; 2410 } 2411 2412 /* 2413 * bridge_rtflush: 2414 * 2415 * Remove all dynamic addresses from the bridge. 2416 */ 2417 static void 2418 bridge_rtflush(struct bridge_softc *sc, int full) 2419 { 2420 bridge_rtlist_iterate_remove(sc, bridge_rtflush_cb, &full); 2421 } 2422 2423 /* 2424 * bridge_rtdaddr: 2425 * 2426 * Remove an address from the table. 2427 */ 2428 static int 2429 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr) 2430 { 2431 struct bridge_rtnode *brt; 2432 2433 BRIDGE_RT_LOCK(sc); 2434 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL) { 2435 BRIDGE_RT_UNLOCK(sc); 2436 return ENOENT; 2437 } 2438 bridge_rtnode_remove(sc, brt); 2439 BRIDGE_RT_PSZ_PERFORM(sc); 2440 BRIDGE_RT_UNLOCK(sc); 2441 2442 bridge_rtnode_destroy(brt); 2443 2444 return 0; 2445 } 2446 2447 /* 2448 * bridge_rtdelete: 2449 * 2450 * Delete routes to a speicifc member interface. 2451 */ 2452 static void 2453 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp) 2454 { 2455 struct bridge_rtnode *brt; 2456 2457 /* XXX pserialize_perform for each entry is slow */ 2458 again: 2459 BRIDGE_RT_LOCK(sc); 2460 BRIDGE_RTLIST_WRITER_FOREACH(brt, sc) { 2461 if (brt->brt_ifp == ifp) 2462 break; 2463 } 2464 if (brt == NULL) { 2465 BRIDGE_RT_UNLOCK(sc); 2466 return; 2467 } 2468 bridge_rtnode_remove(sc, brt); 2469 BRIDGE_RT_PSZ_PERFORM(sc); 2470 BRIDGE_RT_UNLOCK(sc); 2471 2472 bridge_rtnode_destroy(brt); 2473 2474 goto again; 2475 } 2476 2477 /* 2478 * bridge_rtable_init: 2479 * 2480 * Initialize the route table for this bridge. 2481 */ 2482 static void 2483 bridge_rtable_init(struct bridge_softc *sc) 2484 { 2485 int i; 2486 2487 sc->sc_rthash = kmem_alloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE, 2488 KM_SLEEP); 2489 2490 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++) 2491 PSLIST_INIT(&sc->sc_rthash[i]); 2492 2493 sc->sc_rthash_key = cprng_fast32(); 2494 2495 PSLIST_INIT(&sc->sc_rtlist); 2496 2497 sc->sc_rtlist_psz = pserialize_create(); 2498 sc->sc_rtlist_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 2499 } 2500 2501 /* 2502 * bridge_rtable_fini: 2503 * 2504 * Deconstruct the route table for this bridge. 2505 */ 2506 static void 2507 bridge_rtable_fini(struct bridge_softc *sc) 2508 { 2509 2510 kmem_free(sc->sc_rthash, sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE); 2511 mutex_obj_free(sc->sc_rtlist_lock); 2512 pserialize_destroy(sc->sc_rtlist_psz); 2513 } 2514 2515 /* 2516 * The following hash function is adapted from "Hash Functions" by Bob Jenkins 2517 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 2518 */ 2519 #define mix(a, b, c) \ 2520 do { \ 2521 a -= b; a -= c; a ^= (c >> 13); \ 2522 b -= c; b -= a; b ^= (a << 8); \ 2523 c -= a; c -= b; c ^= (b >> 13); \ 2524 a -= b; a -= c; a ^= (c >> 12); \ 2525 b -= c; b -= a; b ^= (a << 16); \ 2526 c -= a; c -= b; c ^= (b >> 5); \ 2527 a -= b; a -= c; a ^= (c >> 3); \ 2528 b -= c; b -= a; b ^= (a << 10); \ 2529 c -= a; c -= b; c ^= (b >> 15); \ 2530 } while (/*CONSTCOND*/0) 2531 2532 static inline uint32_t 2533 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr) 2534 { 2535 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key; 2536 2537 b += addr[5] << 8; 2538 b += addr[4]; 2539 a += (uint32_t)addr[3] << 24; 2540 a += addr[2] << 16; 2541 a += addr[1] << 8; 2542 a += addr[0]; 2543 2544 mix(a, b, c); 2545 2546 return (c & BRIDGE_RTHASH_MASK); 2547 } 2548 2549 #undef mix 2550 2551 /* 2552 * bridge_rtnode_lookup: 2553 * 2554 * Look up a bridge route node for the specified destination. 2555 */ 2556 static struct bridge_rtnode * 2557 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr) 2558 { 2559 struct bridge_rtnode *brt; 2560 uint32_t hash; 2561 int dir; 2562 2563 hash = bridge_rthash(sc, addr); 2564 BRIDGE_RTHASH_READER_FOREACH(brt, sc, hash) { 2565 dir = memcmp(addr, brt->brt_addr, ETHER_ADDR_LEN); 2566 if (dir == 0) 2567 return brt; 2568 if (dir > 0) 2569 return NULL; 2570 } 2571 2572 return NULL; 2573 } 2574 2575 /* 2576 * bridge_rtnode_insert: 2577 * 2578 * Insert the specified bridge node into the route table. We 2579 * assume the entry is not already in the table. 2580 */ 2581 static int 2582 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt) 2583 { 2584 struct bridge_rtnode *lbrt, *prev = NULL; 2585 uint32_t hash; 2586 2587 KASSERT(BRIDGE_RT_LOCKED(sc)); 2588 2589 hash = bridge_rthash(sc, brt->brt_addr); 2590 BRIDGE_RTHASH_WRITER_FOREACH(lbrt, sc, hash) { 2591 int dir = memcmp(brt->brt_addr, lbrt->brt_addr, ETHER_ADDR_LEN); 2592 if (dir == 0) 2593 return EEXIST; 2594 if (dir > 0) 2595 break; 2596 prev = lbrt; 2597 } 2598 if (prev == NULL) 2599 BRIDGE_RTHASH_WRITER_INSERT_HEAD(sc, hash, brt); 2600 else 2601 BRIDGE_RTHASH_WRITER_INSERT_AFTER(prev, brt); 2602 2603 BRIDGE_RTLIST_WRITER_INSERT_HEAD(sc, brt); 2604 sc->sc_brtcnt++; 2605 2606 return 0; 2607 } 2608 2609 /* 2610 * bridge_rtnode_remove: 2611 * 2612 * Remove a bridge rtnode from the rthash and the rtlist of a bridge. 2613 */ 2614 static void 2615 bridge_rtnode_remove(struct bridge_softc *sc, struct bridge_rtnode *brt) 2616 { 2617 2618 KASSERT(BRIDGE_RT_LOCKED(sc)); 2619 2620 BRIDGE_RTHASH_WRITER_REMOVE(brt); 2621 BRIDGE_RTLIST_WRITER_REMOVE(brt); 2622 sc->sc_brtcnt--; 2623 } 2624 2625 /* 2626 * bridge_rtnode_destroy: 2627 * 2628 * Destroy a bridge rtnode. 2629 */ 2630 static void 2631 bridge_rtnode_destroy(struct bridge_rtnode *brt) 2632 { 2633 2634 PSLIST_ENTRY_DESTROY(brt, brt_list); 2635 PSLIST_ENTRY_DESTROY(brt, brt_hash); 2636 pool_put(&bridge_rtnode_pool, brt); 2637 } 2638 2639 #if defined(BRIDGE_IPF) 2640 extern pfil_head_t *inet_pfil_hook; /* XXX */ 2641 extern pfil_head_t *inet6_pfil_hook; /* XXX */ 2642 2643 /* 2644 * Send bridge packets through IPF if they are one of the types IPF can deal 2645 * with, or if they are ARP or REVARP. (IPF will pass ARP and REVARP without 2646 * question.) 2647 */ 2648 static int 2649 bridge_ipf(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir) 2650 { 2651 int snap, error; 2652 struct ether_header *eh1, eh2; 2653 struct llc llc1; 2654 uint16_t ether_type; 2655 2656 snap = 0; 2657 error = -1; /* Default error if not error == 0 */ 2658 eh1 = mtod(*mp, struct ether_header *); 2659 ether_type = ntohs(eh1->ether_type); 2660 2661 /* 2662 * Check for SNAP/LLC. 2663 */ 2664 if (ether_type < ETHERMTU) { 2665 struct llc *llc2 = (struct llc *)(eh1 + 1); 2666 2667 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 && 2668 llc2->llc_dsap == LLC_SNAP_LSAP && 2669 llc2->llc_ssap == LLC_SNAP_LSAP && 2670 llc2->llc_control == LLC_UI) { 2671 ether_type = htons(llc2->llc_un.type_snap.ether_type); 2672 snap = 1; 2673 } 2674 } 2675 2676 /* 2677 * If we're trying to filter bridge traffic, don't look at anything 2678 * other than IP and ARP traffic. If the filter doesn't understand 2679 * IPv6, don't allow IPv6 through the bridge either. This is lame 2680 * since if we really wanted, say, an AppleTalk filter, we are hosed, 2681 * but of course we don't have an AppleTalk filter to begin with. 2682 * (Note that since IPF doesn't understand ARP it will pass *ALL* 2683 * ARP traffic.) 2684 */ 2685 switch (ether_type) { 2686 case ETHERTYPE_ARP: 2687 case ETHERTYPE_REVARP: 2688 return 0; /* Automatically pass */ 2689 case ETHERTYPE_IP: 2690 # ifdef INET6 2691 case ETHERTYPE_IPV6: 2692 # endif /* INET6 */ 2693 break; 2694 default: 2695 goto bad; 2696 } 2697 2698 /* Strip off the Ethernet header and keep a copy. */ 2699 m_copydata(*mp, 0, ETHER_HDR_LEN, (void *) &eh2); 2700 m_adj(*mp, ETHER_HDR_LEN); 2701 2702 /* Strip off snap header, if present */ 2703 if (snap) { 2704 m_copydata(*mp, 0, sizeof(struct llc), (void *) &llc1); 2705 m_adj(*mp, sizeof(struct llc)); 2706 } 2707 2708 /* 2709 * Check basic packet sanity and run IPF through pfil. 2710 */ 2711 KASSERT(!cpu_intr_p()); 2712 switch (ether_type) 2713 { 2714 case ETHERTYPE_IP : 2715 error = bridge_ip_checkbasic(mp); 2716 if (error == 0) 2717 error = pfil_run_hooks(inet_pfil_hook, mp, ifp, dir); 2718 break; 2719 # ifdef INET6 2720 case ETHERTYPE_IPV6 : 2721 error = bridge_ip6_checkbasic(mp); 2722 if (error == 0) 2723 error = pfil_run_hooks(inet6_pfil_hook, mp, ifp, dir); 2724 break; 2725 # endif 2726 default : 2727 error = 0; 2728 break; 2729 } 2730 2731 if (*mp == NULL) 2732 return error; 2733 if (error != 0) 2734 goto bad; 2735 2736 error = -1; 2737 2738 /* 2739 * Finally, put everything back the way it was and return 2740 */ 2741 if (snap) { 2742 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT); 2743 if (*mp == NULL) 2744 return error; 2745 bcopy(&llc1, mtod(*mp, void *), sizeof(struct llc)); 2746 } 2747 2748 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT); 2749 if (*mp == NULL) 2750 return error; 2751 bcopy(&eh2, mtod(*mp, void *), ETHER_HDR_LEN); 2752 2753 return 0; 2754 2755 bad: 2756 m_freem(*mp); 2757 *mp = NULL; 2758 return error; 2759 } 2760 2761 /* 2762 * Perform basic checks on header size since 2763 * IPF assumes ip_input has already processed 2764 * it for it. Cut-and-pasted from ip_input.c. 2765 * Given how simple the IPv6 version is, 2766 * does the IPv4 version really need to be 2767 * this complicated? 2768 * 2769 * XXX Should we update ipstat here, or not? 2770 * XXX Right now we update ipstat but not 2771 * XXX csum_counter. 2772 */ 2773 static int 2774 bridge_ip_checkbasic(struct mbuf **mp) 2775 { 2776 struct mbuf *m = *mp; 2777 struct ip *ip; 2778 int len, hlen; 2779 2780 if (*mp == NULL) 2781 return -1; 2782 2783 if (IP_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 2784 if ((m = m_copyup(m, sizeof(struct ip), 2785 (max_linkhdr + 3) & ~3)) == NULL) { 2786 /* XXXJRT new stat, please */ 2787 ip_statinc(IP_STAT_TOOSMALL); 2788 goto bad; 2789 } 2790 } else if (__predict_false(m->m_len < sizeof (struct ip))) { 2791 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { 2792 ip_statinc(IP_STAT_TOOSMALL); 2793 goto bad; 2794 } 2795 } 2796 ip = mtod(m, struct ip *); 2797 if (ip == NULL) goto bad; 2798 2799 if (ip->ip_v != IPVERSION) { 2800 ip_statinc(IP_STAT_BADVERS); 2801 goto bad; 2802 } 2803 hlen = ip->ip_hl << 2; 2804 if (hlen < sizeof(struct ip)) { /* minimum header length */ 2805 ip_statinc(IP_STAT_BADHLEN); 2806 goto bad; 2807 } 2808 if (hlen > m->m_len) { 2809 if ((m = m_pullup(m, hlen)) == 0) { 2810 ip_statinc(IP_STAT_BADHLEN); 2811 goto bad; 2812 } 2813 ip = mtod(m, struct ip *); 2814 if (ip == NULL) goto bad; 2815 } 2816 2817 switch (m->m_pkthdr.csum_flags & 2818 ((m_get_rcvif_NOMPSAFE(m)->if_csum_flags_rx & M_CSUM_IPv4) | 2819 M_CSUM_IPv4_BAD)) { 2820 case M_CSUM_IPv4|M_CSUM_IPv4_BAD: 2821 /* INET_CSUM_COUNTER_INCR(&ip_hwcsum_bad); */ 2822 goto bad; 2823 2824 case M_CSUM_IPv4: 2825 /* Checksum was okay. */ 2826 /* INET_CSUM_COUNTER_INCR(&ip_hwcsum_ok); */ 2827 break; 2828 2829 default: 2830 /* Must compute it ourselves. */ 2831 /* INET_CSUM_COUNTER_INCR(&ip_swcsum); */ 2832 if (in_cksum(m, hlen) != 0) 2833 goto bad; 2834 break; 2835 } 2836 2837 /* Retrieve the packet length. */ 2838 len = ntohs(ip->ip_len); 2839 2840 /* 2841 * Check for additional length bogosity 2842 */ 2843 if (len < hlen) { 2844 ip_statinc(IP_STAT_BADLEN); 2845 goto bad; 2846 } 2847 2848 /* 2849 * Check that the amount of data in the buffers 2850 * is as at least much as the IP header would have us expect. 2851 * Drop packet if shorter than we expect. 2852 */ 2853 if (m->m_pkthdr.len < len) { 2854 ip_statinc(IP_STAT_TOOSHORT); 2855 goto bad; 2856 } 2857 2858 /* Checks out, proceed */ 2859 *mp = m; 2860 return 0; 2861 2862 bad: 2863 *mp = m; 2864 return -1; 2865 } 2866 2867 # ifdef INET6 2868 /* 2869 * Same as above, but for IPv6. 2870 * Cut-and-pasted from ip6_input.c. 2871 * XXX Should we update ip6stat, or not? 2872 */ 2873 static int 2874 bridge_ip6_checkbasic(struct mbuf **mp) 2875 { 2876 struct mbuf *m = *mp; 2877 struct ip6_hdr *ip6; 2878 2879 /* 2880 * If the IPv6 header is not aligned, slurp it up into a new 2881 * mbuf with space for link headers, in the event we forward 2882 * it. Otherwise, if it is aligned, make sure the entire base 2883 * IPv6 header is in the first mbuf of the chain. 2884 */ 2885 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 2886 struct ifnet *inifp = m_get_rcvif_NOMPSAFE(m); 2887 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 2888 (max_linkhdr + 3) & ~3)) == NULL) { 2889 /* XXXJRT new stat, please */ 2890 ip6_statinc(IP6_STAT_TOOSMALL); 2891 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2892 goto bad; 2893 } 2894 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 2895 struct ifnet *inifp = m_get_rcvif_NOMPSAFE(m); 2896 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 2897 ip6_statinc(IP6_STAT_TOOSMALL); 2898 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 2899 goto bad; 2900 } 2901 } 2902 2903 ip6 = mtod(m, struct ip6_hdr *); 2904 2905 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2906 ip6_statinc(IP6_STAT_BADVERS); 2907 in6_ifstat_inc(m_get_rcvif_NOMPSAFE(m), ifs6_in_hdrerr); 2908 goto bad; 2909 } 2910 2911 /* Checks out, proceed */ 2912 *mp = m; 2913 return 0; 2914 2915 bad: 2916 *mp = m; 2917 return -1; 2918 } 2919 # endif /* INET6 */ 2920 #endif /* BRIDGE_IPF */ 2921
Indexes created Thu Sep 25 06:09:39 GMT 2025