1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
4 * Copyright 2001 Wasabi Systems, Inc.
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
40 * All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
51 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
52 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
53 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
54 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
55 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
56 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
57 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
60 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
61 * POSSIBILITY OF SUCH DAMAGE.
63 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
67 * Network interface bridge support.
71 * - Currently only supports Ethernet-like interfaces (Ethernet,
72 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
73 * to bridge other types of interfaces (FDDI-FDDI, and maybe
74 * consider heterogenous bridges).
77 #include <sys/cdefs.h>
78 __FBSDID("$FreeBSD$");
81 #include "opt_inet6.h"
83 #include <sys/param.h>
85 #include <sys/malloc.h>
86 #include <sys/protosw.h>
87 #include <sys/systm.h>
90 #include <sys/socket.h> /* for net/if.h */
91 #include <sys/sockio.h>
92 #include <sys/ctype.h> /* string functions */
93 #include <sys/kernel.h>
94 #include <sys/random.h>
95 #include <sys/syslog.h>
96 #include <sys/sysctl.h>
98 #include <sys/module.h>
100 #include <sys/proc.h>
101 #include <sys/lock.h>
102 #include <sys/mutex.h>
103 #include <sys/rwlock.h>
107 #include <net/if_clone.h>
108 #include <net/if_dl.h>
109 #include <net/if_types.h>
110 #include <net/if_var.h>
111 #include <net/pfil.h>
112 #include <net/vnet.h>
114 #include <netinet/in.h> /* for struct arpcom */
115 #include <netinet/in_systm.h>
116 #include <netinet/in_var.h>
117 #include <netinet/ip.h>
118 #include <netinet/ip_var.h>
120 #include <netinet/ip6.h>
121 #include <netinet6/ip6_var.h>
123 #if defined(INET) || defined(INET6)
124 #include <netinet/ip_carp.h>
126 #include <machine/in_cksum.h>
127 #include <netinet/if_ether.h> /* for struct arpcom */
128 #include <net/bridgestp.h>
129 #include <net/if_bridgevar.h>
130 #include <net/if_llc.h>
131 #include <net/if_vlan_var.h>
133 #include <net/route.h>
134 #include <netinet/ip_fw.h>
135 #include <netinet/ipfw/ip_fw_private.h>
138 * Size of the route hash table. Must be a power of two.
140 #ifndef BRIDGE_RTHASH_SIZE
141 #define BRIDGE_RTHASH_SIZE 1024
144 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
147 * Maximum number of addresses to cache.
149 #ifndef BRIDGE_RTABLE_MAX
150 #define BRIDGE_RTABLE_MAX 100
154 * Timeout (in seconds) for entries learned dynamically.
156 #ifndef BRIDGE_RTABLE_TIMEOUT
157 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
161 * Number of seconds between walks of the route list.
163 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
164 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
168 * List of capabilities to possibly mask on the member interface.
170 #define BRIDGE_IFCAPS_MASK (IFCAP_TOE|IFCAP_TSO|IFCAP_TXCSUM)
173 * List of capabilities to strip
175 #define BRIDGE_IFCAPS_STRIP IFCAP_LRO
178 * Bridge interface list entry.
180 struct bridge_iflist {
181 LIST_ENTRY(bridge_iflist) bif_next;
182 struct ifnet *bif_ifp; /* member if */
183 struct bstp_port bif_stp; /* STP state */
184 uint32_t bif_flags; /* member if flags */
185 int bif_savedcaps; /* saved capabilities */
186 uint32_t bif_addrmax; /* max # of addresses */
187 uint32_t bif_addrcnt; /* cur. # of addresses */
188 uint32_t bif_addrexceeded;/* # of address violations */
194 struct bridge_rtnode {
195 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
196 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
197 struct bridge_iflist *brt_dst; /* destination if */
198 unsigned long brt_expire; /* expiration time */
199 uint8_t brt_flags; /* address flags */
200 uint8_t brt_addr[ETHER_ADDR_LEN];
201 uint16_t brt_vlan; /* vlan id */
203 #define brt_ifp brt_dst->bif_ifp
206 * Software state for each bridge.
208 struct bridge_softc {
209 struct ifnet *sc_ifp; /* make this an interface */
210 LIST_ENTRY(bridge_softc) sc_list;
213 uint32_t sc_brtmax; /* max # of addresses */
214 uint32_t sc_brtcnt; /* cur. # of addresses */
215 uint32_t sc_brttimeout; /* rt timeout in seconds */
216 struct callout sc_brcallout; /* bridge callout */
217 uint32_t sc_iflist_ref; /* refcount for sc_iflist */
218 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */
219 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
220 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
221 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
222 uint32_t sc_rthash_key; /* key for hash */
223 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
224 struct bstp_state sc_stp; /* STP state */
225 uint32_t sc_brtexceeded; /* # of cache drops */
226 struct ifnet *sc_ifaddr; /* member mac copied from */
227 u_char sc_defaddr[6]; /* Default MAC address */
230 static struct mtx bridge_list_mtx;
231 eventhandler_tag bridge_detach_cookie = NULL;
233 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
235 uma_zone_t bridge_rtnode_zone;
237 static int bridge_clone_create(struct if_clone *, int, caddr_t);
238 static void bridge_clone_destroy(struct ifnet *);
240 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
241 static void bridge_mutecaps(struct bridge_softc *);
242 static void bridge_set_ifcap(struct bridge_softc *, struct bridge_iflist *,
244 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
245 static void bridge_init(void *);
246 static void bridge_dummynet(struct mbuf *, struct ifnet *);
247 static void bridge_stop(struct ifnet *, int);
248 static void bridge_start(struct ifnet *);
249 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
250 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
252 static void bridge_enqueue(struct bridge_softc *, struct ifnet *,
254 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
256 static void bridge_forward(struct bridge_softc *, struct bridge_iflist *,
259 static void bridge_timer(void *);
261 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
263 static void bridge_span(struct bridge_softc *, struct mbuf *);
265 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
266 uint16_t, struct bridge_iflist *, int, uint8_t);
267 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *,
269 static void bridge_rttrim(struct bridge_softc *);
270 static void bridge_rtage(struct bridge_softc *);
271 static void bridge_rtflush(struct bridge_softc *, int);
272 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *,
275 static int bridge_rtable_init(struct bridge_softc *);
276 static void bridge_rtable_fini(struct bridge_softc *);
278 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
279 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
280 const uint8_t *, uint16_t);
281 static int bridge_rtnode_insert(struct bridge_softc *,
282 struct bridge_rtnode *);
283 static void bridge_rtnode_destroy(struct bridge_softc *,
284 struct bridge_rtnode *);
285 static void bridge_rtable_expire(struct ifnet *, int);
286 static void bridge_state_change(struct ifnet *, int);
288 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
290 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
292 static void bridge_delete_member(struct bridge_softc *,
293 struct bridge_iflist *, int);
294 static void bridge_delete_span(struct bridge_softc *,
295 struct bridge_iflist *);
297 static int bridge_ioctl_add(struct bridge_softc *, void *);
298 static int bridge_ioctl_del(struct bridge_softc *, void *);
299 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
300 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
301 static int bridge_ioctl_scache(struct bridge_softc *, void *);
302 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
303 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
304 static int bridge_ioctl_rts(struct bridge_softc *, void *);
305 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
306 static int bridge_ioctl_sto(struct bridge_softc *, void *);
307 static int bridge_ioctl_gto(struct bridge_softc *, void *);
308 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
309 static int bridge_ioctl_flush(struct bridge_softc *, void *);
310 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
311 static int bridge_ioctl_spri(struct bridge_softc *, void *);
312 static int bridge_ioctl_ght(struct bridge_softc *, void *);
313 static int bridge_ioctl_sht(struct bridge_softc *, void *);
314 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
315 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
316 static int bridge_ioctl_gma(struct bridge_softc *, void *);
317 static int bridge_ioctl_sma(struct bridge_softc *, void *);
318 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
319 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
320 static int bridge_ioctl_sifmaxaddr(struct bridge_softc *, void *);
321 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
322 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
323 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
324 static int bridge_ioctl_grte(struct bridge_softc *, void *);
325 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
326 static int bridge_ioctl_sproto(struct bridge_softc *, void *);
327 static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
328 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
330 static int bridge_ip_checkbasic(struct mbuf **mp);
332 static int bridge_ip6_checkbasic(struct mbuf **mp);
334 static int bridge_fragment(struct ifnet *, struct mbuf *,
335 struct ether_header *, int, struct llc *);
337 /* The default bridge vlan is 1 (IEEE 802.1Q-2003 Table 9-2) */
338 #define VLANTAGOF(_m) \
339 (_m->m_flags & M_VLANTAG) ? EVL_VLANOFTAG(_m->m_pkthdr.ether_vtag) : 1
341 static struct bstp_cb_ops bridge_ops = {
342 .bcb_state = bridge_state_change,
343 .bcb_rtage = bridge_rtable_expire
346 SYSCTL_DECL(_net_link);
347 static SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
349 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
350 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
351 static int pfil_member = 1; /* run pfil hooks on the member interface */
352 static int pfil_ipfw = 0; /* layer2 filter with ipfw */
353 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */
354 static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for
355 locally destined packets */
356 static int log_stp = 0; /* log STP state changes */
357 static int bridge_inherit_mac = 0; /* share MAC with first bridge member */
358 TUNABLE_INT("net.link.bridge.pfil_onlyip", &pfil_onlyip);
359 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
360 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
361 TUNABLE_INT("net.link.bridge.ipfw_arp", &pfil_ipfw_arp);
362 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW,
363 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2");
364 TUNABLE_INT("net.link.bridge.pfil_bridge", &pfil_bridge);
365 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
366 &pfil_bridge, 0, "Packet filter on the bridge interface");
367 TUNABLE_INT("net.link.bridge.pfil_member", &pfil_member);
368 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
369 &pfil_member, 0, "Packet filter on the member interface");
370 TUNABLE_INT("net.link.bridge.pfil_local_phys", &pfil_local_phys);
371 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys, CTLFLAG_RW,
373 "Packet filter on the physical interface for locally destined packets");
374 TUNABLE_INT("net.link.bridge.log_stp", &log_stp);
375 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW,
376 &log_stp, 0, "Log STP state changes");
377 TUNABLE_INT("net.link.bridge.inherit_mac", &bridge_inherit_mac);
378 SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW,
379 &bridge_inherit_mac, 0,
380 "Inherit MAC address from the first bridge member");
382 struct bridge_control {
383 int (*bc_func)(struct bridge_softc *, void *);
388 #define BC_F_COPYIN 0x01 /* copy arguments in */
389 #define BC_F_COPYOUT 0x02 /* copy arguments out */
390 #define BC_F_SUSER 0x04 /* do super-user check */
392 const struct bridge_control bridge_control_table[] = {
393 { bridge_ioctl_add, sizeof(struct ifbreq),
394 BC_F_COPYIN|BC_F_SUSER },
395 { bridge_ioctl_del, sizeof(struct ifbreq),
396 BC_F_COPYIN|BC_F_SUSER },
398 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
399 BC_F_COPYIN|BC_F_COPYOUT },
400 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
401 BC_F_COPYIN|BC_F_SUSER },
403 { bridge_ioctl_scache, sizeof(struct ifbrparam),
404 BC_F_COPYIN|BC_F_SUSER },
405 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
408 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
409 BC_F_COPYIN|BC_F_COPYOUT },
410 { bridge_ioctl_rts, sizeof(struct ifbaconf),
411 BC_F_COPYIN|BC_F_COPYOUT },
413 { bridge_ioctl_saddr, sizeof(struct ifbareq),
414 BC_F_COPYIN|BC_F_SUSER },
416 { bridge_ioctl_sto, sizeof(struct ifbrparam),
417 BC_F_COPYIN|BC_F_SUSER },
418 { bridge_ioctl_gto, sizeof(struct ifbrparam),
421 { bridge_ioctl_daddr, sizeof(struct ifbareq),
422 BC_F_COPYIN|BC_F_SUSER },
424 { bridge_ioctl_flush, sizeof(struct ifbreq),
425 BC_F_COPYIN|BC_F_SUSER },
427 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
429 { bridge_ioctl_spri, sizeof(struct ifbrparam),
430 BC_F_COPYIN|BC_F_SUSER },
432 { bridge_ioctl_ght, sizeof(struct ifbrparam),
434 { bridge_ioctl_sht, sizeof(struct ifbrparam),
435 BC_F_COPYIN|BC_F_SUSER },
437 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
439 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
440 BC_F_COPYIN|BC_F_SUSER },
442 { bridge_ioctl_gma, sizeof(struct ifbrparam),
444 { bridge_ioctl_sma, sizeof(struct ifbrparam),
445 BC_F_COPYIN|BC_F_SUSER },
447 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
448 BC_F_COPYIN|BC_F_SUSER },
450 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
451 BC_F_COPYIN|BC_F_SUSER },
453 { bridge_ioctl_addspan, sizeof(struct ifbreq),
454 BC_F_COPYIN|BC_F_SUSER },
455 { bridge_ioctl_delspan, sizeof(struct ifbreq),
456 BC_F_COPYIN|BC_F_SUSER },
458 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
461 { bridge_ioctl_grte, sizeof(struct ifbrparam),
464 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
465 BC_F_COPYIN|BC_F_COPYOUT },
467 { bridge_ioctl_sproto, sizeof(struct ifbrparam),
468 BC_F_COPYIN|BC_F_SUSER },
470 { bridge_ioctl_stxhc, sizeof(struct ifbrparam),
471 BC_F_COPYIN|BC_F_SUSER },
473 { bridge_ioctl_sifmaxaddr, sizeof(struct ifbreq),
474 BC_F_COPYIN|BC_F_SUSER },
477 const int bridge_control_table_size =
478 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
480 LIST_HEAD(, bridge_softc) bridge_list;
482 IFC_SIMPLE_DECLARE(bridge, 0);
485 bridge_modevent(module_t mod, int type, void *data)
490 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF);
491 if_clone_attach(&bridge_cloner);
492 bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
493 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
495 LIST_INIT(&bridge_list);
496 bridge_input_p = bridge_input;
497 bridge_output_p = bridge_output;
498 bridge_dn_p = bridge_dummynet;
499 bridge_detach_cookie = EVENTHANDLER_REGISTER(
500 ifnet_departure_event, bridge_ifdetach, NULL,
501 EVENTHANDLER_PRI_ANY);
504 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
505 bridge_detach_cookie);
506 if_clone_detach(&bridge_cloner);
507 uma_zdestroy(bridge_rtnode_zone);
508 bridge_input_p = NULL;
509 bridge_output_p = NULL;
511 mtx_destroy(&bridge_list_mtx);
519 static moduledata_t bridge_mod = {
525 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
526 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
529 * handler for net.link.bridge.pfil_ipfw
532 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
534 int enable = pfil_ipfw;
537 error = sysctl_handle_int(oidp, &enable, 0, req);
538 enable = (enable) ? 1 : 0;
540 if (enable != pfil_ipfw) {
544 * Disable pfil so that ipfw doesnt run twice, if the user
545 * really wants both then they can re-enable pfil_bridge and/or
546 * pfil_member. Also allow non-ip packets as ipfw can filter by
558 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW,
559 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW");
562 * bridge_clone_create:
564 * Create a new bridge instance.
567 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
569 struct bridge_softc *sc, *sc2;
570 struct ifnet *bifp, *ifp;
572 unsigned long hostid;
574 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
575 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
581 BRIDGE_LOCK_INIT(sc);
582 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
583 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
585 /* Initialize our routing table. */
586 bridge_rtable_init(sc);
588 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0);
590 LIST_INIT(&sc->sc_iflist);
591 LIST_INIT(&sc->sc_spanlist);
594 if_initname(ifp, ifc->ifc_name, unit);
595 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
596 ifp->if_ioctl = bridge_ioctl;
597 ifp->if_start = bridge_start;
598 ifp->if_init = bridge_init;
599 ifp->if_type = IFT_BRIDGE;
600 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
601 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
602 IFQ_SET_READY(&ifp->if_snd);
605 * Generate an ethernet address with a locally administered address.
607 * Since we are using random ethernet addresses for the bridge, it is
608 * possible that we might have address collisions, so make sure that
609 * this hardware address isn't already in use on another bridge.
610 * The first try uses the hostid and falls back to arc4rand().
613 getcredhostid(curthread->td_ucred, &hostid);
614 for (retry = 1; retry != 0;) {
615 if (fb || hostid == 0) {
616 arc4rand(sc->sc_defaddr, ETHER_ADDR_LEN, 1);
617 sc->sc_defaddr[0] &= ~1;/* clear multicast bit */
618 sc->sc_defaddr[0] |= 2; /* set the LAA bit */
620 sc->sc_defaddr[0] = 0x2;
621 sc->sc_defaddr[1] = (hostid >> 24) & 0xff;
622 sc->sc_defaddr[2] = (hostid >> 16) & 0xff;
623 sc->sc_defaddr[3] = (hostid >> 8 ) & 0xff;
624 sc->sc_defaddr[4] = hostid & 0xff;
625 sc->sc_defaddr[5] = ifp->if_dunit & 0xff;
630 mtx_lock(&bridge_list_mtx);
631 LIST_FOREACH(sc2, &bridge_list, sc_list) {
633 if (memcmp(sc->sc_defaddr,
634 IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0)
637 mtx_unlock(&bridge_list_mtx);
640 bstp_attach(&sc->sc_stp, &bridge_ops);
641 ether_ifattach(ifp, sc->sc_defaddr);
642 /* Now undo some of the damage... */
643 ifp->if_baudrate = 0;
644 ifp->if_type = IFT_BRIDGE;
646 mtx_lock(&bridge_list_mtx);
647 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
648 mtx_unlock(&bridge_list_mtx);
654 * bridge_clone_destroy:
656 * Destroy a bridge instance.
659 bridge_clone_destroy(struct ifnet *ifp)
661 struct bridge_softc *sc = ifp->if_softc;
662 struct bridge_iflist *bif;
667 ifp->if_flags &= ~IFF_UP;
669 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
670 bridge_delete_member(sc, bif, 0);
672 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) {
673 bridge_delete_span(sc, bif);
678 callout_drain(&sc->sc_brcallout);
680 mtx_lock(&bridge_list_mtx);
681 LIST_REMOVE(sc, sc_list);
682 mtx_unlock(&bridge_list_mtx);
684 bstp_detach(&sc->sc_stp);
688 /* Tear down the routing table. */
689 bridge_rtable_fini(sc);
691 BRIDGE_LOCK_DESTROY(sc);
698 * Handle a control request from the operator.
701 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
703 struct bridge_softc *sc = ifp->if_softc;
704 struct ifreq *ifr = (struct ifreq *)data;
705 struct bridge_iflist *bif;
706 struct thread *td = curthread;
708 struct ifbreq ifbreq;
709 struct ifbifconf ifbifconf;
710 struct ifbareq ifbareq;
711 struct ifbaconf ifbaconf;
712 struct ifbrparam ifbrparam;
713 struct ifbropreq ifbropreq;
715 struct ifdrv *ifd = (struct ifdrv *) data;
716 const struct bridge_control *bc;
727 if (ifd->ifd_cmd >= bridge_control_table_size) {
731 bc = &bridge_control_table[ifd->ifd_cmd];
733 if (cmd == SIOCGDRVSPEC &&
734 (bc->bc_flags & BC_F_COPYOUT) == 0) {
738 else if (cmd == SIOCSDRVSPEC &&
739 (bc->bc_flags & BC_F_COPYOUT) != 0) {
744 if (bc->bc_flags & BC_F_SUSER) {
745 error = priv_check(td, PRIV_NET_BRIDGE);
750 if (ifd->ifd_len != bc->bc_argsize ||
751 ifd->ifd_len > sizeof(args)) {
756 bzero(&args, sizeof(args));
757 if (bc->bc_flags & BC_F_COPYIN) {
758 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
764 error = (*bc->bc_func)(sc, &args);
769 if (bc->bc_flags & BC_F_COPYOUT)
770 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
775 if (!(ifp->if_flags & IFF_UP) &&
776 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
778 * If interface is marked down and it is running,
779 * then stop and disable it.
784 } else if ((ifp->if_flags & IFF_UP) &&
785 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
787 * If interface is marked up and it is stopped, then
795 if (ifr->ifr_mtu < 576) {
799 if (LIST_EMPTY(&sc->sc_iflist)) {
800 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
804 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
805 if (bif->bif_ifp->if_mtu != ifr->ifr_mtu) {
806 log(LOG_NOTICE, "%s: invalid MTU: %lu(%s)"
807 " != %d\n", sc->sc_ifp->if_xname,
808 bif->bif_ifp->if_mtu,
809 bif->bif_ifp->if_xname, ifr->ifr_mtu);
815 sc->sc_ifp->if_mtu = ifr->ifr_mtu;
820 * drop the lock as ether_ioctl() will call bridge_start() and
821 * cause the lock to be recursed.
823 error = ether_ioctl(ifp, cmd, data);
833 * Clear or restore unwanted capabilities on the member interface
836 bridge_mutecaps(struct bridge_softc *sc)
838 struct bridge_iflist *bif;
841 /* Initial bitmask of capabilities to test */
842 mask = BRIDGE_IFCAPS_MASK;
844 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
845 /* Every member must support it or its disabled */
846 mask &= bif->bif_savedcaps;
849 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
850 enabled = bif->bif_ifp->if_capenable;
851 enabled &= ~BRIDGE_IFCAPS_STRIP;
852 /* strip off mask bits and enable them again if allowed */
853 enabled &= ~BRIDGE_IFCAPS_MASK;
855 bridge_set_ifcap(sc, bif, enabled);
861 bridge_set_ifcap(struct bridge_softc *sc, struct bridge_iflist *bif, int set)
863 struct ifnet *ifp = bif->bif_ifp;
867 bzero(&ifr, sizeof(ifr));
868 ifr.ifr_reqcap = set;
870 if (ifp->if_capenable != set) {
871 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
873 if_printf(sc->sc_ifp,
874 "error setting interface capabilities on %s\n",
880 * bridge_lookup_member:
882 * Lookup a bridge member interface.
884 static struct bridge_iflist *
885 bridge_lookup_member(struct bridge_softc *sc, const char *name)
887 struct bridge_iflist *bif;
890 BRIDGE_LOCK_ASSERT(sc);
892 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
894 if (strcmp(ifp->if_xname, name) == 0)
902 * bridge_lookup_member_if:
904 * Lookup a bridge member interface by ifnet*.
906 static struct bridge_iflist *
907 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
909 struct bridge_iflist *bif;
911 BRIDGE_LOCK_ASSERT(sc);
913 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
914 if (bif->bif_ifp == member_ifp)
922 * bridge_delete_member:
924 * Delete the specified member interface.
927 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
930 struct ifnet *ifs = bif->bif_ifp;
931 struct ifnet *fif = NULL;
933 BRIDGE_LOCK_ASSERT(sc);
935 if (bif->bif_flags & IFBIF_STP)
936 bstp_disable(&bif->bif_stp);
938 ifs->if_bridge = NULL;
940 LIST_REMOVE(bif, bif_next);
944 * If removing the interface that gave the bridge its mac address, set
945 * the mac address of the bridge to the address of the next member, or
946 * to its default address if no members are left.
948 if (bridge_inherit_mac && sc->sc_ifaddr == ifs) {
949 if (LIST_EMPTY(&sc->sc_iflist)) {
950 bcopy(sc->sc_defaddr,
951 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
952 sc->sc_ifaddr = NULL;
954 fif = LIST_FIRST(&sc->sc_iflist)->bif_ifp;
955 bcopy(IF_LLADDR(fif),
956 IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
959 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
962 bridge_mutecaps(sc); /* recalcuate now this interface is removed */
963 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
964 KASSERT(bif->bif_addrcnt == 0,
965 ("%s: %d bridge routes referenced", __func__, bif->bif_addrcnt));
969 switch (ifs->if_type) {
973 * Take the interface out of promiscuous mode.
975 (void) ifpromisc(ifs, 0);
983 panic("bridge_delete_member: impossible");
987 /* reneable any interface capabilities */
988 bridge_set_ifcap(sc, bif, bif->bif_savedcaps);
990 bstp_destroy(&bif->bif_stp); /* prepare to free */
996 * bridge_delete_span:
998 * Delete the specified span interface.
1001 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
1003 BRIDGE_LOCK_ASSERT(sc);
1005 KASSERT(bif->bif_ifp->if_bridge == NULL,
1006 ("%s: not a span interface", __func__));
1008 LIST_REMOVE(bif, bif_next);
1009 free(bif, M_DEVBUF);
1013 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
1015 struct ifbreq *req = arg;
1016 struct bridge_iflist *bif = NULL;
1020 ifs = ifunit(req->ifbr_ifsname);
1023 if (ifs->if_ioctl == NULL) /* must be supported */
1026 /* If it's in the span list, it can't be a member. */
1027 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1028 if (ifs == bif->bif_ifp)
1031 if (ifs->if_bridge == sc)
1034 if (ifs->if_bridge != NULL)
1037 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1042 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
1043 bif->bif_savedcaps = ifs->if_capenable;
1045 switch (ifs->if_type) {
1049 /* permitted interface types */
1056 /* Allow the first Ethernet member to define the MTU */
1057 if (LIST_EMPTY(&sc->sc_iflist))
1058 sc->sc_ifp->if_mtu = ifs->if_mtu;
1059 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
1060 if_printf(sc->sc_ifp, "invalid MTU: %lu(%s) != %lu\n",
1061 ifs->if_mtu, ifs->if_xname, sc->sc_ifp->if_mtu);
1067 * Assign the interface's MAC address to the bridge if it's the first
1068 * member and the MAC address of the bridge has not been changed from
1069 * the default randomly generated one.
1071 if (bridge_inherit_mac && LIST_EMPTY(&sc->sc_iflist) &&
1072 !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN)) {
1073 bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
1074 sc->sc_ifaddr = ifs;
1075 EVENTHANDLER_INVOKE(iflladdr_event, sc->sc_ifp);
1078 ifs->if_bridge = sc;
1079 bstp_create(&sc->sc_stp, &bif->bif_stp, bif->bif_ifp);
1081 * XXX: XLOCK HERE!?!
1083 * NOTE: insert_***HEAD*** should be safe for the traversals.
1085 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
1087 /* Set interface capabilities to the intersection set of all members */
1088 bridge_mutecaps(sc);
1090 switch (ifs->if_type) {
1094 * Place the interface into promiscuous mode.
1097 error = ifpromisc(ifs, 1);
1102 bridge_delete_member(sc, bif, 0);
1106 free(bif, M_DEVBUF);
1112 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
1114 struct ifbreq *req = arg;
1115 struct bridge_iflist *bif;
1117 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1121 bridge_delete_member(sc, bif, 0);
1127 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
1129 struct ifbreq *req = arg;
1130 struct bridge_iflist *bif;
1131 struct bstp_port *bp;
1133 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1138 req->ifbr_ifsflags = bif->bif_flags;
1139 req->ifbr_state = bp->bp_state;
1140 req->ifbr_priority = bp->bp_priority;
1141 req->ifbr_path_cost = bp->bp_path_cost;
1142 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1143 req->ifbr_proto = bp->bp_protover;
1144 req->ifbr_role = bp->bp_role;
1145 req->ifbr_stpflags = bp->bp_flags;
1146 req->ifbr_addrcnt = bif->bif_addrcnt;
1147 req->ifbr_addrmax = bif->bif_addrmax;
1148 req->ifbr_addrexceeded = bif->bif_addrexceeded;
1150 /* Copy STP state options as flags */
1151 if (bp->bp_operedge)
1152 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE;
1153 if (bp->bp_flags & BSTP_PORT_AUTOEDGE)
1154 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE;
1155 if (bp->bp_ptp_link)
1156 req->ifbr_ifsflags |= IFBIF_BSTP_PTP;
1157 if (bp->bp_flags & BSTP_PORT_AUTOPTP)
1158 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP;
1159 if (bp->bp_flags & BSTP_PORT_ADMEDGE)
1160 req->ifbr_ifsflags |= IFBIF_BSTP_ADMEDGE;
1161 if (bp->bp_flags & BSTP_PORT_ADMCOST)
1162 req->ifbr_ifsflags |= IFBIF_BSTP_ADMCOST;
1167 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1169 struct ifbreq *req = arg;
1170 struct bridge_iflist *bif;
1171 struct bstp_port *bp;
1174 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1179 if (req->ifbr_ifsflags & IFBIF_SPAN)
1180 /* SPAN is readonly */
1183 if (req->ifbr_ifsflags & IFBIF_STP) {
1184 if ((bif->bif_flags & IFBIF_STP) == 0) {
1185 error = bstp_enable(&bif->bif_stp);
1190 if ((bif->bif_flags & IFBIF_STP) != 0)
1191 bstp_disable(&bif->bif_stp);
1194 /* Pass on STP flags */
1195 bstp_set_edge(bp, req->ifbr_ifsflags & IFBIF_BSTP_EDGE ? 1 : 0);
1196 bstp_set_autoedge(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOEDGE ? 1 : 0);
1197 bstp_set_ptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_PTP ? 1 : 0);
1198 bstp_set_autoptp(bp, req->ifbr_ifsflags & IFBIF_BSTP_AUTOPTP ? 1 : 0);
1200 /* Save the bits relating to the bridge */
1201 bif->bif_flags = req->ifbr_ifsflags & IFBIFMASK;
1207 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1209 struct ifbrparam *param = arg;
1211 sc->sc_brtmax = param->ifbrp_csize;
1218 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1220 struct ifbrparam *param = arg;
1222 param->ifbrp_csize = sc->sc_brtmax;
1228 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1230 struct ifbifconf *bifc = arg;
1231 struct bridge_iflist *bif;
1234 int count, buflen, len, error = 0;
1237 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1239 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1242 buflen = sizeof(breq) * count;
1243 if (bifc->ifbic_len == 0) {
1244 bifc->ifbic_len = buflen;
1248 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO);
1253 len = min(bifc->ifbic_len, buflen);
1254 bzero(&breq, sizeof(breq));
1255 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1256 if (len < sizeof(breq))
1259 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1260 sizeof(breq.ifbr_ifsname));
1261 /* Fill in the ifbreq structure */
1262 error = bridge_ioctl_gifflags(sc, &breq);
1265 memcpy(buf, &breq, sizeof(breq));
1267 buf += sizeof(breq);
1268 len -= sizeof(breq);
1270 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1271 if (len < sizeof(breq))
1274 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1275 sizeof(breq.ifbr_ifsname));
1276 breq.ifbr_ifsflags = bif->bif_flags;
1277 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1278 memcpy(buf, &breq, sizeof(breq));
1280 buf += sizeof(breq);
1281 len -= sizeof(breq);
1285 bifc->ifbic_len = sizeof(breq) * count;
1286 error = copyout(outbuf, bifc->ifbic_req, bifc->ifbic_len);
1288 free(outbuf, M_TEMP);
1293 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1295 struct ifbaconf *bac = arg;
1296 struct bridge_rtnode *brt;
1297 struct ifbareq bareq;
1299 int count, buflen, len, error = 0;
1301 if (bac->ifbac_len == 0)
1305 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list)
1307 buflen = sizeof(bareq) * count;
1310 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO);
1315 len = min(bac->ifbac_len, buflen);
1316 bzero(&bareq, sizeof(bareq));
1317 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1318 if (len < sizeof(bareq))
1320 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1321 sizeof(bareq.ifba_ifsname));
1322 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1323 bareq.ifba_vlan = brt->brt_vlan;
1324 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1325 time_uptime < brt->brt_expire)
1326 bareq.ifba_expire = brt->brt_expire - time_uptime;
1328 bareq.ifba_expire = 0;
1329 bareq.ifba_flags = brt->brt_flags;
1331 memcpy(buf, &bareq, sizeof(bareq));
1333 buf += sizeof(bareq);
1334 len -= sizeof(bareq);
1338 bac->ifbac_len = sizeof(bareq) * count;
1339 error = copyout(outbuf, bac->ifbac_req, bac->ifbac_len);
1341 free(outbuf, M_TEMP);
1346 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1348 struct ifbareq *req = arg;
1349 struct bridge_iflist *bif;
1352 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1356 error = bridge_rtupdate(sc, req->ifba_dst, req->ifba_vlan, bif, 1,
1363 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1365 struct ifbrparam *param = arg;
1367 sc->sc_brttimeout = param->ifbrp_ctime;
1372 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1374 struct ifbrparam *param = arg;
1376 param->ifbrp_ctime = sc->sc_brttimeout;
1381 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1383 struct ifbareq *req = arg;
1385 return (bridge_rtdaddr(sc, req->ifba_dst, req->ifba_vlan));
1389 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1391 struct ifbreq *req = arg;
1393 bridge_rtflush(sc, req->ifbr_ifsflags);
1398 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1400 struct ifbrparam *param = arg;
1401 struct bstp_state *bs = &sc->sc_stp;
1403 param->ifbrp_prio = bs->bs_bridge_priority;
1408 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1410 struct ifbrparam *param = arg;
1412 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio));
1416 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1418 struct ifbrparam *param = arg;
1419 struct bstp_state *bs = &sc->sc_stp;
1421 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8;
1426 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1428 struct ifbrparam *param = arg;
1430 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime));
1434 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1436 struct ifbrparam *param = arg;
1437 struct bstp_state *bs = &sc->sc_stp;
1439 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8;
1444 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1446 struct ifbrparam *param = arg;
1448 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay));
1452 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1454 struct ifbrparam *param = arg;
1455 struct bstp_state *bs = &sc->sc_stp;
1457 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1462 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1464 struct ifbrparam *param = arg;
1466 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage));
1470 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1472 struct ifbreq *req = arg;
1473 struct bridge_iflist *bif;
1475 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1479 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority));
1483 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1485 struct ifbreq *req = arg;
1486 struct bridge_iflist *bif;
1488 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1492 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost));
1496 bridge_ioctl_sifmaxaddr(struct bridge_softc *sc, void *arg)
1498 struct ifbreq *req = arg;
1499 struct bridge_iflist *bif;
1501 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1505 bif->bif_addrmax = req->ifbr_addrmax;
1510 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1512 struct ifbreq *req = arg;
1513 struct bridge_iflist *bif = NULL;
1516 ifs = ifunit(req->ifbr_ifsname);
1520 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1521 if (ifs == bif->bif_ifp)
1524 if (ifs->if_bridge != NULL)
1527 switch (ifs->if_type) {
1536 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1541 bif->bif_flags = IFBIF_SPAN;
1543 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1549 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1551 struct ifbreq *req = arg;
1552 struct bridge_iflist *bif;
1555 ifs = ifunit(req->ifbr_ifsname);
1559 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1560 if (ifs == bif->bif_ifp)
1566 bridge_delete_span(sc, bif);
1572 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
1574 struct ifbropreq *req = arg;
1575 struct bstp_state *bs = &sc->sc_stp;
1576 struct bstp_port *root_port;
1578 req->ifbop_maxage = bs->bs_bridge_max_age >> 8;
1579 req->ifbop_hellotime = bs->bs_bridge_htime >> 8;
1580 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8;
1582 root_port = bs->bs_root_port;
1583 if (root_port == NULL)
1584 req->ifbop_root_port = 0;
1586 req->ifbop_root_port = root_port->bp_ifp->if_index;
1588 req->ifbop_holdcount = bs->bs_txholdcount;
1589 req->ifbop_priority = bs->bs_bridge_priority;
1590 req->ifbop_protocol = bs->bs_protover;
1591 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost;
1592 req->ifbop_bridgeid = bs->bs_bridge_pv.pv_dbridge_id;
1593 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id;
1594 req->ifbop_designated_bridge = bs->bs_root_pv.pv_dbridge_id;
1595 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec;
1596 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec;
1602 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
1604 struct ifbrparam *param = arg;
1606 param->ifbrp_cexceeded = sc->sc_brtexceeded;
1611 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
1613 struct ifbpstpconf *bifstp = arg;
1614 struct bridge_iflist *bif;
1615 struct bstp_port *bp;
1616 struct ifbpstpreq bpreq;
1618 int count, buflen, len, error = 0;
1621 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1622 if ((bif->bif_flags & IFBIF_STP) != 0)
1626 buflen = sizeof(bpreq) * count;
1627 if (bifstp->ifbpstp_len == 0) {
1628 bifstp->ifbpstp_len = buflen;
1633 outbuf = malloc(buflen, M_TEMP, M_WAITOK | M_ZERO);
1638 len = min(bifstp->ifbpstp_len, buflen);
1639 bzero(&bpreq, sizeof(bpreq));
1640 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1641 if (len < sizeof(bpreq))
1644 if ((bif->bif_flags & IFBIF_STP) == 0)
1648 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff;
1649 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions;
1650 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost;
1651 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id;
1652 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id;
1653 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id;
1655 memcpy(buf, &bpreq, sizeof(bpreq));
1657 buf += sizeof(bpreq);
1658 len -= sizeof(bpreq);
1662 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1663 error = copyout(outbuf, bifstp->ifbpstp_req, bifstp->ifbpstp_len);
1665 free(outbuf, M_TEMP);
1670 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg)
1672 struct ifbrparam *param = arg;
1674 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto));
1678 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg)
1680 struct ifbrparam *param = arg;
1682 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc));
1688 * Detach an interface from a bridge. Called when a member
1689 * interface is detaching.
1692 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
1694 struct bridge_softc *sc = ifp->if_bridge;
1695 struct bridge_iflist *bif;
1697 /* Check if the interface is a bridge member */
1701 bif = bridge_lookup_member_if(sc, ifp);
1703 bridge_delete_member(sc, bif, 1);
1709 /* Check if the interface is a span port */
1710 mtx_lock(&bridge_list_mtx);
1711 LIST_FOREACH(sc, &bridge_list, sc_list) {
1713 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1714 if (ifp == bif->bif_ifp) {
1715 bridge_delete_span(sc, bif);
1721 mtx_unlock(&bridge_list_mtx);
1727 * Initialize a bridge interface.
1730 bridge_init(void *xsc)
1732 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1733 struct ifnet *ifp = sc->sc_ifp;
1735 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1739 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1742 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1743 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
1751 * Stop the bridge interface.
1754 bridge_stop(struct ifnet *ifp, int disable)
1756 struct bridge_softc *sc = ifp->if_softc;
1758 BRIDGE_LOCK_ASSERT(sc);
1760 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1763 callout_stop(&sc->sc_brcallout);
1764 bstp_stop(&sc->sc_stp);
1766 bridge_rtflush(sc, IFBF_FLUSHDYN);
1768 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1774 * Enqueue a packet on a bridge member interface.
1778 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1784 len = m->m_pkthdr.len;
1785 mflags = m->m_flags;
1787 /* We may be sending a fragment so traverse the mbuf */
1790 m->m_nextpkt = NULL;
1793 * If underlying interface can not do VLAN tag insertion itself
1794 * then attach a packet tag that holds it.
1796 if ((m->m_flags & M_VLANTAG) &&
1797 (dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
1798 m = ether_vlanencap(m, m->m_pkthdr.ether_vtag);
1801 "unable to prepend VLAN header\n");
1802 dst_ifp->if_oerrors++;
1805 m->m_flags &= ~M_VLANTAG;
1809 dst_ifp->if_transmit(dst_ifp, m);
1813 sc->sc_ifp->if_opackets++;
1814 sc->sc_ifp->if_obytes += len;
1815 if (mflags & M_MCAST)
1816 sc->sc_ifp->if_omcasts++;
1823 * Receive a queued packet from dummynet and pass it on to the output
1826 * The mbuf has the Ethernet header already attached.
1829 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
1831 struct bridge_softc *sc;
1833 sc = ifp->if_bridge;
1836 * The packet didnt originate from a member interface. This should only
1837 * ever happen if a member interface is removed while packets are
1845 if (PFIL_HOOKED(&V_inet_pfil_hook)
1847 || PFIL_HOOKED(&V_inet6_pfil_hook)
1850 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
1856 bridge_enqueue(sc, ifp, m);
1862 * Send output from a bridge member interface. This
1863 * performs the bridging function for locally originated
1866 * The mbuf has the Ethernet header already attached. We must
1867 * enqueue or free the mbuf before returning.
1870 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
1873 struct ether_header *eh;
1874 struct ifnet *dst_if;
1875 struct bridge_softc *sc;
1878 if (m->m_len < ETHER_HDR_LEN) {
1879 m = m_pullup(m, ETHER_HDR_LEN);
1884 eh = mtod(m, struct ether_header *);
1885 sc = ifp->if_bridge;
1886 vlan = VLANTAGOF(m);
1891 * If bridge is down, but the original output interface is up,
1892 * go ahead and send out that interface. Otherwise, the packet
1895 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1901 * If the packet is a multicast, or we don't know a better way to
1902 * get there, send to all interfaces.
1904 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1907 dst_if = bridge_rtlookup(sc, eh->ether_dhost, vlan);
1908 if (dst_if == NULL) {
1909 struct bridge_iflist *bif;
1911 int error = 0, used = 0;
1915 BRIDGE_LOCK2REF(sc, error);
1921 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1922 dst_if = bif->bif_ifp;
1924 if (dst_if->if_type == IFT_GIF)
1926 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
1930 * If this is not the original output interface,
1931 * and the interface is participating in spanning
1932 * tree, make sure the port is in a state that
1933 * allows forwarding.
1935 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) &&
1936 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
1939 if (LIST_NEXT(bif, bif_next) == NULL) {
1943 mc = m_copypacket(m, M_DONTWAIT);
1945 sc->sc_ifp->if_oerrors++;
1950 bridge_enqueue(sc, dst_if, mc);
1960 * XXX Spanning tree consideration here?
1964 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1971 bridge_enqueue(sc, dst_if, m);
1978 * Start output on a bridge.
1982 bridge_start(struct ifnet *ifp)
1984 struct bridge_softc *sc;
1986 struct ether_header *eh;
1987 struct ifnet *dst_if;
1991 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
1993 IFQ_DEQUEUE(&ifp->if_snd, m);
1996 ETHER_BPF_MTAP(ifp, m);
1998 eh = mtod(m, struct ether_header *);
2002 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
2003 dst_if = bridge_rtlookup(sc, eh->ether_dhost, 1);
2007 bridge_broadcast(sc, ifp, m, 0);
2010 bridge_enqueue(sc, dst_if, m);
2013 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2019 * The forwarding function of the bridge.
2021 * NOTE: Releases the lock on return.
2024 bridge_forward(struct bridge_softc *sc, struct bridge_iflist *sbif,
2027 struct bridge_iflist *dbif;
2028 struct ifnet *src_if, *dst_if, *ifp;
2029 struct ether_header *eh;
2034 src_if = m->m_pkthdr.rcvif;
2038 ifp->if_ibytes += m->m_pkthdr.len;
2039 vlan = VLANTAGOF(m);
2041 if ((sbif->bif_flags & IFBIF_STP) &&
2042 sbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2045 eh = mtod(m, struct ether_header *);
2046 dst = eh->ether_dhost;
2048 /* If the interface is learning, record the address. */
2049 if (sbif->bif_flags & IFBIF_LEARNING) {
2050 error = bridge_rtupdate(sc, eh->ether_shost, vlan,
2051 sbif, 0, IFBAF_DYNAMIC);
2053 * If the interface has addresses limits then deny any source
2054 * that is not in the cache.
2056 if (error && sbif->bif_addrmax)
2060 if ((sbif->bif_flags & IFBIF_STP) != 0 &&
2061 sbif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING)
2065 * At this point, the port either doesn't participate
2066 * in spanning tree or it is in the forwarding state.
2070 * If the packet is unicast, destined for someone on
2071 * "this" side of the bridge, drop it.
2073 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
2074 dst_if = bridge_rtlookup(sc, dst, vlan);
2075 if (src_if == dst_if)
2079 * Check if its a reserved multicast address, any address
2080 * listed in 802.1D section 7.12.6 may not be forwarded by the
2082 * This is currently 01-80-C2-00-00-00 to 01-80-C2-00-00-0F
2084 if (dst[0] == 0x01 && dst[1] == 0x80 &&
2085 dst[2] == 0xc2 && dst[3] == 0x00 &&
2086 dst[4] == 0x00 && dst[5] <= 0x0f)
2089 /* ...forward it to all interfaces. */
2095 * If we have a destination interface which is a member of our bridge,
2096 * OR this is a unicast packet, push it through the bpf(4) machinery.
2097 * For broadcast or multicast packets, don't bother because it will
2098 * be reinjected into ether_input. We do this before we pass the packets
2099 * through the pfil(9) framework, as it is possible that pfil(9) will
2100 * drop the packet, or possibly modify it, making it difficult to debug
2101 * firewall issues on the bridge.
2103 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
2104 ETHER_BPF_MTAP(ifp, m);
2106 /* run the packet filter */
2107 if (PFIL_HOOKED(&V_inet_pfil_hook)
2109 || PFIL_HOOKED(&V_inet6_pfil_hook)
2113 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
2120 if (dst_if == NULL) {
2121 bridge_broadcast(sc, src_if, m, 1);
2126 * At this point, we're dealing with a unicast frame
2127 * going to a different interface.
2129 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2132 dbif = bridge_lookup_member_if(sc, dst_if);
2134 /* Not a member of the bridge (anymore?) */
2137 /* Private segments can not talk to each other */
2138 if (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE)
2141 if ((dbif->bif_flags & IFBIF_STP) &&
2142 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2147 if (PFIL_HOOKED(&V_inet_pfil_hook)
2149 || PFIL_HOOKED(&V_inet6_pfil_hook)
2152 if (bridge_pfil(&m, ifp, dst_if, PFIL_OUT) != 0)
2158 bridge_enqueue(sc, dst_if, m);
2169 * Receive input from a member interface. Queue the packet for
2170 * bridging if it is not for us.
2172 static struct mbuf *
2173 bridge_input(struct ifnet *ifp, struct mbuf *m)
2175 struct bridge_softc *sc = ifp->if_bridge;
2176 struct bridge_iflist *bif, *bif2;
2178 struct ether_header *eh;
2179 struct mbuf *mc, *mc2;
2183 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2187 vlan = VLANTAGOF(m);
2190 * Implement support for bridge monitoring. If this flag has been
2191 * set on this interface, discard the packet once we push it through
2192 * the bpf(4) machinery, but before we do, increment the byte and
2193 * packet counters associated with this interface.
2195 if ((bifp->if_flags & IFF_MONITOR) != 0) {
2196 m->m_pkthdr.rcvif = bifp;
2197 ETHER_BPF_MTAP(bifp, m);
2198 bifp->if_ipackets++;
2199 bifp->if_ibytes += m->m_pkthdr.len;
2204 bif = bridge_lookup_member_if(sc, ifp);
2210 eh = mtod(m, struct ether_header *);
2214 if (m->m_flags & (M_BCAST|M_MCAST)) {
2215 /* Tap off 802.1D packets; they do not get forwarded. */
2216 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2217 ETHER_ADDR_LEN) == 0) {
2218 m = bstp_input(&bif->bif_stp, ifp, m);
2225 if ((bif->bif_flags & IFBIF_STP) &&
2226 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2232 * Make a deep copy of the packet and enqueue the copy
2233 * for bridge processing; return the original packet for
2236 mc = m_dup(m, M_DONTWAIT);
2242 /* Perform the bridge forwarding function with the copy. */
2243 bridge_forward(sc, bif, mc);
2246 * Reinject the mbuf as arriving on the bridge so we have a
2247 * chance at claiming multicast packets. We can not loop back
2248 * here from ether_input as a bridge is never a member of a
2251 KASSERT(bifp->if_bridge == NULL,
2252 ("loop created in bridge_input"));
2253 mc2 = m_dup(m, M_DONTWAIT);
2255 /* Keep the layer3 header aligned */
2256 int i = min(mc2->m_pkthdr.len, max_protohdr);
2257 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2260 mc2->m_pkthdr.rcvif = bifp;
2261 (*bifp->if_input)(bifp, mc2);
2264 /* Return the original packet for local processing. */
2268 if ((bif->bif_flags & IFBIF_STP) &&
2269 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2274 #if (defined(INET) || defined(INET6))
2275 # define OR_CARP_CHECK_WE_ARE_DST(iface) \
2276 || ((iface)->if_carp \
2277 && (*carp_forus_p)((iface), eh->ether_dhost))
2278 # define OR_CARP_CHECK_WE_ARE_SRC(iface) \
2279 || ((iface)->if_carp \
2280 && (*carp_forus_p)((iface), eh->ether_shost))
2282 # define OR_CARP_CHECK_WE_ARE_DST(iface)
2283 # define OR_CARP_CHECK_WE_ARE_SRC(iface)
2287 # define OR_PFIL_HOOKED_INET6 \
2288 || PFIL_HOOKED(&V_inet6_pfil_hook)
2290 # define OR_PFIL_HOOKED_INET6
2293 #define GRAB_OUR_PACKETS(iface) \
2294 if ((iface)->if_type == IFT_GIF) \
2296 /* It is destined for us. */ \
2297 if (memcmp(IF_LLADDR((iface)), eh->ether_dhost, ETHER_ADDR_LEN) == 0 \
2298 OR_CARP_CHECK_WE_ARE_DST((iface)) \
2300 if ((iface)->if_type == IFT_BRIDGE) { \
2301 ETHER_BPF_MTAP(iface, m); \
2302 iface->if_ipackets++; \
2303 /* Filter on the physical interface. */ \
2304 if (pfil_local_phys && \
2305 (PFIL_HOOKED(&V_inet_pfil_hook) \
2306 OR_PFIL_HOOKED_INET6)) { \
2307 if (bridge_pfil(&m, NULL, ifp, \
2308 PFIL_IN) != 0 || m == NULL) { \
2309 BRIDGE_UNLOCK(sc); \
2314 if (bif->bif_flags & IFBIF_LEARNING) { \
2315 error = bridge_rtupdate(sc, eh->ether_shost, \
2316 vlan, bif, 0, IFBAF_DYNAMIC); \
2317 if (error && bif->bif_addrmax) { \
2318 BRIDGE_UNLOCK(sc); \
2323 m->m_pkthdr.rcvif = iface; \
2324 BRIDGE_UNLOCK(sc); \
2328 /* We just received a packet that we sent out. */ \
2329 if (memcmp(IF_LLADDR((iface)), eh->ether_shost, ETHER_ADDR_LEN) == 0 \
2330 OR_CARP_CHECK_WE_ARE_SRC((iface)) \
2332 BRIDGE_UNLOCK(sc); \
2338 * Unicast. Make sure it's not for the bridge.
2340 do { GRAB_OUR_PACKETS(bifp) } while (0);
2343 * Give a chance for ifp at first priority. This will help when the
2344 * packet comes through the interface like VLAN's with the same MACs
2345 * on several interfaces from the same bridge. This also will save
2346 * some CPU cycles in case the destination interface and the input
2347 * interface (eq ifp) are the same.
2349 do { GRAB_OUR_PACKETS(ifp) } while (0);
2351 /* Now check the all bridge members. */
2352 LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) {
2353 GRAB_OUR_PACKETS(bif2->bif_ifp)
2356 #undef OR_CARP_CHECK_WE_ARE_DST
2357 #undef OR_CARP_CHECK_WE_ARE_SRC
2358 #undef OR_PFIL_HOOKED_INET6
2359 #undef GRAB_OUR_PACKETS
2361 /* Perform the bridge forwarding function. */
2362 bridge_forward(sc, bif, m);
2370 * Send a frame to all interfaces that are members of
2371 * the bridge, except for the one on which the packet
2374 * NOTE: Releases the lock on return.
2377 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2378 struct mbuf *m, int runfilt)
2380 struct bridge_iflist *dbif, *sbif;
2382 struct ifnet *dst_if;
2383 int error = 0, used = 0, i;
2385 sbif = bridge_lookup_member_if(sc, src_if);
2387 BRIDGE_LOCK2REF(sc, error);
2393 /* Filter on the bridge interface before broadcasting */
2394 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook)
2396 || PFIL_HOOKED(&V_inet6_pfil_hook)
2399 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2405 LIST_FOREACH(dbif, &sc->sc_iflist, bif_next) {
2406 dst_if = dbif->bif_ifp;
2407 if (dst_if == src_if)
2410 /* Private segments can not talk to each other */
2411 if (sbif && (sbif->bif_flags & dbif->bif_flags & IFBIF_PRIVATE))
2414 if ((dbif->bif_flags & IFBIF_STP) &&
2415 dbif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2418 if ((dbif->bif_flags & IFBIF_DISCOVER) == 0 &&
2419 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2422 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2425 if (LIST_NEXT(dbif, bif_next) == NULL) {
2429 mc = m_dup(m, M_DONTWAIT);
2431 sc->sc_ifp->if_oerrors++;
2437 * Filter on the output interface. Pass a NULL bridge interface
2438 * pointer so we do not redundantly filter on the bridge for
2439 * each interface we broadcast on.
2441 if (runfilt && (PFIL_HOOKED(&V_inet_pfil_hook)
2443 || PFIL_HOOKED(&V_inet6_pfil_hook)
2447 /* Keep the layer3 header aligned */
2448 i = min(mc->m_pkthdr.len, max_protohdr);
2449 mc = m_copyup(mc, i, ETHER_ALIGN);
2451 sc->sc_ifp->if_oerrors++;
2455 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2461 bridge_enqueue(sc, dst_if, mc);
2473 * Duplicate a packet out one or more interfaces that are in span mode,
2474 * the original mbuf is unmodified.
2477 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2479 struct bridge_iflist *bif;
2480 struct ifnet *dst_if;
2483 if (LIST_EMPTY(&sc->sc_spanlist))
2486 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2487 dst_if = bif->bif_ifp;
2489 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2492 mc = m_copypacket(m, M_DONTWAIT);
2494 sc->sc_ifp->if_oerrors++;
2498 bridge_enqueue(sc, dst_if, mc);
2505 * Add a bridge routing entry.
2508 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan,
2509 struct bridge_iflist *bif, int setflags, uint8_t flags)
2511 struct bridge_rtnode *brt;
2514 BRIDGE_LOCK_ASSERT(sc);
2516 /* Check the source address is valid and not multicast. */
2517 if (ETHER_IS_MULTICAST(dst) ||
2518 (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
2519 dst[3] == 0 && dst[4] == 0 && dst[5] == 0) != 0)
2522 /* 802.1p frames map to vlan 1 */
2527 * A route for this destination might already exist. If so,
2528 * update it, otherwise create a new one.
2530 if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) == NULL) {
2531 if (sc->sc_brtcnt >= sc->sc_brtmax) {
2532 sc->sc_brtexceeded++;
2535 /* Check per interface address limits (if enabled) */
2536 if (bif->bif_addrmax && bif->bif_addrcnt >= bif->bif_addrmax) {
2537 bif->bif_addrexceeded++;
2542 * Allocate a new bridge forwarding node, and
2543 * initialize the expiration time and Ethernet
2546 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO);
2550 if (bif->bif_flags & IFBIF_STICKY)
2551 brt->brt_flags = IFBAF_STICKY;
2553 brt->brt_flags = IFBAF_DYNAMIC;
2555 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
2556 brt->brt_vlan = vlan;
2558 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
2559 uma_zfree(bridge_rtnode_zone, brt);
2566 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
2567 brt->brt_dst != bif) {
2568 brt->brt_dst->bif_addrcnt--;
2570 brt->brt_dst->bif_addrcnt++;
2573 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2574 brt->brt_expire = time_uptime + sc->sc_brttimeout;
2576 brt->brt_flags = flags;
2584 * Lookup the destination interface for an address.
2586 static struct ifnet *
2587 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan)
2589 struct bridge_rtnode *brt;
2591 BRIDGE_LOCK_ASSERT(sc);
2593 if ((brt = bridge_rtnode_lookup(sc, addr, vlan)) == NULL)
2596 return (brt->brt_ifp);
2602 * Trim the routine table so that we have a number
2603 * of routing entries less than or equal to the
2607 bridge_rttrim(struct bridge_softc *sc)
2609 struct bridge_rtnode *brt, *nbrt;
2611 BRIDGE_LOCK_ASSERT(sc);
2613 /* Make sure we actually need to do this. */
2614 if (sc->sc_brtcnt <= sc->sc_brtmax)
2617 /* Force an aging cycle; this might trim enough addresses. */
2619 if (sc->sc_brtcnt <= sc->sc_brtmax)
2622 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2623 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2624 bridge_rtnode_destroy(sc, brt);
2625 if (sc->sc_brtcnt <= sc->sc_brtmax)
2634 * Aging timer for the bridge.
2637 bridge_timer(void *arg)
2639 struct bridge_softc *sc = arg;
2641 BRIDGE_LOCK_ASSERT(sc);
2645 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
2646 callout_reset(&sc->sc_brcallout,
2647 bridge_rtable_prune_period * hz, bridge_timer, sc);
2653 * Perform an aging cycle.
2656 bridge_rtage(struct bridge_softc *sc)
2658 struct bridge_rtnode *brt, *nbrt;
2660 BRIDGE_LOCK_ASSERT(sc);
2662 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2663 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2664 if (time_uptime >= brt->brt_expire)
2665 bridge_rtnode_destroy(sc, brt);
2673 * Remove all dynamic addresses from the bridge.
2676 bridge_rtflush(struct bridge_softc *sc, int full)
2678 struct bridge_rtnode *brt, *nbrt;
2680 BRIDGE_LOCK_ASSERT(sc);
2682 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2683 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2684 bridge_rtnode_destroy(sc, brt);
2691 * Remove an address from the table.
2694 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan)
2696 struct bridge_rtnode *brt;
2699 BRIDGE_LOCK_ASSERT(sc);
2702 * If vlan is zero then we want to delete for all vlans so the lookup
2703 * may return more than one.
2705 while ((brt = bridge_rtnode_lookup(sc, addr, vlan)) != NULL) {
2706 bridge_rtnode_destroy(sc, brt);
2710 return (found ? 0 : ENOENT);
2716 * Delete routes to a speicifc member interface.
2719 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
2721 struct bridge_rtnode *brt, *nbrt;
2723 BRIDGE_LOCK_ASSERT(sc);
2725 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2726 if (brt->brt_ifp == ifp && (full ||
2727 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
2728 bridge_rtnode_destroy(sc, brt);
2733 * bridge_rtable_init:
2735 * Initialize the route table for this bridge.
2738 bridge_rtable_init(struct bridge_softc *sc)
2742 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
2743 M_DEVBUF, M_NOWAIT);
2744 if (sc->sc_rthash == NULL)
2747 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
2748 LIST_INIT(&sc->sc_rthash[i]);
2750 sc->sc_rthash_key = arc4random();
2752 LIST_INIT(&sc->sc_rtlist);
2758 * bridge_rtable_fini:
2760 * Deconstruct the route table for this bridge.
2763 bridge_rtable_fini(struct bridge_softc *sc)
2766 KASSERT(sc->sc_brtcnt == 0,
2767 ("%s: %d bridge routes referenced", __func__, sc->sc_brtcnt));
2768 free(sc->sc_rthash, M_DEVBUF);
2772 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
2773 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
2775 #define mix(a, b, c) \
2777 a -= b; a -= c; a ^= (c >> 13); \
2778 b -= c; b -= a; b ^= (a << 8); \
2779 c -= a; c -= b; c ^= (b >> 13); \
2780 a -= b; a -= c; a ^= (c >> 12); \
2781 b -= c; b -= a; b ^= (a << 16); \
2782 c -= a; c -= b; c ^= (b >> 5); \
2783 a -= b; a -= c; a ^= (c >> 3); \
2784 b -= c; b -= a; b ^= (a << 10); \
2785 c -= a; c -= b; c ^= (b >> 15); \
2786 } while (/*CONSTCOND*/0)
2788 static __inline uint32_t
2789 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
2791 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2802 return (c & BRIDGE_RTHASH_MASK);
2808 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
2812 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
2813 d = ((int)a[i]) - ((int)b[i]);
2820 * bridge_rtnode_lookup:
2822 * Look up a bridge route node for the specified destination. Compare the
2823 * vlan id or if zero then just return the first match.
2825 static struct bridge_rtnode *
2826 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr, uint16_t vlan)
2828 struct bridge_rtnode *brt;
2832 BRIDGE_LOCK_ASSERT(sc);
2834 hash = bridge_rthash(sc, addr);
2835 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2836 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
2837 if (dir == 0 && (brt->brt_vlan == vlan || vlan == 0))
2847 * bridge_rtnode_insert:
2849 * Insert the specified bridge node into the route table. We
2850 * assume the entry is not already in the table.
2853 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2855 struct bridge_rtnode *lbrt;
2859 BRIDGE_LOCK_ASSERT(sc);
2861 hash = bridge_rthash(sc, brt->brt_addr);
2863 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2865 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2870 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
2871 if (dir == 0 && brt->brt_vlan == lbrt->brt_vlan)
2874 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2877 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2878 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2881 lbrt = LIST_NEXT(lbrt, brt_hash);
2882 } while (lbrt != NULL);
2885 panic("bridge_rtnode_insert: impossible");
2889 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2896 * bridge_rtnode_destroy:
2898 * Destroy a bridge rtnode.
2901 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2903 BRIDGE_LOCK_ASSERT(sc);
2905 LIST_REMOVE(brt, brt_hash);
2907 LIST_REMOVE(brt, brt_list);
2909 brt->brt_dst->bif_addrcnt--;
2910 uma_zfree(bridge_rtnode_zone, brt);
2914 * bridge_rtable_expire:
2916 * Set the expiry time for all routes on an interface.
2919 bridge_rtable_expire(struct ifnet *ifp, int age)
2921 struct bridge_softc *sc = ifp->if_bridge;
2922 struct bridge_rtnode *brt;
2927 * If the age is zero then flush, otherwise set all the expiry times to
2928 * age for the interface
2931 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
2933 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
2934 /* Cap the expiry time to 'age' */
2935 if (brt->brt_ifp == ifp &&
2936 brt->brt_expire > time_uptime + age &&
2937 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2938 brt->brt_expire = time_uptime + age;
2945 * bridge_state_change:
2947 * Callback from the bridgestp code when a port changes states.
2950 bridge_state_change(struct ifnet *ifp, int state)
2952 struct bridge_softc *sc = ifp->if_bridge;
2953 static const char *stpstates[] = {
2963 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
2964 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
2968 * Send bridge packets through pfil if they are one of the types pfil can deal
2969 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2970 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2974 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2976 int snap, error, i, hlen;
2977 struct ether_header *eh1, eh2;
2978 struct ip_fw_args args;
2981 u_int16_t ether_type;
2984 error = -1; /* Default error if not error == 0 */
2987 /* we may return with the IP fields swapped, ensure its not shared */
2988 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
2991 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0)
2992 return (0); /* filtering is disabled */
2994 i = min((*mp)->m_pkthdr.len, max_protohdr);
2995 if ((*mp)->m_len < i) {
2996 *mp = m_pullup(*mp, i);
2998 printf("%s: m_pullup failed\n", __func__);
3003 eh1 = mtod(*mp, struct ether_header *);
3004 ether_type = ntohs(eh1->ether_type);
3007 * Check for SNAP/LLC.
3009 if (ether_type < ETHERMTU) {
3010 struct llc *llc2 = (struct llc *)(eh1 + 1);
3012 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
3013 llc2->llc_dsap == LLC_SNAP_LSAP &&
3014 llc2->llc_ssap == LLC_SNAP_LSAP &&
3015 llc2->llc_control == LLC_UI) {
3016 ether_type = htons(llc2->llc_un.type_snap.ether_type);
3022 * If we're trying to filter bridge traffic, don't look at anything
3023 * other than IP and ARP traffic. If the filter doesn't understand
3024 * IPv6, don't allow IPv6 through the bridge either. This is lame
3025 * since if we really wanted, say, an AppleTalk filter, we are hosed,
3026 * but of course we don't have an AppleTalk filter to begin with.
3027 * (Note that since pfil doesn't understand ARP it will pass *ALL*
3030 switch (ether_type) {
3032 case ETHERTYPE_REVARP:
3033 if (pfil_ipfw_arp == 0)
3034 return (0); /* Automatically pass */
3039 case ETHERTYPE_IPV6:
3044 * Check to see if the user wants to pass non-ip
3045 * packets, these will not be checked by pfil(9) and
3046 * passed unconditionally so the default is to drop.
3052 /* Strip off the Ethernet header and keep a copy. */
3053 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
3054 m_adj(*mp, ETHER_HDR_LEN);
3056 /* Strip off snap header, if present */
3058 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
3059 m_adj(*mp, sizeof(struct llc));
3063 * Check the IP header for alignment and errors
3065 if (dir == PFIL_IN) {
3066 switch (ether_type) {
3068 error = bridge_ip_checkbasic(mp);
3071 case ETHERTYPE_IPV6:
3072 error = bridge_ip6_checkbasic(mp);
3082 /* XXX this section is also in if_ethersubr.c */
3083 // XXX PFIL_OUT or DIR_OUT ?
3084 if (V_ip_fw_chk_ptr && pfil_ipfw != 0 &&
3085 dir == PFIL_OUT && ifp != NULL) {
3089 /* fetch the start point from existing tags, if any */
3090 mtag = m_tag_locate(*mp, MTAG_IPFW_RULE, 0, NULL);
3094 struct ipfw_rule_ref *r;
3096 /* XXX can we free the tag after use ? */
3097 mtag->m_tag_id = PACKET_TAG_NONE;
3098 r = (struct ipfw_rule_ref *)(mtag + 1);
3099 /* packet already partially processed ? */
3100 if (r->info & IPFW_ONEPASS)
3107 args.next_hop = NULL;
3108 args.next_hop6 = NULL;
3110 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
3111 i = V_ip_fw_chk_ptr(&args);
3117 if (ip_dn_io_ptr && (i == IP_FW_DUMMYNET)) {
3119 /* put the Ethernet header back on */
3120 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
3123 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
3126 * Pass the pkt to dummynet, which consumes it. The
3127 * packet will return to us via bridge_dummynet().
3130 ip_dn_io_ptr(mp, DIR_FWD | PROTO_IFB, &args);
3134 if (i != IP_FW_PASS) /* drop */
3142 * Run the packet through pfil
3144 switch (ether_type) {
3147 * before calling the firewall, swap fields the same as
3148 * IP does. here we assume the header is contiguous
3150 ip = mtod(*mp, struct ip *);
3152 ip->ip_len = ntohs(ip->ip_len);
3153 ip->ip_off = ntohs(ip->ip_off);
3156 * Run pfil on the member interface and the bridge, both can
3157 * be skipped by clearing pfil_member or pfil_bridge.
3160 * in_if -> bridge_if -> out_if
3162 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
3163 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp,
3166 if (*mp == NULL || error != 0) /* filter may consume */
3169 if (pfil_member && ifp != NULL)
3170 error = pfil_run_hooks(&V_inet_pfil_hook, mp, ifp,
3173 if (*mp == NULL || error != 0) /* filter may consume */
3176 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
3177 error = pfil_run_hooks(&V_inet_pfil_hook, mp, bifp,
3180 if (*mp == NULL || error != 0) /* filter may consume */
3183 /* check if we need to fragment the packet */
3184 if (pfil_member && ifp != NULL && dir == PFIL_OUT) {
3185 i = (*mp)->m_pkthdr.len;
3186 if (i > ifp->if_mtu) {
3187 error = bridge_fragment(ifp, *mp, &eh2, snap,
3193 /* Recalculate the ip checksum and restore byte ordering */
3194 ip = mtod(*mp, struct ip *);
3195 hlen = ip->ip_hl << 2;
3196 if (hlen < sizeof(struct ip))
3198 if (hlen > (*mp)->m_len) {
3199 if ((*mp = m_pullup(*mp, hlen)) == 0)
3201 ip = mtod(*mp, struct ip *);
3205 ip->ip_len = htons(ip->ip_len);
3206 ip->ip_off = htons(ip->ip_off);
3208 if (hlen == sizeof(struct ip))
3209 ip->ip_sum = in_cksum_hdr(ip);
3211 ip->ip_sum = in_cksum(*mp, hlen);
3215 case ETHERTYPE_IPV6:
3216 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
3217 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp,
3220 if (*mp == NULL || error != 0) /* filter may consume */
3223 if (pfil_member && ifp != NULL)
3224 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, ifp,
3227 if (*mp == NULL || error != 0) /* filter may consume */
3230 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
3231 error = pfil_run_hooks(&V_inet6_pfil_hook, mp, bifp,
3248 * Finally, put everything back the way it was and return
3251 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT);
3254 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
3257 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
3260 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
3271 * Perform basic checks on header size since
3272 * pfil assumes ip_input has already processed
3273 * it for it. Cut-and-pasted from ip_input.c.
3274 * Given how simple the IPv6 version is,
3275 * does the IPv4 version really need to be
3278 * XXX Should we update ipstat here, or not?
3279 * XXX Right now we update ipstat but not
3283 bridge_ip_checkbasic(struct mbuf **mp)
3285 struct mbuf *m = *mp;
3293 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3294 if ((m = m_copyup(m, sizeof(struct ip),
3295 (max_linkhdr + 3) & ~3)) == NULL) {
3296 /* XXXJRT new stat, please */
3297 KMOD_IPSTAT_INC(ips_toosmall);
3300 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
3301 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
3302 KMOD_IPSTAT_INC(ips_toosmall);
3306 ip = mtod(m, struct ip *);
3307 if (ip == NULL) goto bad;
3309 if (ip->ip_v != IPVERSION) {
3310 KMOD_IPSTAT_INC(ips_badvers);
3313 hlen = ip->ip_hl << 2;
3314 if (hlen < sizeof(struct ip)) { /* minimum header length */
3315 KMOD_IPSTAT_INC(ips_badhlen);
3318 if (hlen > m->m_len) {
3319 if ((m = m_pullup(m, hlen)) == 0) {
3320 KMOD_IPSTAT_INC(ips_badhlen);
3323 ip = mtod(m, struct ip *);
3324 if (ip == NULL) goto bad;
3327 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
3328 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
3330 if (hlen == sizeof(struct ip)) {
3331 sum = in_cksum_hdr(ip);
3333 sum = in_cksum(m, hlen);
3337 KMOD_IPSTAT_INC(ips_badsum);
3341 /* Retrieve the packet length. */
3342 len = ntohs(ip->ip_len);
3345 * Check for additional length bogosity
3348 KMOD_IPSTAT_INC(ips_badlen);
3353 * Check that the amount of data in the buffers
3354 * is as at least much as the IP header would have us expect.
3355 * Drop packet if shorter than we expect.
3357 if (m->m_pkthdr.len < len) {
3358 KMOD_IPSTAT_INC(ips_tooshort);
3362 /* Checks out, proceed */
3373 * Same as above, but for IPv6.
3374 * Cut-and-pasted from ip6_input.c.
3375 * XXX Should we update ip6stat, or not?
3378 bridge_ip6_checkbasic(struct mbuf **mp)
3380 struct mbuf *m = *mp;
3381 struct ip6_hdr *ip6;
3384 * If the IPv6 header is not aligned, slurp it up into a new
3385 * mbuf with space for link headers, in the event we forward
3386 * it. Otherwise, if it is aligned, make sure the entire base
3387 * IPv6 header is in the first mbuf of the chain.
3389 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3390 struct ifnet *inifp = m->m_pkthdr.rcvif;
3391 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
3392 (max_linkhdr + 3) & ~3)) == NULL) {
3393 /* XXXJRT new stat, please */
3394 V_ip6stat.ip6s_toosmall++;
3395 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3398 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
3399 struct ifnet *inifp = m->m_pkthdr.rcvif;
3400 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
3401 V_ip6stat.ip6s_toosmall++;
3402 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3407 ip6 = mtod(m, struct ip6_hdr *);
3409 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
3410 V_ip6stat.ip6s_badvers++;
3411 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
3415 /* Checks out, proceed */
3428 * Return a fragmented mbuf chain.
3431 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh,
3432 int snap, struct llc *llc)
3438 if (m->m_len < sizeof(struct ip) &&
3439 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3441 ip = mtod(m, struct ip *);
3443 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist,
3448 /* walk the chain and re-add the Ethernet header */
3449 for (m0 = m; m0; m0 = m0->m_nextpkt) {
3452 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT);
3457 bcopy(llc, mtod(m0, caddr_t),
3458 sizeof(struct llc));
3460 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT);
3465 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN);
3471 KMOD_IPSTAT_INC(ips_fragmented);
projects / FreeBSD / FreeBSD.git / blob