1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
4 * Copyright 2001 Wasabi Systems, Inc.
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
40 * All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. All advertising materials mentioning features or use of this software
51 * must display the following acknowledgement:
52 * This product includes software developed by Jason L. Wright
53 * 4. The name of the author may not be used to endorse or promote products
54 * derived from this software without specific prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66 * POSSIBILITY OF SUCH DAMAGE.
68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
72 * Network interface bridge support.
76 * - Currently only supports Ethernet-like interfaces (Ethernet,
77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
78 * to bridge other types of interfaces (FDDI-FDDI, and maybe
79 * consider heterogenous bridges).
82 #include <sys/cdefs.h>
83 __FBSDID("$FreeBSD$");
86 #include "opt_inet6.h"
89 #include <sys/param.h>
91 #include <sys/malloc.h>
92 #include <sys/protosw.h>
93 #include <sys/systm.h>
95 #include <sys/socket.h> /* for net/if.h */
96 #include <sys/sockio.h>
97 #include <sys/ctype.h> /* string functions */
98 #include <sys/kernel.h>
99 #include <sys/random.h>
100 #include <sys/syslog.h>
101 #include <sys/sysctl.h>
103 #include <sys/module.h>
104 #include <sys/proc.h>
105 #include <sys/lock.h>
106 #include <sys/mutex.h>
110 #include <net/if_clone.h>
111 #include <net/if_dl.h>
112 #include <net/if_types.h>
113 #include <net/if_var.h>
114 #include <net/pfil.h>
116 #include <netinet/in.h> /* for struct arpcom */
117 #include <netinet/in_systm.h>
118 #include <netinet/in_var.h>
119 #include <netinet/ip.h>
120 #include <netinet/ip_var.h>
122 #include <netinet/ip6.h>
123 #include <netinet6/ip6_var.h>
126 #include <netinet/ip_carp.h>
128 #include <machine/in_cksum.h>
129 #include <netinet/if_ether.h> /* for struct arpcom */
130 #include <net/bridgestp.h>
131 #include <net/if_bridgevar.h>
132 #include <net/if_llc.h>
134 #include <net/route.h>
135 #include <netinet/ip_fw.h>
136 #include <netinet/ip_dummynet.h>
139 * Size of the route hash table. Must be a power of two.
141 #ifndef BRIDGE_RTHASH_SIZE
142 #define BRIDGE_RTHASH_SIZE 1024
145 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
148 * Maximum number of addresses to cache.
150 #ifndef BRIDGE_RTABLE_MAX
151 #define BRIDGE_RTABLE_MAX 100
155 * Timeout (in seconds) for entries learned dynamically.
157 #ifndef BRIDGE_RTABLE_TIMEOUT
158 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
162 * Number of seconds between walks of the route list.
164 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
165 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
169 * List of capabilities to mask on the member interface.
171 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM
174 * Bridge interface list entry.
176 struct bridge_iflist {
177 LIST_ENTRY(bridge_iflist) bif_next;
178 struct ifnet *bif_ifp; /* member if */
179 struct bstp_port bif_stp; /* STP state */
180 uint32_t bif_flags; /* member if flags */
181 int bif_mutecap; /* member muted caps */
187 struct bridge_rtnode {
188 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
189 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
190 struct ifnet *brt_ifp; /* destination if */
191 unsigned long brt_expire; /* expiration time */
192 uint8_t brt_flags; /* address flags */
193 uint8_t brt_addr[ETHER_ADDR_LEN];
197 * Software state for each bridge.
199 struct bridge_softc {
200 struct ifnet *sc_ifp; /* make this an interface */
201 LIST_ENTRY(bridge_softc) sc_list;
204 uint32_t sc_brtmax; /* max # of addresses */
205 uint32_t sc_brtcnt; /* cur. # of addresses */
206 uint32_t sc_brttimeout; /* rt timeout in seconds */
207 struct callout sc_brcallout; /* bridge callout */
208 uint32_t sc_iflist_ref; /* refcount for sc_iflist */
209 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */
210 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
211 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
212 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
213 uint32_t sc_rthash_key; /* key for hash */
214 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
215 struct bstp_state sc_stp; /* STP state */
216 uint32_t sc_brtexceeded; /* # of cache drops */
219 static struct mtx bridge_list_mtx;
220 eventhandler_tag bridge_detach_cookie = NULL;
222 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
224 uma_zone_t bridge_rtnode_zone;
226 static int bridge_clone_create(struct if_clone *, int, caddr_t);
227 static void bridge_clone_destroy(struct ifnet *);
229 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
230 static void bridge_mutecaps(struct bridge_iflist *, int);
231 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
232 static void bridge_init(void *);
233 static void bridge_dummynet(struct mbuf *, struct ifnet *);
234 static void bridge_stop(struct ifnet *, int);
235 static void bridge_start(struct ifnet *);
236 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
237 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
239 static void bridge_enqueue(struct bridge_softc *, struct ifnet *,
241 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
243 static void bridge_forward(struct bridge_softc *, struct mbuf *m);
245 static void bridge_timer(void *);
247 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
249 static void bridge_span(struct bridge_softc *, struct mbuf *);
251 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
252 struct ifnet *, int, uint8_t);
253 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
254 static void bridge_rttrim(struct bridge_softc *);
255 static void bridge_rtage(struct bridge_softc *);
256 static void bridge_rtflush(struct bridge_softc *, int);
257 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
259 static int bridge_rtable_init(struct bridge_softc *);
260 static void bridge_rtable_fini(struct bridge_softc *);
262 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
263 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
265 static int bridge_rtnode_insert(struct bridge_softc *,
266 struct bridge_rtnode *);
267 static void bridge_rtnode_destroy(struct bridge_softc *,
268 struct bridge_rtnode *);
269 static void bridge_state_change(struct ifnet *, int);
271 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
273 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
275 static void bridge_delete_member(struct bridge_softc *,
276 struct bridge_iflist *, int);
277 static void bridge_delete_span(struct bridge_softc *,
278 struct bridge_iflist *);
280 static int bridge_ioctl_add(struct bridge_softc *, void *);
281 static int bridge_ioctl_del(struct bridge_softc *, void *);
282 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
283 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
284 static int bridge_ioctl_scache(struct bridge_softc *, void *);
285 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
286 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
287 static int bridge_ioctl_rts(struct bridge_softc *, void *);
288 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
289 static int bridge_ioctl_sto(struct bridge_softc *, void *);
290 static int bridge_ioctl_gto(struct bridge_softc *, void *);
291 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
292 static int bridge_ioctl_flush(struct bridge_softc *, void *);
293 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
294 static int bridge_ioctl_spri(struct bridge_softc *, void *);
295 static int bridge_ioctl_ght(struct bridge_softc *, void *);
296 static int bridge_ioctl_sht(struct bridge_softc *, void *);
297 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
298 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
299 static int bridge_ioctl_gma(struct bridge_softc *, void *);
300 static int bridge_ioctl_sma(struct bridge_softc *, void *);
301 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
302 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
303 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
304 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
305 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
306 static int bridge_ioctl_grte(struct bridge_softc *, void *);
307 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
308 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
310 static int bridge_ip_checkbasic(struct mbuf **mp);
312 static int bridge_ip6_checkbasic(struct mbuf **mp);
314 static int bridge_fragment(struct ifnet *, struct mbuf *,
315 struct ether_header *, int, struct llc *);
317 SYSCTL_DECL(_net_link);
318 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
320 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
321 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
322 static int pfil_member = 1; /* run pfil hooks on the member interface */
323 static int pfil_ipfw = 0; /* layer2 filter with ipfw */
324 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */
325 static int log_stp = 0; /* log STP state changes */
326 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
327 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
328 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW,
329 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2");
330 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
331 &pfil_bridge, 0, "Packet filter on the bridge interface");
332 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
333 &pfil_member, 0, "Packet filter on the member interface");
334 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW,
335 &log_stp, 0, "Log STP state changes");
337 struct bridge_control {
338 int (*bc_func)(struct bridge_softc *, void *);
343 #define BC_F_COPYIN 0x01 /* copy arguments in */
344 #define BC_F_COPYOUT 0x02 /* copy arguments out */
345 #define BC_F_SUSER 0x04 /* do super-user check */
347 const struct bridge_control bridge_control_table[] = {
348 { bridge_ioctl_add, sizeof(struct ifbreq),
349 BC_F_COPYIN|BC_F_SUSER },
350 { bridge_ioctl_del, sizeof(struct ifbreq),
351 BC_F_COPYIN|BC_F_SUSER },
353 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
354 BC_F_COPYIN|BC_F_COPYOUT },
355 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
356 BC_F_COPYIN|BC_F_SUSER },
358 { bridge_ioctl_scache, sizeof(struct ifbrparam),
359 BC_F_COPYIN|BC_F_SUSER },
360 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
363 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
364 BC_F_COPYIN|BC_F_COPYOUT },
365 { bridge_ioctl_rts, sizeof(struct ifbaconf),
366 BC_F_COPYIN|BC_F_COPYOUT },
368 { bridge_ioctl_saddr, sizeof(struct ifbareq),
369 BC_F_COPYIN|BC_F_SUSER },
371 { bridge_ioctl_sto, sizeof(struct ifbrparam),
372 BC_F_COPYIN|BC_F_SUSER },
373 { bridge_ioctl_gto, sizeof(struct ifbrparam),
376 { bridge_ioctl_daddr, sizeof(struct ifbareq),
377 BC_F_COPYIN|BC_F_SUSER },
379 { bridge_ioctl_flush, sizeof(struct ifbreq),
380 BC_F_COPYIN|BC_F_SUSER },
382 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
384 { bridge_ioctl_spri, sizeof(struct ifbrparam),
385 BC_F_COPYIN|BC_F_SUSER },
387 { bridge_ioctl_ght, sizeof(struct ifbrparam),
389 { bridge_ioctl_sht, sizeof(struct ifbrparam),
390 BC_F_COPYIN|BC_F_SUSER },
392 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
394 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
395 BC_F_COPYIN|BC_F_SUSER },
397 { bridge_ioctl_gma, sizeof(struct ifbrparam),
399 { bridge_ioctl_sma, sizeof(struct ifbrparam),
400 BC_F_COPYIN|BC_F_SUSER },
402 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
403 BC_F_COPYIN|BC_F_SUSER },
405 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
406 BC_F_COPYIN|BC_F_SUSER },
408 { bridge_ioctl_addspan, sizeof(struct ifbreq),
409 BC_F_COPYIN|BC_F_SUSER },
410 { bridge_ioctl_delspan, sizeof(struct ifbreq),
411 BC_F_COPYIN|BC_F_SUSER },
413 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
416 { bridge_ioctl_grte, sizeof(struct ifbrparam),
419 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
422 const int bridge_control_table_size =
423 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
425 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
426 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
428 LIST_HEAD(, bridge_softc) bridge_list;
430 IFC_SIMPLE_DECLARE(bridge, 0);
433 bridge_modevent(module_t mod, int type, void *data)
438 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF);
439 if_clone_attach(&bridge_cloner);
440 bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
441 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
443 LIST_INIT(&bridge_list);
444 bridge_input_p = bridge_input;
445 bridge_output_p = bridge_output;
446 bridge_dn_p = bridge_dummynet;
447 bstp_linkstate_p = bstp_linkstate;
448 bridge_detach_cookie = EVENTHANDLER_REGISTER(
449 ifnet_departure_event, bridge_ifdetach, NULL,
450 EVENTHANDLER_PRI_ANY);
453 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
454 bridge_detach_cookie);
455 if_clone_detach(&bridge_cloner);
456 uma_zdestroy(bridge_rtnode_zone);
457 bridge_input_p = NULL;
458 bridge_output_p = NULL;
460 bstp_linkstate_p = NULL;
461 mtx_destroy(&bridge_list_mtx);
469 static moduledata_t bridge_mod = {
475 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
476 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
479 * handler for net.link.bridge.pfil_ipfw
482 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
484 int enable = pfil_ipfw;
487 error = sysctl_handle_int(oidp, &enable, 0, req);
488 enable = (enable) ? 1 : 0;
490 if (enable != pfil_ipfw) {
494 * Disable pfil so that ipfw doesnt run twice, if the user
495 * really wants both then they can re-enable pfil_bridge and/or
496 * pfil_member. Also allow non-ip packets as ipfw can filter by
508 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW,
509 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW");
512 * bridge_clone_create:
514 * Create a new bridge instance.
517 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
519 struct bridge_softc *sc, *sc2;
520 struct ifnet *bifp, *ifp;
524 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
525 BRIDGE_LOCK_INIT(sc);
526 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
532 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
533 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
534 getmicrotime(&(sc->sc_stp.bs_last_tc_time));
536 /* Initialize our routing table. */
537 bridge_rtable_init(sc);
539 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0);
541 LIST_INIT(&sc->sc_iflist);
542 LIST_INIT(&sc->sc_spanlist);
545 if_initname(ifp, ifc->ifc_name, unit);
546 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
547 ifp->if_ioctl = bridge_ioctl;
548 ifp->if_start = bridge_start;
549 ifp->if_init = bridge_init;
550 ifp->if_type = IFT_BRIDGE;
551 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
552 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
553 IFQ_SET_READY(&ifp->if_snd);
556 * Generate a random ethernet address with a locally administered
559 * Since we are using random ethernet addresses for the bridge, it is
560 * possible that we might have address collisions, so make sure that
561 * this hardware address isn't already in use on another bridge.
563 for (retry = 1; retry != 0;) {
564 arc4rand(eaddr, ETHER_ADDR_LEN, 1);
565 eaddr[0] &= ~1; /* clear multicast bit */
566 eaddr[0] |= 2; /* set the LAA bit */
568 mtx_lock(&bridge_list_mtx);
569 LIST_FOREACH(sc2, &bridge_list, sc_list) {
571 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0)
574 mtx_unlock(&bridge_list_mtx);
577 bstp_attach(&sc->sc_stp, bridge_state_change);
578 ether_ifattach(ifp, eaddr);
579 /* Now undo some of the damage... */
580 ifp->if_baudrate = 0;
581 ifp->if_type = IFT_BRIDGE;
583 mtx_lock(&bridge_list_mtx);
584 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
585 mtx_unlock(&bridge_list_mtx);
591 * bridge_clone_destroy:
593 * Destroy a bridge instance.
596 bridge_clone_destroy(struct ifnet *ifp)
598 struct bridge_softc *sc = ifp->if_softc;
599 struct bridge_iflist *bif;
604 ifp->if_flags &= ~IFF_UP;
606 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
607 bridge_delete_member(sc, bif, 0);
609 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) {
610 bridge_delete_span(sc, bif);
615 callout_drain(&sc->sc_brcallout);
617 mtx_lock(&bridge_list_mtx);
618 LIST_REMOVE(sc, sc_list);
619 mtx_unlock(&bridge_list_mtx);
621 bstp_detach(&sc->sc_stp);
623 if_free_type(ifp, IFT_ETHER);
625 /* Tear down the routing table. */
626 bridge_rtable_fini(sc);
628 BRIDGE_LOCK_DESTROY(sc);
635 * Handle a control request from the operator.
638 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
640 struct bridge_softc *sc = ifp->if_softc;
641 struct thread *td = curthread;
643 struct ifbreq ifbreq;
644 struct ifbifconf ifbifconf;
645 struct ifbareq ifbareq;
646 struct ifbaconf ifbaconf;
647 struct ifbrparam ifbrparam;
649 struct ifdrv *ifd = (struct ifdrv *) data;
650 const struct bridge_control *bc;
663 if (ifd->ifd_cmd >= bridge_control_table_size) {
667 bc = &bridge_control_table[ifd->ifd_cmd];
669 if (cmd == SIOCGDRVSPEC &&
670 (bc->bc_flags & BC_F_COPYOUT) == 0) {
674 else if (cmd == SIOCSDRVSPEC &&
675 (bc->bc_flags & BC_F_COPYOUT) != 0) {
680 if (bc->bc_flags & BC_F_SUSER) {
686 if (ifd->ifd_len != bc->bc_argsize ||
687 ifd->ifd_len > sizeof(args)) {
692 bzero(&args, sizeof(args));
693 if (bc->bc_flags & BC_F_COPYIN) {
694 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
699 error = (*bc->bc_func)(sc, &args);
703 if (bc->bc_flags & BC_F_COPYOUT)
704 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
709 if (!(ifp->if_flags & IFF_UP) &&
710 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
712 * If interface is marked down and it is running,
713 * then stop and disable it.
716 } else if ((ifp->if_flags & IFF_UP) &&
717 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
719 * If interface is marked up and it is stopped, then
728 /* Do not allow the MTU to be changed on the bridge */
734 * drop the lock as ether_ioctl() will call bridge_start() and
735 * cause the lock to be recursed.
738 error = ether_ioctl(ifp, cmd, data);
742 if (BRIDGE_LOCKED(sc))
751 * Clear or restore unwanted capabilities on the member interface
754 bridge_mutecaps(struct bridge_iflist *bif, int mute)
756 struct ifnet *ifp = bif->bif_ifp;
760 if (ifp->if_ioctl == NULL)
763 bzero(&ifr, sizeof(ifr));
764 ifr.ifr_reqcap = ifp->if_capenable;
767 /* mask off and save capabilities */
768 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK;
769 if (bif->bif_mutecap != 0)
770 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK;
772 /* restore muted capabilities */
773 ifr.ifr_reqcap |= bif->bif_mutecap;
776 if (bif->bif_mutecap != 0) {
778 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
779 IFF_UNLOCKGIANT(ifp);
784 * bridge_lookup_member:
786 * Lookup a bridge member interface.
788 static struct bridge_iflist *
789 bridge_lookup_member(struct bridge_softc *sc, const char *name)
791 struct bridge_iflist *bif;
794 BRIDGE_LOCK_ASSERT(sc);
796 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
798 if (strcmp(ifp->if_xname, name) == 0)
806 * bridge_lookup_member_if:
808 * Lookup a bridge member interface by ifnet*.
810 static struct bridge_iflist *
811 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
813 struct bridge_iflist *bif;
815 BRIDGE_LOCK_ASSERT(sc);
817 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
818 if (bif->bif_ifp == member_ifp)
826 * bridge_delete_member:
828 * Delete the specified member interface.
831 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
834 struct ifnet *ifs = bif->bif_ifp;
836 BRIDGE_LOCK_ASSERT(sc);
839 switch (ifs->if_type) {
843 * Take the interface out of promiscuous mode.
845 (void) ifpromisc(ifs, 0);
846 bridge_mutecaps(bif, 0);
854 panic("bridge_delete_member: impossible");
860 if (bif->bif_flags & IFBIF_STP)
861 bstp_delete(&bif->bif_stp);
863 ifs->if_bridge = NULL;
865 LIST_REMOVE(bif, bif_next);
868 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
871 bstp_drain(&bif->bif_stp); /* prepare to free */
877 * bridge_delete_span:
879 * Delete the specified span interface.
882 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
884 BRIDGE_LOCK_ASSERT(sc);
886 KASSERT(bif->bif_ifp->if_bridge == NULL,
887 ("%s: not a span interface", __func__));
889 LIST_REMOVE(bif, bif_next);
894 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
896 struct ifbreq *req = arg;
897 struct bridge_iflist *bif = NULL;
901 ifs = ifunit(req->ifbr_ifsname);
905 /* If it's in the span list, it can't be a member. */
906 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
907 if (ifs == bif->bif_ifp)
910 /* Allow the first Ethernet member to define the MTU */
911 if (ifs->if_type != IFT_GIF) {
912 if (LIST_EMPTY(&sc->sc_iflist))
913 sc->sc_ifp->if_mtu = ifs->if_mtu;
914 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
915 if_printf(sc->sc_ifp, "invalid MTU for %s\n",
921 if (ifs->if_bridge == sc)
924 if (ifs->if_bridge != NULL)
927 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
932 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
934 switch (ifs->if_type) {
938 * Place the interface into promiscuous mode.
940 error = ifpromisc(ifs, 1);
944 bridge_mutecaps(bif, 1);
959 * NOTE: insert_***HEAD*** should be safe for the traversals.
961 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
972 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
974 struct ifbreq *req = arg;
975 struct bridge_iflist *bif;
977 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
981 bridge_delete_member(sc, bif, 0);
987 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
989 struct ifbreq *req = arg;
990 struct bridge_iflist *bif;
992 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
996 req->ifbr_ifsflags = bif->bif_flags;
997 req->ifbr_state = bif->bif_stp.bp_state;
998 req->ifbr_priority = bif->bif_stp.bp_priority;
999 req->ifbr_path_cost = bif->bif_stp.bp_path_cost;
1000 req->ifbr_portno = bif->bif_ifp->if_index & 0xff;
1006 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1008 struct ifbreq *req = arg;
1009 struct bridge_iflist *bif;
1012 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1016 if (req->ifbr_ifsflags & IFBIF_SPAN)
1017 /* SPAN is readonly */
1020 if (req->ifbr_ifsflags & IFBIF_STP) {
1021 if ((bif->bif_flags & IFBIF_STP) == 0) {
1022 error = bstp_add(&sc->sc_stp, &bif->bif_stp,
1028 if ((bif->bif_flags & IFBIF_STP) != 0)
1029 bstp_delete(&bif->bif_stp);
1032 bif->bif_flags = req->ifbr_ifsflags;
1038 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1040 struct ifbrparam *param = arg;
1042 sc->sc_brtmax = param->ifbrp_csize;
1049 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1051 struct ifbrparam *param = arg;
1053 param->ifbrp_csize = sc->sc_brtmax;
1059 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1061 struct ifbifconf *bifc = arg;
1062 struct bridge_iflist *bif;
1064 int count, len, error = 0;
1067 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1069 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1072 if (bifc->ifbic_len == 0) {
1073 bifc->ifbic_len = sizeof(breq) * count;
1078 len = bifc->ifbic_len;
1079 bzero(&breq, sizeof(breq));
1080 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1081 if (len < sizeof(breq))
1084 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1085 sizeof(breq.ifbr_ifsname));
1086 breq.ifbr_ifsflags = bif->bif_flags;
1087 breq.ifbr_state = bif->bif_stp.bp_state;
1088 breq.ifbr_priority = bif->bif_stp.bp_priority;
1089 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1090 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1091 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1095 len -= sizeof(breq);
1097 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1098 if (len < sizeof(breq))
1101 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1102 sizeof(breq.ifbr_ifsname));
1103 breq.ifbr_ifsflags = bif->bif_flags;
1104 breq.ifbr_state = bif->bif_stp.bp_state;
1105 breq.ifbr_priority = bif->bif_stp.bp_priority;
1106 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1107 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1108 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1112 len -= sizeof(breq);
1115 bifc->ifbic_len = sizeof(breq) * count;
1120 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1122 struct ifbaconf *bac = arg;
1123 struct bridge_rtnode *brt;
1124 struct ifbareq bareq;
1125 int count = 0, error = 0, len;
1127 if (bac->ifbac_len == 0)
1130 len = bac->ifbac_len;
1131 bzero(&bareq, sizeof(bareq));
1132 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1133 if (len < sizeof(bareq))
1135 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1136 sizeof(bareq.ifba_ifsname));
1137 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1138 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1139 time_uptime < brt->brt_expire)
1140 bareq.ifba_expire = brt->brt_expire - time_uptime;
1142 bareq.ifba_expire = 0;
1143 bareq.ifba_flags = brt->brt_flags;
1145 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq));
1149 len -= sizeof(bareq);
1152 bac->ifbac_len = sizeof(bareq) * count;
1157 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1159 struct ifbareq *req = arg;
1160 struct bridge_iflist *bif;
1163 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1167 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
1174 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1176 struct ifbrparam *param = arg;
1178 sc->sc_brttimeout = param->ifbrp_ctime;
1183 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1185 struct ifbrparam *param = arg;
1187 param->ifbrp_ctime = sc->sc_brttimeout;
1192 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1194 struct ifbareq *req = arg;
1196 return (bridge_rtdaddr(sc, req->ifba_dst));
1200 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1202 struct ifbreq *req = arg;
1204 bridge_rtflush(sc, req->ifbr_ifsflags);
1209 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1211 struct ifbrparam *param = arg;
1212 struct bstp_state *bs = &sc->sc_stp;
1214 param->ifbrp_prio = bs->bs_bridge_priority;
1219 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1221 struct ifbrparam *param = arg;
1222 struct bstp_state *bs = &sc->sc_stp;
1224 bs->bs_bridge_priority = param->ifbrp_prio;
1231 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1233 struct ifbrparam *param = arg;
1234 struct bstp_state *bs = &sc->sc_stp;
1236 param->ifbrp_hellotime = bs->bs_bridge_hello_time >> 8;
1241 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1243 struct ifbrparam *param = arg;
1244 struct bstp_state *bs = &sc->sc_stp;
1246 if (param->ifbrp_hellotime == 0)
1248 bs->bs_bridge_hello_time = param->ifbrp_hellotime << 8;
1255 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1257 struct ifbrparam *param = arg;
1258 struct bstp_state *bs = &sc->sc_stp;
1260 param->ifbrp_fwddelay = bs->bs_bridge_forward_delay >> 8;
1265 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1267 struct ifbrparam *param = arg;
1268 struct bstp_state *bs = &sc->sc_stp;
1270 if (param->ifbrp_fwddelay == 0)
1272 bs->bs_bridge_forward_delay = param->ifbrp_fwddelay << 8;
1279 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1281 struct ifbrparam *param = arg;
1282 struct bstp_state *bs = &sc->sc_stp;
1284 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1289 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1291 struct ifbrparam *param = arg;
1292 struct bstp_state *bs = &sc->sc_stp;
1294 if (param->ifbrp_maxage == 0)
1296 bs->bs_bridge_max_age = param->ifbrp_maxage << 8;
1303 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1305 struct ifbreq *req = arg;
1306 struct bridge_iflist *bif;
1308 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1312 bif->bif_stp.bp_priority = req->ifbr_priority;
1313 bstp_reinit(&sc->sc_stp);
1319 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1321 struct ifbreq *req = arg;
1322 struct bridge_iflist *bif;
1324 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1328 bif->bif_stp.bp_path_cost = req->ifbr_path_cost;
1329 bstp_reinit(&sc->sc_stp);
1335 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1337 struct ifbreq *req = arg;
1338 struct bridge_iflist *bif = NULL;
1341 ifs = ifunit(req->ifbr_ifsname);
1345 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1346 if (ifs == bif->bif_ifp)
1349 if (ifs->if_bridge != NULL)
1352 switch (ifs->if_type) {
1361 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1366 bif->bif_flags = IFBIF_SPAN;
1368 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1374 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1376 struct ifbreq *req = arg;
1377 struct bridge_iflist *bif;
1380 ifs = ifunit(req->ifbr_ifsname);
1384 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1385 if (ifs == bif->bif_ifp)
1391 bridge_delete_span(sc, bif);
1397 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
1399 struct ifbropreq *req = arg;
1400 struct bstp_port *root_port;
1402 req->ifbop_maxage = sc->sc_stp.bs_max_age;
1403 req->ifbop_hellotime = sc->sc_stp.bs_hello_time;
1404 req->ifbop_fwddelay = sc->sc_stp.bs_forward_delay;
1406 root_port = sc->sc_stp.bs_root_port;
1407 if (root_port == NULL)
1408 req->ifbop_root_port = 0;
1410 req->ifbop_root_port = root_port->bp_ifp->if_index;
1412 req->ifbop_root_path_cost = sc->sc_stp.bs_root_path_cost;
1413 req->ifbop_designated_root = sc->sc_stp.bs_designated_root;
1414 req->ifbop_last_tc_time.tv_sec = sc->sc_stp.bs_last_tc_time.tv_sec;
1415 req->ifbop_last_tc_time.tv_usec = sc->sc_stp.bs_last_tc_time.tv_usec;
1421 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
1423 struct ifbrparam *param = arg;
1425 param->ifbrp_cexceeded = sc->sc_brtexceeded;
1430 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
1432 struct ifbpstpconf *bifstp = arg;
1433 struct bridge_iflist *bif;
1434 struct ifbpstpreq bpreq;
1435 int count, len, error = 0;
1438 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1439 if ((bif->bif_flags & IFBIF_STP) != 0)
1443 if (bifstp->ifbpstp_len == 0) {
1444 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1449 len = bifstp->ifbpstp_len;
1450 bzero(&bpreq, sizeof(bpreq));
1451 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1452 if (len < sizeof(bpreq))
1455 if ((bif->bif_flags & IFBIF_STP) == 0)
1458 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xff;
1459 bpreq.ifbp_fwd_trans = bif->bif_stp.bp_forward_transitions;
1460 bpreq.ifbp_design_cost = bif->bif_stp.bp_designated_cost;
1461 bpreq.ifbp_design_port = bif->bif_stp.bp_designated_port;
1462 bpreq.ifbp_design_bridge = bif->bif_stp.bp_designated_bridge;
1463 bpreq.ifbp_design_root = bif->bif_stp.bp_designated_root;
1465 error = copyout(&bpreq, bifstp->ifbpstp_req + count,
1471 len -= sizeof(bpreq);
1474 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1481 * Detach an interface from a bridge. Called when a member
1482 * interface is detaching.
1485 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
1487 struct bridge_softc *sc = ifp->if_bridge;
1488 struct bridge_iflist *bif;
1490 /* Check if the interface is a bridge member */
1494 bif = bridge_lookup_member_if(sc, ifp);
1496 bridge_delete_member(sc, bif, 1);
1502 /* Check if the interface is a span port */
1503 mtx_lock(&bridge_list_mtx);
1504 LIST_FOREACH(sc, &bridge_list, sc_list) {
1506 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1507 if (ifp == bif->bif_ifp) {
1508 bridge_delete_span(sc, bif);
1514 mtx_unlock(&bridge_list_mtx);
1520 * Initialize a bridge interface.
1523 bridge_init(void *xsc)
1525 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1526 struct ifnet *ifp = sc->sc_ifp;
1528 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1532 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1535 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1536 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
1544 * Stop the bridge interface.
1547 bridge_stop(struct ifnet *ifp, int disable)
1549 struct bridge_softc *sc = ifp->if_softc;
1551 BRIDGE_LOCK_ASSERT(sc);
1553 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1556 callout_stop(&sc->sc_brcallout);
1557 bstp_stop(&sc->sc_stp);
1559 bridge_rtflush(sc, IFBF_FLUSHDYN);
1561 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1567 * Enqueue a packet on a bridge member interface.
1571 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1577 len = m->m_pkthdr.len;
1578 mflags = m->m_flags;
1580 /* We may be sending a fragment so traverse the mbuf */
1583 m->m_nextpkt = NULL;
1586 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err);
1591 sc->sc_ifp->if_opackets++;
1592 sc->sc_ifp->if_obytes += len;
1594 dst_ifp->if_obytes += len;
1596 if (mflags & M_MCAST) {
1597 sc->sc_ifp->if_omcasts++;
1598 dst_ifp->if_omcasts++;
1602 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0)
1603 (*dst_ifp->if_start)(dst_ifp);
1609 * Receive a queued packet from dummynet and pass it on to the output
1612 * The mbuf has the Ethernet header already attached.
1615 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
1617 struct bridge_softc *sc;
1619 sc = ifp->if_bridge;
1622 * The packet didnt originate from a member interface. This should only
1623 * ever happen if a member interface is removed while packets are
1631 if (PFIL_HOOKED(&inet_pfil_hook)
1633 || PFIL_HOOKED(&inet6_pfil_hook)
1636 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
1642 bridge_enqueue(sc, ifp, m);
1648 * Send output from a bridge member interface. This
1649 * performs the bridging function for locally originated
1652 * The mbuf has the Ethernet header already attached. We must
1653 * enqueue or free the mbuf before returning.
1656 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
1659 struct ether_header *eh;
1660 struct ifnet *dst_if;
1661 struct bridge_softc *sc;
1663 if (m->m_len < ETHER_HDR_LEN) {
1664 m = m_pullup(m, ETHER_HDR_LEN);
1669 eh = mtod(m, struct ether_header *);
1670 sc = ifp->if_bridge;
1675 * If bridge is down, but the original output interface is up,
1676 * go ahead and send out that interface. Otherwise, the packet
1679 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1685 * If the packet is a multicast, or we don't know a better way to
1686 * get there, send to all interfaces.
1688 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1691 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1692 if (dst_if == NULL) {
1693 struct bridge_iflist *bif;
1695 int error = 0, used = 0;
1699 BRIDGE_LOCK2REF(sc, error);
1705 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1706 dst_if = bif->bif_ifp;
1708 if (dst_if->if_type == IFT_GIF)
1710 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
1714 * If this is not the original output interface,
1715 * and the interface is participating in spanning
1716 * tree, make sure the port is in a state that
1717 * allows forwarding.
1719 if (dst_if != ifp &&
1720 (bif->bif_flags & IFBIF_STP) != 0) {
1721 switch (bif->bif_stp.bp_state) {
1722 case BSTP_IFSTATE_BLOCKING:
1723 case BSTP_IFSTATE_LISTENING:
1724 case BSTP_IFSTATE_DISABLED:
1729 if (LIST_NEXT(bif, bif_next) == NULL) {
1733 mc = m_copypacket(m, M_DONTWAIT);
1735 sc->sc_ifp->if_oerrors++;
1740 bridge_enqueue(sc, dst_if, mc);
1750 * XXX Spanning tree consideration here?
1754 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1761 bridge_enqueue(sc, dst_if, m);
1768 * Start output on a bridge.
1772 bridge_start(struct ifnet *ifp)
1774 struct bridge_softc *sc;
1776 struct ether_header *eh;
1777 struct ifnet *dst_if;
1781 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
1783 IFQ_DEQUEUE(&ifp->if_snd, m);
1788 eh = mtod(m, struct ether_header *);
1792 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1793 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1797 bridge_broadcast(sc, ifp, m, 0);
1800 bridge_enqueue(sc, dst_if, m);
1803 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1809 * The forwarding function of the bridge.
1811 * NOTE: Releases the lock on return.
1814 bridge_forward(struct bridge_softc *sc, struct mbuf *m)
1816 struct bridge_iflist *bif;
1817 struct ifnet *src_if, *dst_if, *ifp;
1818 struct ether_header *eh;
1820 src_if = m->m_pkthdr.rcvif;
1823 sc->sc_ifp->if_ipackets++;
1824 sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
1827 * Look up the bridge_iflist.
1829 bif = bridge_lookup_member_if(sc, src_if);
1831 /* Interface is not a bridge member (anymore?) */
1837 if (bif->bif_flags & IFBIF_STP) {
1838 switch (bif->bif_stp.bp_state) {
1839 case BSTP_IFSTATE_BLOCKING:
1840 case BSTP_IFSTATE_LISTENING:
1841 case BSTP_IFSTATE_DISABLED:
1848 eh = mtod(m, struct ether_header *);
1851 * If the interface is learning, and the source
1852 * address is valid and not multicast, record
1855 if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
1856 ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
1857 (eh->ether_shost[0] == 0 &&
1858 eh->ether_shost[1] == 0 &&
1859 eh->ether_shost[2] == 0 &&
1860 eh->ether_shost[3] == 0 &&
1861 eh->ether_shost[4] == 0 &&
1862 eh->ether_shost[5] == 0) == 0) {
1863 (void) bridge_rtupdate(sc, eh->ether_shost,
1864 src_if, 0, IFBAF_DYNAMIC);
1867 if ((bif->bif_flags & IFBIF_STP) != 0 &&
1868 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) {
1875 * At this point, the port either doesn't participate
1876 * in spanning tree or it is in the forwarding state.
1880 * If the packet is unicast, destined for someone on
1881 * "this" side of the bridge, drop it.
1883 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1884 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1885 if (src_if == dst_if) {
1891 /* ...forward it to all interfaces. */
1892 sc->sc_ifp->if_imcasts++;
1897 * If we have a destination interface which is a member of our bridge,
1898 * OR this is a unicast packet, push it through the bpf(4) machinery.
1899 * For broadcast or multicast packets, don't bother because it will
1900 * be reinjected into ether_input. We do this before we pass the packets
1901 * through the pfil(9) framework, as it is possible that pfil(9) will
1902 * drop the packet, or possibly modify it, making it difficult to debug
1903 * firewall issues on the bridge.
1905 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
1908 /* run the packet filter */
1909 if (PFIL_HOOKED(&inet_pfil_hook)
1911 || PFIL_HOOKED(&inet6_pfil_hook)
1915 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
1922 if (dst_if == NULL) {
1923 bridge_broadcast(sc, src_if, m, 1);
1928 * At this point, we're dealing with a unicast frame
1929 * going to a different interface.
1931 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1936 bif = bridge_lookup_member_if(sc, dst_if);
1938 /* Not a member of the bridge (anymore?) */
1944 if (bif->bif_flags & IFBIF_STP) {
1945 switch (bif->bif_stp.bp_state) {
1946 case BSTP_IFSTATE_DISABLED:
1947 case BSTP_IFSTATE_BLOCKING:
1956 if (PFIL_HOOKED(&inet_pfil_hook)
1958 || PFIL_HOOKED(&inet6_pfil_hook)
1961 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
1967 bridge_enqueue(sc, dst_if, m);
1973 * Receive input from a member interface. Queue the packet for
1974 * bridging if it is not for us.
1976 static struct mbuf *
1977 bridge_input(struct ifnet *ifp, struct mbuf *m)
1979 struct bridge_softc *sc = ifp->if_bridge;
1980 struct bridge_iflist *bif;
1982 struct ether_header *eh;
1983 struct mbuf *mc, *mc2;
1985 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1991 * Implement support for bridge monitoring. If this flag has been
1992 * set on this interface, discard the packet once we push it through
1993 * the bpf(4) machinery, but before we do, increment the byte and
1994 * packet counters associated with this interface.
1996 if ((bifp->if_flags & IFF_MONITOR) != 0) {
1997 m->m_pkthdr.rcvif = bifp;
1999 bifp->if_ipackets++;
2000 bifp->if_ibytes += m->m_pkthdr.len;
2005 bif = bridge_lookup_member_if(sc, ifp);
2011 eh = mtod(m, struct ether_header *);
2013 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp),
2014 ETHER_ADDR_LEN) == 0) {
2016 * If the packet is for us, set the packets source as the
2017 * bridge, and return the packet back to ether_input for
2021 /* Mark the packet as arriving on the bridge interface */
2022 m->m_pkthdr.rcvif = bifp;
2024 bifp->if_ipackets++;
2032 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
2033 /* Tap off 802.1D packets; they do not get forwarded. */
2034 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2035 ETHER_ADDR_LEN) == 0) {
2036 m = bstp_input(&bif->bif_stp, ifp, m);
2043 if (bif->bif_flags & IFBIF_STP) {
2044 switch (bif->bif_stp.bp_state) {
2045 case BSTP_IFSTATE_BLOCKING:
2046 case BSTP_IFSTATE_LISTENING:
2047 case BSTP_IFSTATE_DISABLED:
2053 if (bcmp(etherbroadcastaddr, eh->ether_dhost,
2054 sizeof(etherbroadcastaddr)) == 0)
2055 m->m_flags |= M_BCAST;
2057 m->m_flags |= M_MCAST;
2060 * Make a deep copy of the packet and enqueue the copy
2061 * for bridge processing; return the original packet for
2064 mc = m_dup(m, M_DONTWAIT);
2070 /* Perform the bridge forwarding function with the copy. */
2071 bridge_forward(sc, mc);
2074 * Reinject the mbuf as arriving on the bridge so we have a
2075 * chance at claiming multicast packets. We can not loop back
2076 * here from ether_input as a bridge is never a member of a
2079 KASSERT(bifp->if_bridge == NULL,
2080 ("loop created in bridge_input"));
2081 mc2 = m_dup(m, M_DONTWAIT);
2083 /* Keep the layer3 header aligned */
2084 int i = min(mc2->m_pkthdr.len, max_protohdr);
2085 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2088 mc2->m_pkthdr.rcvif = bifp;
2089 (*bifp->if_input)(bifp, mc2);
2092 /* Return the original packet for local processing. */
2096 if (bif->bif_flags & IFBIF_STP) {
2097 switch (bif->bif_stp.bp_state) {
2098 case BSTP_IFSTATE_BLOCKING:
2099 case BSTP_IFSTATE_LISTENING:
2100 case BSTP_IFSTATE_DISABLED:
2107 * Unicast. Make sure it's not for us.
2109 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2110 if (bif->bif_ifp->if_type == IFT_GIF)
2112 /* It is destined for us. */
2113 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost,
2114 ETHER_ADDR_LEN) == 0
2116 || (bif->bif_ifp->if_carp
2117 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost))
2120 if (bif->bif_flags & IFBIF_LEARNING)
2121 (void) bridge_rtupdate(sc,
2122 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
2123 m->m_pkthdr.rcvif = bif->bif_ifp;
2128 /* We just received a packet that we sent out. */
2129 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost,
2130 ETHER_ADDR_LEN) == 0
2132 || (bif->bif_ifp->if_carp
2133 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost))
2142 /* Perform the bridge forwarding function. */
2143 bridge_forward(sc, m);
2151 * Send a frame to all interfaces that are members of
2152 * the bridge, except for the one on which the packet
2155 * NOTE: Releases the lock on return.
2158 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2159 struct mbuf *m, int runfilt)
2161 struct bridge_iflist *bif;
2163 struct ifnet *dst_if;
2164 int error = 0, used = 0, i;
2166 BRIDGE_LOCK2REF(sc, error);
2172 /* Filter on the bridge interface before broadcasting */
2173 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2175 || PFIL_HOOKED(&inet6_pfil_hook)
2178 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2184 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2185 dst_if = bif->bif_ifp;
2186 if (dst_if == src_if)
2189 if (bif->bif_flags & IFBIF_STP) {
2190 switch (bif->bif_stp.bp_state) {
2191 case BSTP_IFSTATE_BLOCKING:
2192 case BSTP_IFSTATE_DISABLED:
2197 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
2198 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2201 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2204 if (LIST_NEXT(bif, bif_next) == NULL) {
2208 mc = m_dup(m, M_DONTWAIT);
2210 sc->sc_ifp->if_oerrors++;
2216 * Filter on the output interface. Pass a NULL bridge interface
2217 * pointer so we do not redundantly filter on the bridge for
2218 * each interface we broadcast on.
2220 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2222 || PFIL_HOOKED(&inet6_pfil_hook)
2226 /* Keep the layer3 header aligned */
2227 i = min(mc->m_pkthdr.len, max_protohdr);
2228 mc = m_copyup(mc, i, ETHER_ALIGN);
2230 sc->sc_ifp->if_oerrors++;
2234 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2240 bridge_enqueue(sc, dst_if, mc);
2252 * Duplicate a packet out one or more interfaces that are in span mode,
2253 * the original mbuf is unmodified.
2256 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2258 struct bridge_iflist *bif;
2259 struct ifnet *dst_if;
2262 if (LIST_EMPTY(&sc->sc_spanlist))
2265 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2266 dst_if = bif->bif_ifp;
2268 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2271 mc = m_copypacket(m, M_DONTWAIT);
2273 sc->sc_ifp->if_oerrors++;
2277 bridge_enqueue(sc, dst_if, mc);
2284 * Add a bridge routing entry.
2287 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
2288 struct ifnet *dst_if, int setflags, uint8_t flags)
2290 struct bridge_rtnode *brt;
2293 BRIDGE_LOCK_ASSERT(sc);
2296 * A route for this destination might already exist. If so,
2297 * update it, otherwise create a new one.
2299 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
2300 if (sc->sc_brtcnt >= sc->sc_brtmax) {
2301 sc->sc_brtexceeded++;
2306 * Allocate a new bridge forwarding node, and
2307 * initialize the expiration time and Ethernet
2310 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO);
2314 brt->brt_flags = IFBAF_DYNAMIC;
2315 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
2317 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
2318 uma_zfree(bridge_rtnode_zone, brt);
2323 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2324 brt->brt_ifp = dst_if;
2325 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2326 brt->brt_expire = time_uptime + sc->sc_brttimeout;
2328 brt->brt_flags = flags;
2336 * Lookup the destination interface for an address.
2338 static struct ifnet *
2339 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
2341 struct bridge_rtnode *brt;
2343 BRIDGE_LOCK_ASSERT(sc);
2345 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2348 return (brt->brt_ifp);
2354 * Trim the routine table so that we have a number
2355 * of routing entries less than or equal to the
2359 bridge_rttrim(struct bridge_softc *sc)
2361 struct bridge_rtnode *brt, *nbrt;
2363 BRIDGE_LOCK_ASSERT(sc);
2365 /* Make sure we actually need to do this. */
2366 if (sc->sc_brtcnt <= sc->sc_brtmax)
2369 /* Force an aging cycle; this might trim enough addresses. */
2371 if (sc->sc_brtcnt <= sc->sc_brtmax)
2374 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2375 nbrt = LIST_NEXT(brt, brt_list);
2376 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2377 bridge_rtnode_destroy(sc, brt);
2378 if (sc->sc_brtcnt <= sc->sc_brtmax)
2387 * Aging timer for the bridge.
2390 bridge_timer(void *arg)
2392 struct bridge_softc *sc = arg;
2394 BRIDGE_LOCK_ASSERT(sc);
2398 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
2399 callout_reset(&sc->sc_brcallout,
2400 bridge_rtable_prune_period * hz, bridge_timer, sc);
2406 * Perform an aging cycle.
2409 bridge_rtage(struct bridge_softc *sc)
2411 struct bridge_rtnode *brt, *nbrt;
2413 BRIDGE_LOCK_ASSERT(sc);
2415 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2416 nbrt = LIST_NEXT(brt, brt_list);
2417 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2418 if (time_uptime >= brt->brt_expire)
2419 bridge_rtnode_destroy(sc, brt);
2427 * Remove all dynamic addresses from the bridge.
2430 bridge_rtflush(struct bridge_softc *sc, int full)
2432 struct bridge_rtnode *brt, *nbrt;
2434 BRIDGE_LOCK_ASSERT(sc);
2436 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2437 nbrt = LIST_NEXT(brt, brt_list);
2438 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2439 bridge_rtnode_destroy(sc, brt);
2446 * Remove an address from the table.
2449 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
2451 struct bridge_rtnode *brt;
2453 BRIDGE_LOCK_ASSERT(sc);
2455 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2458 bridge_rtnode_destroy(sc, brt);
2465 * Delete routes to a speicifc member interface.
2468 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
2470 struct bridge_rtnode *brt, *nbrt;
2472 BRIDGE_LOCK_ASSERT(sc);
2474 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2475 nbrt = LIST_NEXT(brt, brt_list);
2476 if (brt->brt_ifp == ifp && (full ||
2477 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
2478 bridge_rtnode_destroy(sc, brt);
2483 * bridge_rtable_init:
2485 * Initialize the route table for this bridge.
2488 bridge_rtable_init(struct bridge_softc *sc)
2492 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
2493 M_DEVBUF, M_NOWAIT);
2494 if (sc->sc_rthash == NULL)
2497 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
2498 LIST_INIT(&sc->sc_rthash[i]);
2500 sc->sc_rthash_key = arc4random();
2502 LIST_INIT(&sc->sc_rtlist);
2508 * bridge_rtable_fini:
2510 * Deconstruct the route table for this bridge.
2513 bridge_rtable_fini(struct bridge_softc *sc)
2516 free(sc->sc_rthash, M_DEVBUF);
2520 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
2521 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
2523 #define mix(a, b, c) \
2525 a -= b; a -= c; a ^= (c >> 13); \
2526 b -= c; b -= a; b ^= (a << 8); \
2527 c -= a; c -= b; c ^= (b >> 13); \
2528 a -= b; a -= c; a ^= (c >> 12); \
2529 b -= c; b -= a; b ^= (a << 16); \
2530 c -= a; c -= b; c ^= (b >> 5); \
2531 a -= b; a -= c; a ^= (c >> 3); \
2532 b -= c; b -= a; b ^= (a << 10); \
2533 c -= a; c -= b; c ^= (b >> 15); \
2534 } while (/*CONSTCOND*/0)
2536 static __inline uint32_t
2537 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
2539 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2550 return (c & BRIDGE_RTHASH_MASK);
2556 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
2560 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
2561 d = ((int)a[i]) - ((int)b[i]);
2568 * bridge_rtnode_lookup:
2570 * Look up a bridge route node for the specified destination.
2572 static struct bridge_rtnode *
2573 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
2575 struct bridge_rtnode *brt;
2579 BRIDGE_LOCK_ASSERT(sc);
2581 hash = bridge_rthash(sc, addr);
2582 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2583 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
2594 * bridge_rtnode_insert:
2596 * Insert the specified bridge node into the route table. We
2597 * assume the entry is not already in the table.
2600 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2602 struct bridge_rtnode *lbrt;
2606 BRIDGE_LOCK_ASSERT(sc);
2608 hash = bridge_rthash(sc, brt->brt_addr);
2610 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2612 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2617 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
2621 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2624 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2625 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2628 lbrt = LIST_NEXT(lbrt, brt_hash);
2629 } while (lbrt != NULL);
2632 panic("bridge_rtnode_insert: impossible");
2636 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2643 * bridge_rtnode_destroy:
2645 * Destroy a bridge rtnode.
2648 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2650 BRIDGE_LOCK_ASSERT(sc);
2652 LIST_REMOVE(brt, brt_hash);
2654 LIST_REMOVE(brt, brt_list);
2656 uma_zfree(bridge_rtnode_zone, brt);
2660 * bridge_state_change:
2662 * Callback from the bridgestp code when a port changes states.
2665 bridge_state_change(struct ifnet *ifp, int state)
2667 struct bridge_softc *sc = ifp->if_bridge;
2668 static const char *stpstates[] = {
2677 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
2678 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
2680 /* if the port is blocking then remove any routes to it */
2682 case BSTP_IFSTATE_DISABLED:
2683 case BSTP_IFSTATE_BLOCKING:
2685 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
2691 * Send bridge packets through pfil if they are one of the types pfil can deal
2692 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2693 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2697 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2699 int snap, error, i, hlen;
2700 struct ether_header *eh1, eh2;
2701 struct ip_fw_args args;
2704 u_int16_t ether_type;
2707 error = -1; /* Default error if not error == 0 */
2709 /* we may return with the IP fields swapped, ensure its not shared */
2710 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
2712 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0)
2713 return (0); /* filtering is disabled */
2715 i = min((*mp)->m_pkthdr.len, max_protohdr);
2716 if ((*mp)->m_len < i) {
2717 *mp = m_pullup(*mp, i);
2719 printf("%s: m_pullup failed\n", __func__);
2724 eh1 = mtod(*mp, struct ether_header *);
2725 ether_type = ntohs(eh1->ether_type);
2728 * Check for SNAP/LLC.
2730 if (ether_type < ETHERMTU) {
2731 struct llc *llc2 = (struct llc *)(eh1 + 1);
2733 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
2734 llc2->llc_dsap == LLC_SNAP_LSAP &&
2735 llc2->llc_ssap == LLC_SNAP_LSAP &&
2736 llc2->llc_control == LLC_UI) {
2737 ether_type = htons(llc2->llc_un.type_snap.ether_type);
2743 * If we're trying to filter bridge traffic, don't look at anything
2744 * other than IP and ARP traffic. If the filter doesn't understand
2745 * IPv6, don't allow IPv6 through the bridge either. This is lame
2746 * since if we really wanted, say, an AppleTalk filter, we are hosed,
2747 * but of course we don't have an AppleTalk filter to begin with.
2748 * (Note that since pfil doesn't understand ARP it will pass *ALL*
2751 switch (ether_type) {
2753 case ETHERTYPE_REVARP:
2754 if (pfil_ipfw_arp == 0)
2755 return (0); /* Automatically pass */
2760 case ETHERTYPE_IPV6:
2765 * Check to see if the user wants to pass non-ip
2766 * packets, these will not be checked by pfil(9) and
2767 * passed unconditionally so the default is to drop.
2773 /* Strip off the Ethernet header and keep a copy. */
2774 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
2775 m_adj(*mp, ETHER_HDR_LEN);
2777 /* Strip off snap header, if present */
2779 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
2780 m_adj(*mp, sizeof(struct llc));
2784 * Check the IP header for alignment and errors
2786 if (dir == PFIL_IN) {
2787 switch (ether_type) {
2789 error = bridge_ip_checkbasic(mp);
2792 case ETHERTYPE_IPV6:
2793 error = bridge_ip6_checkbasic(mp);
2803 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) {
2805 args.rule = ip_dn_claim_rule(*mp);
2806 if (args.rule != NULL && fw_one_pass)
2807 goto ipfwpass; /* packet already partially processed */
2811 args.next_hop = NULL;
2813 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
2814 i = ip_fw_chk_ptr(&args);
2820 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
2822 /* put the Ethernet header back on */
2823 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2826 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2829 * Pass the pkt to dummynet, which consumes it. The
2830 * packet will return to us via bridge_dummynet().
2833 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args);
2837 if (i != IP_FW_PASS) /* drop */
2845 * Run the packet through pfil
2847 switch (ether_type) {
2850 * before calling the firewall, swap fields the same as
2851 * IP does. here we assume the header is contiguous
2853 ip = mtod(*mp, struct ip *);
2855 ip->ip_len = ntohs(ip->ip_len);
2856 ip->ip_off = ntohs(ip->ip_off);
2859 * Run pfil on the member interface and the bridge, both can
2860 * be skipped by clearing pfil_member or pfil_bridge.
2863 * in_if -> bridge_if -> out_if
2865 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2866 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2869 if (*mp == NULL || error != 0) /* filter may consume */
2872 if (pfil_member && ifp != NULL)
2873 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp,
2876 if (*mp == NULL || error != 0) /* filter may consume */
2879 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2880 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2883 if (*mp == NULL || error != 0) /* filter may consume */
2886 /* check if we need to fragment the packet */
2887 if (pfil_member && ifp != NULL && dir == PFIL_OUT) {
2888 i = (*mp)->m_pkthdr.len;
2889 if (i > ifp->if_mtu) {
2890 error = bridge_fragment(ifp, *mp, &eh2, snap,
2896 /* Recalculate the ip checksum and restore byte ordering */
2897 ip = mtod(*mp, struct ip *);
2898 hlen = ip->ip_hl << 2;
2899 if (hlen < sizeof(struct ip))
2901 if (hlen > (*mp)->m_len) {
2902 if ((*mp = m_pullup(*mp, hlen)) == 0)
2904 ip = mtod(*mp, struct ip *);
2908 ip->ip_len = htons(ip->ip_len);
2909 ip->ip_off = htons(ip->ip_off);
2911 if (hlen == sizeof(struct ip))
2912 ip->ip_sum = in_cksum_hdr(ip);
2914 ip->ip_sum = in_cksum(*mp, hlen);
2918 case ETHERTYPE_IPV6:
2919 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2920 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2923 if (*mp == NULL || error != 0) /* filter may consume */
2926 if (pfil_member && ifp != NULL)
2927 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp,
2930 if (*mp == NULL || error != 0) /* filter may consume */
2933 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2934 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2951 * Finally, put everything back the way it was and return
2954 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT);
2957 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
2960 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2963 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2974 * Perform basic checks on header size since
2975 * pfil assumes ip_input has already processed
2976 * it for it. Cut-and-pasted from ip_input.c.
2977 * Given how simple the IPv6 version is,
2978 * does the IPv4 version really need to be
2981 * XXX Should we update ipstat here, or not?
2982 * XXX Right now we update ipstat but not
2986 bridge_ip_checkbasic(struct mbuf **mp)
2988 struct mbuf *m = *mp;
2996 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2997 if ((m = m_copyup(m, sizeof(struct ip),
2998 (max_linkhdr + 3) & ~3)) == NULL) {
2999 /* XXXJRT new stat, please */
3000 ipstat.ips_toosmall++;
3003 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
3004 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
3005 ipstat.ips_toosmall++;
3009 ip = mtod(m, struct ip *);
3010 if (ip == NULL) goto bad;
3012 if (ip->ip_v != IPVERSION) {
3013 ipstat.ips_badvers++;
3016 hlen = ip->ip_hl << 2;
3017 if (hlen < sizeof(struct ip)) { /* minimum header length */
3018 ipstat.ips_badhlen++;
3021 if (hlen > m->m_len) {
3022 if ((m = m_pullup(m, hlen)) == 0) {
3023 ipstat.ips_badhlen++;
3026 ip = mtod(m, struct ip *);
3027 if (ip == NULL) goto bad;
3030 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
3031 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
3033 if (hlen == sizeof(struct ip)) {
3034 sum = in_cksum_hdr(ip);
3036 sum = in_cksum(m, hlen);
3040 ipstat.ips_badsum++;
3044 /* Retrieve the packet length. */
3045 len = ntohs(ip->ip_len);
3048 * Check for additional length bogosity
3051 ipstat.ips_badlen++;
3056 * Check that the amount of data in the buffers
3057 * is as at least much as the IP header would have us expect.
3058 * Drop packet if shorter than we expect.
3060 if (m->m_pkthdr.len < len) {
3061 ipstat.ips_tooshort++;
3065 /* Checks out, proceed */
3076 * Same as above, but for IPv6.
3077 * Cut-and-pasted from ip6_input.c.
3078 * XXX Should we update ip6stat, or not?
3081 bridge_ip6_checkbasic(struct mbuf **mp)
3083 struct mbuf *m = *mp;
3084 struct ip6_hdr *ip6;
3087 * If the IPv6 header is not aligned, slurp it up into a new
3088 * mbuf with space for link headers, in the event we forward
3089 * it. Otherwise, if it is aligned, make sure the entire base
3090 * IPv6 header is in the first mbuf of the chain.
3092 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3093 struct ifnet *inifp = m->m_pkthdr.rcvif;
3094 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
3095 (max_linkhdr + 3) & ~3)) == NULL) {
3096 /* XXXJRT new stat, please */
3097 ip6stat.ip6s_toosmall++;
3098 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3101 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
3102 struct ifnet *inifp = m->m_pkthdr.rcvif;
3103 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
3104 ip6stat.ip6s_toosmall++;
3105 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3110 ip6 = mtod(m, struct ip6_hdr *);
3112 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
3113 ip6stat.ip6s_badvers++;
3114 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
3118 /* Checks out, proceed */
3131 * Return a fragmented mbuf chain.
3134 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh,
3135 int snap, struct llc *llc)
3141 if (m->m_len < sizeof(struct ip) &&
3142 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3144 ip = mtod(m, struct ip *);
3146 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist,
3151 /* walk the chain and re-add the Ethernet header */
3152 for (m0 = m; m0; m0 = m0->m_nextpkt) {
3155 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT);
3160 bcopy(llc, mtod(m0, caddr_t),
3161 sizeof(struct llc));
3163 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT);
3168 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN);
3174 ipstat.ips_fragmented++;
projects / FreeBSD / FreeBSD.git / blob