1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
4 * Copyright 2001 Wasabi Systems, Inc.
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
40 * All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. All advertising materials mentioning features or use of this software
51 * must display the following acknowledgement:
52 * This product includes software developed by Jason L. Wright
53 * 4. The name of the author may not be used to endorse or promote products
54 * derived from this software without specific prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66 * POSSIBILITY OF SUCH DAMAGE.
68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
72 * Network interface bridge support.
76 * - Currently only supports Ethernet-like interfaces (Ethernet,
77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
78 * to bridge other types of interfaces (FDDI-FDDI, and maybe
79 * consider heterogenous bridges).
82 #include <sys/cdefs.h>
83 __FBSDID("$FreeBSD$");
86 #include "opt_inet6.h"
89 #include <sys/param.h>
91 #include <sys/malloc.h>
92 #include <sys/protosw.h>
93 #include <sys/systm.h>
95 #include <sys/socket.h> /* for net/if.h */
96 #include <sys/sockio.h>
97 #include <sys/ctype.h> /* string functions */
98 #include <sys/kernel.h>
99 #include <sys/random.h>
100 #include <sys/sysctl.h>
102 #include <sys/module.h>
103 #include <sys/proc.h>
104 #include <sys/lock.h>
105 #include <sys/mutex.h>
109 #include <net/if_clone.h>
110 #include <net/if_dl.h>
111 #include <net/if_types.h>
112 #include <net/if_var.h>
113 #include <net/pfil.h>
115 #include <netinet/in.h> /* for struct arpcom */
116 #include <netinet/in_systm.h>
117 #include <netinet/in_var.h>
118 #include <netinet/ip.h>
119 #include <netinet/ip_var.h>
121 #include <netinet/ip6.h>
122 #include <netinet6/ip6_var.h>
125 #include <netinet/ip_carp.h>
127 #include <machine/in_cksum.h>
128 #include <netinet/if_ether.h> /* for struct arpcom */
129 #include <net/bridgestp.h>
130 #include <net/if_bridgevar.h>
131 #include <net/if_llc.h>
133 #include <net/route.h>
134 #include <netinet/ip_fw.h>
135 #include <netinet/ip_dummynet.h>
138 * Size of the route hash table. Must be a power of two.
140 #ifndef BRIDGE_RTHASH_SIZE
141 #define BRIDGE_RTHASH_SIZE 1024
144 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
147 * Maximum number of addresses to cache.
149 #ifndef BRIDGE_RTABLE_MAX
150 #define BRIDGE_RTABLE_MAX 100
154 * Timeout (in seconds) for entries learned dynamically.
156 #ifndef BRIDGE_RTABLE_TIMEOUT
157 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
161 * Number of seconds between walks of the route list.
163 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
164 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
168 * List of capabilities to mask on the member interface.
170 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM
172 static struct mtx bridge_list_mtx;
173 eventhandler_tag bridge_detach_cookie = NULL;
175 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
177 uma_zone_t bridge_rtnode_zone;
179 static int bridge_clone_create(struct if_clone *, int, caddr_t);
180 static void bridge_clone_destroy(struct ifnet *);
182 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
183 static void bridge_mutecaps(struct bridge_iflist *, int);
184 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
185 static void bridge_init(void *);
186 static void bridge_dummynet(struct mbuf *, struct ifnet *);
187 static void bridge_stop(struct ifnet *, int);
188 static void bridge_start(struct ifnet *);
189 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
190 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
193 static void bridge_forward(struct bridge_softc *, struct mbuf *m);
195 static void bridge_timer(void *);
197 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
199 static void bridge_span(struct bridge_softc *, struct mbuf *);
201 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
202 struct ifnet *, int, uint8_t);
203 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
204 static void bridge_rttrim(struct bridge_softc *);
205 static void bridge_rtage(struct bridge_softc *);
206 static void bridge_rtflush(struct bridge_softc *, int);
207 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
209 static int bridge_rtable_init(struct bridge_softc *);
210 static void bridge_rtable_fini(struct bridge_softc *);
212 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
213 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
215 static int bridge_rtnode_insert(struct bridge_softc *,
216 struct bridge_rtnode *);
217 static void bridge_rtnode_destroy(struct bridge_softc *,
218 struct bridge_rtnode *);
220 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
222 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
224 static void bridge_delete_member(struct bridge_softc *,
225 struct bridge_iflist *, int);
226 static void bridge_delete_span(struct bridge_softc *,
227 struct bridge_iflist *);
229 static int bridge_ioctl_add(struct bridge_softc *, void *);
230 static int bridge_ioctl_del(struct bridge_softc *, void *);
231 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
232 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
233 static int bridge_ioctl_scache(struct bridge_softc *, void *);
234 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
235 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
236 static int bridge_ioctl_rts(struct bridge_softc *, void *);
237 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
238 static int bridge_ioctl_sto(struct bridge_softc *, void *);
239 static int bridge_ioctl_gto(struct bridge_softc *, void *);
240 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
241 static int bridge_ioctl_flush(struct bridge_softc *, void *);
242 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
243 static int bridge_ioctl_spri(struct bridge_softc *, void *);
244 static int bridge_ioctl_ght(struct bridge_softc *, void *);
245 static int bridge_ioctl_sht(struct bridge_softc *, void *);
246 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
247 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
248 static int bridge_ioctl_gma(struct bridge_softc *, void *);
249 static int bridge_ioctl_sma(struct bridge_softc *, void *);
250 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
251 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
252 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
253 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
254 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
256 static int bridge_ip_checkbasic(struct mbuf **mp);
258 static int bridge_ip6_checkbasic(struct mbuf **mp);
260 static int bridge_fragment(struct ifnet *, struct mbuf *,
261 struct ether_header *, int, struct llc *);
263 SYSCTL_DECL(_net_link);
264 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
266 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
267 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
268 static int pfil_member = 1; /* run pfil hooks on the member interface */
269 static int pfil_ipfw = 0; /* layer2 filter with ipfw */
270 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
271 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
272 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
273 &pfil_bridge, 0, "Packet filter on the bridge interface");
274 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
275 &pfil_member, 0, "Packet filter on the member interface");
277 struct bridge_control {
278 int (*bc_func)(struct bridge_softc *, void *);
283 #define BC_F_COPYIN 0x01 /* copy arguments in */
284 #define BC_F_COPYOUT 0x02 /* copy arguments out */
285 #define BC_F_SUSER 0x04 /* do super-user check */
287 const struct bridge_control bridge_control_table[] = {
288 { bridge_ioctl_add, sizeof(struct ifbreq),
289 BC_F_COPYIN|BC_F_SUSER },
290 { bridge_ioctl_del, sizeof(struct ifbreq),
291 BC_F_COPYIN|BC_F_SUSER },
293 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
294 BC_F_COPYIN|BC_F_COPYOUT },
295 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
296 BC_F_COPYIN|BC_F_SUSER },
298 { bridge_ioctl_scache, sizeof(struct ifbrparam),
299 BC_F_COPYIN|BC_F_SUSER },
300 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
303 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
304 BC_F_COPYIN|BC_F_COPYOUT },
305 { bridge_ioctl_rts, sizeof(struct ifbaconf),
306 BC_F_COPYIN|BC_F_COPYOUT },
308 { bridge_ioctl_saddr, sizeof(struct ifbareq),
309 BC_F_COPYIN|BC_F_SUSER },
311 { bridge_ioctl_sto, sizeof(struct ifbrparam),
312 BC_F_COPYIN|BC_F_SUSER },
313 { bridge_ioctl_gto, sizeof(struct ifbrparam),
316 { bridge_ioctl_daddr, sizeof(struct ifbareq),
317 BC_F_COPYIN|BC_F_SUSER },
319 { bridge_ioctl_flush, sizeof(struct ifbreq),
320 BC_F_COPYIN|BC_F_SUSER },
322 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
324 { bridge_ioctl_spri, sizeof(struct ifbrparam),
325 BC_F_COPYIN|BC_F_SUSER },
327 { bridge_ioctl_ght, sizeof(struct ifbrparam),
329 { bridge_ioctl_sht, sizeof(struct ifbrparam),
330 BC_F_COPYIN|BC_F_SUSER },
332 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
334 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
335 BC_F_COPYIN|BC_F_SUSER },
337 { bridge_ioctl_gma, sizeof(struct ifbrparam),
339 { bridge_ioctl_sma, sizeof(struct ifbrparam),
340 BC_F_COPYIN|BC_F_SUSER },
342 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
343 BC_F_COPYIN|BC_F_SUSER },
345 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
346 BC_F_COPYIN|BC_F_SUSER },
348 { bridge_ioctl_addspan, sizeof(struct ifbreq),
349 BC_F_COPYIN|BC_F_SUSER },
350 { bridge_ioctl_delspan, sizeof(struct ifbreq),
351 BC_F_COPYIN|BC_F_SUSER },
353 const int bridge_control_table_size =
354 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
356 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
357 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
359 LIST_HEAD(, bridge_softc) bridge_list;
361 IFC_SIMPLE_DECLARE(bridge, 0);
364 bridge_modevent(module_t mod, int type, void *data)
369 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF);
370 if_clone_attach(&bridge_cloner);
371 bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
372 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
374 LIST_INIT(&bridge_list);
375 bridge_input_p = bridge_input;
376 bridge_output_p = bridge_output;
377 bridge_dn_p = bridge_dummynet;
378 bstp_linkstate_p = bstp_linkstate;
379 bridge_detach_cookie = EVENTHANDLER_REGISTER(
380 ifnet_departure_event, bridge_ifdetach, NULL,
381 EVENTHANDLER_PRI_ANY);
384 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
385 bridge_detach_cookie);
386 if_clone_detach(&bridge_cloner);
387 uma_zdestroy(bridge_rtnode_zone);
388 bridge_input_p = NULL;
389 bridge_output_p = NULL;
391 bstp_linkstate_p = NULL;
392 mtx_destroy(&bridge_list_mtx);
400 static moduledata_t bridge_mod = {
406 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
407 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
410 * handler for net.link.bridge.pfil_ipfw
413 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
415 int enable = pfil_ipfw;
418 error = sysctl_handle_int(oidp, &enable, 0, req);
419 enable = (enable) ? 1 : 0;
421 if (enable != pfil_ipfw) {
425 * Disable pfil so that ipfw doesnt run twice, if the user
426 * really wants both then they can re-enable pfil_bridge and/or
427 * pfil_member. Also allow non-ip packets as ipfw can filter by
439 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW,
440 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW");
443 * bridge_clone_create:
445 * Create a new bridge instance.
448 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
450 struct bridge_softc *sc, *sc2;
451 struct ifnet *bifp, *ifp;
455 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
456 BRIDGE_LOCK_INIT(sc);
457 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
463 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
464 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
466 /* Initialize our routing table. */
467 bridge_rtable_init(sc);
469 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0);
471 LIST_INIT(&sc->sc_iflist);
472 LIST_INIT(&sc->sc_spanlist);
475 if_initname(ifp, ifc->ifc_name, unit);
476 ifp->if_flags = IFF_BROADCAST | IFF_MULTICAST;
477 ifp->if_ioctl = bridge_ioctl;
478 ifp->if_start = bridge_start;
479 ifp->if_init = bridge_init;
480 ifp->if_type = IFT_BRIDGE;
481 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
482 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
483 IFQ_SET_READY(&ifp->if_snd);
486 * Generate a random ethernet address with a locally administered
489 * Since we are using random ethernet addresses for the bridge, it is
490 * possible that we might have address collisions, so make sure that
491 * this hardware address isn't already in use on another bridge.
493 for (retry = 1; retry != 0;) {
494 arc4rand(eaddr, ETHER_ADDR_LEN, 1);
495 eaddr[0] &= ~1; /* clear multicast bit */
496 eaddr[0] |= 2; /* set the LAA bit */
498 mtx_lock(&bridge_list_mtx);
499 LIST_FOREACH(sc2, &bridge_list, sc_list) {
501 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0)
504 mtx_unlock(&bridge_list_mtx);
507 bstp_attach(&sc->sc_stp);
508 ether_ifattach(ifp, eaddr);
509 /* Now undo some of the damage... */
510 ifp->if_baudrate = 0;
511 ifp->if_type = IFT_BRIDGE;
513 mtx_lock(&bridge_list_mtx);
514 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
515 mtx_unlock(&bridge_list_mtx);
521 * bridge_clone_destroy:
523 * Destroy a bridge instance.
526 bridge_clone_destroy(struct ifnet *ifp)
528 struct bridge_softc *sc = ifp->if_softc;
529 struct bridge_iflist *bif;
534 ifp->if_flags &= ~IFF_UP;
536 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
537 bridge_delete_member(sc, bif, 0);
539 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) {
540 bridge_delete_span(sc, bif);
545 callout_drain(&sc->sc_brcallout);
547 mtx_lock(&bridge_list_mtx);
548 LIST_REMOVE(sc, sc_list);
549 mtx_unlock(&bridge_list_mtx);
551 bstp_detach(&sc->sc_stp);
553 if_free_type(ifp, IFT_ETHER);
555 /* Tear down the routing table. */
556 bridge_rtable_fini(sc);
558 BRIDGE_LOCK_DESTROY(sc);
565 * Handle a control request from the operator.
568 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
570 struct bridge_softc *sc = ifp->if_softc;
571 struct thread *td = curthread;
573 struct ifbreq ifbreq;
574 struct ifbifconf ifbifconf;
575 struct ifbareq ifbareq;
576 struct ifbaconf ifbaconf;
577 struct ifbrparam ifbrparam;
579 struct ifdrv *ifd = (struct ifdrv *) data;
580 const struct bridge_control *bc;
593 if (ifd->ifd_cmd >= bridge_control_table_size) {
597 bc = &bridge_control_table[ifd->ifd_cmd];
599 if (cmd == SIOCGDRVSPEC &&
600 (bc->bc_flags & BC_F_COPYOUT) == 0) {
604 else if (cmd == SIOCSDRVSPEC &&
605 (bc->bc_flags & BC_F_COPYOUT) != 0) {
610 if (bc->bc_flags & BC_F_SUSER) {
616 if (ifd->ifd_len != bc->bc_argsize ||
617 ifd->ifd_len > sizeof(args)) {
622 bzero(&args, sizeof(args));
623 if (bc->bc_flags & BC_F_COPYIN) {
624 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
629 error = (*bc->bc_func)(sc, &args);
633 if (bc->bc_flags & BC_F_COPYOUT)
634 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
639 if (!(ifp->if_flags & IFF_UP) &&
640 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
642 * If interface is marked down and it is running,
643 * then stop and disable it.
646 } else if ((ifp->if_flags & IFF_UP) &&
647 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
649 * If interface is marked up and it is stopped, then
658 /* Do not allow the MTU to be changed on the bridge */
664 * drop the lock as ether_ioctl() will call bridge_start() and
665 * cause the lock to be recursed.
668 error = ether_ioctl(ifp, cmd, data);
672 if (BRIDGE_LOCKED(sc))
681 * Clear or restore unwanted capabilities on the member interface
684 bridge_mutecaps(struct bridge_iflist *bif, int mute)
686 struct ifnet *ifp = bif->bif_ifp;
690 if (ifp->if_ioctl == NULL)
693 bzero(&ifr, sizeof(ifr));
694 ifr.ifr_reqcap = ifp->if_capenable;
697 /* mask off and save capabilities */
698 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK;
699 if (bif->bif_mutecap != 0)
700 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK;
702 /* restore muted capabilities */
703 ifr.ifr_reqcap |= bif->bif_mutecap;
706 if (bif->bif_mutecap != 0) {
708 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
709 IFF_UNLOCKGIANT(ifp);
714 * bridge_lookup_member:
716 * Lookup a bridge member interface.
718 static struct bridge_iflist *
719 bridge_lookup_member(struct bridge_softc *sc, const char *name)
721 struct bridge_iflist *bif;
724 BRIDGE_LOCK_ASSERT(sc);
726 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
728 if (strcmp(ifp->if_xname, name) == 0)
736 * bridge_lookup_member_if:
738 * Lookup a bridge member interface by ifnet*.
740 static struct bridge_iflist *
741 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
743 struct bridge_iflist *bif;
745 BRIDGE_LOCK_ASSERT(sc);
747 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
748 if (bif->bif_ifp == member_ifp)
756 * bridge_delete_member:
758 * Delete the specified member interface.
761 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
764 struct ifnet *ifs = bif->bif_ifp;
766 BRIDGE_LOCK_ASSERT(sc);
769 switch (ifs->if_type) {
773 * Take the interface out of promiscuous mode.
775 (void) ifpromisc(ifs, 0);
776 bridge_mutecaps(bif, 0);
784 panic("bridge_delete_member: impossible");
790 if (bif->bif_flags & IFBIF_STP)
791 bstp_delete(&bif->bif_stp);
793 ifs->if_bridge = NULL;
795 LIST_REMOVE(bif, bif_next);
798 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
804 * bridge_delete_span:
806 * Delete the specified span interface.
809 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
811 BRIDGE_LOCK_ASSERT(sc);
813 KASSERT(bif->bif_ifp->if_bridge == NULL,
814 ("%s: not a span interface", __func__));
816 LIST_REMOVE(bif, bif_next);
821 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
823 struct ifbreq *req = arg;
824 struct bridge_iflist *bif = NULL;
828 BRIDGE_LOCK_ASSERT(sc);
830 ifs = ifunit(req->ifbr_ifsname);
834 /* If it's in the span list, it can't be a member. */
835 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
836 if (ifs == bif->bif_ifp)
839 /* Allow the first Ethernet member to define the MTU */
840 if (ifs->if_type != IFT_GIF) {
841 if (LIST_EMPTY(&sc->sc_iflist))
842 sc->sc_ifp->if_mtu = ifs->if_mtu;
843 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
844 if_printf(sc->sc_ifp, "invalid MTU for %s\n",
850 if (ifs->if_bridge == sc)
853 if (ifs->if_bridge != NULL)
856 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
861 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
863 switch (ifs->if_type) {
867 * Place the interface into promiscuous mode.
869 error = ifpromisc(ifs, 1);
873 bridge_mutecaps(bif, 1);
888 * NOTE: insert_***HEAD*** should be safe for the traversals.
890 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
901 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
903 struct ifbreq *req = arg;
904 struct bridge_iflist *bif;
906 BRIDGE_LOCK_ASSERT(sc);
908 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
912 bridge_delete_member(sc, bif, 0);
918 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
920 struct ifbreq *req = arg;
921 struct bridge_iflist *bif;
923 BRIDGE_LOCK_ASSERT(sc);
925 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
929 req->ifbr_ifsflags = bif->bif_flags;
930 req->ifbr_state = bif->bif_stp.bp_state;
931 req->ifbr_priority = bif->bif_stp.bp_priority;
932 req->ifbr_path_cost = bif->bif_stp.bp_path_cost;
933 req->ifbr_portno = bif->bif_ifp->if_index & 0xff;
939 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
941 struct ifbreq *req = arg;
942 struct bridge_iflist *bif;
945 BRIDGE_LOCK_ASSERT(sc);
947 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
951 if (req->ifbr_ifsflags & IFBIF_SPAN)
952 /* SPAN is readonly */
955 if (req->ifbr_ifsflags & IFBIF_STP) {
956 if ((bif->bif_flags & IFBIF_STP) == 0) {
957 error = bstp_add(&sc->sc_stp, &bif->bif_stp,
963 if ((bif->bif_flags & IFBIF_STP) != 0)
964 bstp_delete(&bif->bif_stp);
967 bif->bif_flags = req->ifbr_ifsflags;
973 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
975 struct ifbrparam *param = arg;
977 BRIDGE_LOCK_ASSERT(sc);
979 sc->sc_brtmax = param->ifbrp_csize;
986 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
988 struct ifbrparam *param = arg;
990 BRIDGE_LOCK_ASSERT(sc);
992 param->ifbrp_csize = sc->sc_brtmax;
998 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1000 struct ifbifconf *bifc = arg;
1001 struct bridge_iflist *bif;
1003 int count, len, error = 0;
1005 BRIDGE_LOCK_ASSERT(sc);
1008 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1010 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1013 if (bifc->ifbic_len == 0) {
1014 bifc->ifbic_len = sizeof(breq) * count;
1019 len = bifc->ifbic_len;
1020 bzero(&breq, sizeof(breq));
1021 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1022 if (len < sizeof(breq))
1025 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1026 sizeof(breq.ifbr_ifsname));
1027 breq.ifbr_ifsflags = bif->bif_flags;
1028 breq.ifbr_state = bif->bif_stp.bp_state;
1029 breq.ifbr_priority = bif->bif_stp.bp_priority;
1030 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1031 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1032 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1036 len -= sizeof(breq);
1038 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1039 if (len < sizeof(breq))
1042 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1043 sizeof(breq.ifbr_ifsname));
1044 breq.ifbr_ifsflags = bif->bif_flags;
1045 breq.ifbr_state = bif->bif_stp.bp_state;
1046 breq.ifbr_priority = bif->bif_stp.bp_priority;
1047 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1048 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1049 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1053 len -= sizeof(breq);
1056 bifc->ifbic_len = sizeof(breq) * count;
1061 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1063 struct ifbaconf *bac = arg;
1064 struct bridge_rtnode *brt;
1065 struct ifbareq bareq;
1066 int count = 0, error = 0, len;
1068 BRIDGE_LOCK_ASSERT(sc);
1070 if (bac->ifbac_len == 0)
1073 len = bac->ifbac_len;
1074 bzero(&bareq, sizeof(bareq));
1075 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1076 if (len < sizeof(bareq))
1078 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1079 sizeof(bareq.ifba_ifsname));
1080 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1081 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1082 time_uptime < brt->brt_expire)
1083 bareq.ifba_expire = brt->brt_expire - time_uptime;
1085 bareq.ifba_expire = 0;
1086 bareq.ifba_flags = brt->brt_flags;
1088 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq));
1092 len -= sizeof(bareq);
1095 bac->ifbac_len = sizeof(bareq) * count;
1100 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1102 struct ifbareq *req = arg;
1103 struct bridge_iflist *bif;
1106 BRIDGE_LOCK_ASSERT(sc);
1108 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1112 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
1119 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1121 struct ifbrparam *param = arg;
1123 BRIDGE_LOCK_ASSERT(sc);
1125 sc->sc_brttimeout = param->ifbrp_ctime;
1131 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1133 struct ifbrparam *param = arg;
1135 BRIDGE_LOCK_ASSERT(sc);
1137 param->ifbrp_ctime = sc->sc_brttimeout;
1143 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1145 struct ifbareq *req = arg;
1147 BRIDGE_LOCK_ASSERT(sc);
1149 return (bridge_rtdaddr(sc, req->ifba_dst));
1153 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1155 struct ifbreq *req = arg;
1157 BRIDGE_LOCK_ASSERT(sc);
1159 bridge_rtflush(sc, req->ifbr_ifsflags);
1165 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1167 struct ifbrparam *param = arg;
1168 struct bstp_state *bs = &sc->sc_stp;
1170 BRIDGE_LOCK_ASSERT(sc);
1172 param->ifbrp_prio = bs->bs_bridge_priority;
1178 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1180 struct ifbrparam *param = arg;
1181 struct bstp_state *bs = &sc->sc_stp;
1183 BRIDGE_LOCK_ASSERT(sc);
1185 bs->bs_bridge_priority = param->ifbrp_prio;
1192 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1194 struct ifbrparam *param = arg;
1195 struct bstp_state *bs = &sc->sc_stp;
1197 BRIDGE_LOCK_ASSERT(sc);
1199 param->ifbrp_hellotime = bs->bs_bridge_hello_time >> 8;
1205 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1207 struct ifbrparam *param = arg;
1208 struct bstp_state *bs = &sc->sc_stp;
1210 BRIDGE_LOCK_ASSERT(sc);
1212 if (param->ifbrp_hellotime == 0)
1214 bs->bs_bridge_hello_time = param->ifbrp_hellotime << 8;
1221 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1223 struct ifbrparam *param = arg;
1224 struct bstp_state *bs = &sc->sc_stp;
1226 BRIDGE_LOCK_ASSERT(sc);
1228 param->ifbrp_fwddelay = bs->bs_bridge_forward_delay >> 8;
1234 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1236 struct ifbrparam *param = arg;
1237 struct bstp_state *bs = &sc->sc_stp;
1239 BRIDGE_LOCK_ASSERT(sc);
1241 if (param->ifbrp_fwddelay == 0)
1243 bs->bs_bridge_forward_delay = param->ifbrp_fwddelay << 8;
1250 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1252 struct ifbrparam *param = arg;
1253 struct bstp_state *bs = &sc->sc_stp;
1255 BRIDGE_LOCK_ASSERT(sc);
1257 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1263 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1265 struct ifbrparam *param = arg;
1266 struct bstp_state *bs = &sc->sc_stp;
1268 BRIDGE_LOCK_ASSERT(sc);
1270 if (param->ifbrp_maxage == 0)
1272 bs->bs_bridge_max_age = param->ifbrp_maxage << 8;
1279 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1281 struct ifbreq *req = arg;
1282 struct bridge_iflist *bif;
1284 BRIDGE_LOCK_ASSERT(sc);
1286 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1290 bif->bif_stp.bp_priority = req->ifbr_priority;
1291 bstp_reinit(&sc->sc_stp);
1297 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1299 struct ifbreq *req = arg;
1300 struct bridge_iflist *bif;
1302 BRIDGE_LOCK_ASSERT(sc);
1304 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1308 bif->bif_stp.bp_path_cost = req->ifbr_path_cost;
1309 bstp_reinit(&sc->sc_stp);
1315 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1317 struct ifbreq *req = arg;
1318 struct bridge_iflist *bif = NULL;
1321 BRIDGE_LOCK_ASSERT(sc);
1323 ifs = ifunit(req->ifbr_ifsname);
1327 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1328 if (ifs == bif->bif_ifp)
1331 if (ifs->if_bridge != NULL)
1334 switch (ifs->if_type) {
1343 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1348 bif->bif_flags = IFBIF_SPAN;
1350 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1356 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1358 struct ifbreq *req = arg;
1359 struct bridge_iflist *bif;
1362 BRIDGE_LOCK_ASSERT(sc);
1364 ifs = ifunit(req->ifbr_ifsname);
1368 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1369 if (ifs == bif->bif_ifp)
1375 bridge_delete_span(sc, bif);
1383 * Detach an interface from a bridge. Called when a member
1384 * interface is detaching.
1387 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
1389 struct bridge_softc *sc = ifp->if_bridge;
1390 struct bridge_iflist *bif;
1392 /* Check if the interface is a bridge member */
1396 bif = bridge_lookup_member_if(sc, ifp);
1398 bridge_delete_member(sc, bif, 1);
1404 /* Check if the interface is a span port */
1405 mtx_lock(&bridge_list_mtx);
1406 LIST_FOREACH(sc, &bridge_list, sc_list) {
1408 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1409 if (ifp == bif->bif_ifp) {
1410 bridge_delete_span(sc, bif);
1416 mtx_unlock(&bridge_list_mtx);
1422 * Initialize a bridge interface.
1425 bridge_init(void *xsc)
1427 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1428 struct ifnet *ifp = sc->sc_ifp;
1430 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1434 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1437 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1438 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
1446 * Stop the bridge interface.
1449 bridge_stop(struct ifnet *ifp, int disable)
1451 struct bridge_softc *sc = ifp->if_softc;
1453 BRIDGE_LOCK_ASSERT(sc);
1455 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1458 callout_stop(&sc->sc_brcallout);
1459 bstp_stop(&sc->sc_stp);
1461 bridge_rtflush(sc, IFBF_FLUSHDYN);
1463 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1469 * Enqueue a packet on a bridge member interface.
1473 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1479 len = m->m_pkthdr.len;
1480 mflags = m->m_flags;
1482 /* We may be sending a fragment so traverse the mbuf */
1485 m->m_nextpkt = NULL;
1488 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err);
1493 sc->sc_ifp->if_opackets++;
1494 sc->sc_ifp->if_obytes += len;
1496 dst_ifp->if_obytes += len;
1498 if (mflags & M_MCAST) {
1499 sc->sc_ifp->if_omcasts++;
1500 dst_ifp->if_omcasts++;
1504 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0)
1505 (*dst_ifp->if_start)(dst_ifp);
1511 * Receive a queued packet from dummynet and pass it on to the output
1514 * The mbuf has the Ethernet header already attached.
1517 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
1519 struct bridge_softc *sc;
1521 sc = ifp->if_bridge;
1524 * The packet didnt originate from a member interface. This should only
1525 * ever happen if a member interface is removed while packets are
1533 if (PFIL_HOOKED(&inet_pfil_hook)
1535 || PFIL_HOOKED(&inet6_pfil_hook)
1538 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
1544 bridge_enqueue(sc, ifp, m);
1550 * Send output from a bridge member interface. This
1551 * performs the bridging function for locally originated
1554 * The mbuf has the Ethernet header already attached. We must
1555 * enqueue or free the mbuf before returning.
1558 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
1561 struct ether_header *eh;
1562 struct ifnet *dst_if;
1563 struct bridge_softc *sc;
1565 if (m->m_len < ETHER_HDR_LEN) {
1566 m = m_pullup(m, ETHER_HDR_LEN);
1571 eh = mtod(m, struct ether_header *);
1572 sc = ifp->if_bridge;
1577 * If bridge is down, but the original output interface is up,
1578 * go ahead and send out that interface. Otherwise, the packet
1581 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1587 * If the packet is a multicast, or we don't know a better way to
1588 * get there, send to all interfaces.
1590 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1593 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1594 if (dst_if == NULL) {
1595 struct bridge_iflist *bif;
1597 int error = 0, used = 0;
1599 BRIDGE_LOCK2REF(sc, error);
1607 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1608 dst_if = bif->bif_ifp;
1610 if (dst_if->if_type == IFT_GIF)
1612 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
1616 * If this is not the original output interface,
1617 * and the interface is participating in spanning
1618 * tree, make sure the port is in a state that
1619 * allows forwarding.
1621 if (dst_if != ifp &&
1622 (bif->bif_flags & IFBIF_STP) != 0) {
1623 switch (bif->bif_stp.bp_state) {
1624 case BSTP_IFSTATE_BLOCKING:
1625 case BSTP_IFSTATE_LISTENING:
1626 case BSTP_IFSTATE_DISABLED:
1631 if (LIST_NEXT(bif, bif_next) == NULL) {
1635 mc = m_copypacket(m, M_DONTWAIT);
1637 sc->sc_ifp->if_oerrors++;
1642 bridge_enqueue(sc, dst_if, mc);
1652 * XXX Spanning tree consideration here?
1656 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1663 bridge_enqueue(sc, dst_if, m);
1670 * Start output on a bridge.
1674 bridge_start(struct ifnet *ifp)
1676 struct bridge_softc *sc;
1678 struct ether_header *eh;
1679 struct ifnet *dst_if;
1683 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
1685 IFQ_DEQUEUE(&ifp->if_snd, m);
1690 eh = mtod(m, struct ether_header *);
1694 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1695 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1699 bridge_broadcast(sc, ifp, m, 0);
1702 bridge_enqueue(sc, dst_if, m);
1705 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1711 * The forwarding function of the bridge.
1713 * NOTE: Releases the lock on return.
1716 bridge_forward(struct bridge_softc *sc, struct mbuf *m)
1718 struct bridge_iflist *bif;
1719 struct ifnet *src_if, *dst_if, *ifp;
1720 struct ether_header *eh;
1722 src_if = m->m_pkthdr.rcvif;
1723 BRIDGE_LOCK_ASSERT(sc);
1726 sc->sc_ifp->if_ipackets++;
1727 sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
1730 * Look up the bridge_iflist.
1732 bif = bridge_lookup_member_if(sc, src_if);
1734 /* Interface is not a bridge member (anymore?) */
1740 if (bif->bif_flags & IFBIF_STP) {
1741 switch (bif->bif_stp.bp_state) {
1742 case BSTP_IFSTATE_BLOCKING:
1743 case BSTP_IFSTATE_LISTENING:
1744 case BSTP_IFSTATE_DISABLED:
1751 eh = mtod(m, struct ether_header *);
1754 * If the interface is learning, and the source
1755 * address is valid and not multicast, record
1758 if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
1759 ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
1760 (eh->ether_shost[0] == 0 &&
1761 eh->ether_shost[1] == 0 &&
1762 eh->ether_shost[2] == 0 &&
1763 eh->ether_shost[3] == 0 &&
1764 eh->ether_shost[4] == 0 &&
1765 eh->ether_shost[5] == 0) == 0) {
1766 (void) bridge_rtupdate(sc, eh->ether_shost,
1767 src_if, 0, IFBAF_DYNAMIC);
1770 if ((bif->bif_flags & IFBIF_STP) != 0 &&
1771 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) {
1778 * At this point, the port either doesn't participate
1779 * in spanning tree or it is in the forwarding state.
1783 * If the packet is unicast, destined for someone on
1784 * "this" side of the bridge, drop it.
1786 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1787 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1788 if (src_if == dst_if) {
1794 /* ...forward it to all interfaces. */
1795 sc->sc_ifp->if_imcasts++;
1800 * If we have a destination interface which is a member of our bridge,
1801 * OR this is a unicast packet, push it through the bpf(4) machinery.
1802 * For broadcast or multicast packets, don't bother because it will
1803 * be reinjected into ether_input. We do this before we pass the packets
1804 * through the pfil(9) framework, as it is possible that pfil(9) will
1805 * drop the packet, or possibly modify it, making it difficult to debug
1806 * firewall issues on the bridge.
1808 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
1811 /* run the packet filter */
1812 if (PFIL_HOOKED(&inet_pfil_hook)
1814 || PFIL_HOOKED(&inet6_pfil_hook)
1818 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
1825 if (dst_if == NULL) {
1826 bridge_broadcast(sc, src_if, m, 1);
1831 * At this point, we're dealing with a unicast frame
1832 * going to a different interface.
1834 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1839 bif = bridge_lookup_member_if(sc, dst_if);
1841 /* Not a member of the bridge (anymore?) */
1847 if (bif->bif_flags & IFBIF_STP) {
1848 switch (bif->bif_stp.bp_state) {
1849 case BSTP_IFSTATE_DISABLED:
1850 case BSTP_IFSTATE_BLOCKING:
1859 if (PFIL_HOOKED(&inet_pfil_hook)
1861 || PFIL_HOOKED(&inet6_pfil_hook)
1864 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
1870 bridge_enqueue(sc, dst_if, m);
1876 * Receive input from a member interface. Queue the packet for
1877 * bridging if it is not for us.
1879 static struct mbuf *
1880 bridge_input(struct ifnet *ifp, struct mbuf *m)
1882 struct bridge_softc *sc = ifp->if_bridge;
1883 struct bridge_iflist *bif;
1885 struct ether_header *eh;
1886 struct mbuf *mc, *mc2;
1888 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1894 * Implement support for bridge monitoring. If this flag has been
1895 * set on this interface, discard the packet once we push it through
1896 * the bpf(4) machinery, but before we do, increment the byte and
1897 * packet counters associated with this interface.
1899 if ((bifp->if_flags & IFF_MONITOR) != 0) {
1900 m->m_pkthdr.rcvif = bifp;
1902 bifp->if_ipackets++;
1903 bifp->if_ibytes += m->m_pkthdr.len;
1908 bif = bridge_lookup_member_if(sc, ifp);
1914 eh = mtod(m, struct ether_header *);
1916 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp),
1917 ETHER_ADDR_LEN) == 0) {
1919 * If the packet is for us, set the packets source as the
1920 * bridge, and return the packet back to ether_input for
1924 /* Mark the packet as arriving on the bridge interface */
1925 m->m_pkthdr.rcvif = bifp;
1927 bifp->if_ipackets++;
1935 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
1936 /* Tap off 802.1D packets; they do not get forwarded. */
1937 if (memcmp(eh->ether_dhost, bstp_etheraddr,
1938 ETHER_ADDR_LEN) == 0) {
1939 m = bstp_input(&bif->bif_stp, ifp, m);
1946 if (bif->bif_flags & IFBIF_STP) {
1947 switch (bif->bif_stp.bp_state) {
1948 case BSTP_IFSTATE_BLOCKING:
1949 case BSTP_IFSTATE_LISTENING:
1950 case BSTP_IFSTATE_DISABLED:
1956 if (bcmp(etherbroadcastaddr, eh->ether_dhost,
1957 sizeof(etherbroadcastaddr)) == 0)
1958 m->m_flags |= M_BCAST;
1960 m->m_flags |= M_MCAST;
1963 * Make a deep copy of the packet and enqueue the copy
1964 * for bridge processing; return the original packet for
1967 mc = m_dup(m, M_DONTWAIT);
1973 /* Perform the bridge forwarding function with the copy. */
1974 bridge_forward(sc, mc);
1977 * Reinject the mbuf as arriving on the bridge so we have a
1978 * chance at claiming multicast packets. We can not loop back
1979 * here from ether_input as a bridge is never a member of a
1982 KASSERT(bifp->if_bridge == NULL,
1983 ("loop created in bridge_input"));
1984 mc2 = m_dup(m, M_DONTWAIT);
1986 /* Keep the layer3 header aligned */
1987 int i = min(mc2->m_pkthdr.len, max_protohdr);
1988 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
1991 mc2->m_pkthdr.rcvif = bifp;
1992 (*bifp->if_input)(bifp, mc2);
1995 /* Return the original packet for local processing. */
1999 if (bif->bif_flags & IFBIF_STP) {
2000 switch (bif->bif_stp.bp_state) {
2001 case BSTP_IFSTATE_BLOCKING:
2002 case BSTP_IFSTATE_LISTENING:
2003 case BSTP_IFSTATE_DISABLED:
2010 * Unicast. Make sure it's not for us.
2012 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2013 if (bif->bif_ifp->if_type == IFT_GIF)
2015 /* It is destined for us. */
2016 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost,
2017 ETHER_ADDR_LEN) == 0
2019 || (bif->bif_ifp->if_carp
2020 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost))
2023 if (bif->bif_flags & IFBIF_LEARNING)
2024 (void) bridge_rtupdate(sc,
2025 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
2026 m->m_pkthdr.rcvif = bif->bif_ifp;
2031 /* We just received a packet that we sent out. */
2032 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost,
2033 ETHER_ADDR_LEN) == 0
2035 || (bif->bif_ifp->if_carp
2036 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost))
2045 /* Perform the bridge forwarding function. */
2046 bridge_forward(sc, m);
2054 * Send a frame to all interfaces that are members of
2055 * the bridge, except for the one on which the packet
2058 * NOTE: Releases the lock on return.
2061 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2062 struct mbuf *m, int runfilt)
2064 struct bridge_iflist *bif;
2066 struct ifnet *dst_if;
2067 int error = 0, used = 0, i;
2069 BRIDGE_LOCK_ASSERT(sc);
2070 BRIDGE_LOCK2REF(sc, error);
2076 /* Filter on the bridge interface before broadcasting */
2077 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2079 || PFIL_HOOKED(&inet6_pfil_hook)
2082 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2088 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2089 dst_if = bif->bif_ifp;
2090 if (dst_if == src_if)
2093 if (bif->bif_flags & IFBIF_STP) {
2094 switch (bif->bif_stp.bp_state) {
2095 case BSTP_IFSTATE_BLOCKING:
2096 case BSTP_IFSTATE_DISABLED:
2101 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
2102 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2105 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2108 if (LIST_NEXT(bif, bif_next) == NULL) {
2112 mc = m_dup(m, M_DONTWAIT);
2114 sc->sc_ifp->if_oerrors++;
2120 * Filter on the output interface. Pass a NULL bridge interface
2121 * pointer so we do not redundantly filter on the bridge for
2122 * each interface we broadcast on.
2124 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2126 || PFIL_HOOKED(&inet6_pfil_hook)
2130 /* Keep the layer3 header aligned */
2131 i = min(mc->m_pkthdr.len, max_protohdr);
2132 mc = m_copyup(mc, i, ETHER_ALIGN);
2134 sc->sc_ifp->if_oerrors++;
2138 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2144 bridge_enqueue(sc, dst_if, mc);
2156 * Duplicate a packet out one or more interfaces that are in span mode,
2157 * the original mbuf is unmodified.
2160 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2162 struct bridge_iflist *bif;
2163 struct ifnet *dst_if;
2166 if (LIST_EMPTY(&sc->sc_spanlist))
2169 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2170 dst_if = bif->bif_ifp;
2172 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2175 mc = m_copypacket(m, M_DONTWAIT);
2177 sc->sc_ifp->if_oerrors++;
2181 bridge_enqueue(sc, dst_if, mc);
2188 * Add a bridge routing entry.
2191 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
2192 struct ifnet *dst_if, int setflags, uint8_t flags)
2194 struct bridge_rtnode *brt;
2197 BRIDGE_LOCK_ASSERT(sc);
2200 * A route for this destination might already exist. If so,
2201 * update it, otherwise create a new one.
2203 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
2204 if (sc->sc_brtcnt >= sc->sc_brtmax)
2208 * Allocate a new bridge forwarding node, and
2209 * initialize the expiration time and Ethernet
2212 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO);
2216 brt->brt_flags = IFBAF_DYNAMIC;
2217 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
2219 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
2220 uma_zfree(bridge_rtnode_zone, brt);
2225 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2226 brt->brt_ifp = dst_if;
2227 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2228 brt->brt_expire = time_uptime + sc->sc_brttimeout;
2230 brt->brt_flags = flags;
2238 * Lookup the destination interface for an address.
2240 static struct ifnet *
2241 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
2243 struct bridge_rtnode *brt;
2245 BRIDGE_LOCK_ASSERT(sc);
2247 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2250 return (brt->brt_ifp);
2256 * Trim the routine table so that we have a number
2257 * of routing entries less than or equal to the
2261 bridge_rttrim(struct bridge_softc *sc)
2263 struct bridge_rtnode *brt, *nbrt;
2265 BRIDGE_LOCK_ASSERT(sc);
2267 /* Make sure we actually need to do this. */
2268 if (sc->sc_brtcnt <= sc->sc_brtmax)
2271 /* Force an aging cycle; this might trim enough addresses. */
2273 if (sc->sc_brtcnt <= sc->sc_brtmax)
2276 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2277 nbrt = LIST_NEXT(brt, brt_list);
2278 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2279 bridge_rtnode_destroy(sc, brt);
2280 if (sc->sc_brtcnt <= sc->sc_brtmax)
2289 * Aging timer for the bridge.
2292 bridge_timer(void *arg)
2294 struct bridge_softc *sc = arg;
2296 BRIDGE_LOCK_ASSERT(sc);
2300 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
2301 callout_reset(&sc->sc_brcallout,
2302 bridge_rtable_prune_period * hz, bridge_timer, sc);
2308 * Perform an aging cycle.
2311 bridge_rtage(struct bridge_softc *sc)
2313 struct bridge_rtnode *brt, *nbrt;
2315 BRIDGE_LOCK_ASSERT(sc);
2317 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2318 nbrt = LIST_NEXT(brt, brt_list);
2319 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2320 if (time_uptime >= brt->brt_expire)
2321 bridge_rtnode_destroy(sc, brt);
2329 * Remove all dynamic addresses from the bridge.
2332 bridge_rtflush(struct bridge_softc *sc, int full)
2334 struct bridge_rtnode *brt, *nbrt;
2336 BRIDGE_LOCK_ASSERT(sc);
2338 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2339 nbrt = LIST_NEXT(brt, brt_list);
2340 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2341 bridge_rtnode_destroy(sc, brt);
2348 * Remove an address from the table.
2351 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
2353 struct bridge_rtnode *brt;
2355 BRIDGE_LOCK_ASSERT(sc);
2357 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2360 bridge_rtnode_destroy(sc, brt);
2367 * Delete routes to a speicifc member interface.
2370 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
2372 struct bridge_rtnode *brt, *nbrt;
2374 BRIDGE_LOCK_ASSERT(sc);
2376 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2377 nbrt = LIST_NEXT(brt, brt_list);
2378 if (brt->brt_ifp == ifp && (full ||
2379 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
2380 bridge_rtnode_destroy(sc, brt);
2385 * bridge_rtable_init:
2387 * Initialize the route table for this bridge.
2390 bridge_rtable_init(struct bridge_softc *sc)
2394 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
2395 M_DEVBUF, M_NOWAIT);
2396 if (sc->sc_rthash == NULL)
2399 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
2400 LIST_INIT(&sc->sc_rthash[i]);
2402 sc->sc_rthash_key = arc4random();
2404 LIST_INIT(&sc->sc_rtlist);
2410 * bridge_rtable_fini:
2412 * Deconstruct the route table for this bridge.
2415 bridge_rtable_fini(struct bridge_softc *sc)
2418 free(sc->sc_rthash, M_DEVBUF);
2422 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
2423 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
2425 #define mix(a, b, c) \
2427 a -= b; a -= c; a ^= (c >> 13); \
2428 b -= c; b -= a; b ^= (a << 8); \
2429 c -= a; c -= b; c ^= (b >> 13); \
2430 a -= b; a -= c; a ^= (c >> 12); \
2431 b -= c; b -= a; b ^= (a << 16); \
2432 c -= a; c -= b; c ^= (b >> 5); \
2433 a -= b; a -= c; a ^= (c >> 3); \
2434 b -= c; b -= a; b ^= (a << 10); \
2435 c -= a; c -= b; c ^= (b >> 15); \
2436 } while (/*CONSTCOND*/0)
2438 static __inline uint32_t
2439 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
2441 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2452 return (c & BRIDGE_RTHASH_MASK);
2458 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
2462 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
2463 d = ((int)a[i]) - ((int)b[i]);
2470 * bridge_rtnode_lookup:
2472 * Look up a bridge route node for the specified destination.
2474 static struct bridge_rtnode *
2475 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
2477 struct bridge_rtnode *brt;
2481 BRIDGE_LOCK_ASSERT(sc);
2483 hash = bridge_rthash(sc, addr);
2484 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2485 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
2496 * bridge_rtnode_insert:
2498 * Insert the specified bridge node into the route table. We
2499 * assume the entry is not already in the table.
2502 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2504 struct bridge_rtnode *lbrt;
2508 BRIDGE_LOCK_ASSERT(sc);
2510 hash = bridge_rthash(sc, brt->brt_addr);
2512 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2514 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2519 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
2523 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2526 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2527 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2530 lbrt = LIST_NEXT(lbrt, brt_hash);
2531 } while (lbrt != NULL);
2534 panic("bridge_rtnode_insert: impossible");
2538 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2545 * bridge_rtnode_destroy:
2547 * Destroy a bridge rtnode.
2550 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2552 BRIDGE_LOCK_ASSERT(sc);
2554 LIST_REMOVE(brt, brt_hash);
2556 LIST_REMOVE(brt, brt_list);
2558 uma_zfree(bridge_rtnode_zone, brt);
2562 * Send bridge packets through pfil if they are one of the types pfil can deal
2563 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2564 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2568 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2570 int snap, error, i, hlen;
2571 struct ether_header *eh1, eh2;
2572 struct ip_fw_args args;
2575 u_int16_t ether_type;
2578 error = -1; /* Default error if not error == 0 */
2580 /* we may return with the IP fields swapped, ensure its not shared */
2581 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
2583 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0)
2584 return (0); /* filtering is disabled */
2586 i = min((*mp)->m_pkthdr.len, max_protohdr);
2587 if ((*mp)->m_len < i) {
2588 *mp = m_pullup(*mp, i);
2590 printf("%s: m_pullup failed\n", __func__);
2595 eh1 = mtod(*mp, struct ether_header *);
2596 ether_type = ntohs(eh1->ether_type);
2599 * Check for SNAP/LLC.
2601 if (ether_type < ETHERMTU) {
2602 struct llc *llc2 = (struct llc *)(eh1 + 1);
2604 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
2605 llc2->llc_dsap == LLC_SNAP_LSAP &&
2606 llc2->llc_ssap == LLC_SNAP_LSAP &&
2607 llc2->llc_control == LLC_UI) {
2608 ether_type = htons(llc2->llc_un.type_snap.ether_type);
2614 * If we're trying to filter bridge traffic, don't look at anything
2615 * other than IP and ARP traffic. If the filter doesn't understand
2616 * IPv6, don't allow IPv6 through the bridge either. This is lame
2617 * since if we really wanted, say, an AppleTalk filter, we are hosed,
2618 * but of course we don't have an AppleTalk filter to begin with.
2619 * (Note that since pfil doesn't understand ARP it will pass *ALL*
2622 switch (ether_type) {
2624 case ETHERTYPE_REVARP:
2625 return (0); /* Automatically pass */
2628 case ETHERTYPE_IPV6:
2633 * Check to see if the user wants to pass non-ip
2634 * packets, these will not be checked by pfil(9) and
2635 * passed unconditionally so the default is to drop.
2641 /* Strip off the Ethernet header and keep a copy. */
2642 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
2643 m_adj(*mp, ETHER_HDR_LEN);
2645 /* Strip off snap header, if present */
2647 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
2648 m_adj(*mp, sizeof(struct llc));
2652 * Check the IP header for alignment and errors
2654 if (dir == PFIL_IN) {
2655 switch (ether_type) {
2657 error = bridge_ip_checkbasic(mp);
2660 case ETHERTYPE_IPV6:
2661 error = bridge_ip6_checkbasic(mp);
2671 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) {
2673 args.rule = ip_dn_claim_rule(*mp);
2674 if (args.rule != NULL && fw_one_pass)
2675 goto ipfwpass; /* packet already partially processed */
2679 args.next_hop = NULL;
2681 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
2682 i = ip_fw_chk_ptr(&args);
2688 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
2690 /* put the Ethernet header back on */
2691 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2694 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2697 * Pass the pkt to dummynet, which consumes it. The
2698 * packet will return to us via bridge_dummynet().
2701 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args);
2705 if (i != IP_FW_PASS) /* drop */
2713 * Run the packet through pfil
2715 switch (ether_type) {
2718 * before calling the firewall, swap fields the same as
2719 * IP does. here we assume the header is contiguous
2721 ip = mtod(*mp, struct ip *);
2723 ip->ip_len = ntohs(ip->ip_len);
2724 ip->ip_off = ntohs(ip->ip_off);
2727 * Run pfil on the member interface and the bridge, both can
2728 * be skipped by clearing pfil_member or pfil_bridge.
2731 * in_if -> bridge_if -> out_if
2733 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2734 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2737 if (*mp == NULL || error != 0) /* filter may consume */
2740 if (pfil_member && ifp != NULL)
2741 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp,
2744 if (*mp == NULL || error != 0) /* filter may consume */
2747 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2748 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2751 if (*mp == NULL || error != 0) /* filter may consume */
2754 /* check if we need to fragment the packet */
2755 if (pfil_member && ifp != NULL && dir == PFIL_OUT) {
2756 i = (*mp)->m_pkthdr.len;
2757 if (i > ifp->if_mtu) {
2758 error = bridge_fragment(ifp, *mp, &eh2, snap,
2764 /* Recalculate the ip checksum and restore byte ordering */
2765 ip = mtod(*mp, struct ip *);
2766 hlen = ip->ip_hl << 2;
2767 if (hlen < sizeof(struct ip))
2769 if (hlen > (*mp)->m_len) {
2770 if ((*mp = m_pullup(*mp, hlen)) == 0)
2772 ip = mtod(*mp, struct ip *);
2776 ip->ip_len = htons(ip->ip_len);
2777 ip->ip_off = htons(ip->ip_off);
2779 if (hlen == sizeof(struct ip))
2780 ip->ip_sum = in_cksum_hdr(ip);
2782 ip->ip_sum = in_cksum(*mp, hlen);
2786 case ETHERTYPE_IPV6:
2787 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2788 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2791 if (*mp == NULL || error != 0) /* filter may consume */
2794 if (pfil_member && ifp != NULL)
2795 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp,
2798 if (*mp == NULL || error != 0) /* filter may consume */
2801 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2802 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2819 * Finally, put everything back the way it was and return
2822 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT);
2825 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
2828 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2831 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2842 * Perform basic checks on header size since
2843 * pfil assumes ip_input has already processed
2844 * it for it. Cut-and-pasted from ip_input.c.
2845 * Given how simple the IPv6 version is,
2846 * does the IPv4 version really need to be
2849 * XXX Should we update ipstat here, or not?
2850 * XXX Right now we update ipstat but not
2854 bridge_ip_checkbasic(struct mbuf **mp)
2856 struct mbuf *m = *mp;
2864 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2865 if ((m = m_copyup(m, sizeof(struct ip),
2866 (max_linkhdr + 3) & ~3)) == NULL) {
2867 /* XXXJRT new stat, please */
2868 ipstat.ips_toosmall++;
2871 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
2872 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
2873 ipstat.ips_toosmall++;
2877 ip = mtod(m, struct ip *);
2878 if (ip == NULL) goto bad;
2880 if (ip->ip_v != IPVERSION) {
2881 ipstat.ips_badvers++;
2884 hlen = ip->ip_hl << 2;
2885 if (hlen < sizeof(struct ip)) { /* minimum header length */
2886 ipstat.ips_badhlen++;
2889 if (hlen > m->m_len) {
2890 if ((m = m_pullup(m, hlen)) == 0) {
2891 ipstat.ips_badhlen++;
2894 ip = mtod(m, struct ip *);
2895 if (ip == NULL) goto bad;
2898 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
2899 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
2901 if (hlen == sizeof(struct ip)) {
2902 sum = in_cksum_hdr(ip);
2904 sum = in_cksum(m, hlen);
2908 ipstat.ips_badsum++;
2912 /* Retrieve the packet length. */
2913 len = ntohs(ip->ip_len);
2916 * Check for additional length bogosity
2919 ipstat.ips_badlen++;
2924 * Check that the amount of data in the buffers
2925 * is as at least much as the IP header would have us expect.
2926 * Drop packet if shorter than we expect.
2928 if (m->m_pkthdr.len < len) {
2929 ipstat.ips_tooshort++;
2933 /* Checks out, proceed */
2944 * Same as above, but for IPv6.
2945 * Cut-and-pasted from ip6_input.c.
2946 * XXX Should we update ip6stat, or not?
2949 bridge_ip6_checkbasic(struct mbuf **mp)
2951 struct mbuf *m = *mp;
2952 struct ip6_hdr *ip6;
2955 * If the IPv6 header is not aligned, slurp it up into a new
2956 * mbuf with space for link headers, in the event we forward
2957 * it. Otherwise, if it is aligned, make sure the entire base
2958 * IPv6 header is in the first mbuf of the chain.
2960 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2961 struct ifnet *inifp = m->m_pkthdr.rcvif;
2962 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
2963 (max_linkhdr + 3) & ~3)) == NULL) {
2964 /* XXXJRT new stat, please */
2965 ip6stat.ip6s_toosmall++;
2966 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
2969 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
2970 struct ifnet *inifp = m->m_pkthdr.rcvif;
2971 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
2972 ip6stat.ip6s_toosmall++;
2973 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
2978 ip6 = mtod(m, struct ip6_hdr *);
2980 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
2981 ip6stat.ip6s_badvers++;
2982 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
2986 /* Checks out, proceed */
2999 * Return a fragmented mbuf chain.
3002 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh,
3003 int snap, struct llc *llc)
3009 if (m->m_len < sizeof(struct ip) &&
3010 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3012 ip = mtod(m, struct ip *);
3014 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist,
3019 /* walk the chain and re-add the Ethernet header */
3020 for (m0 = m; m0; m0 = m0->m_nextpkt) {
3023 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT);
3028 bcopy(llc, mtod(m0, caddr_t),
3029 sizeof(struct llc));
3031 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT);
3036 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN);
3042 ipstat.ips_fragmented++;
projects / FreeBSD / FreeBSD.git / blob