1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
4 * Copyright 2001 Wasabi Systems, Inc.
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
40 * All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. All advertising materials mentioning features or use of this software
51 * must display the following acknowledgement:
52 * This product includes software developed by Jason L. Wright
53 * 4. The name of the author may not be used to endorse or promote products
54 * derived from this software without specific prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66 * POSSIBILITY OF SUCH DAMAGE.
68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
72 * Network interface bridge support.
76 * - Currently only supports Ethernet-like interfaces (Ethernet,
77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
78 * to bridge other types of interfaces (FDDI-FDDI, and maybe
79 * consider heterogenous bridges).
82 #include <sys/cdefs.h>
83 __FBSDID("$FreeBSD$");
86 #include "opt_inet6.h"
89 #include <sys/param.h>
91 #include <sys/malloc.h>
92 #include <sys/protosw.h>
93 #include <sys/systm.h>
95 #include <sys/socket.h> /* for net/if.h */
96 #include <sys/sockio.h>
97 #include <sys/ctype.h> /* string functions */
98 #include <sys/kernel.h>
99 #include <sys/random.h>
100 #include <sys/syslog.h>
101 #include <sys/sysctl.h>
103 #include <sys/module.h>
104 #include <sys/proc.h>
105 #include <sys/lock.h>
106 #include <sys/mutex.h>
110 #include <net/if_clone.h>
111 #include <net/if_dl.h>
112 #include <net/if_types.h>
113 #include <net/if_var.h>
114 #include <net/pfil.h>
116 #include <netinet/in.h> /* for struct arpcom */
117 #include <netinet/in_systm.h>
118 #include <netinet/in_var.h>
119 #include <netinet/ip.h>
120 #include <netinet/ip_var.h>
122 #include <netinet/ip6.h>
123 #include <netinet6/ip6_var.h>
126 #include <netinet/ip_carp.h>
128 #include <machine/in_cksum.h>
129 #include <netinet/if_ether.h> /* for struct arpcom */
130 #include <net/bridgestp.h>
131 #include <net/if_bridgevar.h>
132 #include <net/if_llc.h>
134 #include <net/route.h>
135 #include <netinet/ip_fw.h>
136 #include <netinet/ip_dummynet.h>
139 * Size of the route hash table. Must be a power of two.
141 #ifndef BRIDGE_RTHASH_SIZE
142 #define BRIDGE_RTHASH_SIZE 1024
145 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
148 * Maximum number of addresses to cache.
150 #ifndef BRIDGE_RTABLE_MAX
151 #define BRIDGE_RTABLE_MAX 100
155 * Timeout (in seconds) for entries learned dynamically.
157 #ifndef BRIDGE_RTABLE_TIMEOUT
158 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
162 * Number of seconds between walks of the route list.
164 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
165 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
169 * List of capabilities to mask on the member interface.
171 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM
174 * Bridge interface list entry.
176 struct bridge_iflist {
177 LIST_ENTRY(bridge_iflist) bif_next;
178 struct ifnet *bif_ifp; /* member if */
179 struct bstp_port bif_stp; /* STP state */
180 uint32_t bif_flags; /* member if flags */
181 int bif_mutecap; /* member muted caps */
187 struct bridge_rtnode {
188 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
189 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
190 struct ifnet *brt_ifp; /* destination if */
191 unsigned long brt_expire; /* expiration time */
192 uint8_t brt_flags; /* address flags */
193 uint8_t brt_addr[ETHER_ADDR_LEN];
197 * Software state for each bridge.
199 struct bridge_softc {
200 struct ifnet *sc_ifp; /* make this an interface */
201 LIST_ENTRY(bridge_softc) sc_list;
204 uint32_t sc_brtmax; /* max # of addresses */
205 uint32_t sc_brtcnt; /* cur. # of addresses */
206 uint32_t sc_brttimeout; /* rt timeout in seconds */
207 struct callout sc_brcallout; /* bridge callout */
208 uint32_t sc_iflist_ref; /* refcount for sc_iflist */
209 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */
210 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
211 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
212 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
213 uint32_t sc_rthash_key; /* key for hash */
214 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
215 struct bstp_state sc_stp; /* STP state */
216 uint32_t sc_brtexceeded; /* # of cache drops */
219 static struct mtx bridge_list_mtx;
220 eventhandler_tag bridge_detach_cookie = NULL;
222 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
224 uma_zone_t bridge_rtnode_zone;
226 static int bridge_clone_create(struct if_clone *, int, caddr_t);
227 static void bridge_clone_destroy(struct ifnet *);
229 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
230 static void bridge_mutecaps(struct bridge_iflist *, int);
231 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
232 static void bridge_init(void *);
233 static void bridge_dummynet(struct mbuf *, struct ifnet *);
234 static void bridge_stop(struct ifnet *, int);
235 static void bridge_start(struct ifnet *);
236 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
237 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
239 static void bridge_enqueue(struct bridge_softc *, struct ifnet *,
241 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
243 static void bridge_forward(struct bridge_softc *, struct mbuf *m);
245 static void bridge_timer(void *);
247 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
249 static void bridge_span(struct bridge_softc *, struct mbuf *);
251 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
252 struct ifnet *, int, uint8_t);
253 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
254 static void bridge_rttrim(struct bridge_softc *);
255 static void bridge_rtage(struct bridge_softc *);
256 static void bridge_rtflush(struct bridge_softc *, int);
257 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
259 static int bridge_rtable_init(struct bridge_softc *);
260 static void bridge_rtable_fini(struct bridge_softc *);
262 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
263 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
265 static int bridge_rtnode_insert(struct bridge_softc *,
266 struct bridge_rtnode *);
267 static void bridge_rtnode_destroy(struct bridge_softc *,
268 struct bridge_rtnode *);
269 static void bridge_state_change(struct ifnet *, int);
271 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
273 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
275 static void bridge_delete_member(struct bridge_softc *,
276 struct bridge_iflist *, int);
277 static void bridge_delete_span(struct bridge_softc *,
278 struct bridge_iflist *);
280 static int bridge_ioctl_add(struct bridge_softc *, void *);
281 static int bridge_ioctl_del(struct bridge_softc *, void *);
282 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
283 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
284 static int bridge_ioctl_scache(struct bridge_softc *, void *);
285 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
286 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
287 static int bridge_ioctl_rts(struct bridge_softc *, void *);
288 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
289 static int bridge_ioctl_sto(struct bridge_softc *, void *);
290 static int bridge_ioctl_gto(struct bridge_softc *, void *);
291 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
292 static int bridge_ioctl_flush(struct bridge_softc *, void *);
293 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
294 static int bridge_ioctl_spri(struct bridge_softc *, void *);
295 static int bridge_ioctl_ght(struct bridge_softc *, void *);
296 static int bridge_ioctl_sht(struct bridge_softc *, void *);
297 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
298 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
299 static int bridge_ioctl_gma(struct bridge_softc *, void *);
300 static int bridge_ioctl_sma(struct bridge_softc *, void *);
301 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
302 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
303 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
304 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
305 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
306 static int bridge_ioctl_grte(struct bridge_softc *, void *);
307 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
308 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
310 static int bridge_ip_checkbasic(struct mbuf **mp);
312 static int bridge_ip6_checkbasic(struct mbuf **mp);
314 static int bridge_fragment(struct ifnet *, struct mbuf *,
315 struct ether_header *, int, struct llc *);
317 SYSCTL_DECL(_net_link);
318 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
320 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
321 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
322 static int pfil_member = 1; /* run pfil hooks on the member interface */
323 static int pfil_ipfw = 0; /* layer2 filter with ipfw */
324 static int log_stp = 0; /* log STP state changes */
325 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
326 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
327 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
328 &pfil_bridge, 0, "Packet filter on the bridge interface");
329 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
330 &pfil_member, 0, "Packet filter on the member interface");
331 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW,
332 &log_stp, 0, "Log STP state changes");
334 struct bridge_control {
335 int (*bc_func)(struct bridge_softc *, void *);
340 #define BC_F_COPYIN 0x01 /* copy arguments in */
341 #define BC_F_COPYOUT 0x02 /* copy arguments out */
342 #define BC_F_SUSER 0x04 /* do super-user check */
344 const struct bridge_control bridge_control_table[] = {
345 { bridge_ioctl_add, sizeof(struct ifbreq),
346 BC_F_COPYIN|BC_F_SUSER },
347 { bridge_ioctl_del, sizeof(struct ifbreq),
348 BC_F_COPYIN|BC_F_SUSER },
350 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
351 BC_F_COPYIN|BC_F_COPYOUT },
352 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
353 BC_F_COPYIN|BC_F_SUSER },
355 { bridge_ioctl_scache, sizeof(struct ifbrparam),
356 BC_F_COPYIN|BC_F_SUSER },
357 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
360 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
361 BC_F_COPYIN|BC_F_COPYOUT },
362 { bridge_ioctl_rts, sizeof(struct ifbaconf),
363 BC_F_COPYIN|BC_F_COPYOUT },
365 { bridge_ioctl_saddr, sizeof(struct ifbareq),
366 BC_F_COPYIN|BC_F_SUSER },
368 { bridge_ioctl_sto, sizeof(struct ifbrparam),
369 BC_F_COPYIN|BC_F_SUSER },
370 { bridge_ioctl_gto, sizeof(struct ifbrparam),
373 { bridge_ioctl_daddr, sizeof(struct ifbareq),
374 BC_F_COPYIN|BC_F_SUSER },
376 { bridge_ioctl_flush, sizeof(struct ifbreq),
377 BC_F_COPYIN|BC_F_SUSER },
379 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
381 { bridge_ioctl_spri, sizeof(struct ifbrparam),
382 BC_F_COPYIN|BC_F_SUSER },
384 { bridge_ioctl_ght, sizeof(struct ifbrparam),
386 { bridge_ioctl_sht, sizeof(struct ifbrparam),
387 BC_F_COPYIN|BC_F_SUSER },
389 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
391 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
392 BC_F_COPYIN|BC_F_SUSER },
394 { bridge_ioctl_gma, sizeof(struct ifbrparam),
396 { bridge_ioctl_sma, sizeof(struct ifbrparam),
397 BC_F_COPYIN|BC_F_SUSER },
399 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
400 BC_F_COPYIN|BC_F_SUSER },
402 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
403 BC_F_COPYIN|BC_F_SUSER },
405 { bridge_ioctl_addspan, sizeof(struct ifbreq),
406 BC_F_COPYIN|BC_F_SUSER },
407 { bridge_ioctl_delspan, sizeof(struct ifbreq),
408 BC_F_COPYIN|BC_F_SUSER },
410 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
413 { bridge_ioctl_grte, sizeof(struct ifbrparam),
416 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
419 const int bridge_control_table_size =
420 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
422 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
423 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
425 LIST_HEAD(, bridge_softc) bridge_list;
427 IFC_SIMPLE_DECLARE(bridge, 0);
430 bridge_modevent(module_t mod, int type, void *data)
435 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF);
436 if_clone_attach(&bridge_cloner);
437 bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
438 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
440 LIST_INIT(&bridge_list);
441 bridge_input_p = bridge_input;
442 bridge_output_p = bridge_output;
443 bridge_dn_p = bridge_dummynet;
444 bstp_linkstate_p = bstp_linkstate;
445 bridge_detach_cookie = EVENTHANDLER_REGISTER(
446 ifnet_departure_event, bridge_ifdetach, NULL,
447 EVENTHANDLER_PRI_ANY);
450 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
451 bridge_detach_cookie);
452 if_clone_detach(&bridge_cloner);
453 uma_zdestroy(bridge_rtnode_zone);
454 bridge_input_p = NULL;
455 bridge_output_p = NULL;
457 bstp_linkstate_p = NULL;
458 mtx_destroy(&bridge_list_mtx);
466 static moduledata_t bridge_mod = {
472 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
473 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
476 * handler for net.link.bridge.pfil_ipfw
479 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
481 int enable = pfil_ipfw;
484 error = sysctl_handle_int(oidp, &enable, 0, req);
485 enable = (enable) ? 1 : 0;
487 if (enable != pfil_ipfw) {
491 * Disable pfil so that ipfw doesnt run twice, if the user
492 * really wants both then they can re-enable pfil_bridge and/or
493 * pfil_member. Also allow non-ip packets as ipfw can filter by
505 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW,
506 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW");
509 * bridge_clone_create:
511 * Create a new bridge instance.
514 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
516 struct bridge_softc *sc, *sc2;
517 struct ifnet *bifp, *ifp;
521 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
522 BRIDGE_LOCK_INIT(sc);
523 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
529 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
530 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
531 getmicrotime(&(sc->sc_stp.bs_last_tc_time));
533 /* Initialize our routing table. */
534 bridge_rtable_init(sc);
536 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0);
538 LIST_INIT(&sc->sc_iflist);
539 LIST_INIT(&sc->sc_spanlist);
542 if_initname(ifp, ifc->ifc_name, unit);
543 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
544 ifp->if_ioctl = bridge_ioctl;
545 ifp->if_start = bridge_start;
546 ifp->if_init = bridge_init;
547 ifp->if_type = IFT_BRIDGE;
548 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
549 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
550 IFQ_SET_READY(&ifp->if_snd);
553 * Generate a random ethernet address with a locally administered
556 * Since we are using random ethernet addresses for the bridge, it is
557 * possible that we might have address collisions, so make sure that
558 * this hardware address isn't already in use on another bridge.
560 for (retry = 1; retry != 0;) {
561 arc4rand(eaddr, ETHER_ADDR_LEN, 1);
562 eaddr[0] &= ~1; /* clear multicast bit */
563 eaddr[0] |= 2; /* set the LAA bit */
565 mtx_lock(&bridge_list_mtx);
566 LIST_FOREACH(sc2, &bridge_list, sc_list) {
568 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0)
571 mtx_unlock(&bridge_list_mtx);
574 bstp_attach(&sc->sc_stp, bridge_state_change);
575 ether_ifattach(ifp, eaddr);
576 /* Now undo some of the damage... */
577 ifp->if_baudrate = 0;
578 ifp->if_type = IFT_BRIDGE;
580 mtx_lock(&bridge_list_mtx);
581 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
582 mtx_unlock(&bridge_list_mtx);
588 * bridge_clone_destroy:
590 * Destroy a bridge instance.
593 bridge_clone_destroy(struct ifnet *ifp)
595 struct bridge_softc *sc = ifp->if_softc;
596 struct bridge_iflist *bif;
601 ifp->if_flags &= ~IFF_UP;
603 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
604 bridge_delete_member(sc, bif, 0);
606 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) {
607 bridge_delete_span(sc, bif);
612 callout_drain(&sc->sc_brcallout);
614 mtx_lock(&bridge_list_mtx);
615 LIST_REMOVE(sc, sc_list);
616 mtx_unlock(&bridge_list_mtx);
618 bstp_detach(&sc->sc_stp);
620 if_free_type(ifp, IFT_ETHER);
622 /* Tear down the routing table. */
623 bridge_rtable_fini(sc);
625 BRIDGE_LOCK_DESTROY(sc);
632 * Handle a control request from the operator.
635 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
637 struct bridge_softc *sc = ifp->if_softc;
638 struct thread *td = curthread;
640 struct ifbreq ifbreq;
641 struct ifbifconf ifbifconf;
642 struct ifbareq ifbareq;
643 struct ifbaconf ifbaconf;
644 struct ifbrparam ifbrparam;
646 struct ifdrv *ifd = (struct ifdrv *) data;
647 const struct bridge_control *bc;
660 if (ifd->ifd_cmd >= bridge_control_table_size) {
664 bc = &bridge_control_table[ifd->ifd_cmd];
666 if (cmd == SIOCGDRVSPEC &&
667 (bc->bc_flags & BC_F_COPYOUT) == 0) {
671 else if (cmd == SIOCSDRVSPEC &&
672 (bc->bc_flags & BC_F_COPYOUT) != 0) {
677 if (bc->bc_flags & BC_F_SUSER) {
683 if (ifd->ifd_len != bc->bc_argsize ||
684 ifd->ifd_len > sizeof(args)) {
689 bzero(&args, sizeof(args));
690 if (bc->bc_flags & BC_F_COPYIN) {
691 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
696 error = (*bc->bc_func)(sc, &args);
700 if (bc->bc_flags & BC_F_COPYOUT)
701 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
706 if (!(ifp->if_flags & IFF_UP) &&
707 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
709 * If interface is marked down and it is running,
710 * then stop and disable it.
713 } else if ((ifp->if_flags & IFF_UP) &&
714 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
716 * If interface is marked up and it is stopped, then
725 /* Do not allow the MTU to be changed on the bridge */
731 * drop the lock as ether_ioctl() will call bridge_start() and
732 * cause the lock to be recursed.
735 error = ether_ioctl(ifp, cmd, data);
739 if (BRIDGE_LOCKED(sc))
748 * Clear or restore unwanted capabilities on the member interface
751 bridge_mutecaps(struct bridge_iflist *bif, int mute)
753 struct ifnet *ifp = bif->bif_ifp;
757 if (ifp->if_ioctl == NULL)
760 bzero(&ifr, sizeof(ifr));
761 ifr.ifr_reqcap = ifp->if_capenable;
764 /* mask off and save capabilities */
765 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK;
766 if (bif->bif_mutecap != 0)
767 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK;
769 /* restore muted capabilities */
770 ifr.ifr_reqcap |= bif->bif_mutecap;
773 if (bif->bif_mutecap != 0) {
775 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
776 IFF_UNLOCKGIANT(ifp);
781 * bridge_lookup_member:
783 * Lookup a bridge member interface.
785 static struct bridge_iflist *
786 bridge_lookup_member(struct bridge_softc *sc, const char *name)
788 struct bridge_iflist *bif;
791 BRIDGE_LOCK_ASSERT(sc);
793 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
795 if (strcmp(ifp->if_xname, name) == 0)
803 * bridge_lookup_member_if:
805 * Lookup a bridge member interface by ifnet*.
807 static struct bridge_iflist *
808 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
810 struct bridge_iflist *bif;
812 BRIDGE_LOCK_ASSERT(sc);
814 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
815 if (bif->bif_ifp == member_ifp)
823 * bridge_delete_member:
825 * Delete the specified member interface.
828 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
831 struct ifnet *ifs = bif->bif_ifp;
833 BRIDGE_LOCK_ASSERT(sc);
836 switch (ifs->if_type) {
840 * Take the interface out of promiscuous mode.
842 (void) ifpromisc(ifs, 0);
843 bridge_mutecaps(bif, 0);
851 panic("bridge_delete_member: impossible");
857 if (bif->bif_flags & IFBIF_STP)
858 bstp_delete(&bif->bif_stp);
860 ifs->if_bridge = NULL;
862 LIST_REMOVE(bif, bif_next);
865 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
868 bstp_drain(&bif->bif_stp); /* prepare to free */
874 * bridge_delete_span:
876 * Delete the specified span interface.
879 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
881 BRIDGE_LOCK_ASSERT(sc);
883 KASSERT(bif->bif_ifp->if_bridge == NULL,
884 ("%s: not a span interface", __func__));
886 LIST_REMOVE(bif, bif_next);
891 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
893 struct ifbreq *req = arg;
894 struct bridge_iflist *bif = NULL;
898 ifs = ifunit(req->ifbr_ifsname);
902 /* If it's in the span list, it can't be a member. */
903 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
904 if (ifs == bif->bif_ifp)
907 /* Allow the first Ethernet member to define the MTU */
908 if (ifs->if_type != IFT_GIF) {
909 if (LIST_EMPTY(&sc->sc_iflist))
910 sc->sc_ifp->if_mtu = ifs->if_mtu;
911 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
912 if_printf(sc->sc_ifp, "invalid MTU for %s\n",
918 if (ifs->if_bridge == sc)
921 if (ifs->if_bridge != NULL)
924 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
929 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
931 switch (ifs->if_type) {
935 * Place the interface into promiscuous mode.
937 error = ifpromisc(ifs, 1);
941 bridge_mutecaps(bif, 1);
956 * NOTE: insert_***HEAD*** should be safe for the traversals.
958 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
969 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
971 struct ifbreq *req = arg;
972 struct bridge_iflist *bif;
974 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
978 bridge_delete_member(sc, bif, 0);
984 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
986 struct ifbreq *req = arg;
987 struct bridge_iflist *bif;
989 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
993 req->ifbr_ifsflags = bif->bif_flags;
994 req->ifbr_state = bif->bif_stp.bp_state;
995 req->ifbr_priority = bif->bif_stp.bp_priority;
996 req->ifbr_path_cost = bif->bif_stp.bp_path_cost;
997 req->ifbr_portno = bif->bif_ifp->if_index & 0xff;
1003 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1005 struct ifbreq *req = arg;
1006 struct bridge_iflist *bif;
1009 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1013 if (req->ifbr_ifsflags & IFBIF_SPAN)
1014 /* SPAN is readonly */
1017 if (req->ifbr_ifsflags & IFBIF_STP) {
1018 if ((bif->bif_flags & IFBIF_STP) == 0) {
1019 error = bstp_add(&sc->sc_stp, &bif->bif_stp,
1025 if ((bif->bif_flags & IFBIF_STP) != 0)
1026 bstp_delete(&bif->bif_stp);
1029 bif->bif_flags = req->ifbr_ifsflags;
1035 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1037 struct ifbrparam *param = arg;
1039 sc->sc_brtmax = param->ifbrp_csize;
1046 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1048 struct ifbrparam *param = arg;
1050 param->ifbrp_csize = sc->sc_brtmax;
1056 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1058 struct ifbifconf *bifc = arg;
1059 struct bridge_iflist *bif;
1061 int count, len, error = 0;
1064 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1066 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1069 if (bifc->ifbic_len == 0) {
1070 bifc->ifbic_len = sizeof(breq) * count;
1075 len = bifc->ifbic_len;
1076 bzero(&breq, sizeof(breq));
1077 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1078 if (len < sizeof(breq))
1081 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1082 sizeof(breq.ifbr_ifsname));
1083 breq.ifbr_ifsflags = bif->bif_flags;
1084 breq.ifbr_state = bif->bif_stp.bp_state;
1085 breq.ifbr_priority = bif->bif_stp.bp_priority;
1086 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1087 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1088 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1092 len -= sizeof(breq);
1094 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1095 if (len < sizeof(breq))
1098 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1099 sizeof(breq.ifbr_ifsname));
1100 breq.ifbr_ifsflags = bif->bif_flags;
1101 breq.ifbr_state = bif->bif_stp.bp_state;
1102 breq.ifbr_priority = bif->bif_stp.bp_priority;
1103 breq.ifbr_path_cost = bif->bif_stp.bp_path_cost;
1104 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
1105 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1109 len -= sizeof(breq);
1112 bifc->ifbic_len = sizeof(breq) * count;
1117 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1119 struct ifbaconf *bac = arg;
1120 struct bridge_rtnode *brt;
1121 struct ifbareq bareq;
1122 int count = 0, error = 0, len;
1124 if (bac->ifbac_len == 0)
1127 len = bac->ifbac_len;
1128 bzero(&bareq, sizeof(bareq));
1129 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1130 if (len < sizeof(bareq))
1132 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1133 sizeof(bareq.ifba_ifsname));
1134 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1135 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1136 time_uptime < brt->brt_expire)
1137 bareq.ifba_expire = brt->brt_expire - time_uptime;
1139 bareq.ifba_expire = 0;
1140 bareq.ifba_flags = brt->brt_flags;
1142 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq));
1146 len -= sizeof(bareq);
1149 bac->ifbac_len = sizeof(bareq) * count;
1154 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1156 struct ifbareq *req = arg;
1157 struct bridge_iflist *bif;
1160 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1164 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
1171 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1173 struct ifbrparam *param = arg;
1175 sc->sc_brttimeout = param->ifbrp_ctime;
1180 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1182 struct ifbrparam *param = arg;
1184 param->ifbrp_ctime = sc->sc_brttimeout;
1189 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1191 struct ifbareq *req = arg;
1193 return (bridge_rtdaddr(sc, req->ifba_dst));
1197 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1199 struct ifbreq *req = arg;
1201 bridge_rtflush(sc, req->ifbr_ifsflags);
1206 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1208 struct ifbrparam *param = arg;
1209 struct bstp_state *bs = &sc->sc_stp;
1211 param->ifbrp_prio = bs->bs_bridge_priority;
1216 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1218 struct ifbrparam *param = arg;
1219 struct bstp_state *bs = &sc->sc_stp;
1221 bs->bs_bridge_priority = param->ifbrp_prio;
1228 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1230 struct ifbrparam *param = arg;
1231 struct bstp_state *bs = &sc->sc_stp;
1233 param->ifbrp_hellotime = bs->bs_bridge_hello_time >> 8;
1238 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1240 struct ifbrparam *param = arg;
1241 struct bstp_state *bs = &sc->sc_stp;
1243 if (param->ifbrp_hellotime == 0)
1245 bs->bs_bridge_hello_time = param->ifbrp_hellotime << 8;
1252 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1254 struct ifbrparam *param = arg;
1255 struct bstp_state *bs = &sc->sc_stp;
1257 param->ifbrp_fwddelay = bs->bs_bridge_forward_delay >> 8;
1262 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1264 struct ifbrparam *param = arg;
1265 struct bstp_state *bs = &sc->sc_stp;
1267 if (param->ifbrp_fwddelay == 0)
1269 bs->bs_bridge_forward_delay = param->ifbrp_fwddelay << 8;
1276 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1278 struct ifbrparam *param = arg;
1279 struct bstp_state *bs = &sc->sc_stp;
1281 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1286 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1288 struct ifbrparam *param = arg;
1289 struct bstp_state *bs = &sc->sc_stp;
1291 if (param->ifbrp_maxage == 0)
1293 bs->bs_bridge_max_age = param->ifbrp_maxage << 8;
1300 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1302 struct ifbreq *req = arg;
1303 struct bridge_iflist *bif;
1305 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1309 bif->bif_stp.bp_priority = req->ifbr_priority;
1310 bstp_reinit(&sc->sc_stp);
1316 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1318 struct ifbreq *req = arg;
1319 struct bridge_iflist *bif;
1321 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1325 bif->bif_stp.bp_path_cost = req->ifbr_path_cost;
1326 bstp_reinit(&sc->sc_stp);
1332 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1334 struct ifbreq *req = arg;
1335 struct bridge_iflist *bif = NULL;
1338 ifs = ifunit(req->ifbr_ifsname);
1342 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1343 if (ifs == bif->bif_ifp)
1346 if (ifs->if_bridge != NULL)
1349 switch (ifs->if_type) {
1358 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1363 bif->bif_flags = IFBIF_SPAN;
1365 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1371 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1373 struct ifbreq *req = arg;
1374 struct bridge_iflist *bif;
1377 ifs = ifunit(req->ifbr_ifsname);
1381 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1382 if (ifs == bif->bif_ifp)
1388 bridge_delete_span(sc, bif);
1394 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
1396 struct ifbropreq *req = arg;
1397 struct bstp_port *root_port;
1399 req->ifbop_maxage = sc->sc_stp.bs_max_age;
1400 req->ifbop_hellotime = sc->sc_stp.bs_hello_time;
1401 req->ifbop_fwddelay = sc->sc_stp.bs_forward_delay;
1403 root_port = sc->sc_stp.bs_root_port;
1404 if (root_port == NULL)
1405 req->ifbop_root_port = 0;
1407 req->ifbop_root_port = root_port->bp_ifp->if_index;
1409 req->ifbop_root_path_cost = sc->sc_stp.bs_root_path_cost;
1410 req->ifbop_designated_root = sc->sc_stp.bs_designated_root;
1411 req->ifbop_last_tc_time.tv_sec = sc->sc_stp.bs_last_tc_time.tv_sec;
1412 req->ifbop_last_tc_time.tv_usec = sc->sc_stp.bs_last_tc_time.tv_usec;
1418 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
1420 struct ifbrparam *param = arg;
1422 param->ifbrp_cexceeded = sc->sc_brtexceeded;
1427 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
1429 struct ifbpstpconf *bifstp = arg;
1430 struct bridge_iflist *bif;
1431 struct ifbpstpreq bpreq;
1432 int count, len, error = 0;
1435 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1436 if ((bif->bif_flags & IFBIF_STP) != 0)
1440 if (bifstp->ifbpstp_len == 0) {
1441 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1446 len = bifstp->ifbpstp_len;
1447 bzero(&bpreq, sizeof(bpreq));
1448 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1449 if (len < sizeof(bpreq))
1452 if ((bif->bif_flags & IFBIF_STP) == 0)
1455 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xff;
1456 bpreq.ifbp_fwd_trans = bif->bif_stp.bp_forward_transitions;
1457 bpreq.ifbp_design_cost = bif->bif_stp.bp_designated_cost;
1458 bpreq.ifbp_design_port = bif->bif_stp.bp_designated_port;
1459 bpreq.ifbp_design_bridge = bif->bif_stp.bp_designated_bridge;
1460 bpreq.ifbp_design_root = bif->bif_stp.bp_designated_root;
1462 error = copyout(&bpreq, bifstp->ifbpstp_req + count,
1468 len -= sizeof(bpreq);
1471 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1478 * Detach an interface from a bridge. Called when a member
1479 * interface is detaching.
1482 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
1484 struct bridge_softc *sc = ifp->if_bridge;
1485 struct bridge_iflist *bif;
1487 /* Check if the interface is a bridge member */
1491 bif = bridge_lookup_member_if(sc, ifp);
1493 bridge_delete_member(sc, bif, 1);
1499 /* Check if the interface is a span port */
1500 mtx_lock(&bridge_list_mtx);
1501 LIST_FOREACH(sc, &bridge_list, sc_list) {
1503 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1504 if (ifp == bif->bif_ifp) {
1505 bridge_delete_span(sc, bif);
1511 mtx_unlock(&bridge_list_mtx);
1517 * Initialize a bridge interface.
1520 bridge_init(void *xsc)
1522 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1523 struct ifnet *ifp = sc->sc_ifp;
1525 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1529 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1532 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1533 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
1541 * Stop the bridge interface.
1544 bridge_stop(struct ifnet *ifp, int disable)
1546 struct bridge_softc *sc = ifp->if_softc;
1548 BRIDGE_LOCK_ASSERT(sc);
1550 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1553 callout_stop(&sc->sc_brcallout);
1554 bstp_stop(&sc->sc_stp);
1556 bridge_rtflush(sc, IFBF_FLUSHDYN);
1558 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1564 * Enqueue a packet on a bridge member interface.
1568 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1574 len = m->m_pkthdr.len;
1575 mflags = m->m_flags;
1577 /* We may be sending a fragment so traverse the mbuf */
1580 m->m_nextpkt = NULL;
1583 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err);
1588 sc->sc_ifp->if_opackets++;
1589 sc->sc_ifp->if_obytes += len;
1591 dst_ifp->if_obytes += len;
1593 if (mflags & M_MCAST) {
1594 sc->sc_ifp->if_omcasts++;
1595 dst_ifp->if_omcasts++;
1599 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0)
1600 (*dst_ifp->if_start)(dst_ifp);
1606 * Receive a queued packet from dummynet and pass it on to the output
1609 * The mbuf has the Ethernet header already attached.
1612 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
1614 struct bridge_softc *sc;
1616 sc = ifp->if_bridge;
1619 * The packet didnt originate from a member interface. This should only
1620 * ever happen if a member interface is removed while packets are
1628 if (PFIL_HOOKED(&inet_pfil_hook)
1630 || PFIL_HOOKED(&inet6_pfil_hook)
1633 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
1639 bridge_enqueue(sc, ifp, m);
1645 * Send output from a bridge member interface. This
1646 * performs the bridging function for locally originated
1649 * The mbuf has the Ethernet header already attached. We must
1650 * enqueue or free the mbuf before returning.
1653 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
1656 struct ether_header *eh;
1657 struct ifnet *dst_if;
1658 struct bridge_softc *sc;
1660 if (m->m_len < ETHER_HDR_LEN) {
1661 m = m_pullup(m, ETHER_HDR_LEN);
1666 eh = mtod(m, struct ether_header *);
1667 sc = ifp->if_bridge;
1672 * If bridge is down, but the original output interface is up,
1673 * go ahead and send out that interface. Otherwise, the packet
1676 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1682 * If the packet is a multicast, or we don't know a better way to
1683 * get there, send to all interfaces.
1685 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1688 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1689 if (dst_if == NULL) {
1690 struct bridge_iflist *bif;
1692 int error = 0, used = 0;
1696 BRIDGE_LOCK2REF(sc, error);
1702 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1703 dst_if = bif->bif_ifp;
1705 if (dst_if->if_type == IFT_GIF)
1707 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
1711 * If this is not the original output interface,
1712 * and the interface is participating in spanning
1713 * tree, make sure the port is in a state that
1714 * allows forwarding.
1716 if (dst_if != ifp &&
1717 (bif->bif_flags & IFBIF_STP) != 0) {
1718 switch (bif->bif_stp.bp_state) {
1719 case BSTP_IFSTATE_BLOCKING:
1720 case BSTP_IFSTATE_LISTENING:
1721 case BSTP_IFSTATE_DISABLED:
1726 if (LIST_NEXT(bif, bif_next) == NULL) {
1730 mc = m_copypacket(m, M_DONTWAIT);
1732 sc->sc_ifp->if_oerrors++;
1737 bridge_enqueue(sc, dst_if, mc);
1747 * XXX Spanning tree consideration here?
1751 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1758 bridge_enqueue(sc, dst_if, m);
1765 * Start output on a bridge.
1769 bridge_start(struct ifnet *ifp)
1771 struct bridge_softc *sc;
1773 struct ether_header *eh;
1774 struct ifnet *dst_if;
1778 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
1780 IFQ_DEQUEUE(&ifp->if_snd, m);
1785 eh = mtod(m, struct ether_header *);
1789 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1790 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1794 bridge_broadcast(sc, ifp, m, 0);
1797 bridge_enqueue(sc, dst_if, m);
1800 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1806 * The forwarding function of the bridge.
1808 * NOTE: Releases the lock on return.
1811 bridge_forward(struct bridge_softc *sc, struct mbuf *m)
1813 struct bridge_iflist *bif;
1814 struct ifnet *src_if, *dst_if, *ifp;
1815 struct ether_header *eh;
1817 src_if = m->m_pkthdr.rcvif;
1820 sc->sc_ifp->if_ipackets++;
1821 sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
1824 * Look up the bridge_iflist.
1826 bif = bridge_lookup_member_if(sc, src_if);
1828 /* Interface is not a bridge member (anymore?) */
1834 if (bif->bif_flags & IFBIF_STP) {
1835 switch (bif->bif_stp.bp_state) {
1836 case BSTP_IFSTATE_BLOCKING:
1837 case BSTP_IFSTATE_LISTENING:
1838 case BSTP_IFSTATE_DISABLED:
1845 eh = mtod(m, struct ether_header *);
1848 * If the interface is learning, and the source
1849 * address is valid and not multicast, record
1852 if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
1853 ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
1854 (eh->ether_shost[0] == 0 &&
1855 eh->ether_shost[1] == 0 &&
1856 eh->ether_shost[2] == 0 &&
1857 eh->ether_shost[3] == 0 &&
1858 eh->ether_shost[4] == 0 &&
1859 eh->ether_shost[5] == 0) == 0) {
1860 (void) bridge_rtupdate(sc, eh->ether_shost,
1861 src_if, 0, IFBAF_DYNAMIC);
1864 if ((bif->bif_flags & IFBIF_STP) != 0 &&
1865 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) {
1872 * At this point, the port either doesn't participate
1873 * in spanning tree or it is in the forwarding state.
1877 * If the packet is unicast, destined for someone on
1878 * "this" side of the bridge, drop it.
1880 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1881 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1882 if (src_if == dst_if) {
1888 /* ...forward it to all interfaces. */
1889 sc->sc_ifp->if_imcasts++;
1894 * If we have a destination interface which is a member of our bridge,
1895 * OR this is a unicast packet, push it through the bpf(4) machinery.
1896 * For broadcast or multicast packets, don't bother because it will
1897 * be reinjected into ether_input. We do this before we pass the packets
1898 * through the pfil(9) framework, as it is possible that pfil(9) will
1899 * drop the packet, or possibly modify it, making it difficult to debug
1900 * firewall issues on the bridge.
1902 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
1905 /* run the packet filter */
1906 if (PFIL_HOOKED(&inet_pfil_hook)
1908 || PFIL_HOOKED(&inet6_pfil_hook)
1912 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
1919 if (dst_if == NULL) {
1920 bridge_broadcast(sc, src_if, m, 1);
1925 * At this point, we're dealing with a unicast frame
1926 * going to a different interface.
1928 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1933 bif = bridge_lookup_member_if(sc, dst_if);
1935 /* Not a member of the bridge (anymore?) */
1941 if (bif->bif_flags & IFBIF_STP) {
1942 switch (bif->bif_stp.bp_state) {
1943 case BSTP_IFSTATE_DISABLED:
1944 case BSTP_IFSTATE_BLOCKING:
1953 if (PFIL_HOOKED(&inet_pfil_hook)
1955 || PFIL_HOOKED(&inet6_pfil_hook)
1958 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
1964 bridge_enqueue(sc, dst_if, m);
1970 * Receive input from a member interface. Queue the packet for
1971 * bridging if it is not for us.
1973 static struct mbuf *
1974 bridge_input(struct ifnet *ifp, struct mbuf *m)
1976 struct bridge_softc *sc = ifp->if_bridge;
1977 struct bridge_iflist *bif;
1979 struct ether_header *eh;
1980 struct mbuf *mc, *mc2;
1982 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1988 * Implement support for bridge monitoring. If this flag has been
1989 * set on this interface, discard the packet once we push it through
1990 * the bpf(4) machinery, but before we do, increment the byte and
1991 * packet counters associated with this interface.
1993 if ((bifp->if_flags & IFF_MONITOR) != 0) {
1994 m->m_pkthdr.rcvif = bifp;
1996 bifp->if_ipackets++;
1997 bifp->if_ibytes += m->m_pkthdr.len;
2002 bif = bridge_lookup_member_if(sc, ifp);
2008 eh = mtod(m, struct ether_header *);
2010 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp),
2011 ETHER_ADDR_LEN) == 0) {
2013 * If the packet is for us, set the packets source as the
2014 * bridge, and return the packet back to ether_input for
2018 /* Mark the packet as arriving on the bridge interface */
2019 m->m_pkthdr.rcvif = bifp;
2021 bifp->if_ipackets++;
2029 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
2030 /* Tap off 802.1D packets; they do not get forwarded. */
2031 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2032 ETHER_ADDR_LEN) == 0) {
2033 m = bstp_input(&bif->bif_stp, ifp, m);
2040 if (bif->bif_flags & IFBIF_STP) {
2041 switch (bif->bif_stp.bp_state) {
2042 case BSTP_IFSTATE_BLOCKING:
2043 case BSTP_IFSTATE_LISTENING:
2044 case BSTP_IFSTATE_DISABLED:
2050 if (bcmp(etherbroadcastaddr, eh->ether_dhost,
2051 sizeof(etherbroadcastaddr)) == 0)
2052 m->m_flags |= M_BCAST;
2054 m->m_flags |= M_MCAST;
2057 * Make a deep copy of the packet and enqueue the copy
2058 * for bridge processing; return the original packet for
2061 mc = m_dup(m, M_DONTWAIT);
2067 /* Perform the bridge forwarding function with the copy. */
2068 bridge_forward(sc, mc);
2071 * Reinject the mbuf as arriving on the bridge so we have a
2072 * chance at claiming multicast packets. We can not loop back
2073 * here from ether_input as a bridge is never a member of a
2076 KASSERT(bifp->if_bridge == NULL,
2077 ("loop created in bridge_input"));
2078 mc2 = m_dup(m, M_DONTWAIT);
2080 /* Keep the layer3 header aligned */
2081 int i = min(mc2->m_pkthdr.len, max_protohdr);
2082 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2085 mc2->m_pkthdr.rcvif = bifp;
2086 (*bifp->if_input)(bifp, mc2);
2089 /* Return the original packet for local processing. */
2093 if (bif->bif_flags & IFBIF_STP) {
2094 switch (bif->bif_stp.bp_state) {
2095 case BSTP_IFSTATE_BLOCKING:
2096 case BSTP_IFSTATE_LISTENING:
2097 case BSTP_IFSTATE_DISABLED:
2104 * Unicast. Make sure it's not for us.
2106 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2107 if (bif->bif_ifp->if_type == IFT_GIF)
2109 /* It is destined for us. */
2110 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost,
2111 ETHER_ADDR_LEN) == 0
2113 || (bif->bif_ifp->if_carp
2114 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost))
2117 if (bif->bif_flags & IFBIF_LEARNING)
2118 (void) bridge_rtupdate(sc,
2119 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
2120 m->m_pkthdr.rcvif = bif->bif_ifp;
2125 /* We just received a packet that we sent out. */
2126 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost,
2127 ETHER_ADDR_LEN) == 0
2129 || (bif->bif_ifp->if_carp
2130 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost))
2139 /* Perform the bridge forwarding function. */
2140 bridge_forward(sc, m);
2148 * Send a frame to all interfaces that are members of
2149 * the bridge, except for the one on which the packet
2152 * NOTE: Releases the lock on return.
2155 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2156 struct mbuf *m, int runfilt)
2158 struct bridge_iflist *bif;
2160 struct ifnet *dst_if;
2161 int error = 0, used = 0, i;
2163 BRIDGE_LOCK2REF(sc, error);
2169 /* Filter on the bridge interface before broadcasting */
2170 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2172 || PFIL_HOOKED(&inet6_pfil_hook)
2175 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2181 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2182 dst_if = bif->bif_ifp;
2183 if (dst_if == src_if)
2186 if (bif->bif_flags & IFBIF_STP) {
2187 switch (bif->bif_stp.bp_state) {
2188 case BSTP_IFSTATE_BLOCKING:
2189 case BSTP_IFSTATE_DISABLED:
2194 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
2195 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2198 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2201 if (LIST_NEXT(bif, bif_next) == NULL) {
2205 mc = m_dup(m, M_DONTWAIT);
2207 sc->sc_ifp->if_oerrors++;
2213 * Filter on the output interface. Pass a NULL bridge interface
2214 * pointer so we do not redundantly filter on the bridge for
2215 * each interface we broadcast on.
2217 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2219 || PFIL_HOOKED(&inet6_pfil_hook)
2223 /* Keep the layer3 header aligned */
2224 i = min(mc->m_pkthdr.len, max_protohdr);
2225 mc = m_copyup(mc, i, ETHER_ALIGN);
2227 sc->sc_ifp->if_oerrors++;
2231 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2237 bridge_enqueue(sc, dst_if, mc);
2249 * Duplicate a packet out one or more interfaces that are in span mode,
2250 * the original mbuf is unmodified.
2253 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2255 struct bridge_iflist *bif;
2256 struct ifnet *dst_if;
2259 if (LIST_EMPTY(&sc->sc_spanlist))
2262 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2263 dst_if = bif->bif_ifp;
2265 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2268 mc = m_copypacket(m, M_DONTWAIT);
2270 sc->sc_ifp->if_oerrors++;
2274 bridge_enqueue(sc, dst_if, mc);
2281 * Add a bridge routing entry.
2284 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
2285 struct ifnet *dst_if, int setflags, uint8_t flags)
2287 struct bridge_rtnode *brt;
2290 BRIDGE_LOCK_ASSERT(sc);
2293 * A route for this destination might already exist. If so,
2294 * update it, otherwise create a new one.
2296 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
2297 if (sc->sc_brtcnt >= sc->sc_brtmax) {
2298 sc->sc_brtexceeded++;
2303 * Allocate a new bridge forwarding node, and
2304 * initialize the expiration time and Ethernet
2307 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO);
2311 brt->brt_flags = IFBAF_DYNAMIC;
2312 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
2314 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
2315 uma_zfree(bridge_rtnode_zone, brt);
2320 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2321 brt->brt_ifp = dst_if;
2322 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2323 brt->brt_expire = time_uptime + sc->sc_brttimeout;
2325 brt->brt_flags = flags;
2333 * Lookup the destination interface for an address.
2335 static struct ifnet *
2336 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
2338 struct bridge_rtnode *brt;
2340 BRIDGE_LOCK_ASSERT(sc);
2342 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2345 return (brt->brt_ifp);
2351 * Trim the routine table so that we have a number
2352 * of routing entries less than or equal to the
2356 bridge_rttrim(struct bridge_softc *sc)
2358 struct bridge_rtnode *brt, *nbrt;
2360 BRIDGE_LOCK_ASSERT(sc);
2362 /* Make sure we actually need to do this. */
2363 if (sc->sc_brtcnt <= sc->sc_brtmax)
2366 /* Force an aging cycle; this might trim enough addresses. */
2368 if (sc->sc_brtcnt <= sc->sc_brtmax)
2371 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2372 nbrt = LIST_NEXT(brt, brt_list);
2373 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2374 bridge_rtnode_destroy(sc, brt);
2375 if (sc->sc_brtcnt <= sc->sc_brtmax)
2384 * Aging timer for the bridge.
2387 bridge_timer(void *arg)
2389 struct bridge_softc *sc = arg;
2391 BRIDGE_LOCK_ASSERT(sc);
2395 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
2396 callout_reset(&sc->sc_brcallout,
2397 bridge_rtable_prune_period * hz, bridge_timer, sc);
2403 * Perform an aging cycle.
2406 bridge_rtage(struct bridge_softc *sc)
2408 struct bridge_rtnode *brt, *nbrt;
2410 BRIDGE_LOCK_ASSERT(sc);
2412 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2413 nbrt = LIST_NEXT(brt, brt_list);
2414 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2415 if (time_uptime >= brt->brt_expire)
2416 bridge_rtnode_destroy(sc, brt);
2424 * Remove all dynamic addresses from the bridge.
2427 bridge_rtflush(struct bridge_softc *sc, int full)
2429 struct bridge_rtnode *brt, *nbrt;
2431 BRIDGE_LOCK_ASSERT(sc);
2433 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2434 nbrt = LIST_NEXT(brt, brt_list);
2435 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2436 bridge_rtnode_destroy(sc, brt);
2443 * Remove an address from the table.
2446 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
2448 struct bridge_rtnode *brt;
2450 BRIDGE_LOCK_ASSERT(sc);
2452 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2455 bridge_rtnode_destroy(sc, brt);
2462 * Delete routes to a speicifc member interface.
2465 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
2467 struct bridge_rtnode *brt, *nbrt;
2469 BRIDGE_LOCK_ASSERT(sc);
2471 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
2472 nbrt = LIST_NEXT(brt, brt_list);
2473 if (brt->brt_ifp == ifp && (full ||
2474 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
2475 bridge_rtnode_destroy(sc, brt);
2480 * bridge_rtable_init:
2482 * Initialize the route table for this bridge.
2485 bridge_rtable_init(struct bridge_softc *sc)
2489 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
2490 M_DEVBUF, M_NOWAIT);
2491 if (sc->sc_rthash == NULL)
2494 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
2495 LIST_INIT(&sc->sc_rthash[i]);
2497 sc->sc_rthash_key = arc4random();
2499 LIST_INIT(&sc->sc_rtlist);
2505 * bridge_rtable_fini:
2507 * Deconstruct the route table for this bridge.
2510 bridge_rtable_fini(struct bridge_softc *sc)
2513 free(sc->sc_rthash, M_DEVBUF);
2517 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
2518 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
2520 #define mix(a, b, c) \
2522 a -= b; a -= c; a ^= (c >> 13); \
2523 b -= c; b -= a; b ^= (a << 8); \
2524 c -= a; c -= b; c ^= (b >> 13); \
2525 a -= b; a -= c; a ^= (c >> 12); \
2526 b -= c; b -= a; b ^= (a << 16); \
2527 c -= a; c -= b; c ^= (b >> 5); \
2528 a -= b; a -= c; a ^= (c >> 3); \
2529 b -= c; b -= a; b ^= (a << 10); \
2530 c -= a; c -= b; c ^= (b >> 15); \
2531 } while (/*CONSTCOND*/0)
2533 static __inline uint32_t
2534 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
2536 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2547 return (c & BRIDGE_RTHASH_MASK);
2553 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
2557 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
2558 d = ((int)a[i]) - ((int)b[i]);
2565 * bridge_rtnode_lookup:
2567 * Look up a bridge route node for the specified destination.
2569 static struct bridge_rtnode *
2570 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
2572 struct bridge_rtnode *brt;
2576 BRIDGE_LOCK_ASSERT(sc);
2578 hash = bridge_rthash(sc, addr);
2579 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2580 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
2591 * bridge_rtnode_insert:
2593 * Insert the specified bridge node into the route table. We
2594 * assume the entry is not already in the table.
2597 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2599 struct bridge_rtnode *lbrt;
2603 BRIDGE_LOCK_ASSERT(sc);
2605 hash = bridge_rthash(sc, brt->brt_addr);
2607 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2609 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2614 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
2618 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2621 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2622 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2625 lbrt = LIST_NEXT(lbrt, brt_hash);
2626 } while (lbrt != NULL);
2629 panic("bridge_rtnode_insert: impossible");
2633 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2640 * bridge_rtnode_destroy:
2642 * Destroy a bridge rtnode.
2645 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2647 BRIDGE_LOCK_ASSERT(sc);
2649 LIST_REMOVE(brt, brt_hash);
2651 LIST_REMOVE(brt, brt_list);
2653 uma_zfree(bridge_rtnode_zone, brt);
2657 * bridge_state_change:
2659 * Callback from the bridgestp code when a port changes states.
2662 bridge_state_change(struct ifnet *ifp, int state)
2664 struct bridge_softc *sc = ifp->if_bridge;
2665 static const char *stpstates[] = {
2674 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
2675 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
2677 /* if the port is blocking then remove any routes to it */
2679 case BSTP_IFSTATE_DISABLED:
2680 case BSTP_IFSTATE_BLOCKING:
2682 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
2688 * Send bridge packets through pfil if they are one of the types pfil can deal
2689 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2690 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2694 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2696 int snap, error, i, hlen;
2697 struct ether_header *eh1, eh2;
2698 struct ip_fw_args args;
2701 u_int16_t ether_type;
2704 error = -1; /* Default error if not error == 0 */
2706 /* we may return with the IP fields swapped, ensure its not shared */
2707 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
2709 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0)
2710 return (0); /* filtering is disabled */
2712 i = min((*mp)->m_pkthdr.len, max_protohdr);
2713 if ((*mp)->m_len < i) {
2714 *mp = m_pullup(*mp, i);
2716 printf("%s: m_pullup failed\n", __func__);
2721 eh1 = mtod(*mp, struct ether_header *);
2722 ether_type = ntohs(eh1->ether_type);
2725 * Check for SNAP/LLC.
2727 if (ether_type < ETHERMTU) {
2728 struct llc *llc2 = (struct llc *)(eh1 + 1);
2730 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
2731 llc2->llc_dsap == LLC_SNAP_LSAP &&
2732 llc2->llc_ssap == LLC_SNAP_LSAP &&
2733 llc2->llc_control == LLC_UI) {
2734 ether_type = htons(llc2->llc_un.type_snap.ether_type);
2740 * If we're trying to filter bridge traffic, don't look at anything
2741 * other than IP and ARP traffic. If the filter doesn't understand
2742 * IPv6, don't allow IPv6 through the bridge either. This is lame
2743 * since if we really wanted, say, an AppleTalk filter, we are hosed,
2744 * but of course we don't have an AppleTalk filter to begin with.
2745 * (Note that since pfil doesn't understand ARP it will pass *ALL*
2748 switch (ether_type) {
2750 case ETHERTYPE_REVARP:
2751 return (0); /* Automatically pass */
2754 case ETHERTYPE_IPV6:
2759 * Check to see if the user wants to pass non-ip
2760 * packets, these will not be checked by pfil(9) and
2761 * passed unconditionally so the default is to drop.
2767 /* Strip off the Ethernet header and keep a copy. */
2768 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
2769 m_adj(*mp, ETHER_HDR_LEN);
2771 /* Strip off snap header, if present */
2773 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
2774 m_adj(*mp, sizeof(struct llc));
2778 * Check the IP header for alignment and errors
2780 if (dir == PFIL_IN) {
2781 switch (ether_type) {
2783 error = bridge_ip_checkbasic(mp);
2786 case ETHERTYPE_IPV6:
2787 error = bridge_ip6_checkbasic(mp);
2797 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) {
2799 args.rule = ip_dn_claim_rule(*mp);
2800 if (args.rule != NULL && fw_one_pass)
2801 goto ipfwpass; /* packet already partially processed */
2805 args.next_hop = NULL;
2807 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
2808 i = ip_fw_chk_ptr(&args);
2814 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
2816 /* put the Ethernet header back on */
2817 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2820 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2823 * Pass the pkt to dummynet, which consumes it. The
2824 * packet will return to us via bridge_dummynet().
2827 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args);
2831 if (i != IP_FW_PASS) /* drop */
2839 * Run the packet through pfil
2841 switch (ether_type) {
2844 * before calling the firewall, swap fields the same as
2845 * IP does. here we assume the header is contiguous
2847 ip = mtod(*mp, struct ip *);
2849 ip->ip_len = ntohs(ip->ip_len);
2850 ip->ip_off = ntohs(ip->ip_off);
2853 * Run pfil on the member interface and the bridge, both can
2854 * be skipped by clearing pfil_member or pfil_bridge.
2857 * in_if -> bridge_if -> out_if
2859 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2860 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2863 if (*mp == NULL || error != 0) /* filter may consume */
2866 if (pfil_member && ifp != NULL)
2867 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp,
2870 if (*mp == NULL || error != 0) /* filter may consume */
2873 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2874 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2877 if (*mp == NULL || error != 0) /* filter may consume */
2880 /* check if we need to fragment the packet */
2881 if (pfil_member && ifp != NULL && dir == PFIL_OUT) {
2882 i = (*mp)->m_pkthdr.len;
2883 if (i > ifp->if_mtu) {
2884 error = bridge_fragment(ifp, *mp, &eh2, snap,
2890 /* Recalculate the ip checksum and restore byte ordering */
2891 ip = mtod(*mp, struct ip *);
2892 hlen = ip->ip_hl << 2;
2893 if (hlen < sizeof(struct ip))
2895 if (hlen > (*mp)->m_len) {
2896 if ((*mp = m_pullup(*mp, hlen)) == 0)
2898 ip = mtod(*mp, struct ip *);
2902 ip->ip_len = htons(ip->ip_len);
2903 ip->ip_off = htons(ip->ip_off);
2905 if (hlen == sizeof(struct ip))
2906 ip->ip_sum = in_cksum_hdr(ip);
2908 ip->ip_sum = in_cksum(*mp, hlen);
2912 case ETHERTYPE_IPV6:
2913 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2914 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2917 if (*mp == NULL || error != 0) /* filter may consume */
2920 if (pfil_member && ifp != NULL)
2921 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp,
2924 if (*mp == NULL || error != 0) /* filter may consume */
2927 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2928 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2945 * Finally, put everything back the way it was and return
2948 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT);
2951 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
2954 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2957 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2968 * Perform basic checks on header size since
2969 * pfil assumes ip_input has already processed
2970 * it for it. Cut-and-pasted from ip_input.c.
2971 * Given how simple the IPv6 version is,
2972 * does the IPv4 version really need to be
2975 * XXX Should we update ipstat here, or not?
2976 * XXX Right now we update ipstat but not
2980 bridge_ip_checkbasic(struct mbuf **mp)
2982 struct mbuf *m = *mp;
2990 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2991 if ((m = m_copyup(m, sizeof(struct ip),
2992 (max_linkhdr + 3) & ~3)) == NULL) {
2993 /* XXXJRT new stat, please */
2994 ipstat.ips_toosmall++;
2997 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
2998 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
2999 ipstat.ips_toosmall++;
3003 ip = mtod(m, struct ip *);
3004 if (ip == NULL) goto bad;
3006 if (ip->ip_v != IPVERSION) {
3007 ipstat.ips_badvers++;
3010 hlen = ip->ip_hl << 2;
3011 if (hlen < sizeof(struct ip)) { /* minimum header length */
3012 ipstat.ips_badhlen++;
3015 if (hlen > m->m_len) {
3016 if ((m = m_pullup(m, hlen)) == 0) {
3017 ipstat.ips_badhlen++;
3020 ip = mtod(m, struct ip *);
3021 if (ip == NULL) goto bad;
3024 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
3025 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
3027 if (hlen == sizeof(struct ip)) {
3028 sum = in_cksum_hdr(ip);
3030 sum = in_cksum(m, hlen);
3034 ipstat.ips_badsum++;
3038 /* Retrieve the packet length. */
3039 len = ntohs(ip->ip_len);
3042 * Check for additional length bogosity
3045 ipstat.ips_badlen++;
3050 * Check that the amount of data in the buffers
3051 * is as at least much as the IP header would have us expect.
3052 * Drop packet if shorter than we expect.
3054 if (m->m_pkthdr.len < len) {
3055 ipstat.ips_tooshort++;
3059 /* Checks out, proceed */
3070 * Same as above, but for IPv6.
3071 * Cut-and-pasted from ip6_input.c.
3072 * XXX Should we update ip6stat, or not?
3075 bridge_ip6_checkbasic(struct mbuf **mp)
3077 struct mbuf *m = *mp;
3078 struct ip6_hdr *ip6;
3081 * If the IPv6 header is not aligned, slurp it up into a new
3082 * mbuf with space for link headers, in the event we forward
3083 * it. Otherwise, if it is aligned, make sure the entire base
3084 * IPv6 header is in the first mbuf of the chain.
3086 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3087 struct ifnet *inifp = m->m_pkthdr.rcvif;
3088 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
3089 (max_linkhdr + 3) & ~3)) == NULL) {
3090 /* XXXJRT new stat, please */
3091 ip6stat.ip6s_toosmall++;
3092 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3095 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
3096 struct ifnet *inifp = m->m_pkthdr.rcvif;
3097 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
3098 ip6stat.ip6s_toosmall++;
3099 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3104 ip6 = mtod(m, struct ip6_hdr *);
3106 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
3107 ip6stat.ip6s_badvers++;
3108 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
3112 /* Checks out, proceed */
3125 * Return a fragmented mbuf chain.
3128 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh,
3129 int snap, struct llc *llc)
3135 if (m->m_len < sizeof(struct ip) &&
3136 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3138 ip = mtod(m, struct ip *);
3140 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist,
3145 /* walk the chain and re-add the Ethernet header */
3146 for (m0 = m; m0; m0 = m0->m_nextpkt) {
3149 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT);
3154 bcopy(llc, mtod(m0, caddr_t),
3155 sizeof(struct llc));
3157 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT);
3162 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN);
3168 ipstat.ips_fragmented++;
projects / FreeBSD / FreeBSD.git / blob