1 /* $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $ */
4 * Copyright 2001 Wasabi Systems, Inc.
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
40 * All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. All advertising materials mentioning features or use of this software
51 * must display the following acknowledgement:
52 * This product includes software developed by Jason L. Wright
53 * 4. The name of the author may not be used to endorse or promote products
54 * derived from this software without specific prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
57 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
58 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
59 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
60 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
61 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
62 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
65 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66 * POSSIBILITY OF SUCH DAMAGE.
68 * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
72 * Network interface bridge support.
76 * - Currently only supports Ethernet-like interfaces (Ethernet,
77 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
78 * to bridge other types of interfaces (FDDI-FDDI, and maybe
79 * consider heterogenous bridges).
82 #include <sys/cdefs.h>
83 __FBSDID("$FreeBSD$");
86 #include "opt_inet6.h"
89 #include <sys/param.h>
91 #include <sys/malloc.h>
92 #include <sys/protosw.h>
93 #include <sys/systm.h>
95 #include <sys/socket.h> /* for net/if.h */
96 #include <sys/sockio.h>
97 #include <sys/ctype.h> /* string functions */
98 #include <sys/kernel.h>
99 #include <sys/random.h>
100 #include <sys/syslog.h>
101 #include <sys/sysctl.h>
103 #include <sys/module.h>
104 #include <sys/proc.h>
105 #include <sys/lock.h>
106 #include <sys/mutex.h>
110 #include <net/if_clone.h>
111 #include <net/if_dl.h>
112 #include <net/if_types.h>
113 #include <net/if_var.h>
114 #include <net/pfil.h>
116 #include <netinet/in.h> /* for struct arpcom */
117 #include <netinet/in_systm.h>
118 #include <netinet/in_var.h>
119 #include <netinet/ip.h>
120 #include <netinet/ip_var.h>
122 #include <netinet/ip6.h>
123 #include <netinet6/ip6_var.h>
126 #include <netinet/ip_carp.h>
128 #include <machine/in_cksum.h>
129 #include <netinet/if_ether.h> /* for struct arpcom */
130 #include <net/bridgestp.h>
131 #include <net/if_bridgevar.h>
132 #include <net/if_llc.h>
134 #include <net/route.h>
135 #include <netinet/ip_fw.h>
136 #include <netinet/ip_dummynet.h>
139 * Size of the route hash table. Must be a power of two.
141 #ifndef BRIDGE_RTHASH_SIZE
142 #define BRIDGE_RTHASH_SIZE 1024
145 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
148 * Maximum number of addresses to cache.
150 #ifndef BRIDGE_RTABLE_MAX
151 #define BRIDGE_RTABLE_MAX 100
155 * Timeout (in seconds) for entries learned dynamically.
157 #ifndef BRIDGE_RTABLE_TIMEOUT
158 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
162 * Number of seconds between walks of the route list.
164 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
165 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
169 * List of capabilities to mask on the member interface.
171 #define BRIDGE_IFCAPS_MASK IFCAP_TXCSUM
174 * Bridge interface list entry.
176 struct bridge_iflist {
177 LIST_ENTRY(bridge_iflist) bif_next;
178 struct ifnet *bif_ifp; /* member if */
179 struct bstp_port bif_stp; /* STP state */
180 uint32_t bif_flags; /* member if flags */
181 int bif_mutecap; /* member muted caps */
187 struct bridge_rtnode {
188 LIST_ENTRY(bridge_rtnode) brt_hash; /* hash table linkage */
189 LIST_ENTRY(bridge_rtnode) brt_list; /* list linkage */
190 struct ifnet *brt_ifp; /* destination if */
191 unsigned long brt_expire; /* expiration time */
192 uint8_t brt_flags; /* address flags */
193 uint8_t brt_addr[ETHER_ADDR_LEN];
197 * Software state for each bridge.
199 struct bridge_softc {
200 struct ifnet *sc_ifp; /* make this an interface */
201 LIST_ENTRY(bridge_softc) sc_list;
204 uint32_t sc_brtmax; /* max # of addresses */
205 uint32_t sc_brtcnt; /* cur. # of addresses */
206 uint32_t sc_brttimeout; /* rt timeout in seconds */
207 struct callout sc_brcallout; /* bridge callout */
208 uint32_t sc_iflist_ref; /* refcount for sc_iflist */
209 uint32_t sc_iflist_xcnt; /* refcount for sc_iflist */
210 LIST_HEAD(, bridge_iflist) sc_iflist; /* member interface list */
211 LIST_HEAD(, bridge_rtnode) *sc_rthash; /* our forwarding table */
212 LIST_HEAD(, bridge_rtnode) sc_rtlist; /* list version of above */
213 uint32_t sc_rthash_key; /* key for hash */
214 LIST_HEAD(, bridge_iflist) sc_spanlist; /* span ports list */
215 struct bstp_state sc_stp; /* STP state */
216 uint32_t sc_brtexceeded; /* # of cache drops */
219 static struct mtx bridge_list_mtx;
220 eventhandler_tag bridge_detach_cookie = NULL;
222 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
224 uma_zone_t bridge_rtnode_zone;
226 static int bridge_clone_create(struct if_clone *, int, caddr_t);
227 static void bridge_clone_destroy(struct ifnet *);
229 static int bridge_ioctl(struct ifnet *, u_long, caddr_t);
230 static void bridge_mutecaps(struct bridge_iflist *, int);
231 static void bridge_ifdetach(void *arg __unused, struct ifnet *);
232 static void bridge_init(void *);
233 static void bridge_dummynet(struct mbuf *, struct ifnet *);
234 static void bridge_stop(struct ifnet *, int);
235 static void bridge_start(struct ifnet *);
236 static struct mbuf *bridge_input(struct ifnet *, struct mbuf *);
237 static int bridge_output(struct ifnet *, struct mbuf *, struct sockaddr *,
239 static void bridge_enqueue(struct bridge_softc *, struct ifnet *,
241 static void bridge_rtdelete(struct bridge_softc *, struct ifnet *ifp, int);
243 static void bridge_forward(struct bridge_softc *, struct mbuf *m);
245 static void bridge_timer(void *);
247 static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
249 static void bridge_span(struct bridge_softc *, struct mbuf *);
251 static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
252 struct ifnet *, int, uint8_t);
253 static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
254 static void bridge_rttrim(struct bridge_softc *);
255 static void bridge_rtage(struct bridge_softc *);
256 static void bridge_rtflush(struct bridge_softc *, int);
257 static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
259 static int bridge_rtable_init(struct bridge_softc *);
260 static void bridge_rtable_fini(struct bridge_softc *);
262 static int bridge_rtnode_addr_cmp(const uint8_t *, const uint8_t *);
263 static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
265 static int bridge_rtnode_insert(struct bridge_softc *,
266 struct bridge_rtnode *);
267 static void bridge_rtnode_destroy(struct bridge_softc *,
268 struct bridge_rtnode *);
269 static void bridge_rtable_expire(struct ifnet *, int);
270 static void bridge_state_change(struct ifnet *, int);
272 static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
274 static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
276 static void bridge_delete_member(struct bridge_softc *,
277 struct bridge_iflist *, int);
278 static void bridge_delete_span(struct bridge_softc *,
279 struct bridge_iflist *);
281 static int bridge_ioctl_add(struct bridge_softc *, void *);
282 static int bridge_ioctl_del(struct bridge_softc *, void *);
283 static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
284 static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
285 static int bridge_ioctl_scache(struct bridge_softc *, void *);
286 static int bridge_ioctl_gcache(struct bridge_softc *, void *);
287 static int bridge_ioctl_gifs(struct bridge_softc *, void *);
288 static int bridge_ioctl_rts(struct bridge_softc *, void *);
289 static int bridge_ioctl_saddr(struct bridge_softc *, void *);
290 static int bridge_ioctl_sto(struct bridge_softc *, void *);
291 static int bridge_ioctl_gto(struct bridge_softc *, void *);
292 static int bridge_ioctl_daddr(struct bridge_softc *, void *);
293 static int bridge_ioctl_flush(struct bridge_softc *, void *);
294 static int bridge_ioctl_gpri(struct bridge_softc *, void *);
295 static int bridge_ioctl_spri(struct bridge_softc *, void *);
296 static int bridge_ioctl_ght(struct bridge_softc *, void *);
297 static int bridge_ioctl_sht(struct bridge_softc *, void *);
298 static int bridge_ioctl_gfd(struct bridge_softc *, void *);
299 static int bridge_ioctl_sfd(struct bridge_softc *, void *);
300 static int bridge_ioctl_gma(struct bridge_softc *, void *);
301 static int bridge_ioctl_sma(struct bridge_softc *, void *);
302 static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
303 static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
304 static int bridge_ioctl_addspan(struct bridge_softc *, void *);
305 static int bridge_ioctl_delspan(struct bridge_softc *, void *);
306 static int bridge_ioctl_gbparam(struct bridge_softc *, void *);
307 static int bridge_ioctl_grte(struct bridge_softc *, void *);
308 static int bridge_ioctl_gifsstp(struct bridge_softc *, void *);
309 static int bridge_ioctl_sproto(struct bridge_softc *, void *);
310 static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
311 static int bridge_ioctl_sedge(struct bridge_softc *, void *);
312 static int bridge_ioctl_saedge(struct bridge_softc *, void *);
313 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
315 static int bridge_ip_checkbasic(struct mbuf **mp);
317 static int bridge_ip6_checkbasic(struct mbuf **mp);
319 static int bridge_fragment(struct ifnet *, struct mbuf *,
320 struct ether_header *, int, struct llc *);
322 SYSCTL_DECL(_net_link);
323 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
325 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
326 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
327 static int pfil_member = 1; /* run pfil hooks on the member interface */
328 static int pfil_ipfw = 0; /* layer2 filter with ipfw */
329 static int pfil_ipfw_arp = 0; /* layer2 filter with ipfw */
330 static int log_stp = 0; /* log STP state changes */
331 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
332 &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
333 SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW,
334 &pfil_ipfw_arp, 0, "Filter ARP packets through IPFW layer2");
335 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
336 &pfil_bridge, 0, "Packet filter on the bridge interface");
337 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
338 &pfil_member, 0, "Packet filter on the member interface");
339 SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW,
340 &log_stp, 0, "Log STP state changes");
342 struct bridge_control {
343 int (*bc_func)(struct bridge_softc *, void *);
348 #define BC_F_COPYIN 0x01 /* copy arguments in */
349 #define BC_F_COPYOUT 0x02 /* copy arguments out */
350 #define BC_F_SUSER 0x04 /* do super-user check */
352 const struct bridge_control bridge_control_table[] = {
353 { bridge_ioctl_add, sizeof(struct ifbreq),
354 BC_F_COPYIN|BC_F_SUSER },
355 { bridge_ioctl_del, sizeof(struct ifbreq),
356 BC_F_COPYIN|BC_F_SUSER },
358 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
359 BC_F_COPYIN|BC_F_COPYOUT },
360 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
361 BC_F_COPYIN|BC_F_SUSER },
363 { bridge_ioctl_scache, sizeof(struct ifbrparam),
364 BC_F_COPYIN|BC_F_SUSER },
365 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
368 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
369 BC_F_COPYIN|BC_F_COPYOUT },
370 { bridge_ioctl_rts, sizeof(struct ifbaconf),
371 BC_F_COPYIN|BC_F_COPYOUT },
373 { bridge_ioctl_saddr, sizeof(struct ifbareq),
374 BC_F_COPYIN|BC_F_SUSER },
376 { bridge_ioctl_sto, sizeof(struct ifbrparam),
377 BC_F_COPYIN|BC_F_SUSER },
378 { bridge_ioctl_gto, sizeof(struct ifbrparam),
381 { bridge_ioctl_daddr, sizeof(struct ifbareq),
382 BC_F_COPYIN|BC_F_SUSER },
384 { bridge_ioctl_flush, sizeof(struct ifbreq),
385 BC_F_COPYIN|BC_F_SUSER },
387 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
389 { bridge_ioctl_spri, sizeof(struct ifbrparam),
390 BC_F_COPYIN|BC_F_SUSER },
392 { bridge_ioctl_ght, sizeof(struct ifbrparam),
394 { bridge_ioctl_sht, sizeof(struct ifbrparam),
395 BC_F_COPYIN|BC_F_SUSER },
397 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
399 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
400 BC_F_COPYIN|BC_F_SUSER },
402 { bridge_ioctl_gma, sizeof(struct ifbrparam),
404 { bridge_ioctl_sma, sizeof(struct ifbrparam),
405 BC_F_COPYIN|BC_F_SUSER },
407 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
408 BC_F_COPYIN|BC_F_SUSER },
410 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
411 BC_F_COPYIN|BC_F_SUSER },
413 { bridge_ioctl_addspan, sizeof(struct ifbreq),
414 BC_F_COPYIN|BC_F_SUSER },
415 { bridge_ioctl_delspan, sizeof(struct ifbreq),
416 BC_F_COPYIN|BC_F_SUSER },
418 { bridge_ioctl_gbparam, sizeof(struct ifbropreq),
421 { bridge_ioctl_grte, sizeof(struct ifbrparam),
424 { bridge_ioctl_gifsstp, sizeof(struct ifbpstpconf),
427 { bridge_ioctl_sproto, sizeof(struct ifbrparam),
428 BC_F_COPYIN|BC_F_SUSER },
430 { bridge_ioctl_stxhc, sizeof(struct ifbrparam),
431 BC_F_COPYIN|BC_F_SUSER },
433 { bridge_ioctl_sedge, sizeof(struct ifbreq),
434 BC_F_COPYIN|BC_F_SUSER },
436 { bridge_ioctl_saedge, sizeof(struct ifbreq),
437 BC_F_COPYIN|BC_F_SUSER },
439 const int bridge_control_table_size =
440 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
442 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
443 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
445 LIST_HEAD(, bridge_softc) bridge_list;
447 IFC_SIMPLE_DECLARE(bridge, 0);
450 bridge_modevent(module_t mod, int type, void *data)
455 mtx_init(&bridge_list_mtx, "if_bridge list", NULL, MTX_DEF);
456 if_clone_attach(&bridge_cloner);
457 bridge_rtnode_zone = uma_zcreate("bridge_rtnode",
458 sizeof(struct bridge_rtnode), NULL, NULL, NULL, NULL,
460 LIST_INIT(&bridge_list);
461 bridge_input_p = bridge_input;
462 bridge_output_p = bridge_output;
463 bridge_dn_p = bridge_dummynet;
464 bstp_linkstate_p = bstp_linkstate;
465 bridge_detach_cookie = EVENTHANDLER_REGISTER(
466 ifnet_departure_event, bridge_ifdetach, NULL,
467 EVENTHANDLER_PRI_ANY);
470 EVENTHANDLER_DEREGISTER(ifnet_departure_event,
471 bridge_detach_cookie);
472 if_clone_detach(&bridge_cloner);
473 uma_zdestroy(bridge_rtnode_zone);
474 bridge_input_p = NULL;
475 bridge_output_p = NULL;
477 bstp_linkstate_p = NULL;
478 mtx_destroy(&bridge_list_mtx);
486 static moduledata_t bridge_mod = {
492 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
493 MODULE_DEPEND(if_bridge, bridgestp, 1, 1, 1);
496 * handler for net.link.bridge.pfil_ipfw
499 sysctl_pfil_ipfw(SYSCTL_HANDLER_ARGS)
501 int enable = pfil_ipfw;
504 error = sysctl_handle_int(oidp, &enable, 0, req);
505 enable = (enable) ? 1 : 0;
507 if (enable != pfil_ipfw) {
511 * Disable pfil so that ipfw doesnt run twice, if the user
512 * really wants both then they can re-enable pfil_bridge and/or
513 * pfil_member. Also allow non-ip packets as ipfw can filter by
525 SYSCTL_PROC(_net_link_bridge, OID_AUTO, ipfw, CTLTYPE_INT|CTLFLAG_RW,
526 &pfil_ipfw, 0, &sysctl_pfil_ipfw, "I", "Layer2 filter with IPFW");
529 * bridge_clone_create:
531 * Create a new bridge instance.
534 bridge_clone_create(struct if_clone *ifc, int unit, caddr_t params)
536 struct bridge_softc *sc, *sc2;
537 struct ifnet *bifp, *ifp;
541 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
542 BRIDGE_LOCK_INIT(sc);
543 ifp = sc->sc_ifp = if_alloc(IFT_ETHER);
549 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
550 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
552 /* Initialize our routing table. */
553 bridge_rtable_init(sc);
555 callout_init_mtx(&sc->sc_brcallout, &sc->sc_mtx, 0);
557 LIST_INIT(&sc->sc_iflist);
558 LIST_INIT(&sc->sc_spanlist);
561 if_initname(ifp, ifc->ifc_name, unit);
562 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
563 ifp->if_ioctl = bridge_ioctl;
564 ifp->if_start = bridge_start;
565 ifp->if_init = bridge_init;
566 ifp->if_type = IFT_BRIDGE;
567 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
568 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
569 IFQ_SET_READY(&ifp->if_snd);
572 * Generate a random ethernet address with a locally administered
575 * Since we are using random ethernet addresses for the bridge, it is
576 * possible that we might have address collisions, so make sure that
577 * this hardware address isn't already in use on another bridge.
579 for (retry = 1; retry != 0;) {
580 arc4rand(eaddr, ETHER_ADDR_LEN, 1);
581 eaddr[0] &= ~1; /* clear multicast bit */
582 eaddr[0] |= 2; /* set the LAA bit */
584 mtx_lock(&bridge_list_mtx);
585 LIST_FOREACH(sc2, &bridge_list, sc_list) {
587 if (memcmp(eaddr, IF_LLADDR(bifp), ETHER_ADDR_LEN) == 0)
590 mtx_unlock(&bridge_list_mtx);
593 bstp_attach(&sc->sc_stp, bridge_state_change, bridge_rtable_expire);
594 ether_ifattach(ifp, eaddr);
595 /* Now undo some of the damage... */
596 ifp->if_baudrate = 0;
597 ifp->if_type = IFT_BRIDGE;
599 mtx_lock(&bridge_list_mtx);
600 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
601 mtx_unlock(&bridge_list_mtx);
607 * bridge_clone_destroy:
609 * Destroy a bridge instance.
612 bridge_clone_destroy(struct ifnet *ifp)
614 struct bridge_softc *sc = ifp->if_softc;
615 struct bridge_iflist *bif;
620 ifp->if_flags &= ~IFF_UP;
622 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
623 bridge_delete_member(sc, bif, 0);
625 while ((bif = LIST_FIRST(&sc->sc_spanlist)) != NULL) {
626 bridge_delete_span(sc, bif);
631 callout_drain(&sc->sc_brcallout);
633 mtx_lock(&bridge_list_mtx);
634 LIST_REMOVE(sc, sc_list);
635 mtx_unlock(&bridge_list_mtx);
637 bstp_detach(&sc->sc_stp);
639 if_free_type(ifp, IFT_ETHER);
641 /* Tear down the routing table. */
642 bridge_rtable_fini(sc);
644 BRIDGE_LOCK_DESTROY(sc);
651 * Handle a control request from the operator.
654 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
656 struct bridge_softc *sc = ifp->if_softc;
657 struct thread *td = curthread;
659 struct ifbreq ifbreq;
660 struct ifbifconf ifbifconf;
661 struct ifbareq ifbareq;
662 struct ifbaconf ifbaconf;
663 struct ifbrparam ifbrparam;
665 struct ifdrv *ifd = (struct ifdrv *) data;
666 const struct bridge_control *bc;
679 if (ifd->ifd_cmd >= bridge_control_table_size) {
683 bc = &bridge_control_table[ifd->ifd_cmd];
685 if (cmd == SIOCGDRVSPEC &&
686 (bc->bc_flags & BC_F_COPYOUT) == 0) {
690 else if (cmd == SIOCSDRVSPEC &&
691 (bc->bc_flags & BC_F_COPYOUT) != 0) {
696 if (bc->bc_flags & BC_F_SUSER) {
702 if (ifd->ifd_len != bc->bc_argsize ||
703 ifd->ifd_len > sizeof(args)) {
708 bzero(&args, sizeof(args));
709 if (bc->bc_flags & BC_F_COPYIN) {
710 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
715 error = (*bc->bc_func)(sc, &args);
719 if (bc->bc_flags & BC_F_COPYOUT)
720 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
725 if (!(ifp->if_flags & IFF_UP) &&
726 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
728 * If interface is marked down and it is running,
729 * then stop and disable it.
732 } else if ((ifp->if_flags & IFF_UP) &&
733 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
735 * If interface is marked up and it is stopped, then
744 /* Do not allow the MTU to be changed on the bridge */
750 * drop the lock as ether_ioctl() will call bridge_start() and
751 * cause the lock to be recursed.
754 error = ether_ioctl(ifp, cmd, data);
758 if (BRIDGE_LOCKED(sc))
767 * Clear or restore unwanted capabilities on the member interface
770 bridge_mutecaps(struct bridge_iflist *bif, int mute)
772 struct ifnet *ifp = bif->bif_ifp;
776 if (ifp->if_ioctl == NULL)
779 bzero(&ifr, sizeof(ifr));
780 ifr.ifr_reqcap = ifp->if_capenable;
783 /* mask off and save capabilities */
784 bif->bif_mutecap = ifr.ifr_reqcap & BRIDGE_IFCAPS_MASK;
785 if (bif->bif_mutecap != 0)
786 ifr.ifr_reqcap &= ~BRIDGE_IFCAPS_MASK;
788 /* restore muted capabilities */
789 ifr.ifr_reqcap |= bif->bif_mutecap;
792 if (bif->bif_mutecap != 0) {
794 error = (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifr);
795 IFF_UNLOCKGIANT(ifp);
800 * bridge_lookup_member:
802 * Lookup a bridge member interface.
804 static struct bridge_iflist *
805 bridge_lookup_member(struct bridge_softc *sc, const char *name)
807 struct bridge_iflist *bif;
810 BRIDGE_LOCK_ASSERT(sc);
812 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
814 if (strcmp(ifp->if_xname, name) == 0)
822 * bridge_lookup_member_if:
824 * Lookup a bridge member interface by ifnet*.
826 static struct bridge_iflist *
827 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
829 struct bridge_iflist *bif;
831 BRIDGE_LOCK_ASSERT(sc);
833 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
834 if (bif->bif_ifp == member_ifp)
842 * bridge_delete_member:
844 * Delete the specified member interface.
847 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif,
850 struct ifnet *ifs = bif->bif_ifp;
852 BRIDGE_LOCK_ASSERT(sc);
855 switch (ifs->if_type) {
859 * Take the interface out of promiscuous mode.
861 (void) ifpromisc(ifs, 0);
862 bridge_mutecaps(bif, 0);
870 panic("bridge_delete_member: impossible");
876 if (bif->bif_flags & IFBIF_STP)
877 bstp_delete(&bif->bif_stp);
879 ifs->if_bridge = NULL;
881 LIST_REMOVE(bif, bif_next);
884 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
887 bstp_drain(&bif->bif_stp); /* prepare to free */
893 * bridge_delete_span:
895 * Delete the specified span interface.
898 bridge_delete_span(struct bridge_softc *sc, struct bridge_iflist *bif)
900 BRIDGE_LOCK_ASSERT(sc);
902 KASSERT(bif->bif_ifp->if_bridge == NULL,
903 ("%s: not a span interface", __func__));
905 LIST_REMOVE(bif, bif_next);
910 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
912 struct ifbreq *req = arg;
913 struct bridge_iflist *bif = NULL;
917 ifs = ifunit(req->ifbr_ifsname);
921 /* If it's in the span list, it can't be a member. */
922 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
923 if (ifs == bif->bif_ifp)
926 /* Allow the first Ethernet member to define the MTU */
927 if (ifs->if_type != IFT_GIF) {
928 if (LIST_EMPTY(&sc->sc_iflist))
929 sc->sc_ifp->if_mtu = ifs->if_mtu;
930 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
931 if_printf(sc->sc_ifp, "invalid MTU for %s\n",
937 if (ifs->if_bridge == sc)
940 if (ifs->if_bridge != NULL)
943 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
948 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
950 switch (ifs->if_type) {
954 * Place the interface into promiscuous mode.
956 error = ifpromisc(ifs, 1);
960 bridge_mutecaps(bif, 1);
975 * NOTE: insert_***HEAD*** should be safe for the traversals.
977 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
988 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
990 struct ifbreq *req = arg;
991 struct bridge_iflist *bif;
993 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
997 bridge_delete_member(sc, bif, 0);
1003 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
1005 struct ifbreq *req = arg;
1006 struct bridge_iflist *bif;
1007 struct bstp_port *bp;
1009 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1014 req->ifbr_ifsflags = bif->bif_flags;
1015 req->ifbr_state = bp->bp_state;
1016 req->ifbr_priority = bp->bp_priority;
1017 req->ifbr_path_cost = bp->bp_path_cost;
1018 req->ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1019 req->ifbr_proto = bp->bp_protover;
1020 req->ifbr_role = bp->bp_role;
1021 req->ifbr_stpflags = bp->bp_flags;
1022 req->ifbr_edge = bp->bp_operedge;
1023 req->ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1 : 0;
1024 req->ifbr_p2p = bp->bp_p2p_link;
1030 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
1032 struct ifbreq *req = arg;
1033 struct bridge_iflist *bif;
1036 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1040 if (req->ifbr_ifsflags & IFBIF_SPAN)
1041 /* SPAN is readonly */
1044 if (req->ifbr_ifsflags & IFBIF_STP) {
1045 if ((bif->bif_flags & IFBIF_STP) == 0) {
1046 error = bstp_add(&sc->sc_stp, &bif->bif_stp,
1052 if ((bif->bif_flags & IFBIF_STP) != 0)
1053 bstp_delete(&bif->bif_stp);
1056 bif->bif_flags = req->ifbr_ifsflags;
1062 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
1064 struct ifbrparam *param = arg;
1066 sc->sc_brtmax = param->ifbrp_csize;
1073 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
1075 struct ifbrparam *param = arg;
1077 param->ifbrp_csize = sc->sc_brtmax;
1083 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
1085 struct ifbifconf *bifc = arg;
1086 struct bridge_iflist *bif;
1087 struct bstp_port *bp;
1089 int count, len, error = 0;
1092 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
1094 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1097 if (bifc->ifbic_len == 0) {
1098 bifc->ifbic_len = sizeof(breq) * count;
1103 len = bifc->ifbic_len;
1104 bzero(&breq, sizeof(breq));
1105 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1106 if (len < sizeof(breq))
1109 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1110 sizeof(breq.ifbr_ifsname));
1112 breq.ifbr_ifsflags = bif->bif_flags;
1113 breq.ifbr_state = bp->bp_state;
1114 breq.ifbr_priority = bp->bp_priority;
1115 breq.ifbr_path_cost = bp->bp_path_cost;
1116 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1117 breq.ifbr_proto = bp->bp_protover;
1118 breq.ifbr_role = bp->bp_role;
1119 breq.ifbr_stpflags = bp->bp_flags;
1120 breq.ifbr_edge = bp->bp_operedge;
1121 breq.ifbr_autoedge = (bp->bp_flags & BSTP_PORT_AUTOEDGE) ? 1:0;
1122 breq.ifbr_p2p = bp->bp_p2p_link;
1123 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1127 len -= sizeof(breq);
1129 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
1130 if (len < sizeof(breq))
1133 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
1134 sizeof(breq.ifbr_ifsname));
1135 breq.ifbr_ifsflags = bif->bif_flags;
1136 breq.ifbr_portno = bif->bif_ifp->if_index & 0xfff;
1137 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
1141 len -= sizeof(breq);
1144 bifc->ifbic_len = sizeof(breq) * count;
1149 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
1151 struct ifbaconf *bac = arg;
1152 struct bridge_rtnode *brt;
1153 struct ifbareq bareq;
1154 int count = 0, error = 0, len;
1156 if (bac->ifbac_len == 0)
1159 len = bac->ifbac_len;
1160 bzero(&bareq, sizeof(bareq));
1161 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
1162 if (len < sizeof(bareq))
1164 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
1165 sizeof(bareq.ifba_ifsname));
1166 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
1167 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
1168 time_uptime < brt->brt_expire)
1169 bareq.ifba_expire = brt->brt_expire - time_uptime;
1171 bareq.ifba_expire = 0;
1172 bareq.ifba_flags = brt->brt_flags;
1174 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq));
1178 len -= sizeof(bareq);
1181 bac->ifbac_len = sizeof(bareq) * count;
1186 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
1188 struct ifbareq *req = arg;
1189 struct bridge_iflist *bif;
1192 bif = bridge_lookup_member(sc, req->ifba_ifsname);
1196 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
1203 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
1205 struct ifbrparam *param = arg;
1207 sc->sc_brttimeout = param->ifbrp_ctime;
1212 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
1214 struct ifbrparam *param = arg;
1216 param->ifbrp_ctime = sc->sc_brttimeout;
1221 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
1223 struct ifbareq *req = arg;
1225 return (bridge_rtdaddr(sc, req->ifba_dst));
1229 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
1231 struct ifbreq *req = arg;
1233 bridge_rtflush(sc, req->ifbr_ifsflags);
1238 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
1240 struct ifbrparam *param = arg;
1241 struct bstp_state *bs = &sc->sc_stp;
1243 param->ifbrp_prio = bs->bs_bridge_priority;
1248 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
1250 struct ifbrparam *param = arg;
1252 return (bstp_set_priority(&sc->sc_stp, param->ifbrp_prio));
1256 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
1258 struct ifbrparam *param = arg;
1259 struct bstp_state *bs = &sc->sc_stp;
1261 param->ifbrp_hellotime = bs->bs_bridge_htime >> 8;
1266 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1268 struct ifbrparam *param = arg;
1270 return (bstp_set_htime(&sc->sc_stp, param->ifbrp_hellotime));
1274 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1276 struct ifbrparam *param = arg;
1277 struct bstp_state *bs = &sc->sc_stp;
1279 param->ifbrp_fwddelay = bs->bs_bridge_fdelay >> 8;
1284 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1286 struct ifbrparam *param = arg;
1288 return (bstp_set_fdelay(&sc->sc_stp, param->ifbrp_fwddelay));
1292 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1294 struct ifbrparam *param = arg;
1295 struct bstp_state *bs = &sc->sc_stp;
1297 param->ifbrp_maxage = bs->bs_bridge_max_age >> 8;
1302 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1304 struct ifbrparam *param = arg;
1306 return (bstp_set_maxage(&sc->sc_stp, param->ifbrp_maxage));
1310 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1312 struct ifbreq *req = arg;
1313 struct bridge_iflist *bif;
1315 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1319 return (bstp_set_port_priority(&bif->bif_stp, req->ifbr_priority));
1323 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1325 struct ifbreq *req = arg;
1326 struct bridge_iflist *bif;
1328 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1332 return (bstp_set_path_cost(&bif->bif_stp, req->ifbr_path_cost));
1336 bridge_ioctl_addspan(struct bridge_softc *sc, void *arg)
1338 struct ifbreq *req = arg;
1339 struct bridge_iflist *bif = NULL;
1342 ifs = ifunit(req->ifbr_ifsname);
1346 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1347 if (ifs == bif->bif_ifp)
1350 if (ifs->if_bridge != NULL)
1353 switch (ifs->if_type) {
1362 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO);
1367 bif->bif_flags = IFBIF_SPAN;
1369 LIST_INSERT_HEAD(&sc->sc_spanlist, bif, bif_next);
1375 bridge_ioctl_delspan(struct bridge_softc *sc, void *arg)
1377 struct ifbreq *req = arg;
1378 struct bridge_iflist *bif;
1381 ifs = ifunit(req->ifbr_ifsname);
1385 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1386 if (ifs == bif->bif_ifp)
1392 bridge_delete_span(sc, bif);
1398 bridge_ioctl_gbparam(struct bridge_softc *sc, void *arg)
1400 struct ifbropreq *req = arg;
1401 struct bstp_state *bs = &sc->sc_stp;
1402 struct bstp_port *root_port;
1404 req->ifbop_maxage = bs->bs_bridge_max_age >> 8;
1405 req->ifbop_hellotime = bs->bs_bridge_htime >> 8;
1406 req->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8;
1408 root_port = bs->bs_root_port;
1409 if (root_port == NULL)
1410 req->ifbop_root_port = 0;
1412 req->ifbop_root_port = root_port->bp_ifp->if_index;
1414 req->ifbop_holdcount = bs->bs_txholdcount;
1415 req->ifbop_priority = bs->bs_bridge_priority;
1416 req->ifbop_protocol = bs->bs_protover;
1417 req->ifbop_root_path_cost = bs->bs_root_pv.pv_cost;
1418 req->ifbop_designated_root = bs->bs_root_pv.pv_root_id;
1419 req->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec;
1420 req->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec;
1426 bridge_ioctl_grte(struct bridge_softc *sc, void *arg)
1428 struct ifbrparam *param = arg;
1430 param->ifbrp_cexceeded = sc->sc_brtexceeded;
1435 bridge_ioctl_gifsstp(struct bridge_softc *sc, void *arg)
1437 struct ifbpstpconf *bifstp = arg;
1438 struct bridge_iflist *bif;
1439 struct bstp_port *bp;
1440 struct ifbpstpreq bpreq;
1441 int count, len, error = 0;
1444 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1445 if ((bif->bif_flags & IFBIF_STP) != 0)
1449 if (bifstp->ifbpstp_len == 0) {
1450 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1455 len = bifstp->ifbpstp_len;
1456 bzero(&bpreq, sizeof(bpreq));
1457 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1458 if (len < sizeof(bpreq))
1461 if ((bif->bif_flags & IFBIF_STP) == 0)
1465 bpreq.ifbp_portno = bif->bif_ifp->if_index & 0xfff;
1466 bpreq.ifbp_fwd_trans = bp->bp_forward_transitions;
1467 bpreq.ifbp_design_cost = bp->bp_desg_pv.pv_cost;
1468 bpreq.ifbp_design_port = bp->bp_desg_pv.pv_port_id;
1469 bpreq.ifbp_design_bridge = bp->bp_desg_pv.pv_dbridge_id;
1470 bpreq.ifbp_design_root = bp->bp_desg_pv.pv_root_id;
1472 error = copyout(&bpreq, bifstp->ifbpstp_req + count,
1478 len -= sizeof(bpreq);
1481 bifstp->ifbpstp_len = sizeof(bpreq) * count;
1486 bridge_ioctl_sproto(struct bridge_softc *sc, void *arg)
1488 struct ifbrparam *param = arg;
1490 return (bstp_set_protocol(&sc->sc_stp, param->ifbrp_proto));
1494 bridge_ioctl_stxhc(struct bridge_softc *sc, void *arg)
1496 struct ifbrparam *param = arg;
1498 return (bstp_set_holdcount(&sc->sc_stp, param->ifbrp_txhc));
1502 bridge_ioctl_sedge(struct bridge_softc *sc, void *arg)
1504 struct ifbreq *req = arg;
1505 struct bridge_iflist *bif;
1507 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1511 return (bstp_set_edge(&bif->bif_stp, req->ifbr_edge));
1515 bridge_ioctl_saedge(struct bridge_softc *sc, void *arg)
1517 struct ifbreq *req = arg;
1518 struct bridge_iflist *bif;
1520 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1524 return (bstp_set_autoedge(&bif->bif_stp, req->ifbr_autoedge));
1530 * Detach an interface from a bridge. Called when a member
1531 * interface is detaching.
1534 bridge_ifdetach(void *arg __unused, struct ifnet *ifp)
1536 struct bridge_softc *sc = ifp->if_bridge;
1537 struct bridge_iflist *bif;
1539 /* Check if the interface is a bridge member */
1543 bif = bridge_lookup_member_if(sc, ifp);
1545 bridge_delete_member(sc, bif, 1);
1551 /* Check if the interface is a span port */
1552 mtx_lock(&bridge_list_mtx);
1553 LIST_FOREACH(sc, &bridge_list, sc_list) {
1555 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
1556 if (ifp == bif->bif_ifp) {
1557 bridge_delete_span(sc, bif);
1563 mtx_unlock(&bridge_list_mtx);
1569 * Initialize a bridge interface.
1572 bridge_init(void *xsc)
1574 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1575 struct ifnet *ifp = sc->sc_ifp;
1577 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
1581 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1584 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1585 bstp_init(&sc->sc_stp); /* Initialize Spanning Tree */
1593 * Stop the bridge interface.
1596 bridge_stop(struct ifnet *ifp, int disable)
1598 struct bridge_softc *sc = ifp->if_softc;
1600 BRIDGE_LOCK_ASSERT(sc);
1602 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
1605 callout_stop(&sc->sc_brcallout);
1606 bstp_stop(&sc->sc_stp);
1608 bridge_rtflush(sc, IFBF_FLUSHDYN);
1610 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1616 * Enqueue a packet on a bridge member interface.
1620 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1626 len = m->m_pkthdr.len;
1627 mflags = m->m_flags;
1629 /* We may be sending a fragment so traverse the mbuf */
1632 m->m_nextpkt = NULL;
1635 IFQ_ENQUEUE(&dst_ifp->if_snd, m, err);
1640 sc->sc_ifp->if_opackets++;
1641 sc->sc_ifp->if_obytes += len;
1643 dst_ifp->if_obytes += len;
1645 if (mflags & M_MCAST) {
1646 sc->sc_ifp->if_omcasts++;
1647 dst_ifp->if_omcasts++;
1651 if ((dst_ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0)
1652 (*dst_ifp->if_start)(dst_ifp);
1658 * Receive a queued packet from dummynet and pass it on to the output
1661 * The mbuf has the Ethernet header already attached.
1664 bridge_dummynet(struct mbuf *m, struct ifnet *ifp)
1666 struct bridge_softc *sc;
1668 sc = ifp->if_bridge;
1671 * The packet didnt originate from a member interface. This should only
1672 * ever happen if a member interface is removed while packets are
1680 if (PFIL_HOOKED(&inet_pfil_hook)
1682 || PFIL_HOOKED(&inet6_pfil_hook)
1685 if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
1691 bridge_enqueue(sc, ifp, m);
1697 * Send output from a bridge member interface. This
1698 * performs the bridging function for locally originated
1701 * The mbuf has the Ethernet header already attached. We must
1702 * enqueue or free the mbuf before returning.
1705 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
1708 struct ether_header *eh;
1709 struct ifnet *dst_if;
1710 struct bridge_softc *sc;
1712 if (m->m_len < ETHER_HDR_LEN) {
1713 m = m_pullup(m, ETHER_HDR_LEN);
1718 eh = mtod(m, struct ether_header *);
1719 sc = ifp->if_bridge;
1724 * If bridge is down, but the original output interface is up,
1725 * go ahead and send out that interface. Otherwise, the packet
1728 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1734 * If the packet is a multicast, or we don't know a better way to
1735 * get there, send to all interfaces.
1737 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1740 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1741 if (dst_if == NULL) {
1742 struct bridge_iflist *bif;
1744 int error = 0, used = 0;
1748 BRIDGE_LOCK2REF(sc, error);
1754 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1755 dst_if = bif->bif_ifp;
1757 if (dst_if->if_type == IFT_GIF)
1759 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
1763 * If this is not the original output interface,
1764 * and the interface is participating in spanning
1765 * tree, make sure the port is in a state that
1766 * allows forwarding.
1768 if (dst_if != ifp && (bif->bif_flags & IFBIF_STP) &&
1769 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
1772 if (LIST_NEXT(bif, bif_next) == NULL) {
1776 mc = m_copypacket(m, M_DONTWAIT);
1778 sc->sc_ifp->if_oerrors++;
1783 bridge_enqueue(sc, dst_if, mc);
1793 * XXX Spanning tree consideration here?
1797 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1804 bridge_enqueue(sc, dst_if, m);
1811 * Start output on a bridge.
1815 bridge_start(struct ifnet *ifp)
1817 struct bridge_softc *sc;
1819 struct ether_header *eh;
1820 struct ifnet *dst_if;
1824 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
1826 IFQ_DEQUEUE(&ifp->if_snd, m);
1831 eh = mtod(m, struct ether_header *);
1835 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1836 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1840 bridge_broadcast(sc, ifp, m, 0);
1843 bridge_enqueue(sc, dst_if, m);
1846 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1852 * The forwarding function of the bridge.
1854 * NOTE: Releases the lock on return.
1857 bridge_forward(struct bridge_softc *sc, struct mbuf *m)
1859 struct bridge_iflist *bif;
1860 struct ifnet *src_if, *dst_if, *ifp;
1861 struct ether_header *eh;
1863 src_if = m->m_pkthdr.rcvif;
1866 sc->sc_ifp->if_ipackets++;
1867 sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
1870 * Look up the bridge_iflist.
1872 bif = bridge_lookup_member_if(sc, src_if);
1874 /* Interface is not a bridge member (anymore?) */
1880 if ((bif->bif_flags & IFBIF_STP) &&
1881 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
1887 eh = mtod(m, struct ether_header *);
1890 * If the interface is learning, and the source
1891 * address is valid and not multicast, record
1894 if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
1895 ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
1896 (eh->ether_shost[0] == 0 &&
1897 eh->ether_shost[1] == 0 &&
1898 eh->ether_shost[2] == 0 &&
1899 eh->ether_shost[3] == 0 &&
1900 eh->ether_shost[4] == 0 &&
1901 eh->ether_shost[5] == 0) == 0) {
1902 (void) bridge_rtupdate(sc, eh->ether_shost,
1903 src_if, 0, IFBAF_DYNAMIC);
1906 if ((bif->bif_flags & IFBIF_STP) != 0 &&
1907 bif->bif_stp.bp_state == BSTP_IFSTATE_LEARNING) {
1914 * At this point, the port either doesn't participate
1915 * in spanning tree or it is in the forwarding state.
1919 * If the packet is unicast, destined for someone on
1920 * "this" side of the bridge, drop it.
1922 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1923 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1924 if (src_if == dst_if) {
1930 /* ...forward it to all interfaces. */
1931 sc->sc_ifp->if_imcasts++;
1936 * If we have a destination interface which is a member of our bridge,
1937 * OR this is a unicast packet, push it through the bpf(4) machinery.
1938 * For broadcast or multicast packets, don't bother because it will
1939 * be reinjected into ether_input. We do this before we pass the packets
1940 * through the pfil(9) framework, as it is possible that pfil(9) will
1941 * drop the packet, or possibly modify it, making it difficult to debug
1942 * firewall issues on the bridge.
1944 if (dst_if != NULL || (m->m_flags & (M_BCAST | M_MCAST)) == 0)
1947 /* run the packet filter */
1948 if (PFIL_HOOKED(&inet_pfil_hook)
1950 || PFIL_HOOKED(&inet6_pfil_hook)
1954 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
1961 if (dst_if == NULL) {
1962 bridge_broadcast(sc, src_if, m, 1);
1967 * At this point, we're dealing with a unicast frame
1968 * going to a different interface.
1970 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1975 bif = bridge_lookup_member_if(sc, dst_if);
1977 /* Not a member of the bridge (anymore?) */
1983 if ((bif->bif_flags & IFBIF_STP) &&
1984 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
1992 if (PFIL_HOOKED(&inet_pfil_hook)
1994 || PFIL_HOOKED(&inet6_pfil_hook)
1997 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
2003 bridge_enqueue(sc, dst_if, m);
2009 * Receive input from a member interface. Queue the packet for
2010 * bridging if it is not for us.
2012 static struct mbuf *
2013 bridge_input(struct ifnet *ifp, struct mbuf *m)
2015 struct bridge_softc *sc = ifp->if_bridge;
2016 struct bridge_iflist *bif;
2018 struct ether_header *eh;
2019 struct mbuf *mc, *mc2;
2021 if ((sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
2027 * Implement support for bridge monitoring. If this flag has been
2028 * set on this interface, discard the packet once we push it through
2029 * the bpf(4) machinery, but before we do, increment the byte and
2030 * packet counters associated with this interface.
2032 if ((bifp->if_flags & IFF_MONITOR) != 0) {
2033 m->m_pkthdr.rcvif = bifp;
2035 bifp->if_ipackets++;
2036 bifp->if_ibytes += m->m_pkthdr.len;
2041 bif = bridge_lookup_member_if(sc, ifp);
2047 eh = mtod(m, struct ether_header *);
2049 if (memcmp(eh->ether_dhost, IF_LLADDR(bifp),
2050 ETHER_ADDR_LEN) == 0) {
2052 * If the packet is for us, set the packets source as the
2053 * bridge, and return the packet back to ether_input for
2057 /* Note where to send the reply to */
2058 if (bif->bif_flags & IFBIF_LEARNING)
2059 (void) bridge_rtupdate(sc,
2060 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
2062 /* Mark the packet as arriving on the bridge interface */
2063 m->m_pkthdr.rcvif = bifp;
2065 bifp->if_ipackets++;
2073 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
2074 /* Tap off 802.1D packets; they do not get forwarded. */
2075 if (memcmp(eh->ether_dhost, bstp_etheraddr,
2076 ETHER_ADDR_LEN) == 0) {
2077 m = bstp_input(&bif->bif_stp, ifp, m);
2084 if ((bif->bif_flags & IFBIF_STP) &&
2085 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2090 if (bcmp(etherbroadcastaddr, eh->ether_dhost,
2091 sizeof(etherbroadcastaddr)) == 0)
2092 m->m_flags |= M_BCAST;
2094 m->m_flags |= M_MCAST;
2097 * Make a deep copy of the packet and enqueue the copy
2098 * for bridge processing; return the original packet for
2101 mc = m_dup(m, M_DONTWAIT);
2107 /* Perform the bridge forwarding function with the copy. */
2108 bridge_forward(sc, mc);
2111 * Reinject the mbuf as arriving on the bridge so we have a
2112 * chance at claiming multicast packets. We can not loop back
2113 * here from ether_input as a bridge is never a member of a
2116 KASSERT(bifp->if_bridge == NULL,
2117 ("loop created in bridge_input"));
2118 mc2 = m_dup(m, M_DONTWAIT);
2120 /* Keep the layer3 header aligned */
2121 int i = min(mc2->m_pkthdr.len, max_protohdr);
2122 mc2 = m_copyup(mc2, i, ETHER_ALIGN);
2125 mc2->m_pkthdr.rcvif = bifp;
2126 (*bifp->if_input)(bifp, mc2);
2129 /* Return the original packet for local processing. */
2133 if ((bif->bif_flags & IFBIF_STP) &&
2134 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING) {
2140 * Unicast. Make sure it's not for us.
2142 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2143 if (bif->bif_ifp->if_type == IFT_GIF)
2145 /* It is destined for us. */
2146 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost,
2147 ETHER_ADDR_LEN) == 0
2149 || (bif->bif_ifp->if_carp
2150 && carp_forus(bif->bif_ifp->if_carp, eh->ether_dhost))
2153 if (bif->bif_flags & IFBIF_LEARNING)
2154 (void) bridge_rtupdate(sc,
2155 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
2156 m->m_pkthdr.rcvif = bif->bif_ifp;
2161 /* We just received a packet that we sent out. */
2162 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost,
2163 ETHER_ADDR_LEN) == 0
2165 || (bif->bif_ifp->if_carp
2166 && carp_forus(bif->bif_ifp->if_carp, eh->ether_shost))
2175 /* Perform the bridge forwarding function. */
2176 bridge_forward(sc, m);
2184 * Send a frame to all interfaces that are members of
2185 * the bridge, except for the one on which the packet
2188 * NOTE: Releases the lock on return.
2191 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
2192 struct mbuf *m, int runfilt)
2194 struct bridge_iflist *bif;
2196 struct ifnet *dst_if;
2197 int error = 0, used = 0, i;
2199 BRIDGE_LOCK2REF(sc, error);
2205 /* Filter on the bridge interface before broadcasting */
2206 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2208 || PFIL_HOOKED(&inet6_pfil_hook)
2211 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
2217 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
2218 dst_if = bif->bif_ifp;
2219 if (dst_if == src_if)
2222 if ((bif->bif_flags & IFBIF_STP) &&
2223 bif->bif_stp.bp_state == BSTP_IFSTATE_DISCARDING)
2226 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
2227 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
2230 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2233 if (LIST_NEXT(bif, bif_next) == NULL) {
2237 mc = m_dup(m, M_DONTWAIT);
2239 sc->sc_ifp->if_oerrors++;
2245 * Filter on the output interface. Pass a NULL bridge interface
2246 * pointer so we do not redundantly filter on the bridge for
2247 * each interface we broadcast on.
2249 if (runfilt && (PFIL_HOOKED(&inet_pfil_hook)
2251 || PFIL_HOOKED(&inet6_pfil_hook)
2255 /* Keep the layer3 header aligned */
2256 i = min(mc->m_pkthdr.len, max_protohdr);
2257 mc = m_copyup(mc, i, ETHER_ALIGN);
2259 sc->sc_ifp->if_oerrors++;
2263 if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
2269 bridge_enqueue(sc, dst_if, mc);
2281 * Duplicate a packet out one or more interfaces that are in span mode,
2282 * the original mbuf is unmodified.
2285 bridge_span(struct bridge_softc *sc, struct mbuf *m)
2287 struct bridge_iflist *bif;
2288 struct ifnet *dst_if;
2291 if (LIST_EMPTY(&sc->sc_spanlist))
2294 LIST_FOREACH(bif, &sc->sc_spanlist, bif_next) {
2295 dst_if = bif->bif_ifp;
2297 if ((dst_if->if_drv_flags & IFF_DRV_RUNNING) == 0)
2300 mc = m_copypacket(m, M_DONTWAIT);
2302 sc->sc_ifp->if_oerrors++;
2306 bridge_enqueue(sc, dst_if, mc);
2313 * Add a bridge routing entry.
2316 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
2317 struct ifnet *dst_if, int setflags, uint8_t flags)
2319 struct bridge_rtnode *brt;
2322 BRIDGE_LOCK_ASSERT(sc);
2325 * A route for this destination might already exist. If so,
2326 * update it, otherwise create a new one.
2328 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
2329 if (sc->sc_brtcnt >= sc->sc_brtmax) {
2330 sc->sc_brtexceeded++;
2335 * Allocate a new bridge forwarding node, and
2336 * initialize the expiration time and Ethernet
2339 brt = uma_zalloc(bridge_rtnode_zone, M_NOWAIT | M_ZERO);
2343 brt->brt_flags = IFBAF_DYNAMIC;
2344 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
2346 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
2347 uma_zfree(bridge_rtnode_zone, brt);
2352 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2353 brt->brt_ifp = dst_if;
2354 if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2355 brt->brt_expire = time_uptime + sc->sc_brttimeout;
2357 brt->brt_flags = flags;
2365 * Lookup the destination interface for an address.
2367 static struct ifnet *
2368 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
2370 struct bridge_rtnode *brt;
2372 BRIDGE_LOCK_ASSERT(sc);
2374 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2377 return (brt->brt_ifp);
2383 * Trim the routine table so that we have a number
2384 * of routing entries less than or equal to the
2388 bridge_rttrim(struct bridge_softc *sc)
2390 struct bridge_rtnode *brt, *nbrt;
2392 BRIDGE_LOCK_ASSERT(sc);
2394 /* Make sure we actually need to do this. */
2395 if (sc->sc_brtcnt <= sc->sc_brtmax)
2398 /* Force an aging cycle; this might trim enough addresses. */
2400 if (sc->sc_brtcnt <= sc->sc_brtmax)
2403 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2404 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2405 bridge_rtnode_destroy(sc, brt);
2406 if (sc->sc_brtcnt <= sc->sc_brtmax)
2415 * Aging timer for the bridge.
2418 bridge_timer(void *arg)
2420 struct bridge_softc *sc = arg;
2422 BRIDGE_LOCK_ASSERT(sc);
2426 if (sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING)
2427 callout_reset(&sc->sc_brcallout,
2428 bridge_rtable_prune_period * hz, bridge_timer, sc);
2434 * Perform an aging cycle.
2437 bridge_rtage(struct bridge_softc *sc)
2439 struct bridge_rtnode *brt, *nbrt;
2441 BRIDGE_LOCK_ASSERT(sc);
2443 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2444 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
2445 if (time_uptime >= brt->brt_expire)
2446 bridge_rtnode_destroy(sc, brt);
2454 * Remove all dynamic addresses from the bridge.
2457 bridge_rtflush(struct bridge_softc *sc, int full)
2459 struct bridge_rtnode *brt, *nbrt;
2461 BRIDGE_LOCK_ASSERT(sc);
2463 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2464 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2465 bridge_rtnode_destroy(sc, brt);
2472 * Remove an address from the table.
2475 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
2477 struct bridge_rtnode *brt;
2479 BRIDGE_LOCK_ASSERT(sc);
2481 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
2484 bridge_rtnode_destroy(sc, brt);
2491 * Delete routes to a speicifc member interface.
2494 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
2496 struct bridge_rtnode *brt, *nbrt;
2498 BRIDGE_LOCK_ASSERT(sc);
2500 LIST_FOREACH_SAFE(brt, &sc->sc_rtlist, brt_list, nbrt) {
2501 if (brt->brt_ifp == ifp && (full ||
2502 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
2503 bridge_rtnode_destroy(sc, brt);
2508 * bridge_rtable_init:
2510 * Initialize the route table for this bridge.
2513 bridge_rtable_init(struct bridge_softc *sc)
2517 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
2518 M_DEVBUF, M_NOWAIT);
2519 if (sc->sc_rthash == NULL)
2522 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
2523 LIST_INIT(&sc->sc_rthash[i]);
2525 sc->sc_rthash_key = arc4random();
2527 LIST_INIT(&sc->sc_rtlist);
2533 * bridge_rtable_fini:
2535 * Deconstruct the route table for this bridge.
2538 bridge_rtable_fini(struct bridge_softc *sc)
2541 free(sc->sc_rthash, M_DEVBUF);
2545 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
2546 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
2548 #define mix(a, b, c) \
2550 a -= b; a -= c; a ^= (c >> 13); \
2551 b -= c; b -= a; b ^= (a << 8); \
2552 c -= a; c -= b; c ^= (b >> 13); \
2553 a -= b; a -= c; a ^= (c >> 12); \
2554 b -= c; b -= a; b ^= (a << 16); \
2555 c -= a; c -= b; c ^= (b >> 5); \
2556 a -= b; a -= c; a ^= (c >> 3); \
2557 b -= c; b -= a; b ^= (a << 10); \
2558 c -= a; c -= b; c ^= (b >> 15); \
2559 } while (/*CONSTCOND*/0)
2561 static __inline uint32_t
2562 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
2564 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2575 return (c & BRIDGE_RTHASH_MASK);
2581 bridge_rtnode_addr_cmp(const uint8_t *a, const uint8_t *b)
2585 for (i = 0, d = 0; i < ETHER_ADDR_LEN && d == 0; i++) {
2586 d = ((int)a[i]) - ((int)b[i]);
2593 * bridge_rtnode_lookup:
2595 * Look up a bridge route node for the specified destination.
2597 static struct bridge_rtnode *
2598 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
2600 struct bridge_rtnode *brt;
2604 BRIDGE_LOCK_ASSERT(sc);
2606 hash = bridge_rthash(sc, addr);
2607 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2608 dir = bridge_rtnode_addr_cmp(addr, brt->brt_addr);
2619 * bridge_rtnode_insert:
2621 * Insert the specified bridge node into the route table. We
2622 * assume the entry is not already in the table.
2625 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2627 struct bridge_rtnode *lbrt;
2631 BRIDGE_LOCK_ASSERT(sc);
2633 hash = bridge_rthash(sc, brt->brt_addr);
2635 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2637 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2642 dir = bridge_rtnode_addr_cmp(brt->brt_addr, lbrt->brt_addr);
2646 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2649 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2650 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2653 lbrt = LIST_NEXT(lbrt, brt_hash);
2654 } while (lbrt != NULL);
2657 panic("bridge_rtnode_insert: impossible");
2661 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2668 * bridge_rtnode_destroy:
2670 * Destroy a bridge rtnode.
2673 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2675 BRIDGE_LOCK_ASSERT(sc);
2677 LIST_REMOVE(brt, brt_hash);
2679 LIST_REMOVE(brt, brt_list);
2681 uma_zfree(bridge_rtnode_zone, brt);
2685 * bridge_rtable_expire:
2687 * Set the expiry time for all routes on an interface.
2690 bridge_rtable_expire(struct ifnet *ifp, int age)
2692 struct bridge_softc *sc = ifp->if_bridge;
2693 struct bridge_rtnode *brt;
2698 * If the age is zero then flush, otherwise set all the expiry times to
2699 * age for the interface
2702 bridge_rtdelete(sc, ifp, IFBF_FLUSHDYN);
2704 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
2705 /* Cap the expiry time to 'age' */
2706 if (brt->brt_ifp == ifp &&
2707 brt->brt_expire > time_uptime + age &&
2708 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
2709 brt->brt_expire = time_uptime + age;
2716 * bridge_state_change:
2718 * Callback from the bridgestp code when a port changes states.
2721 bridge_state_change(struct ifnet *ifp, int state)
2723 struct bridge_softc *sc = ifp->if_bridge;
2724 static const char *stpstates[] = {
2734 log(LOG_NOTICE, "%s: state changed to %s on %s\n",
2735 sc->sc_ifp->if_xname, stpstates[state], ifp->if_xname);
2739 * Send bridge packets through pfil if they are one of the types pfil can deal
2740 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2741 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2745 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2747 int snap, error, i, hlen;
2748 struct ether_header *eh1, eh2;
2749 struct ip_fw_args args;
2752 u_int16_t ether_type;
2755 error = -1; /* Default error if not error == 0 */
2757 /* we may return with the IP fields swapped, ensure its not shared */
2758 KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
2760 if (pfil_bridge == 0 && pfil_member == 0 && pfil_ipfw == 0)
2761 return (0); /* filtering is disabled */
2763 i = min((*mp)->m_pkthdr.len, max_protohdr);
2764 if ((*mp)->m_len < i) {
2765 *mp = m_pullup(*mp, i);
2767 printf("%s: m_pullup failed\n", __func__);
2772 eh1 = mtod(*mp, struct ether_header *);
2773 ether_type = ntohs(eh1->ether_type);
2776 * Check for SNAP/LLC.
2778 if (ether_type < ETHERMTU) {
2779 struct llc *llc2 = (struct llc *)(eh1 + 1);
2781 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
2782 llc2->llc_dsap == LLC_SNAP_LSAP &&
2783 llc2->llc_ssap == LLC_SNAP_LSAP &&
2784 llc2->llc_control == LLC_UI) {
2785 ether_type = htons(llc2->llc_un.type_snap.ether_type);
2791 * If we're trying to filter bridge traffic, don't look at anything
2792 * other than IP and ARP traffic. If the filter doesn't understand
2793 * IPv6, don't allow IPv6 through the bridge either. This is lame
2794 * since if we really wanted, say, an AppleTalk filter, we are hosed,
2795 * but of course we don't have an AppleTalk filter to begin with.
2796 * (Note that since pfil doesn't understand ARP it will pass *ALL*
2799 switch (ether_type) {
2801 case ETHERTYPE_REVARP:
2802 if (pfil_ipfw_arp == 0)
2803 return (0); /* Automatically pass */
2808 case ETHERTYPE_IPV6:
2813 * Check to see if the user wants to pass non-ip
2814 * packets, these will not be checked by pfil(9) and
2815 * passed unconditionally so the default is to drop.
2821 /* Strip off the Ethernet header and keep a copy. */
2822 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
2823 m_adj(*mp, ETHER_HDR_LEN);
2825 /* Strip off snap header, if present */
2827 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
2828 m_adj(*mp, sizeof(struct llc));
2832 * Check the IP header for alignment and errors
2834 if (dir == PFIL_IN) {
2835 switch (ether_type) {
2837 error = bridge_ip_checkbasic(mp);
2840 case ETHERTYPE_IPV6:
2841 error = bridge_ip6_checkbasic(mp);
2851 if (IPFW_LOADED && pfil_ipfw != 0 && dir == PFIL_OUT && ifp != NULL) {
2853 args.rule = ip_dn_claim_rule(*mp);
2854 if (args.rule != NULL && fw_one_pass)
2855 goto ipfwpass; /* packet already partially processed */
2859 args.next_hop = NULL;
2861 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
2862 i = ip_fw_chk_ptr(&args);
2868 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
2870 /* put the Ethernet header back on */
2871 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
2874 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2877 * Pass the pkt to dummynet, which consumes it. The
2878 * packet will return to us via bridge_dummynet().
2881 ip_dn_io_ptr(*mp, DN_TO_IFB_FWD, &args);
2885 if (i != IP_FW_PASS) /* drop */
2893 * Run the packet through pfil
2895 switch (ether_type) {
2898 * before calling the firewall, swap fields the same as
2899 * IP does. here we assume the header is contiguous
2901 ip = mtod(*mp, struct ip *);
2903 ip->ip_len = ntohs(ip->ip_len);
2904 ip->ip_off = ntohs(ip->ip_off);
2907 * Run pfil on the member interface and the bridge, both can
2908 * be skipped by clearing pfil_member or pfil_bridge.
2911 * in_if -> bridge_if -> out_if
2913 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2914 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2917 if (*mp == NULL || error != 0) /* filter may consume */
2920 if (pfil_member && ifp != NULL)
2921 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp,
2924 if (*mp == NULL || error != 0) /* filter may consume */
2927 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2928 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2931 if (*mp == NULL || error != 0) /* filter may consume */
2934 /* check if we need to fragment the packet */
2935 if (pfil_member && ifp != NULL && dir == PFIL_OUT) {
2936 i = (*mp)->m_pkthdr.len;
2937 if (i > ifp->if_mtu) {
2938 error = bridge_fragment(ifp, *mp, &eh2, snap,
2944 /* Recalculate the ip checksum and restore byte ordering */
2945 ip = mtod(*mp, struct ip *);
2946 hlen = ip->ip_hl << 2;
2947 if (hlen < sizeof(struct ip))
2949 if (hlen > (*mp)->m_len) {
2950 if ((*mp = m_pullup(*mp, hlen)) == 0)
2952 ip = mtod(*mp, struct ip *);
2956 ip->ip_len = htons(ip->ip_len);
2957 ip->ip_off = htons(ip->ip_off);
2959 if (hlen == sizeof(struct ip))
2960 ip->ip_sum = in_cksum_hdr(ip);
2962 ip->ip_sum = in_cksum(*mp, hlen);
2966 case ETHERTYPE_IPV6:
2967 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2968 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2971 if (*mp == NULL || error != 0) /* filter may consume */
2974 if (pfil_member && ifp != NULL)
2975 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp,
2978 if (*mp == NULL || error != 0) /* filter may consume */
2981 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2982 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2999 * Finally, put everything back the way it was and return
3002 M_PREPEND(*mp, sizeof(struct llc), M_DONTWAIT);
3005 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
3008 M_PREPEND(*mp, ETHER_HDR_LEN, M_DONTWAIT);
3011 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
3022 * Perform basic checks on header size since
3023 * pfil assumes ip_input has already processed
3024 * it for it. Cut-and-pasted from ip_input.c.
3025 * Given how simple the IPv6 version is,
3026 * does the IPv4 version really need to be
3029 * XXX Should we update ipstat here, or not?
3030 * XXX Right now we update ipstat but not
3034 bridge_ip_checkbasic(struct mbuf **mp)
3036 struct mbuf *m = *mp;
3044 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3045 if ((m = m_copyup(m, sizeof(struct ip),
3046 (max_linkhdr + 3) & ~3)) == NULL) {
3047 /* XXXJRT new stat, please */
3048 ipstat.ips_toosmall++;
3051 } else if (__predict_false(m->m_len < sizeof (struct ip))) {
3052 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
3053 ipstat.ips_toosmall++;
3057 ip = mtod(m, struct ip *);
3058 if (ip == NULL) goto bad;
3060 if (ip->ip_v != IPVERSION) {
3061 ipstat.ips_badvers++;
3064 hlen = ip->ip_hl << 2;
3065 if (hlen < sizeof(struct ip)) { /* minimum header length */
3066 ipstat.ips_badhlen++;
3069 if (hlen > m->m_len) {
3070 if ((m = m_pullup(m, hlen)) == 0) {
3071 ipstat.ips_badhlen++;
3074 ip = mtod(m, struct ip *);
3075 if (ip == NULL) goto bad;
3078 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
3079 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
3081 if (hlen == sizeof(struct ip)) {
3082 sum = in_cksum_hdr(ip);
3084 sum = in_cksum(m, hlen);
3088 ipstat.ips_badsum++;
3092 /* Retrieve the packet length. */
3093 len = ntohs(ip->ip_len);
3096 * Check for additional length bogosity
3099 ipstat.ips_badlen++;
3104 * Check that the amount of data in the buffers
3105 * is as at least much as the IP header would have us expect.
3106 * Drop packet if shorter than we expect.
3108 if (m->m_pkthdr.len < len) {
3109 ipstat.ips_tooshort++;
3113 /* Checks out, proceed */
3124 * Same as above, but for IPv6.
3125 * Cut-and-pasted from ip6_input.c.
3126 * XXX Should we update ip6stat, or not?
3129 bridge_ip6_checkbasic(struct mbuf **mp)
3131 struct mbuf *m = *mp;
3132 struct ip6_hdr *ip6;
3135 * If the IPv6 header is not aligned, slurp it up into a new
3136 * mbuf with space for link headers, in the event we forward
3137 * it. Otherwise, if it is aligned, make sure the entire base
3138 * IPv6 header is in the first mbuf of the chain.
3140 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
3141 struct ifnet *inifp = m->m_pkthdr.rcvif;
3142 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
3143 (max_linkhdr + 3) & ~3)) == NULL) {
3144 /* XXXJRT new stat, please */
3145 ip6stat.ip6s_toosmall++;
3146 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3149 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
3150 struct ifnet *inifp = m->m_pkthdr.rcvif;
3151 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
3152 ip6stat.ip6s_toosmall++;
3153 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
3158 ip6 = mtod(m, struct ip6_hdr *);
3160 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
3161 ip6stat.ip6s_badvers++;
3162 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
3166 /* Checks out, proceed */
3179 * Return a fragmented mbuf chain.
3182 bridge_fragment(struct ifnet *ifp, struct mbuf *m, struct ether_header *eh,
3183 int snap, struct llc *llc)
3189 if (m->m_len < sizeof(struct ip) &&
3190 (m = m_pullup(m, sizeof(struct ip))) == NULL)
3192 ip = mtod(m, struct ip *);
3194 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist,
3199 /* walk the chain and re-add the Ethernet header */
3200 for (m0 = m; m0; m0 = m0->m_nextpkt) {
3203 M_PREPEND(m0, sizeof(struct llc), M_DONTWAIT);
3208 bcopy(llc, mtod(m0, caddr_t),
3209 sizeof(struct llc));
3211 M_PREPEND(m0, ETHER_HDR_LEN, M_DONTWAIT);
3216 bcopy(eh, mtod(m0, caddr_t), ETHER_HDR_LEN);
3222 ipstat.ips_fragmented++;
projects / FreeBSD / FreeBSD.git / blob