2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2003 IPNET Internet Communication Company
5 * Copyright (c) 2011 - 2012 Rozhuk Ivan <rozhuk.im@gmail.com>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * Author: Ruslan Ermilov <ru@FreeBSD.org>
34 #include <sys/param.h>
35 #include <sys/errno.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
39 #include <sys/queue.h>
40 #include <sys/socket.h>
41 #include <sys/systm.h>
43 #include <net/ethernet.h>
45 #include <net/if_vlan_var.h>
47 #include <netgraph/ng_message.h>
48 #include <netgraph/ng_parse.h>
49 #include <netgraph/ng_vlan.h>
50 #include <netgraph/netgraph.h>
52 struct ng_vlan_private {
53 hook_p downstream_hook;
55 uint32_t decap_enable;
56 uint32_t encap_enable;
58 hook_p vlan_hook[(EVL_VLID_MASK + 1)];
60 typedef struct ng_vlan_private *priv_p;
62 #define ETHER_VLAN_HDR_LEN (ETHER_HDR_LEN + ETHER_VLAN_ENCAP_LEN)
63 #define VLAN_TAG_MASK 0xFFFF
64 #define HOOK_VLAN_TAG_SET_MASK ((uintptr_t)((~0) & ~(VLAN_TAG_MASK)))
65 #define IS_HOOK_VLAN_SET(hdata) \
66 ((((uintptr_t)hdata) & HOOK_VLAN_TAG_SET_MASK) == HOOK_VLAN_TAG_SET_MASK)
68 static ng_constructor_t ng_vlan_constructor;
69 static ng_rcvmsg_t ng_vlan_rcvmsg;
70 static ng_shutdown_t ng_vlan_shutdown;
71 static ng_newhook_t ng_vlan_newhook;
72 static ng_rcvdata_t ng_vlan_rcvdata;
73 static ng_disconnect_t ng_vlan_disconnect;
75 /* Parse type for struct ng_vlan_filter. */
76 static const struct ng_parse_struct_field ng_vlan_filter_fields[] =
77 NG_VLAN_FILTER_FIELDS;
78 static const struct ng_parse_type ng_vlan_filter_type = {
79 &ng_parse_struct_type,
80 &ng_vlan_filter_fields
84 ng_vlan_getTableLength(const struct ng_parse_type *type,
85 const u_char *start, const u_char *buf)
87 const struct ng_vlan_table *const table =
88 (const struct ng_vlan_table *)(buf - sizeof(u_int32_t));
93 /* Parse type for struct ng_vlan_table. */
94 static const struct ng_parse_array_info ng_vlan_table_array_info = {
96 ng_vlan_getTableLength
98 static const struct ng_parse_type ng_vlan_table_array_type = {
100 &ng_vlan_table_array_info
102 static const struct ng_parse_struct_field ng_vlan_table_fields[] =
103 NG_VLAN_TABLE_FIELDS;
104 static const struct ng_parse_type ng_vlan_table_type = {
105 &ng_parse_struct_type,
106 &ng_vlan_table_fields
109 /* List of commands and how to convert arguments to/from ASCII. */
110 static const struct ng_cmdlist ng_vlan_cmdlist[] = {
115 &ng_vlan_filter_type,
122 &ng_parse_hookbuf_type,
134 NGM_VLAN_DEL_VID_FLT,
136 &ng_parse_uint16_type,
144 &ng_parse_hint32_type
150 &ng_parse_hint32_type,
158 &ng_parse_hint32_type
164 &ng_parse_hint32_type,
169 NGM_VLAN_GET_ENCAP_PROTO,
172 &ng_parse_hint16_type
176 NGM_VLAN_SET_ENCAP_PROTO,
178 &ng_parse_hint16_type,
184 static struct ng_type ng_vlan_typestruct = {
185 .version = NG_ABI_VERSION,
186 .name = NG_VLAN_NODE_TYPE,
187 .constructor = ng_vlan_constructor,
188 .rcvmsg = ng_vlan_rcvmsg,
189 .shutdown = ng_vlan_shutdown,
190 .newhook = ng_vlan_newhook,
191 .rcvdata = ng_vlan_rcvdata,
192 .disconnect = ng_vlan_disconnect,
193 .cmdlist = ng_vlan_cmdlist,
195 NETGRAPH_INIT(vlan, &ng_vlan_typestruct);
202 m_chk(struct mbuf **mp, int len)
205 if ((*mp)->m_pkthdr.len < len) {
210 if ((*mp)->m_len < len && ((*mp) = m_pullup((*mp), len)) == NULL)
217 * Netgraph node functions.
221 ng_vlan_constructor(node_p node)
225 priv = malloc(sizeof(*priv), M_NETGRAPH, M_WAITOK | M_ZERO);
226 priv->decap_enable = 0;
227 priv->encap_enable = VLAN_ENCAP_FROM_FILTER;
228 priv->encap_proto = htons(ETHERTYPE_VLAN);
229 NG_NODE_SET_PRIVATE(node, priv);
234 ng_vlan_newhook(node_p node, hook_p hook, const char *name)
236 const priv_p priv = NG_NODE_PRIVATE(node);
238 if (strcmp(name, NG_VLAN_HOOK_DOWNSTREAM) == 0)
239 priv->downstream_hook = hook;
240 else if (strcmp(name, NG_VLAN_HOOK_NOMATCH) == 0)
241 priv->nomatch_hook = hook;
244 * Any other hook name is valid and can
245 * later be associated with a filter rule.
248 NG_HOOK_SET_PRIVATE(hook, NULL);
253 ng_vlan_rcvmsg(node_p node, item_p item, hook_p lasthook)
255 const priv_p priv = NG_NODE_PRIVATE(node);
256 struct ng_mesg *msg, *resp = NULL;
257 struct ng_vlan_filter *vf;
259 struct ng_vlan_table *t;
265 NGI_GET_MSG(item, msg);
266 /* Deal with message according to cookie and command. */
267 switch (msg->header.typecookie) {
268 case NGM_VLAN_COOKIE:
269 switch (msg->header.cmd) {
270 case NGM_VLAN_ADD_FILTER:
271 /* Check that message is long enough. */
272 if (msg->header.arglen != sizeof(*vf)) {
276 vf = (struct ng_vlan_filter *)msg->data;
277 /* Sanity check the VLAN ID value. */
278 #ifdef NG_VLAN_USE_OLD_VLAN_NAME
279 if (vf->vid == 0 && vf->vid != vf->vlan) {
281 } else if (vf->vid != 0 && vf->vlan != 0 &&
282 vf->vid != vf->vlan) {
287 if (vf->vid & ~EVL_VLID_MASK ||
293 /* Check that a referenced hook exists. */
294 hook = ng_findhook(node, vf->hook_name);
299 /* And is not one of the special hooks. */
300 if (hook == priv->downstream_hook ||
301 hook == priv->nomatch_hook) {
305 /* And is not already in service. */
306 if (IS_HOOK_VLAN_SET(NG_HOOK_PRIVATE(hook))) {
310 /* Check we don't already trap this VLAN. */
311 if (priv->vlan_hook[vf->vid] != NULL) {
315 /* Link vlan and hook together. */
316 NG_HOOK_SET_PRIVATE(hook,
317 (void *)(HOOK_VLAN_TAG_SET_MASK |
318 EVL_MAKETAG(vf->vid, vf->pcp, vf->cfi)));
319 priv->vlan_hook[vf->vid] = hook;
321 case NGM_VLAN_DEL_FILTER:
322 /* Check that message is long enough. */
323 if (msg->header.arglen != NG_HOOKSIZ) {
327 /* Check that hook exists and is active. */
328 hook = ng_findhook(node, (char *)msg->data);
333 hook_data = (uintptr_t)NG_HOOK_PRIVATE(hook);
334 if (IS_HOOK_VLAN_SET(hook_data) == 0) {
339 KASSERT(priv->vlan_hook[EVL_VLANOFTAG(hook_data)] == hook,
340 ("%s: NGM_VLAN_DEL_FILTER: Invalid VID for Hook = %s\n",
341 __func__, (char *)msg->data));
343 /* Purge a rule that refers to this hook. */
344 priv->vlan_hook[EVL_VLANOFTAG(hook_data)] = NULL;
345 NG_HOOK_SET_PRIVATE(hook, NULL);
347 case NGM_VLAN_DEL_VID_FLT:
348 /* Check that message is long enough. */
349 if (msg->header.arglen != sizeof(uint16_t)) {
353 vid = (*((uint16_t *)msg->data));
354 /* Sanity check the VLAN ID value. */
355 if (vid & ~EVL_VLID_MASK) {
359 /* Check that hook exists and is active. */
360 hook = priv->vlan_hook[vid];
365 hook_data = (uintptr_t)NG_HOOK_PRIVATE(hook);
366 if (IS_HOOK_VLAN_SET(hook_data) == 0) {
371 KASSERT(EVL_VLANOFTAG(hook_data) == vid,
372 ("%s: NGM_VLAN_DEL_VID_FLT:"
373 " Invalid VID Hook = %us, must be: %us\n",
374 __func__, (uint16_t )EVL_VLANOFTAG(hook_data),
377 /* Purge a rule that refers to this hook. */
378 priv->vlan_hook[vid] = NULL;
379 NG_HOOK_SET_PRIVATE(hook, NULL);
381 case NGM_VLAN_GET_TABLE:
382 /* Calculate vlans. */
384 for (i = 0; i < (EVL_VLID_MASK + 1); i ++) {
385 if (priv->vlan_hook[i] != NULL &&
386 NG_HOOK_IS_VALID(priv->vlan_hook[i]))
390 /* Allocate memory for response. */
391 NG_MKRESPONSE(resp, msg, sizeof(*t) +
392 vlan_count * sizeof(*t->filter), M_NOWAIT);
398 /* Pack data to response. */
399 t = (struct ng_vlan_table *)resp->data;
402 for (i = 0; i < (EVL_VLID_MASK + 1); i ++) {
403 hook = priv->vlan_hook[i];
404 if (hook == NULL || NG_HOOK_NOT_VALID(hook))
406 hook_data = (uintptr_t)NG_HOOK_PRIVATE(hook);
407 if (IS_HOOK_VLAN_SET(hook_data) == 0)
410 KASSERT(EVL_VLANOFTAG(hook_data) == i,
411 ("%s: NGM_VLAN_GET_TABLE:"
412 " hook %s VID = %us, must be: %i\n",
413 __func__, NG_HOOK_NAME(hook),
414 (uint16_t)EVL_VLANOFTAG(hook_data), i));
416 #ifdef NG_VLAN_USE_OLD_VLAN_NAME
420 vf->pcp = EVL_PRIOFTAG(hook_data);
421 vf->cfi = EVL_CFIOFTAG(hook_data);
422 strncpy(vf->hook_name,
423 NG_HOOK_NAME(hook), NG_HOOKSIZ);
428 case NGM_VLAN_GET_DECAP:
429 NG_MKRESPONSE(resp, msg, sizeof(uint32_t), M_NOWAIT);
434 (*((uint32_t *)resp->data)) = priv->decap_enable;
436 case NGM_VLAN_SET_DECAP:
437 if (msg->header.arglen != sizeof(uint32_t)) {
441 priv->decap_enable = (*((uint32_t *)msg->data));
443 case NGM_VLAN_GET_ENCAP:
444 NG_MKRESPONSE(resp, msg, sizeof(uint32_t), M_NOWAIT);
449 (*((uint32_t *)resp->data)) = priv->encap_enable;
451 case NGM_VLAN_SET_ENCAP:
452 if (msg->header.arglen != sizeof(uint32_t)) {
456 priv->encap_enable = (*((uint32_t *)msg->data));
458 case NGM_VLAN_GET_ENCAP_PROTO:
459 NG_MKRESPONSE(resp, msg, sizeof(uint16_t), M_NOWAIT);
464 (*((uint16_t *)resp->data)) = ntohs(priv->encap_proto);
466 case NGM_VLAN_SET_ENCAP_PROTO:
467 if (msg->header.arglen != sizeof(uint16_t)) {
471 priv->encap_proto = htons((*((uint16_t *)msg->data)));
473 default: /* Unknown command. */
478 case NGM_FLOW_COOKIE:
480 struct ng_mesg *copy;
483 * Flow control messages should come only
487 if (lasthook == NULL)
489 if (lasthook != priv->downstream_hook)
491 /* Broadcast the event to all uplinks. */
492 for (i = 0; i < (EVL_VLID_MASK + 1); i ++) {
493 if (priv->vlan_hook[i] == NULL)
496 NG_COPYMESSAGE(copy, msg, M_NOWAIT);
499 NG_SEND_MSG_HOOK(error, node, copy,
500 priv->vlan_hook[i], 0);
504 default: /* Unknown type cookie. */
508 NG_RESPOND_MSG(error, node, item, resp);
514 ng_vlan_rcvdata(hook_p hook, item_p item)
516 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
517 struct ether_header *eh;
518 struct ether_vlan_header *evl;
521 uint16_t vid, eth_vtag;
527 /* Make sure we have an entire header. */
528 error = m_chk(&m, ETHER_HDR_LEN);
532 eh = mtod(m, struct ether_header *);
533 if (hook == priv->downstream_hook) {
535 * If from downstream, select between a match hook
536 * or the nomatch hook.
539 dst_hook = priv->nomatch_hook;
541 /* Skip packets without tag. */
542 if ((m->m_flags & M_VLANTAG) == 0 &&
543 eh->ether_type != priv->encap_proto) {
544 if (dst_hook == NULL)
549 /* Process packets with tag. */
550 if (m->m_flags & M_VLANTAG) {
552 * Packet is tagged, m contains a normal
553 * Ethernet frame; tag is stored out-of-band.
556 vid = EVL_VLANOFTAG(m->m_pkthdr.ether_vtag);
557 } else { /* eh->ether_type == priv->encap_proto */
558 error = m_chk(&m, ETHER_VLAN_HDR_LEN);
561 evl = mtod(m, struct ether_vlan_header *);
562 vid = EVL_VLANOFTAG(ntohs(evl->evl_tag));
565 if (priv->vlan_hook[vid] != NULL) {
567 * VLAN filter: always remove vlan tags and
568 * decapsulate packet.
570 dst_hook = priv->vlan_hook[vid];
571 if (evl == NULL) { /* m->m_flags & M_VLANTAG */
572 m->m_pkthdr.ether_vtag = 0;
573 m->m_flags &= ~M_VLANTAG;
576 } else { /* nomatch_hook */
577 if (dst_hook == NULL)
579 if (evl == NULL || priv->decap_enable == 0)
581 /* Save tag out-of-band. */
582 m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag);
583 m->m_flags |= M_VLANTAG;
588 * TPID = ether type encap
589 * Move DstMAC and SrcMAC to ETHER_TYPE.
591 * [dmac] [smac] [TPID] [PCP/CFI/VID] [ether_type] [payload]
592 * |-----------| >>>>>>>>>>>>>>>>>>>> |--------------------|
594 * [free space ] [dmac] [smac] [ether_type] [payload]
595 * |-----------| |--------------------|
597 bcopy((char *)evl, ((char *)evl + ETHER_VLAN_ENCAP_LEN),
598 (ETHER_ADDR_LEN * 2));
599 m_adj(m, ETHER_VLAN_ENCAP_LEN);
602 * It is heading towards the downstream.
603 * If from nomatch, pass it unmodified.
604 * Otherwise, do the VLAN encapsulation.
606 dst_hook = priv->downstream_hook;
607 if (dst_hook == NULL)
609 if (hook != priv->nomatch_hook) {/* Filter hook. */
610 hook_data = (uintptr_t)NG_HOOK_PRIVATE(hook);
611 if (IS_HOOK_VLAN_SET(hook_data) == 0) {
613 * Packet from hook not in filter
614 * call addfilter for this hook to fix.
619 eth_vtag = (hook_data & VLAN_TAG_MASK);
620 if ((priv->encap_enable & VLAN_ENCAP_FROM_FILTER) == 0) {
621 /* Just set packet header tag and send. */
622 m->m_flags |= M_VLANTAG;
623 m->m_pkthdr.ether_vtag = eth_vtag;
626 } else { /* nomatch_hook */
627 if ((priv->encap_enable & VLAN_ENCAP_FROM_NOMATCH) == 0 ||
628 (m->m_flags & M_VLANTAG) == 0)
630 /* Encapsulate tagged packet. */
631 eth_vtag = m->m_pkthdr.ether_vtag;
632 m->m_pkthdr.ether_vtag = 0;
633 m->m_flags &= ~M_VLANTAG;
637 * Transform the Ethernet header into an Ethernet header
638 * with 802.1Q encapsulation.
639 * Mod of: ether_vlanencap.
641 * TPID = ether type encap
642 * Move DstMAC and SrcMAC from ETHER_TYPE.
644 * [free space ] [dmac] [smac] [ether_type] [payload]
645 * <<<<<<<<<<<<< |-----------| |--------------------|
647 * [dmac] [smac] [TPID] [PCP/CFI/VID] [ether_type] [payload]
648 * |-----------| |-- inserted tag --| |--------------------|
650 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_NOWAIT);
654 error = m_chk(&m, ETHER_VLAN_HDR_LEN);
658 evl = mtod(m, struct ether_vlan_header *);
659 bcopy(((char *)evl + ETHER_VLAN_ENCAP_LEN),
660 (char *)evl, (ETHER_ADDR_LEN * 2));
661 evl->evl_encap_proto = priv->encap_proto;
662 evl->evl_tag = htons(eth_vtag);
666 NG_FWD_NEW_DATA(error, item, dst_hook, m);
678 ng_vlan_shutdown(node_p node)
680 const priv_p priv = NG_NODE_PRIVATE(node);
682 NG_NODE_SET_PRIVATE(node, NULL);
684 free(priv, M_NETGRAPH);
689 ng_vlan_disconnect(hook_p hook)
691 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
694 if (hook == priv->downstream_hook)
695 priv->downstream_hook = NULL;
696 else if (hook == priv->nomatch_hook)
697 priv->nomatch_hook = NULL;
699 /* Purge a rule that refers to this hook. */
700 hook_data = (uintptr_t)NG_HOOK_PRIVATE(hook);
701 if (IS_HOOK_VLAN_SET(hook_data))
702 priv->vlan_hook[EVL_VLANOFTAG(hook_data)] = NULL;
704 NG_HOOK_SET_PRIVATE(hook, NULL);
705 if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0) &&
706 (NG_NODE_IS_VALID(NG_HOOK_NODE(hook))))
707 ng_rmnode_self(NG_HOOK_NODE(hook));