1 /* 2 * Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.70.2.33 2003/04/28 15:45:53 archie Exp $ 35 * $DragonFly: src/sys/net/if_ethersubr.c,v 1.44 2007/10/01 12:56:36 sephe Exp $ 36 */ 37 38 #include "opt_atalk.h" 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipx.h" 42 #include "opt_netgraph.h" 43 #include "opt_carp.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/malloc.h> 49 #include <sys/mbuf.h> 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/sysctl.h> 53 54 #include <net/if.h> 55 #include <net/netisr.h> 56 #include <net/route.h> 57 #include <net/if_llc.h> 58 #include <net/if_dl.h> 59 #include <net/if_types.h> 60 #include <net/ifq_var.h> 61 #include <net/bpf.h> 62 #include <net/ethernet.h> 63 64 #if defined(INET) || defined(INET6) 65 #include <netinet/in.h> 66 #include <netinet/in_var.h> 67 #include <netinet/if_ether.h> 68 #include <net/ipfw/ip_fw.h> 69 #include <net/dummynet/ip_dummynet.h> 70 #endif 71 #ifdef INET6 72 #include <netinet6/nd6.h> 73 #endif 74 75 #ifdef CARP 76 #include <netinet/ip_carp.h> 77 #endif 78 79 #ifdef IPX 80 #include <netproto/ipx/ipx.h> 81 #include <netproto/ipx/ipx_if.h> 82 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 83 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, struct sockaddr *dst, 84 short *tp, int *hlen); 85 #endif 86 87 #ifdef NS 88 #include <netns/ns.h> 89 #include <netns/ns_if.h> 90 ushort ns_nettype; 91 int ether_outputdebug = 0; 92 int ether_inputdebug = 0; 93 #endif 94 95 #ifdef NETATALK 96 #include <netproto/atalk/at.h> 97 #include <netproto/atalk/at_var.h> 98 #include <netproto/atalk/at_extern.h> 99 100 #define llc_snap_org_code llc_un.type_snap.org_code 101 #define llc_snap_ether_type llc_un.type_snap.ether_type 102 103 extern u_char at_org_code[3]; 104 extern u_char aarp_org_code[3]; 105 #endif /* NETATALK */ 106 107 /* netgraph node hooks for ng_ether(4) */ 108 void (*ng_ether_input_p)(struct ifnet *ifp, 109 struct mbuf **mp, struct ether_header *eh); 110 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, 111 struct mbuf *m, struct ether_header *eh); 112 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 113 void (*ng_ether_attach_p)(struct ifnet *ifp); 114 void (*ng_ether_detach_p)(struct ifnet *ifp); 115 116 int (*vlan_input_p)(struct ether_header *eh, struct mbuf *m); 117 int (*vlan_input_tag_p)(struct mbuf *m, uint16_t t); 118 119 static int ether_output(struct ifnet *, struct mbuf *, struct sockaddr *, 120 struct rtentry *); 121 122 /* 123 * if_bridge support 124 */ 125 struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); 126 int (*bridge_output_p)(struct ifnet *, struct mbuf *, 127 struct sockaddr *, struct rtentry *); 128 void (*bridge_dn_p)(struct mbuf *, struct ifnet *); 129 130 static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 131 struct sockaddr *); 132 133 const uint8_t etherbroadcastaddr[ETHER_ADDR_LEN] = { 134 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 135 }; 136 137 #define gotoerr(e) do { error = (e); goto bad; } while (0) 138 #define IFP2AC(ifp) ((struct arpcom *)(ifp)) 139 140 static boolean_t ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 141 struct ip_fw **rule, struct ether_header *eh, 142 boolean_t shared); 143 144 static int ether_ipfw; 145 SYSCTL_DECL(_net_link); 146 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 147 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 148 ðer_ipfw, 0, "Pass ether pkts through firewall"); 149 150 /* 151 * Ethernet output routine. 152 * Encapsulate a packet of type family for the local net. 153 * Use trailer local net encapsulation if enough data in first 154 * packet leaves a multiple of 512 bytes of data in remainder. 155 * Assumes that ifp is actually pointer to arpcom structure. 156 */ 157 static int 158 ether_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 159 struct rtentry *rt) 160 { 161 struct ether_header *eh, *deh; 162 u_char *edst; 163 int loop_copy = 0; 164 int hlen = ETHER_HDR_LEN; /* link layer header length */ 165 struct arpcom *ac = IFP2AC(ifp); 166 int error; 167 168 ASSERT_SERIALIZED(ifp->if_serializer); 169 170 if (ifp->if_flags & IFF_MONITOR) 171 gotoerr(ENETDOWN); 172 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING)) 173 gotoerr(ENETDOWN); 174 175 M_PREPEND(m, sizeof(struct ether_header), MB_DONTWAIT); 176 if (m == NULL) 177 return (ENOBUFS); 178 eh = mtod(m, struct ether_header *); 179 edst = eh->ether_dhost; 180 181 /* 182 * Fill in the destination ethernet address and frame type. 183 */ 184 switch (dst->sa_family) { 185 #ifdef INET 186 case AF_INET: 187 if (!arpresolve(ifp, rt, m, dst, edst)) 188 return (0); /* if not yet resolved */ 189 eh->ether_type = htons(ETHERTYPE_IP); 190 break; 191 #endif 192 #ifdef INET6 193 case AF_INET6: 194 if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, edst)) 195 return (0); /* Something bad happenned. */ 196 eh->ether_type = htons(ETHERTYPE_IPV6); 197 break; 198 #endif 199 #ifdef IPX 200 case AF_IPX: 201 if (ef_outputp != NULL) { 202 error = ef_outputp(ifp, &m, dst, &eh->ether_type, 203 &hlen); 204 if (error) 205 goto bad; 206 } else { 207 eh->ether_type = htons(ETHERTYPE_IPX); 208 bcopy(&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 209 edst, ETHER_ADDR_LEN); 210 } 211 break; 212 #endif 213 #ifdef NETATALK 214 case AF_APPLETALK: { 215 struct at_ifaddr *aa; 216 217 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) { 218 error = 0; /* XXX */ 219 goto bad; 220 } 221 /* 222 * In the phase 2 case, need to prepend an mbuf for 223 * the llc header. Since we must preserve the value 224 * of m, which is passed to us by value, we m_copy() 225 * the first mbuf, and use it for our llc header. 226 */ 227 if (aa->aa_flags & AFA_PHASE2) { 228 struct llc llc; 229 230 M_PREPEND(m, sizeof(struct llc), MB_DONTWAIT); 231 eh = mtod(m, struct ether_header *); 232 edst = eh->ether_dhost; 233 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 234 llc.llc_control = LLC_UI; 235 bcopy(at_org_code, llc.llc_snap_org_code, 236 sizeof at_org_code); 237 llc.llc_snap_ether_type = htons(ETHERTYPE_AT); 238 bcopy(&llc, 239 mtod(m, caddr_t) + sizeof(struct ether_header), 240 sizeof(struct llc)); 241 eh->ether_type = htons(m->m_pkthdr.len); 242 hlen = sizeof(struct llc) + ETHER_HDR_LEN; 243 } else { 244 eh->ether_type = htons(ETHERTYPE_AT); 245 } 246 if (!aarpresolve(ac, m, (struct sockaddr_at *)dst, edst)) 247 return (0); 248 break; 249 } 250 #endif 251 #ifdef NS 252 case AF_NS: 253 switch(ns_nettype) { 254 default: 255 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 256 eh->ether_type = 0x8137; 257 break; 258 case 0x0: /* Novell 802.3 */ 259 eh->ether_type = htons(m->m_pkthdr.len); 260 break; 261 case 0xe0e0: /* Novell 802.2 and Token-Ring */ 262 M_PREPEND(m, 3, MB_DONTWAIT); 263 eh = mtod(m, struct ether_header *); 264 edst = eh->ether_dhost; 265 eh->ether_type = htons(m->m_pkthdr.len); 266 cp = mtod(m, u_char *) + sizeof(struct ether_header); 267 *cp++ = 0xE0; 268 *cp++ = 0xE0; 269 *cp++ = 0x03; 270 break; 271 } 272 bcopy(&(((struct sockaddr_ns *)dst)->sns_addr.x_host), edst, 273 ETHER_ADDR_LEN); 274 /* 275 * XXX if ns_thishost is the same as the node's ethernet 276 * address then just the default code will catch this anyhow. 277 * So I'm not sure if this next clause should be here at all? 278 * [JRE] 279 */ 280 if (bcmp(edst, &ns_thishost, ETHER_ADDR_LEN) == 0) { 281 m->m_pkthdr.rcvif = ifp; 282 netisr_dispatch(NETISR_NS, m); 283 return (error); 284 } 285 if (bcmp(edst, &ns_broadhost, ETHER_ADDR_LEN) == 0) 286 m->m_flags |= M_BCAST; 287 break; 288 #endif 289 case pseudo_AF_HDRCMPLT: 290 case AF_UNSPEC: 291 loop_copy = -1; /* if this is for us, don't do it */ 292 deh = (struct ether_header *)dst->sa_data; 293 memcpy(edst, deh->ether_dhost, ETHER_ADDR_LEN); 294 eh->ether_type = deh->ether_type; 295 break; 296 297 default: 298 if_printf(ifp, "can't handle af%d\n", dst->sa_family); 299 gotoerr(EAFNOSUPPORT); 300 } 301 302 if (dst->sa_family == pseudo_AF_HDRCMPLT) /* unlikely */ 303 memcpy(eh->ether_shost, 304 ((struct ether_header *)dst->sa_data)->ether_shost, 305 ETHER_ADDR_LEN); 306 else 307 memcpy(eh->ether_shost, ac->ac_enaddr, ETHER_ADDR_LEN); 308 309 /* 310 * Bridges require special output handling. 311 */ 312 if (ifp->if_bridge) { 313 KASSERT(bridge_output_p != NULL, 314 ("%s: if_bridge not loaded!", __func__)); 315 return ((*bridge_output_p)(ifp, m, NULL, NULL)); 316 } 317 318 /* 319 * If a simplex interface, and the packet is being sent to our 320 * Ethernet address or a broadcast address, loopback a copy. 321 * XXX To make a simplex device behave exactly like a duplex 322 * device, we should copy in the case of sending to our own 323 * ethernet address (thus letting the original actually appear 324 * on the wire). However, we don't do that here for security 325 * reasons and compatibility with the original behavior. 326 */ 327 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) { 328 int csum_flags = 0; 329 330 if (m->m_pkthdr.csum_flags & CSUM_IP) 331 csum_flags |= (CSUM_IP_CHECKED | CSUM_IP_VALID); 332 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 333 csum_flags |= (CSUM_DATA_VALID | CSUM_PSEUDO_HDR); 334 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) { 335 struct mbuf *n; 336 337 if ((n = m_copypacket(m, MB_DONTWAIT)) != NULL) { 338 n->m_pkthdr.csum_flags |= csum_flags; 339 if (csum_flags & CSUM_DATA_VALID) 340 n->m_pkthdr.csum_data = 0xffff; 341 if_simloop(ifp, n, dst->sa_family, hlen); 342 } else 343 ifp->if_iqdrops++; 344 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 345 ETHER_ADDR_LEN) == 0) { 346 m->m_pkthdr.csum_flags |= csum_flags; 347 if (csum_flags & CSUM_DATA_VALID) 348 m->m_pkthdr.csum_data = 0xffff; 349 if_simloop(ifp, m, dst->sa_family, hlen); 350 return (0); /* XXX */ 351 } 352 } 353 354 #ifdef CARP 355 if (ifp->if_carp && (error = carp_output(ifp, m, dst, NULL))) 356 goto bad; 357 #endif 358 359 360 /* Handle ng_ether(4) processing, if any */ 361 if (ng_ether_output_p != NULL) { 362 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) 363 goto bad; 364 if (m == NULL) 365 return (0); 366 } 367 368 /* Continue with link-layer output */ 369 return ether_output_frame(ifp, m); 370 371 bad: 372 m_freem(m); 373 return (error); 374 } 375 376 /* 377 * Ethernet link layer output routine to send a raw frame to the device. 378 * 379 * This assumes that the 14 byte Ethernet header is present and contiguous 380 * in the first mbuf. 381 */ 382 int 383 ether_output_frame(struct ifnet *ifp, struct mbuf *m) 384 { 385 struct ip_fw *rule = NULL; 386 int error = 0; 387 struct altq_pktattr pktattr; 388 389 ASSERT_SERIALIZED(ifp->if_serializer); 390 391 /* Extract info from dummynet tag, ignore others */ 392 while (m->m_type == MT_TAG) { 393 if (m->m_flags == PACKET_TAG_DUMMYNET) { 394 rule = ((struct dn_pkt *)m)->rule; 395 break; 396 } 397 m = m->m_next; 398 } 399 400 if (ifq_is_enabled(&ifp->if_snd)) 401 altq_etherclassify(&ifp->if_snd, m, &pktattr); 402 crit_enter(); 403 if (IPFW_LOADED && ether_ipfw != 0) { 404 struct ether_header save_eh, *eh; 405 406 eh = mtod(m, struct ether_header *); 407 save_eh = *eh; 408 m_adj(m, ETHER_HDR_LEN); 409 if (!ether_ipfw_chk(&m, ifp, &rule, eh, FALSE)) { 410 crit_exit(); 411 if (m != NULL) { 412 m_freem(m); 413 return ENOBUFS; /* pkt dropped */ 414 } else 415 return 0; /* consumed e.g. in a pipe */ 416 } 417 eh = mtod(m, struct ether_header *); 418 /* packet was ok, restore the ethernet header */ 419 if ((void *)(eh + 1) == (void *)m->m_data) { 420 m->m_data -= ETHER_HDR_LEN ; 421 m->m_len += ETHER_HDR_LEN ; 422 m->m_pkthdr.len += ETHER_HDR_LEN ; 423 } else { 424 M_PREPEND(m, ETHER_HDR_LEN, MB_DONTWAIT); 425 if (m == NULL) /* nope... */ { 426 crit_exit(); 427 return ENOBUFS; 428 } 429 bcopy(&save_eh, mtod(m, struct ether_header *), 430 ETHER_HDR_LEN); 431 } 432 } 433 crit_exit(); 434 435 /* 436 * Queue message on interface, update output statistics if 437 * successful, and start output if interface not yet active. 438 */ 439 error = ifq_handoff(ifp, m, &pktattr); 440 return (error); 441 } 442 443 /* 444 * ipfw processing for ethernet packets (in and out). 445 * The second parameter is NULL from ether_demux(), and ifp from 446 * ether_output_frame(). 447 */ 448 static boolean_t 449 ether_ipfw_chk( 450 struct mbuf **m0, 451 struct ifnet *dst, 452 struct ip_fw **rule, 453 struct ether_header *eh, 454 boolean_t shared) 455 { 456 struct ether_header save_eh = *eh; /* might be a ptr in m */ 457 struct ip_fw_args args; 458 struct m_tag *mtag; 459 int i; 460 461 if (*rule != NULL && fw_one_pass) 462 return TRUE; /* dummynet packet, already partially processed */ 463 464 /* 465 * I need some amount of data to be contiguous, and in case others 466 * need the packet (shared==TRUE), it also better be in the first mbuf. 467 */ 468 i = min((*m0)->m_pkthdr.len, max_protohdr); 469 if (shared || (*m0)->m_len < i) { 470 *m0 = m_pullup(*m0, i); 471 if (*m0 == NULL) 472 return FALSE; 473 } 474 475 args.m = *m0; /* the packet we are looking at */ 476 args.oif = dst; /* destination, if any */ 477 if ((mtag = m_tag_find(*m0, PACKET_TAG_IPFW_DIVERT, NULL)) != NULL) 478 m_tag_delete(*m0, mtag); 479 args.rule = *rule; /* matching rule to restart */ 480 args.next_hop = NULL; /* we do not support forward yet */ 481 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 482 i = ip_fw_chk_ptr(&args); 483 *m0 = args.m; 484 *rule = args.rule; 485 486 if ((i & IP_FW_PORT_DENY_FLAG) || *m0 == NULL) /* drop */ 487 return FALSE; 488 489 if (i == 0) /* a PASS rule. */ 490 return TRUE; 491 492 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 493 /* 494 * Pass the pkt to dummynet, which consumes it. 495 * If shared, make a copy and keep the original. 496 */ 497 struct mbuf *m ; 498 499 if (shared) { 500 m = m_copypacket(*m0, MB_DONTWAIT); 501 if (m == NULL) 502 return FALSE; 503 } else { 504 m = *m0 ; /* pass the original to dummynet */ 505 *m0 = NULL ; /* and nothing back to the caller */ 506 } 507 /* 508 * Prepend the header, optimize for the common case of 509 * eh pointing into the mbuf. 510 */ 511 if ((void *)(eh + 1) == (void *)m->m_data) { 512 m->m_data -= ETHER_HDR_LEN ; 513 m->m_len += ETHER_HDR_LEN ; 514 m->m_pkthdr.len += ETHER_HDR_LEN ; 515 } else { 516 M_PREPEND(m, ETHER_HDR_LEN, MB_DONTWAIT); 517 if (m == NULL) 518 return FALSE; 519 bcopy(&save_eh, mtod(m, struct ether_header *), 520 ETHER_HDR_LEN); 521 } 522 ip_dn_io_ptr(m, (i & 0xffff), 523 dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 524 return FALSE; 525 } 526 /* 527 * XXX at some point add support for divert/forward actions. 528 * If none of the above matches, we have to drop the pkt. 529 */ 530 return FALSE; 531 } 532 533 /* 534 * Process a received Ethernet packet. 535 * 536 * The ethernet header is assumed to be in the mbuf so the caller 537 * MUST MAKE SURE that there are at least sizeof(struct ether_header) 538 * bytes in the first mbuf. 539 * 540 * This allows us to concentrate in one place a bunch of code which 541 * is replicated in all device drivers. Also, many functions called 542 * from ether_input() try to put the eh back into the mbuf, so we 543 * can later propagate the 'contiguous packet' interface to them. 544 * 545 * NOTA BENE: for all drivers "eh" is a pointer into the first mbuf or 546 * cluster, right before m_data. So be very careful when working on m, 547 * as you could destroy *eh !! 548 * 549 * First we perform any link layer operations, then continue to the 550 * upper layers with ether_demux(). 551 */ 552 void 553 ether_input(struct ifnet *ifp, struct mbuf *m) 554 { 555 struct ether_header *eh; 556 557 ASSERT_SERIALIZED(ifp->if_serializer); 558 559 if (m->m_len < sizeof(struct ether_header)) { 560 /* XXX error in the caller. */ 561 m_freem(m); 562 return; 563 } 564 m->m_pkthdr.rcvif = ifp; 565 566 BPF_MTAP(ifp, m); 567 568 ifp->if_ibytes += m->m_pkthdr.len; 569 570 if (ifp->if_flags & IFF_MONITOR) { 571 /* 572 * Interface marked for monitoring; discard packet. 573 */ 574 m_freem(m); 575 return; 576 } 577 578 /* 579 * Tap the packet off here for a bridge. bridge_input() 580 * will return NULL if it has consumed the packet, otherwise 581 * it gets processed as normal. Note that bridge_input() 582 * will always return the original packet if we need to 583 * process it locally. 584 */ 585 if (ifp->if_bridge) { 586 KASSERT(bridge_input_p != NULL, 587 ("%s: if_bridge not loaded!", __func__)); 588 589 if(m->m_flags & M_PROTO1) { 590 m->m_flags &= ~M_PROTO1; 591 } else { 592 /* clear M_PROMISC, in case the packets comes from a vlan */ 593 /* m->m_flags &= ~M_PROMISC; */ 594 lwkt_serialize_exit(ifp->if_serializer); 595 m = (*bridge_input_p)(ifp, m); 596 lwkt_serialize_enter(ifp->if_serializer); 597 if (m == NULL) 598 return; 599 600 KASSERT(ifp == m->m_pkthdr.rcvif, 601 ("bridge_input_p changed rcvif\n")); 602 } 603 } 604 605 eh = mtod(m, struct ether_header *); 606 607 /* XXX old crufty stuff, needs to be removed */ 608 m_adj(m, sizeof(struct ether_header)); 609 /* XXX */ 610 /* m->m_pkthdr.len = m->m_len; */ 611 612 /* Handle ng_ether(4) processing, if any */ 613 if (ng_ether_input_p != NULL) { 614 lwkt_serialize_exit(ifp->if_serializer); 615 (*ng_ether_input_p)(ifp, &m, eh); 616 lwkt_serialize_enter(ifp->if_serializer); 617 if (m == NULL) 618 return; 619 } 620 621 /* Continue with upper layer processing */ 622 ether_demux(ifp, eh, m); 623 } 624 625 /* 626 * Upper layer processing for a received Ethernet packet. 627 */ 628 void 629 ether_demux(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) 630 { 631 int isr; 632 u_short ether_type; 633 struct ip_fw *rule = NULL; 634 #ifdef NETATALK 635 struct llc *l; 636 #endif 637 638 /* Extract info from dummynet tag, ignore others */ 639 while (m->m_type == MT_TAG) { 640 if (m->m_flags == PACKET_TAG_DUMMYNET) { 641 rule = ((struct dn_pkt *)m)->rule; 642 ifp = m->m_next->m_pkthdr.rcvif; 643 break; 644 } 645 m = m->m_next; 646 } 647 if (rule) /* packet is passing the second time */ 648 goto post_stats; 649 650 #ifdef CARP 651 /* 652 * XXX: Okay, we need to call carp_forus() and - if it is for 653 * us jump over code that does the normal check 654 * "ac_enaddr == ether_dhost". The check sequence is a bit 655 * different from OpenBSD, so we jump over as few code as 656 * possible, to catch _all_ sanity checks. This needs 657 * evaluation, to see if the carp ether_dhost values break any 658 * of these checks! 659 */ 660 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) 661 goto pre_stats; 662 #endif 663 664 /* 665 * Discard packet if upper layers shouldn't see it because 666 * it was unicast to a different Ethernet address. If the 667 * driver is working properly, then this situation can only 668 * happen when the interface is in promiscuous mode. 669 */ 670 if (((ifp->if_flags & (IFF_PROMISC | IFF_PPROMISC)) == IFF_PROMISC) && 671 (eh->ether_dhost[0] & 1) == 0 && 672 bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN)) { 673 m_freem(m); 674 return; 675 } 676 677 #ifdef CARP 678 pre_stats: 679 #endif 680 681 /* Discard packet if interface is not up */ 682 if (!(ifp->if_flags & IFF_UP)) { 683 m_freem(m); 684 return; 685 } 686 if (eh->ether_dhost[0] & 1) { 687 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost, 688 ifp->if_addrlen) == 0) 689 m->m_flags |= M_BCAST; 690 else 691 m->m_flags |= M_MCAST; 692 ifp->if_imcasts++; 693 } 694 695 post_stats: 696 if (IPFW_LOADED && ether_ipfw != 0) { 697 if (!ether_ipfw_chk(&m, NULL, &rule, eh, FALSE)) { 698 m_freem(m); 699 return; 700 } 701 eh = mtod(m, struct ether_header *); 702 } 703 704 ether_type = ntohs(eh->ether_type); 705 706 switch (ether_type) { 707 #ifdef INET 708 case ETHERTYPE_IP: 709 if (ipflow_fastforward(m, ifp->if_serializer)) 710 return; 711 isr = NETISR_IP; 712 break; 713 714 case ETHERTYPE_ARP: 715 if (ifp->if_flags & IFF_NOARP) { 716 /* Discard packet if ARP is disabled on interface */ 717 m_freem(m); 718 return; 719 } 720 isr = NETISR_ARP; 721 break; 722 #endif 723 724 #ifdef INET6 725 case ETHERTYPE_IPV6: 726 isr = NETISR_IPV6; 727 break; 728 #endif 729 730 #ifdef IPX 731 case ETHERTYPE_IPX: 732 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 733 return; 734 isr = NETISR_IPX; 735 break; 736 #endif 737 738 #ifdef NS 739 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 740 isr = NETISR_NS; 741 break; 742 743 #endif 744 745 #ifdef NETATALK 746 case ETHERTYPE_AT: 747 isr = NETISR_ATALK1; 748 break; 749 case ETHERTYPE_AARP: 750 isr = NETISR_AARP; 751 break; 752 #endif 753 754 case ETHERTYPE_VLAN: 755 if (vlan_input_p != NULL) 756 (*vlan_input_p)(eh, m); 757 else { 758 m->m_pkthdr.rcvif->if_noproto++; 759 m_freem(m); 760 } 761 return; 762 763 default: 764 #ifdef IPX 765 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 766 return; 767 #endif 768 #ifdef NS 769 checksum = mtod(m, ushort *); 770 /* Novell 802.3 */ 771 if ((ether_type <= ETHERMTU) && 772 ((*checksum == 0xffff) || (*checksum == 0xE0E0))) { 773 if (*checksum == 0xE0E0) { 774 m->m_pkthdr.len -= 3; 775 m->m_len -= 3; 776 m->m_data += 3; 777 } 778 isr = NETISR_NS; 779 break; 780 } 781 #endif 782 #ifdef NETATALK 783 if (ether_type > ETHERMTU) 784 goto dropanyway; 785 l = mtod(m, struct llc *); 786 if (l->llc_dsap == LLC_SNAP_LSAP && 787 l->llc_ssap == LLC_SNAP_LSAP && 788 l->llc_control == LLC_UI) { 789 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 790 sizeof at_org_code) == 0 && 791 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 792 m_adj(m, sizeof(struct llc)); 793 isr = NETISR_ATALK2; 794 break; 795 } 796 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 797 sizeof aarp_org_code) == 0 && 798 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 799 m_adj(m, sizeof(struct llc)); 800 isr = NETISR_AARP; 801 break; 802 } 803 } 804 dropanyway: 805 #endif 806 if (ng_ether_input_orphan_p != NULL) 807 (*ng_ether_input_orphan_p)(ifp, m, eh); 808 else 809 m_freem(m); 810 return; 811 } 812 netisr_dispatch(isr, m); 813 } 814 815 /* 816 * Perform common duties while attaching to interface list 817 */ 818 819 void 820 ether_ifattach(struct ifnet *ifp, uint8_t *lla, lwkt_serialize_t serializer) 821 { 822 ether_ifattach_bpf(ifp, lla, DLT_EN10MB, sizeof(struct ether_header), 823 serializer); 824 } 825 826 void 827 ether_ifattach_bpf(struct ifnet *ifp, uint8_t *lla, u_int dlt, u_int hdrlen, 828 lwkt_serialize_t serializer) 829 { 830 struct sockaddr_dl *sdl; 831 832 ifp->if_type = IFT_ETHER; 833 ifp->if_addrlen = ETHER_ADDR_LEN; 834 ifp->if_hdrlen = ETHER_HDR_LEN; 835 if_attach(ifp, serializer); 836 ifp->if_mtu = ETHERMTU; 837 if (ifp->if_baudrate == 0) 838 ifp->if_baudrate = 10000000; 839 ifp->if_output = ether_output; 840 ifp->if_input = ether_input; 841 ifp->if_resolvemulti = ether_resolvemulti; 842 ifp->if_broadcastaddr = etherbroadcastaddr; 843 sdl = IF_LLSOCKADDR(ifp); 844 sdl->sdl_type = IFT_ETHER; 845 sdl->sdl_alen = ifp->if_addrlen; 846 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 847 /* 848 * XXX Keep the current drivers happy. 849 * XXX Remove once all drivers have been cleaned up 850 */ 851 if (lla != IFP2AC(ifp)->ac_enaddr) 852 bcopy(lla, IFP2AC(ifp)->ac_enaddr, ifp->if_addrlen); 853 bpfattach(ifp, dlt, hdrlen); 854 if (ng_ether_attach_p != NULL) 855 (*ng_ether_attach_p)(ifp); 856 857 if_printf(ifp, "MAC address: %6D\n", lla, ":"); 858 } 859 860 /* 861 * Perform common duties while detaching an Ethernet interface 862 */ 863 void 864 ether_ifdetach(struct ifnet *ifp) 865 { 866 if_down(ifp); 867 868 if (ng_ether_detach_p != NULL) 869 (*ng_ether_detach_p)(ifp); 870 bpfdetach(ifp); 871 if_detach(ifp); 872 } 873 874 int 875 ether_ioctl(struct ifnet *ifp, int command, caddr_t data) 876 { 877 struct ifaddr *ifa = (struct ifaddr *) data; 878 struct ifreq *ifr = (struct ifreq *) data; 879 int error = 0; 880 881 #define IF_INIT(ifp) \ 882 do { \ 883 if (((ifp)->if_flags & IFF_UP) == 0) { \ 884 (ifp)->if_flags |= IFF_UP; \ 885 (ifp)->if_init((ifp)->if_softc); \ 886 } \ 887 } while (0) 888 889 ASSERT_SERIALIZED(ifp->if_serializer); 890 891 switch (command) { 892 case SIOCSIFADDR: 893 switch (ifa->ifa_addr->sa_family) { 894 #ifdef INET 895 case AF_INET: 896 IF_INIT(ifp); /* before arpwhohas */ 897 arp_ifinit(ifp, ifa); 898 break; 899 #endif 900 #ifdef IPX 901 /* 902 * XXX - This code is probably wrong 903 */ 904 case AF_IPX: 905 { 906 struct ipx_addr *ina = &IA_SIPX(ifa)->sipx_addr; 907 struct arpcom *ac = IFP2AC(ifp); 908 909 if (ipx_nullhost(*ina)) 910 ina->x_host = *(union ipx_host *) ac->ac_enaddr; 911 else 912 bcopy(ina->x_host.c_host, ac->ac_enaddr, 913 sizeof ac->ac_enaddr); 914 915 IF_INIT(ifp); /* Set new address. */ 916 break; 917 } 918 #endif 919 #ifdef NS 920 /* 921 * XXX - This code is probably wrong 922 */ 923 case AF_NS: 924 { 925 struct ns_addr *ina = &(IA_SNS(ifa)->sns_addr); 926 struct arpcom *ac = IFP2AC(ifp); 927 928 if (ns_nullhost(*ina)) 929 ina->x_host = *(union ns_host *)(ac->ac_enaddr); 930 else 931 bcopy(ina->x_host.c_host, ac->ac_enaddr, 932 sizeof ac->ac_enaddr); 933 934 /* 935 * Set new address 936 */ 937 IF_INIT(ifp); 938 break; 939 } 940 #endif 941 default: 942 IF_INIT(ifp); 943 break; 944 } 945 break; 946 947 case SIOCGIFADDR: 948 bcopy(IFP2AC(ifp)->ac_enaddr, 949 ((struct sockaddr *)ifr->ifr_data)->sa_data, 950 ETHER_ADDR_LEN); 951 break; 952 953 case SIOCSIFMTU: 954 /* 955 * Set the interface MTU. 956 */ 957 if (ifr->ifr_mtu > ETHERMTU) { 958 error = EINVAL; 959 } else { 960 ifp->if_mtu = ifr->ifr_mtu; 961 } 962 break; 963 default: 964 error = EINVAL; 965 break; 966 } 967 return (error); 968 969 #undef IF_INIT 970 } 971 972 int 973 ether_resolvemulti( 974 struct ifnet *ifp, 975 struct sockaddr **llsa, 976 struct sockaddr *sa) 977 { 978 struct sockaddr_dl *sdl; 979 struct sockaddr_in *sin; 980 #ifdef INET6 981 struct sockaddr_in6 *sin6; 982 #endif 983 u_char *e_addr; 984 985 switch(sa->sa_family) { 986 case AF_LINK: 987 /* 988 * No mapping needed. Just check that it's a valid MC address. 989 */ 990 sdl = (struct sockaddr_dl *)sa; 991 e_addr = LLADDR(sdl); 992 if ((e_addr[0] & 1) != 1) 993 return EADDRNOTAVAIL; 994 *llsa = 0; 995 return 0; 996 997 #ifdef INET 998 case AF_INET: 999 sin = (struct sockaddr_in *)sa; 1000 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 1001 return EADDRNOTAVAIL; 1002 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1003 M_WAITOK | M_ZERO); 1004 sdl->sdl_len = sizeof *sdl; 1005 sdl->sdl_family = AF_LINK; 1006 sdl->sdl_index = ifp->if_index; 1007 sdl->sdl_type = IFT_ETHER; 1008 sdl->sdl_alen = ETHER_ADDR_LEN; 1009 e_addr = LLADDR(sdl); 1010 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 1011 *llsa = (struct sockaddr *)sdl; 1012 return 0; 1013 #endif 1014 #ifdef INET6 1015 case AF_INET6: 1016 sin6 = (struct sockaddr_in6 *)sa; 1017 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1018 /* 1019 * An IP6 address of 0 means listen to all 1020 * of the Ethernet multicast address used for IP6. 1021 * (This is used for multicast routers.) 1022 */ 1023 ifp->if_flags |= IFF_ALLMULTI; 1024 *llsa = 0; 1025 return 0; 1026 } 1027 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 1028 return EADDRNOTAVAIL; 1029 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 1030 M_WAITOK | M_ZERO); 1031 sdl->sdl_len = sizeof *sdl; 1032 sdl->sdl_family = AF_LINK; 1033 sdl->sdl_index = ifp->if_index; 1034 sdl->sdl_type = IFT_ETHER; 1035 sdl->sdl_alen = ETHER_ADDR_LEN; 1036 e_addr = LLADDR(sdl); 1037 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1038 *llsa = (struct sockaddr *)sdl; 1039 return 0; 1040 #endif 1041 1042 default: 1043 /* 1044 * Well, the text isn't quite right, but it's the name 1045 * that counts... 1046 */ 1047 return EAFNOSUPPORT; 1048 } 1049 } 1050 1051 #if 0 1052 /* 1053 * This is for reference. We have a table-driven version 1054 * of the little-endian crc32 generator, which is faster 1055 * than the double-loop. 1056 */ 1057 uint32_t 1058 ether_crc32_le(const uint8_t *buf, size_t len) 1059 { 1060 uint32_t c, crc, carry; 1061 size_t i, j; 1062 1063 crc = 0xffffffffU; /* initial value */ 1064 1065 for (i = 0; i < len; i++) { 1066 c = buf[i]; 1067 for (j = 0; j < 8; j++) { 1068 carry = ((crc & 0x01) ? 1 : 0) ^ (c & 0x01); 1069 crc >>= 1; 1070 c >>= 1; 1071 if (carry) 1072 crc = (crc ^ ETHER_CRC_POLY_LE); 1073 } 1074 } 1075 1076 return (crc); 1077 } 1078 #else 1079 uint32_t 1080 ether_crc32_le(const uint8_t *buf, size_t len) 1081 { 1082 static const uint32_t crctab[] = { 1083 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 1084 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 1085 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 1086 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 1087 }; 1088 uint32_t crc; 1089 size_t i; 1090 1091 crc = 0xffffffffU; /* initial value */ 1092 1093 for (i = 0; i < len; i++) { 1094 crc ^= buf[i]; 1095 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1096 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1097 } 1098 1099 return (crc); 1100 } 1101 #endif 1102 1103 uint32_t 1104 ether_crc32_be(const uint8_t *buf, size_t len) 1105 { 1106 uint32_t c, crc, carry; 1107 size_t i, j; 1108 1109 crc = 0xffffffffU; /* initial value */ 1110 1111 for (i = 0; i < len; i++) { 1112 c = buf[i]; 1113 for (j = 0; j < 8; j++) { 1114 carry = ((crc & 0x80000000U) ? 1 : 0) ^ (c & 0x01); 1115 crc <<= 1; 1116 c >>= 1; 1117 if (carry) 1118 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 1119 } 1120 } 1121 1122 return (crc); 1123 } 1124 1125 /* 1126 * find the size of ethernet header, and call classifier 1127 */ 1128 void 1129 altq_etherclassify(struct ifaltq *ifq, struct mbuf *m, 1130 struct altq_pktattr *pktattr) 1131 { 1132 struct ether_header *eh; 1133 uint16_t ether_type; 1134 int hlen, af, hdrsize; 1135 caddr_t hdr; 1136 1137 hlen = sizeof(struct ether_header); 1138 eh = mtod(m, struct ether_header *); 1139 1140 ether_type = ntohs(eh->ether_type); 1141 if (ether_type < ETHERMTU) { 1142 /* ick! LLC/SNAP */ 1143 struct llc *llc = (struct llc *)(eh + 1); 1144 hlen += 8; 1145 1146 if (m->m_len < hlen || 1147 llc->llc_dsap != LLC_SNAP_LSAP || 1148 llc->llc_ssap != LLC_SNAP_LSAP || 1149 llc->llc_control != LLC_UI) 1150 goto bad; /* not snap! */ 1151 1152 ether_type = ntohs(llc->llc_un.type_snap.ether_type); 1153 } 1154 1155 if (ether_type == ETHERTYPE_IP) { 1156 af = AF_INET; 1157 hdrsize = 20; /* sizeof(struct ip) */ 1158 #ifdef INET6 1159 } else if (ether_type == ETHERTYPE_IPV6) { 1160 af = AF_INET6; 1161 hdrsize = 40; /* sizeof(struct ip6_hdr) */ 1162 #endif 1163 } else 1164 goto bad; 1165 1166 while (m->m_len <= hlen) { 1167 hlen -= m->m_len; 1168 m = m->m_next; 1169 } 1170 hdr = m->m_data + hlen; 1171 if (m->m_len < hlen + hdrsize) { 1172 /* 1173 * ip header is not in a single mbuf. this should not 1174 * happen in the current code. 1175 * (todo: use m_pulldown in the future) 1176 */ 1177 goto bad; 1178 } 1179 m->m_data += hlen; 1180 m->m_len -= hlen; 1181 ifq_classify(ifq, m, af, pktattr); 1182 m->m_data -= hlen; 1183 m->m_len += hlen; 1184 1185 return; 1186 1187 bad: 1188 pktattr->pattr_class = NULL; 1189 pktattr->pattr_hdr = NULL; 1190 pktattr->pattr_af = AF_UNSPEC; 1191 } 1192