1 /* 2 * Copyright (c) 1982, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 34 * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.70.2.33 2003/04/28 15:45:53 archie Exp $ 35 * $DragonFly: src/sys/net/if_ethersubr.c,v 1.23 2004/12/24 04:54:49 dillon Exp $ 36 */ 37 38 #include "opt_atalk.h" 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipx.h" 42 #include "opt_bdg.h" 43 #include "opt_netgraph.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/malloc.h> 49 #include <sys/mbuf.h> 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/sysctl.h> 53 54 #include <net/if.h> 55 #include <net/netisr.h> 56 #include <net/route.h> 57 #include <net/if_llc.h> 58 #include <net/if_dl.h> 59 #include <net/if_types.h> 60 #include <net/bpf.h> 61 #include <net/ethernet.h> 62 #include <net/bridge/bridge.h> 63 64 #if defined(INET) || defined(INET6) 65 #include <netinet/in.h> 66 #include <netinet/in_var.h> 67 #include <netinet/if_ether.h> 68 #include <net/ipfw/ip_fw.h> 69 #include <net/dummynet/ip_dummynet.h> 70 #endif 71 #ifdef INET6 72 #include <netinet6/nd6.h> 73 #endif 74 75 #ifdef IPX 76 #include <netproto/ipx/ipx.h> 77 #include <netproto/ipx/ipx_if.h> 78 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m); 79 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, struct sockaddr *dst, 80 short *tp, int *hlen); 81 #endif 82 83 #ifdef NS 84 #include <netns/ns.h> 85 #include <netns/ns_if.h> 86 ushort ns_nettype; 87 int ether_outputdebug = 0; 88 int ether_inputdebug = 0; 89 #endif 90 91 #ifdef NETATALK 92 #include <netproto/atalk/at.h> 93 #include <netproto/atalk/at_var.h> 94 #include <netproto/atalk/at_extern.h> 95 96 #define llc_snap_org_code llc_un.type_snap.org_code 97 #define llc_snap_ether_type llc_un.type_snap.ether_type 98 99 extern u_char at_org_code[3]; 100 extern u_char aarp_org_code[3]; 101 #endif /* NETATALK */ 102 103 /* netgraph node hooks for ng_ether(4) */ 104 void (*ng_ether_input_p)(struct ifnet *ifp, 105 struct mbuf **mp, struct ether_header *eh); 106 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, 107 struct mbuf *m, struct ether_header *eh); 108 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp); 109 void (*ng_ether_attach_p)(struct ifnet *ifp); 110 void (*ng_ether_detach_p)(struct ifnet *ifp); 111 112 int (*vlan_input_p)(struct ether_header *eh, struct mbuf *m); 113 int (*vlan_input_tag_p)(struct mbuf *m, uint16_t t); 114 115 static int ether_output(struct ifnet *, struct mbuf *, struct sockaddr *, 116 struct rtentry *); 117 118 /* 119 * bridge support 120 */ 121 int do_bridge; 122 bridge_in_t *bridge_in_ptr; 123 bdg_forward_t *bdg_forward_ptr; 124 bdgtakeifaces_t *bdgtakeifaces_ptr; 125 struct bdg_softc *ifp2sc; 126 127 static int ether_resolvemulti(struct ifnet *, struct sockaddr **, 128 struct sockaddr *); 129 const uint8_t etherbroadcastaddr[ETHER_ADDR_LEN] = { 130 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 131 }; 132 133 #define gotoerr(e) do { error = (e); goto bad;} while (0) 134 #define IFP2AC(ifp) ((struct arpcom *)(ifp)) 135 136 int 137 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, 138 struct ip_fw **rule, struct ether_header *eh, int shared); 139 static int ether_ipfw; 140 141 /* 142 * Ethernet output routine. 143 * Encapsulate a packet of type family for the local net. 144 * Use trailer local net encapsulation if enough data in first 145 * packet leaves a multiple of 512 bytes of data in remainder. 146 * Assumes that ifp is actually pointer to arpcom structure. 147 */ 148 static int 149 ether_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 150 struct rtentry *rt) 151 { 152 struct ether_header *eh, *deh; 153 u_char *edst; 154 int loop_copy = 0; 155 int hlen = ETHER_HDR_LEN; /* link layer header length */ 156 struct arpcom *ac = IFP2AC(ifp); 157 int error; 158 159 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING)) 160 gotoerr(ENETDOWN); 161 162 M_PREPEND(m, sizeof(struct ether_header), MB_DONTWAIT); 163 if (m == NULL) 164 gotoerr(ENOBUFS); 165 eh = mtod(m, struct ether_header *); 166 edst = eh->ether_dhost; 167 168 /* Fill in the destination ethernet address and frame type. */ 169 switch (dst->sa_family) { 170 #ifdef INET 171 case AF_INET: 172 if (!arpresolve(ifp, rt, m, dst, edst)) 173 return (0); /* if not yet resolved */ 174 eh->ether_type = htons(ETHERTYPE_IP); 175 break; 176 #endif 177 #ifdef INET6 178 case AF_INET6: 179 if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, edst)) 180 return (0); /* Something bad happened. */ 181 eh->ether_type = htons(ETHERTYPE_IPV6); 182 break; 183 #endif 184 #ifdef IPX 185 case AF_IPX: 186 if (ef_outputp != NULL) { 187 error = ef_outputp(ifp, &m, dst, &eh->ether_type, 188 &hlen); 189 if (error) 190 goto bad; 191 } else { 192 eh->ether_type = htons(ETHERTYPE_IPX); 193 bcopy(&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host), 194 edst, ETHER_ADDR_LEN); 195 } 196 break; 197 #endif 198 #ifdef NETATALK 199 case AF_APPLETALK: { 200 struct at_ifaddr *aa; 201 202 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) { 203 error = 0; /* XXX */ 204 goto bad; 205 } 206 /* 207 * In the phase 2 case, need to prepend an mbuf for 208 * the llc header. Since we must preserve the value 209 * of m, which is passed to us by value, we m_copy() 210 * the first mbuf, and use it for our llc header. 211 */ 212 if (aa->aa_flags & AFA_PHASE2) { 213 struct llc llc; 214 215 M_PREPEND(m, sizeof(struct llc), MB_DONTWAIT); 216 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP; 217 llc.llc_control = LLC_UI; 218 bcopy(at_org_code, llc.llc_snap_org_code, 219 sizeof at_org_code); 220 llc.llc_snap_ether_type = htons(ETHERTYPE_AT); 221 bcopy(&llc, mtod(m, caddr_t), sizeof(struct llc)); 222 eh->ether_type = htons(m->m_pkthdr.len); 223 hlen = sizeof(struct llc) + ETHER_HDR_LEN; 224 } else { 225 eh->ether_type = htons(ETHERTYPE_AT); 226 } 227 if (!aarpresolve(ac, m, (struct sockaddr_at *)dst, edst)) 228 return (0); 229 break; 230 } 231 #endif /* NETATALK */ 232 #ifdef NS 233 case AF_NS: 234 switch(ns_nettype) { 235 default: 236 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 237 eh->ether_type = 0x8137; 238 break; 239 case 0x0: /* Novell 802.3 */ 240 eh->ether_type = htons(m->m_pkthdr.len); 241 break; 242 case 0xe0e0: /* Novell 802.2 and Token-Ring */ 243 M_PREPEND(m, 3, MB_DONTWAIT); 244 eh->ether_type = htons(m->m_pkthdr.len); 245 cp = mtod(m, u_char *); 246 *cp++ = 0xE0; 247 *cp++ = 0xE0; 248 *cp++ = 0x03; 249 break; 250 } 251 bcopy(&(((struct sockaddr_ns *)dst)->sns_addr.x_host), edst, 252 ETHER_ADDR_LEN); 253 /* 254 * XXX if ns_thishost is the same as the node's ethernet 255 * address then just the default code will catch this anyhow. 256 * So I'm not sure if this next clause should be here at all? 257 * [JRE] 258 */ 259 if (bcmp(edst, &ns_thishost, ETHER_ADDR_LEN) == 0) { 260 m->m_pkthdr.rcvif = ifp; 261 netisr_dispatch(NETISR_NS, m); 262 return (error); 263 } 264 if (bcmp(edst, &ns_broadhost, ETHER_ADDR_LEN) == 0) 265 m->m_flags |= M_BCAST; 266 break; 267 #endif /* NS */ 268 case pseudo_AF_HDRCMPLT: 269 case AF_UNSPEC: 270 loop_copy = -1; /* if this is for us, don't do it */ 271 deh = (struct ether_header *)dst->sa_data; 272 memcpy(edst, deh->ether_dhost, ETHER_ADDR_LEN); 273 eh->ether_type = deh->ether_type; 274 break; 275 276 default: 277 printf("%s: can't handle af%d\n", ifp->if_xname, 278 dst->sa_family); 279 gotoerr(EAFNOSUPPORT); 280 } 281 282 if (dst->sa_family == pseudo_AF_HDRCMPLT) /* unlikely */ 283 memcpy(eh->ether_shost, 284 ((struct ether_header *)dst->sa_data)->ether_shost, 285 ETHER_ADDR_LEN); 286 else 287 memcpy(eh->ether_shost, ac->ac_enaddr, ETHER_ADDR_LEN); 288 289 /* 290 * If a simplex interface, and the packet is being sent to our 291 * Ethernet address or a broadcast address, loopback a copy. 292 * XXX To make a simplex device behave exactly like a duplex 293 * device, we should copy in the case of sending to our own 294 * ethernet address (thus letting the original actually appear 295 * on the wire). However, we don't do that here for security 296 * reasons and compatibility with the original behavior. 297 */ 298 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) { 299 int csum_flags = 0; 300 301 if (m->m_pkthdr.csum_flags & CSUM_IP) 302 csum_flags |= (CSUM_IP_CHECKED | CSUM_IP_VALID); 303 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) 304 csum_flags |= (CSUM_DATA_VALID | CSUM_PSEUDO_HDR); 305 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) { 306 struct mbuf *n; 307 308 if ((n = m_copypacket(m, MB_DONTWAIT)) != NULL) { 309 n->m_pkthdr.csum_flags |= csum_flags; 310 if (csum_flags & CSUM_DATA_VALID) 311 n->m_pkthdr.csum_data = 0xffff; 312 if_simloop(ifp, n, dst->sa_family, hlen); 313 } else 314 ifp->if_iqdrops++; 315 } else if (bcmp(eh->ether_dhost, eh->ether_shost, 316 ETHER_ADDR_LEN) == 0) { 317 m->m_pkthdr.csum_flags |= csum_flags; 318 if (csum_flags & CSUM_DATA_VALID) 319 m->m_pkthdr.csum_data = 0xffff; 320 if_simloop(ifp, m, dst->sa_family, hlen); 321 return (0); /* XXX */ 322 } 323 } 324 325 /* Handle ng_ether(4) processing, if any */ 326 if (ng_ether_output_p != NULL) { 327 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { 328 bad: if (m != NULL) 329 m_freem(m); 330 return (error); 331 } 332 if (m == NULL) 333 return (0); 334 } 335 336 /* Continue with link-layer output */ 337 return ether_output_frame(ifp, m); 338 } 339 340 /* 341 * Ethernet link layer output routine to send a raw frame to the device. 342 * 343 * This assumes that the 14 byte Ethernet header is present and contiguous 344 * in the first mbuf (if BRIDGE'ing). 345 */ 346 int 347 ether_output_frame(struct ifnet *ifp, struct mbuf *m) 348 { 349 struct ip_fw *rule = NULL; 350 int error = 0; 351 int s; 352 353 /* Extract info from dummynet tag, ignore others */ 354 for (; m->m_type == MT_TAG; m = m->m_next) 355 if (m->m_flags == PACKET_TAG_DUMMYNET) 356 rule = ((struct dn_pkt *)m)->rule; 357 358 if (rule) /* packet was already bridged */ 359 goto no_bridge; 360 361 if (BDG_ACTIVE(ifp) ) { 362 struct ether_header *eh; /* a ptr suffices */ 363 364 m->m_pkthdr.rcvif = NULL; 365 eh = mtod(m, struct ether_header *); 366 m_adj(m, ETHER_HDR_LEN); 367 m = bdg_forward_ptr(m, eh, ifp); 368 if (m != NULL) 369 m_freem(m); 370 return (0); 371 } 372 373 no_bridge: 374 s = splimp(); 375 if (IPFW_LOADED && ether_ipfw != 0) { 376 struct ether_header save_eh, *eh; 377 378 eh = mtod(m, struct ether_header *); 379 save_eh = *eh; 380 m_adj(m, ETHER_HDR_LEN); 381 if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) { 382 if (m) { 383 m_freem(m); 384 return ENOBUFS; /* pkt dropped */ 385 } else 386 return 0; /* consumed e.g. in a pipe */ 387 } 388 /* packet was ok, restore the ethernet header */ 389 if ((void *)(eh + 1) == (void *)m->m_data) { 390 m->m_data -= ETHER_HDR_LEN ; 391 m->m_len += ETHER_HDR_LEN ; 392 m->m_pkthdr.len += ETHER_HDR_LEN ; 393 } else { 394 M_PREPEND(m, ETHER_HDR_LEN, MB_DONTWAIT); 395 if (m == NULL) /* nope... */ 396 return ENOBUFS; 397 bcopy(&save_eh, mtod(m, struct ether_header *), 398 ETHER_HDR_LEN); 399 } 400 } 401 402 /* 403 * Queue message on interface, update output statistics if 404 * successful, and start output if interface not yet active. 405 */ 406 if (!IF_HANDOFF(&ifp->if_snd, m, ifp)) 407 error = ENOBUFS; 408 splx(s); 409 return (error); 410 } 411 412 /* 413 * ipfw processing for ethernet packets (in and out). 414 * The second parameter is NULL from ether_demux, and ifp from 415 * ether_output_frame. This section of code could be used from 416 * bridge.c as well as long as we use some extra info 417 * to distinguish that case from ether_output_frame(); 418 */ 419 int 420 ether_ipfw_chk( 421 struct mbuf **m0, 422 struct ifnet *dst, 423 struct ip_fw **rule, 424 struct ether_header *eh, 425 int shared) 426 { 427 struct ether_header save_eh = *eh; /* might be a ptr in m */ 428 struct ip_fw_args args; 429 int i; 430 431 if (*rule != NULL && fw_one_pass) 432 return 1; /* dummynet packet, already partially processed */ 433 434 /* 435 * I need some amt of data to be contiguous, and in case others need 436 * the packet (shared==1) also better be in the first mbuf. 437 */ 438 i = min((*m0)->m_pkthdr.len, max_protohdr); 439 if (shared || (*m0)->m_len < i) { 440 *m0 = m_pullup(*m0, i); 441 if (*m0 == NULL) 442 return 0; 443 } 444 445 args.m = *m0; /* the packet we are looking at */ 446 args.oif = dst; /* destination, if any */ 447 args.divert_rule = 0; /* we do not support divert yet */ 448 args.rule = *rule; /* matching rule to restart */ 449 args.next_hop = NULL; /* we do not support forward yet */ 450 args.eh = &save_eh; /* MAC header for bridged/MAC packets */ 451 i = ip_fw_chk_ptr(&args); 452 *m0 = args.m; 453 *rule = args.rule; 454 455 if ((i & IP_FW_PORT_DENY_FLAG) || *m0 == NULL) /* drop */ 456 return 0; 457 458 if (i == 0) /* a PASS rule. */ 459 return 1; 460 461 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 462 /* 463 * Pass the pkt to dummynet, which consumes it. 464 * If shared, make a copy and keep the original. 465 */ 466 struct mbuf *m ; 467 468 if (shared) { 469 m = m_copypacket(*m0, MB_DONTWAIT); 470 if (m == NULL) 471 return 0; 472 } else { 473 m = *m0 ; /* pass the original to dummynet */ 474 *m0 = NULL ; /* and nothing back to the caller */ 475 } 476 /* 477 * Prepend the header, optimize for the common case of 478 * eh pointing into the mbuf. 479 */ 480 if ((void *)(eh + 1) == (void *)m->m_data) { 481 m->m_data -= ETHER_HDR_LEN ; 482 m->m_len += ETHER_HDR_LEN ; 483 m->m_pkthdr.len += ETHER_HDR_LEN ; 484 } else { 485 M_PREPEND(m, ETHER_HDR_LEN, MB_DONTWAIT); 486 if (m == NULL) /* nope... */ 487 return 0; 488 bcopy(&save_eh, mtod(m, struct ether_header *), 489 ETHER_HDR_LEN); 490 } 491 ip_dn_io_ptr(m, (i & 0xffff), 492 dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args); 493 return 0; 494 } 495 /* 496 * XXX at some point add support for divert/forward actions. 497 * If none of the above matches, we have to drop the pkt. 498 */ 499 return 0; 500 } 501 502 /* 503 * XXX merge this function with ether_input. 504 */ 505 static void 506 ether_input_internal(struct ifnet *ifp, struct mbuf *m) 507 { 508 ether_input(ifp, NULL, m); 509 } 510 511 /* 512 * Process a received Ethernet packet. We have two different interfaces: 513 * one (conventional) assumes the packet in the mbuf, with the ethernet 514 * header provided separately in *eh. The second one (new) has everything 515 * in the mbuf, and we can tell it because eh == NULL. 516 * The caller MUST MAKE SURE that there are at least 517 * sizeof(struct ether_header) bytes in the first mbuf. 518 * 519 * This allows us to concentrate in one place a bunch of code which 520 * is replicated in all device drivers. Also, many functions called 521 * from ether_input() try to put the eh back into the mbuf, so we 522 * can later propagate the 'contiguous packet' interface to them, 523 * and handle the old interface just here. 524 * 525 * NOTA BENE: for many drivers "eh" is a pointer into the first mbuf or 526 * cluster, right before m_data. So be very careful when working on m, 527 * as you could destroy *eh !! 528 * 529 * First we perform any link layer operations, then continue 530 * to the upper layers with ether_demux(). 531 */ 532 void 533 ether_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) 534 { 535 struct ether_header save_eh; 536 537 if (eh == NULL) { 538 if (m->m_len < sizeof(struct ether_header)) { 539 /* XXX error in the caller. */ 540 m_freem(m); 541 return; 542 } 543 m->m_pkthdr.rcvif = ifp; 544 eh = mtod(m, struct ether_header *); 545 m_adj(m, sizeof(struct ether_header)); 546 /* XXX */ 547 /* m->m_pkthdr.len = m->m_len; */ 548 } 549 550 /* Check for a BPF tap */ 551 if (ifp->if_bpf != NULL) { 552 struct m_hdr mh; 553 554 /* This kludge is OK; BPF treats the "mbuf" as read-only */ 555 mh.mh_next = m; 556 mh.mh_data = (char *)eh; 557 mh.mh_len = ETHER_HDR_LEN; 558 bpf_mtap(ifp, (struct mbuf *)&mh); 559 } 560 561 ifp->if_ibytes += m->m_pkthdr.len + sizeof (*eh); 562 563 /* Handle ng_ether(4) processing, if any */ 564 if (ng_ether_input_p != NULL) { 565 (*ng_ether_input_p)(ifp, &m, eh); 566 if (m == NULL) 567 return; 568 } 569 570 /* Check for bridging mode */ 571 if (BDG_ACTIVE(ifp) ) { 572 struct ifnet *bif; 573 574 /* Check with bridging code */ 575 if ((bif = bridge_in_ptr(ifp, eh)) == BDG_DROP) { 576 m_freem(m); 577 return; 578 } 579 if (bif != BDG_LOCAL) { 580 save_eh = *eh ; /* because it might change */ 581 m = bdg_forward_ptr(m, eh, bif); /* needs forwarding */ 582 /* 583 * Do not continue if bdg_forward_ptr() processed our 584 * packet (and cleared the mbuf pointer m) or if 585 * it dropped (m_free'd) the packet itself. 586 */ 587 if (m == NULL) { 588 if (bif == BDG_BCAST || bif == BDG_MCAST) 589 printf("bdg_forward drop MULTICAST PKT\n"); 590 return; 591 } 592 eh = &save_eh ; 593 } 594 if (bif == BDG_LOCAL || bif == BDG_BCAST || bif == BDG_MCAST) 595 goto recvLocal; /* receive locally */ 596 597 /* If not local and not multicast, just drop it */ 598 if (m != NULL) 599 m_freem(m); 600 return; 601 } 602 603 recvLocal: 604 /* Continue with upper layer processing */ 605 ether_demux(ifp, eh, m); 606 } 607 608 /* 609 * Upper layer processing for a received Ethernet packet. 610 */ 611 void 612 ether_demux(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) 613 { 614 int isr; 615 u_short ether_type; 616 #if defined(NETATALK) 617 struct llc *l; 618 #endif 619 struct ip_fw *rule = NULL; 620 621 /* Extract info from dummynet tag, ignore others */ 622 for (;m->m_type == MT_TAG; m = m->m_next) 623 if (m->m_flags == PACKET_TAG_DUMMYNET) { 624 rule = ((struct dn_pkt *)m)->rule; 625 ifp = m->m_next->m_pkthdr.rcvif; 626 } 627 628 if (rule) /* packet was already bridged */ 629 goto post_stats; 630 631 /* 632 * Discard packet if upper layers shouldn't see it because 633 * it was unicast to a different Ethernet address. If the 634 * driver is working properly, then this situation can only 635 * happen when the interface is in promiscuous mode. 636 */ 637 if (!BDG_ACTIVE(ifp) && 638 ((ifp->if_flags & (IFF_PROMISC | IFF_PPROMISC)) == IFF_PROMISC) && 639 (eh->ether_dhost[0] & 1) == 0 && 640 bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN)) { 641 m_freem(m); 642 return; 643 } 644 /* Discard packet if interface is not up */ 645 if (!(ifp->if_flags & IFF_UP)) { 646 m_freem(m); 647 return; 648 } 649 if (eh->ether_dhost[0] & 1) { 650 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost, 651 ifp->if_addrlen) == 0) 652 m->m_flags |= M_BCAST; 653 else 654 m->m_flags |= M_MCAST; 655 } 656 if (m->m_flags & (M_BCAST|M_MCAST)) 657 ifp->if_imcasts++; 658 659 post_stats: 660 if (IPFW_LOADED && ether_ipfw != 0) { 661 if (ether_ipfw_chk(&m, NULL, &rule, eh, 0 ) == 0) { 662 if (m) 663 m_freem(m); 664 return; 665 } 666 } 667 668 ether_type = ntohs(eh->ether_type); 669 670 switch (ether_type) { 671 #ifdef INET 672 case ETHERTYPE_IP: 673 if (ipflow_fastforward(m)) 674 return; 675 isr = NETISR_IP; 676 break; 677 678 case ETHERTYPE_ARP: 679 if (ifp->if_flags & IFF_NOARP) { 680 /* Discard packet if ARP is disabled on interface */ 681 m_freem(m); 682 return; 683 } 684 isr = NETISR_ARP; 685 break; 686 #endif 687 #ifdef IPX 688 case ETHERTYPE_IPX: 689 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 690 return; 691 isr = NETISR_IPX; 692 break; 693 #endif 694 #ifdef INET6 695 case ETHERTYPE_IPV6: 696 isr = NETISR_IPV6; 697 break; 698 #endif 699 #ifdef NS 700 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */ 701 isr = NETISR_NS; 702 break; 703 704 #endif /* NS */ 705 #ifdef NETATALK 706 case ETHERTYPE_AT: 707 isr = NETISR_ATALK1; 708 break; 709 case ETHERTYPE_AARP: 710 isr = NETISR_AARP; 711 break; 712 #endif /* NETATALK */ 713 case ETHERTYPE_VLAN: 714 /* XXX lock ? */ 715 if (vlan_input_p != NULL) 716 (*vlan_input_p)(eh, m); 717 else { 718 m->m_pkthdr.rcvif->if_noproto++; 719 m_freem(m); 720 } 721 /* XXX unlock ? */ 722 return; 723 default: 724 #ifdef IPX 725 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) 726 return; 727 #endif /* IPX */ 728 #ifdef NS 729 checksum = mtod(m, ushort *); 730 /* Novell 802.3 */ 731 if ((ether_type <= ETHERMTU) && 732 ((*checksum == 0xffff) || (*checksum == 0xE0E0))) { 733 if (*checksum == 0xE0E0) { 734 m->m_pkthdr.len -= 3; 735 m->m_len -= 3; 736 m->m_data += 3; 737 } 738 isr = NETISR_NS; 739 break; 740 } 741 #endif /* NS */ 742 #ifdef NETATALK 743 if (ether_type > ETHERMTU) 744 goto dropanyway; 745 l = mtod(m, struct llc *); 746 if (l->llc_dsap == LLC_SNAP_LSAP && 747 l->llc_ssap == LLC_SNAP_LSAP && 748 l->llc_control == LLC_UI) { 749 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code, 750 sizeof(at_org_code)) == 0 && 751 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) { 752 m_adj(m, sizeof(struct llc)); 753 isr = NETISR_ATALK2; 754 break; 755 } 756 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code, 757 sizeof(aarp_org_code)) == 0 && 758 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) { 759 m_adj(m, sizeof(struct llc)); 760 isr = NETISR_AARP; 761 break; 762 } 763 } 764 dropanyway: 765 #endif /* NETATALK */ 766 if (ng_ether_input_orphan_p != NULL) 767 (*ng_ether_input_orphan_p)(ifp, m, eh); 768 else 769 m_freem(m); 770 return; 771 } 772 netisr_dispatch(isr, m); 773 } 774 775 /* 776 * Perform common duties while attaching to interface list 777 */ 778 779 void 780 ether_ifattach(struct ifnet *ifp, uint8_t *lla) 781 { 782 ether_ifattach_bpf(ifp, lla, DLT_EN10MB, sizeof(struct ether_header)); 783 } 784 785 void 786 ether_ifattach_bpf(struct ifnet *ifp, uint8_t *lla, u_int dlt, u_int hdrlen) 787 { 788 struct ifaddr *ifa; 789 struct sockaddr_dl *sdl; 790 791 ifp->if_output = ether_output; 792 ifp->if_input = ether_input_internal; 793 ifp->if_type = IFT_ETHER; 794 ifp->if_addrlen = ETHER_ADDR_LEN; 795 ifp->if_broadcastaddr = etherbroadcastaddr; 796 ifp->if_hdrlen = 14; 797 if_attach(ifp); 798 ifp->if_mtu = ETHERMTU; 799 ifp->if_resolvemulti = ether_resolvemulti; 800 if (ifp->if_baudrate == 0) 801 ifp->if_baudrate = 10000000; 802 ifa = ifnet_addrs[ifp->if_index - 1]; 803 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __FUNCTION__)); 804 sdl = (struct sockaddr_dl *)ifa->ifa_addr; 805 sdl->sdl_type = IFT_ETHER; 806 sdl->sdl_alen = ifp->if_addrlen; 807 bcopy(lla, LLADDR(sdl), ifp->if_addrlen); 808 /* 809 * XXX Keep the current drivers happy. 810 * XXX Remove once all drivers have been cleaned up 811 */ 812 if (lla != IFP2AC(ifp)->ac_enaddr) 813 bcopy(lla, IFP2AC(ifp)->ac_enaddr, ifp->if_addrlen); 814 bpfattach(ifp, dlt, hdrlen); 815 if (ng_ether_attach_p != NULL) 816 (*ng_ether_attach_p)(ifp); 817 if (BDG_LOADED) 818 bdgtakeifaces_ptr(); 819 820 if_printf(ifp, "MAC address: %6D\n", lla, ":"); 821 } 822 823 /* 824 * Perform common duties while detaching an Ethernet interface 825 */ 826 void 827 ether_ifdetach(struct ifnet *ifp) 828 { 829 int s; 830 831 s = splnet(); 832 if_down(ifp); 833 splx(s); 834 835 if (ng_ether_detach_p != NULL) 836 (*ng_ether_detach_p)(ifp); 837 bpfdetach(ifp); 838 if_detach(ifp); 839 if (BDG_LOADED) 840 bdgtakeifaces_ptr(); 841 } 842 843 SYSCTL_DECL(_net_link); 844 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet"); 845 SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW, 846 ðer_ipfw,0,"Pass ether pkts through firewall"); 847 848 int 849 ether_ioctl(struct ifnet *ifp, int command, caddr_t data) 850 { 851 struct ifaddr *ifa = (struct ifaddr *) data; 852 struct ifreq *ifr = (struct ifreq *) data; 853 int error = 0; 854 855 switch (command) { 856 case SIOCSIFADDR: 857 ifp->if_flags |= IFF_UP; 858 859 switch (ifa->ifa_addr->sa_family) { 860 #ifdef INET 861 case AF_INET: 862 ifp->if_init(ifp->if_softc); /* before arpwhohas */ 863 arp_ifinit(ifp, ifa); 864 break; 865 #endif 866 #ifdef IPX 867 /* 868 * XXX - This code is probably wrong 869 */ 870 case AF_IPX: 871 { 872 struct ipx_addr *ina = &IA_SIPX(ifa)->sipx_addr; 873 struct arpcom *ac = IFP2AC(ifp); 874 875 if (ipx_nullhost(*ina)) 876 ina->x_host = *(union ipx_host *) ac->ac_enaddr; 877 else 878 bcopy(ina->x_host.c_host, ac->ac_enaddr, 879 sizeof ac->ac_enaddr); 880 881 ifp->if_init(ifp->if_softc); /* Set new address. */ 882 break; 883 } 884 #endif 885 #ifdef NS 886 /* 887 * XXX - This code is probably wrong 888 */ 889 case AF_NS: 890 { 891 struct ns_addr *ina = &(IA_SNS(ifa)->sns_addr); 892 struct arpcom *ac = IFP2AC(ifp); 893 894 if (ns_nullhost(*ina)) 895 ina->x_host = *(union ns_host *)(ac->ac_enaddr); 896 else 897 bcopy(ina->x_host.c_host, ac->ac_enaddr, 898 sizeof ac->ac_enaddr); 899 900 /* 901 * Set new address 902 */ 903 ifp->if_init(ifp->if_softc); 904 break; 905 } 906 #endif 907 default: 908 ifp->if_init(ifp->if_softc); 909 break; 910 } 911 break; 912 913 case SIOCGIFADDR: 914 bcopy(IFP2AC(ifp)->ac_enaddr, 915 ((struct sockaddr *)ifr->ifr_data)->sa_data, 916 ETHER_ADDR_LEN); 917 break; 918 919 case SIOCSIFMTU: 920 /* 921 * Set the interface MTU. 922 */ 923 if (ifr->ifr_mtu > ETHERMTU) { 924 error = EINVAL; 925 } else { 926 ifp->if_mtu = ifr->ifr_mtu; 927 } 928 break; 929 default: 930 error = EINVAL; 931 break; 932 } 933 return (error); 934 } 935 936 int 937 ether_resolvemulti( 938 struct ifnet *ifp, 939 struct sockaddr **llsa, 940 struct sockaddr *sa) 941 { 942 struct sockaddr_dl *sdl; 943 struct sockaddr_in *sin; 944 #ifdef INET6 945 struct sockaddr_in6 *sin6; 946 #endif 947 u_char *e_addr; 948 949 switch(sa->sa_family) { 950 case AF_LINK: 951 /* 952 * No mapping needed. Just check that it's a valid MC address. 953 */ 954 sdl = (struct sockaddr_dl *)sa; 955 e_addr = LLADDR(sdl); 956 if ((e_addr[0] & 1) != 1) 957 return EADDRNOTAVAIL; 958 *llsa = 0; 959 return 0; 960 961 #ifdef INET 962 case AF_INET: 963 sin = (struct sockaddr_in *)sa; 964 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) 965 return EADDRNOTAVAIL; 966 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 967 M_WAITOK|M_ZERO); 968 sdl->sdl_len = sizeof *sdl; 969 sdl->sdl_family = AF_LINK; 970 sdl->sdl_index = ifp->if_index; 971 sdl->sdl_type = IFT_ETHER; 972 sdl->sdl_alen = ETHER_ADDR_LEN; 973 e_addr = LLADDR(sdl); 974 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr); 975 *llsa = (struct sockaddr *)sdl; 976 return 0; 977 #endif 978 #ifdef INET6 979 case AF_INET6: 980 sin6 = (struct sockaddr_in6 *)sa; 981 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 982 /* 983 * An IP6 address of 0 means listen to all 984 * of the Ethernet multicast address used for IP6. 985 * (This is used for multicast routers.) 986 */ 987 ifp->if_flags |= IFF_ALLMULTI; 988 *llsa = 0; 989 return 0; 990 } 991 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) 992 return EADDRNOTAVAIL; 993 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR, 994 M_WAITOK|M_ZERO); 995 sdl->sdl_len = sizeof *sdl; 996 sdl->sdl_family = AF_LINK; 997 sdl->sdl_index = ifp->if_index; 998 sdl->sdl_type = IFT_ETHER; 999 sdl->sdl_alen = ETHER_ADDR_LEN; 1000 e_addr = LLADDR(sdl); 1001 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr); 1002 *llsa = (struct sockaddr *)sdl; 1003 return 0; 1004 #endif 1005 1006 default: 1007 /* 1008 * Well, the text isn't quite right, but it's the name 1009 * that counts... 1010 */ 1011 return EAFNOSUPPORT; 1012 } 1013 } 1014 1015 #if 0 1016 /* 1017 * This is for reference. We have a table-driven version 1018 * of the little-endian crc32 generator, which is faster 1019 * than the double-loop. 1020 */ 1021 uint32_t 1022 ether_crc32_le(const uint8_t *buf, size_t len) 1023 { 1024 uint32_t c, crc, carry; 1025 size_t i, j; 1026 1027 crc = 0xffffffffU; /* initial value */ 1028 1029 for (i = 0; i < len; i++) { 1030 c = buf[i]; 1031 for (j = 0; j < 8; j++) { 1032 carry = ((crc & 0x01) ? 1 : 0) ^ (c & 0x01); 1033 crc >>= 1; 1034 c >>= 1; 1035 if (carry) 1036 crc = (crc ^ ETHER_CRC_POLY_LE); 1037 } 1038 } 1039 1040 return (crc); 1041 } 1042 #else 1043 uint32_t 1044 ether_crc32_le(const uint8_t *buf, size_t len) 1045 { 1046 static const uint32_t crctab[] = { 1047 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac, 1048 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c, 1049 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c, 1050 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c 1051 }; 1052 uint32_t crc; 1053 size_t i; 1054 1055 crc = 0xffffffffU; /* initial value */ 1056 1057 for (i = 0; i < len; i++) { 1058 crc ^= buf[i]; 1059 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1060 crc = (crc >> 4) ^ crctab[crc & 0xf]; 1061 } 1062 1063 return (crc); 1064 } 1065 #endif 1066 1067 uint32_t 1068 ether_crc32_be(const uint8_t *buf, size_t len) 1069 { 1070 uint32_t c, crc, carry; 1071 size_t i, j; 1072 1073 crc = 0xffffffffU; /* initial value */ 1074 1075 for (i = 0; i < len; i++) { 1076 c = buf[i]; 1077 for (j = 0; j < 8; j++) { 1078 carry = ((crc & 0x80000000U) ? 1 : 0) ^ (c & 0x01); 1079 crc <<= 1; 1080 c >>= 1; 1081 if (carry) 1082 crc = (crc ^ ETHER_CRC_POLY_BE) | carry; 1083 } 1084 } 1085 1086 return (crc); 1087 } 1088