1 /* $OpenBSD: if_bridge.c,v 1.280 2016/06/07 08:32:13 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 #include "mpw.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/mbuf.h> 44 #include <sys/socket.h> 45 #include <sys/ioctl.h> 46 #include <sys/kernel.h> 47 48 #include <net/if.h> 49 #include <net/if_types.h> 50 #include <net/if_llc.h> 51 #include <net/netisr.h> 52 53 #include <netinet/in.h> 54 #include <netinet/ip.h> 55 #include <netinet/ip_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_icmp.h> 58 59 #ifdef IPSEC 60 #include <netinet/ip_ipsp.h> 61 #include <net/if_enc.h> 62 #endif 63 64 #ifdef INET6 65 #include <netinet6/in6_var.h> 66 #include <netinet/ip6.h> 67 #include <netinet6/ip6_var.h> 68 #endif 69 70 #if NPF > 0 71 #include <net/pfvar.h> 72 #define BRIDGE_IN PF_IN 73 #define BRIDGE_OUT PF_OUT 74 #else 75 #define BRIDGE_IN 0 76 #define BRIDGE_OUT 1 77 #endif 78 79 #if NBPFILTER > 0 80 #include <net/bpf.h> 81 #endif 82 83 #if NCARP > 0 84 #include <netinet/ip_carp.h> 85 #endif 86 87 #if NVLAN > 0 88 #include <net/if_vlan_var.h> 89 #endif 90 91 #if NGIF > 0 92 #include <net/if_gif.h> 93 #endif 94 95 #include <net/if_bridge.h> 96 97 /* 98 * Maximum number of addresses to cache 99 */ 100 #ifndef BRIDGE_RTABLE_MAX 101 #define BRIDGE_RTABLE_MAX 100 102 #endif 103 104 /* 105 * Timeout (in seconds) for entries learned dynamically 106 */ 107 #ifndef BRIDGE_RTABLE_TIMEOUT 108 #define BRIDGE_RTABLE_TIMEOUT 240 109 #endif 110 111 void bridgeattach(int); 112 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 113 int bridge_input(struct ifnet *, struct mbuf *, void *); 114 void bridge_process(struct ifnet *, struct mbuf *); 115 void bridgeintr_frame(struct bridge_softc *, struct ifnet *, struct mbuf *); 116 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 117 struct ether_header *, struct mbuf *); 118 void bridge_localbroadcast(struct bridge_softc *, struct ifnet *, 119 struct ether_header *, struct mbuf *); 120 void bridge_span(struct bridge_softc *, struct mbuf *); 121 void bridge_stop(struct bridge_softc *); 122 void bridge_init(struct bridge_softc *); 123 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 124 125 int bridge_blocknonip(struct ether_header *, struct mbuf *); 126 struct mbuf *bridge_ip(struct bridge_softc *, int, struct ifnet *, 127 struct ether_header *, struct mbuf *m); 128 int bridge_ifenqueue(struct bridge_softc *, struct ifnet *, struct mbuf *); 129 void bridge_ifinput(struct ifnet *, struct mbuf *); 130 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 131 struct rtentry *); 132 void bridge_fragment(struct bridge_softc *, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 #ifdef IPSEC 135 int bridge_ipsec(struct bridge_softc *, struct ifnet *, 136 struct ether_header *, int, struct llc *, 137 int, int, int, struct mbuf *); 138 #endif 139 int bridge_clone_create(struct if_clone *, int); 140 int bridge_clone_destroy(struct ifnet *ifp); 141 int bridge_delete(struct bridge_softc *, struct bridge_iflist *); 142 143 #define ETHERADDR_IS_IP_MCAST(a) \ 144 /* struct etheraddr *a; */ \ 145 ((a)->ether_addr_octet[0] == 0x01 && \ 146 (a)->ether_addr_octet[1] == 0x00 && \ 147 (a)->ether_addr_octet[2] == 0x5e) 148 149 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 150 151 struct if_clone bridge_cloner = 152 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 153 154 void 155 bridgeattach(int n) 156 { 157 if_clone_attach(&bridge_cloner); 158 } 159 160 int 161 bridge_clone_create(struct if_clone *ifc, int unit) 162 { 163 struct bridge_softc *sc; 164 struct ifnet *ifp; 165 int i; 166 167 sc = malloc(sizeof(*sc), M_DEVBUF, M_NOWAIT|M_ZERO); 168 if (!sc) 169 return (ENOMEM); 170 171 sc->sc_stp = bstp_create(&sc->sc_if); 172 if (!sc->sc_stp) { 173 free(sc, M_DEVBUF, sizeof *sc); 174 return (ENOMEM); 175 } 176 177 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 178 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 179 timeout_set(&sc->sc_brtimeout, bridge_timer, sc); 180 TAILQ_INIT(&sc->sc_iflist); 181 TAILQ_INIT(&sc->sc_spanlist); 182 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 183 LIST_INIT(&sc->sc_rts[i]); 184 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 185 ifp = &sc->sc_if; 186 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 187 unit); 188 ifp->if_softc = sc; 189 ifp->if_mtu = ETHERMTU; 190 ifp->if_ioctl = bridge_ioctl; 191 ifp->if_output = bridge_dummy_output; 192 ifp->if_start = NULL; 193 ifp->if_type = IFT_BRIDGE; 194 ifp->if_hdrlen = ETHER_HDR_LEN; 195 196 if_attach(ifp); 197 if_alloc_sadl(ifp); 198 199 #if NBPFILTER > 0 200 bpfattach(&sc->sc_if.if_bpf, ifp, 201 DLT_EN10MB, ETHER_HDR_LEN); 202 #endif 203 204 if_ih_insert(ifp, ether_input, NULL); 205 206 return (0); 207 } 208 209 int 210 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 211 struct rtentry *rt) 212 { 213 m_freem(m); 214 return (EAFNOSUPPORT); 215 } 216 217 int 218 bridge_clone_destroy(struct ifnet *ifp) 219 { 220 struct bridge_softc *sc = ifp->if_softc; 221 struct bridge_iflist *bif; 222 223 bridge_stop(sc); 224 bridge_rtflush(sc, IFBF_FLUSHALL); 225 while ((bif = TAILQ_FIRST(&sc->sc_iflist)) != NULL) 226 bridge_delete(sc, bif); 227 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) { 228 TAILQ_REMOVE(&sc->sc_spanlist, bif, next); 229 free(bif, M_DEVBUF, sizeof *bif); 230 } 231 232 bstp_destroy(sc->sc_stp); 233 234 /* Undo pseudo-driver changes. */ 235 if_deactivate(ifp); 236 237 if_ih_remove(ifp, ether_input, NULL); 238 239 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 240 241 if_detach(ifp); 242 243 free(sc, M_DEVBUF, sizeof *sc); 244 return (0); 245 } 246 247 int 248 bridge_delete(struct bridge_softc *sc, struct bridge_iflist *p) 249 { 250 int error; 251 252 if (p->bif_flags & IFBIF_STP) 253 bstp_delete(p->bif_stp); 254 255 p->ifp->if_bridgeport = NULL; 256 error = ifpromisc(p->ifp, 0); 257 258 if_ih_remove(p->ifp, bridge_input, NULL); 259 TAILQ_REMOVE(&sc->sc_iflist, p, next); 260 bridge_rtdelete(sc, p->ifp, 0); 261 bridge_flushrule(p); 262 free(p, M_DEVBUF, sizeof *p); 263 264 return (error); 265 } 266 267 int 268 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 269 { 270 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 271 struct ifbreq *req = (struct ifbreq *)data; 272 struct ifbropreq *brop = (struct ifbropreq *)data; 273 struct ifnet *ifs; 274 struct bridge_iflist *p; 275 struct bstp_port *bp; 276 struct bstp_state *bs = sc->sc_stp; 277 int error = 0, s; 278 279 s = splnet(); 280 switch (cmd) { 281 case SIOCBRDGADD: 282 if ((error = suser(curproc, 0)) != 0) 283 break; 284 285 ifs = ifunit(req->ifbr_ifsname); 286 if (ifs == NULL) { /* no such interface */ 287 error = ENOENT; 288 break; 289 } 290 if (ifs->if_bridgeport != NULL) { 291 p = (struct bridge_iflist *)ifs->if_bridgeport; 292 if (p->bridge_sc == sc) 293 error = EEXIST; 294 else 295 error = EBUSY; 296 break; 297 } 298 299 /* If it's in the span list, it can't be a member. */ 300 TAILQ_FOREACH(p, &sc->sc_spanlist, next) 301 if (p->ifp == ifs) 302 break; 303 if (p != NULL) { 304 error = EBUSY; 305 break; 306 } 307 308 if (ifs->if_type == IFT_ETHER) { 309 if ((ifs->if_flags & IFF_UP) == 0) { 310 struct ifreq ifreq; 311 312 /* 313 * Bring interface up long enough to set 314 * promiscuous flag, then shut it down again. 315 */ 316 strlcpy(ifreq.ifr_name, req->ifbr_ifsname, 317 IFNAMSIZ); 318 ifs->if_flags |= IFF_UP; 319 ifreq.ifr_flags = ifs->if_flags; 320 error = (*ifs->if_ioctl)(ifs, SIOCSIFFLAGS, 321 (caddr_t)&ifreq); 322 if (error != 0) 323 break; 324 325 error = ifpromisc(ifs, 1); 326 if (error != 0) 327 break; 328 329 strlcpy(ifreq.ifr_name, req->ifbr_ifsname, 330 IFNAMSIZ); 331 ifs->if_flags &= ~IFF_UP; 332 ifreq.ifr_flags = ifs->if_flags; 333 error = (*ifs->if_ioctl)(ifs, SIOCSIFFLAGS, 334 (caddr_t)&ifreq); 335 if (error != 0) { 336 ifpromisc(ifs, 0); 337 break; 338 } 339 } else { 340 error = ifpromisc(ifs, 1); 341 if (error != 0) 342 break; 343 } 344 } 345 #if NGIF > 0 346 else if (ifs->if_type == IFT_GIF) { 347 /* Nothing needed */ 348 } 349 #endif /* NGIF */ 350 #if NMPW > 0 351 else if (ifs->if_type == IFT_MPLSTUNNEL) { 352 /* Nothing needed */ 353 } 354 #endif /* NMPW */ 355 else { 356 error = EINVAL; 357 break; 358 } 359 360 p = malloc(sizeof(*p), M_DEVBUF, M_NOWAIT|M_ZERO); 361 if (p == NULL) { 362 if (ifs->if_type == IFT_ETHER) 363 ifpromisc(ifs, 0); 364 error = ENOMEM; 365 break; 366 } 367 368 p->bridge_sc = sc; 369 p->ifp = ifs; 370 p->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 371 SIMPLEQ_INIT(&p->bif_brlin); 372 SIMPLEQ_INIT(&p->bif_brlout); 373 ifs->if_bridgeport = (caddr_t)p; 374 if_ih_insert(p->ifp, bridge_input, NULL); 375 TAILQ_INSERT_TAIL(&sc->sc_iflist, p, next); 376 break; 377 case SIOCBRDGDEL: 378 if ((error = suser(curproc, 0)) != 0) 379 break; 380 ifs = ifunit(req->ifbr_ifsname); 381 if (ifs == NULL) { 382 error = ENOENT; 383 break; 384 } 385 p = (struct bridge_iflist *)ifs->if_bridgeport; 386 if (p == NULL || p->bridge_sc != sc) { 387 error = ESRCH; 388 break; 389 } 390 error = bridge_delete(sc, p); 391 break; 392 case SIOCBRDGIFS: 393 error = bridge_bifconf(sc, (struct ifbifconf *)data); 394 break; 395 case SIOCBRDGADDS: 396 if ((error = suser(curproc, 0)) != 0) 397 break; 398 ifs = ifunit(req->ifbr_ifsname); 399 if (ifs == NULL) { /* no such interface */ 400 error = ENOENT; 401 break; 402 } 403 if (ifs->if_bridgeport != NULL) { 404 error = EBUSY; 405 break; 406 } 407 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 408 if (p->ifp == ifs) 409 break; 410 } 411 if (p != NULL) { 412 error = EEXIST; 413 break; 414 } 415 p = malloc(sizeof(*p), M_DEVBUF, M_NOWAIT|M_ZERO); 416 if (p == NULL) { 417 error = ENOMEM; 418 break; 419 } 420 p->ifp = ifs; 421 p->bif_flags = IFBIF_SPAN; 422 SIMPLEQ_INIT(&p->bif_brlin); 423 SIMPLEQ_INIT(&p->bif_brlout); 424 TAILQ_INSERT_TAIL(&sc->sc_spanlist, p, next); 425 break; 426 case SIOCBRDGDELS: 427 if ((error = suser(curproc, 0)) != 0) 428 break; 429 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 430 if (strncmp(p->ifp->if_xname, req->ifbr_ifsname, 431 sizeof(p->ifp->if_xname)) == 0) { 432 TAILQ_REMOVE(&sc->sc_spanlist, p, next); 433 free(p, M_DEVBUF, sizeof *p); 434 break; 435 } 436 } 437 if (p == NULL) { 438 error = ENOENT; 439 break; 440 } 441 break; 442 case SIOCBRDGGIFFLGS: 443 ifs = ifunit(req->ifbr_ifsname); 444 if (ifs == NULL) { 445 error = ENOENT; 446 break; 447 } 448 p = (struct bridge_iflist *)ifs->if_bridgeport; 449 if (p == NULL || p->bridge_sc != sc) { 450 error = ESRCH; 451 break; 452 } 453 req->ifbr_ifsflags = p->bif_flags; 454 req->ifbr_portno = p->ifp->if_index & 0xfff; 455 if (p->bif_flags & IFBIF_STP) { 456 bp = p->bif_stp; 457 req->ifbr_state = bstp_getstate(bs, bp); 458 req->ifbr_priority = bp->bp_priority; 459 req->ifbr_path_cost = bp->bp_path_cost; 460 req->ifbr_proto = bp->bp_protover; 461 req->ifbr_role = bp->bp_role; 462 req->ifbr_stpflags = bp->bp_flags; 463 req->ifbr_fwd_trans = bp->bp_forward_transitions; 464 req->ifbr_desg_bridge = bp->bp_desg_pv.pv_dbridge_id; 465 req->ifbr_desg_port = bp->bp_desg_pv.pv_dport_id; 466 req->ifbr_root_bridge = bp->bp_desg_pv.pv_root_id; 467 req->ifbr_root_cost = bp->bp_desg_pv.pv_cost; 468 req->ifbr_root_port = bp->bp_desg_pv.pv_port_id; 469 470 /* Copy STP state options as flags */ 471 if (bp->bp_operedge) 472 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 473 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 474 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 475 if (bp->bp_ptp_link) 476 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 477 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 478 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 479 } 480 break; 481 case SIOCBRDGSIFFLGS: 482 if ((error = suser(curproc, 0)) != 0) 483 break; 484 ifs = ifunit(req->ifbr_ifsname); 485 if (ifs == NULL) { 486 error = ENOENT; 487 break; 488 } 489 p = (struct bridge_iflist *)ifs->if_bridgeport; 490 if (p == NULL || p->bridge_sc != sc) { 491 error = ESRCH; 492 break; 493 } 494 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 495 error = EINVAL; 496 break; 497 } 498 if (req->ifbr_ifsflags & IFBIF_STP) { 499 if ((p->bif_flags & IFBIF_STP) == 0) { 500 /* Enable STP */ 501 if ((p->bif_stp = bstp_add(sc->sc_stp, 502 p->ifp)) == NULL) { 503 error = ENOMEM; 504 break; 505 } 506 } else { 507 /* Update STP flags */ 508 bstp_ifsflags(p->bif_stp, req->ifbr_ifsflags); 509 } 510 } else if (p->bif_flags & IFBIF_STP) { 511 bstp_delete(p->bif_stp); 512 p->bif_stp = NULL; 513 } 514 p->bif_flags = req->ifbr_ifsflags; 515 break; 516 case SIOCSIFFLAGS: 517 if ((ifp->if_flags & IFF_UP) == IFF_UP) 518 bridge_init(sc); 519 520 if ((ifp->if_flags & IFF_UP) == 0) 521 bridge_stop(sc); 522 523 break; 524 case SIOCBRDGGPARAM: 525 if ((bp = bs->bs_root_port) == NULL) 526 brop->ifbop_root_port = 0; 527 else 528 brop->ifbop_root_port = bp->bp_ifp->if_index; 529 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 530 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 531 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 532 brop->ifbop_holdcount = bs->bs_txholdcount; 533 brop->ifbop_priority = bs->bs_bridge_priority; 534 brop->ifbop_protocol = bs->bs_protover; 535 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 536 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 537 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 538 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 539 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 540 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 541 break; 542 case SIOCBRDGRTS: 543 case SIOCBRDGGCACHE: 544 case SIOCBRDGGPRI: 545 case SIOCBRDGGMA: 546 case SIOCBRDGGHT: 547 case SIOCBRDGGFD: 548 case SIOCBRDGGTO: 549 case SIOCBRDGGRL: 550 break; 551 case SIOCBRDGFLUSH: 552 case SIOCBRDGSADDR: 553 case SIOCBRDGDADDR: 554 case SIOCBRDGSCACHE: 555 case SIOCBRDGSTO: 556 case SIOCBRDGARL: 557 case SIOCBRDGFRL: 558 case SIOCBRDGSPRI: 559 case SIOCBRDGSFD: 560 case SIOCBRDGSMA: 561 case SIOCBRDGSHT: 562 case SIOCBRDGSTXHC: 563 case SIOCBRDGSPROTO: 564 case SIOCBRDGSIFPRIO: 565 case SIOCBRDGSIFCOST: 566 error = suser(curproc, 0); 567 break; 568 default: 569 error = ENOTTY; 570 break; 571 } 572 573 if (!error) 574 error = bridgectl_ioctl(ifp, cmd, data); 575 576 if (!error) 577 error = bstp_ioctl(ifp, cmd, data); 578 579 splx(s); 580 return (error); 581 } 582 583 /* Detach an interface from a bridge. */ 584 void 585 bridge_ifdetach(struct ifnet *ifp) 586 { 587 struct bridge_softc *sc; 588 struct bridge_iflist *bif; 589 590 bif = (struct bridge_iflist *)ifp->if_bridgeport; 591 sc = bif->bridge_sc; 592 593 bridge_delete(sc, bif); 594 } 595 596 int 597 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 598 { 599 struct bridge_iflist *p; 600 struct bstp_port *bp; 601 struct bstp_state *bs = sc->sc_stp; 602 u_int32_t total = 0, i = 0; 603 int error = 0; 604 struct ifbreq *breq = NULL; 605 606 TAILQ_FOREACH(p, &sc->sc_iflist, next) 607 total++; 608 609 TAILQ_FOREACH(p, &sc->sc_spanlist, next) 610 total++; 611 612 if (bifc->ifbic_len == 0) { 613 i = total; 614 goto done; 615 } 616 617 if ((breq = (struct ifbreq *) 618 malloc(sizeof(*breq), M_DEVBUF, M_NOWAIT)) == NULL) 619 goto done; 620 621 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 622 bzero(breq, sizeof(*breq)); 623 if (bifc->ifbic_len < sizeof(*breq)) 624 break; 625 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 626 strlcpy(breq->ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 627 breq->ifbr_ifsflags = p->bif_flags; 628 breq->ifbr_portno = p->ifp->if_index & 0xfff; 629 if (p->bif_flags & IFBIF_STP) { 630 bp = p->bif_stp; 631 breq->ifbr_state = bstp_getstate(sc->sc_stp, bp); 632 breq->ifbr_priority = bp->bp_priority; 633 breq->ifbr_path_cost = bp->bp_path_cost; 634 breq->ifbr_proto = bp->bp_protover; 635 breq->ifbr_role = bp->bp_role; 636 breq->ifbr_stpflags = bp->bp_flags; 637 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 638 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 639 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 640 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 641 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 642 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 643 644 /* Copy STP state options as flags */ 645 if (bp->bp_operedge) 646 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 647 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 648 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 649 if (bp->bp_ptp_link) 650 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 651 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 652 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 653 } 654 error = copyout((caddr_t)breq, 655 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 656 if (error) 657 goto done; 658 i++; 659 bifc->ifbic_len -= sizeof(*breq); 660 } 661 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 662 bzero(breq, sizeof(*breq)); 663 if (bifc->ifbic_len < sizeof(*breq)) 664 break; 665 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 666 strlcpy(breq->ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 667 breq->ifbr_ifsflags = p->bif_flags | IFBIF_SPAN; 668 breq->ifbr_portno = p->ifp->if_index & 0xfff; 669 error = copyout((caddr_t)breq, 670 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 671 if (error) 672 goto done; 673 i++; 674 bifc->ifbic_len -= sizeof(*breq); 675 } 676 677 done: 678 if (breq != NULL) 679 free(breq, M_DEVBUF, sizeof *breq); 680 bifc->ifbic_len = i * sizeof(*breq); 681 return (error); 682 } 683 684 void 685 bridge_init(struct bridge_softc *sc) 686 { 687 struct ifnet *ifp = &sc->sc_if; 688 689 if ((ifp->if_flags & IFF_RUNNING) == IFF_RUNNING) 690 return; 691 692 ifp->if_flags |= IFF_RUNNING; 693 bstp_initialization(sc->sc_stp); 694 695 if (sc->sc_brttimeout != 0) 696 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 697 } 698 699 /* 700 * Stop the bridge and deallocate the routing table. 701 */ 702 void 703 bridge_stop(struct bridge_softc *sc) 704 { 705 struct ifnet *ifp = &sc->sc_if; 706 707 /* 708 * If we're not running, there's nothing to do. 709 */ 710 if ((ifp->if_flags & IFF_RUNNING) == 0) 711 return; 712 713 timeout_del(&sc->sc_brtimeout); 714 715 bridge_rtflush(sc, IFBF_FLUSHDYN); 716 717 ifp->if_flags &= ~IFF_RUNNING; 718 } 719 720 /* 721 * Send output from the bridge. The mbuf has the ethernet header 722 * already attached. We must enqueue or free the mbuf before exiting. 723 */ 724 int 725 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 726 struct rtentry *rt) 727 { 728 struct ether_header *eh; 729 struct ifnet *dst_if = NULL; 730 struct bridge_rtnode *dst_p = NULL; 731 struct ether_addr *dst; 732 struct bridge_softc *sc; 733 int error; 734 735 /* ifp must be a member interface of the bridge. */ 736 if (ifp->if_bridgeport == NULL) { 737 m_freem(m); 738 return (EINVAL); 739 } 740 sc = ((struct bridge_iflist *)ifp->if_bridgeport)->bridge_sc; 741 742 if (m->m_len < sizeof(*eh)) { 743 m = m_pullup(m, sizeof(*eh)); 744 if (m == NULL) 745 return (ENOBUFS); 746 } 747 eh = mtod(m, struct ether_header *); 748 dst = (struct ether_addr *)&eh->ether_dhost[0]; 749 750 /* 751 * If bridge is down, but original output interface is up, 752 * go ahead and send out that interface. Otherwise the packet 753 * is dropped below. 754 */ 755 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 756 dst_if = ifp; 757 goto sendunicast; 758 } 759 760 #if NBPFILTER > 0 761 if (sc->sc_if.if_bpf) 762 bpf_mtap(sc->sc_if.if_bpf, m, BPF_DIRECTION_OUT); 763 #endif 764 ifp->if_opackets++; 765 ifp->if_obytes += m->m_pkthdr.len; 766 767 /* 768 * If the packet is a broadcast or we don't know a better way to 769 * get there, send to all interfaces. 770 */ 771 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 772 dst_if = dst_p->brt_if; 773 if (dst_if == NULL || ETHER_IS_MULTICAST(eh->ether_dhost)) { 774 struct bridge_iflist *p; 775 struct mbuf *mc; 776 int used = 0; 777 778 bridge_span(sc, m); 779 780 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 781 dst_if = p->ifp; 782 if ((dst_if->if_flags & IFF_RUNNING) == 0) 783 continue; 784 785 /* 786 * If this is not the original output interface, 787 * and the interface is participating in spanning 788 * tree, make sure the port is in a state that 789 * allows forwarding. 790 */ 791 if (dst_if != ifp && 792 (p->bif_flags & IFBIF_STP) && 793 (p->bif_state == BSTP_IFSTATE_DISCARDING)) 794 continue; 795 #if NMPW > 0 796 /* 797 * Split horizon: avoid broadcasting messages from 798 * wire to another wire. 799 */ 800 if (ifp->if_type == IFT_MPLSTUNNEL && 801 dst_if->if_type == IFT_MPLSTUNNEL) 802 continue; 803 #endif /* NMPW */ 804 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 805 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 806 continue; 807 808 if (TAILQ_NEXT(p, next) == NULL) { 809 used = 1; 810 mc = m; 811 } else { 812 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 813 if (mc == NULL) { 814 sc->sc_if.if_oerrors++; 815 continue; 816 } 817 } 818 819 error = bridge_ifenqueue(sc, dst_if, mc); 820 if (error) 821 continue; 822 } 823 if (!used) 824 m_freem(m); 825 return (0); 826 } 827 828 sendunicast: 829 if (dst_p != NULL && dst_p->brt_tunnel.sa.sa_family != AF_UNSPEC && 830 (sa = bridge_tunneltag(m, dst_p->brt_tunnel.sa.sa_family)) != NULL) 831 memcpy(sa, &dst_p->brt_tunnel.sa, dst_p->brt_tunnel.sa.sa_len); 832 833 bridge_span(sc, m); 834 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 835 m_freem(m); 836 return (ENETDOWN); 837 } 838 bridge_ifenqueue(sc, dst_if, m); 839 return (0); 840 } 841 842 /* 843 * Loop through each bridge interface and process their input queues. 844 */ 845 void 846 bridgeintr(void) 847 { 848 struct mbuf_list ml; 849 struct mbuf *m; 850 struct ifnet *ifp; 851 852 niq_delist(&bridgeintrq, &ml); 853 if (ml_empty(&ml)) 854 return; 855 856 while ((m = ml_dequeue(&ml)) != NULL) { 857 858 ifp = if_get(m->m_pkthdr.ph_ifidx); 859 if (ifp == NULL) { 860 m_freem(m); 861 continue; 862 } 863 864 bridge_process(ifp, m); 865 866 if_put(ifp); 867 } 868 } 869 870 /* 871 * Process a single frame. Frame must be freed or queued before returning. 872 */ 873 void 874 bridgeintr_frame(struct bridge_softc *sc, struct ifnet *src_if, struct mbuf *m) 875 { 876 struct ifnet *dst_if; 877 struct bridge_iflist *ifl; 878 struct bridge_rtnode *dst_p; 879 struct ether_addr *dst, *src; 880 struct ether_header eh; 881 int len; 882 883 884 sc->sc_if.if_ipackets++; 885 sc->sc_if.if_ibytes += m->m_pkthdr.len; 886 887 ifl = (struct bridge_iflist *)src_if->if_bridgeport; 888 KASSERT(ifl != NULL); 889 890 if (m->m_pkthdr.len < sizeof(eh)) { 891 m_freem(m); 892 return; 893 } 894 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 895 dst = (struct ether_addr *)&eh.ether_dhost[0]; 896 src = (struct ether_addr *)&eh.ether_shost[0]; 897 898 /* 899 * If interface is learning, and if source address 900 * is not broadcast or multicast, record its address. 901 */ 902 if ((ifl->bif_flags & IFBIF_LEARNING) && 903 (eh.ether_shost[0] & 1) == 0 && 904 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 905 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 906 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 907 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 908 909 if ((ifl->bif_flags & IFBIF_STP) && 910 (ifl->bif_state == BSTP_IFSTATE_LEARNING)) { 911 m_freem(m); 912 return; 913 } 914 915 /* 916 * At this point, the port either doesn't participate in stp or 917 * it's in the forwarding state 918 */ 919 920 /* 921 * If packet is unicast, destined for someone on "this" 922 * side of the bridge, drop it. 923 */ 924 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 925 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 926 dst_if = dst_p->brt_if; 927 else 928 dst_if = NULL; 929 if (dst_if == src_if) { 930 m_freem(m); 931 return; 932 } 933 } else { 934 if (memcmp(etherbroadcastaddr, eh.ether_dhost, 935 sizeof(etherbroadcastaddr)) == 0) 936 m->m_flags |= M_BCAST; 937 else 938 m->m_flags |= M_MCAST; 939 dst_if = NULL; 940 } 941 942 /* 943 * Multicast packets get handled a little differently: 944 * If interface is: 945 * -link0,-link1 (default) Forward all multicast 946 * as broadcast. 947 * -link0,link1 Drop non-IP multicast, forward 948 * as broadcast IP multicast. 949 * link0,-link1 Drop IP multicast, forward as 950 * broadcast non-IP multicast. 951 * link0,link1 Drop all multicast. 952 */ 953 if (m->m_flags & M_MCAST) { 954 if ((sc->sc_if.if_flags & 955 (IFF_LINK0 | IFF_LINK1)) == 956 (IFF_LINK0 | IFF_LINK1)) { 957 m_freem(m); 958 return; 959 } 960 if (sc->sc_if.if_flags & IFF_LINK0 && 961 ETHERADDR_IS_IP_MCAST(dst)) { 962 m_freem(m); 963 return; 964 } 965 if (sc->sc_if.if_flags & IFF_LINK1 && 966 !ETHERADDR_IS_IP_MCAST(dst)) { 967 m_freem(m); 968 return; 969 } 970 } 971 972 if (ifl->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 973 m_freem(m); 974 return; 975 } 976 977 if (bridge_filterrule(&ifl->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 978 m_freem(m); 979 return; 980 } 981 m = bridge_ip(sc, BRIDGE_IN, src_if, &eh, m); 982 if (m == NULL) 983 return; 984 /* 985 * If the packet is a multicast or broadcast OR if we don't 986 * know any better, forward it to all interfaces. 987 */ 988 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_if == NULL) { 989 sc->sc_if.if_imcasts++; 990 bridge_broadcast(sc, src_if, &eh, m); 991 return; 992 } 993 994 /* 995 * At this point, we're dealing with a unicast frame going to a 996 * different interface 997 */ 998 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 999 m_freem(m); 1000 return; 1001 } 1002 ifl = (struct bridge_iflist *)dst_if->if_bridgeport; 1003 if ((ifl->bif_flags & IFBIF_STP) && 1004 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) { 1005 m_freem(m); 1006 return; 1007 } 1008 if (bridge_filterrule(&ifl->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) { 1009 m_freem(m); 1010 return; 1011 } 1012 m = bridge_ip(sc, BRIDGE_OUT, dst_if, &eh, m); 1013 if (m == NULL) 1014 return; 1015 1016 len = m->m_pkthdr.len; 1017 #if NVLAN > 0 1018 if ((m->m_flags & M_VLANTAG) && 1019 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1020 len += ETHER_VLAN_ENCAP_LEN; 1021 #endif 1022 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1023 bridge_fragment(sc, dst_if, &eh, m); 1024 else { 1025 bridge_ifenqueue(sc, dst_if, m); 1026 } 1027 } 1028 1029 /* 1030 * Receive input from an interface. Queue the packet for bridging if its 1031 * not for us, and schedule an interrupt. 1032 */ 1033 int 1034 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1035 { 1036 KASSERT(m->m_flags & M_PKTHDR); 1037 1038 if (m->m_flags & M_PROTO1) { 1039 m->m_flags &= ~M_PROTO1; 1040 return (0); 1041 } 1042 1043 niq_enqueue(&bridgeintrq, m); 1044 1045 return (1); 1046 } 1047 1048 void 1049 bridge_process(struct ifnet *ifp, struct mbuf *m) 1050 { 1051 struct bridge_softc *sc; 1052 struct bridge_iflist *ifl; 1053 struct bridge_iflist *srcifl; 1054 struct ether_header *eh; 1055 struct arpcom *ac; 1056 struct mbuf *mc; 1057 1058 ifl = (struct bridge_iflist *)ifp->if_bridgeport; 1059 if (ifl == NULL) 1060 goto reenqueue; 1061 1062 sc = ifl->bridge_sc; 1063 if ((sc->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 1064 goto reenqueue; 1065 1066 #if NVLAN > 0 1067 /* 1068 * If the underlying interface removed the VLAN header itself, 1069 * add it back. 1070 */ 1071 if (ISSET(m->m_flags, M_VLANTAG)) { 1072 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1073 if (m == NULL) 1074 return; 1075 } 1076 #endif 1077 1078 #if NBPFILTER > 0 1079 if (sc->sc_if.if_bpf) 1080 bpf_mtap_ether(sc->sc_if.if_bpf, m, BPF_DIRECTION_IN); 1081 #endif 1082 1083 bridge_span(sc, m); 1084 1085 eh = mtod(m, struct ether_header *); 1086 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1087 /* 1088 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1089 * should not be forwarded to bridge members according to 1090 * section 7.12.6 of the 802.1D-2004 specification. The 1091 * STP destination address (as stored in bstp_etheraddr) 1092 * is the first of these. 1093 */ 1094 if (bcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN - 1) 1095 == 0) { 1096 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1097 /* STP traffic */ 1098 if ((m = bstp_input(sc->sc_stp, ifl->bif_stp, 1099 eh, m)) == NULL) 1100 return; 1101 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) { 1102 m_freem(m); 1103 return; 1104 } 1105 } 1106 1107 /* 1108 * No need to process frames for ifs in the discarding state 1109 */ 1110 if ((ifl->bif_flags & IFBIF_STP) && 1111 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) 1112 goto reenqueue; 1113 1114 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1115 if (mc == NULL) 1116 goto reenqueue; 1117 1118 #if NGIF > 0 1119 if (ifp->if_type == IFT_GIF) { 1120 TAILQ_FOREACH(ifl, &sc->sc_iflist, next) { 1121 if (ifl->ifp->if_type != IFT_ETHER) 1122 continue; 1123 1124 bridge_ifinput(ifl->ifp, mc); 1125 break; 1126 } 1127 if (!ifl) 1128 m_freem(mc); 1129 } else 1130 #endif /* NGIF */ 1131 bridge_ifinput(ifp, mc); 1132 1133 bridgeintr_frame(sc, ifp, m); 1134 return; 1135 } 1136 1137 /* 1138 * No need to queue frames for ifs in the discarding state 1139 */ 1140 if ((ifl->bif_flags & IFBIF_STP) && 1141 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) 1142 goto reenqueue; 1143 1144 /* 1145 * Unicast, make sure it's not for us. 1146 */ 1147 srcifl = ifl; 1148 TAILQ_FOREACH(ifl, &sc->sc_iflist, next) { 1149 if (ifl->ifp->if_type != IFT_ETHER) 1150 continue; 1151 ac = (struct arpcom *)ifl->ifp; 1152 if (bcmp(ac->ac_enaddr, eh->ether_dhost, ETHER_ADDR_LEN) == 0 1153 #if NCARP > 0 1154 || (ifl->ifp->if_carp && carp_ourether(ifl->ifp->if_carp, 1155 (u_int8_t *)&eh->ether_dhost) != NULL) 1156 #endif 1157 ) { 1158 if (srcifl->bif_flags & IFBIF_LEARNING) 1159 bridge_rtupdate(sc, 1160 (struct ether_addr *)&eh->ether_shost, 1161 ifp, 0, IFBAF_DYNAMIC, m); 1162 if (bridge_filterrule(&srcifl->bif_brlin, eh, m) == 1163 BRL_ACTION_BLOCK) { 1164 m_freem(m); 1165 return; 1166 } 1167 1168 /* Count for the bridge */ 1169 sc->sc_if.if_ipackets++; 1170 sc->sc_if.if_ibytes += m->m_pkthdr.len; 1171 1172 bridge_ifinput(ifl->ifp, m); 1173 return; 1174 } 1175 if (bcmp(ac->ac_enaddr, eh->ether_shost, ETHER_ADDR_LEN) == 0 1176 #if NCARP > 0 1177 || (ifl->ifp->if_carp && carp_ourether(ifl->ifp->if_carp, 1178 (u_int8_t *)&eh->ether_shost) != NULL) 1179 #endif 1180 ) { 1181 m_freem(m); 1182 return; 1183 } 1184 } 1185 1186 bridgeintr_frame(sc, ifp, m); 1187 return; 1188 1189 reenqueue: 1190 bridge_ifinput(ifp, m); 1191 } 1192 1193 /* 1194 * Send a frame to all interfaces that are members of the bridge 1195 * (except the one it came in on). 1196 */ 1197 void 1198 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1199 struct ether_header *eh, struct mbuf *m) 1200 { 1201 struct bridge_iflist *p; 1202 struct mbuf *mc; 1203 struct ifnet *dst_if; 1204 int len, used = 0; 1205 1206 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 1207 dst_if = p->ifp; 1208 1209 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1210 continue; 1211 1212 if ((p->bif_flags & IFBIF_STP) && 1213 (p->bif_state == BSTP_IFSTATE_DISCARDING)) 1214 continue; 1215 1216 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 1217 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1218 continue; 1219 1220 /* Drop non-IP frames if the appropriate flag is set. */ 1221 if (p->bif_flags & IFBIF_BLOCKNONIP && 1222 bridge_blocknonip(eh, m)) 1223 continue; 1224 1225 if (bridge_filterrule(&p->bif_brlout, eh, m) == BRL_ACTION_BLOCK) 1226 continue; 1227 1228 /* 1229 * Don't retransmit out of the same interface where 1230 * the packet was received from. 1231 */ 1232 if (dst_if->if_index == ifp->if_index) 1233 continue; 1234 1235 bridge_localbroadcast(sc, dst_if, eh, m); 1236 1237 #if NMPW > 0 1238 /* 1239 * Split horizon: avoid broadcasting messages from wire to 1240 * another wire. 1241 */ 1242 if (ifp->if_type == IFT_MPLSTUNNEL && 1243 dst_if->if_type == IFT_MPLSTUNNEL) 1244 continue; 1245 #endif /* NMPW */ 1246 1247 /* If last one, reuse the passed-in mbuf */ 1248 if (TAILQ_NEXT(p, next) == NULL) { 1249 mc = m; 1250 used = 1; 1251 } else { 1252 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1253 if (mc == NULL) { 1254 sc->sc_if.if_oerrors++; 1255 continue; 1256 } 1257 } 1258 1259 mc = bridge_ip(sc, BRIDGE_OUT, dst_if, eh, mc); 1260 if (mc == NULL) 1261 continue; 1262 1263 len = mc->m_pkthdr.len; 1264 #if NVLAN > 0 1265 if ((mc->m_flags & M_VLANTAG) && 1266 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1267 len += ETHER_VLAN_ENCAP_LEN; 1268 #endif 1269 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1270 bridge_fragment(sc, dst_if, eh, mc); 1271 else { 1272 bridge_ifenqueue(sc, dst_if, mc); 1273 } 1274 } 1275 1276 if (!used) 1277 m_freem(m); 1278 } 1279 1280 void 1281 bridge_localbroadcast(struct bridge_softc *sc, struct ifnet *ifp, 1282 struct ether_header *eh, struct mbuf *m) 1283 { 1284 struct mbuf *m1; 1285 u_int16_t etype; 1286 1287 /* 1288 * quick optimisation, don't send packets up the stack if no 1289 * corresponding address has been specified. 1290 */ 1291 etype = ntohs(eh->ether_type); 1292 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1293 struct ifaddr *ifa; 1294 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1295 if (ifa->ifa_addr->sa_family == AF_INET) 1296 break; 1297 } 1298 if (ifa == NULL) 1299 return; 1300 } 1301 1302 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1303 if (m1 == NULL) { 1304 sc->sc_if.if_oerrors++; 1305 return; 1306 } 1307 1308 #if NPF > 0 1309 pf_pkt_addr_changed(m1); 1310 #endif /* NPF */ 1311 1312 bridge_ifinput(ifp, m1); 1313 } 1314 1315 void 1316 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1317 { 1318 struct bridge_iflist *p; 1319 struct ifnet *ifp; 1320 struct mbuf *mc; 1321 int error; 1322 1323 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 1324 ifp = p->ifp; 1325 1326 if ((ifp->if_flags & IFF_RUNNING) == 0) 1327 continue; 1328 1329 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1330 if (mc == NULL) { 1331 sc->sc_if.if_oerrors++; 1332 continue; 1333 } 1334 1335 error = bridge_ifenqueue(sc, ifp, mc); 1336 if (error) 1337 continue; 1338 } 1339 } 1340 1341 /* 1342 * Block non-ip frames: 1343 * Returns 0 if frame is ip, and 1 if it should be dropped. 1344 */ 1345 int 1346 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1347 { 1348 struct llc llc; 1349 u_int16_t etype; 1350 1351 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1352 return (1); 1353 1354 #if NVLAN > 0 1355 if (m->m_flags & M_VLANTAG) 1356 return (1); 1357 #endif 1358 1359 etype = ntohs(eh->ether_type); 1360 switch (etype) { 1361 case ETHERTYPE_ARP: 1362 case ETHERTYPE_REVARP: 1363 case ETHERTYPE_IP: 1364 case ETHERTYPE_IPV6: 1365 return (0); 1366 } 1367 1368 if (etype > ETHERMTU) 1369 return (1); 1370 1371 if (m->m_pkthdr.len < 1372 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1373 return (1); 1374 1375 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1376 (caddr_t)&llc); 1377 1378 etype = ntohs(llc.llc_snap.ether_type); 1379 if (llc.llc_dsap == LLC_SNAP_LSAP && 1380 llc.llc_ssap == LLC_SNAP_LSAP && 1381 llc.llc_control == LLC_UI && 1382 llc.llc_snap.org_code[0] == 0 && 1383 llc.llc_snap.org_code[1] == 0 && 1384 llc.llc_snap.org_code[2] == 0 && 1385 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1386 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1387 return (0); 1388 } 1389 1390 return (1); 1391 } 1392 1393 #ifdef IPSEC 1394 int 1395 bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp, 1396 struct ether_header *eh, int hassnap, struct llc *llc, 1397 int dir, int af, int hlen, struct mbuf *m) 1398 { 1399 union sockaddr_union dst; 1400 struct tdb *tdb; 1401 u_int32_t spi; 1402 u_int16_t cpi; 1403 int error, off, s; 1404 u_int8_t proto = 0; 1405 struct ip *ip; 1406 #ifdef INET6 1407 struct ip6_hdr *ip6; 1408 #endif /* INET6 */ 1409 #if NPF > 0 1410 struct ifnet *encif; 1411 #endif 1412 1413 if (dir == BRIDGE_IN) { 1414 switch (af) { 1415 case AF_INET: 1416 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1417 break; 1418 1419 ip = mtod(m, struct ip *); 1420 proto = ip->ip_p; 1421 off = offsetof(struct ip, ip_p); 1422 1423 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1424 proto != IPPROTO_IPCOMP) 1425 goto skiplookup; 1426 1427 bzero(&dst, sizeof(union sockaddr_union)); 1428 dst.sa.sa_family = AF_INET; 1429 dst.sin.sin_len = sizeof(struct sockaddr_in); 1430 m_copydata(m, offsetof(struct ip, ip_dst), 1431 sizeof(struct in_addr), 1432 (caddr_t)&dst.sin.sin_addr); 1433 1434 if (ip->ip_p == IPPROTO_ESP) 1435 m_copydata(m, hlen, sizeof(u_int32_t), 1436 (caddr_t)&spi); 1437 else if (ip->ip_p == IPPROTO_AH) 1438 m_copydata(m, hlen + sizeof(u_int32_t), 1439 sizeof(u_int32_t), (caddr_t)&spi); 1440 else if (ip->ip_p == IPPROTO_IPCOMP) { 1441 m_copydata(m, hlen + sizeof(u_int16_t), 1442 sizeof(u_int16_t), (caddr_t)&cpi); 1443 spi = ntohl(htons(cpi)); 1444 } 1445 break; 1446 #ifdef INET6 1447 case AF_INET6: 1448 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1449 break; 1450 1451 ip6 = mtod(m, struct ip6_hdr *); 1452 1453 /* XXX We should chase down the header chain */ 1454 proto = ip6->ip6_nxt; 1455 off = offsetof(struct ip6_hdr, ip6_nxt); 1456 1457 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1458 proto != IPPROTO_IPCOMP) 1459 goto skiplookup; 1460 1461 bzero(&dst, sizeof(union sockaddr_union)); 1462 dst.sa.sa_family = AF_INET6; 1463 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1464 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1465 sizeof(struct in6_addr), 1466 (caddr_t)&dst.sin6.sin6_addr); 1467 1468 if (proto == IPPROTO_ESP) 1469 m_copydata(m, hlen, sizeof(u_int32_t), 1470 (caddr_t)&spi); 1471 else if (proto == IPPROTO_AH) 1472 m_copydata(m, hlen + sizeof(u_int32_t), 1473 sizeof(u_int32_t), (caddr_t)&spi); 1474 else if (proto == IPPROTO_IPCOMP) { 1475 m_copydata(m, hlen + sizeof(u_int16_t), 1476 sizeof(u_int16_t), (caddr_t)&cpi); 1477 spi = ntohl(htons(cpi)); 1478 } 1479 break; 1480 #endif /* INET6 */ 1481 default: 1482 return (0); 1483 } 1484 1485 if (proto == 0) 1486 goto skiplookup; 1487 1488 s = splsoftnet(); 1489 1490 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1491 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1492 tdb->tdb_xform != NULL) { 1493 if (tdb->tdb_first_use == 0) { 1494 tdb->tdb_first_use = time_second; 1495 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1496 timeout_add_sec(&tdb->tdb_first_tmo, 1497 tdb->tdb_exp_first_use); 1498 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1499 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1500 tdb->tdb_soft_first_use); 1501 } 1502 1503 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1504 splx(s); 1505 return (1); 1506 } else { 1507 splx(s); 1508 skiplookup: 1509 /* XXX do an input policy lookup */ 1510 return (0); 1511 } 1512 } else { /* Outgoing from the bridge. */ 1513 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1514 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1515 if (tdb != NULL) { 1516 /* 1517 * We don't need to do loop detection, the 1518 * bridge will do that for us. 1519 */ 1520 #if NPF > 0 1521 if ((encif = enc_getif(tdb->tdb_rdomain, 1522 tdb->tdb_tap)) == NULL || 1523 pf_test(af, dir, encif, &m) != PF_PASS) { 1524 m_freem(m); 1525 return (1); 1526 } 1527 if (m == NULL) 1528 return (1); 1529 else if (af == AF_INET) 1530 in_proto_cksum_out(m, encif); 1531 #ifdef INET6 1532 else if (af == AF_INET6) 1533 in6_proto_cksum_out(m, encif); 1534 #endif /* INET6 */ 1535 #endif /* NPF */ 1536 1537 ip = mtod(m, struct ip *); 1538 if ((af == AF_INET) && 1539 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1540 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1541 tdb->tdb_mtutimeout > time_second) 1542 bridge_send_icmp_err(sc, ifp, eh, m, 1543 hassnap, llc, tdb->tdb_mtu, 1544 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1545 else 1546 error = ipsp_process_packet(m, tdb, af, 0); 1547 return (1); 1548 } else 1549 return (0); 1550 } 1551 1552 return (0); 1553 } 1554 #endif /* IPSEC */ 1555 1556 /* 1557 * Filter IP packets by peeking into the ethernet frame. This violates 1558 * the ISO model, but allows us to act as a IP filter at the data link 1559 * layer. As a result, most of this code will look familiar to those 1560 * who've read net/if_ethersubr.c and netinet/ip_input.c 1561 */ 1562 struct mbuf * 1563 bridge_ip(struct bridge_softc *sc, int dir, struct ifnet *ifp, 1564 struct ether_header *eh, struct mbuf *m) 1565 { 1566 struct llc llc; 1567 int hassnap = 0; 1568 struct ip *ip; 1569 int hlen; 1570 u_int16_t etype; 1571 1572 #if NVLAN > 0 1573 if (m->m_flags & M_VLANTAG) 1574 return (m); 1575 #endif 1576 1577 etype = ntohs(eh->ether_type); 1578 1579 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1580 if (etype > ETHERMTU || 1581 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1582 ETHER_HDR_LEN)) 1583 return (m); 1584 1585 m_copydata(m, ETHER_HDR_LEN, 1586 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1587 1588 if (llc.llc_dsap != LLC_SNAP_LSAP || 1589 llc.llc_ssap != LLC_SNAP_LSAP || 1590 llc.llc_control != LLC_UI || 1591 llc.llc_snap.org_code[0] || 1592 llc.llc_snap.org_code[1] || 1593 llc.llc_snap.org_code[2]) 1594 return (m); 1595 1596 etype = ntohs(llc.llc_snap.ether_type); 1597 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1598 return (m); 1599 hassnap = 1; 1600 } 1601 1602 m_adj(m, ETHER_HDR_LEN); 1603 if (hassnap) 1604 m_adj(m, LLC_SNAPFRAMELEN); 1605 1606 switch (etype) { 1607 1608 case ETHERTYPE_IP: 1609 if (m->m_pkthdr.len < sizeof(struct ip)) 1610 goto dropit; 1611 1612 /* Copy minimal header, and drop invalids */ 1613 if (m->m_len < sizeof(struct ip) && 1614 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1615 ipstat.ips_toosmall++; 1616 return (NULL); 1617 } 1618 ip = mtod(m, struct ip *); 1619 1620 if (ip->ip_v != IPVERSION) { 1621 ipstat.ips_badvers++; 1622 goto dropit; 1623 } 1624 1625 hlen = ip->ip_hl << 2; /* get whole header length */ 1626 if (hlen < sizeof(struct ip)) { 1627 ipstat.ips_badhlen++; 1628 goto dropit; 1629 } 1630 1631 if (hlen > m->m_len) { 1632 if ((m = m_pullup(m, hlen)) == NULL) { 1633 ipstat.ips_badhlen++; 1634 return (NULL); 1635 } 1636 ip = mtod(m, struct ip *); 1637 } 1638 1639 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1640 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1641 ipstat.ips_badsum++; 1642 goto dropit; 1643 } 1644 1645 ipstat.ips_inswcsum++; 1646 if (in_cksum(m, hlen) != 0) { 1647 ipstat.ips_badsum++; 1648 goto dropit; 1649 } 1650 } 1651 1652 if (ntohs(ip->ip_len) < hlen) 1653 goto dropit; 1654 1655 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1656 goto dropit; 1657 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1658 if (m->m_len == m->m_pkthdr.len) { 1659 m->m_len = ntohs(ip->ip_len); 1660 m->m_pkthdr.len = ntohs(ip->ip_len); 1661 } else 1662 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1663 } 1664 1665 #ifdef IPSEC 1666 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1667 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1668 dir, AF_INET, hlen, m)) 1669 return (NULL); 1670 #endif /* IPSEC */ 1671 #if NPF > 0 1672 /* Finally, we get to filter the packet! */ 1673 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1674 goto dropit; 1675 if (m == NULL) 1676 goto dropit; 1677 #endif /* NPF > 0 */ 1678 1679 /* Rebuild the IP header */ 1680 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1681 return (NULL); 1682 if (m->m_len < sizeof(struct ip)) 1683 goto dropit; 1684 in_proto_cksum_out(m, ifp); 1685 ip = mtod(m, struct ip *); 1686 ip->ip_sum = 0; 1687 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1688 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1689 else { 1690 ipstat.ips_outswcsum++; 1691 ip->ip_sum = in_cksum(m, hlen); 1692 } 1693 1694 break; 1695 1696 #ifdef INET6 1697 case ETHERTYPE_IPV6: { 1698 struct ip6_hdr *ip6; 1699 1700 if (m->m_len < sizeof(struct ip6_hdr)) { 1701 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1702 == NULL) { 1703 ip6stat.ip6s_toosmall++; 1704 return (NULL); 1705 } 1706 } 1707 1708 ip6 = mtod(m, struct ip6_hdr *); 1709 1710 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1711 ip6stat.ip6s_badvers++; 1712 goto dropit; 1713 } 1714 1715 #ifdef IPSEC 1716 hlen = sizeof(struct ip6_hdr); 1717 1718 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1719 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1720 dir, AF_INET6, hlen, m)) 1721 return (NULL); 1722 #endif /* IPSEC */ 1723 1724 #if NPF > 0 1725 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1726 goto dropit; 1727 if (m == NULL) 1728 return (NULL); 1729 #endif /* NPF > 0 */ 1730 in6_proto_cksum_out(m, ifp); 1731 1732 break; 1733 } 1734 #endif /* INET6 */ 1735 1736 default: 1737 goto dropit; 1738 break; 1739 } 1740 1741 /* Reattach SNAP header */ 1742 if (hassnap) { 1743 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1744 if (m == NULL) 1745 goto dropit; 1746 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1747 } 1748 1749 /* Reattach ethernet header */ 1750 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1751 if (m == NULL) 1752 goto dropit; 1753 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1754 1755 return (m); 1756 1757 dropit: 1758 m_freem(m); 1759 return (NULL); 1760 } 1761 1762 void 1763 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp, 1764 struct ether_header *eh, struct mbuf *m) 1765 { 1766 struct llc llc; 1767 struct mbuf *m0; 1768 int error = 0; 1769 int hassnap = 0; 1770 u_int16_t etype; 1771 struct ip *ip; 1772 1773 etype = ntohs(eh->ether_type); 1774 #if NVLAN > 0 1775 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1776 etype == ETHERTYPE_QINQ) { 1777 int len = m->m_pkthdr.len; 1778 1779 if (m->m_flags & M_VLANTAG) 1780 len += ETHER_VLAN_ENCAP_LEN; 1781 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1782 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1783 bridge_ifenqueue(sc, ifp, m); 1784 return; 1785 } 1786 goto dropit; 1787 } 1788 #endif 1789 if (etype != ETHERTYPE_IP) { 1790 if (etype > ETHERMTU || 1791 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1792 ETHER_HDR_LEN)) 1793 goto dropit; 1794 1795 m_copydata(m, ETHER_HDR_LEN, 1796 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1797 1798 if (llc.llc_dsap != LLC_SNAP_LSAP || 1799 llc.llc_ssap != LLC_SNAP_LSAP || 1800 llc.llc_control != LLC_UI || 1801 llc.llc_snap.org_code[0] || 1802 llc.llc_snap.org_code[1] || 1803 llc.llc_snap.org_code[2] || 1804 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1805 goto dropit; 1806 1807 hassnap = 1; 1808 } 1809 1810 m_adj(m, ETHER_HDR_LEN); 1811 if (hassnap) 1812 m_adj(m, LLC_SNAPFRAMELEN); 1813 1814 if (m->m_len < sizeof(struct ip) && 1815 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1816 goto dropit; 1817 ip = mtod(m, struct ip *); 1818 1819 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1820 if (ip->ip_off & htons(IP_DF)) { 1821 bridge_send_icmp_err(sc, ifp, eh, m, hassnap, &llc, 1822 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1823 return; 1824 } 1825 1826 error = ip_fragment(m, ifp, ifp->if_mtu); 1827 if (error) { 1828 m = NULL; 1829 goto dropit; 1830 } 1831 1832 for (; m; m = m0) { 1833 m0 = m->m_nextpkt; 1834 m->m_nextpkt = NULL; 1835 if (error == 0) { 1836 if (hassnap) { 1837 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1838 if (m == NULL) { 1839 error = ENOBUFS; 1840 continue; 1841 } 1842 bcopy(&llc, mtod(m, caddr_t), 1843 LLC_SNAPFRAMELEN); 1844 } 1845 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1846 if (m == NULL) { 1847 error = ENOBUFS; 1848 continue; 1849 } 1850 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1851 error = bridge_ifenqueue(sc, ifp, m); 1852 if (error) { 1853 continue; 1854 } 1855 } else 1856 m_freem(m); 1857 } 1858 1859 if (error == 0) 1860 ipstat.ips_fragmented++; 1861 1862 return; 1863 dropit: 1864 m_freem(m); 1865 } 1866 1867 int 1868 bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) 1869 { 1870 int error, len; 1871 1872 /* Loop prevention. */ 1873 m->m_flags |= M_PROTO1; 1874 1875 #if NGIF > 0 1876 /* Packet needs etherip encapsulation. */ 1877 if (ifp->if_type == IFT_GIF) { 1878 1879 /* Count packets input into the gif from outside */ 1880 ifp->if_ipackets++; 1881 ifp->if_ibytes += m->m_pkthdr.len; 1882 1883 error = gif_encap(ifp, &m, AF_LINK); 1884 if (error) 1885 return (error); 1886 } 1887 #endif /* NGIF */ 1888 len = m->m_pkthdr.len; 1889 1890 error = if_enqueue(ifp, m); 1891 if (error) { 1892 sc->sc_if.if_oerrors++; 1893 return (error); 1894 } 1895 1896 sc->sc_if.if_opackets++; 1897 sc->sc_if.if_obytes += len; 1898 1899 return (0); 1900 } 1901 1902 void 1903 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1904 { 1905 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1906 1907 m->m_flags |= M_PROTO1; 1908 1909 ml_enqueue(&ml, m); 1910 if_input(ifp, &ml); 1911 } 1912 1913 void 1914 bridge_send_icmp_err(struct bridge_softc *sc, struct ifnet *ifp, 1915 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1916 int mtu, int type, int code) 1917 { 1918 struct ip *ip; 1919 struct icmp *icp; 1920 struct in_addr t; 1921 struct mbuf *m, *n2; 1922 int hlen; 1923 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1924 1925 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1926 if (!n2) { 1927 m_freem(n); 1928 return; 1929 } 1930 m = icmp_do_error(n, type, code, 0, mtu); 1931 if (m == NULL) { 1932 m_freem(n2); 1933 return; 1934 } 1935 1936 n = n2; 1937 1938 ip = mtod(m, struct ip *); 1939 hlen = ip->ip_hl << 2; 1940 t = ip->ip_dst; 1941 ip->ip_dst = ip->ip_src; 1942 ip->ip_src = t; 1943 1944 m->m_data += hlen; 1945 m->m_len -= hlen; 1946 icp = mtod(m, struct icmp *); 1947 icp->icmp_cksum = 0; 1948 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1949 m->m_data -= hlen; 1950 m->m_len += hlen; 1951 1952 ip->ip_v = IPVERSION; 1953 ip->ip_off &= htons(IP_DF); 1954 ip->ip_id = htons(ip_randomid()); 1955 ip->ip_ttl = MAXTTL; 1956 ip->ip_sum = 0; 1957 ip->ip_sum = in_cksum(m, hlen); 1958 1959 /* Swap ethernet addresses */ 1960 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1961 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1962 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1963 1964 /* Reattach SNAP header */ 1965 if (hassnap) { 1966 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1967 if (m == NULL) 1968 goto dropit; 1969 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1970 } 1971 1972 /* Reattach ethernet header */ 1973 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1974 if (m == NULL) 1975 goto dropit; 1976 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1977 1978 bridge_output(ifp, m, NULL, NULL); 1979 m_freem(n); 1980 return; 1981 1982 dropit: 1983 m_freem(n); 1984 } 1985 1986 struct sockaddr * 1987 bridge_tunnel(struct mbuf *m) 1988 { 1989 struct m_tag *mtag; 1990 1991 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) == NULL) 1992 return (NULL); 1993 1994 return ((struct sockaddr *)(mtag + 1)); 1995 } 1996 1997 struct sockaddr * 1998 bridge_tunneltag(struct mbuf *m, int af) 1999 { 2000 struct m_tag *mtag; 2001 size_t len; 2002 struct sockaddr *sa; 2003 2004 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) != NULL) { 2005 sa = (struct sockaddr *)(mtag + 1); 2006 if (sa->sa_family != af) { 2007 m_tag_delete(m, mtag); 2008 mtag = NULL; 2009 } 2010 } 2011 if (mtag == NULL) { 2012 if (af == AF_INET) 2013 len = sizeof(struct sockaddr_in); 2014 else if (af == AF_INET6) 2015 len = sizeof(struct sockaddr_in6); 2016 else 2017 return (NULL); 2018 mtag = m_tag_get(PACKET_TAG_TUNNEL, len, M_NOWAIT); 2019 if (mtag == NULL) 2020 return (NULL); 2021 bzero(mtag + 1, len); 2022 sa = (struct sockaddr *)(mtag + 1); 2023 sa->sa_family = af; 2024 sa->sa_len = len; 2025 m_tag_prepend(m, mtag); 2026 } 2027 2028 return ((struct sockaddr *)(mtag + 1)); 2029 } 2030 2031 void 2032 bridge_tunneluntag(struct mbuf *m) 2033 { 2034 struct m_tag *mtag; 2035 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) != NULL) 2036 m_tag_delete(m, mtag); 2037 } 2038 2039 void 2040 bridge_copyaddr(struct sockaddr *src, struct sockaddr *dst) 2041 { 2042 if (src != NULL && src->sa_family != AF_UNSPEC) 2043 memcpy(dst, src, src->sa_len); 2044 else 2045 dst->sa_family = AF_UNSPEC; 2046 } 2047