1 /* $OpenBSD: if_bridge.c,v 1.335 2019/06/09 17:42:16 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/ioctl.h> 45 #include <sys/kernel.h> 46 47 #include <net/if.h> 48 #include <net/if_types.h> 49 #include <net/if_llc.h> 50 #include <net/netisr.h> 51 52 #include <netinet/in.h> 53 #include <netinet/ip.h> 54 #include <netinet/ip_var.h> 55 #include <netinet/if_ether.h> 56 #include <netinet/ip_icmp.h> 57 58 #ifdef IPSEC 59 #include <netinet/ip_ipsp.h> 60 #include <net/if_enc.h> 61 #endif 62 63 #ifdef INET6 64 #include <netinet6/in6_var.h> 65 #include <netinet/ip6.h> 66 #include <netinet6/ip6_var.h> 67 #endif 68 69 #if NPF > 0 70 #include <net/pfvar.h> 71 #define BRIDGE_IN PF_IN 72 #define BRIDGE_OUT PF_OUT 73 #else 74 #define BRIDGE_IN 0 75 #define BRIDGE_OUT 1 76 #endif 77 78 #if NBPFILTER > 0 79 #include <net/bpf.h> 80 #endif 81 82 #if NCARP > 0 83 #include <netinet/ip_carp.h> 84 #endif 85 86 #if NVLAN > 0 87 #include <net/if_vlan_var.h> 88 #endif 89 90 #include <net/if_bridge.h> 91 92 /* 93 * Maximum number of addresses to cache 94 */ 95 #ifndef BRIDGE_RTABLE_MAX 96 #define BRIDGE_RTABLE_MAX 100 97 #endif 98 99 /* 100 * Timeout (in seconds) for entries learned dynamically 101 */ 102 #ifndef BRIDGE_RTABLE_TIMEOUT 103 #define BRIDGE_RTABLE_TIMEOUT 240 104 #endif 105 106 void bridgeattach(int); 107 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 108 void bridge_ifdetach(void *); 109 void bridge_spandetach(void *); 110 int bridge_ifremove(struct bridge_iflist *); 111 void bridge_spanremove(struct bridge_iflist *); 112 int bridge_input(struct ifnet *, struct mbuf *, void *); 113 void bridge_process(struct ifnet *, struct mbuf *); 114 void bridgeintr_frame(struct ifnet *, struct ifnet *, struct mbuf *); 115 void bridge_bifgetstp(struct bridge_softc *, struct bridge_iflist *, 116 struct ifbreq *); 117 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 118 struct ether_header *, struct mbuf *); 119 int bridge_localbroadcast(struct ifnet *, struct ether_header *, 120 struct mbuf *); 121 void bridge_span(struct ifnet *, struct mbuf *); 122 void bridge_stop(struct bridge_softc *); 123 void bridge_init(struct bridge_softc *); 124 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 125 int bridge_blocknonip(struct ether_header *, struct mbuf *); 126 void bridge_ifinput(struct ifnet *, struct mbuf *); 127 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 128 struct rtentry *); 129 void bridge_send_icmp_err(struct ifnet *, struct ether_header *, 130 struct mbuf *, int, struct llc *, int, int, int); 131 int bridge_ifenqueue(struct ifnet *, struct ifnet *, struct mbuf *); 132 struct mbuf *bridge_ip(struct ifnet *, int, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 #ifdef IPSEC 135 int bridge_ipsec(struct ifnet *, struct ether_header *, int, struct llc *, 136 int, int, int, struct mbuf *); 137 #endif 138 int bridge_clone_create(struct if_clone *, int); 139 int bridge_clone_destroy(struct ifnet *); 140 141 #define ETHERADDR_IS_IP_MCAST(a) \ 142 /* struct etheraddr *a; */ \ 143 ((a)->ether_addr_octet[0] == 0x01 && \ 144 (a)->ether_addr_octet[1] == 0x00 && \ 145 (a)->ether_addr_octet[2] == 0x5e) 146 147 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 148 149 struct if_clone bridge_cloner = 150 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 151 152 void 153 bridgeattach(int n) 154 { 155 if_clone_attach(&bridge_cloner); 156 } 157 158 int 159 bridge_clone_create(struct if_clone *ifc, int unit) 160 { 161 struct bridge_softc *sc; 162 struct ifnet *ifp; 163 int i; 164 165 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 166 sc->sc_stp = bstp_create(&sc->sc_if); 167 if (!sc->sc_stp) { 168 free(sc, M_DEVBUF, sizeof *sc); 169 return (ENOMEM); 170 } 171 172 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 173 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 174 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 175 SMR_SLIST_INIT(&sc->sc_iflist); 176 SMR_SLIST_INIT(&sc->sc_spanlist); 177 mtx_init(&sc->sc_mtx, IPL_MPFLOOR); 178 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 179 LIST_INIT(&sc->sc_rts[i]); 180 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 181 ifp = &sc->sc_if; 182 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 183 unit); 184 ifp->if_softc = sc; 185 ifp->if_mtu = ETHERMTU; 186 ifp->if_ioctl = bridge_ioctl; 187 ifp->if_output = bridge_dummy_output; 188 ifp->if_xflags = IFXF_CLONED; 189 ifp->if_start = NULL; 190 ifp->if_type = IFT_BRIDGE; 191 ifp->if_hdrlen = ETHER_HDR_LEN; 192 193 if_attach(ifp); 194 if_alloc_sadl(ifp); 195 196 #if NBPFILTER > 0 197 bpfattach(&sc->sc_if.if_bpf, ifp, 198 DLT_EN10MB, ETHER_HDR_LEN); 199 #endif 200 201 if_ih_insert(ifp, ether_input, NULL); 202 203 return (0); 204 } 205 206 int 207 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 208 struct rtentry *rt) 209 { 210 m_freem(m); 211 return (EAFNOSUPPORT); 212 } 213 214 int 215 bridge_clone_destroy(struct ifnet *ifp) 216 { 217 struct bridge_softc *sc = ifp->if_softc; 218 struct bridge_iflist *bif; 219 220 /* 221 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 222 * use of smr_barrier() while holding the lock might lead to a 223 * deadlock situation. 224 */ 225 NET_ASSERT_UNLOCKED(); 226 227 bridge_stop(sc); 228 bridge_rtflush(sc, IFBF_FLUSHALL); 229 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_iflist)) != NULL) 230 bridge_ifremove(bif); 231 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_spanlist)) != NULL) 232 bridge_spanremove(bif); 233 234 bstp_destroy(sc->sc_stp); 235 236 /* Undo pseudo-driver changes. */ 237 if_deactivate(ifp); 238 239 if_ih_remove(ifp, ether_input, NULL); 240 241 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 242 243 if_detach(ifp); 244 245 free(sc, M_DEVBUF, sizeof *sc); 246 return (0); 247 } 248 249 int 250 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 251 { 252 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 253 struct ifbreq *req = (struct ifbreq *)data; 254 struct ifbropreq *brop = (struct ifbropreq *)data; 255 struct ifnet *ifs; 256 struct bridge_iflist *bif; 257 struct bstp_port *bp; 258 struct bstp_state *bs = sc->sc_stp; 259 int error = 0; 260 261 /* 262 * bridge(4) data structure aren't protected by the NET_LOCK(). 263 * Idealy it shouldn't be taken before calling `ifp->if_ioctl' 264 * but we aren't there yet. 265 */ 266 NET_UNLOCK(); 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL) { 279 error = if_clone_create(req->ifbr_ifsname, 0); 280 if (error == 0) 281 ifs = ifunit(req->ifbr_ifsname); 282 } 283 284 if (ifs == NULL) { /* no such interface */ 285 error = ENOENT; 286 break; 287 } 288 if (ifs->if_type != IFT_ETHER) { 289 error = EINVAL; 290 break; 291 } 292 if (ifs->if_bridgeidx != 0) { 293 if (ifs->if_bridgeidx == ifp->if_index) 294 error = EEXIST; 295 else 296 error = EBUSY; 297 break; 298 } 299 300 /* If it's in the span list, it can't be a member. */ 301 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 302 if (bif->ifp == ifs) 303 break; 304 } 305 if (bif != NULL) { 306 error = EBUSY; 307 break; 308 } 309 310 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 311 if (bif == NULL) { 312 error = ENOMEM; 313 break; 314 } 315 316 error = ifpromisc(ifs, 1); 317 if (error != 0) { 318 free(bif, M_DEVBUF, sizeof(*bif)); 319 break; 320 } 321 322 bif->bridge_sc = sc; 323 bif->ifp = ifs; 324 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 325 SIMPLEQ_INIT(&bif->bif_brlin); 326 SIMPLEQ_INIT(&bif->bif_brlout); 327 ifs->if_bridgeidx = ifp->if_index; 328 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 329 bridge_ifdetach, bif); 330 if_ih_insert(bif->ifp, bridge_input, NULL); 331 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_iflist, bif, bif_next); 332 break; 333 case SIOCBRDGDEL: 334 if ((error = suser(curproc)) != 0) 335 break; 336 ifs = ifunit(req->ifbr_ifsname); 337 if (ifs == NULL) { 338 error = ENOENT; 339 break; 340 } 341 if (ifs->if_bridgeidx != ifp->if_index) { 342 error = ESRCH; 343 break; 344 } 345 bif = bridge_getbif(ifs); 346 bridge_ifremove(bif); 347 break; 348 case SIOCBRDGIFS: 349 error = bridge_bifconf(sc, (struct ifbifconf *)data); 350 break; 351 case SIOCBRDGADDS: 352 if ((error = suser(curproc)) != 0) 353 break; 354 ifs = ifunit(req->ifbr_ifsname); 355 if (ifs == NULL) { /* no such interface */ 356 error = ENOENT; 357 break; 358 } 359 if (ifs->if_type != IFT_ETHER) { 360 error = EINVAL; 361 break; 362 } 363 if (ifs->if_bridgeidx != 0) { 364 if (ifs->if_bridgeidx == ifp->if_index) 365 error = EEXIST; 366 else 367 error = EBUSY; 368 break; 369 } 370 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 371 if (bif->ifp == ifs) 372 break; 373 } 374 if (bif != NULL) { 375 error = EEXIST; 376 break; 377 } 378 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 379 if (bif == NULL) { 380 error = ENOMEM; 381 break; 382 } 383 bif->bridge_sc = sc; 384 bif->ifp = ifs; 385 bif->bif_flags = IFBIF_SPAN; 386 SIMPLEQ_INIT(&bif->bif_brlin); 387 SIMPLEQ_INIT(&bif->bif_brlout); 388 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 389 bridge_spandetach, bif); 390 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_spanlist, bif, bif_next); 391 break; 392 case SIOCBRDGDELS: 393 if ((error = suser(curproc)) != 0) 394 break; 395 ifs = ifunit(req->ifbr_ifsname); 396 if (ifs == NULL) { 397 error = ENOENT; 398 break; 399 } 400 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 401 if (bif->ifp == ifs) 402 break; 403 } 404 if (bif == NULL) { 405 error = ESRCH; 406 break; 407 } 408 bridge_spanremove(bif); 409 break; 410 case SIOCBRDGGIFFLGS: 411 ifs = ifunit(req->ifbr_ifsname); 412 if (ifs == NULL) { 413 error = ENOENT; 414 break; 415 } 416 if (ifs->if_bridgeidx != ifp->if_index) { 417 error = ESRCH; 418 break; 419 } 420 bif = bridge_getbif(ifs); 421 req->ifbr_ifsflags = bif->bif_flags; 422 req->ifbr_portno = bif->ifp->if_index & 0xfff; 423 req->ifbr_protected = bif->bif_protected; 424 if (bif->bif_flags & IFBIF_STP) 425 bridge_bifgetstp(sc, bif, req); 426 break; 427 case SIOCBRDGSIFFLGS: 428 if ((error = suser(curproc)) != 0) 429 break; 430 ifs = ifunit(req->ifbr_ifsname); 431 if (ifs == NULL) { 432 error = ENOENT; 433 break; 434 } 435 if (ifs->if_bridgeidx != ifp->if_index) { 436 error = ESRCH; 437 break; 438 } 439 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 440 error = EINVAL; 441 break; 442 } 443 bif = bridge_getbif(ifs); 444 if (req->ifbr_ifsflags & IFBIF_STP) { 445 if ((bif->bif_flags & IFBIF_STP) == 0) { 446 /* Enable STP */ 447 if ((bif->bif_stp = bstp_add(sc->sc_stp, 448 bif->ifp)) == NULL) { 449 error = ENOMEM; 450 break; 451 } 452 } else { 453 /* Update STP flags */ 454 bstp_ifsflags(bif->bif_stp, req->ifbr_ifsflags); 455 } 456 } else if (bif->bif_flags & IFBIF_STP) { 457 bstp_delete(bif->bif_stp); 458 bif->bif_stp = NULL; 459 } 460 bif->bif_flags = req->ifbr_ifsflags; 461 break; 462 case SIOCSIFFLAGS: 463 if ((ifp->if_flags & IFF_UP) == IFF_UP) 464 bridge_init(sc); 465 466 if ((ifp->if_flags & IFF_UP) == 0) 467 bridge_stop(sc); 468 469 break; 470 case SIOCBRDGGPARAM: 471 if ((bp = bs->bs_root_port) == NULL) 472 brop->ifbop_root_port = 0; 473 else 474 brop->ifbop_root_port = bp->bp_ifp->if_index; 475 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 476 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 477 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 478 brop->ifbop_holdcount = bs->bs_txholdcount; 479 brop->ifbop_priority = bs->bs_bridge_priority; 480 brop->ifbop_protocol = bs->bs_protover; 481 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 482 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 483 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 484 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 485 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 486 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 487 break; 488 case SIOCBRDGSIFPROT: 489 ifs = ifunit(req->ifbr_ifsname); 490 if (ifs == NULL) { 491 error = ENOENT; 492 break; 493 } 494 if (ifs->if_bridgeidx != ifp->if_index) { 495 error = ESRCH; 496 break; 497 } 498 bif = bridge_getbif(ifs); 499 bif->bif_protected = req->ifbr_protected; 500 break; 501 case SIOCBRDGRTS: 502 case SIOCBRDGGCACHE: 503 case SIOCBRDGGPRI: 504 case SIOCBRDGGMA: 505 case SIOCBRDGGHT: 506 case SIOCBRDGGFD: 507 case SIOCBRDGGTO: 508 case SIOCBRDGGRL: 509 break; 510 case SIOCBRDGFLUSH: 511 case SIOCBRDGSADDR: 512 case SIOCBRDGDADDR: 513 case SIOCBRDGSCACHE: 514 case SIOCBRDGSTO: 515 case SIOCBRDGARL: 516 case SIOCBRDGFRL: 517 case SIOCBRDGSPRI: 518 case SIOCBRDGSFD: 519 case SIOCBRDGSMA: 520 case SIOCBRDGSHT: 521 case SIOCBRDGSTXHC: 522 case SIOCBRDGSPROTO: 523 case SIOCBRDGSIFPRIO: 524 case SIOCBRDGSIFCOST: 525 error = suser(curproc); 526 break; 527 default: 528 error = ENOTTY; 529 break; 530 } 531 532 if (!error) 533 error = bridgectl_ioctl(ifp, cmd, data); 534 535 if (!error) 536 error = bstp_ioctl(ifp, cmd, data); 537 538 NET_LOCK(); 539 return (error); 540 } 541 542 /* Detach an interface from a bridge. */ 543 int 544 bridge_ifremove(struct bridge_iflist *bif) 545 { 546 struct bridge_softc *sc = bif->bridge_sc; 547 int error; 548 549 SMR_SLIST_REMOVE_LOCKED(&sc->sc_iflist, bif, bridge_iflist, bif_next); 550 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 551 if_ih_remove(bif->ifp, bridge_input, NULL); 552 553 smr_barrier(); 554 555 if (bif->bif_flags & IFBIF_STP) { 556 bstp_delete(bif->bif_stp); 557 bif->bif_stp = NULL; 558 } 559 560 bif->ifp->if_bridgeidx = 0; 561 error = ifpromisc(bif->ifp, 0); 562 563 bridge_rtdelete(sc, bif->ifp, 0); 564 bridge_flushrule(bif); 565 566 bif->ifp = NULL; 567 free(bif, M_DEVBUF, sizeof(*bif)); 568 569 return (error); 570 } 571 572 void 573 bridge_spanremove(struct bridge_iflist *bif) 574 { 575 struct bridge_softc *sc = bif->bridge_sc; 576 577 SMR_SLIST_REMOVE_LOCKED(&sc->sc_spanlist, bif, bridge_iflist, bif_next); 578 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 579 580 smr_barrier(); 581 582 bif->ifp = NULL; 583 free(bif, M_DEVBUF, sizeof(*bif)); 584 } 585 586 void 587 bridge_ifdetach(void *xbif) 588 { 589 struct bridge_iflist *bif = xbif; 590 591 /* 592 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 593 * use of smr_barrier() while holding the lock might lead to a 594 * deadlock situation. 595 */ 596 NET_UNLOCK(); 597 bridge_ifremove(bif); 598 NET_LOCK(); 599 } 600 601 void 602 bridge_spandetach(void *xbif) 603 { 604 struct bridge_iflist *bif = xbif; 605 606 /* 607 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 608 * use of smr_barrier() while holding the lock might lead to a 609 * deadlock situation. 610 */ 611 NET_UNLOCK(); 612 bridge_spanremove(bif); 613 NET_LOCK(); 614 } 615 616 void 617 bridge_bifgetstp(struct bridge_softc *sc, struct bridge_iflist *bif, 618 struct ifbreq *breq) 619 { 620 struct bstp_state *bs = sc->sc_stp; 621 struct bstp_port *bp = bif->bif_stp; 622 623 breq->ifbr_state = bstp_getstate(bs, bp); 624 breq->ifbr_priority = bp->bp_priority; 625 breq->ifbr_path_cost = bp->bp_path_cost; 626 breq->ifbr_proto = bp->bp_protover; 627 breq->ifbr_role = bp->bp_role; 628 breq->ifbr_stpflags = bp->bp_flags; 629 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 630 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 631 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 632 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 633 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 634 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 635 636 /* Copy STP state options as flags */ 637 if (bp->bp_operedge) 638 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 639 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 640 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 641 if (bp->bp_ptp_link) 642 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 643 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 644 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 645 } 646 647 int 648 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 649 { 650 struct bridge_iflist *bif; 651 u_int32_t total = 0, i = 0; 652 int error = 0; 653 struct ifbreq *breq, *breqs = NULL; 654 655 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) 656 total++; 657 658 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) 659 total++; 660 661 if (bifc->ifbic_len == 0) { 662 i = total; 663 goto done; 664 } 665 666 breqs = mallocarray(total, sizeof(*breqs), M_TEMP, M_NOWAIT|M_ZERO); 667 if (breqs == NULL) 668 goto done; 669 670 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 671 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 672 break; 673 breq = &breqs[i]; 674 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 675 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 676 breq->ifbr_ifsflags = bif->bif_flags; 677 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 678 breq->ifbr_protected = bif->bif_protected; 679 if (bif->bif_flags & IFBIF_STP) 680 bridge_bifgetstp(sc, bif, breq); 681 i++; 682 } 683 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 684 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 685 break; 686 breq = &breqs[i]; 687 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 688 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 689 breq->ifbr_ifsflags = bif->bif_flags | IFBIF_SPAN; 690 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 691 i++; 692 } 693 694 error = copyout(breqs, bifc->ifbic_req, i * sizeof(*breqs)); 695 done: 696 free(breqs, M_TEMP, total * sizeof(*breq)); 697 bifc->ifbic_len = i * sizeof(*breq); 698 return (error); 699 } 700 701 struct bridge_iflist * 702 bridge_getbif(struct ifnet *ifp) 703 { 704 struct bridge_iflist *bif; 705 struct bridge_softc *sc; 706 struct ifnet *bifp; 707 708 KERNEL_ASSERT_LOCKED(); 709 710 bifp = if_get(ifp->if_bridgeidx); 711 if (bifp == NULL) 712 return (NULL); 713 714 sc = bifp->if_softc; 715 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 716 if (bif->ifp == ifp) 717 break; 718 } 719 720 if_put(bifp); 721 722 return (bif); 723 } 724 725 void 726 bridge_init(struct bridge_softc *sc) 727 { 728 struct ifnet *ifp = &sc->sc_if; 729 730 if (ISSET(ifp->if_flags, IFF_RUNNING)) 731 return; 732 733 bstp_initialization(sc->sc_stp); 734 735 if (sc->sc_brttimeout != 0) 736 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 737 738 SET(ifp->if_flags, IFF_RUNNING); 739 } 740 741 /* 742 * Stop the bridge and deallocate the routing table. 743 */ 744 void 745 bridge_stop(struct bridge_softc *sc) 746 { 747 struct ifnet *ifp = &sc->sc_if; 748 749 if (!ISSET(ifp->if_flags, IFF_RUNNING)) 750 return; 751 752 CLR(ifp->if_flags, IFF_RUNNING); 753 754 timeout_del_barrier(&sc->sc_brtimeout); 755 756 bridge_rtflush(sc, IFBF_FLUSHDYN); 757 } 758 759 /* 760 * Send output from the bridge. The mbuf has the ethernet header 761 * already attached. We must enqueue or free the mbuf before exiting. 762 */ 763 int 764 bridge_enqueue(struct ifnet *ifp, struct mbuf *m) 765 { 766 struct ifnet *brifp; 767 struct ether_header *eh; 768 struct ifnet *dst_if = NULL; 769 unsigned int dst_ifidx = 0; 770 #if NBPFILTER > 0 771 caddr_t if_bpf; 772 #endif 773 int error = 0; 774 775 if (m->m_len < sizeof(*eh)) { 776 m = m_pullup(m, sizeof(*eh)); 777 if (m == NULL) 778 return (ENOBUFS); 779 } 780 781 /* ifp must be a member interface of the bridge. */ 782 brifp = if_get(ifp->if_bridgeidx); 783 if (brifp == NULL) { 784 m_freem(m); 785 return (EINVAL); 786 } 787 788 /* 789 * If bridge is down, but original output interface is up, 790 * go ahead and send out that interface. Otherwise the packet 791 * is dropped below. 792 */ 793 if (!ISSET(brifp->if_flags, IFF_RUNNING)) { 794 /* Loop prevention. */ 795 m->m_flags |= M_PROTO1; 796 error = if_enqueue(ifp, m); 797 if_put(brifp); 798 return (error); 799 } 800 801 #if NBPFILTER > 0 802 if_bpf = brifp->if_bpf; 803 if (if_bpf) 804 bpf_mtap(if_bpf, m, BPF_DIRECTION_OUT); 805 #endif 806 ifp->if_opackets++; 807 ifp->if_obytes += m->m_pkthdr.len; 808 809 bridge_span(brifp, m); 810 811 eh = mtod(m, struct ether_header *); 812 if (!ETHER_IS_MULTICAST(eh->ether_dhost)) { 813 struct ether_addr *dst; 814 815 dst = (struct ether_addr *)&eh->ether_dhost[0]; 816 dst_ifidx = bridge_rtlookup(brifp, dst, m); 817 } 818 819 /* 820 * If the packet is a broadcast or we don't know a better way to 821 * get there, send to all interfaces. 822 */ 823 if (dst_ifidx == 0) { 824 struct bridge_softc *sc = brifp->if_softc; 825 struct bridge_iflist *bif; 826 struct mbuf *mc; 827 828 smr_read_enter(); 829 SMR_SLIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 830 dst_if = bif->ifp; 831 if ((dst_if->if_flags & IFF_RUNNING) == 0) 832 continue; 833 834 /* 835 * If this is not the original output interface, 836 * and the interface is participating in spanning 837 * tree, make sure the port is in a state that 838 * allows forwarding. 839 */ 840 if (dst_if != ifp && 841 (bif->bif_flags & IFBIF_STP) && 842 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 843 continue; 844 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 845 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 846 continue; 847 848 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 849 BRL_ACTION_BLOCK) 850 continue; 851 852 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 853 if (mc == NULL) { 854 brifp->if_oerrors++; 855 continue; 856 } 857 858 error = bridge_ifenqueue(brifp, dst_if, mc); 859 if (error) 860 continue; 861 } 862 smr_read_leave(); 863 m_freem(m); 864 goto out; 865 } 866 867 dst_if = if_get(dst_ifidx); 868 if ((dst_if == NULL) || !ISSET(dst_if->if_flags, IFF_RUNNING)) { 869 m_freem(m); 870 if_put(dst_if); 871 error = ENETDOWN; 872 goto out; 873 } 874 875 bridge_ifenqueue(brifp, dst_if, m); 876 if_put(dst_if); 877 out: 878 if_put(brifp); 879 return (error); 880 } 881 882 /* 883 * Loop through each bridge interface and process their input queues. 884 */ 885 void 886 bridgeintr(void) 887 { 888 struct mbuf_list ml; 889 struct mbuf *m; 890 struct ifnet *ifp; 891 892 niq_delist(&bridgeintrq, &ml); 893 if (ml_empty(&ml)) 894 return; 895 896 KERNEL_LOCK(); 897 while ((m = ml_dequeue(&ml)) != NULL) { 898 899 ifp = if_get(m->m_pkthdr.ph_ifidx); 900 if (ifp == NULL) { 901 m_freem(m); 902 continue; 903 } 904 905 bridge_process(ifp, m); 906 907 if_put(ifp); 908 } 909 KERNEL_UNLOCK(); 910 } 911 912 /* 913 * Process a single frame. Frame must be freed or queued before returning. 914 */ 915 void 916 bridgeintr_frame(struct ifnet *brifp, struct ifnet *src_if, struct mbuf *m) 917 { 918 struct bridge_softc *sc = brifp->if_softc; 919 struct ifnet *dst_if = NULL; 920 struct bridge_iflist *bif; 921 struct ether_addr *dst, *src; 922 struct ether_header eh; 923 unsigned int dst_ifidx; 924 u_int32_t protected; 925 int len; 926 927 928 sc->sc_if.if_ipackets++; 929 sc->sc_if.if_ibytes += m->m_pkthdr.len; 930 931 bif = bridge_getbif(src_if); 932 KASSERT(bif != NULL); 933 934 if (m->m_pkthdr.len < sizeof(eh)) { 935 m_freem(m); 936 return; 937 } 938 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 939 dst = (struct ether_addr *)&eh.ether_dhost[0]; 940 src = (struct ether_addr *)&eh.ether_shost[0]; 941 942 /* 943 * If interface is learning, and if source address 944 * is not broadcast or multicast, record its address. 945 */ 946 if ((bif->bif_flags & IFBIF_LEARNING) && 947 (eh.ether_shost[0] & 1) == 0 && 948 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 949 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 950 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 951 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 952 953 if ((bif->bif_flags & IFBIF_STP) && 954 (bif->bif_state == BSTP_IFSTATE_LEARNING)) { 955 m_freem(m); 956 return; 957 } 958 959 /* 960 * At this point, the port either doesn't participate in stp or 961 * it's in the forwarding state 962 */ 963 964 /* 965 * If packet is unicast, destined for someone on "this" 966 * side of the bridge, drop it. 967 */ 968 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 969 dst_ifidx = bridge_rtlookup(brifp, dst, NULL); 970 if (dst_ifidx == src_if->if_index) { 971 m_freem(m); 972 return; 973 } 974 } else { 975 if (memcmp(etherbroadcastaddr, eh.ether_dhost, 976 sizeof(etherbroadcastaddr)) == 0) 977 m->m_flags |= M_BCAST; 978 else 979 m->m_flags |= M_MCAST; 980 } 981 982 /* 983 * Multicast packets get handled a little differently: 984 * If interface is: 985 * -link0,-link1 (default) Forward all multicast 986 * as broadcast. 987 * -link0,link1 Drop non-IP multicast, forward 988 * as broadcast IP multicast. 989 * link0,-link1 Drop IP multicast, forward as 990 * broadcast non-IP multicast. 991 * link0,link1 Drop all multicast. 992 */ 993 if (m->m_flags & M_MCAST) { 994 if ((sc->sc_if.if_flags & 995 (IFF_LINK0 | IFF_LINK1)) == 996 (IFF_LINK0 | IFF_LINK1)) { 997 m_freem(m); 998 return; 999 } 1000 if (sc->sc_if.if_flags & IFF_LINK0 && 1001 ETHERADDR_IS_IP_MCAST(dst)) { 1002 m_freem(m); 1003 return; 1004 } 1005 if (sc->sc_if.if_flags & IFF_LINK1 && 1006 !ETHERADDR_IS_IP_MCAST(dst)) { 1007 m_freem(m); 1008 return; 1009 } 1010 } 1011 1012 if (bif->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 1013 m_freem(m); 1014 return; 1015 } 1016 1017 if (bridge_filterrule(&bif->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 1018 m_freem(m); 1019 return; 1020 } 1021 m = bridge_ip(&sc->sc_if, BRIDGE_IN, src_if, &eh, m); 1022 if (m == NULL) 1023 return; 1024 /* 1025 * If the packet is a multicast or broadcast OR if we don't 1026 * know any better, forward it to all interfaces. 1027 */ 1028 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_ifidx == 0) { 1029 sc->sc_if.if_imcasts++; 1030 bridge_broadcast(sc, src_if, &eh, m); 1031 return; 1032 } 1033 protected = bif->bif_protected; 1034 1035 dst_if = if_get(dst_ifidx); 1036 if (dst_if == NULL) 1037 goto bad; 1038 1039 /* 1040 * At this point, we're dealing with a unicast frame going to a 1041 * different interface 1042 */ 1043 if (!ISSET(dst_if->if_flags, IFF_RUNNING)) 1044 goto bad; 1045 bif = bridge_getbif(dst_if); 1046 if ((bif == NULL) || ((bif->bif_flags & IFBIF_STP) && 1047 (bif->bif_state == BSTP_IFSTATE_DISCARDING))) 1048 goto bad; 1049 /* 1050 * Do not transmit if both ports are part of the same protected 1051 * domain. 1052 */ 1053 if (protected != 0 && (protected & bif->bif_protected)) 1054 goto bad; 1055 if (bridge_filterrule(&bif->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) 1056 goto bad; 1057 m = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, &eh, m); 1058 if (m == NULL) 1059 goto bad; 1060 1061 len = m->m_pkthdr.len; 1062 #if NVLAN > 0 1063 if ((m->m_flags & M_VLANTAG) && 1064 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1065 len += ETHER_VLAN_ENCAP_LEN; 1066 #endif 1067 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1068 bridge_fragment(&sc->sc_if, dst_if, &eh, m); 1069 else { 1070 bridge_ifenqueue(&sc->sc_if, dst_if, m); 1071 } 1072 m = NULL; 1073 bad: 1074 if_put(dst_if); 1075 m_freem(m); 1076 } 1077 1078 /* 1079 * Return 1 if `ena' belongs to `bif', 0 otherwise. 1080 */ 1081 int 1082 bridge_ourether(struct ifnet *ifp, uint8_t *ena) 1083 { 1084 struct arpcom *ac = (struct arpcom *)ifp; 1085 1086 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1087 return (1); 1088 1089 #if NCARP > 0 1090 if (carp_ourether(ifp, ena)) 1091 return (1); 1092 #endif 1093 1094 return (0); 1095 } 1096 1097 /* 1098 * Receive input from an interface. Queue the packet for bridging if its 1099 * not for us, and schedule an interrupt. 1100 */ 1101 int 1102 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1103 { 1104 KASSERT(m->m_flags & M_PKTHDR); 1105 1106 if (m->m_flags & M_PROTO1) { 1107 m->m_flags &= ~M_PROTO1; 1108 return (0); 1109 } 1110 1111 niq_enqueue(&bridgeintrq, m); 1112 1113 return (1); 1114 } 1115 1116 void 1117 bridge_process(struct ifnet *ifp, struct mbuf *m) 1118 { 1119 struct ifnet *brifp; 1120 struct bridge_softc *sc; 1121 struct bridge_iflist *bif, *bif0; 1122 struct ether_header *eh; 1123 struct mbuf *mc; 1124 #if NBPFILTER > 0 1125 caddr_t if_bpf; 1126 #endif 1127 1128 KERNEL_ASSERT_LOCKED(); 1129 1130 brifp = if_get(ifp->if_bridgeidx); 1131 if ((brifp == NULL) || !ISSET(brifp->if_flags, IFF_RUNNING)) 1132 goto reenqueue; 1133 1134 #if NVLAN > 0 1135 /* 1136 * If the underlying interface removed the VLAN header itself, 1137 * add it back. 1138 */ 1139 if (ISSET(m->m_flags, M_VLANTAG)) { 1140 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1141 if (m == NULL) 1142 goto bad; 1143 } 1144 #endif 1145 1146 #if NBPFILTER > 0 1147 if_bpf = brifp->if_bpf; 1148 if (if_bpf) 1149 bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN); 1150 #endif 1151 1152 sc = brifp->if_softc; 1153 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1154 if (bif->ifp == ifp) 1155 break; 1156 } 1157 if (bif == NULL) 1158 goto reenqueue; 1159 1160 bridge_span(brifp, m); 1161 1162 eh = mtod(m, struct ether_header *); 1163 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1164 /* 1165 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1166 * should not be forwarded to bridge members according to 1167 * section 7.12.6 of the 802.1D-2004 specification. The 1168 * STP destination address (as stored in bstp_etheraddr) 1169 * is the first of these. 1170 */ 1171 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1172 ETHER_ADDR_LEN - 1) == 0) { 1173 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1174 /* STP traffic */ 1175 m = bstp_input(sc->sc_stp, bif->bif_stp, eh, m); 1176 if (m == NULL) 1177 goto bad; 1178 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) 1179 goto bad; 1180 } 1181 1182 /* 1183 * No need to process frames for ifs in the discarding state 1184 */ 1185 if ((bif->bif_flags & IFBIF_STP) && 1186 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1187 goto reenqueue; 1188 1189 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1190 if (mc == NULL) 1191 goto reenqueue; 1192 1193 bridge_ifinput(ifp, mc); 1194 1195 bridgeintr_frame(brifp, ifp, m); 1196 if_put(brifp); 1197 return; 1198 } 1199 1200 /* 1201 * Unicast, make sure it's not for us. 1202 */ 1203 bif0 = bif; 1204 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1205 if (bridge_ourether(bif->ifp, eh->ether_dhost)) { 1206 if (bif0->bif_flags & IFBIF_LEARNING) 1207 bridge_rtupdate(sc, 1208 (struct ether_addr *)&eh->ether_shost, 1209 ifp, 0, IFBAF_DYNAMIC, m); 1210 if (bridge_filterrule(&bif0->bif_brlin, eh, m) == 1211 BRL_ACTION_BLOCK) { 1212 goto bad; 1213 } 1214 1215 /* Count for the bridge */ 1216 brifp->if_ipackets++; 1217 brifp->if_ibytes += m->m_pkthdr.len; 1218 1219 ifp = bif->ifp; 1220 goto reenqueue; 1221 } 1222 if (bridge_ourether(bif->ifp, eh->ether_shost)) 1223 goto bad; 1224 } 1225 1226 bridgeintr_frame(brifp, ifp, m); 1227 if_put(brifp); 1228 return; 1229 1230 reenqueue: 1231 bridge_ifinput(ifp, m); 1232 m = NULL; 1233 bad: 1234 m_freem(m); 1235 if_put(brifp); 1236 } 1237 1238 /* 1239 * Send a frame to all interfaces that are members of the bridge 1240 * (except the one it came in on). 1241 */ 1242 void 1243 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1244 struct ether_header *eh, struct mbuf *m) 1245 { 1246 struct bridge_iflist *bif; 1247 struct mbuf *mc; 1248 struct ifnet *dst_if; 1249 int len, used = 0; 1250 u_int32_t protected; 1251 1252 bif = bridge_getbif(ifp); 1253 KASSERT(bif != NULL); 1254 protected = bif->bif_protected; 1255 1256 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1257 dst_if = bif->ifp; 1258 1259 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1260 continue; 1261 1262 if ((bif->bif_flags & IFBIF_STP) && 1263 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1264 continue; 1265 1266 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1267 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1268 continue; 1269 1270 /* Drop non-IP frames if the appropriate flag is set. */ 1271 if (bif->bif_flags & IFBIF_BLOCKNONIP && 1272 bridge_blocknonip(eh, m)) 1273 continue; 1274 1275 /* 1276 * Do not transmit if both ports are part of the same 1277 * protected domain. 1278 */ 1279 if (protected != 0 && (protected & bif->bif_protected)) 1280 continue; 1281 1282 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 1283 BRL_ACTION_BLOCK) 1284 continue; 1285 1286 /* 1287 * Don't retransmit out of the same interface where 1288 * the packet was received from. 1289 */ 1290 if (dst_if->if_index == ifp->if_index) 1291 continue; 1292 1293 if (bridge_localbroadcast(dst_if, eh, m)) 1294 sc->sc_if.if_oerrors++; 1295 1296 /* If last one, reuse the passed-in mbuf */ 1297 if (SMR_SLIST_NEXT_LOCKED(bif, bif_next) == NULL) { 1298 mc = m; 1299 used = 1; 1300 } else { 1301 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1302 if (mc == NULL) { 1303 sc->sc_if.if_oerrors++; 1304 continue; 1305 } 1306 } 1307 1308 mc = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, eh, mc); 1309 if (mc == NULL) 1310 continue; 1311 1312 len = mc->m_pkthdr.len; 1313 #if NVLAN > 0 1314 if ((mc->m_flags & M_VLANTAG) && 1315 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1316 len += ETHER_VLAN_ENCAP_LEN; 1317 #endif 1318 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1319 bridge_fragment(&sc->sc_if, dst_if, eh, mc); 1320 else { 1321 bridge_ifenqueue(&sc->sc_if, dst_if, mc); 1322 } 1323 } 1324 1325 if (!used) 1326 m_freem(m); 1327 } 1328 1329 int 1330 bridge_localbroadcast(struct ifnet *ifp, struct ether_header *eh, 1331 struct mbuf *m) 1332 { 1333 struct mbuf *m1; 1334 u_int16_t etype; 1335 1336 /* 1337 * quick optimisation, don't send packets up the stack if no 1338 * corresponding address has been specified. 1339 */ 1340 etype = ntohs(eh->ether_type); 1341 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1342 struct ifaddr *ifa; 1343 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1344 if (ifa->ifa_addr->sa_family == AF_INET) 1345 break; 1346 } 1347 if (ifa == NULL) 1348 return (0); 1349 } 1350 1351 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1352 if (m1 == NULL) 1353 return (1); 1354 1355 #if NPF > 0 1356 pf_pkt_addr_changed(m1); 1357 #endif /* NPF */ 1358 1359 bridge_ifinput(ifp, m1); 1360 1361 return (0); 1362 } 1363 1364 void 1365 bridge_span(struct ifnet *brifp, struct mbuf *m) 1366 { 1367 struct bridge_softc *sc = brifp->if_softc; 1368 struct bridge_iflist *bif; 1369 struct ifnet *ifp; 1370 struct mbuf *mc; 1371 int error; 1372 1373 smr_read_enter(); 1374 SMR_SLIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1375 ifp = bif->ifp; 1376 1377 if ((ifp->if_flags & IFF_RUNNING) == 0) 1378 continue; 1379 1380 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1381 if (mc == NULL) { 1382 brifp->if_oerrors++; 1383 continue; 1384 } 1385 1386 error = bridge_ifenqueue(brifp, ifp, mc); 1387 if (error) 1388 continue; 1389 } 1390 smr_read_leave(); 1391 } 1392 1393 /* 1394 * Block non-ip frames: 1395 * Returns 0 if frame is ip, and 1 if it should be dropped. 1396 */ 1397 int 1398 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1399 { 1400 struct llc llc; 1401 u_int16_t etype; 1402 1403 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1404 return (1); 1405 1406 #if NVLAN > 0 1407 if (m->m_flags & M_VLANTAG) 1408 return (1); 1409 #endif 1410 1411 etype = ntohs(eh->ether_type); 1412 switch (etype) { 1413 case ETHERTYPE_ARP: 1414 case ETHERTYPE_REVARP: 1415 case ETHERTYPE_IP: 1416 case ETHERTYPE_IPV6: 1417 return (0); 1418 } 1419 1420 if (etype > ETHERMTU) 1421 return (1); 1422 1423 if (m->m_pkthdr.len < 1424 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1425 return (1); 1426 1427 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1428 (caddr_t)&llc); 1429 1430 etype = ntohs(llc.llc_snap.ether_type); 1431 if (llc.llc_dsap == LLC_SNAP_LSAP && 1432 llc.llc_ssap == LLC_SNAP_LSAP && 1433 llc.llc_control == LLC_UI && 1434 llc.llc_snap.org_code[0] == 0 && 1435 llc.llc_snap.org_code[1] == 0 && 1436 llc.llc_snap.org_code[2] == 0 && 1437 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1438 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1439 return (0); 1440 } 1441 1442 return (1); 1443 } 1444 1445 #ifdef IPSEC 1446 int 1447 bridge_ipsec(struct ifnet *ifp, struct ether_header *eh, int hassnap, 1448 struct llc *llc, int dir, int af, int hlen, struct mbuf *m) 1449 { 1450 union sockaddr_union dst; 1451 struct tdb *tdb; 1452 u_int32_t spi; 1453 u_int16_t cpi; 1454 int error, off; 1455 u_int8_t proto = 0; 1456 struct ip *ip; 1457 #ifdef INET6 1458 struct ip6_hdr *ip6; 1459 #endif /* INET6 */ 1460 #if NPF > 0 1461 struct ifnet *encif; 1462 #endif 1463 1464 if (dir == BRIDGE_IN) { 1465 switch (af) { 1466 case AF_INET: 1467 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1468 goto skiplookup; 1469 1470 ip = mtod(m, struct ip *); 1471 proto = ip->ip_p; 1472 off = offsetof(struct ip, ip_p); 1473 1474 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1475 proto != IPPROTO_IPCOMP) 1476 goto skiplookup; 1477 1478 bzero(&dst, sizeof(union sockaddr_union)); 1479 dst.sa.sa_family = AF_INET; 1480 dst.sin.sin_len = sizeof(struct sockaddr_in); 1481 m_copydata(m, offsetof(struct ip, ip_dst), 1482 sizeof(struct in_addr), 1483 (caddr_t)&dst.sin.sin_addr); 1484 1485 break; 1486 #ifdef INET6 1487 case AF_INET6: 1488 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1489 goto skiplookup; 1490 1491 ip6 = mtod(m, struct ip6_hdr *); 1492 1493 /* XXX We should chase down the header chain */ 1494 proto = ip6->ip6_nxt; 1495 off = offsetof(struct ip6_hdr, ip6_nxt); 1496 1497 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1498 proto != IPPROTO_IPCOMP) 1499 goto skiplookup; 1500 1501 bzero(&dst, sizeof(union sockaddr_union)); 1502 dst.sa.sa_family = AF_INET6; 1503 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1504 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1505 sizeof(struct in6_addr), 1506 (caddr_t)&dst.sin6.sin6_addr); 1507 1508 break; 1509 #endif /* INET6 */ 1510 default: 1511 return (0); 1512 } 1513 1514 switch (proto) { 1515 case IPPROTO_ESP: 1516 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1517 break; 1518 case IPPROTO_AH: 1519 m_copydata(m, hlen + sizeof(u_int32_t), 1520 sizeof(u_int32_t), (caddr_t)&spi); 1521 break; 1522 case IPPROTO_IPCOMP: 1523 m_copydata(m, hlen + sizeof(u_int16_t), 1524 sizeof(u_int16_t), (caddr_t)&cpi); 1525 spi = ntohl(htons(cpi)); 1526 break; 1527 } 1528 1529 NET_ASSERT_LOCKED(); 1530 1531 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1532 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1533 tdb->tdb_xform != NULL) { 1534 if (tdb->tdb_first_use == 0) { 1535 tdb->tdb_first_use = time_second; 1536 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1537 timeout_add_sec(&tdb->tdb_first_tmo, 1538 tdb->tdb_exp_first_use); 1539 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1540 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1541 tdb->tdb_soft_first_use); 1542 } 1543 1544 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1545 return (1); 1546 } else { 1547 skiplookup: 1548 /* XXX do an input policy lookup */ 1549 return (0); 1550 } 1551 } else { /* Outgoing from the bridge. */ 1552 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1553 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1554 if (tdb != NULL) { 1555 /* 1556 * We don't need to do loop detection, the 1557 * bridge will do that for us. 1558 */ 1559 #if NPF > 0 1560 if ((encif = enc_getif(tdb->tdb_rdomain, 1561 tdb->tdb_tap)) == NULL || 1562 pf_test(af, dir, encif, &m) != PF_PASS) { 1563 m_freem(m); 1564 return (1); 1565 } 1566 if (m == NULL) 1567 return (1); 1568 else if (af == AF_INET) 1569 in_proto_cksum_out(m, encif); 1570 #ifdef INET6 1571 else if (af == AF_INET6) 1572 in6_proto_cksum_out(m, encif); 1573 #endif /* INET6 */ 1574 #endif /* NPF */ 1575 1576 ip = mtod(m, struct ip *); 1577 if ((af == AF_INET) && 1578 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1579 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1580 tdb->tdb_mtutimeout > time_second) 1581 bridge_send_icmp_err(ifp, eh, m, 1582 hassnap, llc, tdb->tdb_mtu, 1583 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1584 else 1585 error = ipsp_process_packet(m, tdb, af, 0); 1586 return (1); 1587 } else 1588 return (0); 1589 } 1590 1591 return (0); 1592 } 1593 #endif /* IPSEC */ 1594 1595 /* 1596 * Filter IP packets by peeking into the ethernet frame. This violates 1597 * the ISO model, but allows us to act as a IP filter at the data link 1598 * layer. As a result, most of this code will look familiar to those 1599 * who've read net/if_ethersubr.c and netinet/ip_input.c 1600 */ 1601 struct mbuf * 1602 bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, 1603 struct ether_header *eh, struct mbuf *m) 1604 { 1605 struct llc llc; 1606 int hassnap = 0; 1607 struct ip *ip; 1608 int hlen; 1609 u_int16_t etype; 1610 1611 #if NVLAN > 0 1612 if (m->m_flags & M_VLANTAG) 1613 return (m); 1614 #endif 1615 1616 etype = ntohs(eh->ether_type); 1617 1618 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1619 if (etype > ETHERMTU || 1620 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1621 ETHER_HDR_LEN)) 1622 return (m); 1623 1624 m_copydata(m, ETHER_HDR_LEN, 1625 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1626 1627 if (llc.llc_dsap != LLC_SNAP_LSAP || 1628 llc.llc_ssap != LLC_SNAP_LSAP || 1629 llc.llc_control != LLC_UI || 1630 llc.llc_snap.org_code[0] || 1631 llc.llc_snap.org_code[1] || 1632 llc.llc_snap.org_code[2]) 1633 return (m); 1634 1635 etype = ntohs(llc.llc_snap.ether_type); 1636 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1637 return (m); 1638 hassnap = 1; 1639 } 1640 1641 m_adj(m, ETHER_HDR_LEN); 1642 if (hassnap) 1643 m_adj(m, LLC_SNAPFRAMELEN); 1644 1645 switch (etype) { 1646 1647 case ETHERTYPE_IP: 1648 if (m->m_pkthdr.len < sizeof(struct ip)) 1649 goto dropit; 1650 1651 /* Copy minimal header, and drop invalids */ 1652 if (m->m_len < sizeof(struct ip) && 1653 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1654 ipstat_inc(ips_toosmall); 1655 return (NULL); 1656 } 1657 ip = mtod(m, struct ip *); 1658 1659 if (ip->ip_v != IPVERSION) { 1660 ipstat_inc(ips_badvers); 1661 goto dropit; 1662 } 1663 1664 hlen = ip->ip_hl << 2; /* get whole header length */ 1665 if (hlen < sizeof(struct ip)) { 1666 ipstat_inc(ips_badhlen); 1667 goto dropit; 1668 } 1669 1670 if (hlen > m->m_len) { 1671 if ((m = m_pullup(m, hlen)) == NULL) { 1672 ipstat_inc(ips_badhlen); 1673 return (NULL); 1674 } 1675 ip = mtod(m, struct ip *); 1676 } 1677 1678 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1679 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1680 ipstat_inc(ips_badsum); 1681 goto dropit; 1682 } 1683 1684 ipstat_inc(ips_inswcsum); 1685 if (in_cksum(m, hlen) != 0) { 1686 ipstat_inc(ips_badsum); 1687 goto dropit; 1688 } 1689 } 1690 1691 if (ntohs(ip->ip_len) < hlen) 1692 goto dropit; 1693 1694 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1695 goto dropit; 1696 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1697 if (m->m_len == m->m_pkthdr.len) { 1698 m->m_len = ntohs(ip->ip_len); 1699 m->m_pkthdr.len = ntohs(ip->ip_len); 1700 } else 1701 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1702 } 1703 1704 #ifdef IPSEC 1705 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1706 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET, hlen, m)) 1707 return (NULL); 1708 #endif /* IPSEC */ 1709 #if NPF > 0 1710 /* Finally, we get to filter the packet! */ 1711 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1712 goto dropit; 1713 if (m == NULL) 1714 goto dropit; 1715 #endif /* NPF > 0 */ 1716 1717 /* Rebuild the IP header */ 1718 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1719 return (NULL); 1720 if (m->m_len < sizeof(struct ip)) 1721 goto dropit; 1722 in_proto_cksum_out(m, ifp); 1723 ip = mtod(m, struct ip *); 1724 ip->ip_sum = 0; 1725 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1726 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1727 else { 1728 ipstat_inc(ips_outswcsum); 1729 ip->ip_sum = in_cksum(m, hlen); 1730 } 1731 1732 break; 1733 1734 #ifdef INET6 1735 case ETHERTYPE_IPV6: { 1736 struct ip6_hdr *ip6; 1737 1738 if (m->m_len < sizeof(struct ip6_hdr)) { 1739 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1740 == NULL) { 1741 ip6stat_inc(ip6s_toosmall); 1742 return (NULL); 1743 } 1744 } 1745 1746 ip6 = mtod(m, struct ip6_hdr *); 1747 1748 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1749 ip6stat_inc(ip6s_badvers); 1750 goto dropit; 1751 } 1752 1753 #ifdef IPSEC 1754 hlen = sizeof(struct ip6_hdr); 1755 1756 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1757 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET6, hlen, 1758 m)) 1759 return (NULL); 1760 #endif /* IPSEC */ 1761 1762 #if NPF > 0 1763 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1764 goto dropit; 1765 if (m == NULL) 1766 return (NULL); 1767 #endif /* NPF > 0 */ 1768 in6_proto_cksum_out(m, ifp); 1769 1770 break; 1771 } 1772 #endif /* INET6 */ 1773 1774 default: 1775 goto dropit; 1776 break; 1777 } 1778 1779 /* Reattach SNAP header */ 1780 if (hassnap) { 1781 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1782 if (m == NULL) 1783 goto dropit; 1784 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1785 } 1786 1787 /* Reattach ethernet header */ 1788 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1789 if (m == NULL) 1790 goto dropit; 1791 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1792 1793 return (m); 1794 1795 dropit: 1796 m_freem(m); 1797 return (NULL); 1798 } 1799 1800 void 1801 bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh, 1802 struct mbuf *m) 1803 { 1804 struct llc llc; 1805 struct mbuf *m0; 1806 int error = 0; 1807 int hassnap = 0; 1808 u_int16_t etype; 1809 struct ip *ip; 1810 1811 etype = ntohs(eh->ether_type); 1812 #if NVLAN > 0 1813 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1814 etype == ETHERTYPE_QINQ) { 1815 int len = m->m_pkthdr.len; 1816 1817 if (m->m_flags & M_VLANTAG) 1818 len += ETHER_VLAN_ENCAP_LEN; 1819 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1820 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1821 bridge_ifenqueue(brifp, ifp, m); 1822 return; 1823 } 1824 goto dropit; 1825 } 1826 #endif 1827 if (etype != ETHERTYPE_IP) { 1828 if (etype > ETHERMTU || 1829 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1830 ETHER_HDR_LEN)) 1831 goto dropit; 1832 1833 m_copydata(m, ETHER_HDR_LEN, 1834 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1835 1836 if (llc.llc_dsap != LLC_SNAP_LSAP || 1837 llc.llc_ssap != LLC_SNAP_LSAP || 1838 llc.llc_control != LLC_UI || 1839 llc.llc_snap.org_code[0] || 1840 llc.llc_snap.org_code[1] || 1841 llc.llc_snap.org_code[2] || 1842 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1843 goto dropit; 1844 1845 hassnap = 1; 1846 } 1847 1848 m_adj(m, ETHER_HDR_LEN); 1849 if (hassnap) 1850 m_adj(m, LLC_SNAPFRAMELEN); 1851 1852 if (m->m_len < sizeof(struct ip) && 1853 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1854 goto dropit; 1855 ip = mtod(m, struct ip *); 1856 1857 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1858 if (ip->ip_off & htons(IP_DF)) { 1859 bridge_send_icmp_err(ifp, eh, m, hassnap, &llc, 1860 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1861 return; 1862 } 1863 1864 error = ip_fragment(m, ifp, ifp->if_mtu); 1865 if (error) { 1866 m = NULL; 1867 goto dropit; 1868 } 1869 1870 for (; m; m = m0) { 1871 m0 = m->m_nextpkt; 1872 m->m_nextpkt = NULL; 1873 if (error == 0) { 1874 if (hassnap) { 1875 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1876 if (m == NULL) { 1877 error = ENOBUFS; 1878 continue; 1879 } 1880 bcopy(&llc, mtod(m, caddr_t), 1881 LLC_SNAPFRAMELEN); 1882 } 1883 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1884 if (m == NULL) { 1885 error = ENOBUFS; 1886 continue; 1887 } 1888 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1889 error = bridge_ifenqueue(brifp, ifp, m); 1890 if (error) { 1891 continue; 1892 } 1893 } else 1894 m_freem(m); 1895 } 1896 1897 if (error == 0) 1898 ipstat_inc(ips_fragmented); 1899 1900 return; 1901 dropit: 1902 m_freem(m); 1903 } 1904 1905 int 1906 bridge_ifenqueue(struct ifnet *brifp, struct ifnet *ifp, struct mbuf *m) 1907 { 1908 int error, len; 1909 1910 /* Loop prevention. */ 1911 m->m_flags |= M_PROTO1; 1912 1913 len = m->m_pkthdr.len; 1914 1915 error = if_enqueue(ifp, m); 1916 if (error) { 1917 brifp->if_oerrors++; 1918 return (error); 1919 } 1920 1921 brifp->if_opackets++; 1922 brifp->if_obytes += len; 1923 1924 return (0); 1925 } 1926 1927 void 1928 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1929 { 1930 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1931 1932 m->m_flags |= M_PROTO1; 1933 1934 ml_enqueue(&ml, m); 1935 if_input(ifp, &ml); 1936 } 1937 1938 void 1939 bridge_send_icmp_err(struct ifnet *ifp, 1940 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1941 int mtu, int type, int code) 1942 { 1943 struct ip *ip; 1944 struct icmp *icp; 1945 struct in_addr t; 1946 struct mbuf *m, *n2; 1947 int hlen; 1948 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1949 1950 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1951 if (!n2) { 1952 m_freem(n); 1953 return; 1954 } 1955 m = icmp_do_error(n, type, code, 0, mtu); 1956 if (m == NULL) { 1957 m_freem(n2); 1958 return; 1959 } 1960 1961 n = n2; 1962 1963 ip = mtod(m, struct ip *); 1964 hlen = ip->ip_hl << 2; 1965 t = ip->ip_dst; 1966 ip->ip_dst = ip->ip_src; 1967 ip->ip_src = t; 1968 1969 m->m_data += hlen; 1970 m->m_len -= hlen; 1971 icp = mtod(m, struct icmp *); 1972 icp->icmp_cksum = 0; 1973 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1974 m->m_data -= hlen; 1975 m->m_len += hlen; 1976 1977 ip->ip_v = IPVERSION; 1978 ip->ip_off &= htons(IP_DF); 1979 ip->ip_id = htons(ip_randomid()); 1980 ip->ip_ttl = MAXTTL; 1981 ip->ip_sum = 0; 1982 ip->ip_sum = in_cksum(m, hlen); 1983 1984 /* Swap ethernet addresses */ 1985 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1986 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1987 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1988 1989 /* Reattach SNAP header */ 1990 if (hassnap) { 1991 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1992 if (m == NULL) 1993 goto dropit; 1994 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1995 } 1996 1997 /* Reattach ethernet header */ 1998 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1999 if (m == NULL) 2000 goto dropit; 2001 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2002 2003 bridge_enqueue(ifp, m); 2004 m_freem(n); 2005 return; 2006 2007 dropit: 2008 m_freem(n); 2009 } 2010