1 /* $OpenBSD: if_bridge.c,v 1.338 2019/11/06 03:51:26 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/ioctl.h> 45 #include <sys/kernel.h> 46 47 #include <net/if.h> 48 #include <net/if_types.h> 49 #include <net/if_llc.h> 50 #include <net/netisr.h> 51 52 #include <netinet/in.h> 53 #include <netinet/ip.h> 54 #include <netinet/ip_var.h> 55 #include <netinet/if_ether.h> 56 #include <netinet/ip_icmp.h> 57 58 #ifdef IPSEC 59 #include <netinet/ip_ipsp.h> 60 #include <net/if_enc.h> 61 #endif 62 63 #ifdef INET6 64 #include <netinet6/in6_var.h> 65 #include <netinet/ip6.h> 66 #include <netinet6/ip6_var.h> 67 #endif 68 69 #if NPF > 0 70 #include <net/pfvar.h> 71 #define BRIDGE_IN PF_IN 72 #define BRIDGE_OUT PF_OUT 73 #else 74 #define BRIDGE_IN 0 75 #define BRIDGE_OUT 1 76 #endif 77 78 #if NBPFILTER > 0 79 #include <net/bpf.h> 80 #endif 81 82 #if NCARP > 0 83 #include <netinet/ip_carp.h> 84 #endif 85 86 #if NVLAN > 0 87 #include <net/if_vlan_var.h> 88 #endif 89 90 #include <net/if_bridge.h> 91 92 /* 93 * Maximum number of addresses to cache 94 */ 95 #ifndef BRIDGE_RTABLE_MAX 96 #define BRIDGE_RTABLE_MAX 100 97 #endif 98 99 /* 100 * Timeout (in seconds) for entries learned dynamically 101 */ 102 #ifndef BRIDGE_RTABLE_TIMEOUT 103 #define BRIDGE_RTABLE_TIMEOUT 240 104 #endif 105 106 void bridgeattach(int); 107 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 108 void bridge_ifdetach(void *); 109 void bridge_spandetach(void *); 110 int bridge_ifremove(struct bridge_iflist *); 111 void bridge_spanremove(struct bridge_iflist *); 112 int bridge_input(struct ifnet *, struct mbuf *, void *); 113 void bridge_process(struct ifnet *, struct mbuf *); 114 void bridgeintr_frame(struct ifnet *, struct ifnet *, struct mbuf *); 115 void bridge_bifgetstp(struct bridge_softc *, struct bridge_iflist *, 116 struct ifbreq *); 117 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 118 struct ether_header *, struct mbuf *); 119 int bridge_localbroadcast(struct ifnet *, struct ether_header *, 120 struct mbuf *); 121 void bridge_span(struct ifnet *, struct mbuf *); 122 void bridge_stop(struct bridge_softc *); 123 void bridge_init(struct bridge_softc *); 124 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 125 int bridge_blocknonip(struct ether_header *, struct mbuf *); 126 void bridge_ifinput(struct ifnet *, struct mbuf *); 127 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 128 struct rtentry *); 129 void bridge_send_icmp_err(struct ifnet *, struct ether_header *, 130 struct mbuf *, int, struct llc *, int, int, int); 131 int bridge_ifenqueue(struct ifnet *, struct ifnet *, struct mbuf *); 132 struct mbuf *bridge_ip(struct ifnet *, int, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 #ifdef IPSEC 135 int bridge_ipsec(struct ifnet *, struct ether_header *, int, struct llc *, 136 int, int, int, struct mbuf *); 137 #endif 138 int bridge_clone_create(struct if_clone *, int); 139 int bridge_clone_destroy(struct ifnet *); 140 141 #define ETHERADDR_IS_IP_MCAST(a) \ 142 /* struct etheraddr *a; */ \ 143 ((a)->ether_addr_octet[0] == 0x01 && \ 144 (a)->ether_addr_octet[1] == 0x00 && \ 145 (a)->ether_addr_octet[2] == 0x5e) 146 147 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 148 149 struct if_clone bridge_cloner = 150 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 151 152 void 153 bridgeattach(int n) 154 { 155 if_clone_attach(&bridge_cloner); 156 } 157 158 int 159 bridge_clone_create(struct if_clone *ifc, int unit) 160 { 161 struct bridge_softc *sc; 162 struct ifnet *ifp; 163 int i; 164 165 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 166 sc->sc_stp = bstp_create(&sc->sc_if); 167 if (!sc->sc_stp) { 168 free(sc, M_DEVBUF, sizeof *sc); 169 return (ENOMEM); 170 } 171 172 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 173 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 174 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 175 SMR_SLIST_INIT(&sc->sc_iflist); 176 SMR_SLIST_INIT(&sc->sc_spanlist); 177 mtx_init(&sc->sc_mtx, IPL_MPFLOOR); 178 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 179 LIST_INIT(&sc->sc_rts[i]); 180 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 181 ifp = &sc->sc_if; 182 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 183 unit); 184 ifp->if_softc = sc; 185 ifp->if_mtu = ETHERMTU; 186 ifp->if_ioctl = bridge_ioctl; 187 ifp->if_output = bridge_dummy_output; 188 ifp->if_xflags = IFXF_CLONED; 189 ifp->if_start = NULL; 190 ifp->if_type = IFT_BRIDGE; 191 ifp->if_hdrlen = ETHER_HDR_LEN; 192 193 if_attach(ifp); 194 if_alloc_sadl(ifp); 195 196 #if NBPFILTER > 0 197 bpfattach(&sc->sc_if.if_bpf, ifp, 198 DLT_EN10MB, ETHER_HDR_LEN); 199 #endif 200 201 if_ih_insert(ifp, ether_input, NULL); 202 203 return (0); 204 } 205 206 int 207 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 208 struct rtentry *rt) 209 { 210 m_freem(m); 211 return (EAFNOSUPPORT); 212 } 213 214 int 215 bridge_clone_destroy(struct ifnet *ifp) 216 { 217 struct bridge_softc *sc = ifp->if_softc; 218 struct bridge_iflist *bif; 219 220 /* 221 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 222 * use of smr_barrier() while holding the lock might lead to a 223 * deadlock situation. 224 */ 225 NET_ASSERT_UNLOCKED(); 226 227 bridge_stop(sc); 228 bridge_rtflush(sc, IFBF_FLUSHALL); 229 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_iflist)) != NULL) 230 bridge_ifremove(bif); 231 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_spanlist)) != NULL) 232 bridge_spanremove(bif); 233 234 bstp_destroy(sc->sc_stp); 235 236 /* Undo pseudo-driver changes. */ 237 if_deactivate(ifp); 238 239 if_ih_remove(ifp, ether_input, NULL); 240 241 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 242 243 if_detach(ifp); 244 245 free(sc, M_DEVBUF, sizeof *sc); 246 return (0); 247 } 248 249 int 250 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 251 { 252 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 253 struct ifbreq *req = (struct ifbreq *)data; 254 struct ifbropreq *brop = (struct ifbropreq *)data; 255 struct ifnet *ifs; 256 struct bridge_iflist *bif; 257 struct bstp_port *bp; 258 struct bstp_state *bs = sc->sc_stp; 259 int error = 0; 260 261 /* 262 * bridge(4) data structure aren't protected by the NET_LOCK(). 263 * Idealy it shouldn't be taken before calling `ifp->if_ioctl' 264 * but we aren't there yet. 265 */ 266 NET_UNLOCK(); 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL) { 279 error = if_clone_create(req->ifbr_ifsname, 0); 280 if (error == 0) 281 ifs = ifunit(req->ifbr_ifsname); 282 } 283 284 if (ifs == NULL) { /* no such interface */ 285 error = ENOENT; 286 break; 287 } 288 if (ifs->if_type != IFT_ETHER) { 289 error = EINVAL; 290 break; 291 } 292 if (ifs->if_bridgeidx != 0) { 293 if (ifs->if_bridgeidx == ifp->if_index) 294 error = EEXIST; 295 else 296 error = EBUSY; 297 break; 298 } 299 300 /* If it's in the span list, it can't be a member. */ 301 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 302 if (bif->ifp == ifs) 303 break; 304 } 305 if (bif != NULL) { 306 error = EBUSY; 307 break; 308 } 309 310 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 311 if (bif == NULL) { 312 error = ENOMEM; 313 break; 314 } 315 316 error = ifpromisc(ifs, 1); 317 if (error != 0) { 318 free(bif, M_DEVBUF, sizeof(*bif)); 319 break; 320 } 321 322 bif->bridge_sc = sc; 323 bif->ifp = ifs; 324 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 325 SIMPLEQ_INIT(&bif->bif_brlin); 326 SIMPLEQ_INIT(&bif->bif_brlout); 327 ifs->if_bridgeidx = ifp->if_index; 328 task_set(&bif->bif_dtask, bridge_ifdetach, bif); 329 if_detachhook_add(ifs, &bif->bif_dtask); 330 if_ih_insert(bif->ifp, bridge_input, NULL); 331 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_iflist, bif, bif_next); 332 break; 333 case SIOCBRDGDEL: 334 if ((error = suser(curproc)) != 0) 335 break; 336 ifs = ifunit(req->ifbr_ifsname); 337 if (ifs == NULL) { 338 error = ENOENT; 339 break; 340 } 341 if (ifs->if_bridgeidx != ifp->if_index) { 342 error = ESRCH; 343 break; 344 } 345 bif = bridge_getbif(ifs); 346 bridge_ifremove(bif); 347 break; 348 case SIOCBRDGIFS: 349 error = bridge_bifconf(sc, (struct ifbifconf *)data); 350 break; 351 case SIOCBRDGADDS: 352 if ((error = suser(curproc)) != 0) 353 break; 354 ifs = ifunit(req->ifbr_ifsname); 355 if (ifs == NULL) { /* no such interface */ 356 error = ENOENT; 357 break; 358 } 359 if (ifs->if_type != IFT_ETHER) { 360 error = EINVAL; 361 break; 362 } 363 if (ifs->if_bridgeidx != 0) { 364 if (ifs->if_bridgeidx == ifp->if_index) 365 error = EEXIST; 366 else 367 error = EBUSY; 368 break; 369 } 370 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 371 if (bif->ifp == ifs) 372 break; 373 } 374 if (bif != NULL) { 375 error = EEXIST; 376 break; 377 } 378 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 379 if (bif == NULL) { 380 error = ENOMEM; 381 break; 382 } 383 bif->bridge_sc = sc; 384 bif->ifp = ifs; 385 bif->bif_flags = IFBIF_SPAN; 386 SIMPLEQ_INIT(&bif->bif_brlin); 387 SIMPLEQ_INIT(&bif->bif_brlout); 388 task_set(&bif->bif_dtask, bridge_spandetach, bif); 389 if_detachhook_add(ifs, &bif->bif_dtask); 390 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_spanlist, bif, bif_next); 391 break; 392 case SIOCBRDGDELS: 393 if ((error = suser(curproc)) != 0) 394 break; 395 ifs = ifunit(req->ifbr_ifsname); 396 if (ifs == NULL) { 397 error = ENOENT; 398 break; 399 } 400 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 401 if (bif->ifp == ifs) 402 break; 403 } 404 if (bif == NULL) { 405 error = ESRCH; 406 break; 407 } 408 bridge_spanremove(bif); 409 break; 410 case SIOCBRDGGIFFLGS: 411 ifs = ifunit(req->ifbr_ifsname); 412 if (ifs == NULL) { 413 error = ENOENT; 414 break; 415 } 416 if (ifs->if_bridgeidx != ifp->if_index) { 417 error = ESRCH; 418 break; 419 } 420 bif = bridge_getbif(ifs); 421 req->ifbr_ifsflags = bif->bif_flags; 422 req->ifbr_portno = bif->ifp->if_index & 0xfff; 423 req->ifbr_protected = bif->bif_protected; 424 if (bif->bif_flags & IFBIF_STP) 425 bridge_bifgetstp(sc, bif, req); 426 break; 427 case SIOCBRDGSIFFLGS: 428 if ((error = suser(curproc)) != 0) 429 break; 430 ifs = ifunit(req->ifbr_ifsname); 431 if (ifs == NULL) { 432 error = ENOENT; 433 break; 434 } 435 if (ifs->if_bridgeidx != ifp->if_index) { 436 error = ESRCH; 437 break; 438 } 439 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 440 error = EINVAL; 441 break; 442 } 443 bif = bridge_getbif(ifs); 444 if (req->ifbr_ifsflags & IFBIF_STP) { 445 if ((bif->bif_flags & IFBIF_STP) == 0) { 446 /* Enable STP */ 447 if ((bif->bif_stp = bstp_add(sc->sc_stp, 448 bif->ifp)) == NULL) { 449 error = ENOMEM; 450 break; 451 } 452 } else { 453 /* Update STP flags */ 454 bstp_ifsflags(bif->bif_stp, req->ifbr_ifsflags); 455 } 456 } else if (bif->bif_flags & IFBIF_STP) { 457 bstp_delete(bif->bif_stp); 458 bif->bif_stp = NULL; 459 } 460 bif->bif_flags = req->ifbr_ifsflags; 461 break; 462 case SIOCSIFFLAGS: 463 if ((ifp->if_flags & IFF_UP) == IFF_UP) 464 bridge_init(sc); 465 466 if ((ifp->if_flags & IFF_UP) == 0) 467 bridge_stop(sc); 468 469 break; 470 case SIOCBRDGGPARAM: 471 if ((bp = bs->bs_root_port) == NULL) 472 brop->ifbop_root_port = 0; 473 else 474 brop->ifbop_root_port = bp->bp_ifp->if_index; 475 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 476 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 477 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 478 brop->ifbop_holdcount = bs->bs_txholdcount; 479 brop->ifbop_priority = bs->bs_bridge_priority; 480 brop->ifbop_protocol = bs->bs_protover; 481 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 482 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 483 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 484 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 485 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 486 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 487 break; 488 case SIOCBRDGSIFPROT: 489 ifs = ifunit(req->ifbr_ifsname); 490 if (ifs == NULL) { 491 error = ENOENT; 492 break; 493 } 494 if (ifs->if_bridgeidx != ifp->if_index) { 495 error = ESRCH; 496 break; 497 } 498 bif = bridge_getbif(ifs); 499 bif->bif_protected = req->ifbr_protected; 500 break; 501 case SIOCBRDGRTS: 502 case SIOCBRDGGCACHE: 503 case SIOCBRDGGPRI: 504 case SIOCBRDGGMA: 505 case SIOCBRDGGHT: 506 case SIOCBRDGGFD: 507 case SIOCBRDGGTO: 508 case SIOCBRDGGRL: 509 break; 510 case SIOCBRDGFLUSH: 511 case SIOCBRDGSADDR: 512 case SIOCBRDGDADDR: 513 case SIOCBRDGSCACHE: 514 case SIOCBRDGSTO: 515 case SIOCBRDGARL: 516 case SIOCBRDGFRL: 517 case SIOCBRDGSPRI: 518 case SIOCBRDGSFD: 519 case SIOCBRDGSMA: 520 case SIOCBRDGSHT: 521 case SIOCBRDGSTXHC: 522 case SIOCBRDGSPROTO: 523 case SIOCBRDGSIFPRIO: 524 case SIOCBRDGSIFCOST: 525 error = suser(curproc); 526 break; 527 default: 528 error = ENOTTY; 529 break; 530 } 531 532 if (!error) 533 error = bridgectl_ioctl(ifp, cmd, data); 534 535 if (!error) 536 error = bstp_ioctl(ifp, cmd, data); 537 538 NET_LOCK(); 539 return (error); 540 } 541 542 /* Detach an interface from a bridge. */ 543 int 544 bridge_ifremove(struct bridge_iflist *bif) 545 { 546 struct bridge_softc *sc = bif->bridge_sc; 547 int error; 548 549 SMR_SLIST_REMOVE_LOCKED(&sc->sc_iflist, bif, bridge_iflist, bif_next); 550 if_detachhook_del(bif->ifp, &bif->bif_dtask); 551 if_ih_remove(bif->ifp, bridge_input, NULL); 552 553 smr_barrier(); 554 555 if (bif->bif_flags & IFBIF_STP) { 556 bstp_delete(bif->bif_stp); 557 bif->bif_stp = NULL; 558 } 559 560 bif->ifp->if_bridgeidx = 0; 561 error = ifpromisc(bif->ifp, 0); 562 563 bridge_rtdelete(sc, bif->ifp, 0); 564 bridge_flushrule(bif); 565 566 bif->ifp = NULL; 567 free(bif, M_DEVBUF, sizeof(*bif)); 568 569 return (error); 570 } 571 572 void 573 bridge_spanremove(struct bridge_iflist *bif) 574 { 575 struct bridge_softc *sc = bif->bridge_sc; 576 577 SMR_SLIST_REMOVE_LOCKED(&sc->sc_spanlist, bif, bridge_iflist, bif_next); 578 if_detachhook_del(bif->ifp, &bif->bif_dtask); 579 580 smr_barrier(); 581 582 bif->ifp = NULL; 583 free(bif, M_DEVBUF, sizeof(*bif)); 584 } 585 586 void 587 bridge_ifdetach(void *xbif) 588 { 589 struct bridge_iflist *bif = xbif; 590 591 /* 592 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 593 * use of smr_barrier() while holding the lock might lead to a 594 * deadlock situation. 595 */ 596 NET_UNLOCK(); 597 bridge_ifremove(bif); 598 NET_LOCK(); 599 } 600 601 void 602 bridge_spandetach(void *xbif) 603 { 604 struct bridge_iflist *bif = xbif; 605 606 /* 607 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 608 * use of smr_barrier() while holding the lock might lead to a 609 * deadlock situation. 610 */ 611 NET_UNLOCK(); 612 bridge_spanremove(bif); 613 NET_LOCK(); 614 } 615 616 void 617 bridge_bifgetstp(struct bridge_softc *sc, struct bridge_iflist *bif, 618 struct ifbreq *breq) 619 { 620 struct bstp_state *bs = sc->sc_stp; 621 struct bstp_port *bp = bif->bif_stp; 622 623 breq->ifbr_state = bstp_getstate(bs, bp); 624 breq->ifbr_priority = bp->bp_priority; 625 breq->ifbr_path_cost = bp->bp_path_cost; 626 breq->ifbr_proto = bp->bp_protover; 627 breq->ifbr_role = bp->bp_role; 628 breq->ifbr_stpflags = bp->bp_flags; 629 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 630 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 631 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 632 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 633 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 634 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 635 636 /* Copy STP state options as flags */ 637 if (bp->bp_operedge) 638 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 639 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 640 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 641 if (bp->bp_ptp_link) 642 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 643 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 644 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 645 } 646 647 int 648 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 649 { 650 struct bridge_iflist *bif; 651 u_int32_t total = 0, i = 0; 652 int error = 0; 653 struct ifbreq *breq, *breqs = NULL; 654 655 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) 656 total++; 657 658 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) 659 total++; 660 661 if (bifc->ifbic_len == 0) { 662 i = total; 663 goto done; 664 } 665 666 breqs = mallocarray(total, sizeof(*breqs), M_TEMP, M_NOWAIT|M_ZERO); 667 if (breqs == NULL) 668 goto done; 669 670 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 671 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 672 break; 673 breq = &breqs[i]; 674 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 675 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 676 breq->ifbr_ifsflags = bif->bif_flags; 677 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 678 breq->ifbr_protected = bif->bif_protected; 679 if (bif->bif_flags & IFBIF_STP) 680 bridge_bifgetstp(sc, bif, breq); 681 i++; 682 } 683 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 684 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 685 break; 686 breq = &breqs[i]; 687 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 688 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 689 breq->ifbr_ifsflags = bif->bif_flags | IFBIF_SPAN; 690 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 691 i++; 692 } 693 694 error = copyout(breqs, bifc->ifbic_req, i * sizeof(*breqs)); 695 done: 696 free(breqs, M_TEMP, total * sizeof(*breq)); 697 bifc->ifbic_len = i * sizeof(*breq); 698 return (error); 699 } 700 701 struct bridge_iflist * 702 bridge_getbif(struct ifnet *ifp) 703 { 704 struct bridge_iflist *bif; 705 struct bridge_softc *sc; 706 struct ifnet *bifp; 707 708 KERNEL_ASSERT_LOCKED(); 709 710 bifp = if_get(ifp->if_bridgeidx); 711 if (bifp == NULL) 712 return (NULL); 713 714 sc = bifp->if_softc; 715 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 716 if (bif->ifp == ifp) 717 break; 718 } 719 720 if_put(bifp); 721 722 return (bif); 723 } 724 725 void 726 bridge_init(struct bridge_softc *sc) 727 { 728 struct ifnet *ifp = &sc->sc_if; 729 730 if (ISSET(ifp->if_flags, IFF_RUNNING)) 731 return; 732 733 bstp_initialization(sc->sc_stp); 734 735 if (sc->sc_brttimeout != 0) 736 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 737 738 SET(ifp->if_flags, IFF_RUNNING); 739 } 740 741 /* 742 * Stop the bridge and deallocate the routing table. 743 */ 744 void 745 bridge_stop(struct bridge_softc *sc) 746 { 747 struct ifnet *ifp = &sc->sc_if; 748 749 if (!ISSET(ifp->if_flags, IFF_RUNNING)) 750 return; 751 752 CLR(ifp->if_flags, IFF_RUNNING); 753 754 timeout_del_barrier(&sc->sc_brtimeout); 755 756 bridge_rtflush(sc, IFBF_FLUSHDYN); 757 } 758 759 /* 760 * Send output from the bridge. The mbuf has the ethernet header 761 * already attached. We must enqueue or free the mbuf before exiting. 762 */ 763 int 764 bridge_enqueue(struct ifnet *ifp, struct mbuf *m) 765 { 766 struct ifnet *brifp; 767 struct ether_header *eh; 768 struct ifnet *dst_if = NULL; 769 unsigned int dst_ifidx = 0; 770 #if NBPFILTER > 0 771 caddr_t if_bpf; 772 #endif 773 int error = 0; 774 775 if (m->m_len < sizeof(*eh)) { 776 m = m_pullup(m, sizeof(*eh)); 777 if (m == NULL) 778 return (ENOBUFS); 779 } 780 781 /* ifp must be a member interface of the bridge. */ 782 brifp = if_get(ifp->if_bridgeidx); 783 if (brifp == NULL) { 784 m_freem(m); 785 return (EINVAL); 786 } 787 788 /* 789 * If bridge is down, but original output interface is up, 790 * go ahead and send out that interface. Otherwise the packet 791 * is dropped below. 792 */ 793 if (!ISSET(brifp->if_flags, IFF_RUNNING)) { 794 /* Loop prevention. */ 795 m->m_flags |= M_PROTO1; 796 error = if_enqueue(ifp, m); 797 if_put(brifp); 798 return (error); 799 } 800 801 #if NBPFILTER > 0 802 if_bpf = brifp->if_bpf; 803 if (if_bpf) 804 bpf_mtap(if_bpf, m, BPF_DIRECTION_OUT); 805 #endif 806 ifp->if_opackets++; 807 ifp->if_obytes += m->m_pkthdr.len; 808 809 bridge_span(brifp, m); 810 811 eh = mtod(m, struct ether_header *); 812 if (!ETHER_IS_MULTICAST(eh->ether_dhost)) { 813 struct ether_addr *dst; 814 815 dst = (struct ether_addr *)&eh->ether_dhost[0]; 816 dst_ifidx = bridge_rtlookup(brifp, dst, m); 817 } 818 819 /* 820 * If the packet is a broadcast or we don't know a better way to 821 * get there, send to all interfaces. 822 */ 823 if (dst_ifidx == 0) { 824 struct bridge_softc *sc = brifp->if_softc; 825 struct bridge_iflist *bif; 826 struct mbuf *mc; 827 828 smr_read_enter(); 829 SMR_SLIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 830 dst_if = bif->ifp; 831 if ((dst_if->if_flags & IFF_RUNNING) == 0) 832 continue; 833 834 /* 835 * If this is not the original output interface, 836 * and the interface is participating in spanning 837 * tree, make sure the port is in a state that 838 * allows forwarding. 839 */ 840 if (dst_if != ifp && 841 (bif->bif_flags & IFBIF_STP) && 842 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 843 continue; 844 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 845 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 846 continue; 847 848 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 849 BRL_ACTION_BLOCK) 850 continue; 851 852 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 853 if (mc == NULL) { 854 brifp->if_oerrors++; 855 continue; 856 } 857 858 error = bridge_ifenqueue(brifp, dst_if, mc); 859 if (error) 860 continue; 861 } 862 smr_read_leave(); 863 m_freem(m); 864 goto out; 865 } 866 867 dst_if = if_get(dst_ifidx); 868 if ((dst_if == NULL) || !ISSET(dst_if->if_flags, IFF_RUNNING)) { 869 m_freem(m); 870 if_put(dst_if); 871 error = ENETDOWN; 872 goto out; 873 } 874 875 bridge_ifenqueue(brifp, dst_if, m); 876 if_put(dst_if); 877 out: 878 if_put(brifp); 879 return (error); 880 } 881 882 /* 883 * Loop through each bridge interface and process their input queues. 884 */ 885 void 886 bridgeintr(void) 887 { 888 struct mbuf_list ml; 889 struct mbuf *m; 890 struct ifnet *ifp; 891 892 niq_delist(&bridgeintrq, &ml); 893 if (ml_empty(&ml)) 894 return; 895 896 KERNEL_LOCK(); 897 while ((m = ml_dequeue(&ml)) != NULL) { 898 899 ifp = if_get(m->m_pkthdr.ph_ifidx); 900 if (ifp == NULL) { 901 m_freem(m); 902 continue; 903 } 904 905 bridge_process(ifp, m); 906 907 if_put(ifp); 908 } 909 KERNEL_UNLOCK(); 910 } 911 912 /* 913 * Process a single frame. Frame must be freed or queued before returning. 914 */ 915 void 916 bridgeintr_frame(struct ifnet *brifp, struct ifnet *src_if, struct mbuf *m) 917 { 918 struct bridge_softc *sc = brifp->if_softc; 919 struct ifnet *dst_if = NULL; 920 struct bridge_iflist *bif; 921 struct ether_addr *dst, *src; 922 struct ether_header eh; 923 unsigned int dst_ifidx; 924 u_int32_t protected; 925 int len; 926 927 928 sc->sc_if.if_ipackets++; 929 sc->sc_if.if_ibytes += m->m_pkthdr.len; 930 931 bif = bridge_getbif(src_if); 932 KASSERT(bif != NULL); 933 934 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 935 dst = (struct ether_addr *)&eh.ether_dhost[0]; 936 src = (struct ether_addr *)&eh.ether_shost[0]; 937 938 /* 939 * If interface is learning, and if source address 940 * is not broadcast or multicast, record its address. 941 */ 942 if ((bif->bif_flags & IFBIF_LEARNING) && 943 !ETHER_IS_MULTICAST(eh.ether_shost) && 944 !ETHER_IS_ANYADDR(eh.ether_shost)) 945 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 946 947 if ((bif->bif_flags & IFBIF_STP) && 948 (bif->bif_state == BSTP_IFSTATE_LEARNING)) { 949 m_freem(m); 950 return; 951 } 952 953 /* 954 * At this point, the port either doesn't participate in stp or 955 * it's in the forwarding state 956 */ 957 958 /* 959 * If packet is unicast, destined for someone on "this" 960 * side of the bridge, drop it. 961 */ 962 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 963 dst_ifidx = bridge_rtlookup(brifp, dst, NULL); 964 if (dst_ifidx == src_if->if_index) { 965 m_freem(m); 966 return; 967 } 968 } else { 969 if (ETHER_IS_BROADCAST(eh.ether_dhost)) 970 m->m_flags |= M_BCAST; 971 else 972 m->m_flags |= M_MCAST; 973 } 974 975 /* 976 * Multicast packets get handled a little differently: 977 * If interface is: 978 * -link0,-link1 (default) Forward all multicast 979 * as broadcast. 980 * -link0,link1 Drop non-IP multicast, forward 981 * as broadcast IP multicast. 982 * link0,-link1 Drop IP multicast, forward as 983 * broadcast non-IP multicast. 984 * link0,link1 Drop all multicast. 985 */ 986 if (m->m_flags & M_MCAST) { 987 if ((sc->sc_if.if_flags & 988 (IFF_LINK0 | IFF_LINK1)) == 989 (IFF_LINK0 | IFF_LINK1)) { 990 m_freem(m); 991 return; 992 } 993 if (sc->sc_if.if_flags & IFF_LINK0 && 994 ETHERADDR_IS_IP_MCAST(dst)) { 995 m_freem(m); 996 return; 997 } 998 if (sc->sc_if.if_flags & IFF_LINK1 && 999 !ETHERADDR_IS_IP_MCAST(dst)) { 1000 m_freem(m); 1001 return; 1002 } 1003 } 1004 1005 if (bif->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 1006 m_freem(m); 1007 return; 1008 } 1009 1010 if (bridge_filterrule(&bif->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 1011 m_freem(m); 1012 return; 1013 } 1014 m = bridge_ip(&sc->sc_if, BRIDGE_IN, src_if, &eh, m); 1015 if (m == NULL) 1016 return; 1017 /* 1018 * If the packet is a multicast or broadcast OR if we don't 1019 * know any better, forward it to all interfaces. 1020 */ 1021 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_ifidx == 0) { 1022 sc->sc_if.if_imcasts++; 1023 bridge_broadcast(sc, src_if, &eh, m); 1024 return; 1025 } 1026 protected = bif->bif_protected; 1027 1028 dst_if = if_get(dst_ifidx); 1029 if (dst_if == NULL) 1030 goto bad; 1031 1032 /* 1033 * At this point, we're dealing with a unicast frame going to a 1034 * different interface 1035 */ 1036 if (!ISSET(dst_if->if_flags, IFF_RUNNING)) 1037 goto bad; 1038 bif = bridge_getbif(dst_if); 1039 if ((bif == NULL) || ((bif->bif_flags & IFBIF_STP) && 1040 (bif->bif_state == BSTP_IFSTATE_DISCARDING))) 1041 goto bad; 1042 /* 1043 * Do not transmit if both ports are part of the same protected 1044 * domain. 1045 */ 1046 if (protected != 0 && (protected & bif->bif_protected)) 1047 goto bad; 1048 if (bridge_filterrule(&bif->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) 1049 goto bad; 1050 m = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, &eh, m); 1051 if (m == NULL) 1052 goto bad; 1053 1054 len = m->m_pkthdr.len; 1055 #if NVLAN > 0 1056 if ((m->m_flags & M_VLANTAG) && 1057 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1058 len += ETHER_VLAN_ENCAP_LEN; 1059 #endif 1060 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1061 bridge_fragment(&sc->sc_if, dst_if, &eh, m); 1062 else { 1063 bridge_ifenqueue(&sc->sc_if, dst_if, m); 1064 } 1065 m = NULL; 1066 bad: 1067 if_put(dst_if); 1068 m_freem(m); 1069 } 1070 1071 /* 1072 * Return 1 if `ena' belongs to `bif', 0 otherwise. 1073 */ 1074 int 1075 bridge_ourether(struct ifnet *ifp, uint8_t *ena) 1076 { 1077 struct arpcom *ac = (struct arpcom *)ifp; 1078 1079 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1080 return (1); 1081 1082 #if NCARP > 0 1083 if (carp_ourether(ifp, ena)) 1084 return (1); 1085 #endif 1086 1087 return (0); 1088 } 1089 1090 /* 1091 * Receive input from an interface. Queue the packet for bridging if its 1092 * not for us, and schedule an interrupt. 1093 */ 1094 int 1095 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1096 { 1097 KASSERT(m->m_flags & M_PKTHDR); 1098 1099 if (m->m_flags & M_PROTO1) { 1100 m->m_flags &= ~M_PROTO1; 1101 return (0); 1102 } 1103 1104 niq_enqueue(&bridgeintrq, m); 1105 1106 return (1); 1107 } 1108 1109 void 1110 bridge_process(struct ifnet *ifp, struct mbuf *m) 1111 { 1112 struct ifnet *brifp; 1113 struct bridge_softc *sc; 1114 struct bridge_iflist *bif = NULL, *bif0 = NULL; 1115 struct ether_header *eh; 1116 struct mbuf *mc; 1117 #if NBPFILTER > 0 1118 caddr_t if_bpf; 1119 #endif 1120 1121 KERNEL_ASSERT_LOCKED(); 1122 1123 brifp = if_get(ifp->if_bridgeidx); 1124 if ((brifp == NULL) || !ISSET(brifp->if_flags, IFF_RUNNING)) 1125 goto reenqueue; 1126 1127 if (m->m_pkthdr.len < sizeof(*eh)) 1128 goto bad; 1129 1130 #if NVLAN > 0 1131 /* 1132 * If the underlying interface removed the VLAN header itself, 1133 * add it back. 1134 */ 1135 if (ISSET(m->m_flags, M_VLANTAG)) { 1136 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1137 if (m == NULL) 1138 goto bad; 1139 } 1140 #endif 1141 1142 #if NBPFILTER > 0 1143 if_bpf = brifp->if_bpf; 1144 if (if_bpf) 1145 bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN); 1146 #endif 1147 1148 eh = mtod(m, struct ether_header *); 1149 1150 sc = brifp->if_softc; 1151 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1152 if (bridge_ourether(bif->ifp, eh->ether_shost)) 1153 goto bad; 1154 if (bif->ifp == ifp) 1155 bif0 = bif; 1156 } 1157 if (bif0 == NULL) 1158 goto reenqueue; 1159 1160 bridge_span(brifp, m); 1161 1162 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1163 /* 1164 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1165 * should not be forwarded to bridge members according to 1166 * section 7.12.6 of the 802.1D-2004 specification. The 1167 * STP destination address (as stored in bstp_etheraddr) 1168 * is the first of these. 1169 */ 1170 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1171 ETHER_ADDR_LEN - 1) == 0) { 1172 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1173 /* STP traffic */ 1174 m = bstp_input(sc->sc_stp, bif0->bif_stp, eh, 1175 m); 1176 if (m == NULL) 1177 goto bad; 1178 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) 1179 goto bad; 1180 } 1181 1182 /* 1183 * No need to process frames for ifs in the discarding state 1184 */ 1185 if ((bif0->bif_flags & IFBIF_STP) && 1186 (bif0->bif_state == BSTP_IFSTATE_DISCARDING)) 1187 goto reenqueue; 1188 1189 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1190 if (mc == NULL) 1191 goto reenqueue; 1192 1193 bridge_ifinput(ifp, mc); 1194 1195 bridgeintr_frame(brifp, ifp, m); 1196 if_put(brifp); 1197 return; 1198 } 1199 1200 /* 1201 * Unicast, make sure it's not for us. 1202 */ 1203 if (bridge_ourether(bif0->ifp, eh->ether_dhost)) { 1204 bif = bif0; 1205 } else { 1206 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1207 if (bif->ifp == ifp) 1208 continue; 1209 if (bridge_ourether(bif->ifp, eh->ether_dhost)) 1210 break; 1211 } 1212 } 1213 if (bif != NULL) { 1214 if (bif0->bif_flags & IFBIF_LEARNING) 1215 bridge_rtupdate(sc, 1216 (struct ether_addr *)&eh->ether_shost, 1217 ifp, 0, IFBAF_DYNAMIC, m); 1218 if (bridge_filterrule(&bif0->bif_brlin, eh, m) == 1219 BRL_ACTION_BLOCK) { 1220 goto bad; 1221 } 1222 1223 /* Count for the bridge */ 1224 brifp->if_ipackets++; 1225 brifp->if_ibytes += m->m_pkthdr.len; 1226 1227 ifp = bif->ifp; 1228 goto reenqueue; 1229 } 1230 1231 bridgeintr_frame(brifp, ifp, m); 1232 if_put(brifp); 1233 return; 1234 1235 reenqueue: 1236 bridge_ifinput(ifp, m); 1237 m = NULL; 1238 bad: 1239 m_freem(m); 1240 if_put(brifp); 1241 } 1242 1243 /* 1244 * Send a frame to all interfaces that are members of the bridge 1245 * (except the one it came in on). 1246 */ 1247 void 1248 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1249 struct ether_header *eh, struct mbuf *m) 1250 { 1251 struct bridge_iflist *bif; 1252 struct mbuf *mc; 1253 struct ifnet *dst_if; 1254 int len, used = 0; 1255 u_int32_t protected; 1256 1257 bif = bridge_getbif(ifp); 1258 KASSERT(bif != NULL); 1259 protected = bif->bif_protected; 1260 1261 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1262 dst_if = bif->ifp; 1263 1264 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1265 continue; 1266 1267 if ((bif->bif_flags & IFBIF_STP) && 1268 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1269 continue; 1270 1271 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1272 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1273 continue; 1274 1275 /* Drop non-IP frames if the appropriate flag is set. */ 1276 if (bif->bif_flags & IFBIF_BLOCKNONIP && 1277 bridge_blocknonip(eh, m)) 1278 continue; 1279 1280 /* 1281 * Do not transmit if both ports are part of the same 1282 * protected domain. 1283 */ 1284 if (protected != 0 && (protected & bif->bif_protected)) 1285 continue; 1286 1287 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 1288 BRL_ACTION_BLOCK) 1289 continue; 1290 1291 /* 1292 * Don't retransmit out of the same interface where 1293 * the packet was received from. 1294 */ 1295 if (dst_if->if_index == ifp->if_index) 1296 continue; 1297 1298 if (bridge_localbroadcast(dst_if, eh, m)) 1299 sc->sc_if.if_oerrors++; 1300 1301 /* If last one, reuse the passed-in mbuf */ 1302 if (SMR_SLIST_NEXT_LOCKED(bif, bif_next) == NULL) { 1303 mc = m; 1304 used = 1; 1305 } else { 1306 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1307 if (mc == NULL) { 1308 sc->sc_if.if_oerrors++; 1309 continue; 1310 } 1311 } 1312 1313 mc = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, eh, mc); 1314 if (mc == NULL) 1315 continue; 1316 1317 len = mc->m_pkthdr.len; 1318 #if NVLAN > 0 1319 if ((mc->m_flags & M_VLANTAG) && 1320 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1321 len += ETHER_VLAN_ENCAP_LEN; 1322 #endif 1323 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1324 bridge_fragment(&sc->sc_if, dst_if, eh, mc); 1325 else { 1326 bridge_ifenqueue(&sc->sc_if, dst_if, mc); 1327 } 1328 } 1329 1330 if (!used) 1331 m_freem(m); 1332 } 1333 1334 int 1335 bridge_localbroadcast(struct ifnet *ifp, struct ether_header *eh, 1336 struct mbuf *m) 1337 { 1338 struct mbuf *m1; 1339 u_int16_t etype; 1340 1341 /* 1342 * quick optimisation, don't send packets up the stack if no 1343 * corresponding address has been specified. 1344 */ 1345 etype = ntohs(eh->ether_type); 1346 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1347 struct ifaddr *ifa; 1348 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1349 if (ifa->ifa_addr->sa_family == AF_INET) 1350 break; 1351 } 1352 if (ifa == NULL) 1353 return (0); 1354 } 1355 1356 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1357 if (m1 == NULL) 1358 return (1); 1359 1360 #if NPF > 0 1361 pf_pkt_addr_changed(m1); 1362 #endif /* NPF */ 1363 1364 bridge_ifinput(ifp, m1); 1365 1366 return (0); 1367 } 1368 1369 void 1370 bridge_span(struct ifnet *brifp, struct mbuf *m) 1371 { 1372 struct bridge_softc *sc = brifp->if_softc; 1373 struct bridge_iflist *bif; 1374 struct ifnet *ifp; 1375 struct mbuf *mc; 1376 int error; 1377 1378 smr_read_enter(); 1379 SMR_SLIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1380 ifp = bif->ifp; 1381 1382 if ((ifp->if_flags & IFF_RUNNING) == 0) 1383 continue; 1384 1385 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1386 if (mc == NULL) { 1387 brifp->if_oerrors++; 1388 continue; 1389 } 1390 1391 error = bridge_ifenqueue(brifp, ifp, mc); 1392 if (error) 1393 continue; 1394 } 1395 smr_read_leave(); 1396 } 1397 1398 /* 1399 * Block non-ip frames: 1400 * Returns 0 if frame is ip, and 1 if it should be dropped. 1401 */ 1402 int 1403 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1404 { 1405 struct llc llc; 1406 u_int16_t etype; 1407 1408 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1409 return (1); 1410 1411 #if NVLAN > 0 1412 if (m->m_flags & M_VLANTAG) 1413 return (1); 1414 #endif 1415 1416 etype = ntohs(eh->ether_type); 1417 switch (etype) { 1418 case ETHERTYPE_ARP: 1419 case ETHERTYPE_REVARP: 1420 case ETHERTYPE_IP: 1421 case ETHERTYPE_IPV6: 1422 return (0); 1423 } 1424 1425 if (etype > ETHERMTU) 1426 return (1); 1427 1428 if (m->m_pkthdr.len < 1429 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1430 return (1); 1431 1432 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1433 (caddr_t)&llc); 1434 1435 etype = ntohs(llc.llc_snap.ether_type); 1436 if (llc.llc_dsap == LLC_SNAP_LSAP && 1437 llc.llc_ssap == LLC_SNAP_LSAP && 1438 llc.llc_control == LLC_UI && 1439 llc.llc_snap.org_code[0] == 0 && 1440 llc.llc_snap.org_code[1] == 0 && 1441 llc.llc_snap.org_code[2] == 0 && 1442 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1443 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1444 return (0); 1445 } 1446 1447 return (1); 1448 } 1449 1450 #ifdef IPSEC 1451 int 1452 bridge_ipsec(struct ifnet *ifp, struct ether_header *eh, int hassnap, 1453 struct llc *llc, int dir, int af, int hlen, struct mbuf *m) 1454 { 1455 union sockaddr_union dst; 1456 struct tdb *tdb; 1457 u_int32_t spi; 1458 u_int16_t cpi; 1459 int error, off; 1460 u_int8_t proto = 0; 1461 struct ip *ip; 1462 #ifdef INET6 1463 struct ip6_hdr *ip6; 1464 #endif /* INET6 */ 1465 #if NPF > 0 1466 struct ifnet *encif; 1467 #endif 1468 1469 if (dir == BRIDGE_IN) { 1470 switch (af) { 1471 case AF_INET: 1472 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1473 goto skiplookup; 1474 1475 ip = mtod(m, struct ip *); 1476 proto = ip->ip_p; 1477 off = offsetof(struct ip, ip_p); 1478 1479 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1480 proto != IPPROTO_IPCOMP) 1481 goto skiplookup; 1482 1483 bzero(&dst, sizeof(union sockaddr_union)); 1484 dst.sa.sa_family = AF_INET; 1485 dst.sin.sin_len = sizeof(struct sockaddr_in); 1486 m_copydata(m, offsetof(struct ip, ip_dst), 1487 sizeof(struct in_addr), 1488 (caddr_t)&dst.sin.sin_addr); 1489 1490 break; 1491 #ifdef INET6 1492 case AF_INET6: 1493 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1494 goto skiplookup; 1495 1496 ip6 = mtod(m, struct ip6_hdr *); 1497 1498 /* XXX We should chase down the header chain */ 1499 proto = ip6->ip6_nxt; 1500 off = offsetof(struct ip6_hdr, ip6_nxt); 1501 1502 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1503 proto != IPPROTO_IPCOMP) 1504 goto skiplookup; 1505 1506 bzero(&dst, sizeof(union sockaddr_union)); 1507 dst.sa.sa_family = AF_INET6; 1508 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1509 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1510 sizeof(struct in6_addr), 1511 (caddr_t)&dst.sin6.sin6_addr); 1512 1513 break; 1514 #endif /* INET6 */ 1515 default: 1516 return (0); 1517 } 1518 1519 switch (proto) { 1520 case IPPROTO_ESP: 1521 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1522 break; 1523 case IPPROTO_AH: 1524 m_copydata(m, hlen + sizeof(u_int32_t), 1525 sizeof(u_int32_t), (caddr_t)&spi); 1526 break; 1527 case IPPROTO_IPCOMP: 1528 m_copydata(m, hlen + sizeof(u_int16_t), 1529 sizeof(u_int16_t), (caddr_t)&cpi); 1530 spi = ntohl(htons(cpi)); 1531 break; 1532 } 1533 1534 NET_ASSERT_LOCKED(); 1535 1536 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1537 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1538 tdb->tdb_xform != NULL) { 1539 if (tdb->tdb_first_use == 0) { 1540 tdb->tdb_first_use = time_second; 1541 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1542 timeout_add_sec(&tdb->tdb_first_tmo, 1543 tdb->tdb_exp_first_use); 1544 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1545 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1546 tdb->tdb_soft_first_use); 1547 } 1548 1549 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1550 return (1); 1551 } else { 1552 skiplookup: 1553 /* XXX do an input policy lookup */ 1554 return (0); 1555 } 1556 } else { /* Outgoing from the bridge. */ 1557 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1558 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1559 if (tdb != NULL) { 1560 /* 1561 * We don't need to do loop detection, the 1562 * bridge will do that for us. 1563 */ 1564 #if NPF > 0 1565 if ((encif = enc_getif(tdb->tdb_rdomain, 1566 tdb->tdb_tap)) == NULL || 1567 pf_test(af, dir, encif, &m) != PF_PASS) { 1568 m_freem(m); 1569 return (1); 1570 } 1571 if (m == NULL) 1572 return (1); 1573 else if (af == AF_INET) 1574 in_proto_cksum_out(m, encif); 1575 #ifdef INET6 1576 else if (af == AF_INET6) 1577 in6_proto_cksum_out(m, encif); 1578 #endif /* INET6 */ 1579 #endif /* NPF */ 1580 1581 ip = mtod(m, struct ip *); 1582 if ((af == AF_INET) && 1583 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1584 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1585 tdb->tdb_mtutimeout > time_second) 1586 bridge_send_icmp_err(ifp, eh, m, 1587 hassnap, llc, tdb->tdb_mtu, 1588 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1589 else 1590 error = ipsp_process_packet(m, tdb, af, 0); 1591 return (1); 1592 } else 1593 return (0); 1594 } 1595 1596 return (0); 1597 } 1598 #endif /* IPSEC */ 1599 1600 /* 1601 * Filter IP packets by peeking into the ethernet frame. This violates 1602 * the ISO model, but allows us to act as a IP filter at the data link 1603 * layer. As a result, most of this code will look familiar to those 1604 * who've read net/if_ethersubr.c and netinet/ip_input.c 1605 */ 1606 struct mbuf * 1607 bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, 1608 struct ether_header *eh, struct mbuf *m) 1609 { 1610 struct llc llc; 1611 int hassnap = 0; 1612 struct ip *ip; 1613 int hlen; 1614 u_int16_t etype; 1615 1616 #if NVLAN > 0 1617 if (m->m_flags & M_VLANTAG) 1618 return (m); 1619 #endif 1620 1621 etype = ntohs(eh->ether_type); 1622 1623 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1624 if (etype > ETHERMTU || 1625 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1626 ETHER_HDR_LEN)) 1627 return (m); 1628 1629 m_copydata(m, ETHER_HDR_LEN, 1630 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1631 1632 if (llc.llc_dsap != LLC_SNAP_LSAP || 1633 llc.llc_ssap != LLC_SNAP_LSAP || 1634 llc.llc_control != LLC_UI || 1635 llc.llc_snap.org_code[0] || 1636 llc.llc_snap.org_code[1] || 1637 llc.llc_snap.org_code[2]) 1638 return (m); 1639 1640 etype = ntohs(llc.llc_snap.ether_type); 1641 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1642 return (m); 1643 hassnap = 1; 1644 } 1645 1646 m_adj(m, ETHER_HDR_LEN); 1647 if (hassnap) 1648 m_adj(m, LLC_SNAPFRAMELEN); 1649 1650 switch (etype) { 1651 1652 case ETHERTYPE_IP: 1653 if (m->m_pkthdr.len < sizeof(struct ip)) 1654 goto dropit; 1655 1656 /* Copy minimal header, and drop invalids */ 1657 if (m->m_len < sizeof(struct ip) && 1658 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1659 ipstat_inc(ips_toosmall); 1660 return (NULL); 1661 } 1662 ip = mtod(m, struct ip *); 1663 1664 if (ip->ip_v != IPVERSION) { 1665 ipstat_inc(ips_badvers); 1666 goto dropit; 1667 } 1668 1669 hlen = ip->ip_hl << 2; /* get whole header length */ 1670 if (hlen < sizeof(struct ip)) { 1671 ipstat_inc(ips_badhlen); 1672 goto dropit; 1673 } 1674 1675 if (hlen > m->m_len) { 1676 if ((m = m_pullup(m, hlen)) == NULL) { 1677 ipstat_inc(ips_badhlen); 1678 return (NULL); 1679 } 1680 ip = mtod(m, struct ip *); 1681 } 1682 1683 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1684 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1685 ipstat_inc(ips_badsum); 1686 goto dropit; 1687 } 1688 1689 ipstat_inc(ips_inswcsum); 1690 if (in_cksum(m, hlen) != 0) { 1691 ipstat_inc(ips_badsum); 1692 goto dropit; 1693 } 1694 } 1695 1696 if (ntohs(ip->ip_len) < hlen) 1697 goto dropit; 1698 1699 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1700 goto dropit; 1701 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1702 if (m->m_len == m->m_pkthdr.len) { 1703 m->m_len = ntohs(ip->ip_len); 1704 m->m_pkthdr.len = ntohs(ip->ip_len); 1705 } else 1706 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1707 } 1708 1709 #ifdef IPSEC 1710 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1711 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET, hlen, m)) 1712 return (NULL); 1713 #endif /* IPSEC */ 1714 #if NPF > 0 1715 /* Finally, we get to filter the packet! */ 1716 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1717 goto dropit; 1718 if (m == NULL) 1719 goto dropit; 1720 #endif /* NPF > 0 */ 1721 1722 /* Rebuild the IP header */ 1723 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1724 return (NULL); 1725 if (m->m_len < sizeof(struct ip)) 1726 goto dropit; 1727 in_proto_cksum_out(m, ifp); 1728 ip = mtod(m, struct ip *); 1729 ip->ip_sum = 0; 1730 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1731 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1732 else { 1733 ipstat_inc(ips_outswcsum); 1734 ip->ip_sum = in_cksum(m, hlen); 1735 } 1736 1737 break; 1738 1739 #ifdef INET6 1740 case ETHERTYPE_IPV6: { 1741 struct ip6_hdr *ip6; 1742 1743 if (m->m_len < sizeof(struct ip6_hdr)) { 1744 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1745 == NULL) { 1746 ip6stat_inc(ip6s_toosmall); 1747 return (NULL); 1748 } 1749 } 1750 1751 ip6 = mtod(m, struct ip6_hdr *); 1752 1753 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1754 ip6stat_inc(ip6s_badvers); 1755 goto dropit; 1756 } 1757 1758 #ifdef IPSEC 1759 hlen = sizeof(struct ip6_hdr); 1760 1761 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1762 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET6, hlen, 1763 m)) 1764 return (NULL); 1765 #endif /* IPSEC */ 1766 1767 #if NPF > 0 1768 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1769 goto dropit; 1770 if (m == NULL) 1771 return (NULL); 1772 #endif /* NPF > 0 */ 1773 in6_proto_cksum_out(m, ifp); 1774 1775 break; 1776 } 1777 #endif /* INET6 */ 1778 1779 default: 1780 goto dropit; 1781 break; 1782 } 1783 1784 /* Reattach SNAP header */ 1785 if (hassnap) { 1786 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1787 if (m == NULL) 1788 goto dropit; 1789 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1790 } 1791 1792 /* Reattach ethernet header */ 1793 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1794 if (m == NULL) 1795 goto dropit; 1796 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1797 1798 return (m); 1799 1800 dropit: 1801 m_freem(m); 1802 return (NULL); 1803 } 1804 1805 void 1806 bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh, 1807 struct mbuf *m) 1808 { 1809 struct llc llc; 1810 struct mbuf *m0; 1811 int error = 0; 1812 int hassnap = 0; 1813 u_int16_t etype; 1814 struct ip *ip; 1815 1816 etype = ntohs(eh->ether_type); 1817 #if NVLAN > 0 1818 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1819 etype == ETHERTYPE_QINQ) { 1820 int len = m->m_pkthdr.len; 1821 1822 if (m->m_flags & M_VLANTAG) 1823 len += ETHER_VLAN_ENCAP_LEN; 1824 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1825 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1826 bridge_ifenqueue(brifp, ifp, m); 1827 return; 1828 } 1829 goto dropit; 1830 } 1831 #endif 1832 if (etype != ETHERTYPE_IP) { 1833 if (etype > ETHERMTU || 1834 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1835 ETHER_HDR_LEN)) 1836 goto dropit; 1837 1838 m_copydata(m, ETHER_HDR_LEN, 1839 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1840 1841 if (llc.llc_dsap != LLC_SNAP_LSAP || 1842 llc.llc_ssap != LLC_SNAP_LSAP || 1843 llc.llc_control != LLC_UI || 1844 llc.llc_snap.org_code[0] || 1845 llc.llc_snap.org_code[1] || 1846 llc.llc_snap.org_code[2] || 1847 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1848 goto dropit; 1849 1850 hassnap = 1; 1851 } 1852 1853 m_adj(m, ETHER_HDR_LEN); 1854 if (hassnap) 1855 m_adj(m, LLC_SNAPFRAMELEN); 1856 1857 if (m->m_len < sizeof(struct ip) && 1858 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1859 goto dropit; 1860 ip = mtod(m, struct ip *); 1861 1862 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1863 if (ip->ip_off & htons(IP_DF)) { 1864 bridge_send_icmp_err(ifp, eh, m, hassnap, &llc, 1865 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1866 return; 1867 } 1868 1869 error = ip_fragment(m, ifp, ifp->if_mtu); 1870 if (error) { 1871 m = NULL; 1872 goto dropit; 1873 } 1874 1875 for (; m; m = m0) { 1876 m0 = m->m_nextpkt; 1877 m->m_nextpkt = NULL; 1878 if (error == 0) { 1879 if (hassnap) { 1880 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1881 if (m == NULL) { 1882 error = ENOBUFS; 1883 continue; 1884 } 1885 bcopy(&llc, mtod(m, caddr_t), 1886 LLC_SNAPFRAMELEN); 1887 } 1888 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1889 if (m == NULL) { 1890 error = ENOBUFS; 1891 continue; 1892 } 1893 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1894 error = bridge_ifenqueue(brifp, ifp, m); 1895 if (error) { 1896 continue; 1897 } 1898 } else 1899 m_freem(m); 1900 } 1901 1902 if (error == 0) 1903 ipstat_inc(ips_fragmented); 1904 1905 return; 1906 dropit: 1907 m_freem(m); 1908 } 1909 1910 int 1911 bridge_ifenqueue(struct ifnet *brifp, struct ifnet *ifp, struct mbuf *m) 1912 { 1913 int error, len; 1914 1915 /* Loop prevention. */ 1916 m->m_flags |= M_PROTO1; 1917 1918 len = m->m_pkthdr.len; 1919 1920 error = if_enqueue(ifp, m); 1921 if (error) { 1922 brifp->if_oerrors++; 1923 return (error); 1924 } 1925 1926 brifp->if_opackets++; 1927 brifp->if_obytes += len; 1928 1929 return (0); 1930 } 1931 1932 void 1933 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1934 { 1935 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1936 1937 m->m_flags |= M_PROTO1; 1938 1939 ml_enqueue(&ml, m); 1940 if_input(ifp, &ml); 1941 } 1942 1943 void 1944 bridge_send_icmp_err(struct ifnet *ifp, 1945 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1946 int mtu, int type, int code) 1947 { 1948 struct ip *ip; 1949 struct icmp *icp; 1950 struct in_addr t; 1951 struct mbuf *m, *n2; 1952 int hlen; 1953 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1954 1955 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1956 if (!n2) { 1957 m_freem(n); 1958 return; 1959 } 1960 m = icmp_do_error(n, type, code, 0, mtu); 1961 if (m == NULL) { 1962 m_freem(n2); 1963 return; 1964 } 1965 1966 n = n2; 1967 1968 ip = mtod(m, struct ip *); 1969 hlen = ip->ip_hl << 2; 1970 t = ip->ip_dst; 1971 ip->ip_dst = ip->ip_src; 1972 ip->ip_src = t; 1973 1974 m->m_data += hlen; 1975 m->m_len -= hlen; 1976 icp = mtod(m, struct icmp *); 1977 icp->icmp_cksum = 0; 1978 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1979 m->m_data -= hlen; 1980 m->m_len += hlen; 1981 1982 ip->ip_v = IPVERSION; 1983 ip->ip_off &= htons(IP_DF); 1984 ip->ip_id = htons(ip_randomid()); 1985 ip->ip_ttl = MAXTTL; 1986 ip->ip_sum = 0; 1987 ip->ip_sum = in_cksum(m, hlen); 1988 1989 /* Swap ethernet addresses */ 1990 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1991 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1992 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1993 1994 /* Reattach SNAP header */ 1995 if (hassnap) { 1996 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1997 if (m == NULL) 1998 goto dropit; 1999 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 2000 } 2001 2002 /* Reattach ethernet header */ 2003 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2004 if (m == NULL) 2005 goto dropit; 2006 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2007 2008 bridge_enqueue(ifp, m); 2009 m_freem(n); 2010 return; 2011 2012 dropit: 2013 m_freem(n); 2014 } 2015