1 /* $OpenBSD: if_bridge.c,v 1.333 2019/05/13 18:14:05 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/ioctl.h> 45 #include <sys/kernel.h> 46 47 #include <net/if.h> 48 #include <net/if_types.h> 49 #include <net/if_llc.h> 50 #include <net/netisr.h> 51 52 #include <netinet/in.h> 53 #include <netinet/ip.h> 54 #include <netinet/ip_var.h> 55 #include <netinet/if_ether.h> 56 #include <netinet/ip_icmp.h> 57 58 #ifdef IPSEC 59 #include <netinet/ip_ipsp.h> 60 #include <net/if_enc.h> 61 #endif 62 63 #ifdef INET6 64 #include <netinet6/in6_var.h> 65 #include <netinet/ip6.h> 66 #include <netinet6/ip6_var.h> 67 #endif 68 69 #if NPF > 0 70 #include <net/pfvar.h> 71 #define BRIDGE_IN PF_IN 72 #define BRIDGE_OUT PF_OUT 73 #else 74 #define BRIDGE_IN 0 75 #define BRIDGE_OUT 1 76 #endif 77 78 #if NBPFILTER > 0 79 #include <net/bpf.h> 80 #endif 81 82 #if NCARP > 0 83 #include <netinet/ip_carp.h> 84 #endif 85 86 #if NVLAN > 0 87 #include <net/if_vlan_var.h> 88 #endif 89 90 #include <net/if_bridge.h> 91 92 /* 93 * Maximum number of addresses to cache 94 */ 95 #ifndef BRIDGE_RTABLE_MAX 96 #define BRIDGE_RTABLE_MAX 100 97 #endif 98 99 /* 100 * Timeout (in seconds) for entries learned dynamically 101 */ 102 #ifndef BRIDGE_RTABLE_TIMEOUT 103 #define BRIDGE_RTABLE_TIMEOUT 240 104 #endif 105 106 void bridgeattach(int); 107 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 108 void bridge_ifdetach(void *); 109 void bridge_spandetach(void *); 110 int bridge_ifremove(struct bridge_iflist *); 111 void bridge_spanremove(struct bridge_iflist *); 112 int bridge_input(struct ifnet *, struct mbuf *, void *); 113 void bridge_process(struct ifnet *, struct mbuf *); 114 void bridgeintr_frame(struct ifnet *, struct ifnet *, struct mbuf *); 115 void bridge_bifgetstp(struct bridge_softc *, struct bridge_iflist *, 116 struct ifbreq *); 117 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 118 struct ether_header *, struct mbuf *); 119 int bridge_localbroadcast(struct ifnet *, struct ether_header *, 120 struct mbuf *); 121 void bridge_span(struct ifnet *, struct mbuf *); 122 void bridge_stop(struct bridge_softc *); 123 void bridge_init(struct bridge_softc *); 124 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 125 int bridge_blocknonip(struct ether_header *, struct mbuf *); 126 void bridge_ifinput(struct ifnet *, struct mbuf *); 127 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 128 struct rtentry *); 129 void bridge_send_icmp_err(struct ifnet *, struct ether_header *, 130 struct mbuf *, int, struct llc *, int, int, int); 131 int bridge_ifenqueue(struct ifnet *, struct ifnet *, struct mbuf *); 132 struct mbuf *bridge_ip(struct ifnet *, int, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 #ifdef IPSEC 135 int bridge_ipsec(struct ifnet *, struct ether_header *, int, struct llc *, 136 int, int, int, struct mbuf *); 137 #endif 138 int bridge_clone_create(struct if_clone *, int); 139 int bridge_clone_destroy(struct ifnet *); 140 141 #define ETHERADDR_IS_IP_MCAST(a) \ 142 /* struct etheraddr *a; */ \ 143 ((a)->ether_addr_octet[0] == 0x01 && \ 144 (a)->ether_addr_octet[1] == 0x00 && \ 145 (a)->ether_addr_octet[2] == 0x5e) 146 147 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 148 149 struct if_clone bridge_cloner = 150 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 151 152 void 153 bridgeattach(int n) 154 { 155 if_clone_attach(&bridge_cloner); 156 } 157 158 int 159 bridge_clone_create(struct if_clone *ifc, int unit) 160 { 161 struct bridge_softc *sc; 162 struct ifnet *ifp; 163 int i; 164 165 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 166 sc->sc_stp = bstp_create(&sc->sc_if); 167 if (!sc->sc_stp) { 168 free(sc, M_DEVBUF, sizeof *sc); 169 return (ENOMEM); 170 } 171 172 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 173 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 174 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 175 SMR_SLIST_INIT(&sc->sc_iflist); 176 SMR_SLIST_INIT(&sc->sc_spanlist); 177 mtx_init(&sc->sc_mtx, IPL_MPFLOOR); 178 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 179 LIST_INIT(&sc->sc_rts[i]); 180 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 181 ifp = &sc->sc_if; 182 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 183 unit); 184 ifp->if_softc = sc; 185 ifp->if_mtu = ETHERMTU; 186 ifp->if_ioctl = bridge_ioctl; 187 ifp->if_output = bridge_dummy_output; 188 ifp->if_xflags = IFXF_CLONED; 189 ifp->if_start = NULL; 190 ifp->if_type = IFT_BRIDGE; 191 ifp->if_hdrlen = ETHER_HDR_LEN; 192 193 if_attach(ifp); 194 if_alloc_sadl(ifp); 195 196 #if NBPFILTER > 0 197 bpfattach(&sc->sc_if.if_bpf, ifp, 198 DLT_EN10MB, ETHER_HDR_LEN); 199 #endif 200 201 if_ih_insert(ifp, ether_input, NULL); 202 203 return (0); 204 } 205 206 int 207 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 208 struct rtentry *rt) 209 { 210 m_freem(m); 211 return (EAFNOSUPPORT); 212 } 213 214 int 215 bridge_clone_destroy(struct ifnet *ifp) 216 { 217 struct bridge_softc *sc = ifp->if_softc; 218 struct bridge_iflist *bif; 219 220 /* 221 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 222 * use of smr_barrier() while holding the lock might lead to a 223 * deadlock situation. 224 */ 225 NET_ASSERT_UNLOCKED(); 226 227 bridge_stop(sc); 228 bridge_rtflush(sc, IFBF_FLUSHALL); 229 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_iflist)) != NULL) 230 bridge_ifremove(bif); 231 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_spanlist)) != NULL) 232 bridge_spanremove(bif); 233 234 bstp_destroy(sc->sc_stp); 235 236 /* Undo pseudo-driver changes. */ 237 if_deactivate(ifp); 238 239 if_ih_remove(ifp, ether_input, NULL); 240 241 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 242 243 if_detach(ifp); 244 245 free(sc, M_DEVBUF, sizeof *sc); 246 return (0); 247 } 248 249 int 250 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 251 { 252 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 253 struct ifbreq *req = (struct ifbreq *)data; 254 struct ifbropreq *brop = (struct ifbropreq *)data; 255 struct ifnet *ifs; 256 struct bridge_iflist *bif; 257 struct bstp_port *bp; 258 struct bstp_state *bs = sc->sc_stp; 259 int error = 0; 260 261 /* 262 * bridge(4) data structure aren't protected by the NET_LOCK(). 263 * Idealy it shouldn't be taken before calling `ifp->if_ioctl' 264 * but we aren't there yet. 265 */ 266 NET_UNLOCK(); 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL) { 279 error = if_clone_create(req->ifbr_ifsname, 0); 280 if (error == 0) 281 ifs = ifunit(req->ifbr_ifsname); 282 } 283 284 if (ifs == NULL) { /* no such interface */ 285 error = ENOENT; 286 break; 287 } 288 289 if (ifs->if_bridgeidx != 0) { 290 if (ifs->if_bridgeidx == ifp->if_index) 291 error = EEXIST; 292 else 293 error = EBUSY; 294 break; 295 } 296 297 /* If it's in the span list, it can't be a member. */ 298 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 299 if (bif->ifp == ifs) 300 break; 301 } 302 if (bif != NULL) { 303 error = EBUSY; 304 break; 305 } 306 307 if (ifs->if_type == IFT_ETHER) { 308 error = ifpromisc(ifs, 1); 309 if (error != 0) 310 break; 311 } else { 312 error = EINVAL; 313 break; 314 } 315 316 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 317 if (bif == NULL) { 318 if (ifs->if_type == IFT_ETHER) 319 ifpromisc(ifs, 0); 320 error = ENOMEM; 321 break; 322 } 323 324 bif->bridge_sc = sc; 325 bif->ifp = ifs; 326 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 327 SIMPLEQ_INIT(&bif->bif_brlin); 328 SIMPLEQ_INIT(&bif->bif_brlout); 329 ifs->if_bridgeidx = ifp->if_index; 330 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 331 bridge_ifdetach, bif); 332 if_ih_insert(bif->ifp, bridge_input, NULL); 333 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_iflist, bif, bif_next); 334 break; 335 case SIOCBRDGDEL: 336 if ((error = suser(curproc)) != 0) 337 break; 338 ifs = ifunit(req->ifbr_ifsname); 339 if (ifs == NULL) { 340 error = ENOENT; 341 break; 342 } 343 if (ifs->if_bridgeidx != ifp->if_index) { 344 error = ESRCH; 345 break; 346 } 347 bif = bridge_getbif(ifs); 348 bridge_ifremove(bif); 349 break; 350 case SIOCBRDGIFS: 351 error = bridge_bifconf(sc, (struct ifbifconf *)data); 352 break; 353 case SIOCBRDGADDS: 354 if ((error = suser(curproc)) != 0) 355 break; 356 ifs = ifunit(req->ifbr_ifsname); 357 if (ifs == NULL) { /* no such interface */ 358 error = ENOENT; 359 break; 360 } 361 if (ifs->if_type != IFT_ETHER) { 362 error = EINVAL; 363 break; 364 } 365 if (ifs->if_bridgeidx != 0) { 366 error = EBUSY; 367 break; 368 } 369 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 370 if (bif->ifp == ifs) 371 break; 372 } 373 if (bif != NULL) { 374 error = EEXIST; 375 break; 376 } 377 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 378 if (bif == NULL) { 379 error = ENOMEM; 380 break; 381 } 382 bif->bridge_sc = sc; 383 bif->ifp = ifs; 384 bif->bif_flags = IFBIF_SPAN; 385 SIMPLEQ_INIT(&bif->bif_brlin); 386 SIMPLEQ_INIT(&bif->bif_brlout); 387 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 388 bridge_spandetach, bif); 389 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_spanlist, bif, bif_next); 390 break; 391 case SIOCBRDGDELS: 392 if ((error = suser(curproc)) != 0) 393 break; 394 ifs = ifunit(req->ifbr_ifsname); 395 if (ifs == NULL) { 396 error = ENOENT; 397 break; 398 } 399 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 400 if (bif->ifp == ifs) 401 break; 402 } 403 if (bif == NULL) { 404 error = ESRCH; 405 break; 406 } 407 bridge_spanremove(bif); 408 break; 409 case SIOCBRDGGIFFLGS: 410 ifs = ifunit(req->ifbr_ifsname); 411 if (ifs == NULL) { 412 error = ENOENT; 413 break; 414 } 415 if (ifs->if_bridgeidx != ifp->if_index) { 416 error = ESRCH; 417 break; 418 } 419 bif = bridge_getbif(ifs); 420 req->ifbr_ifsflags = bif->bif_flags; 421 req->ifbr_portno = bif->ifp->if_index & 0xfff; 422 req->ifbr_protected = bif->bif_protected; 423 if (bif->bif_flags & IFBIF_STP) 424 bridge_bifgetstp(sc, bif, req); 425 break; 426 case SIOCBRDGSIFFLGS: 427 if ((error = suser(curproc)) != 0) 428 break; 429 ifs = ifunit(req->ifbr_ifsname); 430 if (ifs == NULL) { 431 error = ENOENT; 432 break; 433 } 434 if (ifs->if_bridgeidx != ifp->if_index) { 435 error = ESRCH; 436 break; 437 } 438 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 439 error = EINVAL; 440 break; 441 } 442 bif = bridge_getbif(ifs); 443 if (req->ifbr_ifsflags & IFBIF_STP) { 444 if ((bif->bif_flags & IFBIF_STP) == 0) { 445 /* Enable STP */ 446 if ((bif->bif_stp = bstp_add(sc->sc_stp, 447 bif->ifp)) == NULL) { 448 error = ENOMEM; 449 break; 450 } 451 } else { 452 /* Update STP flags */ 453 bstp_ifsflags(bif->bif_stp, req->ifbr_ifsflags); 454 } 455 } else if (bif->bif_flags & IFBIF_STP) { 456 bstp_delete(bif->bif_stp); 457 bif->bif_stp = NULL; 458 } 459 bif->bif_flags = req->ifbr_ifsflags; 460 break; 461 case SIOCSIFFLAGS: 462 if ((ifp->if_flags & IFF_UP) == IFF_UP) 463 bridge_init(sc); 464 465 if ((ifp->if_flags & IFF_UP) == 0) 466 bridge_stop(sc); 467 468 break; 469 case SIOCBRDGGPARAM: 470 if ((bp = bs->bs_root_port) == NULL) 471 brop->ifbop_root_port = 0; 472 else 473 brop->ifbop_root_port = bp->bp_ifp->if_index; 474 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 475 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 476 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 477 brop->ifbop_holdcount = bs->bs_txholdcount; 478 brop->ifbop_priority = bs->bs_bridge_priority; 479 brop->ifbop_protocol = bs->bs_protover; 480 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 481 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 482 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 483 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 484 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 485 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 486 break; 487 case SIOCBRDGSIFPROT: 488 ifs = ifunit(req->ifbr_ifsname); 489 if (ifs == NULL) { 490 error = ENOENT; 491 break; 492 } 493 if (ifs->if_bridgeidx != ifp->if_index) { 494 error = ESRCH; 495 break; 496 } 497 bif = bridge_getbif(ifs); 498 bif->bif_protected = req->ifbr_protected; 499 break; 500 case SIOCBRDGRTS: 501 case SIOCBRDGGCACHE: 502 case SIOCBRDGGPRI: 503 case SIOCBRDGGMA: 504 case SIOCBRDGGHT: 505 case SIOCBRDGGFD: 506 case SIOCBRDGGTO: 507 case SIOCBRDGGRL: 508 break; 509 case SIOCBRDGFLUSH: 510 case SIOCBRDGSADDR: 511 case SIOCBRDGDADDR: 512 case SIOCBRDGSCACHE: 513 case SIOCBRDGSTO: 514 case SIOCBRDGARL: 515 case SIOCBRDGFRL: 516 case SIOCBRDGSPRI: 517 case SIOCBRDGSFD: 518 case SIOCBRDGSMA: 519 case SIOCBRDGSHT: 520 case SIOCBRDGSTXHC: 521 case SIOCBRDGSPROTO: 522 case SIOCBRDGSIFPRIO: 523 case SIOCBRDGSIFCOST: 524 error = suser(curproc); 525 break; 526 default: 527 error = ENOTTY; 528 break; 529 } 530 531 if (!error) 532 error = bridgectl_ioctl(ifp, cmd, data); 533 534 if (!error) 535 error = bstp_ioctl(ifp, cmd, data); 536 537 NET_LOCK(); 538 return (error); 539 } 540 541 /* Detach an interface from a bridge. */ 542 int 543 bridge_ifremove(struct bridge_iflist *bif) 544 { 545 struct bridge_softc *sc = bif->bridge_sc; 546 int error; 547 548 SMR_SLIST_REMOVE_LOCKED(&sc->sc_iflist, bif, bridge_iflist, bif_next); 549 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 550 if_ih_remove(bif->ifp, bridge_input, NULL); 551 552 smr_barrier(); 553 554 if (bif->bif_flags & IFBIF_STP) { 555 bstp_delete(bif->bif_stp); 556 bif->bif_stp = NULL; 557 } 558 559 bif->ifp->if_bridgeidx = 0; 560 error = ifpromisc(bif->ifp, 0); 561 562 bridge_rtdelete(sc, bif->ifp, 0); 563 bridge_flushrule(bif); 564 565 bif->ifp = NULL; 566 free(bif, M_DEVBUF, sizeof(*bif)); 567 568 return (error); 569 } 570 571 void 572 bridge_spanremove(struct bridge_iflist *bif) 573 { 574 struct bridge_softc *sc = bif->bridge_sc; 575 576 SMR_SLIST_REMOVE_LOCKED(&sc->sc_spanlist, bif, bridge_iflist, bif_next); 577 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 578 579 smr_barrier(); 580 581 bif->ifp = NULL; 582 free(bif, M_DEVBUF, sizeof(*bif)); 583 } 584 585 void 586 bridge_ifdetach(void *xbif) 587 { 588 struct bridge_iflist *bif = xbif; 589 590 /* 591 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 592 * use of smr_barrier() while holding the lock might lead to a 593 * deadlock situation. 594 */ 595 NET_UNLOCK(); 596 bridge_ifremove(bif); 597 NET_LOCK(); 598 } 599 600 void 601 bridge_spandetach(void *xbif) 602 { 603 struct bridge_iflist *bif = xbif; 604 605 /* 606 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 607 * use of smr_barrier() while holding the lock might lead to a 608 * deadlock situation. 609 */ 610 NET_UNLOCK(); 611 bridge_spanremove(bif); 612 NET_LOCK(); 613 } 614 615 void 616 bridge_bifgetstp(struct bridge_softc *sc, struct bridge_iflist *bif, 617 struct ifbreq *breq) 618 { 619 struct bstp_state *bs = sc->sc_stp; 620 struct bstp_port *bp = bif->bif_stp; 621 622 breq->ifbr_state = bstp_getstate(bs, bp); 623 breq->ifbr_priority = bp->bp_priority; 624 breq->ifbr_path_cost = bp->bp_path_cost; 625 breq->ifbr_proto = bp->bp_protover; 626 breq->ifbr_role = bp->bp_role; 627 breq->ifbr_stpflags = bp->bp_flags; 628 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 629 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 630 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 631 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 632 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 633 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 634 635 /* Copy STP state options as flags */ 636 if (bp->bp_operedge) 637 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 638 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 639 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 640 if (bp->bp_ptp_link) 641 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 642 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 643 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 644 } 645 646 int 647 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 648 { 649 struct bridge_iflist *bif; 650 u_int32_t total = 0, i = 0; 651 int error = 0; 652 struct ifbreq *breq, *breqs = NULL; 653 654 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) 655 total++; 656 657 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) 658 total++; 659 660 if (bifc->ifbic_len == 0) { 661 i = total; 662 goto done; 663 } 664 665 breqs = mallocarray(total, sizeof(*breqs), M_TEMP, M_NOWAIT|M_ZERO); 666 if (breqs == NULL) 667 goto done; 668 669 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 670 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 671 break; 672 breq = &breqs[i]; 673 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 674 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 675 breq->ifbr_ifsflags = bif->bif_flags; 676 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 677 breq->ifbr_protected = bif->bif_protected; 678 if (bif->bif_flags & IFBIF_STP) 679 bridge_bifgetstp(sc, bif, breq); 680 i++; 681 } 682 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 683 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 684 break; 685 breq = &breqs[i]; 686 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 687 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 688 breq->ifbr_ifsflags = bif->bif_flags | IFBIF_SPAN; 689 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 690 i++; 691 } 692 693 error = copyout(breqs, bifc->ifbic_req, i * sizeof(*breqs)); 694 done: 695 free(breqs, M_TEMP, total * sizeof(*breq)); 696 bifc->ifbic_len = i * sizeof(*breq); 697 return (error); 698 } 699 700 struct bridge_iflist * 701 bridge_getbif(struct ifnet *ifp) 702 { 703 struct bridge_iflist *bif; 704 struct bridge_softc *sc; 705 struct ifnet *bifp; 706 707 KERNEL_ASSERT_LOCKED(); 708 709 bifp = if_get(ifp->if_bridgeidx); 710 if (bifp == NULL) 711 return (NULL); 712 713 sc = bifp->if_softc; 714 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 715 if (bif->ifp == ifp) 716 break; 717 } 718 719 if_put(bifp); 720 721 return (bif); 722 } 723 724 void 725 bridge_init(struct bridge_softc *sc) 726 { 727 struct ifnet *ifp = &sc->sc_if; 728 729 if (ISSET(ifp->if_flags, IFF_RUNNING)) 730 return; 731 732 bstp_initialization(sc->sc_stp); 733 734 if (sc->sc_brttimeout != 0) 735 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 736 737 SET(ifp->if_flags, IFF_RUNNING); 738 } 739 740 /* 741 * Stop the bridge and deallocate the routing table. 742 */ 743 void 744 bridge_stop(struct bridge_softc *sc) 745 { 746 struct ifnet *ifp = &sc->sc_if; 747 748 if (!ISSET(ifp->if_flags, IFF_RUNNING)) 749 return; 750 751 CLR(ifp->if_flags, IFF_RUNNING); 752 753 timeout_del_barrier(&sc->sc_brtimeout); 754 755 bridge_rtflush(sc, IFBF_FLUSHDYN); 756 } 757 758 /* 759 * Send output from the bridge. The mbuf has the ethernet header 760 * already attached. We must enqueue or free the mbuf before exiting. 761 */ 762 int 763 bridge_enqueue(struct ifnet *ifp, struct mbuf *m) 764 { 765 struct ifnet *brifp; 766 struct ether_header *eh; 767 struct ifnet *dst_if = NULL; 768 unsigned int dst_ifidx = 0; 769 #if NBPFILTER > 0 770 caddr_t if_bpf; 771 #endif 772 int error = 0; 773 774 if (m->m_len < sizeof(*eh)) { 775 m = m_pullup(m, sizeof(*eh)); 776 if (m == NULL) 777 return (ENOBUFS); 778 } 779 780 /* ifp must be a member interface of the bridge. */ 781 brifp = if_get(ifp->if_bridgeidx); 782 if (brifp == NULL) { 783 m_freem(m); 784 return (EINVAL); 785 } 786 787 /* 788 * If bridge is down, but original output interface is up, 789 * go ahead and send out that interface. Otherwise the packet 790 * is dropped below. 791 */ 792 if (!ISSET(brifp->if_flags, IFF_RUNNING)) { 793 /* Loop prevention. */ 794 m->m_flags |= M_PROTO1; 795 error = if_enqueue(ifp, m); 796 if_put(brifp); 797 return (error); 798 } 799 800 #if NBPFILTER > 0 801 if_bpf = brifp->if_bpf; 802 if (if_bpf) 803 bpf_mtap(if_bpf, m, BPF_DIRECTION_OUT); 804 #endif 805 ifp->if_opackets++; 806 ifp->if_obytes += m->m_pkthdr.len; 807 808 bridge_span(brifp, m); 809 810 eh = mtod(m, struct ether_header *); 811 if (!ETHER_IS_MULTICAST(eh->ether_dhost)) { 812 struct ether_addr *dst; 813 814 dst = (struct ether_addr *)&eh->ether_dhost[0]; 815 dst_ifidx = bridge_rtlookup(brifp, dst, m); 816 } 817 818 /* 819 * If the packet is a broadcast or we don't know a better way to 820 * get there, send to all interfaces. 821 */ 822 if (dst_ifidx == 0) { 823 struct bridge_softc *sc = brifp->if_softc; 824 struct bridge_iflist *bif; 825 struct mbuf *mc; 826 827 smr_read_enter(); 828 SMR_SLIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 829 dst_if = bif->ifp; 830 if ((dst_if->if_flags & IFF_RUNNING) == 0) 831 continue; 832 833 /* 834 * If this is not the original output interface, 835 * and the interface is participating in spanning 836 * tree, make sure the port is in a state that 837 * allows forwarding. 838 */ 839 if (dst_if != ifp && 840 (bif->bif_flags & IFBIF_STP) && 841 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 842 continue; 843 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 844 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 845 continue; 846 847 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 848 BRL_ACTION_BLOCK) 849 continue; 850 851 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 852 if (mc == NULL) { 853 brifp->if_oerrors++; 854 continue; 855 } 856 857 error = bridge_ifenqueue(brifp, dst_if, mc); 858 if (error) 859 continue; 860 } 861 smr_read_leave(); 862 m_freem(m); 863 goto out; 864 } 865 866 dst_if = if_get(dst_ifidx); 867 if ((dst_if == NULL) || !ISSET(dst_if->if_flags, IFF_RUNNING)) { 868 m_freem(m); 869 if_put(dst_if); 870 error = ENETDOWN; 871 goto out; 872 } 873 874 bridge_ifenqueue(brifp, dst_if, m); 875 if_put(dst_if); 876 out: 877 if_put(brifp); 878 return (error); 879 } 880 881 /* 882 * Loop through each bridge interface and process their input queues. 883 */ 884 void 885 bridgeintr(void) 886 { 887 struct mbuf_list ml; 888 struct mbuf *m; 889 struct ifnet *ifp; 890 891 niq_delist(&bridgeintrq, &ml); 892 if (ml_empty(&ml)) 893 return; 894 895 KERNEL_LOCK(); 896 while ((m = ml_dequeue(&ml)) != NULL) { 897 898 ifp = if_get(m->m_pkthdr.ph_ifidx); 899 if (ifp == NULL) { 900 m_freem(m); 901 continue; 902 } 903 904 bridge_process(ifp, m); 905 906 if_put(ifp); 907 } 908 KERNEL_UNLOCK(); 909 } 910 911 /* 912 * Process a single frame. Frame must be freed or queued before returning. 913 */ 914 void 915 bridgeintr_frame(struct ifnet *brifp, struct ifnet *src_if, struct mbuf *m) 916 { 917 struct bridge_softc *sc = brifp->if_softc; 918 struct ifnet *dst_if = NULL; 919 struct bridge_iflist *bif; 920 struct ether_addr *dst, *src; 921 struct ether_header eh; 922 unsigned int dst_ifidx; 923 u_int32_t protected; 924 int len; 925 926 927 sc->sc_if.if_ipackets++; 928 sc->sc_if.if_ibytes += m->m_pkthdr.len; 929 930 bif = bridge_getbif(src_if); 931 KASSERT(bif != NULL); 932 933 if (m->m_pkthdr.len < sizeof(eh)) { 934 m_freem(m); 935 return; 936 } 937 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 938 dst = (struct ether_addr *)&eh.ether_dhost[0]; 939 src = (struct ether_addr *)&eh.ether_shost[0]; 940 941 /* 942 * If interface is learning, and if source address 943 * is not broadcast or multicast, record its address. 944 */ 945 if ((bif->bif_flags & IFBIF_LEARNING) && 946 (eh.ether_shost[0] & 1) == 0 && 947 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 948 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 949 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 950 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 951 952 if ((bif->bif_flags & IFBIF_STP) && 953 (bif->bif_state == BSTP_IFSTATE_LEARNING)) { 954 m_freem(m); 955 return; 956 } 957 958 /* 959 * At this point, the port either doesn't participate in stp or 960 * it's in the forwarding state 961 */ 962 963 /* 964 * If packet is unicast, destined for someone on "this" 965 * side of the bridge, drop it. 966 */ 967 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 968 dst_ifidx = bridge_rtlookup(brifp, dst, NULL); 969 if (dst_ifidx == src_if->if_index) { 970 m_freem(m); 971 return; 972 } 973 } else { 974 if (memcmp(etherbroadcastaddr, eh.ether_dhost, 975 sizeof(etherbroadcastaddr)) == 0) 976 m->m_flags |= M_BCAST; 977 else 978 m->m_flags |= M_MCAST; 979 } 980 981 /* 982 * Multicast packets get handled a little differently: 983 * If interface is: 984 * -link0,-link1 (default) Forward all multicast 985 * as broadcast. 986 * -link0,link1 Drop non-IP multicast, forward 987 * as broadcast IP multicast. 988 * link0,-link1 Drop IP multicast, forward as 989 * broadcast non-IP multicast. 990 * link0,link1 Drop all multicast. 991 */ 992 if (m->m_flags & M_MCAST) { 993 if ((sc->sc_if.if_flags & 994 (IFF_LINK0 | IFF_LINK1)) == 995 (IFF_LINK0 | IFF_LINK1)) { 996 m_freem(m); 997 return; 998 } 999 if (sc->sc_if.if_flags & IFF_LINK0 && 1000 ETHERADDR_IS_IP_MCAST(dst)) { 1001 m_freem(m); 1002 return; 1003 } 1004 if (sc->sc_if.if_flags & IFF_LINK1 && 1005 !ETHERADDR_IS_IP_MCAST(dst)) { 1006 m_freem(m); 1007 return; 1008 } 1009 } 1010 1011 if (bif->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 1012 m_freem(m); 1013 return; 1014 } 1015 1016 if (bridge_filterrule(&bif->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 1017 m_freem(m); 1018 return; 1019 } 1020 m = bridge_ip(&sc->sc_if, BRIDGE_IN, src_if, &eh, m); 1021 if (m == NULL) 1022 return; 1023 /* 1024 * If the packet is a multicast or broadcast OR if we don't 1025 * know any better, forward it to all interfaces. 1026 */ 1027 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_ifidx == 0) { 1028 sc->sc_if.if_imcasts++; 1029 bridge_broadcast(sc, src_if, &eh, m); 1030 return; 1031 } 1032 protected = bif->bif_protected; 1033 1034 dst_if = if_get(dst_ifidx); 1035 if (dst_if == NULL) 1036 goto bad; 1037 1038 /* 1039 * At this point, we're dealing with a unicast frame going to a 1040 * different interface 1041 */ 1042 if (!ISSET(dst_if->if_flags, IFF_RUNNING)) 1043 goto bad; 1044 bif = bridge_getbif(dst_if); 1045 if ((bif == NULL) || ((bif->bif_flags & IFBIF_STP) && 1046 (bif->bif_state == BSTP_IFSTATE_DISCARDING))) 1047 goto bad; 1048 /* 1049 * Do not transmit if both ports are part of the same protected 1050 * domain. 1051 */ 1052 if (protected != 0 && (protected & bif->bif_protected)) 1053 goto bad; 1054 if (bridge_filterrule(&bif->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) 1055 goto bad; 1056 m = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, &eh, m); 1057 if (m == NULL) 1058 goto bad; 1059 1060 len = m->m_pkthdr.len; 1061 #if NVLAN > 0 1062 if ((m->m_flags & M_VLANTAG) && 1063 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1064 len += ETHER_VLAN_ENCAP_LEN; 1065 #endif 1066 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1067 bridge_fragment(&sc->sc_if, dst_if, &eh, m); 1068 else { 1069 bridge_ifenqueue(&sc->sc_if, dst_if, m); 1070 } 1071 m = NULL; 1072 bad: 1073 if_put(dst_if); 1074 m_freem(m); 1075 } 1076 1077 /* 1078 * Return 1 if `ena' belongs to `bif', 0 otherwise. 1079 */ 1080 int 1081 bridge_ourether(struct ifnet *ifp, uint8_t *ena) 1082 { 1083 struct arpcom *ac = (struct arpcom *)ifp; 1084 1085 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1086 return (1); 1087 1088 #if NCARP > 0 1089 if (carp_ourether(ifp, ena)) 1090 return (1); 1091 #endif 1092 1093 return (0); 1094 } 1095 1096 /* 1097 * Receive input from an interface. Queue the packet for bridging if its 1098 * not for us, and schedule an interrupt. 1099 */ 1100 int 1101 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1102 { 1103 KASSERT(m->m_flags & M_PKTHDR); 1104 1105 if (m->m_flags & M_PROTO1) { 1106 m->m_flags &= ~M_PROTO1; 1107 return (0); 1108 } 1109 1110 niq_enqueue(&bridgeintrq, m); 1111 1112 return (1); 1113 } 1114 1115 void 1116 bridge_process(struct ifnet *ifp, struct mbuf *m) 1117 { 1118 struct ifnet *brifp; 1119 struct bridge_softc *sc; 1120 struct bridge_iflist *bif, *bif0; 1121 struct ether_header *eh; 1122 struct mbuf *mc; 1123 #if NBPFILTER > 0 1124 caddr_t if_bpf; 1125 #endif 1126 1127 KERNEL_ASSERT_LOCKED(); 1128 1129 brifp = if_get(ifp->if_bridgeidx); 1130 if ((brifp == NULL) || !ISSET(brifp->if_flags, IFF_RUNNING)) 1131 goto reenqueue; 1132 1133 #if NVLAN > 0 1134 /* 1135 * If the underlying interface removed the VLAN header itself, 1136 * add it back. 1137 */ 1138 if (ISSET(m->m_flags, M_VLANTAG)) { 1139 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1140 if (m == NULL) 1141 goto bad; 1142 } 1143 #endif 1144 1145 #if NBPFILTER > 0 1146 if_bpf = brifp->if_bpf; 1147 if (if_bpf) 1148 bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN); 1149 #endif 1150 1151 sc = brifp->if_softc; 1152 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1153 if (bif->ifp == ifp) 1154 break; 1155 } 1156 if (bif == NULL) 1157 goto reenqueue; 1158 1159 bridge_span(brifp, m); 1160 1161 eh = mtod(m, struct ether_header *); 1162 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1163 /* 1164 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1165 * should not be forwarded to bridge members according to 1166 * section 7.12.6 of the 802.1D-2004 specification. The 1167 * STP destination address (as stored in bstp_etheraddr) 1168 * is the first of these. 1169 */ 1170 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1171 ETHER_ADDR_LEN - 1) == 0) { 1172 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1173 /* STP traffic */ 1174 m = bstp_input(sc->sc_stp, bif->bif_stp, eh, m); 1175 if (m == NULL) 1176 goto bad; 1177 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) 1178 goto bad; 1179 } 1180 1181 /* 1182 * No need to process frames for ifs in the discarding state 1183 */ 1184 if ((bif->bif_flags & IFBIF_STP) && 1185 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1186 goto reenqueue; 1187 1188 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1189 if (mc == NULL) 1190 goto reenqueue; 1191 1192 bridge_ifinput(ifp, mc); 1193 1194 bridgeintr_frame(brifp, ifp, m); 1195 if_put(brifp); 1196 return; 1197 } 1198 1199 /* 1200 * Unicast, make sure it's not for us. 1201 */ 1202 bif0 = bif; 1203 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1204 if (bif->ifp->if_type != IFT_ETHER) 1205 continue; 1206 if (bridge_ourether(bif->ifp, eh->ether_dhost)) { 1207 if (bif0->bif_flags & IFBIF_LEARNING) 1208 bridge_rtupdate(sc, 1209 (struct ether_addr *)&eh->ether_shost, 1210 ifp, 0, IFBAF_DYNAMIC, m); 1211 if (bridge_filterrule(&bif0->bif_brlin, eh, m) == 1212 BRL_ACTION_BLOCK) { 1213 goto bad; 1214 } 1215 1216 /* Count for the bridge */ 1217 brifp->if_ipackets++; 1218 brifp->if_ibytes += m->m_pkthdr.len; 1219 1220 ifp = bif->ifp; 1221 goto reenqueue; 1222 } 1223 if (bridge_ourether(bif->ifp, eh->ether_shost)) 1224 goto bad; 1225 } 1226 1227 bridgeintr_frame(brifp, ifp, m); 1228 if_put(brifp); 1229 return; 1230 1231 reenqueue: 1232 bridge_ifinput(ifp, m); 1233 m = NULL; 1234 bad: 1235 m_freem(m); 1236 if_put(brifp); 1237 } 1238 1239 /* 1240 * Send a frame to all interfaces that are members of the bridge 1241 * (except the one it came in on). 1242 */ 1243 void 1244 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1245 struct ether_header *eh, struct mbuf *m) 1246 { 1247 struct bridge_iflist *bif; 1248 struct mbuf *mc; 1249 struct ifnet *dst_if; 1250 int len, used = 0; 1251 u_int32_t protected; 1252 1253 bif = bridge_getbif(ifp); 1254 KASSERT(bif != NULL); 1255 protected = bif->bif_protected; 1256 1257 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1258 dst_if = bif->ifp; 1259 1260 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1261 continue; 1262 1263 if ((bif->bif_flags & IFBIF_STP) && 1264 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1265 continue; 1266 1267 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1268 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1269 continue; 1270 1271 /* Drop non-IP frames if the appropriate flag is set. */ 1272 if (bif->bif_flags & IFBIF_BLOCKNONIP && 1273 bridge_blocknonip(eh, m)) 1274 continue; 1275 1276 /* 1277 * Do not transmit if both ports are part of the same 1278 * protected domain. 1279 */ 1280 if (protected != 0 && (protected & bif->bif_protected)) 1281 continue; 1282 1283 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 1284 BRL_ACTION_BLOCK) 1285 continue; 1286 1287 /* 1288 * Don't retransmit out of the same interface where 1289 * the packet was received from. 1290 */ 1291 if (dst_if->if_index == ifp->if_index) 1292 continue; 1293 1294 if (bridge_localbroadcast(dst_if, eh, m)) 1295 sc->sc_if.if_oerrors++; 1296 1297 /* If last one, reuse the passed-in mbuf */ 1298 if (SMR_SLIST_NEXT_LOCKED(bif, bif_next) == NULL) { 1299 mc = m; 1300 used = 1; 1301 } else { 1302 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1303 if (mc == NULL) { 1304 sc->sc_if.if_oerrors++; 1305 continue; 1306 } 1307 } 1308 1309 mc = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, eh, mc); 1310 if (mc == NULL) 1311 continue; 1312 1313 len = mc->m_pkthdr.len; 1314 #if NVLAN > 0 1315 if ((mc->m_flags & M_VLANTAG) && 1316 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1317 len += ETHER_VLAN_ENCAP_LEN; 1318 #endif 1319 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1320 bridge_fragment(&sc->sc_if, dst_if, eh, mc); 1321 else { 1322 bridge_ifenqueue(&sc->sc_if, dst_if, mc); 1323 } 1324 } 1325 1326 if (!used) 1327 m_freem(m); 1328 } 1329 1330 int 1331 bridge_localbroadcast(struct ifnet *ifp, struct ether_header *eh, 1332 struct mbuf *m) 1333 { 1334 struct mbuf *m1; 1335 u_int16_t etype; 1336 1337 /* 1338 * quick optimisation, don't send packets up the stack if no 1339 * corresponding address has been specified. 1340 */ 1341 etype = ntohs(eh->ether_type); 1342 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1343 struct ifaddr *ifa; 1344 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1345 if (ifa->ifa_addr->sa_family == AF_INET) 1346 break; 1347 } 1348 if (ifa == NULL) 1349 return (0); 1350 } 1351 1352 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1353 if (m1 == NULL) 1354 return (1); 1355 1356 #if NPF > 0 1357 pf_pkt_addr_changed(m1); 1358 #endif /* NPF */ 1359 1360 bridge_ifinput(ifp, m1); 1361 1362 return (0); 1363 } 1364 1365 void 1366 bridge_span(struct ifnet *brifp, struct mbuf *m) 1367 { 1368 struct bridge_softc *sc = brifp->if_softc; 1369 struct bridge_iflist *bif; 1370 struct ifnet *ifp; 1371 struct mbuf *mc; 1372 int error; 1373 1374 smr_read_enter(); 1375 SMR_SLIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1376 ifp = bif->ifp; 1377 1378 if ((ifp->if_flags & IFF_RUNNING) == 0) 1379 continue; 1380 1381 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1382 if (mc == NULL) { 1383 brifp->if_oerrors++; 1384 continue; 1385 } 1386 1387 error = bridge_ifenqueue(brifp, ifp, mc); 1388 if (error) 1389 continue; 1390 } 1391 smr_read_leave(); 1392 } 1393 1394 /* 1395 * Block non-ip frames: 1396 * Returns 0 if frame is ip, and 1 if it should be dropped. 1397 */ 1398 int 1399 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1400 { 1401 struct llc llc; 1402 u_int16_t etype; 1403 1404 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1405 return (1); 1406 1407 #if NVLAN > 0 1408 if (m->m_flags & M_VLANTAG) 1409 return (1); 1410 #endif 1411 1412 etype = ntohs(eh->ether_type); 1413 switch (etype) { 1414 case ETHERTYPE_ARP: 1415 case ETHERTYPE_REVARP: 1416 case ETHERTYPE_IP: 1417 case ETHERTYPE_IPV6: 1418 return (0); 1419 } 1420 1421 if (etype > ETHERMTU) 1422 return (1); 1423 1424 if (m->m_pkthdr.len < 1425 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1426 return (1); 1427 1428 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1429 (caddr_t)&llc); 1430 1431 etype = ntohs(llc.llc_snap.ether_type); 1432 if (llc.llc_dsap == LLC_SNAP_LSAP && 1433 llc.llc_ssap == LLC_SNAP_LSAP && 1434 llc.llc_control == LLC_UI && 1435 llc.llc_snap.org_code[0] == 0 && 1436 llc.llc_snap.org_code[1] == 0 && 1437 llc.llc_snap.org_code[2] == 0 && 1438 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1439 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1440 return (0); 1441 } 1442 1443 return (1); 1444 } 1445 1446 #ifdef IPSEC 1447 int 1448 bridge_ipsec(struct ifnet *ifp, struct ether_header *eh, int hassnap, 1449 struct llc *llc, int dir, int af, int hlen, struct mbuf *m) 1450 { 1451 union sockaddr_union dst; 1452 struct tdb *tdb; 1453 u_int32_t spi; 1454 u_int16_t cpi; 1455 int error, off; 1456 u_int8_t proto = 0; 1457 struct ip *ip; 1458 #ifdef INET6 1459 struct ip6_hdr *ip6; 1460 #endif /* INET6 */ 1461 #if NPF > 0 1462 struct ifnet *encif; 1463 #endif 1464 1465 if (dir == BRIDGE_IN) { 1466 switch (af) { 1467 case AF_INET: 1468 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1469 goto skiplookup; 1470 1471 ip = mtod(m, struct ip *); 1472 proto = ip->ip_p; 1473 off = offsetof(struct ip, ip_p); 1474 1475 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1476 proto != IPPROTO_IPCOMP) 1477 goto skiplookup; 1478 1479 bzero(&dst, sizeof(union sockaddr_union)); 1480 dst.sa.sa_family = AF_INET; 1481 dst.sin.sin_len = sizeof(struct sockaddr_in); 1482 m_copydata(m, offsetof(struct ip, ip_dst), 1483 sizeof(struct in_addr), 1484 (caddr_t)&dst.sin.sin_addr); 1485 1486 break; 1487 #ifdef INET6 1488 case AF_INET6: 1489 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1490 goto skiplookup; 1491 1492 ip6 = mtod(m, struct ip6_hdr *); 1493 1494 /* XXX We should chase down the header chain */ 1495 proto = ip6->ip6_nxt; 1496 off = offsetof(struct ip6_hdr, ip6_nxt); 1497 1498 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1499 proto != IPPROTO_IPCOMP) 1500 goto skiplookup; 1501 1502 bzero(&dst, sizeof(union sockaddr_union)); 1503 dst.sa.sa_family = AF_INET6; 1504 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1505 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1506 sizeof(struct in6_addr), 1507 (caddr_t)&dst.sin6.sin6_addr); 1508 1509 break; 1510 #endif /* INET6 */ 1511 default: 1512 return (0); 1513 } 1514 1515 switch (proto) { 1516 case IPPROTO_ESP: 1517 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1518 break; 1519 case IPPROTO_AH: 1520 m_copydata(m, hlen + sizeof(u_int32_t), 1521 sizeof(u_int32_t), (caddr_t)&spi); 1522 break; 1523 case IPPROTO_IPCOMP: 1524 m_copydata(m, hlen + sizeof(u_int16_t), 1525 sizeof(u_int16_t), (caddr_t)&cpi); 1526 spi = ntohl(htons(cpi)); 1527 break; 1528 } 1529 1530 NET_ASSERT_LOCKED(); 1531 1532 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1533 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1534 tdb->tdb_xform != NULL) { 1535 if (tdb->tdb_first_use == 0) { 1536 tdb->tdb_first_use = time_second; 1537 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1538 timeout_add_sec(&tdb->tdb_first_tmo, 1539 tdb->tdb_exp_first_use); 1540 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1541 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1542 tdb->tdb_soft_first_use); 1543 } 1544 1545 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1546 return (1); 1547 } else { 1548 skiplookup: 1549 /* XXX do an input policy lookup */ 1550 return (0); 1551 } 1552 } else { /* Outgoing from the bridge. */ 1553 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1554 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1555 if (tdb != NULL) { 1556 /* 1557 * We don't need to do loop detection, the 1558 * bridge will do that for us. 1559 */ 1560 #if NPF > 0 1561 if ((encif = enc_getif(tdb->tdb_rdomain, 1562 tdb->tdb_tap)) == NULL || 1563 pf_test(af, dir, encif, &m) != PF_PASS) { 1564 m_freem(m); 1565 return (1); 1566 } 1567 if (m == NULL) 1568 return (1); 1569 else if (af == AF_INET) 1570 in_proto_cksum_out(m, encif); 1571 #ifdef INET6 1572 else if (af == AF_INET6) 1573 in6_proto_cksum_out(m, encif); 1574 #endif /* INET6 */ 1575 #endif /* NPF */ 1576 1577 ip = mtod(m, struct ip *); 1578 if ((af == AF_INET) && 1579 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1580 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1581 tdb->tdb_mtutimeout > time_second) 1582 bridge_send_icmp_err(ifp, eh, m, 1583 hassnap, llc, tdb->tdb_mtu, 1584 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1585 else 1586 error = ipsp_process_packet(m, tdb, af, 0); 1587 return (1); 1588 } else 1589 return (0); 1590 } 1591 1592 return (0); 1593 } 1594 #endif /* IPSEC */ 1595 1596 /* 1597 * Filter IP packets by peeking into the ethernet frame. This violates 1598 * the ISO model, but allows us to act as a IP filter at the data link 1599 * layer. As a result, most of this code will look familiar to those 1600 * who've read net/if_ethersubr.c and netinet/ip_input.c 1601 */ 1602 struct mbuf * 1603 bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, 1604 struct ether_header *eh, struct mbuf *m) 1605 { 1606 struct llc llc; 1607 int hassnap = 0; 1608 struct ip *ip; 1609 int hlen; 1610 u_int16_t etype; 1611 1612 #if NVLAN > 0 1613 if (m->m_flags & M_VLANTAG) 1614 return (m); 1615 #endif 1616 1617 etype = ntohs(eh->ether_type); 1618 1619 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1620 if (etype > ETHERMTU || 1621 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1622 ETHER_HDR_LEN)) 1623 return (m); 1624 1625 m_copydata(m, ETHER_HDR_LEN, 1626 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1627 1628 if (llc.llc_dsap != LLC_SNAP_LSAP || 1629 llc.llc_ssap != LLC_SNAP_LSAP || 1630 llc.llc_control != LLC_UI || 1631 llc.llc_snap.org_code[0] || 1632 llc.llc_snap.org_code[1] || 1633 llc.llc_snap.org_code[2]) 1634 return (m); 1635 1636 etype = ntohs(llc.llc_snap.ether_type); 1637 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1638 return (m); 1639 hassnap = 1; 1640 } 1641 1642 m_adj(m, ETHER_HDR_LEN); 1643 if (hassnap) 1644 m_adj(m, LLC_SNAPFRAMELEN); 1645 1646 switch (etype) { 1647 1648 case ETHERTYPE_IP: 1649 if (m->m_pkthdr.len < sizeof(struct ip)) 1650 goto dropit; 1651 1652 /* Copy minimal header, and drop invalids */ 1653 if (m->m_len < sizeof(struct ip) && 1654 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1655 ipstat_inc(ips_toosmall); 1656 return (NULL); 1657 } 1658 ip = mtod(m, struct ip *); 1659 1660 if (ip->ip_v != IPVERSION) { 1661 ipstat_inc(ips_badvers); 1662 goto dropit; 1663 } 1664 1665 hlen = ip->ip_hl << 2; /* get whole header length */ 1666 if (hlen < sizeof(struct ip)) { 1667 ipstat_inc(ips_badhlen); 1668 goto dropit; 1669 } 1670 1671 if (hlen > m->m_len) { 1672 if ((m = m_pullup(m, hlen)) == NULL) { 1673 ipstat_inc(ips_badhlen); 1674 return (NULL); 1675 } 1676 ip = mtod(m, struct ip *); 1677 } 1678 1679 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1680 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1681 ipstat_inc(ips_badsum); 1682 goto dropit; 1683 } 1684 1685 ipstat_inc(ips_inswcsum); 1686 if (in_cksum(m, hlen) != 0) { 1687 ipstat_inc(ips_badsum); 1688 goto dropit; 1689 } 1690 } 1691 1692 if (ntohs(ip->ip_len) < hlen) 1693 goto dropit; 1694 1695 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1696 goto dropit; 1697 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1698 if (m->m_len == m->m_pkthdr.len) { 1699 m->m_len = ntohs(ip->ip_len); 1700 m->m_pkthdr.len = ntohs(ip->ip_len); 1701 } else 1702 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1703 } 1704 1705 #ifdef IPSEC 1706 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1707 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET, hlen, m)) 1708 return (NULL); 1709 #endif /* IPSEC */ 1710 #if NPF > 0 1711 /* Finally, we get to filter the packet! */ 1712 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1713 goto dropit; 1714 if (m == NULL) 1715 goto dropit; 1716 #endif /* NPF > 0 */ 1717 1718 /* Rebuild the IP header */ 1719 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1720 return (NULL); 1721 if (m->m_len < sizeof(struct ip)) 1722 goto dropit; 1723 in_proto_cksum_out(m, ifp); 1724 ip = mtod(m, struct ip *); 1725 ip->ip_sum = 0; 1726 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1727 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1728 else { 1729 ipstat_inc(ips_outswcsum); 1730 ip->ip_sum = in_cksum(m, hlen); 1731 } 1732 1733 break; 1734 1735 #ifdef INET6 1736 case ETHERTYPE_IPV6: { 1737 struct ip6_hdr *ip6; 1738 1739 if (m->m_len < sizeof(struct ip6_hdr)) { 1740 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1741 == NULL) { 1742 ip6stat_inc(ip6s_toosmall); 1743 return (NULL); 1744 } 1745 } 1746 1747 ip6 = mtod(m, struct ip6_hdr *); 1748 1749 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1750 ip6stat_inc(ip6s_badvers); 1751 goto dropit; 1752 } 1753 1754 #ifdef IPSEC 1755 hlen = sizeof(struct ip6_hdr); 1756 1757 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1758 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET6, hlen, 1759 m)) 1760 return (NULL); 1761 #endif /* IPSEC */ 1762 1763 #if NPF > 0 1764 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1765 goto dropit; 1766 if (m == NULL) 1767 return (NULL); 1768 #endif /* NPF > 0 */ 1769 in6_proto_cksum_out(m, ifp); 1770 1771 break; 1772 } 1773 #endif /* INET6 */ 1774 1775 default: 1776 goto dropit; 1777 break; 1778 } 1779 1780 /* Reattach SNAP header */ 1781 if (hassnap) { 1782 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1783 if (m == NULL) 1784 goto dropit; 1785 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1786 } 1787 1788 /* Reattach ethernet header */ 1789 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1790 if (m == NULL) 1791 goto dropit; 1792 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1793 1794 return (m); 1795 1796 dropit: 1797 m_freem(m); 1798 return (NULL); 1799 } 1800 1801 void 1802 bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh, 1803 struct mbuf *m) 1804 { 1805 struct llc llc; 1806 struct mbuf *m0; 1807 int error = 0; 1808 int hassnap = 0; 1809 u_int16_t etype; 1810 struct ip *ip; 1811 1812 etype = ntohs(eh->ether_type); 1813 #if NVLAN > 0 1814 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1815 etype == ETHERTYPE_QINQ) { 1816 int len = m->m_pkthdr.len; 1817 1818 if (m->m_flags & M_VLANTAG) 1819 len += ETHER_VLAN_ENCAP_LEN; 1820 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1821 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1822 bridge_ifenqueue(brifp, ifp, m); 1823 return; 1824 } 1825 goto dropit; 1826 } 1827 #endif 1828 if (etype != ETHERTYPE_IP) { 1829 if (etype > ETHERMTU || 1830 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1831 ETHER_HDR_LEN)) 1832 goto dropit; 1833 1834 m_copydata(m, ETHER_HDR_LEN, 1835 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1836 1837 if (llc.llc_dsap != LLC_SNAP_LSAP || 1838 llc.llc_ssap != LLC_SNAP_LSAP || 1839 llc.llc_control != LLC_UI || 1840 llc.llc_snap.org_code[0] || 1841 llc.llc_snap.org_code[1] || 1842 llc.llc_snap.org_code[2] || 1843 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1844 goto dropit; 1845 1846 hassnap = 1; 1847 } 1848 1849 m_adj(m, ETHER_HDR_LEN); 1850 if (hassnap) 1851 m_adj(m, LLC_SNAPFRAMELEN); 1852 1853 if (m->m_len < sizeof(struct ip) && 1854 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1855 goto dropit; 1856 ip = mtod(m, struct ip *); 1857 1858 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1859 if (ip->ip_off & htons(IP_DF)) { 1860 bridge_send_icmp_err(ifp, eh, m, hassnap, &llc, 1861 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1862 return; 1863 } 1864 1865 error = ip_fragment(m, ifp, ifp->if_mtu); 1866 if (error) { 1867 m = NULL; 1868 goto dropit; 1869 } 1870 1871 for (; m; m = m0) { 1872 m0 = m->m_nextpkt; 1873 m->m_nextpkt = NULL; 1874 if (error == 0) { 1875 if (hassnap) { 1876 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1877 if (m == NULL) { 1878 error = ENOBUFS; 1879 continue; 1880 } 1881 bcopy(&llc, mtod(m, caddr_t), 1882 LLC_SNAPFRAMELEN); 1883 } 1884 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1885 if (m == NULL) { 1886 error = ENOBUFS; 1887 continue; 1888 } 1889 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1890 error = bridge_ifenqueue(brifp, ifp, m); 1891 if (error) { 1892 continue; 1893 } 1894 } else 1895 m_freem(m); 1896 } 1897 1898 if (error == 0) 1899 ipstat_inc(ips_fragmented); 1900 1901 return; 1902 dropit: 1903 m_freem(m); 1904 } 1905 1906 int 1907 bridge_ifenqueue(struct ifnet *brifp, struct ifnet *ifp, struct mbuf *m) 1908 { 1909 int error, len; 1910 1911 /* Loop prevention. */ 1912 m->m_flags |= M_PROTO1; 1913 1914 len = m->m_pkthdr.len; 1915 1916 error = if_enqueue(ifp, m); 1917 if (error) { 1918 brifp->if_oerrors++; 1919 return (error); 1920 } 1921 1922 brifp->if_opackets++; 1923 brifp->if_obytes += len; 1924 1925 return (0); 1926 } 1927 1928 void 1929 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1930 { 1931 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1932 1933 m->m_flags |= M_PROTO1; 1934 1935 ml_enqueue(&ml, m); 1936 if_input(ifp, &ml); 1937 } 1938 1939 void 1940 bridge_send_icmp_err(struct ifnet *ifp, 1941 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1942 int mtu, int type, int code) 1943 { 1944 struct ip *ip; 1945 struct icmp *icp; 1946 struct in_addr t; 1947 struct mbuf *m, *n2; 1948 int hlen; 1949 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1950 1951 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1952 if (!n2) { 1953 m_freem(n); 1954 return; 1955 } 1956 m = icmp_do_error(n, type, code, 0, mtu); 1957 if (m == NULL) { 1958 m_freem(n2); 1959 return; 1960 } 1961 1962 n = n2; 1963 1964 ip = mtod(m, struct ip *); 1965 hlen = ip->ip_hl << 2; 1966 t = ip->ip_dst; 1967 ip->ip_dst = ip->ip_src; 1968 ip->ip_src = t; 1969 1970 m->m_data += hlen; 1971 m->m_len -= hlen; 1972 icp = mtod(m, struct icmp *); 1973 icp->icmp_cksum = 0; 1974 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1975 m->m_data -= hlen; 1976 m->m_len += hlen; 1977 1978 ip->ip_v = IPVERSION; 1979 ip->ip_off &= htons(IP_DF); 1980 ip->ip_id = htons(ip_randomid()); 1981 ip->ip_ttl = MAXTTL; 1982 ip->ip_sum = 0; 1983 ip->ip_sum = in_cksum(m, hlen); 1984 1985 /* Swap ethernet addresses */ 1986 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1987 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1988 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1989 1990 /* Reattach SNAP header */ 1991 if (hassnap) { 1992 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1993 if (m == NULL) 1994 goto dropit; 1995 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1996 } 1997 1998 /* Reattach ethernet header */ 1999 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2000 if (m == NULL) 2001 goto dropit; 2002 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2003 2004 bridge_enqueue(ifp, m); 2005 m_freem(n); 2006 return; 2007 2008 dropit: 2009 m_freem(n); 2010 } 2011