1 /* $OpenBSD: if_bridge.c,v 1.340 2020/06/24 22:03:42 cheloha Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/ioctl.h> 45 #include <sys/kernel.h> 46 47 #include <net/if.h> 48 #include <net/if_types.h> 49 #include <net/if_llc.h> 50 #include <net/netisr.h> 51 52 #include <netinet/in.h> 53 #include <netinet/ip.h> 54 #include <netinet/ip_var.h> 55 #include <netinet/if_ether.h> 56 #include <netinet/ip_icmp.h> 57 58 #ifdef IPSEC 59 #include <netinet/ip_ipsp.h> 60 #include <net/if_enc.h> 61 #endif 62 63 #ifdef INET6 64 #include <netinet6/in6_var.h> 65 #include <netinet/ip6.h> 66 #include <netinet6/ip6_var.h> 67 #endif 68 69 #if NPF > 0 70 #include <net/pfvar.h> 71 #define BRIDGE_IN PF_IN 72 #define BRIDGE_OUT PF_OUT 73 #else 74 #define BRIDGE_IN 0 75 #define BRIDGE_OUT 1 76 #endif 77 78 #if NBPFILTER > 0 79 #include <net/bpf.h> 80 #endif 81 82 #if NCARP > 0 83 #include <netinet/ip_carp.h> 84 #endif 85 86 #if NVLAN > 0 87 #include <net/if_vlan_var.h> 88 #endif 89 90 #include <net/if_bridge.h> 91 92 /* 93 * Maximum number of addresses to cache 94 */ 95 #ifndef BRIDGE_RTABLE_MAX 96 #define BRIDGE_RTABLE_MAX 100 97 #endif 98 99 /* 100 * Timeout (in seconds) for entries learned dynamically 101 */ 102 #ifndef BRIDGE_RTABLE_TIMEOUT 103 #define BRIDGE_RTABLE_TIMEOUT 240 104 #endif 105 106 void bridgeattach(int); 107 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 108 void bridge_ifdetach(void *); 109 void bridge_spandetach(void *); 110 int bridge_ifremove(struct bridge_iflist *); 111 void bridge_spanremove(struct bridge_iflist *); 112 int bridge_input(struct ifnet *, struct mbuf *, void *); 113 void bridge_process(struct ifnet *, struct mbuf *); 114 void bridgeintr_frame(struct ifnet *, struct ifnet *, struct mbuf *); 115 void bridge_bifgetstp(struct bridge_softc *, struct bridge_iflist *, 116 struct ifbreq *); 117 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 118 struct ether_header *, struct mbuf *); 119 int bridge_localbroadcast(struct ifnet *, struct ether_header *, 120 struct mbuf *); 121 void bridge_span(struct ifnet *, struct mbuf *); 122 void bridge_stop(struct bridge_softc *); 123 void bridge_init(struct bridge_softc *); 124 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 125 int bridge_blocknonip(struct ether_header *, struct mbuf *); 126 void bridge_ifinput(struct ifnet *, struct mbuf *); 127 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 128 struct rtentry *); 129 void bridge_send_icmp_err(struct ifnet *, struct ether_header *, 130 struct mbuf *, int, struct llc *, int, int, int); 131 int bridge_ifenqueue(struct ifnet *, struct ifnet *, struct mbuf *); 132 struct mbuf *bridge_ip(struct ifnet *, int, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 #ifdef IPSEC 135 int bridge_ipsec(struct ifnet *, struct ether_header *, int, struct llc *, 136 int, int, int, struct mbuf *); 137 #endif 138 int bridge_clone_create(struct if_clone *, int); 139 int bridge_clone_destroy(struct ifnet *); 140 141 #define ETHERADDR_IS_IP_MCAST(a) \ 142 /* struct etheraddr *a; */ \ 143 ((a)->ether_addr_octet[0] == 0x01 && \ 144 (a)->ether_addr_octet[1] == 0x00 && \ 145 (a)->ether_addr_octet[2] == 0x5e) 146 147 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 148 149 struct if_clone bridge_cloner = 150 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 151 152 void 153 bridgeattach(int n) 154 { 155 if_clone_attach(&bridge_cloner); 156 } 157 158 int 159 bridge_clone_create(struct if_clone *ifc, int unit) 160 { 161 struct bridge_softc *sc; 162 struct ifnet *ifp; 163 int i; 164 165 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 166 sc->sc_stp = bstp_create(&sc->sc_if); 167 if (!sc->sc_stp) { 168 free(sc, M_DEVBUF, sizeof *sc); 169 return (ENOMEM); 170 } 171 172 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 173 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 174 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 175 SMR_SLIST_INIT(&sc->sc_iflist); 176 SMR_SLIST_INIT(&sc->sc_spanlist); 177 mtx_init(&sc->sc_mtx, IPL_MPFLOOR); 178 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 179 LIST_INIT(&sc->sc_rts[i]); 180 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 181 ifp = &sc->sc_if; 182 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 183 unit); 184 ifp->if_softc = sc; 185 ifp->if_mtu = ETHERMTU; 186 ifp->if_ioctl = bridge_ioctl; 187 ifp->if_output = bridge_dummy_output; 188 ifp->if_xflags = IFXF_CLONED; 189 ifp->if_start = NULL; 190 ifp->if_type = IFT_BRIDGE; 191 ifp->if_hdrlen = ETHER_HDR_LEN; 192 193 if_attach(ifp); 194 if_alloc_sadl(ifp); 195 196 #if NBPFILTER > 0 197 bpfattach(&sc->sc_if.if_bpf, ifp, 198 DLT_EN10MB, ETHER_HDR_LEN); 199 #endif 200 201 if_ih_insert(ifp, ether_input, NULL); 202 203 return (0); 204 } 205 206 int 207 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 208 struct rtentry *rt) 209 { 210 m_freem(m); 211 return (EAFNOSUPPORT); 212 } 213 214 int 215 bridge_clone_destroy(struct ifnet *ifp) 216 { 217 struct bridge_softc *sc = ifp->if_softc; 218 struct bridge_iflist *bif; 219 220 /* 221 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 222 * use of smr_barrier() while holding the lock might lead to a 223 * deadlock situation. 224 */ 225 NET_ASSERT_UNLOCKED(); 226 227 bridge_stop(sc); 228 bridge_rtflush(sc, IFBF_FLUSHALL); 229 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_iflist)) != NULL) 230 bridge_ifremove(bif); 231 while ((bif = SMR_SLIST_FIRST_LOCKED(&sc->sc_spanlist)) != NULL) 232 bridge_spanremove(bif); 233 234 bstp_destroy(sc->sc_stp); 235 236 /* Undo pseudo-driver changes. */ 237 if_deactivate(ifp); 238 239 if_ih_remove(ifp, ether_input, NULL); 240 241 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 242 243 if_detach(ifp); 244 245 free(sc, M_DEVBUF, sizeof *sc); 246 return (0); 247 } 248 249 int 250 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 251 { 252 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 253 struct ifbreq *req = (struct ifbreq *)data; 254 struct ifbropreq *brop = (struct ifbropreq *)data; 255 struct ifnet *ifs; 256 struct bridge_iflist *bif; 257 struct bstp_port *bp; 258 struct bstp_state *bs = sc->sc_stp; 259 int error = 0; 260 261 /* 262 * bridge(4) data structure aren't protected by the NET_LOCK(). 263 * Idealy it shouldn't be taken before calling `ifp->if_ioctl' 264 * but we aren't there yet. 265 */ 266 NET_UNLOCK(); 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL) { 279 error = if_clone_create(req->ifbr_ifsname, 0); 280 if (error == 0) 281 ifs = ifunit(req->ifbr_ifsname); 282 } 283 284 if (ifs == NULL) { /* no such interface */ 285 error = ENOENT; 286 break; 287 } 288 if (ifs->if_type != IFT_ETHER) { 289 error = EINVAL; 290 break; 291 } 292 if (ifs->if_bridgeidx != 0) { 293 if (ifs->if_bridgeidx == ifp->if_index) 294 error = EEXIST; 295 else 296 error = EBUSY; 297 break; 298 } 299 300 /* If it's in the span list, it can't be a member. */ 301 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 302 if (bif->ifp == ifs) 303 break; 304 } 305 if (bif != NULL) { 306 error = EBUSY; 307 break; 308 } 309 310 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 311 if (bif == NULL) { 312 error = ENOMEM; 313 break; 314 } 315 316 NET_LOCK(); 317 error = ifpromisc(ifs, 1); 318 NET_UNLOCK(); 319 if (error != 0) { 320 free(bif, M_DEVBUF, sizeof(*bif)); 321 break; 322 } 323 324 bif->bridge_sc = sc; 325 bif->ifp = ifs; 326 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 327 SIMPLEQ_INIT(&bif->bif_brlin); 328 SIMPLEQ_INIT(&bif->bif_brlout); 329 ifs->if_bridgeidx = ifp->if_index; 330 task_set(&bif->bif_dtask, bridge_ifdetach, bif); 331 if_detachhook_add(ifs, &bif->bif_dtask); 332 if_ih_insert(bif->ifp, bridge_input, NULL); 333 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_iflist, bif, bif_next); 334 break; 335 case SIOCBRDGDEL: 336 if ((error = suser(curproc)) != 0) 337 break; 338 ifs = ifunit(req->ifbr_ifsname); 339 if (ifs == NULL) { 340 error = ENOENT; 341 break; 342 } 343 if (ifs->if_bridgeidx != ifp->if_index) { 344 error = ESRCH; 345 break; 346 } 347 bif = bridge_getbif(ifs); 348 bridge_ifremove(bif); 349 break; 350 case SIOCBRDGIFS: 351 error = bridge_bifconf(sc, (struct ifbifconf *)data); 352 break; 353 case SIOCBRDGADDS: 354 if ((error = suser(curproc)) != 0) 355 break; 356 ifs = ifunit(req->ifbr_ifsname); 357 if (ifs == NULL) { /* no such interface */ 358 error = ENOENT; 359 break; 360 } 361 if (ifs->if_type != IFT_ETHER) { 362 error = EINVAL; 363 break; 364 } 365 if (ifs->if_bridgeidx != 0) { 366 if (ifs->if_bridgeidx == ifp->if_index) 367 error = EEXIST; 368 else 369 error = EBUSY; 370 break; 371 } 372 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 373 if (bif->ifp == ifs) 374 break; 375 } 376 if (bif != NULL) { 377 error = EEXIST; 378 break; 379 } 380 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 381 if (bif == NULL) { 382 error = ENOMEM; 383 break; 384 } 385 bif->bridge_sc = sc; 386 bif->ifp = ifs; 387 bif->bif_flags = IFBIF_SPAN; 388 SIMPLEQ_INIT(&bif->bif_brlin); 389 SIMPLEQ_INIT(&bif->bif_brlout); 390 task_set(&bif->bif_dtask, bridge_spandetach, bif); 391 if_detachhook_add(ifs, &bif->bif_dtask); 392 SMR_SLIST_INSERT_HEAD_LOCKED(&sc->sc_spanlist, bif, bif_next); 393 break; 394 case SIOCBRDGDELS: 395 if ((error = suser(curproc)) != 0) 396 break; 397 ifs = ifunit(req->ifbr_ifsname); 398 if (ifs == NULL) { 399 error = ENOENT; 400 break; 401 } 402 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 403 if (bif->ifp == ifs) 404 break; 405 } 406 if (bif == NULL) { 407 error = ESRCH; 408 break; 409 } 410 bridge_spanremove(bif); 411 break; 412 case SIOCBRDGGIFFLGS: 413 ifs = ifunit(req->ifbr_ifsname); 414 if (ifs == NULL) { 415 error = ENOENT; 416 break; 417 } 418 if (ifs->if_bridgeidx != ifp->if_index) { 419 error = ESRCH; 420 break; 421 } 422 bif = bridge_getbif(ifs); 423 req->ifbr_ifsflags = bif->bif_flags; 424 req->ifbr_portno = bif->ifp->if_index & 0xfff; 425 req->ifbr_protected = bif->bif_protected; 426 if (bif->bif_flags & IFBIF_STP) 427 bridge_bifgetstp(sc, bif, req); 428 break; 429 case SIOCBRDGSIFFLGS: 430 if ((error = suser(curproc)) != 0) 431 break; 432 ifs = ifunit(req->ifbr_ifsname); 433 if (ifs == NULL) { 434 error = ENOENT; 435 break; 436 } 437 if (ifs->if_bridgeidx != ifp->if_index) { 438 error = ESRCH; 439 break; 440 } 441 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 442 error = EINVAL; 443 break; 444 } 445 bif = bridge_getbif(ifs); 446 if (req->ifbr_ifsflags & IFBIF_STP) { 447 if ((bif->bif_flags & IFBIF_STP) == 0) { 448 /* Enable STP */ 449 if ((bif->bif_stp = bstp_add(sc->sc_stp, 450 bif->ifp)) == NULL) { 451 error = ENOMEM; 452 break; 453 } 454 } else { 455 /* Update STP flags */ 456 bstp_ifsflags(bif->bif_stp, req->ifbr_ifsflags); 457 } 458 } else if (bif->bif_flags & IFBIF_STP) { 459 bstp_delete(bif->bif_stp); 460 bif->bif_stp = NULL; 461 } 462 bif->bif_flags = req->ifbr_ifsflags; 463 break; 464 case SIOCSIFFLAGS: 465 if ((ifp->if_flags & IFF_UP) == IFF_UP) 466 bridge_init(sc); 467 468 if ((ifp->if_flags & IFF_UP) == 0) 469 bridge_stop(sc); 470 471 break; 472 case SIOCBRDGGPARAM: 473 if ((bp = bs->bs_root_port) == NULL) 474 brop->ifbop_root_port = 0; 475 else 476 brop->ifbop_root_port = bp->bp_ifp->if_index; 477 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 478 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 479 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 480 brop->ifbop_holdcount = bs->bs_txholdcount; 481 brop->ifbop_priority = bs->bs_bridge_priority; 482 brop->ifbop_protocol = bs->bs_protover; 483 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 484 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 485 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 486 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 487 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 488 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 489 break; 490 case SIOCBRDGSIFPROT: 491 ifs = ifunit(req->ifbr_ifsname); 492 if (ifs == NULL) { 493 error = ENOENT; 494 break; 495 } 496 if (ifs->if_bridgeidx != ifp->if_index) { 497 error = ESRCH; 498 break; 499 } 500 bif = bridge_getbif(ifs); 501 bif->bif_protected = req->ifbr_protected; 502 break; 503 case SIOCBRDGRTS: 504 case SIOCBRDGGCACHE: 505 case SIOCBRDGGPRI: 506 case SIOCBRDGGMA: 507 case SIOCBRDGGHT: 508 case SIOCBRDGGFD: 509 case SIOCBRDGGTO: 510 case SIOCBRDGGRL: 511 break; 512 case SIOCBRDGFLUSH: 513 case SIOCBRDGSADDR: 514 case SIOCBRDGDADDR: 515 case SIOCBRDGSCACHE: 516 case SIOCBRDGSTO: 517 case SIOCBRDGARL: 518 case SIOCBRDGFRL: 519 case SIOCBRDGSPRI: 520 case SIOCBRDGSFD: 521 case SIOCBRDGSMA: 522 case SIOCBRDGSHT: 523 case SIOCBRDGSTXHC: 524 case SIOCBRDGSPROTO: 525 case SIOCBRDGSIFPRIO: 526 case SIOCBRDGSIFCOST: 527 error = suser(curproc); 528 break; 529 default: 530 error = ENOTTY; 531 break; 532 } 533 534 if (!error) 535 error = bridgectl_ioctl(ifp, cmd, data); 536 537 if (!error) 538 error = bstp_ioctl(ifp, cmd, data); 539 540 NET_LOCK(); 541 return (error); 542 } 543 544 /* Detach an interface from a bridge. */ 545 int 546 bridge_ifremove(struct bridge_iflist *bif) 547 { 548 struct bridge_softc *sc = bif->bridge_sc; 549 int error; 550 551 SMR_SLIST_REMOVE_LOCKED(&sc->sc_iflist, bif, bridge_iflist, bif_next); 552 if_detachhook_del(bif->ifp, &bif->bif_dtask); 553 if_ih_remove(bif->ifp, bridge_input, NULL); 554 555 smr_barrier(); 556 557 if (bif->bif_flags & IFBIF_STP) { 558 bstp_delete(bif->bif_stp); 559 bif->bif_stp = NULL; 560 } 561 562 bif->ifp->if_bridgeidx = 0; 563 NET_LOCK(); 564 error = ifpromisc(bif->ifp, 0); 565 NET_UNLOCK(); 566 567 bridge_rtdelete(sc, bif->ifp, 0); 568 bridge_flushrule(bif); 569 570 bif->ifp = NULL; 571 free(bif, M_DEVBUF, sizeof(*bif)); 572 573 return (error); 574 } 575 576 void 577 bridge_spanremove(struct bridge_iflist *bif) 578 { 579 struct bridge_softc *sc = bif->bridge_sc; 580 581 SMR_SLIST_REMOVE_LOCKED(&sc->sc_spanlist, bif, bridge_iflist, bif_next); 582 if_detachhook_del(bif->ifp, &bif->bif_dtask); 583 584 smr_barrier(); 585 586 bif->ifp = NULL; 587 free(bif, M_DEVBUF, sizeof(*bif)); 588 } 589 590 void 591 bridge_ifdetach(void *xbif) 592 { 593 struct bridge_iflist *bif = xbif; 594 595 /* 596 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 597 * use of smr_barrier() while holding the lock might lead to a 598 * deadlock situation. 599 */ 600 NET_UNLOCK(); 601 bridge_ifremove(bif); 602 NET_LOCK(); 603 } 604 605 void 606 bridge_spandetach(void *xbif) 607 { 608 struct bridge_iflist *bif = xbif; 609 610 /* 611 * bridge(4) detach hook doesn't need the NET_LOCK(), worst the 612 * use of smr_barrier() while holding the lock might lead to a 613 * deadlock situation. 614 */ 615 NET_UNLOCK(); 616 bridge_spanremove(bif); 617 NET_LOCK(); 618 } 619 620 void 621 bridge_bifgetstp(struct bridge_softc *sc, struct bridge_iflist *bif, 622 struct ifbreq *breq) 623 { 624 struct bstp_state *bs = sc->sc_stp; 625 struct bstp_port *bp = bif->bif_stp; 626 627 breq->ifbr_state = bstp_getstate(bs, bp); 628 breq->ifbr_priority = bp->bp_priority; 629 breq->ifbr_path_cost = bp->bp_path_cost; 630 breq->ifbr_proto = bp->bp_protover; 631 breq->ifbr_role = bp->bp_role; 632 breq->ifbr_stpflags = bp->bp_flags; 633 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 634 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 635 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 636 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 637 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 638 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 639 640 /* Copy STP state options as flags */ 641 if (bp->bp_operedge) 642 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 643 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 644 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 645 if (bp->bp_ptp_link) 646 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 647 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 648 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 649 } 650 651 int 652 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 653 { 654 struct bridge_iflist *bif; 655 u_int32_t total = 0, i = 0; 656 int error = 0; 657 struct ifbreq *breq, *breqs = NULL; 658 659 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) 660 total++; 661 662 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) 663 total++; 664 665 if (bifc->ifbic_len == 0) { 666 i = total; 667 goto done; 668 } 669 670 breqs = mallocarray(total, sizeof(*breqs), M_TEMP, M_NOWAIT|M_ZERO); 671 if (breqs == NULL) 672 goto done; 673 674 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 675 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 676 break; 677 breq = &breqs[i]; 678 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 679 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 680 breq->ifbr_ifsflags = bif->bif_flags; 681 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 682 breq->ifbr_protected = bif->bif_protected; 683 if (bif->bif_flags & IFBIF_STP) 684 bridge_bifgetstp(sc, bif, breq); 685 i++; 686 } 687 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_spanlist, bif_next) { 688 if (bifc->ifbic_len < (i + 1) * sizeof(*breqs)) 689 break; 690 breq = &breqs[i]; 691 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 692 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 693 breq->ifbr_ifsflags = bif->bif_flags | IFBIF_SPAN; 694 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 695 i++; 696 } 697 698 error = copyout(breqs, bifc->ifbic_req, i * sizeof(*breqs)); 699 done: 700 free(breqs, M_TEMP, total * sizeof(*breq)); 701 bifc->ifbic_len = i * sizeof(*breq); 702 return (error); 703 } 704 705 struct bridge_iflist * 706 bridge_getbif(struct ifnet *ifp) 707 { 708 struct bridge_iflist *bif; 709 struct bridge_softc *sc; 710 struct ifnet *bifp; 711 712 KERNEL_ASSERT_LOCKED(); 713 714 bifp = if_get(ifp->if_bridgeidx); 715 if (bifp == NULL) 716 return (NULL); 717 718 sc = bifp->if_softc; 719 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 720 if (bif->ifp == ifp) 721 break; 722 } 723 724 if_put(bifp); 725 726 return (bif); 727 } 728 729 void 730 bridge_init(struct bridge_softc *sc) 731 { 732 struct ifnet *ifp = &sc->sc_if; 733 734 if (ISSET(ifp->if_flags, IFF_RUNNING)) 735 return; 736 737 bstp_initialization(sc->sc_stp); 738 739 if (sc->sc_brttimeout != 0) 740 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 741 742 SET(ifp->if_flags, IFF_RUNNING); 743 } 744 745 /* 746 * Stop the bridge and deallocate the routing table. 747 */ 748 void 749 bridge_stop(struct bridge_softc *sc) 750 { 751 struct ifnet *ifp = &sc->sc_if; 752 753 if (!ISSET(ifp->if_flags, IFF_RUNNING)) 754 return; 755 756 CLR(ifp->if_flags, IFF_RUNNING); 757 758 timeout_del_barrier(&sc->sc_brtimeout); 759 760 bridge_rtflush(sc, IFBF_FLUSHDYN); 761 } 762 763 /* 764 * Send output from the bridge. The mbuf has the ethernet header 765 * already attached. We must enqueue or free the mbuf before exiting. 766 */ 767 int 768 bridge_enqueue(struct ifnet *ifp, struct mbuf *m) 769 { 770 struct ifnet *brifp; 771 struct ether_header *eh; 772 struct ifnet *dst_if = NULL; 773 unsigned int dst_ifidx = 0; 774 #if NBPFILTER > 0 775 caddr_t if_bpf; 776 #endif 777 int error = 0; 778 779 if (m->m_len < sizeof(*eh)) { 780 m = m_pullup(m, sizeof(*eh)); 781 if (m == NULL) 782 return (ENOBUFS); 783 } 784 785 /* ifp must be a member interface of the bridge. */ 786 brifp = if_get(ifp->if_bridgeidx); 787 if (brifp == NULL) { 788 m_freem(m); 789 return (EINVAL); 790 } 791 792 /* 793 * If bridge is down, but original output interface is up, 794 * go ahead and send out that interface. Otherwise the packet 795 * is dropped below. 796 */ 797 if (!ISSET(brifp->if_flags, IFF_RUNNING)) { 798 /* Loop prevention. */ 799 m->m_flags |= M_PROTO1; 800 error = if_enqueue(ifp, m); 801 if_put(brifp); 802 return (error); 803 } 804 805 #if NBPFILTER > 0 806 if_bpf = brifp->if_bpf; 807 if (if_bpf) 808 bpf_mtap(if_bpf, m, BPF_DIRECTION_OUT); 809 #endif 810 ifp->if_opackets++; 811 ifp->if_obytes += m->m_pkthdr.len; 812 813 bridge_span(brifp, m); 814 815 eh = mtod(m, struct ether_header *); 816 if (!ETHER_IS_MULTICAST(eh->ether_dhost)) { 817 struct ether_addr *dst; 818 819 dst = (struct ether_addr *)&eh->ether_dhost[0]; 820 dst_ifidx = bridge_rtlookup(brifp, dst, m); 821 } 822 823 /* 824 * If the packet is a broadcast or we don't know a better way to 825 * get there, send to all interfaces. 826 */ 827 if (dst_ifidx == 0) { 828 struct bridge_softc *sc = brifp->if_softc; 829 struct bridge_iflist *bif; 830 struct mbuf *mc; 831 832 smr_read_enter(); 833 SMR_SLIST_FOREACH(bif, &sc->sc_iflist, bif_next) { 834 dst_if = bif->ifp; 835 if ((dst_if->if_flags & IFF_RUNNING) == 0) 836 continue; 837 838 /* 839 * If this is not the original output interface, 840 * and the interface is participating in spanning 841 * tree, make sure the port is in a state that 842 * allows forwarding. 843 */ 844 if (dst_if != ifp && 845 (bif->bif_flags & IFBIF_STP) && 846 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 847 continue; 848 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 849 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 850 continue; 851 852 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 853 BRL_ACTION_BLOCK) 854 continue; 855 856 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 857 if (mc == NULL) { 858 brifp->if_oerrors++; 859 continue; 860 } 861 862 error = bridge_ifenqueue(brifp, dst_if, mc); 863 if (error) 864 continue; 865 } 866 smr_read_leave(); 867 m_freem(m); 868 goto out; 869 } 870 871 dst_if = if_get(dst_ifidx); 872 if ((dst_if == NULL) || !ISSET(dst_if->if_flags, IFF_RUNNING)) { 873 m_freem(m); 874 if_put(dst_if); 875 error = ENETDOWN; 876 goto out; 877 } 878 879 bridge_ifenqueue(brifp, dst_if, m); 880 if_put(dst_if); 881 out: 882 if_put(brifp); 883 return (error); 884 } 885 886 /* 887 * Loop through each bridge interface and process their input queues. 888 */ 889 void 890 bridgeintr(void) 891 { 892 struct mbuf_list ml; 893 struct mbuf *m; 894 struct ifnet *ifp; 895 896 niq_delist(&bridgeintrq, &ml); 897 if (ml_empty(&ml)) 898 return; 899 900 KERNEL_LOCK(); 901 while ((m = ml_dequeue(&ml)) != NULL) { 902 903 ifp = if_get(m->m_pkthdr.ph_ifidx); 904 if (ifp == NULL) { 905 m_freem(m); 906 continue; 907 } 908 909 bridge_process(ifp, m); 910 911 if_put(ifp); 912 } 913 KERNEL_UNLOCK(); 914 } 915 916 /* 917 * Process a single frame. Frame must be freed or queued before returning. 918 */ 919 void 920 bridgeintr_frame(struct ifnet *brifp, struct ifnet *src_if, struct mbuf *m) 921 { 922 struct bridge_softc *sc = brifp->if_softc; 923 struct ifnet *dst_if = NULL; 924 struct bridge_iflist *bif; 925 struct ether_addr *dst, *src; 926 struct ether_header eh; 927 unsigned int dst_ifidx; 928 u_int32_t protected; 929 int len; 930 931 932 sc->sc_if.if_ipackets++; 933 sc->sc_if.if_ibytes += m->m_pkthdr.len; 934 935 bif = bridge_getbif(src_if); 936 KASSERT(bif != NULL); 937 938 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 939 dst = (struct ether_addr *)&eh.ether_dhost[0]; 940 src = (struct ether_addr *)&eh.ether_shost[0]; 941 942 /* 943 * If interface is learning, and if source address 944 * is not broadcast or multicast, record its address. 945 */ 946 if ((bif->bif_flags & IFBIF_LEARNING) && 947 !ETHER_IS_MULTICAST(eh.ether_shost) && 948 !ETHER_IS_ANYADDR(eh.ether_shost)) 949 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 950 951 if ((bif->bif_flags & IFBIF_STP) && 952 (bif->bif_state == BSTP_IFSTATE_LEARNING)) { 953 m_freem(m); 954 return; 955 } 956 957 /* 958 * At this point, the port either doesn't participate in stp or 959 * it's in the forwarding state 960 */ 961 962 /* 963 * If packet is unicast, destined for someone on "this" 964 * side of the bridge, drop it. 965 */ 966 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 967 dst_ifidx = bridge_rtlookup(brifp, dst, NULL); 968 if (dst_ifidx == src_if->if_index) { 969 m_freem(m); 970 return; 971 } 972 } else { 973 if (ETHER_IS_BROADCAST(eh.ether_dhost)) 974 m->m_flags |= M_BCAST; 975 else 976 m->m_flags |= M_MCAST; 977 } 978 979 /* 980 * Multicast packets get handled a little differently: 981 * If interface is: 982 * -link0,-link1 (default) Forward all multicast 983 * as broadcast. 984 * -link0,link1 Drop non-IP multicast, forward 985 * as broadcast IP multicast. 986 * link0,-link1 Drop IP multicast, forward as 987 * broadcast non-IP multicast. 988 * link0,link1 Drop all multicast. 989 */ 990 if (m->m_flags & M_MCAST) { 991 if ((sc->sc_if.if_flags & 992 (IFF_LINK0 | IFF_LINK1)) == 993 (IFF_LINK0 | IFF_LINK1)) { 994 m_freem(m); 995 return; 996 } 997 if (sc->sc_if.if_flags & IFF_LINK0 && 998 ETHERADDR_IS_IP_MCAST(dst)) { 999 m_freem(m); 1000 return; 1001 } 1002 if (sc->sc_if.if_flags & IFF_LINK1 && 1003 !ETHERADDR_IS_IP_MCAST(dst)) { 1004 m_freem(m); 1005 return; 1006 } 1007 } 1008 1009 if (bif->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 1010 m_freem(m); 1011 return; 1012 } 1013 1014 if (bridge_filterrule(&bif->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 1015 m_freem(m); 1016 return; 1017 } 1018 m = bridge_ip(&sc->sc_if, BRIDGE_IN, src_if, &eh, m); 1019 if (m == NULL) 1020 return; 1021 /* 1022 * If the packet is a multicast or broadcast OR if we don't 1023 * know any better, forward it to all interfaces. 1024 */ 1025 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_ifidx == 0) { 1026 sc->sc_if.if_imcasts++; 1027 bridge_broadcast(sc, src_if, &eh, m); 1028 return; 1029 } 1030 protected = bif->bif_protected; 1031 1032 dst_if = if_get(dst_ifidx); 1033 if (dst_if == NULL) 1034 goto bad; 1035 1036 /* 1037 * At this point, we're dealing with a unicast frame going to a 1038 * different interface 1039 */ 1040 if (!ISSET(dst_if->if_flags, IFF_RUNNING)) 1041 goto bad; 1042 bif = bridge_getbif(dst_if); 1043 if ((bif == NULL) || ((bif->bif_flags & IFBIF_STP) && 1044 (bif->bif_state == BSTP_IFSTATE_DISCARDING))) 1045 goto bad; 1046 /* 1047 * Do not transmit if both ports are part of the same protected 1048 * domain. 1049 */ 1050 if (protected != 0 && (protected & bif->bif_protected)) 1051 goto bad; 1052 if (bridge_filterrule(&bif->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) 1053 goto bad; 1054 m = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, &eh, m); 1055 if (m == NULL) 1056 goto bad; 1057 1058 len = m->m_pkthdr.len; 1059 #if NVLAN > 0 1060 if ((m->m_flags & M_VLANTAG) && 1061 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1062 len += ETHER_VLAN_ENCAP_LEN; 1063 #endif 1064 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1065 bridge_fragment(&sc->sc_if, dst_if, &eh, m); 1066 else { 1067 bridge_ifenqueue(&sc->sc_if, dst_if, m); 1068 } 1069 m = NULL; 1070 bad: 1071 if_put(dst_if); 1072 m_freem(m); 1073 } 1074 1075 /* 1076 * Return 1 if `ena' belongs to `bif', 0 otherwise. 1077 */ 1078 int 1079 bridge_ourether(struct ifnet *ifp, uint8_t *ena) 1080 { 1081 struct arpcom *ac = (struct arpcom *)ifp; 1082 1083 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1084 return (1); 1085 1086 #if NCARP > 0 1087 if (carp_ourether(ifp, ena)) 1088 return (1); 1089 #endif 1090 1091 return (0); 1092 } 1093 1094 /* 1095 * Receive input from an interface. Queue the packet for bridging if its 1096 * not for us, and schedule an interrupt. 1097 */ 1098 int 1099 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1100 { 1101 KASSERT(m->m_flags & M_PKTHDR); 1102 1103 if (m->m_flags & M_PROTO1) { 1104 m->m_flags &= ~M_PROTO1; 1105 return (0); 1106 } 1107 1108 niq_enqueue(&bridgeintrq, m); 1109 1110 return (1); 1111 } 1112 1113 void 1114 bridge_process(struct ifnet *ifp, struct mbuf *m) 1115 { 1116 struct ifnet *brifp; 1117 struct bridge_softc *sc; 1118 struct bridge_iflist *bif = NULL, *bif0 = NULL; 1119 struct ether_header *eh; 1120 struct mbuf *mc; 1121 #if NBPFILTER > 0 1122 caddr_t if_bpf; 1123 #endif 1124 1125 KERNEL_ASSERT_LOCKED(); 1126 1127 brifp = if_get(ifp->if_bridgeidx); 1128 if ((brifp == NULL) || !ISSET(brifp->if_flags, IFF_RUNNING)) 1129 goto reenqueue; 1130 1131 if (m->m_pkthdr.len < sizeof(*eh)) 1132 goto bad; 1133 1134 #if NVLAN > 0 1135 /* 1136 * If the underlying interface removed the VLAN header itself, 1137 * add it back. 1138 */ 1139 if (ISSET(m->m_flags, M_VLANTAG)) { 1140 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1141 if (m == NULL) 1142 goto bad; 1143 } 1144 #endif 1145 1146 #if NBPFILTER > 0 1147 if_bpf = brifp->if_bpf; 1148 if (if_bpf) 1149 bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN); 1150 #endif 1151 1152 eh = mtod(m, struct ether_header *); 1153 1154 sc = brifp->if_softc; 1155 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1156 if (bridge_ourether(bif->ifp, eh->ether_shost)) 1157 goto bad; 1158 if (bif->ifp == ifp) 1159 bif0 = bif; 1160 } 1161 if (bif0 == NULL) 1162 goto reenqueue; 1163 1164 bridge_span(brifp, m); 1165 1166 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1167 /* 1168 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1169 * should not be forwarded to bridge members according to 1170 * section 7.12.6 of the 802.1D-2004 specification. The 1171 * STP destination address (as stored in bstp_etheraddr) 1172 * is the first of these. 1173 */ 1174 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1175 ETHER_ADDR_LEN - 1) == 0) { 1176 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1177 /* STP traffic */ 1178 m = bstp_input(sc->sc_stp, bif0->bif_stp, eh, 1179 m); 1180 if (m == NULL) 1181 goto bad; 1182 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) 1183 goto bad; 1184 } 1185 1186 /* 1187 * No need to process frames for ifs in the discarding state 1188 */ 1189 if ((bif0->bif_flags & IFBIF_STP) && 1190 (bif0->bif_state == BSTP_IFSTATE_DISCARDING)) 1191 goto reenqueue; 1192 1193 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1194 if (mc == NULL) 1195 goto reenqueue; 1196 1197 bridge_ifinput(ifp, mc); 1198 1199 bridgeintr_frame(brifp, ifp, m); 1200 if_put(brifp); 1201 return; 1202 } 1203 1204 /* 1205 * Unicast, make sure it's not for us. 1206 */ 1207 if (bridge_ourether(bif0->ifp, eh->ether_dhost)) { 1208 bif = bif0; 1209 } else { 1210 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1211 if (bif->ifp == ifp) 1212 continue; 1213 if (bridge_ourether(bif->ifp, eh->ether_dhost)) 1214 break; 1215 } 1216 } 1217 if (bif != NULL) { 1218 if (bif0->bif_flags & IFBIF_LEARNING) 1219 bridge_rtupdate(sc, 1220 (struct ether_addr *)&eh->ether_shost, 1221 ifp, 0, IFBAF_DYNAMIC, m); 1222 if (bridge_filterrule(&bif0->bif_brlin, eh, m) == 1223 BRL_ACTION_BLOCK) { 1224 goto bad; 1225 } 1226 1227 /* Count for the bridge */ 1228 brifp->if_ipackets++; 1229 brifp->if_ibytes += m->m_pkthdr.len; 1230 1231 ifp = bif->ifp; 1232 goto reenqueue; 1233 } 1234 1235 bridgeintr_frame(brifp, ifp, m); 1236 if_put(brifp); 1237 return; 1238 1239 reenqueue: 1240 bridge_ifinput(ifp, m); 1241 m = NULL; 1242 bad: 1243 m_freem(m); 1244 if_put(brifp); 1245 } 1246 1247 /* 1248 * Send a frame to all interfaces that are members of the bridge 1249 * (except the one it came in on). 1250 */ 1251 void 1252 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1253 struct ether_header *eh, struct mbuf *m) 1254 { 1255 struct bridge_iflist *bif; 1256 struct mbuf *mc; 1257 struct ifnet *dst_if; 1258 int len, used = 0; 1259 u_int32_t protected; 1260 1261 bif = bridge_getbif(ifp); 1262 KASSERT(bif != NULL); 1263 protected = bif->bif_protected; 1264 1265 SMR_SLIST_FOREACH_LOCKED(bif, &sc->sc_iflist, bif_next) { 1266 dst_if = bif->ifp; 1267 1268 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1269 continue; 1270 1271 if ((bif->bif_flags & IFBIF_STP) && 1272 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1273 continue; 1274 1275 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1276 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1277 continue; 1278 1279 /* Drop non-IP frames if the appropriate flag is set. */ 1280 if (bif->bif_flags & IFBIF_BLOCKNONIP && 1281 bridge_blocknonip(eh, m)) 1282 continue; 1283 1284 /* 1285 * Do not transmit if both ports are part of the same 1286 * protected domain. 1287 */ 1288 if (protected != 0 && (protected & bif->bif_protected)) 1289 continue; 1290 1291 if (bridge_filterrule(&bif->bif_brlout, eh, m) == 1292 BRL_ACTION_BLOCK) 1293 continue; 1294 1295 /* 1296 * Don't retransmit out of the same interface where 1297 * the packet was received from. 1298 */ 1299 if (dst_if->if_index == ifp->if_index) 1300 continue; 1301 1302 if (bridge_localbroadcast(dst_if, eh, m)) 1303 sc->sc_if.if_oerrors++; 1304 1305 /* If last one, reuse the passed-in mbuf */ 1306 if (SMR_SLIST_NEXT_LOCKED(bif, bif_next) == NULL) { 1307 mc = m; 1308 used = 1; 1309 } else { 1310 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1311 if (mc == NULL) { 1312 sc->sc_if.if_oerrors++; 1313 continue; 1314 } 1315 } 1316 1317 mc = bridge_ip(&sc->sc_if, BRIDGE_OUT, dst_if, eh, mc); 1318 if (mc == NULL) 1319 continue; 1320 1321 len = mc->m_pkthdr.len; 1322 #if NVLAN > 0 1323 if ((mc->m_flags & M_VLANTAG) && 1324 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1325 len += ETHER_VLAN_ENCAP_LEN; 1326 #endif 1327 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1328 bridge_fragment(&sc->sc_if, dst_if, eh, mc); 1329 else { 1330 bridge_ifenqueue(&sc->sc_if, dst_if, mc); 1331 } 1332 } 1333 1334 if (!used) 1335 m_freem(m); 1336 } 1337 1338 int 1339 bridge_localbroadcast(struct ifnet *ifp, struct ether_header *eh, 1340 struct mbuf *m) 1341 { 1342 struct mbuf *m1; 1343 u_int16_t etype; 1344 1345 /* 1346 * quick optimisation, don't send packets up the stack if no 1347 * corresponding address has been specified. 1348 */ 1349 etype = ntohs(eh->ether_type); 1350 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1351 struct ifaddr *ifa; 1352 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1353 if (ifa->ifa_addr->sa_family == AF_INET) 1354 break; 1355 } 1356 if (ifa == NULL) 1357 return (0); 1358 } 1359 1360 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1361 if (m1 == NULL) 1362 return (1); 1363 1364 #if NPF > 0 1365 pf_pkt_addr_changed(m1); 1366 #endif /* NPF */ 1367 1368 bridge_ifinput(ifp, m1); 1369 1370 return (0); 1371 } 1372 1373 void 1374 bridge_span(struct ifnet *brifp, struct mbuf *m) 1375 { 1376 struct bridge_softc *sc = brifp->if_softc; 1377 struct bridge_iflist *bif; 1378 struct ifnet *ifp; 1379 struct mbuf *mc; 1380 int error; 1381 1382 smr_read_enter(); 1383 SMR_SLIST_FOREACH(bif, &sc->sc_spanlist, bif_next) { 1384 ifp = bif->ifp; 1385 1386 if ((ifp->if_flags & IFF_RUNNING) == 0) 1387 continue; 1388 1389 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1390 if (mc == NULL) { 1391 brifp->if_oerrors++; 1392 continue; 1393 } 1394 1395 error = bridge_ifenqueue(brifp, ifp, mc); 1396 if (error) 1397 continue; 1398 } 1399 smr_read_leave(); 1400 } 1401 1402 /* 1403 * Block non-ip frames: 1404 * Returns 0 if frame is ip, and 1 if it should be dropped. 1405 */ 1406 int 1407 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1408 { 1409 struct llc llc; 1410 u_int16_t etype; 1411 1412 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1413 return (1); 1414 1415 #if NVLAN > 0 1416 if (m->m_flags & M_VLANTAG) 1417 return (1); 1418 #endif 1419 1420 etype = ntohs(eh->ether_type); 1421 switch (etype) { 1422 case ETHERTYPE_ARP: 1423 case ETHERTYPE_REVARP: 1424 case ETHERTYPE_IP: 1425 case ETHERTYPE_IPV6: 1426 return (0); 1427 } 1428 1429 if (etype > ETHERMTU) 1430 return (1); 1431 1432 if (m->m_pkthdr.len < 1433 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1434 return (1); 1435 1436 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1437 (caddr_t)&llc); 1438 1439 etype = ntohs(llc.llc_snap.ether_type); 1440 if (llc.llc_dsap == LLC_SNAP_LSAP && 1441 llc.llc_ssap == LLC_SNAP_LSAP && 1442 llc.llc_control == LLC_UI && 1443 llc.llc_snap.org_code[0] == 0 && 1444 llc.llc_snap.org_code[1] == 0 && 1445 llc.llc_snap.org_code[2] == 0 && 1446 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1447 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1448 return (0); 1449 } 1450 1451 return (1); 1452 } 1453 1454 #ifdef IPSEC 1455 int 1456 bridge_ipsec(struct ifnet *ifp, struct ether_header *eh, int hassnap, 1457 struct llc *llc, int dir, int af, int hlen, struct mbuf *m) 1458 { 1459 union sockaddr_union dst; 1460 struct tdb *tdb; 1461 u_int32_t spi; 1462 u_int16_t cpi; 1463 int error, off; 1464 u_int8_t proto = 0; 1465 struct ip *ip; 1466 #ifdef INET6 1467 struct ip6_hdr *ip6; 1468 #endif /* INET6 */ 1469 #if NPF > 0 1470 struct ifnet *encif; 1471 #endif 1472 1473 if (dir == BRIDGE_IN) { 1474 switch (af) { 1475 case AF_INET: 1476 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1477 goto skiplookup; 1478 1479 ip = mtod(m, struct ip *); 1480 proto = ip->ip_p; 1481 off = offsetof(struct ip, ip_p); 1482 1483 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1484 proto != IPPROTO_IPCOMP) 1485 goto skiplookup; 1486 1487 bzero(&dst, sizeof(union sockaddr_union)); 1488 dst.sa.sa_family = AF_INET; 1489 dst.sin.sin_len = sizeof(struct sockaddr_in); 1490 m_copydata(m, offsetof(struct ip, ip_dst), 1491 sizeof(struct in_addr), 1492 (caddr_t)&dst.sin.sin_addr); 1493 1494 break; 1495 #ifdef INET6 1496 case AF_INET6: 1497 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1498 goto skiplookup; 1499 1500 ip6 = mtod(m, struct ip6_hdr *); 1501 1502 /* XXX We should chase down the header chain */ 1503 proto = ip6->ip6_nxt; 1504 off = offsetof(struct ip6_hdr, ip6_nxt); 1505 1506 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1507 proto != IPPROTO_IPCOMP) 1508 goto skiplookup; 1509 1510 bzero(&dst, sizeof(union sockaddr_union)); 1511 dst.sa.sa_family = AF_INET6; 1512 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1513 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1514 sizeof(struct in6_addr), 1515 (caddr_t)&dst.sin6.sin6_addr); 1516 1517 break; 1518 #endif /* INET6 */ 1519 default: 1520 return (0); 1521 } 1522 1523 switch (proto) { 1524 case IPPROTO_ESP: 1525 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1526 break; 1527 case IPPROTO_AH: 1528 m_copydata(m, hlen + sizeof(u_int32_t), 1529 sizeof(u_int32_t), (caddr_t)&spi); 1530 break; 1531 case IPPROTO_IPCOMP: 1532 m_copydata(m, hlen + sizeof(u_int16_t), 1533 sizeof(u_int16_t), (caddr_t)&cpi); 1534 spi = ntohl(htons(cpi)); 1535 break; 1536 } 1537 1538 NET_ASSERT_LOCKED(); 1539 1540 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1541 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1542 tdb->tdb_xform != NULL) { 1543 if (tdb->tdb_first_use == 0) { 1544 tdb->tdb_first_use = gettime(); 1545 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1546 timeout_add_sec(&tdb->tdb_first_tmo, 1547 tdb->tdb_exp_first_use); 1548 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1549 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1550 tdb->tdb_soft_first_use); 1551 } 1552 1553 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1554 return (1); 1555 } else { 1556 skiplookup: 1557 /* XXX do an input policy lookup */ 1558 return (0); 1559 } 1560 } else { /* Outgoing from the bridge. */ 1561 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1562 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1563 if (tdb != NULL) { 1564 /* 1565 * We don't need to do loop detection, the 1566 * bridge will do that for us. 1567 */ 1568 #if NPF > 0 1569 if ((encif = enc_getif(tdb->tdb_rdomain, 1570 tdb->tdb_tap)) == NULL || 1571 pf_test(af, dir, encif, &m) != PF_PASS) { 1572 m_freem(m); 1573 return (1); 1574 } 1575 if (m == NULL) 1576 return (1); 1577 else if (af == AF_INET) 1578 in_proto_cksum_out(m, encif); 1579 #ifdef INET6 1580 else if (af == AF_INET6) 1581 in6_proto_cksum_out(m, encif); 1582 #endif /* INET6 */ 1583 #endif /* NPF */ 1584 1585 ip = mtod(m, struct ip *); 1586 if ((af == AF_INET) && 1587 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1588 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1589 tdb->tdb_mtutimeout > gettime()) 1590 bridge_send_icmp_err(ifp, eh, m, 1591 hassnap, llc, tdb->tdb_mtu, 1592 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1593 else 1594 error = ipsp_process_packet(m, tdb, af, 0); 1595 return (1); 1596 } else 1597 return (0); 1598 } 1599 1600 return (0); 1601 } 1602 #endif /* IPSEC */ 1603 1604 /* 1605 * Filter IP packets by peeking into the ethernet frame. This violates 1606 * the ISO model, but allows us to act as a IP filter at the data link 1607 * layer. As a result, most of this code will look familiar to those 1608 * who've read net/if_ethersubr.c and netinet/ip_input.c 1609 */ 1610 struct mbuf * 1611 bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, 1612 struct ether_header *eh, struct mbuf *m) 1613 { 1614 struct llc llc; 1615 int hassnap = 0; 1616 struct ip *ip; 1617 int hlen; 1618 u_int16_t etype; 1619 1620 #if NVLAN > 0 1621 if (m->m_flags & M_VLANTAG) 1622 return (m); 1623 #endif 1624 1625 etype = ntohs(eh->ether_type); 1626 1627 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1628 if (etype > ETHERMTU || 1629 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1630 ETHER_HDR_LEN)) 1631 return (m); 1632 1633 m_copydata(m, ETHER_HDR_LEN, 1634 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1635 1636 if (llc.llc_dsap != LLC_SNAP_LSAP || 1637 llc.llc_ssap != LLC_SNAP_LSAP || 1638 llc.llc_control != LLC_UI || 1639 llc.llc_snap.org_code[0] || 1640 llc.llc_snap.org_code[1] || 1641 llc.llc_snap.org_code[2]) 1642 return (m); 1643 1644 etype = ntohs(llc.llc_snap.ether_type); 1645 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1646 return (m); 1647 hassnap = 1; 1648 } 1649 1650 m_adj(m, ETHER_HDR_LEN); 1651 if (hassnap) 1652 m_adj(m, LLC_SNAPFRAMELEN); 1653 1654 switch (etype) { 1655 1656 case ETHERTYPE_IP: 1657 if (m->m_pkthdr.len < sizeof(struct ip)) 1658 goto dropit; 1659 1660 /* Copy minimal header, and drop invalids */ 1661 if (m->m_len < sizeof(struct ip) && 1662 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1663 ipstat_inc(ips_toosmall); 1664 return (NULL); 1665 } 1666 ip = mtod(m, struct ip *); 1667 1668 if (ip->ip_v != IPVERSION) { 1669 ipstat_inc(ips_badvers); 1670 goto dropit; 1671 } 1672 1673 hlen = ip->ip_hl << 2; /* get whole header length */ 1674 if (hlen < sizeof(struct ip)) { 1675 ipstat_inc(ips_badhlen); 1676 goto dropit; 1677 } 1678 1679 if (hlen > m->m_len) { 1680 if ((m = m_pullup(m, hlen)) == NULL) { 1681 ipstat_inc(ips_badhlen); 1682 return (NULL); 1683 } 1684 ip = mtod(m, struct ip *); 1685 } 1686 1687 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1688 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1689 ipstat_inc(ips_badsum); 1690 goto dropit; 1691 } 1692 1693 ipstat_inc(ips_inswcsum); 1694 if (in_cksum(m, hlen) != 0) { 1695 ipstat_inc(ips_badsum); 1696 goto dropit; 1697 } 1698 } 1699 1700 if (ntohs(ip->ip_len) < hlen) 1701 goto dropit; 1702 1703 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1704 goto dropit; 1705 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1706 if (m->m_len == m->m_pkthdr.len) { 1707 m->m_len = ntohs(ip->ip_len); 1708 m->m_pkthdr.len = ntohs(ip->ip_len); 1709 } else 1710 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1711 } 1712 1713 #ifdef IPSEC 1714 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1715 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET, hlen, m)) 1716 return (NULL); 1717 #endif /* IPSEC */ 1718 #if NPF > 0 1719 /* Finally, we get to filter the packet! */ 1720 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1721 goto dropit; 1722 if (m == NULL) 1723 goto dropit; 1724 #endif /* NPF > 0 */ 1725 1726 /* Rebuild the IP header */ 1727 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1728 return (NULL); 1729 if (m->m_len < sizeof(struct ip)) 1730 goto dropit; 1731 in_proto_cksum_out(m, ifp); 1732 ip = mtod(m, struct ip *); 1733 ip->ip_sum = 0; 1734 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1735 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1736 else { 1737 ipstat_inc(ips_outswcsum); 1738 ip->ip_sum = in_cksum(m, hlen); 1739 } 1740 1741 break; 1742 1743 #ifdef INET6 1744 case ETHERTYPE_IPV6: { 1745 struct ip6_hdr *ip6; 1746 1747 if (m->m_len < sizeof(struct ip6_hdr)) { 1748 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1749 == NULL) { 1750 ip6stat_inc(ip6s_toosmall); 1751 return (NULL); 1752 } 1753 } 1754 1755 ip6 = mtod(m, struct ip6_hdr *); 1756 1757 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1758 ip6stat_inc(ip6s_badvers); 1759 goto dropit; 1760 } 1761 1762 #ifdef IPSEC 1763 hlen = sizeof(struct ip6_hdr); 1764 1765 if ((brifp->if_flags & IFF_LINK2) == IFF_LINK2 && 1766 bridge_ipsec(ifp, eh, hassnap, &llc, dir, AF_INET6, hlen, 1767 m)) 1768 return (NULL); 1769 #endif /* IPSEC */ 1770 1771 #if NPF > 0 1772 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1773 goto dropit; 1774 if (m == NULL) 1775 return (NULL); 1776 #endif /* NPF > 0 */ 1777 in6_proto_cksum_out(m, ifp); 1778 1779 break; 1780 } 1781 #endif /* INET6 */ 1782 1783 default: 1784 goto dropit; 1785 break; 1786 } 1787 1788 /* Reattach SNAP header */ 1789 if (hassnap) { 1790 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1791 if (m == NULL) 1792 goto dropit; 1793 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1794 } 1795 1796 /* Reattach ethernet header */ 1797 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1798 if (m == NULL) 1799 goto dropit; 1800 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1801 1802 return (m); 1803 1804 dropit: 1805 m_freem(m); 1806 return (NULL); 1807 } 1808 1809 void 1810 bridge_fragment(struct ifnet *brifp, struct ifnet *ifp, struct ether_header *eh, 1811 struct mbuf *m) 1812 { 1813 struct llc llc; 1814 struct mbuf *m0; 1815 int error = 0; 1816 int hassnap = 0; 1817 u_int16_t etype; 1818 struct ip *ip; 1819 1820 etype = ntohs(eh->ether_type); 1821 #if NVLAN > 0 1822 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1823 etype == ETHERTYPE_QINQ) { 1824 int len = m->m_pkthdr.len; 1825 1826 if (m->m_flags & M_VLANTAG) 1827 len += ETHER_VLAN_ENCAP_LEN; 1828 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1829 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1830 bridge_ifenqueue(brifp, ifp, m); 1831 return; 1832 } 1833 goto dropit; 1834 } 1835 #endif 1836 if (etype != ETHERTYPE_IP) { 1837 if (etype > ETHERMTU || 1838 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1839 ETHER_HDR_LEN)) 1840 goto dropit; 1841 1842 m_copydata(m, ETHER_HDR_LEN, 1843 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1844 1845 if (llc.llc_dsap != LLC_SNAP_LSAP || 1846 llc.llc_ssap != LLC_SNAP_LSAP || 1847 llc.llc_control != LLC_UI || 1848 llc.llc_snap.org_code[0] || 1849 llc.llc_snap.org_code[1] || 1850 llc.llc_snap.org_code[2] || 1851 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1852 goto dropit; 1853 1854 hassnap = 1; 1855 } 1856 1857 m_adj(m, ETHER_HDR_LEN); 1858 if (hassnap) 1859 m_adj(m, LLC_SNAPFRAMELEN); 1860 1861 if (m->m_len < sizeof(struct ip) && 1862 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1863 goto dropit; 1864 ip = mtod(m, struct ip *); 1865 1866 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1867 if (ip->ip_off & htons(IP_DF)) { 1868 bridge_send_icmp_err(ifp, eh, m, hassnap, &llc, 1869 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1870 return; 1871 } 1872 1873 error = ip_fragment(m, ifp, ifp->if_mtu); 1874 if (error) { 1875 m = NULL; 1876 goto dropit; 1877 } 1878 1879 for (; m; m = m0) { 1880 m0 = m->m_nextpkt; 1881 m->m_nextpkt = NULL; 1882 if (error == 0) { 1883 if (hassnap) { 1884 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1885 if (m == NULL) { 1886 error = ENOBUFS; 1887 continue; 1888 } 1889 bcopy(&llc, mtod(m, caddr_t), 1890 LLC_SNAPFRAMELEN); 1891 } 1892 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1893 if (m == NULL) { 1894 error = ENOBUFS; 1895 continue; 1896 } 1897 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1898 error = bridge_ifenqueue(brifp, ifp, m); 1899 if (error) { 1900 continue; 1901 } 1902 } else 1903 m_freem(m); 1904 } 1905 1906 if (error == 0) 1907 ipstat_inc(ips_fragmented); 1908 1909 return; 1910 dropit: 1911 m_freem(m); 1912 } 1913 1914 int 1915 bridge_ifenqueue(struct ifnet *brifp, struct ifnet *ifp, struct mbuf *m) 1916 { 1917 int error, len; 1918 1919 /* Loop prevention. */ 1920 m->m_flags |= M_PROTO1; 1921 1922 len = m->m_pkthdr.len; 1923 1924 error = if_enqueue(ifp, m); 1925 if (error) { 1926 brifp->if_oerrors++; 1927 return (error); 1928 } 1929 1930 brifp->if_opackets++; 1931 brifp->if_obytes += len; 1932 1933 return (0); 1934 } 1935 1936 void 1937 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1938 { 1939 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1940 1941 m->m_flags |= M_PROTO1; 1942 1943 ml_enqueue(&ml, m); 1944 if_input(ifp, &ml); 1945 } 1946 1947 void 1948 bridge_send_icmp_err(struct ifnet *ifp, 1949 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1950 int mtu, int type, int code) 1951 { 1952 struct ip *ip; 1953 struct icmp *icp; 1954 struct in_addr t; 1955 struct mbuf *m, *n2; 1956 int hlen; 1957 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1958 1959 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1960 if (!n2) { 1961 m_freem(n); 1962 return; 1963 } 1964 m = icmp_do_error(n, type, code, 0, mtu); 1965 if (m == NULL) { 1966 m_freem(n2); 1967 return; 1968 } 1969 1970 n = n2; 1971 1972 ip = mtod(m, struct ip *); 1973 hlen = ip->ip_hl << 2; 1974 t = ip->ip_dst; 1975 ip->ip_dst = ip->ip_src; 1976 ip->ip_src = t; 1977 1978 m->m_data += hlen; 1979 m->m_len -= hlen; 1980 icp = mtod(m, struct icmp *); 1981 icp->icmp_cksum = 0; 1982 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1983 m->m_data -= hlen; 1984 m->m_len += hlen; 1985 1986 ip->ip_v = IPVERSION; 1987 ip->ip_off &= htons(IP_DF); 1988 ip->ip_id = htons(ip_randomid()); 1989 ip->ip_ttl = MAXTTL; 1990 ip->ip_sum = 0; 1991 ip->ip_sum = in_cksum(m, hlen); 1992 1993 /* Swap ethernet addresses */ 1994 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1995 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1996 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1997 1998 /* Reattach SNAP header */ 1999 if (hassnap) { 2000 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 2001 if (m == NULL) 2002 goto dropit; 2003 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 2004 } 2005 2006 /* Reattach ethernet header */ 2007 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2008 if (m == NULL) 2009 goto dropit; 2010 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2011 2012 bridge_enqueue(ifp, m); 2013 m_freem(n); 2014 return; 2015 2016 dropit: 2017 m_freem(n); 2018 } 2019