1 /* $OpenBSD: if_bridge.c,v 1.312 2018/10/01 12:38:32 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 #include "mpw.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/mbuf.h> 44 #include <sys/socket.h> 45 #include <sys/ioctl.h> 46 #include <sys/kernel.h> 47 48 #include <net/if.h> 49 #include <net/if_types.h> 50 #include <net/if_llc.h> 51 #include <net/netisr.h> 52 53 #include <netinet/in.h> 54 #include <netinet/ip.h> 55 #include <netinet/ip_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_icmp.h> 58 59 #ifdef IPSEC 60 #include <netinet/ip_ipsp.h> 61 #include <net/if_enc.h> 62 #endif 63 64 #ifdef INET6 65 #include <netinet6/in6_var.h> 66 #include <netinet/ip6.h> 67 #include <netinet6/ip6_var.h> 68 #endif 69 70 #if NPF > 0 71 #include <net/pfvar.h> 72 #define BRIDGE_IN PF_IN 73 #define BRIDGE_OUT PF_OUT 74 #else 75 #define BRIDGE_IN 0 76 #define BRIDGE_OUT 1 77 #endif 78 79 #if NBPFILTER > 0 80 #include <net/bpf.h> 81 #endif 82 83 #if NCARP > 0 84 #include <netinet/ip_carp.h> 85 #endif 86 87 #if NVLAN > 0 88 #include <net/if_vlan_var.h> 89 #endif 90 91 #include <net/if_bridge.h> 92 93 /* 94 * Maximum number of addresses to cache 95 */ 96 #ifndef BRIDGE_RTABLE_MAX 97 #define BRIDGE_RTABLE_MAX 100 98 #endif 99 100 /* 101 * Timeout (in seconds) for entries learned dynamically 102 */ 103 #ifndef BRIDGE_RTABLE_TIMEOUT 104 #define BRIDGE_RTABLE_TIMEOUT 240 105 #endif 106 107 void bridgeattach(int); 108 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 109 void bridge_ifdetach(void *); 110 void bridge_spandetach(void *); 111 int bridge_input(struct ifnet *, struct mbuf *, void *); 112 void bridge_process(struct ifnet *, struct mbuf *); 113 void bridgeintr_frame(struct bridge_softc *, struct ifnet *, struct mbuf *); 114 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 115 struct ether_header *, struct mbuf *); 116 void bridge_localbroadcast(struct bridge_softc *, struct ifnet *, 117 struct ether_header *, struct mbuf *); 118 void bridge_span(struct bridge_softc *, struct mbuf *); 119 void bridge_stop(struct bridge_softc *); 120 void bridge_init(struct bridge_softc *); 121 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 122 int bridge_blocknonip(struct ether_header *, struct mbuf *); 123 void bridge_ifinput(struct ifnet *, struct mbuf *); 124 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 125 struct rtentry *); 126 #ifdef IPSEC 127 int bridge_ipsec(struct bridge_softc *, struct ifnet *, 128 struct ether_header *, int, struct llc *, 129 int, int, int, struct mbuf *); 130 #endif 131 int bridge_clone_create(struct if_clone *, int); 132 int bridge_clone_destroy(struct ifnet *ifp); 133 int bridge_delete(struct bridge_softc *, struct bridge_iflist *); 134 135 #define ETHERADDR_IS_IP_MCAST(a) \ 136 /* struct etheraddr *a; */ \ 137 ((a)->ether_addr_octet[0] == 0x01 && \ 138 (a)->ether_addr_octet[1] == 0x00 && \ 139 (a)->ether_addr_octet[2] == 0x5e) 140 141 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 142 143 struct if_clone bridge_cloner = 144 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 145 146 void 147 bridgeattach(int n) 148 { 149 if_clone_attach(&bridge_cloner); 150 } 151 152 int 153 bridge_clone_create(struct if_clone *ifc, int unit) 154 { 155 struct bridge_softc *sc; 156 struct ifnet *ifp; 157 int i; 158 159 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 160 sc->sc_stp = bstp_create(&sc->sc_if); 161 if (!sc->sc_stp) { 162 free(sc, M_DEVBUF, sizeof *sc); 163 return (ENOMEM); 164 } 165 166 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 167 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 168 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 169 TAILQ_INIT(&sc->sc_iflist); 170 TAILQ_INIT(&sc->sc_spanlist); 171 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 172 LIST_INIT(&sc->sc_rts[i]); 173 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 174 ifp = &sc->sc_if; 175 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 176 unit); 177 ifp->if_softc = sc; 178 ifp->if_mtu = ETHERMTU; 179 ifp->if_ioctl = bridge_ioctl; 180 ifp->if_output = bridge_dummy_output; 181 ifp->if_xflags = IFXF_CLONED; 182 ifp->if_start = NULL; 183 ifp->if_type = IFT_BRIDGE; 184 ifp->if_hdrlen = ETHER_HDR_LEN; 185 186 if_attach(ifp); 187 if_alloc_sadl(ifp); 188 189 #if NBPFILTER > 0 190 bpfattach(&sc->sc_if.if_bpf, ifp, 191 DLT_EN10MB, ETHER_HDR_LEN); 192 #endif 193 194 if_ih_insert(ifp, ether_input, NULL); 195 196 return (0); 197 } 198 199 int 200 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 201 struct rtentry *rt) 202 { 203 m_freem(m); 204 return (EAFNOSUPPORT); 205 } 206 207 int 208 bridge_clone_destroy(struct ifnet *ifp) 209 { 210 struct bridge_softc *sc = ifp->if_softc; 211 struct bridge_iflist *bif; 212 213 bridge_stop(sc); 214 bridge_rtflush(sc, IFBF_FLUSHALL); 215 while ((bif = TAILQ_FIRST(&sc->sc_iflist)) != NULL) 216 bridge_delete(sc, bif); 217 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) 218 bridge_spandetach(bif); 219 220 bstp_destroy(sc->sc_stp); 221 222 /* Undo pseudo-driver changes. */ 223 if_deactivate(ifp); 224 225 if_ih_remove(ifp, ether_input, NULL); 226 227 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 228 229 if_detach(ifp); 230 231 free(sc, M_DEVBUF, sizeof *sc); 232 return (0); 233 } 234 235 int 236 bridge_delete(struct bridge_softc *sc, struct bridge_iflist *bif) 237 { 238 int error; 239 240 if (bif->bif_flags & IFBIF_STP) 241 bstp_delete(bif->bif_stp); 242 243 bif->ifp->if_bridgeport = NULL; 244 error = ifpromisc(bif->ifp, 0); 245 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 246 247 if_ih_remove(bif->ifp, bridge_input, NULL); 248 TAILQ_REMOVE(&sc->sc_iflist, bif, next); 249 bridge_rtdelete(sc, bif->ifp, 0); 250 bridge_flushrule(bif); 251 free(bif, M_DEVBUF, sizeof *bif); 252 253 return (error); 254 } 255 256 int 257 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 258 { 259 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 260 struct ifbreq *req = (struct ifbreq *)data; 261 struct ifbropreq *brop = (struct ifbropreq *)data; 262 struct ifnet *ifs; 263 struct bridge_iflist *bif; 264 struct bstp_port *bp; 265 struct bstp_state *bs = sc->sc_stp; 266 int error = 0; 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL && if_clone_create(req->ifbr_ifsname, 0) == 0) 279 ifs = ifunit(req->ifbr_ifsname); 280 281 if (ifs == NULL) { /* no such interface */ 282 error = ENOENT; 283 break; 284 } 285 286 if (ifs->if_bridgeport != NULL) { 287 bif = (struct bridge_iflist *)ifs->if_bridgeport; 288 if (bif->bridge_sc == sc) 289 error = EEXIST; 290 else 291 error = EBUSY; 292 break; 293 } 294 295 /* If it's in the span list, it can't be a member. */ 296 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) 297 if (bif->ifp == ifs) 298 break; 299 if (bif != NULL) { 300 error = EBUSY; 301 break; 302 } 303 304 if (ifs->if_type == IFT_ETHER) { 305 error = ifpromisc(ifs, 1); 306 if (error != 0) 307 break; 308 } 309 #if NMPW > 0 310 else if (ifs->if_type == IFT_MPLSTUNNEL) { 311 /* Nothing needed */ 312 } 313 #endif /* NMPW */ 314 else { 315 error = EINVAL; 316 break; 317 } 318 319 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 320 if (bif == NULL) { 321 if (ifs->if_type == IFT_ETHER) 322 ifpromisc(ifs, 0); 323 error = ENOMEM; 324 break; 325 } 326 327 bif->bridge_sc = sc; 328 bif->ifp = ifs; 329 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 330 SIMPLEQ_INIT(&bif->bif_brlin); 331 SIMPLEQ_INIT(&bif->bif_brlout); 332 ifs->if_bridgeport = (caddr_t)bif; 333 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 334 bridge_ifdetach, ifs); 335 if_ih_insert(bif->ifp, bridge_input, NULL); 336 TAILQ_INSERT_TAIL(&sc->sc_iflist, bif, next); 337 break; 338 case SIOCBRDGDEL: 339 if ((error = suser(curproc)) != 0) 340 break; 341 ifs = ifunit(req->ifbr_ifsname); 342 if (ifs == NULL) { 343 error = ENOENT; 344 break; 345 } 346 bif = (struct bridge_iflist *)ifs->if_bridgeport; 347 if (bif == NULL || bif->bridge_sc != sc) { 348 error = ESRCH; 349 break; 350 } 351 error = bridge_delete(sc, bif); 352 break; 353 case SIOCBRDGIFS: 354 error = bridge_bifconf(sc, (struct ifbifconf *)data); 355 break; 356 case SIOCBRDGADDS: 357 if ((error = suser(curproc)) != 0) 358 break; 359 ifs = ifunit(req->ifbr_ifsname); 360 if (ifs == NULL) { /* no such interface */ 361 error = ENOENT; 362 break; 363 } 364 if (ifs->if_type != IFT_ETHER && 365 ifs->if_type != IFT_MPLSTUNNEL) { 366 error = EINVAL; 367 break; 368 } 369 if (ifs->if_bridgeport != NULL) { 370 error = EBUSY; 371 break; 372 } 373 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) { 374 if (bif->ifp == ifs) 375 break; 376 } 377 if (bif != NULL) { 378 error = EEXIST; 379 break; 380 } 381 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT|M_ZERO); 382 if (bif == NULL) { 383 error = ENOMEM; 384 break; 385 } 386 bif->ifp = ifs; 387 bif->bif_flags = IFBIF_SPAN; 388 bif->bridge_sc = sc; 389 bif->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 390 bridge_spandetach, bif); 391 SIMPLEQ_INIT(&bif->bif_brlin); 392 SIMPLEQ_INIT(&bif->bif_brlout); 393 TAILQ_INSERT_TAIL(&sc->sc_spanlist, bif, next); 394 break; 395 case SIOCBRDGDELS: 396 if ((error = suser(curproc)) != 0) 397 break; 398 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) { 399 if (strncmp(bif->ifp->if_xname, req->ifbr_ifsname, 400 sizeof(bif->ifp->if_xname)) == 0) { 401 bridge_spandetach(bif); 402 break; 403 } 404 } 405 if (bif == NULL) { 406 error = ENOENT; 407 break; 408 } 409 break; 410 case SIOCBRDGGIFFLGS: 411 ifs = ifunit(req->ifbr_ifsname); 412 if (ifs == NULL) { 413 error = ENOENT; 414 break; 415 } 416 bif = (struct bridge_iflist *)ifs->if_bridgeport; 417 if (bif == NULL || bif->bridge_sc != sc) { 418 error = ESRCH; 419 break; 420 } 421 req->ifbr_ifsflags = bif->bif_flags; 422 req->ifbr_portno = bif->ifp->if_index & 0xfff; 423 req->ifbr_protected = bif->bif_protected; 424 if (bif->bif_flags & IFBIF_STP) { 425 bp = bif->bif_stp; 426 req->ifbr_state = bstp_getstate(bs, bp); 427 req->ifbr_priority = bp->bp_priority; 428 req->ifbr_path_cost = bp->bp_path_cost; 429 req->ifbr_proto = bp->bp_protover; 430 req->ifbr_role = bp->bp_role; 431 req->ifbr_stpflags = bp->bp_flags; 432 req->ifbr_fwd_trans = bp->bp_forward_transitions; 433 req->ifbr_desg_bridge = bp->bp_desg_pv.pv_dbridge_id; 434 req->ifbr_desg_port = bp->bp_desg_pv.pv_dport_id; 435 req->ifbr_root_bridge = bp->bp_desg_pv.pv_root_id; 436 req->ifbr_root_cost = bp->bp_desg_pv.pv_cost; 437 req->ifbr_root_port = bp->bp_desg_pv.pv_port_id; 438 439 /* Copy STP state options as flags */ 440 if (bp->bp_operedge) 441 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 442 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 443 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 444 if (bp->bp_ptp_link) 445 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 446 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 447 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 448 } 449 break; 450 case SIOCBRDGSIFFLGS: 451 if ((error = suser(curproc)) != 0) 452 break; 453 ifs = ifunit(req->ifbr_ifsname); 454 if (ifs == NULL) { 455 error = ENOENT; 456 break; 457 } 458 bif = (struct bridge_iflist *)ifs->if_bridgeport; 459 if (bif == NULL || bif->bridge_sc != sc) { 460 error = ESRCH; 461 break; 462 } 463 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 464 error = EINVAL; 465 break; 466 } 467 if (req->ifbr_ifsflags & IFBIF_STP) { 468 if ((bif->bif_flags & IFBIF_STP) == 0) { 469 /* Enable STP */ 470 if ((bif->bif_stp = bstp_add(sc->sc_stp, 471 bif->ifp)) == NULL) { 472 error = ENOMEM; 473 break; 474 } 475 } else { 476 /* Update STP flags */ 477 bstp_ifsflags(bif->bif_stp, req->ifbr_ifsflags); 478 } 479 } else if (bif->bif_flags & IFBIF_STP) { 480 bstp_delete(bif->bif_stp); 481 bif->bif_stp = NULL; 482 } 483 bif->bif_flags = req->ifbr_ifsflags; 484 break; 485 case SIOCSIFFLAGS: 486 if ((ifp->if_flags & IFF_UP) == IFF_UP) 487 bridge_init(sc); 488 489 if ((ifp->if_flags & IFF_UP) == 0) 490 bridge_stop(sc); 491 492 break; 493 case SIOCBRDGGPARAM: 494 if ((bp = bs->bs_root_port) == NULL) 495 brop->ifbop_root_port = 0; 496 else 497 brop->ifbop_root_port = bp->bp_ifp->if_index; 498 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 499 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 500 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 501 brop->ifbop_holdcount = bs->bs_txholdcount; 502 brop->ifbop_priority = bs->bs_bridge_priority; 503 brop->ifbop_protocol = bs->bs_protover; 504 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 505 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 506 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 507 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 508 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 509 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 510 break; 511 case SIOCBRDGSIFPROT: 512 ifs = ifunit(req->ifbr_ifsname); 513 if (ifs == NULL) { 514 error = ENOENT; 515 break; 516 } 517 bif = (struct bridge_iflist *)ifs->if_bridgeport; 518 if (bif == NULL || bif->bridge_sc != sc) { 519 error = ESRCH; 520 break; 521 } 522 bif->bif_protected = req->ifbr_protected; 523 break; 524 case SIOCBRDGRTS: 525 case SIOCBRDGGCACHE: 526 case SIOCBRDGGPRI: 527 case SIOCBRDGGMA: 528 case SIOCBRDGGHT: 529 case SIOCBRDGGFD: 530 case SIOCBRDGGTO: 531 case SIOCBRDGGRL: 532 break; 533 case SIOCBRDGFLUSH: 534 case SIOCBRDGSADDR: 535 case SIOCBRDGDADDR: 536 case SIOCBRDGSCACHE: 537 case SIOCBRDGSTO: 538 case SIOCBRDGARL: 539 case SIOCBRDGFRL: 540 case SIOCBRDGSPRI: 541 case SIOCBRDGSFD: 542 case SIOCBRDGSMA: 543 case SIOCBRDGSHT: 544 case SIOCBRDGSTXHC: 545 case SIOCBRDGSPROTO: 546 case SIOCBRDGSIFPRIO: 547 case SIOCBRDGSIFCOST: 548 error = suser(curproc); 549 break; 550 default: 551 error = ENOTTY; 552 break; 553 } 554 555 if (!error) 556 error = bridgectl_ioctl(ifp, cmd, data); 557 558 if (!error) 559 error = bstp_ioctl(ifp, cmd, data); 560 561 return (error); 562 } 563 564 /* Detach an interface from a bridge. */ 565 void 566 bridge_ifdetach(void *arg) 567 { 568 struct ifnet *ifp = (struct ifnet *)arg; 569 struct bridge_softc *sc; 570 struct bridge_iflist *bif; 571 572 bif = (struct bridge_iflist *)ifp->if_bridgeport; 573 sc = bif->bridge_sc; 574 575 bridge_delete(sc, bif); 576 } 577 578 void 579 bridge_spandetach(void *arg) 580 { 581 struct bridge_iflist *bif = (struct bridge_iflist *)arg; 582 struct bridge_softc *sc = bif->bridge_sc; 583 584 hook_disestablish(bif->ifp->if_detachhooks, bif->bif_dhcookie); 585 TAILQ_REMOVE(&sc->sc_spanlist, bif, next); 586 free(bif, M_DEVBUF, sizeof(*bif)); 587 } 588 589 int 590 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 591 { 592 struct bridge_iflist *bif; 593 struct bstp_port *bp; 594 struct bstp_state *bs = sc->sc_stp; 595 u_int32_t total = 0, i = 0; 596 int error = 0; 597 struct ifbreq *breq = NULL; 598 599 TAILQ_FOREACH(bif, &sc->sc_iflist, next) 600 total++; 601 602 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) 603 total++; 604 605 if (bifc->ifbic_len == 0) { 606 i = total; 607 goto done; 608 } 609 610 if ((breq = (struct ifbreq *) 611 malloc(sizeof(*breq), M_DEVBUF, M_NOWAIT)) == NULL) 612 goto done; 613 614 TAILQ_FOREACH(bif, &sc->sc_iflist, next) { 615 bzero(breq, sizeof(*breq)); 616 if (bifc->ifbic_len < sizeof(*breq)) 617 break; 618 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 619 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 620 breq->ifbr_ifsflags = bif->bif_flags; 621 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 622 breq->ifbr_protected = bif->bif_protected; 623 if (bif->bif_flags & IFBIF_STP) { 624 bp = bif->bif_stp; 625 breq->ifbr_state = bstp_getstate(sc->sc_stp, bp); 626 breq->ifbr_priority = bp->bp_priority; 627 breq->ifbr_path_cost = bp->bp_path_cost; 628 breq->ifbr_proto = bp->bp_protover; 629 breq->ifbr_role = bp->bp_role; 630 breq->ifbr_stpflags = bp->bp_flags; 631 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 632 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 633 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 634 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 635 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 636 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 637 638 /* Copy STP state options as flags */ 639 if (bp->bp_operedge) 640 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 641 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 642 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 643 if (bp->bp_ptp_link) 644 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 645 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 646 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 647 } 648 error = copyout((caddr_t)breq, 649 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 650 if (error) 651 goto done; 652 i++; 653 bifc->ifbic_len -= sizeof(*breq); 654 } 655 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) { 656 bzero(breq, sizeof(*breq)); 657 if (bifc->ifbic_len < sizeof(*breq)) 658 break; 659 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 660 strlcpy(breq->ifbr_ifsname, bif->ifp->if_xname, IFNAMSIZ); 661 breq->ifbr_ifsflags = bif->bif_flags | IFBIF_SPAN; 662 breq->ifbr_portno = bif->ifp->if_index & 0xfff; 663 error = copyout((caddr_t)breq, 664 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 665 if (error) 666 goto done; 667 i++; 668 bifc->ifbic_len -= sizeof(*breq); 669 } 670 671 done: 672 if (breq != NULL) 673 free(breq, M_DEVBUF, sizeof *breq); 674 bifc->ifbic_len = i * sizeof(*breq); 675 return (error); 676 } 677 678 void 679 bridge_init(struct bridge_softc *sc) 680 { 681 struct ifnet *ifp = &sc->sc_if; 682 683 if ((ifp->if_flags & IFF_RUNNING) == IFF_RUNNING) 684 return; 685 686 ifp->if_flags |= IFF_RUNNING; 687 bstp_initialization(sc->sc_stp); 688 689 if (sc->sc_brttimeout != 0) 690 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 691 } 692 693 /* 694 * Stop the bridge and deallocate the routing table. 695 */ 696 void 697 bridge_stop(struct bridge_softc *sc) 698 { 699 struct ifnet *ifp = &sc->sc_if; 700 701 /* 702 * If we're not running, there's nothing to do. 703 */ 704 if ((ifp->if_flags & IFF_RUNNING) == 0) 705 return; 706 707 timeout_del(&sc->sc_brtimeout); 708 709 bridge_rtflush(sc, IFBF_FLUSHDYN); 710 711 ifp->if_flags &= ~IFF_RUNNING; 712 } 713 714 /* 715 * Send output from the bridge. The mbuf has the ethernet header 716 * already attached. We must enqueue or free the mbuf before exiting. 717 */ 718 int 719 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 720 struct rtentry *rt) 721 { 722 struct ether_header *eh; 723 struct ifnet *dst_if = NULL; 724 struct bridge_rtnode *dst_p = NULL; 725 struct ether_addr *dst; 726 struct bridge_softc *sc; 727 struct bridge_tunneltag *brtag; 728 #if NBPFILTER > 0 729 caddr_t if_bpf; 730 #endif 731 int error; 732 733 KERNEL_ASSERT_LOCKED(); 734 735 /* ifp must be a member interface of the bridge. */ 736 if (ifp->if_bridgeport == NULL) { 737 m_freem(m); 738 return (EINVAL); 739 } 740 sc = ((struct bridge_iflist *)ifp->if_bridgeport)->bridge_sc; 741 742 if (m->m_len < sizeof(*eh)) { 743 m = m_pullup(m, sizeof(*eh)); 744 if (m == NULL) 745 return (ENOBUFS); 746 } 747 eh = mtod(m, struct ether_header *); 748 dst = (struct ether_addr *)&eh->ether_dhost[0]; 749 750 /* 751 * If bridge is down, but original output interface is up, 752 * go ahead and send out that interface. Otherwise the packet 753 * is dropped below. 754 */ 755 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 756 dst_if = ifp; 757 goto sendunicast; 758 } 759 760 #if NBPFILTER > 0 761 if_bpf = sc->sc_if.if_bpf; 762 if (if_bpf) 763 bpf_mtap(if_bpf, m, BPF_DIRECTION_OUT); 764 #endif 765 ifp->if_opackets++; 766 ifp->if_obytes += m->m_pkthdr.len; 767 768 /* 769 * If the packet is a broadcast or we don't know a better way to 770 * get there, send to all interfaces. 771 */ 772 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 773 dst_if = dst_p->brt_if; 774 if (dst_if == NULL || ETHER_IS_MULTICAST(eh->ether_dhost)) { 775 struct bridge_iflist *bif, *bif0; 776 struct mbuf *mc; 777 int used = 0; 778 779 bridge_span(sc, m); 780 781 TAILQ_FOREACH(bif, &sc->sc_iflist, next) { 782 dst_if = bif->ifp; 783 if ((dst_if->if_flags & IFF_RUNNING) == 0) 784 continue; 785 786 /* 787 * If this is not the original output interface, 788 * and the interface is participating in spanning 789 * tree, make sure the port is in a state that 790 * allows forwarding. 791 */ 792 if (dst_if != ifp && 793 (bif->bif_flags & IFBIF_STP) && 794 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 795 continue; 796 #if NMPW > 0 797 /* 798 * Split horizon: avoid broadcasting messages from 799 * wire to another wire. 800 */ 801 if (ifp->if_type == IFT_MPLSTUNNEL && 802 dst_if->if_type == IFT_MPLSTUNNEL) 803 continue; 804 #endif /* NMPW */ 805 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 806 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 807 continue; 808 809 if (TAILQ_NEXT(bif, next) == NULL) { 810 used = 1; 811 mc = m; 812 } else { 813 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 814 if (mc == NULL) { 815 sc->sc_if.if_oerrors++; 816 continue; 817 } 818 } 819 820 bif0 = (struct bridge_iflist *)dst_if->if_bridgeport; 821 KASSERT(bif0 != NULL); 822 if (bridge_filterrule(&bif0->bif_brlout, eh, mc) == 823 BRL_ACTION_BLOCK) 824 continue; 825 826 error = bridge_ifenqueue(sc, dst_if, mc); 827 if (error) 828 continue; 829 } 830 if (!used) 831 m_freem(m); 832 return (0); 833 } 834 835 sendunicast: 836 if ((dst_p != NULL) && 837 (dst_p->brt_tunnel.brtag_peer.sa.sa_family != AF_UNSPEC) && 838 ((brtag = bridge_tunneltag(m)) != NULL)) 839 bridge_copytag(&dst_p->brt_tunnel, brtag); 840 841 bridge_span(sc, m); 842 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 843 m_freem(m); 844 return (ENETDOWN); 845 } 846 bridge_ifenqueue(sc, dst_if, m); 847 return (0); 848 } 849 850 /* 851 * Loop through each bridge interface and process their input queues. 852 */ 853 void 854 bridgeintr(void) 855 { 856 struct mbuf_list ml; 857 struct mbuf *m; 858 struct ifnet *ifp; 859 860 niq_delist(&bridgeintrq, &ml); 861 if (ml_empty(&ml)) 862 return; 863 864 KERNEL_LOCK(); 865 while ((m = ml_dequeue(&ml)) != NULL) { 866 867 ifp = if_get(m->m_pkthdr.ph_ifidx); 868 if (ifp == NULL) { 869 m_freem(m); 870 continue; 871 } 872 873 bridge_process(ifp, m); 874 875 if_put(ifp); 876 } 877 KERNEL_UNLOCK(); 878 } 879 880 /* 881 * Process a single frame. Frame must be freed or queued before returning. 882 */ 883 void 884 bridgeintr_frame(struct bridge_softc *sc, struct ifnet *src_if, struct mbuf *m) 885 { 886 struct ifnet *dst_if; 887 struct bridge_iflist *bif; 888 struct bridge_rtnode *dst_p; 889 struct ether_addr *dst, *src; 890 struct ether_header eh; 891 u_int32_t protected; 892 int len; 893 894 895 sc->sc_if.if_ipackets++; 896 sc->sc_if.if_ibytes += m->m_pkthdr.len; 897 898 bif = (struct bridge_iflist *)src_if->if_bridgeport; 899 KASSERT(bif != NULL); 900 901 if (m->m_pkthdr.len < sizeof(eh)) { 902 m_freem(m); 903 return; 904 } 905 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 906 dst = (struct ether_addr *)&eh.ether_dhost[0]; 907 src = (struct ether_addr *)&eh.ether_shost[0]; 908 909 /* 910 * If interface is learning, and if source address 911 * is not broadcast or multicast, record its address. 912 */ 913 if ((bif->bif_flags & IFBIF_LEARNING) && 914 (eh.ether_shost[0] & 1) == 0 && 915 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 916 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 917 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 918 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 919 920 if ((bif->bif_flags & IFBIF_STP) && 921 (bif->bif_state == BSTP_IFSTATE_LEARNING)) { 922 m_freem(m); 923 return; 924 } 925 926 /* 927 * At this point, the port either doesn't participate in stp or 928 * it's in the forwarding state 929 */ 930 931 /* 932 * If packet is unicast, destined for someone on "this" 933 * side of the bridge, drop it. 934 */ 935 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 936 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 937 dst_if = dst_p->brt_if; 938 else 939 dst_if = NULL; 940 if (dst_if == src_if) { 941 m_freem(m); 942 return; 943 } 944 } else { 945 if (memcmp(etherbroadcastaddr, eh.ether_dhost, 946 sizeof(etherbroadcastaddr)) == 0) 947 m->m_flags |= M_BCAST; 948 else 949 m->m_flags |= M_MCAST; 950 dst_if = NULL; 951 } 952 953 /* 954 * Multicast packets get handled a little differently: 955 * If interface is: 956 * -link0,-link1 (default) Forward all multicast 957 * as broadcast. 958 * -link0,link1 Drop non-IP multicast, forward 959 * as broadcast IP multicast. 960 * link0,-link1 Drop IP multicast, forward as 961 * broadcast non-IP multicast. 962 * link0,link1 Drop all multicast. 963 */ 964 if (m->m_flags & M_MCAST) { 965 if ((sc->sc_if.if_flags & 966 (IFF_LINK0 | IFF_LINK1)) == 967 (IFF_LINK0 | IFF_LINK1)) { 968 m_freem(m); 969 return; 970 } 971 if (sc->sc_if.if_flags & IFF_LINK0 && 972 ETHERADDR_IS_IP_MCAST(dst)) { 973 m_freem(m); 974 return; 975 } 976 if (sc->sc_if.if_flags & IFF_LINK1 && 977 !ETHERADDR_IS_IP_MCAST(dst)) { 978 m_freem(m); 979 return; 980 } 981 } 982 983 if (bif->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 984 m_freem(m); 985 return; 986 } 987 988 if (bridge_filterrule(&bif->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 989 m_freem(m); 990 return; 991 } 992 m = bridge_ip(sc, BRIDGE_IN, src_if, &eh, m); 993 if (m == NULL) 994 return; 995 /* 996 * If the packet is a multicast or broadcast OR if we don't 997 * know any better, forward it to all interfaces. 998 */ 999 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_if == NULL) { 1000 sc->sc_if.if_imcasts++; 1001 bridge_broadcast(sc, src_if, &eh, m); 1002 return; 1003 } 1004 protected = bif->bif_protected; 1005 1006 /* 1007 * At this point, we're dealing with a unicast frame going to a 1008 * different interface 1009 */ 1010 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1011 m_freem(m); 1012 return; 1013 } 1014 bif = (struct bridge_iflist *)dst_if->if_bridgeport; 1015 if ((bif->bif_flags & IFBIF_STP) && 1016 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) { 1017 m_freem(m); 1018 return; 1019 } 1020 /* 1021 * Do not transmit if both ports are part of the same protected 1022 * domain. 1023 */ 1024 if (protected != 0 && (protected & bif->bif_protected)) { 1025 m_freem(m); 1026 return; 1027 } 1028 if (bridge_filterrule(&bif->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) { 1029 m_freem(m); 1030 return; 1031 } 1032 m = bridge_ip(sc, BRIDGE_OUT, dst_if, &eh, m); 1033 if (m == NULL) 1034 return; 1035 1036 len = m->m_pkthdr.len; 1037 #if NVLAN > 0 1038 if ((m->m_flags & M_VLANTAG) && 1039 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1040 len += ETHER_VLAN_ENCAP_LEN; 1041 #endif 1042 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1043 bridge_fragment(sc, dst_if, &eh, m); 1044 else { 1045 bridge_ifenqueue(sc, dst_if, m); 1046 } 1047 } 1048 1049 /* 1050 * Return 1 if `ena' belongs to `bif', 0 otherwise. 1051 */ 1052 int 1053 bridge_ourether(struct bridge_iflist *bif, uint8_t *ena) 1054 { 1055 struct arpcom *ac = (struct arpcom *)bif->ifp; 1056 1057 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1058 return (1); 1059 1060 #if NCARP > 0 1061 if (carp_ourether(bif->ifp, ena)) 1062 return (1); 1063 #endif 1064 1065 return (0); 1066 } 1067 1068 /* 1069 * Receive input from an interface. Queue the packet for bridging if its 1070 * not for us, and schedule an interrupt. 1071 */ 1072 int 1073 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1074 { 1075 KASSERT(m->m_flags & M_PKTHDR); 1076 1077 if (m->m_flags & M_PROTO1) { 1078 m->m_flags &= ~M_PROTO1; 1079 return (0); 1080 } 1081 1082 niq_enqueue(&bridgeintrq, m); 1083 1084 return (1); 1085 } 1086 1087 void 1088 bridge_process(struct ifnet *ifp, struct mbuf *m) 1089 { 1090 struct bridge_softc *sc; 1091 struct bridge_iflist *bif, *bif0; 1092 struct ether_header *eh; 1093 struct mbuf *mc; 1094 #if NBPFILTER > 0 1095 caddr_t if_bpf; 1096 #endif 1097 1098 KERNEL_ASSERT_LOCKED(); 1099 1100 bif = (struct bridge_iflist *)ifp->if_bridgeport; 1101 if (bif == NULL) 1102 goto reenqueue; 1103 1104 sc = bif->bridge_sc; 1105 if ((sc->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 1106 goto reenqueue; 1107 1108 #if NVLAN > 0 1109 /* 1110 * If the underlying interface removed the VLAN header itself, 1111 * add it back. 1112 */ 1113 if (ISSET(m->m_flags, M_VLANTAG)) { 1114 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1115 if (m == NULL) 1116 return; 1117 } 1118 #endif 1119 1120 #if NBPFILTER > 0 1121 if_bpf = sc->sc_if.if_bpf; 1122 if (if_bpf) 1123 bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_IN); 1124 #endif 1125 1126 bridge_span(sc, m); 1127 1128 eh = mtod(m, struct ether_header *); 1129 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1130 /* 1131 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1132 * should not be forwarded to bridge members according to 1133 * section 7.12.6 of the 802.1D-2004 specification. The 1134 * STP destination address (as stored in bstp_etheraddr) 1135 * is the first of these. 1136 */ 1137 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1138 ETHER_ADDR_LEN - 1) == 0) { 1139 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1140 /* STP traffic */ 1141 if ((m = bstp_input(sc->sc_stp, bif->bif_stp, 1142 eh, m)) == NULL) 1143 return; 1144 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) { 1145 m_freem(m); 1146 return; 1147 } 1148 } 1149 1150 /* 1151 * No need to process frames for ifs in the discarding state 1152 */ 1153 if ((bif->bif_flags & IFBIF_STP) && 1154 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1155 goto reenqueue; 1156 1157 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1158 if (mc == NULL) 1159 goto reenqueue; 1160 1161 bridge_ifinput(ifp, mc); 1162 1163 bridgeintr_frame(sc, ifp, m); 1164 return; 1165 } 1166 1167 /* 1168 * No need to queue frames for ifs in the discarding state 1169 */ 1170 if ((bif->bif_flags & IFBIF_STP) && 1171 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1172 goto reenqueue; 1173 1174 /* 1175 * Unicast, make sure it's not for us. 1176 */ 1177 bif0 = bif; 1178 TAILQ_FOREACH(bif, &sc->sc_iflist, next) { 1179 if (bif->ifp->if_type != IFT_ETHER) 1180 continue; 1181 if (bridge_ourether(bif, eh->ether_dhost)) { 1182 if (bif0->bif_flags & IFBIF_LEARNING) 1183 bridge_rtupdate(sc, 1184 (struct ether_addr *)&eh->ether_shost, 1185 ifp, 0, IFBAF_DYNAMIC, m); 1186 if (bridge_filterrule(&bif0->bif_brlin, eh, m) == 1187 BRL_ACTION_BLOCK) { 1188 m_freem(m); 1189 return; 1190 } 1191 1192 /* Count for the bridge */ 1193 sc->sc_if.if_ipackets++; 1194 sc->sc_if.if_ibytes += m->m_pkthdr.len; 1195 1196 bridge_ifinput(bif->ifp, m); 1197 return; 1198 } 1199 if (bridge_ourether(bif, eh->ether_shost)) { 1200 m_freem(m); 1201 return; 1202 } 1203 } 1204 1205 bridgeintr_frame(sc, ifp, m); 1206 return; 1207 1208 reenqueue: 1209 bridge_ifinput(ifp, m); 1210 } 1211 1212 /* 1213 * Send a frame to all interfaces that are members of the bridge 1214 * (except the one it came in on). 1215 */ 1216 void 1217 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1218 struct ether_header *eh, struct mbuf *m) 1219 { 1220 struct bridge_iflist *bif; 1221 struct mbuf *mc; 1222 struct ifnet *dst_if; 1223 int len, used = 0; 1224 u_int32_t protected; 1225 1226 bif = (struct bridge_iflist *)ifp->if_bridgeport; 1227 protected = bif->bif_protected; 1228 1229 TAILQ_FOREACH(bif, &sc->sc_iflist, next) { 1230 dst_if = bif->ifp; 1231 1232 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1233 continue; 1234 1235 if ((bif->bif_flags & IFBIF_STP) && 1236 (bif->bif_state == BSTP_IFSTATE_DISCARDING)) 1237 continue; 1238 1239 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 && 1240 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1241 continue; 1242 1243 /* Drop non-IP frames if the appropriate flag is set. */ 1244 if (bif->bif_flags & IFBIF_BLOCKNONIP && 1245 bridge_blocknonip(eh, m)) 1246 continue; 1247 1248 /* 1249 * Do not transmit if both ports are part of the same 1250 * protected domain. 1251 */ 1252 if (protected != 0 && (protected & bif->bif_protected)) 1253 continue; 1254 1255 if (bridge_filterrule(&bif->bif_brlout, eh, m) == BRL_ACTION_BLOCK) 1256 continue; 1257 1258 /* 1259 * Don't retransmit out of the same interface where 1260 * the packet was received from. 1261 */ 1262 if (dst_if->if_index == ifp->if_index) 1263 continue; 1264 1265 bridge_localbroadcast(sc, dst_if, eh, m); 1266 1267 #if NMPW > 0 1268 /* 1269 * Split horizon: avoid broadcasting messages from wire to 1270 * another wire. 1271 */ 1272 if (ifp->if_type == IFT_MPLSTUNNEL && 1273 dst_if->if_type == IFT_MPLSTUNNEL) 1274 continue; 1275 #endif /* NMPW */ 1276 1277 /* If last one, reuse the passed-in mbuf */ 1278 if (TAILQ_NEXT(bif, next) == NULL) { 1279 mc = m; 1280 used = 1; 1281 } else { 1282 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1283 if (mc == NULL) { 1284 sc->sc_if.if_oerrors++; 1285 continue; 1286 } 1287 } 1288 1289 mc = bridge_ip(sc, BRIDGE_OUT, dst_if, eh, mc); 1290 if (mc == NULL) 1291 continue; 1292 1293 len = mc->m_pkthdr.len; 1294 #if NVLAN > 0 1295 if ((mc->m_flags & M_VLANTAG) && 1296 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1297 len += ETHER_VLAN_ENCAP_LEN; 1298 #endif 1299 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1300 bridge_fragment(sc, dst_if, eh, mc); 1301 else { 1302 bridge_ifenqueue(sc, dst_if, mc); 1303 } 1304 } 1305 1306 if (!used) 1307 m_freem(m); 1308 } 1309 1310 void 1311 bridge_localbroadcast(struct bridge_softc *sc, struct ifnet *ifp, 1312 struct ether_header *eh, struct mbuf *m) 1313 { 1314 struct mbuf *m1; 1315 u_int16_t etype; 1316 1317 /* 1318 * quick optimisation, don't send packets up the stack if no 1319 * corresponding address has been specified. 1320 */ 1321 etype = ntohs(eh->ether_type); 1322 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1323 struct ifaddr *ifa; 1324 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1325 if (ifa->ifa_addr->sa_family == AF_INET) 1326 break; 1327 } 1328 if (ifa == NULL) 1329 return; 1330 } 1331 1332 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1333 if (m1 == NULL) { 1334 sc->sc_if.if_oerrors++; 1335 return; 1336 } 1337 1338 #if NPF > 0 1339 pf_pkt_addr_changed(m1); 1340 #endif /* NPF */ 1341 1342 bridge_ifinput(ifp, m1); 1343 } 1344 1345 void 1346 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1347 { 1348 struct bridge_iflist *bif; 1349 struct ifnet *ifp; 1350 struct mbuf *mc; 1351 int error; 1352 1353 TAILQ_FOREACH(bif, &sc->sc_spanlist, next) { 1354 ifp = bif->ifp; 1355 1356 if ((ifp->if_flags & IFF_RUNNING) == 0) 1357 continue; 1358 1359 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1360 if (mc == NULL) { 1361 sc->sc_if.if_oerrors++; 1362 continue; 1363 } 1364 1365 error = bridge_ifenqueue(sc, ifp, mc); 1366 if (error) 1367 continue; 1368 } 1369 } 1370 1371 /* 1372 * Block non-ip frames: 1373 * Returns 0 if frame is ip, and 1 if it should be dropped. 1374 */ 1375 int 1376 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1377 { 1378 struct llc llc; 1379 u_int16_t etype; 1380 1381 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1382 return (1); 1383 1384 #if NVLAN > 0 1385 if (m->m_flags & M_VLANTAG) 1386 return (1); 1387 #endif 1388 1389 etype = ntohs(eh->ether_type); 1390 switch (etype) { 1391 case ETHERTYPE_ARP: 1392 case ETHERTYPE_REVARP: 1393 case ETHERTYPE_IP: 1394 case ETHERTYPE_IPV6: 1395 return (0); 1396 } 1397 1398 if (etype > ETHERMTU) 1399 return (1); 1400 1401 if (m->m_pkthdr.len < 1402 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1403 return (1); 1404 1405 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1406 (caddr_t)&llc); 1407 1408 etype = ntohs(llc.llc_snap.ether_type); 1409 if (llc.llc_dsap == LLC_SNAP_LSAP && 1410 llc.llc_ssap == LLC_SNAP_LSAP && 1411 llc.llc_control == LLC_UI && 1412 llc.llc_snap.org_code[0] == 0 && 1413 llc.llc_snap.org_code[1] == 0 && 1414 llc.llc_snap.org_code[2] == 0 && 1415 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1416 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1417 return (0); 1418 } 1419 1420 return (1); 1421 } 1422 1423 #ifdef IPSEC 1424 int 1425 bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp, 1426 struct ether_header *eh, int hassnap, struct llc *llc, 1427 int dir, int af, int hlen, struct mbuf *m) 1428 { 1429 union sockaddr_union dst; 1430 struct tdb *tdb; 1431 u_int32_t spi; 1432 u_int16_t cpi; 1433 int error, off; 1434 u_int8_t proto = 0; 1435 struct ip *ip; 1436 #ifdef INET6 1437 struct ip6_hdr *ip6; 1438 #endif /* INET6 */ 1439 #if NPF > 0 1440 struct ifnet *encif; 1441 #endif 1442 1443 if (dir == BRIDGE_IN) { 1444 switch (af) { 1445 case AF_INET: 1446 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1447 goto skiplookup; 1448 1449 ip = mtod(m, struct ip *); 1450 proto = ip->ip_p; 1451 off = offsetof(struct ip, ip_p); 1452 1453 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1454 proto != IPPROTO_IPCOMP) 1455 goto skiplookup; 1456 1457 bzero(&dst, sizeof(union sockaddr_union)); 1458 dst.sa.sa_family = AF_INET; 1459 dst.sin.sin_len = sizeof(struct sockaddr_in); 1460 m_copydata(m, offsetof(struct ip, ip_dst), 1461 sizeof(struct in_addr), 1462 (caddr_t)&dst.sin.sin_addr); 1463 1464 break; 1465 #ifdef INET6 1466 case AF_INET6: 1467 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1468 goto skiplookup; 1469 1470 ip6 = mtod(m, struct ip6_hdr *); 1471 1472 /* XXX We should chase down the header chain */ 1473 proto = ip6->ip6_nxt; 1474 off = offsetof(struct ip6_hdr, ip6_nxt); 1475 1476 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1477 proto != IPPROTO_IPCOMP) 1478 goto skiplookup; 1479 1480 bzero(&dst, sizeof(union sockaddr_union)); 1481 dst.sa.sa_family = AF_INET6; 1482 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1483 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1484 sizeof(struct in6_addr), 1485 (caddr_t)&dst.sin6.sin6_addr); 1486 1487 break; 1488 #endif /* INET6 */ 1489 default: 1490 return (0); 1491 } 1492 1493 switch (proto) { 1494 case IPPROTO_ESP: 1495 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1496 break; 1497 case IPPROTO_AH: 1498 m_copydata(m, hlen + sizeof(u_int32_t), 1499 sizeof(u_int32_t), (caddr_t)&spi); 1500 break; 1501 case IPPROTO_IPCOMP: 1502 m_copydata(m, hlen + sizeof(u_int16_t), 1503 sizeof(u_int16_t), (caddr_t)&cpi); 1504 spi = ntohl(htons(cpi)); 1505 break; 1506 } 1507 1508 NET_ASSERT_LOCKED(); 1509 1510 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1511 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1512 tdb->tdb_xform != NULL) { 1513 if (tdb->tdb_first_use == 0) { 1514 tdb->tdb_first_use = time_second; 1515 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1516 timeout_add_sec(&tdb->tdb_first_tmo, 1517 tdb->tdb_exp_first_use); 1518 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1519 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1520 tdb->tdb_soft_first_use); 1521 } 1522 1523 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1524 return (1); 1525 } else { 1526 skiplookup: 1527 /* XXX do an input policy lookup */ 1528 return (0); 1529 } 1530 } else { /* Outgoing from the bridge. */ 1531 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1532 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1533 if (tdb != NULL) { 1534 /* 1535 * We don't need to do loop detection, the 1536 * bridge will do that for us. 1537 */ 1538 #if NPF > 0 1539 if ((encif = enc_getif(tdb->tdb_rdomain, 1540 tdb->tdb_tap)) == NULL || 1541 pf_test(af, dir, encif, &m) != PF_PASS) { 1542 m_freem(m); 1543 return (1); 1544 } 1545 if (m == NULL) 1546 return (1); 1547 else if (af == AF_INET) 1548 in_proto_cksum_out(m, encif); 1549 #ifdef INET6 1550 else if (af == AF_INET6) 1551 in6_proto_cksum_out(m, encif); 1552 #endif /* INET6 */ 1553 #endif /* NPF */ 1554 1555 ip = mtod(m, struct ip *); 1556 if ((af == AF_INET) && 1557 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1558 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1559 tdb->tdb_mtutimeout > time_second) 1560 bridge_send_icmp_err(sc, ifp, eh, m, 1561 hassnap, llc, tdb->tdb_mtu, 1562 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1563 else 1564 error = ipsp_process_packet(m, tdb, af, 0); 1565 return (1); 1566 } else 1567 return (0); 1568 } 1569 1570 return (0); 1571 } 1572 #endif /* IPSEC */ 1573 1574 /* 1575 * Filter IP packets by peeking into the ethernet frame. This violates 1576 * the ISO model, but allows us to act as a IP filter at the data link 1577 * layer. As a result, most of this code will look familiar to those 1578 * who've read net/if_ethersubr.c and netinet/ip_input.c 1579 */ 1580 struct mbuf * 1581 bridge_ip(struct bridge_softc *sc, int dir, struct ifnet *ifp, 1582 struct ether_header *eh, struct mbuf *m) 1583 { 1584 struct llc llc; 1585 int hassnap = 0; 1586 struct ip *ip; 1587 int hlen; 1588 u_int16_t etype; 1589 1590 #if NVLAN > 0 1591 if (m->m_flags & M_VLANTAG) 1592 return (m); 1593 #endif 1594 1595 etype = ntohs(eh->ether_type); 1596 1597 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1598 if (etype > ETHERMTU || 1599 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1600 ETHER_HDR_LEN)) 1601 return (m); 1602 1603 m_copydata(m, ETHER_HDR_LEN, 1604 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1605 1606 if (llc.llc_dsap != LLC_SNAP_LSAP || 1607 llc.llc_ssap != LLC_SNAP_LSAP || 1608 llc.llc_control != LLC_UI || 1609 llc.llc_snap.org_code[0] || 1610 llc.llc_snap.org_code[1] || 1611 llc.llc_snap.org_code[2]) 1612 return (m); 1613 1614 etype = ntohs(llc.llc_snap.ether_type); 1615 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1616 return (m); 1617 hassnap = 1; 1618 } 1619 1620 m_adj(m, ETHER_HDR_LEN); 1621 if (hassnap) 1622 m_adj(m, LLC_SNAPFRAMELEN); 1623 1624 switch (etype) { 1625 1626 case ETHERTYPE_IP: 1627 if (m->m_pkthdr.len < sizeof(struct ip)) 1628 goto dropit; 1629 1630 /* Copy minimal header, and drop invalids */ 1631 if (m->m_len < sizeof(struct ip) && 1632 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1633 ipstat_inc(ips_toosmall); 1634 return (NULL); 1635 } 1636 ip = mtod(m, struct ip *); 1637 1638 if (ip->ip_v != IPVERSION) { 1639 ipstat_inc(ips_badvers); 1640 goto dropit; 1641 } 1642 1643 hlen = ip->ip_hl << 2; /* get whole header length */ 1644 if (hlen < sizeof(struct ip)) { 1645 ipstat_inc(ips_badhlen); 1646 goto dropit; 1647 } 1648 1649 if (hlen > m->m_len) { 1650 if ((m = m_pullup(m, hlen)) == NULL) { 1651 ipstat_inc(ips_badhlen); 1652 return (NULL); 1653 } 1654 ip = mtod(m, struct ip *); 1655 } 1656 1657 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1658 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1659 ipstat_inc(ips_badsum); 1660 goto dropit; 1661 } 1662 1663 ipstat_inc(ips_inswcsum); 1664 if (in_cksum(m, hlen) != 0) { 1665 ipstat_inc(ips_badsum); 1666 goto dropit; 1667 } 1668 } 1669 1670 if (ntohs(ip->ip_len) < hlen) 1671 goto dropit; 1672 1673 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1674 goto dropit; 1675 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1676 if (m->m_len == m->m_pkthdr.len) { 1677 m->m_len = ntohs(ip->ip_len); 1678 m->m_pkthdr.len = ntohs(ip->ip_len); 1679 } else 1680 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1681 } 1682 1683 #ifdef IPSEC 1684 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1685 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1686 dir, AF_INET, hlen, m)) 1687 return (NULL); 1688 #endif /* IPSEC */ 1689 #if NPF > 0 1690 /* Finally, we get to filter the packet! */ 1691 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1692 goto dropit; 1693 if (m == NULL) 1694 goto dropit; 1695 #endif /* NPF > 0 */ 1696 1697 /* Rebuild the IP header */ 1698 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1699 return (NULL); 1700 if (m->m_len < sizeof(struct ip)) 1701 goto dropit; 1702 in_proto_cksum_out(m, ifp); 1703 ip = mtod(m, struct ip *); 1704 ip->ip_sum = 0; 1705 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1706 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1707 else { 1708 ipstat_inc(ips_outswcsum); 1709 ip->ip_sum = in_cksum(m, hlen); 1710 } 1711 1712 break; 1713 1714 #ifdef INET6 1715 case ETHERTYPE_IPV6: { 1716 struct ip6_hdr *ip6; 1717 1718 if (m->m_len < sizeof(struct ip6_hdr)) { 1719 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1720 == NULL) { 1721 ip6stat_inc(ip6s_toosmall); 1722 return (NULL); 1723 } 1724 } 1725 1726 ip6 = mtod(m, struct ip6_hdr *); 1727 1728 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1729 ip6stat_inc(ip6s_badvers); 1730 goto dropit; 1731 } 1732 1733 #ifdef IPSEC 1734 hlen = sizeof(struct ip6_hdr); 1735 1736 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1737 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1738 dir, AF_INET6, hlen, m)) 1739 return (NULL); 1740 #endif /* IPSEC */ 1741 1742 #if NPF > 0 1743 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1744 goto dropit; 1745 if (m == NULL) 1746 return (NULL); 1747 #endif /* NPF > 0 */ 1748 in6_proto_cksum_out(m, ifp); 1749 1750 break; 1751 } 1752 #endif /* INET6 */ 1753 1754 default: 1755 goto dropit; 1756 break; 1757 } 1758 1759 /* Reattach SNAP header */ 1760 if (hassnap) { 1761 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1762 if (m == NULL) 1763 goto dropit; 1764 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1765 } 1766 1767 /* Reattach ethernet header */ 1768 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1769 if (m == NULL) 1770 goto dropit; 1771 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1772 1773 return (m); 1774 1775 dropit: 1776 m_freem(m); 1777 return (NULL); 1778 } 1779 1780 void 1781 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp, 1782 struct ether_header *eh, struct mbuf *m) 1783 { 1784 struct llc llc; 1785 struct mbuf *m0; 1786 int error = 0; 1787 int hassnap = 0; 1788 u_int16_t etype; 1789 struct ip *ip; 1790 1791 etype = ntohs(eh->ether_type); 1792 #if NVLAN > 0 1793 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1794 etype == ETHERTYPE_QINQ) { 1795 int len = m->m_pkthdr.len; 1796 1797 if (m->m_flags & M_VLANTAG) 1798 len += ETHER_VLAN_ENCAP_LEN; 1799 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1800 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1801 bridge_ifenqueue(sc, ifp, m); 1802 return; 1803 } 1804 goto dropit; 1805 } 1806 #endif 1807 if (etype != ETHERTYPE_IP) { 1808 if (etype > ETHERMTU || 1809 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1810 ETHER_HDR_LEN)) 1811 goto dropit; 1812 1813 m_copydata(m, ETHER_HDR_LEN, 1814 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1815 1816 if (llc.llc_dsap != LLC_SNAP_LSAP || 1817 llc.llc_ssap != LLC_SNAP_LSAP || 1818 llc.llc_control != LLC_UI || 1819 llc.llc_snap.org_code[0] || 1820 llc.llc_snap.org_code[1] || 1821 llc.llc_snap.org_code[2] || 1822 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1823 goto dropit; 1824 1825 hassnap = 1; 1826 } 1827 1828 m_adj(m, ETHER_HDR_LEN); 1829 if (hassnap) 1830 m_adj(m, LLC_SNAPFRAMELEN); 1831 1832 if (m->m_len < sizeof(struct ip) && 1833 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1834 goto dropit; 1835 ip = mtod(m, struct ip *); 1836 1837 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1838 if (ip->ip_off & htons(IP_DF)) { 1839 bridge_send_icmp_err(sc, ifp, eh, m, hassnap, &llc, 1840 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1841 return; 1842 } 1843 1844 error = ip_fragment(m, ifp, ifp->if_mtu); 1845 if (error) { 1846 m = NULL; 1847 goto dropit; 1848 } 1849 1850 for (; m; m = m0) { 1851 m0 = m->m_nextpkt; 1852 m->m_nextpkt = NULL; 1853 if (error == 0) { 1854 if (hassnap) { 1855 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1856 if (m == NULL) { 1857 error = ENOBUFS; 1858 continue; 1859 } 1860 bcopy(&llc, mtod(m, caddr_t), 1861 LLC_SNAPFRAMELEN); 1862 } 1863 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1864 if (m == NULL) { 1865 error = ENOBUFS; 1866 continue; 1867 } 1868 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1869 error = bridge_ifenqueue(sc, ifp, m); 1870 if (error) { 1871 continue; 1872 } 1873 } else 1874 m_freem(m); 1875 } 1876 1877 if (error == 0) 1878 ipstat_inc(ips_fragmented); 1879 1880 return; 1881 dropit: 1882 m_freem(m); 1883 } 1884 1885 int 1886 bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) 1887 { 1888 int error, len; 1889 1890 /* Loop prevention. */ 1891 m->m_flags |= M_PROTO1; 1892 1893 len = m->m_pkthdr.len; 1894 1895 error = if_enqueue(ifp, m); 1896 if (error) { 1897 sc->sc_if.if_oerrors++; 1898 return (error); 1899 } 1900 1901 sc->sc_if.if_opackets++; 1902 sc->sc_if.if_obytes += len; 1903 1904 return (0); 1905 } 1906 1907 void 1908 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1909 { 1910 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1911 1912 m->m_flags |= M_PROTO1; 1913 1914 ml_enqueue(&ml, m); 1915 if_input(ifp, &ml); 1916 } 1917 1918 void 1919 bridge_send_icmp_err(struct bridge_softc *sc, struct ifnet *ifp, 1920 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1921 int mtu, int type, int code) 1922 { 1923 struct ip *ip; 1924 struct icmp *icp; 1925 struct in_addr t; 1926 struct mbuf *m, *n2; 1927 int hlen; 1928 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1929 1930 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1931 if (!n2) { 1932 m_freem(n); 1933 return; 1934 } 1935 m = icmp_do_error(n, type, code, 0, mtu); 1936 if (m == NULL) { 1937 m_freem(n2); 1938 return; 1939 } 1940 1941 n = n2; 1942 1943 ip = mtod(m, struct ip *); 1944 hlen = ip->ip_hl << 2; 1945 t = ip->ip_dst; 1946 ip->ip_dst = ip->ip_src; 1947 ip->ip_src = t; 1948 1949 m->m_data += hlen; 1950 m->m_len -= hlen; 1951 icp = mtod(m, struct icmp *); 1952 icp->icmp_cksum = 0; 1953 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1954 m->m_data -= hlen; 1955 m->m_len += hlen; 1956 1957 ip->ip_v = IPVERSION; 1958 ip->ip_off &= htons(IP_DF); 1959 ip->ip_id = htons(ip_randomid()); 1960 ip->ip_ttl = MAXTTL; 1961 ip->ip_sum = 0; 1962 ip->ip_sum = in_cksum(m, hlen); 1963 1964 /* Swap ethernet addresses */ 1965 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1966 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1967 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1968 1969 /* Reattach SNAP header */ 1970 if (hassnap) { 1971 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1972 if (m == NULL) 1973 goto dropit; 1974 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1975 } 1976 1977 /* Reattach ethernet header */ 1978 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1979 if (m == NULL) 1980 goto dropit; 1981 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1982 1983 bridge_output(ifp, m, NULL, NULL); 1984 m_freem(n); 1985 return; 1986 1987 dropit: 1988 m_freem(n); 1989 } 1990 1991 struct bridge_tunneltag * 1992 bridge_tunnel(struct mbuf *m) 1993 { 1994 struct m_tag *mtag; 1995 1996 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) == NULL) 1997 return (NULL); 1998 1999 return ((struct bridge_tunneltag *)(mtag + 1)); 2000 } 2001 2002 struct bridge_tunneltag * 2003 bridge_tunneltag(struct mbuf *m) 2004 { 2005 struct m_tag *mtag; 2006 2007 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) == NULL) { 2008 mtag = m_tag_get(PACKET_TAG_TUNNEL, 2009 sizeof(struct bridge_tunneltag), M_NOWAIT); 2010 if (mtag == NULL) 2011 return (NULL); 2012 bzero(mtag + 1, sizeof(struct bridge_tunneltag)); 2013 m_tag_prepend(m, mtag); 2014 } 2015 2016 return ((struct bridge_tunneltag *)(mtag + 1)); 2017 } 2018 2019 void 2020 bridge_tunneluntag(struct mbuf *m) 2021 { 2022 struct m_tag *mtag; 2023 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) != NULL) 2024 m_tag_delete(m, mtag); 2025 } 2026 2027 void 2028 bridge_copyaddr(struct sockaddr *src, struct sockaddr *dst) 2029 { 2030 if (src != NULL && src->sa_family != AF_UNSPEC) 2031 memcpy(dst, src, src->sa_len); 2032 else { 2033 dst->sa_family = AF_UNSPEC; 2034 dst->sa_len = 0; 2035 } 2036 } 2037 2038 void 2039 bridge_copytag(struct bridge_tunneltag *src, struct bridge_tunneltag *dst) 2040 { 2041 if (src == NULL) { 2042 memset(dst, 0, sizeof(*dst)); 2043 } else { 2044 bridge_copyaddr(&src->brtag_peer.sa, &dst->brtag_peer.sa); 2045 bridge_copyaddr(&src->brtag_local.sa, &dst->brtag_local.sa); 2046 dst->brtag_id = src->brtag_id; 2047 } 2048 } 2049