1 /* $OpenBSD: if_bridge.c,v 1.123 2003/07/28 00:58:08 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "vlan.h" 38 39 #include <sys/param.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/ioctl.h> 45 #include <sys/errno.h> 46 #include <sys/kernel.h> 47 #include <machine/cpu.h> 48 49 #include <net/if.h> 50 #include <net/if_types.h> 51 #include <net/if_llc.h> 52 #include <net/route.h> 53 #include <net/netisr.h> 54 55 #ifdef INET 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/ip.h> 60 #include <netinet/ip_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip_icmp.h> 63 #endif 64 65 #ifdef IPSEC 66 #include <netinet/ip_ipsp.h> 67 68 #include <net/if_enc.h> 69 #endif 70 71 #ifdef INET6 72 #include <netinet/ip6.h> 73 #include <netinet6/ip6_var.h> 74 #endif 75 76 #if NPF > 0 77 #include <net/pfvar.h> 78 #define BRIDGE_IN PF_IN 79 #define BRIDGE_OUT PF_OUT 80 #else 81 #define BRIDGE_IN 0 82 #define BRIDGE_OUT 1 83 #endif 84 85 #if NBPFILTER > 0 86 #include <net/bpf.h> 87 #endif 88 89 #if NVLAN > 0 90 #include <net/if_vlan_var.h> 91 #endif 92 93 #include <net/if_bridge.h> 94 95 #ifndef BRIDGE_RTABLE_SIZE 96 #define BRIDGE_RTABLE_SIZE 1024 97 #endif 98 #define BRIDGE_RTABLE_MASK (BRIDGE_RTABLE_SIZE - 1) 99 100 /* 101 * Maximum number of addresses to cache 102 */ 103 #ifndef BRIDGE_RTABLE_MAX 104 #define BRIDGE_RTABLE_MAX 100 105 #endif 106 107 /* spanning tree defaults */ 108 #define BSTP_DEFAULT_MAX_AGE (20 * 256) 109 #define BSTP_DEFAULT_HELLO_TIME (2 * 256) 110 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256) 111 #define BSTP_DEFAULT_HOLD_TIME (1 * 256) 112 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000 113 #define BSTP_DEFAULT_PORT_PRIORITY 0x80 114 #define BSTP_DEFAULT_PATH_COST 55 115 116 /* 117 * Timeout (in seconds) for entries learned dynamically 118 */ 119 #ifndef BRIDGE_RTABLE_TIMEOUT 120 #define BRIDGE_RTABLE_TIMEOUT 240 121 #endif 122 123 extern int ifqmaxlen; 124 125 struct bridge_softc *bridgectl; 126 int nbridge; 127 128 void bridgeattach(int); 129 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 130 void bridge_start(struct ifnet *); 131 void bridgeintr_frame(struct bridge_softc *, struct mbuf *); 132 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 133 struct ether_header *, struct mbuf *); 134 void bridge_span(struct bridge_softc *, struct ether_header *, 135 struct mbuf *); 136 void bridge_stop(struct bridge_softc *); 137 void bridge_init(struct bridge_softc *); 138 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 139 140 void bridge_timer(void *); 141 int bridge_rtfind(struct bridge_softc *, struct ifbaconf *); 142 void bridge_rtage(struct bridge_softc *); 143 void bridge_rttrim(struct bridge_softc *); 144 int bridge_rtdaddr(struct bridge_softc *, struct ether_addr *); 145 int bridge_rtflush(struct bridge_softc *, int); 146 struct ifnet * bridge_rtupdate(struct bridge_softc *, 147 struct ether_addr *, struct ifnet *ifp, int, u_int8_t); 148 struct ifnet * bridge_rtlookup(struct bridge_softc *, 149 struct ether_addr *); 150 u_int32_t bridge_hash(struct bridge_softc *, struct ether_addr *); 151 int bridge_blocknonip(struct ether_header *, struct mbuf *); 152 int bridge_addrule(struct bridge_iflist *, 153 struct ifbrlreq *, int out); 154 int bridge_flushrule(struct bridge_iflist *); 155 int bridge_brlconf(struct bridge_softc *, struct ifbrlconf *); 156 u_int8_t bridge_filterrule(struct brl_head *, struct ether_header *, 157 struct mbuf *); 158 #if NPF > 0 159 struct mbuf *bridge_filter(struct bridge_softc *, int, struct ifnet *, 160 struct ether_header *, struct mbuf *m); 161 #endif 162 int bridge_ifenqueue(struct bridge_softc *, struct ifnet *, struct mbuf *); 163 void bridge_fragment(struct bridge_softc *, struct ifnet *, 164 struct ether_header *, struct mbuf *); 165 #ifdef INET 166 void bridge_send_icmp_err(struct bridge_softc *, struct ifnet *, 167 struct ether_header *, struct mbuf *, int, struct llc *, int, int); 168 #endif 169 #ifdef IPSEC 170 int bridge_ipsec(int, int, int, struct mbuf *); 171 #endif 172 173 #define ETHERADDR_IS_IP_MCAST(a) \ 174 /* struct etheraddr *a; */ \ 175 ((a)->ether_addr_octet[0] == 0x01 && \ 176 (a)->ether_addr_octet[1] == 0x00 && \ 177 (a)->ether_addr_octet[2] == 0x5e) 178 179 void 180 bridgeattach(int n) 181 { 182 struct bridge_softc *sc; 183 struct ifnet *ifp; 184 int i; 185 186 bridgectl = malloc(n * sizeof(*sc), M_DEVBUF, M_NOWAIT); 187 if (!bridgectl) 188 return; 189 nbridge = n; 190 bzero(bridgectl, n * sizeof(*sc)); 191 for (sc = bridgectl, i = 0; i < nbridge; i++, sc++) { 192 193 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 194 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 195 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE; 196 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME; 197 sc->sc_bridge_forward_delay= BSTP_DEFAULT_FORWARD_DELAY; 198 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY; 199 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME; 200 timeout_set(&sc->sc_brtimeout, bridge_timer, sc); 201 LIST_INIT(&sc->sc_iflist); 202 LIST_INIT(&sc->sc_spanlist); 203 ifp = &sc->sc_if; 204 snprintf(ifp->if_xname, sizeof ifp->if_xname, "bridge%d", i); 205 ifp->if_softc = sc; 206 ifp->if_mtu = ETHERMTU; 207 ifp->if_ioctl = bridge_ioctl; 208 ifp->if_output = bridge_output; 209 ifp->if_start = bridge_start; 210 ifp->if_type = IFT_BRIDGE; 211 ifp->if_snd.ifq_maxlen = ifqmaxlen; 212 ifp->if_hdrlen = sizeof(struct ether_header); 213 if_attach(ifp); 214 if_alloc_sadl(ifp); 215 #if NBPFILTER > 0 216 bpfattach(&sc->sc_if.if_bpf, ifp, 217 DLT_EN10MB, sizeof(struct ether_header)); 218 #endif 219 } 220 } 221 222 int 223 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 224 { 225 struct proc *prc = curproc; /* XXX */ 226 struct ifnet *ifs; 227 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 228 struct ifbreq *req = (struct ifbreq *)data; 229 struct ifbaconf *baconf = (struct ifbaconf *)data; 230 struct ifbareq *bareq = (struct ifbareq *)data; 231 struct ifbrparam *bparam = (struct ifbrparam *)data; 232 struct ifbifconf *bifconf = (struct ifbifconf *)data; 233 struct ifbrlreq *brlreq = (struct ifbrlreq *)data; 234 struct ifbrlconf *brlconf = (struct ifbrlconf *)data; 235 struct ifreq ifreq; 236 int error = 0, s; 237 struct bridge_iflist *p; 238 239 s = splnet(); 240 switch (cmd) { 241 case SIOCBRDGADD: 242 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 243 break; 244 245 ifs = ifunit(req->ifbr_ifsname); 246 if (ifs == NULL) { /* no such interface */ 247 error = ENOENT; 248 break; 249 } 250 if (ifs->if_bridge == (caddr_t)sc) { 251 error = EEXIST; 252 break; 253 } 254 if (ifs->if_bridge != NULL) { 255 error = EBUSY; 256 break; 257 } 258 259 /* If it's in the span list, it can't be a member. */ 260 LIST_FOREACH(p, &sc->sc_spanlist, next) 261 if (p->ifp == ifs) 262 break; 263 264 if (p != LIST_END(&sc->sc_spanlist)) { 265 error = EBUSY; 266 break; 267 } 268 269 if (ifs->if_type == IFT_ETHER) { 270 if ((ifs->if_flags & IFF_UP) == 0) { 271 /* 272 * Bring interface up long enough to set 273 * promiscuous flag, then shut it down again. 274 */ 275 strlcpy(ifreq.ifr_name, req->ifbr_ifsname, 276 IFNAMSIZ); 277 ifs->if_flags |= IFF_UP; 278 ifreq.ifr_flags = ifs->if_flags; 279 error = (*ifs->if_ioctl)(ifs, SIOCSIFFLAGS, 280 (caddr_t)&ifreq); 281 if (error != 0) 282 break; 283 284 error = ifpromisc(ifs, 1); 285 if (error != 0) 286 break; 287 288 strlcpy(ifreq.ifr_name, req->ifbr_ifsname, 289 IFNAMSIZ); 290 ifs->if_flags &= ~IFF_UP; 291 ifreq.ifr_flags = ifs->if_flags; 292 error = (*ifs->if_ioctl)(ifs, SIOCSIFFLAGS, 293 (caddr_t)&ifreq); 294 if (error != 0) { 295 ifpromisc(ifs, 0); 296 break; 297 } 298 } else { 299 error = ifpromisc(ifs, 1); 300 if (error != 0) 301 break; 302 } 303 } 304 #if NGIF > 0 305 else if (ifs->if_type == IFT_GIF) { 306 /* Nothing needed */ 307 } 308 #endif /* NGIF */ 309 else { 310 error = EINVAL; 311 break; 312 } 313 314 p = (struct bridge_iflist *) malloc( 315 sizeof(struct bridge_iflist), M_DEVBUF, M_NOWAIT); 316 if (p == NULL) { 317 if (ifs->if_type == IFT_ETHER) 318 ifpromisc(ifs, 0); 319 error = ENOMEM; 320 break; 321 } 322 bzero(p, sizeof(struct bridge_iflist)); 323 324 p->ifp = ifs; 325 p->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 326 p->bif_priority = BSTP_DEFAULT_PORT_PRIORITY; 327 p->bif_path_cost = BSTP_DEFAULT_PATH_COST; 328 SIMPLEQ_INIT(&p->bif_brlin); 329 SIMPLEQ_INIT(&p->bif_brlout); 330 LIST_INSERT_HEAD(&sc->sc_iflist, p, next); 331 ifs->if_bridge = (caddr_t)sc; 332 break; 333 case SIOCBRDGDEL: 334 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 335 break; 336 337 LIST_FOREACH(p, &sc->sc_iflist, next) { 338 if (strncmp(p->ifp->if_xname, req->ifbr_ifsname, 339 sizeof(p->ifp->if_xname)) == 0) { 340 p->ifp->if_bridge = NULL; 341 342 error = ifpromisc(p->ifp, 0); 343 344 LIST_REMOVE(p, next); 345 bridge_rtdelete(sc, p->ifp, 0); 346 bridge_flushrule(p); 347 free(p, M_DEVBUF); 348 break; 349 } 350 } 351 if (p == LIST_END(&sc->sc_iflist)) { 352 error = ENOENT; 353 break; 354 } 355 break; 356 case SIOCBRDGIFS: 357 error = bridge_bifconf(sc, bifconf); 358 break; 359 case SIOCBRDGADDS: 360 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 361 break; 362 ifs = ifunit(req->ifbr_ifsname); 363 if (ifs == NULL) { /* no such interface */ 364 error = ENOENT; 365 break; 366 } 367 if (ifs->if_bridge == (caddr_t)sc) { 368 error = EEXIST; 369 break; 370 } 371 if (ifs->if_bridge != NULL) { 372 error = EBUSY; 373 break; 374 } 375 LIST_FOREACH(p, &sc->sc_spanlist, next) { 376 if (p->ifp == ifs) 377 break; 378 } 379 if (p != LIST_END(&sc->sc_spanlist)) { 380 error = EBUSY; 381 break; 382 } 383 p = (struct bridge_iflist *)malloc( 384 sizeof(struct bridge_iflist), M_DEVBUF, M_NOWAIT); 385 if (p == NULL) { 386 error = ENOMEM; 387 break; 388 } 389 bzero(p, sizeof(struct bridge_iflist)); 390 p->ifp = ifs; 391 SIMPLEQ_INIT(&p->bif_brlin); 392 SIMPLEQ_INIT(&p->bif_brlout); 393 LIST_INSERT_HEAD(&sc->sc_spanlist, p, next); 394 break; 395 case SIOCBRDGDELS: 396 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 397 break; 398 LIST_FOREACH(p, &sc->sc_spanlist, next) { 399 if (strncmp(p->ifp->if_xname, req->ifbr_ifsname, 400 sizeof(p->ifp->if_xname)) == 0) { 401 LIST_REMOVE(p, next); 402 free(p, M_DEVBUF); 403 break; 404 } 405 } 406 if (p == LIST_END(&sc->sc_spanlist)) { 407 error = ENOENT; 408 break; 409 } 410 break; 411 case SIOCBRDGGIFFLGS: 412 ifs = ifunit(req->ifbr_ifsname); 413 if (ifs == NULL) { 414 error = ENOENT; 415 break; 416 } 417 if ((caddr_t)sc != ifs->if_bridge) { 418 error = ESRCH; 419 break; 420 } 421 LIST_FOREACH(p, &sc->sc_iflist, next) { 422 if (p->ifp == ifs) 423 break; 424 } 425 if (p == LIST_END(&sc->sc_iflist)) { 426 error = ESRCH; 427 break; 428 } 429 req->ifbr_ifsflags = p->bif_flags; 430 req->ifbr_state = p->bif_state; 431 req->ifbr_priority = p->bif_priority; 432 req->ifbr_path_cost = p->bif_path_cost; 433 req->ifbr_portno = p->ifp->if_index & 0xff; 434 break; 435 case SIOCBRDGSIFFLGS: 436 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 437 break; 438 ifs = ifunit(req->ifbr_ifsname); 439 if (ifs == NULL) { 440 error = ENOENT; 441 break; 442 } 443 if ((caddr_t)sc != ifs->if_bridge) { 444 error = ESRCH; 445 break; 446 } 447 LIST_FOREACH(p, &sc->sc_iflist, next) { 448 if (p->ifp == ifs) 449 break; 450 } 451 if (p == LIST_END(&sc->sc_iflist)) { 452 error = ESRCH; 453 break; 454 } 455 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 456 error = EINVAL; 457 break; 458 } 459 if ((req->ifbr_ifsflags & IFBIF_STP) && 460 (ifs->if_type != IFT_ETHER)) { 461 error = EINVAL; 462 break; 463 } 464 p->bif_flags = req->ifbr_ifsflags; 465 break; 466 case SIOCBRDGSIFPRIO: 467 case SIOCBRDGSIFCOST: 468 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 469 break; 470 ifs = ifunit(req->ifbr_ifsname); 471 if (ifs == NULL) { 472 error = ENOENT; 473 break; 474 } 475 if ((caddr_t)sc != ifs->if_bridge) { 476 error = ESRCH; 477 break; 478 } 479 LIST_FOREACH(p, &sc->sc_iflist, next) { 480 if (p->ifp == ifs) 481 break; 482 } 483 if (p == LIST_END(&sc->sc_iflist)) { 484 error = ESRCH; 485 break; 486 } 487 if (cmd == SIOCBRDGSIFPRIO) 488 p->bif_priority = req->ifbr_priority; 489 else { 490 if (req->ifbr_path_cost < 1) 491 error = EINVAL; 492 else 493 p->bif_path_cost = req->ifbr_path_cost; 494 } 495 break; 496 case SIOCBRDGRTS: 497 error = bridge_rtfind(sc, baconf); 498 break; 499 case SIOCBRDGFLUSH: 500 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 501 break; 502 503 error = bridge_rtflush(sc, req->ifbr_ifsflags); 504 break; 505 case SIOCBRDGSADDR: 506 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 507 break; 508 509 ifs = ifunit(bareq->ifba_ifsname); 510 if (ifs == NULL) { /* no such interface */ 511 error = ENOENT; 512 break; 513 } 514 515 if (ifs->if_bridge == NULL || 516 ifs->if_bridge != (caddr_t)sc) { 517 error = ESRCH; 518 break; 519 } 520 521 ifs = bridge_rtupdate(sc, &bareq->ifba_dst, ifs, 1, 522 bareq->ifba_flags); 523 if (ifs == NULL) 524 error = ENOMEM; 525 break; 526 case SIOCBRDGDADDR: 527 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 528 break; 529 error = bridge_rtdaddr(sc, &bareq->ifba_dst); 530 break; 531 case SIOCBRDGGCACHE: 532 bparam->ifbrp_csize = sc->sc_brtmax; 533 break; 534 case SIOCBRDGSCACHE: 535 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 536 break; 537 sc->sc_brtmax = bparam->ifbrp_csize; 538 bridge_rttrim(sc); 539 break; 540 case SIOCBRDGSTO: 541 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 542 break; 543 if (bparam->ifbrp_ctime < 0 || 544 bparam->ifbrp_ctime > INT_MAX / hz) { 545 error = EINVAL; 546 break; 547 } 548 sc->sc_brttimeout = bparam->ifbrp_ctime; 549 timeout_del(&sc->sc_brtimeout); 550 if (bparam->ifbrp_ctime != 0) 551 timeout_add(&sc->sc_brtimeout, sc->sc_brttimeout * hz); 552 break; 553 case SIOCBRDGGTO: 554 bparam->ifbrp_ctime = sc->sc_brttimeout; 555 break; 556 case SIOCSIFFLAGS: 557 if ((ifp->if_flags & IFF_UP) == IFF_UP) 558 bridge_init(sc); 559 560 if ((ifp->if_flags & IFF_UP) == 0) 561 bridge_stop(sc); 562 563 break; 564 case SIOCBRDGARL: 565 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 566 break; 567 ifs = ifunit(brlreq->ifbr_ifsname); 568 if (ifs == NULL) { 569 error = ENOENT; 570 break; 571 } 572 if (ifs->if_bridge == NULL || 573 ifs->if_bridge != (caddr_t)sc) { 574 error = ESRCH; 575 break; 576 } 577 LIST_FOREACH(p, &sc->sc_iflist, next) { 578 if (p->ifp == ifs) 579 break; 580 } 581 if (p == LIST_END(&sc->sc_iflist)) { 582 error = ESRCH; 583 break; 584 } 585 if ((brlreq->ifbr_action != BRL_ACTION_BLOCK && 586 brlreq->ifbr_action != BRL_ACTION_PASS) || 587 (brlreq->ifbr_flags & (BRL_FLAG_IN|BRL_FLAG_OUT)) == 0) { 588 error = EINVAL; 589 break; 590 } 591 if (brlreq->ifbr_flags & BRL_FLAG_IN) { 592 error = bridge_addrule(p, brlreq, 0); 593 if (error) 594 break; 595 } 596 if (brlreq->ifbr_flags & BRL_FLAG_OUT) { 597 error = bridge_addrule(p, brlreq, 1); 598 if (error) 599 break; 600 } 601 break; 602 case SIOCBRDGFRL: 603 if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) 604 break; 605 ifs = ifunit(brlreq->ifbr_ifsname); 606 if (ifs == NULL) { 607 error = ENOENT; 608 break; 609 } 610 if (ifs->if_bridge == NULL || 611 ifs->if_bridge != (caddr_t)sc) { 612 error = ESRCH; 613 break; 614 } 615 LIST_FOREACH(p, &sc->sc_iflist, next) { 616 if (p->ifp == ifs) 617 break; 618 } 619 if (p == LIST_END(&sc->sc_iflist)) { 620 error = ESRCH; 621 break; 622 } 623 error = bridge_flushrule(p); 624 break; 625 case SIOCBRDGGRL: 626 error = bridge_brlconf(sc, brlconf); 627 break; 628 case SIOCBRDGGPRI: 629 case SIOCBRDGGMA: 630 case SIOCBRDGGHT: 631 case SIOCBRDGGFD: 632 break; 633 case SIOCBRDGSPRI: 634 case SIOCBRDGSFD: 635 case SIOCBRDGSMA: 636 case SIOCBRDGSHT: 637 error = suser(prc->p_ucred, &prc->p_acflag); 638 break; 639 default: 640 error = EINVAL; 641 } 642 643 if (!error) 644 error = bstp_ioctl(ifp, cmd, data); 645 646 splx(s); 647 return (error); 648 } 649 650 /* Detach an interface from a bridge. */ 651 void 652 bridge_ifdetach(struct ifnet *ifp) 653 { 654 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_bridge; 655 struct bridge_iflist *bif; 656 657 LIST_FOREACH(bif, &sc->sc_iflist, next) 658 if (bif->ifp == ifp) { 659 LIST_REMOVE(bif, next); 660 bridge_rtdelete(sc, ifp, 0); 661 bridge_flushrule(bif); 662 free(bif, M_DEVBUF); 663 ifp->if_bridge = NULL; 664 break; 665 } 666 } 667 668 int 669 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 670 { 671 struct bridge_iflist *p; 672 u_int32_t total = 0, i = 0; 673 int error = 0; 674 struct ifbreq breq; 675 676 LIST_FOREACH(p, &sc->sc_iflist, next) 677 total++; 678 679 LIST_FOREACH(p, &sc->sc_spanlist, next) 680 total++; 681 682 if (bifc->ifbic_len == 0) { 683 i = total; 684 goto done; 685 } 686 687 LIST_FOREACH(p, &sc->sc_iflist, next) { 688 if (bifc->ifbic_len < sizeof(breq)) 689 break; 690 strlcpy(breq.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 691 strlcpy(breq.ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 692 breq.ifbr_ifsflags = p->bif_flags; 693 breq.ifbr_state = p->bif_state; 694 breq.ifbr_priority = p->bif_priority; 695 breq.ifbr_path_cost = p->bif_path_cost; 696 breq.ifbr_portno = p->ifp->if_index & 0xff; 697 error = copyout((caddr_t)&breq, 698 (caddr_t)(bifc->ifbic_req + i), sizeof(breq)); 699 if (error) 700 goto done; 701 i++; 702 bifc->ifbic_len -= sizeof(breq); 703 } 704 LIST_FOREACH(p, &sc->sc_spanlist, next) { 705 if (bifc->ifbic_len < sizeof(breq)) 706 break; 707 strlcpy(breq.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 708 strlcpy(breq.ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 709 breq.ifbr_ifsflags = p->bif_flags | IFBIF_SPAN; 710 breq.ifbr_state = p->bif_state; 711 breq.ifbr_priority = p->bif_priority; 712 breq.ifbr_path_cost = p->bif_path_cost; 713 breq.ifbr_portno = p->ifp->if_index & 0xff; 714 error = copyout((caddr_t)&breq, 715 (caddr_t)(bifc->ifbic_req + i), sizeof(breq)); 716 if (error) 717 goto done; 718 i++; 719 bifc->ifbic_len -= sizeof(breq); 720 } 721 722 done: 723 bifc->ifbic_len = i * sizeof(breq); 724 return (error); 725 } 726 727 int 728 bridge_brlconf(struct bridge_softc *sc, struct ifbrlconf *bc) 729 { 730 struct ifnet *ifp; 731 struct bridge_iflist *ifl; 732 struct brl_node *n; 733 struct ifbrlreq req; 734 int error = 0; 735 u_int32_t i = 0, total = 0; 736 737 ifp = ifunit(bc->ifbrl_ifsname); 738 if (ifp == NULL) 739 return (ENOENT); 740 if (ifp->if_bridge == NULL || ifp->if_bridge != (caddr_t)sc) 741 return (ESRCH); 742 LIST_FOREACH(ifl, &sc->sc_iflist, next) { 743 if (ifl->ifp == ifp) 744 break; 745 } 746 if (ifl == LIST_END(&sc->sc_iflist)) 747 return (ESRCH); 748 749 SIMPLEQ_FOREACH(n, &ifl->bif_brlin, brl_next) { 750 total++; 751 } 752 SIMPLEQ_FOREACH(n, &ifl->bif_brlout, brl_next) { 753 total++; 754 } 755 756 if (bc->ifbrl_len == 0) { 757 i = total; 758 goto done; 759 } 760 761 SIMPLEQ_FOREACH(n, &ifl->bif_brlin, brl_next) { 762 if (bc->ifbrl_len < sizeof(req)) 763 goto done; 764 strlcpy(req.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 765 strlcpy(req.ifbr_ifsname, ifl->ifp->if_xname, IFNAMSIZ); 766 req.ifbr_action = n->brl_action; 767 req.ifbr_flags = n->brl_flags; 768 req.ifbr_src = n->brl_src; 769 req.ifbr_dst = n->brl_dst; 770 #if NPF > 0 771 req.ifbr_tagname[0] = '\0'; 772 if (n->brl_tag) 773 pf_tag2tagname(n->brl_tag, req.ifbr_tagname); 774 #endif 775 error = copyout((caddr_t)&req, 776 (caddr_t)(bc->ifbrl_buf + (i * sizeof(req))), sizeof(req)); 777 if (error) 778 goto done; 779 i++; 780 bc->ifbrl_len -= sizeof(req); 781 } 782 783 SIMPLEQ_FOREACH(n, &ifl->bif_brlout, brl_next) { 784 if (bc->ifbrl_len < sizeof(req)) 785 goto done; 786 strlcpy(req.ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 787 strlcpy(req.ifbr_ifsname, ifl->ifp->if_xname, IFNAMSIZ); 788 req.ifbr_action = n->brl_action; 789 req.ifbr_flags = n->brl_flags; 790 req.ifbr_src = n->brl_src; 791 req.ifbr_dst = n->brl_dst; 792 #if NPF > 0 793 req.ifbr_tagname[0] = '\0'; 794 if (n->brl_tag) 795 pf_tag2tagname(n->brl_tag, req.ifbr_tagname); 796 #endif 797 error = copyout((caddr_t)&req, 798 (caddr_t)(bc->ifbrl_buf + (i * sizeof(req))), sizeof(req)); 799 if (error) 800 goto done; 801 i++; 802 bc->ifbrl_len -= sizeof(req); 803 } 804 805 done: 806 bc->ifbrl_len = i * sizeof(req); 807 return (error); 808 } 809 810 void 811 bridge_init(struct bridge_softc *sc) 812 { 813 struct ifnet *ifp = &sc->sc_if; 814 int i; 815 816 if ((ifp->if_flags & IFF_RUNNING) == IFF_RUNNING) 817 return; 818 819 if (sc->sc_rts == NULL) { 820 sc->sc_rts = (struct bridge_rthead *)malloc( 821 BRIDGE_RTABLE_SIZE * (sizeof(struct bridge_rthead)), 822 M_DEVBUF, M_NOWAIT); 823 if (sc->sc_rts == NULL) 824 return; 825 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) { 826 LIST_INIT(&sc->sc_rts[i]); 827 } 828 sc->sc_hashkey = arc4random(); 829 } 830 ifp->if_flags |= IFF_RUNNING; 831 832 if (sc->sc_brttimeout != 0) 833 timeout_add(&sc->sc_brtimeout, sc->sc_brttimeout * hz); 834 } 835 836 /* 837 * Stop the bridge and deallocate the routing table. 838 */ 839 void 840 bridge_stop(struct bridge_softc *sc) 841 { 842 struct ifnet *ifp = &sc->sc_if; 843 844 /* 845 * If we're not running, there's nothing to do. 846 */ 847 if ((ifp->if_flags & IFF_RUNNING) == 0) 848 return; 849 850 timeout_del(&sc->sc_brtimeout); 851 852 bridge_rtflush(sc, IFBF_FLUSHDYN); 853 854 ifp->if_flags &= ~IFF_RUNNING; 855 } 856 857 /* 858 * Send output from the bridge. The mbuf has the ethernet header 859 * already attached. We must enqueue or free the mbuf before exiting. 860 */ 861 int 862 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 863 struct rtentry *rt) 864 { 865 struct ether_header *eh; 866 struct ifnet *dst_if; 867 struct ether_addr *src, *dst; 868 struct bridge_softc *sc; 869 int s, error, len; 870 #ifdef IPSEC 871 struct m_tag *mtag; 872 #endif /* IPSEC */ 873 874 if (m->m_len < sizeof(*eh)) { 875 m = m_pullup(m, sizeof(*eh)); 876 if (m == NULL) 877 return (0); 878 } 879 eh = mtod(m, struct ether_header *); 880 dst = (struct ether_addr *)&eh->ether_dhost[0]; 881 src = (struct ether_addr *)&eh->ether_shost[0]; 882 sc = (struct bridge_softc *)ifp->if_bridge; 883 884 s = splimp(); 885 886 /* 887 * If bridge is down, but original output interface is up, 888 * go ahead and send out that interface. Otherwise the packet 889 * is dropped below. 890 */ 891 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 892 dst_if = ifp; 893 goto sendunicast; 894 } 895 896 /* 897 * If the packet is a broadcast or we don't know a better way to 898 * get there, send to all interfaces. 899 */ 900 dst_if = bridge_rtlookup(sc, dst); 901 if (dst_if == NULL || ETHER_IS_MULTICAST(eh->ether_dhost)) { 902 struct bridge_iflist *p; 903 struct mbuf *mc; 904 int used = 0; 905 906 #ifdef IPSEC 907 /* 908 * Don't send out the packet if IPsec is needed, and 909 * notify IPsec to do its own crypto for now. 910 */ 911 if ((mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, 912 NULL)) != NULL) { 913 ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); 914 m_freem(m); 915 splx(s); 916 return (0); 917 } 918 #endif /* IPSEC */ 919 920 /* Catch packets that need TCP/UDP/IP hardware checksumming */ 921 if (m->m_pkthdr.csum & M_IPV4_CSUM_OUT || 922 m->m_pkthdr.csum & M_TCPV4_CSUM_OUT || 923 m->m_pkthdr.csum & M_UDPV4_CSUM_OUT) { 924 m_freem(m); 925 splx(s); 926 return (0); 927 } 928 929 bridge_span(sc, NULL, m); 930 931 LIST_FOREACH(p, &sc->sc_iflist, next) { 932 dst_if = p->ifp; 933 if ((dst_if->if_flags & IFF_RUNNING) == 0) 934 continue; 935 936 /* 937 * If this is not the original output interface, 938 * and the interface is participating in spanning 939 * tree, make sure the port is in a state that 940 * allows forwarding. 941 */ 942 if (dst_if != ifp && 943 (p->bif_flags & IFBIF_STP) && 944 (p->bif_state != BSTP_IFSTATE_FORWARDING)) 945 continue; 946 947 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 948 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 949 continue; 950 951 #ifdef ALTQ 952 if (ALTQ_IS_ENABLED(&dst_if->if_snd) == 0) 953 #endif 954 if (IF_QFULL(&dst_if->if_snd)) { 955 IF_DROP(&dst_if->if_snd); 956 sc->sc_if.if_oerrors++; 957 continue; 958 } 959 if (LIST_NEXT(p, next) == LIST_END(&sc->sc_iflist)) { 960 used = 1; 961 mc = m; 962 } else { 963 struct mbuf *m1, *m2, *mx; 964 965 m1 = m_copym2(m, 0, sizeof(struct ether_header), 966 M_DONTWAIT); 967 if (m1 == NULL) { 968 sc->sc_if.if_oerrors++; 969 continue; 970 } 971 m2 = m_copym2(m, sizeof(struct ether_header), 972 M_COPYALL, M_DONTWAIT); 973 if (m2 == NULL) { 974 m_freem(m1); 975 sc->sc_if.if_oerrors++; 976 continue; 977 } 978 979 for (mx = m1; mx->m_next != NULL; mx = mx->m_next) 980 /*EMPTY*/; 981 mx->m_next = m2; 982 983 if (m1->m_flags & M_PKTHDR) { 984 len = 0; 985 for (mx = m1; mx != NULL; mx = mx->m_next) 986 len += mx->m_len; 987 m1->m_pkthdr.len = len; 988 } 989 mc = m1; 990 } 991 992 error = bridge_ifenqueue(sc, dst_if, mc); 993 if (error) 994 continue; 995 } 996 if (!used) 997 m_freem(m); 998 splx(s); 999 return (0); 1000 } 1001 1002 sendunicast: 1003 bridge_span(sc, NULL, m); 1004 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1005 m_freem(m); 1006 splx(s); 1007 return (0); 1008 } 1009 bridge_ifenqueue(sc, dst_if, m); 1010 splx(s); 1011 return (0); 1012 } 1013 1014 /* 1015 * Start output on the bridge. This function should never be called. 1016 */ 1017 void 1018 bridge_start(struct ifnet *ifp) 1019 { 1020 } 1021 1022 /* 1023 * Loop through each bridge interface and process their input queues. 1024 */ 1025 void 1026 bridgeintr(void) 1027 { 1028 struct bridge_softc *sc; 1029 struct mbuf *m; 1030 int i, s; 1031 1032 for (i = 0; i < nbridge; i++) { 1033 sc = &bridgectl[i]; 1034 for (;;) { 1035 s = splimp(); 1036 IF_DEQUEUE(&sc->sc_if.if_snd, m); 1037 splx(s); 1038 if (m == NULL) 1039 break; 1040 bridgeintr_frame(sc, m); 1041 } 1042 } 1043 } 1044 1045 /* 1046 * Process a single frame. Frame must be freed or queued before returning. 1047 */ 1048 void 1049 bridgeintr_frame(struct bridge_softc *sc, struct mbuf *m) 1050 { 1051 int s, len; 1052 struct ifnet *src_if, *dst_if; 1053 struct bridge_iflist *ifl; 1054 struct ether_addr *dst, *src; 1055 struct ether_header eh; 1056 1057 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 1058 m_freem(m); 1059 return; 1060 } 1061 1062 src_if = m->m_pkthdr.rcvif; 1063 1064 #if NBPFILTER > 0 1065 if (sc->sc_if.if_bpf) 1066 bpf_mtap(sc->sc_if.if_bpf, m); 1067 #endif 1068 1069 sc->sc_if.if_ipackets++; 1070 sc->sc_if.if_ibytes += m->m_pkthdr.len; 1071 1072 LIST_FOREACH(ifl, &sc->sc_iflist, next) 1073 if (ifl->ifp == src_if) 1074 break; 1075 1076 if (ifl == LIST_END(&sc->sc_iflist)) { 1077 m_freem(m); 1078 return; 1079 } 1080 1081 if ((ifl->bif_flags & IFBIF_STP) && 1082 (ifl->bif_state == BSTP_IFSTATE_BLOCKING || 1083 ifl->bif_state == BSTP_IFSTATE_LISTENING || 1084 ifl->bif_state == BSTP_IFSTATE_DISABLED)) { 1085 m_freem(m); 1086 return; 1087 } 1088 1089 if (m->m_pkthdr.len < sizeof(eh)) { 1090 m_freem(m); 1091 return; 1092 } 1093 m_copydata(m, 0, sizeof(struct ether_header), (caddr_t)&eh); 1094 dst = (struct ether_addr *)&eh.ether_dhost[0]; 1095 src = (struct ether_addr *)&eh.ether_shost[0]; 1096 1097 /* 1098 * If interface is learning, and if source address 1099 * is not broadcast or multicast, record it's address. 1100 */ 1101 if ((ifl->bif_flags & IFBIF_LEARNING) && 1102 (eh.ether_shost[0] & 1) == 0 && 1103 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 1104 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 1105 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 1106 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC); 1107 1108 if ((ifl->bif_flags & IFBIF_STP) && 1109 (ifl->bif_state == BSTP_IFSTATE_LEARNING)) { 1110 m_freem(m); 1111 return; 1112 } 1113 1114 /* 1115 * At this point, the port either doesn't participate in stp or 1116 * it's in the forwarding state 1117 */ 1118 1119 /* 1120 * If packet is unicast, destined for someone on "this" 1121 * side of the bridge, drop it. 1122 */ 1123 if ((m->m_flags & (M_BCAST | M_MCAST)) == 0) { 1124 dst_if = bridge_rtlookup(sc, dst); 1125 if (dst_if == src_if) { 1126 m_freem(m); 1127 return; 1128 } 1129 } else 1130 dst_if = NULL; 1131 1132 /* 1133 * Multicast packets get handled a little differently: 1134 * If interface is: 1135 * -link0,-link1 (default) Forward all multicast 1136 * as broadcast. 1137 * -link0,link1 Drop non-IP multicast, forward 1138 * as broadcast IP multicast. 1139 * link0,-link1 Drop IP multicast, forward as 1140 * broadcast non-IP multicast. 1141 * link0,link1 Drop all multicast. 1142 */ 1143 if (m->m_flags & M_MCAST) { 1144 if ((sc->sc_if.if_flags & 1145 (IFF_LINK0 | IFF_LINK1)) == 1146 (IFF_LINK0 | IFF_LINK1)) { 1147 m_freem(m); 1148 return; 1149 } 1150 if (sc->sc_if.if_flags & IFF_LINK0 && 1151 ETHERADDR_IS_IP_MCAST(dst)) { 1152 m_freem(m); 1153 return; 1154 } 1155 if (sc->sc_if.if_flags & IFF_LINK1 && 1156 !ETHERADDR_IS_IP_MCAST(dst)) { 1157 m_freem(m); 1158 return; 1159 } 1160 } 1161 1162 if (ifl->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 1163 m_freem(m); 1164 return; 1165 } 1166 1167 if (bridge_filterrule(&ifl->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 1168 m_freem(m); 1169 return; 1170 } 1171 #if NPF > 0 1172 m = bridge_filter(sc, BRIDGE_IN, src_if, &eh, m); 1173 if (m == NULL) 1174 return; 1175 #endif 1176 /* 1177 * If the packet is a multicast or broadcast OR if we don't 1178 * know any better, forward it to all interfaces. 1179 */ 1180 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_if == NULL) { 1181 sc->sc_if.if_imcasts++; 1182 s = splimp(); 1183 bridge_broadcast(sc, src_if, &eh, m); 1184 splx(s); 1185 return; 1186 } 1187 1188 /* 1189 * At this point, we're dealing with a unicast frame going to a 1190 * different interface 1191 */ 1192 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 1193 m_freem(m); 1194 return; 1195 } 1196 LIST_FOREACH(ifl, &sc->sc_iflist, next) { 1197 if (ifl->ifp == dst_if) 1198 break; 1199 } 1200 if (ifl == LIST_END(&sc->sc_iflist)) { 1201 m_freem(m); 1202 return; 1203 } 1204 if ((ifl->bif_flags & IFBIF_STP) && 1205 (ifl->bif_state == BSTP_IFSTATE_DISABLED || 1206 ifl->bif_state == BSTP_IFSTATE_BLOCKING)) { 1207 m_freem(m); 1208 return; 1209 } 1210 if (bridge_filterrule(&ifl->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) { 1211 m_freem(m); 1212 return; 1213 } 1214 #if NPF > 0 1215 m = bridge_filter(sc, BRIDGE_OUT, dst_if, &eh, m); 1216 if (m == NULL) 1217 return; 1218 #endif 1219 1220 len = m->m_pkthdr.len; 1221 if ((len - sizeof(struct ether_header)) > dst_if->if_mtu) 1222 bridge_fragment(sc, dst_if, &eh, m); 1223 else { 1224 s = splimp(); 1225 bridge_ifenqueue(sc, dst_if, m); 1226 splx(s); 1227 } 1228 } 1229 1230 /* 1231 * Receive input from an interface. Queue the packet for bridging if its 1232 * not for us, and schedule an interrupt. 1233 */ 1234 struct mbuf * 1235 bridge_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) 1236 { 1237 struct bridge_softc *sc; 1238 int s; 1239 struct bridge_iflist *ifl, *srcifl; 1240 struct arpcom *ac; 1241 struct mbuf *mc; 1242 1243 /* 1244 * Make sure this interface is a bridge member. 1245 */ 1246 if (ifp == NULL || ifp->if_bridge == NULL || m == NULL) 1247 return (m); 1248 1249 if ((m->m_flags & M_PKTHDR) == 0) 1250 panic("bridge_input(): no HDR"); 1251 1252 m->m_flags &= ~M_PROTO1; /* Loop prevention */ 1253 1254 sc = (struct bridge_softc *)ifp->if_bridge; 1255 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) 1256 return (m); 1257 1258 LIST_FOREACH(ifl, &sc->sc_iflist, next) { 1259 if (ifl->ifp == ifp) 1260 break; 1261 } 1262 if (ifl == LIST_END(&sc->sc_iflist)) 1263 return (m); 1264 1265 bridge_span(sc, eh, m); 1266 1267 if (m->m_flags & (M_BCAST | M_MCAST)) { 1268 /* Tap off 802.1D packets, they do not get forwarded */ 1269 if (bcmp(eh->ether_dhost, bstp_etheraddr, ETHER_ADDR_LEN) == 0) { 1270 m = bstp_input(sc, ifp, eh, m); 1271 if (m == NULL) 1272 return (NULL); 1273 } 1274 1275 /* 1276 * No need to queue frames for ifs in the blocking, disabled, 1277 * or listening state 1278 */ 1279 if ((ifl->bif_flags & IFBIF_STP) && 1280 ((ifl->bif_state == BSTP_IFSTATE_BLOCKING) || 1281 (ifl->bif_state == BSTP_IFSTATE_LISTENING) || 1282 (ifl->bif_state == BSTP_IFSTATE_DISABLED))) 1283 return (m); 1284 1285 /* 1286 * make a copy of 'm' with 'eh' tacked on to the 1287 * beginning. Return 'm' for local processing 1288 * and enqueue the copy. Schedule netisr. 1289 */ 1290 mc = m_copym2(m, 0, M_COPYALL, M_NOWAIT); 1291 if (mc == NULL) 1292 return (m); 1293 M_PREPEND(mc, sizeof(struct ether_header), M_DONTWAIT); 1294 if (mc == NULL) 1295 return (m); 1296 bcopy(eh, mtod(mc, caddr_t), sizeof(struct ether_header)); 1297 s = splimp(); 1298 if (IF_QFULL(&sc->sc_if.if_snd)) { 1299 m_freem(mc); 1300 splx(s); 1301 return (m); 1302 } 1303 IF_ENQUEUE(&sc->sc_if.if_snd, mc); 1304 splx(s); 1305 schednetisr(NETISR_BRIDGE); 1306 if (ifp->if_type == IFT_GIF) { 1307 LIST_FOREACH(ifl, &sc->sc_iflist, next) { 1308 if (ifl->ifp->if_type == IFT_ETHER) 1309 break; 1310 } 1311 if (ifl != LIST_END(&sc->sc_iflist)) { 1312 m->m_flags |= M_PROTO1; 1313 m->m_pkthdr.rcvif = ifl->ifp; 1314 ether_input(ifl->ifp, eh, m); 1315 m = NULL; 1316 } 1317 } 1318 return (m); 1319 } 1320 1321 /* 1322 * No need to queue frames for ifs in the blocking, disabled, or 1323 * listening state 1324 */ 1325 if ((ifl->bif_flags & IFBIF_STP) && 1326 ((ifl->bif_state == BSTP_IFSTATE_BLOCKING) || 1327 (ifl->bif_state == BSTP_IFSTATE_LISTENING) || 1328 (ifl->bif_state == BSTP_IFSTATE_DISABLED))) 1329 return (m); 1330 1331 1332 /* 1333 * Unicast, make sure it's not for us. 1334 */ 1335 srcifl = ifl; 1336 LIST_FOREACH(ifl, &sc->sc_iflist, next) { 1337 if (ifl->ifp->if_type != IFT_ETHER) 1338 continue; 1339 ac = (struct arpcom *)ifl->ifp; 1340 if (bcmp(ac->ac_enaddr, eh->ether_dhost, ETHER_ADDR_LEN) == 0) { 1341 if (srcifl->bif_flags & IFBIF_LEARNING) 1342 bridge_rtupdate(sc, 1343 (struct ether_addr *)&eh->ether_shost, 1344 ifp, 0, IFBAF_DYNAMIC); 1345 m->m_pkthdr.rcvif = ifl->ifp; 1346 if (ifp->if_type == IFT_GIF) { 1347 m->m_flags |= M_PROTO1; 1348 ether_input(ifl->ifp, eh, m); 1349 m = NULL; 1350 } 1351 return (m); 1352 } 1353 if (bcmp(ac->ac_enaddr, eh->ether_shost, ETHER_ADDR_LEN) == 0) { 1354 m_freem(m); 1355 return (NULL); 1356 } 1357 } 1358 M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT); 1359 if (m == NULL) 1360 return (NULL); 1361 bcopy(eh, mtod(m, caddr_t), sizeof(struct ether_header)); 1362 s = splimp(); 1363 if (IF_QFULL(&sc->sc_if.if_snd)) { 1364 m_freem(m); 1365 splx(s); 1366 return (NULL); 1367 } 1368 IF_ENQUEUE(&sc->sc_if.if_snd, m); 1369 splx(s); 1370 schednetisr(NETISR_BRIDGE); 1371 return (NULL); 1372 } 1373 1374 /* 1375 * Send a frame to all interfaces that are members of the bridge 1376 * (except the one it came in on). This code assumes that it is 1377 * running at splnet or higher. 1378 */ 1379 void 1380 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1381 struct ether_header *eh, struct mbuf *m) 1382 { 1383 struct bridge_iflist *p; 1384 struct mbuf *mc; 1385 struct ifnet *dst_if; 1386 int len = m->m_pkthdr.len, used = 0; 1387 1388 splassert(IPL_NET); 1389 1390 LIST_FOREACH(p, &sc->sc_iflist, next) { 1391 /* 1392 * Don't retransmit out of the same interface where 1393 * the packet was received from. 1394 */ 1395 dst_if = p->ifp; 1396 if (dst_if->if_index == ifp->if_index) 1397 continue; 1398 1399 if ((p->bif_flags & IFBIF_STP) && 1400 (p->bif_state != BSTP_IFSTATE_FORWARDING)) 1401 continue; 1402 1403 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 1404 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1405 continue; 1406 1407 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1408 continue; 1409 1410 #ifdef ALTQ 1411 if (ALTQ_IS_ENABLED(&dst_if->if_snd) == 0) 1412 #endif 1413 if (IF_QFULL(&dst_if->if_snd)) { 1414 IF_DROP(&dst_if->if_snd); 1415 sc->sc_if.if_oerrors++; 1416 continue; 1417 } 1418 1419 /* Drop non-IP frames if the appropriate flag is set. */ 1420 if (p->bif_flags & IFBIF_BLOCKNONIP && 1421 bridge_blocknonip(eh, m)) 1422 continue; 1423 1424 if (bridge_filterrule(&p->bif_brlout, eh, m) == BRL_ACTION_BLOCK) 1425 continue; 1426 1427 /* If last one, reuse the passed-in mbuf */ 1428 if (LIST_NEXT(p, next) == LIST_END(&sc->sc_iflist)) { 1429 mc = m; 1430 used = 1; 1431 } else { 1432 struct mbuf *m1, *m2, *mx; 1433 1434 m1 = m_copym2(m, 0, sizeof(struct ether_header), 1435 M_DONTWAIT); 1436 if (m1 == NULL) { 1437 sc->sc_if.if_oerrors++; 1438 continue; 1439 } 1440 m2 = m_copym2(m, sizeof(struct ether_header), 1441 M_COPYALL, M_DONTWAIT); 1442 if (m2 == NULL) { 1443 m_freem(m1); 1444 sc->sc_if.if_oerrors++; 1445 continue; 1446 } 1447 1448 for (mx = m1; mx->m_next != NULL; mx = mx->m_next) 1449 /*EMPTY*/; 1450 mx->m_next = m2; 1451 1452 if (m1->m_flags & M_PKTHDR) { 1453 int len = 0; 1454 1455 for (mx = m1; mx != NULL; mx = mx->m_next) 1456 len += mx->m_len; 1457 m1->m_pkthdr.len = len; 1458 } 1459 mc = m1; 1460 } 1461 1462 #if NPF > 0 1463 mc = bridge_filter(sc, BRIDGE_OUT, dst_if, eh, mc); 1464 if (mc == NULL) 1465 continue; 1466 #endif 1467 1468 if ((len - sizeof(struct ether_header)) > dst_if->if_mtu) 1469 bridge_fragment(sc, dst_if, eh, mc); 1470 else { 1471 bridge_ifenqueue(sc, dst_if, mc); 1472 } 1473 } 1474 1475 if (!used) 1476 m_freem(m); 1477 } 1478 1479 void 1480 bridge_span(struct bridge_softc *sc, struct ether_header *eh, 1481 struct mbuf *morig) 1482 { 1483 struct bridge_iflist *p; 1484 struct ifnet *ifp; 1485 struct mbuf *mc, *m; 1486 int error; 1487 1488 if (LIST_EMPTY(&sc->sc_spanlist)) 1489 return; 1490 1491 m = m_copym2(morig, 0, M_COPYALL, M_NOWAIT); 1492 if (m == NULL) 1493 return; 1494 if (eh != NULL) { 1495 M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT); 1496 if (m == NULL) 1497 return; 1498 bcopy(eh, mtod(m, caddr_t), sizeof(struct ether_header)); 1499 } 1500 1501 LIST_FOREACH(p, &sc->sc_spanlist, next) { 1502 ifp = p->ifp; 1503 1504 if ((ifp->if_flags & IFF_RUNNING) == 0) 1505 continue; 1506 1507 #ifdef ALTQ 1508 if (ALTQ_IS_ENABLED(&ifp->if_snd) == 0) 1509 #endif 1510 if (IF_QFULL(&ifp->if_snd)) { 1511 IF_DROP(&ifp->if_snd); 1512 sc->sc_if.if_oerrors++; 1513 continue; 1514 } 1515 1516 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1517 if (mc == NULL) { 1518 sc->sc_if.if_oerrors++; 1519 continue; 1520 } 1521 1522 error = bridge_ifenqueue(sc, ifp, mc); 1523 if (error) 1524 continue; 1525 } 1526 m_freem(m); 1527 } 1528 1529 struct ifnet * 1530 bridge_rtupdate(struct bridge_softc *sc, struct ether_addr *ea, 1531 struct ifnet *ifp, int setflags, u_int8_t flags) 1532 { 1533 struct bridge_rtnode *p, *q; 1534 u_int32_t h; 1535 int dir; 1536 1537 if (sc->sc_rts == NULL) { 1538 if (setflags && flags == IFBAF_STATIC) { 1539 sc->sc_rts = (struct bridge_rthead *)malloc( 1540 BRIDGE_RTABLE_SIZE * 1541 (sizeof(struct bridge_rthead)),M_DEVBUF,M_NOWAIT); 1542 if (sc->sc_rts == NULL) 1543 goto done; 1544 1545 for (h = 0; h < BRIDGE_RTABLE_SIZE; h++) { 1546 LIST_INIT(&sc->sc_rts[h]); 1547 } 1548 sc->sc_hashkey = arc4random(); 1549 } else 1550 goto done; 1551 } 1552 1553 h = bridge_hash(sc, ea); 1554 p = LIST_FIRST(&sc->sc_rts[h]); 1555 if (p == LIST_END(&sc->sc_rts[h])) { 1556 if (sc->sc_brtcnt >= sc->sc_brtmax) 1557 goto done; 1558 p = (struct bridge_rtnode *)malloc( 1559 sizeof(struct bridge_rtnode), M_DEVBUF, M_NOWAIT); 1560 if (p == NULL) 1561 goto done; 1562 1563 bcopy(ea, &p->brt_addr, sizeof(p->brt_addr)); 1564 p->brt_if = ifp; 1565 p->brt_age = 1; 1566 1567 if (setflags) 1568 p->brt_flags = flags; 1569 else 1570 p->brt_flags = IFBAF_DYNAMIC; 1571 1572 LIST_INSERT_HEAD(&sc->sc_rts[h], p, brt_next); 1573 sc->sc_brtcnt++; 1574 goto want; 1575 } 1576 1577 do { 1578 q = p; 1579 p = LIST_NEXT(p, brt_next); 1580 1581 dir = memcmp(ea, &q->brt_addr, sizeof(q->brt_addr)); 1582 if (dir == 0) { 1583 if (setflags) { 1584 q->brt_if = ifp; 1585 q->brt_flags = flags; 1586 } 1587 1588 if (q->brt_if == ifp) 1589 q->brt_age = 1; 1590 ifp = q->brt_if; 1591 goto want; 1592 } 1593 1594 if (dir > 0) { 1595 if (sc->sc_brtcnt >= sc->sc_brtmax) 1596 goto done; 1597 p = (struct bridge_rtnode *)malloc( 1598 sizeof(struct bridge_rtnode), M_DEVBUF, M_NOWAIT); 1599 if (p == NULL) 1600 goto done; 1601 1602 bcopy(ea, &p->brt_addr, sizeof(p->brt_addr)); 1603 p->brt_if = ifp; 1604 p->brt_age = 1; 1605 1606 if (setflags) 1607 p->brt_flags = flags; 1608 else 1609 p->brt_flags = IFBAF_DYNAMIC; 1610 1611 LIST_INSERT_BEFORE(q, p, brt_next); 1612 sc->sc_brtcnt++; 1613 goto want; 1614 } 1615 1616 if (p == LIST_END(&sc->sc_rts[h])) { 1617 if (sc->sc_brtcnt >= sc->sc_brtmax) 1618 goto done; 1619 p = (struct bridge_rtnode *)malloc( 1620 sizeof(struct bridge_rtnode), M_DEVBUF, M_NOWAIT); 1621 if (p == NULL) 1622 goto done; 1623 1624 bcopy(ea, &p->brt_addr, sizeof(p->brt_addr)); 1625 p->brt_if = ifp; 1626 p->brt_age = 1; 1627 1628 if (setflags) 1629 p->brt_flags = flags; 1630 else 1631 p->brt_flags = IFBAF_DYNAMIC; 1632 LIST_INSERT_AFTER(q, p, brt_next); 1633 sc->sc_brtcnt++; 1634 goto want; 1635 } 1636 } while (p != LIST_END(&sc->sc_rts[h])); 1637 1638 done: 1639 ifp = NULL; 1640 want: 1641 return (ifp); 1642 } 1643 1644 struct ifnet * 1645 bridge_rtlookup(struct bridge_softc *sc, struct ether_addr *ea) 1646 { 1647 struct bridge_rtnode *p; 1648 u_int32_t h; 1649 int dir; 1650 1651 if (sc->sc_rts == NULL) 1652 goto fail; 1653 1654 h = bridge_hash(sc, ea); 1655 LIST_FOREACH(p, &sc->sc_rts[h], brt_next) { 1656 dir = memcmp(ea, &p->brt_addr, sizeof(p->brt_addr)); 1657 if (dir == 0) 1658 return (p->brt_if); 1659 if (dir > 0) 1660 goto fail; 1661 } 1662 fail: 1663 return (NULL); 1664 } 1665 1666 /* 1667 * The following hash function is adapted from 'Hash Functions' by Bob Jenkins 1668 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997). 1669 * "You may use this code any way you wish, private, educational, or 1670 * commercial. It's free." 1671 */ 1672 #define mix(a,b,c) \ 1673 do { \ 1674 a -= b; a -= c; a ^= (c >> 13); \ 1675 b -= c; b -= a; b ^= (a << 8); \ 1676 c -= a; c -= b; c ^= (b >> 13); \ 1677 a -= b; a -= c; a ^= (c >> 12); \ 1678 b -= c; b -= a; b ^= (a << 16); \ 1679 c -= a; c -= b; c ^= (b >> 5); \ 1680 a -= b; a -= c; a ^= (c >> 3); \ 1681 b -= c; b -= a; b ^= (a << 10); \ 1682 c -= a; c -= b; c ^= (b >> 15); \ 1683 } while (0) 1684 1685 u_int32_t 1686 bridge_hash(struct bridge_softc *sc, struct ether_addr *addr) 1687 { 1688 u_int32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_hashkey; 1689 1690 b += addr->ether_addr_octet[5] << 8; 1691 b += addr->ether_addr_octet[4]; 1692 a += addr->ether_addr_octet[3] << 24; 1693 a += addr->ether_addr_octet[2] << 16; 1694 a += addr->ether_addr_octet[1] << 8; 1695 a += addr->ether_addr_octet[0]; 1696 1697 mix(a, b, c); 1698 return (c & BRIDGE_RTABLE_MASK); 1699 } 1700 1701 /* 1702 * Trim the routing table so that we've got a number of routes 1703 * less than or equal to the maximum. 1704 */ 1705 void 1706 bridge_rttrim(struct bridge_softc *sc) 1707 { 1708 struct bridge_rtnode *n, *p; 1709 int i; 1710 1711 if (sc->sc_rts == NULL) 1712 goto done; 1713 1714 /* 1715 * Make sure we have to trim the address table 1716 */ 1717 if (sc->sc_brtcnt <= sc->sc_brtmax) 1718 goto done; 1719 1720 /* 1721 * Force an aging cycle, this might trim enough addresses. 1722 */ 1723 bridge_rtage(sc); 1724 1725 if (sc->sc_brtcnt <= sc->sc_brtmax) 1726 goto done; 1727 1728 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) { 1729 n = LIST_FIRST(&sc->sc_rts[i]); 1730 while (n != LIST_END(&sc->sc_rts[i])) { 1731 p = LIST_NEXT(n, brt_next); 1732 if ((n->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1733 LIST_REMOVE(n, brt_next); 1734 sc->sc_brtcnt--; 1735 free(n, M_DEVBUF); 1736 n = p; 1737 if (sc->sc_brtcnt <= sc->sc_brtmax) 1738 goto done; 1739 } 1740 } 1741 } 1742 1743 done: 1744 if (sc->sc_rts != NULL && sc->sc_brtcnt == 0 && 1745 (sc->sc_if.if_flags & IFF_UP) == 0) { 1746 free(sc->sc_rts, M_DEVBUF); 1747 sc->sc_rts = NULL; 1748 } 1749 } 1750 1751 void 1752 bridge_timer(void *vsc) 1753 { 1754 struct bridge_softc *sc = vsc; 1755 int s; 1756 1757 s = splsoftnet(); 1758 bridge_rtage(sc); 1759 splx(s); 1760 } 1761 1762 /* 1763 * Perform an aging cycle 1764 */ 1765 void 1766 bridge_rtage(struct bridge_softc *sc) 1767 { 1768 struct bridge_rtnode *n, *p; 1769 int i; 1770 1771 if (sc->sc_rts == NULL) 1772 return; 1773 1774 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) { 1775 n = LIST_FIRST(&sc->sc_rts[i]); 1776 while (n != LIST_END(&sc->sc_rts[i])) { 1777 if ((n->brt_flags & IFBAF_TYPEMASK) == IFBAF_STATIC) { 1778 n->brt_age = !n->brt_age; 1779 if (n->brt_age) 1780 n->brt_age = 0; 1781 n = LIST_NEXT(n, brt_next); 1782 } else if (n->brt_age) { 1783 n->brt_age = 0; 1784 n = LIST_NEXT(n, brt_next); 1785 } else { 1786 p = LIST_NEXT(n, brt_next); 1787 LIST_REMOVE(n, brt_next); 1788 sc->sc_brtcnt--; 1789 free(n, M_DEVBUF); 1790 n = p; 1791 } 1792 } 1793 } 1794 1795 if (sc->sc_brttimeout != 0) 1796 timeout_add(&sc->sc_brtimeout, sc->sc_brttimeout * hz); 1797 } 1798 1799 /* 1800 * Remove all dynamic addresses from the cache 1801 */ 1802 int 1803 bridge_rtflush(struct bridge_softc *sc, int full) 1804 { 1805 int i; 1806 struct bridge_rtnode *p, *n; 1807 1808 if (sc->sc_rts == NULL) 1809 return (0); 1810 1811 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) { 1812 n = LIST_FIRST(&sc->sc_rts[i]); 1813 while (n != LIST_END(&sc->sc_rts[i])) { 1814 if (full || 1815 (n->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { 1816 p = LIST_NEXT(n, brt_next); 1817 LIST_REMOVE(n, brt_next); 1818 sc->sc_brtcnt--; 1819 free(n, M_DEVBUF); 1820 n = p; 1821 } else 1822 n = LIST_NEXT(n, brt_next); 1823 } 1824 } 1825 1826 if (sc->sc_brtcnt == 0 && (sc->sc_if.if_flags & IFF_UP) == 0) { 1827 free(sc->sc_rts, M_DEVBUF); 1828 sc->sc_rts = NULL; 1829 } 1830 1831 return (0); 1832 } 1833 1834 /* 1835 * Remove an address from the cache 1836 */ 1837 int 1838 bridge_rtdaddr(struct bridge_softc *sc, struct ether_addr *ea) 1839 { 1840 int h; 1841 struct bridge_rtnode *p; 1842 1843 if (sc->sc_rts == NULL) 1844 return (ENOENT); 1845 1846 h = bridge_hash(sc, ea); 1847 LIST_FOREACH(p, &sc->sc_rts[h], brt_next) { 1848 if (bcmp(ea, &p->brt_addr, sizeof(p->brt_addr)) == 0) { 1849 LIST_REMOVE(p, brt_next); 1850 sc->sc_brtcnt--; 1851 free(p, M_DEVBUF); 1852 if (sc->sc_brtcnt == 0 && 1853 (sc->sc_if.if_flags & IFF_UP) == 0) { 1854 free(sc->sc_rts, M_DEVBUF); 1855 sc->sc_rts = NULL; 1856 } 1857 return (0); 1858 } 1859 } 1860 1861 return (ENOENT); 1862 } 1863 /* 1864 * Delete routes to a specific interface member. 1865 */ 1866 void 1867 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int dynonly) 1868 { 1869 int i; 1870 struct bridge_rtnode *n, *p; 1871 1872 if (sc->sc_rts == NULL) 1873 return; 1874 1875 /* 1876 * Loop through all of the hash buckets and traverse each 1877 * chain looking for routes to this interface. 1878 */ 1879 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) { 1880 n = LIST_FIRST(&sc->sc_rts[i]); 1881 while (n != LIST_END(&sc->sc_rts[i])) { 1882 if (n->brt_if != ifp) { 1883 /* Not ours */ 1884 n = LIST_NEXT(n, brt_next); 1885 continue; 1886 } 1887 if (dynonly && 1888 (n->brt_flags & IFBAF_TYPEMASK) != IFBAF_DYNAMIC) { 1889 /* only deleting dynamics */ 1890 n = LIST_NEXT(n, brt_next); 1891 continue; 1892 } 1893 p = LIST_NEXT(n, brt_next); 1894 LIST_REMOVE(n, brt_next); 1895 sc->sc_brtcnt--; 1896 free(n, M_DEVBUF); 1897 n = p; 1898 } 1899 } 1900 if (sc->sc_brtcnt == 0 && (sc->sc_if.if_flags & IFF_UP) == 0) { 1901 free(sc->sc_rts, M_DEVBUF); 1902 sc->sc_rts = NULL; 1903 } 1904 } 1905 1906 /* 1907 * Gather all of the routes for this interface. 1908 */ 1909 int 1910 bridge_rtfind(struct bridge_softc *sc, struct ifbaconf *baconf) 1911 { 1912 int i, error = 0, onlycnt = 0; 1913 u_int32_t cnt = 0; 1914 struct bridge_rtnode *n; 1915 struct ifbareq bareq; 1916 1917 if (sc->sc_rts == NULL) 1918 goto done; 1919 1920 if (baconf->ifbac_len == 0) 1921 onlycnt = 1; 1922 1923 for (i = 0, cnt = 0; i < BRIDGE_RTABLE_SIZE; i++) { 1924 LIST_FOREACH(n, &sc->sc_rts[i], brt_next) { 1925 if (!onlycnt) { 1926 if (baconf->ifbac_len < sizeof(struct ifbareq)) 1927 goto done; 1928 bcopy(sc->sc_if.if_xname, bareq.ifba_name, 1929 sizeof(bareq.ifba_name)); 1930 bcopy(n->brt_if->if_xname, bareq.ifba_ifsname, 1931 sizeof(bareq.ifba_ifsname)); 1932 bcopy(&n->brt_addr, &bareq.ifba_dst, 1933 sizeof(bareq.ifba_dst)); 1934 bareq.ifba_age = n->brt_age; 1935 bareq.ifba_flags = n->brt_flags; 1936 error = copyout((caddr_t)&bareq, 1937 (caddr_t)(baconf->ifbac_req + cnt), sizeof(bareq)); 1938 if (error) 1939 goto done; 1940 baconf->ifbac_len -= sizeof(struct ifbareq); 1941 } 1942 cnt++; 1943 } 1944 } 1945 done: 1946 baconf->ifbac_len = cnt * sizeof(struct ifbareq); 1947 return (error); 1948 } 1949 1950 /* 1951 * Block non-ip frames: 1952 * Returns 0 if frame is ip, and 1 if it should be dropped. 1953 */ 1954 int 1955 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1956 { 1957 struct llc llc; 1958 u_int16_t etype; 1959 1960 if (m->m_pkthdr.len < sizeof(struct ether_header)) 1961 return (1); 1962 1963 etype = ntohs(eh->ether_type); 1964 switch (etype) { 1965 case ETHERTYPE_ARP: 1966 case ETHERTYPE_REVARP: 1967 case ETHERTYPE_IP: 1968 case ETHERTYPE_IPV6: 1969 return (0); 1970 } 1971 1972 if (etype > ETHERMTU) 1973 return (1); 1974 1975 if (m->m_pkthdr.len < 1976 (sizeof(struct ether_header) + LLC_SNAPFRAMELEN)) 1977 return (1); 1978 1979 m_copydata(m, sizeof(struct ether_header), LLC_SNAPFRAMELEN, 1980 (caddr_t)&llc); 1981 1982 etype = ntohs(llc.llc_snap.ether_type); 1983 if (llc.llc_dsap == LLC_SNAP_LSAP && 1984 llc.llc_ssap == LLC_SNAP_LSAP && 1985 llc.llc_control == LLC_UI && 1986 llc.llc_snap.org_code[0] == 0 && 1987 llc.llc_snap.org_code[1] == 0 && 1988 llc.llc_snap.org_code[2] == 0 && 1989 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1990 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1991 return (0); 1992 } 1993 1994 return (1); 1995 } 1996 1997 u_int8_t 1998 bridge_filterrule(struct brl_head *h, struct ether_header *eh, struct mbuf *m) 1999 { 2000 struct brl_node *n; 2001 u_int8_t flags; 2002 2003 SIMPLEQ_FOREACH(n, h, brl_next) { 2004 flags = n->brl_flags & (BRL_FLAG_SRCVALID|BRL_FLAG_DSTVALID); 2005 if (flags == 0) 2006 goto return_action; 2007 if (flags == (BRL_FLAG_SRCVALID|BRL_FLAG_DSTVALID)) { 2008 if (bcmp(eh->ether_shost, &n->brl_src, ETHER_ADDR_LEN)) 2009 continue; 2010 if (bcmp(eh->ether_dhost, &n->brl_src, ETHER_ADDR_LEN)) 2011 continue; 2012 goto return_action; 2013 } 2014 if (flags == BRL_FLAG_SRCVALID) { 2015 if (bcmp(eh->ether_shost, &n->brl_src, ETHER_ADDR_LEN)) 2016 continue; 2017 goto return_action; 2018 } 2019 if (flags == BRL_FLAG_DSTVALID) { 2020 if (bcmp(eh->ether_dhost, &n->brl_dst, ETHER_ADDR_LEN)) 2021 continue; 2022 goto return_action; 2023 } 2024 } 2025 return (BRL_ACTION_PASS); 2026 2027 return_action: 2028 pf_tag_packet(m, NULL, n->brl_tag); 2029 return (n->brl_action); 2030 } 2031 2032 int 2033 bridge_addrule(struct bridge_iflist *bif, struct ifbrlreq *req, int out) 2034 { 2035 struct brl_node *n; 2036 2037 n = (struct brl_node *)malloc(sizeof(struct brl_node), M_DEVBUF, M_NOWAIT); 2038 if (n == NULL) 2039 return (ENOMEM); 2040 bcopy(&req->ifbr_src, &n->brl_src, sizeof(struct ether_addr)); 2041 bcopy(&req->ifbr_dst, &n->brl_dst, sizeof(struct ether_addr)); 2042 n->brl_action = req->ifbr_action; 2043 n->brl_flags = req->ifbr_flags; 2044 #if NPF > 0 2045 if (req->ifbr_tagname[0]) 2046 n->brl_tag = pf_tagname2tag(req->ifbr_tagname); 2047 else 2048 n->brl_tag = 0; 2049 #endif 2050 if (out) { 2051 n->brl_flags &= ~BRL_FLAG_IN; 2052 n->brl_flags |= BRL_FLAG_OUT; 2053 SIMPLEQ_INSERT_TAIL(&bif->bif_brlout, n, brl_next); 2054 } else { 2055 n->brl_flags &= ~BRL_FLAG_OUT; 2056 n->brl_flags |= BRL_FLAG_IN; 2057 SIMPLEQ_INSERT_TAIL(&bif->bif_brlin, n, brl_next); 2058 } 2059 return (0); 2060 } 2061 2062 int 2063 bridge_flushrule(struct bridge_iflist *bif) 2064 { 2065 struct brl_node *p; 2066 2067 while (!SIMPLEQ_EMPTY(&bif->bif_brlin)) { 2068 p = SIMPLEQ_FIRST(&bif->bif_brlin); 2069 SIMPLEQ_REMOVE_HEAD(&bif->bif_brlin, p, brl_next); 2070 #if NPF > 0 2071 pf_tag_unref(p->brl_tag); 2072 #endif 2073 free(p, M_DEVBUF); 2074 } 2075 while (!SIMPLEQ_EMPTY(&bif->bif_brlout)) { 2076 p = SIMPLEQ_FIRST(&bif->bif_brlout); 2077 SIMPLEQ_REMOVE_HEAD(&bif->bif_brlout, p, brl_next); 2078 #if NPF > 0 2079 pf_tag_unref(p->brl_tag); 2080 #endif 2081 free(p, M_DEVBUF); 2082 } 2083 return (0); 2084 } 2085 2086 #ifdef IPSEC 2087 int 2088 bridge_ipsec(int dir, int af, int hlen, struct mbuf *m) 2089 { 2090 union sockaddr_union dst; 2091 struct timeval tv; 2092 struct tdb *tdb; 2093 u_int32_t spi; 2094 u_int16_t cpi; 2095 int error, off, s; 2096 u_int8_t proto = 0; 2097 #ifdef INET 2098 struct ip *ip; 2099 #endif /* INET */ 2100 #ifdef INET6 2101 struct ip6_hdr *ip6; 2102 #endif /* INET6 */ 2103 2104 if (dir == BRIDGE_IN) { 2105 switch (af) { 2106 #ifdef INET 2107 case AF_INET: 2108 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 2109 break; 2110 2111 ip = mtod(m, struct ip *); 2112 proto = ip->ip_p; 2113 off = offsetof(struct ip, ip_p); 2114 2115 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 2116 proto != IPPROTO_IPCOMP) 2117 goto skiplookup; 2118 2119 bzero(&dst, sizeof(union sockaddr_union)); 2120 dst.sa.sa_family = AF_INET; 2121 dst.sin.sin_len = sizeof(struct sockaddr_in); 2122 m_copydata(m, offsetof(struct ip, ip_dst), 2123 sizeof(struct in_addr), 2124 (caddr_t)&dst.sin.sin_addr); 2125 2126 if (ip->ip_p == IPPROTO_ESP) 2127 m_copydata(m, hlen, sizeof(u_int32_t), 2128 (caddr_t)&spi); 2129 else if (ip->ip_p == IPPROTO_AH) 2130 m_copydata(m, hlen + sizeof(u_int32_t), 2131 sizeof(u_int32_t), (caddr_t)&spi); 2132 else if (ip->ip_p == IPPROTO_IPCOMP) { 2133 m_copydata(m, hlen + sizeof(u_int16_t), 2134 sizeof(u_int16_t), (caddr_t)&cpi); 2135 spi = ntohl(htons(cpi)); 2136 } 2137 break; 2138 #endif /* INET */ 2139 #ifdef INET6 2140 case AF_INET6: 2141 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 2142 break; 2143 2144 ip6 = mtod(m, struct ip6_hdr *); 2145 2146 /* XXX We should chase down the header chain */ 2147 proto = ip6->ip6_nxt; 2148 off = offsetof(struct ip6_hdr, ip6_nxt); 2149 2150 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 2151 proto != IPPROTO_IPCOMP) 2152 goto skiplookup; 2153 2154 bzero(&dst, sizeof(union sockaddr_union)); 2155 dst.sa.sa_family = AF_INET6; 2156 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 2157 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 2158 sizeof(struct in6_addr), 2159 (caddr_t)&dst.sin6.sin6_addr); 2160 2161 if (proto == IPPROTO_ESP) 2162 m_copydata(m, hlen, sizeof(u_int32_t), 2163 (caddr_t)&spi); 2164 else if (proto == IPPROTO_AH) 2165 m_copydata(m, hlen + sizeof(u_int32_t), 2166 sizeof(u_int32_t), (caddr_t)&spi); 2167 else if (proto == IPPROTO_IPCOMP) { 2168 m_copydata(m, hlen + sizeof(u_int16_t), 2169 sizeof(u_int16_t), (caddr_t)&cpi); 2170 spi = ntohl(htons(cpi)); 2171 } 2172 break; 2173 #endif /* INET6 */ 2174 default: 2175 return (0); 2176 } 2177 2178 if (proto == 0) 2179 goto skiplookup; 2180 2181 s = spltdb(); 2182 2183 tdb = gettdb(spi, &dst, proto); 2184 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 2185 tdb->tdb_xform != NULL) { 2186 if (tdb->tdb_first_use == 0) { 2187 int pri; 2188 2189 pri = splhigh(); 2190 tdb->tdb_first_use = time.tv_sec; 2191 splx(pri); 2192 2193 tv.tv_usec = 0; 2194 2195 /* Check for wrap-around. */ 2196 if (tdb->tdb_exp_first_use + tdb->tdb_first_use 2197 < tdb->tdb_first_use) 2198 tv.tv_sec = ((unsigned long)-1) / 2; 2199 else 2200 tv.tv_sec = tdb->tdb_exp_first_use + 2201 tdb->tdb_first_use; 2202 2203 if (tdb->tdb_flags & TDBF_FIRSTUSE) 2204 timeout_add(&tdb->tdb_first_tmo, 2205 hzto(&tv)); 2206 2207 /* Check for wrap-around. */ 2208 if (tdb->tdb_first_use + 2209 tdb->tdb_soft_first_use 2210 < tdb->tdb_first_use) 2211 tv.tv_sec = ((unsigned long)-1) / 2; 2212 else 2213 tv.tv_sec = tdb->tdb_first_use + 2214 tdb->tdb_soft_first_use; 2215 2216 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 2217 timeout_add(&tdb->tdb_sfirst_tmo, 2218 hzto(&tv)); 2219 } 2220 2221 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 2222 splx(s); 2223 return (1); 2224 } else { 2225 skiplookup: 2226 /* XXX do an input policy lookup */ 2227 splx(s); 2228 return (0); 2229 } 2230 } else { /* Outgoing from the bridge. */ 2231 tdb = ipsp_spd_lookup(m, af, hlen, &error, 2232 IPSP_DIRECTION_OUT, NULL, NULL); 2233 if (tdb != NULL) { 2234 /* 2235 * We don't need to do loop detection, the 2236 * bridge will do that for us. 2237 */ 2238 #if NPF > 0 2239 switch (af) { 2240 #ifdef INET 2241 case AF_INET: 2242 if (pf_test(dir, &encif[0].sc_if, 2243 &m) != PF_PASS) { 2244 m_freem(m); 2245 return (1); 2246 } 2247 break; 2248 #endif /* INET */ 2249 #ifdef INET6 2250 case AF_INET6: 2251 if (pf_test6(dir, &encif[0].sc_if, 2252 &m) != PF_PASS) { 2253 m_freem(m); 2254 return (1); 2255 } 2256 break; 2257 #endif /* INET6 */ 2258 } 2259 if (m == NULL) 2260 return (1); 2261 #endif /* NPF */ 2262 error = ipsp_process_packet(m, tdb, af, 0); 2263 return (1); 2264 } else 2265 return (0); 2266 } 2267 2268 return (0); 2269 } 2270 #endif /* IPSEC */ 2271 2272 #if NPF > 0 2273 /* 2274 * Filter IP packets by peeking into the ethernet frame. This violates 2275 * the ISO model, but allows us to act as a IP filter at the data link 2276 * layer. As a result, most of this code will look familiar to those 2277 * who've read net/if_ethersubr.c and netinet/ip_input.c 2278 */ 2279 struct mbuf * 2280 bridge_filter(struct bridge_softc *sc, int dir, struct ifnet *ifp, 2281 struct ether_header *eh, struct mbuf *m) 2282 { 2283 struct llc llc; 2284 int hassnap = 0; 2285 struct ip *ip; 2286 int hlen; 2287 u_int16_t etype; 2288 2289 etype = ntohs(eh->ether_type); 2290 2291 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 2292 if (etype > ETHERMTU || 2293 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 2294 sizeof(struct ether_header))) 2295 return (m); 2296 2297 m_copydata(m, sizeof(struct ether_header), 2298 LLC_SNAPFRAMELEN, (caddr_t)&llc); 2299 2300 if (llc.llc_dsap != LLC_SNAP_LSAP || 2301 llc.llc_ssap != LLC_SNAP_LSAP || 2302 llc.llc_control != LLC_UI || 2303 llc.llc_snap.org_code[0] || 2304 llc.llc_snap.org_code[1] || 2305 llc.llc_snap.org_code[2]) 2306 return (m); 2307 2308 etype = ntohs(llc.llc_snap.ether_type); 2309 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 2310 return (m); 2311 hassnap = 1; 2312 } 2313 2314 m_adj(m, sizeof(struct ether_header)); 2315 if (hassnap) 2316 m_adj(m, LLC_SNAPFRAMELEN); 2317 2318 switch (etype) { 2319 2320 case ETHERTYPE_IP: 2321 if (m->m_pkthdr.len < sizeof(struct ip)) 2322 goto dropit; 2323 2324 /* Copy minimal header, and drop invalids */ 2325 if (m->m_len < sizeof(struct ip) && 2326 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 2327 ipstat.ips_toosmall++; 2328 return (NULL); 2329 } 2330 ip = mtod(m, struct ip *); 2331 2332 if (ip->ip_v != IPVERSION) { 2333 ipstat.ips_badvers++; 2334 goto dropit; 2335 } 2336 2337 hlen = ip->ip_hl << 2; /* get whole header length */ 2338 if (hlen < sizeof(struct ip)) { 2339 ipstat.ips_badhlen++; 2340 goto dropit; 2341 } 2342 2343 if (hlen > m->m_len) { 2344 if ((m = m_pullup(m, hlen)) == NULL) { 2345 ipstat.ips_badhlen++; 2346 return (NULL); 2347 } 2348 ip = mtod(m, struct ip *); 2349 } 2350 2351 if ((ip->ip_sum = in_cksum(m, hlen)) != 0) { 2352 ipstat.ips_badsum++; 2353 goto dropit; 2354 } 2355 2356 if (ntohs(ip->ip_len) < hlen) 2357 goto dropit; 2358 2359 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 2360 goto dropit; 2361 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 2362 if (m->m_len == m->m_pkthdr.len) { 2363 m->m_len = ntohs(ip->ip_len); 2364 m->m_pkthdr.len = ntohs(ip->ip_len); 2365 } else 2366 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 2367 } 2368 2369 #ifdef IPSEC 2370 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 2371 bridge_ipsec(dir, AF_INET, hlen, m)) 2372 return (NULL); 2373 #endif /* IPSEC */ 2374 2375 #if NPF > 0 2376 /* Finally, we get to filter the packet! */ 2377 m->m_pkthdr.rcvif = ifp; 2378 if (pf_test(dir, ifp, &m) != PF_PASS) 2379 goto dropit; 2380 if (m == NULL) 2381 goto dropit; 2382 #endif /* NPF */ 2383 2384 /* Rebuild the IP header */ 2385 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 2386 return (NULL); 2387 if (m->m_len < sizeof(struct ip)) 2388 goto dropit; 2389 ip = mtod(m, struct ip *); 2390 ip->ip_sum = 0; 2391 ip->ip_sum = in_cksum(m, hlen); 2392 2393 break; 2394 2395 #ifdef INET6 2396 case ETHERTYPE_IPV6: { 2397 struct ip6_hdr *ip6; 2398 2399 if (m->m_len < sizeof(struct ip6_hdr)) { 2400 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 2401 == NULL) { 2402 ip6stat.ip6s_toosmall++; 2403 return (NULL); 2404 } 2405 } 2406 2407 ip6 = mtod(m, struct ip6_hdr *); 2408 2409 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 2410 ip6stat.ip6s_badvers++; 2411 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 2412 goto dropit; 2413 } 2414 2415 #ifdef IPSEC 2416 hlen = sizeof(struct ip6_hdr); 2417 2418 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 2419 bridge_ipsec(dir, AF_INET6, hlen, m)) 2420 return (NULL); 2421 #endif /* IPSEC */ 2422 2423 #if NPF > 0 2424 if (pf_test6(dir, ifp, &m) != PF_PASS) 2425 goto dropit; 2426 if (m == NULL) 2427 return (NULL); 2428 #endif /* NPF */ 2429 2430 break; 2431 } 2432 #endif /* INET6 */ 2433 2434 default: 2435 goto dropit; 2436 break; 2437 } 2438 2439 /* Reattach SNAP header */ 2440 if (hassnap) { 2441 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 2442 if (m == NULL) 2443 goto dropit; 2444 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 2445 } 2446 2447 /* Reattach ethernet header */ 2448 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2449 if (m == NULL) 2450 goto dropit; 2451 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2452 2453 return (m); 2454 2455 dropit: 2456 if (m != NULL) 2457 m_freem(m); 2458 return (NULL); 2459 } 2460 #endif /* NPF > 0 */ 2461 2462 void 2463 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp, 2464 struct ether_header *eh, struct mbuf *m) 2465 { 2466 struct llc llc; 2467 struct mbuf *m0; 2468 int s, len, error = 0; 2469 int hassnap = 0; 2470 #ifdef INET 2471 u_int16_t etype; 2472 struct ip *ip; 2473 #endif 2474 2475 #ifndef INET 2476 goto dropit; 2477 #else 2478 etype = ntohs(eh->ether_type); 2479 #if NVLAN > 0 2480 if (etype == ETHERTYPE_8021Q && 2481 (ifp->if_capabilities & IFCAP_VLAN_MTU) && 2482 ((m->m_pkthdr.len - sizeof(struct ether_vlan_header)) <= 2483 ifp->if_mtu)) { 2484 s = splimp(); 2485 bridge_ifenqueue(sc, ifp, m); 2486 splx(s); 2487 return; 2488 } 2489 #endif 2490 if (etype != ETHERTYPE_IP) { 2491 if (etype > ETHERMTU || 2492 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 2493 sizeof(struct ether_header))) 2494 goto dropit; 2495 2496 m_copydata(m, sizeof(struct ether_header), 2497 LLC_SNAPFRAMELEN, (caddr_t)&llc); 2498 2499 if (llc.llc_dsap != LLC_SNAP_LSAP || 2500 llc.llc_ssap != LLC_SNAP_LSAP || 2501 llc.llc_control != LLC_UI || 2502 llc.llc_snap.org_code[0] || 2503 llc.llc_snap.org_code[1] || 2504 llc.llc_snap.org_code[2] || 2505 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 2506 goto dropit; 2507 2508 hassnap = 1; 2509 } 2510 2511 m_adj(m, sizeof(struct ether_header)); 2512 if (hassnap) 2513 m_adj(m, LLC_SNAPFRAMELEN); 2514 2515 if (m->m_len < sizeof(struct ip) && 2516 (m = m_pullup(m, sizeof(struct ip))) == NULL) 2517 goto dropit; 2518 ip = mtod(m, struct ip *); 2519 2520 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 2521 if (ip->ip_off & htons(IP_DF)) { 2522 bridge_send_icmp_err(sc, ifp, eh, m, hassnap, &llc, 2523 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 2524 return; 2525 } 2526 2527 error = ip_fragment(m, ifp, ifp->if_mtu); 2528 if (error == EMSGSIZE) 2529 goto dropit; 2530 2531 for (; m; m = m0) { 2532 m0 = m->m_nextpkt; 2533 m->m_nextpkt = NULL; 2534 if (error == 0) { 2535 if (hassnap) { 2536 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 2537 if (m == NULL) { 2538 error = ENOBUFS; 2539 continue; 2540 } 2541 bcopy(&llc, mtod(m, caddr_t), 2542 LLC_SNAPFRAMELEN); 2543 } 2544 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2545 if (m == NULL) { 2546 error = ENOBUFS; 2547 continue; 2548 } 2549 len = m->m_pkthdr.len; 2550 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2551 s = splimp(); 2552 error = bridge_ifenqueue(sc, ifp, m); 2553 if (error) { 2554 splx(s); 2555 continue; 2556 } 2557 splx(s); 2558 } else 2559 m_freem(m); 2560 } 2561 2562 if (error == 0) 2563 ipstat.ips_fragmented++; 2564 2565 return; 2566 #endif /* INET */ 2567 dropit: 2568 if (m != NULL) 2569 m_freem(m); 2570 } 2571 2572 int 2573 bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) 2574 { 2575 int error, len; 2576 short mflags; 2577 2578 len = m->m_pkthdr.len; 2579 mflags = m->m_flags; 2580 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 2581 if (error) { 2582 sc->sc_if.if_oerrors++; 2583 return (error); 2584 } 2585 sc->sc_if.if_opackets++; 2586 sc->sc_if.if_obytes += len; 2587 ifp->if_obytes += len; 2588 if (mflags & M_MCAST) 2589 ifp->if_omcasts++; 2590 if ((ifp->if_flags & IFF_OACTIVE) == 0) 2591 (*ifp->if_start)(ifp); 2592 2593 return (0); 2594 } 2595 2596 #ifdef INET 2597 void 2598 bridge_send_icmp_err(struct bridge_softc *sc, struct ifnet *ifp, 2599 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 2600 int type, int code) 2601 { 2602 struct ip *ip; 2603 struct icmp *icp; 2604 struct in_addr t; 2605 struct mbuf *m, *n2; 2606 int hlen; 2607 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 2608 2609 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 2610 if (!n2) { 2611 m_freem(n); 2612 return; 2613 } 2614 m = icmp_do_error(n, type, code, 0, ifp); 2615 if (m == NULL) { 2616 m_freem(n2); 2617 return; 2618 } 2619 2620 n = n2; 2621 2622 ip = mtod(m, struct ip *); 2623 hlen = ip->ip_hl << 2; 2624 t = ip->ip_dst; 2625 ip->ip_dst = ip->ip_src; 2626 ip->ip_src = t; 2627 2628 m->m_data += hlen; 2629 m->m_len -= hlen; 2630 icp = mtod(m, struct icmp *); 2631 icp->icmp_cksum = 0; 2632 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 2633 m->m_data -= hlen; 2634 m->m_len += hlen; 2635 2636 ip->ip_v = IPVERSION; 2637 ip->ip_off &= htons(IP_DF); 2638 ip->ip_id = htons(ip_randomid()); 2639 ip->ip_ttl = MAXTTL; 2640 ip->ip_sum = 0; 2641 ip->ip_sum = in_cksum(m, hlen); 2642 2643 /* Swap ethernet addresses */ 2644 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 2645 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 2646 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 2647 2648 /* Reattach SNAP header */ 2649 if (hassnap) { 2650 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 2651 if (m == NULL) 2652 goto dropit; 2653 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 2654 } 2655 2656 /* Reattach ethernet header */ 2657 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 2658 if (m == NULL) 2659 goto dropit; 2660 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 2661 2662 bridge_output(ifp, m, NULL, NULL); 2663 m_freem(n); 2664 return; 2665 2666 dropit: 2667 m_freem(n); 2668 } 2669 #endif 2670