ether_input: Defer promiscous packet discarding until vlan is processed
[dragonfly.git] / sys / net / if_ethersubr.c
CommitLineData
984263bc
MD
1/*
2 * Copyright (c) 1982, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93
34 * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.70.2.33 2003/04/28 15:45:53 archie Exp $
b9ed4403 35 * $DragonFly: src/sys/net/if_ethersubr.c,v 1.96 2008/11/22 04:00:53 sephe Exp $
984263bc
MD
36 */
37
38#include "opt_atalk.h"
39#include "opt_inet.h"
40#include "opt_inet6.h"
41#include "opt_ipx.h"
9b42cabe 42#include "opt_mpls.h"
984263bc 43#include "opt_netgraph.h"
0d16ba1d 44#include "opt_carp.h"
7c7f9646 45#include "opt_rss.h"
984263bc
MD
46
47#include <sys/param.h>
48#include <sys/systm.h>
68b67450 49#include <sys/globaldata.h>
984263bc 50#include <sys/kernel.h>
f3e0b5f0 51#include <sys/ktr.h>
8b3db995 52#include <sys/lock.h>
984263bc
MD
53#include <sys/malloc.h>
54#include <sys/mbuf.h>
68b67450 55#include <sys/msgport.h>
984263bc
MD
56#include <sys/socket.h>
57#include <sys/sockio.h>
58#include <sys/sysctl.h>
68b67450
SZ
59#include <sys/thread.h>
60#include <sys/thread2.h>
984263bc
MD
61
62#include <net/if.h>
63#include <net/netisr.h>
64#include <net/route.h>
65#include <net/if_llc.h>
66#include <net/if_dl.h>
67#include <net/if_types.h>
4d723e5a 68#include <net/ifq_var.h>
984263bc
MD
69#include <net/bpf.h>
70#include <net/ethernet.h>
e6b5847c 71#include <net/vlan/if_vlan_ether.h>
29bc1092 72#include <net/netmsg2.h>
984263bc
MD
73
74#if defined(INET) || defined(INET6)
75#include <netinet/in.h>
8697599b 76#include <netinet/ip_var.h>
984263bc 77#include <netinet/if_ether.h>
4639df5f 78#include <netinet/ip_flow.h>
1f2de5d4
MD
79#include <net/ipfw/ip_fw.h>
80#include <net/dummynet/ip_dummynet.h>
984263bc
MD
81#endif
82#ifdef INET6
83#include <netinet6/nd6.h>
84#endif
85
0d16ba1d
MD
86#ifdef CARP
87#include <netinet/ip_carp.h>
88#endif
89
984263bc 90#ifdef IPX
d2438d69
MD
91#include <netproto/ipx/ipx.h>
92#include <netproto/ipx/ipx_if.h>
32211831 93int (*ef_inputp)(struct ifnet*, const struct ether_header *eh, struct mbuf *m);
f23061d4
JH
94int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp, struct sockaddr *dst,
95 short *tp, int *hlen);
984263bc
MD
96#endif
97
98#ifdef NS
99#include <netns/ns.h>
100#include <netns/ns_if.h>
101ushort ns_nettype;
102int ether_outputdebug = 0;
103int ether_inputdebug = 0;
104#endif
105
106#ifdef NETATALK
d2438d69
MD
107#include <netproto/atalk/at.h>
108#include <netproto/atalk/at_var.h>
109#include <netproto/atalk/at_extern.h>
984263bc 110
f23061d4
JH
111#define llc_snap_org_code llc_un.type_snap.org_code
112#define llc_snap_ether_type llc_un.type_snap.ether_type
984263bc
MD
113
114extern u_char at_org_code[3];
115extern u_char aarp_org_code[3];
116#endif /* NETATALK */
117
9b42cabe
NA
118#ifdef MPLS
119#include <netproto/mpls/mpls.h>
120#endif
121
984263bc 122/* netgraph node hooks for ng_ether(4) */
601fa0f9 123void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp);
984263bc 124void (*ng_ether_input_orphan_p)(struct ifnet *ifp,
36f48e5e 125 struct mbuf *m, const struct ether_header *eh);
984263bc
MD
126int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp);
127void (*ng_ether_attach_p)(struct ifnet *ifp);
128void (*ng_ether_detach_p)(struct ifnet *ifp);
129
50098e2e 130void (*vlan_input_p)(struct mbuf *);
3013ac0e 131
5fe66e68
JH
132static int ether_output(struct ifnet *, struct mbuf *, struct sockaddr *,
133 struct rtentry *);
9b77ea6e
SZ
134static void ether_restore_header(struct mbuf **, const struct ether_header *,
135 const struct ether_header *);
984263bc 136
f23061d4 137/*
a8d45119 138 * if_bridge support
f23061d4 139 */
db37145f 140struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *);
eb366364 141int (*bridge_output_p)(struct ifnet *, struct mbuf *);
db37145f
SS
142void (*bridge_dn_p)(struct mbuf *, struct ifnet *);
143
5fe66e68
JH
144static int ether_resolvemulti(struct ifnet *, struct sockaddr **,
145 struct sockaddr *);
146
147const uint8_t etherbroadcastaddr[ETHER_ADDR_LEN] = {
c401f0fd
JS
148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
149};
150
5fe66e68 151#define gotoerr(e) do { error = (e); goto bad; } while (0)
f23061d4 152#define IFP2AC(ifp) ((struct arpcom *)(ifp))
984263bc 153
5fe66e68 154static boolean_t ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
7c5bb821 155 struct ip_fw **rule,
90ca9293 156 const struct ether_header *eh);
5fe66e68 157
984263bc 158static int ether_ipfw;
9b77ea6e
SZ
159static u_int ether_restore_hdr;
160static u_int ether_prepend_hdr;
161
7c7f9646
SZ
162#ifdef RSS_DEBUG
163static u_int ether_pktinfo_try;
164static u_int ether_pktinfo_hit;
165static u_int ether_rss_nopi;
166static u_int ether_rss_nohash;
167#endif
168
5fe66e68
JH
169SYSCTL_DECL(_net_link);
170SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet");
171SYSCTL_INT(_net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW,
172 &ether_ipfw, 0, "Pass ether pkts through firewall");
9b77ea6e
SZ
173SYSCTL_UINT(_net_link_ether, OID_AUTO, restore_hdr, CTLFLAG_RW,
174 &ether_restore_hdr, 0, "# of ether header restoration");
175SYSCTL_UINT(_net_link_ether, OID_AUTO, prepend_hdr, CTLFLAG_RW,
176 &ether_prepend_hdr, 0,
177 "# of ether header restoration which prepends mbuf");
7c7f9646
SZ
178#ifdef RSS_DEBUG
179SYSCTL_UINT(_net_link_ether, OID_AUTO, rss_nopi, CTLFLAG_RW,
180 &ether_rss_nopi, 0, "# of packets do not have pktinfo");
181SYSCTL_UINT(_net_link_ether, OID_AUTO, rss_nohash, CTLFLAG_RW,
182 &ether_rss_nohash, 0, "# of packets do not have hash");
183SYSCTL_UINT(_net_link_ether, OID_AUTO, pktinfo_try, CTLFLAG_RW,
184 &ether_pktinfo_try, 0,
185 "# of tries to find packets' msgport using pktinfo");
186SYSCTL_UINT(_net_link_ether, OID_AUTO, pktinfo_hit, CTLFLAG_RW,
187 &ether_pktinfo_hit, 0,
188 "# of packets whose msgport are found using pktinfo");
189#endif
984263bc 190
f3e0b5f0
SZ
191#define ETHER_KTR_STR "ifp=%p"
192#define ETHER_KTR_ARG_SIZE (sizeof(void *))
193#ifndef KTR_ETHERNET
194#define KTR_ETHERNET KTR_ALL
195#endif
196KTR_INFO_MASTER(ether);
197KTR_INFO(KTR_ETHERNET, ether, chain_beg, 0, ETHER_KTR_STR, ETHER_KTR_ARG_SIZE);
198KTR_INFO(KTR_ETHERNET, ether, chain_end, 1, ETHER_KTR_STR, ETHER_KTR_ARG_SIZE);
199KTR_INFO(KTR_ETHERNET, ether, disp_beg, 2, ETHER_KTR_STR, ETHER_KTR_ARG_SIZE);
200KTR_INFO(KTR_ETHERNET, ether, disp_end, 3, ETHER_KTR_STR, ETHER_KTR_ARG_SIZE);
201#define logether(name, arg) KTR_LOG(ether_ ## name, arg)
202
984263bc
MD
203/*
204 * Ethernet output routine.
205 * Encapsulate a packet of type family for the local net.
206 * Use trailer local net encapsulation if enough data in first
207 * packet leaves a multiple of 512 bytes of data in remainder.
208 * Assumes that ifp is actually pointer to arpcom structure.
209 */
3013ac0e
JS
210static int
211ether_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
f23061d4 212 struct rtentry *rt)
984263bc 213{
f23061d4
JH
214 struct ether_header *eh, *deh;
215 u_char *edst;
984263bc 216 int loop_copy = 0;
f23061d4 217 int hlen = ETHER_HDR_LEN; /* link layer header length */
984263bc 218 struct arpcom *ac = IFP2AC(ifp);
f23061d4 219 int error;
984263bc 220
57dff79c
SZ
221 ASSERT_NOT_SERIALIZED(ifp->if_serializer);
222
3a593c54
MD
223 if (ifp->if_flags & IFF_MONITOR)
224 gotoerr(ENETDOWN);
f23061d4
JH
225 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING))
226 gotoerr(ENETDOWN);
227
228 M_PREPEND(m, sizeof(struct ether_header), MB_DONTWAIT);
229 if (m == NULL)
5fe66e68 230 return (ENOBUFS);
f23061d4
JH
231 eh = mtod(m, struct ether_header *);
232 edst = eh->ether_dhost;
233
5fe66e68
JH
234 /*
235 * Fill in the destination ethernet address and frame type.
236 */
984263bc
MD
237 switch (dst->sa_family) {
238#ifdef INET
239 case AF_INET:
f23061d4 240 if (!arpresolve(ifp, rt, m, dst, edst))
984263bc 241 return (0); /* if not yet resolved */
cb8d752c
NA
242#ifdef MPLS
243 if (m->m_flags & M_MPLSLABELED)
244 eh->ether_type = htons(ETHERTYPE_MPLS);
245 else
246#endif
247 eh->ether_type = htons(ETHERTYPE_IP);
984263bc
MD
248 break;
249#endif
250#ifdef INET6
251 case AF_INET6:
f23061d4 252 if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, edst))
5fe66e68 253 return (0); /* Something bad happenned. */
f23061d4 254 eh->ether_type = htons(ETHERTYPE_IPV6);
984263bc
MD
255 break;
256#endif
257#ifdef IPX
258 case AF_IPX:
f23061d4 259 if (ef_outputp != NULL) {
ff54734e
SZ
260 /*
261 * Hold BGL and recheck ef_outputp
262 */
263 get_mplock();
264 if (ef_outputp != NULL) {
265 error = ef_outputp(ifp, &m, dst,
266 &eh->ether_type, &hlen);
267 rel_mplock();
268 if (error)
269 goto bad;
270 else
271 break;
272 }
273 rel_mplock();
f23061d4 274 }
ff54734e
SZ
275 eh->ether_type = htons(ETHERTYPE_IPX);
276 bcopy(&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host),
277 edst, ETHER_ADDR_LEN);
984263bc
MD
278 break;
279#endif
280#ifdef NETATALK
f23061d4
JH
281 case AF_APPLETALK: {
282 struct at_ifaddr *aa;
283
ff54734e
SZ
284 /*
285 * Hold BGL
286 */
287 get_mplock();
288
f23061d4
JH
289 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL) {
290 error = 0; /* XXX */
ff54734e 291 rel_mplock();
f23061d4
JH
292 goto bad;
293 }
294 /*
295 * In the phase 2 case, need to prepend an mbuf for
296 * the llc header. Since we must preserve the value
297 * of m, which is passed to us by value, we m_copy()
298 * the first mbuf, and use it for our llc header.
299 */
300 if (aa->aa_flags & AFA_PHASE2) {
301 struct llc llc;
302
303 M_PREPEND(m, sizeof(struct llc), MB_DONTWAIT);
5fe66e68
JH
304 eh = mtod(m, struct ether_header *);
305 edst = eh->ether_dhost;
f23061d4
JH
306 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP;
307 llc.llc_control = LLC_UI;
308 bcopy(at_org_code, llc.llc_snap_org_code,
309 sizeof at_org_code);
310 llc.llc_snap_ether_type = htons(ETHERTYPE_AT);
5fe66e68
JH
311 bcopy(&llc,
312 mtod(m, caddr_t) + sizeof(struct ether_header),
313 sizeof(struct llc));
f23061d4
JH
314 eh->ether_type = htons(m->m_pkthdr.len);
315 hlen = sizeof(struct llc) + ETHER_HDR_LEN;
316 } else {
317 eh->ether_type = htons(ETHERTYPE_AT);
318 }
ff54734e
SZ
319 if (!aarpresolve(ac, m, (struct sockaddr_at *)dst, edst)) {
320 rel_mplock();
f23061d4 321 return (0);
ff54734e
SZ
322 }
323
324 rel_mplock();
f23061d4 325 break;
984263bc 326 }
5fe66e68 327#endif
984263bc
MD
328#ifdef NS
329 case AF_NS:
f23061d4 330 switch(ns_nettype) {
984263bc 331 default:
f23061d4
JH
332 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */
333 eh->ether_type = 0x8137;
984263bc 334 break;
f23061d4
JH
335 case 0x0: /* Novell 802.3 */
336 eh->ether_type = htons(m->m_pkthdr.len);
984263bc 337 break;
f23061d4
JH
338 case 0xe0e0: /* Novell 802.2 and Token-Ring */
339 M_PREPEND(m, 3, MB_DONTWAIT);
5fe66e68
JH
340 eh = mtod(m, struct ether_header *);
341 edst = eh->ether_dhost;
f23061d4 342 eh->ether_type = htons(m->m_pkthdr.len);
5fe66e68 343 cp = mtod(m, u_char *) + sizeof(struct ether_header);
984263bc
MD
344 *cp++ = 0xE0;
345 *cp++ = 0xE0;
346 *cp++ = 0x03;
347 break;
348 }
f23061d4
JH
349 bcopy(&(((struct sockaddr_ns *)dst)->sns_addr.x_host), edst,
350 ETHER_ADDR_LEN);
984263bc
MD
351 /*
352 * XXX if ns_thishost is the same as the node's ethernet
353 * address then just the default code will catch this anyhow.
354 * So I'm not sure if this next clause should be here at all?
355 * [JRE]
356 */
f23061d4 357 if (bcmp(edst, &ns_thishost, ETHER_ADDR_LEN) == 0) {
984263bc 358 m->m_pkthdr.rcvif = ifp;
8bde602d 359 netisr_dispatch(NETISR_NS, m);
984263bc
MD
360 return (error);
361 }
f23061d4 362 if (bcmp(edst, &ns_broadhost, ETHER_ADDR_LEN) == 0)
984263bc 363 m->m_flags |= M_BCAST;
984263bc 364 break;
5fe66e68 365#endif
984263bc 366 case pseudo_AF_HDRCMPLT:
984263bc
MD
367 case AF_UNSPEC:
368 loop_copy = -1; /* if this is for us, don't do it */
f23061d4
JH
369 deh = (struct ether_header *)dst->sa_data;
370 memcpy(edst, deh->ether_dhost, ETHER_ADDR_LEN);
371 eh->ether_type = deh->ether_type;
984263bc
MD
372 break;
373
374 default:
8f0777ca 375 if_printf(ifp, "can't handle af%d\n", dst->sa_family);
f23061d4 376 gotoerr(EAFNOSUPPORT);
984263bc
MD
377 }
378
f23061d4
JH
379 if (dst->sa_family == pseudo_AF_HDRCMPLT) /* unlikely */
380 memcpy(eh->ether_shost,
381 ((struct ether_header *)dst->sa_data)->ether_shost,
382 ETHER_ADDR_LEN);
984263bc 383 else
f23061d4 384 memcpy(eh->ether_shost, ac->ac_enaddr, ETHER_ADDR_LEN);
984263bc
MD
385
386 /*
db37145f
SS
387 * Bridges require special output handling.
388 */
389 if (ifp->if_bridge) {
8f0777ca
SZ
390 KASSERT(bridge_output_p != NULL,
391 ("%s: if_bridge not loaded!", __func__));
ad8c8b44 392 return bridge_output_p(ifp, m);
db37145f
SS
393 }
394
395 /*
984263bc
MD
396 * If a simplex interface, and the packet is being sent to our
397 * Ethernet address or a broadcast address, loopback a copy.
398 * XXX To make a simplex device behave exactly like a duplex
399 * device, we should copy in the case of sending to our own
400 * ethernet address (thus letting the original actually appear
401 * on the wire). However, we don't do that here for security
402 * reasons and compatibility with the original behavior.
403 */
404 if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) {
405 int csum_flags = 0;
406
407 if (m->m_pkthdr.csum_flags & CSUM_IP)
f23061d4 408 csum_flags |= (CSUM_IP_CHECKED | CSUM_IP_VALID);
984263bc 409 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
f23061d4 410 csum_flags |= (CSUM_DATA_VALID | CSUM_PSEUDO_HDR);
984263bc
MD
411 if ((m->m_flags & M_BCAST) || (loop_copy > 0)) {
412 struct mbuf *n;
413
f23061d4 414 if ((n = m_copypacket(m, MB_DONTWAIT)) != NULL) {
984263bc
MD
415 n->m_pkthdr.csum_flags |= csum_flags;
416 if (csum_flags & CSUM_DATA_VALID)
417 n->m_pkthdr.csum_data = 0xffff;
f23061d4 418 if_simloop(ifp, n, dst->sa_family, hlen);
984263bc
MD
419 } else
420 ifp->if_iqdrops++;
f23061d4
JH
421 } else if (bcmp(eh->ether_dhost, eh->ether_shost,
422 ETHER_ADDR_LEN) == 0) {
984263bc
MD
423 m->m_pkthdr.csum_flags |= csum_flags;
424 if (csum_flags & CSUM_DATA_VALID)
425 m->m_pkthdr.csum_data = 0xffff;
f23061d4 426 if_simloop(ifp, m, dst->sa_family, hlen);
984263bc
MD
427 return (0); /* XXX */
428 }
429 }
430
0d16ba1d 431#ifdef CARP
ff54734e
SZ
432 if (ifp->if_carp) {
433 /*
434 * Hold BGL and recheck ifp->if_carp
435 */
436 get_mplock();
437 if (ifp->if_carp && (error = carp_output(ifp, m, dst, NULL))) {
438 rel_mplock();
439 goto bad;
440 }
441 rel_mplock();
442 }
0d16ba1d
MD
443#endif
444
445
984263bc
MD
446 /* Handle ng_ether(4) processing, if any */
447 if (ng_ether_output_p != NULL) {
ff54734e
SZ
448 /*
449 * Hold BGL and recheck ng_ether_output_p
450 */
451 get_mplock();
452 if (ng_ether_output_p != NULL) {
453 if ((error = ng_ether_output_p(ifp, &m)) != 0) {
454 rel_mplock();
455 goto bad;
456 }
457 if (m == NULL) {
458 rel_mplock();
459 return (0);
460 }
461 }
462 rel_mplock();
984263bc
MD
463 }
464
465 /* Continue with link-layer output */
466 return ether_output_frame(ifp, m);
0c3c561c
JH
467
468bad:
469 m_freem(m);
470 return (error);
984263bc
MD
471}
472
473/*
474 * Ethernet link layer output routine to send a raw frame to the device.
475 *
476 * This assumes that the 14 byte Ethernet header is present and contiguous
a8d45119 477 * in the first mbuf.
984263bc
MD
478 */
479int
f23061d4 480ether_output_frame(struct ifnet *ifp, struct mbuf *m)
984263bc 481{
f23061d4 482 struct ip_fw *rule = NULL;
984263bc 483 int error = 0;
4d723e5a 484 struct altq_pktattr pktattr;
984263bc 485
57dff79c
SZ
486 ASSERT_NOT_SERIALIZED(ifp->if_serializer);
487
eb241549
SZ
488 if (m->m_pkthdr.fw_flags & DUMMYNET_MBUF_TAGGED) {
489 struct m_tag *mtag;
490
491 /* Extract info from dummynet tag */
492 mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL);
493 KKASSERT(mtag != NULL);
84a3e25a 494 rule = ((struct dn_pkt *)m_tag_data(mtag))->dn_priv;
eb241549 495 KKASSERT(rule != NULL);
4c7020ad
SZ
496
497 m_tag_delete(m, mtag);
eb241549 498 m->m_pkthdr.fw_flags &= ~DUMMYNET_MBUF_TAGGED;
5fe66e68 499 }
984263bc 500
4d723e5a
JS
501 if (ifq_is_enabled(&ifp->if_snd))
502 altq_etherclassify(&ifp->if_snd, m, &pktattr);
4986965b 503 crit_enter();
984263bc
MD
504 if (IPFW_LOADED && ether_ipfw != 0) {
505 struct ether_header save_eh, *eh;
506
507 eh = mtod(m, struct ether_header *);
508 save_eh = *eh;
509 m_adj(m, ETHER_HDR_LEN);
90ca9293 510 if (!ether_ipfw_chk(&m, ifp, &rule, eh)) {
4986965b 511 crit_exit();
5fe66e68 512 if (m != NULL) {
984263bc 513 m_freem(m);
f23061d4 514 return ENOBUFS; /* pkt dropped */
984263bc
MD
515 } else
516 return 0; /* consumed e.g. in a pipe */
517 }
9b77ea6e 518
984263bc 519 /* packet was ok, restore the ethernet header */
9b77ea6e
SZ
520 ether_restore_header(&m, eh, &save_eh);
521 if (m == NULL) {
522 crit_exit();
523 return ENOBUFS;
984263bc
MD
524 }
525 }
78195a76 526 crit_exit();
984263bc
MD
527
528 /*
529 * Queue message on interface, update output statistics if
530 * successful, and start output if interface not yet active.
531 */
9db4b353 532 error = ifq_dispatch(ifp, m, &pktattr);
984263bc
MD
533 return (error);
534}
535
536/*
537 * ipfw processing for ethernet packets (in and out).
5fe66e68 538 * The second parameter is NULL from ether_demux(), and ifp from
a8d45119 539 * ether_output_frame().
984263bc 540 */
5fe66e68 541static boolean_t
90ca9293
SZ
542ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, struct ip_fw **rule,
543 const struct ether_header *eh)
984263bc 544{
29b27cb7 545 struct ether_header save_eh = *eh; /* might be a ptr in *m0 */
984263bc 546 struct ip_fw_args args;
e5ecc832 547 struct m_tag *mtag;
29b27cb7 548 struct mbuf *m;
f23061d4 549 int i;
984263bc
MD
550
551 if (*rule != NULL && fw_one_pass)
5fe66e68 552 return TRUE; /* dummynet packet, already partially processed */
984263bc
MD
553
554 /*
90ca9293 555 * I need some amount of data to be contiguous.
984263bc 556 */
f23061d4 557 i = min((*m0)->m_pkthdr.len, max_protohdr);
90ca9293 558 if ((*m0)->m_len < i) {
984263bc
MD
559 *m0 = m_pullup(*m0, i);
560 if (*m0 == NULL)
5fe66e68 561 return FALSE;
984263bc
MD
562 }
563
5de23090
SZ
564 /*
565 * Clean up tags
566 */
e5ecc832
JS
567 if ((mtag = m_tag_find(*m0, PACKET_TAG_IPFW_DIVERT, NULL)) != NULL)
568 m_tag_delete(*m0, mtag);
5de23090
SZ
569 if ((*m0)->m_pkthdr.fw_flags & IPFORWARD_MBUF_TAGGED) {
570 mtag = m_tag_find(*m0, PACKET_TAG_IPFORWARD, NULL);
571 KKASSERT(mtag != NULL);
572 m_tag_delete(*m0, mtag);
573 (*m0)->m_pkthdr.fw_flags &= ~IPFORWARD_MBUF_TAGGED;
574 }
575
576 args.m = *m0; /* the packet we are looking at */
577 args.oif = dst; /* destination, if any */
984263bc 578 args.rule = *rule; /* matching rule to restart */
984263bc
MD
579 args.eh = &save_eh; /* MAC header for bridged/MAC packets */
580 i = ip_fw_chk_ptr(&args);
581 *m0 = args.m;
582 *rule = args.rule;
583
29b27cb7 584 if (*m0 == NULL)
5fe66e68 585 return FALSE;
984263bc 586
29b27cb7
SZ
587 switch (i) {
588 case IP_FW_PASS:
5fe66e68 589 return TRUE;
984263bc 590
29b27cb7
SZ
591 case IP_FW_DIVERT:
592 case IP_FW_TEE:
593 case IP_FW_DENY:
984263bc 594 /*
29b27cb7
SZ
595 * XXX at some point add support for divert/forward actions.
596 * If none of the above matches, we have to drop the pkt.
984263bc 597 */
29b27cb7 598 return FALSE;
984263bc 599
29b27cb7
SZ
600 case IP_FW_DUMMYNET:
601 /*
602 * Pass the pkt to dummynet, which consumes it.
603 */
90ca9293
SZ
604 m = *m0; /* pass the original to dummynet */
605 *m0 = NULL; /* and nothing back to the caller */
9b77ea6e
SZ
606
607 ether_restore_header(&m, eh, &save_eh);
608 if (m == NULL)
609 return FALSE;
610
29b27cb7
SZ
611 ip_fw_dn_io_ptr(m, args.cookie,
612 dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args);
e4d4f9c3 613 ip_dn_queue(m);
5fe66e68 614 return FALSE;
29b27cb7
SZ
615
616 default:
617 panic("unknown ipfw return value: %d\n", i);
984263bc 618 }
984263bc
MD
619}
620
4853cd0f 621static void
68b67450
SZ
622ether_input(struct ifnet *ifp, struct mbuf *m)
623{
2eb0d069 624 ether_input_chain(ifp, m, NULL, NULL);
984263bc
MD
625}
626
627/*
628 * Perform common duties while attaching to interface list
629 */
630void
78195a76 631ether_ifattach(struct ifnet *ifp, uint8_t *lla, lwkt_serialize_t serializer)
984263bc 632{
78195a76
MD
633 ether_ifattach_bpf(ifp, lla, DLT_EN10MB, sizeof(struct ether_header),
634 serializer);
c0f6c904
JS
635}
636
637void
78195a76
MD
638ether_ifattach_bpf(struct ifnet *ifp, uint8_t *lla, u_int dlt, u_int hdrlen,
639 lwkt_serialize_t serializer)
c0f6c904 640{
82ed7fc2 641 struct sockaddr_dl *sdl;
984263bc
MD
642
643 ifp->if_type = IFT_ETHER;
c401f0fd 644 ifp->if_addrlen = ETHER_ADDR_LEN;
5fe66e68 645 ifp->if_hdrlen = ETHER_HDR_LEN;
78195a76 646 if_attach(ifp, serializer);
984263bc 647 ifp->if_mtu = ETHERMTU;
984263bc 648 if (ifp->if_baudrate == 0)
f23061d4 649 ifp->if_baudrate = 10000000;
5fe66e68 650 ifp->if_output = ether_output;
0b076e92 651 ifp->if_input = ether_input;
5fe66e68
JH
652 ifp->if_resolvemulti = ether_resolvemulti;
653 ifp->if_broadcastaddr = etherbroadcastaddr;
f2682cb9 654 sdl = IF_LLSOCKADDR(ifp);
984263bc
MD
655 sdl->sdl_type = IFT_ETHER;
656 sdl->sdl_alen = ifp->if_addrlen;
0a8b5977 657 bcopy(lla, LLADDR(sdl), ifp->if_addrlen);
c568d5be
JS
658 /*
659 * XXX Keep the current drivers happy.
660 * XXX Remove once all drivers have been cleaned up
661 */
662 if (lla != IFP2AC(ifp)->ac_enaddr)
663 bcopy(lla, IFP2AC(ifp)->ac_enaddr, ifp->if_addrlen);
c0f6c904 664 bpfattach(ifp, dlt, hdrlen);
984263bc
MD
665 if (ng_ether_attach_p != NULL)
666 (*ng_ether_attach_p)(ifp);
267caeeb
JS
667
668 if_printf(ifp, "MAC address: %6D\n", lla, ":");
984263bc
MD
669}
670
671/*
672 * Perform common duties while detaching an Ethernet interface
673 */
674void
0a8b5977 675ether_ifdetach(struct ifnet *ifp)
984263bc 676{
45b8be9e 677 if_down(ifp);
45b8be9e 678
984263bc
MD
679 if (ng_ether_detach_p != NULL)
680 (*ng_ether_detach_p)(ifp);
0a8b5977 681 bpfdetach(ifp);
984263bc 682 if_detach(ifp);
984263bc
MD
683}
684
984263bc 685int
f23061d4 686ether_ioctl(struct ifnet *ifp, int command, caddr_t data)
984263bc
MD
687{
688 struct ifaddr *ifa = (struct ifaddr *) data;
689 struct ifreq *ifr = (struct ifreq *) data;
690 int error = 0;
691
cbf2eda6
SZ
692#define IF_INIT(ifp) \
693do { \
694 if (((ifp)->if_flags & IFF_UP) == 0) { \
695 (ifp)->if_flags |= IFF_UP; \
696 (ifp)->if_init((ifp)->if_softc); \
697 } \
698} while (0)
699
78195a76
MD
700 ASSERT_SERIALIZED(ifp->if_serializer);
701
984263bc
MD
702 switch (command) {
703 case SIOCSIFADDR:
984263bc
MD
704 switch (ifa->ifa_addr->sa_family) {
705#ifdef INET
706 case AF_INET:
cbf2eda6 707 IF_INIT(ifp); /* before arpwhohas */
984263bc
MD
708 arp_ifinit(ifp, ifa);
709 break;
710#endif
711#ifdef IPX
712 /*
713 * XXX - This code is probably wrong
714 */
715 case AF_IPX:
716 {
f23061d4 717 struct ipx_addr *ina = &IA_SIPX(ifa)->sipx_addr;
984263bc
MD
718 struct arpcom *ac = IFP2AC(ifp);
719
720 if (ipx_nullhost(*ina))
f23061d4
JH
721 ina->x_host = *(union ipx_host *) ac->ac_enaddr;
722 else
723 bcopy(ina->x_host.c_host, ac->ac_enaddr,
724 sizeof ac->ac_enaddr);
984263bc 725
cbf2eda6 726 IF_INIT(ifp); /* Set new address. */
984263bc
MD
727 break;
728 }
729#endif
730#ifdef NS
731 /*
732 * XXX - This code is probably wrong
733 */
734 case AF_NS:
735 {
82ed7fc2 736 struct ns_addr *ina = &(IA_SNS(ifa)->sns_addr);
984263bc
MD
737 struct arpcom *ac = IFP2AC(ifp);
738
739 if (ns_nullhost(*ina))
f23061d4
JH
740 ina->x_host = *(union ns_host *)(ac->ac_enaddr);
741 else
742 bcopy(ina->x_host.c_host, ac->ac_enaddr,
743 sizeof ac->ac_enaddr);
984263bc
MD
744
745 /*
746 * Set new address
747 */
cbf2eda6 748 IF_INIT(ifp);
984263bc
MD
749 break;
750 }
751#endif
752 default:
cbf2eda6 753 IF_INIT(ifp);
984263bc
MD
754 break;
755 }
756 break;
757
758 case SIOCGIFADDR:
f23061d4
JH
759 bcopy(IFP2AC(ifp)->ac_enaddr,
760 ((struct sockaddr *)ifr->ifr_data)->sa_data,
761 ETHER_ADDR_LEN);
984263bc
MD
762 break;
763
764 case SIOCSIFMTU:
765 /*
766 * Set the interface MTU.
767 */
768 if (ifr->ifr_mtu > ETHERMTU) {
769 error = EINVAL;
770 } else {
771 ifp->if_mtu = ifr->ifr_mtu;
772 }
773 break;
c2d9fd91
JS
774 default:
775 error = EINVAL;
776 break;
984263bc
MD
777 }
778 return (error);
cbf2eda6
SZ
779
780#undef IF_INIT
984263bc
MD
781}
782
783int
f23061d4
JH
784ether_resolvemulti(
785 struct ifnet *ifp,
786 struct sockaddr **llsa,
787 struct sockaddr *sa)
984263bc
MD
788{
789 struct sockaddr_dl *sdl;
790 struct sockaddr_in *sin;
791#ifdef INET6
792 struct sockaddr_in6 *sin6;
793#endif
794 u_char *e_addr;
795
796 switch(sa->sa_family) {
797 case AF_LINK:
798 /*
799 * No mapping needed. Just check that it's a valid MC address.
800 */
801 sdl = (struct sockaddr_dl *)sa;
802 e_addr = LLADDR(sdl);
803 if ((e_addr[0] & 1) != 1)
804 return EADDRNOTAVAIL;
805 *llsa = 0;
806 return 0;
807
808#ifdef INET
809 case AF_INET:
810 sin = (struct sockaddr_in *)sa;
811 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)))
812 return EADDRNOTAVAIL;
813 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR,
5fe66e68 814 M_WAITOK | M_ZERO);
984263bc
MD
815 sdl->sdl_len = sizeof *sdl;
816 sdl->sdl_family = AF_LINK;
817 sdl->sdl_index = ifp->if_index;
818 sdl->sdl_type = IFT_ETHER;
819 sdl->sdl_alen = ETHER_ADDR_LEN;
820 e_addr = LLADDR(sdl);
821 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr);
822 *llsa = (struct sockaddr *)sdl;
823 return 0;
824#endif
825#ifdef INET6
826 case AF_INET6:
827 sin6 = (struct sockaddr_in6 *)sa;
828 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
829 /*
830 * An IP6 address of 0 means listen to all
831 * of the Ethernet multicast address used for IP6.
832 * (This is used for multicast routers.)
833 */
834 ifp->if_flags |= IFF_ALLMULTI;
835 *llsa = 0;
836 return 0;
837 }
838 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr))
839 return EADDRNOTAVAIL;
840 MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR,
5fe66e68 841 M_WAITOK | M_ZERO);
984263bc
MD
842 sdl->sdl_len = sizeof *sdl;
843 sdl->sdl_family = AF_LINK;
844 sdl->sdl_index = ifp->if_index;
845 sdl->sdl_type = IFT_ETHER;
846 sdl->sdl_alen = ETHER_ADDR_LEN;
847 e_addr = LLADDR(sdl);
848 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr);
849 *llsa = (struct sockaddr *)sdl;
850 return 0;
851#endif
852
853 default:
854 /*
855 * Well, the text isn't quite right, but it's the name
856 * that counts...
857 */
858 return EAFNOSUPPORT;
859 }
860}
d6018c31
JS
861
862#if 0
863/*
864 * This is for reference. We have a table-driven version
865 * of the little-endian crc32 generator, which is faster
866 * than the double-loop.
867 */
868uint32_t
869ether_crc32_le(const uint8_t *buf, size_t len)
870{
871 uint32_t c, crc, carry;
872 size_t i, j;
873
874 crc = 0xffffffffU; /* initial value */
875
876 for (i = 0; i < len; i++) {
877 c = buf[i];
878 for (j = 0; j < 8; j++) {
879 carry = ((crc & 0x01) ? 1 : 0) ^ (c & 0x01);
880 crc >>= 1;
881 c >>= 1;
882 if (carry)
883 crc = (crc ^ ETHER_CRC_POLY_LE);
884 }
885 }
886
f23061d4 887 return (crc);
d6018c31
JS
888}
889#else
890uint32_t
891ether_crc32_le(const uint8_t *buf, size_t len)
892{
893 static const uint32_t crctab[] = {
894 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac,
895 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
896 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c,
897 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c
898 };
899 uint32_t crc;
900 size_t i;
901
902 crc = 0xffffffffU; /* initial value */
903
904 for (i = 0; i < len; i++) {
905 crc ^= buf[i];
906 crc = (crc >> 4) ^ crctab[crc & 0xf];
907 crc = (crc >> 4) ^ crctab[crc & 0xf];
908 }
909
f23061d4 910 return (crc);
d6018c31
JS
911}
912#endif
913
914uint32_t
915ether_crc32_be(const uint8_t *buf, size_t len)
916{
917 uint32_t c, crc, carry;
918 size_t i, j;
919
920 crc = 0xffffffffU; /* initial value */
921
922 for (i = 0; i < len; i++) {
923 c = buf[i];
924 for (j = 0; j < 8; j++) {
925 carry = ((crc & 0x80000000U) ? 1 : 0) ^ (c & 0x01);
926 crc <<= 1;
927 c >>= 1;
928 if (carry)
929 crc = (crc ^ ETHER_CRC_POLY_BE) | carry;
930 }
931 }
932
f23061d4 933 return (crc);
d6018c31 934}
4d723e5a 935
4d723e5a
JS
936/*
937 * find the size of ethernet header, and call classifier
938 */
939void
940altq_etherclassify(struct ifaltq *ifq, struct mbuf *m,
941 struct altq_pktattr *pktattr)
942{
943 struct ether_header *eh;
944 uint16_t ether_type;
945 int hlen, af, hdrsize;
946 caddr_t hdr;
947
948 hlen = sizeof(struct ether_header);
949 eh = mtod(m, struct ether_header *);
950
951 ether_type = ntohs(eh->ether_type);
952 if (ether_type < ETHERMTU) {
953 /* ick! LLC/SNAP */
954 struct llc *llc = (struct llc *)(eh + 1);
955 hlen += 8;
956
957 if (m->m_len < hlen ||
958 llc->llc_dsap != LLC_SNAP_LSAP ||
959 llc->llc_ssap != LLC_SNAP_LSAP ||
960 llc->llc_control != LLC_UI)
961 goto bad; /* not snap! */
962
963 ether_type = ntohs(llc->llc_un.type_snap.ether_type);
964 }
965
966 if (ether_type == ETHERTYPE_IP) {
967 af = AF_INET;
968 hdrsize = 20; /* sizeof(struct ip) */
969#ifdef INET6
970 } else if (ether_type == ETHERTYPE_IPV6) {
971 af = AF_INET6;
972 hdrsize = 40; /* sizeof(struct ip6_hdr) */
973#endif
974 } else
975 goto bad;
976
977 while (m->m_len <= hlen) {
978 hlen -= m->m_len;
979 m = m->m_next;
980 }
981 hdr = m->m_data + hlen;
982 if (m->m_len < hlen + hdrsize) {
983 /*
984 * ip header is not in a single mbuf. this should not
985 * happen in the current code.
986 * (todo: use m_pulldown in the future)
987 */
988 goto bad;
989 }
990 m->m_data += hlen;
991 m->m_len -= hlen;
992 ifq_classify(ifq, m, af, pktattr);
993 m->m_data -= hlen;
994 m->m_len += hlen;
995
996 return;
997
998bad:
999 pktattr->pattr_class = NULL;
1000 pktattr->pattr_hdr = NULL;
1001 pktattr->pattr_af = AF_UNSPEC;
1002}
9b77ea6e
SZ
1003
1004static void
1005ether_restore_header(struct mbuf **m0, const struct ether_header *eh,
1006 const struct ether_header *save_eh)
1007{
1008 struct mbuf *m = *m0;
1009
1010 ether_restore_hdr++;
1011
1012 /*
1013 * Prepend the header, optimize for the common case of
1014 * eh pointing into the mbuf.
1015 */
1016 if ((const void *)(eh + 1) == (void *)m->m_data) {
1017 m->m_data -= ETHER_HDR_LEN;
1018 m->m_len += ETHER_HDR_LEN;
1019 m->m_pkthdr.len += ETHER_HDR_LEN;
1020 } else {
1021 ether_prepend_hdr++;
1022
1023 M_PREPEND(m, ETHER_HDR_LEN, MB_DONTWAIT);
1024 if (m != NULL) {
3d26a382 1025 bcopy(save_eh, mtod(m, struct ether_header *),
9b77ea6e
SZ
1026 ETHER_HDR_LEN);
1027 }
1028 }
1029 *m0 = m;
1030}
68b67450 1031
68b67450
SZ
1032static void
1033ether_input_ipifunc(void *arg)
1034{
1035 struct mbuf *m, *next;
1036 lwkt_port_t port;
1037
1038 m = arg;
1039 do {
1040 next = m->m_nextpkt;
1041 m->m_nextpkt = NULL;
1042
1043 port = m->m_pkthdr.header;
1044 m->m_pkthdr.header = NULL;
1045
1046 lwkt_sendmsg(port,
1047 &m->m_hdr.mh_netmsg.nm_netmsg.nm_lmsg);
1048
1049 m = next;
1050 } while (m != NULL);
1051}
1052
1053void
1054ether_input_dispatch(struct mbuf_chain *chain)
1055{
1056#ifdef SMP
1057 int i;
1058
f3e0b5f0 1059 logether(disp_beg, NULL);
68b67450
SZ
1060 for (i = 0; i < ncpus; ++i) {
1061 if (chain[i].mc_head != NULL) {
1062 lwkt_send_ipiq(globaldata_find(i),
1063 ether_input_ipifunc, chain[i].mc_head);
1064 }
1065 }
1066#else
f3e0b5f0 1067 logether(disp_beg, NULL);
b358f907
SZ
1068 if (chain->mc_head != NULL)
1069 ether_input_ipifunc(chain->mc_head);
68b67450 1070#endif
f3e0b5f0 1071 logether(disp_end, NULL);
68b67450
SZ
1072}
1073
57ccf5a2
SZ
1074void
1075ether_input_chain_init(struct mbuf_chain *chain)
1076{
1077#ifdef SMP
1078 int i;
1079
1080 for (i = 0; i < ncpus; ++i)
1081 chain[i].mc_head = chain[i].mc_tail = NULL;
1082#else
1083 chain->mc_head = chain->mc_tail = NULL;
1084#endif
1085}
1086
5f32d321
SZ
1087/*
1088 * Upper layer processing for a received Ethernet packet.
1089 */
297c8124 1090void
29bc1092
SZ
1091ether_demux_oncpu(struct ifnet *ifp, struct mbuf *m)
1092{
1093 struct ether_header *eh;
469c71d1 1094 int isr, redispatch, discard = 0;
29bc1092
SZ
1095 u_short ether_type;
1096 struct ip_fw *rule = NULL;
29bc1092
SZ
1097#ifdef NETATALK
1098 struct llc *l;
1099#endif
1100
1101 M_ASSERTPKTHDR(m);
1102 KASSERT(m->m_len >= ETHER_HDR_LEN,
1103 ("ether header is no contiguous!\n"));
1104
1105 eh = mtod(m, struct ether_header *);
1106
eb241549
SZ
1107 if (m->m_pkthdr.fw_flags & DUMMYNET_MBUF_TAGGED) {
1108 struct m_tag *mtag;
1109
1110 /* Extract info from dummynet tag */
1111 mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL);
1112 KKASSERT(mtag != NULL);
29bc1092 1113 rule = ((struct dn_pkt *)m_tag_data(mtag))->dn_priv;
eb241549
SZ
1114 KKASSERT(rule != NULL);
1115
29bc1092 1116 m_tag_delete(m, mtag);
eb241549
SZ
1117 m->m_pkthdr.fw_flags &= ~DUMMYNET_MBUF_TAGGED;
1118
1119 /* packet is passing the second time */
29bc1092 1120 goto post_stats;
eb241549 1121 }
29bc1092
SZ
1122
1123#ifdef CARP
1124 /*
1125 * XXX: Okay, we need to call carp_forus() and - if it is for
1126 * us jump over code that does the normal check
1127 * "ac_enaddr == ether_dhost". The check sequence is a bit
1128 * different from OpenBSD, so we jump over as few code as
1129 * possible, to catch _all_ sanity checks. This needs
1130 * evaluation, to see if the carp ether_dhost values break any
1131 * of these checks!
1132 */
c6690c74
SZ
1133 if (ifp->if_carp) {
1134 /*
1135 * Hold BGL and recheck ifp->if_carp
1136 */
1137 get_mplock();
1138 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) {
1139 rel_mplock();
1140 goto post_stats;
1141 }
1142 rel_mplock();
1143 }
29bc1092
SZ
1144#endif
1145
1146 /*
469c71d1
SZ
1147 * We got a packet which was unicast to a different Ethernet
1148 * address. If the driver is working properly, then this
1149 * situation can only happen when the interface is in
1150 * promiscuous mode. We defer the packet discarding until the
1151 * vlan processing is done, so that vlan/bridge or vlan/netgraph
1152 * could work.
29bc1092
SZ
1153 */
1154 if (((ifp->if_flags & (IFF_PROMISC | IFF_PPROMISC)) == IFF_PROMISC) &&
d1859e78 1155 !ETHER_IS_MULTICAST(eh->ether_dhost) &&
469c71d1
SZ
1156 bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN))
1157 discard = 1;
29bc1092
SZ
1158
1159post_stats:
469c71d1 1160 if (IPFW_LOADED && ether_ipfw != 0 && !discard) {
29bc1092
SZ
1161 struct ether_header save_eh = *eh;
1162
1163 /* XXX old crufty stuff, needs to be removed */
1164 m_adj(m, sizeof(struct ether_header));
1165
1166 if (!ether_ipfw_chk(&m, NULL, &rule, eh)) {
1167 m_freem(m);
1168 return;
1169 }
1170
1171 ether_restore_header(&m, eh, &save_eh);
1172 if (m == NULL)
1173 return;
1174 eh = mtod(m, struct ether_header *);
1175 }
1176
1177 ether_type = ntohs(eh->ether_type);
1178 KKASSERT(ether_type != ETHERTYPE_VLAN);
1179
1180 if (m->m_flags & M_VLANTAG) {
b327296f
SZ
1181 void (*vlan_input_func)(struct mbuf *);
1182
1183 vlan_input_func = vlan_input_p;
1184 if (vlan_input_func != NULL) {
1185 vlan_input_func(m);
29bc1092
SZ
1186 } else {
1187 m->m_pkthdr.rcvif->if_noproto++;
1188 m_freem(m);
1189 }
29bc1092
SZ
1190 return;
1191 }
1192
4d895293 1193 /*
469c71d1
SZ
1194 * If we have been asked to discard this packet
1195 * (e.g. not for us), drop it before entering
1196 * the upper layer.
1197 */
1198 if (discard) {
1199 m_freem(m);
1200 return;
1201 }
1202
1203 /*
4d895293
SZ
1204 * Clear protocol specific flags,
1205 * before entering the upper layer.
1206 */
da1604af 1207 m->m_flags &= ~M_ETHER_FLAGS;
4d895293
SZ
1208
1209 /* Strip ethernet header. */
29bc1092 1210 m_adj(m, sizeof(struct ether_header));
4d895293
SZ
1211
1212 /*
1213 * By default, we don't need to do the redispatch; for the
1214 * most common packet types, e.g. IPv4, ether_input_chain()
1215 * has already picked up the correct target network msgport.
1216 */
29bc1092
SZ
1217 redispatch = 0;
1218
1219 switch (ether_type) {
1220#ifdef INET
1221 case ETHERTYPE_IP:
8697599b
SZ
1222 if ((m->m_flags & M_LENCHECKED) == 0) {
1223 if (!ip_lengthcheck(&m))
1224 return;
1225 }
297c8124 1226 if (ipflow_fastforward(m))
29bc1092 1227 return;
29bc1092
SZ
1228 isr = NETISR_IP;
1229 break;
1230
1231 case ETHERTYPE_ARP:
1232 if (ifp->if_flags & IFF_NOARP) {
1233 /* Discard packet if ARP is disabled on interface */
1234 m_freem(m);
1235 return;
1236 }
1237 isr = NETISR_ARP;
1238 break;
1239#endif
1240
1241#ifdef INET6
1242 case ETHERTYPE_IPV6:
1243 isr = NETISR_IPV6;
1244 break;
1245#endif
1246
1247#ifdef IPX
1248 case ETHERTYPE_IPX:
c6690c74
SZ
1249 if (ef_inputp) {
1250 /*
1251 * Hold BGL and recheck ef_inputp
1252 */
1253 get_mplock();
1254 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) {
1255 rel_mplock();
1256 return;
1257 }
1258 rel_mplock();
1259 }
29bc1092
SZ
1260 isr = NETISR_IPX;
1261 break;
1262#endif
1263
1264#ifdef NS
1265 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */
1266 isr = NETISR_NS;
1267 break;
1268
1269#endif
1270
1271#ifdef NETATALK
1272 case ETHERTYPE_AT:
1273 isr = NETISR_ATALK1;
1274 break;
1275 case ETHERTYPE_AARP:
1276 isr = NETISR_AARP;
1277 break;
1278#endif
1279
a020e9d5
SZ
1280#ifdef MPLS
1281 case ETHERTYPE_MPLS:
1282 case ETHERTYPE_MPLS_MCAST:
50098e2e 1283 /* Should have been set by ether_input_chain(). */
cb8d752c 1284 KKASSERT(m->m_flags & M_MPLSLABELED);
a020e9d5
SZ
1285 isr = NETISR_MPLS;
1286 break;
1287#endif
1288
29bc1092
SZ
1289 default:
1290 /*
1291 * The accurate msgport is not determined before
1292 * we reach here, so redo the dispatching
1293 */
1294 redispatch = 1;
1295#ifdef IPX
c6690c74
SZ
1296 if (ef_inputp) {
1297 /*
1298 * Hold BGL and recheck ef_inputp
1299 */
1300 get_mplock();
1301 if (ef_inputp && ef_inputp(ifp, eh, m) == 0) {
1302 rel_mplock();
1303 return;
1304 }
1305 rel_mplock();
1306 }
29bc1092
SZ
1307#endif
1308#ifdef NS
1309 checksum = mtod(m, ushort *);
1310 /* Novell 802.3 */
1311 if ((ether_type <= ETHERMTU) &&
1312 ((*checksum == 0xffff) || (*checksum == 0xE0E0))) {
1313 if (*checksum == 0xE0E0) {
1314 m->m_pkthdr.len -= 3;
1315 m->m_len -= 3;
1316 m->m_data += 3;
1317 }
1318 isr = NETISR_NS;
1319 break;
1320 }
1321#endif
1322#ifdef NETATALK
1323 if (ether_type > ETHERMTU)
1324 goto dropanyway;
1325 l = mtod(m, struct llc *);
1326 if (l->llc_dsap == LLC_SNAP_LSAP &&
1327 l->llc_ssap == LLC_SNAP_LSAP &&
1328 l->llc_control == LLC_UI) {
1329 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code,
1330 sizeof at_org_code) == 0 &&
1331 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) {
1332 m_adj(m, sizeof(struct llc));
1333 isr = NETISR_ATALK2;
1334 break;
1335 }
1336 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code,
1337 sizeof aarp_org_code) == 0 &&
1338 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) {
1339 m_adj(m, sizeof(struct llc));
1340 isr = NETISR_AARP;
1341 break;
1342 }
1343 }
1344dropanyway:
1345#endif
c6690c74
SZ
1346 if (ng_ether_input_orphan_p != NULL) {
1347 /*
1348 * Hold BGL and recheck ng_ether_input_orphan_p
1349 */
1350 get_mplock();
1351 if (ng_ether_input_orphan_p != NULL) {
1352 ng_ether_input_orphan_p(ifp, m, eh);
1353 rel_mplock();
1354 return;
1355 }
1356 rel_mplock();
1357 }
1358 m_freem(m);
29bc1092
SZ
1359 return;
1360 }
1361
1362 if (!redispatch)
1363 netisr_run(isr, m);
1364 else
1365 netisr_dispatch(isr, m);
1366}
1367
5f32d321
SZ
1368/*
1369 * First we perform any link layer operations, then continue to the
1370 * upper layers with ether_demux_oncpu().
1371 */
72b87a91 1372void
29bc1092
SZ
1373ether_input_oncpu(struct ifnet *ifp, struct mbuf *m)
1374{
160af078
SZ
1375 if ((ifp->if_flags & (IFF_UP | IFF_MONITOR)) != IFF_UP) {
1376 /*
1377 * Receiving interface's flags are changed, when this
1378 * packet is waiting for processing; discard it.
1379 */
1380 m_freem(m);
1381 return;
1382 }
1383
29bc1092
SZ
1384 /*
1385 * Tap the packet off here for a bridge. bridge_input()
1386 * will return NULL if it has consumed the packet, otherwise
1387 * it gets processed as normal. Note that bridge_input()
1388 * will always return the original packet if we need to
1389 * process it locally.
1390 */
1391 if (ifp->if_bridge) {
1392 KASSERT(bridge_input_p != NULL,
1393 ("%s: if_bridge not loaded!", __func__));
1394
0899cb3e
SZ
1395 if(m->m_flags & M_ETHER_BRIDGED) {
1396 m->m_flags &= ~M_ETHER_BRIDGED;
29bc1092
SZ
1397 } else {
1398 /* clear M_PROMISC, in case the packets comes from a vlan */
1399 /* m->m_flags &= ~M_PROMISC; */
1400 m = bridge_input_p(ifp, m);
1401 if (m == NULL)
1402 return;
1403
1404 KASSERT(ifp == m->m_pkthdr.rcvif,
1405 ("bridge_input_p changed rcvif\n"));
1406 }
1407 }
1408
1409 /* Handle ng_ether(4) processing, if any */
1410 if (ng_ether_input_p != NULL) {
c6690c74
SZ
1411 /*
1412 * Hold BGL and recheck ng_ether_input_p
1413 */
1414 get_mplock();
1415 if (ng_ether_input_p != NULL)
1416 ng_ether_input_p(ifp, &m);
1417 rel_mplock();
1418
29bc1092
SZ
1419 if (m == NULL)
1420 return;
1421 }
1422
1423 /* Continue with upper layer processing */
1424 ether_demux_oncpu(ifp, m);
1425}
1426
b9ed4403
SZ
1427/*
1428 * Perform certain functions of ether_input_chain():
1429 * - Test IFF_UP
1430 * - Update statistics
1431 * - Run bpf(4) tap if requested
1432 * Then pass the packet to ether_input_oncpu().
1433 *
1434 * This function should be used by pseudo interface (e.g. vlan(4)),
1435 * when it tries to claim that the packet is received by it.
1436 */
1437void
1438ether_reinput_oncpu(struct ifnet *ifp, struct mbuf *m, int run_bpf)
1439{
1440 /* Discard packet if interface is not up */
1441 if (!(ifp->if_flags & IFF_UP)) {
1442 m_freem(m);
1443 return;
1444 }
1445
1446 /* Change receiving interface */
1447 m->m_pkthdr.rcvif = ifp;
1448
1449 /* Update statistics */
1450 ifp->if_ipackets++;
1451 ifp->if_ibytes += m->m_pkthdr.len;
1452 if (m->m_flags & (M_MCAST | M_BCAST))
1453 ifp->if_imcasts++;
1454
1455 if (run_bpf)
1456 BPF_MTAP(ifp, m);
1457
1458 ether_input_oncpu(ifp, m);
1459}
1460
057441be
SZ
1461static __inline boolean_t
1462ether_vlancheck(struct mbuf **m0)
1463{
1464 struct mbuf *m = *m0;
1465 struct ether_header *eh;
1466 uint16_t ether_type;
1467
1468 eh = mtod(m, struct ether_header *);
1469 ether_type = ntohs(eh->ether_type);
1470
1471 if (ether_type == ETHERTYPE_VLAN && (m->m_flags & M_VLANTAG) == 0) {
1472 /*
1473 * Extract vlan tag if hardware does not do it for us
1474 */
1475 vlan_ether_decap(&m);
1476 if (m == NULL)
1477 goto failed;
1478
1479 eh = mtod(m, struct ether_header *);
1480 ether_type = ntohs(eh->ether_type);
1481 }
1482
1483 if (ether_type == ETHERTYPE_VLAN && (m->m_flags & M_VLANTAG)) {
1484 /*
1485 * To prevent possible dangerous recursion,
1486 * we don't do vlan-in-vlan
1487 */
1488 m->m_pkthdr.rcvif->if_noproto++;
1489 goto failed;
1490 }
1491 KKASSERT(ether_type != ETHERTYPE_VLAN);
1492
da1604af 1493 m->m_flags |= M_ETHER_VLANCHECKED;
057441be
SZ
1494 *m0 = m;
1495 return TRUE;
1496failed:
1497 if (m != NULL)
1498 m_freem(m);
1499 *m0 = NULL;
1500 return FALSE;
1501}
1502
29bc1092
SZ
1503static void
1504ether_input_handler(struct netmsg *nmsg)
1505{
1506 struct netmsg_packet *nmp = (struct netmsg_packet *)nmsg;
828c9923 1507 struct ether_header *eh;
29bc1092
SZ
1508 struct ifnet *ifp;
1509 struct mbuf *m;
1510
1511 m = nmp->nm_packet;
1512 M_ASSERTPKTHDR(m);
1513 ifp = m->m_pkthdr.rcvif;
1514
828c9923
SZ
1515 eh = mtod(m, struct ether_header *);
1516 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
1517 if (bcmp(ifp->if_broadcastaddr, eh->ether_dhost,
1518 ifp->if_addrlen) == 0)
1519 m->m_flags |= M_BCAST;
1520 else
1521 m->m_flags |= M_MCAST;
1522 ifp->if_imcasts++;
1523 }
1524
da1604af
SZ
1525 if ((m->m_flags & M_ETHER_VLANCHECKED) == 0) {
1526 if (!ether_vlancheck(&m)) {
1527 KKASSERT(m == NULL);
1528 return;
1529 }
1530 }
1531
29bc1092
SZ
1532 ether_input_oncpu(ifp, m);
1533}
1534
1535static __inline void
1536ether_init_netpacket(int num, struct mbuf *m)
1537{
1538 struct netmsg_packet *pmsg;
1539
1540 pmsg = &m->m_hdr.mh_netmsg;
c6690c74 1541 netmsg_init(&pmsg->nm_netmsg, &netisr_apanic_rport, MSGF_MPSAFE,
29bc1092
SZ
1542 ether_input_handler);
1543 pmsg->nm_packet = m;
1544 pmsg->nm_netmsg.nm_lmsg.u.ms_result = num;
1545}
1546
1547static __inline struct lwkt_port *
e420e7d5 1548ether_mport(int num, struct mbuf **m)
29bc1092 1549{
29bc1092
SZ
1550 if (num == NETISR_MAX) {
1551 /*
1552 * All packets whose target msgports can't be
1553 * determined here are dispatched to netisr0,
1554 * where further dispatching may happen.
1555 */
1556 return cpu_portfn(0);
1557 }
e420e7d5 1558 return netisr_find_port(num, m);
29bc1092
SZ
1559}
1560
2eb0d069
SZ
1561/*
1562 * Send the packet to the target msgport or
1563 * queue it into 'chain'.
1564 */
74f66604
SZ
1565static void
1566ether_dispatch(int isr, struct lwkt_port *port, struct mbuf *m,
1567 struct mbuf_chain *chain)
1568{
1569 ether_init_netpacket(isr, m);
1570
1571 if (chain != NULL) {
1572 struct mbuf_chain *c;
1573 int cpuid;
1574
1575 m->m_pkthdr.header = port; /* XXX */
1576 cpuid = port->mpu_td->td_gd->gd_cpuid;
1577
1578 c = &chain[cpuid];
1579 if (c->mc_head == NULL) {
1580 c->mc_head = c->mc_tail = m;
1581 } else {
1582 c->mc_tail->m_nextpkt = m;
1583 c->mc_tail = m;
1584 }
1585 m->m_nextpkt = NULL;
1586 } else {
1587 lwkt_sendmsg(port, &m->m_hdr.mh_netmsg.nm_netmsg.nm_lmsg);
1588 }
1589}
1590
62f35c44
SZ
1591/*
1592 * Process a received Ethernet packet.
1593 *
1594 * The ethernet header is assumed to be in the mbuf so the caller
1595 * MUST MAKE SURE that there are at least sizeof(struct ether_header)
1596 * bytes in the first mbuf.
1597 *
1598 * We first try to find the target msgport for this ether frame, if
1599 * there is no target msgport for it, this ether frame is discarded,
1600 * else we do following processing according to whether 'chain' is
1601 * NULL or not:
1602 * - If 'chain' is NULL, this ether frame is sent to the target msgport
50098e2e 1603 * immediately. This situation happens when ether_input_chain is
62f35c44
SZ
1604 * accessed through ifnet.if_input.
1605 * - If 'chain' is not NULL, this ether frame is queued to the 'chain'
1606 * bucket indexed by the target msgport's cpuid and the target msgport
50098e2e 1607 * is saved in mbuf's m_pkthdr.m_head. Caller of ether_input_chain
62f35c44
SZ
1608 * must initialize 'chain' by calling ether_input_chain_init().
1609 * ether_input_dispatch must be called later to send ether frames
1610 * queued on 'chain' to their target msgport.
1611 */
29bc1092 1612void
2eb0d069
SZ
1613ether_input_chain(struct ifnet *ifp, struct mbuf *m, const struct pktinfo *pi,
1614 struct mbuf_chain *chain)
29bc1092
SZ
1615{
1616 struct ether_header *eh, *save_eh, save_eh0;
1617 struct lwkt_port *port;
1618 uint16_t ether_type;
1619 int isr;
1620
1621 ASSERT_SERIALIZED(ifp->if_serializer);
1622 M_ASSERTPKTHDR(m);
1623
1624 /* Discard packet if interface is not up */
1625 if (!(ifp->if_flags & IFF_UP)) {
1626 m_freem(m);
1627 return;
1628 }
1629
1630 if (m->m_len < sizeof(struct ether_header)) {
1631 /* XXX error in the caller. */
1632 m_freem(m);
1633 return;
1634 }
29bc1092
SZ
1635
1636 m->m_pkthdr.rcvif = ifp;
1637
f3e0b5f0
SZ
1638 logether(chain_beg, ifp);
1639
29bc1092
SZ
1640 ETHER_BPF_MTAP(ifp, m);
1641
1642 ifp->if_ibytes += m->m_pkthdr.len;
1643
1644 if (ifp->if_flags & IFF_MONITOR) {
828c9923
SZ
1645 eh = mtod(m, struct ether_header *);
1646 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1647 ifp->if_imcasts++;
1648
29bc1092
SZ
1649 /*
1650 * Interface marked for monitoring; discard packet.
1651 */
b5a65047 1652 m_freem(m);
f3e0b5f0
SZ
1653
1654 logether(chain_end, ifp);
b5a65047 1655 return;
29bc1092
SZ
1656 }
1657
2eb0d069 1658 if (pi != NULL && (m->m_flags & M_HASH)) {
7c7f9646
SZ
1659#ifdef RSS_DEBUG
1660 ether_pktinfo_try++;
1661#endif
2eb0d069
SZ
1662 /* Try finding the port using the packet info */
1663 port = netisr_find_pktinfo_port(pi, m);
1664 if (port != NULL) {
7c7f9646
SZ
1665#ifdef RSS_DEBUG
1666 ether_pktinfo_hit++;
1667#endif
2eb0d069 1668 ether_dispatch(pi->pi_netisr, port, m, chain);
a4923720
SZ
1669
1670 logether(chain_end, ifp);
2eb0d069
SZ
1671 return;
1672 }
1673
1674 /*
1675 * The packet info does not contain enough
1676 * information, we will have to check the
1677 * packet content.
1678 */
1679 }
7c7f9646
SZ
1680#ifdef RSS_DEBUG
1681 else if (ifp->if_capenable & IFCAP_RSS) {
1682 if (pi == NULL)
1683 ether_rss_nopi++;
1684 else
1685 ether_rss_nohash++;
1686 }
1687#endif
2eb0d069
SZ
1688
1689 /*
1690 * Packet hash will be recalculated by software,
1691 * so clear the M_HASH flag set by the driver;
1692 * the hash value calculated by the hardware may
1693 * not be exactly what we want.
1694 */
1695 m->m_flags &= ~M_HASH;
1696
057441be 1697 if (!ether_vlancheck(&m)) {
057441be 1698 KKASSERT(m == NULL);
a4923720 1699 logether(chain_end, ifp);
29bc1092
SZ
1700 return;
1701 }
057441be
SZ
1702 eh = mtod(m, struct ether_header *);
1703 ether_type = ntohs(eh->ether_type);
29bc1092
SZ
1704
1705 /*
1706 * Map ether type to netisr id.
1707 */
1708 switch (ether_type) {
1709#ifdef INET
1710 case ETHERTYPE_IP:
1711 isr = NETISR_IP;
1712 break;
1713
1714 case ETHERTYPE_ARP:
1715 isr = NETISR_ARP;
1716 break;
1717#endif
1718
1719#ifdef INET6
1720 case ETHERTYPE_IPV6:
1721 isr = NETISR_IPV6;
1722 break;
1723#endif
1724
1725#ifdef IPX
1726 case ETHERTYPE_IPX:
1727 isr = NETISR_IPX;
1728 break;
1729#endif
1730
1731#ifdef NS
1732 case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */
1733 isr = NETISR_NS;
1734 break;
1735#endif
1736
1737#ifdef NETATALK
1738 case ETHERTYPE_AT:
1739 isr = NETISR_ATALK1;
1740 break;
1741 case ETHERTYPE_AARP:
1742 isr = NETISR_AARP;
1743 break;
1744#endif
1745
a020e9d5
SZ
1746#ifdef MPLS
1747 case ETHERTYPE_MPLS:
1748 case ETHERTYPE_MPLS_MCAST:
cb8d752c 1749 m->m_flags |= M_MPLSLABELED;
a020e9d5
SZ
1750 isr = NETISR_MPLS;
1751 break;
1752#endif
1753
29bc1092
SZ
1754 default:
1755 /*
1756 * NETISR_MAX is an invalid value; it is chosen to let
1757 * ether_mport() know that we are not able to decide
1758 * this packet's msgport here.
1759 */
1760 isr = NETISR_MAX;
1761 break;
1762 }
1763
1764 /*
1765 * If the packet is in contiguous memory, following
1766 * m_adj() could ensure that the hidden ether header
1767 * will not be destroyed, else we will have to save
1768 * the ether header for the later restoration.
1769 */
1770 if (m->m_pkthdr.len != m->m_len) {
1771 save_eh0 = *eh;
1772 save_eh = &save_eh0;
1773 } else {
1774 save_eh = NULL;
1775 }
1776
1777 /*
1778 * Temporarily remove ether header; ether_mport()
1779 * expects a packet without ether header.
1780 */
1781 m_adj(m, sizeof(struct ether_header));
1782
1783 /*
1784 * Find the packet's target msgport.
1785 */
1786 port = ether_mport(isr, &m);
1787 if (port == NULL) {
1788 KKASSERT(m == NULL);
a4923720 1789 logether(chain_end, ifp);
29bc1092
SZ
1790 return;
1791 }
1792
1793 /*
1794 * Restore ether header.
1795 */
1796 if (save_eh != NULL) {
1797 ether_restore_header(&m, eh, save_eh);
a4923720
SZ
1798 if (m == NULL) {
1799 logether(chain_end, ifp);
29bc1092 1800 return;
a4923720 1801 }
29bc1092
SZ
1802 } else {
1803 m->m_data -= ETHER_HDR_LEN;
1804 m->m_len += ETHER_HDR_LEN;
1805 m->m_pkthdr.len += ETHER_HDR_LEN;
1806 }
1807
74f66604 1808 ether_dispatch(isr, port, m, chain);
29bc1092 1809
f3e0b5f0 1810 logether(chain_end, ifp);
29bc1092 1811}