2 * Copyright 2001 Wasabi Systems, Inc.
5 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed for the NetBSD Project by
18 * Wasabi Systems, Inc.
19 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
20 * or promote products derived from this software without specific prior
23 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
27 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
37 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
38 * All rights reserved.
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
48 * 3. All advertising materials mentioning features or use of this software
49 * must display the following acknowledgement:
50 * This product includes software developed by Jason L. Wright
51 * 4. The name of the author may not be used to endorse or promote products
52 * derived from this software without specific prior written permission.
54 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
55 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
56 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
57 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
58 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
59 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
60 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
63 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
64 * POSSIBILITY OF SUCH DAMAGE.
66 * $OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp $
67 * $NetBSD: if_bridge.c,v 1.31 2005/06/01 19:45:34 jdc Exp $
68 * $FreeBSD: src/sys/net/if_bridge.c,v 1.26 2005/10/13 23:05:55 thompsa Exp $
69 * $DragonFly: src/sys/net/bridge/if_bridge.c,v 1.6 2006/04/21 19:43:58 hsu Exp $
73 * Network interface bridge support.
77 * - Currently only supports Ethernet-like interfaces (Ethernet,
78 * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
79 * to bridge other types of interfaces (FDDI-FDDI, and maybe
80 * consider heterogenous bridges).
83 #include <sys/cdefs.h>
86 #include "opt_inet6.h"
88 #include <sys/param.h>
90 #include <sys/malloc.h>
91 #include <sys/protosw.h>
92 #include <sys/systm.h>
94 #include <sys/socket.h> /* for net/if.h */
95 #include <sys/sockio.h>
96 #include <sys/ctype.h> /* string functions */
97 #include <sys/kernel.h>
98 #include <sys/random.h>
99 #include <sys/sysctl.h>
100 #include <sys/module.h>
101 #include <sys/proc.h>
102 #include <sys/lock.h>
103 #include <sys/thread.h>
104 #include <sys/thread2.h>
105 #include <sys/mpipe.h>
109 #include <net/if_dl.h>
110 #include <net/if_types.h>
111 #include <net/if_var.h>
112 #include <net/pfil.h>
113 #include <net/ifq_var.h>
115 #include <netinet/in.h> /* for struct arpcom */
116 #include <netinet/in_systm.h>
117 #include <netinet/in_var.h>
118 #include <netinet/ip.h>
119 #include <netinet/ip_var.h>
121 #include <netinet/ip6.h>
122 #include <netinet6/ip6_var.h>
124 #include <netinet/if_ether.h> /* for struct arpcom */
125 #include <net/bridge/if_bridgevar.h>
126 #include <net/if_llc.h>
128 #include <net/route.h>
129 #include <sys/in_cksum.h>
132 * Size of the route hash table. Must be a power of two.
134 #ifndef BRIDGE_RTHASH_SIZE
135 #define BRIDGE_RTHASH_SIZE 1024
138 #define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
141 * Maximum number of addresses to cache.
143 #ifndef BRIDGE_RTABLE_MAX
144 #define BRIDGE_RTABLE_MAX 100
148 * Spanning tree defaults.
150 #define BSTP_DEFAULT_MAX_AGE (20 * 256)
151 #define BSTP_DEFAULT_HELLO_TIME (2 * 256)
152 #define BSTP_DEFAULT_FORWARD_DELAY (15 * 256)
153 #define BSTP_DEFAULT_HOLD_TIME (1 * 256)
154 #define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000
155 #define BSTP_DEFAULT_PORT_PRIORITY 0x80
156 #define BSTP_DEFAULT_PATH_COST 55
159 * Timeout (in seconds) for entries learned dynamically.
161 #ifndef BRIDGE_RTABLE_TIMEOUT
162 #define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
166 * Number of seconds between walks of the route list.
168 #ifndef BRIDGE_RTABLE_PRUNE_PERIOD
169 #define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
172 extern struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *);
173 extern int (*bridge_output_p)(struct ifnet *, struct mbuf *,
174 struct sockaddr *, struct rtentry *);
175 extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *);
176 extern void (*bridge_detach_p)(struct ifnet *);
178 int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
180 int bridge_clone_create(struct if_clone *, int);
181 void bridge_clone_destroy(struct ifnet *);
183 int bridge_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
185 static void bridge_init(void *);
186 void bridge_stop(struct ifnet *, int);
187 void bridge_start(struct ifnet *);
189 void bridge_forward(struct bridge_softc *, struct mbuf *m);
191 void bridge_timer(void *);
193 void bridge_broadcast(struct bridge_softc *, struct ifnet *, struct mbuf *,
196 int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
197 struct ifnet *, int, uint8_t);
198 struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
199 void bridge_rttrim(struct bridge_softc *);
200 void bridge_rtage(struct bridge_softc *);
201 void bridge_rtflush(struct bridge_softc *, int);
202 int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
204 int bridge_rtable_init(struct bridge_softc *);
205 void bridge_rtable_fini(struct bridge_softc *);
207 struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
209 int bridge_rtnode_insert(struct bridge_softc *, struct bridge_rtnode *);
210 void bridge_rtnode_destroy(struct bridge_softc *, struct bridge_rtnode *);
212 struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
214 struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
216 void bridge_delete_member(struct bridge_softc *, struct bridge_iflist *);
218 int bridge_ioctl_add(struct bridge_softc *, void *);
219 int bridge_ioctl_del(struct bridge_softc *, void *);
220 int bridge_ioctl_gifflags(struct bridge_softc *, void *);
221 int bridge_ioctl_sifflags(struct bridge_softc *, void *);
222 int bridge_ioctl_scache(struct bridge_softc *, void *);
223 int bridge_ioctl_gcache(struct bridge_softc *, void *);
224 int bridge_ioctl_gifs(struct bridge_softc *, void *);
225 int bridge_ioctl_rts(struct bridge_softc *, void *);
226 int bridge_ioctl_saddr(struct bridge_softc *, void *);
227 int bridge_ioctl_sto(struct bridge_softc *, void *);
228 int bridge_ioctl_gto(struct bridge_softc *, void *);
229 int bridge_ioctl_daddr(struct bridge_softc *, void *);
230 int bridge_ioctl_flush(struct bridge_softc *, void *);
231 int bridge_ioctl_gpri(struct bridge_softc *, void *);
232 int bridge_ioctl_spri(struct bridge_softc *, void *);
233 int bridge_ioctl_ght(struct bridge_softc *, void *);
234 int bridge_ioctl_sht(struct bridge_softc *, void *);
235 int bridge_ioctl_gfd(struct bridge_softc *, void *);
236 int bridge_ioctl_sfd(struct bridge_softc *, void *);
237 int bridge_ioctl_gma(struct bridge_softc *, void *);
238 int bridge_ioctl_sma(struct bridge_softc *, void *);
239 int bridge_ioctl_sifprio(struct bridge_softc *, void *);
240 int bridge_ioctl_sifcost(struct bridge_softc *, void *);
241 static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, int);
242 static int bridge_ip_checkbasic(struct mbuf **mp);
244 static int bridge_ip6_checkbasic(struct mbuf **mp);
247 SYSCTL_DECL(_net_link);
248 SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW, 0, "Bridge");
250 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
251 static int pfil_member = 1; /* run pfil hooks on the member interface */
252 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
253 &pfil_bridge, 0, "Packet filter on the bridge interface");
254 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_member, CTLFLAG_RW,
255 &pfil_member, 0, "Packet filter on the member interface");
257 struct bridge_control {
258 int (*bc_func)(struct bridge_softc *, void *);
263 #define BC_F_COPYIN 0x01 /* copy arguments in */
264 #define BC_F_COPYOUT 0x02 /* copy arguments out */
265 #define BC_F_SUSER 0x04 /* do super-user check */
267 const struct bridge_control bridge_control_table[] = {
268 { bridge_ioctl_add, sizeof(struct ifbreq),
269 BC_F_COPYIN|BC_F_SUSER },
270 { bridge_ioctl_del, sizeof(struct ifbreq),
271 BC_F_COPYIN|BC_F_SUSER },
273 { bridge_ioctl_gifflags, sizeof(struct ifbreq),
274 BC_F_COPYIN|BC_F_COPYOUT },
275 { bridge_ioctl_sifflags, sizeof(struct ifbreq),
276 BC_F_COPYIN|BC_F_SUSER },
278 { bridge_ioctl_scache, sizeof(struct ifbrparam),
279 BC_F_COPYIN|BC_F_SUSER },
280 { bridge_ioctl_gcache, sizeof(struct ifbrparam),
283 { bridge_ioctl_gifs, sizeof(struct ifbifconf),
284 BC_F_COPYIN|BC_F_COPYOUT },
285 { bridge_ioctl_rts, sizeof(struct ifbaconf),
286 BC_F_COPYIN|BC_F_COPYOUT },
288 { bridge_ioctl_saddr, sizeof(struct ifbareq),
289 BC_F_COPYIN|BC_F_SUSER },
291 { bridge_ioctl_sto, sizeof(struct ifbrparam),
292 BC_F_COPYIN|BC_F_SUSER },
293 { bridge_ioctl_gto, sizeof(struct ifbrparam),
296 { bridge_ioctl_daddr, sizeof(struct ifbareq),
297 BC_F_COPYIN|BC_F_SUSER },
299 { bridge_ioctl_flush, sizeof(struct ifbreq),
300 BC_F_COPYIN|BC_F_SUSER },
302 { bridge_ioctl_gpri, sizeof(struct ifbrparam),
304 { bridge_ioctl_spri, sizeof(struct ifbrparam),
305 BC_F_COPYIN|BC_F_SUSER },
307 { bridge_ioctl_ght, sizeof(struct ifbrparam),
309 { bridge_ioctl_sht, sizeof(struct ifbrparam),
310 BC_F_COPYIN|BC_F_SUSER },
312 { bridge_ioctl_gfd, sizeof(struct ifbrparam),
314 { bridge_ioctl_sfd, sizeof(struct ifbrparam),
315 BC_F_COPYIN|BC_F_SUSER },
317 { bridge_ioctl_gma, sizeof(struct ifbrparam),
319 { bridge_ioctl_sma, sizeof(struct ifbrparam),
320 BC_F_COPYIN|BC_F_SUSER },
322 { bridge_ioctl_sifprio, sizeof(struct ifbreq),
323 BC_F_COPYIN|BC_F_SUSER },
325 { bridge_ioctl_sifcost, sizeof(struct ifbreq),
326 BC_F_COPYIN|BC_F_SUSER },
328 const int bridge_control_table_size =
329 sizeof(bridge_control_table) / sizeof(bridge_control_table[0]);
331 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
332 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
334 LIST_HEAD(, bridge_softc) bridge_list;
336 struct if_clone bridge_cloner = IF_CLONE_INITIALIZER("bridge",
338 bridge_clone_destroy, 0, IF_MAXUNIT);
341 bridge_modevent(module_t mod, int type, void *data)
346 LIST_INIT(&bridge_list);
347 if_clone_attach(&bridge_cloner);
348 bridge_input_p = bridge_input;
349 bridge_output_p = bridge_output_serialized;
351 bridge_detach_p = bridge_ifdetach;
352 bstp_linkstate_p = bstp_linkstate;
356 if (!LIST_EMPTY(&bridge_list))
358 if_clone_detach(&bridge_cloner);
359 bridge_input_p = NULL;
360 bridge_output_p = NULL;
362 bridge_detach_p = NULL;
363 bstp_linkstate_p = NULL;
372 static moduledata_t bridge_mod = {
378 DECLARE_MODULE(if_bridge, bridge_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
382 * bridge_clone_create:
384 * Create a new bridge instance.
387 bridge_clone_create(struct if_clone *ifc, int unit)
389 struct bridge_softc *sc;
393 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
394 ifp = sc->sc_ifp = &sc->sc_if;
396 sc->sc_brtmax = BRIDGE_RTABLE_MAX;
397 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
398 sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE;
399 sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME;
400 sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY;
401 sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY;
402 sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME;
404 /* Initialize our routing table. */
405 bridge_rtable_init(sc);
407 callout_init(&sc->sc_brcallout);
408 callout_init(&sc->sc_bstpcallout);
410 LIST_INIT(&sc->sc_iflist);
413 if_initname(ifp, ifc->ifc_name, unit);
414 ifp->if_mtu = ETHERMTU;
415 ifp->if_flags = IFF_MULTICAST;
416 ifp->if_ioctl = bridge_ioctl;
417 ifp->if_start = bridge_start;
418 ifp->if_init = bridge_init;
419 ifp->if_type = IFT_BRIDGE;
420 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen);
421 ifp->if_snd.ifq_maxlen = ifqmaxlen;
422 ifq_set_ready(&ifp->if_snd);
423 ifp->if_hdrlen = ETHER_HDR_LEN;
426 * Generate a random ethernet address and use the private AC:DE:48
430 int rnd = arc4random();
431 bcopy(&rnd, &eaddr[2], 4); /* ETHER_ADDR_LEN == 6 */
437 ether_ifattach(ifp, eaddr, NULL);
438 /* Now undo some of the damage... */
439 ifp->if_baudrate = 0;
440 ifp->if_type = IFT_BRIDGE;
443 LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
450 * bridge_clone_destroy:
452 * Destroy a bridge instance.
455 bridge_clone_destroy(struct ifnet *ifp)
457 struct bridge_softc *sc = ifp->if_softc;
458 struct bridge_iflist *bif;
460 lwkt_serialize_enter(ifp->if_serializer);
463 ifp->if_flags &= ~IFF_UP;
465 while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
466 bridge_delete_member(sc, bif);
468 callout_stop(&sc->sc_brcallout);
469 callout_stop(&sc->sc_bstpcallout);
471 lwkt_serialize_exit(ifp->if_serializer);
474 LIST_REMOVE(sc, sc_list);
480 /* Tear down the routing table. */
481 bridge_rtable_fini(sc);
489 * Handle a control request from the operator.
492 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
494 struct bridge_softc *sc = ifp->if_softc;
495 struct thread *td = curthread;
497 struct ifbreq ifbreq;
498 struct ifbifconf ifbifconf;
499 struct ifbareq ifbareq;
500 struct ifbaconf ifbaconf;
501 struct ifbrparam ifbrparam;
503 struct ifdrv *ifd = (struct ifdrv *) data;
504 const struct bridge_control *bc;
515 if (ifd->ifd_cmd >= bridge_control_table_size) {
519 bc = &bridge_control_table[ifd->ifd_cmd];
521 if (cmd == SIOCGDRVSPEC &&
522 (bc->bc_flags & BC_F_COPYOUT) == 0) {
526 else if (cmd == SIOCSDRVSPEC &&
527 (bc->bc_flags & BC_F_COPYOUT) != 0) {
532 if (bc->bc_flags & BC_F_SUSER) {
538 if (ifd->ifd_len != bc->bc_argsize ||
539 ifd->ifd_len > sizeof(args)) {
544 memset(&args, 0, sizeof(args));
545 if (bc->bc_flags & BC_F_COPYIN) {
546 error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
551 error = (*bc->bc_func)(sc, &args);
555 if (bc->bc_flags & BC_F_COPYOUT)
556 error = copyout(&args, ifd->ifd_data, ifd->ifd_len);
561 if (!(ifp->if_flags & IFF_UP) &&
562 (ifp->if_flags & IFF_RUNNING)) {
564 * If interface is marked down and it is running,
565 * then stop and disable it.
568 } else if ((ifp->if_flags & IFF_UP) &&
569 !(ifp->if_flags & IFF_RUNNING)) {
571 * If interface is marked up and it is stopped, then
579 /* Do not allow the MTU to be changed on the bridge */
585 * drop the lock as ether_ioctl() will call bridge_start() and
586 * cause the lock to be recursed.
588 error = ether_ioctl(ifp, cmd, data);
596 * bridge_lookup_member:
598 * Lookup a bridge member interface.
600 struct bridge_iflist *
601 bridge_lookup_member(struct bridge_softc *sc, const char *name)
603 struct bridge_iflist *bif;
606 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
608 if (strcmp(ifp->if_xname, name) == 0)
616 * bridge_lookup_member_if:
618 * Lookup a bridge member interface by ifnet*.
620 struct bridge_iflist *
621 bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
623 struct bridge_iflist *bif;
625 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
626 if (bif->bif_ifp == member_ifp)
634 * bridge_delete_member:
636 * Delete the specified member interface.
639 bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif)
641 struct ifnet *ifs = bif->bif_ifp;
643 switch (ifs->if_type) {
647 * Take the interface out of promiscuous mode.
657 panic("bridge_delete_member: impossible");
662 ifs->if_bridge = NULL;
664 LIST_REMOVE(bif, bif_next);
666 bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
670 if (sc->sc_ifp->if_flags & IFF_RUNNING)
671 bstp_initialization(sc);
675 bridge_ioctl_add(struct bridge_softc *sc, void *arg)
677 struct ifbreq *req = arg;
678 struct bridge_iflist *bif = NULL;
682 ifs = ifunit(req->ifbr_ifsname);
686 /* Allow the first member to define the MTU */
687 if (LIST_EMPTY(&sc->sc_iflist))
688 sc->sc_ifp->if_mtu = ifs->if_mtu;
689 else if (sc->sc_ifp->if_mtu != ifs->if_mtu) {
690 if_printf(sc->sc_ifp, "invalid MTU for %s\n", ifs->if_xname);
694 if (ifs->if_bridge == sc)
697 if (ifs->if_bridge != NULL)
700 bif = malloc(sizeof(*bif), M_DEVBUF, M_NOWAIT);
704 switch (ifs->if_type) {
708 * Place the interface into promiscuous mode.
710 error = ifpromisc(ifs, 1);
715 case IFT_GIF: /* :^) */
724 bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
725 bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY;
726 bif->bif_path_cost = BSTP_DEFAULT_PATH_COST;
730 LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
732 if (sc->sc_ifp->if_flags & IFF_RUNNING)
733 bstp_initialization(sc);
746 bridge_ioctl_del(struct bridge_softc *sc, void *arg)
748 struct ifbreq *req = arg;
749 struct bridge_iflist *bif;
751 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
755 bridge_delete_member(sc, bif);
761 bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
763 struct ifbreq *req = arg;
764 struct bridge_iflist *bif;
766 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
770 req->ifbr_ifsflags = bif->bif_flags;
771 req->ifbr_state = bif->bif_state;
772 req->ifbr_priority = bif->bif_priority;
773 req->ifbr_path_cost = bif->bif_path_cost;
774 req->ifbr_portno = bif->bif_ifp->if_index & 0xff;
780 bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
782 struct ifbreq *req = arg;
783 struct bridge_iflist *bif;
785 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
789 if (req->ifbr_ifsflags & IFBIF_STP) {
790 switch (bif->bif_ifp->if_type) {
792 /* These can do spanning tree. */
796 /* Nothing else can. */
801 bif->bif_flags = req->ifbr_ifsflags;
803 if (sc->sc_ifp->if_flags & IFF_RUNNING)
804 bstp_initialization(sc);
810 bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
812 struct ifbrparam *param = arg;
814 sc->sc_brtmax = param->ifbrp_csize;
821 bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
823 struct ifbrparam *param = arg;
825 param->ifbrp_csize = sc->sc_brtmax;
831 bridge_ioctl_gifs(struct bridge_softc *sc, void *arg)
833 struct ifbifconf *bifc = arg;
834 struct bridge_iflist *bif;
836 int count, len, error = 0;
839 LIST_FOREACH(bif, &sc->sc_iflist, bif_next)
842 if (bifc->ifbic_len == 0) {
843 bifc->ifbic_len = sizeof(breq) * count;
848 len = bifc->ifbic_len;
849 memset(&breq, 0, sizeof breq);
850 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
851 if (len < sizeof(breq))
854 strlcpy(breq.ifbr_ifsname, bif->bif_ifp->if_xname,
855 sizeof(breq.ifbr_ifsname));
856 breq.ifbr_ifsflags = bif->bif_flags;
857 breq.ifbr_state = bif->bif_state;
858 breq.ifbr_priority = bif->bif_priority;
859 breq.ifbr_path_cost = bif->bif_path_cost;
860 breq.ifbr_portno = bif->bif_ifp->if_index & 0xff;
861 error = copyout(&breq, bifc->ifbic_req + count, sizeof(breq));
868 bifc->ifbic_len = sizeof(breq) * count;
873 bridge_ioctl_rts(struct bridge_softc *sc, void *arg)
875 struct ifbaconf *bac = arg;
876 struct bridge_rtnode *brt;
877 struct ifbareq bareq;
878 int count = 0, error = 0, len;
880 if (bac->ifbac_len == 0)
883 len = bac->ifbac_len;
884 LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
885 if (len < sizeof(bareq))
887 memset(&bareq, 0, sizeof(bareq));
888 strlcpy(bareq.ifba_ifsname, brt->brt_ifp->if_xname,
889 sizeof(bareq.ifba_ifsname));
890 memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr));
891 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC &&
892 time_second < brt->brt_expire)
893 bareq.ifba_expire = brt->brt_expire - time_second;
895 bareq.ifba_expire = 0;
896 bareq.ifba_flags = brt->brt_flags;
898 error = copyout(&bareq, bac->ifbac_req + count, sizeof(bareq));
902 len -= sizeof(bareq);
905 bac->ifbac_len = sizeof(bareq) * count;
910 bridge_ioctl_saddr(struct bridge_softc *sc, void *arg)
912 struct ifbareq *req = arg;
913 struct bridge_iflist *bif;
916 bif = bridge_lookup_member(sc, req->ifba_ifsname);
920 error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
927 bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
929 struct ifbrparam *param = arg;
931 sc->sc_brttimeout = param->ifbrp_ctime;
937 bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
939 struct ifbrparam *param = arg;
941 param->ifbrp_ctime = sc->sc_brttimeout;
947 bridge_ioctl_daddr(struct bridge_softc *sc, void *arg)
949 struct ifbareq *req = arg;
951 return (bridge_rtdaddr(sc, req->ifba_dst));
955 bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
957 struct ifbreq *req = arg;
959 bridge_rtflush(sc, req->ifbr_ifsflags);
965 bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
967 struct ifbrparam *param = arg;
969 param->ifbrp_prio = sc->sc_bridge_priority;
975 bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
977 struct ifbrparam *param = arg;
979 sc->sc_bridge_priority = param->ifbrp_prio;
981 if (sc->sc_ifp->if_flags & IFF_RUNNING)
982 bstp_initialization(sc);
988 bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
990 struct ifbrparam *param = arg;
992 param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8;
998 bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
1000 struct ifbrparam *param = arg;
1002 if (param->ifbrp_hellotime == 0)
1004 sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8;
1006 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1007 bstp_initialization(sc);
1013 bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
1015 struct ifbrparam *param = arg;
1017 param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8;
1023 bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
1025 struct ifbrparam *param = arg;
1027 if (param->ifbrp_fwddelay == 0)
1029 sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8;
1031 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1032 bstp_initialization(sc);
1038 bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
1040 struct ifbrparam *param = arg;
1042 param->ifbrp_maxage = sc->sc_bridge_max_age >> 8;
1048 bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
1050 struct ifbrparam *param = arg;
1052 if (param->ifbrp_maxage == 0)
1054 sc->sc_bridge_max_age = param->ifbrp_maxage << 8;
1056 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1057 bstp_initialization(sc);
1063 bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
1065 struct ifbreq *req = arg;
1066 struct bridge_iflist *bif;
1068 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1072 bif->bif_priority = req->ifbr_priority;
1074 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1075 bstp_initialization(sc);
1081 bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
1083 struct ifbreq *req = arg;
1084 struct bridge_iflist *bif;
1086 bif = bridge_lookup_member(sc, req->ifbr_ifsname);
1090 bif->bif_path_cost = req->ifbr_path_cost;
1092 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1093 bstp_initialization(sc);
1101 * Detach an interface from a bridge. Called when a member
1102 * interface is detaching.
1105 bridge_ifdetach(struct ifnet *ifp)
1107 struct bridge_softc *sc = ifp->if_bridge;
1110 memset(&breq, 0, sizeof(breq));
1111 snprintf(breq.ifbr_ifsname, sizeof(breq.ifbr_ifsname), ifp->if_xname);
1113 lwkt_serialize_enter(ifp->if_serializer);
1114 bridge_ioctl_del(sc, &breq);
1115 lwkt_serialize_exit(ifp->if_serializer);
1121 * Initialize a bridge interface.
1124 bridge_init(void *xsc)
1126 struct bridge_softc *sc = (struct bridge_softc *)xsc;
1127 struct ifnet *ifp = sc->sc_ifp;
1129 if (ifp->if_flags & IFF_RUNNING)
1132 callout_reset(&sc->sc_brcallout, bridge_rtable_prune_period * hz,
1135 ifp->if_flags |= IFF_RUNNING;
1136 bstp_initialization(sc);
1143 * Stop the bridge interface.
1146 bridge_stop(struct ifnet *ifp, int disable)
1148 struct bridge_softc *sc = ifp->if_softc;
1150 ASSERT_SERIALIZED(ifp->if_serializer);
1152 if ((ifp->if_flags & IFF_RUNNING) == 0)
1155 callout_stop(&sc->sc_brcallout);
1158 bridge_rtflush(sc, IFBF_FLUSHDYN);
1160 ifp->if_flags &= ~IFF_RUNNING;
1166 * Enqueue a packet on a bridge member interface.
1170 bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
1172 struct altq_pktattr pktattr;
1175 * Clear any in-bound checksum flags for this packet.
1177 * XXX this seems to mess up the output packet.
1179 /* m->m_pkthdr.csum_flags = 0;*/
1181 while (m->m_type == MT_TAG) {
1182 /* XXX see ether_output_frame for full rules check */
1186 lwkt_serialize_enter(dst_ifp->if_serializer);
1188 if (ifq_is_enabled(&dst_ifp->if_snd))
1189 altq_etherclassify(&dst_ifp->if_snd, m, &pktattr);
1191 ifq_handoff(dst_ifp, m, &pktattr);
1193 lwkt_serialize_exit(dst_ifp->if_serializer);
1197 * bridge_output_serialized:
1199 * Send output from a bridge member interface. This
1200 * performs the bridging function for locally originated
1203 * The mbuf has the Ethernet header already attached. We must
1204 * enqueue or free the mbuf before returning.
1207 bridge_output_serialized(struct ifnet *ifp, struct mbuf *m,
1208 struct sockaddr *sa, struct rtentry *rt)
1210 struct ether_header *eh;
1211 struct ifnet *dst_if;
1212 struct bridge_softc *sc;
1214 sc = ifp->if_bridge;
1216 ASSERT_SERIALIZED(ifp->if_serializer);
1218 if (m->m_len < ETHER_HDR_LEN) {
1219 m = m_pullup(m, ETHER_HDR_LEN);
1225 * Serialize our bridge interface. We have to get rid of the
1226 * originating interface lock to avoid a deadlock.
1228 lwkt_serialize_exit(ifp->if_serializer);
1229 lwkt_serialize_enter(sc->sc_ifp->if_serializer);
1231 eh = mtod(m, struct ether_header *);
1234 * If bridge is down, but the original output interface is up,
1235 * go ahead and send out that interface. Otherwise, the packet
1238 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0) {
1244 * If the packet is a multicast, or we don't know a better way to
1245 * get there, send to all interfaces.
1247 if (ETHER_IS_MULTICAST(eh->ether_dhost))
1250 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1251 if (dst_if == NULL) {
1252 struct bridge_iflist *bif;
1256 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1257 dst_if = bif->bif_ifp;
1258 if ((dst_if->if_flags & IFF_RUNNING) == 0)
1262 * If this is not the original output interface,
1263 * and the interface is participating in spanning
1264 * tree, make sure the port is in a state that
1265 * allows forwarding.
1267 if (dst_if != ifp &&
1268 (bif->bif_flags & IFBIF_STP) != 0) {
1269 switch (bif->bif_state) {
1270 case BSTP_IFSTATE_BLOCKING:
1271 case BSTP_IFSTATE_LISTENING:
1272 case BSTP_IFSTATE_DISABLED:
1277 if (LIST_NEXT(bif, bif_next) == NULL) {
1281 mc = m_copypacket(m, MB_DONTWAIT);
1283 sc->sc_ifp->if_oerrors++;
1287 lwkt_serialize_exit(sc->sc_ifp->if_serializer);
1288 bridge_enqueue(sc, dst_if, mc);
1289 lwkt_serialize_enter(sc->sc_ifp->if_serializer);
1293 lwkt_serialize_exit(sc->sc_ifp->if_serializer);
1299 * XXX Spanning tree consideration here?
1302 lwkt_serialize_exit(sc->sc_ifp->if_serializer);
1303 if ((dst_if->if_flags & IFF_RUNNING) == 0) {
1306 bridge_enqueue(sc, dst_if, m);
1309 lwkt_serialize_enter(ifp->if_serializer);
1316 * Start output on a bridge.
1320 bridge_start(struct ifnet *ifp)
1322 struct bridge_softc *sc;
1324 struct ether_header *eh;
1325 struct ifnet *dst_if;
1329 ifp->if_flags |= IFF_OACTIVE;
1331 m = ifq_dequeue(&ifp->if_snd, NULL);
1337 eh = mtod(m, struct ether_header *);
1340 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1341 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1345 bridge_broadcast(sc, ifp, m, 0);
1347 bridge_enqueue(sc, dst_if, m);
1349 ifp->if_flags &= ~IFF_OACTIVE;
1357 * The forwarding function of the bridge.
1360 bridge_forward(struct bridge_softc *sc, struct mbuf *m)
1362 struct bridge_iflist *bif;
1363 struct ifnet *src_if, *dst_if, *ifp;
1364 struct ether_header *eh;
1366 src_if = m->m_pkthdr.rcvif;
1369 ASSERT_SERIALIZED(ifp->if_serializer);
1371 sc->sc_ifp->if_ipackets++;
1372 sc->sc_ifp->if_ibytes += m->m_pkthdr.len;
1375 * Look up the bridge_iflist.
1377 bif = bridge_lookup_member_if(sc, src_if);
1379 /* Interface is not a bridge member (anymore?) */
1384 if (bif->bif_flags & IFBIF_STP) {
1385 switch (bif->bif_state) {
1386 case BSTP_IFSTATE_BLOCKING:
1387 case BSTP_IFSTATE_LISTENING:
1388 case BSTP_IFSTATE_DISABLED:
1394 eh = mtod(m, struct ether_header *);
1397 * Various ifp's are used below, release the serializer for
1398 * the bridge ifp so other ifp serializers can be acquired.
1400 lwkt_serialize_exit(ifp->if_serializer);
1403 * If the interface is learning, and the source
1404 * address is valid and not multicast, record
1407 if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
1408 ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
1409 (eh->ether_shost[0] == 0 &&
1410 eh->ether_shost[1] == 0 &&
1411 eh->ether_shost[2] == 0 &&
1412 eh->ether_shost[3] == 0 &&
1413 eh->ether_shost[4] == 0 &&
1414 eh->ether_shost[5] == 0) == 0) {
1415 bridge_rtupdate(sc, eh->ether_shost, src_if, 0, IFBAF_DYNAMIC);
1418 if ((bif->bif_flags & IFBIF_STP) != 0 &&
1419 bif->bif_state == BSTP_IFSTATE_LEARNING) {
1425 * At this point, the port either doesn't participate
1426 * in spanning tree or it is in the forwarding state.
1430 * If the packet is unicast, destined for someone on
1431 * "this" side of the bridge, drop it.
1433 if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
1434 dst_if = bridge_rtlookup(sc, eh->ether_dhost);
1435 if (src_if == dst_if) {
1440 /* ...forward it to all interfaces. */
1441 sc->sc_ifp->if_imcasts++;
1445 /* run the packet filter */
1446 if (inet_pfil_hook.ph_hashooks > 0
1448 || inet6_pfil_hook.ph_hashooks > 0
1451 if (bridge_pfil(&m, ifp, src_if, PFIL_IN) != 0)
1457 if (dst_if == NULL) {
1458 bridge_broadcast(sc, src_if, m, 1);
1463 * At this point, we're dealing with a unicast frame
1464 * going to a different interface.
1466 if ((dst_if->if_flags & IFF_RUNNING) == 0) {
1470 bif = bridge_lookup_member_if(sc, dst_if);
1472 /* Not a member of the bridge (anymore?) */
1477 if (bif->bif_flags & IFBIF_STP) {
1478 switch (bif->bif_state) {
1479 case BSTP_IFSTATE_DISABLED:
1480 case BSTP_IFSTATE_BLOCKING:
1486 if (inet_pfil_hook.ph_hashooks > 0
1488 || inet6_pfil_hook.ph_hashooks > 0
1491 if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
1496 bridge_enqueue(sc, dst_if, m);
1499 * ifp's serializer was held on entry and is expected to be held
1503 lwkt_serialize_enter(ifp->if_serializer);
1509 * Receive input from a member interface. Queue the packet for
1510 * bridging if it is not for us.
1513 bridge_input(struct ifnet *ifp, struct mbuf *m)
1515 struct bridge_softc *sc = ifp->if_bridge;
1516 struct bridge_iflist *bif;
1518 struct ether_header *eh;
1519 struct mbuf *mc, *mc2;
1522 lwkt_serialize_enter(bifp->if_serializer);
1524 if ((sc->sc_ifp->if_flags & IFF_RUNNING) == 0)
1527 bif = bridge_lookup_member_if(sc, ifp);
1531 eh = mtod(m, struct ether_header *);
1533 m->m_flags &= ~M_PROTO1; /* XXX Hack - loop prevention */
1536 * Tap all packets arriving on the bridge, no matter if
1537 * they are local destinations or not. In is in.
1541 #define IFP2AC(ifp) ((struct arpcom *)(ifp))
1542 #define IFP2ENADDR(ifp) (IFP2AC(ifp)->ac_enaddr)
1543 if (memcmp(eh->ether_dhost, IFP2ENADDR(bifp),
1544 ETHER_ADDR_LEN) == 0) {
1546 * If the packet is for us, set the packets source as the
1547 * bridge, and return the packet back to ether_input for
1551 /* Mark the packet as arriving on the bridge interface */
1552 m->m_pkthdr.rcvif = bifp;
1553 bifp->if_ipackets++;
1558 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
1559 /* Tap off 802.1D packets; they do not get forwarded. */
1560 if (memcmp(eh->ether_dhost, bstp_etheraddr,
1561 ETHER_ADDR_LEN) == 0) {
1562 m = bstp_input(ifp, m);
1567 if (bif->bif_flags & IFBIF_STP) {
1568 switch (bif->bif_state) {
1569 case BSTP_IFSTATE_BLOCKING:
1570 case BSTP_IFSTATE_LISTENING:
1571 case BSTP_IFSTATE_DISABLED:
1576 if (bcmp(etherbroadcastaddr, eh->ether_dhost,
1577 sizeof(etherbroadcastaddr)) == 0)
1578 m->m_flags |= M_BCAST;
1580 m->m_flags |= M_MCAST;
1583 * Make a deep copy of the packet and enqueue the copy
1584 * for bridge processing; return the original packet for
1587 mc = m_dup(m, MB_DONTWAIT);
1591 bridge_forward(sc, mc);
1594 * Reinject the mbuf as arriving on the bridge so we have a
1595 * chance at claiming multicast packets. We can not loop back
1596 * here from ether_input as a bridge is never a member of a
1599 KASSERT(bifp->if_bridge == NULL,
1600 ("loop created in bridge_input"));
1601 mc2 = m_copypacket(m, MB_DONTWAIT);
1603 mc2->m_pkthdr.rcvif = bifp;
1604 (*bifp->if_input)(bifp, mc2);
1607 /* Return the original packet for local processing. */
1611 if (bif->bif_flags & IFBIF_STP) {
1612 switch (bif->bif_state) {
1613 case BSTP_IFSTATE_BLOCKING:
1614 case BSTP_IFSTATE_LISTENING:
1615 case BSTP_IFSTATE_DISABLED:
1621 * Unicast. Make sure it's not for us.
1623 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1624 if (bif->bif_ifp->if_type != IFT_ETHER)
1626 /* It is destined for us. */
1627 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_dhost,
1628 ETHER_ADDR_LEN) == 0) {
1629 if (bif->bif_flags & IFBIF_LEARNING)
1631 eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
1632 m->m_pkthdr.rcvif = bif->bif_ifp;
1633 if (ifp->if_type == IFT_GIF) {
1634 m->m_flags |= M_PROTO1;
1636 * Avoid an interface ordering deadlock.
1638 lwkt_serialize_exit(bifp->if_serializer);
1639 lwkt_serialize_enter(bif->bif_ifp->if_serializer);
1640 (*bif->bif_ifp->if_input)(bif->bif_ifp, m);
1641 lwkt_serialize_exit(bif->bif_ifp->if_serializer);
1642 lwkt_serialize_enter(bifp->if_serializer);
1648 /* We just received a packet that we sent out. */
1649 if (memcmp(IF_LLADDR(bif->bif_ifp), eh->ether_shost,
1650 ETHER_ADDR_LEN) == 0) {
1657 /* Perform the bridge forwarding function. */
1658 bridge_forward(sc, m);
1662 lwkt_serialize_exit(bifp->if_serializer);
1669 * Send a frame to all interfaces that are members of
1670 * the bridge, except for the one on which the packet
1674 bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
1675 struct mbuf *m, int runfilt)
1677 struct bridge_iflist *bif;
1679 struct ifnet *dst_if;
1682 /* Filter on the bridge interface before broadcasting */
1683 if (runfilt && (inet_pfil_hook.ph_hashooks > 0
1685 || inet6_pfil_hook.ph_hashooks > 0
1688 if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
1694 LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
1695 dst_if = bif->bif_ifp;
1696 if (dst_if == src_if)
1699 if (bif->bif_flags & IFBIF_STP) {
1700 switch (bif->bif_state) {
1701 case BSTP_IFSTATE_BLOCKING:
1702 case BSTP_IFSTATE_DISABLED:
1707 if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
1708 (m->m_flags & (M_BCAST|M_MCAST)) == 0)
1711 if ((dst_if->if_flags & IFF_RUNNING) == 0)
1714 if (LIST_NEXT(bif, bif_next) == NULL) {
1718 mc = m_copypacket(m, MB_DONTWAIT);
1720 sc->sc_ifp->if_oerrors++;
1726 * Filter on the output interface. Pass a NULL bridge interface
1727 * pointer so we do not redundantly filter on the bridge for
1728 * each interface we broadcast on.
1730 if (runfilt && (inet_pfil_hook.ph_hashooks > 0
1732 || inet6_pfil_hook.ph_hashooks > 0
1735 if (bridge_pfil(&m, NULL, dst_if, PFIL_OUT) != 0)
1741 bridge_enqueue(sc, dst_if, mc);
1750 * Add a bridge routing entry.
1753 bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
1754 struct ifnet *dst_if, int setflags, uint8_t flags)
1756 struct bridge_rtnode *brt;
1760 * A route for this destination might already exist. If so,
1761 * update it, otherwise create a new one.
1763 if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
1764 if (sc->sc_brtcnt >= sc->sc_brtmax)
1768 * Allocate a new bridge forwarding node, and
1769 * initialize the expiration time and Ethernet
1772 brt = malloc(sizeof(struct bridge_rtnode), M_DEVBUF, M_NOWAIT|M_ZERO);
1776 brt->brt_expire = time_second + sc->sc_brttimeout;
1777 brt->brt_flags = IFBAF_DYNAMIC;
1778 memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
1780 if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
1781 free(brt, M_DEVBUF);
1786 brt->brt_ifp = dst_if;
1788 brt->brt_flags = flags;
1789 brt->brt_expire = (flags & IFBAF_STATIC) ? 0 :
1790 time_second + sc->sc_brttimeout;
1799 * Lookup the destination interface for an address.
1802 bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
1804 struct bridge_rtnode *brt;
1806 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
1809 return (brt->brt_ifp);
1815 * Trim the routine table so that we have a number
1816 * of routing entries less than or equal to the
1820 bridge_rttrim(struct bridge_softc *sc)
1822 struct bridge_rtnode *brt, *nbrt;
1824 /* Make sure we actually need to do this. */
1825 if (sc->sc_brtcnt <= sc->sc_brtmax)
1828 /* Force an aging cycle; this might trim enough addresses. */
1830 if (sc->sc_brtcnt <= sc->sc_brtmax)
1833 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
1834 nbrt = LIST_NEXT(brt, brt_list);
1835 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
1836 bridge_rtnode_destroy(sc, brt);
1837 if (sc->sc_brtcnt <= sc->sc_brtmax)
1846 * Aging timer for the bridge.
1849 bridge_timer(void *arg)
1851 struct bridge_softc *sc = arg;
1853 lwkt_serialize_enter(sc->sc_ifp->if_serializer);
1857 if (sc->sc_ifp->if_flags & IFF_RUNNING)
1858 callout_reset(&sc->sc_brcallout,
1859 bridge_rtable_prune_period * hz, bridge_timer, sc);
1861 lwkt_serialize_exit(sc->sc_ifp->if_serializer);
1867 * Perform an aging cycle.
1870 bridge_rtage(struct bridge_softc *sc)
1872 struct bridge_rtnode *brt, *nbrt;
1874 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
1875 nbrt = LIST_NEXT(brt, brt_list);
1876 if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
1877 if (time_second >= brt->brt_expire)
1878 bridge_rtnode_destroy(sc, brt);
1886 * Remove all dynamic addresses from the bridge.
1889 bridge_rtflush(struct bridge_softc *sc, int full)
1891 struct bridge_rtnode *brt, *nbrt;
1893 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
1894 nbrt = LIST_NEXT(brt, brt_list);
1895 if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
1896 bridge_rtnode_destroy(sc, brt);
1903 * Remove an address from the table.
1906 bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
1908 struct bridge_rtnode *brt;
1910 if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
1913 bridge_rtnode_destroy(sc, brt);
1920 * Delete routes to a speicifc member interface.
1923 bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
1925 struct bridge_rtnode *brt, *nbrt;
1927 for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
1928 nbrt = LIST_NEXT(brt, brt_list);
1929 if (brt->brt_ifp == ifp && (full ||
1930 (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
1931 bridge_rtnode_destroy(sc, brt);
1936 * bridge_rtable_init:
1938 * Initialize the route table for this bridge.
1941 bridge_rtable_init(struct bridge_softc *sc)
1945 sc->sc_rthash = malloc(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
1946 M_DEVBUF, M_NOWAIT);
1947 if (sc->sc_rthash == NULL)
1950 for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
1951 LIST_INIT(&sc->sc_rthash[i]);
1953 sc->sc_rthash_key = arc4random();
1955 LIST_INIT(&sc->sc_rtlist);
1961 * bridge_rtable_fini:
1963 * Deconstruct the route table for this bridge.
1966 bridge_rtable_fini(struct bridge_softc *sc)
1969 free(sc->sc_rthash, M_DEVBUF);
1973 * The following hash function is adapted from "Hash Functions" by Bob Jenkins
1974 * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
1976 #define mix(a, b, c) \
1978 a -= b; a -= c; a ^= (c >> 13); \
1979 b -= c; b -= a; b ^= (a << 8); \
1980 c -= a; c -= b; c ^= (b >> 13); \
1981 a -= b; a -= c; a ^= (c >> 12); \
1982 b -= c; b -= a; b ^= (a << 16); \
1983 c -= a; c -= b; c ^= (b >> 5); \
1984 a -= b; a -= c; a ^= (c >> 3); \
1985 b -= c; b -= a; b ^= (a << 10); \
1986 c -= a; c -= b; c ^= (b >> 15); \
1987 } while (/*CONSTCOND*/0)
1989 static __inline uint32_t
1990 bridge_rthash(struct bridge_softc *sc, const uint8_t *addr)
1992 uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
2003 return (c & BRIDGE_RTHASH_MASK);
2009 * bridge_rtnode_lookup:
2011 * Look up a bridge route node for the specified destination.
2013 struct bridge_rtnode *
2014 bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
2016 struct bridge_rtnode *brt;
2020 hash = bridge_rthash(sc, addr);
2021 LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
2022 dir = memcmp(addr, brt->brt_addr, ETHER_ADDR_LEN);
2033 * bridge_rtnode_insert:
2035 * Insert the specified bridge node into the route table. We
2036 * assume the entry is not already in the table.
2039 bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
2041 struct bridge_rtnode *lbrt;
2045 hash = bridge_rthash(sc, brt->brt_addr);
2047 lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
2049 LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
2054 dir = memcmp(brt->brt_addr, lbrt->brt_addr, ETHER_ADDR_LEN);
2058 LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
2061 if (LIST_NEXT(lbrt, brt_hash) == NULL) {
2062 LIST_INSERT_AFTER(lbrt, brt, brt_hash);
2065 lbrt = LIST_NEXT(lbrt, brt_hash);
2066 } while (lbrt != NULL);
2069 panic("bridge_rtnode_insert: impossible");
2073 LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
2080 * bridge_rtnode_destroy:
2082 * Destroy a bridge rtnode.
2085 bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
2088 LIST_REMOVE(brt, brt_hash);
2090 LIST_REMOVE(brt, brt_list);
2092 free(brt, M_DEVBUF);
2096 * Send bridge packets through pfil if they are one of the types pfil can deal
2097 * with, or if they are ARP or REVARP. (pfil will pass ARP and REVARP without
2098 * question.) If *bifp or *ifp are NULL then packet filtering is skipped for
2102 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
2105 struct ether_header *eh1, eh2;
2108 u_int16_t ether_type;
2111 error = -1; /* Default error if not error == 0 */
2113 i = min((*mp)->m_pkthdr.len, max_protohdr);
2114 if ((*mp)->m_len < i) {
2115 *mp = m_pullup(*mp, i);
2117 printf("%s: m_pullup failed\n", __func__);
2122 eh1 = mtod(*mp, struct ether_header *);
2123 ether_type = ntohs(eh1->ether_type);
2126 * Check for SNAP/LLC.
2128 if (ether_type < ETHERMTU) {
2129 struct llc *llc2 = (struct llc *)(eh1 + 1);
2131 if ((*mp)->m_len >= ETHER_HDR_LEN + 8 &&
2132 llc2->llc_dsap == LLC_SNAP_LSAP &&
2133 llc2->llc_ssap == LLC_SNAP_LSAP &&
2134 llc2->llc_control == LLC_UI) {
2135 ether_type = htons(llc2->llc_un.type_snap.ether_type);
2141 * If we're trying to filter bridge traffic, don't look at anything
2142 * other than IP and ARP traffic. If the filter doesn't understand
2143 * IPv6, don't allow IPv6 through the bridge either. This is lame
2144 * since if we really wanted, say, an AppleTalk filter, we are hosed,
2145 * but of course we don't have an AppleTalk filter to begin with.
2146 * (Note that since pfil doesn't understand ARP it will pass *ALL*
2149 switch (ether_type) {
2151 case ETHERTYPE_REVARP:
2152 return 0; /* Automatically pass */
2155 case ETHERTYPE_IPV6:
2162 /* Strip off the Ethernet header and keep a copy. */
2163 m_copydata(*mp, 0, ETHER_HDR_LEN, (caddr_t) &eh2);
2164 m_adj(*mp, ETHER_HDR_LEN);
2166 /* Strip off snap header, if present */
2168 m_copydata(*mp, 0, sizeof(struct llc), (caddr_t) &llc1);
2169 m_adj(*mp, sizeof(struct llc));
2173 * Check the IP header for alignment and errors
2175 if (dir == PFIL_IN) {
2176 switch (ether_type) {
2178 error = bridge_ip_checkbasic(mp);
2181 case ETHERTYPE_IPV6:
2182 error = bridge_ip6_checkbasic(mp);
2195 * Run the packet through pfil
2201 * before calling the firewall, swap fields the same as
2202 * IP does. here we assume the header is contiguous
2204 ip = mtod(*mp, struct ip *);
2206 ip->ip_len = ntohs(ip->ip_len);
2207 ip->ip_off = ntohs(ip->ip_off);
2210 * Run pfil on the member interface and the bridge, both can
2211 * be skipped by clearing pfil_member or pfil_bridge.
2214 * in_if -> bridge_if -> out_if
2216 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2217 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2220 if (*mp == NULL || error != 0) /* filter may consume */
2223 if (pfil_member && ifp != NULL)
2224 error = pfil_run_hooks(&inet_pfil_hook, mp, ifp,
2227 if (*mp == NULL || error != 0) /* filter may consume */
2230 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2231 error = pfil_run_hooks(&inet_pfil_hook, mp, bifp,
2234 /* Restore ip and the fields ntohs()'d. */
2235 if (*mp != NULL && error == 0) {
2236 ip = mtod(*mp, struct ip *);
2237 ip->ip_len = htons(ip->ip_len);
2238 ip->ip_off = htons(ip->ip_off);
2243 case ETHERTYPE_IPV6 :
2244 if (pfil_bridge && dir == PFIL_OUT && bifp != NULL)
2245 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2248 if (*mp == NULL || error != 0) /* filter may consume */
2251 if (pfil_member && ifp != NULL)
2252 error = pfil_run_hooks(&inet6_pfil_hook, mp, ifp,
2255 if (*mp == NULL || error != 0) /* filter may consume */
2258 if (pfil_bridge && dir == PFIL_IN && bifp != NULL)
2259 error = pfil_run_hooks(&inet6_pfil_hook, mp, bifp,
2276 * Finally, put everything back the way it was and return
2279 M_PREPEND(*mp, sizeof(struct llc), MB_DONTWAIT);
2282 bcopy(&llc1, mtod(*mp, caddr_t), sizeof(struct llc));
2285 M_PREPEND(*mp, ETHER_HDR_LEN, MB_DONTWAIT);
2288 bcopy(&eh2, mtod(*mp, caddr_t), ETHER_HDR_LEN);
2299 * Perform basic checks on header size since
2300 * pfil assumes ip_input has already processed
2301 * it for it. Cut-and-pasted from ip_input.c.
2302 * Given how simple the IPv6 version is,
2303 * does the IPv4 version really need to be
2306 * XXX Should we update ipstat here, or not?
2307 * XXX Right now we update ipstat but not
2311 bridge_ip_checkbasic(struct mbuf **mp)
2313 struct mbuf *m = *mp;
2321 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2322 if ((m = m_copyup(m, sizeof(struct ip),
2323 (max_linkhdr + 3) & ~3)) == NULL) {
2324 /* XXXJRT new stat, please */
2325 ipstat.ips_toosmall++;
2330 #ifndef __predict_false
2331 #define __predict_false(x) x
2333 if (__predict_false(m->m_len < sizeof (struct ip))) {
2334 if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
2335 ipstat.ips_toosmall++;
2339 ip = mtod(m, struct ip *);
2340 if (ip == NULL) goto bad;
2342 if (ip->ip_v != IPVERSION) {
2343 ipstat.ips_badvers++;
2346 hlen = ip->ip_hl << 2;
2347 if (hlen < sizeof(struct ip)) { /* minimum header length */
2348 ipstat.ips_badhlen++;
2351 if (hlen > m->m_len) {
2352 if ((m = m_pullup(m, hlen)) == 0) {
2353 ipstat.ips_badhlen++;
2356 ip = mtod(m, struct ip *);
2357 if (ip == NULL) goto bad;
2360 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
2361 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
2363 if (hlen == sizeof(struct ip)) {
2364 sum = in_cksum_hdr(ip);
2366 sum = in_cksum(m, hlen);
2370 ipstat.ips_badsum++;
2374 /* Retrieve the packet length. */
2375 len = ntohs(ip->ip_len);
2378 * Check for additional length bogosity
2381 ipstat.ips_badlen++;
2386 * Check that the amount of data in the buffers
2387 * is as at least much as the IP header would have us expect.
2388 * Drop packet if shorter than we expect.
2390 if (m->m_pkthdr.len < len) {
2391 ipstat.ips_tooshort++;
2395 /* Checks out, proceed */
2406 * Same as above, but for IPv6.
2407 * Cut-and-pasted from ip6_input.c.
2408 * XXX Should we update ip6stat, or not?
2411 bridge_ip6_checkbasic(struct mbuf **mp)
2413 struct mbuf *m = *mp;
2414 struct ip6_hdr *ip6;
2417 * If the IPv6 header is not aligned, slurp it up into a new
2418 * mbuf with space for link headers, in the event we forward
2419 * it. Otherwise, if it is aligned, make sure the entire base
2420 * IPv6 header is in the first mbuf of the chain.
2423 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
2424 struct ifnet *inifp = m->m_pkthdr.rcvif;
2425 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
2426 (max_linkhdr + 3) & ~3)) == NULL) {
2427 /* XXXJRT new stat, please */
2428 ip6stat.ip6s_toosmall++;
2429 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
2434 if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
2435 struct ifnet *inifp = m->m_pkthdr.rcvif;
2436 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
2437 ip6stat.ip6s_toosmall++;
2438 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
2443 ip6 = mtod(m, struct ip6_hdr *);
2445 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
2446 ip6stat.ip6s_badvers++;
2447 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
2451 /* Checks out, proceed */
projects / dragonfly.git / blob