2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1989, 1993
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "opt_inet6.h"
34 #include "opt_netgraph.h"
35 #include "opt_mbuf_profiling.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/devctl.h>
41 #include <sys/eventhandler.h>
43 #include <sys/kernel.h>
45 #include <sys/malloc.h>
47 #include <sys/module.h>
51 #include <sys/random.h>
52 #include <sys/socket.h>
53 #include <sys/sockio.h>
54 #include <sys/sysctl.h>
60 #include <net/ieee_oui.h>
62 #include <net/if_var.h>
63 #include <net/if_private.h>
64 #include <net/if_arp.h>
65 #include <net/netisr.h>
66 #include <net/route.h>
67 #include <net/if_llc.h>
68 #include <net/if_dl.h>
69 #include <net/if_types.h>
71 #include <net/ethernet.h>
72 #include <net/if_bridgevar.h>
73 #include <net/if_vlan_var.h>
74 #include <net/if_llatbl.h>
76 #include <net/rss_config.h>
79 #include <netpfil/pf/pf_mtag.h>
81 #if defined(INET) || defined(INET6)
82 #include <netinet/in.h>
83 #include <netinet/in_var.h>
84 #include <netinet/if_ether.h>
85 #include <netinet/ip_carp.h>
86 #include <netinet/ip_var.h>
89 #include <netinet6/nd6.h>
91 #include <security/mac/mac_framework.h>
93 #include <crypto/sha1.h>
96 CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2);
97 CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN);
100 VNET_DEFINE(pfil_head_t, link_pfil_head); /* Packet filter hooks */
102 /* netgraph node hooks for ng_ether(4) */
103 void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp);
104 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m);
105 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp);
106 void (*ng_ether_attach_p)(struct ifnet *ifp);
107 void (*ng_ether_detach_p)(struct ifnet *ifp);
109 void (*vlan_input_p)(struct ifnet *, struct mbuf *);
111 /* if_bridge(4) support */
112 void (*bridge_dn_p)(struct mbuf *, struct ifnet *);
114 /* if_lagg(4) support */
115 struct mbuf *(*lagg_input_ethernet_p)(struct ifnet *, struct mbuf *);
117 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
118 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
120 static int ether_resolvemulti(struct ifnet *, struct sockaddr **,
122 static int ether_requestencap(struct ifnet *, struct if_encap_req *);
124 static inline bool ether_do_pcp(struct ifnet *, struct mbuf *);
126 #define senderr(e) do { error = (e); goto bad;} while (0)
129 update_mbuf_csumflags(struct mbuf *src, struct mbuf *dst)
133 if (src->m_pkthdr.csum_flags & CSUM_IP)
134 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID);
135 if (src->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
136 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR);
137 if (src->m_pkthdr.csum_flags & CSUM_SCTP)
138 csum_flags |= CSUM_SCTP_VALID;
139 dst->m_pkthdr.csum_flags |= csum_flags;
140 if (csum_flags & CSUM_DATA_VALID)
141 dst->m_pkthdr.csum_data = 0xffff;
145 * Handle link-layer encapsulation requests.
148 ether_requestencap(struct ifnet *ifp, struct if_encap_req *req)
150 struct ether_header *eh;
153 const u_char *lladdr;
155 if (req->rtype != IFENCAP_LL)
158 if (req->bufsize < ETHER_HDR_LEN)
161 eh = (struct ether_header *)req->buf;
162 lladdr = req->lladdr;
165 switch (req->family) {
167 etype = htons(ETHERTYPE_IP);
170 etype = htons(ETHERTYPE_IPV6);
173 ah = (struct arphdr *)req->hdata;
174 ah->ar_hrd = htons(ARPHRD_ETHER);
176 switch(ntohs(ah->ar_op)) {
177 case ARPOP_REVREQUEST:
179 etype = htons(ETHERTYPE_REVARP);
184 etype = htons(ETHERTYPE_ARP);
188 if (req->flags & IFENCAP_FLAG_BROADCAST)
189 lladdr = ifp->if_broadcastaddr;
192 return (EAFNOSUPPORT);
195 memcpy(&eh->ether_type, &etype, sizeof(eh->ether_type));
196 memcpy(eh->ether_dhost, lladdr, ETHER_ADDR_LEN);
197 memcpy(eh->ether_shost, IF_LLADDR(ifp), ETHER_ADDR_LEN);
198 req->bufsize = sizeof(struct ether_header);
204 ether_resolve_addr(struct ifnet *ifp, struct mbuf *m,
205 const struct sockaddr *dst, struct route *ro, u_char *phdr,
206 uint32_t *pflags, struct llentry **plle)
208 uint32_t lleflags = 0;
210 #if defined(INET) || defined(INET6)
211 struct ether_header *eh = (struct ether_header *)phdr;
218 switch (dst->sa_family) {
221 if ((m->m_flags & (M_BCAST | M_MCAST)) == 0)
222 error = arpresolve(ifp, 0, m, dst, phdr, &lleflags,
225 if (m->m_flags & M_BCAST)
226 memcpy(eh->ether_dhost, ifp->if_broadcastaddr,
229 const struct in_addr *a;
230 a = &(((const struct sockaddr_in *)dst)->sin_addr);
231 ETHER_MAP_IP_MULTICAST(a, eh->ether_dhost);
233 etype = htons(ETHERTYPE_IP);
234 memcpy(&eh->ether_type, &etype, sizeof(etype));
235 memcpy(eh->ether_shost, IF_LLADDR(ifp), ETHER_ADDR_LEN);
241 if ((m->m_flags & M_MCAST) == 0) {
242 int af = RO_GET_FAMILY(ro, dst);
243 error = nd6_resolve(ifp, LLE_SF(af, 0), m, dst, phdr,
246 const struct in6_addr *a6;
247 a6 = &(((const struct sockaddr_in6 *)dst)->sin6_addr);
248 ETHER_MAP_IPV6_MULTICAST(a6, eh->ether_dhost);
249 etype = htons(ETHERTYPE_IPV6);
250 memcpy(&eh->ether_type, &etype, sizeof(etype));
251 memcpy(eh->ether_shost, IF_LLADDR(ifp), ETHER_ADDR_LEN);
256 if_printf(ifp, "can't handle af%d\n", dst->sa_family);
259 return (EAFNOSUPPORT);
262 if (error == EHOSTDOWN) {
263 if (ro != NULL && (ro->ro_flags & RT_HAS_GW) != 0)
264 error = EHOSTUNREACH;
270 *pflags = RT_MAY_LOOP;
271 if (lleflags & LLE_IFADDR)
278 * Ethernet output routine.
279 * Encapsulate a packet of type family for the local net.
280 * Use trailer local net encapsulation if enough data in first
281 * packet leaves a multiple of 512 bytes of data in remainder.
284 ether_output(struct ifnet *ifp, struct mbuf *m,
285 const struct sockaddr *dst, struct route *ro)
288 char linkhdr[ETHER_HDR_LEN], *phdr;
289 struct ether_header *eh;
292 int hlen; /* link layer header length */
294 struct llentry *lle = NULL;
300 /* XXX BPF uses ro_prepend */
301 if (ro->ro_prepend != NULL) {
302 phdr = ro->ro_prepend;
304 } else if (!(m->m_flags & (M_BCAST | M_MCAST))) {
305 if ((ro->ro_flags & RT_LLE_CACHE) != 0) {
308 (lle->la_flags & LLE_VALID) == 0) {
310 lle = NULL; /* redundant */
314 /* if we lookup, keep cache */
318 * Notify LLE code that
322 llentry_provide_feedback(lle);
325 phdr = lle->r_linkdata;
326 hlen = lle->r_hdrlen;
327 pflags = lle->r_flags;
333 error = mac_ifnet_check_transmit(ifp, m);
339 if (ifp->if_flags & IFF_MONITOR)
341 if (!((ifp->if_flags & IFF_UP) &&
342 (ifp->if_drv_flags & IFF_DRV_RUNNING)))
346 /* No prepend data supplied. Try to calculate ourselves. */
348 hlen = ETHER_HDR_LEN;
349 error = ether_resolve_addr(ifp, m, dst, ro, phdr, &pflags,
350 addref ? &lle : NULL);
351 if (addref && lle != NULL)
354 return (error == EWOULDBLOCK ? 0 : error);
357 if ((pflags & RT_L2_ME) != 0) {
358 update_mbuf_csumflags(m, m);
359 return (if_simloop(ifp, m, RO_GET_FAMILY(ro, dst), 0));
361 loop_copy = (pflags & RT_MAY_LOOP) != 0;
364 * Add local net header. If no space in first mbuf,
367 * Note that we do prepend regardless of RT_HAS_HEADER flag.
368 * This is done because BPF code shifts m_data pointer
369 * to the end of ethernet header prior to calling if_output().
371 M_PREPEND(m, hlen, M_NOWAIT);
374 if ((pflags & RT_HAS_HEADER) == 0) {
375 eh = mtod(m, struct ether_header *);
376 memcpy(eh, phdr, hlen);
380 * If a simplex interface, and the packet is being sent to our
381 * Ethernet address or a broadcast address, loopback a copy.
382 * XXX To make a simplex device behave exactly like a duplex
383 * device, we should copy in the case of sending to our own
384 * ethernet address (thus letting the original actually appear
385 * on the wire). However, we don't do that here for security
386 * reasons and compatibility with the original behavior.
388 if ((m->m_flags & M_BCAST) && loop_copy && (ifp->if_flags & IFF_SIMPLEX) &&
389 ((t = pf_find_mtag(m)) == NULL || !t->routed)) {
393 * Because if_simloop() modifies the packet, we need a
394 * writable copy through m_dup() instead of a readonly
395 * one as m_copy[m] would give us. The alternative would
396 * be to modify if_simloop() to handle the readonly mbuf,
397 * but performancewise it is mostly equivalent (trading
398 * extra data copying vs. extra locking).
400 * XXX This is a local workaround. A number of less
401 * often used kernel parts suffer from the same bug.
402 * See PR kern/105943 for a proposed general solution.
404 if ((n = m_dup(m, M_NOWAIT)) != NULL) {
405 update_mbuf_csumflags(m, n);
406 (void)if_simloop(ifp, n, RO_GET_FAMILY(ro, dst), hlen);
408 if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1);
412 * Bridges require special output handling.
414 if (ifp->if_bridge) {
415 BRIDGE_OUTPUT(ifp, m, error);
419 #if defined(INET) || defined(INET6)
421 (error = (*carp_output_p)(ifp, m, dst)))
425 /* Handle ng_ether(4) processing, if any */
426 if (ifp->if_l2com != NULL) {
427 KASSERT(ng_ether_output_p != NULL,
428 ("ng_ether_output_p is NULL"));
429 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) {
438 /* Continue with link-layer output */
439 return ether_output_frame(ifp, m);
443 ether_set_pcp(struct mbuf **mp, struct ifnet *ifp, uint8_t pcp)
445 struct ether_8021q_tag qtag;
446 struct ether_header *eh;
448 eh = mtod(*mp, struct ether_header *);
449 if (eh->ether_type == htons(ETHERTYPE_VLAN) ||
450 eh->ether_type == htons(ETHERTYPE_QINQ)) {
451 (*mp)->m_flags &= ~M_VLANTAG;
457 qtag.proto = ETHERTYPE_VLAN;
458 if (ether_8021q_frame(mp, ifp, ifp, &qtag))
460 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
465 * Ethernet link layer output routine to send a raw frame to the device.
467 * This assumes that the 14 byte Ethernet header is present and contiguous
468 * in the first mbuf (if BRIDGE'ing).
471 ether_output_frame(struct ifnet *ifp, struct mbuf *m)
473 if (ether_do_pcp(ifp, m) && !ether_set_pcp(&m, ifp, ifp->if_pcp))
476 if (PFIL_HOOKED_OUT(V_link_pfil_head))
477 switch (pfil_mbuf_out(V_link_pfil_head, &m, ifp, NULL)) {
485 #if defined(INET6) && defined(INET)
486 /* draft-ietf-6man-ipv6only-flag */
487 /* Catch ETHERTYPE_IP, and ETHERTYPE_[REV]ARP if we are v6-only. */
488 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IPV6_ONLY_MASK) != 0) {
489 struct ether_header *eh;
491 eh = mtod(m, struct ether_header *);
492 switch (ntohs(eh->ether_type)) {
495 case ETHERTYPE_REVARP:
497 return (EAFNOSUPPORT);
506 * Queue message on interface, update output statistics if successful,
507 * and start output if interface not yet active.
509 * If KMSAN is enabled, use it to verify that the data does not contain
510 * any uninitialized bytes.
512 kmsan_check_mbuf(m, "ether_output");
513 return ((ifp->if_transmit)(ifp, m));
517 * Process a received Ethernet packet; the packet is in the
518 * mbuf chain m with the ethernet header at the front.
521 ether_input_internal(struct ifnet *ifp, struct mbuf *m)
523 struct ether_header *eh;
526 if ((ifp->if_flags & IFF_UP) == 0) {
531 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
532 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n");
537 if (__predict_false(m->m_len < ETHER_HDR_LEN)) {
538 /* Drivers should pullup and ensure the mbuf is valid */
539 if_printf(ifp, "discard frame w/o leading ethernet "
540 "header (len %d pkt len %d)\n",
541 m->m_len, m->m_pkthdr.len);
542 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
546 eh = mtod(m, struct ether_header *);
547 etype = ntohs(eh->ether_type);
548 random_harvest_queue_ether(m, sizeof(*m));
551 #if defined(INET6) && defined(INET)
552 /* draft-ietf-6man-ipv6only-flag */
553 /* Catch ETHERTYPE_IP, and ETHERTYPE_[REV]ARP if we are v6-only. */
554 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IPV6_ONLY_MASK) != 0) {
558 case ETHERTYPE_REVARP:
568 CURVNET_SET_QUIET(ifp->if_vnet);
570 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
571 if (ETHER_IS_BROADCAST(eh->ether_dhost))
572 m->m_flags |= M_BCAST;
574 m->m_flags |= M_MCAST;
575 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
580 * Tag the mbuf with an appropriate MAC label before any other
581 * consumers can get to it.
583 mac_ifnet_create_mbuf(ifp, m);
587 * Give bpf a chance at the packet.
589 ETHER_BPF_MTAP(ifp, m);
592 * If the CRC is still on the packet, trim it off. We do this once
593 * and once only in case we are re-entered. Nothing else on the
594 * Ethernet receive path expects to see the FCS.
596 if (m->m_flags & M_HASFCS) {
597 m_adj(m, -ETHER_CRC_LEN);
598 m->m_flags &= ~M_HASFCS;
601 if (!(ifp->if_capenable & IFCAP_HWSTATS))
602 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
604 /* Allow monitor mode to claim this frame, after stats are updated. */
605 if (ifp->if_flags & IFF_MONITOR) {
611 /* Handle input from a lagg(4) port */
612 if (ifp->if_type == IFT_IEEE8023ADLAG) {
613 KASSERT(lagg_input_ethernet_p != NULL,
614 ("%s: if_lagg not loaded!", __func__));
615 m = (*lagg_input_ethernet_p)(ifp, m);
617 ifp = m->m_pkthdr.rcvif;
625 * If the hardware did not process an 802.1Q tag, do this now,
626 * to allow 802.1P priority frames to be passed to the main input
629 if ((m->m_flags & M_VLANTAG) == 0 &&
630 ((etype == ETHERTYPE_VLAN) || (etype == ETHERTYPE_QINQ))) {
631 struct ether_vlan_header *evl;
633 if (m->m_len < sizeof(*evl) &&
634 (m = m_pullup(m, sizeof(*evl))) == NULL) {
636 if_printf(ifp, "cannot pullup VLAN header\n");
638 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
643 evl = mtod(m, struct ether_vlan_header *);
644 m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag);
645 m->m_flags |= M_VLANTAG;
647 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN,
648 ETHER_HDR_LEN - ETHER_TYPE_LEN);
649 m_adj(m, ETHER_VLAN_ENCAP_LEN);
650 eh = mtod(m, struct ether_header *);
653 M_SETFIB(m, ifp->if_fib);
655 /* Allow ng_ether(4) to claim this frame. */
656 if (ifp->if_l2com != NULL) {
657 KASSERT(ng_ether_input_p != NULL,
658 ("%s: ng_ether_input_p is NULL", __func__));
659 m->m_flags &= ~M_PROMISC;
660 (*ng_ether_input_p)(ifp, &m);
665 eh = mtod(m, struct ether_header *);
669 * Allow if_bridge(4) to claim this frame.
671 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it
672 * and the frame should be delivered locally.
674 * If M_BRIDGE_INJECT is set, the packet was received directly by the
675 * bridge via netmap, so "ifp" is the bridge itself and the packet
676 * should be re-examined.
678 if (ifp->if_bridge != NULL || (m->m_flags & M_BRIDGE_INJECT) != 0) {
679 m->m_flags &= ~M_PROMISC;
680 BRIDGE_INPUT(ifp, m);
685 eh = mtod(m, struct ether_header *);
688 #if defined(INET) || defined(INET6)
690 * Clear M_PROMISC on frame so that carp(4) will see it when the
691 * mbuf flows up to Layer 3.
692 * FreeBSD's implementation of carp(4) uses the inprotosw
693 * to dispatch IPPROTO_CARP. carp(4) also allocates its own
694 * Ethernet addresses of the form 00:00:5e:00:01:xx, which
695 * is outside the scope of the M_PROMISC test below.
696 * TODO: Maintain a hash table of ethernet addresses other than
697 * ether_dhost which may be active on this ifp.
699 if (ifp->if_carp && (*carp_forus_p)(ifp, eh->ether_dhost)) {
700 m->m_flags &= ~M_PROMISC;
705 * If the frame received was not for our MAC address, set the
706 * M_PROMISC flag on the mbuf chain. The frame may need to
707 * be seen by the rest of the Ethernet input path in case of
708 * re-entry (e.g. bridge, vlan, netgraph) but should not be
709 * seen by upper protocol layers.
711 if (!ETHER_IS_MULTICAST(eh->ether_dhost) &&
712 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0)
713 m->m_flags |= M_PROMISC;
721 * Ethernet input dispatch; by default, direct dispatch here regardless of
722 * global configuration. However, if RSS is enabled, hook up RSS affinity
723 * so that when deferred or hybrid dispatch is enabled, we can redistribute
726 * XXXRW: Would be nice if the ifnet passed up a flag indicating whether or
727 * not it had already done work distribution via multi-queue. Then we could
728 * direct dispatch in the event load balancing was already complete and
729 * handle the case of interfaces with different capabilities better.
731 * XXXRW: Sort of want an M_DISTRIBUTED flag to avoid multiple distributions
732 * at multiple layers?
734 * XXXRW: For now, enable all this only if RSS is compiled in, although it
735 * works fine without RSS. Need to characterise the performance overhead
736 * of the detour through the netisr code in the event the result is always
740 ether_nh_input(struct mbuf *m)
744 KASSERT(m->m_pkthdr.rcvif != NULL,
745 ("%s: NULL interface pointer", __func__));
746 ether_input_internal(m->m_pkthdr.rcvif, m);
749 static struct netisr_handler ether_nh = {
751 .nh_handler = ether_nh_input,
752 .nh_proto = NETISR_ETHER,
754 .nh_policy = NETISR_POLICY_CPU,
755 .nh_dispatch = NETISR_DISPATCH_DIRECT,
756 .nh_m2cpuid = rss_m2cpuid,
758 .nh_policy = NETISR_POLICY_SOURCE,
759 .nh_dispatch = NETISR_DISPATCH_DIRECT,
764 ether_init(__unused void *arg)
767 netisr_register(ðer_nh);
769 SYSINIT(ether, SI_SUB_INIT_IF, SI_ORDER_ANY, ether_init, NULL);
772 vnet_ether_init(__unused void *arg)
774 struct pfil_head_args args;
776 args.pa_version = PFIL_VERSION;
777 args.pa_flags = PFIL_IN | PFIL_OUT;
778 args.pa_type = PFIL_TYPE_ETHERNET;
779 args.pa_headname = PFIL_ETHER_NAME;
780 V_link_pfil_head = pfil_head_register(&args);
783 netisr_register_vnet(ðer_nh);
786 VNET_SYSINIT(vnet_ether_init, SI_SUB_PROTO_IF, SI_ORDER_ANY,
787 vnet_ether_init, NULL);
791 vnet_ether_pfil_destroy(__unused void *arg)
794 pfil_head_unregister(V_link_pfil_head);
796 VNET_SYSUNINIT(vnet_ether_pfil_uninit, SI_SUB_PROTO_PFIL, SI_ORDER_ANY,
797 vnet_ether_pfil_destroy, NULL);
800 vnet_ether_destroy(__unused void *arg)
803 netisr_unregister_vnet(ðer_nh);
805 VNET_SYSUNINIT(vnet_ether_uninit, SI_SUB_PROTO_IF, SI_ORDER_ANY,
806 vnet_ether_destroy, NULL);
810 ether_input(struct ifnet *ifp, struct mbuf *m)
812 struct epoch_tracker et;
816 needs_epoch = (ifp->if_flags & IFF_NEEDSEPOCH);
819 * This temporary code is here to prevent epoch unaware and unmarked
820 * drivers to panic the system. Once all drivers are taken care of,
821 * the whole INVARIANTS block should go away.
823 if (!needs_epoch && !in_epoch(net_epoch_preempt)) {
824 static bool printedonce;
829 if_printf(ifp, "called %s w/o net epoch! "
830 "PLEASE file a bug report.", __func__);
839 * The drivers are allowed to pass in a chain of packets linked with
840 * m_nextpkt. We split them up into separate packets here and pass
841 * them up. This allows the drivers to amortize the receive lock.
843 CURVNET_SET_QUIET(ifp->if_vnet);
844 if (__predict_false(needs_epoch))
851 * We will rely on rcvif being set properly in the deferred
852 * context, so assert it is correct here.
854 MPASS((m->m_pkthdr.csum_flags & CSUM_SND_TAG) == 0);
855 KASSERT(m->m_pkthdr.rcvif == ifp, ("%s: ifnet mismatch m %p "
856 "rcvif %p ifp %p", __func__, m, m->m_pkthdr.rcvif, ifp));
857 netisr_dispatch(NETISR_ETHER, m);
860 if (__predict_false(needs_epoch))
866 * Upper layer processing for a received Ethernet packet.
869 ether_demux(struct ifnet *ifp, struct mbuf *m)
871 struct ether_header *eh;
876 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__));
878 /* Do not grab PROMISC frames in case we are re-entered. */
879 if (PFIL_HOOKED_IN(V_link_pfil_head) && !(m->m_flags & M_PROMISC)) {
880 i = pfil_mbuf_in(V_link_pfil_head, &m, ifp, NULL);
885 eh = mtod(m, struct ether_header *);
886 ether_type = ntohs(eh->ether_type);
889 * If this frame has a VLAN tag other than 0, call vlan_input()
890 * if its module is loaded. Otherwise, drop.
892 if ((m->m_flags & M_VLANTAG) &&
893 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) {
894 if (ifp->if_vlantrunk == NULL) {
895 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1);
899 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!",
901 /* Clear before possibly re-entering ether_input(). */
902 m->m_flags &= ~M_PROMISC;
903 (*vlan_input_p)(ifp, m);
908 * Pass promiscuously received frames to the upper layer if the user
909 * requested this by setting IFF_PPROMISC. Otherwise, drop them.
911 if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) {
917 * Reset layer specific mbuf flags to avoid confusing upper layers.
919 m->m_flags &= ~M_VLANTAG;
923 * Dispatch frame to upper layer.
925 switch (ether_type) {
932 if (ifp->if_flags & IFF_NOARP) {
933 /* Discard packet if ARP is disabled on interface */
949 /* Strip off Ethernet header. */
950 m_adj(m, ETHER_HDR_LEN);
952 netisr_dispatch(isr, m);
957 * Packet is to be discarded. If netgraph is present,
958 * hand the packet to it for last chance processing;
959 * otherwise dispose of it.
961 if (ifp->if_l2com != NULL) {
962 KASSERT(ng_ether_input_orphan_p != NULL,
963 ("ng_ether_input_orphan_p is NULL"));
964 (*ng_ether_input_orphan_p)(ifp, m);
971 * Convert Ethernet address to printable (loggable) representation.
972 * This routine is for compatibility; it's better to just use
974 * printf("%6D", <pointer to address>, ":");
976 * since there's no static buffer involved.
979 ether_sprintf(const u_char *ap)
981 static char etherbuf[18];
982 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":");
987 * Perform common duties while attaching to interface list
990 ether_ifattach(struct ifnet *ifp, const u_int8_t *lla)
994 struct sockaddr_dl *sdl;
996 ifp->if_addrlen = ETHER_ADDR_LEN;
997 ifp->if_hdrlen = ETHER_HDR_LEN;
998 ifp->if_mtu = ETHERMTU;
1000 ifp->if_output = ether_output;
1001 ifp->if_input = ether_input;
1002 ifp->if_resolvemulti = ether_resolvemulti;
1003 ifp->if_requestencap = ether_requestencap;
1005 ifp->if_reassign = ether_reassign;
1007 if (ifp->if_baudrate == 0)
1008 ifp->if_baudrate = IF_Mbps(10); /* just a default */
1009 ifp->if_broadcastaddr = etherbroadcastaddr;
1012 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__));
1013 sdl = (struct sockaddr_dl *)ifa->ifa_addr;
1014 sdl->sdl_type = IFT_ETHER;
1015 sdl->sdl_alen = ifp->if_addrlen;
1016 bcopy(lla, LLADDR(sdl), ifp->if_addrlen);
1018 if (ifp->if_hw_addr != NULL)
1019 bcopy(lla, ifp->if_hw_addr, ifp->if_addrlen);
1021 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN);
1022 if (ng_ether_attach_p != NULL)
1023 (*ng_ether_attach_p)(ifp);
1025 /* Announce Ethernet MAC address if non-zero. */
1026 for (i = 0; i < ifp->if_addrlen; i++)
1029 if (i != ifp->if_addrlen)
1030 if_printf(ifp, "Ethernet address: %6D\n", lla, ":");
1032 uuid_ether_add(LLADDR(sdl));
1034 /* Add necessary bits are setup; announce it now. */
1035 EVENTHANDLER_INVOKE(ether_ifattach_event, ifp);
1036 if (IS_DEFAULT_VNET(curvnet))
1037 devctl_notify("ETHERNET", ifp->if_xname, "IFATTACH", NULL);
1041 * Perform common duties while detaching an Ethernet interface
1044 ether_ifdetach(struct ifnet *ifp)
1046 struct sockaddr_dl *sdl;
1048 sdl = (struct sockaddr_dl *)(ifp->if_addr->ifa_addr);
1049 uuid_ether_del(LLADDR(sdl));
1051 if (ifp->if_l2com != NULL) {
1052 KASSERT(ng_ether_detach_p != NULL,
1053 ("ng_ether_detach_p is NULL"));
1054 (*ng_ether_detach_p)(ifp);
1063 ether_reassign(struct ifnet *ifp, struct vnet *new_vnet, char *unused __unused)
1066 if (ifp->if_l2com != NULL) {
1067 KASSERT(ng_ether_detach_p != NULL,
1068 ("ng_ether_detach_p is NULL"));
1069 (*ng_ether_detach_p)(ifp);
1072 if (ng_ether_attach_p != NULL) {
1073 CURVNET_SET_QUIET(new_vnet);
1074 (*ng_ether_attach_p)(ifp);
1080 SYSCTL_DECL(_net_link);
1081 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
1086 * This is for reference. We have a table-driven version
1087 * of the little-endian crc32 generator, which is faster
1088 * than the double-loop.
1091 ether_crc32_le(const uint8_t *buf, size_t len)
1098 crc = 0xffffffff; /* initial value */
1100 for (i = 0; i < len; i++) {
1101 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) {
1102 carry = (crc ^ data) & 1;
1105 crc = (crc ^ ETHER_CRC_POLY_LE);
1113 ether_crc32_le(const uint8_t *buf, size_t len)
1115 static const uint32_t crctab[] = {
1116 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac,
1117 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
1118 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c,
1119 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c
1124 crc = 0xffffffff; /* initial value */
1126 for (i = 0; i < len; i++) {
1128 crc = (crc >> 4) ^ crctab[crc & 0xf];
1129 crc = (crc >> 4) ^ crctab[crc & 0xf];
1137 ether_crc32_be(const uint8_t *buf, size_t len)
1140 uint32_t crc, carry;
1144 crc = 0xffffffff; /* initial value */
1146 for (i = 0; i < len; i++) {
1147 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) {
1148 carry = ((crc & 0x80000000) ? 1 : 0) ^ (data & 0x01);
1151 crc = (crc ^ ETHER_CRC_POLY_BE) | carry;
1159 ether_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
1161 struct ifaddr *ifa = (struct ifaddr *) data;
1162 struct ifreq *ifr = (struct ifreq *) data;
1167 ifp->if_flags |= IFF_UP;
1169 switch (ifa->ifa_addr->sa_family) {
1172 ifp->if_init(ifp->if_softc); /* before arpwhohas */
1173 arp_ifinit(ifp, ifa);
1177 ifp->if_init(ifp->if_softc);
1183 bcopy(IF_LLADDR(ifp), &ifr->ifr_addr.sa_data[0],
1189 * Set the interface MTU.
1191 if (ifr->ifr_mtu > ETHERMTU) {
1194 ifp->if_mtu = ifr->ifr_mtu;
1199 error = priv_check(curthread, PRIV_NET_SETLANPCP);
1202 if (ifr->ifr_lan_pcp > 7 &&
1203 ifr->ifr_lan_pcp != IFNET_PCP_NONE) {
1206 ifp->if_pcp = ifr->ifr_lan_pcp;
1207 /* broadcast event about PCP change */
1208 EVENTHANDLER_INVOKE(ifnet_event, ifp, IFNET_EVENT_PCP);
1213 ifr->ifr_lan_pcp = ifp->if_pcp;
1217 error = EINVAL; /* XXX netbsd has ENOTTY??? */
1224 ether_resolvemulti(struct ifnet *ifp, struct sockaddr **llsa,
1225 struct sockaddr *sa)
1227 struct sockaddr_dl *sdl;
1229 struct sockaddr_in *sin;
1232 struct sockaddr_in6 *sin6;
1236 switch(sa->sa_family) {
1239 * No mapping needed. Just check that it's a valid MC address.
1241 sdl = (struct sockaddr_dl *)sa;
1242 e_addr = LLADDR(sdl);
1243 if (!ETHER_IS_MULTICAST(e_addr))
1244 return EADDRNOTAVAIL;
1250 sin = (struct sockaddr_in *)sa;
1251 if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)))
1252 return EADDRNOTAVAIL;
1253 sdl = link_init_sdl(ifp, *llsa, IFT_ETHER);
1254 sdl->sdl_alen = ETHER_ADDR_LEN;
1255 e_addr = LLADDR(sdl);
1256 ETHER_MAP_IP_MULTICAST(&sin->sin_addr, e_addr);
1257 *llsa = (struct sockaddr *)sdl;
1262 sin6 = (struct sockaddr_in6 *)sa;
1263 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1265 * An IP6 address of 0 means listen to all
1266 * of the Ethernet multicast address used for IP6.
1267 * (This is used for multicast routers.)
1269 ifp->if_flags |= IFF_ALLMULTI;
1273 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr))
1274 return EADDRNOTAVAIL;
1275 sdl = link_init_sdl(ifp, *llsa, IFT_ETHER);
1276 sdl->sdl_alen = ETHER_ADDR_LEN;
1277 e_addr = LLADDR(sdl);
1278 ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr);
1279 *llsa = (struct sockaddr *)sdl;
1285 * Well, the text isn't quite right, but it's the name
1288 return EAFNOSUPPORT;
1292 static moduledata_t ether_mod = {
1297 ether_vlan_mtap(struct bpf_if *bp, struct mbuf *m, void *data, u_int dlen)
1299 struct ether_vlan_header vlan;
1302 KASSERT((m->m_flags & M_VLANTAG) != 0,
1303 ("%s: vlan information not present", __func__));
1304 KASSERT(m->m_len >= sizeof(struct ether_header),
1305 ("%s: mbuf not large enough for header", __func__));
1306 bcopy(mtod(m, char *), &vlan, sizeof(struct ether_header));
1307 vlan.evl_proto = vlan.evl_encap_proto;
1308 vlan.evl_encap_proto = htons(ETHERTYPE_VLAN);
1309 vlan.evl_tag = htons(m->m_pkthdr.ether_vtag);
1310 m->m_len -= sizeof(struct ether_header);
1311 m->m_data += sizeof(struct ether_header);
1313 * If a data link has been supplied by the caller, then we will need to
1314 * re-create a stack allocated mbuf chain with the following structure:
1316 * (1) mbuf #1 will contain the supplied data link
1317 * (2) mbuf #2 will contain the vlan header
1318 * (3) mbuf #3 will contain the original mbuf's packet data
1320 * Otherwise, submit the packet and vlan header via bpf_mtap2().
1324 mv.m_data = (caddr_t)&vlan;
1325 mv.m_len = sizeof(vlan);
1331 bpf_mtap2(bp, &vlan, sizeof(vlan), m);
1332 m->m_len += sizeof(struct ether_header);
1333 m->m_data -= sizeof(struct ether_header);
1337 ether_vlanencap_proto(struct mbuf *m, uint16_t tag, uint16_t proto)
1339 struct ether_vlan_header *evl;
1341 M_PREPEND(m, ETHER_VLAN_ENCAP_LEN, M_NOWAIT);
1344 /* M_PREPEND takes care of m_len, m_pkthdr.len for us */
1346 if (m->m_len < sizeof(*evl)) {
1347 m = m_pullup(m, sizeof(*evl));
1353 * Transform the Ethernet header into an Ethernet header
1354 * with 802.1Q encapsulation.
1356 evl = mtod(m, struct ether_vlan_header *);
1357 bcopy((char *)evl + ETHER_VLAN_ENCAP_LEN,
1358 (char *)evl, ETHER_HDR_LEN - ETHER_TYPE_LEN);
1359 evl->evl_encap_proto = htons(proto);
1360 evl->evl_tag = htons(tag);
1365 ether_bpf_mtap_if(struct ifnet *ifp, struct mbuf *m)
1367 if (bpf_peers_present(ifp->if_bpf)) {
1369 if ((m->m_flags & M_VLANTAG) != 0)
1370 ether_vlan_mtap(ifp->if_bpf, m, NULL, 0);
1372 bpf_mtap(ifp->if_bpf, m);
1376 static SYSCTL_NODE(_net_link, IFT_L2VLAN, vlan, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
1377 "IEEE 802.1Q VLAN");
1378 static SYSCTL_NODE(_net_link_vlan, PF_LINK, link,
1379 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
1382 VNET_DEFINE_STATIC(int, soft_pad);
1383 #define V_soft_pad VNET(soft_pad)
1384 SYSCTL_INT(_net_link_vlan, OID_AUTO, soft_pad, CTLFLAG_RW | CTLFLAG_VNET,
1385 &VNET_NAME(soft_pad), 0,
1386 "pad short frames before tagging");
1389 * For now, make preserving PCP via an mbuf tag optional, as it increases
1390 * per-packet memory allocations and frees. In the future, it would be
1391 * preferable to reuse ether_vtag for this, or similar.
1393 VNET_DEFINE(int, vlan_mtag_pcp) = 0;
1394 #define V_vlan_mtag_pcp VNET(vlan_mtag_pcp)
1395 SYSCTL_INT(_net_link_vlan, OID_AUTO, mtag_pcp, CTLFLAG_RW | CTLFLAG_VNET,
1396 &VNET_NAME(vlan_mtag_pcp), 0,
1397 "Retain VLAN PCP information as packets are passed up the stack");
1400 ether_do_pcp(struct ifnet *ifp, struct mbuf *m)
1402 if (ifp->if_type == IFT_L2VLAN)
1404 if (ifp->if_pcp != IFNET_PCP_NONE || (m->m_flags & M_VLANTAG) != 0)
1406 if (V_vlan_mtag_pcp &&
1407 m_tag_locate(m, MTAG_8021Q, MTAG_8021Q_PCP_OUT, NULL) != NULL)
1413 ether_8021q_frame(struct mbuf **mp, struct ifnet *ife, struct ifnet *p,
1414 const struct ether_8021q_tag *qtag)
1419 uint8_t pcp = qtag->pcp;
1420 static const char pad[8]; /* just zeros */
1423 * Pad the frame to the minimum size allowed if told to.
1424 * This option is in accord with IEEE Std 802.1Q, 2003 Ed.,
1425 * paragraph C.4.4.3.b. It can help to work around buggy
1426 * bridges that violate paragraph C.4.4.3.a from the same
1427 * document, i.e., fail to pad short frames after untagging.
1428 * E.g., a tagged frame 66 bytes long (incl. FCS) is OK, but
1429 * untagging it will produce a 62-byte frame, which is a runt
1430 * and requires padding. There are VLAN-enabled network
1431 * devices that just discard such runts instead or mishandle
1434 if (V_soft_pad && p->if_type == IFT_ETHER) {
1435 for (n = ETHERMIN + ETHER_HDR_LEN - (*mp)->m_pkthdr.len;
1436 n > 0; n -= sizeof(pad)) {
1437 if (!m_append(*mp, min(n, sizeof(pad)), pad))
1443 if_printf(ife, "cannot pad short frame");
1449 * If PCP is set in mbuf, use it
1451 if ((*mp)->m_flags & M_VLANTAG) {
1452 pcp = EVL_PRIOFTAG((*mp)->m_pkthdr.ether_vtag);
1456 * If underlying interface can do VLAN tag insertion itself,
1457 * just pass the packet along. However, we need some way to
1458 * tell the interface where the packet came from so that it
1459 * knows how to find the VLAN tag to use, so we attach a
1460 * packet tag that holds it.
1462 if (V_vlan_mtag_pcp && (mtag = m_tag_locate(*mp, MTAG_8021Q,
1463 MTAG_8021Q_PCP_OUT, NULL)) != NULL)
1464 tag = EVL_MAKETAG(qtag->vid, *(uint8_t *)(mtag + 1), 0);
1466 tag = EVL_MAKETAG(qtag->vid, pcp, 0);
1467 if ((p->if_capenable & IFCAP_VLAN_HWTAGGING) &&
1468 (qtag->proto == ETHERTYPE_VLAN)) {
1469 (*mp)->m_pkthdr.ether_vtag = tag;
1470 (*mp)->m_flags |= M_VLANTAG;
1472 *mp = ether_vlanencap_proto(*mp, tag, qtag->proto);
1474 if_printf(ife, "unable to prepend 802.1Q header");
1477 (*mp)->m_flags &= ~M_VLANTAG;
1483 * Allocate an address from the FreeBSD Foundation OUI. This uses a
1484 * cryptographic hash function on the containing jail's name, UUID and the
1485 * interface name to attempt to provide a unique but stable address.
1486 * Pseudo-interfaces which require a MAC address should use this function to
1487 * allocate non-locally-administered addresses.
1490 ether_gen_addr_byname(const char *nameunit, struct ether_addr *hwaddr)
1494 char uuid[HOSTUUIDLEN + 1];
1497 char digest[SHA1_RESULTLEN];
1498 char jailname[MAXHOSTNAMELEN];
1500 getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid));
1501 if (strncmp(uuid, DEFAULT_HOSTUUID, sizeof(uuid)) == 0) {
1502 /* Fall back to a random mac address. */
1506 /* If each (vnet) jail would also have a unique hostuuid this would not
1508 getjailname(curthread->td_ucred, jailname, sizeof(jailname));
1509 sz = asprintf(&buf, M_TEMP, "%s-%s-%s", uuid, nameunit,
1512 /* Fall back to a random mac address. */
1517 SHA1Update(&ctx, buf, sz);
1518 SHA1Final(digest, &ctx);
1521 addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) &
1522 OUI_FREEBSD_GENERATED_MASK;
1523 addr = OUI_FREEBSD(addr);
1524 for (i = 0; i < ETHER_ADDR_LEN; ++i) {
1525 hwaddr->octet[i] = addr >> ((ETHER_ADDR_LEN - i - 1) * 8) &
1531 arc4rand(hwaddr, sizeof(*hwaddr), 0);
1533 hwaddr->octet[0] &= 0xFE;
1534 /* Locally administered. */
1535 hwaddr->octet[0] |= 0x02;
1539 ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr)
1541 ether_gen_addr_byname(if_name(ifp), hwaddr);
1544 DECLARE_MODULE(ether, ether_mod, SI_SUB_INIT_IF, SI_ORDER_ANY);
1545 MODULE_VERSION(ether, 1);