From db37145ff389be25b1f4eedcf06a093d7cf4bac4 Mon Sep 17 00:00:00 2001 From: Simon Schubert Date: Wed, 21 Dec 2005 16:37:15 +0000 Subject: [PATCH] Bring in if_bridge from Open-/Net-/FreeBSD Based-on-patch-by: Andrew Atrens Reviewed-and-locking-corrected-by: dillon and sephe --- share/man/man4/bridge.4 | 141 ++++++++++++++++++++++++++++++++++++++++ sys/conf/files | 4 +- sys/config/LINT | 3 +- sys/i386/conf/LINT | 3 +- sys/net/Makefile | 4 +- sys/net/if.h | 9 ++- sys/net/if_ethersubr.c | 79 +++++++++++++++++----- sys/net/if_llc.h | 3 +- sys/net/if_types.h | 3 +- sys/net/if_var.h | 3 +- 10 files changed, 228 insertions(+), 24 deletions(-) create mode 100644 share/man/man4/bridge.4 diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4 new file mode 100644 index 0000000000..0873339e38 --- /dev/null +++ b/share/man/man4/bridge.4 @@ -0,0 +1,141 @@ +.\" Copyright 2001 Wasabi Systems, Inc. +.\" All rights reserved. +.\" +.\" Written by Jason R. Thorpe for Wasabi Systems, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed for the NetBSD Project by +.\" Wasabi Systems, Inc. +.\" 4. The name of Wasabi Systems, Inc. may not be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $NetBSD: bridge.4,v 1.7 2005/06/23 12:47:38 peter Exp $ +.\" $DragonFly: src/share/man/man4/bridge.4,v 1.6 2005/12/21 16:37:15 corecode Exp $ +.\" +.Dd January 4, 2004 +.Dt BRIDGE 4 +.Os +.Sh NAME +.Nm bridge +.Nd network bridge device +.Sh SYNOPSIS +.Cd "pseudo-device bridge" +.Sh DESCRIPTION +The +.Nm +driver creates a logical link between two or more IEEE 802 networks +that use the same (or +.Dq similar enough ) +framing format. +For example, it is possible to bridge Ethernet and 802.11 networks together, +but it is not possible to bridge Ethernet and Token Ring together. +.Pp +To use +.Nm bridge , +the administrator must first create the interface and configure +the bridge parameters. +The bridge is created using the +.Xr ifconfig 8 +.Cm create +subcommand. +The learning and forwarding behavior and other parameters of a +bridge are configured by the +.Xr brconfig 8 +utility. +.Pp +A bridge can be used to provide several services, such as a simple +802.11-to-Ethernet bridge for wireless hosts, and traffic isolation. +.Pp +A bridge works like a hub, forwarding traffic from one interface +to another. +Multicast and broadcast packets are always forwarded to all +interfaces that are part of the bridge. +For unicast traffic, the bridge learns which MAC addresses are associated +with which interfaces and will forward the traffic selectively. +.Pp +The +.Nm +driver implements the IEEE 802.1D Spanning Tree protocol (STP). +Spanning Tree is used to detect and remove loops in a network topology. +.Pp +Packet filtering can be used with any firewall package that hooks in via the +.Xr pfil 9 +framework. +When filtering is enabled, bridged packets will pass through the filter +inbound on the originating interface, on the bridge interface and outbound on +the appropriate interfaces. +Either stage can be disabled, this behaviour can be controlled using +.Xr sysctl 8 : +Set +.Va net.link.bridge.pfil_member +to +.Li 1 +to enable filtering on the incoming and outgoing member interfaces +and set +.Va net.link.bridge.pfil_bridge +to +.Li 1 +to enable filtering on the bridge interface. +.Pp +ARP and REVARP packets are forwarded without being filtered and others +that are not IP nor IPv6 packets are not forwarded when filtering is +enabled. +.Pp +Note that packets to and from the bridging host will be seen by the +filter on the interface with the appropriate address configured as well +as on the interface on which the packet arrives or departs. +.Pp +The MTU of the first member interface to be added is used as the bridge MTU, +all additional members are required to have exactly the same value. +.Sh SEE ALSO +.Xr brconfig 8 , +.Xr pf 4 +.Sh HISTORY +The +.Nm +driver first appeared in +.Ox 2.5 +and found its way into +.Dx 1.3.7 . +.Sh AUTHORS +.An -nosplit +The +.Nm bridge +driver was originally written by +.An Jason L. Wright +.Aq jason@thought.net +as part of an undergraduate independent study at the University of +North Carolina at Greensboro. +.Pp +This version of the +.Nm +driver has been heavily modified from the original version by +.An Jason R. Thorpe +.Aq thorpej@wasabisystems.com . +.Sh BUGS +The +.Nm +driver currently supports only Ethernet and Ethernet-like (e.g. 802.11) +network devices, with exactly the same interface MTU size as the bridge device. diff --git a/sys/conf/files b/sys/conf/files index 2d7c7b6b27..658f5b89c6 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,5 +1,5 @@ # $FreeBSD: src/sys/conf/files,v 1.340.2.137 2003/06/04 17:10:30 sam Exp $ -# $DragonFly: src/sys/conf/files,v 1.112 2005/12/19 00:07:02 corecode Exp $ +# $DragonFly: src/sys/conf/files,v 1.113 2005/12/21 16:37:15 corecode Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -654,6 +654,8 @@ net/altq/altq_subr.c optional altq net/bpf.c standard net/bpf_filter.c optional bpf net/oldbridge/bridge.c optional bridge +net/bridge/if_bridge.c optional bridge +net/bridge/bridgestp.c optional bridge net/bsd_comp.c optional ppp_bsdcomp #net/hostcache.c standard net/if.c standard diff --git a/sys/config/LINT b/sys/config/LINT index ee2bbd4d9c..2f888799d6 100644 --- a/sys/config/LINT +++ b/sys/config/LINT @@ -3,7 +3,7 @@ # as much of the source tree as it can. # # $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.144 2003/06/04 17:56:59 sam Exp $ -# $DragonFly: src/sys/config/LINT,v 1.67 2005/11/11 16:35:49 swildner Exp $ +# $DragonFly: src/sys/config/LINT,v 1.68 2005/12/21 16:37:15 corecode Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -546,6 +546,7 @@ device mn # Munich32x/Falc54 Nx64kbit/sec cards. # pseudo-device ether #Generic Ethernet pseudo-device vlan 1 #VLAN support +pseudo-device bridge #Bridging support pseudo-device token #Generic TokenRing pseudo-device fddi #Generic FDDI pseudo-device arcnet #Generic Arcnet diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index c5a2716eff..25ce751a27 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -3,7 +3,7 @@ # as much of the source tree as it can. # # $FreeBSD: src/sys/i386/conf/LINT,v 1.749.2.144 2003/06/04 17:56:59 sam Exp $ -# $DragonFly: src/sys/i386/conf/Attic/LINT,v 1.67 2005/11/11 16:35:49 swildner Exp $ +# $DragonFly: src/sys/i386/conf/Attic/LINT,v 1.68 2005/12/21 16:37:15 corecode Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -546,6 +546,7 @@ device mn # Munich32x/Falc54 Nx64kbit/sec cards. # pseudo-device ether #Generic Ethernet pseudo-device vlan 1 #VLAN support +pseudo-device bridge #Bridging support pseudo-device token #Generic TokenRing pseudo-device fddi #Generic FDDI pseudo-device arcnet #Generic Arcnet diff --git a/sys/net/Makefile b/sys/net/Makefile index 479eace972..f0dc31264b 100644 --- a/sys/net/Makefile +++ b/sys/net/Makefile @@ -1,8 +1,8 @@ -# $DragonFly: src/sys/net/Makefile,v 1.3 2005/12/19 00:07:02 corecode Exp $ +# $DragonFly: src/sys/net/Makefile,v 1.4 2005/12/21 16:37:15 corecode Exp $ # SUBDIR=accf_data accf_http disc ef faith gif gre sl stf tap tun \ - vlan oldbridge dummynet ipfilter ipfw ip6fw ip_mroute \ + vlan bridge oldbridge dummynet ipfilter ipfw ip6fw ip_mroute \ sppp ppp_layer pf .include diff --git a/sys/net/if.h b/sys/net/if.h index 35d9254ea1..c4b48337f5 100644 --- a/sys/net/if.h +++ b/sys/net/if.h @@ -32,7 +32,7 @@ * * @(#)if.h 8.1 (Berkeley) 6/10/93 * $FreeBSD: src/sys/net/if.h,v 1.58.2.9 2002/08/30 14:23:38 sobomax Exp $ - * $DragonFly: src/sys/net/if.h,v 1.13 2005/05/25 14:59:05 dillon Exp $ + * $DragonFly: src/sys/net/if.h,v 1.14 2005/12/21 16:37:15 corecode Exp $ */ #ifndef _NET_IF_H_ @@ -281,6 +281,13 @@ struct ifmediareq { int *ifm_ulist; /* media words */ }; +struct ifdrv { + char ifd_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + unsigned long ifd_cmd; + size_t ifd_len; + void *ifd_data; +}; + /* * Structure used to retrieve aux status data from interfaces. * Kernel suppliers to this interface should respect the formatting diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index e917690c99..7839bacae3 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -32,7 +32,7 @@ * * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93 * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.70.2.33 2003/04/28 15:45:53 archie Exp $ - * $DragonFly: src/sys/net/if_ethersubr.c,v 1.34 2005/12/19 00:07:02 corecode Exp $ + * $DragonFly: src/sys/net/if_ethersubr.c,v 1.35 2005/12/21 16:37:15 corecode Exp $ */ #include "opt_atalk.h" @@ -125,6 +125,11 @@ bdg_forward_t *bdg_forward_ptr; bdgtakeifaces_t *bdgtakeifaces_ptr; struct bdg_softc *ifp2sc; +struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *); +int (*bridge_output_p)(struct ifnet *, struct mbuf *, + struct sockaddr *, struct rtentry *); +void (*bridge_dn_p)(struct mbuf *, struct ifnet *); + static int ether_resolvemulti(struct ifnet *, struct sockaddr **, struct sockaddr *); @@ -303,6 +308,14 @@ ether_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, else memcpy(eh->ether_shost, ac->ac_enaddr, ETHER_ADDR_LEN); + /* + * Bridges require special output handling. + */ + if (ifp->if_bridge) { + KASSERT(bridge_output_p != NULL,("ether_input: if_bridge not loaded!")); + return ((*bridge_output_p)(ifp, m, NULL, NULL)); + } + /* * If a simplex interface, and the packet is being sent to our * Ethernet address or a broadcast address, loopback a copy. @@ -567,23 +580,59 @@ ether_input(struct ifnet *ifp, struct ether_header *eh, struct mbuf *m) ASSERT_SERIALIZED(ifp->if_serializer); - if (eh == NULL) { - if (m->m_len < sizeof(struct ether_header)) { - /* XXX error in the caller. */ - m_freem(m); - return; - } - m->m_pkthdr.rcvif = ifp; - eh = mtod(m, struct ether_header *); - m_adj(m, sizeof(struct ether_header)); - /* XXX */ - /* m->m_pkthdr.len = m->m_len; */ + /* XXX old crufty stuff, needs to be removed */ + if (eh != NULL) { + printf("ether_input got mbuf without embedded ethernet header"); + m_free(m); + return; } - if (ifp->if_bpf) - bpf_ptap(ifp->if_bpf, m, eh, ETHER_HDR_LEN); + if (m->m_len < sizeof(struct ether_header)) { + /* XXX error in the caller. */ + m_freem(m); + return; + } + m->m_pkthdr.rcvif = ifp; + eh = mtod(m, struct ether_header *); + + BPF_MTAP(ifp, m); + + ifp->if_ibytes += m->m_pkthdr.len; + + /* + * Tap the packet off here for a bridge. bridge_input() + * will return NULL if it has consumed the packet, otherwise + * it gets processed as normal. Note that bridge_input() + * will always return the original packet if we need to + * process it locally. + */ + if (ifp->if_bridge) { + KASSERT(bridge_input_p != NULL,("ether_input: if_bridge not loaded!")); + + if(m->m_flags & M_PROTO1) { + m->m_flags &= ~M_PROTO1; + } else { + /* clear M_PROMISC, in case the packets comes from a vlan */ + /* m->m_flags &= ~M_PROMISC; */ + lwkt_serialize_exit(ifp->if_serializer); + m = (*bridge_input_p)(ifp, m); + lwkt_serialize_enter(ifp->if_serializer); + if (m == NULL) + return; + + /* + * Bridge has determined that the packet is for us. + * Update our interface pointer -- we may have had + * to "bridge" the packet locally. + */ + ifp = m->m_pkthdr.rcvif; + } + } - ifp->if_ibytes += m->m_pkthdr.len + (sizeof *eh); + /* XXX old crufty stuff, needs to be removed */ + m_adj(m, sizeof(struct ether_header)); + /* XXX */ + /* m->m_pkthdr.len = m->m_len; */ /* Handle ng_ether(4) processing, if any */ if (ng_ether_input_p != NULL) { diff --git a/sys/net/if_llc.h b/sys/net/if_llc.h index 0d01b2bed6..7152cce79d 100644 --- a/sys/net/if_llc.h +++ b/sys/net/if_llc.h @@ -32,7 +32,7 @@ * * @(#)if_llc.h 8.1 (Berkeley) 6/10/93 * $FreeBSD: src/sys/net/if_llc.h,v 1.7 1999/08/28 00:48:18 peter Exp $ - * $DragonFly: src/sys/net/if_llc.h,v 1.3 2004/07/20 14:43:34 joerg Exp $ + * $DragonFly: src/sys/net/if_llc.h,v 1.4 2005/12/21 16:37:15 corecode Exp $ */ #ifndef _NET_IF_LLC_H_ @@ -140,6 +140,7 @@ struct llc { /* * ISO PDTR 10178 contains among others */ +#define LLC_8021D_LSAP 0x42 #define LLC_X25_LSAP 0x7e #define LLC_SNAP_LSAP 0xaa #define LLC_ISO_LSAP 0xfe diff --git a/sys/net/if_types.h b/sys/net/if_types.h index 3256d47e29..d2e6742071 100644 --- a/sys/net/if_types.h +++ b/sys/net/if_types.h @@ -32,7 +32,7 @@ * * @(#)if_types.h 8.3 (Berkeley) 4/28/95 * $FreeBSD: src/sys/net/if_types.h,v 1.8.2.4 2002/12/23 23:02:21 kbyanc Exp $ - * $DragonFly: src/sys/net/if_types.h,v 1.4 2004/12/21 02:54:14 hsu Exp $ + * $DragonFly: src/sys/net/if_types.h,v 1.5 2005/12/21 16:37:15 corecode Exp $ * $NetBSD: if_types.h,v 1.16 2000/04/19 06:30:53 itojun Exp $ */ @@ -243,6 +243,7 @@ #define IFT_ATMVCIENDPT 0xc2 /* ATM VCI End Point */ #define IFT_OPTICALCHANNEL 0xc3 /* Optical Channel */ #define IFT_OPTICALTRANSPORT 0xc4 /* Optical Transport */ +#define IFT_BRIDGE 0xd1 /* Transparent bridge interface */ /* not based on IANA assignments */ #define IFT_GIF 0xf0 diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 6c99eb1bea..3ad3aba4f2 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -32,7 +32,7 @@ * * From: @(#)if.h 8.1 (Berkeley) 6/10/93 * $FreeBSD: src/sys/net/if_var.h,v 1.18.2.16 2003/04/15 18:11:19 fjoe Exp $ - * $DragonFly: src/sys/net/if_var.h,v 1.32 2005/11/28 17:13:45 dillon Exp $ + * $DragonFly: src/sys/net/if_var.h,v 1.33 2005/12/21 16:37:15 corecode Exp $ */ #ifndef _NET_IF_VAR_H_ @@ -211,6 +211,7 @@ struct ifnet { struct ifaltq if_snd; /* output queue (includes altq) */ struct ifprefixhead if_prefixhead; /* list of prefixes per if */ const uint8_t *if_broadcastaddr; + void *if_bridge; /* bridge glue */ void *if_afdata[AF_MAX]; struct ifaddr *if_lladdr; struct lwkt_serialize *if_serializer; /* serializer or MP lock */ -- 2.41.0