1 /*-
2 * Copyright (c) 1982, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * @(#)if_ethersubr.c 8.1 (Berkeley) 6/10/93
30 * $FreeBSD: src/sys/net/if_ethersubr.c,v 1.250 2008/10/23 15:53:51 des Exp $
31 */
32
33 #include "opt_atalk.h"
34 #include "opt_inet.h"
35 #include "opt_inet6.h"
36 #include "opt_ipx.h"
37 #include "opt_mac.h"
38 #include "opt_netgraph.h"
39 #include "opt_carp.h"
40 #include "opt_mbuf_profiling.h"
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/malloc.h>
46 #include <sys/module.h>
47 #include <sys/mbuf.h>
48 #include <sys/random.h>
49 #include <sys/socket.h>
50 #include <sys/sockio.h>
51 #include <sys/sysctl.h>
52 #include <sys/vimage.h>
53
54 #include <net/if.h>
55 #include <net/if_arp.h>
56 #include <net/netisr.h>
57 #include <net/route.h>
58 #include <net/if_llc.h>
59 #include <net/if_dl.h>
60 #include <net/if_types.h>
61 #include <net/bpf.h>
62 #include <net/ethernet.h>
63 #include <net/if_bridgevar.h>
64 #include <net/if_vlan_var.h>
65 #include <net/pf_mtag.h>
66
67 #if defined(INET) || defined(INET6)
68 #include <netinet/in.h>
69 #include <netinet/in_var.h>
70 #include <netinet/if_ether.h>
71 #include <netinet/ip_fw.h>
72 #include <netinet/ip_dummynet.h>
73 #endif
74 #ifdef INET6
75 #include <netinet6/nd6.h>
76 #endif
77
78 #ifdef DEV_CARP
79 #include <netinet/ip_carp.h>
80 #endif
81
82 #ifdef IPX
83 #include <netipx/ipx.h>
84 #include <netipx/ipx_if.h>
85 #endif
86 int (*ef_inputp)(struct ifnet*, struct ether_header *eh, struct mbuf *m);
87 int (*ef_outputp)(struct ifnet *ifp, struct mbuf **mp,
88 struct sockaddr *dst, short *tp, int *hlen);
89
90 #ifdef NETATALK
91 #include <netatalk/at.h>
92 #include <netatalk/at_var.h>
93 #include <netatalk/at_extern.h>
94
95 #define llc_snap_org_code llc_un.type_snap.org_code
96 #define llc_snap_ether_type llc_un.type_snap.ether_type
97
98 extern u_char at_org_code[3];
99 extern u_char aarp_org_code[3];
100 #endif /* NETATALK */
101
102 #include <security/mac/mac_framework.h>
103
104 #ifdef CTASSERT
105 CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2);
106 CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN);
107 #endif
108
109 /* netgraph node hooks for ng_ether(4) */
110 void (*ng_ether_input_p)(struct ifnet *ifp, struct mbuf **mp);
111 void (*ng_ether_input_orphan_p)(struct ifnet *ifp, struct mbuf *m);
112 int (*ng_ether_output_p)(struct ifnet *ifp, struct mbuf **mp);
113 void (*ng_ether_attach_p)(struct ifnet *ifp);
114 void (*ng_ether_detach_p)(struct ifnet *ifp);
115
116 void (*vlan_input_p)(struct ifnet *, struct mbuf *);
117
118 /* if_bridge(4) support */
119 struct mbuf *(*bridge_input_p)(struct ifnet *, struct mbuf *);
120 int (*bridge_output_p)(struct ifnet *, struct mbuf *,
121 struct sockaddr *, struct rtentry *);
122 void (*bridge_dn_p)(struct mbuf *, struct ifnet *);
123
124 /* if_lagg(4) support */
125 struct mbuf *(*lagg_input_p)(struct ifnet *, struct mbuf *);
126
127 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
128 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
129
130 static int ether_resolvemulti(struct ifnet *, struct sockaddr **,
131 struct sockaddr *);
132
133 /* XXX: should be in an arp support file, not here */
134 MALLOC_DEFINE(M_ARPCOM, "arpcom", "802.* interface internals");
135
136 #define ETHER_IS_BROADCAST(addr) \
137 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0)
138
139 #define senderr(e) do { error = (e); goto bad;} while (0)
140
141 #if defined(INET) || defined(INET6)
142 int
143 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
144 struct ip_fw **rule, int shared);
145 static int ether_ipfw;
146 #endif
147
148 /*
149 * Ethernet output routine.
150 * Encapsulate a packet of type family for the local net.
151 * Use trailer local net encapsulation if enough data in first
152 * packet leaves a multiple of 512 bytes of data in remainder.
153 */
154 int
155 ether_output(struct ifnet *ifp, struct mbuf *m,
156 struct sockaddr *dst, struct rtentry *rt0)
157 {
158 short type;
159 int error, hdrcmplt = 0;
160 u_char esrc[ETHER_ADDR_LEN], edst[ETHER_ADDR_LEN];
161 struct ether_header *eh;
162 struct pf_mtag *t;
163 int loop_copy = 1;
164 int hlen; /* link layer header length */
165
166 #ifdef MAC
167 error = mac_ifnet_check_transmit(ifp, m);
168 if (error)
169 senderr(error);
170 #endif
171
172 M_PROFILE(m);
173 if (ifp->if_flags & IFF_MONITOR)
174 senderr(ENETDOWN);
175 if (!((ifp->if_flags & IFF_UP) &&
176 (ifp->if_drv_flags & IFF_DRV_RUNNING)))
177 senderr(ENETDOWN);
178
179 hlen = ETHER_HDR_LEN;
180 switch (dst->sa_family) {
181 #ifdef INET
182 case AF_INET:
183 error = arpresolve(ifp, rt0, m, dst, edst);
184 if (error)
185 return (error == EWOULDBLOCK ? 0 : error);
186 type = htons(ETHERTYPE_IP);
187 break;
188 case AF_ARP:
189 {
190 struct arphdr *ah;
191 ah = mtod(m, struct arphdr *);
192 ah->ar_hrd = htons(ARPHRD_ETHER);
193
194 loop_copy = 0; /* if this is for us, don't do it */
195
196 switch(ntohs(ah->ar_op)) {
197 case ARPOP_REVREQUEST:
198 case ARPOP_REVREPLY:
199 type = htons(ETHERTYPE_REVARP);
200 break;
201 case ARPOP_REQUEST:
202 case ARPOP_REPLY:
203 default:
204 type = htons(ETHERTYPE_ARP);
205 break;
206 }
207
208 if (m->m_flags & M_BCAST)
209 bcopy(ifp->if_broadcastaddr, edst, ETHER_ADDR_LEN);
210 else
211 bcopy(ar_tha(ah), edst, ETHER_ADDR_LEN);
212
213 }
214 break;
215 #endif
216 #ifdef INET6
217 case AF_INET6:
218 error = nd6_storelladdr(ifp, rt0, m, dst, (u_char *)edst);
219 if (error)
220 return error;
221 type = htons(ETHERTYPE_IPV6);
222 break;
223 #endif
224 #ifdef IPX
225 case AF_IPX:
226 if (ef_outputp) {
227 error = ef_outputp(ifp, &m, dst, &type, &hlen);
228 if (error)
229 goto bad;
230 } else
231 type = htons(ETHERTYPE_IPX);
232 bcopy((caddr_t)&(((struct sockaddr_ipx *)dst)->sipx_addr.x_host),
233 (caddr_t)edst, sizeof (edst));
234 break;
235 #endif
236 #ifdef NETATALK
237 case AF_APPLETALK:
238 {
239 struct at_ifaddr *aa;
240
241 if ((aa = at_ifawithnet((struct sockaddr_at *)dst)) == NULL)
242 senderr(EHOSTUNREACH); /* XXX */
243 if (!aarpresolve(ifp, m, (struct sockaddr_at *)dst, edst))
244 return (0);
245 /*
246 * In the phase 2 case, need to prepend an mbuf for the llc header.
247 */
248 if ( aa->aa_flags & AFA_PHASE2 ) {
249 struct llc llc;
250
251 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT);
252 if (m == NULL)
253 senderr(ENOBUFS);
254 llc.llc_dsap = llc.llc_ssap = LLC_SNAP_LSAP;
255 llc.llc_control = LLC_UI;
256 bcopy(at_org_code, llc.llc_snap_org_code, sizeof(at_org_code));
257 llc.llc_snap_ether_type = htons( ETHERTYPE_AT );
258 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN);
259 type = htons(m->m_pkthdr.len);
260 hlen = LLC_SNAPFRAMELEN + ETHER_HDR_LEN;
261 } else {
262 type = htons(ETHERTYPE_AT);
263 }
264 break;
265 }
266 #endif /* NETATALK */
267
268 case pseudo_AF_HDRCMPLT:
269 hdrcmplt = 1;
270 eh = (struct ether_header *)dst->sa_data;
271 (void)memcpy(esrc, eh->ether_shost, sizeof (esrc));
272 /* FALLTHROUGH */
273
274 case AF_UNSPEC:
275 loop_copy = 0; /* if this is for us, don't do it */
276 eh = (struct ether_header *)dst->sa_data;
277 (void)memcpy(edst, eh->ether_dhost, sizeof (edst));
278 type = eh->ether_type;
279 break;
280
281 default:
282 if_printf(ifp, "can't handle af%d\n", dst->sa_family);
283 senderr(EAFNOSUPPORT);
284 }
285
286 /*
287 * Add local net header. If no space in first mbuf,
288 * allocate another.
289 */
290 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT);
291 if (m == NULL)
292 senderr(ENOBUFS);
293 eh = mtod(m, struct ether_header *);
294 (void)memcpy(&eh->ether_type, &type,
295 sizeof(eh->ether_type));
296 (void)memcpy(eh->ether_dhost, edst, sizeof (edst));
297 if (hdrcmplt)
298 (void)memcpy(eh->ether_shost, esrc,
299 sizeof(eh->ether_shost));
300 else
301 (void)memcpy(eh->ether_shost, IF_LLADDR(ifp),
302 sizeof(eh->ether_shost));
303
304 /*
305 * If a simplex interface, and the packet is being sent to our
306 * Ethernet address or a broadcast address, loopback a copy.
307 * XXX To make a simplex device behave exactly like a duplex
308 * device, we should copy in the case of sending to our own
309 * ethernet address (thus letting the original actually appear
310 * on the wire). However, we don't do that here for security
311 * reasons and compatibility with the original behavior.
312 */
313 if ((ifp->if_flags & IFF_SIMPLEX) && loop_copy &&
314 ((t = pf_find_mtag(m)) == NULL || !t->routed)) {
315 int csum_flags = 0;
316
317 if (m->m_pkthdr.csum_flags & CSUM_IP)
318 csum_flags |= (CSUM_IP_CHECKED|CSUM_IP_VALID);
319 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
320 csum_flags |= (CSUM_DATA_VALID|CSUM_PSEUDO_HDR);
321
322 if (m->m_flags & M_BCAST) {
323 struct mbuf *n;
324
325 /*
326 * Because if_simloop() modifies the packet, we need a
327 * writable copy through m_dup() instead of a readonly
328 * one as m_copy[m] would give us. The alternative would
329 * be to modify if_simloop() to handle the readonly mbuf,
330 * but performancewise it is mostly equivalent (trading
331 * extra data copying vs. extra locking).
332 *
333 * XXX This is a local workaround. A number of less
334 * often used kernel parts suffer from the same bug.
335 * See PR kern/105943 for a proposed general solution.
336 */
337 if ((n = m_dup(m, M_DONTWAIT)) != NULL) {
338 n->m_pkthdr.csum_flags |= csum_flags;
339 if (csum_flags & CSUM_DATA_VALID)
340 n->m_pkthdr.csum_data = 0xffff;
341 (void)if_simloop(ifp, n, dst->sa_family, hlen);
342 } else
343 ifp->if_iqdrops++;
344 } else if (bcmp(eh->ether_dhost, eh->ether_shost,
345 ETHER_ADDR_LEN) == 0) {
346 m->m_pkthdr.csum_flags |= csum_flags;
347 if (csum_flags & CSUM_DATA_VALID)
348 m->m_pkthdr.csum_data = 0xffff;
349 (void) if_simloop(ifp, m, dst->sa_family, hlen);
350 return (0); /* XXX */
351 }
352 }
353
354 /*
355 * Bridges require special output handling.
356 */
357 if (ifp->if_bridge) {
358 BRIDGE_OUTPUT(ifp, m, error);
359 return (error);
360 }
361
362 #ifdef DEV_CARP
363 if (ifp->if_carp &&
364 (error = carp_output(ifp, m, dst, NULL)))
365 goto bad;
366 #endif
367
368 /* Handle ng_ether(4) processing, if any */
369 if (IFP2AC(ifp)->ac_netgraph != NULL) {
370 KASSERT(ng_ether_output_p != NULL,
371 ("ng_ether_output_p is NULL"));
372 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) {
373 bad: if (m != NULL)
374 m_freem(m);
375 return (error);
376 }
377 if (m == NULL)
378 return (0);
379 }
380
381 /* Continue with link-layer output */
382 return ether_output_frame(ifp, m);
383 }
384
385 /*
386 * Ethernet link layer output routine to send a raw frame to the device.
387 *
388 * This assumes that the 14 byte Ethernet header is present and contiguous
389 * in the first mbuf (if BRIDGE'ing).
390 */
391 int
392 ether_output_frame(struct ifnet *ifp, struct mbuf *m)
393 {
394 int error;
395 #if defined(INET) || defined(INET6)
396 INIT_VNET_NET(ifp->if_vnet);
397 struct ip_fw *rule = ip_dn_claim_rule(m);
398
399 if (IPFW_LOADED && V_ether_ipfw != 0) {
400 if (ether_ipfw_chk(&m, ifp, &rule, 0) == 0) {
401 if (m) {
402 m_freem(m);
403 return EACCES; /* pkt dropped */
404 } else
405 return 0; /* consumed e.g. in a pipe */
406 }
407 }
408 #endif
409
410 /*
411 * Queue message on interface, update output statistics if
412 * successful, and start output if interface not yet active.
413 */
414 IFQ_HANDOFF(ifp, m, error);
415 return (error);
416 }
417
418 #if defined(INET) || defined(INET6)
419 /*
420 * ipfw processing for ethernet packets (in and out).
421 * The second parameter is NULL from ether_demux, and ifp from
422 * ether_output_frame.
423 */
424 int
425 ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
426 struct ip_fw **rule, int shared)
427 {
428 INIT_VNET_IPFW(dst->if_vnet);
429 struct ether_header *eh;
430 struct ether_header save_eh;
431 struct mbuf *m;
432 int i;
433 struct ip_fw_args args;
434
435 if (*rule != NULL && V_fw_one_pass)
436 return 1; /* dummynet packet, already partially processed */
437
438 /*
439 * I need some amt of data to be contiguous, and in case others need
440 * the packet (shared==1) also better be in the first mbuf.
441 */
442 m = *m0;
443 i = min( m->m_pkthdr.len, max_protohdr);
444 if ( shared || m->m_len < i) {
445 m = m_pullup(m, i);
446 if (m == NULL) {
447 *m0 = m;
448 return 0;
449 }
450 }
451 eh = mtod(m, struct ether_header *);
452 save_eh = *eh; /* save copy for restore below */
453 m_adj(m, ETHER_HDR_LEN); /* strip ethernet header */
454
455 args.m = m; /* the packet we are looking at */
456 args.oif = dst; /* destination, if any */
457 args.rule = *rule; /* matching rule to restart */
458 args.next_hop = NULL; /* we do not support forward yet */
459 args.eh = &save_eh; /* MAC header for bridged/MAC packets */
460 args.inp = NULL; /* used by ipfw uid/gid/jail rules */
461 i = ip_fw_chk_ptr(&args);
462 m = args.m;
463 if (m != NULL) {
464 /*
465 * Restore Ethernet header, as needed, in case the
466 * mbuf chain was replaced by ipfw.
467 */
468 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT);
469 if (m == NULL) {
470 *m0 = m;
471 return 0;
472 }
473 if (eh != mtod(m, struct ether_header *))
474 bcopy(&save_eh, mtod(m, struct ether_header *),
475 ETHER_HDR_LEN);
476 }
477 *m0 = m;
478 *rule = args.rule;
479
480 if (i == IP_FW_DENY) /* drop */
481 return 0;
482
483 KASSERT(m != NULL, ("ether_ipfw_chk: m is NULL"));
484
485 if (i == IP_FW_PASS) /* a PASS rule. */
486 return 1;
487
488 if (DUMMYNET_LOADED && (i == IP_FW_DUMMYNET)) {
489 /*
490 * Pass the pkt to dummynet, which consumes it.
491 * If shared, make a copy and keep the original.
492 */
493 if (shared) {
494 m = m_copypacket(m, M_DONTWAIT);
495 if (m == NULL)
496 return 0;
497 } else {
498 /*
499 * Pass the original to dummynet and
500 * nothing back to the caller
501 */
502 *m0 = NULL ;
503 }
504 ip_dn_io_ptr(&m, dst ? DN_TO_ETH_OUT: DN_TO_ETH_DEMUX, &args);
505 return 0;
506 }
507 /*
508 * XXX at some point add support for divert/forward actions.
509 * If none of the above matches, we have to drop the pkt.
510 */
511 return 0;
512 }
513 #endif
514
515 /*
516 * Process a received Ethernet packet; the packet is in the
517 * mbuf chain m with the ethernet header at the front.
518 */
519 static void
520 ether_input(struct ifnet *ifp, struct mbuf *m)
521 {
522 struct ether_header *eh;
523 u_short etype;
524
525 if ((ifp->if_flags & IFF_UP) == 0) {
526 m_freem(m);
527 return;
528 }
529 #ifdef DIAGNOSTIC
530 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
531 if_printf(ifp, "discard frame at !IFF_DRV_RUNNING\n");
532 m_freem(m);
533 return;
534 }
535 #endif
536 /*
537 * Do consistency checks to verify assumptions
538 * made by code past this point.
539 */
540 if ((m->m_flags & M_PKTHDR) == 0) {
541 if_printf(ifp, "discard frame w/o packet header\n");
542 ifp->if_ierrors++;
543 m_freem(m);
544 return;
545 }
546 if (m->m_len < ETHER_HDR_LEN) {
547 /* XXX maybe should pullup? */
548 if_printf(ifp, "discard frame w/o leading ethernet "
549 "header (len %u pkt len %u)\n",
550 m->m_len, m->m_pkthdr.len);
551 ifp->if_ierrors++;
552 m_freem(m);
553 return;
554 }
555 eh = mtod(m, struct ether_header *);
556 etype = ntohs(eh->ether_type);
557 if (m->m_pkthdr.rcvif == NULL) {
558 if_printf(ifp, "discard frame w/o interface pointer\n");
559 ifp->if_ierrors++;
560 m_freem(m);
561 return;
562 }
563 #ifdef DIAGNOSTIC
564 if (m->m_pkthdr.rcvif != ifp) {
565 if_printf(ifp, "Warning, frame marked as received on %s\n",
566 m->m_pkthdr.rcvif->if_xname);
567 }
568 #endif
569
570 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
571 if (ETHER_IS_BROADCAST(eh->ether_dhost))
572 m->m_flags |= M_BCAST;
573 else
574 m->m_flags |= M_MCAST;
575 ifp->if_imcasts++;
576 }
577
578 #ifdef MAC
579 /*
580 * Tag the mbuf with an appropriate MAC label before any other
581 * consumers can get to it.
582 */
583 mac_ifnet_create_mbuf(ifp, m);
584 #endif
585
586 /*
587 * Give bpf a chance at the packet.
588 */
589 ETHER_BPF_MTAP(ifp, m);
590
591 /*
592 * If the CRC is still on the packet, trim it off. We do this once
593 * and once only in case we are re-entered. Nothing else on the
594 * Ethernet receive path expects to see the FCS.
595 */
596 if (m->m_flags & M_HASFCS) {
597 m_adj(m, -ETHER_CRC_LEN);
598 m->m_flags &= ~M_HASFCS;
599 }
600
601 ifp->if_ibytes += m->m_pkthdr.len;
602
603 /* Allow monitor mode to claim this frame, after stats are updated. */
604 if (ifp->if_flags & IFF_MONITOR) {
605 m_freem(m);
606 return;
607 }
608
609 /* Handle input from a lagg(4) port */
610 if (ifp->if_type == IFT_IEEE8023ADLAG) {
611 KASSERT(lagg_input_p != NULL,
612 ("%s: if_lagg not loaded!", __func__));
613 m = (*lagg_input_p)(ifp, m);
614 if (m != NULL)
615 ifp = m->m_pkthdr.rcvif;
616 else
617 return;
618 }
619
620 /*
621 * If the hardware did not process an 802.1Q tag, do this now,
622 * to allow 802.1P priority frames to be passed to the main input
623 * path correctly.
624 * TODO: Deal with Q-in-Q frames, but not arbitrary nesting levels.
625 */
626 if ((m->m_flags & M_VLANTAG) == 0 && etype == ETHERTYPE_VLAN) {
627 struct ether_vlan_header *evl;
628
629 if (m->m_len < sizeof(*evl) &&
630 (m = m_pullup(m, sizeof(*evl))) == NULL) {
631 #ifdef DIAGNOSTIC
632 if_printf(ifp, "cannot pullup VLAN header\n");
633 #endif
634 ifp->if_ierrors++;
635 m_freem(m);
636 return;
637 }
638
639 evl = mtod(m, struct ether_vlan_header *);
640 m->m_pkthdr.ether_vtag = ntohs(evl->evl_tag);
641 m->m_flags |= M_VLANTAG;
642
643 bcopy((char *)evl, (char *)evl + ETHER_VLAN_ENCAP_LEN,
644 ETHER_HDR_LEN - ETHER_TYPE_LEN);
645 m_adj(m, ETHER_VLAN_ENCAP_LEN);
646 }
647
648 /* Allow ng_ether(4) to claim this frame. */
649 if (IFP2AC(ifp)->ac_netgraph != NULL) {
650 KASSERT(ng_ether_input_p != NULL,
651 ("%s: ng_ether_input_p is NULL", __func__));
652 m->m_flags &= ~M_PROMISC;
653 (*ng_ether_input_p)(ifp, &m);
654 if (m == NULL)
655 return;
656 }
657
658 /*
659 * Allow if_bridge(4) to claim this frame.
660 * The BRIDGE_INPUT() macro will update ifp if the bridge changed it
661 * and the frame should be delivered locally.
662 */
663 if (ifp->if_bridge != NULL) {
664 m->m_flags &= ~M_PROMISC;
665 BRIDGE_INPUT(ifp, m);
666 if (m == NULL)
667 return;
668 }
669
670 #ifdef DEV_CARP
671 /*
672 * Clear M_PROMISC on frame so that carp(4) will see it when the
673 * mbuf flows up to Layer 3.
674 * FreeBSD's implementation of carp(4) uses the inprotosw
675 * to dispatch IPPROTO_CARP. carp(4) also allocates its own
676 * Ethernet addresses of the form 00:00:5e:00:01:xx, which
677 * is outside the scope of the M_PROMISC test below.
678 * TODO: Maintain a hash table of ethernet addresses other than
679 * ether_dhost which may be active on this ifp.
680 */
681 if (ifp->if_carp && carp_forus(ifp->if_carp, eh->ether_dhost)) {
682 m->m_flags &= ~M_PROMISC;
683 } else
684 #endif
685 {
686 /*
687 * If the frame received was not for our MAC address, set the
688 * M_PROMISC flag on the mbuf chain. The frame may need to
689 * be seen by the rest of the Ethernet input path in case of
690 * re-entry (e.g. bridge, vlan, netgraph) but should not be
691 * seen by upper protocol layers.
692 */
693 if (!ETHER_IS_MULTICAST(eh->ether_dhost) &&
694 bcmp(IF_LLADDR(ifp), eh->ether_dhost, ETHER_ADDR_LEN) != 0)
695 m->m_flags |= M_PROMISC;
696 }
697
698 /* First chunk of an mbuf contains good entropy */
699 if (harvest.ethernet)
700 random_harvest(m, 16, 3, 0, RANDOM_NET);
701
702 ether_demux(ifp, m);
703 }
704
705 /*
706 * Upper layer processing for a received Ethernet packet.
707 */
708 void
709 ether_demux(struct ifnet *ifp, struct mbuf *m)
710 {
711 struct ether_header *eh;
712 int isr;
713 u_short ether_type;
714 #if defined(NETATALK)
715 struct llc *l;
716 #endif
717
718 KASSERT(ifp != NULL, ("%s: NULL interface pointer", __func__));
719
720 #if defined(INET) || defined(INET6)
721 INIT_VNET_NET(ifp->if_vnet);
722 /*
723 * Allow dummynet and/or ipfw to claim the frame.
724 * Do not do this for PROMISC frames in case we are re-entered.
725 */
726 if (IPFW_LOADED && V_ether_ipfw != 0 && !(m->m_flags & M_PROMISC)) {
727 struct ip_fw *rule = ip_dn_claim_rule(m);
728
729 if (ether_ipfw_chk(&m, NULL, &rule, 0) == 0) {
730 if (m)
731 m_freem(m); /* dropped; free mbuf chain */
732 return; /* consumed */
733 }
734 }
735 #endif
736 eh = mtod(m, struct ether_header *);
737 ether_type = ntohs(eh->ether_type);
738
739 /*
740 * If this frame has a VLAN tag other than 0, call vlan_input()
741 * if its module is loaded. Otherwise, drop.
742 */
743 if ((m->m_flags & M_VLANTAG) &&
744 EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 0) {
745 if (ifp->if_vlantrunk == NULL) {
746 ifp->if_noproto++;
747 m_freem(m);
748 return;
749 }
750 KASSERT(vlan_input_p != NULL,("%s: VLAN not loaded!",
751 __func__));
752 /* Clear before possibly re-entering ether_input(). */
753 m->m_flags &= ~M_PROMISC;
754 (*vlan_input_p)(ifp, m);
755 return;
756 }
757
758 /*
759 * Pass promiscuously received frames to the upper layer if the user
760 * requested this by setting IFF_PPROMISC. Otherwise, drop them.
761 */
762 if ((ifp->if_flags & IFF_PPROMISC) == 0 && (m->m_flags & M_PROMISC)) {
763 m_freem(m);
764 return;
765 }
766
767 /*
768 * Reset layer specific mbuf flags to avoid confusing upper layers.
769 * Strip off Ethernet header.
770 */
771 m->m_flags &= ~M_VLANTAG;
772 m->m_flags &= ~(M_PROTOFLAGS);
773 m_adj(m, ETHER_HDR_LEN);
774
775 /*
776 * Dispatch frame to upper layer.
777 */
778 switch (ether_type) {
779 #ifdef INET
780 case ETHERTYPE_IP:
781 if ((m = ip_fastforward(m)) == NULL)
782 return;
783 isr = NETISR_IP;
784 break;
785
786 case ETHERTYPE_ARP:
787 if (ifp->if_flags & IFF_NOARP) {
788 /* Discard packet if ARP is disabled on interface */
789 m_freem(m);
790 return;
791 }
792 isr = NETISR_ARP;
793 break;
794 #endif
795 #ifdef IPX
796 case ETHERTYPE_IPX:
797 if (ef_inputp && ef_inputp(ifp, eh, m) == 0)
798 return;
799 isr = NETISR_IPX;
800 break;
801 #endif
802 #ifdef INET6
803 case ETHERTYPE_IPV6:
804 isr = NETISR_IPV6;
805 break;
806 #endif
807 #ifdef NETATALK
808 case ETHERTYPE_AT:
809 isr = NETISR_ATALK1;
810 break;
811 case ETHERTYPE_AARP:
812 isr = NETISR_AARP;
813 break;
814 #endif /* NETATALK */
815 default:
816 #ifdef IPX
817 if (ef_inputp && ef_inputp(ifp, eh, m) == 0)
818 return;
819 #endif /* IPX */
820 #if defined(NETATALK)
821 if (ether_type > ETHERMTU)
822 goto discard;
823 l = mtod(m, struct llc *);
824 if (l->llc_dsap == LLC_SNAP_LSAP &&
825 l->llc_ssap == LLC_SNAP_LSAP &&
826 l->llc_control == LLC_UI) {
827 if (bcmp(&(l->llc_snap_org_code)[0], at_org_code,
828 sizeof(at_org_code)) == 0 &&
829 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AT) {
830 m_adj(m, LLC_SNAPFRAMELEN);
831 isr = NETISR_ATALK2;
832 break;
833 }
834 if (bcmp(&(l->llc_snap_org_code)[0], aarp_org_code,
835 sizeof(aarp_org_code)) == 0 &&
836 ntohs(l->llc_snap_ether_type) == ETHERTYPE_AARP) {
837 m_adj(m, LLC_SNAPFRAMELEN);
838 isr = NETISR_AARP;
839 break;
840 }
841 }
842 #endif /* NETATALK */
843 goto discard;
844 }
845 netisr_dispatch(isr, m);
846 return;
847
848 discard:
849 /*
850 * Packet is to be discarded. If netgraph is present,
851 * hand the packet to it for last chance processing;
852 * otherwise dispose of it.
853 */
854 if (IFP2AC(ifp)->ac_netgraph != NULL) {
855 KASSERT(ng_ether_input_orphan_p != NULL,
856 ("ng_ether_input_orphan_p is NULL"));
857 /*
858 * Put back the ethernet header so netgraph has a
859 * consistent view of inbound packets.
860 */
861 M_PREPEND(m, ETHER_HDR_LEN, M_DONTWAIT);
862 (*ng_ether_input_orphan_p)(ifp, m);
863 return;
864 }
865 m_freem(m);
866 }
867
868 /*
869 * Convert Ethernet address to printable (loggable) representation.
870 * This routine is for compatibility; it's better to just use
871 *
872 * printf("%6D", <pointer to address>, ":");
873 *
874 * since there's no static buffer involved.
875 */
876 char *
877 ether_sprintf(const u_char *ap)
878 {
879 static char etherbuf[18];
880 snprintf(etherbuf, sizeof (etherbuf), "%6D", ap, ":");
881 return (etherbuf);
882 }
883
884 /*
885 * Perform common duties while attaching to interface list
886 */
887 void
888 ether_ifattach(struct ifnet *ifp, const u_int8_t *lla)
889 {
890 int i;
891 struct ifaddr *ifa;
892 struct sockaddr_dl *sdl;
893
894 ifp->if_addrlen = ETHER_ADDR_LEN;
895 ifp->if_hdrlen = ETHER_HDR_LEN;
896 if_attach(ifp);
897 ifp->if_mtu = ETHERMTU;
898 ifp->if_output = ether_output;
899 ifp->if_input = ether_input;
900 ifp->if_resolvemulti = ether_resolvemulti;
901 if (ifp->if_baudrate == 0)
902 ifp->if_baudrate = IF_Mbps(10); /* just a default */
903 ifp->if_broadcastaddr = etherbroadcastaddr;
904
905 ifa = ifp->if_addr;
906 KASSERT(ifa != NULL, ("%s: no lladdr!\n", __func__));
907 sdl = (struct sockaddr_dl *)ifa->ifa_addr;
908 sdl->sdl_type = IFT_ETHER;
909 sdl->sdl_alen = ifp->if_addrlen;
910 bcopy(lla, LLADDR(sdl), ifp->if_addrlen);
911
912 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN);
913 if (ng_ether_attach_p != NULL)
914 (*ng_ether_attach_p)(ifp);
915
916 /* Announce Ethernet MAC address if non-zero. */
917 for (i = 0; i < ifp->if_addrlen; i++)
918 if (lla[i] != 0)
919 break;
920 if (i != ifp->if_addrlen)
921 if_printf(ifp, "Ethernet address: %6D\n", lla, ":");
922 }
923
924 /*
925 * Perform common duties while detaching an Ethernet interface
926 */
927 void
928 ether_ifdetach(struct ifnet *ifp)
929 {
930 if (IFP2AC(ifp)->ac_netgraph != NULL) {
931 KASSERT(ng_ether_detach_p != NULL,
932 ("ng_ether_detach_p is NULL"));
933 (*ng_ether_detach_p)(ifp);
934 }
935
936 bpfdetach(ifp);
937 if_detach(ifp);
938 }
939
940 SYSCTL_DECL(_net_link);
941 SYSCTL_NODE(_net_link, IFT_ETHER, ether, CTLFLAG_RW, 0, "Ethernet");
942 #if defined(INET) || defined(INET6)
943 SYSCTL_V_INT(V_NET, vnet_net, _net_link_ether, OID_AUTO, ipfw, CTLFLAG_RW,
944 ether_ipfw, 0, "Pass ether pkts through firewall");
945 #endif
946
947 #if 0
948 /*
949 * This is for reference. We have a table-driven version
950 * of the little-endian crc32 generator, which is faster
951 * than the double-loop.
952 */
953 uint32_t
954 ether_crc32_le(const uint8_t *buf, size_t len)
955 {
956 size_t i;
957 uint32_t crc;
958 int bit;
959 uint8_t data;
960
961 crc = 0xffffffff; /* initial value */
962
963 for (i = 0; i < len; i++) {
964 for (data = *buf++, bit = 0; bit < 8; bit++, data >>= 1) {
965 carry = (crc ^ data) & 1;
966 crc >>= 1;
967 if (carry)
968 crc = (crc ^ ETHER_CRC_POLY_LE);
969 }
970 }
971
972 return (crc);
973 }
974 #else
975 uint32_t
976 ether_crc32_le(const uint8_t *buf, size_t len)
977 {
978 static const uint32_t crctab[] = {
979 0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac,
980 0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
981 0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c,
982 0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c
983 };
984 size_t i;
985 uint32_t crc;
986
987 crc = 0xffffffff; /* initial value */
988
989 |