+/*
+ * Copyright (c) 2004-2009 Apple Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */
+
+/* $apfw: Revision 1.19 2008/10/24 02:34:06 cbzimmer Exp $ */
+/* $NetBSD: if_bridge.c,v 1.46 2006/11/23 04:07:07 rpaulo Exp $ */
+
+/*
+ * Copyright 2001 Wasabi Systems, Inc.
+ * All rights reserved.
+ *
+ * Written by Jason R. Thorpe for Wasabi Systems, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed for the NetBSD Project by
+ * Wasabi Systems, Inc.
+ * 4. The name of Wasabi Systems, Inc. may not be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Jason L. Wright
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * OpenBSD: if_bridge.c,v 1.60 2001/06/15 03:38:33 itojun Exp
+ */
+
+/*
+ * Network interface bridge support.
+ *
+ * TODO:
+ *
+ * - Currently only supports Ethernet-like interfaces (Ethernet,
+ * 802.11, VLANs on Ethernet, etc.) Figure out a nice way
+ * to bridge other types of interfaces (FDDI-FDDI, and maybe
+ * consider heterogenous bridges).
+ */
+
+#include <sys/cdefs.h>
+//_KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.46 2006/11/23 04:07:07 rpaulo Exp $");
+
+//#include "opt_bridge_ipf.h"
+//#include "opt_inet.h"
+//#include "opt_pfil_hooks.h"
+//#include "opt_wlan.h" /* APPLE MODIFICATION <cbz@apple.com> - Proxy STA support */
+//#include "bpfilter.h"
+//#include "gif.h" // APPLE MODIFICATION - add gif support
+
+#define BRIDGE_DEBUG 0
+
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/mbuf.h>
+#include <sys/queue.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/systm.h>
+#include <sys/proc.h>
+//#include <sys/pool.h>
+#include <sys/kauth.h>
+#include <sys/random.h>
+#include <sys/kern_event.h>
+#include <sys/systm.h>
+#include <sys/sysctl.h>
+
+#include <libkern/libkern.h>
+
+#include <kern/zalloc.h>
+
+#if NBPFILTER > 0
+#include <net/bpf.h>
+#endif
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/if_llc.h>
+
+#include <net/if_ether.h>
+#include <net/if_bridgevar.h>
+#include <net/dlil.h>
+
+#include <net/kpi_interfacefilter.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/ip_var.h>
+#ifdef INET6
+#include <netinet/ip6.h>
+#include <netinet6/in6_var.h>
+#include <netinet6/ip6_var.h>
+#endif
+
+#if BRIDGE_DEBUG
+#define static __private_extern__
+#endif
+
+extern void dlil_input_packet_list(struct ifnet *, struct mbuf *);
+
+/*
+ * Size of the route hash table. Must be a power of two.
+ */
+/* APPLE MODIFICATION - per Wasabi performance improvement, change the hash table size */
+#if 0
+#ifndef BRIDGE_RTHASH_SIZE
+#define BRIDGE_RTHASH_SIZE 1024
+#endif
+#else
+#ifndef BRIDGE_RTHASH_SIZE
+#define BRIDGE_RTHASH_SIZE 256
+#endif
+#endif
+
+/* APPLE MODIFICATION - support for HW checksums */
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+#include <netinet/udp.h>
+#include <netinet/tcp.h>
+#endif
+
+#define BRIDGE_RTHASH_MASK (BRIDGE_RTHASH_SIZE - 1)
+
+//#include "carp.h"
+#if NCARP > 0
+#include <netinet/in.h>
+#include <netinet/in_var.h>
+#include <netinet/ip_carp.h>
+#endif
+
+/*
+ * Maximum number of addresses to cache.
+ */
+#ifndef BRIDGE_RTABLE_MAX
+#define BRIDGE_RTABLE_MAX 100
+#endif
+
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+/*
+ * Maximum (additional to maxcache) number of proxysta addresses to cache.
+ */
+#ifndef BRIDGE_RTABLE_MAX_PROXYSTA
+#define BRIDGE_RTABLE_MAX_PROXYSTA 16
+#endif
+#endif
+
+/*
+ * Spanning tree defaults.
+ */
+#define BSTP_DEFAULT_MAX_AGE (20 * 256)
+#define BSTP_DEFAULT_HELLO_TIME (2 * 256)
+#define BSTP_DEFAULT_FORWARD_DELAY (15 * 256)
+#define BSTP_DEFAULT_HOLD_TIME (1 * 256)
+#define BSTP_DEFAULT_BRIDGE_PRIORITY 0x8000
+#define BSTP_DEFAULT_PORT_PRIORITY 0x80
+#define BSTP_DEFAULT_PATH_COST 55
+
+/*
+ * Timeout (in seconds) for entries learned dynamically.
+ */
+#ifndef BRIDGE_RTABLE_TIMEOUT
+#define BRIDGE_RTABLE_TIMEOUT (20 * 60) /* same as ARP */
+#endif
+
+/*
+ * Number of seconds between walks of the route list.
+ */
+#ifndef BRIDGE_RTABLE_PRUNE_PERIOD
+#define BRIDGE_RTABLE_PRUNE_PERIOD (5 * 60)
+#endif
+
+/*
+ * List of capabilities to mask on the member interface.
+ */
+#define BRIDGE_IFCAPS_MASK \
+ (IFCAP_CSUM_IPv4_Tx | \
+ IFCAP_CSUM_TCPv4_Tx | \
+ IFCAP_CSUM_UDPv4_Tx | \
+ IFCAP_CSUM_TCPv6_Tx | \
+ IFCAP_CSUM_UDPv6_Tx)
+
+
+int bridge_rtable_prune_period = BRIDGE_RTABLE_PRUNE_PERIOD;
+
+static zone_t bridge_rtnode_pool = NULL;
+
+static errno_t
+bridge_iff_input(void* cookie, ifnet_t ifp, __unused protocol_family_t protocol,
+ mbuf_t *data, char **frame_ptr);
+static void
+bridge_iff_event(void* cookie, ifnet_t ifp, __unused protocol_family_t protocol,
+ const struct kev_msg *event_msg);
+static void
+bridge_iff_detached(void* cookie, __unused ifnet_t interface);
+
+static uint32_t
+bridge_rthash(__unused struct bridge_softc *sc, const uint8_t *addr);
+
+static int bridge_clone_create(struct if_clone *, int);
+static void bridge_clone_destroy(struct ifnet *);
+
+static errno_t bridge_ioctl(ifnet_t ifp, unsigned long cmd, void *data);
+#if HAS_IF_CAP
+static void bridge_mutecaps(struct bridge_iflist *, int);
+#endif
+static int bridge_init(struct ifnet *);
+static void bridge_stop(struct ifnet *, int);
+
+#if BRIDGE_MEMBER_OUT_FILTER
+static errno_t
+bridge_iff_output(void *cookie, ifnet_t ifp, protocol_family_t protocol, mbuf_t *data);
+static int bridge_output(struct bridge_softc *sc, ifnet_t ifp, mbuf_t m);
+#endif /* BRIDGE_MEMBER_OUT_FILTER */
+
+static errno_t bridge_start(struct ifnet *, mbuf_t);
+static errno_t bridge_set_bpf_tap(ifnet_t ifn, bpf_tap_mode mode, bpf_packet_func bpf_callback);
+__private_extern__ errno_t bridge_bpf_input(ifnet_t ifp, struct mbuf *m);
+__private_extern__ errno_t bridge_bpf_output(ifnet_t ifp, struct mbuf *m);
+
+static void bridge_detach(ifnet_t ifp);
+
+static errno_t bridge_input(struct bridge_iflist *, struct ifnet *, struct mbuf *, void *frame_header);
+
+static void bridge_forward(struct bridge_softc *, struct mbuf *m);
+
+static void bridge_timer(void *);
+
+static void bridge_broadcast(struct bridge_softc *, struct ifnet *,
+ struct mbuf *, int);
+
+static int bridge_rtupdate(struct bridge_softc *, const uint8_t *,
+ struct ifnet *, int, uint8_t);
+static struct ifnet *bridge_rtlookup(struct bridge_softc *, const uint8_t *);
+static void bridge_rttrim(struct bridge_softc *);
+static void bridge_rtage(struct bridge_softc *);
+static void bridge_rtflush(struct bridge_softc *, int);
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+static void bridge_rtdiscovery(struct bridge_softc *);
+static void bridge_rtpurge(struct bridge_softc *, struct ifnet *);
+#endif
+static int bridge_rtdaddr(struct bridge_softc *, const uint8_t *);
+
+static int bridge_rtable_init(struct bridge_softc *);
+static void bridge_rtable_fini(struct bridge_softc *);
+
+static struct bridge_rtnode *bridge_rtnode_lookup(struct bridge_softc *,
+ const uint8_t *);
+static int bridge_rtnode_insert(struct bridge_softc *,
+ struct bridge_rtnode *);
+static void bridge_rtnode_destroy(struct bridge_softc *,
+ struct bridge_rtnode *);
+
+static struct bridge_iflist *bridge_lookup_member(struct bridge_softc *,
+ const char *name);
+static struct bridge_iflist *bridge_lookup_member_if(struct bridge_softc *,
+ struct ifnet *ifp);
+static void bridge_delete_member(struct bridge_softc *,
+ struct bridge_iflist *);
+
+static void bridge_ifdetach(struct bridge_iflist *bif, struct ifnet *ifp);
+
+
+static int bridge_ioctl_add(struct bridge_softc *, void *);
+static int bridge_ioctl_del(struct bridge_softc *, void *);
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+static int bridge_ioctl_purge(struct bridge_softc *sc, void *arg);
+#endif
+static int bridge_ioctl_gifflags(struct bridge_softc *, void *);
+static int bridge_ioctl_sifflags(struct bridge_softc *, void *);
+static int bridge_ioctl_scache(struct bridge_softc *, void *);
+static int bridge_ioctl_gcache(struct bridge_softc *, void *);
+static int bridge_ioctl_gifs32(struct bridge_softc *, void *);
+static int bridge_ioctl_gifs64(struct bridge_softc *, void *);
+static int bridge_ioctl_rts32(struct bridge_softc *, void *);
+static int bridge_ioctl_rts64(struct bridge_softc *, void *);
+static int bridge_ioctl_saddr32(struct bridge_softc *, void *);
+static int bridge_ioctl_saddr64(struct bridge_softc *, void *);
+static int bridge_ioctl_sto(struct bridge_softc *, void *);
+static int bridge_ioctl_gto(struct bridge_softc *, void *);
+static int bridge_ioctl_daddr32(struct bridge_softc *, void *);
+static int bridge_ioctl_daddr64(struct bridge_softc *, void *);
+static int bridge_ioctl_flush(struct bridge_softc *, void *);
+static int bridge_ioctl_gpri(struct bridge_softc *, void *);
+static int bridge_ioctl_spri(struct bridge_softc *, void *);
+static int bridge_ioctl_ght(struct bridge_softc *, void *);
+static int bridge_ioctl_sht(struct bridge_softc *, void *);
+static int bridge_ioctl_gfd(struct bridge_softc *, void *);
+static int bridge_ioctl_sfd(struct bridge_softc *, void *);
+static int bridge_ioctl_gma(struct bridge_softc *, void *);
+static int bridge_ioctl_sma(struct bridge_softc *, void *);
+static int bridge_ioctl_sifprio(struct bridge_softc *, void *);
+static int bridge_ioctl_sifcost(struct bridge_softc *, void *);
+
+struct bridge_control {
+ int (*bc_func)(struct bridge_softc *, void *);
+ unsigned int bc_argsize;
+ unsigned int bc_flags;
+};
+
+#define BC_F_COPYIN 0x01 /* copy arguments in */
+#define BC_F_COPYOUT 0x02 /* copy arguments out */
+#define BC_F_SUSER 0x04 /* do super-user check */
+
+static const struct bridge_control bridge_control_table32[] = {
+ { bridge_ioctl_add, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_del, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gifflags, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_COPYOUT },
+ { bridge_ioctl_sifflags, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_scache, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_gcache, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+
+ { bridge_ioctl_gifs32, sizeof(struct ifbifconf32),
+ BC_F_COPYIN|BC_F_COPYOUT },
+ { bridge_ioctl_rts32, sizeof(struct ifbaconf32),
+ BC_F_COPYIN|BC_F_COPYOUT },
+
+ { bridge_ioctl_saddr32, sizeof(struct ifbareq32),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sto, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_gto, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+
+ { bridge_ioctl_daddr32, sizeof(struct ifbareq32),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_flush, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gpri, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_spri, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_ght, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sht, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gfd, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sfd, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gma, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sma, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sifprio, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sifcost, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ { bridge_ioctl_purge, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+#endif
+};
+
+static const struct bridge_control bridge_control_table64[] = {
+ { bridge_ioctl_add, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_del, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gifflags, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_COPYOUT },
+ { bridge_ioctl_sifflags, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_scache, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_gcache, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+
+ { bridge_ioctl_gifs64, sizeof(struct ifbifconf64),
+ BC_F_COPYIN|BC_F_COPYOUT },
+ { bridge_ioctl_rts64, sizeof(struct ifbaconf64),
+ BC_F_COPYIN|BC_F_COPYOUT },
+
+ { bridge_ioctl_saddr64, sizeof(struct ifbareq64),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sto, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+ { bridge_ioctl_gto, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+
+ { bridge_ioctl_daddr64, sizeof(struct ifbareq64),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_flush, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gpri, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_spri, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_ght, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sht, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gfd, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sfd, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_gma, sizeof(struct ifbrparam),
+ BC_F_COPYOUT },
+ { bridge_ioctl_sma, sizeof(struct ifbrparam),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sifprio, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ { bridge_ioctl_sifcost, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ { bridge_ioctl_purge, sizeof(struct ifbreq),
+ BC_F_COPYIN|BC_F_SUSER },
+#endif
+};
+
+static const unsigned int bridge_control_table_size =
+sizeof(bridge_control_table32) / sizeof(bridge_control_table32[0]);
+
+static LIST_HEAD(, bridge_softc) bridge_list = LIST_HEAD_INITIALIZER(bridge_list);
+
+static lck_grp_t *bridge_lock_grp = NULL;
+static lck_attr_t *bridge_lock_attr = NULL;
+
+static lck_rw_t *bridge_list_lock = NULL;
+
+
+static struct if_clone bridge_cloner =
+ IF_CLONE_INITIALIZER("bridge",
+ bridge_clone_create,
+ bridge_clone_destroy,
+ 0,
+ IF_MAXUNIT);
+
+#if BRIDGE_DEBUG
+
+SYSCTL_DECL(_net_link);
+
+SYSCTL_NODE(_net_link, IFT_BRIDGE, bridge, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Bridge");
+
+__private_extern__ int _if_brige_debug = 0;
+
+SYSCTL_INT(_net_link_bridge, OID_AUTO, debug, CTLFLAG_RW,
+ &_if_brige_debug, 0, "Bridge debug");
+
+static void printf_ether_header(struct ether_header *eh);
+static void printf_mbuf_data(mbuf_t m, size_t offset, size_t len);
+static void printf_mbuf_pkthdr(mbuf_t m, const char *prefix, const char *suffix);
+static void printf_mbuf(mbuf_t m, const char *prefix, const char *suffix);
+static void link_print(struct sockaddr_dl * dl_p);
+
+void
+printf_mbuf_pkthdr(mbuf_t m, const char *prefix, const char *suffix)
+{
+ if (m)
+ printf("%spktlen: %u rcvif: %p header: %p nextpkt: %p%s",
+ prefix ? prefix : "",
+ (unsigned int)mbuf_pkthdr_len(m), mbuf_pkthdr_rcvif(m), mbuf_pkthdr_header(m), mbuf_nextpkt(m),
+ suffix ? suffix : "");
+ else
+ printf("%s<NULL>%s\n", prefix, suffix);
+}
+
+void
+printf_mbuf(mbuf_t m, const char *prefix, const char *suffix)
+{
+ if (m) {
+ printf("%s%p type: %u flags: 0x%x len: %u data: %p maxlen: %u datastart: %p next: %p%s",
+ prefix ? prefix : "",
+ m, mbuf_type(m), mbuf_flags(m), (unsigned int)mbuf_len(m), mbuf_data(m),
+ (unsigned int)mbuf_maxlen(m), mbuf_datastart(m), mbuf_next(m),
+ !suffix || (mbuf_flags(m) & MBUF_PKTHDR) ? "" : suffix);
+ if ((mbuf_flags(m) & MBUF_PKTHDR))
+ printf_mbuf_pkthdr(m, " ", suffix);
+ } else
+ printf("%s<NULL>%s\n", prefix, suffix);
+}
+
+void
+printf_mbuf_data(mbuf_t m, size_t offset, size_t len)
+{
+ mbuf_t n;
+ size_t i, j;
+ size_t pktlen, mlen, maxlen;
+ unsigned char *ptr;
+
+ pktlen = mbuf_pkthdr_len(m);
+
+ if (offset > pktlen)
+ return;
+
+ maxlen = (pktlen - offset > len) ? len : pktlen;
+ n = m;
+ mlen = mbuf_len(n);
+ ptr = mbuf_data(n);
+ for (i = 0, j = 0; i < maxlen; i++, j++) {
+ if (j >= mlen) {
+ n = mbuf_next(n);
+ if (n == 0)
+ break;
+ ptr = mbuf_data(n);
+ mlen = mbuf_len(n);
+ j = 0;
+ }
+ if (i >= offset) {
+ printf("%02x%s", ptr[j], i % 2 ? " " : "");
+ }
+ }
+ return;
+}
+
+static void
+printf_ether_header(struct ether_header *eh)
+{
+ printf("%02x:%02x:%02x:%02x:%02x:%02x > %02x:%02x:%02x:%02x:%02x:%02x 0x%04x ",
+ eh->ether_shost[0], eh->ether_shost[1], eh->ether_shost[2],
+ eh->ether_shost[3], eh->ether_shost[4], eh->ether_shost[5],
+ eh->ether_dhost[0], eh->ether_dhost[1], eh->ether_dhost[2],
+ eh->ether_dhost[3], eh->ether_dhost[4], eh->ether_dhost[5],
+ eh->ether_type);
+}
+#endif /* BRIDGE_DEBUG */
+
+/*
+ * bridgeattach:
+ *
+ * Pseudo-device attach routine.
+ */
+__private_extern__ int
+bridgeattach(__unused int n)
+{
+ int error;
+ lck_grp_attr_t *lck_grp_attr = NULL;
+
+ bridge_rtnode_pool = zinit(sizeof(struct bridge_rtnode), 1024 * sizeof(struct bridge_rtnode),
+ 0, "bridge_rtnode");
+
+ lck_grp_attr = lck_grp_attr_alloc_init();
+
+ bridge_lock_grp = lck_grp_alloc_init("if_bridge", lck_grp_attr);
+
+ bridge_lock_attr = lck_attr_alloc_init();
+
+#if BRIDGE_DEBUG
+ lck_attr_setdebug(bridge_lock_attr);
+#endif
+
+ bridge_list_lock = lck_rw_alloc_init(bridge_lock_grp, bridge_lock_attr);
+
+ // can free the attributes once we've allocated the group lock
+ lck_grp_attr_free(lck_grp_attr);
+
+ LIST_INIT(&bridge_list);
+ error = if_clone_attach(&bridge_cloner);
+
+ return error;
+}
+
+#if BRIDGE_DEBUG
+
+static void
+link_print(struct sockaddr_dl * dl_p)
+{
+ int i;
+
+#if 1
+ printf("sdl len %d index %d family %d type 0x%x nlen %d alen %d"
+ " slen %d addr ", dl_p->sdl_len,
+ dl_p->sdl_index, dl_p->sdl_family, dl_p->sdl_type,
+ dl_p->sdl_nlen, dl_p->sdl_alen, dl_p->sdl_slen);
+#endif
+ for (i = 0; i < dl_p->sdl_alen; i++)
+ printf("%s%x", i ? ":" : "",
+ (CONST_LLADDR(dl_p))[i]);
+ printf("\n");
+ return;
+}
+#endif /* BRIDGE_DEBUG */
+
+
+/*
+ * bridge_clone_create:
+ *
+ * Create a new bridge instance.
+ */
+/* APPLE MODIFICATION <cbz@apple.com> - add opaque <const caddr_t params> argument for cloning. This is done for
+ net80211's VAP creation (with the Marvell codebase). I think this could end up being useful
+ for other devices, too. This is not in an ifdef because it doesn't hurt anything to have
+ this extra param */
+static int
+bridge_clone_create(struct if_clone *ifc, int unit)
+{
+ struct bridge_softc *sc = NULL;
+ struct ifnet *ifp = NULL;
+ u_char eaddr[6];
+ uint32_t r;
+ struct ifnet_init_params init_params;
+ errno_t error = 0;
+ uint32_t sdl_buffer[offsetof(struct sockaddr_dl, sdl_data) + IFNAMSIZ + ETHER_ADDR_LEN];
+ struct sockaddr_dl *sdl = (struct sockaddr_dl *)sdl_buffer;
+
+ sc = _MALLOC(sizeof(*sc), M_DEVBUF, M_WAITOK);
+ memset(sc, 0, sizeof(*sc));
+
+ sc->sc_brtmax = BRIDGE_RTABLE_MAX;
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ sc->sc_brtmax_proxysta = BRIDGE_RTABLE_MAX_PROXYSTA;
+#endif
+ sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT;
+ sc->sc_bridge_max_age = BSTP_DEFAULT_MAX_AGE;
+ sc->sc_bridge_hello_time = BSTP_DEFAULT_HELLO_TIME;
+ sc->sc_bridge_forward_delay = BSTP_DEFAULT_FORWARD_DELAY;
+ sc->sc_bridge_priority = BSTP_DEFAULT_BRIDGE_PRIORITY;
+ sc->sc_hold_time = BSTP_DEFAULT_HOLD_TIME;
+ sc->sc_filter_flags = IFBF_FILT_DEFAULT;
+#ifndef BRIDGE_IPF
+ /*
+ * For backwards compatibility with previous behaviour...
+ * Switch off filtering on the bridge itself if BRIDGE_IPF is
+ * not defined.
+ */
+ sc->sc_filter_flags &= ~IFBF_FILT_USEIPF;
+#endif
+
+ /* Initialize our routing table. */
+ error = bridge_rtable_init(sc);
+ if (error != 0) {
+ printf("bridge_clone_create: bridge_rtable_init failed %d\n", error);
+ goto done;
+ }
+
+ LIST_INIT(&sc->sc_iflist);
+
+ sc->sc_mtx = lck_mtx_alloc_init(bridge_lock_grp, bridge_lock_attr);
+
+ /* use the interface name as the unique id for ifp recycle */
+ snprintf(sc->sc_if_xname, sizeof(sc->sc_if_xname), "%s%d",
+ ifc->ifc_name, unit);
+ memset(&init_params, 0, sizeof(struct ifnet_init_params));
+ init_params.uniqueid = sc->sc_if_xname;
+ init_params.uniqueid_len = strlen(sc->sc_if_xname);
+ init_params.name = ifc->ifc_name;
+ init_params.unit = unit;
+ init_params.family = IFNET_FAMILY_ETHERNET;
+ init_params.type = IFT_BRIDGE;
+ init_params.output = bridge_start;
+ init_params.demux = ether_demux;
+ init_params.add_proto = ether_add_proto;
+ init_params.del_proto = ether_del_proto;
+ init_params.check_multi = ether_check_multi;
+ init_params.framer = ether_frameout;
+ init_params.softc = sc;
+ init_params.ioctl = bridge_ioctl;
+ init_params.set_bpf_tap = bridge_set_bpf_tap;
+ init_params.detach = bridge_detach;
+ init_params.broadcast_addr = etherbroadcastaddr;
+ init_params.broadcast_len = ETHER_ADDR_LEN;
+ error = ifnet_allocate(&init_params, &ifp);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_allocate failed %d\n", error);
+ goto done;
+ }
+ sc->sc_if = ifp;
+
+ error = ifnet_set_mtu(ifp, ETHERMTU);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_mtu failed %d\n", error);
+ goto done;
+ }
+ error = ifnet_set_addrlen(ifp, ETHER_ADDR_LEN);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_addrlen failed %d\n", error);
+ goto done;
+ }
+ error = ifnet_set_baudrate(ifp, 10000000) ; // XXX: this is what IONetworking does
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_baudrate failed %d\n", error);
+ goto done;
+ }
+ error = ifnet_set_hdrlen(ifp, ETHER_HDR_LEN);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_hdrlen failed %d\n", error);
+ goto done;
+ }
+ error = ifnet_set_flags(ifp, IFF_BROADCAST | IFF_SIMPLEX | IFF_NOTRAILERS | IFF_MULTICAST,
+ 0xffff);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_flags failed %d\n", error);
+ goto done;
+ }
+
+ /*
+ * Generate a random ethernet address and use the private AC:DE:48
+ * OUI code.
+ */
+ read_random(&r, sizeof(r));
+ eaddr[0] = 0xAC;
+ eaddr[1] = 0xDE;
+ eaddr[2] = 0x48;
+ eaddr[3] = (r >> 0) & 0xffu;
+ eaddr[4] = (r >> 8) & 0xffu;
+ eaddr[5] = (r >> 16) & 0xffu;
+
+ memset(sdl, 0, sizeof(sdl_buffer));
+ sdl->sdl_family = AF_LINK;
+ sdl->sdl_nlen = strlen(sc->sc_if_xname);
+ sdl->sdl_alen = ETHER_ADDR_LEN;
+ sdl->sdl_len = offsetof(struct sockaddr_dl, sdl_data);
+ memcpy(sdl->sdl_data, sc->sc_if_xname, sdl->sdl_nlen);
+ memcpy(LLADDR(sdl), eaddr, ETHER_ADDR_LEN);
+
+#if BRIDGE_DEBUG
+ link_print(sdl);
+#endif
+
+ error = ifnet_attach(ifp, NULL);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_attach failed %d\n", error);
+ goto done;
+ }
+
+ error = ifnet_set_lladdr_and_type(ifp, eaddr, ETHER_ADDR_LEN, IFT_ETHER);
+ if (error != 0) {
+ printf("bridge_clone_create: ifnet_set_lladdr_and_type failed %d\n", error);
+ goto done;
+ }
+
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+ /*
+ * APPLE MODIFICATION - our bridge can support HW checksums
+ * (useful if underlying interfaces support them) on TX,
+ * RX is not that interesting, since the stack just looks to
+ * see if the packet has been checksummed already (I think)
+ * but we might as well indicate we support it
+ */
+ ifp->if_capabilities =
+ IFCAP_CSUM_IPv4_Tx | IFCAP_CSUM_TCPv4_Tx | IFCAP_CSUM_UDPv4_Tx |
+ IFCAP_CSUM_IPv4_Rx | IFCAP_CSUM_TCPv4_Rx | IFCAP_CSUM_UDPv4_Rx ;
+#endif
+
+ lck_rw_lock_exclusive(bridge_list_lock);
+ LIST_INSERT_HEAD(&bridge_list, sc, sc_list);
+ lck_rw_done(bridge_list_lock);
+
+ /* attach as ethernet */
+ error = bpf_attach(ifp, DLT_EN10MB, sizeof(struct ether_header), NULL, NULL);
+
+done:
+ if (error != 0) {
+ printf("bridge_clone_create failed error %d\n", error);
+ /* Cleanup TBD */
+ }
+
+ return error;
+}
+
+/*
+ * bridge_clone_destroy:
+ *
+ * Destroy a bridge instance.
+ */
+static void
+bridge_clone_destroy(struct ifnet *ifp)
+{
+ struct bridge_softc *sc = (struct bridge_softc *)ifnet_softc(ifp);
+ struct bridge_iflist *bif;
+ int error;
+
+ lck_mtx_lock(sc->sc_mtx);
+ if ((sc->sc_flags & SCF_DETACHING)) {
+ lck_mtx_unlock(sc->sc_mtx);
+ return;
+ }
+ sc->sc_flags |= SCF_DETACHING;
+
+ bridge_stop(ifp, 1);
+
+ error = ifnet_set_flags(ifp, 0, IFF_UP);
+ if (error != 0) {
+ printf("bridge_clone_destroy: ifnet_set_flags failed %d\n", error);
+ }
+
+ while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
+ bridge_delete_member(sc, bif);
+
+ lck_mtx_unlock(sc->sc_mtx);
+
+ error = ifnet_detach(ifp);
+ if (error != 0) {
+ printf("bridge_clone_destroy: ifnet_detach failed %d\n", error);
+ if ((sc = (struct bridge_softc *)ifnet_softc(ifp)) != NULL) {
+ lck_mtx_lock(sc->sc_mtx);
+ sc->sc_flags &= ~SCF_DETACHING;
+ lck_mtx_unlock(sc->sc_mtx);
+ }
+ }
+
+ return;
+}
+
+#define DRVSPEC \
+ if (ifd->ifd_cmd >= bridge_control_table_size) { \
+ error = EINVAL; \
+ break; \
+ } \
+ bc = &bridge_control_table[ifd->ifd_cmd]; \
+ \
+ if ((cmd & IOC_DIRMASK) == IOC_INOUT && \
+ (bc->bc_flags & BC_F_COPYOUT) == 0) { \
+ error = EINVAL; \
+ break; \
+ } \
+ else if (((cmd & IOC_DIRMASK) == IOC_IN) && \
+ (bc->bc_flags & BC_F_COPYOUT) != 0) { \
+ error = EINVAL; \
+ break; \
+ } \
+ \
+ if (bc->bc_flags & BC_F_SUSER) { \
+ error = kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER); \
+ if (error) \
+ break; \
+ } \
+ \
+ if (ifd->ifd_len != bc->bc_argsize || \
+ ifd->ifd_len > sizeof(args)) { \
+ error = EINVAL; \
+ break; \
+ } \
+ \
+ memset(&args, 0, sizeof(args)); \
+ if (bc->bc_flags & BC_F_COPYIN) { \
+ error = copyin(ifd->ifd_data, &args, ifd->ifd_len); \
+ if (error) \
+ break; \
+ } \
+ \
+ lck_mtx_lock(sc->sc_mtx); \
+ error = (*bc->bc_func)(sc, &args); \
+ lck_mtx_unlock(sc->sc_mtx); \
+ if (error) \
+ break; \
+ \
+ if (bc->bc_flags & BC_F_COPYOUT) \
+ error = copyout(&args, ifd->ifd_data, ifd->ifd_len)
+
+/*
+ * bridge_ioctl:
+ *
+ * Handle a control request from the operator.
+ */
+static errno_t
+bridge_ioctl(ifnet_t ifp, unsigned long cmd, void *data)
+{
+ struct bridge_softc *sc = ifnet_softc(ifp);
+ struct ifreq *ifr = (struct ifreq *) data;
+ int error = 0;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_NOTOWNED);
+
+#if BRIDGE_DEBUG
+ printf("bridge_ioctl: ifp %p cmd 0x%08lx (%c%c [%lu] %c %lu)\n",
+ ifp,
+ cmd,
+ (cmd & IOC_IN) ? 'I' : ' ',
+ (cmd & IOC_OUT) ? 'O' : ' ',
+ IOCPARM_LEN(cmd),
+ (char)IOCGROUP(cmd),
+ cmd & 0xff);
+ printf("SIOCGDRVSPEC32 %lx SIOCGDRVSPEC64 %lx\n", SIOCGDRVSPEC32, SIOCGDRVSPEC64);
+#endif
+
+ switch (cmd) {
+ case SIOCADDMULTI:
+ break;
+ case SIOCDELMULTI:
+ break;
+
+ case SIOCSDRVSPEC32:
+ case SIOCGDRVSPEC32: {
+ union {
+ struct ifbreq ifbreq;
+ struct ifbifconf32 ifbifconf;
+ struct ifbareq32 ifbareq;
+ struct ifbaconf32 ifbaconf;
+ struct ifbrparam ifbrparam;
+ } args;
+ struct ifdrv32 *ifd = (struct ifdrv32 *) data;
+ const struct bridge_control *bridge_control_table = bridge_control_table32, *bc;
+
+ DRVSPEC;
+
+ break;
+ }
+ case SIOCSDRVSPEC64:
+ case SIOCGDRVSPEC64: {
+ union {
+ struct ifbreq ifbreq;
+ struct ifbifconf64 ifbifconf;
+ struct ifbareq64 ifbareq;
+ struct ifbaconf64 ifbaconf;
+ struct ifbrparam ifbrparam;
+ } args;
+ struct ifdrv64 *ifd = (struct ifdrv64 *) data;
+ const struct bridge_control *bridge_control_table = bridge_control_table64, *bc;
+
+ DRVSPEC;
+
+ break;
+ }
+
+ case SIOCSIFFLAGS:
+ if ((ifnet_flags(ifp) & (IFF_UP|IFF_RUNNING)) == IFF_RUNNING) {
+ /*
+ * If interface is marked down and it is running,
+ * then stop and disable it.
+ */
+ lck_mtx_lock(sc->sc_mtx);
+ bridge_stop(ifp, 1);
+ lck_mtx_unlock(sc->sc_mtx);
+ } else if ((ifnet_flags(ifp) & (IFF_UP|IFF_RUNNING)) == IFF_UP) {
+ /*
+ * If interface is marked up and it is stopped, then
+ * start it.
+ */
+ lck_mtx_lock(sc->sc_mtx);
+ error = bridge_init(ifp);
+ lck_mtx_unlock(sc->sc_mtx);
+ }
+ break;
+
+ case SIOCSIFMTU:
+#if 0
+ /* APPLE MODIFICATION <cbz@apple.com>
+ if we wanted to support changing the MTU */
+ {
+ struct ifreq *ifr = (struct ifreq *)data;
+ struct bridge_iflist *bif;
+ struct ifnet *dst_if;
+ sc->sc_if.if_mtu = ifr->ifr_mtu;
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ dst_if = bif->bif_ifp;
+ error = ifnet_ioctl(dst_if, 0, cmd, data);
+ if (error)
+ break;
+ }
+ }
+#else
+ /* Do not allow the MTU to be changed on the bridge */
+ error = EINVAL;
+#endif
+ break;
+
+ /* APPLE MODIFICATION - don't pass this down to ether_ioctl, just indicate we don't handle it */
+ case SIOCGIFMEDIA:
+ error = EINVAL;
+ break;
+
+ case SIOCSIFLLADDR:
+ error = ifnet_set_lladdr(ifp, ifr->ifr_addr.sa_data, ifr->ifr_addr.sa_len);
+ if (error != 0)
+ printf("bridge_ioctl: ifnet_set_lladdr failed %d\n", error);
+ break;
+
+ default:
+ error = ether_ioctl(ifp, cmd, data);
+#if BRIDGE_DEBUG
+ if (error != 0)
+ printf("bridge_ioctl: ether_ioctl ifp %p cmd 0x%08lx (%c%c [%lu] %c %lu) failed error: %d\n",
+ ifp,
+ cmd,
+ (cmd & IOC_IN) ? 'I' : ' ',
+ (cmd & IOC_OUT) ? 'O' : ' ',
+ IOCPARM_LEN(cmd),
+ (char) IOCGROUP(cmd),
+ cmd & 0xff,
+ error);
+#endif /* BRIDGE_DEBUG */
+ break;
+ }
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_NOTOWNED);
+
+ return (error);
+}
+
+/*
+ * bridge_mutecaps:
+ *
+ * Clear or restore unwanted capabilities on the member interface
+ */
+#if HAS_IF_CAP
+void
+bridge_mutecaps(struct bridge_iflist *bif, int mute)
+{
+ struct ifnet *ifp = bif->bif_ifp;
+ struct ifcapreq ifcr;
+
+ if (ifp->if_ioctl == NULL)
+ return;
+
+ memset(&ifcr, 0, sizeof(ifcr));
+ ifcr.ifcr_capenable = ifp->if_capenable;
+
+ if (mute) {
+ /* mask off and save capabilities */
+ bif->bif_mutecap = ifcr.ifcr_capenable & BRIDGE_IFCAPS_MASK;
+ if (bif->bif_mutecap != 0)
+ ifcr.ifcr_capenable &= ~BRIDGE_IFCAPS_MASK;
+ } else
+ /* restore muted capabilities */
+ ifcr.ifcr_capenable |= bif->bif_mutecap;
+
+ if (bif->bif_mutecap != 0) {
+ (void) (*ifp->if_ioctl)(ifp, SIOCSIFCAP, (caddr_t)&ifcr);
+ }
+}
+#endif /* HAS_IF_CAP */
+
+/*
+ * bridge_lookup_member:
+ */
+static struct bridge_iflist *
+bridge_lookup_member(struct bridge_softc *sc, const char *name)
+{
+ struct bridge_iflist *bif;
+ struct ifnet *ifp;
+ char if_xname[IFNAMSIZ];
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ ifp = bif->bif_ifp;
+ snprintf(if_xname, sizeof(if_xname), "%s%d",
+ ifnet_name(ifp), ifnet_unit(ifp));
+ if (strncmp(if_xname, name, sizeof(if_xname)) == 0)
+ return (bif);
+ }
+
+ return (NULL);
+}
+
+/*
+ * bridge_lookup_member_if:
+ */
+static struct bridge_iflist *
+bridge_lookup_member_if(struct bridge_softc *sc, struct ifnet *member_ifp)
+{
+ struct bridge_iflist *bif;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ if (bif->bif_ifp == member_ifp)
+ return (bif);
+ }
+
+ return (NULL);
+}
+
+static errno_t
+bridge_iff_input(void* cookie, ifnet_t ifp, __unused protocol_family_t protocol,
+ mbuf_t *data, char **frame_ptr)
+{
+ errno_t error = 0;
+ struct bridge_iflist *bif = (struct bridge_iflist *)cookie;
+ struct bridge_softc *sc = bif->bif_sc;
+ int included = 0;
+ size_t frmlen = 0;
+ mbuf_t m = *data;
+
+ if ((m->m_flags & M_PROTO1))
+ goto out;
+
+ if (*frame_ptr >= (char *)mbuf_datastart(m) && *frame_ptr <= (char *)mbuf_data(m)) {
+ included = 1;
+ frmlen = (char *)mbuf_data(m) - *frame_ptr;
+ }
+#if BRIDGE_DEBUG
+ if (_if_brige_debug) {
+ printf("bridge_iff_input %s%d from %s%d m %p data %p frame %p %s frmlen %lu\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if),
+ ifnet_name(ifp), ifnet_unit(ifp),
+ m, mbuf_data(m), *frame_ptr, included ? "inside" : "outside", frmlen);
+
+ if (_if_brige_debug > 1) {
+ printf_mbuf(m, "bridge_iff_input[", "\n");
+ printf_ether_header((struct ether_header *)*frame_ptr);
+ printf_mbuf_data(m, 0, 20);
+ printf("\n");
+ }
+ }
+#endif /* BRIDGE_DEBUG */
+
+ /* Move data pointer to start of frame to the link layer header */
+ if (included) {
+ (void) mbuf_setdata(m, (char *)mbuf_data(m) - frmlen, mbuf_len(m) + frmlen);
+ (void) mbuf_pkthdr_adjustlen(m, frmlen);
+ } else {
+ printf("bridge_iff_input: frame_ptr outside mbuf\n");
+ goto out;
+ }
+
+ error = bridge_input(bif, ifp, m, *frame_ptr);
+
+ /* Adjust packet back to original */
+ if (error == 0) {
+ (void) mbuf_setdata(m, (char *)mbuf_data(m) + frmlen, mbuf_len(m) - frmlen);
+ (void) mbuf_pkthdr_adjustlen(m, -frmlen);
+ }
+#if BRIDGE_DEBUG
+ if (_if_brige_debug > 1) {
+ printf("\n");
+ printf_mbuf(m, "bridge_iff_input]", "\n");
+ }
+#endif /* BRIDGE_DEBUG */
+
+out:
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_NOTOWNED);
+
+ return error;
+}
+
+
+#if BRIDGE_MEMBER_OUT_FILTER
+static errno_t
+bridge_iff_output(void *cookie, ifnet_t ifp, __unused protocol_family_t protocol, mbuf_t *data)
+{
+ errno_t error = 0;
+ struct bridge_iflist *bif = (struct bridge_iflist *)cookie;
+ struct bridge_softc *sc = bif->bif_sc;
+ mbuf_t m = *data;
+
+ if ((m->m_flags & M_PROTO1))
+ goto out;
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug) {
+ printf("bridge_iff_output %s%d from %s%d m %p data %p\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if),
+ ifnet_name(ifp), ifnet_unit(ifp),
+ m, mbuf_data(m));
+ }
+#endif /* BRIDGE_DEBUG */
+
+ error = bridge_output(sc, ifp, m);
+ if (error != 0) {
+ printf("bridge_iff_output: bridge_output failed error %d\n", error);
+ }
+
+out:
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_NOTOWNED);
+
+ return error;
+}
+#endif /* BRIDGE_MEMBER_OUT_FILTER */
+
+
+static void
+bridge_iff_event(void* cookie, ifnet_t ifp, __unused protocol_family_t protocol,
+ const struct kev_msg *event_msg)
+{
+ struct bridge_iflist *bif = (struct bridge_iflist *)cookie;
+
+ if (event_msg->vendor_code == KEV_VENDOR_APPLE &&
+ event_msg->kev_class == KEV_NETWORK_CLASS &&
+ event_msg->kev_subclass == KEV_DL_SUBCLASS) {
+ switch (event_msg->event_code) {
+ case KEV_DL_IF_DETACHING:
+ bridge_ifdetach(bif, ifp);
+ break;
+
+ default:
+ break;
+ }
+ }
+}
+
+static void
+bridge_iff_detached(void* cookie, __unused ifnet_t interface)
+{
+ struct bridge_iflist *bif = (struct bridge_iflist *)cookie;
+
+ _FREE(bif, M_DEVBUF);
+
+ return;
+}
+
+/*
+ * bridge_delete_member:
+ *
+ * Delete the specified member interface.
+ */
+static void
+bridge_delete_member(struct bridge_softc *sc, struct bridge_iflist *bif)
+{
+ struct ifnet *ifs = bif->bif_ifp;
+
+ switch (ifnet_type(ifs)) {
+ case IFT_ETHER:
+ /*
+ * Take the interface out of promiscuous mode.
+ */
+ (void) ifnet_set_promiscuous(ifs, 0);
+ break;
+#if NGIF > 0
+ case IFT_GIF:
+ break;
+#endif
+ default:
+#ifdef DIAGNOSTIC
+ panic("bridge_delete_member: impossible");
+#endif
+ break;
+ }
+
+ ifs->if_bridge = NULL;
+ LIST_REMOVE(bif, bif_next);
+
+ /* Respect lock ordering with DLIL lock */
+ lck_mtx_unlock(sc->sc_mtx);
+ iflt_detach(bif->bif_iff_ref);
+ lck_mtx_lock(sc->sc_mtx);
+
+ bridge_rtdelete(sc, ifs, IFBF_FLUSHALL);
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ /* On the last deleted interface revert the MTU */
+
+ if (LIST_EMPTY(&sc->sc_iflist))
+ (void) ifnet_set_mtu(sc->sc_if, ETHERMTU);
+}
+
+static int
+bridge_ioctl_add(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif = NULL;
+ struct ifnet *ifs;
+ int error = 0;
+ /* APPLE MODIFICATION <cbz@apple.com> - is this a proxy sta being added? */
+#if IEEE80211_PROXYSTA
+ struct bridge_rtnode *brt;
+#endif
+
+ error = ifnet_find_by_name(req->ifbr_ifsname, &ifs);
+ if (error || ifs == NULL)
+ return (ENOENT);
+
+ /* Is the interface already attached to this bridge interface */
+ if (ifs->if_bridge == sc)
+ return (EEXIST);
+
+ if (ifs->if_bridge != NULL)
+ return (EBUSY);
+
+ /* First added interface resets the MTU */
+
+ if (LIST_EMPTY(&sc->sc_iflist))
+ (void) ifnet_set_mtu(sc->sc_if, ETHERMTU);
+
+ if (ifnet_mtu(sc->sc_if) != ifnet_mtu(ifs))
+ return (EINVAL);
+
+ bif = _MALLOC(sizeof(*bif), M_DEVBUF, M_WAITOK|M_ZERO);
+ if (bif == NULL)
+ return (ENOMEM);
+
+ bif->bif_ifp = ifs;
+ bif->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER;
+ bif->bif_priority = BSTP_DEFAULT_PORT_PRIORITY;
+ bif->bif_path_cost = BSTP_DEFAULT_PATH_COST;
+ bif->bif_sc = sc;
+
+ switch (ifnet_type(ifs)) {
+ case IFT_ETHER:
+ /*
+ * Place the interface into promiscuous mode.
+ */
+ error = ifnet_set_promiscuous(ifs, 1);
+ if (error)
+ goto out;
+#if HAS_IF_CAP
+ bridge_mutecaps(bif, 1);
+#endif
+ break;
+#if NGIF > 0
+ case IFT_GIF:
+ break;
+#endif
+ default:
+ error = EINVAL;
+ goto out;
+ }
+
+ /*
+ * If the LINK0 flag is set, and this is the first member interface,
+ * attempt to inherit its link-layer address.
+ */
+ if ((ifnet_flags(sc->sc_if) & IFF_LINK0) && LIST_EMPTY(&sc->sc_iflist) &&
+ ifnet_type(ifs) == IFT_ETHER) {
+ (void) ifnet_set_lladdr(sc->sc_if, ifnet_lladdr(ifs),
+ ETHER_ADDR_LEN);
+ }
+
+ // install an interface filter
+ {
+ struct iff_filter iff;
+
+ memset(&iff, 0, sizeof(struct iff_filter));
+
+ iff.iff_cookie = bif;
+ iff.iff_name = "com.apple.kernel.bsd.net.if_bridge";
+ iff.iff_input = bridge_iff_input;
+#if BRIDGE_MEMBER_OUT_FILTER
+ iff.iff_output = bridge_iff_output;
+#endif /* BRIDGE_MEMBER_OUT_FILTER */
+ iff.iff_event = bridge_iff_event;
+ iff.iff_detached = bridge_iff_detached;
+
+ /* Respect lock ordering with DLIL lock */
+ lck_mtx_unlock(sc->sc_mtx);
+ error = iflt_attach(ifs, &iff, &bif->bif_iff_ref);
+ lck_mtx_lock(sc->sc_mtx);
+ if (error != 0) {
+ printf("bridge_ioctl_add: iflt_attach failed %d\n", error);
+ goto out;
+ }
+ }
+ ifs->if_bridge = sc;
+ LIST_INSERT_HEAD(&sc->sc_iflist, bif, bif_next);
+
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+ else
+ bstp_stop(sc);
+
+ /* APPLE MODIFICATION <cbz@apple.com> - is this a proxy sta being added? */
+#if IEEE80211_PROXYSTA
+ brt = bridge_rtnode_lookup(sc, ifnet_lladdr(ifs));
+ if (brt) {
+#if DIAGNOSTIC
+ printf( "%s: attach %s to bridge as proxysta for %02x:%02x:%02x:%02x:%02x:%02x discovered on %s\n",
+ __func__, ifs->if_xname, brt->brt_addr[0], brt->brt_addr[1], brt->brt_addr[2],
+ brt->brt_addr[3], brt->brt_addr[4], brt->brt_addr[5], brt->brt_ifp->if_xname );
+#endif
+ brt->brt_ifp_proxysta = ifs;
+ }
+#endif
+
+
+out:
+ if (error) {
+ if (bif != NULL)
+ _FREE(bif, M_DEVBUF);
+ }
+ return (error);
+}
+
+static int
+bridge_ioctl_del(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ bridge_delete_member(sc, bif);
+
+ return (0);
+}
+
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+static int
+bridge_ioctl_purge(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+ struct ifnet *ifs;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ ifs = bif->bif_ifp;
+ bridge_rtpurge(sc, ifs);
+
+ return (0);
+}
+#endif
+
+static int
+bridge_ioctl_gifflags(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ req->ifbr_ifsflags = bif->bif_flags;
+ req->ifbr_state = bif->bif_state;
+ req->ifbr_priority = bif->bif_priority;
+ req->ifbr_path_cost = bif->bif_path_cost;
+ req->ifbr_portno = ifnet_index(bif->bif_ifp) & 0xffff;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_sifflags(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ if (req->ifbr_ifsflags & IFBIF_STP) {
+ switch (ifnet_type(bif->bif_ifp)) {
+ case IFT_ETHER:
+ /* These can do spanning tree. */
+ break;
+
+ default:
+ /* Nothing else can. */
+ return (EINVAL);
+ }
+ }
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ if ((bif->bif_flags & IFBIF_PROXYSTA_DISCOVER) &&
+ ((req->ifbr_ifsflags & IFBIF_PROXYSTA_DISCOVER) == 0))
+ bridge_rtpurge(sc, bif->bif_ifp);
+#endif
+
+ bif->bif_flags = req->ifbr_ifsflags;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ if (bif->bif_flags & IFBIF_PROXYSTA_DISCOVER)
+ bridge_rtdiscovery(sc);
+#endif
+
+ return (0);
+}
+
+static int
+bridge_ioctl_scache(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ sc->sc_brtmax = param->ifbrp_csize;
+ bridge_rttrim(sc);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_gcache(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_csize = sc->sc_brtmax;
+
+ return (0);
+}
+
+#define BRIDGE_IOCTL_GIFS \
+ struct bridge_iflist *bif; \
+ struct ifbreq breq; \
+ int count, error = 0; \
+ uint32_t len; \
+ \
+ count = 0; \
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) \
+ count++; \
+ \
+ if (bifc->ifbic_len == 0) { \
+ bifc->ifbic_len = sizeof(breq) * count; \
+ return (0); \
+ } \
+ \
+ count = 0; \
+ len = bifc->ifbic_len; \
+ memset(&breq, 0, sizeof breq); \
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) { \
+ if (len < sizeof(breq)) \
+ break; \
+ \
+ snprintf(breq.ifbr_ifsname, sizeof(breq.ifbr_ifsname), "%s%d", \
+ ifnet_name(bif->bif_ifp), ifnet_unit(bif->bif_ifp)); \
+ breq.ifbr_ifsflags = bif->bif_flags; \
+ breq.ifbr_state = bif->bif_state; \
+ breq.ifbr_priority = bif->bif_priority; \
+ breq.ifbr_path_cost = bif->bif_path_cost; \
+ breq.ifbr_portno = ifnet_index(bif->bif_ifp) & 0xffff; \
+ error = copyout(&breq, bifc->ifbic_req + count * sizeof(breq), sizeof(breq)); \
+ if (error) \
+ break; \
+ count++; \
+ len -= sizeof(breq); \
+ } \
+ \
+ bifc->ifbic_len = sizeof(breq) * count
+
+
+static int
+bridge_ioctl_gifs64(struct bridge_softc *sc, void *arg)
+{
+ struct ifbifconf64 *bifc = arg;
+
+ BRIDGE_IOCTL_GIFS;
+
+ return (error);
+}
+
+static int
+bridge_ioctl_gifs32(struct bridge_softc *sc, void *arg)
+{
+ struct ifbifconf32 *bifc = arg;
+
+ BRIDGE_IOCTL_GIFS;
+
+ return (error);
+}
+
+#define BRIDGE_IOCTL_RTS \
+ struct bridge_rtnode *brt; \
+ int count = 0, error = 0; \
+ uint32_t len; \
+ struct timespec now; \
+ \
+ if (bac->ifbac_len == 0) \
+ return (0); \
+ \
+ len = bac->ifbac_len; \
+ LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) { \
+ if (len < sizeof(bareq)) \
+ goto out; \
+ memset(&bareq, 0, sizeof(bareq)); \
+ snprintf(bareq.ifba_ifsname, sizeof(bareq.ifba_ifsname), "%s%d", \
+ ifnet_name(brt->brt_ifp), ifnet_unit(brt->brt_ifp)); \
+ memcpy(bareq.ifba_dst, brt->brt_addr, sizeof(brt->brt_addr)); \
+ if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) { \
+ nanouptime(&now); \
+ if (brt->brt_expire >= (unsigned long)now.tv_sec) \
+ bareq.ifba_expire = brt->brt_expire - now.tv_sec; \
+ else \
+ bareq.ifba_expire = 0; \
+ } else \
+ bareq.ifba_expire = 0; \
+ bareq.ifba_flags = brt->brt_flags; \
+ \
+ error = copyout(&bareq, bac->ifbac_req + count * sizeof(bareq), sizeof(bareq)); \
+ if (error) \
+ goto out; \
+ count++; \
+ len -= sizeof(bareq); \
+ } \
+out: \
+ bac->ifbac_len = sizeof(bareq) * count
+
+
+static int
+bridge_ioctl_rts64(struct bridge_softc *sc, void *arg)
+{
+ struct ifbaconf64 *bac = arg;
+ struct ifbareq64 bareq;
+
+ BRIDGE_IOCTL_RTS;
+
+ return (error);
+}
+
+static int
+bridge_ioctl_rts32(struct bridge_softc *sc, void *arg)
+{
+ struct ifbaconf32 *bac = arg;
+ struct ifbareq32 bareq;
+
+ BRIDGE_IOCTL_RTS;
+
+ return (error);
+}
+
+static int
+bridge_ioctl_saddr64(struct bridge_softc *sc, void *arg)
+{
+ struct ifbareq64 *req = arg;
+ struct bridge_iflist *bif;
+ int error;
+
+ bif = bridge_lookup_member(sc, req->ifba_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
+ req->ifba_flags);
+
+ return (error);
+}
+
+static int
+bridge_ioctl_saddr32(struct bridge_softc *sc, void *arg)
+{
+ struct ifbareq32 *req = arg;
+ struct bridge_iflist *bif;
+ int error;
+
+ bif = bridge_lookup_member(sc, req->ifba_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ error = bridge_rtupdate(sc, req->ifba_dst, bif->bif_ifp, 1,
+ req->ifba_flags);
+
+ return (error);
+}
+
+static int
+bridge_ioctl_sto(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ sc->sc_brttimeout = param->ifbrp_ctime;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_gto(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_ctime = sc->sc_brttimeout;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_daddr64(struct bridge_softc *sc, void *arg)
+{
+ struct ifbareq64 *req = arg;
+
+ return (bridge_rtdaddr(sc, req->ifba_dst));
+}
+
+static int
+bridge_ioctl_daddr32(struct bridge_softc *sc, void *arg)
+{
+ struct ifbareq32 *req = arg;
+
+ return (bridge_rtdaddr(sc, req->ifba_dst));
+}
+
+static int
+bridge_ioctl_flush(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+
+ bridge_rtflush(sc, req->ifbr_ifsflags);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_gpri(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_prio = sc->sc_bridge_priority;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_spri(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ sc->sc_bridge_priority = param->ifbrp_prio;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_ght(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_hellotime = sc->sc_bridge_hello_time >> 8;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_sht(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ if (param->ifbrp_hellotime == 0)
+ return (EINVAL);
+ sc->sc_bridge_hello_time = param->ifbrp_hellotime << 8;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_gfd(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_fwddelay = sc->sc_bridge_forward_delay >> 8;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_sfd(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ if (param->ifbrp_fwddelay == 0)
+ return (EINVAL);
+ sc->sc_bridge_forward_delay = param->ifbrp_fwddelay << 8;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_gma(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ param->ifbrp_maxage = sc->sc_bridge_max_age >> 8;
+
+ return (0);
+}
+
+static int
+bridge_ioctl_sma(struct bridge_softc *sc, void *arg)
+{
+ struct ifbrparam *param = arg;
+
+ if (param->ifbrp_maxage == 0)
+ return (EINVAL);
+ sc->sc_bridge_max_age = param->ifbrp_maxage << 8;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+static int
+bridge_ioctl_sifprio(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ bif->bif_priority = req->ifbr_priority;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+static void
+bridge_proxysta_notify_macaddr(struct ifnet *ifp, int op, const uint8_t *mac)
+{
+ struct proxy_sta_event iev;
+
+ memset(&iev, 0, sizeof(iev));
+ memcpy(iev.iev_addr, mac, ETHER_ADDR_LEN);
+
+ rt_proxystamsg(ifp, op, &iev, sizeof(iev));
+}
+
+static void
+bridge_proxysta_discover(struct ifnet *ifp, const uint8_t *mac)
+{
+ bridge_proxysta_notify_macaddr( ifp, RTM_PROXYSTA_DISCOVERY, mac );
+}
+
+static void
+bridge_proxysta_idle_timeout(struct ifnet *ifp, const uint8_t *mac)
+{
+ bridge_proxysta_notify_macaddr( ifp, RTM_PROXYSTA_IDLE_TIMEOUT, mac );
+}
+#endif
+
+static int
+bridge_ioctl_sifcost(struct bridge_softc *sc, void *arg)
+{
+ struct ifbreq *req = arg;
+ struct bridge_iflist *bif;
+
+ bif = bridge_lookup_member(sc, req->ifbr_ifsname);
+ if (bif == NULL)
+ return (ENOENT);
+
+ bif->bif_path_cost = req->ifbr_path_cost;
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING)
+ bstp_initialization(sc);
+
+ return (0);
+}
+
+/*
+ * bridge_ifdetach:
+ *
+ * Detach an interface from a bridge. Called when a member
+ * interface is detaching.
+ */
+static void
+bridge_ifdetach(struct bridge_iflist *bif, struct ifnet *ifp)
+{
+ struct bridge_softc *sc = bif->bif_sc;
+ struct ifbreq breq;
+
+ memset(&breq, 0, sizeof(breq));
+ snprintf(breq.ifbr_ifsname, sizeof(breq.ifbr_ifsname), "%s%d",
+ ifnet_name(ifp), ifnet_unit(ifp));
+
+ lck_mtx_lock(sc->sc_mtx);
+
+ (void) bridge_ioctl_del(sc, &breq);
+
+ lck_mtx_unlock(sc->sc_mtx);
+}
+
+/*
+ * bridge_init:
+ *
+ * Initialize a bridge interface.
+ */
+static int
+bridge_init(struct ifnet *ifp)
+{
+ struct bridge_softc *sc = ifnet_softc(ifp);
+ struct timespec ts;
+ errno_t error;
+
+ if (ifnet_flags(ifp) & IFF_RUNNING)
+ return (0);
+
+ ts.tv_sec = bridge_rtable_prune_period;
+ ts.tv_nsec = 0;
+ bsd_timeout(bridge_timer, sc, &ts);
+
+ error = ifnet_set_flags(ifp, IFF_RUNNING, IFF_RUNNING);
+ if (error == 0)
+ bstp_initialization(sc);
+
+ return error;
+}
+
+/*
+ * bridge_stop:
+ *
+ * Stop the bridge interface.
+ */
+static void
+bridge_stop(struct ifnet *ifp, __unused int disable)
+{
+ struct bridge_softc *sc = ifnet_softc(ifp);
+
+ if ((ifnet_flags(ifp) & IFF_RUNNING) == 0)
+ return;
+
+ bsd_untimeout(bridge_timer, sc);
+ bstp_stop(sc);
+
+ bridge_rtflush(sc, IFBF_FLUSHDYN);
+
+ (void) ifnet_set_flags(ifp, 0, IFF_RUNNING);
+}
+
+/*
+ * bridge_enqueue:
+ *
+ * Enqueue a packet on a bridge member interface.
+ *
+ * Note: this is called both on the input and output path so this routine
+ * cannot simply muck with the HW checksum flag. For the time being we
+ * rely on the caller to do the right thing.
+ */
+__private_extern__ void
+bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
+{
+ int len, error;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf("bridge_enqueue sc %s%d to dst_ifp %s%d m %p\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if),
+ ifnet_name(dst_ifp), ifnet_unit(dst_ifp), m);
+#endif /* BRIDGE_DEBUG */
+
+ len = m->m_pkthdr.len;
+ m->m_flags |= M_PROTO1; //set to avoid loops
+
+ error = ifnet_output_raw(dst_ifp, 0, m);
+ if (error == 0) {
+ (void) ifnet_stat_increment_out(sc->sc_if, 1, len, 0);
+ } else {
+ (void) ifnet_stat_increment_out(sc->sc_if, 0, 0, 1);
+ }
+
+ return;
+}
+
+
+#if BRIDGE_MEMBER_OUT_FILTER
+
+/*
+ * bridge_output:
+ *
+ * Send output from a bridge member interface. This
+ * performs the bridging function for locally originated
+ * packets.
+ *
+ * The mbuf has the Ethernet header already attached. We must
+ * enqueue or free the mbuf before returning.
+ */
+static int
+bridge_output(struct bridge_softc *sc, ifnet_t ifp, mbuf_t m)
+{
+ struct ether_header *eh;
+ struct ifnet *dst_if;
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf("bridge_output ifp %p %s%d\n", ifp, ifnet_name(ifp), ifnet_unit(ifp));
+#endif /* BRIDGE_DEBUG */
+
+ if (m->m_len < ETHER_HDR_LEN) {
+ m = m_pullup(m, ETHER_HDR_LEN);
+ if (m == NULL) {
+ printf("bridge_output ifp %p m_pullup failed\n", ifp);
+ return EJUSTRETURN;
+ }
+ }
+
+ eh = mtod(m, struct ether_header *);
+
+ /* APPLE MODIFICATION <jhw@apple.com>
+ * If the packet is an 802.1X ethertype, then only send on the
+ * original output interface.
+ */
+ if (eh->ether_type == htons(ETHERTYPE_PAE)) {
+ dst_if = ifp;
+ goto sendunicast;
+ }
+
+ /*
+ * If bridge is down, but the original output interface is up,
+ * go ahead and send out that interface. Otherwise, the packet
+ * is dropped below.
+ */
+ if ((ifnet_flags(sc->sc_if) & IFF_RUNNING) == 0) {
+ dst_if = ifp;
+ goto sendunicast;
+ }
+
+ lck_mtx_lock(sc->sc_mtx);
+
+ /*
+ * If the packet is a multicast, or we don't know a better way to
+ * get there, send to all interfaces.
+ */
+ if (ETHER_IS_MULTICAST(eh->ether_dhost))
+ dst_if = NULL;
+ else
+ dst_if = bridge_rtlookup(sc, eh->ether_dhost);
+ if (dst_if == NULL) {
+ struct bridge_iflist *bif;
+ struct mbuf *mc;
+ int used = 0;
+
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ dst_if = bif->bif_ifp;
+ if ((ifnet_flags(dst_if) & IFF_RUNNING) == 0)
+ continue;
+
+ /*
+ * If this is not the original output interface,
+ * and the interface is participating in spanning
+ * tree, make sure the port is in a state that
+ * allows forwarding.
+ */
+ if (dst_if != ifp &&
+ (bif->bif_flags & IFBIF_STP) != 0) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_BLOCKING:
+ case BSTP_IFSTATE_LISTENING:
+ case BSTP_IFSTATE_DISABLED:
+ continue;
+ }
+ }
+
+ if (LIST_NEXT(bif, bif_next) == NULL) {
+ used = 1;
+ mc = m;
+ } else {
+ mc = m_copym(m, 0, M_COPYALL, M_NOWAIT);
+ if (mc == NULL) {
+ printf("bridge_output ifp %p m_copym failed\n", ifp);
+ (void) ifnet_stat_increment_out(sc->sc_if, 0, 0, 1);
+ continue;
+ }
+ }
+
+ bridge_enqueue(sc, dst_if, mc);
+ }
+ if (used == 0) {
+ printf("bridge_output ifp %p not used\n", ifp);
+ m_freem(m);
+ }
+ lck_mtx_unlock(sc->sc_mtx);
+
+ return EJUSTRETURN;
+ }
+
+sendunicast:
+ /*
+ * XXX Spanning tree consideration here?
+ */
+
+ if ((ifnet_flags(dst_if) & IFF_RUNNING) == 0) {
+ printf("bridge_output ifp %p dst_if %p not running\n", ifp, dst_if);
+ m_freem(m);
+
+ return EJUSTRETURN;
+ }
+
+ if (dst_if != ifp) {
+ lck_mtx_lock(sc->sc_mtx);
+
+ bridge_enqueue(sc, dst_if, m);
+
+ lck_mtx_unlock(sc->sc_mtx);
+
+ return EJUSTRETURN;
+ }
+
+ return (0);
+}
+#endif /* BRIDGE_MEMBER_OUT_FILTER */
+
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+static struct mbuf* bridge_fix_txcsum( struct mbuf *m )
+{
+ // basic tests indicate that the vast majority of packets being processed
+ // here have an Ethernet header mbuf pre-pended to them (the first case below)
+ // the second highest are those where the Ethernet and IP/TCP/UDP headers are
+ // all in one mbuf (second case below)
+ // the third case has, in fact, never hit for me -- although if I comment out
+ // the first two cases, that code works for them, so I consider it a
+ // decent general solution
+
+ int amt = ETHER_HDR_LEN;
+ int hlen = M_CSUM_DATA_IPv4_IPHL( m->m_pkthdr.csum_data );
+ int off = M_CSUM_DATA_IPv4_OFFSET( m->m_pkthdr.csum_data );
+
+ /*
+ * NOTE we should never get vlan-attached packets here;
+ * support for those COULD be added, but we don't use them
+ * and it really kinda slows things down to worry about them
+ */
+
+#ifdef DIAGNOSTIC
+ if ( m_tag_find( m, PACKET_TAG_VLAN, NULL ) != NULL )
+ {
+ printf( "bridge: transmitting packet tagged with VLAN?\n" );
+ KASSERT( 0 );
+ m_freem( m );
+ return NULL;
+ }
+#endif
+
+ if ( m->m_pkthdr.csum_flags & M_CSUM_IPv4 )
+ {
+ amt += hlen;
+ }
+ if ( m->m_pkthdr.csum_flags & M_CSUM_TCPv4 )
+ {
+ amt += off + sizeof( uint16_t );
+ }
+
+ if ( m->m_pkthdr.csum_flags & M_CSUM_UDPv4 )
+ {
+ amt += off + sizeof( uint16_t );
+ }
+
+ if ( m->m_len == ETHER_HDR_LEN )
+ {
+ // this is the case where there's an Ethernet header in an mbuf
+
+ // the first mbuf is the Ethernet header -- just strip it off and do the checksum
+ struct mbuf *m_ip = m->m_next;
+
+ // set up m_ip so the cksum operations work
+ /* APPLE MODIFICATION 22 Apr 2008 <mvega@apple.com>
+ * <rdar://5817385> Clear the m_tag list before setting
+ * M_PKTHDR.
+ *
+ * If this m_buf chain was extended via M_PREPEND(), then
+ * m_ip->m_pkthdr is identical to m->m_pkthdr (see
+ * M_MOVE_PKTHDR()). The only thing preventing access to this
+ * invalid packet header data is the fact that the M_PKTHDR
+ * flag is clear, i.e., m_ip->m_flag & M_PKTHDR == 0, but we're
+ * about to set the M_PKTHDR flag, so to be safe we initialize,
+ * more accurately, we clear, m_ip->m_pkthdr.tags via
+ * m_tag_init().
+ *
+ * Suppose that we do not do this; if m_pullup(), below, fails,
+ * then m_ip will be freed along with m_ip->m_pkthdr.tags, but
+ * we will also free m soon after, via m_freem(), and
+ * consequently attempt to free m->m_pkthdr.tags in the
+ * process. The problem is that m->m_pkthdr.tags will have
+ * already been freed by virtue of being equal to
+ * m_ip->m_pkthdr.tags. Attempts to dereference
+ * m->m_pkthdr.tags in m_tag_delete_chain() will result in a
+ * panic.
+ */
+ m_tag_init(m_ip);
+ /* END MODIFICATION */
+ m_ip->m_flags |= M_PKTHDR;
+ m_ip->m_pkthdr.csum_flags = m->m_pkthdr.csum_flags;
+ m_ip->m_pkthdr.csum_data = m->m_pkthdr.csum_data;
+ m_ip->m_pkthdr.len = m->m_pkthdr.len - ETHER_HDR_LEN;
+
+ // set up the header mbuf so we can prepend it back on again later
+ m->m_pkthdr.csum_flags = 0;
+ m->m_pkthdr.csum_data = 0;
+ m->m_pkthdr.len = ETHER_HDR_LEN;
+ m->m_next = NULL;
+
+
+ // now do the checksums we need -- first IP
+ if ( m_ip->m_pkthdr.csum_flags & M_CSUM_IPv4 )
+ {
+ // make sure the IP header (or at least the part with the cksum) is there
+ m_ip = m_pullup( m_ip, sizeof( struct ip ) );
+ if ( m_ip == NULL )
+ {
+ printf( "bridge: failed to flatten header\n ");
+ m_freem( m );
+ return NULL;
+ }
+
+ // now do the checksum
+ {
+ struct ip *ip = mtod( m_ip, struct ip* );
+ ip->ip_sum = in_cksum( m_ip, hlen );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed IPv4 checksum\n" );
+#endif
+ }
+ }
+
+ // now do a TCP or UDP delayed checksum
+ if ( m_ip->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4) )
+ {
+ in_delayed_cksum( m_ip );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed TCPv4/UDPv4 checksum\n" );
+#endif
+ }
+
+ // now attach the ethernet header back onto the IP packet
+ m->m_next = m_ip;
+ m->m_pkthdr.len += m_length( m_ip );
+
+ // clear the M_PKTHDR flags on the ip packet (again, we re-attach later)
+ m_ip->m_flags &= ~M_PKTHDR;
+
+ // and clear any csum flags
+ m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_IPv4);
+ }
+ else if ( m->m_len >= amt )
+ {
+ // everything fits in the first mbuf, so futz with m->m_data, m->m_len and m->m_pkthdr.len to
+ // make it work
+ m->m_len -= ETHER_HDR_LEN;
+ m->m_data += ETHER_HDR_LEN;
+ m->m_pkthdr.len -= ETHER_HDR_LEN;
+
+ // now do the checksums we need -- first IP
+ if ( m->m_pkthdr.csum_flags & M_CSUM_IPv4 )
+ {
+ struct ip *ip = mtod( m, struct ip* );
+ ip->ip_sum = in_cksum( m, hlen );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed IPv4 checksum\n" );
+#endif
+ }
+
+ // now do a TCP or UDP delayed checksum
+ if ( m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4) )
+ {
+ in_delayed_cksum( m );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed TCPv4/UDPv4 checksum\n" );
+#endif
+ }
+
+ // now stick the ethernet header back on
+ m->m_len += ETHER_HDR_LEN;
+ m->m_data -= ETHER_HDR_LEN;
+ m->m_pkthdr.len += ETHER_HDR_LEN;
+
+ // and clear any csum flags
+ m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_IPv4);
+ }
+ else
+ {
+ struct mbuf *m_ip;
+
+ // general case -- need to simply split it off and deal
+
+ // first, calculate how much needs to be made writable (we may have a read-only mbuf here)
+ hlen = M_CSUM_DATA_IPv4_IPHL( m->m_pkthdr.csum_data );
+#if PARANOID
+ off = M_CSUM_DATA_IPv4_OFFSET( m->m_pkthdr.csum_data );
+
+ if ( m->m_pkthdr.csum_flags & M_CSUM_IPv4 )
+ {
+ amt += hlen;
+ }
+
+ if ( m->m_pkthdr.csum_flags & M_CSUM_TCPv4 )
+ {
+ amt += sizeof( struct tcphdr * );
+ amt += off;
+ }
+
+ if ( m->m_pkthdr.csum_flags & M_CSUM_UDPv4 )
+ {
+ amt += sizeof( struct udphdr * );
+ amt += off;
+ }
+#endif
+
+ // now split the ethernet header off of the IP packet (we'll re-attach later)
+ m_ip = m_split( m, ETHER_HDR_LEN, M_NOWAIT );
+ if ( m_ip == NULL )
+ {
+ printf( "bridge_fix_txcsum: could not split ether header\n" );
+
+ m_freem( m );
+ return NULL;
+ }
+
+#if PARANOID
+ // make sure that the IP packet is writable for the portion we need
+ if ( m_makewritable( &m_ip, 0, amt, M_DONTWAIT ) != 0 )
+ {
+ printf( "bridge_fix_txcsum: could not make %d bytes writable\n", amt );
+
+ m_freem( m );
+ m_freem( m_ip );
+ return NULL;
+ }
+#endif
+
+ m_ip->m_pkthdr.csum_flags = m->m_pkthdr.csum_flags;
+ m_ip->m_pkthdr.csum_data = m->m_pkthdr.csum_data;
+
+ m->m_pkthdr.csum_flags = 0;
+ m->m_pkthdr.csum_data = 0;
+
+ // now do the checksums we need -- first IP
+ if ( m_ip->m_pkthdr.csum_flags & M_CSUM_IPv4 )
+ {
+ // make sure the IP header (or at least the part with the cksum) is there
+ m_ip = m_pullup( m_ip, sizeof( struct ip ) );
+ if ( m_ip == NULL )
+ {
+ printf( "bridge: failed to flatten header\n ");
+ m_freem( m );
+ return NULL;
+ }
+
+ // now do the checksum
+ {
+ struct ip *ip = mtod( m_ip, struct ip* );
+ ip->ip_sum = in_cksum( m_ip, hlen );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed IPv4 checksum\n" );
+#endif
+ }
+ }
+
+ // now do a TCP or UDP delayed checksum
+ if ( m_ip->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4) )
+ {
+ in_delayed_cksum( m_ip );
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf( "bridge: performed TCPv4/UDPv4 checksum\n" );
+#endif
+ }
+
+ // now attach the ethernet header back onto the IP packet
+ m->m_next = m_ip;
+ m->m_pkthdr.len += m_length( m_ip );
+
+ // clear the M_PKTHDR flags on the ip packet (again, we re-attach later)
+ m_ip->m_flags &= ~M_PKTHDR;
+
+ // and clear any csum flags
+ m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_IPv4);
+ }
+
+ return m;
+}
+#endif
+
+/*
+ * bridge_start:
+ *
+ * Start output on a bridge.
+ */
+static errno_t
+bridge_start(ifnet_t ifp, mbuf_t m)
+{
+ struct bridge_softc *sc = ifnet_softc(ifp);
+ struct ether_header *eh;
+ struct ifnet *dst_if;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_NOTOWNED);
+
+ eh = mtod(m, struct ether_header *);
+
+ if ((m->m_flags & (M_BCAST|M_MCAST)) == 0 &&
+ (dst_if = bridge_rtlookup(sc, eh->ether_dhost)) != NULL) {
+
+ {
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+ /*
+ * APPLE MODIFICATION - if the packet needs a checksum (i.e.,
+ * checksum has been deferred for HW support) AND the destination
+ * interface doesn't support HW checksums, then we
+ * need to fix-up the checksum here
+ */
+ if (
+ ( (m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_IPv4) ) != 0 ) &&
+ ( (dst_if->if_csum_flags_tx & m->m_pkthdr.csum_flags ) != m->m_pkthdr.csum_flags )
+ )
+ {
+ m = bridge_fix_txcsum( m );
+ if ( m == NULL )
+ {
+ goto done;
+ }
+ }
+
+#else
+ if (eh->ether_type == htons(ETHERTYPE_IP))
+ mbuf_outbound_finalize(m, PF_INET, sizeof(struct ether_header));
+ else
+ m->m_pkthdr.csum_flags = 0;
+#endif
+ lck_mtx_lock(sc->sc_mtx);
+ #if NBPFILTER > 0
+ if (sc->sc_bpf_output)
+ bridge_bpf_output(ifp, m);
+ #endif
+ bridge_enqueue(sc, dst_if, m);
+ lck_mtx_unlock(sc->sc_mtx);
+ }
+ } else
+ {
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+
+ /*
+ * APPLE MODIFICATION - if the MULTICAST packet needs a checksum (i.e.,
+ * checksum has been deferred for HW support) AND at least one destination
+ * interface doesn't support HW checksums, then we go ahead and fix it up
+ * here, since it doesn't make sense to do it more than once
+ */
+
+ if (
+ (m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_IPv4)) &&
+ /*
+ * XXX FIX ME: keep track of whether or not we have any interfaces that
+ * do not support checksums (for now, assume we do)
+ */
+ ( 1 )
+ )
+ {
+ m = bridge_fix_txcsum( m );
+ if ( m == NULL )
+ {
+ goto done;
+ }
+ }
+#else
+ if (eh->ether_type == htons(ETHERTYPE_IP))
+ mbuf_outbound_finalize(m, PF_INET, sizeof(struct ether_header));
+ else
+ m->m_pkthdr.csum_flags = 0;
+#endif
+
+ lck_mtx_lock(sc->sc_mtx);
+ #if NBPFILTER > 0
+ if (sc->sc_bpf_output)
+ bridge_bpf_output(ifp, m);
+ #endif
+ bridge_broadcast(sc, ifp, m, 0);
+ lck_mtx_unlock(sc->sc_mtx);
+ }
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+done:
+#endif
+
+ return 0;
+}
+
+/*
+ * bridge_forward:
+ *
+ * The forwarding function of the bridge.
+ */
+static void
+bridge_forward(struct bridge_softc *sc, struct mbuf *m)
+{
+ struct bridge_iflist *bif;
+ struct ifnet *src_if, *dst_if;
+ struct ether_header *eh;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf("bridge_forward %s%d m%p\n", ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if), m);
+#endif /* BRIDGE_DEBUG */
+
+ src_if = m->m_pkthdr.rcvif;
+
+ (void) ifnet_stat_increment_in(sc->sc_if, 1, m->m_pkthdr.len, 0);
+
+ /*
+ * Look up the bridge_iflist.
+ */
+ bif = bridge_lookup_member_if(sc, src_if);
+ if (bif == NULL) {
+ /* Interface is not a bridge member (anymore?) */
+ m_freem(m);
+ return;
+ }
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add the ability to block forwarding of packets; for the guest network */
+#if ( APPLE_HAVE_80211_GUEST_NETWORK )
+ if (bif->bif_flags & IFBIF_NO_FORWARDING) {
+ /* Drop the packet and we're done. */
+ m_freem(m);
+ return;
+ }
+#endif
+
+ if (bif->bif_flags & IFBIF_STP) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_BLOCKING:
+ case BSTP_IFSTATE_LISTENING:
+ case BSTP_IFSTATE_DISABLED:
+ m_freem(m);
+ return;
+ }
+ }
+
+ eh = mtod(m, struct ether_header *);
+
+ /*
+ * If the interface is learning, and the source
+ * address is valid and not multicast, record
+ * the address.
+ */
+ if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
+ ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
+ (eh->ether_shost[0] | eh->ether_shost[1] |
+ eh->ether_shost[2] | eh->ether_shost[3] |
+ eh->ether_shost[4] | eh->ether_shost[5]) != 0) {
+ (void) bridge_rtupdate(sc, eh->ether_shost,
+ src_if, 0, IFBAF_DYNAMIC);
+ }
+
+ if ((bif->bif_flags & IFBIF_STP) != 0 &&
+ bif->bif_state == BSTP_IFSTATE_LEARNING) {
+ m_freem(m);
+ return;
+ }
+
+ /*
+ * At this point, the port either doesn't participate
+ * in spanning tree or it is in the forwarding state.
+ */
+
+ /*
+ * If the packet is unicast, destined for someone on
+ * "this" side of the bridge, drop it.
+ */
+ if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
+ /* APPLE MODIFICATION <cbz@apple.com> - if the packet came in on a proxy sta discovery interface,
+ we need to not look up the node by DA of the packet; we need to look up the proxy sta which
+ matches the SA. If it's not found yet, drop the packet. */
+#if IEEE80211_PROXYSTA
+ if (bif->bif_flags & IFBIF_PROXYSTA_DISCOVER)
+ {
+ struct bridge_rtnode *brt;
+ dst_if = NULL;
+ brt = bridge_rtnode_lookup(sc, eh->ether_shost);
+ if (brt) {
+ dst_if = brt->brt_ifp_proxysta;
+ }
+ if (dst_if == NULL) {
+ m_freem(m);
+ return;
+ }
+ }
+ else
+#endif
+ dst_if = bridge_rtlookup(sc, eh->ether_dhost);
+ if (src_if == dst_if) {
+ m_freem(m);
+ return;
+ }
+ } else {
+ /* ...forward it to all interfaces. */
+ sc->sc_if->if_imcasts++;
+ dst_if = NULL;
+ }
+
+ /* APPLE MODIFICATION
+ <rnewberry@apple.com> - this is now handled by bridge_input
+ <cbz@apple.com> - turning this back on because all packets are not bpf_mtap'd
+ equally. RSN Preauth were not getting through; we're
+ conditionalizing this call on
+ (eh->ether_type == htons(ETHERTYPE_RSN_PREAUTH))
+ */
+#if 1
+ if (eh->ether_type == htons(ETHERTYPE_RSN_PREAUTH))
+ {
+ m->m_pkthdr.rcvif = sc->sc_if;
+#if NBPFILTER > 0
+ if (sc->sc_bpf_input)
+ bridge_bpf_input(sc->sc_if, m);
+#endif
+ }
+#endif
+
+ if (dst_if == NULL) {
+
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+ /*
+ * Clear any in-bound checksum flags for this packet.
+ */
+ m->m_pkthdr.csum_flags = 0;
+#else
+ mbuf_inbound_modified(m);
+#endif
+
+ bridge_broadcast(sc, src_if, m, 1);
+ return;
+ }
+
+ /*
+ * At this point, we're dealing with a unicast frame
+ * going to a different interface.
+ */
+ if ((ifnet_flags(dst_if) & IFF_RUNNING) == 0) {
+ m_freem(m);
+ return;
+ }
+ bif = bridge_lookup_member_if(sc, dst_if);
+ if (bif == NULL) {
+ /* Not a member of the bridge (anymore?) */
+ m_freem(m);
+ return;
+ }
+
+ if (bif->bif_flags & IFBIF_STP) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_DISABLED:
+ case BSTP_IFSTATE_BLOCKING:
+ m_freem(m);
+ return;
+ }
+ }
+
+#if APPLE_BRIDGE_HWCKSUM_SUPPORT
+ /*
+ * Clear any in-bound checksum flags for this packet.
+ */
+ {
+ m->m_pkthdr.csum_flags = 0;
+ }
+#else
+ mbuf_inbound_modified(m);
+#endif
+
+ bridge_enqueue(sc, dst_if, m);
+}
+
+char * ether_ntop(char *, size_t , const u_char *);
+
+__private_extern__ char *
+ether_ntop(char *buf, size_t len, const u_char *ap)
+{
+ snprintf(buf, len, "%02x:%02x:%02x:%02x:%02x:%02x",
+ ap[0], ap[1], ap[2], ap[3], ap[4], ap[5]);
+
+ return buf;
+}
+
+/*
+ * bridge_input:
+ *
+ * Receive input from a member interface. Queue the packet for
+ * bridging if it is not for us.
+ */
+errno_t
+bridge_input(struct bridge_iflist *bif, struct ifnet *ifp, struct mbuf *m, void *frame_header)
+{
+ struct ifnet *bifp;
+ struct ether_header *eh;
+ struct mbuf *mc;
+ int is_for_us = 0;
+ struct bridge_softc *sc = bif->bif_sc;
+ struct bridge_iflist *brm;
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf("bridge_input: %s%d from %s%d m %p data %p\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if),
+ ifnet_name(ifp), ifnet_unit(ifp),
+ m, mbuf_data(m));
+#endif /* BRIDGE_DEBUG */
+
+ if ((ifnet_flags(sc->sc_if) & IFF_RUNNING) == 0) {
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d not running passing along\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+ return 0;
+ }
+
+ /* Need to clear the promiscous flags otherwise it will be dropped by DLIL after processing filters */
+ if ((mbuf_flags(m) & MBUF_PROMISC))
+ mbuf_setflags_mask(m, 0, MBUF_PROMISC);
+
+ lck_mtx_lock(sc->sc_mtx);
+
+ bifp = sc->sc_if;
+
+ /* Is it a good idea to reassign a new value to bif ? TBD */
+ bif = bridge_lookup_member_if(sc, ifp);
+ if (bif == NULL) {
+ lck_mtx_unlock(sc->sc_mtx);
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d bridge_lookup_member_if failed\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+ return 0;
+ }
+
+ eh = (struct ether_header *)mbuf_data(m);
+
+ /*
+ * If the packet is for us, set the packets source as the
+ * bridge, and return the packet back to ether_input for
+ * local processing.
+ */
+ if (memcmp(eh->ether_dhost, ifnet_lladdr(bifp),
+ ETHER_ADDR_LEN) == 0) {
+
+ /* Mark the packet as arriving on the bridge interface */
+ (void) mbuf_pkthdr_setrcvif(m, bifp);
+ mbuf_pkthdr_setheader(m, frame_header);
+
+ /*
+ * If the interface is learning, and the source
+ * address is valid and not multicast, record
+ * the address.
+ */
+ if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
+ ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
+ (eh->ether_shost[0] | eh->ether_shost[1] |
+ eh->ether_shost[2] | eh->ether_shost[3] |
+ eh->ether_shost[4] | eh->ether_shost[5]) != 0) {
+ (void) bridge_rtupdate(sc, eh->ether_shost,
+ ifp, 0, IFBAF_DYNAMIC);
+ }
+
+#if NBPFILTER > 0
+ if (sc->sc_bpf_input)
+ bridge_bpf_input(bifp, m);
+#endif
+
+ (void) mbuf_setdata(m, (char *)mbuf_data(m) + ETHER_HDR_LEN, mbuf_len(m) - ETHER_HDR_LEN);
+ (void) mbuf_pkthdr_adjustlen(m, - ETHER_HDR_LEN);
+
+ (void) ifnet_stat_increment_in(bifp, 1, mbuf_pkthdr_len(m), 0);
+
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d packet for bridge\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ dlil_input_packet_list(bifp, m);
+
+ return EJUSTRETURN;
+ }
+
+ /*
+ * if the destination of the packet is for the MAC address of
+ * the member interface itself, then we don't need to forward
+ * it -- just pass it back. Note that it'll likely just be
+ * dropped by the stack, but if something else is bound to
+ * the interface directly (for example, the wireless stats
+ * protocol -- although that actually uses BPF right now),
+ * then it will consume the packet
+ *
+ * ALSO, note that we do this check AFTER checking for the
+ * bridge's own MAC address, because the bridge may be
+ * using the SAME MAC address as one of its interfaces
+ */
+ if (memcmp(eh->ether_dhost, ifnet_lladdr(ifp),
+ ETHER_ADDR_LEN) == 0) {
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ if ((bif->bif_flags & IFBIF_PROXYSTA) == 0) {
+#endif
+
+#ifdef VERY_VERY_VERY_DIAGNOSTIC
+ printf("bridge_input: not forwarding packet bound for member interface\n" );
+#endif
+ lck_mtx_unlock(sc->sc_mtx);
+ return 0;
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ }
+#if VERY_VERY_VERY_DIAGNOSTIC
+ else {
+ printf( "%s: pkt rx on %s [proxysta iface], da is %02x:%02x:%02x:%02x:%02x:%02x\n",
+ __func__, ifp->if_xname, eh->ether_dhost[0], eh->ether_dhost[1], eh->ether_dhost[2],
+ eh->ether_dhost[3], eh->ether_dhost[4], eh->ether_dhost[5] );
+ }
+#endif
+#endif
+ }
+
+ if ((m->m_flags & (M_BCAST|M_MCAST))) {
+ struct ifmultiaddr *ifma = NULL;
+
+ if ((m->m_flags & M_BCAST)) {
+ is_for_us = 1;
+ } else {
+#if BRIDGE_DEBUG
+ printf("mulicast: %02x:%02x:%02x:%02x:%02x:%02x\n",
+ eh->ether_dhost[0], eh->ether_dhost[1], eh->ether_dhost[2],
+ eh->ether_dhost[3], eh->ether_dhost[4], eh->ether_dhost[5]);
+
+ for (ifma = bifp->if_multiaddrs.lh_first; ifma;
+ ifma = ifma->ifma_link.le_next) {
+
+ if (ifma->ifma_addr == NULL)
+ printf(" <none> ");
+ else if (ifma->ifma_addr->sa_family == AF_INET) {
+ struct sockaddr_in *sin = (struct sockaddr_in *)ifma->ifma_addr;
+
+ printf(" %u.%u.%u.%u ",
+ (sin->sin_addr.s_addr & 0xff000000) >> 24,
+ (sin->sin_addr.s_addr & 0x00ff0000) >> 16,
+ (sin->sin_addr.s_addr & 0x0000ff00) >> 8,
+ (sin->sin_addr.s_addr & 0x000000ff));
+ }
+ if (!ifma->ifma_ll || !ifma->ifma_ll->ifma_addr)
+ printf("<none>\n");
+ else {
+ struct sockaddr_dl *sdl = (struct sockaddr_dl *)ifma->ifma_ll->ifma_addr;
+
+ printf("%02x:%02x:%02x:%02x:%02x:%02x\n",
+ CONST_LLADDR(sdl)[0], CONST_LLADDR(sdl)[1], CONST_LLADDR(sdl)[2],
+ CONST_LLADDR(sdl)[3], CONST_LLADDR(sdl)[4], CONST_LLADDR(sdl)[5]);
+
+ }
+ }
+#endif /* BRIDGE_DEBUG */
+
+ /*
+ * the upper layer of the stack have attached a list of multicast addresses to the bridge itself
+ * (for example, the IP stack has bound 01:00:5e:00:00:01 to the 224.0.0.1 all hosts address), since
+ * the IP stack is bound to the bridge. so we need to see if the packets arriving here SHOULD be
+ * passed up as coming from the bridge.
+ *
+ * furthermore, since we know the IP stack is attached to the bridge, and NOTHING is attached
+ * to the underlying devices themselves, we can drop packets that don't need to go up (by returning NULL
+ * from bridge_input to the caller) after we forward the packet to other interfaces
+ */
+
+ for (ifma = bifp->if_multiaddrs.lh_first; ifma;
+ ifma = ifma->ifma_link.le_next) {
+ if (ifma->ifma_ll && ifma->ifma_ll->ifma_addr) {
+ struct sockaddr_dl *sdl = (struct sockaddr_dl *)ifma->ifma_ll->ifma_addr;
+
+ if (memcmp(eh->ether_dhost, CONST_LLADDR(sdl), ETHER_ADDR_LEN) == 0)
+ break;
+ }
+ }
+ if (ifma != NULL) {
+ /* this packet matches the bridge's own filter, so pass it up as coming from us */
+
+ /* Mark the packet as arriving on the bridge interface */
+ // don't do this until AFTER we forward the packet -- bridge_forward uses this information
+ //m->m_pkthdr.rcvif = bifp;
+
+ /* keep track of this to help us decide about forwarding */
+ is_for_us = 1;
+
+#if BRIDGE_DEBUG
+ char addr[sizeof("XX:XX:XX:XX:XX:XX")+1];
+ printf( "bridge_input: multicast frame for us (%s)\n",
+ ether_ntop(addr, sizeof(addr), eh->ether_dhost) );
+#endif
+ } else {
+#if BRIDGE_DEBUG
+ char addr[sizeof("XX:XX:XX:XX:XX:XX")+1];
+ printf( "bridge_input: multicast frame for unbound address (%s), forwarding but not passing to stack\n",
+ ether_ntop(addr, sizeof(addr), eh->ether_dhost) );
+#endif
+ }
+ }
+ /* Tap off 802.1D packets; they do not get forwarded. */
+ if (memcmp(eh->ether_dhost, bstp_etheraddr,
+ ETHER_ADDR_LEN) == 0) {
+ m = bstp_input(sc, ifp, m);
+ if (m == NULL) {
+ lck_mtx_unlock(sc->sc_mtx);
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d mcast BSTP not forwarded\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+ return EJUSTRETURN;
+ }
+ }
+
+ if (bif->bif_flags & IFBIF_STP) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_BLOCKING:
+ case BSTP_IFSTATE_LISTENING:
+ case BSTP_IFSTATE_DISABLED:
+ {
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d mcast bridge not learning or forwarding \n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ m_freem(m);
+ return EJUSTRETURN;
+ }
+ }
+ }
+
+ /*
+ * If the interface is learning, and the source
+ * address is valid and not multicast, record
+ * the address.
+ */
+ if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
+ ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
+ (eh->ether_shost[0] | eh->ether_shost[1] |
+ eh->ether_shost[2] | eh->ether_shost[3] |
+ eh->ether_shost[4] | eh->ether_shost[5]) != 0) {
+ (void) bridge_rtupdate(sc, eh->ether_shost,
+ ifp, 0, IFBAF_DYNAMIC);
+ }
+
+ if (is_for_us) {
+ /*
+ * Make a deep copy of the packet and enqueue the copy
+ * for bridge processing; return the original packet for
+ * local processing.
+ */
+ mc = m_dup(m, M_NOWAIT);
+ if (mc == NULL) {
+#ifdef DIAGNOSTIC
+ printf( "bridge_input: failed to duplicate multicast frame, not forwarding\n" );
+#endif
+#if BRIDGE_DEBUG
+ } else {
+ if (_if_brige_debug) {
+ printf_mbuf(mc, "mc for us: ", "\n");
+ printf_mbuf_data(m, 0, 20);
+ printf("\n");
+ }
+#endif /* BRIDGE_DEBUG */
+ }
+ } else {
+ /*
+ * we'll just pass the original, since we don't need to pass it
+ * up the stack
+ */
+ mc = m;
+ }
+
+ /* Perform the bridge forwarding function with the copy. */
+ if (mc != NULL) {
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d mcast forwarding \n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+ bridge_forward(sc, mc);
+ }
+
+ // TBD should have an option for type of bridge
+#if 0
+ /*
+ * Reinject the mbuf as arriving on the bridge so we have a
+ * chance at claiming multicast packets. We can not loop back
+ * here from ether_input as a bridge is never a member of a
+ * bridge.
+ */
+ if (bifp->if_bridge != NULL)
+ panic("brige_input: brige %p in a bridge %p\n", bifp, bifp->if_bridge);
+ mc = m_dup(m, M_NOWAIT);
+ if (mc != NULL) {
+ mc->m_pkthdr.rcvif = bifp;
+#if NBPFILTER > 0
+ if (sc->sc_bpf_input)
+ bridge_bpf_input(bifp, mc);
+#endif
+ }
+#endif
+ /* Return the original packet for local processing. */
+ if ( !is_for_us )
+ {
+ /* we don't free the packet -- bridge_forward already did so */
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d mcast local processing\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif
+
+ return EJUSTRETURN;
+ }
+
+ // mark packet as arriving on the bridge
+ m->m_pkthdr.rcvif = bifp;
+ m->m_pkthdr.header = mbuf_data(m);
+
+#if NBPFILTER > 0
+ if (sc->sc_bpf_input)
+ bridge_bpf_input(bifp, m);
+#endif
+ (void) mbuf_setdata(m, (char *)mbuf_data(m) + ETHER_HDR_LEN, mbuf_len(m) - ETHER_HDR_LEN);
+ (void) mbuf_pkthdr_adjustlen(m, - ETHER_HDR_LEN);
+
+ (void) ifnet_stat_increment_in(bifp, 1, mbuf_pkthdr_len(m), 0);
+
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d mcast for us\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ dlil_input_packet_list(bifp, m);
+
+ return EJUSTRETURN;
+ }
+
+ if (bif->bif_flags & IFBIF_STP) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_BLOCKING:
+ case BSTP_IFSTATE_LISTENING:
+ case BSTP_IFSTATE_DISABLED:
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d ucast bridge not learning or forwarding \n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ m_freem(m);
+ return EJUSTRETURN;
+ }
+ }
+
+ /* this code is not needed for Apple's bridge where the stack attaches directly */
+#if 1 /* TBD should be an option */
+ /*
+ * Unicast. Make sure it's not for us.
+ */
+ LIST_FOREACH(brm, &sc->sc_iflist, bif_next) {
+ if(ifnet_type(brm->bif_ifp) != IFT_ETHER)
+ continue;
+
+ /* It is destined for us. */
+ if (memcmp(ifnet_lladdr(brm->bif_ifp), eh->ether_dhost,
+ ETHER_ADDR_LEN) == 0) {
+ if (brm->bif_flags & IFBIF_LEARNING)
+ (void) bridge_rtupdate(sc,
+ eh->ether_shost, ifp, 0, IFBAF_DYNAMIC);
+ m->m_pkthdr.rcvif = brm->bif_ifp;
+ m->m_pkthdr.header = mbuf_data(m);
+
+ (void) mbuf_setdata(m, (char *)mbuf_data(m) + ETHER_HDR_LEN, mbuf_len(m) - ETHER_HDR_LEN);
+ (void) mbuf_pkthdr_adjustlen(m, - ETHER_HDR_LEN);
+#if BRIDGE_SUPPORT_GIF
+#if NGIF > 0
+ if (ifnet_type(ifp) == IFT_GIF) {
+ m->m_flags |= M_PROTO1;
+ m->m_pkthdr.rcvif = brm->bif_ifp;
+ (*brm->bif_ifp->if_input)(brm->bif_ifp, m);
+ m = NULL;
+ }
+#endif
+#endif
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d ucast to member %s%d\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if),
+ ifnet_name(brm->bif_ifp), ifnet_unit(brm->bif_ifp));
+#endif /* BRIDGE_DEBUG */
+
+ dlil_input_packet_list(brm->bif_ifp, m);
+
+ return EJUSTRETURN;
+ }
+
+ /* We just received a packet that we sent out. */
+ if (memcmp(ifnet_lladdr(brm->bif_ifp), eh->ether_shost,
+ ETHER_ADDR_LEN) == 0) {
+ lck_mtx_unlock(sc->sc_mtx);
+
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d ucast drop packet we sent out\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ m_freem(m);
+ return EJUSTRETURN;
+ }
+ }
+#endif
+
+ /*
+ * If the interface is learning, and the source
+ * address is valid and not multicast, record
+ * the address.
+ */
+ if ((bif->bif_flags & IFBIF_LEARNING) != 0 &&
+ ETHER_IS_MULTICAST(eh->ether_shost) == 0 &&
+ (eh->ether_shost[0] | eh->ether_shost[1] |
+ eh->ether_shost[2] | eh->ether_shost[3] |
+ eh->ether_shost[4] | eh->ether_shost[5]) != 0) {
+ (void) bridge_rtupdate(sc, eh->ether_shost,
+ ifp, 0, IFBAF_DYNAMIC);
+ }
+
+ /* Perform the bridge forwarding function. */
+#if BRIDGE_DEBUG
+ if (_if_brige_debug)
+ printf( "bridge_input: %s%d ucast forwarding\n",
+ ifnet_name(sc->sc_if), ifnet_unit(sc->sc_if));
+#endif /* BRIDGE_DEBUG */
+
+ bridge_forward(sc, m);
+ lck_mtx_unlock(sc->sc_mtx);
+ return EJUSTRETURN;
+}
+
+/*
+ * bridge_broadcast:
+ *
+ * Send a frame to all interfaces that are members of
+ * the bridge, except for the one on which the packet
+ * arrived.
+ */
+static void
+bridge_broadcast(struct bridge_softc *sc, struct ifnet *src_if,
+ struct mbuf *m, __unused int runfilt)
+{
+ struct bridge_iflist *bif;
+ struct mbuf *mc;
+ struct ifnet *dst_if;
+ int used = 0;
+
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+ LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ dst_if = bif->bif_ifp;
+ if (dst_if == src_if)
+ continue;
+
+ if (bif->bif_flags & IFBIF_STP) {
+ switch (bif->bif_state) {
+ case BSTP_IFSTATE_BLOCKING:
+ case BSTP_IFSTATE_DISABLED:
+ continue;
+ }
+ }
+
+ if ((bif->bif_flags & IFBIF_DISCOVER) == 0 &&
+ (m->m_flags & (M_BCAST|M_MCAST)) == 0)
+ continue;
+
+ if ((ifnet_flags(dst_if) & IFF_RUNNING) == 0)
+ continue;
+
+ if (LIST_NEXT(bif, bif_next) == NULL) {
+ mc = m;
+ used = 1;
+ } else {
+ mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
+ if (mc == NULL) {
+ (void) ifnet_stat_increment_out(sc->sc_if, 0, 0, 1);
+ continue;
+ }
+ }
+
+ bridge_enqueue(sc, dst_if, mc);
+ }
+ if (used == 0)
+ m_freem(m);
+}
+
+/*
+ * bridge_rtupdate:
+ *
+ * Add a bridge routing entry.
+ */
+static int
+bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst,
+ struct ifnet *dst_if, int setflags, uint8_t flags)
+{
+ struct bridge_rtnode *brt;
+ int error;
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ struct bridge_iflist *bif;
+ int is_pds; /* are we a proxy sta discovery interface? */
+#endif
+ struct timespec now;
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA - is this an interface
+ we want to do proxy sta discovery on? */
+#if IEEE80211_PROXYSTA
+ bif = bridge_lookup_member_if(sc, dst_if);
+ if ((bif) && (bif->bif_flags & IFBIF_PROXYSTA_DISCOVER)) {
+ is_pds = 1;
+ }
+ else {
+ is_pds = 0;
+ }
+#endif
+ /*
+ * A route for this destination might already exist. If so,
+ * update it, otherwise create a new one.
+ */
+ if ((brt = bridge_rtnode_lookup(sc, dst)) == NULL) {
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ /* don't count this address against the bridge cache (well, allow proxy stas to double that
+ number...put *some* boundary on it.) if we are a proxy sta discovery interface */
+ if (is_pds) {
+ if (sc->sc_brtcnt >= (sc->sc_brtmax+sc->sc_brtmax_proxysta))
+ return (ENOSPC);
+ }
+ else
+#endif
+ if (sc->sc_brtcnt >= sc->sc_brtmax)
+ return (ENOSPC);
+
+ /*
+ * Allocate a new bridge forwarding node, and
+ * initialize the expiration time and Ethernet
+ * address.
+ */
+ brt = zalloc_noblock(bridge_rtnode_pool);
+ if (brt == NULL)
+ return (ENOMEM);
+
+ memset(brt, 0, sizeof(*brt));
+ nanouptime(&now);
+ brt->brt_expire = now.tv_sec + sc->sc_brttimeout;
+ brt->brt_flags = IFBAF_DYNAMIC;
+ memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA - is this an interface
+ we want to do proxy sta discovery on? If so, post a monitoring event */
+#if IEEE80211_PROXYSTA
+ if (is_pds) {
+ brt->brt_flags_ext |= IFBAF_EXT_PROXYSTA;
+#if DIAGNOSTIC
+ printf( "%s: proxysta %02x:%02x:%02x:%02x:%02x:%02x on %s; discovery\n",
+ __func__, dst[0], dst[1], dst[2], dst[3], dst[4], dst[5], dst_if->if_xname );
+#endif
+ bridge_proxysta_discover( dst_if, dst );
+ }
+#endif
+
+ if ((error = bridge_rtnode_insert(sc, brt)) != 0) {
+ zfree(bridge_rtnode_pool, brt);
+ return (error);
+ }
+ }
+
+ brt->brt_ifp = dst_if;
+ if (setflags) {
+ brt->brt_flags = flags;
+ brt->brt_expire = (flags & IFBAF_STATIC) ? 0 :
+ now.tv_sec + sc->sc_brttimeout;
+ }
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA - */
+#if IEEE80211_PROXYSTA
+ if (is_pds) {
+#if VERY_VERY_DIAGNOSTIC
+ printf( "%s: proxysta %02x:%02x:%02x:%02x:%02x:%02x on %s; reset timeout\n",
+ __func__, dst[0], dst[1], dst[2], dst[3], dst[4], dst[5], dst_if->if_xname );
+#endif
+ brt->brt_expire = (flags & IFBAF_STATIC) ? 0 :
+ now.tv_sec + sc->sc_brttimeout;
+ }
+#endif
+
+ return (0);
+}
+
+/*
+ * bridge_rtlookup:
+ *
+ * Lookup the destination interface for an address.
+ */
+static struct ifnet *
+bridge_rtlookup(struct bridge_softc *sc, const uint8_t *addr)
+{
+ struct bridge_rtnode *brt;
+
+ if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
+ return (NULL);
+
+ return (brt->brt_ifp);
+}
+
+/*
+ * bridge_rttrim:
+ *
+ * Trim the routine table so that we have a number
+ * of routing entries less than or equal to the
+ * maximum number.
+ */
+static void
+bridge_rttrim(struct bridge_softc *sc)
+{
+ struct bridge_rtnode *brt, *nbrt;
+
+ /* Make sure we actually need to do this. */
+ if (sc->sc_brtcnt <= sc->sc_brtmax)
+ return;
+
+ /* Force an aging cycle; this might trim enough addresses. */
+ bridge_rtage(sc);
+ if (sc->sc_brtcnt <= sc->sc_brtmax)
+ return;
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
+ bridge_rtnode_destroy(sc, brt);
+ if (sc->sc_brtcnt <= sc->sc_brtmax)
+ return;
+ }
+ }
+}
+
+/*
+ * bridge_timer:
+ *
+ * Aging timer for the bridge.
+ */
+static void
+bridge_timer(void *arg)
+{
+ struct bridge_softc *sc = arg;
+ struct timespec ts;
+
+ lck_mtx_lock(sc->sc_mtx);
+
+ bridge_rtage(sc);
+
+ lck_mtx_unlock(sc->sc_mtx);
+
+ if (ifnet_flags(sc->sc_if) & IFF_RUNNING) {
+ ts.tv_sec = bridge_rtable_prune_period;
+ ts.tv_nsec = 0;
+ bsd_timeout(bridge_timer, sc, &ts);
+ }
+}
+
+/*
+ * bridge_rtage:
+ *
+ * Perform an aging cycle.
+ */
+static void
+bridge_rtage(struct bridge_softc *sc)
+{
+ struct bridge_rtnode *brt, *nbrt;
+ struct timespec now;
+
+ nanouptime(&now);
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC) {
+ if ((unsigned long)now.tv_sec >= brt->brt_expire)
+ bridge_rtnode_destroy(sc, brt);
+ }
+ }
+}
+
+/*
+ * bridge_rtflush:
+ *
+ * Remove all dynamic addresses from the bridge.
+ */
+static void
+bridge_rtflush(struct bridge_softc *sc, int full)
+{
+ struct bridge_rtnode *brt, *nbrt;
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ if (full || (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)
+ bridge_rtnode_destroy(sc, brt);
+ }
+}
+
+/* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+/*
+ * bridge_rtdiscovery:
+ *
+ */
+static void
+bridge_rtdiscovery(struct bridge_softc *sc)
+{
+ struct bridge_rtnode *brt, *nbrt;
+ struct bridge_iflist *bif;
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ bif = bridge_lookup_member_if(sc, brt->brt_ifp);
+ if ((bif) && (bif->bif_flags & IFBIF_PROXYSTA_DISCOVER) &&
+ ((brt->brt_flags_ext & IFBAF_EXT_PROXYSTA) == 0)) {
+#if DIAGNOSTIC
+ printf( "%s: proxysta %02x:%02x:%02x:%02x:%02x:%02x on %s; found before IFBIF_PROXYSTA_DISCOVER\n",
+ __func__, brt->brt_addr[0], brt->brt_addr[1], brt->brt_addr[2], brt->brt_addr[3],
+ brt->brt_addr[4], brt->brt_addr[5], brt->brt_ifp->if_xname );
+#endif
+ brt->brt_flags_ext |= IFBAF_EXT_PROXYSTA;
+ }
+
+ if (brt->brt_ifp_proxysta == NULL) {
+#if DIAGNOSTIC
+ printf( "%s: proxysta %02x:%02x:%02x:%02x:%02x:%02x on %s; discovery\n",
+ __func__, brt->brt_addr[0], brt->brt_addr[1], brt->brt_addr[2], brt->brt_addr[3],
+ brt->brt_addr[4], brt->brt_addr[5], brt->brt_ifp->if_xname );
+#endif
+ bridge_proxysta_discover( brt->brt_ifp, brt->brt_addr );
+ }
+ }
+}
+
+/*
+ * bridge_rtpurge:
+ *
+ * Remove all dynamic addresses from a specific interface on the bridge.
+ */
+static void
+bridge_rtpurge(struct bridge_softc *sc, struct ifnet *ifs)
+{
+ struct bridge_rtnode *brt, *nbrt;
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ if (brt->brt_ifp == ifs) {
+#if DIAGNOSTIC
+ printf( "%s: purge %s [%02x:%02x:%02x:%02x:%02x:%02x] discovered on %s\n",
+ __func__, brt->brt_ifp_proxysta ? brt->brt_ifp_proxysta->if_xname : brt->brt_ifp->if_xname,
+ brt->brt_addr[0], brt->brt_addr[1], brt->brt_addr[2],
+ brt->brt_addr[3], brt->brt_addr[4], brt->brt_addr[5], brt->brt_ifp->if_xname );
+#endif
+ bridge_rtnode_destroy(sc, brt);
+ }
+ }
+}
+#endif
+
+/*
+ * bridge_rtdaddr:
+ *
+ * Remove an address from the table.
+ */
+static int
+bridge_rtdaddr(struct bridge_softc *sc, const uint8_t *addr)
+{
+ struct bridge_rtnode *brt;
+
+ if ((brt = bridge_rtnode_lookup(sc, addr)) == NULL)
+ return (ENOENT);
+
+ bridge_rtnode_destroy(sc, brt);
+ return (0);
+}
+
+/*
+ * bridge_rtdelete:
+ *
+ * Delete routes to a speicifc member interface.
+ */
+__private_extern__ void
+bridge_rtdelete(struct bridge_softc *sc, struct ifnet *ifp, int full)
+{
+ struct bridge_rtnode *brt, *nbrt;
+
+ for (brt = LIST_FIRST(&sc->sc_rtlist); brt != NULL; brt = nbrt) {
+ nbrt = LIST_NEXT(brt, brt_list);
+ if (brt->brt_ifp == ifp && (full ||
+ (brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC))
+ bridge_rtnode_destroy(sc, brt);
+ }
+}
+
+/*
+ * bridge_rtable_init:
+ *
+ * Initialize the route table for this bridge.
+ */
+static int
+bridge_rtable_init(struct bridge_softc *sc)
+{
+ int i;
+
+ sc->sc_rthash = _MALLOC(sizeof(*sc->sc_rthash) * BRIDGE_RTHASH_SIZE,
+ M_DEVBUF, M_WAITOK);
+ if (sc->sc_rthash == NULL)
+ return (ENOMEM);
+
+ for (i = 0; i < BRIDGE_RTHASH_SIZE; i++)
+ LIST_INIT(&sc->sc_rthash[i]);
+
+ sc->sc_rthash_key = random();
+
+ LIST_INIT(&sc->sc_rtlist);
+
+ return (0);
+}
+
+/*
+ * bridge_rtable_fini:
+ *
+ * Deconstruct the route table for this bridge.
+ */
+static void
+bridge_rtable_fini(struct bridge_softc *sc)
+{
+
+ _FREE(sc->sc_rthash, M_DEVBUF);
+}
+
+/*
+ * The following hash function is adapted from "Hash Functions" by Bob Jenkins
+ * ("Algorithm Alley", Dr. Dobbs Journal, September 1997).
+ */
+#define mix(a, b, c) \
+do { \
+a -= b; a -= c; a ^= (c >> 13); \
+b -= c; b -= a; b ^= (a << 8); \
+c -= a; c -= b; c ^= (b >> 13); \
+a -= b; a -= c; a ^= (c >> 12); \
+b -= c; b -= a; b ^= (a << 16); \
+c -= a; c -= b; c ^= (b >> 5); \
+a -= b; a -= c; a ^= (c >> 3); \
+b -= c; b -= a; b ^= (a << 10); \
+c -= a; c -= b; c ^= (b >> 15); \
+} while (/*CONSTCOND*/0)
+
+static uint32_t
+bridge_rthash(__unused struct bridge_softc *sc, const uint8_t *addr)
+{
+ /* APPLE MODIFICATION - wasabi performance improvment - simplify the hash algorithm */
+#if 0
+ uint32_t a = 0x9e3779b9, b = 0x9e3779b9, c = sc->sc_rthash_key;
+
+ b += addr[5] << 8;
+ b += addr[4];
+ a += addr[3] << 24;
+ a += addr[2] << 16;
+ a += addr[1] << 8;
+ a += addr[0];
+
+ mix(a, b, c);
+
+ return (c & BRIDGE_RTHASH_MASK);
+#else
+ return addr[5];
+#endif
+}
+
+#undef mix
+
+/*
+ * bridge_rtnode_lookup:
+ *
+ * Look up a bridge route node for the specified destination.
+ */
+static struct bridge_rtnode *
+bridge_rtnode_lookup(struct bridge_softc *sc, const uint8_t *addr)
+{
+ struct bridge_rtnode *brt;
+ uint32_t hash;
+ int dir;
+
+ hash = bridge_rthash(sc, addr);
+ LIST_FOREACH(brt, &sc->sc_rthash[hash], brt_hash) {
+ dir = memcmp(addr, brt->brt_addr, ETHER_ADDR_LEN);
+ if (dir == 0)
+ return (brt);
+ if (dir > 0)
+ return (NULL);
+ }
+
+ return (NULL);
+}
+
+/*
+ * bridge_rtnode_insert:
+ *
+ * Insert the specified bridge node into the route table. We
+ * assume the entry is not already in the table.
+ */
+static int
+bridge_rtnode_insert(struct bridge_softc *sc, struct bridge_rtnode *brt)
+{
+ struct bridge_rtnode *lbrt;
+ uint32_t hash;
+ int dir;
+
+ hash = bridge_rthash(sc, brt->brt_addr);
+
+ lbrt = LIST_FIRST(&sc->sc_rthash[hash]);
+ if (lbrt == NULL) {
+ LIST_INSERT_HEAD(&sc->sc_rthash[hash], brt, brt_hash);
+ goto out;
+ }
+
+ do {
+ dir = memcmp(brt->brt_addr, lbrt->brt_addr, ETHER_ADDR_LEN);
+ if (dir == 0)
+ return (EEXIST);
+ if (dir > 0) {
+ LIST_INSERT_BEFORE(lbrt, brt, brt_hash);
+ goto out;
+ }
+ if (LIST_NEXT(lbrt, brt_hash) == NULL) {
+ LIST_INSERT_AFTER(lbrt, brt, brt_hash);
+ goto out;
+ }
+ lbrt = LIST_NEXT(lbrt, brt_hash);
+ } while (lbrt != NULL);
+
+#ifdef DIAGNOSTIC
+ panic("bridge_rtnode_insert: impossible");
+#endif
+
+out:
+ LIST_INSERT_HEAD(&sc->sc_rtlist, brt, brt_list);
+ sc->sc_brtcnt++;
+
+ return (0);
+}
+
+/*
+ * bridge_rtnode_destroy:
+ *
+ * Destroy a bridge rtnode.
+ */
+static void
+bridge_rtnode_destroy(struct bridge_softc *sc, struct bridge_rtnode *brt)
+{
+ lck_mtx_assert(sc->sc_mtx, LCK_MTX_ASSERT_OWNED);
+
+ /* APPLE MODIFICATION <cbz@apple.com> - add support for Proxy STA */
+#if IEEE80211_PROXYSTA
+ if (brt->brt_flags_ext & IFBAF_EXT_PROXYSTA) {
+#if DIAGNOSTIC
+ printf( "%s: proxysta %02x:%02x:%02x:%02x:%02x:%02x %s from %s; idle timeout\n",
+ __func__, brt->brt_addr[0], brt->brt_addr[1], brt->brt_addr[2],
+ brt->brt_addr[3], brt->brt_addr[4], brt->brt_addr[5],
+ brt->brt_ifp_proxysta ? brt->brt_ifp_proxysta->if_xname : "unknown",
+ brt->brt_ifp->if_xname );
+#endif
+ bridge_proxysta_idle_timeout( brt->brt_ifp, brt->brt_addr );
+ }
+#endif
+
+ LIST_REMOVE(brt, brt_hash);
+
+ LIST_REMOVE(brt, brt_list);
+ sc->sc_brtcnt--;
+ zfree(bridge_rtnode_pool, brt);
+}
+
+static errno_t
+bridge_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, bpf_packet_func bpf_callback)
+{
+ struct bridge_softc *sc = (struct bridge_softc *)ifnet_softc(ifp);
+
+ //printf("bridge_set_bpf_tap ifp %p mode %d\n", ifp, mode);
+
+ /* TBD locking */
+ if (sc == NULL || (sc->sc_flags & SCF_DETACHING)) {
+ return ENODEV;
+ }
+
+ switch (mode) {
+ case BPF_TAP_DISABLE:
+ sc->sc_bpf_input = sc->sc_bpf_output = NULL;
+ break;
+
+ case BPF_TAP_INPUT:
+ sc->sc_bpf_input = bpf_callback;
+ break;
+
+ case BPF_TAP_OUTPUT:
+ sc->sc_bpf_output = bpf_callback;
+ break;
+
+ case BPF_TAP_INPUT_OUTPUT:
+ sc->sc_bpf_input = sc->sc_bpf_output = bpf_callback;
+ break;
+
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+static void
+bridge_detach(__unused ifnet_t ifp)
+{
+ struct bridge_softc *sc = (struct bridge_softc *)ifnet_softc(ifp);
+
+ /* Tear down the routing table. */
+ bridge_rtable_fini(sc);
+
+ lck_rw_lock_exclusive(bridge_list_lock);
+ LIST_REMOVE(sc, sc_list);
+ lck_rw_done(bridge_list_lock);
+
+ ifnet_release(ifp);
+
+ lck_mtx_free(sc->sc_mtx, bridge_lock_grp);
+
+ _FREE(sc, M_DEVBUF);
+ return;
+}
+
+__private_extern__ errno_t bridge_bpf_input(ifnet_t ifp, struct mbuf *m)
+{
+ struct bridge_softc *sc = (struct bridge_softc *)ifnet_softc(ifp);
+
+ if (sc->sc_bpf_input) {
+ if (mbuf_pkthdr_rcvif(m) != ifp)
+ printf("bridge_bpf_input rcvif: %p != ifp %p\n", mbuf_pkthdr_rcvif(m), ifp);
+ (*sc->sc_bpf_input)(ifp, m);
+ }
+ return 0;
+}
+
+__private_extern__ errno_t bridge_bpf_output(ifnet_t ifp, struct mbuf *m)
+{
+ struct bridge_softc *sc = (struct bridge_softc *)ifnet_softc(ifp);
+
+ if (sc->sc_bpf_output) {
+ (*sc->sc_bpf_output)(ifp, m);
+ }
+ return 0;
+}
+
projects / apple / xnu.git / commitdiff
