mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
sys/net/if_bridge: support non-INET kernels
Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1159 (cherry picked from commit 65767e6126a7e92bc76561b4ffd005cf85ba525e) if_bridge: Minor style fixes And more comments on the #ifdef INET blocks to improve readability. While here, revert the order of two prototypes to produce minimal diff compared to stable branches. (cherry picked from commit 73585176ffd84c13d68cad67c2ca81643f09075c)
This commit is contained in:
Lexi Winter
Franco Fichtner
parent
57618b20b2
commit
cf61c67cb3
1 changed files with 33 additions and 15 deletions
|
|
@ -403,12 +403,14 @@ static int bridge_ioctl_sproto(struct bridge_softc *, void *);
|
|||
static int bridge_ioctl_stxhc(struct bridge_softc *, void *);
|
||||
static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
|
||||
int);
|
||||
#ifdef INET
|
||||
static int bridge_ip_checkbasic(struct mbuf **mp);
|
||||
static int bridge_fragment(struct ifnet *, struct mbuf **mp,
|
||||
struct ether_header *, int, struct llc *);
|
||||
#endif /* INET */
|
||||
#ifdef INET6
|
||||
static int bridge_ip6_checkbasic(struct mbuf **mp);
|
||||
#endif /* INET6 */
|
||||
static int bridge_fragment(struct ifnet *, struct mbuf **mp,
|
||||
struct ether_header *, int, struct llc *);
|
||||
static void bridge_linkstate(struct ifnet *ifp);
|
||||
static void bridge_linkcheck(struct bridge_softc *sc);
|
||||
|
||||
|
|
@ -3390,12 +3392,15 @@ bridge_state_change(struct ifnet *ifp, int state)
|
|||
static int
|
||||
bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
||||
{
|
||||
int snap, error, i, hlen;
|
||||
int snap, error, i;
|
||||
struct ether_header *eh1, eh2;
|
||||
struct ip *ip;
|
||||
struct llc llc1;
|
||||
u_int16_t ether_type;
|
||||
pfil_return_t rv;
|
||||
#ifdef INET
|
||||
struct ip *ip = NULL;
|
||||
int hlen = 0;
|
||||
#endif
|
||||
|
||||
snap = 0;
|
||||
error = -1; /* Default error if not error == 0 */
|
||||
|
|
@ -3436,31 +3441,36 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||
}
|
||||
|
||||
/*
|
||||
* If we're trying to filter bridge traffic, don't look at anything
|
||||
* other than IP and ARP traffic. If the filter doesn't understand
|
||||
* IPv6, don't allow IPv6 through the bridge either. This is lame
|
||||
* since if we really wanted, say, an AppleTalk filter, we are hosed,
|
||||
* but of course we don't have an AppleTalk filter to begin with.
|
||||
* (Note that since pfil doesn't understand ARP it will pass *ALL*
|
||||
* ARP traffic.)
|
||||
* If we're trying to filter bridge traffic, only look at traffic for
|
||||
* protocols available in the kernel (IPv4 and/or IPv6) to avoid
|
||||
* passing traffic for an unsupported protocol to the filter. This is
|
||||
* lame since if we really wanted, say, an AppleTalk filter, we are
|
||||
* hosed, but of course we don't have an AppleTalk filter to begin
|
||||
* with. (Note that since pfil doesn't understand ARP it will pass
|
||||
* *ALL* ARP traffic.)
|
||||
*/
|
||||
switch (ether_type) {
|
||||
#ifdef INET
|
||||
case ETHERTYPE_ARP:
|
||||
case ETHERTYPE_REVARP:
|
||||
if (V_pfil_ipfw_arp == 0)
|
||||
return (0); /* Automatically pass */
|
||||
break;
|
||||
|
||||
/* FALLTHROUGH */
|
||||
case ETHERTYPE_IP:
|
||||
#endif
|
||||
#ifdef INET6
|
||||
case ETHERTYPE_IPV6:
|
||||
#endif /* INET6 */
|
||||
break;
|
||||
|
||||
default:
|
||||
/*
|
||||
* Check to see if the user wants to pass non-ip
|
||||
* packets, these will not be checked by pfil(9) and
|
||||
* passed unconditionally so the default is to drop.
|
||||
* We get here if the packet isn't from a supported
|
||||
* protocol. Check to see if the user wants to pass
|
||||
* non-IP packets, these will not be checked by pfil(9)
|
||||
* and passed unconditionally so the default is to
|
||||
* drop.
|
||||
*/
|
||||
if (V_pfil_onlyip)
|
||||
goto bad;
|
||||
|
|
@ -3492,9 +3502,11 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||
*/
|
||||
if (dir == PFIL_IN) {
|
||||
switch (ether_type) {
|
||||
#ifdef INET
|
||||
case ETHERTYPE_IP:
|
||||
error = bridge_ip_checkbasic(mp);
|
||||
break;
|
||||
#endif
|
||||
#ifdef INET6
|
||||
case ETHERTYPE_IPV6:
|
||||
error = bridge_ip6_checkbasic(mp);
|
||||
|
|
@ -3514,6 +3526,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||
*/
|
||||
rv = PFIL_PASS;
|
||||
switch (ether_type) {
|
||||
#ifdef INET
|
||||
case ETHERTYPE_IP:
|
||||
/*
|
||||
* Run pfil on the member interface and the bridge, both can
|
||||
|
|
@ -3571,6 +3584,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
|
|||
ip->ip_sum = in_cksum(*mp, hlen);
|
||||
|
||||
break;
|
||||
#endif /* INET */
|
||||
#ifdef INET6
|
||||
case ETHERTYPE_IPV6:
|
||||
if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
|
||||
|
|
@ -3628,6 +3642,7 @@ bad:
|
|||
return (error);
|
||||
}
|
||||
|
||||
#ifdef INET
|
||||
/*
|
||||
* Perform basic checks on header size since
|
||||
* pfil assumes ip_input has already processed
|
||||
|
|
@ -3728,6 +3743,7 @@ bad:
|
|||
*mp = m;
|
||||
return (-1);
|
||||
}
|
||||
#endif /* INET */
|
||||
|
||||
#ifdef INET6
|
||||
/*
|
||||
|
|
@ -3783,6 +3799,7 @@ bad:
|
|||
}
|
||||
#endif /* INET6 */
|
||||
|
||||
#ifdef INET
|
||||
/*
|
||||
* bridge_fragment:
|
||||
*
|
||||
|
|
@ -3859,6 +3876,7 @@ dropit:
|
|||
}
|
||||
return (error);
|
||||
}
|
||||
#endif /* INET */
|
||||
|
||||
static void
|
||||
bridge_linkstate(struct ifnet *ifp)
|
||||
|
|
|
|||
Loading…
Reference in a new issue