git: e57876309dbe - stable/13 - sys/net/if_bridge: support non-INET kernels

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Fri, 10 May 2024 14:13:01 UTC
The branch stable/13 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=e57876309dbe0e1ba9fdacc01b8be444bf997996

commit e57876309dbe0e1ba9fdacc01b8be444bf997996
Author:     Lexi Winter <lexi@le-Fay.ORG>
AuthorDate: 2024-04-23 21:12:57 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2024-05-10 14:10:29 +0000

    sys/net/if_bridge: support non-INET kernels
    
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/1159
    
    (cherry picked from commit 65767e6126a7e92bc76561b4ffd005cf85ba525e)
    
    if_bridge: Minor style fixes
    
    And more comments on the #ifdef INET blocks to improve readability.
    
    While here, revert the order of two prototypes to produce minimal diff
    compared to stable branches.
    
    (cherry picked from commit 73585176ffd84c13d68cad67c2ca81643f09075c)
    (cherry picked from commit d45f1f5193420fac7f9a64c0455991a80e7cb89a)
---
 sys/net/if_bridge.c | 48 +++++++++++++++++++++++++++++++++---------------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 82526d848f5e..6dea0f046bfb 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -407,12 +407,14 @@ static int	bridge_ioctl_sproto(struct bridge_softc *, void *);
 static int	bridge_ioctl_stxhc(struct bridge_softc *, void *);
 static int	bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
 		    int);
+#ifdef INET
 static int	bridge_ip_checkbasic(struct mbuf **mp);
+static int	bridge_fragment(struct ifnet *, struct mbuf **mp,
+		    struct ether_header *, int, struct llc *);
+#endif /* INET */
 #ifdef INET6
 static int	bridge_ip6_checkbasic(struct mbuf **mp);
 #endif /* INET6 */
-static int	bridge_fragment(struct ifnet *, struct mbuf **mp,
-		    struct ether_header *, int, struct llc *);
 static void	bridge_linkstate(struct ifnet *ifp);
 static void	bridge_linkcheck(struct bridge_softc *sc);
 
@@ -3282,12 +3284,15 @@ bridge_state_change(struct ifnet *ifp, int state)
 static int
 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 {
-	int snap, error, i, hlen;
+	int snap, error, i;
 	struct ether_header *eh1, eh2;
-	struct ip *ip;
 	struct llc llc1;
 	u_int16_t ether_type;
 	pfil_return_t rv;
+#ifdef INET
+	struct ip *ip = NULL;
+	int hlen = 0;
+#endif
 
 	snap = 0;
 	error = -1;	/* Default error if not error == 0 */
@@ -3328,31 +3333,36 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	}
 
 	/*
-	 * If we're trying to filter bridge traffic, don't look at anything
-	 * other than IP and ARP traffic.  If the filter doesn't understand
-	 * IPv6, don't allow IPv6 through the bridge either.  This is lame
-	 * since if we really wanted, say, an AppleTalk filter, we are hosed,
-	 * but of course we don't have an AppleTalk filter to begin with.
-	 * (Note that since pfil doesn't understand ARP it will pass *ALL*
-	 * ARP traffic.)
+	 * If we're trying to filter bridge traffic, only look at traffic for
+	 * protocols available in the kernel (IPv4 and/or IPv6) to avoid
+	 * passing traffic for an unsupported protocol to the filter.  This is
+	 * lame since if we really wanted, say, an AppleTalk filter, we are
+	 * hosed, but of course we don't have an AppleTalk filter to begin
+	 * with.  (Note that since pfil doesn't understand ARP it will pass
+	 * *ALL* ARP traffic.)
 	 */
 	switch (ether_type) {
+#ifdef INET
 		case ETHERTYPE_ARP:
 		case ETHERTYPE_REVARP:
 			if (V_pfil_ipfw_arp == 0)
 				return (0); /* Automatically pass */
-			break;
 
+			/* FALLTHROUGH */
 		case ETHERTYPE_IP:
+#endif
 #ifdef INET6
 		case ETHERTYPE_IPV6:
 #endif /* INET6 */
 			break;
+
 		default:
 			/*
-			 * Check to see if the user wants to pass non-ip
-			 * packets, these will not be checked by pfil(9) and
-			 * passed unconditionally so the default is to drop.
+			 * We get here if the packet isn't from a supported
+			 * protocol.  Check to see if the user wants to pass
+			 * non-IP packets, these will not be checked by pfil(9)
+			 * and passed unconditionally so the default is to
+			 * drop.
 			 */
 			if (V_pfil_onlyip)
 				goto bad;
@@ -3384,9 +3394,11 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	 */
 	if (dir == PFIL_IN) {
 		switch (ether_type) {
+#ifdef INET
 			case ETHERTYPE_IP:
 				error = bridge_ip_checkbasic(mp);
 				break;
+#endif
 #ifdef INET6
 			case ETHERTYPE_IPV6:
 				error = bridge_ip6_checkbasic(mp);
@@ -3406,6 +3418,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	 */
 	rv = PFIL_PASS;
 	switch (ether_type) {
+#ifdef INET
 	case ETHERTYPE_IP:
 		/*
 		 * Run pfil on the member interface and the bridge, both can
@@ -3460,6 +3473,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 			ip->ip_sum = in_cksum(*mp, hlen);
 
 		break;
+#endif /* INET */
 #ifdef INET6
 	case ETHERTYPE_IPV6:
 		if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
@@ -3514,6 +3528,7 @@ bad:
 	return (error);
 }
 
+#ifdef INET
 /*
  * Perform basic checks on header size since
  * pfil assumes ip_input has already processed
@@ -3614,6 +3629,7 @@ bad:
 	*mp = m;
 	return (-1);
 }
+#endif /* INET */
 
 #ifdef INET6
 /*
@@ -3669,6 +3685,7 @@ bad:
 }
 #endif /* INET6 */
 
+#ifdef INET
 /*
  * bridge_fragment:
  *
@@ -3745,6 +3762,7 @@ dropit:
 	}
 	return (error);
 }
+#endif /* INET */
 
 static void
 bridge_linkstate(struct ifnet *ifp)