git: d45f1f519342 - stable/14 - sys/net/if_bridge: support non-INET kernels

From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Fri, 10 May 2024 14:07:51 UTC
The branch stable/14 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=d45f1f5193420fac7f9a64c0455991a80e7cb89a

commit d45f1f5193420fac7f9a64c0455991a80e7cb89a
Author:     Lexi Winter <lexi@le-Fay.ORG>
AuthorDate: 2024-04-23 21:12:57 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2024-05-10 14:03:10 +0000

    sys/net/if_bridge: support non-INET kernels
    
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/1159
    
    (cherry picked from commit 65767e6126a7e92bc76561b4ffd005cf85ba525e)
    
    if_bridge: Minor style fixes
    
    And more comments on the #ifdef INET blocks to improve readability.
    
    While here, revert the order of two prototypes to produce minimal diff
    compared to stable branches.
    
    (cherry picked from commit 73585176ffd84c13d68cad67c2ca81643f09075c)
---
 sys/net/if_bridge.c | 48 +++++++++++++++++++++++++++++++++---------------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 1b4ac92b62a3..1e6f9b578ee3 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -403,12 +403,14 @@ static int	bridge_ioctl_sproto(struct bridge_softc *, void *);
 static int	bridge_ioctl_stxhc(struct bridge_softc *, void *);
 static int	bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *,
 		    int);
+#ifdef INET
 static int	bridge_ip_checkbasic(struct mbuf **mp);
+static int	bridge_fragment(struct ifnet *, struct mbuf **mp,
+		    struct ether_header *, int, struct llc *);
+#endif /* INET */
 #ifdef INET6
 static int	bridge_ip6_checkbasic(struct mbuf **mp);
 #endif /* INET6 */
-static int	bridge_fragment(struct ifnet *, struct mbuf **mp,
-		    struct ether_header *, int, struct llc *);
 static void	bridge_linkstate(struct ifnet *ifp);
 static void	bridge_linkcheck(struct bridge_softc *sc);
 
@@ -3390,12 +3392,15 @@ bridge_state_change(struct ifnet *ifp, int state)
 static int
 bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 {
-	int snap, error, i, hlen;
+	int snap, error, i;
 	struct ether_header *eh1, eh2;
-	struct ip *ip;
 	struct llc llc1;
 	u_int16_t ether_type;
 	pfil_return_t rv;
+#ifdef INET
+	struct ip *ip = NULL;
+	int hlen = 0;
+#endif
 
 	snap = 0;
 	error = -1;	/* Default error if not error == 0 */
@@ -3436,31 +3441,36 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	}
 
 	/*
-	 * If we're trying to filter bridge traffic, don't look at anything
-	 * other than IP and ARP traffic.  If the filter doesn't understand
-	 * IPv6, don't allow IPv6 through the bridge either.  This is lame
-	 * since if we really wanted, say, an AppleTalk filter, we are hosed,
-	 * but of course we don't have an AppleTalk filter to begin with.
-	 * (Note that since pfil doesn't understand ARP it will pass *ALL*
-	 * ARP traffic.)
+	 * If we're trying to filter bridge traffic, only look at traffic for
+	 * protocols available in the kernel (IPv4 and/or IPv6) to avoid
+	 * passing traffic for an unsupported protocol to the filter.  This is
+	 * lame since if we really wanted, say, an AppleTalk filter, we are
+	 * hosed, but of course we don't have an AppleTalk filter to begin
+	 * with.  (Note that since pfil doesn't understand ARP it will pass
+	 * *ALL* ARP traffic.)
 	 */
 	switch (ether_type) {
+#ifdef INET
 		case ETHERTYPE_ARP:
 		case ETHERTYPE_REVARP:
 			if (V_pfil_ipfw_arp == 0)
 				return (0); /* Automatically pass */
-			break;
 
+			/* FALLTHROUGH */
 		case ETHERTYPE_IP:
+#endif
 #ifdef INET6
 		case ETHERTYPE_IPV6:
 #endif /* INET6 */
 			break;
+
 		default:
 			/*
-			 * Check to see if the user wants to pass non-ip
-			 * packets, these will not be checked by pfil(9) and
-			 * passed unconditionally so the default is to drop.
+			 * We get here if the packet isn't from a supported
+			 * protocol.  Check to see if the user wants to pass
+			 * non-IP packets, these will not be checked by pfil(9)
+			 * and passed unconditionally so the default is to
+			 * drop.
 			 */
 			if (V_pfil_onlyip)
 				goto bad;
@@ -3492,9 +3502,11 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	 */
 	if (dir == PFIL_IN) {
 		switch (ether_type) {
+#ifdef INET
 			case ETHERTYPE_IP:
 				error = bridge_ip_checkbasic(mp);
 				break;
+#endif
 #ifdef INET6
 			case ETHERTYPE_IPV6:
 				error = bridge_ip6_checkbasic(mp);
@@ -3514,6 +3526,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 	 */
 	rv = PFIL_PASS;
 	switch (ether_type) {
+#ifdef INET
 	case ETHERTYPE_IP:
 		/*
 		 * Run pfil on the member interface and the bridge, both can
@@ -3571,6 +3584,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir)
 			ip->ip_sum = in_cksum(*mp, hlen);
 
 		break;
+#endif /* INET */
 #ifdef INET6
 	case ETHERTYPE_IPV6:
 		if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv =
@@ -3628,6 +3642,7 @@ bad:
 	return (error);
 }
 
+#ifdef INET
 /*
  * Perform basic checks on header size since
  * pfil assumes ip_input has already processed
@@ -3728,6 +3743,7 @@ bad:
 	*mp = m;
 	return (-1);
 }
+#endif /* INET */
 
 #ifdef INET6
 /*
@@ -3783,6 +3799,7 @@ bad:
 }
 #endif /* INET6 */
 
+#ifdef INET
 /*
  * bridge_fragment:
  *
@@ -3859,6 +3876,7 @@ dropit:
 	}
 	return (error);
 }
+#endif /* INET */
 
 static void
 bridge_linkstate(struct ifnet *ifp)