git: e57876309dbe - stable/13 - sys/net/if_bridge: support non-INET kernels
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 10 May 2024 14:13:01 UTC
The branch stable/13 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=e57876309dbe0e1ba9fdacc01b8be444bf997996 commit e57876309dbe0e1ba9fdacc01b8be444bf997996 Author: Lexi Winter <lexi@le-Fay.ORG> AuthorDate: 2024-04-23 21:12:57 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2024-05-10 14:10:29 +0000 sys/net/if_bridge: support non-INET kernels Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1159 (cherry picked from commit 65767e6126a7e92bc76561b4ffd005cf85ba525e) if_bridge: Minor style fixes And more comments on the #ifdef INET blocks to improve readability. While here, revert the order of two prototypes to produce minimal diff compared to stable branches. (cherry picked from commit 73585176ffd84c13d68cad67c2ca81643f09075c) (cherry picked from commit d45f1f5193420fac7f9a64c0455991a80e7cb89a) --- sys/net/if_bridge.c | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 82526d848f5e..6dea0f046bfb 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -407,12 +407,14 @@ static int bridge_ioctl_sproto(struct bridge_softc *, void *); static int bridge_ioctl_stxhc(struct bridge_softc *, void *); static int bridge_pfil(struct mbuf **, struct ifnet *, struct ifnet *, int); +#ifdef INET static int bridge_ip_checkbasic(struct mbuf **mp); +static int bridge_fragment(struct ifnet *, struct mbuf **mp, + struct ether_header *, int, struct llc *); +#endif /* INET */ #ifdef INET6 static int bridge_ip6_checkbasic(struct mbuf **mp); #endif /* INET6 */ -static int bridge_fragment(struct ifnet *, struct mbuf **mp, - struct ether_header *, int, struct llc *); static void bridge_linkstate(struct ifnet *ifp); static void bridge_linkcheck(struct bridge_softc *sc); @@ -3282,12 +3284,15 @@ bridge_state_change(struct ifnet *ifp, int state) static int bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) { - int snap, error, i, hlen; + int snap, error, i; struct ether_header *eh1, eh2; - struct ip *ip; struct llc llc1; u_int16_t ether_type; pfil_return_t rv; +#ifdef INET + struct ip *ip = NULL; + int hlen = 0; +#endif snap = 0; error = -1; /* Default error if not error == 0 */ @@ -3328,31 +3333,36 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) } /* - * If we're trying to filter bridge traffic, don't look at anything - * other than IP and ARP traffic. If the filter doesn't understand - * IPv6, don't allow IPv6 through the bridge either. This is lame - * since if we really wanted, say, an AppleTalk filter, we are hosed, - * but of course we don't have an AppleTalk filter to begin with. - * (Note that since pfil doesn't understand ARP it will pass *ALL* - * ARP traffic.) + * If we're trying to filter bridge traffic, only look at traffic for + * protocols available in the kernel (IPv4 and/or IPv6) to avoid + * passing traffic for an unsupported protocol to the filter. This is + * lame since if we really wanted, say, an AppleTalk filter, we are + * hosed, but of course we don't have an AppleTalk filter to begin + * with. (Note that since pfil doesn't understand ARP it will pass + * *ALL* ARP traffic.) */ switch (ether_type) { +#ifdef INET case ETHERTYPE_ARP: case ETHERTYPE_REVARP: if (V_pfil_ipfw_arp == 0) return (0); /* Automatically pass */ - break; + /* FALLTHROUGH */ case ETHERTYPE_IP: +#endif #ifdef INET6 case ETHERTYPE_IPV6: #endif /* INET6 */ break; + default: /* - * Check to see if the user wants to pass non-ip - * packets, these will not be checked by pfil(9) and - * passed unconditionally so the default is to drop. + * We get here if the packet isn't from a supported + * protocol. Check to see if the user wants to pass + * non-IP packets, these will not be checked by pfil(9) + * and passed unconditionally so the default is to + * drop. */ if (V_pfil_onlyip) goto bad; @@ -3384,9 +3394,11 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) */ if (dir == PFIL_IN) { switch (ether_type) { +#ifdef INET case ETHERTYPE_IP: error = bridge_ip_checkbasic(mp); break; +#endif #ifdef INET6 case ETHERTYPE_IPV6: error = bridge_ip6_checkbasic(mp); @@ -3406,6 +3418,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) */ rv = PFIL_PASS; switch (ether_type) { +#ifdef INET case ETHERTYPE_IP: /* * Run pfil on the member interface and the bridge, both can @@ -3460,6 +3473,7 @@ bridge_pfil(struct mbuf **mp, struct ifnet *bifp, struct ifnet *ifp, int dir) ip->ip_sum = in_cksum(*mp, hlen); break; +#endif /* INET */ #ifdef INET6 case ETHERTYPE_IPV6: if (V_pfil_bridge && dir == PFIL_OUT && bifp != NULL && (rv = @@ -3514,6 +3528,7 @@ bad: return (error); } +#ifdef INET /* * Perform basic checks on header size since * pfil assumes ip_input has already processed @@ -3614,6 +3629,7 @@ bad: *mp = m; return (-1); } +#endif /* INET */ #ifdef INET6 /* @@ -3669,6 +3685,7 @@ bad: } #endif /* INET6 */ +#ifdef INET /* * bridge_fragment: * @@ -3745,6 +3762,7 @@ dropit: } return (error); } +#endif /* INET */ static void bridge_linkstate(struct ifnet *ifp)