OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-2.0/] [packages/] [net/] [tcpip/] [v2_0/] [doc/] [bridge.man] - Blame information for rev 174

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 27 unneback
 
2
NAME
3
     bridge - Ethernet bridge interface
4
 
5
SYNOPSIS
6
     pseudo-device bridge 2
7
 
8
DESCRIPTION
9
     The bridge device creates a logical link between two or more Ethernet in
10
     terfaces.  This link between the interfaces selectively forwards frames
11
     from each interface on the bridge to every other interface on the bridge.
12
     A bridge can serve several services, including, isolation of traffic be
13
     tween sets of machines so that traffic local to one set of machines is
14
     not available on the wire of another set of machines, and it can act as a
15
     transparent filter for ip(4) datagrams.
16
 
17
     The bridges provided by this interface are learning bridges with IP fil
18
     tering, see ipf(4).  In general a bridge works like a hub, forwarding
19
     traffic from one interface to another.  It differs from a hub in that it
20
     will "learn" which machines are on each of its attached segments by ac
21
     tively listening to incoming traffic and examining the headers of each
22
     frame.  A table is built containing the MAC address and segment to which
23
     the MAC address is attached.  This allows a bridge to be more selective
24
     about what it forwards, which can be used to reduce traffic on a set of
25
     segments and also to provide an IP firewall without changing the topology
26
     of the network.
27
 
28
     The algorithm works as follows by default, but can be modified via
29
     ioctl(2) or the utility brconfig(8).  When a frame comes in, the origin
30
     segment and the source address are recorded.  If the bridge has no knowl
31
     edge about where the destination is to be found, the bridge will forward
32
     the frame to all attached segments.  If the destination is known to be on
33
     a different segment from its origin, the bridge will forward the packet
34
     only to the destination segment.  If the destination is on the same seg
35
     ment as the origin segment, the bridge will drop the packet because the
36
     receiver has already had a chance to see the frame.  Before forwarding a
37
     frame, the bridge will check to see if the packet contains an ip(4) data
38
     gram; if so, the datagram is run through the ipf(4) interface so that it
39
     can be filtered.  Only the ipf(4) input rules for the source interface
40
     are checked with the datagram; output rules have no effect.
41
 
42
IOCTLS
43
     A bridge interface responds to all of the ioctl(2) calls specific to oth
44
     er interfaces listed in netintro(4).  The following ioctl(2) calls are
45
     specific to bridge devices.  They are defined in <sys/sockio.h>.
46
 
47
     SIOCBRDGIFS      (struct ifbifconf) Retrieve member interface list from a
48
                      bridge.  This request takes an ifbifconf structure (see
49
                      below) as a value-result parameter.  The ifbic_len field
50
                      should be initially set to the size of the buffer point
51
                      ed to by ifbic_buf. On return it will contain the
52
                      length, in bytes, of the configuration list.  Alterna
53
                      tively, if the ifbic_len passed in is set to 0,
54
                      SIOCBRDGIFS will set ifbic_len to the size that
55
                      ifbic_buf needs to be to fit the entire configuration
56
                      list, and will not fill in the other parameters.  This
57
                      is useful for determining the exact size that ifbic_buf
58
                      needs to be in advance.
59
 
60
                      The argument structure is defined as follows:
61
 
62
                            struct ifbreq {
63
                                    char ifbr_name[IFNAMSIZ];    /* brdg nam */
64
                                    char ifbr_ifsname[IFNAMSIZ]; /* if name */
65
                                    u_int32_t ifbr_ifsflags;     /* if flags */
66
                            };
67
 
68
                            #define IFBIF_LEARNING  0x1 /* learns addrs */
69
                            #define IFBIF_DISCOVER  0x2 /* gets fwd'd pkts */
70
 
71
                            struct ifbifconf {
72
                                    char ifbic_name[IFNAMSIZ]; /* brdg name */
73
                                    u_int32_t       ifbic_len; /* buf size */
74
                                    union {
75
                                            caddr_t ifbicu_buf; /* buffer */
76
                                            struct  ifbreq *ifbicu_req;
77
                                    } ifbic_ifbicu;
78
                            #define ifbic_buf       ifbic_ifbicu.ifbicu_buf
79
                            #define ifbic_req       ifbic_ifbicu.ifbicu_req
80
                            };
81
 
82
     SIOCBRDGADD      (struct ifbreq) Add the interface named in ifbr_ifsname
83
                      to the bridge named in ifbr_name.
84
 
85
     SIOCBRDGDEL      (struct ifbreq) Delete the interface named in
86
                      ifbr_ifsname from the bridge named in ifbr_name.
87
 
88
     SIOCBRDGSIFFLGS  (struct ifbreq) Set the bridge member interface flags
89
                      for the interface named in ifbr_ifsname attached to the
90
                      bridge ifbr_name. If the flag IFBIF_LEARNING is set on
91
                      an interface, source addresses from frames received on
92
                      the interface are recorded in the address cache.  If the
93
                      flag IFBIF_DISCOVER is set, the interface will receive
94
                      packets destined for unknown destinations, otherwise a
95
                      frame that has a destination not found in the address
96
                      cache is not forwarded to this interface.  The default
97
                      for newly added interfaces has both flags set.  If the
98
                      flag IFBIF_BLOCKNONIP is set, packets that are one of
99
                      ip(4),  ip6(4),  arp(4),  or Reverse ARP, will not be
100
                      bridged from and to the interface.
101
 
102
     SIOCBRDGGIFFLGS  Retrieve the bridge member interface flags for the in
103
                      terface named in ifbr_ifsname attached to the bridge
104
                      ifbr_name.
105
 
106
     SIOCBRDGRTS      (struct ifbaconf) Retrieve the address cache of the
107
                      bridge named in ifbac_name. This request takes an
108
                      ifbaconf structure (see below) as a value result parame
109
                      ter.  The ifbac_len field should be initially set to the
110
                      size of the buffer pointed to by ifbac_buf. On return,
111
                      it will contain the length, in bytes, of the configura
112
                      tion list.  Alternatively, if the ifbac_len passed in is
113
                      set to 0, SIOCBRDGRTS will set it to the size that
114
                      ifbac_buf needs to be to fit the entire configuration
115
                      list and not fill in the other parameters.  As with
116
                      SIOCBRDGIFS, this is useful for determining the exact
117
                      size that ifbac_buf needs to be in advance.
118
 
119
                      The argument structure is defined as follows:
120
 
121
                            struct ifbareq {
122
                                    char ifba_name[IFNAMSIZ];   /* brdg nam */
123
                                    char ifba_ifsname[IFNAMSIZ];/* dest ifs */
124
                                    u_int8_t ifba_age;          /* addr age */
125
                                    u_int8_t ifba_flags;        /* addr flag */
126
                                    struct ether_addr ifba_dst; /* dst addr */
127
                            };
128
 
129
                            #define IFBAF_TYPEMASK 0x03  /* addr type mask */
130
                            #define IFBAF_DYNAMIC  0x00  /* dynamic addr */
131
                            #define IFBAF_STATIC   0x01  /* static address */
132
 
133
                            struct ifbaconf {
134
                                    char ifbac_name[IFNAMSIZ]; /* brdg name */
135
                                    u_int32_t ifbac_len;       /* buf size */
136
                                    union {
137
                                            caddr_t ifbacu_buf;     /* buf */
138
                                            struct ifbareq *ifbacu_req;
139
                                    } ifbac_ifbacu;
140
                            #define ifbac_buf       ifbac_ifbacu.ifbacu_buf
141
                            #define ifbac_req       ifbac_ifbacu.ifbacu_req
142
                            };
143
                      Address cache entries with the type set to IFBAF_DYNAMIC
144
                      in ifba_flags are entries learned by the bridge.  En
145
                      tries with the type set to IFBAF_STATIC are manually
146
                      added entries.
147
 
148
     SIOCBRDGSADDR    (struct ifbareq) Add an entry, manually, to the address
149
                      cache for the bridge named in ifba_name. The address and
150
                      its associated interface and flags are set in the
151
                      ifba_dst, ifba_ifsname, ifba_flags fields, respectively.
152
 
153
     SIOCBRDGDADDR    (struct ifbareq) Delete an entry from the address cache
154
                      of the bridge named in ifba_name. Entries are deleted
155
                      strictly based on the address field ifba_dst.
156
 
157
     SIOCBRDGSCACHE   (struct ifbcachereq) Set the maximum address cache size
158
                      for the bridge named in ifbc_name to ifbc_size entries.
159
 
160
                      The argument structure is as follows:
161
 
162
                            struct ifbcachereq {
163
                                    char ifbc_name[IFNAMSIZ]; /* bridge */
164
                                    u_int32_t ifbc_size;      /* size */
165
                            };
166
 
167
     SIOCBRDGGCACHE   (struct ifbcachereq) Retrieve the maximum size of the
168
                      address cache for the bridge ifbc_name.
169
 
170
     SIOCBRDGSTO      (struct ifbcachetoreq) Set the time, in seconds, that
171
                      addresses which have not been seen on the network
172
                      (transmitted a packet) remain in the cache.  If the time
173
                      is set to zero, no aging is performed on the address
174
                      cache.  The argument structure is as follows:
175
 
176
                            struct ifbcachetoreq {
177
                                    char ifbct_name[IFNAMSIZ]; /* bridge */
178
                                    u_int32_t ifbct_time;      /* time */
179
                            };
180
 
181
     SIOCBRDGGTO      (struct ifbcachetoreq) Retrieve the address cache expi
182
                      ration time (see above).
183
 
184
     SIOCBRDGFLUSH    (struct ifbreq) Flush addresses from the cache.
185
                      ifbr_name contains the name of the bridge device, and
186
                      ifbr_ifsflags should be set to IFBF_FLUSHALL to flush
187
                      all addresses from the cache or IFBF_FLUSHDYN to flush
188
                      only the dynamically learned addresses from the cache.
189
 
190
     SIOCBRDGARL      (struct ifbrlreq) Add a filtering rule to the bridge
191
                      named in ifbr_name on the interface named in
192
                      ifbr_ifsname. The argument structure is as follows:
193
 
194
                            struct ifbrlreq {
195
                                    char ifbr_name[IFNAMSIZ];    /* bridge */
196
                                    char ifbr_ifsname[IFNAMSIZ]; /* ifs */
197
                                    u_int8_t ifbr_action;        /* handling */
198
                                    u_int8_t ifbr_flags;         /* flags */
199
                                    struct ether_addr ifbr_src;  /* src mac */
200
                                    struct ether_addr ifbr_dst;  /* dst mac */
201
                            };
202
                            #define BRL_ACTION_BLOCK        0x01
203
                            #define BRL_ACTION_PASS         0x02
204
                            #define BRL_FLAG_IN             0x08
205
                            #define BRL_FLAG_OUT            0x04
206
                            #define BRL_FLAG_SRCVALID       0x02
207
                            #define BRL_FLAG_DSTVALID       0x01
208
 
209
                      Rules are applied in the order in which they were added
210
                      to the bridge, and the first matching rule's action pa
211
                      rameter determines the fate of the packet.  The
212
                      ifbr_action parameter specifies whether a frame matching
213
                      the rule is to be blocked or passed.
214
 
215
                      If the BRL_FLAG_IN bit is set in ifbr_flags, then the
216
                      rule applies to frames received by the interface.  If
217
                      the BRL_FLAG_OUT bit is set, then the rule applies to
218
                      frame transmitted by the interface.  At least one of
219
                      BRL_FLAG_IN or BRL_FLAG_OUT must be set.
220
 
221
                      The source ethernet address in ifbr_src is checked if
222
                      the BRL_FLAG_SRCVALID bit is set in ifbr_flags. The des
223
                      tination address in ifbr_dst is check if the
224
                      BRL_FLAG_DSTVALID bit is set.  If neither bit is set,
225
                      the rule is matches all frames.
226
 
227
     SIOCBRDGFRL      (struct ifbrlreq) Remove all filtering rules from a
228
                      bridge interface member.  ifbr_name contains the name of
229
                      the bridge device, and ifbr_ifsname contains the name of
230
                      the bridge member interface.
231
 
232
     SIOCBRDGGRL      (struct ifbrlconf) Retrieve all of the rules from the
233
                      bridge, ifbrl_name, for the member interface,
234
                      ifbrl_ifsname.
235
 
236
                      This request takes an ifbrlconf structure (see below) as
237
                      a value result parameter.  The ifbrl_len field should be
238
                      initially set to the size of the buffer pointed to by
239
                      ifbrl_buf. On return, it will contain the length, in
240
                      bytes, of the configuration list.  Alternatively, if the
241
                      ifbrl_len passed in is set to 0, SIOCBRDGGRL will set it
242
                      to the size that ifbrl_buf needs to be to fit the entire
243
                      configuration list and not fill in the other parameters.
244
                      As with SIOCBRDGIFS, this is useful for determining the
245
                      exact size that ifbrl_buf needs to be in advance.
246
 
247
                      The argument structure is defined as follows:
248
 
249
                            struct ifbrlconf {
250
                                    char ifbrl_name[IFNAMSIZ];   /* brdg nam */
251
                                    char ifbrl_ifsname[IFNAMSIZ];/* ifs name */
252
                                    u_int32_t ifbr_len;         /* buf len */
253
                                    union {
254
                                            caddr_t ifbrlu_buf;
255
                                            struct ifbrlreq *ifbrlu_req;
256
                                    } ifrl_ifbrlu;
257
                            #define ifbrl_buf ifbrl_ifbrlu.ifbrlu_buf
258
                            #define ifbrl_req ifbrl_ifbrlu.ifbrlu_req
259
                            };
260
 
261
 
262
ERRORS
263
     If the ioctl(2) call fails, errno(2) is set to one of the following val
264
     ues:
265
 
266
     [ENOENT]      For an add request, this means that the named interface is
267
                   not configured into the system.  For delete operation, it
268
                   means that the named interface is not a member of the
269
                   bridge.  For a address cache deletion, the address was not
270
                   found in the table.
271
 
272
     [ENOMEM]      Memory could not be allocated for an interface or cache en
273
                   try to be added to the bridge.
274
 
275
     [EEXIST]      The named interface is already a member of the bridge.
276
 
277
     [EBUSY]       The named interface is already a member of another bridge.
278
 
279
     [EINVAL]      The named interface is not an Ethernet interface or an in
280
                   valid ioctl was performed on the bridge.
281
 
282
     [ENETDOWN]    Address cache operation (flush, add, delete) on a bridge
283
                   that is in the down state.
284
 
285
     [EPERM]       Super-user privilege is required to add and delete inter
286
                   faces to and from bridges and to set the bridge interface
287
                   flags.
288
 
289
     [EFAULT]      The buffer used in a SIOCBRDGIFS or SIOCBRDGRTS request
290
 
291
                   points outside of the process's allocated address space.
292
 
293
     [ESRCH]       No such member interface in the bridge.
294
 
295
SEE ALSO
296
     errno(2),  ioctl(2),  ip(4),  ipf(4),  netintro(4),  bridgename.if(5),
297
     brconfig(8)
298
 
299
HISTORY
300
     The brconfig(8) command and the bridge(4) kernel interface first appeared
301
     in
302
 
303
AUTHOR
304
     The brconfig(8) command and the bridge(4) kernel interface were written
305
     by Jason L. Wright <jason@thought.net> as part of an undergraduate inde
306
     pendent study at the University of North Carolina at Greensboro.
307
 
308
BUGS
309
     There is currently no loop detection.  Care must be taken to make sure
310
     that loops are not created when a bridge is brought up.
311
 
312
     Only ipf(4) input rules are checked with incoming packet; there is no
313
     easy way to handle output rules.
314
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.