Ethernet bridge/IP firewall driver.

2 files changed, 154 insertions, 3 deletions

diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile
index 6817090447a..071c25c6ee2 100644
--- a/share/man/man4/Makefile
+++ b/share/man/man4/Makefile
@@ -1,8 +1,8 @@
-#	$OpenBSD: Makefile,v 1.60 1999/01/11 15:02:03 niklas Exp $
+#	$OpenBSD: Makefile,v 1.61 1999/02/26 17:01:35 jason Exp $
 #	$NetBSD: Makefile,v 1.22.4.2 1996/07/18 00:51:10 jtc Exp $
 
-MAN=	atalk.4 audio.4 acd.4 adv.4 ahc.4 bpf.4 ccd.4 cd.4 ch.4 clnp.4 cltp.4 \
-	ddb.4 de.4 drum.4 eap.4 ec.4 ep.4 esis.4 exphy.4 fd.4 \
+MAN=	atalk.4 audio.4 acd.4 adv.4 ahc.4 bpf.4 bridge.4 ccd.4 cd.4 ch.4 \
+	clnp.4 cltp.4 ddb.4 de.4 drum.4 eap.4 ec.4 ep.4 esis.4 exphy.4 fd.4 \
 	ffs_softupdates.4 fpa.4 fxp.4 icmp.4 icsphy.4 idp.4 ifmedia.4 imp.4 \
 	inet.4 inphy.4 ip.4 ipl.4 ipsec.4 isapnp.4 iso.4 isp.4 ksyms.4 lkm.4 \
 	lo.4 lxtphy.4 midi.4 mii.4 mtdphy.4 mtio.4 mx.4 ncr.4 ne.4 netintro.4 \
diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4
new file mode 100644
index 00000000000..d09099bb1d4
--- /dev/null
+++ b/share/man/man4/bridge.4
@@ -0,0 +1,151 @@
+.\"	$OpenBSD: bridge.4,v 1.1 1999/02/26 17:01:36 jason Exp $
+.\"
+.\" Copyright (c) 1999 Jason L. Wright (jason@thought.net)
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by Jason L. Wright
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd January 14, 1999
+.Dt BRIDGE 4
+.Os
+.Sh NAME
+.Nm bridge
+.Nd Ethernet bridge interface
+.Sh SYNOPSIS
+.Cd pseudo-device bridge 2
+.Sh DESCRIPTION
+The
+.Nm bridge
+device allows an Ethernet bridge to be created between two or more interfaces.
+The bridges provided by this interface are learning bridges with the ability
+to do IP filtering, see
+.Xr ipf 4 ,
+before packets are forwarded by the bridge.
+.Sh IOCTLS
+A
+.Nm bridge
+interface responds to all of the
+.Xr ioctl 2
+calls specific to other interfaces listed in
+.Xr netintro 4 .
+The following 
+.Xr ioctl 2
+calls are specific to
+.Nm bridge
+devices.
+They are defined in
+.Aq Pa sys/sockio.h .
+.Pp
+.Bl -tag -width SIOCBRDGIDX
+.It Dv SIOCBRDGIDX
+.Pq Li "struct ifbreq"
+Retrieve a member interface from a bridge by index number (zero based).
+The argument structure is defined as follows:
+.Bd -literal -offset indent
+struct ifbreq {
+	char ifbname[IFNAMSIZ]; /* bridge interface */
+	char ifsname[IFNAMSIZ]; /* member interface */
+	u_int32_t index;        /* interface index */
+};
+.Ed
+.Pp
+To get a list of interface members, set index to zero, and perform sucessive
+.Xr ioctl 2
+calls with increasing values of index.  When the call returns ENOENT,
+there are no more interface members.
+.It Dv SIOCBRDGADD
+.Pq Li "struct ifbreq"
+Add the interface named in ifsname to the bridge named in ifbname.
+.It Dv SIOCBRDGDEL
+.Pq Li "struct ifbreq"
+Delete the interface named in ifsname from the bridge named in ifbname.
+.It Dv SIOCBRDGRT
+.Pq Li "struct ifbrtreq"
+Retrieve a list of routes by index number (zero based).
+The argument structure is defined as follows:
+.Bd -literal -offset indent
+struct ifbrtreq {
+	char ifbname[IFNAMSIZ]; /* bridge interface */
+	u_int32_t index;        /* iteration index */
+	struct ether_addr dst;  /* destination addr */
+	char ifsname[IFNAMSIZ]; /* destination ifs */   
+	u_int16_t age;          /* route age */
+};
+.El
+.Sh ERRORS
+If the
+.Xr ioctl 2
+call fails,
+.Xr errno 2
+is set to one of the following values:
+.Bl -tag -width Er
+.It Bq Eq ENOENT
+For an add request, this means that the named interface is not configured
+into the system.
+For delete operation, it means that the named interface is not a member
+of the bridge.
+For an interface list or route list request, it means
+that there is no route or interface that corresponds to the given index
+number.
+.It Bq Eq ENOMEM
+Memory could not be allocated for an interface to be added to the bridge.
+.It Bq Eq EEXIST
+The named interface is already a member of the bridge.
+.It Bq Eq EBUSY
+The named interface is already a member of another bridge.
+.It Bq Eq EINVAL
+The named interface is not an Ethernet interface.
+.It Bq Eq ENETDOWN
+The named interface is not ready for receiving packets.
+.It Bq Eq EPERM
+Super-user privilege is required to add and delete interfaces to and from
+bridges and to set the bridge interface flags.
+.El
+.Sh SEE ALSO
+.Xr errno 2 ,
+.Xr ioctl 2 ,
+.Xr ipf 4 ,
+.Xr netintro 4 ,
+.Xr brconfig 8
+.Sh AUTHOR
+The
+.Xr brconfig 8
+command and the
+.Xr bridge 4
+kernel interface were written by Jason L. Wright <jason@thought.net> as
+part of an undergraduate indenpendent study
+at the University of North Carolina at Greensboro.
+.Sh BUGS
+There is currently no loop detection.  Care must be taken to make sure
+that loops are not created when a bridge is brought up.
+.Sh HISTORY
+The
+.Xr brconfig 8
+command and the
+.Xr bridge 4
+kernel interface first appeared in
+.Ox 2.5 .