big overhaul:

o SNAP encapsulated IP filtering
o static address cache entries
o address deletion from cache
o dynamic & full cache flush
o filter packets based on each interface, not on the bridge as a whole
o KNF nits
o allow addition of ~IFF_UP interfaces
o man page & user level fixes to match the above

2 files changed, 165 insertions, 16 deletions

diff --git a/usr.sbin/brconfig/brconfig.8 b/usr.sbin/brconfig/brconfig.8
index 0ea89687926..453d5baa589 100644
--- a/usr.sbin/brconfig/brconfig.8
+++ b/usr.sbin/brconfig/brconfig.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: brconfig.8,v 1.6 1999/03/05 22:09:19 jason Exp $
+.\"	$OpenBSD: brconfig.8,v 1.7 1999/03/12 02:40:43 jason Exp $
 .\"
 .\" Copyright (c) 1999 Jason L. Wright (jason@thought.net)
 .\" All rights reserved.
@@ -47,6 +47,10 @@
 .Op Ar delete interface-name
 .Op Ar maxaddr size
 .Op Ar timeout time
+.Op Ar static interface-name address
+.Op Ar deladdr address
+.Op Ar flush
+.Op Ar flushall
 .Op Ar link0
 .Op Ar link1
 .Op Ar -link0
@@ -78,11 +82,6 @@ Display the addresses that have been learned by the bridge.
 Add the interface named by
 .Ar interface-name
 as a member of the bridge.
-The interface must already be ready for packet
-reception, (ie. it must be in the
-.Cm up
-state, see
-.Xr ifconfig 8 )
 The interface is put into promiscuous mode so
 that it can receive every packet sent on the
 network.
@@ -105,6 +104,17 @@ The default is 240 seconds.
 If
 .Cm time
 is set to zero, then entries will not be expired.
+.It Ar static interface-name address
+Add a static entry into the address cache pointing to
+.Cm interface-name .
+Static entries are never aged out of the cache or replaced if the address
+is seen on a different interface.
+.It Ar deladdr address
+Delete an address from the cache.
+.It Ar flush
+Remove all dynamically learned addresses from the cache.
+.It Ar flushall
+Remove all addresses from the cache including static addresses.
 .It Ar link0
 Setting this flag stops all non-IP multicast packets from
 being forwarded by the bridge.
@@ -122,16 +132,16 @@ flag on the bridge interface.
 .El
 .Sh EXAMPLES
 .Bl -tag -width brconfig
-.It Cm brconfig bridge0 add pn0 add mx0 up
-Add the Ethernet interfaces pn0 and mx0 to the bridge bridge0, and
+.It Cm brconfig bridge0 add rl0 add xl0 up
+Add the Ethernet interfaces rl0 and xl0 to the bridge bridge0, and
 start the bridge forwarding packets.
 .It Cm brconfig bridge0
 Retrieve a list of interfaces that are members of bridge0, and the addresses
 learned by the bridge.
 .It Cm brconfig bridge0 down
 Stop bridge0 from forwarding packets.
-.It Cm brconfig bridge0 delete pn0
-Remove the interface pn0 from the bridge bridge0.
+.It Cm brconfig bridge0 delete xl0
+Remove the interface xl0 from the bridge bridge0.
 .El
 .Sh SEE ALSO
 .Xr ifconfig 8 ,
diff --git a/usr.sbin/brconfig/brconfig.c b/usr.sbin/brconfig/brconfig.c
index c7cda0f9dcc..362f931a9ff 100644
--- a/usr.sbin/brconfig/brconfig.c
+++ b/usr.sbin/brconfig/brconfig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: brconfig.c,v 1.5 1999/03/08 13:06:36 jason Exp $	*/
+/*	$OpenBSD: brconfig.c,v 1.6 1999/03/12 02:40:43 jason Exp $	*/
 
 /*
  * Copyright (c) 1999 Jason L. Wright (jason@thought.net)
@@ -55,8 +55,12 @@ int bridge_setflag(int, char *, short);
 int bridge_clrflag(int, char *, short);
 int bridge_list(int, char *, char *);
 int bridge_addrs(int, char *, char *);
+int bridge_addaddr(int, char *, char *, char *);
+int bridge_deladdr(int, char *, char *);
 int bridge_maxaddr(int, char *, char *);
 int bridge_timeout(int, char *, char *);
+int bridge_flush(int, char *);
+int bridge_flushall(int, char *);
 int bridge_add(int, char *, char *);
 int bridge_delete(int, char *, char *);
 int bridge_status(int, char *);
@@ -69,7 +73,7 @@ void printb(char *, unsigned short, char *);
 "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6NOTRAILERS\7RUNNING\10NOARP\
 \11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2\20MULTICAST"
 
-#define	IFBABITS	"\020\1BLACKHOLE\2STATIC\3DYNAMIC"
+#define	IFBABITS	"\020\1STATIC"
 
 void
 usage() {
@@ -143,6 +147,37 @@ main(argc, argv)
 			if (error)
 				return (error);
 		}
+		else if (strcmp("flush", argv[0]) == 0) {
+			error = bridge_flush(sock, brdg);
+			if (error)
+				return (error);
+		}
+		else if (strcmp("flushall", argv[0]) == 0) {
+			error = bridge_flushall(sock, brdg);
+			if (error)
+				return (error);
+		}
+		else if (strcmp("static", argv[0]) == 0) {
+			argc--; argv++;
+			if (argc < 2) {
+				warnx("static requires 2 arguments");
+				return (EX_USAGE);
+			}
+			error = bridge_addaddr(sock, brdg, argv[0], argv[1]);
+			if (error)
+				return (error);
+			argc--; argv++;
+		}
+		else if (strcmp("deladdr", argv[0]) == 0) {
+			argc--; argv++;
+			if (argc == 0) {
+				warnx("deladdr requires an argument");
+				return (EX_USAGE);
+			}
+			error = bridge_deladdr(sock, brdg, argv[0]);
+			if (error)
+				return (error);
+		}
 		else if (strcmp("link0", argv[0]) == 0) {
 			error = bridge_setflag(sock, brdg, IFF_LINK0);
 			if (error)
@@ -294,6 +329,58 @@ bridge_clrflag(s, brdg, f)
 }
 
 int
+bridge_flushall(s, brdg)
+	int s;
+	char *brdg;
+{
+	struct ifreq ifr;
+
+	strncpy(ifr.ifr_name, brdg, sizeof(ifr.ifr_name) - 1);
+	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
+	if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
+		warn("ioctl(SIOCGIFFLAGS)");
+		return (EX_IOERR);
+	}
+
+	if ((ifr.ifr_flags & IFF_UP) == 0)
+		return (0);
+
+	strncpy(ifr.ifr_name, brdg, sizeof(ifr.ifr_name) - 1);
+	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
+	ifr.ifr_flags &= ~IFF_UP;
+	if (ioctl(s, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+		warn("ioctl(SIOCSIFFLAGS)");
+		return (EX_IOERR);
+	}
+
+	strncpy(ifr.ifr_name, brdg, sizeof(ifr.ifr_name) - 1);
+	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
+	ifr.ifr_flags |= IFF_UP;
+	if (ioctl(s, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+		warn("ioctl(SIOCSIFFLAGS)");
+		return (EX_IOERR);
+	}
+
+	return (0);
+}
+
+int
+bridge_flush(s, brdg)
+	int s;
+	char *brdg;
+{
+	struct ifbreq req;
+
+	strncpy(req.ifbr_name, brdg, sizeof(req.ifbr_name) - 1);
+	req.ifbr_name[sizeof(req.ifbr_name) - 1] = '\0';
+	if (ioctl(s, SIOCBRDGFLUSH, &req) < 0) {
+		warn("ioctl(SIOCBRDGFLUSH)");
+		return (EX_IOERR);
+	}
+	return (0);
+}
+
+int
 bridge_list(s, brdg, delim)
 	int s;
 	char *brdg, *delim;
@@ -417,13 +504,67 @@ bridge_maxaddr(s, brdg, arg)
 }
 
 int
+bridge_deladdr(s, brdg, addr)
+	int s;
+	char *brdg, *addr;
+{
+	struct ifbareq ifba;
+	struct ether_addr *ea;
+
+	strncpy(ifba.ifba_name, brdg, sizeof(ifba.ifba_name) - 1);
+	ifba.ifba_name[sizeof(ifba.ifba_name) - 1] = '\0';
+	ea = ether_aton(addr);
+	if (ea == NULL) {
+		warnx("Invalid address: %s", addr);
+		return (EX_USAGE);
+	}
+	bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
+
+	if (ioctl(s, SIOCBRDGDADDR, &ifba) < 0) {
+		warn("ioctl(SIOCBRDGDADDR)");
+		return (EX_IOERR);
+	}
+
+	return (0);
+}
+
+int
+bridge_addaddr(s, brdg, ifname, addr)
+	int s;
+	char *brdg, *ifname, *addr;
+{
+	struct ifbareq ifba;
+	struct ether_addr *ea;
+
+	strncpy(ifba.ifba_name, brdg, sizeof(ifba.ifba_name) - 1);
+	ifba.ifba_name[sizeof(ifba.ifba_name) - 1] = '\0';
+	strncpy(ifba.ifba_ifsname, ifname, sizeof(ifba.ifba_ifsname) - 1);
+	ifba.ifba_ifsname[sizeof(ifba.ifba_ifsname) - 1] = '\0';
+
+	ea = ether_aton(addr);
+	if (ea == NULL) {
+		warnx("Invalid address: %s", addr);
+		return (EX_USAGE);
+	}
+	bcopy(ea, &ifba.ifba_dst, sizeof(struct ether_addr));
+	ifba.ifba_flags = IFBAF_STATIC;
+
+	if (ioctl(s, SIOCBRDGSADDR, &ifba) < 0) {
+		warn("ioctl(SIOCBRDGSADDR)");
+		return (EX_IOERR);
+	}
+
+	return (0);
+}
+
+int
 bridge_addrs(s, brdg, delim)
 	int s;
 	char *brdg, *delim;
 {
 	struct ifbaconf ifbac;
 	struct ifbareq *ifba;
-	char *inbuf = NULL, buf[sizeof(ifba->ifba_name) + 1];
+	char *inbuf = NULL, buf[sizeof(ifba->ifba_ifsname) + 1];
 	int i, len = 8192;
 
 	while (1) {
@@ -446,12 +587,10 @@ bridge_addrs(s, brdg, delim)
 	for (i = 0; i < ifbac.ifbac_len / sizeof(*ifba); i++) {
 		ifba = ifbac.ifbac_req + i;
 		bzero(buf, sizeof(buf));
-		strncpy(buf, ifba->ifba_name, sizeof(ifba->ifba_name));
+		strncpy(buf, ifba->ifba_ifsname, sizeof(ifba->ifba_ifsname));
 		printf("%s%s %s %u ", delim, ether_ntoa(&ifba->ifba_dst),
 		    buf, ifba->ifba_age);
-#if 0
 		printb("flags", ifba->ifba_flags, IFBABITS);
-#endif
 		printf("\n");
 	}