经过NF_BR_LOCAL_IN hook点会执行br_handle_local_finish函数。
static int br_handle_local_finish(struct sk_buff *skb)
{
struct net_bridge_port *p = br_port_get_rcu(skb->dev);
u16 vid = 0;
/*获取skb的vlan id(3.10的bridge支持vlan)*/
br_vlan_get_tag(skb, &vid);
/*更新bridge的mac表,注意vlan id也是参数,说明每个vlan有一个独立的mac表*/
br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid);
return 0; /* process further */
}
经过NF_BR_PRE_ROUTING hook点会执行br_handle_frame_finish函数。
br_handle_frame_finish
int br_handle_frame_finish(struct sk_buff *skb) { const unsigned char *dest = eth_hdr(skb)->h_dest; struct net_bridge_port *p = br_port_get_rcu(skb->dev); struct net_bridge *br; struct net_bridge_fdb_entry *dst; struct net_bridge_mdb_entry *mdst; struct sk_buff *skb2; u16 vid = 0; if (!p || p->state == BR_STATE_DISABLED) goto drop; /*这个判断主要是vlan的相关检查,如是否和接收接口配置的vlan相同*/ if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb, &vid)) goto out; /* insert into forwarding database after filtering to avoid spoofing */ br = p->br; /*更新转发数据库*/ br_fdb_update(br, p, eth_hdr(skb)->h_source, vid); /*多播mac的处理*/ if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) && br_multicast_rcv(br, p, skb)) goto drop; if (p->state == BR_STATE_LEARNING) goto drop; BR_INPUT_SKB_CB(skb)->brdev = br->dev; /* The packet skb2 goes to the local host (NULL to skip). */ skb2 = NULL; /*如果网桥被设置为混杂模式*/ if (br->dev->flags & IFF_PROMISC) skb2 = skb; dst = NULL; /*如果skb的目的mac是广播*/ if (is_broadcast_ether_addr(dest)) skb2 = skb; else if (is_multicast_ether_addr(dest)) { /*多播*/ mdst = br_mdb_get(br, skb, vid); if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { if ((mdst && mdst->mglist) || br_multicast_is_router(br)) skb2 = skb; br_multicast_forward(mdst, skb, skb2); skb = NULL; if (!skb2) goto out; } else skb2 = skb; br->dev->stats.multicast++; } else if ((dst = __br_fdb_get(br, dest, vid)) && dst->is_local) {/*目的地址是本机mac,则发往本机协议栈*/ skb2 = skb; /* Do not forward the packet since it's local. */ skb = NULL; } if (skb) { if (dst) { dst->used = jiffies; br_forward(dst->dst, skb, skb2); //转发给目的接口 } else br_flood_forward(br, skb, skb2); //找不到目的接口则广播 } if (skb2) return br_pass_frame_up(skb2); //发往本机协议栈 out: return 0; drop: kfree_skb(skb); goto out; } |
我们先看发往本机协议栈的函数br_pass_frame_up。
br_pass_frame_up
static int br_pass_frame_up(struct sk_buff *skb) { struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev; struct net_bridge *br = netdev_priv(brdev); //更新统计计数(略) /* Bridge is just like any other port. Make sure the * packet is allowed except in promisc modue when someone * may be running packet capture. */ if (!(brdev->flags & IFF_PROMISC) && !br_allowed_egress(br, br_get_vlan_info(br), skb)) { kfree_skb(skb); //如果不是混杂模式且vlan处理不合要求则丢弃 return NET_RX_DROP; } //vlan处理逻辑 skb = br_handle_vlan(br, br_get_vlan_info(br), skb); if (!skb) return NET_RX_DROP; indev = skb->dev; skb->dev = brdev; //重点,这里修改了skb->dev为bridge //经过NF_BR_LOCAL_IN再次进入协议栈 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, netif_receive_skb); } |
再次进入netif_receive_skb,由于skb-dev被设置成了bridge,而bridge设备的rx_handler函数是没有被设置的,所以就不会再次进入bridge逻辑,而直接进入了主机上层协议栈。
下面看转发逻辑,转发逻辑主要在br_forward函数中,而br_forward主要调用__br_forward函数。
__br_forward
static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) { struct net_device *indev; //vlan处理 skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb); if (!skb) return; indev = skb->dev; skb->dev = to->dev; //skb->dev设置为出口设备dev skb_forward_csum(skb); //经过NF_BR_FORWARD hook点,调用br_forward_finish NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, br_forward_finish); } |
br_forward_finish
int br_dev_queue_push_xmit(struct sk_buff *skb) { /* ip_fragment doesn't copy the MAC header */ if (nf_bridge_maybe_copy_header(skb) || (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb))) { kfree_skb(skb); } else { skb_push(skb, ETH_HLEN); br_drop_fake_rtable(skb); dev_queue_xmit(skb); //发送到链路层 } return 0; } |
Skb进入dev_queue_xmit就会调用相应设备驱动的发送函数。也就出了bridge逻辑。所以整个3.10kernel的bridge转发逻辑如下图所示:
注意,和2.6kernel一样,bridge的OUTPUT hook点在bridge dev的发送函数中,这里不再分析列出。
