1 /* 2 * Forwarding decision 3 * Linux ethernet bridge 4 * 5 * Authors: 6 * Lennert Buytenhek <buytenh@gnu.org> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 */ 13 14 #include <linux/err.h> 15 #include <linux/slab.h> 16 #include <linux/kernel.h> 17 #include <linux/netdevice.h> 18 #include <linux/netpoll.h> 19 #include <linux/skbuff.h> 20 #include <linux/if_vlan.h> 21 #include <linux/netfilter_bridge.h> 22 #include "br_private.h" 23 24 static int deliver_clone(const struct net_bridge_port *prev, 25 struct sk_buff *skb, 26 void (*__packet_hook)(const struct net_bridge_port *p, 27 struct sk_buff *skb)); 28 29 /* Don't forward packets to originating port or forwarding disabled */ 30 static inline int should_deliver(const struct net_bridge_port *p, 31 const struct sk_buff *skb) 32 { 33 return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && 34 br_allowed_egress(p->br, nbp_get_vlan_info(p), skb) && 35 p->state == BR_STATE_FORWARDING; 36 } 37 38 int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb) 39 { 40 if (!is_skb_forwardable(skb->dev, skb)) { 41 kfree_skb(skb); 42 } else { 43 skb_push(skb, ETH_HLEN); 44 br_drop_fake_rtable(skb); 45 dev_queue_xmit(skb); 46 } 47 48 return 0; 49 } 50 EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit); 51 52 int br_forward_finish(struct sock *sk, struct sk_buff *skb) 53 { 54 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, sk, skb, 55 NULL, skb->dev, 56 br_dev_queue_push_xmit); 57 58 } 59 EXPORT_SYMBOL_GPL(br_forward_finish); 60 61 static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 62 { 63 skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb); 64 if (!skb) 65 return; 66 67 skb->dev = to->dev; 68 69 if (unlikely(netpoll_tx_running(to->br->dev))) { 70 if (!is_skb_forwardable(skb->dev, skb)) 71 kfree_skb(skb); 72 else { 73 skb_push(skb, ETH_HLEN); 74 br_netpoll_send_skb(to, skb); 75 } 76 return; 77 } 78 79 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb, 80 NULL, skb->dev, 81 br_forward_finish); 82 } 83 84 static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) 85 { 86 struct net_device *indev; 87 88 if (skb_warn_if_lro(skb)) { 89 kfree_skb(skb); 90 return; 91 } 92 93 skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb); 94 if (!skb) 95 return; 96 97 indev = skb->dev; 98 skb->dev = to->dev; 99 skb_forward_csum(skb); 100 101 NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, NULL, skb, 102 indev, skb->dev, 103 br_forward_finish); 104 } 105 106 /* called with rcu_read_lock */ 107 void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 108 { 109 if (to && should_deliver(to, skb)) { 110 __br_deliver(to, skb); 111 return; 112 } 113 114 kfree_skb(skb); 115 } 116 EXPORT_SYMBOL_GPL(br_deliver); 117 118 /* called with rcu_read_lock */ 119 void br_forward(const struct net_bridge_port *to, struct sk_buff *skb, struct sk_buff *skb0) 120 { 121 if (should_deliver(to, skb)) { 122 if (skb0) 123 deliver_clone(to, skb, __br_forward); 124 else 125 __br_forward(to, skb); 126 return; 127 } 128 129 if (!skb0) 130 kfree_skb(skb); 131 } 132 133 static int deliver_clone(const struct net_bridge_port *prev, 134 struct sk_buff *skb, 135 void (*__packet_hook)(const struct net_bridge_port *p, 136 struct sk_buff *skb)) 137 { 138 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; 139 140 skb = skb_clone(skb, GFP_ATOMIC); 141 if (!skb) { 142 dev->stats.tx_dropped++; 143 return -ENOMEM; 144 } 145 146 __packet_hook(prev, skb); 147 return 0; 148 } 149 150 static struct net_bridge_port *maybe_deliver( 151 struct net_bridge_port *prev, struct net_bridge_port *p, 152 struct sk_buff *skb, 153 void (*__packet_hook)(const struct net_bridge_port *p, 154 struct sk_buff *skb)) 155 { 156 int err; 157 158 if (!should_deliver(p, skb)) 159 return prev; 160 161 if (!prev) 162 goto out; 163 164 err = deliver_clone(prev, skb, __packet_hook); 165 if (err) 166 return ERR_PTR(err); 167 168 out: 169 return p; 170 } 171 172 /* called under bridge lock */ 173 static void br_flood(struct net_bridge *br, struct sk_buff *skb, 174 struct sk_buff *skb0, 175 void (*__packet_hook)(const struct net_bridge_port *p, 176 struct sk_buff *skb), 177 bool unicast) 178 { 179 struct net_bridge_port *p; 180 struct net_bridge_port *prev; 181 182 prev = NULL; 183 184 list_for_each_entry_rcu(p, &br->port_list, list) { 185 /* Do not flood unicast traffic to ports that turn it off */ 186 if (unicast && !(p->flags & BR_FLOOD)) 187 continue; 188 189 /* Do not flood to ports that enable proxy ARP */ 190 if (p->flags & BR_PROXYARP) 191 continue; 192 if ((p->flags & BR_PROXYARP_WIFI) && 193 BR_INPUT_SKB_CB(skb)->proxyarp_replied) 194 continue; 195 196 prev = maybe_deliver(prev, p, skb, __packet_hook); 197 if (IS_ERR(prev)) 198 goto out; 199 } 200 201 if (!prev) 202 goto out; 203 204 if (skb0) 205 deliver_clone(prev, skb, __packet_hook); 206 else 207 __packet_hook(prev, skb); 208 return; 209 210 out: 211 if (!skb0) 212 kfree_skb(skb); 213 } 214 215 216 /* called with rcu_read_lock */ 217 void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast) 218 { 219 br_flood(br, skb, NULL, __br_deliver, unicast); 220 } 221 222 /* called under bridge lock */ 223 void br_flood_forward(struct net_bridge *br, struct sk_buff *skb, 224 struct sk_buff *skb2, bool unicast) 225 { 226 br_flood(br, skb, skb2, __br_forward, unicast); 227 } 228 229 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING 230 /* called with rcu_read_lock */ 231 static void br_multicast_flood(struct net_bridge_mdb_entry *mdst, 232 struct sk_buff *skb, struct sk_buff *skb0, 233 void (*__packet_hook)( 234 const struct net_bridge_port *p, 235 struct sk_buff *skb)) 236 { 237 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; 238 struct net_bridge *br = netdev_priv(dev); 239 struct net_bridge_port *prev = NULL; 240 struct net_bridge_port_group *p; 241 struct hlist_node *rp; 242 243 rp = rcu_dereference(hlist_first_rcu(&br->router_list)); 244 p = mdst ? rcu_dereference(mdst->ports) : NULL; 245 while (p || rp) { 246 struct net_bridge_port *port, *lport, *rport; 247 248 lport = p ? p->port : NULL; 249 rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : 250 NULL; 251 252 port = (unsigned long)lport > (unsigned long)rport ? 253 lport : rport; 254 255 prev = maybe_deliver(prev, port, skb, __packet_hook); 256 if (IS_ERR(prev)) 257 goto out; 258 259 if ((unsigned long)lport >= (unsigned long)port) 260 p = rcu_dereference(p->next); 261 if ((unsigned long)rport >= (unsigned long)port) 262 rp = rcu_dereference(hlist_next_rcu(rp)); 263 } 264 265 if (!prev) 266 goto out; 267 268 if (skb0) 269 deliver_clone(prev, skb, __packet_hook); 270 else 271 __packet_hook(prev, skb); 272 return; 273 274 out: 275 if (!skb0) 276 kfree_skb(skb); 277 } 278 279 /* called with rcu_read_lock */ 280 void br_multicast_deliver(struct net_bridge_mdb_entry *mdst, 281 struct sk_buff *skb) 282 { 283 br_multicast_flood(mdst, skb, NULL, __br_deliver); 284 } 285 286 /* called with rcu_read_lock */ 287 void br_multicast_forward(struct net_bridge_mdb_entry *mdst, 288 struct sk_buff *skb, struct sk_buff *skb2) 289 { 290 br_multicast_flood(mdst, skb, skb2, __br_forward); 291 } 292 #endif 293