1 /* 2 * Forwarding decision 3 * Linux ethernet bridge 4 * 5 * Authors: 6 * Lennert Buytenhek <buytenh@gnu.org> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 */ 13 14 #include <linux/err.h> 15 #include <linux/slab.h> 16 #include <linux/kernel.h> 17 #include <linux/netdevice.h> 18 #include <linux/netpoll.h> 19 #include <linux/skbuff.h> 20 #include <linux/if_vlan.h> 21 #include <linux/netfilter_bridge.h> 22 #include "br_private.h" 23 24 static int deliver_clone(const struct net_bridge_port *prev, 25 struct sk_buff *skb, 26 void (*__packet_hook)(const struct net_bridge_port *p, 27 struct sk_buff *skb)); 28 29 /* Don't forward packets to originating port or forwarding disabled */ 30 static inline int should_deliver(const struct net_bridge_port *p, 31 const struct sk_buff *skb) 32 { 33 struct net_bridge_vlan_group *vg; 34 35 vg = nbp_vlan_group_rcu(p); 36 return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && 37 br_allowed_egress(vg, skb) && p->state == BR_STATE_FORWARDING; 38 } 39 40 int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) 41 { 42 if (!is_skb_forwardable(skb->dev, skb)) 43 goto drop; 44 45 skb_push(skb, ETH_HLEN); 46 br_drop_fake_rtable(skb); 47 skb_sender_cpu_clear(skb); 48 49 if (skb->ip_summed == CHECKSUM_PARTIAL && 50 (skb->protocol == htons(ETH_P_8021Q) || 51 skb->protocol == htons(ETH_P_8021AD))) { 52 int depth; 53 54 if (!__vlan_get_protocol(skb, skb->protocol, &depth)) 55 goto drop; 56 57 skb_set_network_header(skb, depth); 58 } 59 60 dev_queue_xmit(skb); 61 62 return 0; 63 64 drop: 65 kfree_skb(skb); 66 return 0; 67 } 68 EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit); 69 70 int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 71 { 72 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, 73 net, sk, skb, NULL, skb->dev, 74 br_dev_queue_push_xmit); 75 76 } 77 EXPORT_SYMBOL_GPL(br_forward_finish); 78 79 static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 80 { 81 struct net_bridge_vlan_group *vg; 82 83 vg = nbp_vlan_group_rcu(to); 84 skb = br_handle_vlan(to->br, vg, skb); 85 if (!skb) 86 return; 87 88 skb->dev = to->dev; 89 90 if (unlikely(netpoll_tx_running(to->br->dev))) { 91 if (!is_skb_forwardable(skb->dev, skb)) 92 kfree_skb(skb); 93 else { 94 skb_push(skb, ETH_HLEN); 95 br_netpoll_send_skb(to, skb); 96 } 97 return; 98 } 99 100 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, 101 dev_net(skb->dev), NULL, skb,NULL, skb->dev, 102 br_forward_finish); 103 } 104 105 static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) 106 { 107 struct net_bridge_vlan_group *vg; 108 struct net_device *indev; 109 110 if (skb_warn_if_lro(skb)) { 111 kfree_skb(skb); 112 return; 113 } 114 115 vg = nbp_vlan_group_rcu(to); 116 skb = br_handle_vlan(to->br, vg, skb); 117 if (!skb) 118 return; 119 120 indev = skb->dev; 121 skb->dev = to->dev; 122 skb_forward_csum(skb); 123 124 NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, 125 dev_net(indev), NULL, skb, indev, skb->dev, 126 br_forward_finish); 127 } 128 129 /* called with rcu_read_lock */ 130 void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 131 { 132 if (to && should_deliver(to, skb)) { 133 __br_deliver(to, skb); 134 return; 135 } 136 137 kfree_skb(skb); 138 } 139 EXPORT_SYMBOL_GPL(br_deliver); 140 141 /* called with rcu_read_lock */ 142 void br_forward(const struct net_bridge_port *to, struct sk_buff *skb, struct sk_buff *skb0) 143 { 144 if (to && should_deliver(to, skb)) { 145 if (skb0) 146 deliver_clone(to, skb, __br_forward); 147 else 148 __br_forward(to, skb); 149 return; 150 } 151 152 if (!skb0) 153 kfree_skb(skb); 154 } 155 156 static int deliver_clone(const struct net_bridge_port *prev, 157 struct sk_buff *skb, 158 void (*__packet_hook)(const struct net_bridge_port *p, 159 struct sk_buff *skb)) 160 { 161 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; 162 163 skb = skb_clone(skb, GFP_ATOMIC); 164 if (!skb) { 165 dev->stats.tx_dropped++; 166 return -ENOMEM; 167 } 168 169 __packet_hook(prev, skb); 170 return 0; 171 } 172 173 static struct net_bridge_port *maybe_deliver( 174 struct net_bridge_port *prev, struct net_bridge_port *p, 175 struct sk_buff *skb, 176 void (*__packet_hook)(const struct net_bridge_port *p, 177 struct sk_buff *skb)) 178 { 179 int err; 180 181 if (!should_deliver(p, skb)) 182 return prev; 183 184 if (!prev) 185 goto out; 186 187 err = deliver_clone(prev, skb, __packet_hook); 188 if (err) 189 return ERR_PTR(err); 190 191 out: 192 return p; 193 } 194 195 /* called under bridge lock */ 196 static void br_flood(struct net_bridge *br, struct sk_buff *skb, 197 struct sk_buff *skb0, 198 void (*__packet_hook)(const struct net_bridge_port *p, 199 struct sk_buff *skb), 200 bool unicast) 201 { 202 struct net_bridge_port *p; 203 struct net_bridge_port *prev; 204 205 prev = NULL; 206 207 list_for_each_entry_rcu(p, &br->port_list, list) { 208 /* Do not flood unicast traffic to ports that turn it off */ 209 if (unicast && !(p->flags & BR_FLOOD)) 210 continue; 211 212 /* Do not flood to ports that enable proxy ARP */ 213 if (p->flags & BR_PROXYARP) 214 continue; 215 if ((p->flags & BR_PROXYARP_WIFI) && 216 BR_INPUT_SKB_CB(skb)->proxyarp_replied) 217 continue; 218 219 prev = maybe_deliver(prev, p, skb, __packet_hook); 220 if (IS_ERR(prev)) 221 goto out; 222 } 223 224 if (!prev) 225 goto out; 226 227 if (skb0) 228 deliver_clone(prev, skb, __packet_hook); 229 else 230 __packet_hook(prev, skb); 231 return; 232 233 out: 234 if (!skb0) 235 kfree_skb(skb); 236 } 237 238 239 /* called with rcu_read_lock */ 240 void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast) 241 { 242 br_flood(br, skb, NULL, __br_deliver, unicast); 243 } 244 245 /* called under bridge lock */ 246 void br_flood_forward(struct net_bridge *br, struct sk_buff *skb, 247 struct sk_buff *skb2, bool unicast) 248 { 249 br_flood(br, skb, skb2, __br_forward, unicast); 250 } 251 252 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING 253 /* called with rcu_read_lock */ 254 static void br_multicast_flood(struct net_bridge_mdb_entry *mdst, 255 struct sk_buff *skb, struct sk_buff *skb0, 256 void (*__packet_hook)( 257 const struct net_bridge_port *p, 258 struct sk_buff *skb)) 259 { 260 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; 261 struct net_bridge *br = netdev_priv(dev); 262 struct net_bridge_port *prev = NULL; 263 struct net_bridge_port_group *p; 264 struct hlist_node *rp; 265 266 rp = rcu_dereference(hlist_first_rcu(&br->router_list)); 267 p = mdst ? rcu_dereference(mdst->ports) : NULL; 268 while (p || rp) { 269 struct net_bridge_port *port, *lport, *rport; 270 271 lport = p ? p->port : NULL; 272 rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : 273 NULL; 274 275 port = (unsigned long)lport > (unsigned long)rport ? 276 lport : rport; 277 278 prev = maybe_deliver(prev, port, skb, __packet_hook); 279 if (IS_ERR(prev)) 280 goto out; 281 282 if ((unsigned long)lport >= (unsigned long)port) 283 p = rcu_dereference(p->next); 284 if ((unsigned long)rport >= (unsigned long)port) 285 rp = rcu_dereference(hlist_next_rcu(rp)); 286 } 287 288 if (!prev) 289 goto out; 290 291 if (skb0) 292 deliver_clone(prev, skb, __packet_hook); 293 else 294 __packet_hook(prev, skb); 295 return; 296 297 out: 298 if (!skb0) 299 kfree_skb(skb); 300 } 301 302 /* called with rcu_read_lock */ 303 void br_multicast_deliver(struct net_bridge_mdb_entry *mdst, 304 struct sk_buff *skb) 305 { 306 br_multicast_flood(mdst, skb, NULL, __br_deliver); 307 } 308 309 /* called with rcu_read_lock */ 310 void br_multicast_forward(struct net_bridge_mdb_entry *mdst, 311 struct sk_buff *skb, struct sk_buff *skb2) 312 { 313 br_multicast_flood(mdst, skb, skb2, __br_forward); 314 } 315 #endif 316