1 /* 2 * Handle incoming frames 3 * Linux ethernet bridge 4 * 5 * Authors: 6 * Lennert Buytenhek <buytenh@gnu.org> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 */ 13 14 #include <linux/slab.h> 15 #include <linux/kernel.h> 16 #include <linux/netdevice.h> 17 #include <linux/etherdevice.h> 18 #include <linux/netfilter_bridge.h> 19 #include <linux/export.h> 20 #include "br_private.h" 21 22 /* Hook for brouter */ 23 br_should_route_hook_t __rcu *br_should_route_hook __read_mostly; 24 EXPORT_SYMBOL(br_should_route_hook); 25 26 static int br_pass_frame_up(struct sk_buff *skb) 27 { 28 struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev; 29 struct net_bridge *br = netdev_priv(brdev); 30 struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats); 31 32 u64_stats_update_begin(&brstats->syncp); 33 brstats->rx_packets++; 34 brstats->rx_bytes += skb->len; 35 u64_stats_update_end(&brstats->syncp); 36 37 indev = skb->dev; 38 skb->dev = brdev; 39 40 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 41 netif_receive_skb); 42 } 43 44 /* note: already called with rcu_read_lock */ 45 int br_handle_frame_finish(struct sk_buff *skb) 46 { 47 const unsigned char *dest = eth_hdr(skb)->h_dest; 48 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 49 struct net_bridge *br; 50 struct net_bridge_fdb_entry *dst; 51 struct net_bridge_mdb_entry *mdst; 52 struct sk_buff *skb2; 53 54 if (!p || p->state == BR_STATE_DISABLED) 55 goto drop; 56 57 /* insert into forwarding database after filtering to avoid spoofing */ 58 br = p->br; 59 br_fdb_update(br, p, eth_hdr(skb)->h_source); 60 61 if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) && 62 br_multicast_rcv(br, p, skb)) 63 goto drop; 64 65 if (p->state == BR_STATE_LEARNING) 66 goto drop; 67 68 BR_INPUT_SKB_CB(skb)->brdev = br->dev; 69 70 /* The packet skb2 goes to the local host (NULL to skip). */ 71 skb2 = NULL; 72 73 if (br->dev->flags & IFF_PROMISC) 74 skb2 = skb; 75 76 dst = NULL; 77 78 if (is_broadcast_ether_addr(dest)) 79 skb2 = skb; 80 else if (is_multicast_ether_addr(dest)) { 81 mdst = br_mdb_get(br, skb); 82 if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { 83 if ((mdst && mdst->mglist) || 84 br_multicast_is_router(br)) 85 skb2 = skb; 86 br_multicast_forward(mdst, skb, skb2); 87 skb = NULL; 88 if (!skb2) 89 goto out; 90 } else 91 skb2 = skb; 92 93 br->dev->stats.multicast++; 94 } else if ((dst = __br_fdb_get(br, dest)) && dst->is_local) { 95 skb2 = skb; 96 /* Do not forward the packet since it's local. */ 97 skb = NULL; 98 } 99 100 if (skb) { 101 if (dst) { 102 dst->used = jiffies; 103 br_forward(dst->dst, skb, skb2); 104 } else 105 br_flood_forward(br, skb, skb2); 106 } 107 108 if (skb2) 109 return br_pass_frame_up(skb2); 110 111 out: 112 return 0; 113 drop: 114 kfree_skb(skb); 115 goto out; 116 } 117 118 /* note: already called with rcu_read_lock */ 119 static int br_handle_local_finish(struct sk_buff *skb) 120 { 121 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 122 123 br_fdb_update(p->br, p, eth_hdr(skb)->h_source); 124 return 0; /* process further */ 125 } 126 127 /* 128 * Return NULL if skb is handled 129 * note: already called with rcu_read_lock 130 */ 131 rx_handler_result_t br_handle_frame(struct sk_buff **pskb) 132 { 133 struct net_bridge_port *p; 134 struct sk_buff *skb = *pskb; 135 const unsigned char *dest = eth_hdr(skb)->h_dest; 136 br_should_route_hook_t *rhook; 137 138 if (unlikely(skb->pkt_type == PACKET_LOOPBACK)) 139 return RX_HANDLER_PASS; 140 141 if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) 142 goto drop; 143 144 skb = skb_share_check(skb, GFP_ATOMIC); 145 if (!skb) 146 return RX_HANDLER_CONSUMED; 147 148 p = br_port_get_rcu(skb->dev); 149 150 if (unlikely(is_link_local_ether_addr(dest))) { 151 /* 152 * See IEEE 802.1D Table 7-10 Reserved addresses 153 * 154 * Assignment Value 155 * Bridge Group Address 01-80-C2-00-00-00 156 * (MAC Control) 802.3 01-80-C2-00-00-01 157 * (Link Aggregation) 802.3 01-80-C2-00-00-02 158 * 802.1X PAE address 01-80-C2-00-00-03 159 * 160 * 802.1AB LLDP 01-80-C2-00-00-0E 161 * 162 * Others reserved for future standardization 163 */ 164 switch (dest[5]) { 165 case 0x00: /* Bridge Group Address */ 166 /* If STP is turned off, 167 then must forward to keep loop detection */ 168 if (p->br->stp_enabled == BR_NO_STP) 169 goto forward; 170 break; 171 172 case 0x01: /* IEEE MAC (Pause) */ 173 goto drop; 174 175 default: 176 /* Allow selective forwarding for most other protocols */ 177 if (p->br->group_fwd_mask & (1u << dest[5])) 178 goto forward; 179 } 180 181 /* Deliver packet to local host only */ 182 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 183 NULL, br_handle_local_finish)) { 184 return RX_HANDLER_CONSUMED; /* consumed by filter */ 185 } else { 186 *pskb = skb; 187 return RX_HANDLER_PASS; /* continue processing */ 188 } 189 } 190 191 forward: 192 switch (p->state) { 193 case BR_STATE_FORWARDING: 194 rhook = rcu_dereference(br_should_route_hook); 195 if (rhook) { 196 if ((*rhook)(skb)) { 197 *pskb = skb; 198 return RX_HANDLER_PASS; 199 } 200 dest = eth_hdr(skb)->h_dest; 201 } 202 /* fall through */ 203 case BR_STATE_LEARNING: 204 if (ether_addr_equal(p->br->dev->dev_addr, dest)) 205 skb->pkt_type = PACKET_HOST; 206 207 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 208 br_handle_frame_finish); 209 break; 210 default: 211 drop: 212 kfree_skb(skb); 213 } 214 return RX_HANDLER_CONSUMED; 215 } 216