1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/err.h> 3 #include <linux/igmp.h> 4 #include <linux/kernel.h> 5 #include <linux/netdevice.h> 6 #include <linux/rculist.h> 7 #include <linux/skbuff.h> 8 #include <linux/if_ether.h> 9 #include <net/ip.h> 10 #include <net/netlink.h> 11 #include <net/switchdev.h> 12 #if IS_ENABLED(CONFIG_IPV6) 13 #include <net/ipv6.h> 14 #include <net/addrconf.h> 15 #endif 16 17 #include "br_private.h" 18 19 static bool 20 br_ip4_rports_get_timer(struct net_bridge_mcast_port *pmctx, 21 unsigned long *timer) 22 { 23 *timer = br_timer_value(&pmctx->ip4_mc_router_timer); 24 return !hlist_unhashed(&pmctx->ip4_rlist); 25 } 26 27 static bool 28 br_ip6_rports_get_timer(struct net_bridge_mcast_port *pmctx, 29 unsigned long *timer) 30 { 31 #if IS_ENABLED(CONFIG_IPV6) 32 *timer = br_timer_value(&pmctx->ip6_mc_router_timer); 33 return !hlist_unhashed(&pmctx->ip6_rlist); 34 #else 35 *timer = 0; 36 return false; 37 #endif 38 } 39 40 static size_t __br_rports_one_size(void) 41 { 42 return nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PORT */ 43 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_TIMER */ 44 nla_total_size(sizeof(u8)) + /* MDBA_ROUTER_PATTR_TYPE */ 45 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET_TIMER */ 46 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET6_TIMER */ 47 nla_total_size(sizeof(u32)); /* MDBA_ROUTER_PATTR_VID */ 48 } 49 50 size_t br_rports_size(const struct net_bridge_mcast *brmctx) 51 { 52 struct net_bridge_mcast_port *pmctx; 53 size_t size = nla_total_size(0); /* MDBA_ROUTER */ 54 55 rcu_read_lock(); 56 hlist_for_each_entry_rcu(pmctx, &brmctx->ip4_mc_router_list, 57 ip4_rlist) 58 size += __br_rports_one_size(); 59 60 #if IS_ENABLED(CONFIG_IPV6) 61 hlist_for_each_entry_rcu(pmctx, &brmctx->ip6_mc_router_list, 62 ip6_rlist) 63 size += __br_rports_one_size(); 64 #endif 65 rcu_read_unlock(); 66 67 return size; 68 } 69 70 int br_rports_fill_info(struct sk_buff *skb, 71 const struct net_bridge_mcast *brmctx) 72 { 73 u16 vid = brmctx->vlan ? brmctx->vlan->vid : 0; 74 bool have_ip4_mc_rtr, have_ip6_mc_rtr; 75 unsigned long ip4_timer, ip6_timer; 76 struct nlattr *nest, *port_nest; 77 struct net_bridge_port *p; 78 79 if (!brmctx->multicast_router || !br_rports_have_mc_router(brmctx)) 80 return 0; 81 82 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 83 if (nest == NULL) 84 return -EMSGSIZE; 85 86 list_for_each_entry_rcu(p, &brmctx->br->port_list, list) { 87 struct net_bridge_mcast_port *pmctx; 88 89 if (vid) { 90 struct net_bridge_vlan *v; 91 92 v = br_vlan_find(nbp_vlan_group(p), vid); 93 if (!v) 94 continue; 95 pmctx = &v->port_mcast_ctx; 96 } else { 97 pmctx = &p->multicast_ctx; 98 } 99 100 have_ip4_mc_rtr = br_ip4_rports_get_timer(pmctx, &ip4_timer); 101 have_ip6_mc_rtr = br_ip6_rports_get_timer(pmctx, &ip6_timer); 102 103 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr) 104 continue; 105 106 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT); 107 if (!port_nest) 108 goto fail; 109 110 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) || 111 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER, 112 max(ip4_timer, ip6_timer)) || 113 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE, 114 p->multicast_ctx.multicast_router) || 115 (have_ip4_mc_rtr && 116 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER, 117 ip4_timer)) || 118 (have_ip6_mc_rtr && 119 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER, 120 ip6_timer)) || 121 (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid))) { 122 nla_nest_cancel(skb, port_nest); 123 goto fail; 124 } 125 nla_nest_end(skb, port_nest); 126 } 127 128 nla_nest_end(skb, nest); 129 return 0; 130 fail: 131 nla_nest_cancel(skb, nest); 132 return -EMSGSIZE; 133 } 134 135 static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags) 136 { 137 e->state = flags & MDB_PG_FLAGS_PERMANENT; 138 e->flags = 0; 139 if (flags & MDB_PG_FLAGS_OFFLOAD) 140 e->flags |= MDB_FLAGS_OFFLOAD; 141 if (flags & MDB_PG_FLAGS_FAST_LEAVE) 142 e->flags |= MDB_FLAGS_FAST_LEAVE; 143 if (flags & MDB_PG_FLAGS_STAR_EXCL) 144 e->flags |= MDB_FLAGS_STAR_EXCL; 145 if (flags & MDB_PG_FLAGS_BLOCKED) 146 e->flags |= MDB_FLAGS_BLOCKED; 147 } 148 149 static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip, 150 struct nlattr **mdb_attrs) 151 { 152 memset(ip, 0, sizeof(struct br_ip)); 153 ip->vid = entry->vid; 154 ip->proto = entry->addr.proto; 155 switch (ip->proto) { 156 case htons(ETH_P_IP): 157 ip->dst.ip4 = entry->addr.u.ip4; 158 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 159 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 160 break; 161 #if IS_ENABLED(CONFIG_IPV6) 162 case htons(ETH_P_IPV6): 163 ip->dst.ip6 = entry->addr.u.ip6; 164 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 165 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 166 break; 167 #endif 168 default: 169 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr); 170 } 171 172 } 173 174 static int __mdb_fill_srcs(struct sk_buff *skb, 175 struct net_bridge_port_group *p) 176 { 177 struct net_bridge_group_src *ent; 178 struct nlattr *nest, *nest_ent; 179 180 if (hlist_empty(&p->src_list)) 181 return 0; 182 183 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST); 184 if (!nest) 185 return -EMSGSIZE; 186 187 hlist_for_each_entry_rcu(ent, &p->src_list, node, 188 lockdep_is_held(&p->key.port->br->multicast_lock)) { 189 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY); 190 if (!nest_ent) 191 goto out_cancel_err; 192 switch (ent->addr.proto) { 193 case htons(ETH_P_IP): 194 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 195 ent->addr.src.ip4)) { 196 nla_nest_cancel(skb, nest_ent); 197 goto out_cancel_err; 198 } 199 break; 200 #if IS_ENABLED(CONFIG_IPV6) 201 case htons(ETH_P_IPV6): 202 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 203 &ent->addr.src.ip6)) { 204 nla_nest_cancel(skb, nest_ent); 205 goto out_cancel_err; 206 } 207 break; 208 #endif 209 default: 210 nla_nest_cancel(skb, nest_ent); 211 continue; 212 } 213 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER, 214 br_timer_value(&ent->timer))) { 215 nla_nest_cancel(skb, nest_ent); 216 goto out_cancel_err; 217 } 218 nla_nest_end(skb, nest_ent); 219 } 220 221 nla_nest_end(skb, nest); 222 223 return 0; 224 225 out_cancel_err: 226 nla_nest_cancel(skb, nest); 227 return -EMSGSIZE; 228 } 229 230 static int __mdb_fill_info(struct sk_buff *skb, 231 struct net_bridge_mdb_entry *mp, 232 struct net_bridge_port_group *p) 233 { 234 bool dump_srcs_mode = false; 235 struct timer_list *mtimer; 236 struct nlattr *nest_ent; 237 struct br_mdb_entry e; 238 u8 flags = 0; 239 int ifindex; 240 241 memset(&e, 0, sizeof(e)); 242 if (p) { 243 ifindex = p->key.port->dev->ifindex; 244 mtimer = &p->timer; 245 flags = p->flags; 246 } else { 247 ifindex = mp->br->dev->ifindex; 248 mtimer = &mp->timer; 249 } 250 251 __mdb_entry_fill_flags(&e, flags); 252 e.ifindex = ifindex; 253 e.vid = mp->addr.vid; 254 if (mp->addr.proto == htons(ETH_P_IP)) { 255 e.addr.u.ip4 = mp->addr.dst.ip4; 256 #if IS_ENABLED(CONFIG_IPV6) 257 } else if (mp->addr.proto == htons(ETH_P_IPV6)) { 258 e.addr.u.ip6 = mp->addr.dst.ip6; 259 #endif 260 } else { 261 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 262 e.state = MDB_PG_FLAGS_PERMANENT; 263 } 264 e.addr.proto = mp->addr.proto; 265 nest_ent = nla_nest_start_noflag(skb, 266 MDBA_MDB_ENTRY_INFO); 267 if (!nest_ent) 268 return -EMSGSIZE; 269 270 if (nla_put_nohdr(skb, sizeof(e), &e) || 271 nla_put_u32(skb, 272 MDBA_MDB_EATTR_TIMER, 273 br_timer_value(mtimer))) 274 goto nest_err; 275 276 switch (mp->addr.proto) { 277 case htons(ETH_P_IP): 278 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_igmp_version == 3); 279 if (mp->addr.src.ip4) { 280 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE, 281 mp->addr.src.ip4)) 282 goto nest_err; 283 break; 284 } 285 break; 286 #if IS_ENABLED(CONFIG_IPV6) 287 case htons(ETH_P_IPV6): 288 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_mld_version == 2); 289 if (!ipv6_addr_any(&mp->addr.src.ip6)) { 290 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE, 291 &mp->addr.src.ip6)) 292 goto nest_err; 293 break; 294 } 295 break; 296 #endif 297 default: 298 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 299 } 300 if (p) { 301 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol)) 302 goto nest_err; 303 if (dump_srcs_mode && 304 (__mdb_fill_srcs(skb, p) || 305 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE, 306 p->filter_mode))) 307 goto nest_err; 308 } 309 nla_nest_end(skb, nest_ent); 310 311 return 0; 312 313 nest_err: 314 nla_nest_cancel(skb, nest_ent); 315 return -EMSGSIZE; 316 } 317 318 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 319 struct net_device *dev) 320 { 321 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2]; 322 struct net_bridge *br = netdev_priv(dev); 323 struct net_bridge_mdb_entry *mp; 324 struct nlattr *nest, *nest2; 325 326 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) 327 return 0; 328 329 nest = nla_nest_start_noflag(skb, MDBA_MDB); 330 if (nest == NULL) 331 return -EMSGSIZE; 332 333 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) { 334 struct net_bridge_port_group *p; 335 struct net_bridge_port_group __rcu **pp; 336 337 if (idx < s_idx) 338 goto skip; 339 340 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 341 if (!nest2) { 342 err = -EMSGSIZE; 343 break; 344 } 345 346 if (!s_pidx && mp->host_joined) { 347 err = __mdb_fill_info(skb, mp, NULL); 348 if (err) { 349 nla_nest_cancel(skb, nest2); 350 break; 351 } 352 } 353 354 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL; 355 pp = &p->next) { 356 if (!p->key.port) 357 continue; 358 if (pidx < s_pidx) 359 goto skip_pg; 360 361 err = __mdb_fill_info(skb, mp, p); 362 if (err) { 363 nla_nest_end(skb, nest2); 364 goto out; 365 } 366 skip_pg: 367 pidx++; 368 } 369 pidx = 0; 370 s_pidx = 0; 371 nla_nest_end(skb, nest2); 372 skip: 373 idx++; 374 } 375 376 out: 377 cb->args[1] = idx; 378 cb->args[2] = pidx; 379 nla_nest_end(skb, nest); 380 return err; 381 } 382 383 static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh, 384 struct netlink_ext_ack *extack) 385 { 386 struct br_port_msg *bpm; 387 388 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) { 389 NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request"); 390 return -EINVAL; 391 } 392 393 bpm = nlmsg_data(nlh); 394 if (bpm->ifindex) { 395 NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request"); 396 return -EINVAL; 397 } 398 if (nlmsg_attrlen(nlh, sizeof(*bpm))) { 399 NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request"); 400 return -EINVAL; 401 } 402 403 return 0; 404 } 405 406 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb) 407 { 408 struct net_device *dev; 409 struct net *net = sock_net(skb->sk); 410 struct nlmsghdr *nlh = NULL; 411 int idx = 0, s_idx; 412 413 if (cb->strict_check) { 414 int err = br_mdb_valid_dump_req(cb->nlh, cb->extack); 415 416 if (err < 0) 417 return err; 418 } 419 420 s_idx = cb->args[0]; 421 422 rcu_read_lock(); 423 424 cb->seq = net->dev_base_seq; 425 426 for_each_netdev_rcu(net, dev) { 427 if (netif_is_bridge_master(dev)) { 428 struct net_bridge *br = netdev_priv(dev); 429 struct br_port_msg *bpm; 430 431 if (idx < s_idx) 432 goto skip; 433 434 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, 435 cb->nlh->nlmsg_seq, RTM_GETMDB, 436 sizeof(*bpm), NLM_F_MULTI); 437 if (nlh == NULL) 438 break; 439 440 bpm = nlmsg_data(nlh); 441 memset(bpm, 0, sizeof(*bpm)); 442 bpm->ifindex = dev->ifindex; 443 if (br_mdb_fill_info(skb, cb, dev) < 0) 444 goto out; 445 if (br_rports_fill_info(skb, &br->multicast_ctx) < 0) 446 goto out; 447 448 cb->args[1] = 0; 449 nlmsg_end(skb, nlh); 450 skip: 451 idx++; 452 } 453 } 454 455 out: 456 if (nlh) 457 nlmsg_end(skb, nlh); 458 rcu_read_unlock(); 459 cb->args[0] = idx; 460 return skb->len; 461 } 462 463 static int nlmsg_populate_mdb_fill(struct sk_buff *skb, 464 struct net_device *dev, 465 struct net_bridge_mdb_entry *mp, 466 struct net_bridge_port_group *pg, 467 int type) 468 { 469 struct nlmsghdr *nlh; 470 struct br_port_msg *bpm; 471 struct nlattr *nest, *nest2; 472 473 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0); 474 if (!nlh) 475 return -EMSGSIZE; 476 477 bpm = nlmsg_data(nlh); 478 memset(bpm, 0, sizeof(*bpm)); 479 bpm->family = AF_BRIDGE; 480 bpm->ifindex = dev->ifindex; 481 nest = nla_nest_start_noflag(skb, MDBA_MDB); 482 if (nest == NULL) 483 goto cancel; 484 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 485 if (nest2 == NULL) 486 goto end; 487 488 if (__mdb_fill_info(skb, mp, pg)) 489 goto end; 490 491 nla_nest_end(skb, nest2); 492 nla_nest_end(skb, nest); 493 nlmsg_end(skb, nlh); 494 return 0; 495 496 end: 497 nla_nest_end(skb, nest); 498 cancel: 499 nlmsg_cancel(skb, nlh); 500 return -EMSGSIZE; 501 } 502 503 static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg) 504 { 505 size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) + 506 nla_total_size(sizeof(struct br_mdb_entry)) + 507 nla_total_size(sizeof(u32)); 508 struct net_bridge_group_src *ent; 509 size_t addr_size = 0; 510 511 if (!pg) 512 goto out; 513 514 /* MDBA_MDB_EATTR_RTPROT */ 515 nlmsg_size += nla_total_size(sizeof(u8)); 516 517 switch (pg->key.addr.proto) { 518 case htons(ETH_P_IP): 519 /* MDBA_MDB_EATTR_SOURCE */ 520 if (pg->key.addr.src.ip4) 521 nlmsg_size += nla_total_size(sizeof(__be32)); 522 if (pg->key.port->br->multicast_ctx.multicast_igmp_version == 2) 523 goto out; 524 addr_size = sizeof(__be32); 525 break; 526 #if IS_ENABLED(CONFIG_IPV6) 527 case htons(ETH_P_IPV6): 528 /* MDBA_MDB_EATTR_SOURCE */ 529 if (!ipv6_addr_any(&pg->key.addr.src.ip6)) 530 nlmsg_size += nla_total_size(sizeof(struct in6_addr)); 531 if (pg->key.port->br->multicast_ctx.multicast_mld_version == 1) 532 goto out; 533 addr_size = sizeof(struct in6_addr); 534 break; 535 #endif 536 } 537 538 /* MDBA_MDB_EATTR_GROUP_MODE */ 539 nlmsg_size += nla_total_size(sizeof(u8)); 540 541 /* MDBA_MDB_EATTR_SRC_LIST nested attr */ 542 if (!hlist_empty(&pg->src_list)) 543 nlmsg_size += nla_total_size(0); 544 545 hlist_for_each_entry(ent, &pg->src_list, node) { 546 /* MDBA_MDB_SRCLIST_ENTRY nested attr + 547 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER 548 */ 549 nlmsg_size += nla_total_size(0) + 550 nla_total_size(addr_size) + 551 nla_total_size(sizeof(u32)); 552 } 553 out: 554 return nlmsg_size; 555 } 556 557 void br_mdb_notify(struct net_device *dev, 558 struct net_bridge_mdb_entry *mp, 559 struct net_bridge_port_group *pg, 560 int type) 561 { 562 struct net *net = dev_net(dev); 563 struct sk_buff *skb; 564 int err = -ENOBUFS; 565 566 br_switchdev_mdb_notify(dev, mp, pg, type); 567 568 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC); 569 if (!skb) 570 goto errout; 571 572 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type); 573 if (err < 0) { 574 kfree_skb(skb); 575 goto errout; 576 } 577 578 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 579 return; 580 errout: 581 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 582 } 583 584 static int nlmsg_populate_rtr_fill(struct sk_buff *skb, 585 struct net_device *dev, 586 int ifindex, u16 vid, u32 pid, 587 u32 seq, int type, unsigned int flags) 588 { 589 struct nlattr *nest, *port_nest; 590 struct br_port_msg *bpm; 591 struct nlmsghdr *nlh; 592 593 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); 594 if (!nlh) 595 return -EMSGSIZE; 596 597 bpm = nlmsg_data(nlh); 598 memset(bpm, 0, sizeof(*bpm)); 599 bpm->family = AF_BRIDGE; 600 bpm->ifindex = dev->ifindex; 601 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 602 if (!nest) 603 goto cancel; 604 605 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT); 606 if (!port_nest) 607 goto end; 608 if (nla_put_nohdr(skb, sizeof(u32), &ifindex)) { 609 nla_nest_cancel(skb, port_nest); 610 goto end; 611 } 612 if (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid)) { 613 nla_nest_cancel(skb, port_nest); 614 goto end; 615 } 616 nla_nest_end(skb, port_nest); 617 618 nla_nest_end(skb, nest); 619 nlmsg_end(skb, nlh); 620 return 0; 621 622 end: 623 nla_nest_end(skb, nest); 624 cancel: 625 nlmsg_cancel(skb, nlh); 626 return -EMSGSIZE; 627 } 628 629 static inline size_t rtnl_rtr_nlmsg_size(void) 630 { 631 return NLMSG_ALIGN(sizeof(struct br_port_msg)) 632 + nla_total_size(sizeof(__u32)) 633 + nla_total_size(sizeof(u16)); 634 } 635 636 void br_rtr_notify(struct net_device *dev, struct net_bridge_mcast_port *pmctx, 637 int type) 638 { 639 struct net *net = dev_net(dev); 640 struct sk_buff *skb; 641 int err = -ENOBUFS; 642 int ifindex; 643 u16 vid; 644 645 ifindex = pmctx ? pmctx->port->dev->ifindex : 0; 646 vid = pmctx && br_multicast_port_ctx_is_vlan(pmctx) ? pmctx->vlan->vid : 647 0; 648 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC); 649 if (!skb) 650 goto errout; 651 652 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, vid, 0, 0, type, 653 NTF_SELF); 654 if (err < 0) { 655 kfree_skb(skb); 656 goto errout; 657 } 658 659 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 660 return; 661 662 errout: 663 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 664 } 665 666 static bool is_valid_mdb_entry(struct br_mdb_entry *entry, 667 struct netlink_ext_ack *extack) 668 { 669 if (entry->ifindex == 0) { 670 NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed"); 671 return false; 672 } 673 674 if (entry->addr.proto == htons(ETH_P_IP)) { 675 if (!ipv4_is_multicast(entry->addr.u.ip4)) { 676 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast"); 677 return false; 678 } 679 if (ipv4_is_local_multicast(entry->addr.u.ip4)) { 680 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast"); 681 return false; 682 } 683 #if IS_ENABLED(CONFIG_IPV6) 684 } else if (entry->addr.proto == htons(ETH_P_IPV6)) { 685 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) { 686 NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes"); 687 return false; 688 } 689 #endif 690 } else if (entry->addr.proto == 0) { 691 /* L2 mdb */ 692 if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) { 693 NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast"); 694 return false; 695 } 696 } else { 697 NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol"); 698 return false; 699 } 700 701 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) { 702 NL_SET_ERR_MSG_MOD(extack, "Unknown entry state"); 703 return false; 704 } 705 if (entry->vid >= VLAN_VID_MASK) { 706 NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id"); 707 return false; 708 } 709 710 return true; 711 } 712 713 static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto, 714 struct netlink_ext_ack *extack) 715 { 716 switch (proto) { 717 case htons(ETH_P_IP): 718 if (nla_len(attr) != sizeof(struct in_addr)) { 719 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length"); 720 return false; 721 } 722 if (ipv4_is_multicast(nla_get_in_addr(attr))) { 723 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed"); 724 return false; 725 } 726 break; 727 #if IS_ENABLED(CONFIG_IPV6) 728 case htons(ETH_P_IPV6): { 729 struct in6_addr src; 730 731 if (nla_len(attr) != sizeof(struct in6_addr)) { 732 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length"); 733 return false; 734 } 735 src = nla_get_in6_addr(attr); 736 if (ipv6_addr_is_multicast(&src)) { 737 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed"); 738 return false; 739 } 740 break; 741 } 742 #endif 743 default: 744 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address"); 745 return false; 746 } 747 748 return true; 749 } 750 751 static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = { 752 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY, 753 sizeof(struct in_addr), 754 sizeof(struct in6_addr)), 755 }; 756 757 static struct net_bridge_mcast * 758 __br_mdb_choose_context(struct net_bridge *br, 759 const struct br_mdb_entry *entry, 760 struct netlink_ext_ack *extack) 761 { 762 struct net_bridge_mcast *brmctx = NULL; 763 struct net_bridge_vlan *v; 764 765 if (!br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED)) { 766 brmctx = &br->multicast_ctx; 767 goto out; 768 } 769 770 if (!entry->vid) { 771 NL_SET_ERR_MSG_MOD(extack, "Cannot add an entry without a vlan when vlan snooping is enabled"); 772 goto out; 773 } 774 775 v = br_vlan_find(br_vlan_group(br), entry->vid); 776 if (!v) { 777 NL_SET_ERR_MSG_MOD(extack, "Vlan is not configured"); 778 goto out; 779 } 780 if (br_multicast_ctx_vlan_global_disabled(&v->br_mcast_ctx)) { 781 NL_SET_ERR_MSG_MOD(extack, "Vlan's multicast processing is disabled"); 782 goto out; 783 } 784 brmctx = &v->br_mcast_ctx; 785 out: 786 return brmctx; 787 } 788 789 static int br_mdb_add_group(const struct br_mdb_config *cfg, 790 struct netlink_ext_ack *extack) 791 { 792 struct net_bridge_mdb_entry *mp, *star_mp; 793 struct net_bridge_port_group __rcu **pp; 794 struct br_mdb_entry *entry = cfg->entry; 795 struct net_bridge_port *port = cfg->p; 796 struct net_bridge *br = cfg->br; 797 struct net_bridge_port_group *p; 798 struct net_bridge_mcast *brmctx; 799 struct br_ip group = cfg->group; 800 unsigned long now = jiffies; 801 unsigned char flags = 0; 802 struct br_ip star_group; 803 u8 filter_mode; 804 805 brmctx = __br_mdb_choose_context(br, entry, extack); 806 if (!brmctx) 807 return -EINVAL; 808 809 mp = br_multicast_new_group(br, &group); 810 if (IS_ERR(mp)) 811 return PTR_ERR(mp); 812 813 /* host join */ 814 if (!port) { 815 if (mp->host_joined) { 816 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host"); 817 return -EEXIST; 818 } 819 820 br_multicast_host_join(brmctx, mp, false); 821 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB); 822 823 return 0; 824 } 825 826 for (pp = &mp->ports; 827 (p = mlock_dereference(*pp, br)) != NULL; 828 pp = &p->next) { 829 if (p->key.port == port) { 830 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port"); 831 return -EEXIST; 832 } 833 if ((unsigned long)p->key.port < (unsigned long)port) 834 break; 835 } 836 837 filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE : 838 MCAST_INCLUDE; 839 840 if (entry->state == MDB_PERMANENT) 841 flags |= MDB_PG_FLAGS_PERMANENT; 842 843 p = br_multicast_new_port_group(port, &group, *pp, flags, NULL, 844 filter_mode, RTPROT_STATIC); 845 if (unlikely(!p)) { 846 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group"); 847 return -ENOMEM; 848 } 849 rcu_assign_pointer(*pp, p); 850 if (entry->state == MDB_TEMPORARY) 851 mod_timer(&p->timer, 852 now + brmctx->multicast_membership_interval); 853 br_mdb_notify(br->dev, mp, p, RTM_NEWMDB); 854 /* if we are adding a new EXCLUDE port group (*,G) it needs to be also 855 * added to all S,G entries for proper replication, if we are adding 856 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be 857 * added to it for proper replication 858 */ 859 if (br_multicast_should_handle_mode(brmctx, group.proto)) { 860 switch (filter_mode) { 861 case MCAST_EXCLUDE: 862 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE); 863 break; 864 case MCAST_INCLUDE: 865 star_group = p->key.addr; 866 memset(&star_group.src, 0, sizeof(star_group.src)); 867 star_mp = br_mdb_ip_get(br, &star_group); 868 if (star_mp) 869 br_multicast_sg_add_exclude_ports(star_mp, p); 870 break; 871 } 872 } 873 874 return 0; 875 } 876 877 static int __br_mdb_add(const struct br_mdb_config *cfg, 878 struct netlink_ext_ack *extack) 879 { 880 int ret; 881 882 spin_lock_bh(&cfg->br->multicast_lock); 883 ret = br_mdb_add_group(cfg, extack); 884 spin_unlock_bh(&cfg->br->multicast_lock); 885 886 return ret; 887 } 888 889 static int br_mdb_config_attrs_init(struct nlattr *set_attrs, 890 struct br_mdb_config *cfg, 891 struct netlink_ext_ack *extack) 892 { 893 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1]; 894 int err; 895 896 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, set_attrs, 897 br_mdbe_attrs_pol, extack); 898 if (err) 899 return err; 900 901 if (mdb_attrs[MDBE_ATTR_SOURCE] && 902 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE], 903 cfg->entry->addr.proto, extack)) 904 return -EINVAL; 905 906 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, mdb_attrs); 907 908 return 0; 909 } 910 911 static int br_mdb_config_init(struct net *net, const struct nlmsghdr *nlh, 912 struct br_mdb_config *cfg, 913 struct netlink_ext_ack *extack) 914 { 915 struct nlattr *tb[MDBA_SET_ENTRY_MAX + 1]; 916 struct br_port_msg *bpm; 917 struct net_device *dev; 918 int err; 919 920 err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb, 921 MDBA_SET_ENTRY_MAX, NULL, extack); 922 if (err) 923 return err; 924 925 memset(cfg, 0, sizeof(*cfg)); 926 927 bpm = nlmsg_data(nlh); 928 if (!bpm->ifindex) { 929 NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex"); 930 return -EINVAL; 931 } 932 933 dev = __dev_get_by_index(net, bpm->ifindex); 934 if (!dev) { 935 NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist"); 936 return -ENODEV; 937 } 938 939 if (!netif_is_bridge_master(dev)) { 940 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge"); 941 return -EOPNOTSUPP; 942 } 943 944 cfg->br = netdev_priv(dev); 945 946 if (!netif_running(cfg->br->dev)) { 947 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running"); 948 return -EINVAL; 949 } 950 951 if (!br_opt_get(cfg->br, BROPT_MULTICAST_ENABLED)) { 952 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled"); 953 return -EINVAL; 954 } 955 956 if (NL_REQ_ATTR_CHECK(extack, NULL, tb, MDBA_SET_ENTRY)) { 957 NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute"); 958 return -EINVAL; 959 } 960 if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) { 961 NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length"); 962 return -EINVAL; 963 } 964 965 cfg->entry = nla_data(tb[MDBA_SET_ENTRY]); 966 if (!is_valid_mdb_entry(cfg->entry, extack)) 967 return -EINVAL; 968 969 if (cfg->entry->ifindex != cfg->br->dev->ifindex) { 970 struct net_device *pdev; 971 972 pdev = __dev_get_by_index(net, cfg->entry->ifindex); 973 if (!pdev) { 974 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist"); 975 return -ENODEV; 976 } 977 978 cfg->p = br_port_get_rtnl(pdev); 979 if (!cfg->p) { 980 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port"); 981 return -EINVAL; 982 } 983 984 if (cfg->p->br != cfg->br) { 985 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device"); 986 return -EINVAL; 987 } 988 } 989 990 if (tb[MDBA_SET_ENTRY_ATTRS]) 991 return br_mdb_config_attrs_init(tb[MDBA_SET_ENTRY_ATTRS], cfg, 992 extack); 993 else 994 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, NULL); 995 996 return 0; 997 } 998 999 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1000 struct netlink_ext_ack *extack) 1001 { 1002 struct net *net = sock_net(skb->sk); 1003 struct net_bridge_vlan_group *vg; 1004 struct net_bridge_vlan *v; 1005 struct br_mdb_config cfg; 1006 int err; 1007 1008 err = br_mdb_config_init(net, nlh, &cfg, extack); 1009 if (err) 1010 return err; 1011 1012 /* host join errors which can happen before creating the group */ 1013 if (!cfg.p && !br_group_is_l2(&cfg.group)) { 1014 /* don't allow any flags for host-joined IP groups */ 1015 if (cfg.entry->state) { 1016 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups"); 1017 return -EINVAL; 1018 } 1019 if (!br_multicast_is_star_g(&cfg.group)) { 1020 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined"); 1021 return -EINVAL; 1022 } 1023 } 1024 1025 if (br_group_is_l2(&cfg.group) && cfg.entry->state != MDB_PERMANENT) { 1026 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed"); 1027 return -EINVAL; 1028 } 1029 1030 if (cfg.p) { 1031 if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state != MDB_PERMANENT) { 1032 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not permanent"); 1033 return -EINVAL; 1034 } 1035 vg = nbp_vlan_group(cfg.p); 1036 } else { 1037 vg = br_vlan_group(cfg.br); 1038 } 1039 1040 /* If vlan filtering is enabled and VLAN is not specified 1041 * install mdb entry on all vlans configured on the port. 1042 */ 1043 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) { 1044 list_for_each_entry(v, &vg->vlan_list, vlist) { 1045 cfg.entry->vid = v->vid; 1046 cfg.group.vid = v->vid; 1047 err = __br_mdb_add(&cfg, extack); 1048 if (err) 1049 break; 1050 } 1051 } else { 1052 err = __br_mdb_add(&cfg, extack); 1053 } 1054 1055 return err; 1056 } 1057 1058 static int __br_mdb_del(const struct br_mdb_config *cfg) 1059 { 1060 struct br_mdb_entry *entry = cfg->entry; 1061 struct net_bridge *br = cfg->br; 1062 struct net_bridge_mdb_entry *mp; 1063 struct net_bridge_port_group *p; 1064 struct net_bridge_port_group __rcu **pp; 1065 struct br_ip ip = cfg->group; 1066 int err = -EINVAL; 1067 1068 spin_lock_bh(&br->multicast_lock); 1069 mp = br_mdb_ip_get(br, &ip); 1070 if (!mp) 1071 goto unlock; 1072 1073 /* host leave */ 1074 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) { 1075 br_multicast_host_leave(mp, false); 1076 err = 0; 1077 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB); 1078 if (!mp->ports && netif_running(br->dev)) 1079 mod_timer(&mp->timer, jiffies); 1080 goto unlock; 1081 } 1082 1083 for (pp = &mp->ports; 1084 (p = mlock_dereference(*pp, br)) != NULL; 1085 pp = &p->next) { 1086 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex) 1087 continue; 1088 1089 br_multicast_del_pg(mp, p, pp); 1090 err = 0; 1091 break; 1092 } 1093 1094 unlock: 1095 spin_unlock_bh(&br->multicast_lock); 1096 return err; 1097 } 1098 1099 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, 1100 struct netlink_ext_ack *extack) 1101 { 1102 struct net *net = sock_net(skb->sk); 1103 struct net_bridge_vlan_group *vg; 1104 struct net_bridge_vlan *v; 1105 struct br_mdb_config cfg; 1106 int err; 1107 1108 err = br_mdb_config_init(net, nlh, &cfg, extack); 1109 if (err) 1110 return err; 1111 1112 if (cfg.p) 1113 vg = nbp_vlan_group(cfg.p); 1114 else 1115 vg = br_vlan_group(cfg.br); 1116 1117 /* If vlan filtering is enabled and VLAN is not specified 1118 * delete mdb entry on all vlans configured on the port. 1119 */ 1120 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) { 1121 list_for_each_entry(v, &vg->vlan_list, vlist) { 1122 cfg.entry->vid = v->vid; 1123 cfg.group.vid = v->vid; 1124 err = __br_mdb_del(&cfg); 1125 } 1126 } else { 1127 err = __br_mdb_del(&cfg); 1128 } 1129 1130 return err; 1131 } 1132 1133 void br_mdb_init(void) 1134 { 1135 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0); 1136 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0); 1137 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0); 1138 } 1139 1140 void br_mdb_uninit(void) 1141 { 1142 rtnl_unregister(PF_BRIDGE, RTM_GETMDB); 1143 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB); 1144 rtnl_unregister(PF_BRIDGE, RTM_DELMDB); 1145 } 1146