1243a2e63SVlad Yasevich #include <linux/kernel.h> 2243a2e63SVlad Yasevich #include <linux/netdevice.h> 3243a2e63SVlad Yasevich #include <linux/rtnetlink.h> 4243a2e63SVlad Yasevich #include <linux/slab.h> 5243a2e63SVlad Yasevich 6243a2e63SVlad Yasevich #include "br_private.h" 7243a2e63SVlad Yasevich 8552406c4SVlad Yasevich static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9552406c4SVlad Yasevich { 10552406c4SVlad Yasevich if (v->pvid == vid) 11552406c4SVlad Yasevich return; 12552406c4SVlad Yasevich 13552406c4SVlad Yasevich smp_wmb(); 14552406c4SVlad Yasevich v->pvid = vid; 15552406c4SVlad Yasevich } 16552406c4SVlad Yasevich 17552406c4SVlad Yasevich static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18552406c4SVlad Yasevich { 19552406c4SVlad Yasevich if (v->pvid != vid) 20552406c4SVlad Yasevich return; 21552406c4SVlad Yasevich 22552406c4SVlad Yasevich smp_wmb(); 23552406c4SVlad Yasevich v->pvid = 0; 24552406c4SVlad Yasevich } 25552406c4SVlad Yasevich 26552406c4SVlad Yasevich static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 27243a2e63SVlad Yasevich { 28243a2e63SVlad Yasevich int err; 29243a2e63SVlad Yasevich 30552406c4SVlad Yasevich if (test_bit(vid, v->vlan_bitmap)) { 31552406c4SVlad Yasevich if (flags & BRIDGE_VLAN_INFO_PVID) 32552406c4SVlad Yasevich __vlan_add_pvid(v, vid); 33552406c4SVlad Yasevich return 0; 34552406c4SVlad Yasevich } 35243a2e63SVlad Yasevich 36243a2e63SVlad Yasevich if (v->port_idx && vid) { 37243a2e63SVlad Yasevich struct net_device *dev = v->parent.port->dev; 38243a2e63SVlad Yasevich 39243a2e63SVlad Yasevich /* Add VLAN to the device filter if it is supported. 40243a2e63SVlad Yasevich * Stricly speaking, this is not necessary now, since devices 41243a2e63SVlad Yasevich * are made promiscuous by the bridge, but if that ever changes 42243a2e63SVlad Yasevich * this code will allow tagged traffic to enter the bridge. 43243a2e63SVlad Yasevich */ 44243a2e63SVlad Yasevich if (dev->features & NETIF_F_HW_VLAN_FILTER) { 45243a2e63SVlad Yasevich err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid); 46243a2e63SVlad Yasevich if (err) 47243a2e63SVlad Yasevich return err; 48243a2e63SVlad Yasevich } 49243a2e63SVlad Yasevich } 50243a2e63SVlad Yasevich 51243a2e63SVlad Yasevich set_bit(vid, v->vlan_bitmap); 526cbdceebSVlad Yasevich v->num_vlans++; 53552406c4SVlad Yasevich if (flags & BRIDGE_VLAN_INFO_PVID) 54552406c4SVlad Yasevich __vlan_add_pvid(v, vid); 55552406c4SVlad Yasevich 56243a2e63SVlad Yasevich return 0; 57243a2e63SVlad Yasevich } 58243a2e63SVlad Yasevich 59243a2e63SVlad Yasevich static int __vlan_del(struct net_port_vlans *v, u16 vid) 60243a2e63SVlad Yasevich { 61243a2e63SVlad Yasevich if (!test_bit(vid, v->vlan_bitmap)) 62243a2e63SVlad Yasevich return -EINVAL; 63243a2e63SVlad Yasevich 64552406c4SVlad Yasevich __vlan_delete_pvid(v, vid); 65552406c4SVlad Yasevich 66243a2e63SVlad Yasevich if (v->port_idx && vid) { 67243a2e63SVlad Yasevich struct net_device *dev = v->parent.port->dev; 68243a2e63SVlad Yasevich 69243a2e63SVlad Yasevich if (dev->features & NETIF_F_HW_VLAN_FILTER) 70243a2e63SVlad Yasevich dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid); 71243a2e63SVlad Yasevich } 72243a2e63SVlad Yasevich 73243a2e63SVlad Yasevich clear_bit(vid, v->vlan_bitmap); 746cbdceebSVlad Yasevich v->num_vlans--; 75243a2e63SVlad Yasevich if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 76243a2e63SVlad Yasevich if (v->port_idx) 77243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.port->vlan_info, NULL); 78243a2e63SVlad Yasevich else 79243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.br->vlan_info, NULL); 80243a2e63SVlad Yasevich kfree_rcu(v, rcu); 81243a2e63SVlad Yasevich } 82243a2e63SVlad Yasevich return 0; 83243a2e63SVlad Yasevich } 84243a2e63SVlad Yasevich 85243a2e63SVlad Yasevich static void __vlan_flush(struct net_port_vlans *v) 86243a2e63SVlad Yasevich { 87552406c4SVlad Yasevich smp_wmb(); 88552406c4SVlad Yasevich v->pvid = 0; 89243a2e63SVlad Yasevich bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN); 90243a2e63SVlad Yasevich if (v->port_idx) 91243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.port->vlan_info, NULL); 92243a2e63SVlad Yasevich else 93243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.br->vlan_info, NULL); 94243a2e63SVlad Yasevich kfree_rcu(v, rcu); 95243a2e63SVlad Yasevich } 96243a2e63SVlad Yasevich 9778851988SVlad Yasevich /* Strip the tag from the packet. Will return skb with tci set 0. */ 9878851988SVlad Yasevich static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 9978851988SVlad Yasevich { 10078851988SVlad Yasevich if (skb->protocol != htons(ETH_P_8021Q)) { 10178851988SVlad Yasevich skb->vlan_tci = 0; 10278851988SVlad Yasevich return skb; 10378851988SVlad Yasevich } 10478851988SVlad Yasevich 10578851988SVlad Yasevich skb->vlan_tci = 0; 10678851988SVlad Yasevich skb = vlan_untag(skb); 10778851988SVlad Yasevich if (skb) 10878851988SVlad Yasevich skb->vlan_tci = 0; 10978851988SVlad Yasevich 11078851988SVlad Yasevich return skb; 11178851988SVlad Yasevich } 11278851988SVlad Yasevich 11378851988SVlad Yasevich struct sk_buff *br_handle_vlan(struct net_bridge *br, 11478851988SVlad Yasevich const struct net_port_vlans *pv, 115a37b85c9SVlad Yasevich struct sk_buff *skb) 116a37b85c9SVlad Yasevich { 117a37b85c9SVlad Yasevich u16 vid; 118a37b85c9SVlad Yasevich 11978851988SVlad Yasevich if (!br->vlan_enabled) 12078851988SVlad Yasevich goto out; 12178851988SVlad Yasevich 12278851988SVlad Yasevich /* At this point, we know that the frame was filtered and contains 12378851988SVlad Yasevich * a valid vlan id. If the vlan id matches the pvid of current port 12478851988SVlad Yasevich * send untagged; otherwise, send taged. 12578851988SVlad Yasevich */ 12678851988SVlad Yasevich br_vlan_get_tag(skb, &vid); 12778851988SVlad Yasevich if (vid == br_get_pvid(pv)) 12878851988SVlad Yasevich skb = br_vlan_untag(skb); 12978851988SVlad Yasevich else { 13078851988SVlad Yasevich /* Egress policy says "send tagged". If output device 13178851988SVlad Yasevich * is the bridge, we need to add the VLAN header 13278851988SVlad Yasevich * ourselves since we'll be going through the RX path. 13378851988SVlad Yasevich * Sending to ports puts the frame on the TX path and 13478851988SVlad Yasevich * we let dev_hard_start_xmit() add the header. 13578851988SVlad Yasevich */ 13678851988SVlad Yasevich if (skb->protocol != htons(ETH_P_8021Q) && 13778851988SVlad Yasevich pv->port_idx == 0) { 13878851988SVlad Yasevich /* vlan_put_tag expects skb->data to point to 13978851988SVlad Yasevich * mac header. 14078851988SVlad Yasevich */ 14178851988SVlad Yasevich skb_push(skb, ETH_HLEN); 14278851988SVlad Yasevich skb = __vlan_put_tag(skb, skb->vlan_tci); 14378851988SVlad Yasevich if (!skb) 14478851988SVlad Yasevich goto out; 14578851988SVlad Yasevich /* put skb->data back to where it was */ 14678851988SVlad Yasevich skb_pull(skb, ETH_HLEN); 14778851988SVlad Yasevich skb->vlan_tci = 0; 14878851988SVlad Yasevich } 14978851988SVlad Yasevich } 15078851988SVlad Yasevich 15178851988SVlad Yasevich out: 15278851988SVlad Yasevich return skb; 15378851988SVlad Yasevich } 15478851988SVlad Yasevich 15578851988SVlad Yasevich /* Called under RCU */ 15678851988SVlad Yasevich bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 15778851988SVlad Yasevich struct sk_buff *skb, u16 *vid) 15878851988SVlad Yasevich { 159a37b85c9SVlad Yasevich /* If VLAN filtering is disabled on the bridge, all packets are 160a37b85c9SVlad Yasevich * permitted. 161a37b85c9SVlad Yasevich */ 162a37b85c9SVlad Yasevich if (!br->vlan_enabled) 163a37b85c9SVlad Yasevich return true; 164a37b85c9SVlad Yasevich 165a37b85c9SVlad Yasevich /* If there are no vlan in the permitted list, all packets are 166a37b85c9SVlad Yasevich * rejected. 167a37b85c9SVlad Yasevich */ 168a37b85c9SVlad Yasevich if (!v) 169a37b85c9SVlad Yasevich return false; 170a37b85c9SVlad Yasevich 17178851988SVlad Yasevich if (br_vlan_get_tag(skb, vid)) { 17278851988SVlad Yasevich u16 pvid = br_get_pvid(v); 17378851988SVlad Yasevich 17478851988SVlad Yasevich /* Frame did not have a tag. See if pvid is set 17578851988SVlad Yasevich * on this port. That tells us which vlan untagged 17678851988SVlad Yasevich * traffic belongs to. 17778851988SVlad Yasevich */ 17878851988SVlad Yasevich if (pvid == VLAN_N_VID) 17978851988SVlad Yasevich return false; 18078851988SVlad Yasevich 18178851988SVlad Yasevich /* PVID is set on this port. Any untagged ingress 18278851988SVlad Yasevich * frame is considered to belong to this vlan. 18378851988SVlad Yasevich */ 18478851988SVlad Yasevich __vlan_hwaccel_put_tag(skb, pvid); 18578851988SVlad Yasevich return true; 18678851988SVlad Yasevich } 18778851988SVlad Yasevich 18878851988SVlad Yasevich /* Frame had a valid vlan tag. See if vlan is allowed */ 18978851988SVlad Yasevich if (test_bit(*vid, v->vlan_bitmap)) 190a37b85c9SVlad Yasevich return true; 191a37b85c9SVlad Yasevich 192a37b85c9SVlad Yasevich return false; 193a37b85c9SVlad Yasevich } 194a37b85c9SVlad Yasevich 19585f46c6bSVlad Yasevich /* Called under RCU. */ 19685f46c6bSVlad Yasevich bool br_allowed_egress(struct net_bridge *br, 19785f46c6bSVlad Yasevich const struct net_port_vlans *v, 19885f46c6bSVlad Yasevich const struct sk_buff *skb) 19985f46c6bSVlad Yasevich { 20085f46c6bSVlad Yasevich u16 vid; 20185f46c6bSVlad Yasevich 20285f46c6bSVlad Yasevich if (!br->vlan_enabled) 20385f46c6bSVlad Yasevich return true; 20485f46c6bSVlad Yasevich 20585f46c6bSVlad Yasevich if (!v) 20685f46c6bSVlad Yasevich return false; 20785f46c6bSVlad Yasevich 20885f46c6bSVlad Yasevich br_vlan_get_tag(skb, &vid); 20985f46c6bSVlad Yasevich if (test_bit(vid, v->vlan_bitmap)) 21085f46c6bSVlad Yasevich return true; 21185f46c6bSVlad Yasevich 21285f46c6bSVlad Yasevich return false; 21385f46c6bSVlad Yasevich } 21485f46c6bSVlad Yasevich 215243a2e63SVlad Yasevich /* Must be protected by RTNL */ 216552406c4SVlad Yasevich int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 217243a2e63SVlad Yasevich { 218243a2e63SVlad Yasevich struct net_port_vlans *pv = NULL; 219243a2e63SVlad Yasevich int err; 220243a2e63SVlad Yasevich 221243a2e63SVlad Yasevich ASSERT_RTNL(); 222243a2e63SVlad Yasevich 223243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 224243a2e63SVlad Yasevich if (pv) 225552406c4SVlad Yasevich return __vlan_add(pv, vid, flags); 226243a2e63SVlad Yasevich 227243a2e63SVlad Yasevich /* Create port vlan infomration 228243a2e63SVlad Yasevich */ 229243a2e63SVlad Yasevich pv = kzalloc(sizeof(*pv), GFP_KERNEL); 230243a2e63SVlad Yasevich if (!pv) 231243a2e63SVlad Yasevich return -ENOMEM; 232243a2e63SVlad Yasevich 233243a2e63SVlad Yasevich pv->parent.br = br; 234552406c4SVlad Yasevich err = __vlan_add(pv, vid, flags); 235243a2e63SVlad Yasevich if (err) 236243a2e63SVlad Yasevich goto out; 237243a2e63SVlad Yasevich 238243a2e63SVlad Yasevich rcu_assign_pointer(br->vlan_info, pv); 239243a2e63SVlad Yasevich return 0; 240243a2e63SVlad Yasevich out: 241243a2e63SVlad Yasevich kfree(pv); 242243a2e63SVlad Yasevich return err; 243243a2e63SVlad Yasevich } 244243a2e63SVlad Yasevich 245243a2e63SVlad Yasevich /* Must be protected by RTNL */ 246243a2e63SVlad Yasevich int br_vlan_delete(struct net_bridge *br, u16 vid) 247243a2e63SVlad Yasevich { 248243a2e63SVlad Yasevich struct net_port_vlans *pv; 249243a2e63SVlad Yasevich 250243a2e63SVlad Yasevich ASSERT_RTNL(); 251243a2e63SVlad Yasevich 252243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 253243a2e63SVlad Yasevich if (!pv) 254243a2e63SVlad Yasevich return -EINVAL; 255243a2e63SVlad Yasevich 256243a2e63SVlad Yasevich __vlan_del(pv, vid); 257243a2e63SVlad Yasevich return 0; 258243a2e63SVlad Yasevich } 259243a2e63SVlad Yasevich 260243a2e63SVlad Yasevich void br_vlan_flush(struct net_bridge *br) 261243a2e63SVlad Yasevich { 262243a2e63SVlad Yasevich struct net_port_vlans *pv; 263243a2e63SVlad Yasevich 264243a2e63SVlad Yasevich ASSERT_RTNL(); 265243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 266243a2e63SVlad Yasevich if (!pv) 267243a2e63SVlad Yasevich return; 268243a2e63SVlad Yasevich 269243a2e63SVlad Yasevich __vlan_flush(pv); 270243a2e63SVlad Yasevich } 271243a2e63SVlad Yasevich 272243a2e63SVlad Yasevich int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 273243a2e63SVlad Yasevich { 274243a2e63SVlad Yasevich if (!rtnl_trylock()) 275243a2e63SVlad Yasevich return restart_syscall(); 276243a2e63SVlad Yasevich 277243a2e63SVlad Yasevich if (br->vlan_enabled == val) 278243a2e63SVlad Yasevich goto unlock; 279243a2e63SVlad Yasevich 280243a2e63SVlad Yasevich br->vlan_enabled = val; 281243a2e63SVlad Yasevich 282243a2e63SVlad Yasevich unlock: 283243a2e63SVlad Yasevich rtnl_unlock(); 284243a2e63SVlad Yasevich return 0; 285243a2e63SVlad Yasevich } 286243a2e63SVlad Yasevich 287243a2e63SVlad Yasevich /* Must be protected by RTNL */ 288552406c4SVlad Yasevich int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 289243a2e63SVlad Yasevich { 290243a2e63SVlad Yasevich struct net_port_vlans *pv = NULL; 291243a2e63SVlad Yasevich int err; 292243a2e63SVlad Yasevich 293243a2e63SVlad Yasevich ASSERT_RTNL(); 294243a2e63SVlad Yasevich 295243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 296243a2e63SVlad Yasevich if (pv) 297552406c4SVlad Yasevich return __vlan_add(pv, vid, flags); 298243a2e63SVlad Yasevich 299243a2e63SVlad Yasevich /* Create port vlan infomration 300243a2e63SVlad Yasevich */ 301243a2e63SVlad Yasevich pv = kzalloc(sizeof(*pv), GFP_KERNEL); 302243a2e63SVlad Yasevich if (!pv) { 303243a2e63SVlad Yasevich err = -ENOMEM; 304243a2e63SVlad Yasevich goto clean_up; 305243a2e63SVlad Yasevich } 306243a2e63SVlad Yasevich 307243a2e63SVlad Yasevich pv->port_idx = port->port_no; 308243a2e63SVlad Yasevich pv->parent.port = port; 309552406c4SVlad Yasevich err = __vlan_add(pv, vid, flags); 310243a2e63SVlad Yasevich if (err) 311243a2e63SVlad Yasevich goto clean_up; 312243a2e63SVlad Yasevich 313243a2e63SVlad Yasevich rcu_assign_pointer(port->vlan_info, pv); 314243a2e63SVlad Yasevich return 0; 315243a2e63SVlad Yasevich 316243a2e63SVlad Yasevich clean_up: 317243a2e63SVlad Yasevich kfree(pv); 318243a2e63SVlad Yasevich return err; 319243a2e63SVlad Yasevich } 320243a2e63SVlad Yasevich 321243a2e63SVlad Yasevich /* Must be protected by RTNL */ 322243a2e63SVlad Yasevich int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 323243a2e63SVlad Yasevich { 324243a2e63SVlad Yasevich struct net_port_vlans *pv; 325243a2e63SVlad Yasevich 326243a2e63SVlad Yasevich ASSERT_RTNL(); 327243a2e63SVlad Yasevich 328243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 329243a2e63SVlad Yasevich if (!pv) 330243a2e63SVlad Yasevich return -EINVAL; 331243a2e63SVlad Yasevich 332243a2e63SVlad Yasevich return __vlan_del(pv, vid); 333243a2e63SVlad Yasevich } 334243a2e63SVlad Yasevich 335243a2e63SVlad Yasevich void nbp_vlan_flush(struct net_bridge_port *port) 336243a2e63SVlad Yasevich { 337243a2e63SVlad Yasevich struct net_port_vlans *pv; 338243a2e63SVlad Yasevich 339243a2e63SVlad Yasevich ASSERT_RTNL(); 340243a2e63SVlad Yasevich 341243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 342243a2e63SVlad Yasevich if (!pv) 343243a2e63SVlad Yasevich return; 344243a2e63SVlad Yasevich 345243a2e63SVlad Yasevich __vlan_flush(pv); 346243a2e63SVlad Yasevich } 347