1243a2e63SVlad Yasevich #include <linux/kernel.h> 2243a2e63SVlad Yasevich #include <linux/netdevice.h> 3243a2e63SVlad Yasevich #include <linux/rtnetlink.h> 4243a2e63SVlad Yasevich #include <linux/slab.h> 5243a2e63SVlad Yasevich 6243a2e63SVlad Yasevich #include "br_private.h" 7243a2e63SVlad Yasevich 8243a2e63SVlad Yasevich static int __vlan_add(struct net_port_vlans *v, u16 vid) 9243a2e63SVlad Yasevich { 10243a2e63SVlad Yasevich int err; 11243a2e63SVlad Yasevich 12243a2e63SVlad Yasevich if (test_bit(vid, v->vlan_bitmap)) 13243a2e63SVlad Yasevich return -EEXIST; 14243a2e63SVlad Yasevich 15243a2e63SVlad Yasevich if (v->port_idx && vid) { 16243a2e63SVlad Yasevich struct net_device *dev = v->parent.port->dev; 17243a2e63SVlad Yasevich 18243a2e63SVlad Yasevich /* Add VLAN to the device filter if it is supported. 19243a2e63SVlad Yasevich * Stricly speaking, this is not necessary now, since devices 20243a2e63SVlad Yasevich * are made promiscuous by the bridge, but if that ever changes 21243a2e63SVlad Yasevich * this code will allow tagged traffic to enter the bridge. 22243a2e63SVlad Yasevich */ 23243a2e63SVlad Yasevich if (dev->features & NETIF_F_HW_VLAN_FILTER) { 24243a2e63SVlad Yasevich err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid); 25243a2e63SVlad Yasevich if (err) 26243a2e63SVlad Yasevich return err; 27243a2e63SVlad Yasevich } 28243a2e63SVlad Yasevich } 29243a2e63SVlad Yasevich 30243a2e63SVlad Yasevich set_bit(vid, v->vlan_bitmap); 316cbdceebSVlad Yasevich v->num_vlans++; 32243a2e63SVlad Yasevich return 0; 33243a2e63SVlad Yasevich } 34243a2e63SVlad Yasevich 35243a2e63SVlad Yasevich static int __vlan_del(struct net_port_vlans *v, u16 vid) 36243a2e63SVlad Yasevich { 37243a2e63SVlad Yasevich if (!test_bit(vid, v->vlan_bitmap)) 38243a2e63SVlad Yasevich return -EINVAL; 39243a2e63SVlad Yasevich 40243a2e63SVlad Yasevich if (v->port_idx && vid) { 41243a2e63SVlad Yasevich struct net_device *dev = v->parent.port->dev; 42243a2e63SVlad Yasevich 43243a2e63SVlad Yasevich if (dev->features & NETIF_F_HW_VLAN_FILTER) 44243a2e63SVlad Yasevich dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid); 45243a2e63SVlad Yasevich } 46243a2e63SVlad Yasevich 47243a2e63SVlad Yasevich clear_bit(vid, v->vlan_bitmap); 486cbdceebSVlad Yasevich v->num_vlans--; 49243a2e63SVlad Yasevich if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 50243a2e63SVlad Yasevich if (v->port_idx) 51243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.port->vlan_info, NULL); 52243a2e63SVlad Yasevich else 53243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.br->vlan_info, NULL); 54243a2e63SVlad Yasevich kfree_rcu(v, rcu); 55243a2e63SVlad Yasevich } 56243a2e63SVlad Yasevich return 0; 57243a2e63SVlad Yasevich } 58243a2e63SVlad Yasevich 59243a2e63SVlad Yasevich static void __vlan_flush(struct net_port_vlans *v) 60243a2e63SVlad Yasevich { 61243a2e63SVlad Yasevich bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN); 62243a2e63SVlad Yasevich if (v->port_idx) 63243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.port->vlan_info, NULL); 64243a2e63SVlad Yasevich else 65243a2e63SVlad Yasevich rcu_assign_pointer(v->parent.br->vlan_info, NULL); 66243a2e63SVlad Yasevich kfree_rcu(v, rcu); 67243a2e63SVlad Yasevich } 68243a2e63SVlad Yasevich 6978851988SVlad Yasevich /* Strip the tag from the packet. Will return skb with tci set 0. */ 7078851988SVlad Yasevich static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 7178851988SVlad Yasevich { 7278851988SVlad Yasevich if (skb->protocol != htons(ETH_P_8021Q)) { 7378851988SVlad Yasevich skb->vlan_tci = 0; 7478851988SVlad Yasevich return skb; 7578851988SVlad Yasevich } 7678851988SVlad Yasevich 7778851988SVlad Yasevich skb->vlan_tci = 0; 7878851988SVlad Yasevich skb = vlan_untag(skb); 7978851988SVlad Yasevich if (skb) 8078851988SVlad Yasevich skb->vlan_tci = 0; 8178851988SVlad Yasevich 8278851988SVlad Yasevich return skb; 8378851988SVlad Yasevich } 8478851988SVlad Yasevich 8578851988SVlad Yasevich struct sk_buff *br_handle_vlan(struct net_bridge *br, 8678851988SVlad Yasevich const struct net_port_vlans *pv, 87a37b85c9SVlad Yasevich struct sk_buff *skb) 88a37b85c9SVlad Yasevich { 89a37b85c9SVlad Yasevich u16 vid; 90a37b85c9SVlad Yasevich 9178851988SVlad Yasevich if (!br->vlan_enabled) 9278851988SVlad Yasevich goto out; 9378851988SVlad Yasevich 9478851988SVlad Yasevich /* At this point, we know that the frame was filtered and contains 9578851988SVlad Yasevich * a valid vlan id. If the vlan id matches the pvid of current port 9678851988SVlad Yasevich * send untagged; otherwise, send taged. 9778851988SVlad Yasevich */ 9878851988SVlad Yasevich br_vlan_get_tag(skb, &vid); 9978851988SVlad Yasevich if (vid == br_get_pvid(pv)) 10078851988SVlad Yasevich skb = br_vlan_untag(skb); 10178851988SVlad Yasevich else { 10278851988SVlad Yasevich /* Egress policy says "send tagged". If output device 10378851988SVlad Yasevich * is the bridge, we need to add the VLAN header 10478851988SVlad Yasevich * ourselves since we'll be going through the RX path. 10578851988SVlad Yasevich * Sending to ports puts the frame on the TX path and 10678851988SVlad Yasevich * we let dev_hard_start_xmit() add the header. 10778851988SVlad Yasevich */ 10878851988SVlad Yasevich if (skb->protocol != htons(ETH_P_8021Q) && 10978851988SVlad Yasevich pv->port_idx == 0) { 11078851988SVlad Yasevich /* vlan_put_tag expects skb->data to point to 11178851988SVlad Yasevich * mac header. 11278851988SVlad Yasevich */ 11378851988SVlad Yasevich skb_push(skb, ETH_HLEN); 11478851988SVlad Yasevich skb = __vlan_put_tag(skb, skb->vlan_tci); 11578851988SVlad Yasevich if (!skb) 11678851988SVlad Yasevich goto out; 11778851988SVlad Yasevich /* put skb->data back to where it was */ 11878851988SVlad Yasevich skb_pull(skb, ETH_HLEN); 11978851988SVlad Yasevich skb->vlan_tci = 0; 12078851988SVlad Yasevich } 12178851988SVlad Yasevich } 12278851988SVlad Yasevich 12378851988SVlad Yasevich out: 12478851988SVlad Yasevich return skb; 12578851988SVlad Yasevich } 12678851988SVlad Yasevich 12778851988SVlad Yasevich /* Called under RCU */ 12878851988SVlad Yasevich bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 12978851988SVlad Yasevich struct sk_buff *skb, u16 *vid) 13078851988SVlad Yasevich { 131a37b85c9SVlad Yasevich /* If VLAN filtering is disabled on the bridge, all packets are 132a37b85c9SVlad Yasevich * permitted. 133a37b85c9SVlad Yasevich */ 134a37b85c9SVlad Yasevich if (!br->vlan_enabled) 135a37b85c9SVlad Yasevich return true; 136a37b85c9SVlad Yasevich 137a37b85c9SVlad Yasevich /* If there are no vlan in the permitted list, all packets are 138a37b85c9SVlad Yasevich * rejected. 139a37b85c9SVlad Yasevich */ 140a37b85c9SVlad Yasevich if (!v) 141a37b85c9SVlad Yasevich return false; 142a37b85c9SVlad Yasevich 14378851988SVlad Yasevich if (br_vlan_get_tag(skb, vid)) { 14478851988SVlad Yasevich u16 pvid = br_get_pvid(v); 14578851988SVlad Yasevich 14678851988SVlad Yasevich /* Frame did not have a tag. See if pvid is set 14778851988SVlad Yasevich * on this port. That tells us which vlan untagged 14878851988SVlad Yasevich * traffic belongs to. 14978851988SVlad Yasevich */ 15078851988SVlad Yasevich if (pvid == VLAN_N_VID) 15178851988SVlad Yasevich return false; 15278851988SVlad Yasevich 15378851988SVlad Yasevich /* PVID is set on this port. Any untagged ingress 15478851988SVlad Yasevich * frame is considered to belong to this vlan. 15578851988SVlad Yasevich */ 15678851988SVlad Yasevich __vlan_hwaccel_put_tag(skb, pvid); 15778851988SVlad Yasevich return true; 15878851988SVlad Yasevich } 15978851988SVlad Yasevich 16078851988SVlad Yasevich /* Frame had a valid vlan tag. See if vlan is allowed */ 16178851988SVlad Yasevich if (test_bit(*vid, v->vlan_bitmap)) 162a37b85c9SVlad Yasevich return true; 163a37b85c9SVlad Yasevich 164a37b85c9SVlad Yasevich return false; 165a37b85c9SVlad Yasevich } 166a37b85c9SVlad Yasevich 16785f46c6bSVlad Yasevich /* Called under RCU. */ 16885f46c6bSVlad Yasevich bool br_allowed_egress(struct net_bridge *br, 16985f46c6bSVlad Yasevich const struct net_port_vlans *v, 17085f46c6bSVlad Yasevich const struct sk_buff *skb) 17185f46c6bSVlad Yasevich { 17285f46c6bSVlad Yasevich u16 vid; 17385f46c6bSVlad Yasevich 17485f46c6bSVlad Yasevich if (!br->vlan_enabled) 17585f46c6bSVlad Yasevich return true; 17685f46c6bSVlad Yasevich 17785f46c6bSVlad Yasevich if (!v) 17885f46c6bSVlad Yasevich return false; 17985f46c6bSVlad Yasevich 18085f46c6bSVlad Yasevich br_vlan_get_tag(skb, &vid); 18185f46c6bSVlad Yasevich if (test_bit(vid, v->vlan_bitmap)) 18285f46c6bSVlad Yasevich return true; 18385f46c6bSVlad Yasevich 18485f46c6bSVlad Yasevich return false; 18585f46c6bSVlad Yasevich } 18685f46c6bSVlad Yasevich 187243a2e63SVlad Yasevich /* Must be protected by RTNL */ 188243a2e63SVlad Yasevich int br_vlan_add(struct net_bridge *br, u16 vid) 189243a2e63SVlad Yasevich { 190243a2e63SVlad Yasevich struct net_port_vlans *pv = NULL; 191243a2e63SVlad Yasevich int err; 192243a2e63SVlad Yasevich 193243a2e63SVlad Yasevich ASSERT_RTNL(); 194243a2e63SVlad Yasevich 195243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 196243a2e63SVlad Yasevich if (pv) 197243a2e63SVlad Yasevich return __vlan_add(pv, vid); 198243a2e63SVlad Yasevich 199243a2e63SVlad Yasevich /* Create port vlan infomration 200243a2e63SVlad Yasevich */ 201243a2e63SVlad Yasevich pv = kzalloc(sizeof(*pv), GFP_KERNEL); 202243a2e63SVlad Yasevich if (!pv) 203243a2e63SVlad Yasevich return -ENOMEM; 204243a2e63SVlad Yasevich 205243a2e63SVlad Yasevich pv->parent.br = br; 206243a2e63SVlad Yasevich err = __vlan_add(pv, vid); 207243a2e63SVlad Yasevich if (err) 208243a2e63SVlad Yasevich goto out; 209243a2e63SVlad Yasevich 210243a2e63SVlad Yasevich rcu_assign_pointer(br->vlan_info, pv); 211243a2e63SVlad Yasevich return 0; 212243a2e63SVlad Yasevich out: 213243a2e63SVlad Yasevich kfree(pv); 214243a2e63SVlad Yasevich return err; 215243a2e63SVlad Yasevich } 216243a2e63SVlad Yasevich 217243a2e63SVlad Yasevich /* Must be protected by RTNL */ 218243a2e63SVlad Yasevich int br_vlan_delete(struct net_bridge *br, u16 vid) 219243a2e63SVlad Yasevich { 220243a2e63SVlad Yasevich struct net_port_vlans *pv; 221243a2e63SVlad Yasevich 222243a2e63SVlad Yasevich ASSERT_RTNL(); 223243a2e63SVlad Yasevich 224243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 225243a2e63SVlad Yasevich if (!pv) 226243a2e63SVlad Yasevich return -EINVAL; 227243a2e63SVlad Yasevich 228243a2e63SVlad Yasevich __vlan_del(pv, vid); 229243a2e63SVlad Yasevich return 0; 230243a2e63SVlad Yasevich } 231243a2e63SVlad Yasevich 232243a2e63SVlad Yasevich void br_vlan_flush(struct net_bridge *br) 233243a2e63SVlad Yasevich { 234243a2e63SVlad Yasevich struct net_port_vlans *pv; 235243a2e63SVlad Yasevich 236243a2e63SVlad Yasevich ASSERT_RTNL(); 237243a2e63SVlad Yasevich 238243a2e63SVlad Yasevich pv = rtnl_dereference(br->vlan_info); 239243a2e63SVlad Yasevich if (!pv) 240243a2e63SVlad Yasevich return; 241243a2e63SVlad Yasevich 242243a2e63SVlad Yasevich __vlan_flush(pv); 243243a2e63SVlad Yasevich } 244243a2e63SVlad Yasevich 245243a2e63SVlad Yasevich int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 246243a2e63SVlad Yasevich { 247243a2e63SVlad Yasevich if (!rtnl_trylock()) 248243a2e63SVlad Yasevich return restart_syscall(); 249243a2e63SVlad Yasevich 250243a2e63SVlad Yasevich if (br->vlan_enabled == val) 251243a2e63SVlad Yasevich goto unlock; 252243a2e63SVlad Yasevich 253243a2e63SVlad Yasevich br->vlan_enabled = val; 254243a2e63SVlad Yasevich 255243a2e63SVlad Yasevich unlock: 256243a2e63SVlad Yasevich rtnl_unlock(); 257243a2e63SVlad Yasevich return 0; 258243a2e63SVlad Yasevich } 259243a2e63SVlad Yasevich 260243a2e63SVlad Yasevich /* Must be protected by RTNL */ 261243a2e63SVlad Yasevich int nbp_vlan_add(struct net_bridge_port *port, u16 vid) 262243a2e63SVlad Yasevich { 263243a2e63SVlad Yasevich struct net_port_vlans *pv = NULL; 264243a2e63SVlad Yasevich int err; 265243a2e63SVlad Yasevich 266243a2e63SVlad Yasevich ASSERT_RTNL(); 267243a2e63SVlad Yasevich 268243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 269243a2e63SVlad Yasevich if (pv) 270243a2e63SVlad Yasevich return __vlan_add(pv, vid); 271243a2e63SVlad Yasevich 272243a2e63SVlad Yasevich /* Create port vlan infomration 273243a2e63SVlad Yasevich */ 274243a2e63SVlad Yasevich pv = kzalloc(sizeof(*pv), GFP_KERNEL); 275243a2e63SVlad Yasevich if (!pv) { 276243a2e63SVlad Yasevich err = -ENOMEM; 277243a2e63SVlad Yasevich goto clean_up; 278243a2e63SVlad Yasevich } 279243a2e63SVlad Yasevich 280243a2e63SVlad Yasevich pv->port_idx = port->port_no; 281243a2e63SVlad Yasevich pv->parent.port = port; 282243a2e63SVlad Yasevich err = __vlan_add(pv, vid); 283243a2e63SVlad Yasevich if (err) 284243a2e63SVlad Yasevich goto clean_up; 285243a2e63SVlad Yasevich 286243a2e63SVlad Yasevich rcu_assign_pointer(port->vlan_info, pv); 287243a2e63SVlad Yasevich return 0; 288243a2e63SVlad Yasevich 289243a2e63SVlad Yasevich clean_up: 290243a2e63SVlad Yasevich kfree(pv); 291243a2e63SVlad Yasevich return err; 292243a2e63SVlad Yasevich } 293243a2e63SVlad Yasevich 294243a2e63SVlad Yasevich /* Must be protected by RTNL */ 295243a2e63SVlad Yasevich int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 296243a2e63SVlad Yasevich { 297243a2e63SVlad Yasevich struct net_port_vlans *pv; 298243a2e63SVlad Yasevich 299243a2e63SVlad Yasevich ASSERT_RTNL(); 300243a2e63SVlad Yasevich 301243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 302243a2e63SVlad Yasevich if (!pv) 303243a2e63SVlad Yasevich return -EINVAL; 304243a2e63SVlad Yasevich 305243a2e63SVlad Yasevich return __vlan_del(pv, vid); 306243a2e63SVlad Yasevich } 307243a2e63SVlad Yasevich 308243a2e63SVlad Yasevich void nbp_vlan_flush(struct net_bridge_port *port) 309243a2e63SVlad Yasevich { 310243a2e63SVlad Yasevich struct net_port_vlans *pv; 311243a2e63SVlad Yasevich 312243a2e63SVlad Yasevich ASSERT_RTNL(); 313243a2e63SVlad Yasevich 314243a2e63SVlad Yasevich pv = rtnl_dereference(port->vlan_info); 315243a2e63SVlad Yasevich if (!pv) 316243a2e63SVlad Yasevich return; 317243a2e63SVlad Yasevich 318243a2e63SVlad Yasevich __vlan_flush(pv); 319243a2e63SVlad Yasevich } 320