1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 struct net_bridge_port *p = NULL; 38 struct net_bridge *br; 39 struct net_device *dev; 40 int err; 41 42 if (test_bit(vid, v->vlan_bitmap)) { 43 __vlan_add_flags(v, vid, flags); 44 return 0; 45 } 46 47 if (v->port_idx) { 48 p = v->parent.port; 49 br = p->br; 50 dev = p->dev; 51 } else { 52 br = v->parent.br; 53 dev = br->dev; 54 } 55 56 if (p) { 57 /* Add VLAN to the device filter if it is supported. 58 * Stricly speaking, this is not necessary now, since 59 * devices are made promiscuous by the bridge, but if 60 * that ever changes this code will allow tagged 61 * traffic to enter the bridge. 62 */ 63 err = vlan_vid_add(dev, htons(ETH_P_8021Q), vid); 64 if (err) 65 return err; 66 } 67 68 err = br_fdb_insert(br, p, dev->dev_addr, vid); 69 if (err) { 70 br_err(br, "failed insert local address into bridge " 71 "forwarding table\n"); 72 goto out_filt; 73 } 74 75 set_bit(vid, v->vlan_bitmap); 76 v->num_vlans++; 77 __vlan_add_flags(v, vid, flags); 78 79 return 0; 80 81 out_filt: 82 if (p) 83 vlan_vid_del(dev, htons(ETH_P_8021Q), vid); 84 return err; 85 } 86 87 static int __vlan_del(struct net_port_vlans *v, u16 vid) 88 { 89 if (!test_bit(vid, v->vlan_bitmap)) 90 return -EINVAL; 91 92 __vlan_delete_pvid(v, vid); 93 clear_bit(vid, v->untagged_bitmap); 94 95 if (v->port_idx) 96 vlan_vid_del(v->parent.port->dev, htons(ETH_P_8021Q), vid); 97 98 clear_bit(vid, v->vlan_bitmap); 99 v->num_vlans--; 100 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 101 if (v->port_idx) 102 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 103 else 104 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 105 kfree_rcu(v, rcu); 106 } 107 return 0; 108 } 109 110 static void __vlan_flush(struct net_port_vlans *v) 111 { 112 smp_wmb(); 113 v->pvid = 0; 114 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 115 if (v->port_idx) 116 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 117 else 118 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 119 kfree_rcu(v, rcu); 120 } 121 122 /* Strip the tag from the packet. Will return skb with tci set 0. */ 123 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 124 { 125 if (skb->protocol != htons(ETH_P_8021Q)) { 126 skb->vlan_tci = 0; 127 return skb; 128 } 129 130 skb->vlan_tci = 0; 131 skb = vlan_untag(skb); 132 if (skb) 133 skb->vlan_tci = 0; 134 135 return skb; 136 } 137 138 struct sk_buff *br_handle_vlan(struct net_bridge *br, 139 const struct net_port_vlans *pv, 140 struct sk_buff *skb) 141 { 142 u16 vid; 143 144 if (!br->vlan_enabled) 145 goto out; 146 147 /* At this point, we know that the frame was filtered and contains 148 * a valid vlan id. If the vlan id is set in the untagged bitmap, 149 * send untagged; otherwise, send tagged. 150 */ 151 br_vlan_get_tag(skb, &vid); 152 if (test_bit(vid, pv->untagged_bitmap)) 153 skb = br_vlan_untag(skb); 154 155 out: 156 return skb; 157 } 158 159 /* Called under RCU */ 160 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 161 struct sk_buff *skb, u16 *vid) 162 { 163 int err; 164 165 /* If VLAN filtering is disabled on the bridge, all packets are 166 * permitted. 167 */ 168 if (!br->vlan_enabled) 169 return true; 170 171 /* If there are no vlan in the permitted list, all packets are 172 * rejected. 173 */ 174 if (!v) 175 return false; 176 177 /* If vlan tx offload is disabled on bridge device and frame was 178 * sent from vlan device on the bridge device, it does not have 179 * HW accelerated vlan tag. 180 */ 181 if (unlikely(!vlan_tx_tag_present(skb) && 182 (skb->protocol == htons(ETH_P_8021Q) || 183 skb->protocol == htons(ETH_P_8021AD)))) { 184 skb = vlan_untag(skb); 185 if (unlikely(!skb)) 186 return false; 187 } 188 189 err = br_vlan_get_tag(skb, vid); 190 if (!*vid) { 191 u16 pvid = br_get_pvid(v); 192 193 /* Frame had a tag with VID 0 or did not have a tag. 194 * See if pvid is set on this port. That tells us which 195 * vlan untagged or priority-tagged traffic belongs to. 196 */ 197 if (pvid == VLAN_N_VID) 198 return false; 199 200 /* PVID is set on this port. Any untagged or priority-tagged 201 * ingress frame is considered to belong to this vlan. 202 */ 203 *vid = pvid; 204 if (likely(err)) 205 /* Untagged Frame. */ 206 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 207 else 208 /* Priority-tagged Frame. 209 * At this point, We know that skb->vlan_tci had 210 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 211 * We update only VID field and preserve PCP field. 212 */ 213 skb->vlan_tci |= pvid; 214 215 return true; 216 } 217 218 /* Frame had a valid vlan tag. See if vlan is allowed */ 219 if (test_bit(*vid, v->vlan_bitmap)) 220 return true; 221 222 return false; 223 } 224 225 /* Called under RCU. */ 226 bool br_allowed_egress(struct net_bridge *br, 227 const struct net_port_vlans *v, 228 const struct sk_buff *skb) 229 { 230 u16 vid; 231 232 if (!br->vlan_enabled) 233 return true; 234 235 if (!v) 236 return false; 237 238 br_vlan_get_tag(skb, &vid); 239 if (test_bit(vid, v->vlan_bitmap)) 240 return true; 241 242 return false; 243 } 244 245 /* Must be protected by RTNL. 246 * Must be called with vid in range from 1 to 4094 inclusive. 247 */ 248 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 249 { 250 struct net_port_vlans *pv = NULL; 251 int err; 252 253 ASSERT_RTNL(); 254 255 pv = rtnl_dereference(br->vlan_info); 256 if (pv) 257 return __vlan_add(pv, vid, flags); 258 259 /* Create port vlan infomration 260 */ 261 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 262 if (!pv) 263 return -ENOMEM; 264 265 pv->parent.br = br; 266 err = __vlan_add(pv, vid, flags); 267 if (err) 268 goto out; 269 270 rcu_assign_pointer(br->vlan_info, pv); 271 return 0; 272 out: 273 kfree(pv); 274 return err; 275 } 276 277 /* Must be protected by RTNL. 278 * Must be called with vid in range from 1 to 4094 inclusive. 279 */ 280 int br_vlan_delete(struct net_bridge *br, u16 vid) 281 { 282 struct net_port_vlans *pv; 283 284 ASSERT_RTNL(); 285 286 pv = rtnl_dereference(br->vlan_info); 287 if (!pv) 288 return -EINVAL; 289 290 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 291 292 __vlan_del(pv, vid); 293 return 0; 294 } 295 296 void br_vlan_flush(struct net_bridge *br) 297 { 298 struct net_port_vlans *pv; 299 300 ASSERT_RTNL(); 301 pv = rtnl_dereference(br->vlan_info); 302 if (!pv) 303 return; 304 305 __vlan_flush(pv); 306 } 307 308 bool br_vlan_find(struct net_bridge *br, u16 vid) 309 { 310 struct net_port_vlans *pv; 311 bool found = false; 312 313 rcu_read_lock(); 314 pv = rcu_dereference(br->vlan_info); 315 316 if (!pv) 317 goto out; 318 319 if (test_bit(vid, pv->vlan_bitmap)) 320 found = true; 321 322 out: 323 rcu_read_unlock(); 324 return found; 325 } 326 327 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 328 { 329 if (!rtnl_trylock()) 330 return restart_syscall(); 331 332 if (br->vlan_enabled == val) 333 goto unlock; 334 335 br->vlan_enabled = val; 336 337 unlock: 338 rtnl_unlock(); 339 return 0; 340 } 341 342 /* Must be protected by RTNL. 343 * Must be called with vid in range from 1 to 4094 inclusive. 344 */ 345 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 346 { 347 struct net_port_vlans *pv = NULL; 348 int err; 349 350 ASSERT_RTNL(); 351 352 pv = rtnl_dereference(port->vlan_info); 353 if (pv) 354 return __vlan_add(pv, vid, flags); 355 356 /* Create port vlan infomration 357 */ 358 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 359 if (!pv) { 360 err = -ENOMEM; 361 goto clean_up; 362 } 363 364 pv->port_idx = port->port_no; 365 pv->parent.port = port; 366 err = __vlan_add(pv, vid, flags); 367 if (err) 368 goto clean_up; 369 370 rcu_assign_pointer(port->vlan_info, pv); 371 return 0; 372 373 clean_up: 374 kfree(pv); 375 return err; 376 } 377 378 /* Must be protected by RTNL. 379 * Must be called with vid in range from 1 to 4094 inclusive. 380 */ 381 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 382 { 383 struct net_port_vlans *pv; 384 385 ASSERT_RTNL(); 386 387 pv = rtnl_dereference(port->vlan_info); 388 if (!pv) 389 return -EINVAL; 390 391 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 392 393 return __vlan_del(pv, vid); 394 } 395 396 void nbp_vlan_flush(struct net_bridge_port *port) 397 { 398 struct net_port_vlans *pv; 399 u16 vid; 400 401 ASSERT_RTNL(); 402 403 pv = rtnl_dereference(port->vlan_info); 404 if (!pv) 405 return; 406 407 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 408 vlan_vid_del(port->dev, htons(ETH_P_8021Q), vid); 409 410 __vlan_flush(pv); 411 } 412 413 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 414 { 415 struct net_port_vlans *pv; 416 bool found = false; 417 418 rcu_read_lock(); 419 pv = rcu_dereference(port->vlan_info); 420 421 if (!pv) 422 goto out; 423 424 if (test_bit(vid, pv->vlan_bitmap)) 425 found = true; 426 427 out: 428 rcu_read_unlock(); 429 return found; 430 } 431