1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 struct net_bridge_port *p = NULL; 38 struct net_bridge *br; 39 struct net_device *dev; 40 int err; 41 42 if (test_bit(vid, v->vlan_bitmap)) { 43 __vlan_add_flags(v, vid, flags); 44 return 0; 45 } 46 47 if (v->port_idx) { 48 p = v->parent.port; 49 br = p->br; 50 dev = p->dev; 51 } else { 52 br = v->parent.br; 53 dev = br->dev; 54 } 55 56 if (p) { 57 /* Add VLAN to the device filter if it is supported. 58 * Stricly speaking, this is not necessary now, since 59 * devices are made promiscuous by the bridge, but if 60 * that ever changes this code will allow tagged 61 * traffic to enter the bridge. 62 */ 63 err = vlan_vid_add(dev, htons(ETH_P_8021Q), vid); 64 if (err) 65 return err; 66 } 67 68 err = br_fdb_insert(br, p, dev->dev_addr, vid); 69 if (err) { 70 br_err(br, "failed insert local address into bridge " 71 "forwarding table\n"); 72 goto out_filt; 73 } 74 75 set_bit(vid, v->vlan_bitmap); 76 v->num_vlans++; 77 __vlan_add_flags(v, vid, flags); 78 79 return 0; 80 81 out_filt: 82 if (p) 83 vlan_vid_del(dev, htons(ETH_P_8021Q), vid); 84 return err; 85 } 86 87 static int __vlan_del(struct net_port_vlans *v, u16 vid) 88 { 89 if (!test_bit(vid, v->vlan_bitmap)) 90 return -EINVAL; 91 92 __vlan_delete_pvid(v, vid); 93 clear_bit(vid, v->untagged_bitmap); 94 95 if (v->port_idx) 96 vlan_vid_del(v->parent.port->dev, htons(ETH_P_8021Q), vid); 97 98 clear_bit(vid, v->vlan_bitmap); 99 v->num_vlans--; 100 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 101 if (v->port_idx) 102 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 103 else 104 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 105 kfree_rcu(v, rcu); 106 } 107 return 0; 108 } 109 110 static void __vlan_flush(struct net_port_vlans *v) 111 { 112 smp_wmb(); 113 v->pvid = 0; 114 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 115 if (v->port_idx) 116 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 117 else 118 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 119 kfree_rcu(v, rcu); 120 } 121 122 struct sk_buff *br_handle_vlan(struct net_bridge *br, 123 const struct net_port_vlans *pv, 124 struct sk_buff *skb) 125 { 126 u16 vid; 127 128 if (!br->vlan_enabled) 129 goto out; 130 131 /* Vlan filter table must be configured at this point. The 132 * only exception is the bridge is set in promisc mode and the 133 * packet is destined for the bridge device. In this case 134 * pass the packet as is. 135 */ 136 if (!pv) { 137 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 138 goto out; 139 } else { 140 kfree_skb(skb); 141 return NULL; 142 } 143 } 144 145 /* At this point, we know that the frame was filtered and contains 146 * a valid vlan id. If the vlan id is set in the untagged bitmap, 147 * send untagged; otherwise, send tagged. 148 */ 149 br_vlan_get_tag(skb, &vid); 150 if (test_bit(vid, pv->untagged_bitmap)) 151 skb->vlan_tci = 0; 152 153 out: 154 return skb; 155 } 156 157 /* Called under RCU */ 158 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 159 struct sk_buff *skb, u16 *vid) 160 { 161 int err; 162 163 /* If VLAN filtering is disabled on the bridge, all packets are 164 * permitted. 165 */ 166 if (!br->vlan_enabled) 167 return true; 168 169 /* If there are no vlan in the permitted list, all packets are 170 * rejected. 171 */ 172 if (!v) 173 goto drop; 174 175 /* If vlan tx offload is disabled on bridge device and frame was 176 * sent from vlan device on the bridge device, it does not have 177 * HW accelerated vlan tag. 178 */ 179 if (unlikely(!vlan_tx_tag_present(skb) && 180 (skb->protocol == htons(ETH_P_8021Q) || 181 skb->protocol == htons(ETH_P_8021AD)))) { 182 skb = vlan_untag(skb); 183 if (unlikely(!skb)) 184 return false; 185 } 186 187 err = br_vlan_get_tag(skb, vid); 188 if (!*vid) { 189 u16 pvid = br_get_pvid(v); 190 191 /* Frame had a tag with VID 0 or did not have a tag. 192 * See if pvid is set on this port. That tells us which 193 * vlan untagged or priority-tagged traffic belongs to. 194 */ 195 if (pvid == VLAN_N_VID) 196 goto drop; 197 198 /* PVID is set on this port. Any untagged or priority-tagged 199 * ingress frame is considered to belong to this vlan. 200 */ 201 *vid = pvid; 202 if (likely(err)) 203 /* Untagged Frame. */ 204 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 205 else 206 /* Priority-tagged Frame. 207 * At this point, We know that skb->vlan_tci had 208 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 209 * We update only VID field and preserve PCP field. 210 */ 211 skb->vlan_tci |= pvid; 212 213 return true; 214 } 215 216 /* Frame had a valid vlan tag. See if vlan is allowed */ 217 if (test_bit(*vid, v->vlan_bitmap)) 218 return true; 219 drop: 220 kfree_skb(skb); 221 return false; 222 } 223 224 /* Called under RCU. */ 225 bool br_allowed_egress(struct net_bridge *br, 226 const struct net_port_vlans *v, 227 const struct sk_buff *skb) 228 { 229 u16 vid; 230 231 if (!br->vlan_enabled) 232 return true; 233 234 if (!v) 235 return false; 236 237 br_vlan_get_tag(skb, &vid); 238 if (test_bit(vid, v->vlan_bitmap)) 239 return true; 240 241 return false; 242 } 243 244 /* Must be protected by RTNL. 245 * Must be called with vid in range from 1 to 4094 inclusive. 246 */ 247 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 248 { 249 struct net_port_vlans *pv = NULL; 250 int err; 251 252 ASSERT_RTNL(); 253 254 pv = rtnl_dereference(br->vlan_info); 255 if (pv) 256 return __vlan_add(pv, vid, flags); 257 258 /* Create port vlan infomration 259 */ 260 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 261 if (!pv) 262 return -ENOMEM; 263 264 pv->parent.br = br; 265 err = __vlan_add(pv, vid, flags); 266 if (err) 267 goto out; 268 269 rcu_assign_pointer(br->vlan_info, pv); 270 return 0; 271 out: 272 kfree(pv); 273 return err; 274 } 275 276 /* Must be protected by RTNL. 277 * Must be called with vid in range from 1 to 4094 inclusive. 278 */ 279 int br_vlan_delete(struct net_bridge *br, u16 vid) 280 { 281 struct net_port_vlans *pv; 282 283 ASSERT_RTNL(); 284 285 pv = rtnl_dereference(br->vlan_info); 286 if (!pv) 287 return -EINVAL; 288 289 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 290 291 __vlan_del(pv, vid); 292 return 0; 293 } 294 295 void br_vlan_flush(struct net_bridge *br) 296 { 297 struct net_port_vlans *pv; 298 299 ASSERT_RTNL(); 300 pv = rtnl_dereference(br->vlan_info); 301 if (!pv) 302 return; 303 304 __vlan_flush(pv); 305 } 306 307 bool br_vlan_find(struct net_bridge *br, u16 vid) 308 { 309 struct net_port_vlans *pv; 310 bool found = false; 311 312 rcu_read_lock(); 313 pv = rcu_dereference(br->vlan_info); 314 315 if (!pv) 316 goto out; 317 318 if (test_bit(vid, pv->vlan_bitmap)) 319 found = true; 320 321 out: 322 rcu_read_unlock(); 323 return found; 324 } 325 326 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 327 { 328 if (!rtnl_trylock()) 329 return restart_syscall(); 330 331 if (br->vlan_enabled == val) 332 goto unlock; 333 334 br->vlan_enabled = val; 335 336 unlock: 337 rtnl_unlock(); 338 return 0; 339 } 340 341 /* Must be protected by RTNL. 342 * Must be called with vid in range from 1 to 4094 inclusive. 343 */ 344 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 345 { 346 struct net_port_vlans *pv = NULL; 347 int err; 348 349 ASSERT_RTNL(); 350 351 pv = rtnl_dereference(port->vlan_info); 352 if (pv) 353 return __vlan_add(pv, vid, flags); 354 355 /* Create port vlan infomration 356 */ 357 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 358 if (!pv) { 359 err = -ENOMEM; 360 goto clean_up; 361 } 362 363 pv->port_idx = port->port_no; 364 pv->parent.port = port; 365 err = __vlan_add(pv, vid, flags); 366 if (err) 367 goto clean_up; 368 369 rcu_assign_pointer(port->vlan_info, pv); 370 return 0; 371 372 clean_up: 373 kfree(pv); 374 return err; 375 } 376 377 /* Must be protected by RTNL. 378 * Must be called with vid in range from 1 to 4094 inclusive. 379 */ 380 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 381 { 382 struct net_port_vlans *pv; 383 384 ASSERT_RTNL(); 385 386 pv = rtnl_dereference(port->vlan_info); 387 if (!pv) 388 return -EINVAL; 389 390 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 391 392 return __vlan_del(pv, vid); 393 } 394 395 void nbp_vlan_flush(struct net_bridge_port *port) 396 { 397 struct net_port_vlans *pv; 398 u16 vid; 399 400 ASSERT_RTNL(); 401 402 pv = rtnl_dereference(port->vlan_info); 403 if (!pv) 404 return; 405 406 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 407 vlan_vid_del(port->dev, htons(ETH_P_8021Q), vid); 408 409 __vlan_flush(pv); 410 } 411 412 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 413 { 414 struct net_port_vlans *pv; 415 bool found = false; 416 417 rcu_read_lock(); 418 pv = rcu_dereference(port->vlan_info); 419 420 if (!pv) 421 goto out; 422 423 if (test_bit(vid, pv->vlan_bitmap)) 424 found = true; 425 426 out: 427 rcu_read_unlock(); 428 return found; 429 } 430