xref: /openbmc/linux/net/bridge/br_vlan.c (revision 35e03f3a) 
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 	if (v->pvid == vid)
11 		return;
12 
13 	smp_wmb();
14 	v->pvid = vid;
15 }
16 
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 	if (v->pvid != vid)
20 		return;
21 
22 	smp_wmb();
23 	v->pvid = 0;
24 }
25 
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 	if (flags & BRIDGE_VLAN_INFO_PVID)
29 		__vlan_add_pvid(v, vid);
30 
31 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 		set_bit(vid, v->untagged_bitmap);
33 }
34 
35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 	struct net_bridge_port *p = NULL;
38 	struct net_bridge *br;
39 	struct net_device *dev;
40 	int err;
41 
42 	if (test_bit(vid, v->vlan_bitmap)) {
43 		__vlan_add_flags(v, vid, flags);
44 		return 0;
45 	}
46 
47 	if (vid) {
48 		if (v->port_idx) {
49 			p = v->parent.port;
50 			br = p->br;
51 			dev = p->dev;
52 		} else {
53 			br = v->parent.br;
54 			dev = br->dev;
55 		}
56 
57 		if (p && (dev->features & NETIF_F_HW_VLAN_FILTER)) {
58 			/* Add VLAN to the device filter if it is supported.
59 			 * Stricly speaking, this is not necessary now, since
60 			 * devices are made promiscuous by the bridge, but if
61 			 * that ever changes this code will allow tagged
62 			 * traffic to enter the bridge.
63 			 */
64 			err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid);
65 			if (err)
66 				return err;
67 		}
68 
69 		err = br_fdb_insert(br, p, dev->dev_addr, vid);
70 		if (err) {
71 			br_err(br, "failed insert local address into bridge "
72 			       "forwarding table\n");
73 			goto out_filt;
74 		}
75 
76 	}
77 
78 	set_bit(vid, v->vlan_bitmap);
79 	v->num_vlans++;
80 	__vlan_add_flags(v, vid, flags);
81 
82 	return 0;
83 
84 out_filt:
85 	if (p && (dev->features & NETIF_F_HW_VLAN_FILTER))
86 		dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid);
87 	return err;
88 }
89 
90 static int __vlan_del(struct net_port_vlans *v, u16 vid)
91 {
92 	if (!test_bit(vid, v->vlan_bitmap))
93 		return -EINVAL;
94 
95 	__vlan_delete_pvid(v, vid);
96 	clear_bit(vid, v->untagged_bitmap);
97 
98 	if (v->port_idx && vid) {
99 		struct net_device *dev = v->parent.port->dev;
100 
101 		if (dev->features & NETIF_F_HW_VLAN_FILTER)
102 			dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid);
103 	}
104 
105 	clear_bit(vid, v->vlan_bitmap);
106 	v->num_vlans--;
107 	if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
108 		if (v->port_idx)
109 			rcu_assign_pointer(v->parent.port->vlan_info, NULL);
110 		else
111 			rcu_assign_pointer(v->parent.br->vlan_info, NULL);
112 		kfree_rcu(v, rcu);
113 	}
114 	return 0;
115 }
116 
117 static void __vlan_flush(struct net_port_vlans *v)
118 {
119 	smp_wmb();
120 	v->pvid = 0;
121 	bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN);
122 	if (v->port_idx)
123 		rcu_assign_pointer(v->parent.port->vlan_info, NULL);
124 	else
125 		rcu_assign_pointer(v->parent.br->vlan_info, NULL);
126 	kfree_rcu(v, rcu);
127 }
128 
129 /* Strip the tag from the packet.  Will return skb with tci set 0.  */
130 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
131 {
132 	if (skb->protocol != htons(ETH_P_8021Q)) {
133 		skb->vlan_tci = 0;
134 		return skb;
135 	}
136 
137 	skb->vlan_tci = 0;
138 	skb = vlan_untag(skb);
139 	if (skb)
140 		skb->vlan_tci = 0;
141 
142 	return skb;
143 }
144 
145 struct sk_buff *br_handle_vlan(struct net_bridge *br,
146 			       const struct net_port_vlans *pv,
147 			       struct sk_buff *skb)
148 {
149 	u16 vid;
150 
151 	if (!br->vlan_enabled)
152 		goto out;
153 
154 	/* At this point, we know that the frame was filtered and contains
155 	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
156 	 * send untagged; otherwise, send taged.
157 	 */
158 	br_vlan_get_tag(skb, &vid);
159 	if (test_bit(vid, pv->untagged_bitmap))
160 		skb = br_vlan_untag(skb);
161 	else {
162 		/* Egress policy says "send tagged".  If output device
163 		 * is the  bridge, we need to add the VLAN header
164 		 * ourselves since we'll be going through the RX path.
165 		 * Sending to ports puts the frame on the TX path and
166 		 * we let dev_hard_start_xmit() add the header.
167 		 */
168 		if (skb->protocol != htons(ETH_P_8021Q) &&
169 		    pv->port_idx == 0) {
170 			/* vlan_put_tag expects skb->data to point to
171 			 * mac header.
172 			 */
173 			skb_push(skb, ETH_HLEN);
174 			skb = __vlan_put_tag(skb, skb->vlan_tci);
175 			if (!skb)
176 				goto out;
177 			/* put skb->data back to where it was */
178 			skb_pull(skb, ETH_HLEN);
179 			skb->vlan_tci = 0;
180 		}
181 	}
182 
183 out:
184 	return skb;
185 }
186 
187 /* Called under RCU */
188 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
189 			struct sk_buff *skb, u16 *vid)
190 {
191 	/* If VLAN filtering is disabled on the bridge, all packets are
192 	 * permitted.
193 	 */
194 	if (!br->vlan_enabled)
195 		return true;
196 
197 	/* If there are no vlan in the permitted list, all packets are
198 	 * rejected.
199 	 */
200 	if (!v)
201 		return false;
202 
203 	if (br_vlan_get_tag(skb, vid)) {
204 		u16 pvid = br_get_pvid(v);
205 
206 		/* Frame did not have a tag.  See if pvid is set
207 		 * on this port.  That tells us which vlan untagged
208 		 * traffic belongs to.
209 		 */
210 		if (pvid == VLAN_N_VID)
211 			return false;
212 
213 		/* PVID is set on this port.  Any untagged ingress
214 		 * frame is considered to belong to this vlan.
215 		 */
216 		__vlan_hwaccel_put_tag(skb, pvid);
217 		return true;
218 	}
219 
220 	/* Frame had a valid vlan tag.  See if vlan is allowed */
221 	if (test_bit(*vid, v->vlan_bitmap))
222 		return true;
223 
224 	return false;
225 }
226 
227 /* Called under RCU. */
228 bool br_allowed_egress(struct net_bridge *br,
229 		       const struct net_port_vlans *v,
230 		       const struct sk_buff *skb)
231 {
232 	u16 vid;
233 
234 	if (!br->vlan_enabled)
235 		return true;
236 
237 	if (!v)
238 		return false;
239 
240 	br_vlan_get_tag(skb, &vid);
241 	if (test_bit(vid, v->vlan_bitmap))
242 		return true;
243 
244 	return false;
245 }
246 
247 /* Must be protected by RTNL */
248 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
249 {
250 	struct net_port_vlans *pv = NULL;
251 	int err;
252 
253 	ASSERT_RTNL();
254 
255 	pv = rtnl_dereference(br->vlan_info);
256 	if (pv)
257 		return __vlan_add(pv, vid, flags);
258 
259 	/* Create port vlan infomration
260 	 */
261 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
262 	if (!pv)
263 		return -ENOMEM;
264 
265 	pv->parent.br = br;
266 	err = __vlan_add(pv, vid, flags);
267 	if (err)
268 		goto out;
269 
270 	rcu_assign_pointer(br->vlan_info, pv);
271 	return 0;
272 out:
273 	kfree(pv);
274 	return err;
275 }
276 
277 /* Must be protected by RTNL */
278 int br_vlan_delete(struct net_bridge *br, u16 vid)
279 {
280 	struct net_port_vlans *pv;
281 
282 	ASSERT_RTNL();
283 
284 	pv = rtnl_dereference(br->vlan_info);
285 	if (!pv)
286 		return -EINVAL;
287 
288 	if (vid) {
289 		/* If the VID !=0 remove fdb for this vid. VID 0 is special
290 		 * in that it's the default and is always there in the fdb.
291 		 */
292 		spin_lock_bh(&br->hash_lock);
293 		fdb_delete_by_addr(br, br->dev->dev_addr, vid);
294 		spin_unlock_bh(&br->hash_lock);
295 	}
296 
297 	__vlan_del(pv, vid);
298 	return 0;
299 }
300 
301 void br_vlan_flush(struct net_bridge *br)
302 {
303 	struct net_port_vlans *pv;
304 
305 	ASSERT_RTNL();
306 	pv = rtnl_dereference(br->vlan_info);
307 	if (!pv)
308 		return;
309 
310 	__vlan_flush(pv);
311 }
312 
313 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
314 {
315 	if (!rtnl_trylock())
316 		return restart_syscall();
317 
318 	if (br->vlan_enabled == val)
319 		goto unlock;
320 
321 	br->vlan_enabled = val;
322 
323 unlock:
324 	rtnl_unlock();
325 	return 0;
326 }
327 
328 /* Must be protected by RTNL */
329 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
330 {
331 	struct net_port_vlans *pv = NULL;
332 	int err;
333 
334 	ASSERT_RTNL();
335 
336 	pv = rtnl_dereference(port->vlan_info);
337 	if (pv)
338 		return __vlan_add(pv, vid, flags);
339 
340 	/* Create port vlan infomration
341 	 */
342 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
343 	if (!pv) {
344 		err = -ENOMEM;
345 		goto clean_up;
346 	}
347 
348 	pv->port_idx = port->port_no;
349 	pv->parent.port = port;
350 	err = __vlan_add(pv, vid, flags);
351 	if (err)
352 		goto clean_up;
353 
354 	rcu_assign_pointer(port->vlan_info, pv);
355 	return 0;
356 
357 clean_up:
358 	kfree(pv);
359 	return err;
360 }
361 
362 /* Must be protected by RTNL */
363 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
364 {
365 	struct net_port_vlans *pv;
366 
367 	ASSERT_RTNL();
368 
369 	pv = rtnl_dereference(port->vlan_info);
370 	if (!pv)
371 		return -EINVAL;
372 
373 	if (vid) {
374 		/* If the VID !=0 remove fdb for this vid. VID 0 is special
375 		 * in that it's the default and is always there in the fdb.
376 		 */
377 		spin_lock_bh(&port->br->hash_lock);
378 		fdb_delete_by_addr(port->br, port->dev->dev_addr, vid);
379 		spin_unlock_bh(&port->br->hash_lock);
380 	}
381 
382 	return __vlan_del(pv, vid);
383 }
384 
385 void nbp_vlan_flush(struct net_bridge_port *port)
386 {
387 	struct net_port_vlans *pv;
388 
389 	ASSERT_RTNL();
390 
391 	pv = rtnl_dereference(port->vlan_info);
392 	if (!pv)
393 		return;
394 
395 	__vlan_flush(pv);
396 }
397 
398 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
399 {
400 	struct net_port_vlans *pv;
401 	bool found = false;
402 
403 	rcu_read_lock();
404 	pv = rcu_dereference(port->vlan_info);
405 
406 	if (!pv)
407 		goto out;
408 
409 	if (test_bit(vid, pv->vlan_bitmap))
410 		found = true;
411 
412 out:
413 	rcu_read_unlock();
414 	return found;
415 }
416