1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 struct net_bridge_port *p = NULL; 38 struct net_bridge *br; 39 struct net_device *dev; 40 int err; 41 42 if (test_bit(vid, v->vlan_bitmap)) { 43 __vlan_add_flags(v, vid, flags); 44 return 0; 45 } 46 47 if (v->port_idx) { 48 p = v->parent.port; 49 br = p->br; 50 dev = p->dev; 51 } else { 52 br = v->parent.br; 53 dev = br->dev; 54 } 55 56 if (p) { 57 /* Add VLAN to the device filter if it is supported. 58 * Stricly speaking, this is not necessary now, since 59 * devices are made promiscuous by the bridge, but if 60 * that ever changes this code will allow tagged 61 * traffic to enter the bridge. 62 */ 63 err = vlan_vid_add(dev, htons(ETH_P_8021Q), vid); 64 if (err) 65 return err; 66 } 67 68 err = br_fdb_insert(br, p, dev->dev_addr, vid); 69 if (err) { 70 br_err(br, "failed insert local address into bridge " 71 "forwarding table\n"); 72 goto out_filt; 73 } 74 75 set_bit(vid, v->vlan_bitmap); 76 v->num_vlans++; 77 __vlan_add_flags(v, vid, flags); 78 79 return 0; 80 81 out_filt: 82 if (p) 83 vlan_vid_del(dev, htons(ETH_P_8021Q), vid); 84 return err; 85 } 86 87 static int __vlan_del(struct net_port_vlans *v, u16 vid) 88 { 89 if (!test_bit(vid, v->vlan_bitmap)) 90 return -EINVAL; 91 92 __vlan_delete_pvid(v, vid); 93 clear_bit(vid, v->untagged_bitmap); 94 95 if (v->port_idx) 96 vlan_vid_del(v->parent.port->dev, htons(ETH_P_8021Q), vid); 97 98 clear_bit(vid, v->vlan_bitmap); 99 v->num_vlans--; 100 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 101 if (v->port_idx) 102 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 103 else 104 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 105 kfree_rcu(v, rcu); 106 } 107 return 0; 108 } 109 110 static void __vlan_flush(struct net_port_vlans *v) 111 { 112 smp_wmb(); 113 v->pvid = 0; 114 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 115 if (v->port_idx) 116 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 117 else 118 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 119 kfree_rcu(v, rcu); 120 } 121 122 /* Strip the tag from the packet. Will return skb with tci set 0. */ 123 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 124 { 125 if (skb->protocol != htons(ETH_P_8021Q)) { 126 skb->vlan_tci = 0; 127 return skb; 128 } 129 130 skb->vlan_tci = 0; 131 skb = vlan_untag(skb); 132 if (skb) 133 skb->vlan_tci = 0; 134 135 return skb; 136 } 137 138 struct sk_buff *br_handle_vlan(struct net_bridge *br, 139 const struct net_port_vlans *pv, 140 struct sk_buff *skb) 141 { 142 u16 vid; 143 144 if (!br->vlan_enabled) 145 goto out; 146 147 /* At this point, we know that the frame was filtered and contains 148 * a valid vlan id. If the vlan id is set in the untagged bitmap, 149 * send untagged; otherwise, send tagged. 150 */ 151 br_vlan_get_tag(skb, &vid); 152 if (test_bit(vid, pv->untagged_bitmap)) 153 skb = br_vlan_untag(skb); 154 155 out: 156 return skb; 157 } 158 159 /* Called under RCU */ 160 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 161 struct sk_buff *skb, u16 *vid) 162 { 163 int err; 164 165 /* If VLAN filtering is disabled on the bridge, all packets are 166 * permitted. 167 */ 168 if (!br->vlan_enabled) 169 return true; 170 171 /* If there are no vlan in the permitted list, all packets are 172 * rejected. 173 */ 174 if (!v) 175 return false; 176 177 err = br_vlan_get_tag(skb, vid); 178 if (!*vid) { 179 u16 pvid = br_get_pvid(v); 180 181 /* Frame had a tag with VID 0 or did not have a tag. 182 * See if pvid is set on this port. That tells us which 183 * vlan untagged or priority-tagged traffic belongs to. 184 */ 185 if (pvid == VLAN_N_VID) 186 return false; 187 188 /* PVID is set on this port. Any untagged or priority-tagged 189 * ingress frame is considered to belong to this vlan. 190 */ 191 *vid = pvid; 192 if (likely(err)) 193 /* Untagged Frame. */ 194 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 195 else 196 /* Priority-tagged Frame. 197 * At this point, We know that skb->vlan_tci had 198 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 199 * We update only VID field and preserve PCP field. 200 */ 201 skb->vlan_tci |= pvid; 202 203 return true; 204 } 205 206 /* Frame had a valid vlan tag. See if vlan is allowed */ 207 if (test_bit(*vid, v->vlan_bitmap)) 208 return true; 209 210 return false; 211 } 212 213 /* Called under RCU. */ 214 bool br_allowed_egress(struct net_bridge *br, 215 const struct net_port_vlans *v, 216 const struct sk_buff *skb) 217 { 218 u16 vid; 219 220 if (!br->vlan_enabled) 221 return true; 222 223 if (!v) 224 return false; 225 226 br_vlan_get_tag(skb, &vid); 227 if (test_bit(vid, v->vlan_bitmap)) 228 return true; 229 230 return false; 231 } 232 233 /* Must be protected by RTNL. 234 * Must be called with vid in range from 1 to 4094 inclusive. 235 */ 236 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 237 { 238 struct net_port_vlans *pv = NULL; 239 int err; 240 241 ASSERT_RTNL(); 242 243 pv = rtnl_dereference(br->vlan_info); 244 if (pv) 245 return __vlan_add(pv, vid, flags); 246 247 /* Create port vlan infomration 248 */ 249 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 250 if (!pv) 251 return -ENOMEM; 252 253 pv->parent.br = br; 254 err = __vlan_add(pv, vid, flags); 255 if (err) 256 goto out; 257 258 rcu_assign_pointer(br->vlan_info, pv); 259 return 0; 260 out: 261 kfree(pv); 262 return err; 263 } 264 265 /* Must be protected by RTNL. 266 * Must be called with vid in range from 1 to 4094 inclusive. 267 */ 268 int br_vlan_delete(struct net_bridge *br, u16 vid) 269 { 270 struct net_port_vlans *pv; 271 272 ASSERT_RTNL(); 273 274 pv = rtnl_dereference(br->vlan_info); 275 if (!pv) 276 return -EINVAL; 277 278 spin_lock_bh(&br->hash_lock); 279 fdb_delete_by_addr(br, br->dev->dev_addr, vid); 280 spin_unlock_bh(&br->hash_lock); 281 282 __vlan_del(pv, vid); 283 return 0; 284 } 285 286 void br_vlan_flush(struct net_bridge *br) 287 { 288 struct net_port_vlans *pv; 289 290 ASSERT_RTNL(); 291 pv = rtnl_dereference(br->vlan_info); 292 if (!pv) 293 return; 294 295 __vlan_flush(pv); 296 } 297 298 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 299 { 300 if (!rtnl_trylock()) 301 return restart_syscall(); 302 303 if (br->vlan_enabled == val) 304 goto unlock; 305 306 br->vlan_enabled = val; 307 308 unlock: 309 rtnl_unlock(); 310 return 0; 311 } 312 313 /* Must be protected by RTNL. 314 * Must be called with vid in range from 1 to 4094 inclusive. 315 */ 316 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 317 { 318 struct net_port_vlans *pv = NULL; 319 int err; 320 321 ASSERT_RTNL(); 322 323 pv = rtnl_dereference(port->vlan_info); 324 if (pv) 325 return __vlan_add(pv, vid, flags); 326 327 /* Create port vlan infomration 328 */ 329 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 330 if (!pv) { 331 err = -ENOMEM; 332 goto clean_up; 333 } 334 335 pv->port_idx = port->port_no; 336 pv->parent.port = port; 337 err = __vlan_add(pv, vid, flags); 338 if (err) 339 goto clean_up; 340 341 rcu_assign_pointer(port->vlan_info, pv); 342 return 0; 343 344 clean_up: 345 kfree(pv); 346 return err; 347 } 348 349 /* Must be protected by RTNL. 350 * Must be called with vid in range from 1 to 4094 inclusive. 351 */ 352 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 353 { 354 struct net_port_vlans *pv; 355 356 ASSERT_RTNL(); 357 358 pv = rtnl_dereference(port->vlan_info); 359 if (!pv) 360 return -EINVAL; 361 362 spin_lock_bh(&port->br->hash_lock); 363 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid); 364 spin_unlock_bh(&port->br->hash_lock); 365 366 return __vlan_del(pv, vid); 367 } 368 369 void nbp_vlan_flush(struct net_bridge_port *port) 370 { 371 struct net_port_vlans *pv; 372 u16 vid; 373 374 ASSERT_RTNL(); 375 376 pv = rtnl_dereference(port->vlan_info); 377 if (!pv) 378 return; 379 380 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 381 vlan_vid_del(port->dev, htons(ETH_P_8021Q), vid); 382 383 __vlan_flush(pv); 384 } 385 386 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 387 { 388 struct net_port_vlans *pv; 389 bool found = false; 390 391 rcu_read_lock(); 392 pv = rcu_dereference(port->vlan_info); 393 394 if (!pv) 395 goto out; 396 397 if (test_bit(vid, pv->vlan_bitmap)) 398 found = true; 399 400 out: 401 rcu_read_unlock(); 402 return found; 403 } 404