xref: /openbmc/linux/net/bridge/br_vlan.c (revision 424bb9c9) 
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 	if (v->pvid == vid)
11 		return;
12 
13 	smp_wmb();
14 	v->pvid = vid;
15 }
16 
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 	if (v->pvid != vid)
20 		return;
21 
22 	smp_wmb();
23 	v->pvid = 0;
24 }
25 
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 	if (flags & BRIDGE_VLAN_INFO_PVID)
29 		__vlan_add_pvid(v, vid);
30 
31 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 		set_bit(vid, v->untagged_bitmap);
33 }
34 
35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 	struct net_bridge_port *p = NULL;
38 	struct net_bridge *br;
39 	struct net_device *dev;
40 	int err;
41 
42 	if (test_bit(vid, v->vlan_bitmap)) {
43 		__vlan_add_flags(v, vid, flags);
44 		return 0;
45 	}
46 
47 	if (v->port_idx) {
48 		p = v->parent.port;
49 		br = p->br;
50 		dev = p->dev;
51 	} else {
52 		br = v->parent.br;
53 		dev = br->dev;
54 	}
55 
56 	if (p) {
57 		/* Add VLAN to the device filter if it is supported.
58 		 * Stricly speaking, this is not necessary now, since
59 		 * devices are made promiscuous by the bridge, but if
60 		 * that ever changes this code will allow tagged
61 		 * traffic to enter the bridge.
62 		 */
63 		err = vlan_vid_add(dev, htons(ETH_P_8021Q), vid);
64 		if (err)
65 			return err;
66 	}
67 
68 	err = br_fdb_insert(br, p, dev->dev_addr, vid);
69 	if (err) {
70 		br_err(br, "failed insert local address into bridge "
71 		       "forwarding table\n");
72 		goto out_filt;
73 	}
74 
75 	set_bit(vid, v->vlan_bitmap);
76 	v->num_vlans++;
77 	__vlan_add_flags(v, vid, flags);
78 
79 	return 0;
80 
81 out_filt:
82 	if (p)
83 		vlan_vid_del(dev, htons(ETH_P_8021Q), vid);
84 	return err;
85 }
86 
87 static int __vlan_del(struct net_port_vlans *v, u16 vid)
88 {
89 	if (!test_bit(vid, v->vlan_bitmap))
90 		return -EINVAL;
91 
92 	__vlan_delete_pvid(v, vid);
93 	clear_bit(vid, v->untagged_bitmap);
94 
95 	if (v->port_idx)
96 		vlan_vid_del(v->parent.port->dev, htons(ETH_P_8021Q), vid);
97 
98 	clear_bit(vid, v->vlan_bitmap);
99 	v->num_vlans--;
100 	if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
101 		if (v->port_idx)
102 			rcu_assign_pointer(v->parent.port->vlan_info, NULL);
103 		else
104 			rcu_assign_pointer(v->parent.br->vlan_info, NULL);
105 		kfree_rcu(v, rcu);
106 	}
107 	return 0;
108 }
109 
110 static void __vlan_flush(struct net_port_vlans *v)
111 {
112 	smp_wmb();
113 	v->pvid = 0;
114 	bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
115 	if (v->port_idx)
116 		rcu_assign_pointer(v->parent.port->vlan_info, NULL);
117 	else
118 		rcu_assign_pointer(v->parent.br->vlan_info, NULL);
119 	kfree_rcu(v, rcu);
120 }
121 
122 /* Strip the tag from the packet.  Will return skb with tci set 0.  */
123 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
124 {
125 	if (skb->protocol != htons(ETH_P_8021Q)) {
126 		skb->vlan_tci = 0;
127 		return skb;
128 	}
129 
130 	skb->vlan_tci = 0;
131 	skb = vlan_untag(skb);
132 	if (skb)
133 		skb->vlan_tci = 0;
134 
135 	return skb;
136 }
137 
138 struct sk_buff *br_handle_vlan(struct net_bridge *br,
139 			       const struct net_port_vlans *pv,
140 			       struct sk_buff *skb)
141 {
142 	u16 vid;
143 
144 	if (!br->vlan_enabled)
145 		goto out;
146 
147 	/* At this point, we know that the frame was filtered and contains
148 	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
149 	 * send untagged; otherwise, send tagged.
150 	 */
151 	br_vlan_get_tag(skb, &vid);
152 	if (test_bit(vid, pv->untagged_bitmap))
153 		skb = br_vlan_untag(skb);
154 
155 out:
156 	return skb;
157 }
158 
159 /* Called under RCU */
160 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
161 			struct sk_buff *skb, u16 *vid)
162 {
163 	int err;
164 
165 	/* If VLAN filtering is disabled on the bridge, all packets are
166 	 * permitted.
167 	 */
168 	if (!br->vlan_enabled)
169 		return true;
170 
171 	/* If there are no vlan in the permitted list, all packets are
172 	 * rejected.
173 	 */
174 	if (!v)
175 		return false;
176 
177 	err = br_vlan_get_tag(skb, vid);
178 	if (!*vid) {
179 		u16 pvid = br_get_pvid(v);
180 
181 		/* Frame had a tag with VID 0 or did not have a tag.
182 		 * See if pvid is set on this port.  That tells us which
183 		 * vlan untagged or priority-tagged traffic belongs to.
184 		 */
185 		if (pvid == VLAN_N_VID)
186 			return false;
187 
188 		/* PVID is set on this port.  Any untagged or priority-tagged
189 		 * ingress frame is considered to belong to this vlan.
190 		 */
191 		*vid = pvid;
192 		if (likely(err))
193 			/* Untagged Frame. */
194 			__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);
195 		else
196 			/* Priority-tagged Frame.
197 			 * At this point, We know that skb->vlan_tci had
198 			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
199 			 * We update only VID field and preserve PCP field.
200 			 */
201 			skb->vlan_tci |= pvid;
202 
203 		return true;
204 	}
205 
206 	/* Frame had a valid vlan tag.  See if vlan is allowed */
207 	if (test_bit(*vid, v->vlan_bitmap))
208 		return true;
209 
210 	return false;
211 }
212 
213 /* Called under RCU. */
214 bool br_allowed_egress(struct net_bridge *br,
215 		       const struct net_port_vlans *v,
216 		       const struct sk_buff *skb)
217 {
218 	u16 vid;
219 
220 	if (!br->vlan_enabled)
221 		return true;
222 
223 	if (!v)
224 		return false;
225 
226 	br_vlan_get_tag(skb, &vid);
227 	if (test_bit(vid, v->vlan_bitmap))
228 		return true;
229 
230 	return false;
231 }
232 
233 /* Must be protected by RTNL.
234  * Must be called with vid in range from 1 to 4094 inclusive.
235  */
236 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
237 {
238 	struct net_port_vlans *pv = NULL;
239 	int err;
240 
241 	ASSERT_RTNL();
242 
243 	pv = rtnl_dereference(br->vlan_info);
244 	if (pv)
245 		return __vlan_add(pv, vid, flags);
246 
247 	/* Create port vlan infomration
248 	 */
249 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
250 	if (!pv)
251 		return -ENOMEM;
252 
253 	pv->parent.br = br;
254 	err = __vlan_add(pv, vid, flags);
255 	if (err)
256 		goto out;
257 
258 	rcu_assign_pointer(br->vlan_info, pv);
259 	return 0;
260 out:
261 	kfree(pv);
262 	return err;
263 }
264 
265 /* Must be protected by RTNL.
266  * Must be called with vid in range from 1 to 4094 inclusive.
267  */
268 int br_vlan_delete(struct net_bridge *br, u16 vid)
269 {
270 	struct net_port_vlans *pv;
271 
272 	ASSERT_RTNL();
273 
274 	pv = rtnl_dereference(br->vlan_info);
275 	if (!pv)
276 		return -EINVAL;
277 
278 	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
279 
280 	__vlan_del(pv, vid);
281 	return 0;
282 }
283 
284 void br_vlan_flush(struct net_bridge *br)
285 {
286 	struct net_port_vlans *pv;
287 
288 	ASSERT_RTNL();
289 	pv = rtnl_dereference(br->vlan_info);
290 	if (!pv)
291 		return;
292 
293 	__vlan_flush(pv);
294 }
295 
296 bool br_vlan_find(struct net_bridge *br, u16 vid)
297 {
298 	struct net_port_vlans *pv;
299 	bool found = false;
300 
301 	rcu_read_lock();
302 	pv = rcu_dereference(br->vlan_info);
303 
304 	if (!pv)
305 		goto out;
306 
307 	if (test_bit(vid, pv->vlan_bitmap))
308 		found = true;
309 
310 out:
311 	rcu_read_unlock();
312 	return found;
313 }
314 
315 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
316 {
317 	if (!rtnl_trylock())
318 		return restart_syscall();
319 
320 	if (br->vlan_enabled == val)
321 		goto unlock;
322 
323 	br->vlan_enabled = val;
324 
325 unlock:
326 	rtnl_unlock();
327 	return 0;
328 }
329 
330 /* Must be protected by RTNL.
331  * Must be called with vid in range from 1 to 4094 inclusive.
332  */
333 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
334 {
335 	struct net_port_vlans *pv = NULL;
336 	int err;
337 
338 	ASSERT_RTNL();
339 
340 	pv = rtnl_dereference(port->vlan_info);
341 	if (pv)
342 		return __vlan_add(pv, vid, flags);
343 
344 	/* Create port vlan infomration
345 	 */
346 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
347 	if (!pv) {
348 		err = -ENOMEM;
349 		goto clean_up;
350 	}
351 
352 	pv->port_idx = port->port_no;
353 	pv->parent.port = port;
354 	err = __vlan_add(pv, vid, flags);
355 	if (err)
356 		goto clean_up;
357 
358 	rcu_assign_pointer(port->vlan_info, pv);
359 	return 0;
360 
361 clean_up:
362 	kfree(pv);
363 	return err;
364 }
365 
366 /* Must be protected by RTNL.
367  * Must be called with vid in range from 1 to 4094 inclusive.
368  */
369 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
370 {
371 	struct net_port_vlans *pv;
372 
373 	ASSERT_RTNL();
374 
375 	pv = rtnl_dereference(port->vlan_info);
376 	if (!pv)
377 		return -EINVAL;
378 
379 	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
380 
381 	return __vlan_del(pv, vid);
382 }
383 
384 void nbp_vlan_flush(struct net_bridge_port *port)
385 {
386 	struct net_port_vlans *pv;
387 	u16 vid;
388 
389 	ASSERT_RTNL();
390 
391 	pv = rtnl_dereference(port->vlan_info);
392 	if (!pv)
393 		return;
394 
395 	for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
396 		vlan_vid_del(port->dev, htons(ETH_P_8021Q), vid);
397 
398 	__vlan_flush(pv);
399 }
400 
401 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
402 {
403 	struct net_port_vlans *pv;
404 	bool found = false;
405 
406 	rcu_read_lock();
407 	pv = rcu_dereference(port->vlan_info);
408 
409 	if (!pv)
410 		goto out;
411 
412 	if (test_bit(vid, pv->vlan_bitmap))
413 		found = true;
414 
415 out:
416 	rcu_read_unlock();
417 	return found;
418 }
419