1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 #include "br_private_tunnel.h" 9 10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 11 const void *ptr) 12 { 13 const struct net_bridge_vlan *vle = ptr; 14 u16 vid = *(u16 *)arg->key; 15 16 return vle->vid != vid; 17 } 18 19 static const struct rhashtable_params br_vlan_rht_params = { 20 .head_offset = offsetof(struct net_bridge_vlan, vnode), 21 .key_offset = offsetof(struct net_bridge_vlan, vid), 22 .key_len = sizeof(u16), 23 .nelem_hint = 3, 24 .locks_mul = 1, 25 .max_size = VLAN_N_VID, 26 .obj_cmpfn = br_vlan_cmp, 27 .automatic_shrinking = true, 28 }; 29 30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 31 { 32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 33 } 34 35 static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 36 { 37 if (vg->pvid == vid) 38 return false; 39 40 smp_wmb(); 41 vg->pvid = vid; 42 43 return true; 44 } 45 46 static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 47 { 48 if (vg->pvid != vid) 49 return false; 50 51 smp_wmb(); 52 vg->pvid = 0; 53 54 return true; 55 } 56 57 /* return true if anything changed, false otherwise */ 58 static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 59 { 60 struct net_bridge_vlan_group *vg; 61 u16 old_flags = v->flags; 62 bool ret; 63 64 if (br_vlan_is_master(v)) 65 vg = br_vlan_group(v->br); 66 else 67 vg = nbp_vlan_group(v->port); 68 69 if (flags & BRIDGE_VLAN_INFO_PVID) 70 ret = __vlan_add_pvid(vg, v->vid); 71 else 72 ret = __vlan_delete_pvid(vg, v->vid); 73 74 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 75 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 76 else 77 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 78 79 return ret || !!(old_flags ^ v->flags); 80 } 81 82 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 83 u16 vid, u16 flags) 84 { 85 int err; 86 87 /* Try switchdev op first. In case it is not supported, fallback to 88 * 8021q add. 89 */ 90 err = br_switchdev_port_vlan_add(dev, vid, flags); 91 if (err == -EOPNOTSUPP) 92 return vlan_vid_add(dev, br->vlan_proto, vid); 93 return err; 94 } 95 96 static void __vlan_add_list(struct net_bridge_vlan *v) 97 { 98 struct net_bridge_vlan_group *vg; 99 struct list_head *headp, *hpos; 100 struct net_bridge_vlan *vent; 101 102 if (br_vlan_is_master(v)) 103 vg = br_vlan_group(v->br); 104 else 105 vg = nbp_vlan_group(v->port); 106 107 headp = &vg->vlan_list; 108 list_for_each_prev(hpos, headp) { 109 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 110 if (v->vid < vent->vid) 111 continue; 112 else 113 break; 114 } 115 list_add_rcu(&v->vlist, hpos); 116 } 117 118 static void __vlan_del_list(struct net_bridge_vlan *v) 119 { 120 list_del_rcu(&v->vlist); 121 } 122 123 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 124 u16 vid) 125 { 126 int err; 127 128 /* Try switchdev op first. In case it is not supported, fallback to 129 * 8021q del. 130 */ 131 err = br_switchdev_port_vlan_del(dev, vid); 132 if (err == -EOPNOTSUPP) { 133 vlan_vid_del(dev, br->vlan_proto, vid); 134 return 0; 135 } 136 return err; 137 } 138 139 /* Returns a master vlan, if it didn't exist it gets created. In all cases a 140 * a reference is taken to the master vlan before returning. 141 */ 142 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid) 143 { 144 struct net_bridge_vlan_group *vg; 145 struct net_bridge_vlan *masterv; 146 147 vg = br_vlan_group(br); 148 masterv = br_vlan_find(vg, vid); 149 if (!masterv) { 150 bool changed; 151 152 /* missing global ctx, create it now */ 153 if (br_vlan_add(br, vid, 0, &changed)) 154 return NULL; 155 masterv = br_vlan_find(vg, vid); 156 if (WARN_ON(!masterv)) 157 return NULL; 158 refcount_set(&masterv->refcnt, 1); 159 return masterv; 160 } 161 refcount_inc(&masterv->refcnt); 162 163 return masterv; 164 } 165 166 static void br_master_vlan_rcu_free(struct rcu_head *rcu) 167 { 168 struct net_bridge_vlan *v; 169 170 v = container_of(rcu, struct net_bridge_vlan, rcu); 171 WARN_ON(!br_vlan_is_master(v)); 172 free_percpu(v->stats); 173 v->stats = NULL; 174 kfree(v); 175 } 176 177 static void br_vlan_put_master(struct net_bridge_vlan *masterv) 178 { 179 struct net_bridge_vlan_group *vg; 180 181 if (!br_vlan_is_master(masterv)) 182 return; 183 184 vg = br_vlan_group(masterv->br); 185 if (refcount_dec_and_test(&masterv->refcnt)) { 186 rhashtable_remove_fast(&vg->vlan_hash, 187 &masterv->vnode, br_vlan_rht_params); 188 __vlan_del_list(masterv); 189 call_rcu(&masterv->rcu, br_master_vlan_rcu_free); 190 } 191 } 192 193 static void nbp_vlan_rcu_free(struct rcu_head *rcu) 194 { 195 struct net_bridge_vlan *v; 196 197 v = container_of(rcu, struct net_bridge_vlan, rcu); 198 WARN_ON(br_vlan_is_master(v)); 199 /* if we had per-port stats configured then free them here */ 200 if (v->brvlan->stats != v->stats) 201 free_percpu(v->stats); 202 v->stats = NULL; 203 kfree(v); 204 } 205 206 /* This is the shared VLAN add function which works for both ports and bridge 207 * devices. There are four possible calls to this function in terms of the 208 * vlan entry type: 209 * 1. vlan is being added on a port (no master flags, global entry exists) 210 * 2. vlan is being added on a bridge (both master and brentry flags) 211 * 3. vlan is being added on a port, but a global entry didn't exist which 212 * is being created right now (master flag set, brentry flag unset), the 213 * global entry is used for global per-vlan features, but not for filtering 214 * 4. same as 3 but with both master and brentry flags set so the entry 215 * will be used for filtering in both the port and the bridge 216 */ 217 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 218 { 219 struct net_bridge_vlan *masterv = NULL; 220 struct net_bridge_port *p = NULL; 221 struct net_bridge_vlan_group *vg; 222 struct net_device *dev; 223 struct net_bridge *br; 224 int err; 225 226 if (br_vlan_is_master(v)) { 227 br = v->br; 228 dev = br->dev; 229 vg = br_vlan_group(br); 230 } else { 231 p = v->port; 232 br = p->br; 233 dev = p->dev; 234 vg = nbp_vlan_group(p); 235 } 236 237 if (p) { 238 /* Add VLAN to the device filter if it is supported. 239 * This ensures tagged traffic enters the bridge when 240 * promiscuous mode is disabled by br_manage_promisc(). 241 */ 242 err = __vlan_vid_add(dev, br, v->vid, flags); 243 if (err) 244 goto out; 245 246 /* need to work on the master vlan too */ 247 if (flags & BRIDGE_VLAN_INFO_MASTER) { 248 bool changed; 249 250 err = br_vlan_add(br, v->vid, 251 flags | BRIDGE_VLAN_INFO_BRENTRY, 252 &changed); 253 if (err) 254 goto out_filt; 255 } 256 257 masterv = br_vlan_get_master(br, v->vid); 258 if (!masterv) 259 goto out_filt; 260 v->brvlan = masterv; 261 if (br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)) { 262 v->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats); 263 if (!v->stats) { 264 err = -ENOMEM; 265 goto out_filt; 266 } 267 } else { 268 v->stats = masterv->stats; 269 } 270 } else { 271 err = br_switchdev_port_vlan_add(dev, v->vid, flags); 272 if (err && err != -EOPNOTSUPP) 273 goto out; 274 } 275 276 /* Add the dev mac and count the vlan only if it's usable */ 277 if (br_vlan_should_use(v)) { 278 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 279 if (err) { 280 br_err(br, "failed insert local address into bridge forwarding table\n"); 281 goto out_filt; 282 } 283 vg->num_vlans++; 284 } 285 286 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode, 287 br_vlan_rht_params); 288 if (err) 289 goto out_fdb_insert; 290 291 __vlan_add_list(v); 292 __vlan_add_flags(v, flags); 293 out: 294 return err; 295 296 out_fdb_insert: 297 if (br_vlan_should_use(v)) { 298 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid); 299 vg->num_vlans--; 300 } 301 302 out_filt: 303 if (p) { 304 __vlan_vid_del(dev, br, v->vid); 305 if (masterv) { 306 if (v->stats && masterv->stats != v->stats) 307 free_percpu(v->stats); 308 v->stats = NULL; 309 310 br_vlan_put_master(masterv); 311 v->brvlan = NULL; 312 } 313 } else { 314 br_switchdev_port_vlan_del(dev, v->vid); 315 } 316 317 goto out; 318 } 319 320 static int __vlan_del(struct net_bridge_vlan *v) 321 { 322 struct net_bridge_vlan *masterv = v; 323 struct net_bridge_vlan_group *vg; 324 struct net_bridge_port *p = NULL; 325 int err = 0; 326 327 if (br_vlan_is_master(v)) { 328 vg = br_vlan_group(v->br); 329 } else { 330 p = v->port; 331 vg = nbp_vlan_group(v->port); 332 masterv = v->brvlan; 333 } 334 335 __vlan_delete_pvid(vg, v->vid); 336 if (p) { 337 err = __vlan_vid_del(p->dev, p->br, v->vid); 338 if (err) 339 goto out; 340 } else { 341 err = br_switchdev_port_vlan_del(v->br->dev, v->vid); 342 if (err && err != -EOPNOTSUPP) 343 goto out; 344 err = 0; 345 } 346 347 if (br_vlan_should_use(v)) { 348 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 349 vg->num_vlans--; 350 } 351 352 if (masterv != v) { 353 vlan_tunnel_info_del(vg, v); 354 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 355 br_vlan_rht_params); 356 __vlan_del_list(v); 357 call_rcu(&v->rcu, nbp_vlan_rcu_free); 358 } 359 360 br_vlan_put_master(masterv); 361 out: 362 return err; 363 } 364 365 static void __vlan_group_free(struct net_bridge_vlan_group *vg) 366 { 367 WARN_ON(!list_empty(&vg->vlan_list)); 368 rhashtable_destroy(&vg->vlan_hash); 369 vlan_tunnel_deinit(vg); 370 kfree(vg); 371 } 372 373 static void __vlan_flush(struct net_bridge_vlan_group *vg) 374 { 375 struct net_bridge_vlan *vlan, *tmp; 376 377 __vlan_delete_pvid(vg, vg->pvid); 378 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist) 379 __vlan_del(vlan); 380 } 381 382 struct sk_buff *br_handle_vlan(struct net_bridge *br, 383 const struct net_bridge_port *p, 384 struct net_bridge_vlan_group *vg, 385 struct sk_buff *skb) 386 { 387 struct br_vlan_stats *stats; 388 struct net_bridge_vlan *v; 389 u16 vid; 390 391 /* If this packet was not filtered at input, let it pass */ 392 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 393 goto out; 394 395 /* At this point, we know that the frame was filtered and contains 396 * a valid vlan id. If the vlan id has untagged flag set, 397 * send untagged; otherwise, send tagged. 398 */ 399 br_vlan_get_tag(skb, &vid); 400 v = br_vlan_find(vg, vid); 401 /* Vlan entry must be configured at this point. The 402 * only exception is the bridge is set in promisc mode and the 403 * packet is destined for the bridge device. In this case 404 * pass the packet as is. 405 */ 406 if (!v || !br_vlan_should_use(v)) { 407 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 408 goto out; 409 } else { 410 kfree_skb(skb); 411 return NULL; 412 } 413 } 414 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) { 415 stats = this_cpu_ptr(v->stats); 416 u64_stats_update_begin(&stats->syncp); 417 stats->tx_bytes += skb->len; 418 stats->tx_packets++; 419 u64_stats_update_end(&stats->syncp); 420 } 421 422 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 423 skb->vlan_tci = 0; 424 425 if (p && (p->flags & BR_VLAN_TUNNEL) && 426 br_handle_egress_vlan_tunnel(skb, v)) { 427 kfree_skb(skb); 428 return NULL; 429 } 430 out: 431 return skb; 432 } 433 434 /* Called under RCU */ 435 static bool __allowed_ingress(const struct net_bridge *br, 436 struct net_bridge_vlan_group *vg, 437 struct sk_buff *skb, u16 *vid) 438 { 439 struct br_vlan_stats *stats; 440 struct net_bridge_vlan *v; 441 bool tagged; 442 443 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 444 /* If vlan tx offload is disabled on bridge device and frame was 445 * sent from vlan device on the bridge device, it does not have 446 * HW accelerated vlan tag. 447 */ 448 if (unlikely(!skb_vlan_tag_present(skb) && 449 skb->protocol == br->vlan_proto)) { 450 skb = skb_vlan_untag(skb); 451 if (unlikely(!skb)) 452 return false; 453 } 454 455 if (!br_vlan_get_tag(skb, vid)) { 456 /* Tagged frame */ 457 if (skb->vlan_proto != br->vlan_proto) { 458 /* Protocol-mismatch, empty out vlan_tci for new tag */ 459 skb_push(skb, ETH_HLEN); 460 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 461 skb_vlan_tag_get(skb)); 462 if (unlikely(!skb)) 463 return false; 464 465 skb_pull(skb, ETH_HLEN); 466 skb_reset_mac_len(skb); 467 *vid = 0; 468 tagged = false; 469 } else { 470 tagged = true; 471 } 472 } else { 473 /* Untagged frame */ 474 tagged = false; 475 } 476 477 if (!*vid) { 478 u16 pvid = br_get_pvid(vg); 479 480 /* Frame had a tag with VID 0 or did not have a tag. 481 * See if pvid is set on this port. That tells us which 482 * vlan untagged or priority-tagged traffic belongs to. 483 */ 484 if (!pvid) 485 goto drop; 486 487 /* PVID is set on this port. Any untagged or priority-tagged 488 * ingress frame is considered to belong to this vlan. 489 */ 490 *vid = pvid; 491 if (likely(!tagged)) 492 /* Untagged Frame. */ 493 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); 494 else 495 /* Priority-tagged Frame. 496 * At this point, We know that skb->vlan_tci had 497 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 498 * We update only VID field and preserve PCP field. 499 */ 500 skb->vlan_tci |= pvid; 501 502 /* if stats are disabled we can avoid the lookup */ 503 if (!br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) 504 return true; 505 } 506 v = br_vlan_find(vg, *vid); 507 if (!v || !br_vlan_should_use(v)) 508 goto drop; 509 510 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) { 511 stats = this_cpu_ptr(v->stats); 512 u64_stats_update_begin(&stats->syncp); 513 stats->rx_bytes += skb->len; 514 stats->rx_packets++; 515 u64_stats_update_end(&stats->syncp); 516 } 517 518 return true; 519 520 drop: 521 kfree_skb(skb); 522 return false; 523 } 524 525 bool br_allowed_ingress(const struct net_bridge *br, 526 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 527 u16 *vid) 528 { 529 /* If VLAN filtering is disabled on the bridge, all packets are 530 * permitted. 531 */ 532 if (!br_opt_get(br, BROPT_VLAN_ENABLED)) { 533 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 534 return true; 535 } 536 537 return __allowed_ingress(br, vg, skb, vid); 538 } 539 540 /* Called under RCU. */ 541 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 542 const struct sk_buff *skb) 543 { 544 const struct net_bridge_vlan *v; 545 u16 vid; 546 547 /* If this packet was not filtered at input, let it pass */ 548 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 549 return true; 550 551 br_vlan_get_tag(skb, &vid); 552 v = br_vlan_find(vg, vid); 553 if (v && br_vlan_should_use(v)) 554 return true; 555 556 return false; 557 } 558 559 /* Called under RCU */ 560 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 561 { 562 struct net_bridge_vlan_group *vg; 563 struct net_bridge *br = p->br; 564 565 /* If filtering was disabled at input, let it pass. */ 566 if (!br_opt_get(br, BROPT_VLAN_ENABLED)) 567 return true; 568 569 vg = nbp_vlan_group_rcu(p); 570 if (!vg || !vg->num_vlans) 571 return false; 572 573 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 574 *vid = 0; 575 576 if (!*vid) { 577 *vid = br_get_pvid(vg); 578 if (!*vid) 579 return false; 580 581 return true; 582 } 583 584 if (br_vlan_find(vg, *vid)) 585 return true; 586 587 return false; 588 } 589 590 static int br_vlan_add_existing(struct net_bridge *br, 591 struct net_bridge_vlan_group *vg, 592 struct net_bridge_vlan *vlan, 593 u16 flags, bool *changed) 594 { 595 int err; 596 597 err = br_switchdev_port_vlan_add(br->dev, vlan->vid, flags); 598 if (err && err != -EOPNOTSUPP) 599 return err; 600 601 if (!br_vlan_is_brentry(vlan)) { 602 /* Trying to change flags of non-existent bridge vlan */ 603 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) { 604 err = -EINVAL; 605 goto err_flags; 606 } 607 /* It was only kept for port vlans, now make it real */ 608 err = br_fdb_insert(br, NULL, br->dev->dev_addr, 609 vlan->vid); 610 if (err) { 611 br_err(br, "failed to insert local address into bridge forwarding table\n"); 612 goto err_fdb_insert; 613 } 614 615 refcount_inc(&vlan->refcnt); 616 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 617 vg->num_vlans++; 618 *changed = true; 619 } 620 621 if (__vlan_add_flags(vlan, flags)) 622 *changed = true; 623 624 return 0; 625 626 err_fdb_insert: 627 err_flags: 628 br_switchdev_port_vlan_del(br->dev, vlan->vid); 629 return err; 630 } 631 632 /* Must be protected by RTNL. 633 * Must be called with vid in range from 1 to 4094 inclusive. 634 * changed must be true only if the vlan was created or updated 635 */ 636 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed) 637 { 638 struct net_bridge_vlan_group *vg; 639 struct net_bridge_vlan *vlan; 640 int ret; 641 642 ASSERT_RTNL(); 643 644 *changed = false; 645 vg = br_vlan_group(br); 646 vlan = br_vlan_find(vg, vid); 647 if (vlan) 648 return br_vlan_add_existing(br, vg, vlan, flags, changed); 649 650 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 651 if (!vlan) 652 return -ENOMEM; 653 654 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats); 655 if (!vlan->stats) { 656 kfree(vlan); 657 return -ENOMEM; 658 } 659 vlan->vid = vid; 660 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 661 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 662 vlan->br = br; 663 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 664 refcount_set(&vlan->refcnt, 1); 665 ret = __vlan_add(vlan, flags); 666 if (ret) { 667 free_percpu(vlan->stats); 668 kfree(vlan); 669 } else { 670 *changed = true; 671 } 672 673 return ret; 674 } 675 676 /* Must be protected by RTNL. 677 * Must be called with vid in range from 1 to 4094 inclusive. 678 */ 679 int br_vlan_delete(struct net_bridge *br, u16 vid) 680 { 681 struct net_bridge_vlan_group *vg; 682 struct net_bridge_vlan *v; 683 684 ASSERT_RTNL(); 685 686 vg = br_vlan_group(br); 687 v = br_vlan_find(vg, vid); 688 if (!v || !br_vlan_is_brentry(v)) 689 return -ENOENT; 690 691 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 692 br_fdb_delete_by_port(br, NULL, vid, 0); 693 694 vlan_tunnel_info_del(vg, v); 695 696 return __vlan_del(v); 697 } 698 699 void br_vlan_flush(struct net_bridge *br) 700 { 701 struct net_bridge_vlan_group *vg; 702 703 ASSERT_RTNL(); 704 705 vg = br_vlan_group(br); 706 __vlan_flush(vg); 707 RCU_INIT_POINTER(br->vlgrp, NULL); 708 synchronize_rcu(); 709 __vlan_group_free(vg); 710 } 711 712 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 713 { 714 if (!vg) 715 return NULL; 716 717 return br_vlan_lookup(&vg->vlan_hash, vid); 718 } 719 720 /* Must be protected by RTNL. */ 721 static void recalculate_group_addr(struct net_bridge *br) 722 { 723 if (br_opt_get(br, BROPT_GROUP_ADDR_SET)) 724 return; 725 726 spin_lock_bh(&br->lock); 727 if (!br_opt_get(br, BROPT_VLAN_ENABLED) || 728 br->vlan_proto == htons(ETH_P_8021Q)) { 729 /* Bridge Group Address */ 730 br->group_addr[5] = 0x00; 731 } else { /* vlan_enabled && ETH_P_8021AD */ 732 /* Provider Bridge Group Address */ 733 br->group_addr[5] = 0x08; 734 } 735 spin_unlock_bh(&br->lock); 736 } 737 738 /* Must be protected by RTNL. */ 739 void br_recalculate_fwd_mask(struct net_bridge *br) 740 { 741 if (!br_opt_get(br, BROPT_VLAN_ENABLED) || 742 br->vlan_proto == htons(ETH_P_8021Q)) 743 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 744 else /* vlan_enabled && ETH_P_8021AD */ 745 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 746 ~(1u << br->group_addr[5]); 747 } 748 749 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 750 { 751 struct switchdev_attr attr = { 752 .orig_dev = br->dev, 753 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 754 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 755 .u.vlan_filtering = val, 756 }; 757 int err; 758 759 if (br_opt_get(br, BROPT_VLAN_ENABLED) == !!val) 760 return 0; 761 762 err = switchdev_port_attr_set(br->dev, &attr); 763 if (err && err != -EOPNOTSUPP) 764 return err; 765 766 br_opt_toggle(br, BROPT_VLAN_ENABLED, !!val); 767 br_manage_promisc(br); 768 recalculate_group_addr(br); 769 br_recalculate_fwd_mask(br); 770 771 return 0; 772 } 773 774 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 775 { 776 return __br_vlan_filter_toggle(br, val); 777 } 778 779 bool br_vlan_enabled(const struct net_device *dev) 780 { 781 struct net_bridge *br = netdev_priv(dev); 782 783 return br_opt_get(br, BROPT_VLAN_ENABLED); 784 } 785 EXPORT_SYMBOL_GPL(br_vlan_enabled); 786 787 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 788 { 789 int err = 0; 790 struct net_bridge_port *p; 791 struct net_bridge_vlan *vlan; 792 struct net_bridge_vlan_group *vg; 793 __be16 oldproto; 794 795 if (br->vlan_proto == proto) 796 return 0; 797 798 /* Add VLANs for the new proto to the device filter. */ 799 list_for_each_entry(p, &br->port_list, list) { 800 vg = nbp_vlan_group(p); 801 list_for_each_entry(vlan, &vg->vlan_list, vlist) { 802 err = vlan_vid_add(p->dev, proto, vlan->vid); 803 if (err) 804 goto err_filt; 805 } 806 } 807 808 oldproto = br->vlan_proto; 809 br->vlan_proto = proto; 810 811 recalculate_group_addr(br); 812 br_recalculate_fwd_mask(br); 813 814 /* Delete VLANs for the old proto from the device filter. */ 815 list_for_each_entry(p, &br->port_list, list) { 816 vg = nbp_vlan_group(p); 817 list_for_each_entry(vlan, &vg->vlan_list, vlist) 818 vlan_vid_del(p->dev, oldproto, vlan->vid); 819 } 820 821 return 0; 822 823 err_filt: 824 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist) 825 vlan_vid_del(p->dev, proto, vlan->vid); 826 827 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 828 vg = nbp_vlan_group(p); 829 list_for_each_entry(vlan, &vg->vlan_list, vlist) 830 vlan_vid_del(p->dev, proto, vlan->vid); 831 } 832 833 return err; 834 } 835 836 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 837 { 838 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 839 return -EPROTONOSUPPORT; 840 841 return __br_vlan_set_proto(br, htons(val)); 842 } 843 844 int br_vlan_set_stats(struct net_bridge *br, unsigned long val) 845 { 846 switch (val) { 847 case 0: 848 case 1: 849 br_opt_toggle(br, BROPT_VLAN_STATS_ENABLED, !!val); 850 break; 851 default: 852 return -EINVAL; 853 } 854 855 return 0; 856 } 857 858 int br_vlan_set_stats_per_port(struct net_bridge *br, unsigned long val) 859 { 860 struct net_bridge_port *p; 861 862 /* allow to change the option if there are no port vlans configured */ 863 list_for_each_entry(p, &br->port_list, list) { 864 struct net_bridge_vlan_group *vg = nbp_vlan_group(p); 865 866 if (vg->num_vlans) 867 return -EBUSY; 868 } 869 870 switch (val) { 871 case 0: 872 case 1: 873 br_opt_toggle(br, BROPT_VLAN_STATS_PER_PORT, !!val); 874 break; 875 default: 876 return -EINVAL; 877 } 878 879 return 0; 880 } 881 882 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 883 { 884 struct net_bridge_vlan *v; 885 886 if (vid != vg->pvid) 887 return false; 888 889 v = br_vlan_lookup(&vg->vlan_hash, vid); 890 if (v && br_vlan_should_use(v) && 891 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 892 return true; 893 894 return false; 895 } 896 897 static void br_vlan_disable_default_pvid(struct net_bridge *br) 898 { 899 struct net_bridge_port *p; 900 u16 pvid = br->default_pvid; 901 902 /* Disable default_pvid on all ports where it is still 903 * configured. 904 */ 905 if (vlan_default_pvid(br_vlan_group(br), pvid)) 906 br_vlan_delete(br, pvid); 907 908 list_for_each_entry(p, &br->port_list, list) { 909 if (vlan_default_pvid(nbp_vlan_group(p), pvid)) 910 nbp_vlan_delete(p, pvid); 911 } 912 913 br->default_pvid = 0; 914 } 915 916 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 917 { 918 const struct net_bridge_vlan *pvent; 919 struct net_bridge_vlan_group *vg; 920 struct net_bridge_port *p; 921 unsigned long *changed; 922 bool vlchange; 923 u16 old_pvid; 924 int err = 0; 925 926 if (!pvid) { 927 br_vlan_disable_default_pvid(br); 928 return 0; 929 } 930 931 changed = bitmap_zalloc(BR_MAX_PORTS, GFP_KERNEL); 932 if (!changed) 933 return -ENOMEM; 934 935 old_pvid = br->default_pvid; 936 937 /* Update default_pvid config only if we do not conflict with 938 * user configuration. 939 */ 940 vg = br_vlan_group(br); 941 pvent = br_vlan_find(vg, pvid); 942 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) && 943 (!pvent || !br_vlan_should_use(pvent))) { 944 err = br_vlan_add(br, pvid, 945 BRIDGE_VLAN_INFO_PVID | 946 BRIDGE_VLAN_INFO_UNTAGGED | 947 BRIDGE_VLAN_INFO_BRENTRY, 948 &vlchange); 949 if (err) 950 goto out; 951 br_vlan_delete(br, old_pvid); 952 set_bit(0, changed); 953 } 954 955 list_for_each_entry(p, &br->port_list, list) { 956 /* Update default_pvid config only if we do not conflict with 957 * user configuration. 958 */ 959 vg = nbp_vlan_group(p); 960 if ((old_pvid && 961 !vlan_default_pvid(vg, old_pvid)) || 962 br_vlan_find(vg, pvid)) 963 continue; 964 965 err = nbp_vlan_add(p, pvid, 966 BRIDGE_VLAN_INFO_PVID | 967 BRIDGE_VLAN_INFO_UNTAGGED, 968 &vlchange); 969 if (err) 970 goto err_port; 971 nbp_vlan_delete(p, old_pvid); 972 set_bit(p->port_no, changed); 973 } 974 975 br->default_pvid = pvid; 976 977 out: 978 bitmap_free(changed); 979 return err; 980 981 err_port: 982 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 983 if (!test_bit(p->port_no, changed)) 984 continue; 985 986 if (old_pvid) 987 nbp_vlan_add(p, old_pvid, 988 BRIDGE_VLAN_INFO_PVID | 989 BRIDGE_VLAN_INFO_UNTAGGED, 990 &vlchange); 991 nbp_vlan_delete(p, pvid); 992 } 993 994 if (test_bit(0, changed)) { 995 if (old_pvid) 996 br_vlan_add(br, old_pvid, 997 BRIDGE_VLAN_INFO_PVID | 998 BRIDGE_VLAN_INFO_UNTAGGED | 999 BRIDGE_VLAN_INFO_BRENTRY, 1000 &vlchange); 1001 br_vlan_delete(br, pvid); 1002 } 1003 goto out; 1004 } 1005 1006 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 1007 { 1008 u16 pvid = val; 1009 int err = 0; 1010 1011 if (val >= VLAN_VID_MASK) 1012 return -EINVAL; 1013 1014 if (pvid == br->default_pvid) 1015 goto out; 1016 1017 /* Only allow default pvid change when filtering is disabled */ 1018 if (br_opt_get(br, BROPT_VLAN_ENABLED)) { 1019 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 1020 err = -EPERM; 1021 goto out; 1022 } 1023 err = __br_vlan_set_default_pvid(br, pvid); 1024 out: 1025 return err; 1026 } 1027 1028 int br_vlan_init(struct net_bridge *br) 1029 { 1030 struct net_bridge_vlan_group *vg; 1031 int ret = -ENOMEM; 1032 bool changed; 1033 1034 vg = kzalloc(sizeof(*vg), GFP_KERNEL); 1035 if (!vg) 1036 goto out; 1037 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 1038 if (ret) 1039 goto err_rhtbl; 1040 ret = vlan_tunnel_init(vg); 1041 if (ret) 1042 goto err_tunnel_init; 1043 INIT_LIST_HEAD(&vg->vlan_list); 1044 br->vlan_proto = htons(ETH_P_8021Q); 1045 br->default_pvid = 1; 1046 rcu_assign_pointer(br->vlgrp, vg); 1047 ret = br_vlan_add(br, 1, 1048 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 1049 BRIDGE_VLAN_INFO_BRENTRY, &changed); 1050 if (ret) 1051 goto err_vlan_add; 1052 1053 out: 1054 return ret; 1055 1056 err_vlan_add: 1057 vlan_tunnel_deinit(vg); 1058 err_tunnel_init: 1059 rhashtable_destroy(&vg->vlan_hash); 1060 err_rhtbl: 1061 kfree(vg); 1062 1063 goto out; 1064 } 1065 1066 int nbp_vlan_init(struct net_bridge_port *p) 1067 { 1068 struct switchdev_attr attr = { 1069 .orig_dev = p->br->dev, 1070 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 1071 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 1072 .u.vlan_filtering = br_opt_get(p->br, BROPT_VLAN_ENABLED), 1073 }; 1074 struct net_bridge_vlan_group *vg; 1075 int ret = -ENOMEM; 1076 1077 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 1078 if (!vg) 1079 goto out; 1080 1081 ret = switchdev_port_attr_set(p->dev, &attr); 1082 if (ret && ret != -EOPNOTSUPP) 1083 goto err_vlan_enabled; 1084 1085 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 1086 if (ret) 1087 goto err_rhtbl; 1088 ret = vlan_tunnel_init(vg); 1089 if (ret) 1090 goto err_tunnel_init; 1091 INIT_LIST_HEAD(&vg->vlan_list); 1092 rcu_assign_pointer(p->vlgrp, vg); 1093 if (p->br->default_pvid) { 1094 bool changed; 1095 1096 ret = nbp_vlan_add(p, p->br->default_pvid, 1097 BRIDGE_VLAN_INFO_PVID | 1098 BRIDGE_VLAN_INFO_UNTAGGED, 1099 &changed); 1100 if (ret) 1101 goto err_vlan_add; 1102 } 1103 out: 1104 return ret; 1105 1106 err_vlan_add: 1107 RCU_INIT_POINTER(p->vlgrp, NULL); 1108 synchronize_rcu(); 1109 vlan_tunnel_deinit(vg); 1110 err_tunnel_init: 1111 rhashtable_destroy(&vg->vlan_hash); 1112 err_rhtbl: 1113 err_vlan_enabled: 1114 kfree(vg); 1115 1116 goto out; 1117 } 1118 1119 /* Must be protected by RTNL. 1120 * Must be called with vid in range from 1 to 4094 inclusive. 1121 * changed must be true only if the vlan was created or updated 1122 */ 1123 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags, 1124 bool *changed) 1125 { 1126 struct net_bridge_vlan *vlan; 1127 int ret; 1128 1129 ASSERT_RTNL(); 1130 1131 *changed = false; 1132 vlan = br_vlan_find(nbp_vlan_group(port), vid); 1133 if (vlan) { 1134 /* Pass the flags to the hardware bridge */ 1135 ret = br_switchdev_port_vlan_add(port->dev, vid, flags); 1136 if (ret && ret != -EOPNOTSUPP) 1137 return ret; 1138 *changed = __vlan_add_flags(vlan, flags); 1139 1140 return 0; 1141 } 1142 1143 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 1144 if (!vlan) 1145 return -ENOMEM; 1146 1147 vlan->vid = vid; 1148 vlan->port = port; 1149 ret = __vlan_add(vlan, flags); 1150 if (ret) 1151 kfree(vlan); 1152 else 1153 *changed = true; 1154 1155 return ret; 1156 } 1157 1158 /* Must be protected by RTNL. 1159 * Must be called with vid in range from 1 to 4094 inclusive. 1160 */ 1161 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 1162 { 1163 struct net_bridge_vlan *v; 1164 1165 ASSERT_RTNL(); 1166 1167 v = br_vlan_find(nbp_vlan_group(port), vid); 1168 if (!v) 1169 return -ENOENT; 1170 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 1171 br_fdb_delete_by_port(port->br, port, vid, 0); 1172 1173 return __vlan_del(v); 1174 } 1175 1176 void nbp_vlan_flush(struct net_bridge_port *port) 1177 { 1178 struct net_bridge_vlan_group *vg; 1179 1180 ASSERT_RTNL(); 1181 1182 vg = nbp_vlan_group(port); 1183 __vlan_flush(vg); 1184 RCU_INIT_POINTER(port->vlgrp, NULL); 1185 synchronize_rcu(); 1186 __vlan_group_free(vg); 1187 } 1188 1189 void br_vlan_get_stats(const struct net_bridge_vlan *v, 1190 struct br_vlan_stats *stats) 1191 { 1192 int i; 1193 1194 memset(stats, 0, sizeof(*stats)); 1195 for_each_possible_cpu(i) { 1196 u64 rxpackets, rxbytes, txpackets, txbytes; 1197 struct br_vlan_stats *cpu_stats; 1198 unsigned int start; 1199 1200 cpu_stats = per_cpu_ptr(v->stats, i); 1201 do { 1202 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp); 1203 rxpackets = cpu_stats->rx_packets; 1204 rxbytes = cpu_stats->rx_bytes; 1205 txbytes = cpu_stats->tx_bytes; 1206 txpackets = cpu_stats->tx_packets; 1207 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start)); 1208 1209 stats->rx_packets += rxpackets; 1210 stats->rx_bytes += rxbytes; 1211 stats->tx_bytes += txbytes; 1212 stats->tx_packets += txpackets; 1213 } 1214 } 1215 1216 int br_vlan_get_pvid(const struct net_device *dev, u16 *p_pvid) 1217 { 1218 struct net_bridge_vlan_group *vg; 1219 1220 ASSERT_RTNL(); 1221 if (netif_is_bridge_master(dev)) 1222 vg = br_vlan_group(netdev_priv(dev)); 1223 else 1224 return -EINVAL; 1225 1226 *p_pvid = br_get_pvid(vg); 1227 return 0; 1228 } 1229 EXPORT_SYMBOL_GPL(br_vlan_get_pvid); 1230 1231 int br_vlan_get_info(const struct net_device *dev, u16 vid, 1232 struct bridge_vlan_info *p_vinfo) 1233 { 1234 struct net_bridge_vlan_group *vg; 1235 struct net_bridge_vlan *v; 1236 struct net_bridge_port *p; 1237 1238 ASSERT_RTNL(); 1239 p = br_port_get_check_rtnl(dev); 1240 if (p) 1241 vg = nbp_vlan_group(p); 1242 else if (netif_is_bridge_master(dev)) 1243 vg = br_vlan_group(netdev_priv(dev)); 1244 else 1245 return -EINVAL; 1246 1247 v = br_vlan_find(vg, vid); 1248 if (!v) 1249 return -ENOENT; 1250 1251 p_vinfo->vid = vid; 1252 p_vinfo->flags = v->flags; 1253 return 0; 1254 } 1255 EXPORT_SYMBOL_GPL(br_vlan_get_info); 1256