1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 else 31 __vlan_delete_pvid(v, vid); 32 33 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 34 set_bit(vid, v->untagged_bitmap); 35 else 36 clear_bit(vid, v->untagged_bitmap); 37 } 38 39 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 40 { 41 struct net_bridge_port *p = NULL; 42 struct net_bridge *br; 43 struct net_device *dev; 44 int err; 45 46 if (test_bit(vid, v->vlan_bitmap)) { 47 __vlan_add_flags(v, vid, flags); 48 return 0; 49 } 50 51 if (v->port_idx) { 52 p = v->parent.port; 53 br = p->br; 54 dev = p->dev; 55 } else { 56 br = v->parent.br; 57 dev = br->dev; 58 } 59 60 if (p) { 61 /* Add VLAN to the device filter if it is supported. 62 * This ensures tagged traffic enters the bridge when 63 * promiscuous mode is disabled by br_manage_promisc(). 64 */ 65 err = vlan_vid_add(dev, br->vlan_proto, vid); 66 if (err) 67 return err; 68 } 69 70 err = br_fdb_insert(br, p, dev->dev_addr, vid); 71 if (err) { 72 br_err(br, "failed insert local address into bridge " 73 "forwarding table\n"); 74 goto out_filt; 75 } 76 77 set_bit(vid, v->vlan_bitmap); 78 v->num_vlans++; 79 __vlan_add_flags(v, vid, flags); 80 81 return 0; 82 83 out_filt: 84 if (p) 85 vlan_vid_del(dev, br->vlan_proto, vid); 86 return err; 87 } 88 89 static int __vlan_del(struct net_port_vlans *v, u16 vid) 90 { 91 if (!test_bit(vid, v->vlan_bitmap)) 92 return -EINVAL; 93 94 __vlan_delete_pvid(v, vid); 95 clear_bit(vid, v->untagged_bitmap); 96 97 if (v->port_idx) { 98 struct net_bridge_port *p = v->parent.port; 99 vlan_vid_del(p->dev, p->br->vlan_proto, vid); 100 } 101 102 clear_bit(vid, v->vlan_bitmap); 103 v->num_vlans--; 104 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 105 if (v->port_idx) 106 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 107 else 108 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 109 kfree_rcu(v, rcu); 110 } 111 return 0; 112 } 113 114 static void __vlan_flush(struct net_port_vlans *v) 115 { 116 smp_wmb(); 117 v->pvid = 0; 118 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 119 if (v->port_idx) 120 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 121 else 122 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 123 kfree_rcu(v, rcu); 124 } 125 126 struct sk_buff *br_handle_vlan(struct net_bridge *br, 127 const struct net_port_vlans *pv, 128 struct sk_buff *skb) 129 { 130 u16 vid; 131 132 /* If this packet was not filtered at input, let it pass */ 133 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 134 goto out; 135 136 /* Vlan filter table must be configured at this point. The 137 * only exception is the bridge is set in promisc mode and the 138 * packet is destined for the bridge device. In this case 139 * pass the packet as is. 140 */ 141 if (!pv) { 142 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 143 goto out; 144 } else { 145 kfree_skb(skb); 146 return NULL; 147 } 148 } 149 150 /* At this point, we know that the frame was filtered and contains 151 * a valid vlan id. If the vlan id is set in the untagged bitmap, 152 * send untagged; otherwise, send tagged. 153 */ 154 br_vlan_get_tag(skb, &vid); 155 if (test_bit(vid, pv->untagged_bitmap)) 156 skb->vlan_tci = 0; 157 158 out: 159 return skb; 160 } 161 162 /* Called under RCU */ 163 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 164 struct sk_buff *skb, u16 *vid) 165 { 166 bool tagged; 167 __be16 proto; 168 169 /* If VLAN filtering is disabled on the bridge, all packets are 170 * permitted. 171 */ 172 if (!br->vlan_enabled) { 173 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 174 return true; 175 } 176 177 /* If there are no vlan in the permitted list, all packets are 178 * rejected. 179 */ 180 if (!v) 181 goto drop; 182 183 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 184 proto = br->vlan_proto; 185 186 /* If vlan tx offload is disabled on bridge device and frame was 187 * sent from vlan device on the bridge device, it does not have 188 * HW accelerated vlan tag. 189 */ 190 if (unlikely(!vlan_tx_tag_present(skb) && 191 skb->protocol == proto)) { 192 skb = skb_vlan_untag(skb); 193 if (unlikely(!skb)) 194 return false; 195 } 196 197 if (!br_vlan_get_tag(skb, vid)) { 198 /* Tagged frame */ 199 if (skb->vlan_proto != proto) { 200 /* Protocol-mismatch, empty out vlan_tci for new tag */ 201 skb_push(skb, ETH_HLEN); 202 skb = __vlan_put_tag(skb, skb->vlan_proto, 203 vlan_tx_tag_get(skb)); 204 if (unlikely(!skb)) 205 return false; 206 207 skb_pull(skb, ETH_HLEN); 208 skb_reset_mac_len(skb); 209 *vid = 0; 210 tagged = false; 211 } else { 212 tagged = true; 213 } 214 } else { 215 /* Untagged frame */ 216 tagged = false; 217 } 218 219 if (!*vid) { 220 u16 pvid = br_get_pvid(v); 221 222 /* Frame had a tag with VID 0 or did not have a tag. 223 * See if pvid is set on this port. That tells us which 224 * vlan untagged or priority-tagged traffic belongs to. 225 */ 226 if (!pvid) 227 goto drop; 228 229 /* PVID is set on this port. Any untagged or priority-tagged 230 * ingress frame is considered to belong to this vlan. 231 */ 232 *vid = pvid; 233 if (likely(!tagged)) 234 /* Untagged Frame. */ 235 __vlan_hwaccel_put_tag(skb, proto, pvid); 236 else 237 /* Priority-tagged Frame. 238 * At this point, We know that skb->vlan_tci had 239 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 240 * We update only VID field and preserve PCP field. 241 */ 242 skb->vlan_tci |= pvid; 243 244 return true; 245 } 246 247 /* Frame had a valid vlan tag. See if vlan is allowed */ 248 if (test_bit(*vid, v->vlan_bitmap)) 249 return true; 250 drop: 251 kfree_skb(skb); 252 return false; 253 } 254 255 /* Called under RCU. */ 256 bool br_allowed_egress(struct net_bridge *br, 257 const struct net_port_vlans *v, 258 const struct sk_buff *skb) 259 { 260 u16 vid; 261 262 /* If this packet was not filtered at input, let it pass */ 263 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 264 return true; 265 266 if (!v) 267 return false; 268 269 br_vlan_get_tag(skb, &vid); 270 if (test_bit(vid, v->vlan_bitmap)) 271 return true; 272 273 return false; 274 } 275 276 /* Called under RCU */ 277 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 278 { 279 struct net_bridge *br = p->br; 280 struct net_port_vlans *v; 281 282 /* If filtering was disabled at input, let it pass. */ 283 if (!br->vlan_enabled) 284 return true; 285 286 v = rcu_dereference(p->vlan_info); 287 if (!v) 288 return false; 289 290 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 291 *vid = 0; 292 293 if (!*vid) { 294 *vid = br_get_pvid(v); 295 if (!*vid) 296 return false; 297 298 return true; 299 } 300 301 if (test_bit(*vid, v->vlan_bitmap)) 302 return true; 303 304 return false; 305 } 306 307 /* Must be protected by RTNL. 308 * Must be called with vid in range from 1 to 4094 inclusive. 309 */ 310 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 311 { 312 struct net_port_vlans *pv = NULL; 313 int err; 314 315 ASSERT_RTNL(); 316 317 pv = rtnl_dereference(br->vlan_info); 318 if (pv) 319 return __vlan_add(pv, vid, flags); 320 321 /* Create port vlan infomration 322 */ 323 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 324 if (!pv) 325 return -ENOMEM; 326 327 pv->parent.br = br; 328 err = __vlan_add(pv, vid, flags); 329 if (err) 330 goto out; 331 332 rcu_assign_pointer(br->vlan_info, pv); 333 return 0; 334 out: 335 kfree(pv); 336 return err; 337 } 338 339 /* Must be protected by RTNL. 340 * Must be called with vid in range from 1 to 4094 inclusive. 341 */ 342 int br_vlan_delete(struct net_bridge *br, u16 vid) 343 { 344 struct net_port_vlans *pv; 345 346 ASSERT_RTNL(); 347 348 pv = rtnl_dereference(br->vlan_info); 349 if (!pv) 350 return -EINVAL; 351 352 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 353 354 __vlan_del(pv, vid); 355 return 0; 356 } 357 358 void br_vlan_flush(struct net_bridge *br) 359 { 360 struct net_port_vlans *pv; 361 362 ASSERT_RTNL(); 363 pv = rtnl_dereference(br->vlan_info); 364 if (!pv) 365 return; 366 367 __vlan_flush(pv); 368 } 369 370 bool br_vlan_find(struct net_bridge *br, u16 vid) 371 { 372 struct net_port_vlans *pv; 373 bool found = false; 374 375 rcu_read_lock(); 376 pv = rcu_dereference(br->vlan_info); 377 378 if (!pv) 379 goto out; 380 381 if (test_bit(vid, pv->vlan_bitmap)) 382 found = true; 383 384 out: 385 rcu_read_unlock(); 386 return found; 387 } 388 389 /* Must be protected by RTNL. */ 390 static void recalculate_group_addr(struct net_bridge *br) 391 { 392 if (br->group_addr_set) 393 return; 394 395 spin_lock_bh(&br->lock); 396 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 397 /* Bridge Group Address */ 398 br->group_addr[5] = 0x00; 399 } else { /* vlan_enabled && ETH_P_8021AD */ 400 /* Provider Bridge Group Address */ 401 br->group_addr[5] = 0x08; 402 } 403 spin_unlock_bh(&br->lock); 404 } 405 406 /* Must be protected by RTNL. */ 407 void br_recalculate_fwd_mask(struct net_bridge *br) 408 { 409 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 410 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 411 else /* vlan_enabled && ETH_P_8021AD */ 412 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 413 ~(1u << br->group_addr[5]); 414 } 415 416 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 417 { 418 if (!rtnl_trylock()) 419 return restart_syscall(); 420 421 if (br->vlan_enabled == val) 422 goto unlock; 423 424 br->vlan_enabled = val; 425 br_manage_promisc(br); 426 recalculate_group_addr(br); 427 br_recalculate_fwd_mask(br); 428 429 unlock: 430 rtnl_unlock(); 431 return 0; 432 } 433 434 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 435 { 436 int err = 0; 437 struct net_bridge_port *p; 438 struct net_port_vlans *pv; 439 __be16 proto, oldproto; 440 u16 vid, errvid; 441 442 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 443 return -EPROTONOSUPPORT; 444 445 if (!rtnl_trylock()) 446 return restart_syscall(); 447 448 proto = htons(val); 449 if (br->vlan_proto == proto) 450 goto unlock; 451 452 /* Add VLANs for the new proto to the device filter. */ 453 list_for_each_entry(p, &br->port_list, list) { 454 pv = rtnl_dereference(p->vlan_info); 455 if (!pv) 456 continue; 457 458 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) { 459 err = vlan_vid_add(p->dev, proto, vid); 460 if (err) 461 goto err_filt; 462 } 463 } 464 465 oldproto = br->vlan_proto; 466 br->vlan_proto = proto; 467 468 recalculate_group_addr(br); 469 br_recalculate_fwd_mask(br); 470 471 /* Delete VLANs for the old proto from the device filter. */ 472 list_for_each_entry(p, &br->port_list, list) { 473 pv = rtnl_dereference(p->vlan_info); 474 if (!pv) 475 continue; 476 477 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 478 vlan_vid_del(p->dev, oldproto, vid); 479 } 480 481 unlock: 482 rtnl_unlock(); 483 return err; 484 485 err_filt: 486 errvid = vid; 487 for_each_set_bit(vid, pv->vlan_bitmap, errvid) 488 vlan_vid_del(p->dev, proto, vid); 489 490 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 491 pv = rtnl_dereference(p->vlan_info); 492 if (!pv) 493 continue; 494 495 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 496 vlan_vid_del(p->dev, proto, vid); 497 } 498 499 goto unlock; 500 } 501 502 static bool vlan_default_pvid(struct net_port_vlans *pv, u16 vid) 503 { 504 return pv && vid == pv->pvid && test_bit(vid, pv->untagged_bitmap); 505 } 506 507 static void br_vlan_disable_default_pvid(struct net_bridge *br) 508 { 509 struct net_bridge_port *p; 510 u16 pvid = br->default_pvid; 511 512 /* Disable default_pvid on all ports where it is still 513 * configured. 514 */ 515 if (vlan_default_pvid(br_get_vlan_info(br), pvid)) 516 br_vlan_delete(br, pvid); 517 518 list_for_each_entry(p, &br->port_list, list) { 519 if (vlan_default_pvid(nbp_get_vlan_info(p), pvid)) 520 nbp_vlan_delete(p, pvid); 521 } 522 523 br->default_pvid = 0; 524 } 525 526 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 527 { 528 struct net_bridge_port *p; 529 u16 old_pvid; 530 int err = 0; 531 unsigned long *changed; 532 533 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 534 GFP_KERNEL); 535 if (!changed) 536 return -ENOMEM; 537 538 old_pvid = br->default_pvid; 539 540 /* Update default_pvid config only if we do not conflict with 541 * user configuration. 542 */ 543 if ((!old_pvid || vlan_default_pvid(br_get_vlan_info(br), old_pvid)) && 544 !br_vlan_find(br, pvid)) { 545 err = br_vlan_add(br, pvid, 546 BRIDGE_VLAN_INFO_PVID | 547 BRIDGE_VLAN_INFO_UNTAGGED); 548 if (err) 549 goto out; 550 br_vlan_delete(br, old_pvid); 551 set_bit(0, changed); 552 } 553 554 list_for_each_entry(p, &br->port_list, list) { 555 /* Update default_pvid config only if we do not conflict with 556 * user configuration. 557 */ 558 if ((old_pvid && 559 !vlan_default_pvid(nbp_get_vlan_info(p), old_pvid)) || 560 nbp_vlan_find(p, pvid)) 561 continue; 562 563 err = nbp_vlan_add(p, pvid, 564 BRIDGE_VLAN_INFO_PVID | 565 BRIDGE_VLAN_INFO_UNTAGGED); 566 if (err) 567 goto err_port; 568 nbp_vlan_delete(p, old_pvid); 569 set_bit(p->port_no, changed); 570 } 571 572 br->default_pvid = pvid; 573 574 out: 575 kfree(changed); 576 return err; 577 578 err_port: 579 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 580 if (!test_bit(p->port_no, changed)) 581 continue; 582 583 if (old_pvid) 584 nbp_vlan_add(p, old_pvid, 585 BRIDGE_VLAN_INFO_PVID | 586 BRIDGE_VLAN_INFO_UNTAGGED); 587 nbp_vlan_delete(p, pvid); 588 } 589 590 if (test_bit(0, changed)) { 591 if (old_pvid) 592 br_vlan_add(br, old_pvid, 593 BRIDGE_VLAN_INFO_PVID | 594 BRIDGE_VLAN_INFO_UNTAGGED); 595 br_vlan_delete(br, pvid); 596 } 597 goto out; 598 } 599 600 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 601 { 602 u16 pvid = val; 603 int err = 0; 604 605 if (val >= VLAN_VID_MASK) 606 return -EINVAL; 607 608 if (!rtnl_trylock()) 609 return restart_syscall(); 610 611 if (pvid == br->default_pvid) 612 goto unlock; 613 614 /* Only allow default pvid change when filtering is disabled */ 615 if (br->vlan_enabled) { 616 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 617 err = -EPERM; 618 goto unlock; 619 } 620 621 if (!pvid) 622 br_vlan_disable_default_pvid(br); 623 else 624 err = __br_vlan_set_default_pvid(br, pvid); 625 626 unlock: 627 rtnl_unlock(); 628 return err; 629 } 630 631 int br_vlan_init(struct net_bridge *br) 632 { 633 br->vlan_proto = htons(ETH_P_8021Q); 634 br->default_pvid = 1; 635 return br_vlan_add(br, 1, 636 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED); 637 } 638 639 /* Must be protected by RTNL. 640 * Must be called with vid in range from 1 to 4094 inclusive. 641 */ 642 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 643 { 644 struct net_port_vlans *pv = NULL; 645 int err; 646 647 ASSERT_RTNL(); 648 649 pv = rtnl_dereference(port->vlan_info); 650 if (pv) 651 return __vlan_add(pv, vid, flags); 652 653 /* Create port vlan infomration 654 */ 655 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 656 if (!pv) { 657 err = -ENOMEM; 658 goto clean_up; 659 } 660 661 pv->port_idx = port->port_no; 662 pv->parent.port = port; 663 err = __vlan_add(pv, vid, flags); 664 if (err) 665 goto clean_up; 666 667 rcu_assign_pointer(port->vlan_info, pv); 668 return 0; 669 670 clean_up: 671 kfree(pv); 672 return err; 673 } 674 675 /* Must be protected by RTNL. 676 * Must be called with vid in range from 1 to 4094 inclusive. 677 */ 678 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 679 { 680 struct net_port_vlans *pv; 681 682 ASSERT_RTNL(); 683 684 pv = rtnl_dereference(port->vlan_info); 685 if (!pv) 686 return -EINVAL; 687 688 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 689 690 return __vlan_del(pv, vid); 691 } 692 693 void nbp_vlan_flush(struct net_bridge_port *port) 694 { 695 struct net_port_vlans *pv; 696 u16 vid; 697 698 ASSERT_RTNL(); 699 700 pv = rtnl_dereference(port->vlan_info); 701 if (!pv) 702 return; 703 704 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 705 vlan_vid_del(port->dev, port->br->vlan_proto, vid); 706 707 __vlan_flush(pv); 708 } 709 710 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 711 { 712 struct net_port_vlans *pv; 713 bool found = false; 714 715 rcu_read_lock(); 716 pv = rcu_dereference(port->vlan_info); 717 718 if (!pv) 719 goto out; 720 721 if (test_bit(vid, pv->vlan_bitmap)) 722 found = true; 723 724 out: 725 rcu_read_unlock(); 726 return found; 727 } 728 729 int nbp_vlan_init(struct net_bridge_port *p) 730 { 731 return p->br->default_pvid ? 732 nbp_vlan_add(p, p->br->default_pvid, 733 BRIDGE_VLAN_INFO_PVID | 734 BRIDGE_VLAN_INFO_UNTAGGED) : 735 0; 736 } 737