1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 struct net_bridge_port *p = NULL; 38 struct net_bridge *br; 39 struct net_device *dev; 40 int err; 41 42 if (test_bit(vid, v->vlan_bitmap)) { 43 __vlan_add_flags(v, vid, flags); 44 return 0; 45 } 46 47 if (v->port_idx) { 48 p = v->parent.port; 49 br = p->br; 50 dev = p->dev; 51 } else { 52 br = v->parent.br; 53 dev = br->dev; 54 } 55 56 if (p) { 57 /* Add VLAN to the device filter if it is supported. 58 * Stricly speaking, this is not necessary now, since 59 * devices are made promiscuous by the bridge, but if 60 * that ever changes this code will allow tagged 61 * traffic to enter the bridge. 62 */ 63 err = vlan_vid_add(dev, htons(ETH_P_8021Q), vid); 64 if (err) 65 return err; 66 } 67 68 err = br_fdb_insert(br, p, dev->dev_addr, vid); 69 if (err) { 70 br_err(br, "failed insert local address into bridge " 71 "forwarding table\n"); 72 goto out_filt; 73 } 74 75 set_bit(vid, v->vlan_bitmap); 76 v->num_vlans++; 77 __vlan_add_flags(v, vid, flags); 78 79 return 0; 80 81 out_filt: 82 if (p) 83 vlan_vid_del(dev, htons(ETH_P_8021Q), vid); 84 return err; 85 } 86 87 static int __vlan_del(struct net_port_vlans *v, u16 vid) 88 { 89 if (!test_bit(vid, v->vlan_bitmap)) 90 return -EINVAL; 91 92 __vlan_delete_pvid(v, vid); 93 clear_bit(vid, v->untagged_bitmap); 94 95 if (v->port_idx) 96 vlan_vid_del(v->parent.port->dev, htons(ETH_P_8021Q), vid); 97 98 clear_bit(vid, v->vlan_bitmap); 99 v->num_vlans--; 100 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 101 if (v->port_idx) 102 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 103 else 104 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 105 kfree_rcu(v, rcu); 106 } 107 return 0; 108 } 109 110 static void __vlan_flush(struct net_port_vlans *v) 111 { 112 smp_wmb(); 113 v->pvid = 0; 114 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 115 if (v->port_idx) 116 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 117 else 118 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 119 kfree_rcu(v, rcu); 120 } 121 122 /* Strip the tag from the packet. Will return skb with tci set 0. */ 123 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 124 { 125 if (skb->protocol != htons(ETH_P_8021Q)) { 126 skb->vlan_tci = 0; 127 return skb; 128 } 129 130 skb->vlan_tci = 0; 131 skb = vlan_untag(skb); 132 if (skb) 133 skb->vlan_tci = 0; 134 135 return skb; 136 } 137 138 struct sk_buff *br_handle_vlan(struct net_bridge *br, 139 const struct net_port_vlans *pv, 140 struct sk_buff *skb) 141 { 142 u16 vid; 143 144 if (!br->vlan_enabled) 145 goto out; 146 147 /* At this point, we know that the frame was filtered and contains 148 * a valid vlan id. If the vlan id is set in the untagged bitmap, 149 * send untagged; otherwise, send taged. 150 */ 151 br_vlan_get_tag(skb, &vid); 152 if (test_bit(vid, pv->untagged_bitmap)) 153 skb = br_vlan_untag(skb); 154 else { 155 /* Egress policy says "send tagged". If output device 156 * is the bridge, we need to add the VLAN header 157 * ourselves since we'll be going through the RX path. 158 * Sending to ports puts the frame on the TX path and 159 * we let dev_hard_start_xmit() add the header. 160 */ 161 if (skb->protocol != htons(ETH_P_8021Q) && 162 pv->port_idx == 0) { 163 /* vlan_put_tag expects skb->data to point to 164 * mac header. 165 */ 166 skb_push(skb, ETH_HLEN); 167 skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci); 168 if (!skb) 169 goto out; 170 /* put skb->data back to where it was */ 171 skb_pull(skb, ETH_HLEN); 172 skb->vlan_tci = 0; 173 } 174 } 175 176 out: 177 return skb; 178 } 179 180 /* Called under RCU */ 181 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 182 struct sk_buff *skb, u16 *vid) 183 { 184 int err; 185 186 /* If VLAN filtering is disabled on the bridge, all packets are 187 * permitted. 188 */ 189 if (!br->vlan_enabled) 190 return true; 191 192 /* If there are no vlan in the permitted list, all packets are 193 * rejected. 194 */ 195 if (!v) 196 return false; 197 198 err = br_vlan_get_tag(skb, vid); 199 if (!*vid) { 200 u16 pvid = br_get_pvid(v); 201 202 /* Frame had a tag with VID 0 or did not have a tag. 203 * See if pvid is set on this port. That tells us which 204 * vlan untagged or priority-tagged traffic belongs to. 205 */ 206 if (pvid == VLAN_N_VID) 207 return false; 208 209 /* PVID is set on this port. Any untagged or priority-tagged 210 * ingress frame is considered to belong to this vlan. 211 */ 212 *vid = pvid; 213 if (likely(err)) 214 /* Untagged Frame. */ 215 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 216 else 217 /* Priority-tagged Frame. 218 * At this point, We know that skb->vlan_tci had 219 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 220 * We update only VID field and preserve PCP field. 221 */ 222 skb->vlan_tci |= pvid; 223 224 return true; 225 } 226 227 /* Frame had a valid vlan tag. See if vlan is allowed */ 228 if (test_bit(*vid, v->vlan_bitmap)) 229 return true; 230 231 return false; 232 } 233 234 /* Called under RCU. */ 235 bool br_allowed_egress(struct net_bridge *br, 236 const struct net_port_vlans *v, 237 const struct sk_buff *skb) 238 { 239 u16 vid; 240 241 if (!br->vlan_enabled) 242 return true; 243 244 if (!v) 245 return false; 246 247 br_vlan_get_tag(skb, &vid); 248 if (test_bit(vid, v->vlan_bitmap)) 249 return true; 250 251 return false; 252 } 253 254 /* Must be protected by RTNL. 255 * Must be called with vid in range from 1 to 4094 inclusive. 256 */ 257 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 258 { 259 struct net_port_vlans *pv = NULL; 260 int err; 261 262 ASSERT_RTNL(); 263 264 pv = rtnl_dereference(br->vlan_info); 265 if (pv) 266 return __vlan_add(pv, vid, flags); 267 268 /* Create port vlan infomration 269 */ 270 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 271 if (!pv) 272 return -ENOMEM; 273 274 pv->parent.br = br; 275 err = __vlan_add(pv, vid, flags); 276 if (err) 277 goto out; 278 279 rcu_assign_pointer(br->vlan_info, pv); 280 return 0; 281 out: 282 kfree(pv); 283 return err; 284 } 285 286 /* Must be protected by RTNL. 287 * Must be called with vid in range from 1 to 4094 inclusive. 288 */ 289 int br_vlan_delete(struct net_bridge *br, u16 vid) 290 { 291 struct net_port_vlans *pv; 292 293 ASSERT_RTNL(); 294 295 pv = rtnl_dereference(br->vlan_info); 296 if (!pv) 297 return -EINVAL; 298 299 spin_lock_bh(&br->hash_lock); 300 fdb_delete_by_addr(br, br->dev->dev_addr, vid); 301 spin_unlock_bh(&br->hash_lock); 302 303 __vlan_del(pv, vid); 304 return 0; 305 } 306 307 void br_vlan_flush(struct net_bridge *br) 308 { 309 struct net_port_vlans *pv; 310 311 ASSERT_RTNL(); 312 pv = rtnl_dereference(br->vlan_info); 313 if (!pv) 314 return; 315 316 __vlan_flush(pv); 317 } 318 319 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 320 { 321 if (!rtnl_trylock()) 322 return restart_syscall(); 323 324 if (br->vlan_enabled == val) 325 goto unlock; 326 327 br->vlan_enabled = val; 328 329 unlock: 330 rtnl_unlock(); 331 return 0; 332 } 333 334 /* Must be protected by RTNL. 335 * Must be called with vid in range from 1 to 4094 inclusive. 336 */ 337 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 338 { 339 struct net_port_vlans *pv = NULL; 340 int err; 341 342 ASSERT_RTNL(); 343 344 pv = rtnl_dereference(port->vlan_info); 345 if (pv) 346 return __vlan_add(pv, vid, flags); 347 348 /* Create port vlan infomration 349 */ 350 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 351 if (!pv) { 352 err = -ENOMEM; 353 goto clean_up; 354 } 355 356 pv->port_idx = port->port_no; 357 pv->parent.port = port; 358 err = __vlan_add(pv, vid, flags); 359 if (err) 360 goto clean_up; 361 362 rcu_assign_pointer(port->vlan_info, pv); 363 return 0; 364 365 clean_up: 366 kfree(pv); 367 return err; 368 } 369 370 /* Must be protected by RTNL. 371 * Must be called with vid in range from 1 to 4094 inclusive. 372 */ 373 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 374 { 375 struct net_port_vlans *pv; 376 377 ASSERT_RTNL(); 378 379 pv = rtnl_dereference(port->vlan_info); 380 if (!pv) 381 return -EINVAL; 382 383 spin_lock_bh(&port->br->hash_lock); 384 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid); 385 spin_unlock_bh(&port->br->hash_lock); 386 387 return __vlan_del(pv, vid); 388 } 389 390 void nbp_vlan_flush(struct net_bridge_port *port) 391 { 392 struct net_port_vlans *pv; 393 u16 vid; 394 395 ASSERT_RTNL(); 396 397 pv = rtnl_dereference(port->vlan_info); 398 if (!pv) 399 return; 400 401 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 402 vlan_vid_del(port->dev, htons(ETH_P_8021Q), vid); 403 404 __vlan_flush(pv); 405 } 406 407 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 408 { 409 struct net_port_vlans *pv; 410 bool found = false; 411 412 rcu_read_lock(); 413 pv = rcu_dereference(port->vlan_info); 414 415 if (!pv) 416 goto out; 417 418 if (test_bit(vid, pv->vlan_bitmap)) 419 found = true; 420 421 out: 422 rcu_read_unlock(); 423 return found; 424 } 425