xref: /openbmc/linux/net/bridge/br_vlan.c (revision b90356ce) 
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 	if (v->pvid == vid)
11 		return;
12 
13 	smp_wmb();
14 	v->pvid = vid;
15 }
16 
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 	if (v->pvid != vid)
20 		return;
21 
22 	smp_wmb();
23 	v->pvid = 0;
24 }
25 
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 	if (flags & BRIDGE_VLAN_INFO_PVID)
29 		__vlan_add_pvid(v, vid);
30 
31 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 		set_bit(vid, v->untagged_bitmap);
33 }
34 
35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 	const struct net_device_ops *ops;
38 	struct net_bridge_port *p = NULL;
39 	struct net_bridge *br;
40 	struct net_device *dev;
41 	int err;
42 
43 	if (test_bit(vid, v->vlan_bitmap)) {
44 		__vlan_add_flags(v, vid, flags);
45 		return 0;
46 	}
47 
48 	if (v->port_idx) {
49 		p = v->parent.port;
50 		br = p->br;
51 		dev = p->dev;
52 	} else {
53 		br = v->parent.br;
54 		dev = br->dev;
55 	}
56 	ops = dev->netdev_ops;
57 
58 	if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) {
59 		/* Add VLAN to the device filter if it is supported.
60 		 * Stricly speaking, this is not necessary now, since
61 		 * devices are made promiscuous by the bridge, but if
62 		 * that ever changes this code will allow tagged
63 		 * traffic to enter the bridge.
64 		 */
65 		err = ops->ndo_vlan_rx_add_vid(dev, htons(ETH_P_8021Q),
66 					       vid);
67 		if (err)
68 			return err;
69 	}
70 
71 	err = br_fdb_insert(br, p, dev->dev_addr, vid);
72 	if (err) {
73 		br_err(br, "failed insert local address into bridge "
74 		       "forwarding table\n");
75 		goto out_filt;
76 	}
77 
78 	set_bit(vid, v->vlan_bitmap);
79 	v->num_vlans++;
80 	__vlan_add_flags(v, vid, flags);
81 
82 	return 0;
83 
84 out_filt:
85 	if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER))
86 		ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
87 	return err;
88 }
89 
90 static int __vlan_del(struct net_port_vlans *v, u16 vid)
91 {
92 	if (!test_bit(vid, v->vlan_bitmap))
93 		return -EINVAL;
94 
95 	__vlan_delete_pvid(v, vid);
96 	clear_bit(vid, v->untagged_bitmap);
97 
98 	if (v->port_idx) {
99 		struct net_device *dev = v->parent.port->dev;
100 		const struct net_device_ops *ops = dev->netdev_ops;
101 
102 		if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)
103 			ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
104 	}
105 
106 	clear_bit(vid, v->vlan_bitmap);
107 	v->num_vlans--;
108 	if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
109 		if (v->port_idx)
110 			rcu_assign_pointer(v->parent.port->vlan_info, NULL);
111 		else
112 			rcu_assign_pointer(v->parent.br->vlan_info, NULL);
113 		kfree_rcu(v, rcu);
114 	}
115 	return 0;
116 }
117 
118 static void __vlan_flush(struct net_port_vlans *v)
119 {
120 	smp_wmb();
121 	v->pvid = 0;
122 	bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
123 	if (v->port_idx)
124 		rcu_assign_pointer(v->parent.port->vlan_info, NULL);
125 	else
126 		rcu_assign_pointer(v->parent.br->vlan_info, NULL);
127 	kfree_rcu(v, rcu);
128 }
129 
130 /* Strip the tag from the packet.  Will return skb with tci set 0.  */
131 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
132 {
133 	if (skb->protocol != htons(ETH_P_8021Q)) {
134 		skb->vlan_tci = 0;
135 		return skb;
136 	}
137 
138 	skb->vlan_tci = 0;
139 	skb = vlan_untag(skb);
140 	if (skb)
141 		skb->vlan_tci = 0;
142 
143 	return skb;
144 }
145 
146 struct sk_buff *br_handle_vlan(struct net_bridge *br,
147 			       const struct net_port_vlans *pv,
148 			       struct sk_buff *skb)
149 {
150 	u16 vid;
151 
152 	if (!br->vlan_enabled)
153 		goto out;
154 
155 	/* At this point, we know that the frame was filtered and contains
156 	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
157 	 * send untagged; otherwise, send taged.
158 	 */
159 	br_vlan_get_tag(skb, &vid);
160 	if (test_bit(vid, pv->untagged_bitmap))
161 		skb = br_vlan_untag(skb);
162 	else {
163 		/* Egress policy says "send tagged".  If output device
164 		 * is the  bridge, we need to add the VLAN header
165 		 * ourselves since we'll be going through the RX path.
166 		 * Sending to ports puts the frame on the TX path and
167 		 * we let dev_hard_start_xmit() add the header.
168 		 */
169 		if (skb->protocol != htons(ETH_P_8021Q) &&
170 		    pv->port_idx == 0) {
171 			/* vlan_put_tag expects skb->data to point to
172 			 * mac header.
173 			 */
174 			skb_push(skb, ETH_HLEN);
175 			skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci);
176 			if (!skb)
177 				goto out;
178 			/* put skb->data back to where it was */
179 			skb_pull(skb, ETH_HLEN);
180 			skb->vlan_tci = 0;
181 		}
182 	}
183 
184 out:
185 	return skb;
186 }
187 
188 /* Called under RCU */
189 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
190 			struct sk_buff *skb, u16 *vid)
191 {
192 	int err;
193 
194 	/* If VLAN filtering is disabled on the bridge, all packets are
195 	 * permitted.
196 	 */
197 	if (!br->vlan_enabled)
198 		return true;
199 
200 	/* If there are no vlan in the permitted list, all packets are
201 	 * rejected.
202 	 */
203 	if (!v)
204 		return false;
205 
206 	err = br_vlan_get_tag(skb, vid);
207 	if (!*vid) {
208 		u16 pvid = br_get_pvid(v);
209 
210 		/* Frame had a tag with VID 0 or did not have a tag.
211 		 * See if pvid is set on this port.  That tells us which
212 		 * vlan untagged or priority-tagged traffic belongs to.
213 		 */
214 		if (pvid == VLAN_N_VID)
215 			return false;
216 
217 		/* PVID is set on this port.  Any untagged or priority-tagged
218 		 * ingress frame is considered to belong to this vlan.
219 		 */
220 		if (likely(err))
221 			/* Untagged Frame. */
222 			__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);
223 		else
224 			/* Priority-tagged Frame.
225 			 * At this point, We know that skb->vlan_tci had
226 			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
227 			 * We update only VID field and preserve PCP field.
228 			 */
229 			skb->vlan_tci |= pvid;
230 
231 		return true;
232 	}
233 
234 	/* Frame had a valid vlan tag.  See if vlan is allowed */
235 	if (test_bit(*vid, v->vlan_bitmap))
236 		return true;
237 
238 	return false;
239 }
240 
241 /* Called under RCU. */
242 bool br_allowed_egress(struct net_bridge *br,
243 		       const struct net_port_vlans *v,
244 		       const struct sk_buff *skb)
245 {
246 	u16 vid;
247 
248 	if (!br->vlan_enabled)
249 		return true;
250 
251 	if (!v)
252 		return false;
253 
254 	br_vlan_get_tag(skb, &vid);
255 	if (test_bit(vid, v->vlan_bitmap))
256 		return true;
257 
258 	return false;
259 }
260 
261 /* Must be protected by RTNL.
262  * Must be called with vid in range from 1 to 4094 inclusive.
263  */
264 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
265 {
266 	struct net_port_vlans *pv = NULL;
267 	int err;
268 
269 	ASSERT_RTNL();
270 
271 	pv = rtnl_dereference(br->vlan_info);
272 	if (pv)
273 		return __vlan_add(pv, vid, flags);
274 
275 	/* Create port vlan infomration
276 	 */
277 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
278 	if (!pv)
279 		return -ENOMEM;
280 
281 	pv->parent.br = br;
282 	err = __vlan_add(pv, vid, flags);
283 	if (err)
284 		goto out;
285 
286 	rcu_assign_pointer(br->vlan_info, pv);
287 	return 0;
288 out:
289 	kfree(pv);
290 	return err;
291 }
292 
293 /* Must be protected by RTNL.
294  * Must be called with vid in range from 1 to 4094 inclusive.
295  */
296 int br_vlan_delete(struct net_bridge *br, u16 vid)
297 {
298 	struct net_port_vlans *pv;
299 
300 	ASSERT_RTNL();
301 
302 	pv = rtnl_dereference(br->vlan_info);
303 	if (!pv)
304 		return -EINVAL;
305 
306 	spin_lock_bh(&br->hash_lock);
307 	fdb_delete_by_addr(br, br->dev->dev_addr, vid);
308 	spin_unlock_bh(&br->hash_lock);
309 
310 	__vlan_del(pv, vid);
311 	return 0;
312 }
313 
314 void br_vlan_flush(struct net_bridge *br)
315 {
316 	struct net_port_vlans *pv;
317 
318 	ASSERT_RTNL();
319 	pv = rtnl_dereference(br->vlan_info);
320 	if (!pv)
321 		return;
322 
323 	__vlan_flush(pv);
324 }
325 
326 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
327 {
328 	if (!rtnl_trylock())
329 		return restart_syscall();
330 
331 	if (br->vlan_enabled == val)
332 		goto unlock;
333 
334 	br->vlan_enabled = val;
335 
336 unlock:
337 	rtnl_unlock();
338 	return 0;
339 }
340 
341 /* Must be protected by RTNL.
342  * Must be called with vid in range from 1 to 4094 inclusive.
343  */
344 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
345 {
346 	struct net_port_vlans *pv = NULL;
347 	int err;
348 
349 	ASSERT_RTNL();
350 
351 	pv = rtnl_dereference(port->vlan_info);
352 	if (pv)
353 		return __vlan_add(pv, vid, flags);
354 
355 	/* Create port vlan infomration
356 	 */
357 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
358 	if (!pv) {
359 		err = -ENOMEM;
360 		goto clean_up;
361 	}
362 
363 	pv->port_idx = port->port_no;
364 	pv->parent.port = port;
365 	err = __vlan_add(pv, vid, flags);
366 	if (err)
367 		goto clean_up;
368 
369 	rcu_assign_pointer(port->vlan_info, pv);
370 	return 0;
371 
372 clean_up:
373 	kfree(pv);
374 	return err;
375 }
376 
377 /* Must be protected by RTNL.
378  * Must be called with vid in range from 1 to 4094 inclusive.
379  */
380 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
381 {
382 	struct net_port_vlans *pv;
383 
384 	ASSERT_RTNL();
385 
386 	pv = rtnl_dereference(port->vlan_info);
387 	if (!pv)
388 		return -EINVAL;
389 
390 	spin_lock_bh(&port->br->hash_lock);
391 	fdb_delete_by_addr(port->br, port->dev->dev_addr, vid);
392 	spin_unlock_bh(&port->br->hash_lock);
393 
394 	return __vlan_del(pv, vid);
395 }
396 
397 void nbp_vlan_flush(struct net_bridge_port *port)
398 {
399 	struct net_port_vlans *pv;
400 
401 	ASSERT_RTNL();
402 
403 	pv = rtnl_dereference(port->vlan_info);
404 	if (!pv)
405 		return;
406 
407 	__vlan_flush(pv);
408 }
409 
410 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
411 {
412 	struct net_port_vlans *pv;
413 	bool found = false;
414 
415 	rcu_read_lock();
416 	pv = rcu_dereference(port->vlan_info);
417 
418 	if (!pv)
419 		goto out;
420 
421 	if (test_bit(vid, pv->vlan_bitmap))
422 		found = true;
423 
424 out:
425 	rcu_read_unlock();
426 	return found;
427 }
428