1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 const struct net_device_ops *ops; 38 struct net_bridge_port *p = NULL; 39 struct net_bridge *br; 40 struct net_device *dev; 41 int err; 42 43 if (test_bit(vid, v->vlan_bitmap)) { 44 __vlan_add_flags(v, vid, flags); 45 return 0; 46 } 47 48 if (v->port_idx) { 49 p = v->parent.port; 50 br = p->br; 51 dev = p->dev; 52 } else { 53 br = v->parent.br; 54 dev = br->dev; 55 } 56 ops = dev->netdev_ops; 57 58 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) { 59 /* Add VLAN to the device filter if it is supported. 60 * Stricly speaking, this is not necessary now, since 61 * devices are made promiscuous by the bridge, but if 62 * that ever changes this code will allow tagged 63 * traffic to enter the bridge. 64 */ 65 err = ops->ndo_vlan_rx_add_vid(dev, htons(ETH_P_8021Q), 66 vid); 67 if (err) 68 return err; 69 } 70 71 err = br_fdb_insert(br, p, dev->dev_addr, vid); 72 if (err) { 73 br_err(br, "failed insert local address into bridge " 74 "forwarding table\n"); 75 goto out_filt; 76 } 77 78 set_bit(vid, v->vlan_bitmap); 79 v->num_vlans++; 80 __vlan_add_flags(v, vid, flags); 81 82 return 0; 83 84 out_filt: 85 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) 86 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid); 87 return err; 88 } 89 90 static int __vlan_del(struct net_port_vlans *v, u16 vid) 91 { 92 if (!test_bit(vid, v->vlan_bitmap)) 93 return -EINVAL; 94 95 __vlan_delete_pvid(v, vid); 96 clear_bit(vid, v->untagged_bitmap); 97 98 if (v->port_idx) { 99 struct net_device *dev = v->parent.port->dev; 100 const struct net_device_ops *ops = dev->netdev_ops; 101 102 if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER) 103 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid); 104 } 105 106 clear_bit(vid, v->vlan_bitmap); 107 v->num_vlans--; 108 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 109 if (v->port_idx) 110 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 111 else 112 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 113 kfree_rcu(v, rcu); 114 } 115 return 0; 116 } 117 118 static void __vlan_flush(struct net_port_vlans *v) 119 { 120 smp_wmb(); 121 v->pvid = 0; 122 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 123 if (v->port_idx) 124 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 125 else 126 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 127 kfree_rcu(v, rcu); 128 } 129 130 /* Strip the tag from the packet. Will return skb with tci set 0. */ 131 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 132 { 133 if (skb->protocol != htons(ETH_P_8021Q)) { 134 skb->vlan_tci = 0; 135 return skb; 136 } 137 138 skb->vlan_tci = 0; 139 skb = vlan_untag(skb); 140 if (skb) 141 skb->vlan_tci = 0; 142 143 return skb; 144 } 145 146 struct sk_buff *br_handle_vlan(struct net_bridge *br, 147 const struct net_port_vlans *pv, 148 struct sk_buff *skb) 149 { 150 u16 vid; 151 152 if (!br->vlan_enabled) 153 goto out; 154 155 /* At this point, we know that the frame was filtered and contains 156 * a valid vlan id. If the vlan id is set in the untagged bitmap, 157 * send untagged; otherwise, send taged. 158 */ 159 br_vlan_get_tag(skb, &vid); 160 if (test_bit(vid, pv->untagged_bitmap)) 161 skb = br_vlan_untag(skb); 162 else { 163 /* Egress policy says "send tagged". If output device 164 * is the bridge, we need to add the VLAN header 165 * ourselves since we'll be going through the RX path. 166 * Sending to ports puts the frame on the TX path and 167 * we let dev_hard_start_xmit() add the header. 168 */ 169 if (skb->protocol != htons(ETH_P_8021Q) && 170 pv->port_idx == 0) { 171 /* vlan_put_tag expects skb->data to point to 172 * mac header. 173 */ 174 skb_push(skb, ETH_HLEN); 175 skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci); 176 if (!skb) 177 goto out; 178 /* put skb->data back to where it was */ 179 skb_pull(skb, ETH_HLEN); 180 skb->vlan_tci = 0; 181 } 182 } 183 184 out: 185 return skb; 186 } 187 188 /* Called under RCU */ 189 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 190 struct sk_buff *skb, u16 *vid) 191 { 192 int err; 193 194 /* If VLAN filtering is disabled on the bridge, all packets are 195 * permitted. 196 */ 197 if (!br->vlan_enabled) 198 return true; 199 200 /* If there are no vlan in the permitted list, all packets are 201 * rejected. 202 */ 203 if (!v) 204 return false; 205 206 err = br_vlan_get_tag(skb, vid); 207 if (!*vid) { 208 u16 pvid = br_get_pvid(v); 209 210 /* Frame had a tag with VID 0 or did not have a tag. 211 * See if pvid is set on this port. That tells us which 212 * vlan untagged or priority-tagged traffic belongs to. 213 */ 214 if (pvid == VLAN_N_VID) 215 return false; 216 217 /* PVID is set on this port. Any untagged or priority-tagged 218 * ingress frame is considered to belong to this vlan. 219 */ 220 if (likely(err)) 221 /* Untagged Frame. */ 222 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 223 else 224 /* Priority-tagged Frame. 225 * At this point, We know that skb->vlan_tci had 226 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 227 * We update only VID field and preserve PCP field. 228 */ 229 skb->vlan_tci |= pvid; 230 231 return true; 232 } 233 234 /* Frame had a valid vlan tag. See if vlan is allowed */ 235 if (test_bit(*vid, v->vlan_bitmap)) 236 return true; 237 238 return false; 239 } 240 241 /* Called under RCU. */ 242 bool br_allowed_egress(struct net_bridge *br, 243 const struct net_port_vlans *v, 244 const struct sk_buff *skb) 245 { 246 u16 vid; 247 248 if (!br->vlan_enabled) 249 return true; 250 251 if (!v) 252 return false; 253 254 br_vlan_get_tag(skb, &vid); 255 if (test_bit(vid, v->vlan_bitmap)) 256 return true; 257 258 return false; 259 } 260 261 /* Must be protected by RTNL. 262 * Must be called with vid in range from 1 to 4094 inclusive. 263 */ 264 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 265 { 266 struct net_port_vlans *pv = NULL; 267 int err; 268 269 ASSERT_RTNL(); 270 271 pv = rtnl_dereference(br->vlan_info); 272 if (pv) 273 return __vlan_add(pv, vid, flags); 274 275 /* Create port vlan infomration 276 */ 277 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 278 if (!pv) 279 return -ENOMEM; 280 281 pv->parent.br = br; 282 err = __vlan_add(pv, vid, flags); 283 if (err) 284 goto out; 285 286 rcu_assign_pointer(br->vlan_info, pv); 287 return 0; 288 out: 289 kfree(pv); 290 return err; 291 } 292 293 /* Must be protected by RTNL. 294 * Must be called with vid in range from 1 to 4094 inclusive. 295 */ 296 int br_vlan_delete(struct net_bridge *br, u16 vid) 297 { 298 struct net_port_vlans *pv; 299 300 ASSERT_RTNL(); 301 302 pv = rtnl_dereference(br->vlan_info); 303 if (!pv) 304 return -EINVAL; 305 306 spin_lock_bh(&br->hash_lock); 307 fdb_delete_by_addr(br, br->dev->dev_addr, vid); 308 spin_unlock_bh(&br->hash_lock); 309 310 __vlan_del(pv, vid); 311 return 0; 312 } 313 314 void br_vlan_flush(struct net_bridge *br) 315 { 316 struct net_port_vlans *pv; 317 318 ASSERT_RTNL(); 319 pv = rtnl_dereference(br->vlan_info); 320 if (!pv) 321 return; 322 323 __vlan_flush(pv); 324 } 325 326 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 327 { 328 if (!rtnl_trylock()) 329 return restart_syscall(); 330 331 if (br->vlan_enabled == val) 332 goto unlock; 333 334 br->vlan_enabled = val; 335 336 unlock: 337 rtnl_unlock(); 338 return 0; 339 } 340 341 /* Must be protected by RTNL. 342 * Must be called with vid in range from 1 to 4094 inclusive. 343 */ 344 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 345 { 346 struct net_port_vlans *pv = NULL; 347 int err; 348 349 ASSERT_RTNL(); 350 351 pv = rtnl_dereference(port->vlan_info); 352 if (pv) 353 return __vlan_add(pv, vid, flags); 354 355 /* Create port vlan infomration 356 */ 357 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 358 if (!pv) { 359 err = -ENOMEM; 360 goto clean_up; 361 } 362 363 pv->port_idx = port->port_no; 364 pv->parent.port = port; 365 err = __vlan_add(pv, vid, flags); 366 if (err) 367 goto clean_up; 368 369 rcu_assign_pointer(port->vlan_info, pv); 370 return 0; 371 372 clean_up: 373 kfree(pv); 374 return err; 375 } 376 377 /* Must be protected by RTNL. 378 * Must be called with vid in range from 1 to 4094 inclusive. 379 */ 380 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 381 { 382 struct net_port_vlans *pv; 383 384 ASSERT_RTNL(); 385 386 pv = rtnl_dereference(port->vlan_info); 387 if (!pv) 388 return -EINVAL; 389 390 spin_lock_bh(&port->br->hash_lock); 391 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid); 392 spin_unlock_bh(&port->br->hash_lock); 393 394 return __vlan_del(pv, vid); 395 } 396 397 void nbp_vlan_flush(struct net_bridge_port *port) 398 { 399 struct net_port_vlans *pv; 400 401 ASSERT_RTNL(); 402 403 pv = rtnl_dereference(port->vlan_info); 404 if (!pv) 405 return; 406 407 __vlan_flush(pv); 408 } 409 410 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 411 { 412 struct net_port_vlans *pv; 413 bool found = false; 414 415 rcu_read_lock(); 416 pv = rcu_dereference(port->vlan_info); 417 418 if (!pv) 419 goto out; 420 421 if (test_bit(vid, pv->vlan_bitmap)) 422 found = true; 423 424 out: 425 rcu_read_unlock(); 426 return found; 427 } 428