1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 struct net_bridge_port *p = NULL; 38 struct net_bridge *br; 39 struct net_device *dev; 40 int err; 41 42 if (test_bit(vid, v->vlan_bitmap)) { 43 __vlan_add_flags(v, vid, flags); 44 return 0; 45 } 46 47 if (v->port_idx) { 48 p = v->parent.port; 49 br = p->br; 50 dev = p->dev; 51 } else { 52 br = v->parent.br; 53 dev = br->dev; 54 } 55 56 if (p) { 57 /* Add VLAN to the device filter if it is supported. 58 * Stricly speaking, this is not necessary now, since 59 * devices are made promiscuous by the bridge, but if 60 * that ever changes this code will allow tagged 61 * traffic to enter the bridge. 62 */ 63 err = vlan_vid_add(dev, br->vlan_proto, vid); 64 if (err) 65 return err; 66 } 67 68 err = br_fdb_insert(br, p, dev->dev_addr, vid); 69 if (err) { 70 br_err(br, "failed insert local address into bridge " 71 "forwarding table\n"); 72 goto out_filt; 73 } 74 75 set_bit(vid, v->vlan_bitmap); 76 v->num_vlans++; 77 __vlan_add_flags(v, vid, flags); 78 79 return 0; 80 81 out_filt: 82 if (p) 83 vlan_vid_del(dev, br->vlan_proto, vid); 84 return err; 85 } 86 87 static int __vlan_del(struct net_port_vlans *v, u16 vid) 88 { 89 if (!test_bit(vid, v->vlan_bitmap)) 90 return -EINVAL; 91 92 __vlan_delete_pvid(v, vid); 93 clear_bit(vid, v->untagged_bitmap); 94 95 if (v->port_idx) { 96 struct net_bridge_port *p = v->parent.port; 97 vlan_vid_del(p->dev, p->br->vlan_proto, vid); 98 } 99 100 clear_bit(vid, v->vlan_bitmap); 101 v->num_vlans--; 102 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 103 if (v->port_idx) 104 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 105 else 106 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 107 kfree_rcu(v, rcu); 108 } 109 return 0; 110 } 111 112 static void __vlan_flush(struct net_port_vlans *v) 113 { 114 smp_wmb(); 115 v->pvid = 0; 116 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 117 if (v->port_idx) 118 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL); 119 else 120 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL); 121 kfree_rcu(v, rcu); 122 } 123 124 struct sk_buff *br_handle_vlan(struct net_bridge *br, 125 const struct net_port_vlans *pv, 126 struct sk_buff *skb) 127 { 128 u16 vid; 129 130 if (!br->vlan_enabled) 131 goto out; 132 133 /* Vlan filter table must be configured at this point. The 134 * only exception is the bridge is set in promisc mode and the 135 * packet is destined for the bridge device. In this case 136 * pass the packet as is. 137 */ 138 if (!pv) { 139 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 140 goto out; 141 } else { 142 kfree_skb(skb); 143 return NULL; 144 } 145 } 146 147 /* At this point, we know that the frame was filtered and contains 148 * a valid vlan id. If the vlan id is set in the untagged bitmap, 149 * send untagged; otherwise, send tagged. 150 */ 151 br_vlan_get_tag(skb, &vid); 152 if (test_bit(vid, pv->untagged_bitmap)) 153 skb->vlan_tci = 0; 154 155 out: 156 return skb; 157 } 158 159 /* Called under RCU */ 160 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 161 struct sk_buff *skb, u16 *vid) 162 { 163 bool tagged; 164 __be16 proto; 165 166 /* If VLAN filtering is disabled on the bridge, all packets are 167 * permitted. 168 */ 169 if (!br->vlan_enabled) 170 return true; 171 172 /* If there are no vlan in the permitted list, all packets are 173 * rejected. 174 */ 175 if (!v) 176 goto drop; 177 178 proto = br->vlan_proto; 179 180 /* If vlan tx offload is disabled on bridge device and frame was 181 * sent from vlan device on the bridge device, it does not have 182 * HW accelerated vlan tag. 183 */ 184 if (unlikely(!vlan_tx_tag_present(skb) && 185 skb->protocol == proto)) { 186 skb = vlan_untag(skb); 187 if (unlikely(!skb)) 188 return false; 189 } 190 191 if (!br_vlan_get_tag(skb, vid)) { 192 /* Tagged frame */ 193 if (skb->vlan_proto != proto) { 194 /* Protocol-mismatch, empty out vlan_tci for new tag */ 195 skb_push(skb, ETH_HLEN); 196 skb = __vlan_put_tag(skb, skb->vlan_proto, 197 vlan_tx_tag_get(skb)); 198 if (unlikely(!skb)) 199 return false; 200 201 skb_pull(skb, ETH_HLEN); 202 skb_reset_mac_len(skb); 203 *vid = 0; 204 tagged = false; 205 } else { 206 tagged = true; 207 } 208 } else { 209 /* Untagged frame */ 210 tagged = false; 211 } 212 213 if (!*vid) { 214 u16 pvid = br_get_pvid(v); 215 216 /* Frame had a tag with VID 0 or did not have a tag. 217 * See if pvid is set on this port. That tells us which 218 * vlan untagged or priority-tagged traffic belongs to. 219 */ 220 if (pvid == VLAN_N_VID) 221 goto drop; 222 223 /* PVID is set on this port. Any untagged or priority-tagged 224 * ingress frame is considered to belong to this vlan. 225 */ 226 *vid = pvid; 227 if (likely(!tagged)) 228 /* Untagged Frame. */ 229 __vlan_hwaccel_put_tag(skb, proto, pvid); 230 else 231 /* Priority-tagged Frame. 232 * At this point, We know that skb->vlan_tci had 233 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 234 * We update only VID field and preserve PCP field. 235 */ 236 skb->vlan_tci |= pvid; 237 238 return true; 239 } 240 241 /* Frame had a valid vlan tag. See if vlan is allowed */ 242 if (test_bit(*vid, v->vlan_bitmap)) 243 return true; 244 drop: 245 kfree_skb(skb); 246 return false; 247 } 248 249 /* Called under RCU. */ 250 bool br_allowed_egress(struct net_bridge *br, 251 const struct net_port_vlans *v, 252 const struct sk_buff *skb) 253 { 254 u16 vid; 255 256 if (!br->vlan_enabled) 257 return true; 258 259 if (!v) 260 return false; 261 262 br_vlan_get_tag(skb, &vid); 263 if (test_bit(vid, v->vlan_bitmap)) 264 return true; 265 266 return false; 267 } 268 269 /* Called under RCU */ 270 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 271 { 272 struct net_bridge *br = p->br; 273 struct net_port_vlans *v; 274 275 if (!br->vlan_enabled) 276 return true; 277 278 v = rcu_dereference(p->vlan_info); 279 if (!v) 280 return false; 281 282 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 283 *vid = 0; 284 285 if (!*vid) { 286 *vid = br_get_pvid(v); 287 if (*vid == VLAN_N_VID) 288 return false; 289 290 return true; 291 } 292 293 if (test_bit(*vid, v->vlan_bitmap)) 294 return true; 295 296 return false; 297 } 298 299 /* Must be protected by RTNL. 300 * Must be called with vid in range from 1 to 4094 inclusive. 301 */ 302 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 303 { 304 struct net_port_vlans *pv = NULL; 305 int err; 306 307 ASSERT_RTNL(); 308 309 pv = rtnl_dereference(br->vlan_info); 310 if (pv) 311 return __vlan_add(pv, vid, flags); 312 313 /* Create port vlan infomration 314 */ 315 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 316 if (!pv) 317 return -ENOMEM; 318 319 pv->parent.br = br; 320 err = __vlan_add(pv, vid, flags); 321 if (err) 322 goto out; 323 324 rcu_assign_pointer(br->vlan_info, pv); 325 return 0; 326 out: 327 kfree(pv); 328 return err; 329 } 330 331 /* Must be protected by RTNL. 332 * Must be called with vid in range from 1 to 4094 inclusive. 333 */ 334 int br_vlan_delete(struct net_bridge *br, u16 vid) 335 { 336 struct net_port_vlans *pv; 337 338 ASSERT_RTNL(); 339 340 pv = rtnl_dereference(br->vlan_info); 341 if (!pv) 342 return -EINVAL; 343 344 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 345 346 __vlan_del(pv, vid); 347 return 0; 348 } 349 350 void br_vlan_flush(struct net_bridge *br) 351 { 352 struct net_port_vlans *pv; 353 354 ASSERT_RTNL(); 355 pv = rtnl_dereference(br->vlan_info); 356 if (!pv) 357 return; 358 359 __vlan_flush(pv); 360 } 361 362 bool br_vlan_find(struct net_bridge *br, u16 vid) 363 { 364 struct net_port_vlans *pv; 365 bool found = false; 366 367 rcu_read_lock(); 368 pv = rcu_dereference(br->vlan_info); 369 370 if (!pv) 371 goto out; 372 373 if (test_bit(vid, pv->vlan_bitmap)) 374 found = true; 375 376 out: 377 rcu_read_unlock(); 378 return found; 379 } 380 381 /* Must be protected by RTNL. */ 382 static void recalculate_group_addr(struct net_bridge *br) 383 { 384 if (br->group_addr_set) 385 return; 386 387 spin_lock_bh(&br->lock); 388 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 389 /* Bridge Group Address */ 390 br->group_addr[5] = 0x00; 391 } else { /* vlan_enabled && ETH_P_8021AD */ 392 /* Provider Bridge Group Address */ 393 br->group_addr[5] = 0x08; 394 } 395 spin_unlock_bh(&br->lock); 396 } 397 398 /* Must be protected by RTNL. */ 399 void br_recalculate_fwd_mask(struct net_bridge *br) 400 { 401 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 402 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 403 else /* vlan_enabled && ETH_P_8021AD */ 404 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 405 ~(1u << br->group_addr[5]); 406 } 407 408 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 409 { 410 if (!rtnl_trylock()) 411 return restart_syscall(); 412 413 if (br->vlan_enabled == val) 414 goto unlock; 415 416 br->vlan_enabled = val; 417 br_manage_promisc(br); 418 recalculate_group_addr(br); 419 br_recalculate_fwd_mask(br); 420 421 unlock: 422 rtnl_unlock(); 423 return 0; 424 } 425 426 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 427 { 428 int err = 0; 429 struct net_bridge_port *p; 430 struct net_port_vlans *pv; 431 __be16 proto, oldproto; 432 u16 vid, errvid; 433 434 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 435 return -EPROTONOSUPPORT; 436 437 if (!rtnl_trylock()) 438 return restart_syscall(); 439 440 proto = htons(val); 441 if (br->vlan_proto == proto) 442 goto unlock; 443 444 /* Add VLANs for the new proto to the device filter. */ 445 list_for_each_entry(p, &br->port_list, list) { 446 pv = rtnl_dereference(p->vlan_info); 447 if (!pv) 448 continue; 449 450 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) { 451 err = vlan_vid_add(p->dev, proto, vid); 452 if (err) 453 goto err_filt; 454 } 455 } 456 457 oldproto = br->vlan_proto; 458 br->vlan_proto = proto; 459 460 recalculate_group_addr(br); 461 br_recalculate_fwd_mask(br); 462 463 /* Delete VLANs for the old proto from the device filter. */ 464 list_for_each_entry(p, &br->port_list, list) { 465 pv = rtnl_dereference(p->vlan_info); 466 if (!pv) 467 continue; 468 469 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 470 vlan_vid_del(p->dev, oldproto, vid); 471 } 472 473 unlock: 474 rtnl_unlock(); 475 return err; 476 477 err_filt: 478 errvid = vid; 479 for_each_set_bit(vid, pv->vlan_bitmap, errvid) 480 vlan_vid_del(p->dev, proto, vid); 481 482 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 483 pv = rtnl_dereference(p->vlan_info); 484 if (!pv) 485 continue; 486 487 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 488 vlan_vid_del(p->dev, proto, vid); 489 } 490 491 goto unlock; 492 } 493 494 void br_vlan_init(struct net_bridge *br) 495 { 496 br->vlan_proto = htons(ETH_P_8021Q); 497 } 498 499 /* Must be protected by RTNL. 500 * Must be called with vid in range from 1 to 4094 inclusive. 501 */ 502 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 503 { 504 struct net_port_vlans *pv = NULL; 505 int err; 506 507 ASSERT_RTNL(); 508 509 pv = rtnl_dereference(port->vlan_info); 510 if (pv) 511 return __vlan_add(pv, vid, flags); 512 513 /* Create port vlan infomration 514 */ 515 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 516 if (!pv) { 517 err = -ENOMEM; 518 goto clean_up; 519 } 520 521 pv->port_idx = port->port_no; 522 pv->parent.port = port; 523 err = __vlan_add(pv, vid, flags); 524 if (err) 525 goto clean_up; 526 527 rcu_assign_pointer(port->vlan_info, pv); 528 return 0; 529 530 clean_up: 531 kfree(pv); 532 return err; 533 } 534 535 /* Must be protected by RTNL. 536 * Must be called with vid in range from 1 to 4094 inclusive. 537 */ 538 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 539 { 540 struct net_port_vlans *pv; 541 542 ASSERT_RTNL(); 543 544 pv = rtnl_dereference(port->vlan_info); 545 if (!pv) 546 return -EINVAL; 547 548 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 549 550 return __vlan_del(pv, vid); 551 } 552 553 void nbp_vlan_flush(struct net_bridge_port *port) 554 { 555 struct net_port_vlans *pv; 556 u16 vid; 557 558 ASSERT_RTNL(); 559 560 pv = rtnl_dereference(port->vlan_info); 561 if (!pv) 562 return; 563 564 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) 565 vlan_vid_del(port->dev, port->br->vlan_proto, vid); 566 567 __vlan_flush(pv); 568 } 569 570 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 571 { 572 struct net_port_vlans *pv; 573 bool found = false; 574 575 rcu_read_lock(); 576 pv = rcu_dereference(port->vlan_info); 577 578 if (!pv) 579 goto out; 580 581 if (test_bit(vid, pv->vlan_bitmap)) 582 found = true; 583 584 out: 585 rcu_read_unlock(); 586 return found; 587 } 588