1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid) 9 { 10 if (v->pvid == vid) 11 return; 12 13 smp_wmb(); 14 v->pvid = vid; 15 } 16 17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid) 18 { 19 if (v->pvid != vid) 20 return; 21 22 smp_wmb(); 23 v->pvid = 0; 24 } 25 26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags) 27 { 28 if (flags & BRIDGE_VLAN_INFO_PVID) 29 __vlan_add_pvid(v, vid); 30 31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 32 set_bit(vid, v->untagged_bitmap); 33 } 34 35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags) 36 { 37 const struct net_device_ops *ops; 38 struct net_bridge_port *p = NULL; 39 struct net_bridge *br; 40 struct net_device *dev; 41 int err; 42 43 if (test_bit(vid, v->vlan_bitmap)) { 44 __vlan_add_flags(v, vid, flags); 45 return 0; 46 } 47 48 if (v->port_idx) { 49 p = v->parent.port; 50 br = p->br; 51 dev = p->dev; 52 } else { 53 br = v->parent.br; 54 dev = br->dev; 55 } 56 ops = dev->netdev_ops; 57 58 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) { 59 /* Add VLAN to the device filter if it is supported. 60 * Stricly speaking, this is not necessary now, since 61 * devices are made promiscuous by the bridge, but if 62 * that ever changes this code will allow tagged 63 * traffic to enter the bridge. 64 */ 65 err = ops->ndo_vlan_rx_add_vid(dev, htons(ETH_P_8021Q), 66 vid); 67 if (err) 68 return err; 69 } 70 71 err = br_fdb_insert(br, p, dev->dev_addr, vid); 72 if (err) { 73 br_err(br, "failed insert local address into bridge " 74 "forwarding table\n"); 75 goto out_filt; 76 } 77 78 set_bit(vid, v->vlan_bitmap); 79 v->num_vlans++; 80 __vlan_add_flags(v, vid, flags); 81 82 return 0; 83 84 out_filt: 85 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) 86 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid); 87 return err; 88 } 89 90 static int __vlan_del(struct net_port_vlans *v, u16 vid) 91 { 92 if (!test_bit(vid, v->vlan_bitmap)) 93 return -EINVAL; 94 95 __vlan_delete_pvid(v, vid); 96 clear_bit(vid, v->untagged_bitmap); 97 98 if (v->port_idx) { 99 struct net_device *dev = v->parent.port->dev; 100 const struct net_device_ops *ops = dev->netdev_ops; 101 102 if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER) 103 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid); 104 } 105 106 clear_bit(vid, v->vlan_bitmap); 107 v->num_vlans--; 108 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) { 109 if (v->port_idx) 110 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 111 else 112 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 113 kfree_rcu(v, rcu); 114 } 115 return 0; 116 } 117 118 static void __vlan_flush(struct net_port_vlans *v) 119 { 120 smp_wmb(); 121 v->pvid = 0; 122 bitmap_zero(v->vlan_bitmap, VLAN_N_VID); 123 if (v->port_idx) 124 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 125 else 126 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 127 kfree_rcu(v, rcu); 128 } 129 130 /* Strip the tag from the packet. Will return skb with tci set 0. */ 131 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 132 { 133 if (skb->protocol != htons(ETH_P_8021Q)) { 134 skb->vlan_tci = 0; 135 return skb; 136 } 137 138 skb->vlan_tci = 0; 139 skb = vlan_untag(skb); 140 if (skb) 141 skb->vlan_tci = 0; 142 143 return skb; 144 } 145 146 struct sk_buff *br_handle_vlan(struct net_bridge *br, 147 const struct net_port_vlans *pv, 148 struct sk_buff *skb) 149 { 150 u16 vid; 151 152 if (!br->vlan_enabled) 153 goto out; 154 155 /* At this point, we know that the frame was filtered and contains 156 * a valid vlan id. If the vlan id is set in the untagged bitmap, 157 * send untagged; otherwise, send taged. 158 */ 159 br_vlan_get_tag(skb, &vid); 160 if (test_bit(vid, pv->untagged_bitmap)) 161 skb = br_vlan_untag(skb); 162 else { 163 /* Egress policy says "send tagged". If output device 164 * is the bridge, we need to add the VLAN header 165 * ourselves since we'll be going through the RX path. 166 * Sending to ports puts the frame on the TX path and 167 * we let dev_hard_start_xmit() add the header. 168 */ 169 if (skb->protocol != htons(ETH_P_8021Q) && 170 pv->port_idx == 0) { 171 /* vlan_put_tag expects skb->data to point to 172 * mac header. 173 */ 174 skb_push(skb, ETH_HLEN); 175 skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci); 176 if (!skb) 177 goto out; 178 /* put skb->data back to where it was */ 179 skb_pull(skb, ETH_HLEN); 180 skb->vlan_tci = 0; 181 } 182 } 183 184 out: 185 return skb; 186 } 187 188 /* Called under RCU */ 189 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 190 struct sk_buff *skb, u16 *vid) 191 { 192 int err; 193 194 /* If VLAN filtering is disabled on the bridge, all packets are 195 * permitted. 196 */ 197 if (!br->vlan_enabled) 198 return true; 199 200 /* If there are no vlan in the permitted list, all packets are 201 * rejected. 202 */ 203 if (!v) 204 return false; 205 206 err = br_vlan_get_tag(skb, vid); 207 if (!*vid) { 208 u16 pvid = br_get_pvid(v); 209 210 /* Frame had a tag with VID 0 or did not have a tag. 211 * See if pvid is set on this port. That tells us which 212 * vlan untagged or priority-tagged traffic belongs to. 213 */ 214 if (pvid == VLAN_N_VID) 215 return false; 216 217 /* PVID is set on this port. Any untagged or priority-tagged 218 * ingress frame is considered to belong to this vlan. 219 */ 220 *vid = pvid; 221 if (likely(err)) 222 /* Untagged Frame. */ 223 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid); 224 else 225 /* Priority-tagged Frame. 226 * At this point, We know that skb->vlan_tci had 227 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 228 * We update only VID field and preserve PCP field. 229 */ 230 skb->vlan_tci |= pvid; 231 232 return true; 233 } 234 235 /* Frame had a valid vlan tag. See if vlan is allowed */ 236 if (test_bit(*vid, v->vlan_bitmap)) 237 return true; 238 239 return false; 240 } 241 242 /* Called under RCU. */ 243 bool br_allowed_egress(struct net_bridge *br, 244 const struct net_port_vlans *v, 245 const struct sk_buff *skb) 246 { 247 u16 vid; 248 249 if (!br->vlan_enabled) 250 return true; 251 252 if (!v) 253 return false; 254 255 br_vlan_get_tag(skb, &vid); 256 if (test_bit(vid, v->vlan_bitmap)) 257 return true; 258 259 return false; 260 } 261 262 /* Must be protected by RTNL. 263 * Must be called with vid in range from 1 to 4094 inclusive. 264 */ 265 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 266 { 267 struct net_port_vlans *pv = NULL; 268 int err; 269 270 ASSERT_RTNL(); 271 272 pv = rtnl_dereference(br->vlan_info); 273 if (pv) 274 return __vlan_add(pv, vid, flags); 275 276 /* Create port vlan infomration 277 */ 278 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 279 if (!pv) 280 return -ENOMEM; 281 282 pv->parent.br = br; 283 err = __vlan_add(pv, vid, flags); 284 if (err) 285 goto out; 286 287 rcu_assign_pointer(br->vlan_info, pv); 288 return 0; 289 out: 290 kfree(pv); 291 return err; 292 } 293 294 /* Must be protected by RTNL. 295 * Must be called with vid in range from 1 to 4094 inclusive. 296 */ 297 int br_vlan_delete(struct net_bridge *br, u16 vid) 298 { 299 struct net_port_vlans *pv; 300 301 ASSERT_RTNL(); 302 303 pv = rtnl_dereference(br->vlan_info); 304 if (!pv) 305 return -EINVAL; 306 307 spin_lock_bh(&br->hash_lock); 308 fdb_delete_by_addr(br, br->dev->dev_addr, vid); 309 spin_unlock_bh(&br->hash_lock); 310 311 __vlan_del(pv, vid); 312 return 0; 313 } 314 315 void br_vlan_flush(struct net_bridge *br) 316 { 317 struct net_port_vlans *pv; 318 319 ASSERT_RTNL(); 320 pv = rtnl_dereference(br->vlan_info); 321 if (!pv) 322 return; 323 324 __vlan_flush(pv); 325 } 326 327 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 328 { 329 if (!rtnl_trylock()) 330 return restart_syscall(); 331 332 if (br->vlan_enabled == val) 333 goto unlock; 334 335 br->vlan_enabled = val; 336 337 unlock: 338 rtnl_unlock(); 339 return 0; 340 } 341 342 /* Must be protected by RTNL. 343 * Must be called with vid in range from 1 to 4094 inclusive. 344 */ 345 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 346 { 347 struct net_port_vlans *pv = NULL; 348 int err; 349 350 ASSERT_RTNL(); 351 352 pv = rtnl_dereference(port->vlan_info); 353 if (pv) 354 return __vlan_add(pv, vid, flags); 355 356 /* Create port vlan infomration 357 */ 358 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 359 if (!pv) { 360 err = -ENOMEM; 361 goto clean_up; 362 } 363 364 pv->port_idx = port->port_no; 365 pv->parent.port = port; 366 err = __vlan_add(pv, vid, flags); 367 if (err) 368 goto clean_up; 369 370 rcu_assign_pointer(port->vlan_info, pv); 371 return 0; 372 373 clean_up: 374 kfree(pv); 375 return err; 376 } 377 378 /* Must be protected by RTNL. 379 * Must be called with vid in range from 1 to 4094 inclusive. 380 */ 381 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 382 { 383 struct net_port_vlans *pv; 384 385 ASSERT_RTNL(); 386 387 pv = rtnl_dereference(port->vlan_info); 388 if (!pv) 389 return -EINVAL; 390 391 spin_lock_bh(&port->br->hash_lock); 392 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid); 393 spin_unlock_bh(&port->br->hash_lock); 394 395 return __vlan_del(pv, vid); 396 } 397 398 void nbp_vlan_flush(struct net_bridge_port *port) 399 { 400 struct net_port_vlans *pv; 401 402 ASSERT_RTNL(); 403 404 pv = rtnl_dereference(port->vlan_info); 405 if (!pv) 406 return; 407 408 __vlan_flush(pv); 409 } 410 411 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid) 412 { 413 struct net_port_vlans *pv; 414 bool found = false; 415 416 rcu_read_lock(); 417 pv = rcu_dereference(port->vlan_info); 418 419 if (!pv) 420 goto out; 421 422 if (test_bit(vid, pv->vlan_bitmap)) 423 found = true; 424 425 out: 426 rcu_read_unlock(); 427 return found; 428 } 429