xref: /openbmc/linux/net/bridge/br_vlan.c (revision fdb0a662) 
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 	if (v->pvid == vid)
11 		return;
12 
13 	smp_wmb();
14 	v->pvid = vid;
15 }
16 
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 	if (v->pvid != vid)
20 		return;
21 
22 	smp_wmb();
23 	v->pvid = 0;
24 }
25 
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 	if (flags & BRIDGE_VLAN_INFO_PVID)
29 		__vlan_add_pvid(v, vid);
30 
31 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 		set_bit(vid, v->untagged_bitmap);
33 }
34 
35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 	struct net_bridge_port *p = NULL;
38 	struct net_bridge *br;
39 	struct net_device *dev;
40 	int err;
41 
42 	if (test_bit(vid, v->vlan_bitmap)) {
43 		__vlan_add_flags(v, vid, flags);
44 		return 0;
45 	}
46 
47 	if (v->port_idx) {
48 		p = v->parent.port;
49 		br = p->br;
50 		dev = p->dev;
51 	} else {
52 		br = v->parent.br;
53 		dev = br->dev;
54 	}
55 
56 	if (p) {
57 		/* Add VLAN to the device filter if it is supported.
58 		 * This ensures tagged traffic enters the bridge when
59 		 * promiscuous mode is disabled by br_manage_promisc().
60 		 */
61 		err = vlan_vid_add(dev, br->vlan_proto, vid);
62 		if (err)
63 			return err;
64 	}
65 
66 	err = br_fdb_insert(br, p, dev->dev_addr, vid);
67 	if (err) {
68 		br_err(br, "failed insert local address into bridge "
69 		       "forwarding table\n");
70 		goto out_filt;
71 	}
72 
73 	set_bit(vid, v->vlan_bitmap);
74 	v->num_vlans++;
75 	__vlan_add_flags(v, vid, flags);
76 
77 	return 0;
78 
79 out_filt:
80 	if (p)
81 		vlan_vid_del(dev, br->vlan_proto, vid);
82 	return err;
83 }
84 
85 static int __vlan_del(struct net_port_vlans *v, u16 vid)
86 {
87 	if (!test_bit(vid, v->vlan_bitmap))
88 		return -EINVAL;
89 
90 	__vlan_delete_pvid(v, vid);
91 	clear_bit(vid, v->untagged_bitmap);
92 
93 	if (v->port_idx) {
94 		struct net_bridge_port *p = v->parent.port;
95 		vlan_vid_del(p->dev, p->br->vlan_proto, vid);
96 	}
97 
98 	clear_bit(vid, v->vlan_bitmap);
99 	v->num_vlans--;
100 	if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
101 		if (v->port_idx)
102 			RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
103 		else
104 			RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
105 		kfree_rcu(v, rcu);
106 	}
107 	return 0;
108 }
109 
110 static void __vlan_flush(struct net_port_vlans *v)
111 {
112 	smp_wmb();
113 	v->pvid = 0;
114 	bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
115 	if (v->port_idx)
116 		RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
117 	else
118 		RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
119 	kfree_rcu(v, rcu);
120 }
121 
122 struct sk_buff *br_handle_vlan(struct net_bridge *br,
123 			       const struct net_port_vlans *pv,
124 			       struct sk_buff *skb)
125 {
126 	u16 vid;
127 
128 	if (!br->vlan_enabled)
129 		goto out;
130 
131 	/* Vlan filter table must be configured at this point.  The
132 	 * only exception is the bridge is set in promisc mode and the
133 	 * packet is destined for the bridge device.  In this case
134 	 * pass the packet as is.
135 	 */
136 	if (!pv) {
137 		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
138 			goto out;
139 		} else {
140 			kfree_skb(skb);
141 			return NULL;
142 		}
143 	}
144 
145 	/* At this point, we know that the frame was filtered and contains
146 	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
147 	 * send untagged; otherwise, send tagged.
148 	 */
149 	br_vlan_get_tag(skb, &vid);
150 	if (test_bit(vid, pv->untagged_bitmap))
151 		skb->vlan_tci = 0;
152 
153 out:
154 	return skb;
155 }
156 
157 /* Called under RCU */
158 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
159 			struct sk_buff *skb, u16 *vid)
160 {
161 	bool tagged;
162 	__be16 proto;
163 
164 	/* If VLAN filtering is disabled on the bridge, all packets are
165 	 * permitted.
166 	 */
167 	if (!br->vlan_enabled)
168 		return true;
169 
170 	/* If there are no vlan in the permitted list, all packets are
171 	 * rejected.
172 	 */
173 	if (!v)
174 		goto drop;
175 
176 	proto = br->vlan_proto;
177 
178 	/* If vlan tx offload is disabled on bridge device and frame was
179 	 * sent from vlan device on the bridge device, it does not have
180 	 * HW accelerated vlan tag.
181 	 */
182 	if (unlikely(!vlan_tx_tag_present(skb) &&
183 		     skb->protocol == proto)) {
184 		skb = vlan_untag(skb);
185 		if (unlikely(!skb))
186 			return false;
187 	}
188 
189 	if (!br_vlan_get_tag(skb, vid)) {
190 		/* Tagged frame */
191 		if (skb->vlan_proto != proto) {
192 			/* Protocol-mismatch, empty out vlan_tci for new tag */
193 			skb_push(skb, ETH_HLEN);
194 			skb = __vlan_put_tag(skb, skb->vlan_proto,
195 					     vlan_tx_tag_get(skb));
196 			if (unlikely(!skb))
197 				return false;
198 
199 			skb_pull(skb, ETH_HLEN);
200 			skb_reset_mac_len(skb);
201 			*vid = 0;
202 			tagged = false;
203 		} else {
204 			tagged = true;
205 		}
206 	} else {
207 		/* Untagged frame */
208 		tagged = false;
209 	}
210 
211 	if (!*vid) {
212 		u16 pvid = br_get_pvid(v);
213 
214 		/* Frame had a tag with VID 0 or did not have a tag.
215 		 * See if pvid is set on this port.  That tells us which
216 		 * vlan untagged or priority-tagged traffic belongs to.
217 		 */
218 		if (pvid == VLAN_N_VID)
219 			goto drop;
220 
221 		/* PVID is set on this port.  Any untagged or priority-tagged
222 		 * ingress frame is considered to belong to this vlan.
223 		 */
224 		*vid = pvid;
225 		if (likely(!tagged))
226 			/* Untagged Frame. */
227 			__vlan_hwaccel_put_tag(skb, proto, pvid);
228 		else
229 			/* Priority-tagged Frame.
230 			 * At this point, We know that skb->vlan_tci had
231 			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
232 			 * We update only VID field and preserve PCP field.
233 			 */
234 			skb->vlan_tci |= pvid;
235 
236 		return true;
237 	}
238 
239 	/* Frame had a valid vlan tag.  See if vlan is allowed */
240 	if (test_bit(*vid, v->vlan_bitmap))
241 		return true;
242 drop:
243 	kfree_skb(skb);
244 	return false;
245 }
246 
247 /* Called under RCU. */
248 bool br_allowed_egress(struct net_bridge *br,
249 		       const struct net_port_vlans *v,
250 		       const struct sk_buff *skb)
251 {
252 	u16 vid;
253 
254 	if (!br->vlan_enabled)
255 		return true;
256 
257 	if (!v)
258 		return false;
259 
260 	br_vlan_get_tag(skb, &vid);
261 	if (test_bit(vid, v->vlan_bitmap))
262 		return true;
263 
264 	return false;
265 }
266 
267 /* Called under RCU */
268 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
269 {
270 	struct net_bridge *br = p->br;
271 	struct net_port_vlans *v;
272 
273 	if (!br->vlan_enabled)
274 		return true;
275 
276 	v = rcu_dereference(p->vlan_info);
277 	if (!v)
278 		return false;
279 
280 	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
281 		*vid = 0;
282 
283 	if (!*vid) {
284 		*vid = br_get_pvid(v);
285 		if (*vid == VLAN_N_VID)
286 			return false;
287 
288 		return true;
289 	}
290 
291 	if (test_bit(*vid, v->vlan_bitmap))
292 		return true;
293 
294 	return false;
295 }
296 
297 /* Must be protected by RTNL.
298  * Must be called with vid in range from 1 to 4094 inclusive.
299  */
300 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
301 {
302 	struct net_port_vlans *pv = NULL;
303 	int err;
304 
305 	ASSERT_RTNL();
306 
307 	pv = rtnl_dereference(br->vlan_info);
308 	if (pv)
309 		return __vlan_add(pv, vid, flags);
310 
311 	/* Create port vlan infomration
312 	 */
313 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
314 	if (!pv)
315 		return -ENOMEM;
316 
317 	pv->parent.br = br;
318 	err = __vlan_add(pv, vid, flags);
319 	if (err)
320 		goto out;
321 
322 	rcu_assign_pointer(br->vlan_info, pv);
323 	return 0;
324 out:
325 	kfree(pv);
326 	return err;
327 }
328 
329 /* Must be protected by RTNL.
330  * Must be called with vid in range from 1 to 4094 inclusive.
331  */
332 int br_vlan_delete(struct net_bridge *br, u16 vid)
333 {
334 	struct net_port_vlans *pv;
335 
336 	ASSERT_RTNL();
337 
338 	pv = rtnl_dereference(br->vlan_info);
339 	if (!pv)
340 		return -EINVAL;
341 
342 	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
343 
344 	__vlan_del(pv, vid);
345 	return 0;
346 }
347 
348 void br_vlan_flush(struct net_bridge *br)
349 {
350 	struct net_port_vlans *pv;
351 
352 	ASSERT_RTNL();
353 	pv = rtnl_dereference(br->vlan_info);
354 	if (!pv)
355 		return;
356 
357 	__vlan_flush(pv);
358 }
359 
360 bool br_vlan_find(struct net_bridge *br, u16 vid)
361 {
362 	struct net_port_vlans *pv;
363 	bool found = false;
364 
365 	rcu_read_lock();
366 	pv = rcu_dereference(br->vlan_info);
367 
368 	if (!pv)
369 		goto out;
370 
371 	if (test_bit(vid, pv->vlan_bitmap))
372 		found = true;
373 
374 out:
375 	rcu_read_unlock();
376 	return found;
377 }
378 
379 /* Must be protected by RTNL. */
380 static void recalculate_group_addr(struct net_bridge *br)
381 {
382 	if (br->group_addr_set)
383 		return;
384 
385 	spin_lock_bh(&br->lock);
386 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
387 		/* Bridge Group Address */
388 		br->group_addr[5] = 0x00;
389 	} else { /* vlan_enabled && ETH_P_8021AD */
390 		/* Provider Bridge Group Address */
391 		br->group_addr[5] = 0x08;
392 	}
393 	spin_unlock_bh(&br->lock);
394 }
395 
396 /* Must be protected by RTNL. */
397 void br_recalculate_fwd_mask(struct net_bridge *br)
398 {
399 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
400 		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
401 	else /* vlan_enabled && ETH_P_8021AD */
402 		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
403 					      ~(1u << br->group_addr[5]);
404 }
405 
406 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
407 {
408 	if (!rtnl_trylock())
409 		return restart_syscall();
410 
411 	if (br->vlan_enabled == val)
412 		goto unlock;
413 
414 	br->vlan_enabled = val;
415 	br_manage_promisc(br);
416 	recalculate_group_addr(br);
417 	br_recalculate_fwd_mask(br);
418 
419 unlock:
420 	rtnl_unlock();
421 	return 0;
422 }
423 
424 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
425 {
426 	int err = 0;
427 	struct net_bridge_port *p;
428 	struct net_port_vlans *pv;
429 	__be16 proto, oldproto;
430 	u16 vid, errvid;
431 
432 	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
433 		return -EPROTONOSUPPORT;
434 
435 	if (!rtnl_trylock())
436 		return restart_syscall();
437 
438 	proto = htons(val);
439 	if (br->vlan_proto == proto)
440 		goto unlock;
441 
442 	/* Add VLANs for the new proto to the device filter. */
443 	list_for_each_entry(p, &br->port_list, list) {
444 		pv = rtnl_dereference(p->vlan_info);
445 		if (!pv)
446 			continue;
447 
448 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
449 			err = vlan_vid_add(p->dev, proto, vid);
450 			if (err)
451 				goto err_filt;
452 		}
453 	}
454 
455 	oldproto = br->vlan_proto;
456 	br->vlan_proto = proto;
457 
458 	recalculate_group_addr(br);
459 	br_recalculate_fwd_mask(br);
460 
461 	/* Delete VLANs for the old proto from the device filter. */
462 	list_for_each_entry(p, &br->port_list, list) {
463 		pv = rtnl_dereference(p->vlan_info);
464 		if (!pv)
465 			continue;
466 
467 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
468 			vlan_vid_del(p->dev, oldproto, vid);
469 	}
470 
471 unlock:
472 	rtnl_unlock();
473 	return err;
474 
475 err_filt:
476 	errvid = vid;
477 	for_each_set_bit(vid, pv->vlan_bitmap, errvid)
478 		vlan_vid_del(p->dev, proto, vid);
479 
480 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
481 		pv = rtnl_dereference(p->vlan_info);
482 		if (!pv)
483 			continue;
484 
485 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
486 			vlan_vid_del(p->dev, proto, vid);
487 	}
488 
489 	goto unlock;
490 }
491 
492 void br_vlan_init(struct net_bridge *br)
493 {
494 	br->vlan_proto = htons(ETH_P_8021Q);
495 }
496 
497 /* Must be protected by RTNL.
498  * Must be called with vid in range from 1 to 4094 inclusive.
499  */
500 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
501 {
502 	struct net_port_vlans *pv = NULL;
503 	int err;
504 
505 	ASSERT_RTNL();
506 
507 	pv = rtnl_dereference(port->vlan_info);
508 	if (pv)
509 		return __vlan_add(pv, vid, flags);
510 
511 	/* Create port vlan infomration
512 	 */
513 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
514 	if (!pv) {
515 		err = -ENOMEM;
516 		goto clean_up;
517 	}
518 
519 	pv->port_idx = port->port_no;
520 	pv->parent.port = port;
521 	err = __vlan_add(pv, vid, flags);
522 	if (err)
523 		goto clean_up;
524 
525 	rcu_assign_pointer(port->vlan_info, pv);
526 	return 0;
527 
528 clean_up:
529 	kfree(pv);
530 	return err;
531 }
532 
533 /* Must be protected by RTNL.
534  * Must be called with vid in range from 1 to 4094 inclusive.
535  */
536 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
537 {
538 	struct net_port_vlans *pv;
539 
540 	ASSERT_RTNL();
541 
542 	pv = rtnl_dereference(port->vlan_info);
543 	if (!pv)
544 		return -EINVAL;
545 
546 	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
547 
548 	return __vlan_del(pv, vid);
549 }
550 
551 void nbp_vlan_flush(struct net_bridge_port *port)
552 {
553 	struct net_port_vlans *pv;
554 	u16 vid;
555 
556 	ASSERT_RTNL();
557 
558 	pv = rtnl_dereference(port->vlan_info);
559 	if (!pv)
560 		return;
561 
562 	for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
563 		vlan_vid_del(port->dev, port->br->vlan_proto, vid);
564 
565 	__vlan_flush(pv);
566 }
567 
568 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
569 {
570 	struct net_port_vlans *pv;
571 	bool found = false;
572 
573 	rcu_read_lock();
574 	pv = rcu_dereference(port->vlan_info);
575 
576 	if (!pv)
577 		goto out;
578 
579 	if (test_bit(vid, pv->vlan_bitmap))
580 		found = true;
581 
582 out:
583 	rcu_read_unlock();
584 	return found;
585 }
586