xref: /openbmc/linux/net/dsa/tag_8021q.c (revision b9890054) 
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2019, Vladimir Oltean <olteanv@gmail.com>
3  *
4  * This module is not a complete tagger implementation. It only provides
5  * primitives for taggers that rely on 802.1Q VLAN tags to use. The
6  * dsa_8021q_netdev_ops is registered for API compliance and not used
7  * directly by callers.
8  */
9 #include <linux/if_bridge.h>
10 #include <linux/if_vlan.h>
11 
12 #include "dsa_priv.h"
13 
14 /* Binary structure of the fake 12-bit VID field (when the TPID is
15  * ETH_P_DSA_8021Q):
16  *
17  * | 11  | 10  |  9  |  8  |  7  |  6  |  5  |  4  |  3  |  2  |  1  |  0  |
18  * +-----------+-----+-----------------+-----------+-----------------------+
19  * |    DIR    | RSV |    SWITCH_ID    |    RSV    |          PORT         |
20  * +-----------+-----+-----------------+-----------+-----------------------+
21  *
22  * DIR - VID[11:10]:
23  *	Direction flags.
24  *	* 1 (0b01) for RX VLAN,
25  *	* 2 (0b10) for TX VLAN.
26  *	These values make the special VIDs of 0, 1 and 4095 to be left
27  *	unused by this coding scheme.
28  *
29  * RSV - VID[9]:
30  *	To be used for further expansion of SWITCH_ID or for other purposes.
31  *	Must be transmitted as zero and ignored on receive.
32  *
33  * SWITCH_ID - VID[8:6]:
34  *	Index of switch within DSA tree. Must be between 0 and 7.
35  *
36  * RSV - VID[5:4]:
37  *	To be used for further expansion of PORT or for other purposes.
38  *	Must be transmitted as zero and ignored on receive.
39  *
40  * PORT - VID[3:0]:
41  *	Index of switch port. Must be between 0 and 15.
42  */
43 
44 #define DSA_8021Q_DIR_SHIFT		10
45 #define DSA_8021Q_DIR_MASK		GENMASK(11, 10)
46 #define DSA_8021Q_DIR(x)		(((x) << DSA_8021Q_DIR_SHIFT) & \
47 						 DSA_8021Q_DIR_MASK)
48 #define DSA_8021Q_DIR_RX		DSA_8021Q_DIR(1)
49 #define DSA_8021Q_DIR_TX		DSA_8021Q_DIR(2)
50 
51 #define DSA_8021Q_SWITCH_ID_SHIFT	6
52 #define DSA_8021Q_SWITCH_ID_MASK	GENMASK(8, 6)
53 #define DSA_8021Q_SWITCH_ID(x)		(((x) << DSA_8021Q_SWITCH_ID_SHIFT) & \
54 						 DSA_8021Q_SWITCH_ID_MASK)
55 
56 #define DSA_8021Q_PORT_SHIFT		0
57 #define DSA_8021Q_PORT_MASK		GENMASK(3, 0)
58 #define DSA_8021Q_PORT(x)		(((x) << DSA_8021Q_PORT_SHIFT) & \
59 						 DSA_8021Q_PORT_MASK)
60 
61 /* Returns the VID to be inserted into the frame from xmit for switch steering
62  * instructions on egress. Encodes switch ID and port ID.
63  */
64 u16 dsa_8021q_tx_vid(struct dsa_switch *ds, int port)
65 {
66 	return DSA_8021Q_DIR_TX | DSA_8021Q_SWITCH_ID(ds->index) |
67 	       DSA_8021Q_PORT(port);
68 }
69 EXPORT_SYMBOL_GPL(dsa_8021q_tx_vid);
70 
71 /* Returns the VID that will be installed as pvid for this switch port, sent as
72  * tagged egress towards the CPU port and decoded by the rcv function.
73  */
74 u16 dsa_8021q_rx_vid(struct dsa_switch *ds, int port)
75 {
76 	return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) |
77 	       DSA_8021Q_PORT(port);
78 }
79 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid);
80 
81 /* Returns the decoded switch ID from the RX VID. */
82 int dsa_8021q_rx_switch_id(u16 vid)
83 {
84 	return (vid & DSA_8021Q_SWITCH_ID_MASK) >> DSA_8021Q_SWITCH_ID_SHIFT;
85 }
86 EXPORT_SYMBOL_GPL(dsa_8021q_rx_switch_id);
87 
88 /* Returns the decoded port ID from the RX VID. */
89 int dsa_8021q_rx_source_port(u16 vid)
90 {
91 	return (vid & DSA_8021Q_PORT_MASK) >> DSA_8021Q_PORT_SHIFT;
92 }
93 EXPORT_SYMBOL_GPL(dsa_8021q_rx_source_port);
94 
95 static int dsa_8021q_restore_pvid(struct dsa_switch *ds, int port)
96 {
97 	struct bridge_vlan_info vinfo;
98 	struct net_device *slave;
99 	u16 pvid;
100 	int err;
101 
102 	if (!dsa_is_user_port(ds, port))
103 		return 0;
104 
105 	slave = dsa_to_port(ds, port)->slave;
106 
107 	err = br_vlan_get_pvid(slave, &pvid);
108 	if (!pvid || err < 0)
109 		/* There is no pvid on the bridge for this port, which is
110 		 * perfectly valid. Nothing to restore, bye-bye!
111 		 */
112 		return 0;
113 
114 	err = br_vlan_get_info(slave, pvid, &vinfo);
115 	if (err < 0) {
116 		dev_err(ds->dev, "Couldn't determine PVID attributes\n");
117 		return err;
118 	}
119 
120 	return dsa_port_vid_add(dsa_to_port(ds, port), pvid, vinfo.flags);
121 }
122 
123 /* If @enabled is true, installs @vid with @flags into the switch port's HW
124  * filter.
125  * If @enabled is false, deletes @vid (ignores @flags) from the port. Had the
126  * user explicitly configured this @vid through the bridge core, then the @vid
127  * is installed again, but this time with the flags from the bridge layer.
128  */
129 static int dsa_8021q_vid_apply(struct dsa_switch *ds, int port, u16 vid,
130 			       u16 flags, bool enabled)
131 {
132 	struct dsa_port *dp = dsa_to_port(ds, port);
133 	struct bridge_vlan_info vinfo;
134 	int err;
135 
136 	if (enabled)
137 		return dsa_port_vid_add(dp, vid, flags);
138 
139 	err = dsa_port_vid_del(dp, vid);
140 	if (err < 0)
141 		return err;
142 
143 	/* Nothing to restore from the bridge for a non-user port.
144 	 * The CPU port VLANs are restored implicitly with the user ports,
145 	 * similar to how the bridge does in dsa_slave_vlan_add and
146 	 * dsa_slave_vlan_del.
147 	 */
148 	if (!dsa_is_user_port(ds, port))
149 		return 0;
150 
151 	err = br_vlan_get_info(dp->slave, vid, &vinfo);
152 	/* Couldn't determine bridge attributes for this vid,
153 	 * it means the bridge had not configured it.
154 	 */
155 	if (err < 0)
156 		return 0;
157 
158 	/* Restore the VID from the bridge */
159 	err = dsa_port_vid_add(dp, vid, vinfo.flags);
160 	if (err < 0)
161 		return err;
162 
163 	vinfo.flags &= ~BRIDGE_VLAN_INFO_PVID;
164 
165 	return dsa_port_vid_add(dp->cpu_dp, vid, vinfo.flags);
166 }
167 
168 /* RX VLAN tagging (left) and TX VLAN tagging (right) setup shown for a single
169  * front-panel switch port (here swp0).
170  *
171  * Port identification through VLAN (802.1Q) tags has different requirements
172  * for it to work effectively:
173  *  - On RX (ingress from network): each front-panel port must have a pvid
174  *    that uniquely identifies it, and the egress of this pvid must be tagged
175  *    towards the CPU port, so that software can recover the source port based
176  *    on the VID in the frame. But this would only work for standalone ports;
177  *    if bridged, this VLAN setup would break autonomous forwarding and would
178  *    force all switched traffic to pass through the CPU. So we must also make
179  *    the other front-panel ports members of this VID we're adding, albeit
180  *    we're not making it their PVID (they'll still have their own).
181  *    By the way - just because we're installing the same VID in multiple
182  *    switch ports doesn't mean that they'll start to talk to one another, even
183  *    while not bridged: the final forwarding decision is still an AND between
184  *    the L2 forwarding information (which is limiting forwarding in this case)
185  *    and the VLAN-based restrictions (of which there are none in this case,
186  *    since all ports are members).
187  *  - On TX (ingress from CPU and towards network) we are faced with a problem.
188  *    If we were to tag traffic (from within DSA) with the port's pvid, all
189  *    would be well, assuming the switch ports were standalone. Frames would
190  *    have no choice but to be directed towards the correct front-panel port.
191  *    But because we also want the RX VLAN to not break bridging, then
192  *    inevitably that means that we have to give them a choice (of what
193  *    front-panel port to go out on), and therefore we cannot steer traffic
194  *    based on the RX VID. So what we do is simply install one more VID on the
195  *    front-panel and CPU ports, and profit off of the fact that steering will
196  *    work just by virtue of the fact that there is only one other port that's
197  *    a member of the VID we're tagging the traffic with - the desired one.
198  *
199  * So at the end, each front-panel port will have one RX VID (also the PVID),
200  * the RX VID of all other front-panel ports, and one TX VID. Whereas the CPU
201  * port will have the RX and TX VIDs of all front-panel ports, and on top of
202  * that, is also tagged-input and tagged-output (VLAN trunk).
203  *
204  *               CPU port                               CPU port
205  * +-------------+-----+-------------+    +-------------+-----+-------------+
206  * |  RX VID     |     |             |    |  TX VID     |     |             |
207  * |  of swp0    |     |             |    |  of swp0    |     |             |
208  * |             +-----+             |    |             +-----+             |
209  * |                ^ T              |    |                | Tagged         |
210  * |                |                |    |                | ingress        |
211  * |    +-------+---+---+-------+    |    |    +-----------+                |
212  * |    |       |       |       |    |    |    | Untagged                   |
213  * |    |     U v     U v     U v    |    |    v egress                     |
214  * | +-----+ +-----+ +-----+ +-----+ |    | +-----+ +-----+ +-----+ +-----+ |
215  * | |     | |     | |     | |     | |    | |     | |     | |     | |     | |
216  * | |PVID | |     | |     | |     | |    | |     | |     | |     | |     | |
217  * +-+-----+-+-----+-+-----+-+-----+-+    +-+-----+-+-----+-+-----+-+-----+-+
218  *   swp0    swp1    swp2    swp3           swp0    swp1    swp2    swp3
219  */
220 int dsa_port_setup_8021q_tagging(struct dsa_switch *ds, int port, bool enabled)
221 {
222 	int upstream = dsa_upstream_port(ds, port);
223 	u16 rx_vid = dsa_8021q_rx_vid(ds, port);
224 	u16 tx_vid = dsa_8021q_tx_vid(ds, port);
225 	int i, err;
226 
227 	/* The CPU port is implicitly configured by
228 	 * configuring the front-panel ports
229 	 */
230 	if (!dsa_is_user_port(ds, port))
231 		return 0;
232 
233 	/* Add this user port's RX VID to the membership list of all others
234 	 * (including itself). This is so that bridging will not be hindered.
235 	 * L2 forwarding rules still take precedence when there are no VLAN
236 	 * restrictions, so there are no concerns about leaking traffic.
237 	 */
238 	for (i = 0; i < ds->num_ports; i++) {
239 		u16 flags;
240 
241 		if (i == upstream)
242 			continue;
243 		else if (i == port)
244 			/* The RX VID is pvid on this port */
245 			flags = BRIDGE_VLAN_INFO_UNTAGGED |
246 				BRIDGE_VLAN_INFO_PVID;
247 		else
248 			/* The RX VID is a regular VLAN on all others */
249 			flags = BRIDGE_VLAN_INFO_UNTAGGED;
250 
251 		err = dsa_8021q_vid_apply(ds, i, rx_vid, flags, enabled);
252 		if (err) {
253 			dev_err(ds->dev, "Failed to apply RX VID %d to port %d: %d\n",
254 				rx_vid, port, err);
255 			return err;
256 		}
257 	}
258 
259 	/* CPU port needs to see this port's RX VID
260 	 * as tagged egress.
261 	 */
262 	err = dsa_8021q_vid_apply(ds, upstream, rx_vid, 0, enabled);
263 	if (err) {
264 		dev_err(ds->dev, "Failed to apply RX VID %d to port %d: %d\n",
265 			rx_vid, port, err);
266 		return err;
267 	}
268 
269 	/* Finally apply the TX VID on this port and on the CPU port */
270 	err = dsa_8021q_vid_apply(ds, port, tx_vid, BRIDGE_VLAN_INFO_UNTAGGED,
271 				  enabled);
272 	if (err) {
273 		dev_err(ds->dev, "Failed to apply TX VID %d on port %d: %d\n",
274 			tx_vid, port, err);
275 		return err;
276 	}
277 	err = dsa_8021q_vid_apply(ds, upstream, tx_vid, 0, enabled);
278 	if (err) {
279 		dev_err(ds->dev, "Failed to apply TX VID %d on port %d: %d\n",
280 			tx_vid, upstream, err);
281 		return err;
282 	}
283 
284 	if (!enabled)
285 		err = dsa_8021q_restore_pvid(ds, port);
286 
287 	return err;
288 }
289 EXPORT_SYMBOL_GPL(dsa_port_setup_8021q_tagging);
290 
291 struct sk_buff *dsa_8021q_xmit(struct sk_buff *skb, struct net_device *netdev,
292 			       u16 tpid, u16 tci)
293 {
294 	/* skb->data points at skb_mac_header, which
295 	 * is fine for vlan_insert_tag.
296 	 */
297 	return vlan_insert_tag(skb, htons(tpid), tci);
298 }
299 EXPORT_SYMBOL_GPL(dsa_8021q_xmit);
300 
301 /* In the DSA packet_type handler, skb->data points in the middle of the VLAN
302  * tag, after tpid and before tci. This is because so far, ETH_HLEN
303  * (DMAC, SMAC, EtherType) bytes were pulled.
304  * There are 2 bytes of VLAN tag left in skb->data, and upper
305  * layers expect the 'real' EtherType to be consumed as well.
306  * Coincidentally, a VLAN header is also of the same size as
307  * the number of bytes that need to be pulled.
308  *
309  * skb_mac_header                                      skb->data
310  * |                                                       |
311  * v                                                       v
312  * |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |
313  * +-----------------------+-----------------------+-------+-------+-------+
314  * |    Destination MAC    |      Source MAC       |  TPID |  TCI  | EType |
315  * +-----------------------+-----------------------+-------+-------+-------+
316  * ^                                               |               |
317  * |<--VLAN_HLEN-->to                              <---VLAN_HLEN--->
318  * from            |
319  *       >>>>>>>   v
320  *       >>>>>>>   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |
321  *       >>>>>>>   +-----------------------+-----------------------+-------+
322  *       >>>>>>>   |    Destination MAC    |      Source MAC       | EType |
323  *                 +-----------------------+-----------------------+-------+
324  *                 ^                                                       ^
325  * (now part of    |                                                       |
326  *  skb->head)     skb_mac_header                                  skb->data
327  */
328 struct sk_buff *dsa_8021q_remove_header(struct sk_buff *skb)
329 {
330 	u8 *from = skb_mac_header(skb);
331 	u8 *dest = from + VLAN_HLEN;
332 
333 	memmove(dest, from, ETH_HLEN - VLAN_HLEN);
334 	skb_pull(skb, VLAN_HLEN);
335 	skb_push(skb, ETH_HLEN);
336 	skb_reset_mac_header(skb);
337 	skb_reset_mac_len(skb);
338 	skb_pull_rcsum(skb, ETH_HLEN);
339 
340 	return skb;
341 }
342 EXPORT_SYMBOL_GPL(dsa_8021q_remove_header);
343 
344 MODULE_LICENSE("GPL v2");
345