1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5
6 #include "br_private.h"
7
__vlan_add_pvid(struct net_port_vlans * v,u16 vid)8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 if (v->pvid == vid)
11 return;
12
13 smp_wmb();
14 v->pvid = vid;
15 }
16
__vlan_delete_pvid(struct net_port_vlans * v,u16 vid)17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 if (v->pvid != vid)
20 return;
21
22 smp_wmb();
23 v->pvid = 0;
24 }
25
__vlan_add_flags(struct net_port_vlans * v,u16 vid,u16 flags)26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 if (flags & BRIDGE_VLAN_INFO_PVID)
29 __vlan_add_pvid(v, vid);
30
31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 set_bit(vid, v->untagged_bitmap);
33 }
34
__vlan_add(struct net_port_vlans * v,u16 vid,u16 flags)35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 const struct net_device_ops *ops;
38 struct net_bridge_port *p = NULL;
39 struct net_bridge *br;
40 struct net_device *dev;
41 int err;
42
43 if (test_bit(vid, v->vlan_bitmap)) {
44 __vlan_add_flags(v, vid, flags);
45 return 0;
46 }
47
48 if (vid) {
49 if (v->port_idx) {
50 p = v->parent.port;
51 br = p->br;
52 dev = p->dev;
53 } else {
54 br = v->parent.br;
55 dev = br->dev;
56 }
57 ops = dev->netdev_ops;
58
59 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) {
60 /* Add VLAN to the device filter if it is supported.
61 * Stricly speaking, this is not necessary now, since
62 * devices are made promiscuous by the bridge, but if
63 * that ever changes this code will allow tagged
64 * traffic to enter the bridge.
65 */
66 err = ops->ndo_vlan_rx_add_vid(dev, htons(ETH_P_8021Q),
67 vid);
68 if (err)
69 return err;
70 }
71
72 err = br_fdb_insert(br, p, dev->dev_addr, vid);
73 if (err) {
74 br_err(br, "failed insert local address into bridge "
75 "forwarding table\n");
76 goto out_filt;
77 }
78
79 }
80
81 set_bit(vid, v->vlan_bitmap);
82 v->num_vlans++;
83 __vlan_add_flags(v, vid, flags);
84
85 return 0;
86
87 out_filt:
88 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER))
89 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
90 return err;
91 }
92
__vlan_del(struct net_port_vlans * v,u16 vid)93 static int __vlan_del(struct net_port_vlans *v, u16 vid)
94 {
95 if (!test_bit(vid, v->vlan_bitmap))
96 return -EINVAL;
97
98 __vlan_delete_pvid(v, vid);
99 clear_bit(vid, v->untagged_bitmap);
100
101 if (v->port_idx && vid) {
102 struct net_device *dev = v->parent.port->dev;
103 const struct net_device_ops *ops = dev->netdev_ops;
104
105 if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)
106 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
107 }
108
109 clear_bit(vid, v->vlan_bitmap);
110 v->num_vlans--;
111 if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
112 if (v->port_idx)
113 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
114 else
115 rcu_assign_pointer(v->parent.br->vlan_info, NULL);
116 kfree_rcu(v, rcu);
117 }
118 return 0;
119 }
120
__vlan_flush(struct net_port_vlans * v)121 static void __vlan_flush(struct net_port_vlans *v)
122 {
123 smp_wmb();
124 v->pvid = 0;
125 bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN);
126 if (v->port_idx)
127 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
128 else
129 rcu_assign_pointer(v->parent.br->vlan_info, NULL);
130 kfree_rcu(v, rcu);
131 }
132
133 /* Strip the tag from the packet. Will return skb with tci set 0. */
br_vlan_untag(struct sk_buff * skb)134 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
135 {
136 if (skb->protocol != htons(ETH_P_8021Q)) {
137 skb->vlan_tci = 0;
138 return skb;
139 }
140
141 skb->vlan_tci = 0;
142 skb = vlan_untag(skb);
143 if (skb)
144 skb->vlan_tci = 0;
145
146 return skb;
147 }
148
br_handle_vlan(struct net_bridge * br,const struct net_port_vlans * pv,struct sk_buff * skb)149 struct sk_buff *br_handle_vlan(struct net_bridge *br,
150 const struct net_port_vlans *pv,
151 struct sk_buff *skb)
152 {
153 u16 vid;
154
155 if (!br->vlan_enabled)
156 goto out;
157
158 /* At this point, we know that the frame was filtered and contains
159 * a valid vlan id. If the vlan id is set in the untagged bitmap,
160 * send untagged; otherwise, send taged.
161 */
162 br_vlan_get_tag(skb, &vid);
163 if (test_bit(vid, pv->untagged_bitmap))
164 skb = br_vlan_untag(skb);
165 else {
166 /* Egress policy says "send tagged". If output device
167 * is the bridge, we need to add the VLAN header
168 * ourselves since we'll be going through the RX path.
169 * Sending to ports puts the frame on the TX path and
170 * we let dev_hard_start_xmit() add the header.
171 */
172 if (skb->protocol != htons(ETH_P_8021Q) &&
173 pv->port_idx == 0) {
174 /* vlan_put_tag expects skb->data to point to
175 * mac header.
176 */
177 skb_push(skb, ETH_HLEN);
178 skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci);
179 if (!skb)
180 goto out;
181 /* put skb->data back to where it was */
182 skb_pull(skb, ETH_HLEN);
183 skb->vlan_tci = 0;
184 }
185 }
186
187 out:
188 return skb;
189 }
190
191 /* Called under RCU */
br_allowed_ingress(struct net_bridge * br,struct net_port_vlans * v,struct sk_buff * skb,u16 * vid)192 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
193 struct sk_buff *skb, u16 *vid)
194 {
195 /* If VLAN filtering is disabled on the bridge, all packets are
196 * permitted.
197 */
198 if (!br->vlan_enabled)
199 return true;
200
201 /* If there are no vlan in the permitted list, all packets are
202 * rejected.
203 */
204 if (!v)
205 return false;
206
207 if (br_vlan_get_tag(skb, vid)) {
208 u16 pvid = br_get_pvid(v);
209
210 /* Frame did not have a tag. See if pvid is set
211 * on this port. That tells us which vlan untagged
212 * traffic belongs to.
213 */
214 if (pvid == VLAN_N_VID)
215 return false;
216
217 /* PVID is set on this port. Any untagged ingress
218 * frame is considered to belong to this vlan.
219 */
220 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);
221 return true;
222 }
223
224 /* Frame had a valid vlan tag. See if vlan is allowed */
225 if (test_bit(*vid, v->vlan_bitmap))
226 return true;
227
228 return false;
229 }
230
231 /* Called under RCU. */
br_allowed_egress(struct net_bridge * br,const struct net_port_vlans * v,const struct sk_buff * skb)232 bool br_allowed_egress(struct net_bridge *br,
233 const struct net_port_vlans *v,
234 const struct sk_buff *skb)
235 {
236 u16 vid;
237
238 if (!br->vlan_enabled)
239 return true;
240
241 if (!v)
242 return false;
243
244 br_vlan_get_tag(skb, &vid);
245 if (test_bit(vid, v->vlan_bitmap))
246 return true;
247
248 return false;
249 }
250
251 /* Must be protected by RTNL */
br_vlan_add(struct net_bridge * br,u16 vid,u16 flags)252 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
253 {
254 struct net_port_vlans *pv = NULL;
255 int err;
256
257 ASSERT_RTNL();
258
259 pv = rtnl_dereference(br->vlan_info);
260 if (pv)
261 return __vlan_add(pv, vid, flags);
262
263 /* Create port vlan infomration
264 */
265 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
266 if (!pv)
267 return -ENOMEM;
268
269 pv->parent.br = br;
270 err = __vlan_add(pv, vid, flags);
271 if (err)
272 goto out;
273
274 rcu_assign_pointer(br->vlan_info, pv);
275 return 0;
276 out:
277 kfree(pv);
278 return err;
279 }
280
281 /* Must be protected by RTNL */
br_vlan_delete(struct net_bridge * br,u16 vid)282 int br_vlan_delete(struct net_bridge *br, u16 vid)
283 {
284 struct net_port_vlans *pv;
285
286 ASSERT_RTNL();
287
288 pv = rtnl_dereference(br->vlan_info);
289 if (!pv)
290 return -EINVAL;
291
292 if (vid) {
293 /* If the VID !=0 remove fdb for this vid. VID 0 is special
294 * in that it's the default and is always there in the fdb.
295 */
296 spin_lock_bh(&br->hash_lock);
297 fdb_delete_by_addr(br, br->dev->dev_addr, vid);
298 spin_unlock_bh(&br->hash_lock);
299 }
300
301 __vlan_del(pv, vid);
302 return 0;
303 }
304
br_vlan_flush(struct net_bridge * br)305 void br_vlan_flush(struct net_bridge *br)
306 {
307 struct net_port_vlans *pv;
308
309 ASSERT_RTNL();
310 pv = rtnl_dereference(br->vlan_info);
311 if (!pv)
312 return;
313
314 __vlan_flush(pv);
315 }
316
br_vlan_filter_toggle(struct net_bridge * br,unsigned long val)317 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
318 {
319 if (!rtnl_trylock())
320 return restart_syscall();
321
322 if (br->vlan_enabled == val)
323 goto unlock;
324
325 br->vlan_enabled = val;
326
327 unlock:
328 rtnl_unlock();
329 return 0;
330 }
331
332 /* Must be protected by RTNL */
nbp_vlan_add(struct net_bridge_port * port,u16 vid,u16 flags)333 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
334 {
335 struct net_port_vlans *pv = NULL;
336 int err;
337
338 ASSERT_RTNL();
339
340 pv = rtnl_dereference(port->vlan_info);
341 if (pv)
342 return __vlan_add(pv, vid, flags);
343
344 /* Create port vlan infomration
345 */
346 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
347 if (!pv) {
348 err = -ENOMEM;
349 goto clean_up;
350 }
351
352 pv->port_idx = port->port_no;
353 pv->parent.port = port;
354 err = __vlan_add(pv, vid, flags);
355 if (err)
356 goto clean_up;
357
358 rcu_assign_pointer(port->vlan_info, pv);
359 return 0;
360
361 clean_up:
362 kfree(pv);
363 return err;
364 }
365
366 /* Must be protected by RTNL */
nbp_vlan_delete(struct net_bridge_port * port,u16 vid)367 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
368 {
369 struct net_port_vlans *pv;
370
371 ASSERT_RTNL();
372
373 pv = rtnl_dereference(port->vlan_info);
374 if (!pv)
375 return -EINVAL;
376
377 if (vid) {
378 /* If the VID !=0 remove fdb for this vid. VID 0 is special
379 * in that it's the default and is always there in the fdb.
380 */
381 spin_lock_bh(&port->br->hash_lock);
382 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid);
383 spin_unlock_bh(&port->br->hash_lock);
384 }
385
386 return __vlan_del(pv, vid);
387 }
388
nbp_vlan_flush(struct net_bridge_port * port)389 void nbp_vlan_flush(struct net_bridge_port *port)
390 {
391 struct net_port_vlans *pv;
392
393 ASSERT_RTNL();
394
395 pv = rtnl_dereference(port->vlan_info);
396 if (!pv)
397 return;
398
399 __vlan_flush(pv);
400 }
401
nbp_vlan_find(struct net_bridge_port * port,u16 vid)402 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
403 {
404 struct net_port_vlans *pv;
405 bool found = false;
406
407 rcu_read_lock();
408 pv = rcu_dereference(port->vlan_info);
409
410 if (!pv)
411 goto out;
412
413 if (test_bit(vid, pv->vlan_bitmap))
414 found = true;
415
416 out:
417 rcu_read_unlock();
418 return found;
419 }
420