net/bridge/br_input.c

   1 /*
   2  *      Handle incoming frames
   3  *      Linux ethernet bridge
   4  *
   5  *      Authors:
   6  *      Lennert Buytenhek               <buytenh@gnu.org>
   7  *
   8  *      This program is free software; you can redistribute it and/or
   9  *      modify it under the terms of the GNU General Public License
  10  *      as published by the Free Software Foundation; either version
  11  *      2 of the License, or (at your option) any later version.
  12  */
  13
  14 #include <linux/slab.h>
  15 #include <linux/kernel.h>
  16 #include <linux/netdevice.h>
  17 #include <linux/etherdevice.h>
  18 #include <linux/netfilter_bridge.h>
  19 #include <linux/neighbour.h>
  20 #include <net/arp.h>
  21 #include <linux/export.h>
  22 #include <linux/rculist.h>
  23 #include "br_private.h"
  24
  25 /* Hook for brouter */
  26 br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
  27 EXPORT_SYMBOL(br_should_route_hook);
  28
  29 static int br_netif_receive_skb(struct sock *sk, struct sk_buff *skb)
  30 {
  31         return netif_receive_skb(skb);
  32 }
  33
  34 static int br_pass_frame_up(struct sk_buff *skb)
  35 {
  36         struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
  37         struct net_bridge *br = netdev_priv(brdev);
  38         struct pcpu_sw_netstats *brstats = this_cpu_ptr(br->stats);
  39         struct net_port_vlans *pv;
  40
  41         u64_stats_update_begin(&brstats->syncp);
  42         brstats->rx_packets++;
  43         brstats->rx_bytes += skb->len;
  44         u64_stats_update_end(&brstats->syncp);
  45
  46         /* Bridge is just like any other port.  Make sure the
  47          * packet is allowed except in promisc modue when someone
  48          * may be running packet capture.
  49          */
  50         pv = br_get_vlan_info(br);
  51         if (!(brdev->flags & IFF_PROMISC) &&
  52             !br_allowed_egress(br, pv, skb)) {
  53                 kfree_skb(skb);
  54                 return NET_RX_DROP;
  55         }
  56
  57         indev = skb->dev;
  58         skb->dev = brdev;
  59         skb = br_handle_vlan(br, pv, skb);
  60         if (!skb)
  61                 return NET_RX_DROP;
  62
  63         return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb,
  64                        indev, NULL,
  65                        br_netif_receive_skb);
  66 }
  67
  68 static void br_do_proxy_arp(struct sk_buff *skb, struct net_bridge *br,
  69                             u16 vid, struct net_bridge_port *p)
  70 {
  71         struct net_device *dev = br->dev;
  72         struct neighbour *n;
  73         struct arphdr *parp;
  74         u8 *arpptr, *sha;
  75         __be32 sip, tip;
  76
  77         BR_INPUT_SKB_CB(skb)->proxyarp_replied = false;
  78
  79         if (dev->flags & IFF_NOARP)
  80                 return;
  81
  82         if (!pskb_may_pull(skb, arp_hdr_len(dev))) {
  83                 dev->stats.tx_dropped++;
  84                 return;
  85         }
  86         parp = arp_hdr(skb);
  87
  88         if (parp->ar_pro != htons(ETH_P_IP) ||
  89             parp->ar_op != htons(ARPOP_REQUEST) ||
  90             parp->ar_hln != dev->addr_len ||
  91             parp->ar_pln != 4)
  92                 return;
  93
  94         arpptr = (u8 *)parp + sizeof(struct arphdr);
  95         sha = arpptr;
  96         arpptr += dev->addr_len;        /* sha */
  97         memcpy(&sip, arpptr, sizeof(sip));
  98         arpptr += sizeof(sip);
  99         arpptr += dev->addr_len;        /* tha */
 100         memcpy(&tip, arpptr, sizeof(tip));
 101
 102         if (ipv4_is_loopback(tip) ||
 103             ipv4_is_multicast(tip))
 104                 return;
 105
 106         n = neigh_lookup(&arp_tbl, &tip, dev);
 107         if (n) {
 108                 struct net_bridge_fdb_entry *f;
 109
 110                 if (!(n->nud_state & NUD_VALID)) {
 111                         neigh_release(n);
 112                         return;
 113                 }
 114
 115                 f = __br_fdb_get(br, n->ha, vid);
 116                 if (f && ((p->flags & BR_PROXYARP) ||
 117                           (f->dst && (f->dst->flags & BR_PROXYARP_WIFI)))) {
 118                         arp_send(ARPOP_REPLY, ETH_P_ARP, sip, skb->dev, tip,
 119                                  sha, n->ha, sha);
 120                         BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
 121                 }
 122
 123                 neigh_release(n);
 124         }
 125 }
 126
 127 /* note: already called with rcu_read_lock */
 128 int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb)
 129 {
 130         const unsigned char *dest = eth_hdr(skb)->h_dest;
 131         struct net_bridge_port *p = br_port_get_rcu(skb->dev);
 132         struct net_bridge *br;
 133         struct net_bridge_fdb_entry *dst;
 134         struct net_bridge_mdb_entry *mdst;
 135         struct sk_buff *skb2;
 136         bool unicast = true;
 137         u16 vid = 0;
 138
 139         if (!p || p->state == BR_STATE_DISABLED)
 140                 goto drop;
 141
 142         if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb, &vid))
 143                 goto out;
 144
 145         /* insert into forwarding database after filtering to avoid spoofing */
 146         br = p->br;
 147         if (p->flags & BR_LEARNING)
 148                 br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, false);
 149
 150         if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) &&
 151             br_multicast_rcv(br, p, skb, vid))
 152                 goto drop;
 153
 154         if (p->state == BR_STATE_LEARNING)
 155                 goto drop;
 156
 157         BR_INPUT_SKB_CB(skb)->brdev = br->dev;
 158
 159         /* The packet skb2 goes to the local host (NULL to skip). */
 160         skb2 = NULL;
 161
 162         if (br->dev->flags & IFF_PROMISC)
 163                 skb2 = skb;
 164
 165         dst = NULL;
 166
 167         if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
 168                 br_do_proxy_arp(skb, br, vid, p);
 169
 170         if (is_broadcast_ether_addr(dest)) {
 171                 skb2 = skb;
 172                 unicast = false;
 173         } else if (is_multicast_ether_addr(dest)) {
 174                 mdst = br_mdb_get(br, skb, vid);
 175                 if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
 176                     br_multicast_querier_exists(br, eth_hdr(skb))) {
 177                         if ((mdst && mdst->mglist) ||
 178                             br_multicast_is_router(br))
 179                                 skb2 = skb;
 180                         br_multicast_forward(mdst, skb, skb2);
 181                         skb = NULL;
 182                         if (!skb2)
 183                                 goto out;
 184                 } else
 185                         skb2 = skb;
 186
 187                 unicast = false;
 188                 br->dev->stats.multicast++;
 189         } else if ((dst = __br_fdb_get(br, dest, vid)) &&
 190                         dst->is_local) {
 191                 skb2 = skb;
 192                 /* Do not forward the packet since it's local. */
 193                 skb = NULL;
 194         }
 195
 196         if (skb) {
 197                 if (dst) {
 198                         dst->used = jiffies;
 199                         br_forward(dst->dst, skb, skb2);
 200                 } else
 201                         br_flood_forward(br, skb, skb2, unicast);
 202         }
 203
 204         if (skb2)
 205                 return br_pass_frame_up(skb2);
 206
 207 out:
 208         return 0;
 209 drop:
 210         kfree_skb(skb);
 211         goto out;
 212 }
 213 EXPORT_SYMBOL_GPL(br_handle_frame_finish);
 214
 215 /* note: already called with rcu_read_lock */
 216 static int br_handle_local_finish(struct sock *sk, struct sk_buff *skb)
 217 {
 218         struct net_bridge_port *p = br_port_get_rcu(skb->dev);
 219         u16 vid = 0;
 220
 221         /* check if vlan is allowed, to avoid spoofing */
 222         if (p->flags & BR_LEARNING && br_should_learn(p, skb, &vid))
 223                 br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid, false);
 224         return 0;        /* process further */
 225 }
 226
 227 /*
 228  * Return NULL if skb is handled
 229  * note: already called with rcu_read_lock
 230  */
 231 rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
 232 {
 233         struct net_bridge_port *p;
 234         struct sk_buff *skb = *pskb;
 235         const unsigned char *dest = eth_hdr(skb)->h_dest;
 236         br_should_route_hook_t *rhook;
 237
 238         if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
 239                 return RX_HANDLER_PASS;
 240
 241         if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
 242                 goto drop;
 243
 244         skb = skb_share_check(skb, GFP_ATOMIC);
 245         if (!skb)
 246                 return RX_HANDLER_CONSUMED;
 247
 248         p = br_port_get_rcu(skb->dev);
 249
 250         if (unlikely(is_link_local_ether_addr(dest))) {
 251                 u16 fwd_mask = p->br->group_fwd_mask_required;
 252
 253                 /*
 254                  * See IEEE 802.1D Table 7-10 Reserved addresses
 255                  *
 256                  * Assignment                           Value
 257                  * Bridge Group Address         01-80-C2-00-00-00
 258                  * (MAC Control) 802.3          01-80-C2-00-00-01
 259                  * (Link Aggregation) 802.3     01-80-C2-00-00-02
 260                  * 802.1X PAE address           01-80-C2-00-00-03
 261                  *
 262                  * 802.1AB LLDP                 01-80-C2-00-00-0E
 263                  *
 264                  * Others reserved for future standardization
 265                  */
 266                 switch (dest[5]) {
 267                 case 0x00:      /* Bridge Group Address */
 268                         /* If STP is turned off,
 269                            then must forward to keep loop detection */
 270                         if (p->br->stp_enabled == BR_NO_STP ||
 271                             fwd_mask & (1u << dest[5]))
 272                                 goto forward;
 273                         break;
 274
 275                 case 0x01:      /* IEEE MAC (Pause) */
 276                         goto drop;
 277
 278                 default:
 279                         /* Allow selective forwarding for most other protocols */
 280                         fwd_mask |= p->br->group_fwd_mask;
 281                         if (fwd_mask & (1u << dest[5]))
 282                                 goto forward;
 283                 }
 284
 285                 /* Deliver packet to local host only */
 286                 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb,
 287                             skb->dev, NULL, br_handle_local_finish)) {
 288                         return RX_HANDLER_CONSUMED; /* consumed by filter */
 289                 } else {
 290                         *pskb = skb;
 291                         return RX_HANDLER_PASS; /* continue processing */
 292                 }
 293         }
 294
 295 forward:
 296         switch (p->state) {
 297         case BR_STATE_FORWARDING:
 298                 rhook = rcu_dereference(br_should_route_hook);
 299                 if (rhook) {
 300                         if ((*rhook)(skb)) {
 301                                 *pskb = skb;
 302                                 return RX_HANDLER_PASS;
 303                         }
 304                         dest = eth_hdr(skb)->h_dest;
 305                 }
 306                 /* fall through */
 307         case BR_STATE_LEARNING:
 308                 if (ether_addr_equal(p->br->dev->dev_addr, dest))
 309                         skb->pkt_type = PACKET_HOST;
 310
 311                 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, NULL, skb,
 312                         skb->dev, NULL,
 313                         br_handle_frame_finish);
 314                 break;
 315         default:
 316 drop:
 317                 kfree_skb(skb);
 318         }
 319         return RX_HANDLER_CONSUMED;
 320 }