net/bridge/br_vlan.c

   1 #include <linux/kernel.h>
   2 #include <linux/netdevice.h>
   3 #include <linux/rtnetlink.h>
   4 #include <linux/slab.h>
   5
   6 #include "br_private.h"
   7
   8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
   9 {
  10         if (v->pvid == vid)
  11                 return;
  12
  13         smp_wmb();
  14         v->pvid = vid;
  15 }
  16
  17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
  18 {
  19         if (v->pvid != vid)
  20                 return;
  21
  22         smp_wmb();
  23         v->pvid = 0;
  24 }
  25
  26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
  27 {
  28         if (flags & BRIDGE_VLAN_INFO_PVID)
  29                 __vlan_add_pvid(v, vid);
  30
  31         if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
  32                 set_bit(vid, v->untagged_bitmap);
  33 }
  34
  35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
  36 {
  37         const struct net_device_ops *ops;
  38         struct net_bridge_port *p = NULL;
  39         struct net_bridge *br;
  40         struct net_device *dev;
  41         int err;
  42
  43         if (test_bit(vid, v->vlan_bitmap)) {
  44                 __vlan_add_flags(v, vid, flags);
  45                 return 0;
  46         }
  47
  48         if (vid) {
  49                 if (v->port_idx) {
  50                         p = v->parent.port;
  51                         br = p->br;
  52                         dev = p->dev;
  53                 } else {
  54                         br = v->parent.br;
  55                         dev = br->dev;
  56                 }
  57                 ops = dev->netdev_ops;
  58
  59                 if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) {
  60                         /* Add VLAN to the device filter if it is supported.
  61                          * Stricly speaking, this is not necessary now, since
  62                          * devices are made promiscuous by the bridge, but if
  63                          * that ever changes this code will allow tagged
  64                          * traffic to enter the bridge.
  65                          */
  66                         err = ops->ndo_vlan_rx_add_vid(dev, htons(ETH_P_8021Q),
  67                                                        vid);
  68                         if (err)
  69                                 return err;
  70                 }
  71
  72                 err = br_fdb_insert(br, p, dev->dev_addr, vid);
  73                 if (err) {
  74                         br_err(br, "failed insert local address into bridge "
  75                                "forwarding table\n");
  76                         goto out_filt;
  77                 }
  78
  79         }
  80
  81         set_bit(vid, v->vlan_bitmap);
  82         v->num_vlans++;
  83         __vlan_add_flags(v, vid, flags);
  84
  85         return 0;
  86
  87 out_filt:
  88         if (p && (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER))
  89                 ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
  90         return err;
  91 }
  92
  93 static int __vlan_del(struct net_port_vlans *v, u16 vid)
  94 {
  95         if (!test_bit(vid, v->vlan_bitmap))
  96                 return -EINVAL;
  97
  98         __vlan_delete_pvid(v, vid);
  99         clear_bit(vid, v->untagged_bitmap);
 100
 101         if (v->port_idx && vid) {
 102                 struct net_device *dev = v->parent.port->dev;
 103                 const struct net_device_ops *ops = dev->netdev_ops;
 104
 105                 if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)
 106                         ops->ndo_vlan_rx_kill_vid(dev, htons(ETH_P_8021Q), vid);
 107         }
 108
 109         clear_bit(vid, v->vlan_bitmap);
 110         v->num_vlans--;
 111         if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
 112                 if (v->port_idx)
 113                         rcu_assign_pointer(v->parent.port->vlan_info, NULL);
 114                 else
 115                         rcu_assign_pointer(v->parent.br->vlan_info, NULL);
 116                 kfree_rcu(v, rcu);
 117         }
 118         return 0;
 119 }
 120
 121 static void __vlan_flush(struct net_port_vlans *v)
 122 {
 123         smp_wmb();
 124         v->pvid = 0;
 125         bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
 126         if (v->port_idx)
 127                 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
 128         else
 129                 rcu_assign_pointer(v->parent.br->vlan_info, NULL);
 130         kfree_rcu(v, rcu);
 131 }
 132
 133 /* Strip the tag from the packet.  Will return skb with tci set 0.  */
 134 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
 135 {
 136         if (skb->protocol != htons(ETH_P_8021Q)) {
 137                 skb->vlan_tci = 0;
 138                 return skb;
 139         }
 140
 141         skb->vlan_tci = 0;
 142         skb = vlan_untag(skb);
 143         if (skb)
 144                 skb->vlan_tci = 0;
 145
 146         return skb;
 147 }
 148
 149 struct sk_buff *br_handle_vlan(struct net_bridge *br,
 150                                const struct net_port_vlans *pv,
 151                                struct sk_buff *skb)
 152 {
 153         u16 vid;
 154
 155         if (!br->vlan_enabled)
 156                 goto out;
 157
 158         /* At this point, we know that the frame was filtered and contains
 159          * a valid vlan id.  If the vlan id is set in the untagged bitmap,
 160          * send untagged; otherwise, send taged.
 161          */
 162         br_vlan_get_tag(skb, &vid);
 163         if (test_bit(vid, pv->untagged_bitmap))
 164                 skb = br_vlan_untag(skb);
 165         else {
 166                 /* Egress policy says "send tagged".  If output device
 167                  * is the  bridge, we need to add the VLAN header
 168                  * ourselves since we'll be going through the RX path.
 169                  * Sending to ports puts the frame on the TX path and
 170                  * we let dev_hard_start_xmit() add the header.
 171                  */
 172                 if (skb->protocol != htons(ETH_P_8021Q) &&
 173                     pv->port_idx == 0) {
 174                         /* vlan_put_tag expects skb->data to point to
 175                          * mac header.
 176                          */
 177                         skb_push(skb, ETH_HLEN);
 178                         skb = __vlan_put_tag(skb, skb->vlan_proto, skb->vlan_tci);
 179                         if (!skb)
 180                                 goto out;
 181                         /* put skb->data back to where it was */
 182                         skb_pull(skb, ETH_HLEN);
 183                         skb->vlan_tci = 0;
 184                 }
 185         }
 186
 187 out:
 188         return skb;
 189 }
 190
 191 /* Called under RCU */
 192 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
 193                         struct sk_buff *skb, u16 *vid)
 194 {
 195         /* If VLAN filtering is disabled on the bridge, all packets are
 196          * permitted.
 197          */
 198         if (!br->vlan_enabled)
 199                 return true;
 200
 201         /* If there are no vlan in the permitted list, all packets are
 202          * rejected.
 203          */
 204         if (!v)
 205                 goto drop;
 206
 207         if (br_vlan_get_tag(skb, vid)) {
 208                 u16 pvid = br_get_pvid(v);
 209
 210                 /* Frame did not have a tag.  See if pvid is set
 211                  * on this port.  That tells us which vlan untagged
 212                  * traffic belongs to.
 213                  */
 214                 if (pvid == VLAN_N_VID)
 215                         goto drop;
 216
 217                 /* PVID is set on this port.  Any untagged ingress
 218                  * frame is considered to belong to this vlan.
 219                  */
 220                 __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);
 221                 return true;
 222         }
 223
 224         /* Frame had a valid vlan tag.  See if vlan is allowed */
 225         if (test_bit(*vid, v->vlan_bitmap))
 226                 return true;
 227 drop:
 228         kfree_skb(skb);
 229         return false;
 230 }
 231
 232 /* Called under RCU. */
 233 bool br_allowed_egress(struct net_bridge *br,
 234                        const struct net_port_vlans *v,
 235                        const struct sk_buff *skb)
 236 {
 237         u16 vid;
 238
 239         if (!br->vlan_enabled)
 240                 return true;
 241
 242         if (!v)
 243                 return false;
 244
 245         br_vlan_get_tag(skb, &vid);
 246         if (test_bit(vid, v->vlan_bitmap))
 247                 return true;
 248
 249         return false;
 250 }
 251
 252 /* Must be protected by RTNL */
 253 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
 254 {
 255         struct net_port_vlans *pv = NULL;
 256         int err;
 257
 258         ASSERT_RTNL();
 259
 260         pv = rtnl_dereference(br->vlan_info);
 261         if (pv)
 262                 return __vlan_add(pv, vid, flags);
 263
 264         /* Create port vlan infomration
 265          */
 266         pv = kzalloc(sizeof(*pv), GFP_KERNEL);
 267         if (!pv)
 268                 return -ENOMEM;
 269
 270         pv->parent.br = br;
 271         err = __vlan_add(pv, vid, flags);
 272         if (err)
 273                 goto out;
 274
 275         rcu_assign_pointer(br->vlan_info, pv);
 276         return 0;
 277 out:
 278         kfree(pv);
 279         return err;
 280 }
 281
 282 /* Must be protected by RTNL */
 283 int br_vlan_delete(struct net_bridge *br, u16 vid)
 284 {
 285         struct net_port_vlans *pv;
 286
 287         ASSERT_RTNL();
 288
 289         pv = rtnl_dereference(br->vlan_info);
 290         if (!pv)
 291                 return -EINVAL;
 292
 293         if (vid) {
 294                 /* If the VID !=0 remove fdb for this vid. VID 0 is special
 295                  * in that it's the default and is always there in the fdb.
 296                  */
 297                 spin_lock_bh(&br->hash_lock);
 298                 fdb_delete_by_addr(br, br->dev->dev_addr, vid);
 299                 spin_unlock_bh(&br->hash_lock);
 300         }
 301
 302         __vlan_del(pv, vid);
 303         return 0;
 304 }
 305
 306 void br_vlan_flush(struct net_bridge *br)
 307 {
 308         struct net_port_vlans *pv;
 309
 310         ASSERT_RTNL();
 311         pv = rtnl_dereference(br->vlan_info);
 312         if (!pv)
 313                 return;
 314
 315         __vlan_flush(pv);
 316 }
 317
 318 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
 319 {
 320         if (!rtnl_trylock())
 321                 return restart_syscall();
 322
 323         if (br->vlan_enabled == val)
 324                 goto unlock;
 325
 326         br->vlan_enabled = val;
 327
 328 unlock:
 329         rtnl_unlock();
 330         return 0;
 331 }
 332
 333 /* Must be protected by RTNL */
 334 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
 335 {
 336         struct net_port_vlans *pv = NULL;
 337         int err;
 338
 339         ASSERT_RTNL();
 340
 341         pv = rtnl_dereference(port->vlan_info);
 342         if (pv)
 343                 return __vlan_add(pv, vid, flags);
 344
 345         /* Create port vlan infomration
 346          */
 347         pv = kzalloc(sizeof(*pv), GFP_KERNEL);
 348         if (!pv) {
 349                 err = -ENOMEM;
 350                 goto clean_up;
 351         }
 352
 353         pv->port_idx = port->port_no;
 354         pv->parent.port = port;
 355         err = __vlan_add(pv, vid, flags);
 356         if (err)
 357                 goto clean_up;
 358
 359         rcu_assign_pointer(port->vlan_info, pv);
 360         return 0;
 361
 362 clean_up:
 363         kfree(pv);
 364         return err;
 365 }
 366
 367 /* Must be protected by RTNL */
 368 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
 369 {
 370         struct net_port_vlans *pv;
 371
 372         ASSERT_RTNL();
 373
 374         pv = rtnl_dereference(port->vlan_info);
 375         if (!pv)
 376                 return -EINVAL;
 377
 378         if (vid) {
 379                 /* If the VID !=0 remove fdb for this vid. VID 0 is special
 380                  * in that it's the default and is always there in the fdb.
 381                  */
 382                 spin_lock_bh(&port->br->hash_lock);
 383                 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid);
 384                 spin_unlock_bh(&port->br->hash_lock);
 385         }
 386
 387         return __vlan_del(pv, vid);
 388 }
 389
 390 void nbp_vlan_flush(struct net_bridge_port *port)
 391 {
 392         struct net_port_vlans *pv;
 393
 394         ASSERT_RTNL();
 395
 396         pv = rtnl_dereference(port->vlan_info);
 397         if (!pv)
 398                 return;
 399
 400         __vlan_flush(pv);
 401 }
 402
 403 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
 404 {
 405         struct net_port_vlans *pv;
 406         bool found = false;
 407
 408         rcu_read_lock();
 409         pv = rcu_dereference(port->vlan_info);
 410
 411         if (!pv)
 412                 goto out;
 413
 414         if (test_bit(vid, pv->vlan_bitmap))
 415                 found = true;
 416
 417 out:
 418         rcu_read_unlock();
 419         return found;
 420 }