]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/bridge/br_vlan.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
[mirror_ubuntu-bionic-kernel.git] / net / bridge / br_vlan.c
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
6
7 #include "br_private.h"
8 #include "br_private_tunnel.h"
9
10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
11 const void *ptr)
12 {
13 const struct net_bridge_vlan *vle = ptr;
14 u16 vid = *(u16 *)arg->key;
15
16 return vle->vid != vid;
17 }
18
19 static const struct rhashtable_params br_vlan_rht_params = {
20 .head_offset = offsetof(struct net_bridge_vlan, vnode),
21 .key_offset = offsetof(struct net_bridge_vlan, vid),
22 .key_len = sizeof(u16),
23 .nelem_hint = 3,
24 .locks_mul = 1,
25 .max_size = VLAN_N_VID,
26 .obj_cmpfn = br_vlan_cmp,
27 .automatic_shrinking = true,
28 };
29
30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
31 {
32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
33 }
34
35 static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
36 {
37 if (vg->pvid == vid)
38 return false;
39
40 smp_wmb();
41 vg->pvid = vid;
42
43 return true;
44 }
45
46 static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
47 {
48 if (vg->pvid != vid)
49 return false;
50
51 smp_wmb();
52 vg->pvid = 0;
53
54 return true;
55 }
56
57 /* return true if anything changed, false otherwise */
58 static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
59 {
60 struct net_bridge_vlan_group *vg;
61 u16 old_flags = v->flags;
62 bool ret;
63
64 if (br_vlan_is_master(v))
65 vg = br_vlan_group(v->br);
66 else
67 vg = nbp_vlan_group(v->port);
68
69 if (flags & BRIDGE_VLAN_INFO_PVID)
70 ret = __vlan_add_pvid(vg, v->vid);
71 else
72 ret = __vlan_delete_pvid(vg, v->vid);
73
74 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
75 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
76 else
77 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
78
79 return ret || !!(old_flags ^ v->flags);
80 }
81
82 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
83 u16 vid, u16 flags)
84 {
85 struct switchdev_obj_port_vlan v = {
86 .obj.orig_dev = dev,
87 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
88 .flags = flags,
89 .vid_begin = vid,
90 .vid_end = vid,
91 };
92 int err;
93
94 /* Try switchdev op first. In case it is not supported, fallback to
95 * 8021q add.
96 */
97 err = switchdev_port_obj_add(dev, &v.obj);
98 if (err == -EOPNOTSUPP)
99 return vlan_vid_add(dev, br->vlan_proto, vid);
100 return err;
101 }
102
103 static void __vlan_add_list(struct net_bridge_vlan *v)
104 {
105 struct net_bridge_vlan_group *vg;
106 struct list_head *headp, *hpos;
107 struct net_bridge_vlan *vent;
108
109 if (br_vlan_is_master(v))
110 vg = br_vlan_group(v->br);
111 else
112 vg = nbp_vlan_group(v->port);
113
114 headp = &vg->vlan_list;
115 list_for_each_prev(hpos, headp) {
116 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
117 if (v->vid < vent->vid)
118 continue;
119 else
120 break;
121 }
122 list_add_rcu(&v->vlist, hpos);
123 }
124
125 static void __vlan_del_list(struct net_bridge_vlan *v)
126 {
127 list_del_rcu(&v->vlist);
128 }
129
130 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
131 u16 vid)
132 {
133 struct switchdev_obj_port_vlan v = {
134 .obj.orig_dev = dev,
135 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
136 .vid_begin = vid,
137 .vid_end = vid,
138 };
139 int err;
140
141 /* Try switchdev op first. In case it is not supported, fallback to
142 * 8021q del.
143 */
144 err = switchdev_port_obj_del(dev, &v.obj);
145 if (err == -EOPNOTSUPP) {
146 vlan_vid_del(dev, br->vlan_proto, vid);
147 return 0;
148 }
149 return err;
150 }
151
152 /* Returns a master vlan, if it didn't exist it gets created. In all cases a
153 * a reference is taken to the master vlan before returning.
154 */
155 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
156 {
157 struct net_bridge_vlan_group *vg;
158 struct net_bridge_vlan *masterv;
159
160 vg = br_vlan_group(br);
161 masterv = br_vlan_find(vg, vid);
162 if (!masterv) {
163 bool changed;
164
165 /* missing global ctx, create it now */
166 if (br_vlan_add(br, vid, 0, &changed))
167 return NULL;
168 masterv = br_vlan_find(vg, vid);
169 if (WARN_ON(!masterv))
170 return NULL;
171 refcount_set(&masterv->refcnt, 1);
172 return masterv;
173 }
174 refcount_inc(&masterv->refcnt);
175
176 return masterv;
177 }
178
179 static void br_master_vlan_rcu_free(struct rcu_head *rcu)
180 {
181 struct net_bridge_vlan *v;
182
183 v = container_of(rcu, struct net_bridge_vlan, rcu);
184 WARN_ON(!br_vlan_is_master(v));
185 free_percpu(v->stats);
186 v->stats = NULL;
187 kfree(v);
188 }
189
190 static void br_vlan_put_master(struct net_bridge_vlan *masterv)
191 {
192 struct net_bridge_vlan_group *vg;
193
194 if (!br_vlan_is_master(masterv))
195 return;
196
197 vg = br_vlan_group(masterv->br);
198 if (refcount_dec_and_test(&masterv->refcnt)) {
199 rhashtable_remove_fast(&vg->vlan_hash,
200 &masterv->vnode, br_vlan_rht_params);
201 __vlan_del_list(masterv);
202 call_rcu(&masterv->rcu, br_master_vlan_rcu_free);
203 }
204 }
205
206 /* This is the shared VLAN add function which works for both ports and bridge
207 * devices. There are four possible calls to this function in terms of the
208 * vlan entry type:
209 * 1. vlan is being added on a port (no master flags, global entry exists)
210 * 2. vlan is being added on a bridge (both master and brentry flags)
211 * 3. vlan is being added on a port, but a global entry didn't exist which
212 * is being created right now (master flag set, brentry flag unset), the
213 * global entry is used for global per-vlan features, but not for filtering
214 * 4. same as 3 but with both master and brentry flags set so the entry
215 * will be used for filtering in both the port and the bridge
216 */
217 static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
218 {
219 struct net_bridge_vlan *masterv = NULL;
220 struct net_bridge_port *p = NULL;
221 struct net_bridge_vlan_group *vg;
222 struct net_device *dev;
223 struct net_bridge *br;
224 int err;
225
226 if (br_vlan_is_master(v)) {
227 br = v->br;
228 dev = br->dev;
229 vg = br_vlan_group(br);
230 } else {
231 p = v->port;
232 br = p->br;
233 dev = p->dev;
234 vg = nbp_vlan_group(p);
235 }
236
237 if (p) {
238 /* Add VLAN to the device filter if it is supported.
239 * This ensures tagged traffic enters the bridge when
240 * promiscuous mode is disabled by br_manage_promisc().
241 */
242 err = __vlan_vid_add(dev, br, v->vid, flags);
243 if (err)
244 goto out;
245
246 /* need to work on the master vlan too */
247 if (flags & BRIDGE_VLAN_INFO_MASTER) {
248 bool changed;
249
250 err = br_vlan_add(br, v->vid,
251 flags | BRIDGE_VLAN_INFO_BRENTRY,
252 &changed);
253 if (err)
254 goto out_filt;
255 }
256
257 masterv = br_vlan_get_master(br, v->vid);
258 if (!masterv)
259 goto out_filt;
260 v->brvlan = masterv;
261 v->stats = masterv->stats;
262 }
263
264 /* Add the dev mac and count the vlan only if it's usable */
265 if (br_vlan_should_use(v)) {
266 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
267 if (err) {
268 br_err(br, "failed insert local address into bridge forwarding table\n");
269 goto out_filt;
270 }
271 vg->num_vlans++;
272 }
273
274 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
275 br_vlan_rht_params);
276 if (err)
277 goto out_fdb_insert;
278
279 __vlan_add_list(v);
280 __vlan_add_flags(v, flags);
281 out:
282 return err;
283
284 out_fdb_insert:
285 if (br_vlan_should_use(v)) {
286 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
287 vg->num_vlans--;
288 }
289
290 out_filt:
291 if (p) {
292 __vlan_vid_del(dev, br, v->vid);
293 if (masterv) {
294 br_vlan_put_master(masterv);
295 v->brvlan = NULL;
296 }
297 }
298
299 goto out;
300 }
301
302 static int __vlan_del(struct net_bridge_vlan *v)
303 {
304 struct net_bridge_vlan *masterv = v;
305 struct net_bridge_vlan_group *vg;
306 struct net_bridge_port *p = NULL;
307 int err = 0;
308
309 if (br_vlan_is_master(v)) {
310 vg = br_vlan_group(v->br);
311 } else {
312 p = v->port;
313 vg = nbp_vlan_group(v->port);
314 masterv = v->brvlan;
315 }
316
317 __vlan_delete_pvid(vg, v->vid);
318 if (p) {
319 err = __vlan_vid_del(p->dev, p->br, v->vid);
320 if (err)
321 goto out;
322 }
323
324 if (br_vlan_should_use(v)) {
325 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
326 vg->num_vlans--;
327 }
328
329 if (masterv != v) {
330 vlan_tunnel_info_del(vg, v);
331 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
332 br_vlan_rht_params);
333 __vlan_del_list(v);
334 kfree_rcu(v, rcu);
335 }
336
337 br_vlan_put_master(masterv);
338 out:
339 return err;
340 }
341
342 static void __vlan_group_free(struct net_bridge_vlan_group *vg)
343 {
344 WARN_ON(!list_empty(&vg->vlan_list));
345 rhashtable_destroy(&vg->vlan_hash);
346 vlan_tunnel_deinit(vg);
347 kfree(vg);
348 }
349
350 static void __vlan_flush(struct net_bridge_vlan_group *vg)
351 {
352 struct net_bridge_vlan *vlan, *tmp;
353
354 __vlan_delete_pvid(vg, vg->pvid);
355 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
356 __vlan_del(vlan);
357 }
358
359 struct sk_buff *br_handle_vlan(struct net_bridge *br,
360 const struct net_bridge_port *p,
361 struct net_bridge_vlan_group *vg,
362 struct sk_buff *skb)
363 {
364 struct br_vlan_stats *stats;
365 struct net_bridge_vlan *v;
366 u16 vid;
367
368 /* If this packet was not filtered at input, let it pass */
369 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
370 goto out;
371
372 /* At this point, we know that the frame was filtered and contains
373 * a valid vlan id. If the vlan id has untagged flag set,
374 * send untagged; otherwise, send tagged.
375 */
376 br_vlan_get_tag(skb, &vid);
377 v = br_vlan_find(vg, vid);
378 /* Vlan entry must be configured at this point. The
379 * only exception is the bridge is set in promisc mode and the
380 * packet is destined for the bridge device. In this case
381 * pass the packet as is.
382 */
383 if (!v || !br_vlan_should_use(v)) {
384 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
385 goto out;
386 } else {
387 kfree_skb(skb);
388 return NULL;
389 }
390 }
391 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
392 stats = this_cpu_ptr(v->stats);
393 u64_stats_update_begin(&stats->syncp);
394 stats->tx_bytes += skb->len;
395 stats->tx_packets++;
396 u64_stats_update_end(&stats->syncp);
397 }
398
399 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
400 skb->vlan_tci = 0;
401
402 if (p && (p->flags & BR_VLAN_TUNNEL) &&
403 br_handle_egress_vlan_tunnel(skb, v)) {
404 kfree_skb(skb);
405 return NULL;
406 }
407 out:
408 return skb;
409 }
410
411 /* Called under RCU */
412 static bool __allowed_ingress(const struct net_bridge *br,
413 struct net_bridge_vlan_group *vg,
414 struct sk_buff *skb, u16 *vid)
415 {
416 struct br_vlan_stats *stats;
417 struct net_bridge_vlan *v;
418 bool tagged;
419
420 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
421 /* If vlan tx offload is disabled on bridge device and frame was
422 * sent from vlan device on the bridge device, it does not have
423 * HW accelerated vlan tag.
424 */
425 if (unlikely(!skb_vlan_tag_present(skb) &&
426 skb->protocol == br->vlan_proto)) {
427 skb = skb_vlan_untag(skb);
428 if (unlikely(!skb))
429 return false;
430 }
431
432 if (!br_vlan_get_tag(skb, vid)) {
433 /* Tagged frame */
434 if (skb->vlan_proto != br->vlan_proto) {
435 /* Protocol-mismatch, empty out vlan_tci for new tag */
436 skb_push(skb, ETH_HLEN);
437 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
438 skb_vlan_tag_get(skb));
439 if (unlikely(!skb))
440 return false;
441
442 skb_pull(skb, ETH_HLEN);
443 skb_reset_mac_len(skb);
444 *vid = 0;
445 tagged = false;
446 } else {
447 tagged = true;
448 }
449 } else {
450 /* Untagged frame */
451 tagged = false;
452 }
453
454 if (!*vid) {
455 u16 pvid = br_get_pvid(vg);
456
457 /* Frame had a tag with VID 0 or did not have a tag.
458 * See if pvid is set on this port. That tells us which
459 * vlan untagged or priority-tagged traffic belongs to.
460 */
461 if (!pvid)
462 goto drop;
463
464 /* PVID is set on this port. Any untagged or priority-tagged
465 * ingress frame is considered to belong to this vlan.
466 */
467 *vid = pvid;
468 if (likely(!tagged))
469 /* Untagged Frame. */
470 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid);
471 else
472 /* Priority-tagged Frame.
473 * At this point, We know that skb->vlan_tci had
474 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
475 * We update only VID field and preserve PCP field.
476 */
477 skb->vlan_tci |= pvid;
478
479 /* if stats are disabled we can avoid the lookup */
480 if (!br_opt_get(br, BROPT_VLAN_STATS_ENABLED))
481 return true;
482 }
483 v = br_vlan_find(vg, *vid);
484 if (!v || !br_vlan_should_use(v))
485 goto drop;
486
487 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
488 stats = this_cpu_ptr(v->stats);
489 u64_stats_update_begin(&stats->syncp);
490 stats->rx_bytes += skb->len;
491 stats->rx_packets++;
492 u64_stats_update_end(&stats->syncp);
493 }
494
495 return true;
496
497 drop:
498 kfree_skb(skb);
499 return false;
500 }
501
502 bool br_allowed_ingress(const struct net_bridge *br,
503 struct net_bridge_vlan_group *vg, struct sk_buff *skb,
504 u16 *vid)
505 {
506 /* If VLAN filtering is disabled on the bridge, all packets are
507 * permitted.
508 */
509 if (!br_opt_get(br, BROPT_VLAN_ENABLED)) {
510 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
511 return true;
512 }
513
514 return __allowed_ingress(br, vg, skb, vid);
515 }
516
517 /* Called under RCU. */
518 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
519 const struct sk_buff *skb)
520 {
521 const struct net_bridge_vlan *v;
522 u16 vid;
523
524 /* If this packet was not filtered at input, let it pass */
525 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
526 return true;
527
528 br_vlan_get_tag(skb, &vid);
529 v = br_vlan_find(vg, vid);
530 if (v && br_vlan_should_use(v))
531 return true;
532
533 return false;
534 }
535
536 /* Called under RCU */
537 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
538 {
539 struct net_bridge_vlan_group *vg;
540 struct net_bridge *br = p->br;
541
542 /* If filtering was disabled at input, let it pass. */
543 if (!br_opt_get(br, BROPT_VLAN_ENABLED))
544 return true;
545
546 vg = nbp_vlan_group_rcu(p);
547 if (!vg || !vg->num_vlans)
548 return false;
549
550 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
551 *vid = 0;
552
553 if (!*vid) {
554 *vid = br_get_pvid(vg);
555 if (!*vid)
556 return false;
557
558 return true;
559 }
560
561 if (br_vlan_find(vg, *vid))
562 return true;
563
564 return false;
565 }
566
567 /* Must be protected by RTNL.
568 * Must be called with vid in range from 1 to 4094 inclusive.
569 * changed must be true only if the vlan was created or updated
570 */
571 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed)
572 {
573 struct net_bridge_vlan_group *vg;
574 struct net_bridge_vlan *vlan;
575 int ret;
576
577 ASSERT_RTNL();
578
579 *changed = false;
580 vg = br_vlan_group(br);
581 vlan = br_vlan_find(vg, vid);
582 if (vlan) {
583 if (!br_vlan_is_brentry(vlan)) {
584 /* Trying to change flags of non-existent bridge vlan */
585 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
586 return -EINVAL;
587 /* It was only kept for port vlans, now make it real */
588 ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
589 vlan->vid);
590 if (ret) {
591 br_err(br, "failed insert local address into bridge forwarding table\n");
592 return ret;
593 }
594 refcount_inc(&vlan->refcnt);
595 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
596 vg->num_vlans++;
597 *changed = true;
598 }
599 if (__vlan_add_flags(vlan, flags))
600 *changed = true;
601
602 return 0;
603 }
604
605 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
606 if (!vlan)
607 return -ENOMEM;
608
609 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
610 if (!vlan->stats) {
611 kfree(vlan);
612 return -ENOMEM;
613 }
614 vlan->vid = vid;
615 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
616 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
617 vlan->br = br;
618 if (flags & BRIDGE_VLAN_INFO_BRENTRY)
619 refcount_set(&vlan->refcnt, 1);
620 ret = __vlan_add(vlan, flags);
621 if (ret) {
622 free_percpu(vlan->stats);
623 kfree(vlan);
624 } else {
625 *changed = true;
626 }
627
628 return ret;
629 }
630
631 /* Must be protected by RTNL.
632 * Must be called with vid in range from 1 to 4094 inclusive.
633 */
634 int br_vlan_delete(struct net_bridge *br, u16 vid)
635 {
636 struct net_bridge_vlan_group *vg;
637 struct net_bridge_vlan *v;
638
639 ASSERT_RTNL();
640
641 vg = br_vlan_group(br);
642 v = br_vlan_find(vg, vid);
643 if (!v || !br_vlan_is_brentry(v))
644 return -ENOENT;
645
646 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
647 br_fdb_delete_by_port(br, NULL, vid, 0);
648
649 vlan_tunnel_info_del(vg, v);
650
651 return __vlan_del(v);
652 }
653
654 void br_vlan_flush(struct net_bridge *br)
655 {
656 struct net_bridge_vlan_group *vg;
657
658 ASSERT_RTNL();
659
660 /* delete auto-added default pvid local fdb before flushing vlans
661 * otherwise it will be leaked on bridge device init failure
662 */
663 br_fdb_delete_by_port(br, NULL, 0, 1);
664
665 vg = br_vlan_group(br);
666 __vlan_flush(vg);
667 RCU_INIT_POINTER(br->vlgrp, NULL);
668 synchronize_rcu();
669 __vlan_group_free(vg);
670 }
671
672 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
673 {
674 if (!vg)
675 return NULL;
676
677 return br_vlan_lookup(&vg->vlan_hash, vid);
678 }
679
680 /* Must be protected by RTNL. */
681 static void recalculate_group_addr(struct net_bridge *br)
682 {
683 if (br->group_addr_set)
684 return;
685
686 spin_lock_bh(&br->lock);
687 if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
688 br->vlan_proto == htons(ETH_P_8021Q)) {
689 /* Bridge Group Address */
690 br->group_addr[5] = 0x00;
691 } else { /* vlan_enabled && ETH_P_8021AD */
692 /* Provider Bridge Group Address */
693 br->group_addr[5] = 0x08;
694 }
695 spin_unlock_bh(&br->lock);
696 }
697
698 /* Must be protected by RTNL. */
699 void br_recalculate_fwd_mask(struct net_bridge *br)
700 {
701 if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
702 br->vlan_proto == htons(ETH_P_8021Q))
703 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
704 else /* vlan_enabled && ETH_P_8021AD */
705 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
706 ~(1u << br->group_addr[5]);
707 }
708
709 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
710 {
711 struct switchdev_attr attr = {
712 .orig_dev = br->dev,
713 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
714 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
715 .u.vlan_filtering = val,
716 };
717 int err;
718
719 if (br_opt_get(br, BROPT_VLAN_ENABLED) == !!val)
720 return 0;
721
722 err = switchdev_port_attr_set(br->dev, &attr);
723 if (err && err != -EOPNOTSUPP)
724 return err;
725
726 br_opt_toggle(br, BROPT_VLAN_ENABLED, !!val);
727 br_manage_promisc(br);
728 recalculate_group_addr(br);
729 br_recalculate_fwd_mask(br);
730
731 return 0;
732 }
733
734 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
735 {
736 return __br_vlan_filter_toggle(br, val);
737 }
738
739 bool br_vlan_enabled(const struct net_device *dev)
740 {
741 struct net_bridge *br = netdev_priv(dev);
742
743 return br_opt_get(br, BROPT_VLAN_ENABLED);
744 }
745 EXPORT_SYMBOL_GPL(br_vlan_enabled);
746
747 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
748 {
749 int err = 0;
750 struct net_bridge_port *p;
751 struct net_bridge_vlan *vlan;
752 struct net_bridge_vlan_group *vg;
753 __be16 oldproto;
754
755 if (br->vlan_proto == proto)
756 return 0;
757
758 /* Add VLANs for the new proto to the device filter. */
759 list_for_each_entry(p, &br->port_list, list) {
760 vg = nbp_vlan_group(p);
761 list_for_each_entry(vlan, &vg->vlan_list, vlist) {
762 err = vlan_vid_add(p->dev, proto, vlan->vid);
763 if (err)
764 goto err_filt;
765 }
766 }
767
768 oldproto = br->vlan_proto;
769 br->vlan_proto = proto;
770
771 recalculate_group_addr(br);
772 br_recalculate_fwd_mask(br);
773
774 /* Delete VLANs for the old proto from the device filter. */
775 list_for_each_entry(p, &br->port_list, list) {
776 vg = nbp_vlan_group(p);
777 list_for_each_entry(vlan, &vg->vlan_list, vlist)
778 vlan_vid_del(p->dev, oldproto, vlan->vid);
779 }
780
781 return 0;
782
783 err_filt:
784 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
785 vlan_vid_del(p->dev, proto, vlan->vid);
786
787 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
788 vg = nbp_vlan_group(p);
789 list_for_each_entry(vlan, &vg->vlan_list, vlist)
790 vlan_vid_del(p->dev, proto, vlan->vid);
791 }
792
793 return err;
794 }
795
796 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
797 {
798 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
799 return -EPROTONOSUPPORT;
800
801 return __br_vlan_set_proto(br, htons(val));
802 }
803
804 int br_vlan_set_stats(struct net_bridge *br, unsigned long val)
805 {
806 switch (val) {
807 case 0:
808 case 1:
809 br_opt_toggle(br, BROPT_VLAN_STATS_ENABLED, !!val);
810 break;
811 default:
812 return -EINVAL;
813 }
814
815 return 0;
816 }
817
818 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
819 {
820 struct net_bridge_vlan *v;
821
822 if (vid != vg->pvid)
823 return false;
824
825 v = br_vlan_lookup(&vg->vlan_hash, vid);
826 if (v && br_vlan_should_use(v) &&
827 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
828 return true;
829
830 return false;
831 }
832
833 static void br_vlan_disable_default_pvid(struct net_bridge *br)
834 {
835 struct net_bridge_port *p;
836 u16 pvid = br->default_pvid;
837
838 /* Disable default_pvid on all ports where it is still
839 * configured.
840 */
841 if (vlan_default_pvid(br_vlan_group(br), pvid))
842 br_vlan_delete(br, pvid);
843
844 list_for_each_entry(p, &br->port_list, list) {
845 if (vlan_default_pvid(nbp_vlan_group(p), pvid))
846 nbp_vlan_delete(p, pvid);
847 }
848
849 br->default_pvid = 0;
850 }
851
852 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
853 {
854 const struct net_bridge_vlan *pvent;
855 struct net_bridge_vlan_group *vg;
856 struct net_bridge_port *p;
857 unsigned long *changed;
858 bool vlchange;
859 u16 old_pvid;
860 int err = 0;
861
862 if (!pvid) {
863 br_vlan_disable_default_pvid(br);
864 return 0;
865 }
866
867 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
868 GFP_KERNEL);
869 if (!changed)
870 return -ENOMEM;
871
872 old_pvid = br->default_pvid;
873
874 /* Update default_pvid config only if we do not conflict with
875 * user configuration.
876 */
877 vg = br_vlan_group(br);
878 pvent = br_vlan_find(vg, pvid);
879 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
880 (!pvent || !br_vlan_should_use(pvent))) {
881 err = br_vlan_add(br, pvid,
882 BRIDGE_VLAN_INFO_PVID |
883 BRIDGE_VLAN_INFO_UNTAGGED |
884 BRIDGE_VLAN_INFO_BRENTRY,
885 &vlchange);
886 if (err)
887 goto out;
888 br_vlan_delete(br, old_pvid);
889 set_bit(0, changed);
890 }
891
892 list_for_each_entry(p, &br->port_list, list) {
893 /* Update default_pvid config only if we do not conflict with
894 * user configuration.
895 */
896 vg = nbp_vlan_group(p);
897 if ((old_pvid &&
898 !vlan_default_pvid(vg, old_pvid)) ||
899 br_vlan_find(vg, pvid))
900 continue;
901
902 err = nbp_vlan_add(p, pvid,
903 BRIDGE_VLAN_INFO_PVID |
904 BRIDGE_VLAN_INFO_UNTAGGED,
905 &vlchange);
906 if (err)
907 goto err_port;
908 nbp_vlan_delete(p, old_pvid);
909 set_bit(p->port_no, changed);
910 }
911
912 br->default_pvid = pvid;
913
914 out:
915 kfree(changed);
916 return err;
917
918 err_port:
919 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
920 if (!test_bit(p->port_no, changed))
921 continue;
922
923 if (old_pvid)
924 nbp_vlan_add(p, old_pvid,
925 BRIDGE_VLAN_INFO_PVID |
926 BRIDGE_VLAN_INFO_UNTAGGED,
927 &vlchange);
928 nbp_vlan_delete(p, pvid);
929 }
930
931 if (test_bit(0, changed)) {
932 if (old_pvid)
933 br_vlan_add(br, old_pvid,
934 BRIDGE_VLAN_INFO_PVID |
935 BRIDGE_VLAN_INFO_UNTAGGED |
936 BRIDGE_VLAN_INFO_BRENTRY,
937 &vlchange);
938 br_vlan_delete(br, pvid);
939 }
940 goto out;
941 }
942
943 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
944 {
945 u16 pvid = val;
946 int err = 0;
947
948 if (val >= VLAN_VID_MASK)
949 return -EINVAL;
950
951 if (pvid == br->default_pvid)
952 goto out;
953
954 /* Only allow default pvid change when filtering is disabled */
955 if (br_opt_get(br, BROPT_VLAN_ENABLED)) {
956 pr_info_once("Please disable vlan filtering to change default_pvid\n");
957 err = -EPERM;
958 goto out;
959 }
960 err = __br_vlan_set_default_pvid(br, pvid);
961 out:
962 return err;
963 }
964
965 int br_vlan_init(struct net_bridge *br)
966 {
967 struct net_bridge_vlan_group *vg;
968 int ret = -ENOMEM;
969 bool changed;
970
971 vg = kzalloc(sizeof(*vg), GFP_KERNEL);
972 if (!vg)
973 goto out;
974 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
975 if (ret)
976 goto err_rhtbl;
977 ret = vlan_tunnel_init(vg);
978 if (ret)
979 goto err_tunnel_init;
980 INIT_LIST_HEAD(&vg->vlan_list);
981 br->vlan_proto = htons(ETH_P_8021Q);
982 br->default_pvid = 1;
983 rcu_assign_pointer(br->vlgrp, vg);
984 ret = br_vlan_add(br, 1,
985 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
986 BRIDGE_VLAN_INFO_BRENTRY, &changed);
987 if (ret)
988 goto err_vlan_add;
989
990 out:
991 return ret;
992
993 err_vlan_add:
994 vlan_tunnel_deinit(vg);
995 err_tunnel_init:
996 rhashtable_destroy(&vg->vlan_hash);
997 err_rhtbl:
998 kfree(vg);
999
1000 goto out;
1001 }
1002
1003 int nbp_vlan_init(struct net_bridge_port *p)
1004 {
1005 struct switchdev_attr attr = {
1006 .orig_dev = p->br->dev,
1007 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
1008 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
1009 .u.vlan_filtering = br_opt_get(p->br, BROPT_VLAN_ENABLED),
1010 };
1011 struct net_bridge_vlan_group *vg;
1012 int ret = -ENOMEM;
1013
1014 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
1015 if (!vg)
1016 goto out;
1017
1018 ret = switchdev_port_attr_set(p->dev, &attr);
1019 if (ret && ret != -EOPNOTSUPP)
1020 goto err_vlan_enabled;
1021
1022 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1023 if (ret)
1024 goto err_rhtbl;
1025 ret = vlan_tunnel_init(vg);
1026 if (ret)
1027 goto err_tunnel_init;
1028 INIT_LIST_HEAD(&vg->vlan_list);
1029 rcu_assign_pointer(p->vlgrp, vg);
1030 if (p->br->default_pvid) {
1031 bool changed;
1032
1033 ret = nbp_vlan_add(p, p->br->default_pvid,
1034 BRIDGE_VLAN_INFO_PVID |
1035 BRIDGE_VLAN_INFO_UNTAGGED,
1036 &changed);
1037 if (ret)
1038 goto err_vlan_add;
1039 }
1040 out:
1041 return ret;
1042
1043 err_vlan_add:
1044 RCU_INIT_POINTER(p->vlgrp, NULL);
1045 synchronize_rcu();
1046 vlan_tunnel_deinit(vg);
1047 err_tunnel_init:
1048 rhashtable_destroy(&vg->vlan_hash);
1049 err_rhtbl:
1050 err_vlan_enabled:
1051 kfree(vg);
1052
1053 goto out;
1054 }
1055
1056 /* Must be protected by RTNL.
1057 * Must be called with vid in range from 1 to 4094 inclusive.
1058 * changed must be true only if the vlan was created or updated
1059 */
1060 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags,
1061 bool *changed)
1062 {
1063 struct switchdev_obj_port_vlan v = {
1064 .obj.orig_dev = port->dev,
1065 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
1066 .flags = flags,
1067 .vid_begin = vid,
1068 .vid_end = vid,
1069 };
1070 struct net_bridge_vlan *vlan;
1071 int ret;
1072
1073 ASSERT_RTNL();
1074
1075 *changed = false;
1076 vlan = br_vlan_find(nbp_vlan_group(port), vid);
1077 if (vlan) {
1078 /* Pass the flags to the hardware bridge */
1079 ret = switchdev_port_obj_add(port->dev, &v.obj);
1080 if (ret && ret != -EOPNOTSUPP)
1081 return ret;
1082 *changed = __vlan_add_flags(vlan, flags);
1083
1084 return 0;
1085 }
1086
1087 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
1088 if (!vlan)
1089 return -ENOMEM;
1090
1091 vlan->vid = vid;
1092 vlan->port = port;
1093 ret = __vlan_add(vlan, flags);
1094 if (ret)
1095 kfree(vlan);
1096 else
1097 *changed = true;
1098
1099 return ret;
1100 }
1101
1102 /* Must be protected by RTNL.
1103 * Must be called with vid in range from 1 to 4094 inclusive.
1104 */
1105 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
1106 {
1107 struct net_bridge_vlan *v;
1108
1109 ASSERT_RTNL();
1110
1111 v = br_vlan_find(nbp_vlan_group(port), vid);
1112 if (!v)
1113 return -ENOENT;
1114 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1115 br_fdb_delete_by_port(port->br, port, vid, 0);
1116
1117 return __vlan_del(v);
1118 }
1119
1120 void nbp_vlan_flush(struct net_bridge_port *port)
1121 {
1122 struct net_bridge_vlan_group *vg;
1123
1124 ASSERT_RTNL();
1125
1126 vg = nbp_vlan_group(port);
1127 __vlan_flush(vg);
1128 RCU_INIT_POINTER(port->vlgrp, NULL);
1129 synchronize_rcu();
1130 __vlan_group_free(vg);
1131 }
1132
1133 void br_vlan_get_stats(const struct net_bridge_vlan *v,
1134 struct br_vlan_stats *stats)
1135 {
1136 int i;
1137
1138 memset(stats, 0, sizeof(*stats));
1139 for_each_possible_cpu(i) {
1140 u64 rxpackets, rxbytes, txpackets, txbytes;
1141 struct br_vlan_stats *cpu_stats;
1142 unsigned int start;
1143
1144 cpu_stats = per_cpu_ptr(v->stats, i);
1145 do {
1146 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
1147 rxpackets = cpu_stats->rx_packets;
1148 rxbytes = cpu_stats->rx_bytes;
1149 txbytes = cpu_stats->tx_bytes;
1150 txpackets = cpu_stats->tx_packets;
1151 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
1152
1153 stats->rx_packets += rxpackets;
1154 stats->rx_bytes += rxbytes;
1155 stats->tx_bytes += txbytes;
1156 stats->tx_packets += txpackets;
1157 }
1158 }
ubuntu-bionic-kernel mirror