1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
7 #include "br_private.h"
9 static void __vlan_add_pvid(struct net_port_vlans
*v
, u16 vid
)
18 static void __vlan_delete_pvid(struct net_port_vlans
*v
, u16 vid
)
27 static void __vlan_add_flags(struct net_port_vlans
*v
, u16 vid
, u16 flags
)
29 if (flags
& BRIDGE_VLAN_INFO_PVID
)
30 __vlan_add_pvid(v
, vid
);
32 __vlan_delete_pvid(v
, vid
);
34 if (flags
& BRIDGE_VLAN_INFO_UNTAGGED
)
35 set_bit(vid
, v
->untagged_bitmap
);
37 clear_bit(vid
, v
->untagged_bitmap
);
40 static int __vlan_vid_add(struct net_device
*dev
, struct net_bridge
*br
,
43 const struct net_device_ops
*ops
= dev
->netdev_ops
;
46 /* If driver uses VLAN ndo ops, use 8021q to install vid
47 * on device, otherwise try switchdev ops to install vid.
50 if (ops
->ndo_vlan_rx_add_vid
) {
51 err
= vlan_vid_add(dev
, br
->vlan_proto
, vid
);
53 struct switchdev_obj vlan_obj
= {
54 .id
= SWITCHDEV_OBJ_PORT_VLAN
,
62 err
= switchdev_port_obj_add(dev
, &vlan_obj
);
63 if (err
== -EOPNOTSUPP
)
70 static int __vlan_add(struct net_port_vlans
*v
, u16 vid
, u16 flags
)
72 struct net_bridge_port
*p
= NULL
;
73 struct net_bridge
*br
;
74 struct net_device
*dev
;
77 if (test_bit(vid
, v
->vlan_bitmap
)) {
78 __vlan_add_flags(v
, vid
, flags
);
92 /* Add VLAN to the device filter if it is supported.
93 * This ensures tagged traffic enters the bridge when
94 * promiscuous mode is disabled by br_manage_promisc().
96 err
= __vlan_vid_add(dev
, br
, vid
, flags
);
101 err
= br_fdb_insert(br
, p
, dev
->dev_addr
, vid
);
103 br_err(br
, "failed insert local address into bridge "
104 "forwarding table\n");
108 set_bit(vid
, v
->vlan_bitmap
);
110 __vlan_add_flags(v
, vid
, flags
);
116 vlan_vid_del(dev
, br
->vlan_proto
, vid
);
120 static int __vlan_vid_del(struct net_device
*dev
, struct net_bridge
*br
,
123 const struct net_device_ops
*ops
= dev
->netdev_ops
;
126 /* If driver uses VLAN ndo ops, use 8021q to delete vid
127 * on device, otherwise try switchdev ops to delete vid.
130 if (ops
->ndo_vlan_rx_kill_vid
) {
131 vlan_vid_del(dev
, br
->vlan_proto
, vid
);
133 struct switchdev_obj vlan_obj
= {
134 .id
= SWITCHDEV_OBJ_PORT_VLAN
,
141 err
= switchdev_port_obj_del(dev
, &vlan_obj
);
142 if (err
== -EOPNOTSUPP
)
149 static int __vlan_del(struct net_port_vlans
*v
, u16 vid
)
151 if (!test_bit(vid
, v
->vlan_bitmap
))
154 __vlan_delete_pvid(v
, vid
);
155 clear_bit(vid
, v
->untagged_bitmap
);
158 struct net_bridge_port
*p
= v
->parent
.port
;
161 err
= __vlan_vid_del(p
->dev
, p
->br
, vid
);
166 clear_bit(vid
, v
->vlan_bitmap
);
168 if (bitmap_empty(v
->vlan_bitmap
, VLAN_N_VID
)) {
170 RCU_INIT_POINTER(v
->parent
.port
->vlan_info
, NULL
);
172 RCU_INIT_POINTER(v
->parent
.br
->vlan_info
, NULL
);
178 static void __vlan_flush(struct net_port_vlans
*v
)
182 bitmap_zero(v
->vlan_bitmap
, VLAN_N_VID
);
184 RCU_INIT_POINTER(v
->parent
.port
->vlan_info
, NULL
);
186 RCU_INIT_POINTER(v
->parent
.br
->vlan_info
, NULL
);
190 struct sk_buff
*br_handle_vlan(struct net_bridge
*br
,
191 const struct net_port_vlans
*pv
,
196 /* If this packet was not filtered at input, let it pass */
197 if (!BR_INPUT_SKB_CB(skb
)->vlan_filtered
)
200 /* Vlan filter table must be configured at this point. The
201 * only exception is the bridge is set in promisc mode and the
202 * packet is destined for the bridge device. In this case
203 * pass the packet as is.
206 if ((br
->dev
->flags
& IFF_PROMISC
) && skb
->dev
== br
->dev
) {
214 /* At this point, we know that the frame was filtered and contains
215 * a valid vlan id. If the vlan id is set in the untagged bitmap,
216 * send untagged; otherwise, send tagged.
218 br_vlan_get_tag(skb
, &vid
);
219 if (test_bit(vid
, pv
->untagged_bitmap
))
226 /* Called under RCU */
227 bool br_allowed_ingress(struct net_bridge
*br
, struct net_port_vlans
*v
,
228 struct sk_buff
*skb
, u16
*vid
)
233 /* If VLAN filtering is disabled on the bridge, all packets are
236 if (!br
->vlan_enabled
) {
237 BR_INPUT_SKB_CB(skb
)->vlan_filtered
= false;
241 /* If there are no vlan in the permitted list, all packets are
247 BR_INPUT_SKB_CB(skb
)->vlan_filtered
= true;
248 proto
= br
->vlan_proto
;
250 /* If vlan tx offload is disabled on bridge device and frame was
251 * sent from vlan device on the bridge device, it does not have
252 * HW accelerated vlan tag.
254 if (unlikely(!skb_vlan_tag_present(skb
) &&
255 skb
->protocol
== proto
)) {
256 skb
= skb_vlan_untag(skb
);
261 if (!br_vlan_get_tag(skb
, vid
)) {
263 if (skb
->vlan_proto
!= proto
) {
264 /* Protocol-mismatch, empty out vlan_tci for new tag */
265 skb_push(skb
, ETH_HLEN
);
266 skb
= vlan_insert_tag_set_proto(skb
, skb
->vlan_proto
,
267 skb_vlan_tag_get(skb
));
271 skb_pull(skb
, ETH_HLEN
);
272 skb_reset_mac_len(skb
);
284 u16 pvid
= br_get_pvid(v
);
286 /* Frame had a tag with VID 0 or did not have a tag.
287 * See if pvid is set on this port. That tells us which
288 * vlan untagged or priority-tagged traffic belongs to.
293 /* PVID is set on this port. Any untagged or priority-tagged
294 * ingress frame is considered to belong to this vlan.
298 /* Untagged Frame. */
299 __vlan_hwaccel_put_tag(skb
, proto
, pvid
);
301 /* Priority-tagged Frame.
302 * At this point, We know that skb->vlan_tci had
303 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
304 * We update only VID field and preserve PCP field.
306 skb
->vlan_tci
|= pvid
;
311 /* Frame had a valid vlan tag. See if vlan is allowed */
312 if (test_bit(*vid
, v
->vlan_bitmap
))
319 /* Called under RCU. */
320 bool br_allowed_egress(struct net_bridge
*br
,
321 const struct net_port_vlans
*v
,
322 const struct sk_buff
*skb
)
326 /* If this packet was not filtered at input, let it pass */
327 if (!BR_INPUT_SKB_CB(skb
)->vlan_filtered
)
333 br_vlan_get_tag(skb
, &vid
);
334 if (test_bit(vid
, v
->vlan_bitmap
))
340 /* Called under RCU */
341 bool br_should_learn(struct net_bridge_port
*p
, struct sk_buff
*skb
, u16
*vid
)
343 struct net_bridge
*br
= p
->br
;
344 struct net_port_vlans
*v
;
346 /* If filtering was disabled at input, let it pass. */
347 if (!br
->vlan_enabled
)
350 v
= rcu_dereference(p
->vlan_info
);
354 if (!br_vlan_get_tag(skb
, vid
) && skb
->vlan_proto
!= br
->vlan_proto
)
358 *vid
= br_get_pvid(v
);
365 if (test_bit(*vid
, v
->vlan_bitmap
))
371 /* Must be protected by RTNL.
372 * Must be called with vid in range from 1 to 4094 inclusive.
374 int br_vlan_add(struct net_bridge
*br
, u16 vid
, u16 flags
)
376 struct net_port_vlans
*pv
= NULL
;
381 pv
= rtnl_dereference(br
->vlan_info
);
383 return __vlan_add(pv
, vid
, flags
);
385 /* Create port vlan infomration
387 pv
= kzalloc(sizeof(*pv
), GFP_KERNEL
);
392 err
= __vlan_add(pv
, vid
, flags
);
396 rcu_assign_pointer(br
->vlan_info
, pv
);
403 /* Must be protected by RTNL.
404 * Must be called with vid in range from 1 to 4094 inclusive.
406 int br_vlan_delete(struct net_bridge
*br
, u16 vid
)
408 struct net_port_vlans
*pv
;
412 pv
= rtnl_dereference(br
->vlan_info
);
416 br_fdb_find_delete_local(br
, NULL
, br
->dev
->dev_addr
, vid
);
422 void br_vlan_flush(struct net_bridge
*br
)
424 struct net_port_vlans
*pv
;
427 pv
= rtnl_dereference(br
->vlan_info
);
434 bool br_vlan_find(struct net_bridge
*br
, u16 vid
)
436 struct net_port_vlans
*pv
;
440 pv
= rcu_dereference(br
->vlan_info
);
445 if (test_bit(vid
, pv
->vlan_bitmap
))
453 /* Must be protected by RTNL. */
454 static void recalculate_group_addr(struct net_bridge
*br
)
456 if (br
->group_addr_set
)
459 spin_lock_bh(&br
->lock
);
460 if (!br
->vlan_enabled
|| br
->vlan_proto
== htons(ETH_P_8021Q
)) {
461 /* Bridge Group Address */
462 br
->group_addr
[5] = 0x00;
463 } else { /* vlan_enabled && ETH_P_8021AD */
464 /* Provider Bridge Group Address */
465 br
->group_addr
[5] = 0x08;
467 spin_unlock_bh(&br
->lock
);
470 /* Must be protected by RTNL. */
471 void br_recalculate_fwd_mask(struct net_bridge
*br
)
473 if (!br
->vlan_enabled
|| br
->vlan_proto
== htons(ETH_P_8021Q
))
474 br
->group_fwd_mask_required
= BR_GROUPFWD_DEFAULT
;
475 else /* vlan_enabled && ETH_P_8021AD */
476 br
->group_fwd_mask_required
= BR_GROUPFWD_8021AD
&
477 ~(1u << br
->group_addr
[5]);
480 int __br_vlan_filter_toggle(struct net_bridge
*br
, unsigned long val
)
482 if (br
->vlan_enabled
== val
)
485 br
->vlan_enabled
= val
;
486 br_manage_promisc(br
);
487 recalculate_group_addr(br
);
488 br_recalculate_fwd_mask(br
);
493 int br_vlan_filter_toggle(struct net_bridge
*br
, unsigned long val
)
496 return restart_syscall();
498 __br_vlan_filter_toggle(br
, val
);
504 int __br_vlan_set_proto(struct net_bridge
*br
, __be16 proto
)
507 struct net_bridge_port
*p
;
508 struct net_port_vlans
*pv
;
512 if (br
->vlan_proto
== proto
)
515 /* Add VLANs for the new proto to the device filter. */
516 list_for_each_entry(p
, &br
->port_list
, list
) {
517 pv
= rtnl_dereference(p
->vlan_info
);
521 for_each_set_bit(vid
, pv
->vlan_bitmap
, VLAN_N_VID
) {
522 err
= vlan_vid_add(p
->dev
, proto
, vid
);
528 oldproto
= br
->vlan_proto
;
529 br
->vlan_proto
= proto
;
531 recalculate_group_addr(br
);
532 br_recalculate_fwd_mask(br
);
534 /* Delete VLANs for the old proto from the device filter. */
535 list_for_each_entry(p
, &br
->port_list
, list
) {
536 pv
= rtnl_dereference(p
->vlan_info
);
540 for_each_set_bit(vid
, pv
->vlan_bitmap
, VLAN_N_VID
)
541 vlan_vid_del(p
->dev
, oldproto
, vid
);
548 for_each_set_bit(vid
, pv
->vlan_bitmap
, errvid
)
549 vlan_vid_del(p
->dev
, proto
, vid
);
551 list_for_each_entry_continue_reverse(p
, &br
->port_list
, list
) {
552 pv
= rtnl_dereference(p
->vlan_info
);
556 for_each_set_bit(vid
, pv
->vlan_bitmap
, VLAN_N_VID
)
557 vlan_vid_del(p
->dev
, proto
, vid
);
563 int br_vlan_set_proto(struct net_bridge
*br
, unsigned long val
)
567 if (val
!= ETH_P_8021Q
&& val
!= ETH_P_8021AD
)
568 return -EPROTONOSUPPORT
;
571 return restart_syscall();
573 err
= __br_vlan_set_proto(br
, htons(val
));
579 static bool vlan_default_pvid(struct net_port_vlans
*pv
, u16 vid
)
581 return pv
&& vid
== pv
->pvid
&& test_bit(vid
, pv
->untagged_bitmap
);
584 static void br_vlan_disable_default_pvid(struct net_bridge
*br
)
586 struct net_bridge_port
*p
;
587 u16 pvid
= br
->default_pvid
;
589 /* Disable default_pvid on all ports where it is still
592 if (vlan_default_pvid(br_get_vlan_info(br
), pvid
))
593 br_vlan_delete(br
, pvid
);
595 list_for_each_entry(p
, &br
->port_list
, list
) {
596 if (vlan_default_pvid(nbp_get_vlan_info(p
), pvid
))
597 nbp_vlan_delete(p
, pvid
);
600 br
->default_pvid
= 0;
603 static int __br_vlan_set_default_pvid(struct net_bridge
*br
, u16 pvid
)
605 struct net_bridge_port
*p
;
608 unsigned long *changed
;
610 changed
= kcalloc(BITS_TO_LONGS(BR_MAX_PORTS
), sizeof(unsigned long),
615 old_pvid
= br
->default_pvid
;
617 /* Update default_pvid config only if we do not conflict with
618 * user configuration.
620 if ((!old_pvid
|| vlan_default_pvid(br_get_vlan_info(br
), old_pvid
)) &&
621 !br_vlan_find(br
, pvid
)) {
622 err
= br_vlan_add(br
, pvid
,
623 BRIDGE_VLAN_INFO_PVID
|
624 BRIDGE_VLAN_INFO_UNTAGGED
);
627 br_vlan_delete(br
, old_pvid
);
631 list_for_each_entry(p
, &br
->port_list
, list
) {
632 /* Update default_pvid config only if we do not conflict with
633 * user configuration.
636 !vlan_default_pvid(nbp_get_vlan_info(p
), old_pvid
)) ||
637 nbp_vlan_find(p
, pvid
))
640 err
= nbp_vlan_add(p
, pvid
,
641 BRIDGE_VLAN_INFO_PVID
|
642 BRIDGE_VLAN_INFO_UNTAGGED
);
645 nbp_vlan_delete(p
, old_pvid
);
646 set_bit(p
->port_no
, changed
);
649 br
->default_pvid
= pvid
;
656 list_for_each_entry_continue_reverse(p
, &br
->port_list
, list
) {
657 if (!test_bit(p
->port_no
, changed
))
661 nbp_vlan_add(p
, old_pvid
,
662 BRIDGE_VLAN_INFO_PVID
|
663 BRIDGE_VLAN_INFO_UNTAGGED
);
664 nbp_vlan_delete(p
, pvid
);
667 if (test_bit(0, changed
)) {
669 br_vlan_add(br
, old_pvid
,
670 BRIDGE_VLAN_INFO_PVID
|
671 BRIDGE_VLAN_INFO_UNTAGGED
);
672 br_vlan_delete(br
, pvid
);
677 int br_vlan_set_default_pvid(struct net_bridge
*br
, unsigned long val
)
682 if (val
>= VLAN_VID_MASK
)
686 return restart_syscall();
688 if (pvid
== br
->default_pvid
)
691 /* Only allow default pvid change when filtering is disabled */
692 if (br
->vlan_enabled
) {
693 pr_info_once("Please disable vlan filtering to change default_pvid\n");
699 br_vlan_disable_default_pvid(br
);
701 err
= __br_vlan_set_default_pvid(br
, pvid
);
708 int br_vlan_init(struct net_bridge
*br
)
710 br
->vlan_proto
= htons(ETH_P_8021Q
);
711 br
->default_pvid
= 1;
712 return br_vlan_add(br
, 1,
713 BRIDGE_VLAN_INFO_PVID
| BRIDGE_VLAN_INFO_UNTAGGED
);
716 /* Must be protected by RTNL.
717 * Must be called with vid in range from 1 to 4094 inclusive.
719 int nbp_vlan_add(struct net_bridge_port
*port
, u16 vid
, u16 flags
)
721 struct net_port_vlans
*pv
= NULL
;
726 pv
= rtnl_dereference(port
->vlan_info
);
728 return __vlan_add(pv
, vid
, flags
);
730 /* Create port vlan infomration
732 pv
= kzalloc(sizeof(*pv
), GFP_KERNEL
);
738 pv
->port_idx
= port
->port_no
;
739 pv
->parent
.port
= port
;
740 err
= __vlan_add(pv
, vid
, flags
);
744 rcu_assign_pointer(port
->vlan_info
, pv
);
752 /* Must be protected by RTNL.
753 * Must be called with vid in range from 1 to 4094 inclusive.
755 int nbp_vlan_delete(struct net_bridge_port
*port
, u16 vid
)
757 struct net_port_vlans
*pv
;
761 pv
= rtnl_dereference(port
->vlan_info
);
765 br_fdb_find_delete_local(port
->br
, port
, port
->dev
->dev_addr
, vid
);
766 br_fdb_delete_by_port(port
->br
, port
, vid
, 0);
768 return __vlan_del(pv
, vid
);
771 void nbp_vlan_flush(struct net_bridge_port
*port
)
773 struct net_port_vlans
*pv
;
778 pv
= rtnl_dereference(port
->vlan_info
);
782 for_each_set_bit(vid
, pv
->vlan_bitmap
, VLAN_N_VID
)
783 vlan_vid_del(port
->dev
, port
->br
->vlan_proto
, vid
);
788 bool nbp_vlan_find(struct net_bridge_port
*port
, u16 vid
)
790 struct net_port_vlans
*pv
;
794 pv
= rcu_dereference(port
->vlan_info
);
799 if (test_bit(vid
, pv
->vlan_bitmap
))
807 int nbp_vlan_init(struct net_bridge_port
*p
)
809 return p
->br
->default_pvid
?
810 nbp_vlan_add(p
, p
->br
->default_pvid
,
811 BRIDGE_VLAN_INFO_PVID
|
812 BRIDGE_VLAN_INFO_UNTAGGED
) :