1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
7 #include "br_private.h"
9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
12 const struct net_bridge_vlan *vle = ptr;
13 u16 vid = *(u16 *)arg->key;
15 return vle->vid != vid;
18 static const struct rhashtable_params br_vlan_rht_params = {
19 .head_offset = offsetof(struct net_bridge_vlan, vnode),
20 .key_offset = offsetof(struct net_bridge_vlan, vid),
21 .key_len = sizeof(u16),
24 .max_size = VLAN_N_VID,
25 .obj_cmpfn = br_vlan_cmp,
26 .automatic_shrinking = true,
29 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
31 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
34 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
43 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
52 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
54 struct net_bridge_vlan_group *vg;
56 if (br_vlan_is_master(v))
61 if (flags & BRIDGE_VLAN_INFO_PVID)
62 __vlan_add_pvid(vg, v->vid);
64 __vlan_delete_pvid(vg, v->vid);
66 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
67 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
69 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
72 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
75 const struct net_device_ops *ops = dev->netdev_ops;
78 /* If driver uses VLAN ndo ops, use 8021q to install vid
79 * on device, otherwise try switchdev ops to install vid.
82 if (ops->ndo_vlan_rx_add_vid) {
83 err = vlan_vid_add(dev, br->vlan_proto, vid);
85 struct switchdev_obj_vlan v = {
91 err = switchdev_port_obj_add(dev, SWITCHDEV_OBJ_PORT_VLAN, &v);
92 if (err == -EOPNOTSUPP)
99 static void __vlan_add_list(struct net_bridge_vlan *v)
101 struct list_head *headp, *hpos;
102 struct net_bridge_vlan *vent;
104 headp = br_vlan_is_master(v) ? &v->br->vlgrp->vlan_list :
105 &v->port->vlgrp->vlan_list;
106 list_for_each_prev(hpos, headp) {
107 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
108 if (v->vid < vent->vid)
113 list_add(&v->vlist, hpos);
116 static void __vlan_del_list(struct net_bridge_vlan *v)
121 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
124 const struct net_device_ops *ops = dev->netdev_ops;
127 /* If driver uses VLAN ndo ops, use 8021q to delete vid
128 * on device, otherwise try switchdev ops to delete vid.
131 if (ops->ndo_vlan_rx_kill_vid) {
132 vlan_vid_del(dev, br->vlan_proto, vid);
134 struct switchdev_obj_vlan v = {
139 err = switchdev_port_obj_del(dev, SWITCHDEV_OBJ_PORT_VLAN, &v);
140 if (err == -EOPNOTSUPP)
147 /* This is the shared VLAN add function which works for both ports and bridge
148 * devices. There are four possible calls to this function in terms of the
150 * 1. vlan is being added on a port (no master flags, global entry exists)
151 * 2. vlan is being added on a bridge (both master and brvlan flags)
152 * 3. vlan is being added on a port, but a global entry didn't exist which
153 * is being created right now (master flag set, brvlan flag unset), the
154 * global entry is used for global per-vlan features, but not for filtering
155 * 4. same as 3 but with both master and brvlan flags set so the entry
156 * will be used for filtering in both the port and the bridge
158 static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
160 struct net_bridge_vlan *masterv = NULL;
161 struct net_bridge_port *p = NULL;
162 struct rhashtable *tbl;
163 struct net_device *dev;
164 struct net_bridge *br;
167 if (br_vlan_is_master(v)) {
170 tbl = &br->vlgrp->vlan_hash;
175 tbl = &p->vlgrp->vlan_hash;
179 u16 master_flags = flags;
181 /* Add VLAN to the device filter if it is supported.
182 * This ensures tagged traffic enters the bridge when
183 * promiscuous mode is disabled by br_manage_promisc().
185 err = __vlan_vid_add(dev, br, v->vid, flags);
189 /* need to work on the master vlan too */
190 if (flags & BRIDGE_VLAN_INFO_MASTER) {
191 master_flags |= BRIDGE_VLAN_INFO_BRENTRY;
192 err = br_vlan_add(br, v->vid, master_flags);
197 masterv = br_vlan_find(br->vlgrp, v->vid);
199 /* missing global ctx, create it now */
200 err = br_vlan_add(br, v->vid, master_flags);
203 masterv = br_vlan_find(br->vlgrp, v->vid);
206 atomic_inc(&masterv->refcnt);
210 /* Add the dev mac only if it's a usable vlan */
211 if (br_vlan_should_use(v)) {
212 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
214 br_err(br, "failed insert local address into bridge forwarding table\n");
219 err = rhashtable_lookup_insert_fast(tbl, &v->vnode, br_vlan_rht_params);
224 __vlan_add_flags(v, flags);
225 if (br_vlan_is_master(v)) {
226 if (br_vlan_is_brentry(v))
227 br->vlgrp->num_vlans++;
229 p->vlgrp->num_vlans++;
235 br_fdb_find_delete_local(br, p, br->dev->dev_addr, v->vid);
239 __vlan_vid_del(dev, br, v->vid);
241 atomic_dec(&masterv->refcnt);
249 static int __vlan_del(struct net_bridge_vlan *v)
251 struct net_bridge_vlan *masterv = v;
252 struct net_bridge_vlan_group *vg;
253 struct net_bridge_port *p = NULL;
254 struct net_bridge *br;
257 if (br_vlan_is_master(v)) {
267 __vlan_delete_pvid(vg, v->vid);
269 err = __vlan_vid_del(p->dev, p->br, v->vid);
274 if (br_vlan_is_master(v)) {
275 if (br_vlan_is_brentry(v)) {
276 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
277 br->vlgrp->num_vlans--;
280 p->vlgrp->num_vlans--;
284 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
290 if (atomic_dec_and_test(&masterv->refcnt)) {
291 rhashtable_remove_fast(&masterv->br->vlgrp->vlan_hash,
292 &masterv->vnode, br_vlan_rht_params);
293 __vlan_del_list(masterv);
294 kfree_rcu(masterv, rcu);
300 static void __vlan_flush(struct net_bridge_vlan_group *vlgrp)
302 struct net_bridge_vlan *vlan, *tmp;
304 __vlan_delete_pvid(vlgrp, vlgrp->pvid);
305 list_for_each_entry_safe(vlan, tmp, &vlgrp->vlan_list, vlist)
307 rhashtable_destroy(&vlgrp->vlan_hash);
311 struct sk_buff *br_handle_vlan(struct net_bridge *br,
312 struct net_bridge_vlan_group *vg,
315 struct net_bridge_vlan *v;
318 /* If this packet was not filtered at input, let it pass */
319 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
322 /* At this point, we know that the frame was filtered and contains
323 * a valid vlan id. If the vlan id has untagged flag set,
324 * send untagged; otherwise, send tagged.
326 br_vlan_get_tag(skb, &vid);
327 v = br_vlan_find(vg, vid);
328 /* Vlan entry must be configured at this point. The
329 * only exception is the bridge is set in promisc mode and the
330 * packet is destined for the bridge device. In this case
331 * pass the packet as is.
333 if (!v || !br_vlan_should_use(v)) {
334 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
341 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
348 /* Called under RCU */
349 static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto,
350 struct sk_buff *skb, u16 *vid)
352 const struct net_bridge_vlan *v;
355 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
356 /* If vlan tx offload is disabled on bridge device and frame was
357 * sent from vlan device on the bridge device, it does not have
358 * HW accelerated vlan tag.
360 if (unlikely(!skb_vlan_tag_present(skb) &&
361 skb->protocol == proto)) {
362 skb = skb_vlan_untag(skb);
367 if (!br_vlan_get_tag(skb, vid)) {
369 if (skb->vlan_proto != proto) {
370 /* Protocol-mismatch, empty out vlan_tci for new tag */
371 skb_push(skb, ETH_HLEN);
372 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
373 skb_vlan_tag_get(skb));
377 skb_pull(skb, ETH_HLEN);
378 skb_reset_mac_len(skb);
390 u16 pvid = br_get_pvid(vg);
392 /* Frame had a tag with VID 0 or did not have a tag.
393 * See if pvid is set on this port. That tells us which
394 * vlan untagged or priority-tagged traffic belongs to.
399 /* PVID is set on this port. Any untagged or priority-tagged
400 * ingress frame is considered to belong to this vlan.
404 /* Untagged Frame. */
405 __vlan_hwaccel_put_tag(skb, proto, pvid);
407 /* Priority-tagged Frame.
408 * At this point, We know that skb->vlan_tci had
409 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
410 * We update only VID field and preserve PCP field.
412 skb->vlan_tci |= pvid;
417 /* Frame had a valid vlan tag. See if vlan is allowed */
418 v = br_vlan_find(vg, *vid);
419 if (v && br_vlan_should_use(v))
426 bool br_allowed_ingress(const struct net_bridge *br,
427 struct net_bridge_vlan_group *vg, struct sk_buff *skb,
430 /* If VLAN filtering is disabled on the bridge, all packets are
433 if (!br->vlan_enabled) {
434 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
438 return __allowed_ingress(vg, br->vlan_proto, skb, vid);
441 /* Called under RCU. */
442 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
443 const struct sk_buff *skb)
445 const struct net_bridge_vlan *v;
448 /* If this packet was not filtered at input, let it pass */
449 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
452 br_vlan_get_tag(skb, &vid);
453 v = br_vlan_find(vg, vid);
454 if (v && br_vlan_should_use(v))
460 /* Called under RCU */
461 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
463 struct net_bridge_vlan_group *vg;
464 struct net_bridge *br = p->br;
466 /* If filtering was disabled at input, let it pass. */
467 if (!br->vlan_enabled)
471 if (!vg || !vg->num_vlans)
474 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
478 *vid = br_get_pvid(vg);
485 if (br_vlan_find(vg, *vid))
491 /* Must be protected by RTNL.
492 * Must be called with vid in range from 1 to 4094 inclusive.
494 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
496 struct net_bridge_vlan *vlan;
501 vlan = br_vlan_find(br->vlgrp, vid);
503 if (!br_vlan_is_brentry(vlan)) {
504 /* Trying to change flags of non-existent bridge vlan */
505 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
507 /* It was only kept for port vlans, now make it real */
508 ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
511 br_err(br, "failed insert local address into bridge forwarding table\n");
514 atomic_inc(&vlan->refcnt);
515 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
516 br->vlgrp->num_vlans++;
518 __vlan_add_flags(vlan, flags);
522 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
527 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
528 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
530 if (flags & BRIDGE_VLAN_INFO_BRENTRY)
531 atomic_set(&vlan->refcnt, 1);
532 ret = __vlan_add(vlan, flags);
539 /* Must be protected by RTNL.
540 * Must be called with vid in range from 1 to 4094 inclusive.
542 int br_vlan_delete(struct net_bridge *br, u16 vid)
544 struct net_bridge_vlan *v;
548 v = br_vlan_find(br->vlgrp, vid);
549 if (!v || !br_vlan_is_brentry(v))
552 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
554 return __vlan_del(v);
557 void br_vlan_flush(struct net_bridge *br)
561 __vlan_flush(br_vlan_group(br));
564 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
569 return br_vlan_lookup(&vg->vlan_hash, vid);
572 /* Must be protected by RTNL. */
573 static void recalculate_group_addr(struct net_bridge *br)
575 if (br->group_addr_set)
578 spin_lock_bh(&br->lock);
579 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
580 /* Bridge Group Address */
581 br->group_addr[5] = 0x00;
582 } else { /* vlan_enabled && ETH_P_8021AD */
583 /* Provider Bridge Group Address */
584 br->group_addr[5] = 0x08;
586 spin_unlock_bh(&br->lock);
589 /* Must be protected by RTNL. */
590 void br_recalculate_fwd_mask(struct net_bridge *br)
592 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
593 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
594 else /* vlan_enabled && ETH_P_8021AD */
595 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
596 ~(1u << br->group_addr[5]);
599 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
601 if (br->vlan_enabled == val)
604 br->vlan_enabled = val;
605 br_manage_promisc(br);
606 recalculate_group_addr(br);
607 br_recalculate_fwd_mask(br);
612 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
615 return restart_syscall();
617 __br_vlan_filter_toggle(br, val);
623 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
626 struct net_bridge_port *p;
627 struct net_bridge_vlan *vlan;
630 if (br->vlan_proto == proto)
633 /* Add VLANs for the new proto to the device filter. */
634 list_for_each_entry(p, &br->port_list, list) {
635 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) {
636 err = vlan_vid_add(p->dev, proto, vlan->vid);
642 oldproto = br->vlan_proto;
643 br->vlan_proto = proto;
645 recalculate_group_addr(br);
646 br_recalculate_fwd_mask(br);
648 /* Delete VLANs for the old proto from the device filter. */
649 list_for_each_entry(p, &br->port_list, list)
650 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
651 vlan_vid_del(p->dev, oldproto, vlan->vid);
656 list_for_each_entry_continue_reverse(vlan, &p->vlgrp->vlan_list, vlist)
657 vlan_vid_del(p->dev, proto, vlan->vid);
659 list_for_each_entry_continue_reverse(p, &br->port_list, list)
660 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
661 vlan_vid_del(p->dev, proto, vlan->vid);
666 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
670 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
671 return -EPROTONOSUPPORT;
674 return restart_syscall();
676 err = __br_vlan_set_proto(br, htons(val));
682 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
684 struct net_bridge_vlan *v;
689 v = br_vlan_lookup(&vg->vlan_hash, vid);
690 if (v && br_vlan_should_use(v) &&
691 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
697 static void br_vlan_disable_default_pvid(struct net_bridge *br)
699 struct net_bridge_port *p;
700 u16 pvid = br->default_pvid;
702 /* Disable default_pvid on all ports where it is still
705 if (vlan_default_pvid(br->vlgrp, pvid))
706 br_vlan_delete(br, pvid);
708 list_for_each_entry(p, &br->port_list, list) {
709 if (vlan_default_pvid(p->vlgrp, pvid))
710 nbp_vlan_delete(p, pvid);
713 br->default_pvid = 0;
716 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
718 const struct net_bridge_vlan *pvent;
719 struct net_bridge_port *p;
722 unsigned long *changed;
724 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
729 old_pvid = br->default_pvid;
731 /* Update default_pvid config only if we do not conflict with
732 * user configuration.
734 pvent = br_vlan_find(br->vlgrp, pvid);
735 if ((!old_pvid || vlan_default_pvid(br->vlgrp, old_pvid)) &&
736 (!pvent || !br_vlan_should_use(pvent))) {
737 err = br_vlan_add(br, pvid,
738 BRIDGE_VLAN_INFO_PVID |
739 BRIDGE_VLAN_INFO_UNTAGGED |
740 BRIDGE_VLAN_INFO_BRENTRY);
743 br_vlan_delete(br, old_pvid);
747 list_for_each_entry(p, &br->port_list, list) {
748 /* Update default_pvid config only if we do not conflict with
749 * user configuration.
752 !vlan_default_pvid(p->vlgrp, old_pvid)) ||
753 br_vlan_find(p->vlgrp, pvid))
756 err = nbp_vlan_add(p, pvid,
757 BRIDGE_VLAN_INFO_PVID |
758 BRIDGE_VLAN_INFO_UNTAGGED);
761 nbp_vlan_delete(p, old_pvid);
762 set_bit(p->port_no, changed);
765 br->default_pvid = pvid;
772 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
773 if (!test_bit(p->port_no, changed))
777 nbp_vlan_add(p, old_pvid,
778 BRIDGE_VLAN_INFO_PVID |
779 BRIDGE_VLAN_INFO_UNTAGGED);
780 nbp_vlan_delete(p, pvid);
783 if (test_bit(0, changed)) {
785 br_vlan_add(br, old_pvid,
786 BRIDGE_VLAN_INFO_PVID |
787 BRIDGE_VLAN_INFO_UNTAGGED |
788 BRIDGE_VLAN_INFO_BRENTRY);
789 br_vlan_delete(br, pvid);
794 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
799 if (val >= VLAN_VID_MASK)
803 return restart_syscall();
805 if (pvid == br->default_pvid)
808 /* Only allow default pvid change when filtering is disabled */
809 if (br->vlan_enabled) {
810 pr_info_once("Please disable vlan filtering to change default_pvid\n");
816 br_vlan_disable_default_pvid(br);
818 err = __br_vlan_set_default_pvid(br, pvid);
825 int br_vlan_init(struct net_bridge *br)
829 br->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
832 ret = rhashtable_init(&br->vlgrp->vlan_hash, &br_vlan_rht_params);
835 INIT_LIST_HEAD(&br->vlgrp->vlan_list);
836 br->vlan_proto = htons(ETH_P_8021Q);
837 br->default_pvid = 1;
838 ret = br_vlan_add(br, 1,
839 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
840 BRIDGE_VLAN_INFO_BRENTRY);
848 rhashtable_destroy(&br->vlgrp->vlan_hash);
855 int nbp_vlan_init(struct net_bridge_port *p)
857 struct net_bridge_vlan_group *vg;
860 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
864 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
867 INIT_LIST_HEAD(&vg->vlan_list);
868 /* Make sure everything's committed before publishing vg */
871 if (p->br->default_pvid) {
872 ret = nbp_vlan_add(p, p->br->default_pvid,
873 BRIDGE_VLAN_INFO_PVID |
874 BRIDGE_VLAN_INFO_UNTAGGED);
882 rhashtable_destroy(&vg->vlan_hash);
889 /* Must be protected by RTNL.
890 * Must be called with vid in range from 1 to 4094 inclusive.
892 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
894 struct net_bridge_vlan *vlan;
899 vlan = br_vlan_find(port->vlgrp, vid);
901 __vlan_add_flags(vlan, flags);
905 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
911 ret = __vlan_add(vlan, flags);
918 /* Must be protected by RTNL.
919 * Must be called with vid in range from 1 to 4094 inclusive.
921 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
923 struct net_bridge_vlan *v;
927 v = br_vlan_find(port->vlgrp, vid);
930 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
931 br_fdb_delete_by_port(port->br, port, vid, 0);
933 return __vlan_del(v);
936 void nbp_vlan_flush(struct net_bridge_port *port)
938 struct net_bridge_vlan *vlan;
942 list_for_each_entry(vlan, &port->vlgrp->vlan_list, vlist)
943 vlan_vid_del(port->dev, port->br->vlan_proto, vlan->vid);
945 __vlan_flush(nbp_vlan_group(port));
projects / firefly-linux-kernel-4.4.55.git / blob