1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
7 #include "br_private.h"
9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
12 const struct net_bridge_vlan *vle = ptr;
13 u16 vid = *(u16 *)arg->key;
15 return vle->vid != vid;
18 static const struct rhashtable_params br_vlan_rht_params = {
19 .head_offset = offsetof(struct net_bridge_vlan, vnode),
20 .key_offset = offsetof(struct net_bridge_vlan, vid),
21 .key_len = sizeof(u16),
22 .max_size = VLAN_N_VID,
23 .obj_cmpfn = br_vlan_cmp,
24 .automatic_shrinking = true,
27 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
29 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
32 static void __vlan_add_pvid(u16 *pvid, u16 vid)
41 static void __vlan_delete_pvid(u16 *pvid, u16 vid)
50 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
52 if (flags & BRIDGE_VLAN_INFO_PVID) {
53 if (br_vlan_is_master(v))
54 __vlan_add_pvid(&v->br->pvid, v->vid);
56 __vlan_add_pvid(&v->port->pvid, v->vid);
58 if (br_vlan_is_master(v))
59 __vlan_delete_pvid(&v->br->pvid, v->vid);
61 __vlan_delete_pvid(&v->port->pvid, v->vid);
64 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
65 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
67 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
70 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
73 const struct net_device_ops *ops = dev->netdev_ops;
76 /* If driver uses VLAN ndo ops, use 8021q to install vid
77 * on device, otherwise try switchdev ops to install vid.
80 if (ops->ndo_vlan_rx_add_vid) {
81 err = vlan_vid_add(dev, br->vlan_proto, vid);
83 struct switchdev_obj_vlan v = {
89 err = switchdev_port_obj_add(dev, SWITCHDEV_OBJ_PORT_VLAN, &v);
90 if (err == -EOPNOTSUPP)
97 static void __vlan_add_list(struct net_bridge_vlan *v)
99 struct list_head *headp, *hpos;
100 struct net_bridge_vlan *vent;
102 headp = br_vlan_is_master(v) ? &v->br->vlgrp->vlan_list :
103 &v->port->vlgrp->vlan_list;
104 list_for_each_prev(hpos, headp) {
105 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
106 if (v->vid < vent->vid)
111 list_add(&v->vlist, hpos);
114 static void __vlan_del_list(struct net_bridge_vlan *v)
119 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
122 const struct net_device_ops *ops = dev->netdev_ops;
125 /* If driver uses VLAN ndo ops, use 8021q to delete vid
126 * on device, otherwise try switchdev ops to delete vid.
129 if (ops->ndo_vlan_rx_kill_vid) {
130 vlan_vid_del(dev, br->vlan_proto, vid);
132 struct switchdev_obj_vlan v = {
137 err = switchdev_port_obj_del(dev, SWITCHDEV_OBJ_PORT_VLAN, &v);
138 if (err == -EOPNOTSUPP)
145 /* This is the shared VLAN add function which works for both ports and bridge
146 * devices. There are four possible calls to this function in terms of the
148 * 1. vlan is being added on a port (no master flags, global entry exists)
149 * 2. vlan is being added on a bridge (both master and brvlan flags)
150 * 3. vlan is being added on a port, but a global entry didn't exist which
151 * is being created right now (master flag set, brvlan flag unset), the
152 * global entry is used for global per-vlan features, but not for filtering
153 * 4. same as 3 but with both master and brvlan flags set so the entry
154 * will be used for filtering in both the port and the bridge
156 static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
158 struct net_bridge_vlan *masterv = NULL;
159 struct net_bridge_port *p = NULL;
160 struct rhashtable *tbl;
161 struct net_device *dev;
162 struct net_bridge *br;
165 if (br_vlan_is_master(v)) {
168 tbl = &br->vlgrp->vlan_hash;
173 tbl = &p->vlgrp->vlan_hash;
177 u16 master_flags = flags;
179 /* Add VLAN to the device filter if it is supported.
180 * This ensures tagged traffic enters the bridge when
181 * promiscuous mode is disabled by br_manage_promisc().
183 err = __vlan_vid_add(dev, br, v->vid, flags);
187 /* need to work on the master vlan too */
188 if (flags & BRIDGE_VLAN_INFO_MASTER) {
189 master_flags |= BRIDGE_VLAN_INFO_BRENTRY;
190 err = br_vlan_add(br, v->vid, master_flags);
195 masterv = br_vlan_find(br->vlgrp, v->vid);
197 /* missing global ctx, create it now */
198 err = br_vlan_add(br, v->vid, master_flags);
201 masterv = br_vlan_find(br->vlgrp, v->vid);
204 atomic_inc(&masterv->refcnt);
208 /* Add the dev mac only if it's a usable vlan */
209 if (br_vlan_should_use(v)) {
210 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
212 br_err(br, "failed insert local address into bridge forwarding table\n");
217 err = rhashtable_lookup_insert_fast(tbl, &v->vnode, br_vlan_rht_params);
222 __vlan_add_flags(v, flags);
223 if (br_vlan_is_master(v)) {
224 if (br_vlan_is_brentry(v))
225 br->vlgrp->num_vlans++;
227 p->vlgrp->num_vlans++;
233 br_fdb_find_delete_local(br, p, br->dev->dev_addr, v->vid);
237 __vlan_vid_del(dev, br, v->vid);
239 atomic_dec(&masterv->refcnt);
247 static int __vlan_del(struct net_bridge_vlan *v)
249 struct net_bridge_vlan *masterv = v;
250 struct net_bridge_port *p = NULL;
251 struct net_bridge *br;
253 struct rhashtable *tbl;
256 if (br_vlan_is_master(v)) {
258 tbl = &v->br->vlgrp->vlan_hash;
263 tbl = &p->vlgrp->vlan_hash;
268 __vlan_delete_pvid(pvid, v->vid);
270 err = __vlan_vid_del(p->dev, p->br, v->vid);
275 if (br_vlan_is_master(v)) {
276 if (br_vlan_is_brentry(v)) {
277 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
278 br->vlgrp->num_vlans--;
281 p->vlgrp->num_vlans--;
285 rhashtable_remove_fast(tbl, &v->vnode, br_vlan_rht_params);
290 if (atomic_dec_and_test(&masterv->refcnt)) {
291 rhashtable_remove_fast(&masterv->br->vlgrp->vlan_hash,
292 &masterv->vnode, br_vlan_rht_params);
293 __vlan_del_list(masterv);
294 kfree_rcu(masterv, rcu);
300 static void __vlan_flush(struct net_bridge_vlan_group *vlgrp, u16 *pvid)
302 struct net_bridge_vlan *vlan, *tmp;
304 __vlan_delete_pvid(pvid, *pvid);
305 list_for_each_entry_safe(vlan, tmp, &vlgrp->vlan_list, vlist)
307 rhashtable_destroy(&vlgrp->vlan_hash);
311 struct sk_buff *br_handle_vlan(struct net_bridge *br,
312 struct net_bridge_vlan_group *vg,
315 struct net_bridge_vlan *v;
318 /* If this packet was not filtered at input, let it pass */
319 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
322 /* At this point, we know that the frame was filtered and contains
323 * a valid vlan id. If the vlan id has untagged flag set,
324 * send untagged; otherwise, send tagged.
326 br_vlan_get_tag(skb, &vid);
327 v = br_vlan_find(vg, vid);
328 /* Vlan entry must be configured at this point. The
329 * only exception is the bridge is set in promisc mode and the
330 * packet is destined for the bridge device. In this case
331 * pass the packet as is.
333 if (!v || !br_vlan_should_use(v)) {
334 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
341 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
348 /* Called under RCU */
349 static bool __allowed_ingress(struct rhashtable *tbl, u16 pvid, __be16 proto,
350 struct sk_buff *skb, u16 *vid)
352 const struct net_bridge_vlan *v;
355 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
356 /* If vlan tx offload is disabled on bridge device and frame was
357 * sent from vlan device on the bridge device, it does not have
358 * HW accelerated vlan tag.
360 if (unlikely(!skb_vlan_tag_present(skb) &&
361 skb->protocol == proto)) {
362 skb = skb_vlan_untag(skb);
367 if (!br_vlan_get_tag(skb, vid)) {
369 if (skb->vlan_proto != proto) {
370 /* Protocol-mismatch, empty out vlan_tci for new tag */
371 skb_push(skb, ETH_HLEN);
372 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
373 skb_vlan_tag_get(skb));
377 skb_pull(skb, ETH_HLEN);
378 skb_reset_mac_len(skb);
390 /* Frame had a tag with VID 0 or did not have a tag.
391 * See if pvid is set on this port. That tells us which
392 * vlan untagged or priority-tagged traffic belongs to.
397 /* PVID is set on this port. Any untagged or priority-tagged
398 * ingress frame is considered to belong to this vlan.
402 /* Untagged Frame. */
403 __vlan_hwaccel_put_tag(skb, proto, pvid);
405 /* Priority-tagged Frame.
406 * At this point, We know that skb->vlan_tci had
407 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
408 * We update only VID field and preserve PCP field.
410 skb->vlan_tci |= pvid;
415 /* Frame had a valid vlan tag. See if vlan is allowed */
416 v = br_vlan_lookup(tbl, *vid);
417 if (v && br_vlan_should_use(v))
424 bool br_allowed_ingress(struct net_bridge *br, struct sk_buff *skb, u16 *vid)
426 /* If VLAN filtering is disabled on the bridge, all packets are
429 if (!br->vlan_enabled) {
430 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
434 return __allowed_ingress(&br->vlgrp->vlan_hash, br->pvid,
435 br->vlan_proto, skb, vid);
438 bool nbp_allowed_ingress(struct net_bridge_port *p, struct sk_buff *skb,
441 struct net_bridge *br = p->br;
443 /* If VLAN filtering is disabled on the bridge, all packets are
446 if (!br->vlan_enabled) {
447 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
451 return __allowed_ingress(&p->vlgrp->vlan_hash, p->pvid, br->vlan_proto,
455 /* Called under RCU. */
456 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
457 const struct sk_buff *skb)
459 const struct net_bridge_vlan *v;
462 /* If this packet was not filtered at input, let it pass */
463 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
466 br_vlan_get_tag(skb, &vid);
467 v = br_vlan_find(vg, vid);
468 if (v && br_vlan_should_use(v))
474 /* Called under RCU */
475 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
477 struct net_bridge *br = p->br;
479 /* If filtering was disabled at input, let it pass. */
480 if (!br->vlan_enabled)
483 if (!p->vlgrp->num_vlans)
486 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
490 *vid = nbp_get_pvid(p);
497 if (br_vlan_find(p->vlgrp, *vid))
503 /* Must be protected by RTNL.
504 * Must be called with vid in range from 1 to 4094 inclusive.
506 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
508 struct net_bridge_vlan *vlan;
513 vlan = br_vlan_find(br->vlgrp, vid);
515 if (!br_vlan_is_brentry(vlan)) {
516 /* Trying to change flags of non-existent bridge vlan */
517 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
519 /* It was only kept for port vlans, now make it real */
520 ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
523 br_err(br, "failed insert local address into bridge forwarding table\n");
526 atomic_inc(&vlan->refcnt);
527 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
528 br->vlgrp->num_vlans++;
530 __vlan_add_flags(vlan, flags);
534 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
539 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
540 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
542 if (flags & BRIDGE_VLAN_INFO_BRENTRY)
543 atomic_set(&vlan->refcnt, 1);
544 ret = __vlan_add(vlan, flags);
551 /* Must be protected by RTNL.
552 * Must be called with vid in range from 1 to 4094 inclusive.
554 int br_vlan_delete(struct net_bridge *br, u16 vid)
556 struct net_bridge_vlan *v;
560 v = br_vlan_find(br->vlgrp, vid);
561 if (!v || !br_vlan_is_brentry(v))
564 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
566 return __vlan_del(v);
569 void br_vlan_flush(struct net_bridge *br)
573 __vlan_flush(br_vlan_group(br), &br->pvid);
576 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
581 return br_vlan_lookup(&vg->vlan_hash, vid);
584 /* Must be protected by RTNL. */
585 static void recalculate_group_addr(struct net_bridge *br)
587 if (br->group_addr_set)
590 spin_lock_bh(&br->lock);
591 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
592 /* Bridge Group Address */
593 br->group_addr[5] = 0x00;
594 } else { /* vlan_enabled && ETH_P_8021AD */
595 /* Provider Bridge Group Address */
596 br->group_addr[5] = 0x08;
598 spin_unlock_bh(&br->lock);
601 /* Must be protected by RTNL. */
602 void br_recalculate_fwd_mask(struct net_bridge *br)
604 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
605 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
606 else /* vlan_enabled && ETH_P_8021AD */
607 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
608 ~(1u << br->group_addr[5]);
611 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
613 if (br->vlan_enabled == val)
616 br->vlan_enabled = val;
617 br_manage_promisc(br);
618 recalculate_group_addr(br);
619 br_recalculate_fwd_mask(br);
624 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
627 return restart_syscall();
629 __br_vlan_filter_toggle(br, val);
635 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
638 struct net_bridge_port *p;
639 struct net_bridge_vlan *vlan;
642 if (br->vlan_proto == proto)
645 /* Add VLANs for the new proto to the device filter. */
646 list_for_each_entry(p, &br->port_list, list) {
647 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) {
648 err = vlan_vid_add(p->dev, proto, vlan->vid);
654 oldproto = br->vlan_proto;
655 br->vlan_proto = proto;
657 recalculate_group_addr(br);
658 br_recalculate_fwd_mask(br);
660 /* Delete VLANs for the old proto from the device filter. */
661 list_for_each_entry(p, &br->port_list, list)
662 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
663 vlan_vid_del(p->dev, oldproto, vlan->vid);
668 list_for_each_entry_continue_reverse(vlan, &p->vlgrp->vlan_list, vlist)
669 vlan_vid_del(p->dev, proto, vlan->vid);
671 list_for_each_entry_continue_reverse(p, &br->port_list, list)
672 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
673 vlan_vid_del(p->dev, proto, vlan->vid);
678 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
682 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
683 return -EPROTONOSUPPORT;
686 return restart_syscall();
688 err = __br_vlan_set_proto(br, htons(val));
694 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 pvid,
697 struct net_bridge_vlan *v;
702 v = br_vlan_lookup(&vg->vlan_hash, vid);
703 if (v && br_vlan_should_use(v) &&
704 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
710 static void br_vlan_disable_default_pvid(struct net_bridge *br)
712 struct net_bridge_port *p;
713 u16 pvid = br->default_pvid;
715 /* Disable default_pvid on all ports where it is still
718 if (vlan_default_pvid(br->vlgrp, br->pvid, pvid))
719 br_vlan_delete(br, pvid);
721 list_for_each_entry(p, &br->port_list, list) {
722 if (vlan_default_pvid(p->vlgrp, p->pvid, pvid))
723 nbp_vlan_delete(p, pvid);
726 br->default_pvid = 0;
729 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
731 const struct net_bridge_vlan *pvent;
732 struct net_bridge_port *p;
735 unsigned long *changed;
737 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
742 old_pvid = br->default_pvid;
744 /* Update default_pvid config only if we do not conflict with
745 * user configuration.
747 pvent = br_vlan_find(br->vlgrp, pvid);
748 if ((!old_pvid || vlan_default_pvid(br->vlgrp, br->pvid, old_pvid)) &&
749 (!pvent || !br_vlan_should_use(pvent))) {
750 err = br_vlan_add(br, pvid,
751 BRIDGE_VLAN_INFO_PVID |
752 BRIDGE_VLAN_INFO_UNTAGGED |
753 BRIDGE_VLAN_INFO_BRENTRY);
756 br_vlan_delete(br, old_pvid);
760 list_for_each_entry(p, &br->port_list, list) {
761 /* Update default_pvid config only if we do not conflict with
762 * user configuration.
765 !vlan_default_pvid(p->vlgrp, p->pvid, old_pvid)) ||
766 br_vlan_find(p->vlgrp, pvid))
769 err = nbp_vlan_add(p, pvid,
770 BRIDGE_VLAN_INFO_PVID |
771 BRIDGE_VLAN_INFO_UNTAGGED);
774 nbp_vlan_delete(p, old_pvid);
775 set_bit(p->port_no, changed);
778 br->default_pvid = pvid;
785 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
786 if (!test_bit(p->port_no, changed))
790 nbp_vlan_add(p, old_pvid,
791 BRIDGE_VLAN_INFO_PVID |
792 BRIDGE_VLAN_INFO_UNTAGGED);
793 nbp_vlan_delete(p, pvid);
796 if (test_bit(0, changed)) {
798 br_vlan_add(br, old_pvid,
799 BRIDGE_VLAN_INFO_PVID |
800 BRIDGE_VLAN_INFO_UNTAGGED |
801 BRIDGE_VLAN_INFO_BRENTRY);
802 br_vlan_delete(br, pvid);
807 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
812 if (val >= VLAN_VID_MASK)
816 return restart_syscall();
818 if (pvid == br->default_pvid)
821 /* Only allow default pvid change when filtering is disabled */
822 if (br->vlan_enabled) {
823 pr_info_once("Please disable vlan filtering to change default_pvid\n");
829 br_vlan_disable_default_pvid(br);
831 err = __br_vlan_set_default_pvid(br, pvid);
838 int br_vlan_init(struct net_bridge *br)
842 br->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
845 ret = rhashtable_init(&br->vlgrp->vlan_hash, &br_vlan_rht_params);
848 INIT_LIST_HEAD(&br->vlgrp->vlan_list);
849 br->vlan_proto = htons(ETH_P_8021Q);
850 br->default_pvid = 1;
851 ret = br_vlan_add(br, 1,
852 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
853 BRIDGE_VLAN_INFO_BRENTRY);
861 rhashtable_destroy(&br->vlgrp->vlan_hash);
868 int nbp_vlan_init(struct net_bridge_port *p)
872 p->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
876 ret = rhashtable_init(&p->vlgrp->vlan_hash, &br_vlan_rht_params);
879 INIT_LIST_HEAD(&p->vlgrp->vlan_list);
880 if (p->br->default_pvid) {
881 ret = nbp_vlan_add(p, p->br->default_pvid,
882 BRIDGE_VLAN_INFO_PVID |
883 BRIDGE_VLAN_INFO_UNTAGGED);
891 rhashtable_destroy(&p->vlgrp->vlan_hash);
898 /* Must be protected by RTNL.
899 * Must be called with vid in range from 1 to 4094 inclusive.
901 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
903 struct net_bridge_vlan *vlan;
908 vlan = br_vlan_find(port->vlgrp, vid);
910 __vlan_add_flags(vlan, flags);
914 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
920 ret = __vlan_add(vlan, flags);
927 /* Must be protected by RTNL.
928 * Must be called with vid in range from 1 to 4094 inclusive.
930 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
932 struct net_bridge_vlan *v;
936 v = br_vlan_find(port->vlgrp, vid);
939 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
940 br_fdb_delete_by_port(port->br, port, vid, 0);
942 return __vlan_del(v);
945 void nbp_vlan_flush(struct net_bridge_port *port)
947 struct net_bridge_vlan *vlan;
951 list_for_each_entry(vlan, &port->vlgrp->vlan_list, vlist)
952 vlan_vid_del(port->dev, port->br->vlan_proto, vlan->vid);
954 __vlan_flush(nbp_vlan_group(port), &port->pvid);
projects / firefly-linux-kernel-4.4.55.git / blob