Loading...
Note: File does not exist in v3.1.
1#include <linux/kernel.h>
2#include <linux/netdevice.h>
3#include <linux/rtnetlink.h>
4#include <linux/slab.h>
5#include <net/switchdev.h>
6
7#include "br_private.h"
8#include "br_private_tunnel.h"
9
10static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
11 const void *ptr)
12{
13 const struct net_bridge_vlan *vle = ptr;
14 u16 vid = *(u16 *)arg->key;
15
16 return vle->vid != vid;
17}
18
19static const struct rhashtable_params br_vlan_rht_params = {
20 .head_offset = offsetof(struct net_bridge_vlan, vnode),
21 .key_offset = offsetof(struct net_bridge_vlan, vid),
22 .key_len = sizeof(u16),
23 .nelem_hint = 3,
24 .locks_mul = 1,
25 .max_size = VLAN_N_VID,
26 .obj_cmpfn = br_vlan_cmp,
27 .automatic_shrinking = true,
28};
29
30static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
31{
32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
33}
34
35static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
36{
37 if (vg->pvid == vid)
38 return false;
39
40 smp_wmb();
41 vg->pvid = vid;
42
43 return true;
44}
45
46static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
47{
48 if (vg->pvid != vid)
49 return false;
50
51 smp_wmb();
52 vg->pvid = 0;
53
54 return true;
55}
56
57/* return true if anything changed, false otherwise */
58static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
59{
60 struct net_bridge_vlan_group *vg;
61 u16 old_flags = v->flags;
62 bool ret;
63
64 if (br_vlan_is_master(v))
65 vg = br_vlan_group(v->br);
66 else
67 vg = nbp_vlan_group(v->port);
68
69 if (flags & BRIDGE_VLAN_INFO_PVID)
70 ret = __vlan_add_pvid(vg, v->vid);
71 else
72 ret = __vlan_delete_pvid(vg, v->vid);
73
74 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
75 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
76 else
77 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
78
79 return ret || !!(old_flags ^ v->flags);
80}
81
82static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
83 u16 vid, u16 flags)
84{
85 struct switchdev_obj_port_vlan v = {
86 .obj.orig_dev = dev,
87 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
88 .flags = flags,
89 .vid_begin = vid,
90 .vid_end = vid,
91 };
92 int err;
93
94 /* Try switchdev op first. In case it is not supported, fallback to
95 * 8021q add.
96 */
97 err = switchdev_port_obj_add(dev, &v.obj);
98 if (err == -EOPNOTSUPP)
99 return vlan_vid_add(dev, br->vlan_proto, vid);
100 return err;
101}
102
103static void __vlan_add_list(struct net_bridge_vlan *v)
104{
105 struct net_bridge_vlan_group *vg;
106 struct list_head *headp, *hpos;
107 struct net_bridge_vlan *vent;
108
109 if (br_vlan_is_master(v))
110 vg = br_vlan_group(v->br);
111 else
112 vg = nbp_vlan_group(v->port);
113
114 headp = &vg->vlan_list;
115 list_for_each_prev(hpos, headp) {
116 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
117 if (v->vid < vent->vid)
118 continue;
119 else
120 break;
121 }
122 list_add_rcu(&v->vlist, hpos);
123}
124
125static void __vlan_del_list(struct net_bridge_vlan *v)
126{
127 list_del_rcu(&v->vlist);
128}
129
130static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
131 u16 vid)
132{
133 struct switchdev_obj_port_vlan v = {
134 .obj.orig_dev = dev,
135 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
136 .vid_begin = vid,
137 .vid_end = vid,
138 };
139 int err;
140
141 /* Try switchdev op first. In case it is not supported, fallback to
142 * 8021q del.
143 */
144 err = switchdev_port_obj_del(dev, &v.obj);
145 if (err == -EOPNOTSUPP) {
146 vlan_vid_del(dev, br->vlan_proto, vid);
147 return 0;
148 }
149 return err;
150}
151
152/* Returns a master vlan, if it didn't exist it gets created. In all cases a
153 * a reference is taken to the master vlan before returning.
154 */
155static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
156{
157 struct net_bridge_vlan_group *vg;
158 struct net_bridge_vlan *masterv;
159
160 vg = br_vlan_group(br);
161 masterv = br_vlan_find(vg, vid);
162 if (!masterv) {
163 bool changed;
164
165 /* missing global ctx, create it now */
166 if (br_vlan_add(br, vid, 0, &changed))
167 return NULL;
168 masterv = br_vlan_find(vg, vid);
169 if (WARN_ON(!masterv))
170 return NULL;
171 refcount_set(&masterv->refcnt, 1);
172 return masterv;
173 }
174 refcount_inc(&masterv->refcnt);
175
176 return masterv;
177}
178
179static void br_master_vlan_rcu_free(struct rcu_head *rcu)
180{
181 struct net_bridge_vlan *v;
182
183 v = container_of(rcu, struct net_bridge_vlan, rcu);
184 WARN_ON(!br_vlan_is_master(v));
185 free_percpu(v->stats);
186 v->stats = NULL;
187 kfree(v);
188}
189
190static void br_vlan_put_master(struct net_bridge_vlan *masterv)
191{
192 struct net_bridge_vlan_group *vg;
193
194 if (!br_vlan_is_master(masterv))
195 return;
196
197 vg = br_vlan_group(masterv->br);
198 if (refcount_dec_and_test(&masterv->refcnt)) {
199 rhashtable_remove_fast(&vg->vlan_hash,
200 &masterv->vnode, br_vlan_rht_params);
201 __vlan_del_list(masterv);
202 call_rcu(&masterv->rcu, br_master_vlan_rcu_free);
203 }
204}
205
206/* This is the shared VLAN add function which works for both ports and bridge
207 * devices. There are four possible calls to this function in terms of the
208 * vlan entry type:
209 * 1. vlan is being added on a port (no master flags, global entry exists)
210 * 2. vlan is being added on a bridge (both master and brentry flags)
211 * 3. vlan is being added on a port, but a global entry didn't exist which
212 * is being created right now (master flag set, brentry flag unset), the
213 * global entry is used for global per-vlan features, but not for filtering
214 * 4. same as 3 but with both master and brentry flags set so the entry
215 * will be used for filtering in both the port and the bridge
216 */
217static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
218{
219 struct net_bridge_vlan *masterv = NULL;
220 struct net_bridge_port *p = NULL;
221 struct net_bridge_vlan_group *vg;
222 struct net_device *dev;
223 struct net_bridge *br;
224 int err;
225
226 if (br_vlan_is_master(v)) {
227 br = v->br;
228 dev = br->dev;
229 vg = br_vlan_group(br);
230 } else {
231 p = v->port;
232 br = p->br;
233 dev = p->dev;
234 vg = nbp_vlan_group(p);
235 }
236
237 if (p) {
238 /* Add VLAN to the device filter if it is supported.
239 * This ensures tagged traffic enters the bridge when
240 * promiscuous mode is disabled by br_manage_promisc().
241 */
242 err = __vlan_vid_add(dev, br, v->vid, flags);
243 if (err)
244 goto out;
245
246 /* need to work on the master vlan too */
247 if (flags & BRIDGE_VLAN_INFO_MASTER) {
248 bool changed;
249
250 err = br_vlan_add(br, v->vid,
251 flags | BRIDGE_VLAN_INFO_BRENTRY,
252 &changed);
253 if (err)
254 goto out_filt;
255 }
256
257 masterv = br_vlan_get_master(br, v->vid);
258 if (!masterv)
259 goto out_filt;
260 v->brvlan = masterv;
261 v->stats = masterv->stats;
262 }
263
264 /* Add the dev mac and count the vlan only if it's usable */
265 if (br_vlan_should_use(v)) {
266 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
267 if (err) {
268 br_err(br, "failed insert local address into bridge forwarding table\n");
269 goto out_filt;
270 }
271 vg->num_vlans++;
272 }
273
274 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
275 br_vlan_rht_params);
276 if (err)
277 goto out_fdb_insert;
278
279 __vlan_add_list(v);
280 __vlan_add_flags(v, flags);
281out:
282 return err;
283
284out_fdb_insert:
285 if (br_vlan_should_use(v)) {
286 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
287 vg->num_vlans--;
288 }
289
290out_filt:
291 if (p) {
292 __vlan_vid_del(dev, br, v->vid);
293 if (masterv) {
294 br_vlan_put_master(masterv);
295 v->brvlan = NULL;
296 }
297 }
298
299 goto out;
300}
301
302static int __vlan_del(struct net_bridge_vlan *v)
303{
304 struct net_bridge_vlan *masterv = v;
305 struct net_bridge_vlan_group *vg;
306 struct net_bridge_port *p = NULL;
307 int err = 0;
308
309 if (br_vlan_is_master(v)) {
310 vg = br_vlan_group(v->br);
311 } else {
312 p = v->port;
313 vg = nbp_vlan_group(v->port);
314 masterv = v->brvlan;
315 }
316
317 __vlan_delete_pvid(vg, v->vid);
318 if (p) {
319 err = __vlan_vid_del(p->dev, p->br, v->vid);
320 if (err)
321 goto out;
322 }
323
324 if (br_vlan_should_use(v)) {
325 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
326 vg->num_vlans--;
327 }
328
329 if (masterv != v) {
330 vlan_tunnel_info_del(vg, v);
331 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
332 br_vlan_rht_params);
333 __vlan_del_list(v);
334 kfree_rcu(v, rcu);
335 }
336
337 br_vlan_put_master(masterv);
338out:
339 return err;
340}
341
342static void __vlan_group_free(struct net_bridge_vlan_group *vg)
343{
344 WARN_ON(!list_empty(&vg->vlan_list));
345 rhashtable_destroy(&vg->vlan_hash);
346 vlan_tunnel_deinit(vg);
347 kfree(vg);
348}
349
350static void __vlan_flush(struct net_bridge_vlan_group *vg)
351{
352 struct net_bridge_vlan *vlan, *tmp;
353
354 __vlan_delete_pvid(vg, vg->pvid);
355 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
356 __vlan_del(vlan);
357}
358
359struct sk_buff *br_handle_vlan(struct net_bridge *br,
360 const struct net_bridge_port *p,
361 struct net_bridge_vlan_group *vg,
362 struct sk_buff *skb)
363{
364 struct br_vlan_stats *stats;
365 struct net_bridge_vlan *v;
366 u16 vid;
367
368 /* If this packet was not filtered at input, let it pass */
369 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
370 goto out;
371
372 /* At this point, we know that the frame was filtered and contains
373 * a valid vlan id. If the vlan id has untagged flag set,
374 * send untagged; otherwise, send tagged.
375 */
376 br_vlan_get_tag(skb, &vid);
377 v = br_vlan_find(vg, vid);
378 /* Vlan entry must be configured at this point. The
379 * only exception is the bridge is set in promisc mode and the
380 * packet is destined for the bridge device. In this case
381 * pass the packet as is.
382 */
383 if (!v || !br_vlan_should_use(v)) {
384 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
385 goto out;
386 } else {
387 kfree_skb(skb);
388 return NULL;
389 }
390 }
391 if (br->vlan_stats_enabled) {
392 stats = this_cpu_ptr(v->stats);
393 u64_stats_update_begin(&stats->syncp);
394 stats->tx_bytes += skb->len;
395 stats->tx_packets++;
396 u64_stats_update_end(&stats->syncp);
397 }
398
399 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
400 skb->vlan_tci = 0;
401
402 if (p && (p->flags & BR_VLAN_TUNNEL) &&
403 br_handle_egress_vlan_tunnel(skb, v)) {
404 kfree_skb(skb);
405 return NULL;
406 }
407out:
408 return skb;
409}
410
411/* Called under RCU */
412static bool __allowed_ingress(const struct net_bridge *br,
413 struct net_bridge_vlan_group *vg,
414 struct sk_buff *skb, u16 *vid)
415{
416 struct br_vlan_stats *stats;
417 struct net_bridge_vlan *v;
418 bool tagged;
419
420 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
421 /* If vlan tx offload is disabled on bridge device and frame was
422 * sent from vlan device on the bridge device, it does not have
423 * HW accelerated vlan tag.
424 */
425 if (unlikely(!skb_vlan_tag_present(skb) &&
426 skb->protocol == br->vlan_proto)) {
427 skb = skb_vlan_untag(skb);
428 if (unlikely(!skb))
429 return false;
430 }
431
432 if (!br_vlan_get_tag(skb, vid)) {
433 /* Tagged frame */
434 if (skb->vlan_proto != br->vlan_proto) {
435 /* Protocol-mismatch, empty out vlan_tci for new tag */
436 skb_push(skb, ETH_HLEN);
437 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
438 skb_vlan_tag_get(skb));
439 if (unlikely(!skb))
440 return false;
441
442 skb_pull(skb, ETH_HLEN);
443 skb_reset_mac_len(skb);
444 *vid = 0;
445 tagged = false;
446 } else {
447 tagged = true;
448 }
449 } else {
450 /* Untagged frame */
451 tagged = false;
452 }
453
454 if (!*vid) {
455 u16 pvid = br_get_pvid(vg);
456
457 /* Frame had a tag with VID 0 or did not have a tag.
458 * See if pvid is set on this port. That tells us which
459 * vlan untagged or priority-tagged traffic belongs to.
460 */
461 if (!pvid)
462 goto drop;
463
464 /* PVID is set on this port. Any untagged or priority-tagged
465 * ingress frame is considered to belong to this vlan.
466 */
467 *vid = pvid;
468 if (likely(!tagged))
469 /* Untagged Frame. */
470 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid);
471 else
472 /* Priority-tagged Frame.
473 * At this point, We know that skb->vlan_tci had
474 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
475 * We update only VID field and preserve PCP field.
476 */
477 skb->vlan_tci |= pvid;
478
479 /* if stats are disabled we can avoid the lookup */
480 if (!br->vlan_stats_enabled)
481 return true;
482 }
483 v = br_vlan_find(vg, *vid);
484 if (!v || !br_vlan_should_use(v))
485 goto drop;
486
487 if (br->vlan_stats_enabled) {
488 stats = this_cpu_ptr(v->stats);
489 u64_stats_update_begin(&stats->syncp);
490 stats->rx_bytes += skb->len;
491 stats->rx_packets++;
492 u64_stats_update_end(&stats->syncp);
493 }
494
495 return true;
496
497drop:
498 kfree_skb(skb);
499 return false;
500}
501
502bool br_allowed_ingress(const struct net_bridge *br,
503 struct net_bridge_vlan_group *vg, struct sk_buff *skb,
504 u16 *vid)
505{
506 /* If VLAN filtering is disabled on the bridge, all packets are
507 * permitted.
508 */
509 if (!br->vlan_enabled) {
510 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
511 return true;
512 }
513
514 return __allowed_ingress(br, vg, skb, vid);
515}
516
517/* Called under RCU. */
518bool br_allowed_egress(struct net_bridge_vlan_group *vg,
519 const struct sk_buff *skb)
520{
521 const struct net_bridge_vlan *v;
522 u16 vid;
523
524 /* If this packet was not filtered at input, let it pass */
525 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
526 return true;
527
528 br_vlan_get_tag(skb, &vid);
529 v = br_vlan_find(vg, vid);
530 if (v && br_vlan_should_use(v))
531 return true;
532
533 return false;
534}
535
536/* Called under RCU */
537bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
538{
539 struct net_bridge_vlan_group *vg;
540 struct net_bridge *br = p->br;
541
542 /* If filtering was disabled at input, let it pass. */
543 if (!br->vlan_enabled)
544 return true;
545
546 vg = nbp_vlan_group_rcu(p);
547 if (!vg || !vg->num_vlans)
548 return false;
549
550 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
551 *vid = 0;
552
553 if (!*vid) {
554 *vid = br_get_pvid(vg);
555 if (!*vid)
556 return false;
557
558 return true;
559 }
560
561 if (br_vlan_find(vg, *vid))
562 return true;
563
564 return false;
565}
566
567/* Must be protected by RTNL.
568 * Must be called with vid in range from 1 to 4094 inclusive.
569 * changed must be true only if the vlan was created or updated
570 */
571int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed)
572{
573 struct net_bridge_vlan_group *vg;
574 struct net_bridge_vlan *vlan;
575 int ret;
576
577 ASSERT_RTNL();
578
579 *changed = false;
580 vg = br_vlan_group(br);
581 vlan = br_vlan_find(vg, vid);
582 if (vlan) {
583 if (!br_vlan_is_brentry(vlan)) {
584 /* Trying to change flags of non-existent bridge vlan */
585 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
586 return -EINVAL;
587 /* It was only kept for port vlans, now make it real */
588 ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
589 vlan->vid);
590 if (ret) {
591 br_err(br, "failed insert local address into bridge forwarding table\n");
592 return ret;
593 }
594 refcount_inc(&vlan->refcnt);
595 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
596 vg->num_vlans++;
597 *changed = true;
598 }
599 if (__vlan_add_flags(vlan, flags))
600 *changed = true;
601
602 return 0;
603 }
604
605 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
606 if (!vlan)
607 return -ENOMEM;
608
609 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
610 if (!vlan->stats) {
611 kfree(vlan);
612 return -ENOMEM;
613 }
614 vlan->vid = vid;
615 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
616 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
617 vlan->br = br;
618 if (flags & BRIDGE_VLAN_INFO_BRENTRY)
619 refcount_set(&vlan->refcnt, 1);
620 ret = __vlan_add(vlan, flags);
621 if (ret) {
622 free_percpu(vlan->stats);
623 kfree(vlan);
624 } else {
625 *changed = true;
626 }
627
628 return ret;
629}
630
631/* Must be protected by RTNL.
632 * Must be called with vid in range from 1 to 4094 inclusive.
633 */
634int br_vlan_delete(struct net_bridge *br, u16 vid)
635{
636 struct net_bridge_vlan_group *vg;
637 struct net_bridge_vlan *v;
638
639 ASSERT_RTNL();
640
641 vg = br_vlan_group(br);
642 v = br_vlan_find(vg, vid);
643 if (!v || !br_vlan_is_brentry(v))
644 return -ENOENT;
645
646 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
647 br_fdb_delete_by_port(br, NULL, vid, 0);
648
649 vlan_tunnel_info_del(vg, v);
650
651 return __vlan_del(v);
652}
653
654void br_vlan_flush(struct net_bridge *br)
655{
656 struct net_bridge_vlan_group *vg;
657
658 ASSERT_RTNL();
659
660 vg = br_vlan_group(br);
661 __vlan_flush(vg);
662 RCU_INIT_POINTER(br->vlgrp, NULL);
663 synchronize_rcu();
664 __vlan_group_free(vg);
665}
666
667struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
668{
669 if (!vg)
670 return NULL;
671
672 return br_vlan_lookup(&vg->vlan_hash, vid);
673}
674
675/* Must be protected by RTNL. */
676static void recalculate_group_addr(struct net_bridge *br)
677{
678 if (br->group_addr_set)
679 return;
680
681 spin_lock_bh(&br->lock);
682 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
683 /* Bridge Group Address */
684 br->group_addr[5] = 0x00;
685 } else { /* vlan_enabled && ETH_P_8021AD */
686 /* Provider Bridge Group Address */
687 br->group_addr[5] = 0x08;
688 }
689 spin_unlock_bh(&br->lock);
690}
691
692/* Must be protected by RTNL. */
693void br_recalculate_fwd_mask(struct net_bridge *br)
694{
695 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
696 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
697 else /* vlan_enabled && ETH_P_8021AD */
698 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
699 ~(1u << br->group_addr[5]);
700}
701
702int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
703{
704 struct switchdev_attr attr = {
705 .orig_dev = br->dev,
706 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
707 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
708 .u.vlan_filtering = val,
709 };
710 int err;
711
712 if (br->vlan_enabled == val)
713 return 0;
714
715 err = switchdev_port_attr_set(br->dev, &attr);
716 if (err && err != -EOPNOTSUPP)
717 return err;
718
719 br->vlan_enabled = val;
720 br_manage_promisc(br);
721 recalculate_group_addr(br);
722 br_recalculate_fwd_mask(br);
723
724 return 0;
725}
726
727int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
728{
729 return __br_vlan_filter_toggle(br, val);
730}
731
732bool br_vlan_enabled(const struct net_device *dev)
733{
734 struct net_bridge *br = netdev_priv(dev);
735
736 return !!br->vlan_enabled;
737}
738EXPORT_SYMBOL_GPL(br_vlan_enabled);
739
740int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
741{
742 int err = 0;
743 struct net_bridge_port *p;
744 struct net_bridge_vlan *vlan;
745 struct net_bridge_vlan_group *vg;
746 __be16 oldproto;
747
748 if (br->vlan_proto == proto)
749 return 0;
750
751 /* Add VLANs for the new proto to the device filter. */
752 list_for_each_entry(p, &br->port_list, list) {
753 vg = nbp_vlan_group(p);
754 list_for_each_entry(vlan, &vg->vlan_list, vlist) {
755 err = vlan_vid_add(p->dev, proto, vlan->vid);
756 if (err)
757 goto err_filt;
758 }
759 }
760
761 oldproto = br->vlan_proto;
762 br->vlan_proto = proto;
763
764 recalculate_group_addr(br);
765 br_recalculate_fwd_mask(br);
766
767 /* Delete VLANs for the old proto from the device filter. */
768 list_for_each_entry(p, &br->port_list, list) {
769 vg = nbp_vlan_group(p);
770 list_for_each_entry(vlan, &vg->vlan_list, vlist)
771 vlan_vid_del(p->dev, oldproto, vlan->vid);
772 }
773
774 return 0;
775
776err_filt:
777 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
778 vlan_vid_del(p->dev, proto, vlan->vid);
779
780 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
781 vg = nbp_vlan_group(p);
782 list_for_each_entry(vlan, &vg->vlan_list, vlist)
783 vlan_vid_del(p->dev, proto, vlan->vid);
784 }
785
786 return err;
787}
788
789int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
790{
791 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
792 return -EPROTONOSUPPORT;
793
794 return __br_vlan_set_proto(br, htons(val));
795}
796
797int br_vlan_set_stats(struct net_bridge *br, unsigned long val)
798{
799 switch (val) {
800 case 0:
801 case 1:
802 br->vlan_stats_enabled = val;
803 break;
804 default:
805 return -EINVAL;
806 }
807
808 return 0;
809}
810
811static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
812{
813 struct net_bridge_vlan *v;
814
815 if (vid != vg->pvid)
816 return false;
817
818 v = br_vlan_lookup(&vg->vlan_hash, vid);
819 if (v && br_vlan_should_use(v) &&
820 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
821 return true;
822
823 return false;
824}
825
826static void br_vlan_disable_default_pvid(struct net_bridge *br)
827{
828 struct net_bridge_port *p;
829 u16 pvid = br->default_pvid;
830
831 /* Disable default_pvid on all ports where it is still
832 * configured.
833 */
834 if (vlan_default_pvid(br_vlan_group(br), pvid))
835 br_vlan_delete(br, pvid);
836
837 list_for_each_entry(p, &br->port_list, list) {
838 if (vlan_default_pvid(nbp_vlan_group(p), pvid))
839 nbp_vlan_delete(p, pvid);
840 }
841
842 br->default_pvid = 0;
843}
844
845int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
846{
847 const struct net_bridge_vlan *pvent;
848 struct net_bridge_vlan_group *vg;
849 struct net_bridge_port *p;
850 unsigned long *changed;
851 bool vlchange;
852 u16 old_pvid;
853 int err = 0;
854
855 if (!pvid) {
856 br_vlan_disable_default_pvid(br);
857 return 0;
858 }
859
860 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
861 GFP_KERNEL);
862 if (!changed)
863 return -ENOMEM;
864
865 old_pvid = br->default_pvid;
866
867 /* Update default_pvid config only if we do not conflict with
868 * user configuration.
869 */
870 vg = br_vlan_group(br);
871 pvent = br_vlan_find(vg, pvid);
872 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
873 (!pvent || !br_vlan_should_use(pvent))) {
874 err = br_vlan_add(br, pvid,
875 BRIDGE_VLAN_INFO_PVID |
876 BRIDGE_VLAN_INFO_UNTAGGED |
877 BRIDGE_VLAN_INFO_BRENTRY,
878 &vlchange);
879 if (err)
880 goto out;
881 br_vlan_delete(br, old_pvid);
882 set_bit(0, changed);
883 }
884
885 list_for_each_entry(p, &br->port_list, list) {
886 /* Update default_pvid config only if we do not conflict with
887 * user configuration.
888 */
889 vg = nbp_vlan_group(p);
890 if ((old_pvid &&
891 !vlan_default_pvid(vg, old_pvid)) ||
892 br_vlan_find(vg, pvid))
893 continue;
894
895 err = nbp_vlan_add(p, pvid,
896 BRIDGE_VLAN_INFO_PVID |
897 BRIDGE_VLAN_INFO_UNTAGGED,
898 &vlchange);
899 if (err)
900 goto err_port;
901 nbp_vlan_delete(p, old_pvid);
902 set_bit(p->port_no, changed);
903 }
904
905 br->default_pvid = pvid;
906
907out:
908 kfree(changed);
909 return err;
910
911err_port:
912 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
913 if (!test_bit(p->port_no, changed))
914 continue;
915
916 if (old_pvid)
917 nbp_vlan_add(p, old_pvid,
918 BRIDGE_VLAN_INFO_PVID |
919 BRIDGE_VLAN_INFO_UNTAGGED,
920 &vlchange);
921 nbp_vlan_delete(p, pvid);
922 }
923
924 if (test_bit(0, changed)) {
925 if (old_pvid)
926 br_vlan_add(br, old_pvid,
927 BRIDGE_VLAN_INFO_PVID |
928 BRIDGE_VLAN_INFO_UNTAGGED |
929 BRIDGE_VLAN_INFO_BRENTRY,
930 &vlchange);
931 br_vlan_delete(br, pvid);
932 }
933 goto out;
934}
935
936int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
937{
938 u16 pvid = val;
939 int err = 0;
940
941 if (val >= VLAN_VID_MASK)
942 return -EINVAL;
943
944 if (pvid == br->default_pvid)
945 goto out;
946
947 /* Only allow default pvid change when filtering is disabled */
948 if (br->vlan_enabled) {
949 pr_info_once("Please disable vlan filtering to change default_pvid\n");
950 err = -EPERM;
951 goto out;
952 }
953 err = __br_vlan_set_default_pvid(br, pvid);
954out:
955 return err;
956}
957
958int br_vlan_init(struct net_bridge *br)
959{
960 struct net_bridge_vlan_group *vg;
961 int ret = -ENOMEM;
962 bool changed;
963
964 vg = kzalloc(sizeof(*vg), GFP_KERNEL);
965 if (!vg)
966 goto out;
967 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
968 if (ret)
969 goto err_rhtbl;
970 ret = vlan_tunnel_init(vg);
971 if (ret)
972 goto err_tunnel_init;
973 INIT_LIST_HEAD(&vg->vlan_list);
974 br->vlan_proto = htons(ETH_P_8021Q);
975 br->default_pvid = 1;
976 rcu_assign_pointer(br->vlgrp, vg);
977 ret = br_vlan_add(br, 1,
978 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
979 BRIDGE_VLAN_INFO_BRENTRY, &changed);
980 if (ret)
981 goto err_vlan_add;
982
983out:
984 return ret;
985
986err_vlan_add:
987 vlan_tunnel_deinit(vg);
988err_tunnel_init:
989 rhashtable_destroy(&vg->vlan_hash);
990err_rhtbl:
991 kfree(vg);
992
993 goto out;
994}
995
996int nbp_vlan_init(struct net_bridge_port *p)
997{
998 struct switchdev_attr attr = {
999 .orig_dev = p->br->dev,
1000 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
1001 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
1002 .u.vlan_filtering = p->br->vlan_enabled,
1003 };
1004 struct net_bridge_vlan_group *vg;
1005 int ret = -ENOMEM;
1006
1007 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
1008 if (!vg)
1009 goto out;
1010
1011 ret = switchdev_port_attr_set(p->dev, &attr);
1012 if (ret && ret != -EOPNOTSUPP)
1013 goto err_vlan_enabled;
1014
1015 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1016 if (ret)
1017 goto err_rhtbl;
1018 ret = vlan_tunnel_init(vg);
1019 if (ret)
1020 goto err_tunnel_init;
1021 INIT_LIST_HEAD(&vg->vlan_list);
1022 rcu_assign_pointer(p->vlgrp, vg);
1023 if (p->br->default_pvid) {
1024 bool changed;
1025
1026 ret = nbp_vlan_add(p, p->br->default_pvid,
1027 BRIDGE_VLAN_INFO_PVID |
1028 BRIDGE_VLAN_INFO_UNTAGGED,
1029 &changed);
1030 if (ret)
1031 goto err_vlan_add;
1032 }
1033out:
1034 return ret;
1035
1036err_vlan_add:
1037 RCU_INIT_POINTER(p->vlgrp, NULL);
1038 synchronize_rcu();
1039 vlan_tunnel_deinit(vg);
1040err_tunnel_init:
1041 rhashtable_destroy(&vg->vlan_hash);
1042err_rhtbl:
1043err_vlan_enabled:
1044 kfree(vg);
1045
1046 goto out;
1047}
1048
1049/* Must be protected by RTNL.
1050 * Must be called with vid in range from 1 to 4094 inclusive.
1051 * changed must be true only if the vlan was created or updated
1052 */
1053int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags,
1054 bool *changed)
1055{
1056 struct switchdev_obj_port_vlan v = {
1057 .obj.orig_dev = port->dev,
1058 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
1059 .flags = flags,
1060 .vid_begin = vid,
1061 .vid_end = vid,
1062 };
1063 struct net_bridge_vlan *vlan;
1064 int ret;
1065
1066 ASSERT_RTNL();
1067
1068 *changed = false;
1069 vlan = br_vlan_find(nbp_vlan_group(port), vid);
1070 if (vlan) {
1071 /* Pass the flags to the hardware bridge */
1072 ret = switchdev_port_obj_add(port->dev, &v.obj);
1073 if (ret && ret != -EOPNOTSUPP)
1074 return ret;
1075 *changed = __vlan_add_flags(vlan, flags);
1076
1077 return 0;
1078 }
1079
1080 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
1081 if (!vlan)
1082 return -ENOMEM;
1083
1084 vlan->vid = vid;
1085 vlan->port = port;
1086 ret = __vlan_add(vlan, flags);
1087 if (ret)
1088 kfree(vlan);
1089 else
1090 *changed = true;
1091
1092 return ret;
1093}
1094
1095/* Must be protected by RTNL.
1096 * Must be called with vid in range from 1 to 4094 inclusive.
1097 */
1098int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
1099{
1100 struct net_bridge_vlan *v;
1101
1102 ASSERT_RTNL();
1103
1104 v = br_vlan_find(nbp_vlan_group(port), vid);
1105 if (!v)
1106 return -ENOENT;
1107 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1108 br_fdb_delete_by_port(port->br, port, vid, 0);
1109
1110 return __vlan_del(v);
1111}
1112
1113void nbp_vlan_flush(struct net_bridge_port *port)
1114{
1115 struct net_bridge_vlan_group *vg;
1116
1117 ASSERT_RTNL();
1118
1119 vg = nbp_vlan_group(port);
1120 __vlan_flush(vg);
1121 RCU_INIT_POINTER(port->vlgrp, NULL);
1122 synchronize_rcu();
1123 __vlan_group_free(vg);
1124}
1125
1126void br_vlan_get_stats(const struct net_bridge_vlan *v,
1127 struct br_vlan_stats *stats)
1128{
1129 int i;
1130
1131 memset(stats, 0, sizeof(*stats));
1132 for_each_possible_cpu(i) {
1133 u64 rxpackets, rxbytes, txpackets, txbytes;
1134 struct br_vlan_stats *cpu_stats;
1135 unsigned int start;
1136
1137 cpu_stats = per_cpu_ptr(v->stats, i);
1138 do {
1139 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
1140 rxpackets = cpu_stats->rx_packets;
1141 rxbytes = cpu_stats->rx_bytes;
1142 txbytes = cpu_stats->tx_bytes;
1143 txpackets = cpu_stats->tx_packets;
1144 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
1145
1146 stats->rx_packets += rxpackets;
1147 stats->rx_bytes += rxbytes;
1148 stats->tx_bytes += txbytes;
1149 stats->tx_packets += txpackets;
1150 }
1151}