Loading...
1// SPDX-License-Identifier: GPL-2.0
2#include <linux/err.h>
3#include <linux/igmp.h>
4#include <linux/kernel.h>
5#include <linux/netdevice.h>
6#include <linux/rculist.h>
7#include <linux/skbuff.h>
8#include <linux/if_ether.h>
9#include <net/ip.h>
10#include <net/netlink.h>
11#include <net/switchdev.h>
12#if IS_ENABLED(CONFIG_IPV6)
13#include <net/ipv6.h>
14#include <net/addrconf.h>
15#endif
16
17#include "br_private.h"
18
19static bool
20br_ip4_rports_get_timer(struct net_bridge_mcast_port *pmctx,
21 unsigned long *timer)
22{
23 *timer = br_timer_value(&pmctx->ip4_mc_router_timer);
24 return !hlist_unhashed(&pmctx->ip4_rlist);
25}
26
27static bool
28br_ip6_rports_get_timer(struct net_bridge_mcast_port *pmctx,
29 unsigned long *timer)
30{
31#if IS_ENABLED(CONFIG_IPV6)
32 *timer = br_timer_value(&pmctx->ip6_mc_router_timer);
33 return !hlist_unhashed(&pmctx->ip6_rlist);
34#else
35 *timer = 0;
36 return false;
37#endif
38}
39
40static size_t __br_rports_one_size(void)
41{
42 return nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PORT */
43 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_TIMER */
44 nla_total_size(sizeof(u8)) + /* MDBA_ROUTER_PATTR_TYPE */
45 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET_TIMER */
46 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET6_TIMER */
47 nla_total_size(sizeof(u32)); /* MDBA_ROUTER_PATTR_VID */
48}
49
50size_t br_rports_size(const struct net_bridge_mcast *brmctx)
51{
52 struct net_bridge_mcast_port *pmctx;
53 size_t size = nla_total_size(0); /* MDBA_ROUTER */
54
55 rcu_read_lock();
56 hlist_for_each_entry_rcu(pmctx, &brmctx->ip4_mc_router_list,
57 ip4_rlist)
58 size += __br_rports_one_size();
59
60#if IS_ENABLED(CONFIG_IPV6)
61 hlist_for_each_entry_rcu(pmctx, &brmctx->ip6_mc_router_list,
62 ip6_rlist)
63 size += __br_rports_one_size();
64#endif
65 rcu_read_unlock();
66
67 return size;
68}
69
70int br_rports_fill_info(struct sk_buff *skb,
71 const struct net_bridge_mcast *brmctx)
72{
73 u16 vid = brmctx->vlan ? brmctx->vlan->vid : 0;
74 bool have_ip4_mc_rtr, have_ip6_mc_rtr;
75 unsigned long ip4_timer, ip6_timer;
76 struct nlattr *nest, *port_nest;
77 struct net_bridge_port *p;
78
79 if (!brmctx->multicast_router || !br_rports_have_mc_router(brmctx))
80 return 0;
81
82 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
83 if (nest == NULL)
84 return -EMSGSIZE;
85
86 list_for_each_entry_rcu(p, &brmctx->br->port_list, list) {
87 struct net_bridge_mcast_port *pmctx;
88
89 if (vid) {
90 struct net_bridge_vlan *v;
91
92 v = br_vlan_find(nbp_vlan_group(p), vid);
93 if (!v)
94 continue;
95 pmctx = &v->port_mcast_ctx;
96 } else {
97 pmctx = &p->multicast_ctx;
98 }
99
100 have_ip4_mc_rtr = br_ip4_rports_get_timer(pmctx, &ip4_timer);
101 have_ip6_mc_rtr = br_ip6_rports_get_timer(pmctx, &ip6_timer);
102
103 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr)
104 continue;
105
106 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
107 if (!port_nest)
108 goto fail;
109
110 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) ||
111 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER,
112 max(ip4_timer, ip6_timer)) ||
113 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE,
114 p->multicast_ctx.multicast_router) ||
115 (have_ip4_mc_rtr &&
116 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER,
117 ip4_timer)) ||
118 (have_ip6_mc_rtr &&
119 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER,
120 ip6_timer)) ||
121 (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid))) {
122 nla_nest_cancel(skb, port_nest);
123 goto fail;
124 }
125 nla_nest_end(skb, port_nest);
126 }
127
128 nla_nest_end(skb, nest);
129 return 0;
130fail:
131 nla_nest_cancel(skb, nest);
132 return -EMSGSIZE;
133}
134
135static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags)
136{
137 e->state = flags & MDB_PG_FLAGS_PERMANENT;
138 e->flags = 0;
139 if (flags & MDB_PG_FLAGS_OFFLOAD)
140 e->flags |= MDB_FLAGS_OFFLOAD;
141 if (flags & MDB_PG_FLAGS_FAST_LEAVE)
142 e->flags |= MDB_FLAGS_FAST_LEAVE;
143 if (flags & MDB_PG_FLAGS_STAR_EXCL)
144 e->flags |= MDB_FLAGS_STAR_EXCL;
145 if (flags & MDB_PG_FLAGS_BLOCKED)
146 e->flags |= MDB_FLAGS_BLOCKED;
147}
148
149static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
150 struct nlattr **mdb_attrs)
151{
152 memset(ip, 0, sizeof(struct br_ip));
153 ip->vid = entry->vid;
154 ip->proto = entry->addr.proto;
155 switch (ip->proto) {
156 case htons(ETH_P_IP):
157 ip->dst.ip4 = entry->addr.u.ip4;
158 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
159 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
160 break;
161#if IS_ENABLED(CONFIG_IPV6)
162 case htons(ETH_P_IPV6):
163 ip->dst.ip6 = entry->addr.u.ip6;
164 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
165 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
166 break;
167#endif
168 default:
169 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr);
170 }
171
172}
173
174static int __mdb_fill_srcs(struct sk_buff *skb,
175 struct net_bridge_port_group *p)
176{
177 struct net_bridge_group_src *ent;
178 struct nlattr *nest, *nest_ent;
179
180 if (hlist_empty(&p->src_list))
181 return 0;
182
183 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST);
184 if (!nest)
185 return -EMSGSIZE;
186
187 hlist_for_each_entry_rcu(ent, &p->src_list, node,
188 lockdep_is_held(&p->key.port->br->multicast_lock)) {
189 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY);
190 if (!nest_ent)
191 goto out_cancel_err;
192 switch (ent->addr.proto) {
193 case htons(ETH_P_IP):
194 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
195 ent->addr.src.ip4)) {
196 nla_nest_cancel(skb, nest_ent);
197 goto out_cancel_err;
198 }
199 break;
200#if IS_ENABLED(CONFIG_IPV6)
201 case htons(ETH_P_IPV6):
202 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
203 &ent->addr.src.ip6)) {
204 nla_nest_cancel(skb, nest_ent);
205 goto out_cancel_err;
206 }
207 break;
208#endif
209 default:
210 nla_nest_cancel(skb, nest_ent);
211 continue;
212 }
213 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER,
214 br_timer_value(&ent->timer))) {
215 nla_nest_cancel(skb, nest_ent);
216 goto out_cancel_err;
217 }
218 nla_nest_end(skb, nest_ent);
219 }
220
221 nla_nest_end(skb, nest);
222
223 return 0;
224
225out_cancel_err:
226 nla_nest_cancel(skb, nest);
227 return -EMSGSIZE;
228}
229
230static int __mdb_fill_info(struct sk_buff *skb,
231 struct net_bridge_mdb_entry *mp,
232 struct net_bridge_port_group *p)
233{
234 bool dump_srcs_mode = false;
235 struct timer_list *mtimer;
236 struct nlattr *nest_ent;
237 struct br_mdb_entry e;
238 u8 flags = 0;
239 int ifindex;
240
241 memset(&e, 0, sizeof(e));
242 if (p) {
243 ifindex = p->key.port->dev->ifindex;
244 mtimer = &p->timer;
245 flags = p->flags;
246 } else {
247 ifindex = mp->br->dev->ifindex;
248 mtimer = &mp->timer;
249 }
250
251 __mdb_entry_fill_flags(&e, flags);
252 e.ifindex = ifindex;
253 e.vid = mp->addr.vid;
254 if (mp->addr.proto == htons(ETH_P_IP)) {
255 e.addr.u.ip4 = mp->addr.dst.ip4;
256#if IS_ENABLED(CONFIG_IPV6)
257 } else if (mp->addr.proto == htons(ETH_P_IPV6)) {
258 e.addr.u.ip6 = mp->addr.dst.ip6;
259#endif
260 } else {
261 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
262 e.state = MDB_PG_FLAGS_PERMANENT;
263 }
264 e.addr.proto = mp->addr.proto;
265 nest_ent = nla_nest_start_noflag(skb,
266 MDBA_MDB_ENTRY_INFO);
267 if (!nest_ent)
268 return -EMSGSIZE;
269
270 if (nla_put_nohdr(skb, sizeof(e), &e) ||
271 nla_put_u32(skb,
272 MDBA_MDB_EATTR_TIMER,
273 br_timer_value(mtimer)))
274 goto nest_err;
275
276 switch (mp->addr.proto) {
277 case htons(ETH_P_IP):
278 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_igmp_version == 3);
279 if (mp->addr.src.ip4) {
280 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE,
281 mp->addr.src.ip4))
282 goto nest_err;
283 break;
284 }
285 break;
286#if IS_ENABLED(CONFIG_IPV6)
287 case htons(ETH_P_IPV6):
288 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_mld_version == 2);
289 if (!ipv6_addr_any(&mp->addr.src.ip6)) {
290 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE,
291 &mp->addr.src.ip6))
292 goto nest_err;
293 break;
294 }
295 break;
296#endif
297 default:
298 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
299 }
300 if (p) {
301 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol))
302 goto nest_err;
303 if (dump_srcs_mode &&
304 (__mdb_fill_srcs(skb, p) ||
305 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE,
306 p->filter_mode)))
307 goto nest_err;
308 }
309 nla_nest_end(skb, nest_ent);
310
311 return 0;
312
313nest_err:
314 nla_nest_cancel(skb, nest_ent);
315 return -EMSGSIZE;
316}
317
318static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
319 struct net_device *dev)
320{
321 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2];
322 struct net_bridge *br = netdev_priv(dev);
323 struct net_bridge_mdb_entry *mp;
324 struct nlattr *nest, *nest2;
325
326 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
327 return 0;
328
329 nest = nla_nest_start_noflag(skb, MDBA_MDB);
330 if (nest == NULL)
331 return -EMSGSIZE;
332
333 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
334 struct net_bridge_port_group *p;
335 struct net_bridge_port_group __rcu **pp;
336
337 if (idx < s_idx)
338 goto skip;
339
340 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
341 if (!nest2) {
342 err = -EMSGSIZE;
343 break;
344 }
345
346 if (!s_pidx && mp->host_joined) {
347 err = __mdb_fill_info(skb, mp, NULL);
348 if (err) {
349 nla_nest_cancel(skb, nest2);
350 break;
351 }
352 }
353
354 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
355 pp = &p->next) {
356 if (!p->key.port)
357 continue;
358 if (pidx < s_pidx)
359 goto skip_pg;
360
361 err = __mdb_fill_info(skb, mp, p);
362 if (err) {
363 nla_nest_end(skb, nest2);
364 goto out;
365 }
366skip_pg:
367 pidx++;
368 }
369 pidx = 0;
370 s_pidx = 0;
371 nla_nest_end(skb, nest2);
372skip:
373 idx++;
374 }
375
376out:
377 cb->args[1] = idx;
378 cb->args[2] = pidx;
379 nla_nest_end(skb, nest);
380 return err;
381}
382
383static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh,
384 struct netlink_ext_ack *extack)
385{
386 struct br_port_msg *bpm;
387
388 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) {
389 NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request");
390 return -EINVAL;
391 }
392
393 bpm = nlmsg_data(nlh);
394 if (bpm->ifindex) {
395 NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request");
396 return -EINVAL;
397 }
398 if (nlmsg_attrlen(nlh, sizeof(*bpm))) {
399 NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request");
400 return -EINVAL;
401 }
402
403 return 0;
404}
405
406static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
407{
408 struct net_device *dev;
409 struct net *net = sock_net(skb->sk);
410 struct nlmsghdr *nlh = NULL;
411 int idx = 0, s_idx;
412
413 if (cb->strict_check) {
414 int err = br_mdb_valid_dump_req(cb->nlh, cb->extack);
415
416 if (err < 0)
417 return err;
418 }
419
420 s_idx = cb->args[0];
421
422 rcu_read_lock();
423
424 cb->seq = net->dev_base_seq;
425
426 for_each_netdev_rcu(net, dev) {
427 if (netif_is_bridge_master(dev)) {
428 struct net_bridge *br = netdev_priv(dev);
429 struct br_port_msg *bpm;
430
431 if (idx < s_idx)
432 goto skip;
433
434 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
435 cb->nlh->nlmsg_seq, RTM_GETMDB,
436 sizeof(*bpm), NLM_F_MULTI);
437 if (nlh == NULL)
438 break;
439
440 bpm = nlmsg_data(nlh);
441 memset(bpm, 0, sizeof(*bpm));
442 bpm->ifindex = dev->ifindex;
443 if (br_mdb_fill_info(skb, cb, dev) < 0)
444 goto out;
445 if (br_rports_fill_info(skb, &br->multicast_ctx) < 0)
446 goto out;
447
448 cb->args[1] = 0;
449 nlmsg_end(skb, nlh);
450 skip:
451 idx++;
452 }
453 }
454
455out:
456 if (nlh)
457 nlmsg_end(skb, nlh);
458 rcu_read_unlock();
459 cb->args[0] = idx;
460 return skb->len;
461}
462
463static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
464 struct net_device *dev,
465 struct net_bridge_mdb_entry *mp,
466 struct net_bridge_port_group *pg,
467 int type)
468{
469 struct nlmsghdr *nlh;
470 struct br_port_msg *bpm;
471 struct nlattr *nest, *nest2;
472
473 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0);
474 if (!nlh)
475 return -EMSGSIZE;
476
477 bpm = nlmsg_data(nlh);
478 memset(bpm, 0, sizeof(*bpm));
479 bpm->family = AF_BRIDGE;
480 bpm->ifindex = dev->ifindex;
481 nest = nla_nest_start_noflag(skb, MDBA_MDB);
482 if (nest == NULL)
483 goto cancel;
484 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
485 if (nest2 == NULL)
486 goto end;
487
488 if (__mdb_fill_info(skb, mp, pg))
489 goto end;
490
491 nla_nest_end(skb, nest2);
492 nla_nest_end(skb, nest);
493 nlmsg_end(skb, nlh);
494 return 0;
495
496end:
497 nla_nest_end(skb, nest);
498cancel:
499 nlmsg_cancel(skb, nlh);
500 return -EMSGSIZE;
501}
502
503static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg)
504{
505 size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) +
506 nla_total_size(sizeof(struct br_mdb_entry)) +
507 nla_total_size(sizeof(u32));
508 struct net_bridge_group_src *ent;
509 size_t addr_size = 0;
510
511 if (!pg)
512 goto out;
513
514 /* MDBA_MDB_EATTR_RTPROT */
515 nlmsg_size += nla_total_size(sizeof(u8));
516
517 switch (pg->key.addr.proto) {
518 case htons(ETH_P_IP):
519 /* MDBA_MDB_EATTR_SOURCE */
520 if (pg->key.addr.src.ip4)
521 nlmsg_size += nla_total_size(sizeof(__be32));
522 if (pg->key.port->br->multicast_ctx.multicast_igmp_version == 2)
523 goto out;
524 addr_size = sizeof(__be32);
525 break;
526#if IS_ENABLED(CONFIG_IPV6)
527 case htons(ETH_P_IPV6):
528 /* MDBA_MDB_EATTR_SOURCE */
529 if (!ipv6_addr_any(&pg->key.addr.src.ip6))
530 nlmsg_size += nla_total_size(sizeof(struct in6_addr));
531 if (pg->key.port->br->multicast_ctx.multicast_mld_version == 1)
532 goto out;
533 addr_size = sizeof(struct in6_addr);
534 break;
535#endif
536 }
537
538 /* MDBA_MDB_EATTR_GROUP_MODE */
539 nlmsg_size += nla_total_size(sizeof(u8));
540
541 /* MDBA_MDB_EATTR_SRC_LIST nested attr */
542 if (!hlist_empty(&pg->src_list))
543 nlmsg_size += nla_total_size(0);
544
545 hlist_for_each_entry(ent, &pg->src_list, node) {
546 /* MDBA_MDB_SRCLIST_ENTRY nested attr +
547 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER
548 */
549 nlmsg_size += nla_total_size(0) +
550 nla_total_size(addr_size) +
551 nla_total_size(sizeof(u32));
552 }
553out:
554 return nlmsg_size;
555}
556
557void br_mdb_notify(struct net_device *dev,
558 struct net_bridge_mdb_entry *mp,
559 struct net_bridge_port_group *pg,
560 int type)
561{
562 struct net *net = dev_net(dev);
563 struct sk_buff *skb;
564 int err = -ENOBUFS;
565
566 br_switchdev_mdb_notify(dev, mp, pg, type);
567
568 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC);
569 if (!skb)
570 goto errout;
571
572 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type);
573 if (err < 0) {
574 kfree_skb(skb);
575 goto errout;
576 }
577
578 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
579 return;
580errout:
581 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
582}
583
584static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
585 struct net_device *dev,
586 int ifindex, u16 vid, u32 pid,
587 u32 seq, int type, unsigned int flags)
588{
589 struct nlattr *nest, *port_nest;
590 struct br_port_msg *bpm;
591 struct nlmsghdr *nlh;
592
593 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
594 if (!nlh)
595 return -EMSGSIZE;
596
597 bpm = nlmsg_data(nlh);
598 memset(bpm, 0, sizeof(*bpm));
599 bpm->family = AF_BRIDGE;
600 bpm->ifindex = dev->ifindex;
601 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
602 if (!nest)
603 goto cancel;
604
605 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
606 if (!port_nest)
607 goto end;
608 if (nla_put_nohdr(skb, sizeof(u32), &ifindex)) {
609 nla_nest_cancel(skb, port_nest);
610 goto end;
611 }
612 if (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid)) {
613 nla_nest_cancel(skb, port_nest);
614 goto end;
615 }
616 nla_nest_end(skb, port_nest);
617
618 nla_nest_end(skb, nest);
619 nlmsg_end(skb, nlh);
620 return 0;
621
622end:
623 nla_nest_end(skb, nest);
624cancel:
625 nlmsg_cancel(skb, nlh);
626 return -EMSGSIZE;
627}
628
629static inline size_t rtnl_rtr_nlmsg_size(void)
630{
631 return NLMSG_ALIGN(sizeof(struct br_port_msg))
632 + nla_total_size(sizeof(__u32))
633 + nla_total_size(sizeof(u16));
634}
635
636void br_rtr_notify(struct net_device *dev, struct net_bridge_mcast_port *pmctx,
637 int type)
638{
639 struct net *net = dev_net(dev);
640 struct sk_buff *skb;
641 int err = -ENOBUFS;
642 int ifindex;
643 u16 vid;
644
645 ifindex = pmctx ? pmctx->port->dev->ifindex : 0;
646 vid = pmctx && br_multicast_port_ctx_is_vlan(pmctx) ? pmctx->vlan->vid :
647 0;
648 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC);
649 if (!skb)
650 goto errout;
651
652 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, vid, 0, 0, type,
653 NTF_SELF);
654 if (err < 0) {
655 kfree_skb(skb);
656 goto errout;
657 }
658
659 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
660 return;
661
662errout:
663 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
664}
665
666static const struct nla_policy
667br_mdbe_src_list_entry_pol[MDBE_SRCATTR_MAX + 1] = {
668 [MDBE_SRCATTR_ADDRESS] = NLA_POLICY_RANGE(NLA_BINARY,
669 sizeof(struct in_addr),
670 sizeof(struct in6_addr)),
671};
672
673static const struct nla_policy
674br_mdbe_src_list_pol[MDBE_SRC_LIST_MAX + 1] = {
675 [MDBE_SRC_LIST_ENTRY] = NLA_POLICY_NESTED(br_mdbe_src_list_entry_pol),
676};
677
678static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
679 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
680 sizeof(struct in_addr),
681 sizeof(struct in6_addr)),
682 [MDBE_ATTR_GROUP_MODE] = NLA_POLICY_RANGE(NLA_U8, MCAST_EXCLUDE,
683 MCAST_INCLUDE),
684 [MDBE_ATTR_SRC_LIST] = NLA_POLICY_NESTED(br_mdbe_src_list_pol),
685 [MDBE_ATTR_RTPROT] = NLA_POLICY_MIN(NLA_U8, RTPROT_STATIC),
686};
687
688static bool is_valid_mdb_entry(struct br_mdb_entry *entry,
689 struct netlink_ext_ack *extack)
690{
691 if (entry->ifindex == 0) {
692 NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed");
693 return false;
694 }
695
696 if (entry->addr.proto == htons(ETH_P_IP)) {
697 if (!ipv4_is_multicast(entry->addr.u.ip4)) {
698 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast");
699 return false;
700 }
701 if (ipv4_is_local_multicast(entry->addr.u.ip4)) {
702 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast");
703 return false;
704 }
705#if IS_ENABLED(CONFIG_IPV6)
706 } else if (entry->addr.proto == htons(ETH_P_IPV6)) {
707 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) {
708 NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes");
709 return false;
710 }
711#endif
712 } else if (entry->addr.proto == 0) {
713 /* L2 mdb */
714 if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) {
715 NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast");
716 return false;
717 }
718 } else {
719 NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol");
720 return false;
721 }
722
723 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) {
724 NL_SET_ERR_MSG_MOD(extack, "Unknown entry state");
725 return false;
726 }
727 if (entry->vid >= VLAN_VID_MASK) {
728 NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id");
729 return false;
730 }
731
732 return true;
733}
734
735static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
736 struct netlink_ext_ack *extack)
737{
738 switch (proto) {
739 case htons(ETH_P_IP):
740 if (nla_len(attr) != sizeof(struct in_addr)) {
741 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length");
742 return false;
743 }
744 if (ipv4_is_multicast(nla_get_in_addr(attr))) {
745 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed");
746 return false;
747 }
748 break;
749#if IS_ENABLED(CONFIG_IPV6)
750 case htons(ETH_P_IPV6): {
751 struct in6_addr src;
752
753 if (nla_len(attr) != sizeof(struct in6_addr)) {
754 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length");
755 return false;
756 }
757 src = nla_get_in6_addr(attr);
758 if (ipv6_addr_is_multicast(&src)) {
759 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed");
760 return false;
761 }
762 break;
763 }
764#endif
765 default:
766 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address");
767 return false;
768 }
769
770 return true;
771}
772
773static struct net_bridge_mcast *
774__br_mdb_choose_context(struct net_bridge *br,
775 const struct br_mdb_entry *entry,
776 struct netlink_ext_ack *extack)
777{
778 struct net_bridge_mcast *brmctx = NULL;
779 struct net_bridge_vlan *v;
780
781 if (!br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED)) {
782 brmctx = &br->multicast_ctx;
783 goto out;
784 }
785
786 if (!entry->vid) {
787 NL_SET_ERR_MSG_MOD(extack, "Cannot add an entry without a vlan when vlan snooping is enabled");
788 goto out;
789 }
790
791 v = br_vlan_find(br_vlan_group(br), entry->vid);
792 if (!v) {
793 NL_SET_ERR_MSG_MOD(extack, "Vlan is not configured");
794 goto out;
795 }
796 if (br_multicast_ctx_vlan_global_disabled(&v->br_mcast_ctx)) {
797 NL_SET_ERR_MSG_MOD(extack, "Vlan's multicast processing is disabled");
798 goto out;
799 }
800 brmctx = &v->br_mcast_ctx;
801out:
802 return brmctx;
803}
804
805static int br_mdb_replace_group_sg(const struct br_mdb_config *cfg,
806 struct net_bridge_mdb_entry *mp,
807 struct net_bridge_port_group *pg,
808 struct net_bridge_mcast *brmctx,
809 unsigned char flags)
810{
811 unsigned long now = jiffies;
812
813 pg->flags = flags;
814 pg->rt_protocol = cfg->rt_protocol;
815 if (!(flags & MDB_PG_FLAGS_PERMANENT) && !cfg->src_entry)
816 mod_timer(&pg->timer,
817 now + brmctx->multicast_membership_interval);
818 else
819 del_timer(&pg->timer);
820
821 br_mdb_notify(cfg->br->dev, mp, pg, RTM_NEWMDB);
822
823 return 0;
824}
825
826static int br_mdb_add_group_sg(const struct br_mdb_config *cfg,
827 struct net_bridge_mdb_entry *mp,
828 struct net_bridge_mcast *brmctx,
829 unsigned char flags,
830 struct netlink_ext_ack *extack)
831{
832 struct net_bridge_port_group __rcu **pp;
833 struct net_bridge_port_group *p;
834 unsigned long now = jiffies;
835
836 for (pp = &mp->ports;
837 (p = mlock_dereference(*pp, cfg->br)) != NULL;
838 pp = &p->next) {
839 if (p->key.port == cfg->p) {
840 if (!(cfg->nlflags & NLM_F_REPLACE)) {
841 NL_SET_ERR_MSG_MOD(extack, "(S, G) group is already joined by port");
842 return -EEXIST;
843 }
844 return br_mdb_replace_group_sg(cfg, mp, p, brmctx,
845 flags);
846 }
847 if ((unsigned long)p->key.port < (unsigned long)cfg->p)
848 break;
849 }
850
851 p = br_multicast_new_port_group(cfg->p, &cfg->group, *pp, flags, NULL,
852 MCAST_INCLUDE, cfg->rt_protocol);
853 if (unlikely(!p)) {
854 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new (S, G) port group");
855 return -ENOMEM;
856 }
857 rcu_assign_pointer(*pp, p);
858 if (!(flags & MDB_PG_FLAGS_PERMANENT) && !cfg->src_entry)
859 mod_timer(&p->timer,
860 now + brmctx->multicast_membership_interval);
861 br_mdb_notify(cfg->br->dev, mp, p, RTM_NEWMDB);
862
863 /* All of (*, G) EXCLUDE ports need to be added to the new (S, G) for
864 * proper replication.
865 */
866 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto)) {
867 struct net_bridge_mdb_entry *star_mp;
868 struct br_ip star_group;
869
870 star_group = p->key.addr;
871 memset(&star_group.src, 0, sizeof(star_group.src));
872 star_mp = br_mdb_ip_get(cfg->br, &star_group);
873 if (star_mp)
874 br_multicast_sg_add_exclude_ports(star_mp, p);
875 }
876
877 return 0;
878}
879
880static int br_mdb_add_group_src_fwd(const struct br_mdb_config *cfg,
881 struct br_ip *src_ip,
882 struct net_bridge_mcast *brmctx,
883 struct netlink_ext_ack *extack)
884{
885 struct net_bridge_mdb_entry *sgmp;
886 struct br_mdb_config sg_cfg;
887 struct br_ip sg_ip;
888 u8 flags = 0;
889
890 sg_ip = cfg->group;
891 sg_ip.src = src_ip->src;
892 sgmp = br_multicast_new_group(cfg->br, &sg_ip);
893 if (IS_ERR(sgmp)) {
894 NL_SET_ERR_MSG_MOD(extack, "Failed to add (S, G) MDB entry");
895 return PTR_ERR(sgmp);
896 }
897
898 if (cfg->entry->state == MDB_PERMANENT)
899 flags |= MDB_PG_FLAGS_PERMANENT;
900 if (cfg->filter_mode == MCAST_EXCLUDE)
901 flags |= MDB_PG_FLAGS_BLOCKED;
902
903 memset(&sg_cfg, 0, sizeof(sg_cfg));
904 sg_cfg.br = cfg->br;
905 sg_cfg.p = cfg->p;
906 sg_cfg.entry = cfg->entry;
907 sg_cfg.group = sg_ip;
908 sg_cfg.src_entry = true;
909 sg_cfg.filter_mode = MCAST_INCLUDE;
910 sg_cfg.rt_protocol = cfg->rt_protocol;
911 sg_cfg.nlflags = cfg->nlflags;
912 return br_mdb_add_group_sg(&sg_cfg, sgmp, brmctx, flags, extack);
913}
914
915static int br_mdb_add_group_src(const struct br_mdb_config *cfg,
916 struct net_bridge_port_group *pg,
917 struct net_bridge_mcast *brmctx,
918 struct br_mdb_src_entry *src,
919 struct netlink_ext_ack *extack)
920{
921 struct net_bridge_group_src *ent;
922 unsigned long now = jiffies;
923 int err;
924
925 ent = br_multicast_find_group_src(pg, &src->addr);
926 if (!ent) {
927 ent = br_multicast_new_group_src(pg, &src->addr);
928 if (!ent) {
929 NL_SET_ERR_MSG_MOD(extack, "Failed to add new source entry");
930 return -ENOSPC;
931 }
932 } else if (!(cfg->nlflags & NLM_F_REPLACE)) {
933 NL_SET_ERR_MSG_MOD(extack, "Source entry already exists");
934 return -EEXIST;
935 }
936
937 if (cfg->filter_mode == MCAST_INCLUDE &&
938 cfg->entry->state == MDB_TEMPORARY)
939 mod_timer(&ent->timer, now + br_multicast_gmi(brmctx));
940 else
941 del_timer(&ent->timer);
942
943 /* Install a (S, G) forwarding entry for the source. */
944 err = br_mdb_add_group_src_fwd(cfg, &src->addr, brmctx, extack);
945 if (err)
946 goto err_del_sg;
947
948 ent->flags = BR_SGRP_F_INSTALLED | BR_SGRP_F_USER_ADDED;
949
950 return 0;
951
952err_del_sg:
953 __br_multicast_del_group_src(ent);
954 return err;
955}
956
957static void br_mdb_del_group_src(struct net_bridge_port_group *pg,
958 struct br_mdb_src_entry *src)
959{
960 struct net_bridge_group_src *ent;
961
962 ent = br_multicast_find_group_src(pg, &src->addr);
963 if (WARN_ON_ONCE(!ent))
964 return;
965 br_multicast_del_group_src(ent, false);
966}
967
968static int br_mdb_add_group_srcs(const struct br_mdb_config *cfg,
969 struct net_bridge_port_group *pg,
970 struct net_bridge_mcast *brmctx,
971 struct netlink_ext_ack *extack)
972{
973 int i, err;
974
975 for (i = 0; i < cfg->num_src_entries; i++) {
976 err = br_mdb_add_group_src(cfg, pg, brmctx,
977 &cfg->src_entries[i], extack);
978 if (err)
979 goto err_del_group_srcs;
980 }
981
982 return 0;
983
984err_del_group_srcs:
985 for (i--; i >= 0; i--)
986 br_mdb_del_group_src(pg, &cfg->src_entries[i]);
987 return err;
988}
989
990static int br_mdb_replace_group_srcs(const struct br_mdb_config *cfg,
991 struct net_bridge_port_group *pg,
992 struct net_bridge_mcast *brmctx,
993 struct netlink_ext_ack *extack)
994{
995 struct net_bridge_group_src *ent;
996 struct hlist_node *tmp;
997 int err;
998
999 hlist_for_each_entry(ent, &pg->src_list, node)
1000 ent->flags |= BR_SGRP_F_DELETE;
1001
1002 err = br_mdb_add_group_srcs(cfg, pg, brmctx, extack);
1003 if (err)
1004 goto err_clear_delete;
1005
1006 hlist_for_each_entry_safe(ent, tmp, &pg->src_list, node) {
1007 if (ent->flags & BR_SGRP_F_DELETE)
1008 br_multicast_del_group_src(ent, false);
1009 }
1010
1011 return 0;
1012
1013err_clear_delete:
1014 hlist_for_each_entry(ent, &pg->src_list, node)
1015 ent->flags &= ~BR_SGRP_F_DELETE;
1016 return err;
1017}
1018
1019static int br_mdb_replace_group_star_g(const struct br_mdb_config *cfg,
1020 struct net_bridge_mdb_entry *mp,
1021 struct net_bridge_port_group *pg,
1022 struct net_bridge_mcast *brmctx,
1023 unsigned char flags,
1024 struct netlink_ext_ack *extack)
1025{
1026 unsigned long now = jiffies;
1027 int err;
1028
1029 err = br_mdb_replace_group_srcs(cfg, pg, brmctx, extack);
1030 if (err)
1031 return err;
1032
1033 pg->flags = flags;
1034 pg->filter_mode = cfg->filter_mode;
1035 pg->rt_protocol = cfg->rt_protocol;
1036 if (!(flags & MDB_PG_FLAGS_PERMANENT) &&
1037 cfg->filter_mode == MCAST_EXCLUDE)
1038 mod_timer(&pg->timer,
1039 now + brmctx->multicast_membership_interval);
1040 else
1041 del_timer(&pg->timer);
1042
1043 br_mdb_notify(cfg->br->dev, mp, pg, RTM_NEWMDB);
1044
1045 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto))
1046 br_multicast_star_g_handle_mode(pg, cfg->filter_mode);
1047
1048 return 0;
1049}
1050
1051static int br_mdb_add_group_star_g(const struct br_mdb_config *cfg,
1052 struct net_bridge_mdb_entry *mp,
1053 struct net_bridge_mcast *brmctx,
1054 unsigned char flags,
1055 struct netlink_ext_ack *extack)
1056{
1057 struct net_bridge_port_group __rcu **pp;
1058 struct net_bridge_port_group *p;
1059 unsigned long now = jiffies;
1060 int err;
1061
1062 for (pp = &mp->ports;
1063 (p = mlock_dereference(*pp, cfg->br)) != NULL;
1064 pp = &p->next) {
1065 if (p->key.port == cfg->p) {
1066 if (!(cfg->nlflags & NLM_F_REPLACE)) {
1067 NL_SET_ERR_MSG_MOD(extack, "(*, G) group is already joined by port");
1068 return -EEXIST;
1069 }
1070 return br_mdb_replace_group_star_g(cfg, mp, p, brmctx,
1071 flags, extack);
1072 }
1073 if ((unsigned long)p->key.port < (unsigned long)cfg->p)
1074 break;
1075 }
1076
1077 p = br_multicast_new_port_group(cfg->p, &cfg->group, *pp, flags, NULL,
1078 cfg->filter_mode, cfg->rt_protocol);
1079 if (unlikely(!p)) {
1080 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new (*, G) port group");
1081 return -ENOMEM;
1082 }
1083
1084 err = br_mdb_add_group_srcs(cfg, p, brmctx, extack);
1085 if (err)
1086 goto err_del_port_group;
1087
1088 rcu_assign_pointer(*pp, p);
1089 if (!(flags & MDB_PG_FLAGS_PERMANENT) &&
1090 cfg->filter_mode == MCAST_EXCLUDE)
1091 mod_timer(&p->timer,
1092 now + brmctx->multicast_membership_interval);
1093 br_mdb_notify(cfg->br->dev, mp, p, RTM_NEWMDB);
1094 /* If we are adding a new EXCLUDE port group (*, G), it needs to be
1095 * also added to all (S, G) entries for proper replication.
1096 */
1097 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto) &&
1098 cfg->filter_mode == MCAST_EXCLUDE)
1099 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE);
1100
1101 return 0;
1102
1103err_del_port_group:
1104 hlist_del_init(&p->mglist);
1105 kfree(p);
1106 return err;
1107}
1108
1109static int br_mdb_add_group(const struct br_mdb_config *cfg,
1110 struct netlink_ext_ack *extack)
1111{
1112 struct br_mdb_entry *entry = cfg->entry;
1113 struct net_bridge_port *port = cfg->p;
1114 struct net_bridge_mdb_entry *mp;
1115 struct net_bridge *br = cfg->br;
1116 struct net_bridge_mcast *brmctx;
1117 struct br_ip group = cfg->group;
1118 unsigned char flags = 0;
1119
1120 brmctx = __br_mdb_choose_context(br, entry, extack);
1121 if (!brmctx)
1122 return -EINVAL;
1123
1124 mp = br_multicast_new_group(br, &group);
1125 if (IS_ERR(mp))
1126 return PTR_ERR(mp);
1127
1128 /* host join */
1129 if (!port) {
1130 if (mp->host_joined) {
1131 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host");
1132 return -EEXIST;
1133 }
1134
1135 br_multicast_host_join(brmctx, mp, false);
1136 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB);
1137
1138 return 0;
1139 }
1140
1141 if (entry->state == MDB_PERMANENT)
1142 flags |= MDB_PG_FLAGS_PERMANENT;
1143
1144 if (br_multicast_is_star_g(&group))
1145 return br_mdb_add_group_star_g(cfg, mp, brmctx, flags, extack);
1146 else
1147 return br_mdb_add_group_sg(cfg, mp, brmctx, flags, extack);
1148}
1149
1150static int __br_mdb_add(const struct br_mdb_config *cfg,
1151 struct netlink_ext_ack *extack)
1152{
1153 int ret;
1154
1155 spin_lock_bh(&cfg->br->multicast_lock);
1156 ret = br_mdb_add_group(cfg, extack);
1157 spin_unlock_bh(&cfg->br->multicast_lock);
1158
1159 return ret;
1160}
1161
1162static int br_mdb_config_src_entry_init(struct nlattr *src_entry,
1163 struct br_mdb_src_entry *src,
1164 __be16 proto,
1165 struct netlink_ext_ack *extack)
1166{
1167 struct nlattr *tb[MDBE_SRCATTR_MAX + 1];
1168 int err;
1169
1170 err = nla_parse_nested(tb, MDBE_SRCATTR_MAX, src_entry,
1171 br_mdbe_src_list_entry_pol, extack);
1172 if (err)
1173 return err;
1174
1175 if (NL_REQ_ATTR_CHECK(extack, src_entry, tb, MDBE_SRCATTR_ADDRESS))
1176 return -EINVAL;
1177
1178 if (!is_valid_mdb_source(tb[MDBE_SRCATTR_ADDRESS], proto, extack))
1179 return -EINVAL;
1180
1181 src->addr.proto = proto;
1182 nla_memcpy(&src->addr.src, tb[MDBE_SRCATTR_ADDRESS],
1183 nla_len(tb[MDBE_SRCATTR_ADDRESS]));
1184
1185 return 0;
1186}
1187
1188static int br_mdb_config_src_list_init(struct nlattr *src_list,
1189 struct br_mdb_config *cfg,
1190 struct netlink_ext_ack *extack)
1191{
1192 struct nlattr *src_entry;
1193 int rem, err;
1194 int i = 0;
1195
1196 nla_for_each_nested(src_entry, src_list, rem)
1197 cfg->num_src_entries++;
1198
1199 if (cfg->num_src_entries >= PG_SRC_ENT_LIMIT) {
1200 NL_SET_ERR_MSG_FMT_MOD(extack, "Exceeded maximum number of source entries (%u)",
1201 PG_SRC_ENT_LIMIT - 1);
1202 return -EINVAL;
1203 }
1204
1205 cfg->src_entries = kcalloc(cfg->num_src_entries,
1206 sizeof(struct br_mdb_src_entry), GFP_KERNEL);
1207 if (!cfg->src_entries)
1208 return -ENOMEM;
1209
1210 nla_for_each_nested(src_entry, src_list, rem) {
1211 err = br_mdb_config_src_entry_init(src_entry,
1212 &cfg->src_entries[i],
1213 cfg->entry->addr.proto,
1214 extack);
1215 if (err)
1216 goto err_src_entry_init;
1217 i++;
1218 }
1219
1220 return 0;
1221
1222err_src_entry_init:
1223 kfree(cfg->src_entries);
1224 return err;
1225}
1226
1227static void br_mdb_config_src_list_fini(struct br_mdb_config *cfg)
1228{
1229 kfree(cfg->src_entries);
1230}
1231
1232static int br_mdb_config_attrs_init(struct nlattr *set_attrs,
1233 struct br_mdb_config *cfg,
1234 struct netlink_ext_ack *extack)
1235{
1236 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1237 int err;
1238
1239 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, set_attrs,
1240 br_mdbe_attrs_pol, extack);
1241 if (err)
1242 return err;
1243
1244 if (mdb_attrs[MDBE_ATTR_SOURCE] &&
1245 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
1246 cfg->entry->addr.proto, extack))
1247 return -EINVAL;
1248
1249 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, mdb_attrs);
1250
1251 if (mdb_attrs[MDBE_ATTR_GROUP_MODE]) {
1252 if (!cfg->p) {
1253 NL_SET_ERR_MSG_MOD(extack, "Filter mode cannot be set for host groups");
1254 return -EINVAL;
1255 }
1256 if (!br_multicast_is_star_g(&cfg->group)) {
1257 NL_SET_ERR_MSG_MOD(extack, "Filter mode can only be set for (*, G) entries");
1258 return -EINVAL;
1259 }
1260 cfg->filter_mode = nla_get_u8(mdb_attrs[MDBE_ATTR_GROUP_MODE]);
1261 } else {
1262 cfg->filter_mode = MCAST_EXCLUDE;
1263 }
1264
1265 if (mdb_attrs[MDBE_ATTR_SRC_LIST]) {
1266 if (!cfg->p) {
1267 NL_SET_ERR_MSG_MOD(extack, "Source list cannot be set for host groups");
1268 return -EINVAL;
1269 }
1270 if (!br_multicast_is_star_g(&cfg->group)) {
1271 NL_SET_ERR_MSG_MOD(extack, "Source list can only be set for (*, G) entries");
1272 return -EINVAL;
1273 }
1274 if (!mdb_attrs[MDBE_ATTR_GROUP_MODE]) {
1275 NL_SET_ERR_MSG_MOD(extack, "Source list cannot be set without filter mode");
1276 return -EINVAL;
1277 }
1278 err = br_mdb_config_src_list_init(mdb_attrs[MDBE_ATTR_SRC_LIST],
1279 cfg, extack);
1280 if (err)
1281 return err;
1282 }
1283
1284 if (!cfg->num_src_entries && cfg->filter_mode == MCAST_INCLUDE) {
1285 NL_SET_ERR_MSG_MOD(extack, "Cannot add (*, G) INCLUDE with an empty source list");
1286 return -EINVAL;
1287 }
1288
1289 if (mdb_attrs[MDBE_ATTR_RTPROT]) {
1290 if (!cfg->p) {
1291 NL_SET_ERR_MSG_MOD(extack, "Protocol cannot be set for host groups");
1292 return -EINVAL;
1293 }
1294 cfg->rt_protocol = nla_get_u8(mdb_attrs[MDBE_ATTR_RTPROT]);
1295 }
1296
1297 return 0;
1298}
1299
1300static int br_mdb_config_init(struct net *net, const struct nlmsghdr *nlh,
1301 struct br_mdb_config *cfg,
1302 struct netlink_ext_ack *extack)
1303{
1304 struct nlattr *tb[MDBA_SET_ENTRY_MAX + 1];
1305 struct br_port_msg *bpm;
1306 struct net_device *dev;
1307 int err;
1308
1309 err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
1310 MDBA_SET_ENTRY_MAX, NULL, extack);
1311 if (err)
1312 return err;
1313
1314 memset(cfg, 0, sizeof(*cfg));
1315 cfg->filter_mode = MCAST_EXCLUDE;
1316 cfg->rt_protocol = RTPROT_STATIC;
1317 cfg->nlflags = nlh->nlmsg_flags;
1318
1319 bpm = nlmsg_data(nlh);
1320 if (!bpm->ifindex) {
1321 NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
1322 return -EINVAL;
1323 }
1324
1325 dev = __dev_get_by_index(net, bpm->ifindex);
1326 if (!dev) {
1327 NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
1328 return -ENODEV;
1329 }
1330
1331 if (!netif_is_bridge_master(dev)) {
1332 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
1333 return -EOPNOTSUPP;
1334 }
1335
1336 cfg->br = netdev_priv(dev);
1337
1338 if (!netif_running(cfg->br->dev)) {
1339 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
1340 return -EINVAL;
1341 }
1342
1343 if (!br_opt_get(cfg->br, BROPT_MULTICAST_ENABLED)) {
1344 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled");
1345 return -EINVAL;
1346 }
1347
1348 if (NL_REQ_ATTR_CHECK(extack, NULL, tb, MDBA_SET_ENTRY)) {
1349 NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
1350 return -EINVAL;
1351 }
1352 if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
1353 NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
1354 return -EINVAL;
1355 }
1356
1357 cfg->entry = nla_data(tb[MDBA_SET_ENTRY]);
1358 if (!is_valid_mdb_entry(cfg->entry, extack))
1359 return -EINVAL;
1360
1361 if (cfg->entry->ifindex != cfg->br->dev->ifindex) {
1362 struct net_device *pdev;
1363
1364 pdev = __dev_get_by_index(net, cfg->entry->ifindex);
1365 if (!pdev) {
1366 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
1367 return -ENODEV;
1368 }
1369
1370 cfg->p = br_port_get_rtnl(pdev);
1371 if (!cfg->p) {
1372 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
1373 return -EINVAL;
1374 }
1375
1376 if (cfg->p->br != cfg->br) {
1377 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
1378 return -EINVAL;
1379 }
1380 }
1381
1382 if (tb[MDBA_SET_ENTRY_ATTRS])
1383 return br_mdb_config_attrs_init(tb[MDBA_SET_ENTRY_ATTRS], cfg,
1384 extack);
1385 else
1386 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, NULL);
1387
1388 return 0;
1389}
1390
1391static void br_mdb_config_fini(struct br_mdb_config *cfg)
1392{
1393 br_mdb_config_src_list_fini(cfg);
1394}
1395
1396static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1397 struct netlink_ext_ack *extack)
1398{
1399 struct net *net = sock_net(skb->sk);
1400 struct net_bridge_vlan_group *vg;
1401 struct net_bridge_vlan *v;
1402 struct br_mdb_config cfg;
1403 int err;
1404
1405 err = br_mdb_config_init(net, nlh, &cfg, extack);
1406 if (err)
1407 return err;
1408
1409 err = -EINVAL;
1410 /* host join errors which can happen before creating the group */
1411 if (!cfg.p && !br_group_is_l2(&cfg.group)) {
1412 /* don't allow any flags for host-joined IP groups */
1413 if (cfg.entry->state) {
1414 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups");
1415 goto out;
1416 }
1417 if (!br_multicast_is_star_g(&cfg.group)) {
1418 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined");
1419 goto out;
1420 }
1421 }
1422
1423 if (br_group_is_l2(&cfg.group) && cfg.entry->state != MDB_PERMANENT) {
1424 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
1425 goto out;
1426 }
1427
1428 if (cfg.p) {
1429 if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state != MDB_PERMANENT) {
1430 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not permanent");
1431 goto out;
1432 }
1433 vg = nbp_vlan_group(cfg.p);
1434 } else {
1435 vg = br_vlan_group(cfg.br);
1436 }
1437
1438 /* If vlan filtering is enabled and VLAN is not specified
1439 * install mdb entry on all vlans configured on the port.
1440 */
1441 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) {
1442 list_for_each_entry(v, &vg->vlan_list, vlist) {
1443 cfg.entry->vid = v->vid;
1444 cfg.group.vid = v->vid;
1445 err = __br_mdb_add(&cfg, extack);
1446 if (err)
1447 break;
1448 }
1449 } else {
1450 err = __br_mdb_add(&cfg, extack);
1451 }
1452
1453out:
1454 br_mdb_config_fini(&cfg);
1455 return err;
1456}
1457
1458static int __br_mdb_del(const struct br_mdb_config *cfg)
1459{
1460 struct br_mdb_entry *entry = cfg->entry;
1461 struct net_bridge *br = cfg->br;
1462 struct net_bridge_mdb_entry *mp;
1463 struct net_bridge_port_group *p;
1464 struct net_bridge_port_group __rcu **pp;
1465 struct br_ip ip = cfg->group;
1466 int err = -EINVAL;
1467
1468 spin_lock_bh(&br->multicast_lock);
1469 mp = br_mdb_ip_get(br, &ip);
1470 if (!mp)
1471 goto unlock;
1472
1473 /* host leave */
1474 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) {
1475 br_multicast_host_leave(mp, false);
1476 err = 0;
1477 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB);
1478 if (!mp->ports && netif_running(br->dev))
1479 mod_timer(&mp->timer, jiffies);
1480 goto unlock;
1481 }
1482
1483 for (pp = &mp->ports;
1484 (p = mlock_dereference(*pp, br)) != NULL;
1485 pp = &p->next) {
1486 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex)
1487 continue;
1488
1489 br_multicast_del_pg(mp, p, pp);
1490 err = 0;
1491 break;
1492 }
1493
1494unlock:
1495 spin_unlock_bh(&br->multicast_lock);
1496 return err;
1497}
1498
1499static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh,
1500 struct netlink_ext_ack *extack)
1501{
1502 struct net *net = sock_net(skb->sk);
1503 struct net_bridge_vlan_group *vg;
1504 struct net_bridge_vlan *v;
1505 struct br_mdb_config cfg;
1506 int err;
1507
1508 err = br_mdb_config_init(net, nlh, &cfg, extack);
1509 if (err)
1510 return err;
1511
1512 if (cfg.p)
1513 vg = nbp_vlan_group(cfg.p);
1514 else
1515 vg = br_vlan_group(cfg.br);
1516
1517 /* If vlan filtering is enabled and VLAN is not specified
1518 * delete mdb entry on all vlans configured on the port.
1519 */
1520 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) {
1521 list_for_each_entry(v, &vg->vlan_list, vlist) {
1522 cfg.entry->vid = v->vid;
1523 cfg.group.vid = v->vid;
1524 err = __br_mdb_del(&cfg);
1525 }
1526 } else {
1527 err = __br_mdb_del(&cfg);
1528 }
1529
1530 br_mdb_config_fini(&cfg);
1531 return err;
1532}
1533
1534void br_mdb_init(void)
1535{
1536 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0);
1537 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0);
1538 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0);
1539}
1540
1541void br_mdb_uninit(void)
1542{
1543 rtnl_unregister(PF_BRIDGE, RTM_GETMDB);
1544 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB);
1545 rtnl_unregister(PF_BRIDGE, RTM_DELMDB);
1546}
1// SPDX-License-Identifier: GPL-2.0
2#include <linux/err.h>
3#include <linux/igmp.h>
4#include <linux/kernel.h>
5#include <linux/netdevice.h>
6#include <linux/rculist.h>
7#include <linux/skbuff.h>
8#include <linux/if_ether.h>
9#include <net/ip.h>
10#include <net/netlink.h>
11#include <net/switchdev.h>
12#if IS_ENABLED(CONFIG_IPV6)
13#include <net/ipv6.h>
14#include <net/addrconf.h>
15#endif
16
17#include "br_private.h"
18
19static bool br_rports_have_mc_router(struct net_bridge *br)
20{
21#if IS_ENABLED(CONFIG_IPV6)
22 return !hlist_empty(&br->ip4_mc_router_list) ||
23 !hlist_empty(&br->ip6_mc_router_list);
24#else
25 return !hlist_empty(&br->ip4_mc_router_list);
26#endif
27}
28
29static bool
30br_ip4_rports_get_timer(struct net_bridge_port *port, unsigned long *timer)
31{
32 *timer = br_timer_value(&port->ip4_mc_router_timer);
33 return !hlist_unhashed(&port->ip4_rlist);
34}
35
36static bool
37br_ip6_rports_get_timer(struct net_bridge_port *port, unsigned long *timer)
38{
39#if IS_ENABLED(CONFIG_IPV6)
40 *timer = br_timer_value(&port->ip6_mc_router_timer);
41 return !hlist_unhashed(&port->ip6_rlist);
42#else
43 *timer = 0;
44 return false;
45#endif
46}
47
48static int br_rports_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
49 struct net_device *dev)
50{
51 struct net_bridge *br = netdev_priv(dev);
52 bool have_ip4_mc_rtr, have_ip6_mc_rtr;
53 unsigned long ip4_timer, ip6_timer;
54 struct nlattr *nest, *port_nest;
55 struct net_bridge_port *p;
56
57 if (!br->multicast_router)
58 return 0;
59
60 if (!br_rports_have_mc_router(br))
61 return 0;
62
63 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
64 if (nest == NULL)
65 return -EMSGSIZE;
66
67 list_for_each_entry_rcu(p, &br->port_list, list) {
68 have_ip4_mc_rtr = br_ip4_rports_get_timer(p, &ip4_timer);
69 have_ip6_mc_rtr = br_ip6_rports_get_timer(p, &ip6_timer);
70
71 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr)
72 continue;
73
74 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
75 if (!port_nest)
76 goto fail;
77
78 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) ||
79 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER,
80 max(ip4_timer, ip6_timer)) ||
81 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE,
82 p->multicast_router) ||
83 (have_ip4_mc_rtr &&
84 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER,
85 ip4_timer)) ||
86 (have_ip6_mc_rtr &&
87 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER,
88 ip6_timer))) {
89 nla_nest_cancel(skb, port_nest);
90 goto fail;
91 }
92 nla_nest_end(skb, port_nest);
93 }
94
95 nla_nest_end(skb, nest);
96 return 0;
97fail:
98 nla_nest_cancel(skb, nest);
99 return -EMSGSIZE;
100}
101
102static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags)
103{
104 e->state = flags & MDB_PG_FLAGS_PERMANENT;
105 e->flags = 0;
106 if (flags & MDB_PG_FLAGS_OFFLOAD)
107 e->flags |= MDB_FLAGS_OFFLOAD;
108 if (flags & MDB_PG_FLAGS_FAST_LEAVE)
109 e->flags |= MDB_FLAGS_FAST_LEAVE;
110 if (flags & MDB_PG_FLAGS_STAR_EXCL)
111 e->flags |= MDB_FLAGS_STAR_EXCL;
112 if (flags & MDB_PG_FLAGS_BLOCKED)
113 e->flags |= MDB_FLAGS_BLOCKED;
114}
115
116static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
117 struct nlattr **mdb_attrs)
118{
119 memset(ip, 0, sizeof(struct br_ip));
120 ip->vid = entry->vid;
121 ip->proto = entry->addr.proto;
122 switch (ip->proto) {
123 case htons(ETH_P_IP):
124 ip->dst.ip4 = entry->addr.u.ip4;
125 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
126 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
127 break;
128#if IS_ENABLED(CONFIG_IPV6)
129 case htons(ETH_P_IPV6):
130 ip->dst.ip6 = entry->addr.u.ip6;
131 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
132 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
133 break;
134#endif
135 default:
136 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr);
137 }
138
139}
140
141static int __mdb_fill_srcs(struct sk_buff *skb,
142 struct net_bridge_port_group *p)
143{
144 struct net_bridge_group_src *ent;
145 struct nlattr *nest, *nest_ent;
146
147 if (hlist_empty(&p->src_list))
148 return 0;
149
150 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST);
151 if (!nest)
152 return -EMSGSIZE;
153
154 hlist_for_each_entry_rcu(ent, &p->src_list, node,
155 lockdep_is_held(&p->key.port->br->multicast_lock)) {
156 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY);
157 if (!nest_ent)
158 goto out_cancel_err;
159 switch (ent->addr.proto) {
160 case htons(ETH_P_IP):
161 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
162 ent->addr.src.ip4)) {
163 nla_nest_cancel(skb, nest_ent);
164 goto out_cancel_err;
165 }
166 break;
167#if IS_ENABLED(CONFIG_IPV6)
168 case htons(ETH_P_IPV6):
169 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
170 &ent->addr.src.ip6)) {
171 nla_nest_cancel(skb, nest_ent);
172 goto out_cancel_err;
173 }
174 break;
175#endif
176 default:
177 nla_nest_cancel(skb, nest_ent);
178 continue;
179 }
180 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER,
181 br_timer_value(&ent->timer))) {
182 nla_nest_cancel(skb, nest_ent);
183 goto out_cancel_err;
184 }
185 nla_nest_end(skb, nest_ent);
186 }
187
188 nla_nest_end(skb, nest);
189
190 return 0;
191
192out_cancel_err:
193 nla_nest_cancel(skb, nest);
194 return -EMSGSIZE;
195}
196
197static int __mdb_fill_info(struct sk_buff *skb,
198 struct net_bridge_mdb_entry *mp,
199 struct net_bridge_port_group *p)
200{
201 bool dump_srcs_mode = false;
202 struct timer_list *mtimer;
203 struct nlattr *nest_ent;
204 struct br_mdb_entry e;
205 u8 flags = 0;
206 int ifindex;
207
208 memset(&e, 0, sizeof(e));
209 if (p) {
210 ifindex = p->key.port->dev->ifindex;
211 mtimer = &p->timer;
212 flags = p->flags;
213 } else {
214 ifindex = mp->br->dev->ifindex;
215 mtimer = &mp->timer;
216 }
217
218 __mdb_entry_fill_flags(&e, flags);
219 e.ifindex = ifindex;
220 e.vid = mp->addr.vid;
221 if (mp->addr.proto == htons(ETH_P_IP))
222 e.addr.u.ip4 = mp->addr.dst.ip4;
223#if IS_ENABLED(CONFIG_IPV6)
224 else if (mp->addr.proto == htons(ETH_P_IPV6))
225 e.addr.u.ip6 = mp->addr.dst.ip6;
226#endif
227 else
228 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
229 e.addr.proto = mp->addr.proto;
230 nest_ent = nla_nest_start_noflag(skb,
231 MDBA_MDB_ENTRY_INFO);
232 if (!nest_ent)
233 return -EMSGSIZE;
234
235 if (nla_put_nohdr(skb, sizeof(e), &e) ||
236 nla_put_u32(skb,
237 MDBA_MDB_EATTR_TIMER,
238 br_timer_value(mtimer)))
239 goto nest_err;
240
241 switch (mp->addr.proto) {
242 case htons(ETH_P_IP):
243 dump_srcs_mode = !!(mp->br->multicast_igmp_version == 3);
244 if (mp->addr.src.ip4) {
245 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE,
246 mp->addr.src.ip4))
247 goto nest_err;
248 break;
249 }
250 break;
251#if IS_ENABLED(CONFIG_IPV6)
252 case htons(ETH_P_IPV6):
253 dump_srcs_mode = !!(mp->br->multicast_mld_version == 2);
254 if (!ipv6_addr_any(&mp->addr.src.ip6)) {
255 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE,
256 &mp->addr.src.ip6))
257 goto nest_err;
258 break;
259 }
260 break;
261#endif
262 default:
263 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
264 }
265 if (p) {
266 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol))
267 goto nest_err;
268 if (dump_srcs_mode &&
269 (__mdb_fill_srcs(skb, p) ||
270 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE,
271 p->filter_mode)))
272 goto nest_err;
273 }
274 nla_nest_end(skb, nest_ent);
275
276 return 0;
277
278nest_err:
279 nla_nest_cancel(skb, nest_ent);
280 return -EMSGSIZE;
281}
282
283static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
284 struct net_device *dev)
285{
286 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2];
287 struct net_bridge *br = netdev_priv(dev);
288 struct net_bridge_mdb_entry *mp;
289 struct nlattr *nest, *nest2;
290
291 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
292 return 0;
293
294 nest = nla_nest_start_noflag(skb, MDBA_MDB);
295 if (nest == NULL)
296 return -EMSGSIZE;
297
298 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
299 struct net_bridge_port_group *p;
300 struct net_bridge_port_group __rcu **pp;
301
302 if (idx < s_idx)
303 goto skip;
304
305 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
306 if (!nest2) {
307 err = -EMSGSIZE;
308 break;
309 }
310
311 if (!s_pidx && mp->host_joined) {
312 err = __mdb_fill_info(skb, mp, NULL);
313 if (err) {
314 nla_nest_cancel(skb, nest2);
315 break;
316 }
317 }
318
319 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
320 pp = &p->next) {
321 if (!p->key.port)
322 continue;
323 if (pidx < s_pidx)
324 goto skip_pg;
325
326 err = __mdb_fill_info(skb, mp, p);
327 if (err) {
328 nla_nest_end(skb, nest2);
329 goto out;
330 }
331skip_pg:
332 pidx++;
333 }
334 pidx = 0;
335 s_pidx = 0;
336 nla_nest_end(skb, nest2);
337skip:
338 idx++;
339 }
340
341out:
342 cb->args[1] = idx;
343 cb->args[2] = pidx;
344 nla_nest_end(skb, nest);
345 return err;
346}
347
348static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh,
349 struct netlink_ext_ack *extack)
350{
351 struct br_port_msg *bpm;
352
353 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) {
354 NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request");
355 return -EINVAL;
356 }
357
358 bpm = nlmsg_data(nlh);
359 if (bpm->ifindex) {
360 NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request");
361 return -EINVAL;
362 }
363 if (nlmsg_attrlen(nlh, sizeof(*bpm))) {
364 NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request");
365 return -EINVAL;
366 }
367
368 return 0;
369}
370
371static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
372{
373 struct net_device *dev;
374 struct net *net = sock_net(skb->sk);
375 struct nlmsghdr *nlh = NULL;
376 int idx = 0, s_idx;
377
378 if (cb->strict_check) {
379 int err = br_mdb_valid_dump_req(cb->nlh, cb->extack);
380
381 if (err < 0)
382 return err;
383 }
384
385 s_idx = cb->args[0];
386
387 rcu_read_lock();
388
389 cb->seq = net->dev_base_seq;
390
391 for_each_netdev_rcu(net, dev) {
392 if (dev->priv_flags & IFF_EBRIDGE) {
393 struct br_port_msg *bpm;
394
395 if (idx < s_idx)
396 goto skip;
397
398 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
399 cb->nlh->nlmsg_seq, RTM_GETMDB,
400 sizeof(*bpm), NLM_F_MULTI);
401 if (nlh == NULL)
402 break;
403
404 bpm = nlmsg_data(nlh);
405 memset(bpm, 0, sizeof(*bpm));
406 bpm->ifindex = dev->ifindex;
407 if (br_mdb_fill_info(skb, cb, dev) < 0)
408 goto out;
409 if (br_rports_fill_info(skb, cb, dev) < 0)
410 goto out;
411
412 cb->args[1] = 0;
413 nlmsg_end(skb, nlh);
414 skip:
415 idx++;
416 }
417 }
418
419out:
420 if (nlh)
421 nlmsg_end(skb, nlh);
422 rcu_read_unlock();
423 cb->args[0] = idx;
424 return skb->len;
425}
426
427static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
428 struct net_device *dev,
429 struct net_bridge_mdb_entry *mp,
430 struct net_bridge_port_group *pg,
431 int type)
432{
433 struct nlmsghdr *nlh;
434 struct br_port_msg *bpm;
435 struct nlattr *nest, *nest2;
436
437 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0);
438 if (!nlh)
439 return -EMSGSIZE;
440
441 bpm = nlmsg_data(nlh);
442 memset(bpm, 0, sizeof(*bpm));
443 bpm->family = AF_BRIDGE;
444 bpm->ifindex = dev->ifindex;
445 nest = nla_nest_start_noflag(skb, MDBA_MDB);
446 if (nest == NULL)
447 goto cancel;
448 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
449 if (nest2 == NULL)
450 goto end;
451
452 if (__mdb_fill_info(skb, mp, pg))
453 goto end;
454
455 nla_nest_end(skb, nest2);
456 nla_nest_end(skb, nest);
457 nlmsg_end(skb, nlh);
458 return 0;
459
460end:
461 nla_nest_end(skb, nest);
462cancel:
463 nlmsg_cancel(skb, nlh);
464 return -EMSGSIZE;
465}
466
467static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg)
468{
469 size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) +
470 nla_total_size(sizeof(struct br_mdb_entry)) +
471 nla_total_size(sizeof(u32));
472 struct net_bridge_group_src *ent;
473 size_t addr_size = 0;
474
475 if (!pg)
476 goto out;
477
478 /* MDBA_MDB_EATTR_RTPROT */
479 nlmsg_size += nla_total_size(sizeof(u8));
480
481 switch (pg->key.addr.proto) {
482 case htons(ETH_P_IP):
483 /* MDBA_MDB_EATTR_SOURCE */
484 if (pg->key.addr.src.ip4)
485 nlmsg_size += nla_total_size(sizeof(__be32));
486 if (pg->key.port->br->multicast_igmp_version == 2)
487 goto out;
488 addr_size = sizeof(__be32);
489 break;
490#if IS_ENABLED(CONFIG_IPV6)
491 case htons(ETH_P_IPV6):
492 /* MDBA_MDB_EATTR_SOURCE */
493 if (!ipv6_addr_any(&pg->key.addr.src.ip6))
494 nlmsg_size += nla_total_size(sizeof(struct in6_addr));
495 if (pg->key.port->br->multicast_mld_version == 1)
496 goto out;
497 addr_size = sizeof(struct in6_addr);
498 break;
499#endif
500 }
501
502 /* MDBA_MDB_EATTR_GROUP_MODE */
503 nlmsg_size += nla_total_size(sizeof(u8));
504
505 /* MDBA_MDB_EATTR_SRC_LIST nested attr */
506 if (!hlist_empty(&pg->src_list))
507 nlmsg_size += nla_total_size(0);
508
509 hlist_for_each_entry(ent, &pg->src_list, node) {
510 /* MDBA_MDB_SRCLIST_ENTRY nested attr +
511 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER
512 */
513 nlmsg_size += nla_total_size(0) +
514 nla_total_size(addr_size) +
515 nla_total_size(sizeof(u32));
516 }
517out:
518 return nlmsg_size;
519}
520
521struct br_mdb_complete_info {
522 struct net_bridge_port *port;
523 struct br_ip ip;
524};
525
526static void br_mdb_complete(struct net_device *dev, int err, void *priv)
527{
528 struct br_mdb_complete_info *data = priv;
529 struct net_bridge_port_group __rcu **pp;
530 struct net_bridge_port_group *p;
531 struct net_bridge_mdb_entry *mp;
532 struct net_bridge_port *port = data->port;
533 struct net_bridge *br = port->br;
534
535 if (err)
536 goto err;
537
538 spin_lock_bh(&br->multicast_lock);
539 mp = br_mdb_ip_get(br, &data->ip);
540 if (!mp)
541 goto out;
542 for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL;
543 pp = &p->next) {
544 if (p->key.port != port)
545 continue;
546 p->flags |= MDB_PG_FLAGS_OFFLOAD;
547 }
548out:
549 spin_unlock_bh(&br->multicast_lock);
550err:
551 kfree(priv);
552}
553
554static void br_switchdev_mdb_populate(struct switchdev_obj_port_mdb *mdb,
555 const struct net_bridge_mdb_entry *mp)
556{
557 if (mp->addr.proto == htons(ETH_P_IP))
558 ip_eth_mc_map(mp->addr.dst.ip4, mdb->addr);
559#if IS_ENABLED(CONFIG_IPV6)
560 else if (mp->addr.proto == htons(ETH_P_IPV6))
561 ipv6_eth_mc_map(&mp->addr.dst.ip6, mdb->addr);
562#endif
563 else
564 ether_addr_copy(mdb->addr, mp->addr.dst.mac_addr);
565
566 mdb->vid = mp->addr.vid;
567}
568
569static int br_mdb_replay_one(struct notifier_block *nb, struct net_device *dev,
570 const struct switchdev_obj_port_mdb *mdb,
571 unsigned long action, const void *ctx,
572 struct netlink_ext_ack *extack)
573{
574 struct switchdev_notifier_port_obj_info obj_info = {
575 .info = {
576 .dev = dev,
577 .extack = extack,
578 .ctx = ctx,
579 },
580 .obj = &mdb->obj,
581 };
582 int err;
583
584 err = nb->notifier_call(nb, action, &obj_info);
585 return notifier_to_errno(err);
586}
587
588static int br_mdb_queue_one(struct list_head *mdb_list,
589 enum switchdev_obj_id id,
590 const struct net_bridge_mdb_entry *mp,
591 struct net_device *orig_dev)
592{
593 struct switchdev_obj_port_mdb *mdb;
594
595 mdb = kzalloc(sizeof(*mdb), GFP_ATOMIC);
596 if (!mdb)
597 return -ENOMEM;
598
599 mdb->obj.id = id;
600 mdb->obj.orig_dev = orig_dev;
601 br_switchdev_mdb_populate(mdb, mp);
602 list_add_tail(&mdb->obj.list, mdb_list);
603
604 return 0;
605}
606
607int br_mdb_replay(struct net_device *br_dev, struct net_device *dev,
608 const void *ctx, bool adding, struct notifier_block *nb,
609 struct netlink_ext_ack *extack)
610{
611 const struct net_bridge_mdb_entry *mp;
612 struct switchdev_obj *obj, *tmp;
613 struct net_bridge *br;
614 unsigned long action;
615 LIST_HEAD(mdb_list);
616 int err = 0;
617
618 ASSERT_RTNL();
619
620 if (!netif_is_bridge_master(br_dev) || !netif_is_bridge_port(dev))
621 return -EINVAL;
622
623 br = netdev_priv(br_dev);
624
625 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
626 return 0;
627
628 /* We cannot walk over br->mdb_list protected just by the rtnl_mutex,
629 * because the write-side protection is br->multicast_lock. But we
630 * need to emulate the [ blocking ] calling context of a regular
631 * switchdev event, so since both br->multicast_lock and RCU read side
632 * critical sections are atomic, we have no choice but to pick the RCU
633 * read side lock, queue up all our events, leave the critical section
634 * and notify switchdev from blocking context.
635 */
636 rcu_read_lock();
637
638 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
639 struct net_bridge_port_group __rcu * const *pp;
640 const struct net_bridge_port_group *p;
641
642 if (mp->host_joined) {
643 err = br_mdb_queue_one(&mdb_list,
644 SWITCHDEV_OBJ_ID_HOST_MDB,
645 mp, br_dev);
646 if (err) {
647 rcu_read_unlock();
648 goto out_free_mdb;
649 }
650 }
651
652 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
653 pp = &p->next) {
654 if (p->key.port->dev != dev)
655 continue;
656
657 err = br_mdb_queue_one(&mdb_list,
658 SWITCHDEV_OBJ_ID_PORT_MDB,
659 mp, dev);
660 if (err) {
661 rcu_read_unlock();
662 goto out_free_mdb;
663 }
664 }
665 }
666
667 rcu_read_unlock();
668
669 if (adding)
670 action = SWITCHDEV_PORT_OBJ_ADD;
671 else
672 action = SWITCHDEV_PORT_OBJ_DEL;
673
674 list_for_each_entry(obj, &mdb_list, list) {
675 err = br_mdb_replay_one(nb, dev, SWITCHDEV_OBJ_PORT_MDB(obj),
676 action, ctx, extack);
677 if (err)
678 goto out_free_mdb;
679 }
680
681out_free_mdb:
682 list_for_each_entry_safe(obj, tmp, &mdb_list, list) {
683 list_del(&obj->list);
684 kfree(SWITCHDEV_OBJ_PORT_MDB(obj));
685 }
686
687 return err;
688}
689EXPORT_SYMBOL_GPL(br_mdb_replay);
690
691static void br_mdb_switchdev_host_port(struct net_device *dev,
692 struct net_device *lower_dev,
693 struct net_bridge_mdb_entry *mp,
694 int type)
695{
696 struct switchdev_obj_port_mdb mdb = {
697 .obj = {
698 .id = SWITCHDEV_OBJ_ID_HOST_MDB,
699 .flags = SWITCHDEV_F_DEFER,
700 .orig_dev = dev,
701 },
702 };
703
704 br_switchdev_mdb_populate(&mdb, mp);
705
706 switch (type) {
707 case RTM_NEWMDB:
708 switchdev_port_obj_add(lower_dev, &mdb.obj, NULL);
709 break;
710 case RTM_DELMDB:
711 switchdev_port_obj_del(lower_dev, &mdb.obj);
712 break;
713 }
714}
715
716static void br_mdb_switchdev_host(struct net_device *dev,
717 struct net_bridge_mdb_entry *mp, int type)
718{
719 struct net_device *lower_dev;
720 struct list_head *iter;
721
722 netdev_for_each_lower_dev(dev, lower_dev, iter)
723 br_mdb_switchdev_host_port(dev, lower_dev, mp, type);
724}
725
726void br_mdb_notify(struct net_device *dev,
727 struct net_bridge_mdb_entry *mp,
728 struct net_bridge_port_group *pg,
729 int type)
730{
731 struct br_mdb_complete_info *complete_info;
732 struct switchdev_obj_port_mdb mdb = {
733 .obj = {
734 .id = SWITCHDEV_OBJ_ID_PORT_MDB,
735 .flags = SWITCHDEV_F_DEFER,
736 },
737 };
738 struct net *net = dev_net(dev);
739 struct sk_buff *skb;
740 int err = -ENOBUFS;
741
742 if (pg) {
743 br_switchdev_mdb_populate(&mdb, mp);
744
745 mdb.obj.orig_dev = pg->key.port->dev;
746 switch (type) {
747 case RTM_NEWMDB:
748 complete_info = kmalloc(sizeof(*complete_info), GFP_ATOMIC);
749 if (!complete_info)
750 break;
751 complete_info->port = pg->key.port;
752 complete_info->ip = mp->addr;
753 mdb.obj.complete_priv = complete_info;
754 mdb.obj.complete = br_mdb_complete;
755 if (switchdev_port_obj_add(pg->key.port->dev, &mdb.obj, NULL))
756 kfree(complete_info);
757 break;
758 case RTM_DELMDB:
759 switchdev_port_obj_del(pg->key.port->dev, &mdb.obj);
760 break;
761 }
762 } else {
763 br_mdb_switchdev_host(dev, mp, type);
764 }
765
766 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC);
767 if (!skb)
768 goto errout;
769
770 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type);
771 if (err < 0) {
772 kfree_skb(skb);
773 goto errout;
774 }
775
776 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
777 return;
778errout:
779 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
780}
781
782static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
783 struct net_device *dev,
784 int ifindex, u32 pid,
785 u32 seq, int type, unsigned int flags)
786{
787 struct br_port_msg *bpm;
788 struct nlmsghdr *nlh;
789 struct nlattr *nest;
790
791 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
792 if (!nlh)
793 return -EMSGSIZE;
794
795 bpm = nlmsg_data(nlh);
796 memset(bpm, 0, sizeof(*bpm));
797 bpm->family = AF_BRIDGE;
798 bpm->ifindex = dev->ifindex;
799 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
800 if (!nest)
801 goto cancel;
802
803 if (nla_put_u32(skb, MDBA_ROUTER_PORT, ifindex))
804 goto end;
805
806 nla_nest_end(skb, nest);
807 nlmsg_end(skb, nlh);
808 return 0;
809
810end:
811 nla_nest_end(skb, nest);
812cancel:
813 nlmsg_cancel(skb, nlh);
814 return -EMSGSIZE;
815}
816
817static inline size_t rtnl_rtr_nlmsg_size(void)
818{
819 return NLMSG_ALIGN(sizeof(struct br_port_msg))
820 + nla_total_size(sizeof(__u32));
821}
822
823void br_rtr_notify(struct net_device *dev, struct net_bridge_port *port,
824 int type)
825{
826 struct net *net = dev_net(dev);
827 struct sk_buff *skb;
828 int err = -ENOBUFS;
829 int ifindex;
830
831 ifindex = port ? port->dev->ifindex : 0;
832 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC);
833 if (!skb)
834 goto errout;
835
836 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, 0, 0, type, NTF_SELF);
837 if (err < 0) {
838 kfree_skb(skb);
839 goto errout;
840 }
841
842 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
843 return;
844
845errout:
846 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
847}
848
849static bool is_valid_mdb_entry(struct br_mdb_entry *entry,
850 struct netlink_ext_ack *extack)
851{
852 if (entry->ifindex == 0) {
853 NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed");
854 return false;
855 }
856
857 if (entry->addr.proto == htons(ETH_P_IP)) {
858 if (!ipv4_is_multicast(entry->addr.u.ip4)) {
859 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast");
860 return false;
861 }
862 if (ipv4_is_local_multicast(entry->addr.u.ip4)) {
863 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast");
864 return false;
865 }
866#if IS_ENABLED(CONFIG_IPV6)
867 } else if (entry->addr.proto == htons(ETH_P_IPV6)) {
868 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) {
869 NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes");
870 return false;
871 }
872#endif
873 } else if (entry->addr.proto == 0) {
874 /* L2 mdb */
875 if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) {
876 NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast");
877 return false;
878 }
879 } else {
880 NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol");
881 return false;
882 }
883
884 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) {
885 NL_SET_ERR_MSG_MOD(extack, "Unknown entry state");
886 return false;
887 }
888 if (entry->vid >= VLAN_VID_MASK) {
889 NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id");
890 return false;
891 }
892
893 return true;
894}
895
896static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
897 struct netlink_ext_ack *extack)
898{
899 switch (proto) {
900 case htons(ETH_P_IP):
901 if (nla_len(attr) != sizeof(struct in_addr)) {
902 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length");
903 return false;
904 }
905 if (ipv4_is_multicast(nla_get_in_addr(attr))) {
906 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed");
907 return false;
908 }
909 break;
910#if IS_ENABLED(CONFIG_IPV6)
911 case htons(ETH_P_IPV6): {
912 struct in6_addr src;
913
914 if (nla_len(attr) != sizeof(struct in6_addr)) {
915 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length");
916 return false;
917 }
918 src = nla_get_in6_addr(attr);
919 if (ipv6_addr_is_multicast(&src)) {
920 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed");
921 return false;
922 }
923 break;
924 }
925#endif
926 default:
927 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address");
928 return false;
929 }
930
931 return true;
932}
933
934static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
935 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
936 sizeof(struct in_addr),
937 sizeof(struct in6_addr)),
938};
939
940static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
941 struct net_device **pdev, struct br_mdb_entry **pentry,
942 struct nlattr **mdb_attrs, struct netlink_ext_ack *extack)
943{
944 struct net *net = sock_net(skb->sk);
945 struct br_mdb_entry *entry;
946 struct br_port_msg *bpm;
947 struct nlattr *tb[MDBA_SET_ENTRY_MAX+1];
948 struct net_device *dev;
949 int err;
950
951 err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
952 MDBA_SET_ENTRY_MAX, NULL, NULL);
953 if (err < 0)
954 return err;
955
956 bpm = nlmsg_data(nlh);
957 if (bpm->ifindex == 0) {
958 NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
959 return -EINVAL;
960 }
961
962 dev = __dev_get_by_index(net, bpm->ifindex);
963 if (dev == NULL) {
964 NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
965 return -ENODEV;
966 }
967
968 if (!(dev->priv_flags & IFF_EBRIDGE)) {
969 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
970 return -EOPNOTSUPP;
971 }
972
973 *pdev = dev;
974
975 if (!tb[MDBA_SET_ENTRY]) {
976 NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
977 return -EINVAL;
978 }
979 if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
980 NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
981 return -EINVAL;
982 }
983
984 entry = nla_data(tb[MDBA_SET_ENTRY]);
985 if (!is_valid_mdb_entry(entry, extack))
986 return -EINVAL;
987 *pentry = entry;
988
989 if (tb[MDBA_SET_ENTRY_ATTRS]) {
990 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX,
991 tb[MDBA_SET_ENTRY_ATTRS],
992 br_mdbe_attrs_pol, extack);
993 if (err)
994 return err;
995 if (mdb_attrs[MDBE_ATTR_SOURCE] &&
996 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
997 entry->addr.proto, extack))
998 return -EINVAL;
999 } else {
1000 memset(mdb_attrs, 0,
1001 sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1));
1002 }
1003
1004 return 0;
1005}
1006
1007static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port,
1008 struct br_mdb_entry *entry,
1009 struct nlattr **mdb_attrs,
1010 struct netlink_ext_ack *extack)
1011{
1012 struct net_bridge_mdb_entry *mp, *star_mp;
1013 struct net_bridge_port_group *p;
1014 struct net_bridge_port_group __rcu **pp;
1015 struct br_ip group, star_group;
1016 unsigned long now = jiffies;
1017 unsigned char flags = 0;
1018 u8 filter_mode;
1019 int err;
1020
1021 __mdb_entry_to_br_ip(entry, &group, mdb_attrs);
1022
1023 /* host join errors which can happen before creating the group */
1024 if (!port) {
1025 /* don't allow any flags for host-joined groups */
1026 if (entry->state) {
1027 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups");
1028 return -EINVAL;
1029 }
1030 if (!br_multicast_is_star_g(&group)) {
1031 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined");
1032 return -EINVAL;
1033 }
1034 }
1035
1036 if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) {
1037 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
1038 return -EINVAL;
1039 }
1040
1041 mp = br_mdb_ip_get(br, &group);
1042 if (!mp) {
1043 mp = br_multicast_new_group(br, &group);
1044 err = PTR_ERR_OR_ZERO(mp);
1045 if (err)
1046 return err;
1047 }
1048
1049 /* host join */
1050 if (!port) {
1051 if (mp->host_joined) {
1052 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host");
1053 return -EEXIST;
1054 }
1055
1056 br_multicast_host_join(mp, false);
1057 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB);
1058
1059 return 0;
1060 }
1061
1062 for (pp = &mp->ports;
1063 (p = mlock_dereference(*pp, br)) != NULL;
1064 pp = &p->next) {
1065 if (p->key.port == port) {
1066 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port");
1067 return -EEXIST;
1068 }
1069 if ((unsigned long)p->key.port < (unsigned long)port)
1070 break;
1071 }
1072
1073 filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE :
1074 MCAST_INCLUDE;
1075
1076 if (entry->state == MDB_PERMANENT)
1077 flags |= MDB_PG_FLAGS_PERMANENT;
1078
1079 p = br_multicast_new_port_group(port, &group, *pp, flags, NULL,
1080 filter_mode, RTPROT_STATIC);
1081 if (unlikely(!p)) {
1082 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group");
1083 return -ENOMEM;
1084 }
1085 rcu_assign_pointer(*pp, p);
1086 if (entry->state == MDB_TEMPORARY)
1087 mod_timer(&p->timer, now + br->multicast_membership_interval);
1088 br_mdb_notify(br->dev, mp, p, RTM_NEWMDB);
1089 /* if we are adding a new EXCLUDE port group (*,G) it needs to be also
1090 * added to all S,G entries for proper replication, if we are adding
1091 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be
1092 * added to it for proper replication
1093 */
1094 if (br_multicast_should_handle_mode(br, group.proto)) {
1095 switch (filter_mode) {
1096 case MCAST_EXCLUDE:
1097 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE);
1098 break;
1099 case MCAST_INCLUDE:
1100 star_group = p->key.addr;
1101 memset(&star_group.src, 0, sizeof(star_group.src));
1102 star_mp = br_mdb_ip_get(br, &star_group);
1103 if (star_mp)
1104 br_multicast_sg_add_exclude_ports(star_mp, p);
1105 break;
1106 }
1107 }
1108
1109 return 0;
1110}
1111
1112static int __br_mdb_add(struct net *net, struct net_bridge *br,
1113 struct net_bridge_port *p,
1114 struct br_mdb_entry *entry,
1115 struct nlattr **mdb_attrs,
1116 struct netlink_ext_ack *extack)
1117{
1118 int ret;
1119
1120 spin_lock_bh(&br->multicast_lock);
1121 ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack);
1122 spin_unlock_bh(&br->multicast_lock);
1123
1124 return ret;
1125}
1126
1127static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1128 struct netlink_ext_ack *extack)
1129{
1130 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1131 struct net *net = sock_net(skb->sk);
1132 struct net_bridge_vlan_group *vg;
1133 struct net_bridge_port *p = NULL;
1134 struct net_device *dev, *pdev;
1135 struct br_mdb_entry *entry;
1136 struct net_bridge_vlan *v;
1137 struct net_bridge *br;
1138 int err;
1139
1140 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1141 if (err < 0)
1142 return err;
1143
1144 br = netdev_priv(dev);
1145
1146 if (!netif_running(br->dev)) {
1147 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
1148 return -EINVAL;
1149 }
1150
1151 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) {
1152 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled");
1153 return -EINVAL;
1154 }
1155
1156 if (entry->ifindex != br->dev->ifindex) {
1157 pdev = __dev_get_by_index(net, entry->ifindex);
1158 if (!pdev) {
1159 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
1160 return -ENODEV;
1161 }
1162
1163 p = br_port_get_rtnl(pdev);
1164 if (!p) {
1165 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
1166 return -EINVAL;
1167 }
1168
1169 if (p->br != br) {
1170 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
1171 return -EINVAL;
1172 }
1173 if (p->state == BR_STATE_DISABLED) {
1174 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state");
1175 return -EINVAL;
1176 }
1177 vg = nbp_vlan_group(p);
1178 } else {
1179 vg = br_vlan_group(br);
1180 }
1181
1182 /* If vlan filtering is enabled and VLAN is not specified
1183 * install mdb entry on all vlans configured on the port.
1184 */
1185 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1186 list_for_each_entry(v, &vg->vlan_list, vlist) {
1187 entry->vid = v->vid;
1188 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1189 if (err)
1190 break;
1191 }
1192 } else {
1193 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1194 }
1195
1196 return err;
1197}
1198
1199static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry,
1200 struct nlattr **mdb_attrs)
1201{
1202 struct net_bridge_mdb_entry *mp;
1203 struct net_bridge_port_group *p;
1204 struct net_bridge_port_group __rcu **pp;
1205 struct br_ip ip;
1206 int err = -EINVAL;
1207
1208 if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED))
1209 return -EINVAL;
1210
1211 __mdb_entry_to_br_ip(entry, &ip, mdb_attrs);
1212
1213 spin_lock_bh(&br->multicast_lock);
1214 mp = br_mdb_ip_get(br, &ip);
1215 if (!mp)
1216 goto unlock;
1217
1218 /* host leave */
1219 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) {
1220 br_multicast_host_leave(mp, false);
1221 err = 0;
1222 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB);
1223 if (!mp->ports && netif_running(br->dev))
1224 mod_timer(&mp->timer, jiffies);
1225 goto unlock;
1226 }
1227
1228 for (pp = &mp->ports;
1229 (p = mlock_dereference(*pp, br)) != NULL;
1230 pp = &p->next) {
1231 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex)
1232 continue;
1233
1234 if (p->key.port->state == BR_STATE_DISABLED)
1235 goto unlock;
1236
1237 br_multicast_del_pg(mp, p, pp);
1238 err = 0;
1239 break;
1240 }
1241
1242unlock:
1243 spin_unlock_bh(&br->multicast_lock);
1244 return err;
1245}
1246
1247static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh,
1248 struct netlink_ext_ack *extack)
1249{
1250 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1251 struct net *net = sock_net(skb->sk);
1252 struct net_bridge_vlan_group *vg;
1253 struct net_bridge_port *p = NULL;
1254 struct net_device *dev, *pdev;
1255 struct br_mdb_entry *entry;
1256 struct net_bridge_vlan *v;
1257 struct net_bridge *br;
1258 int err;
1259
1260 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1261 if (err < 0)
1262 return err;
1263
1264 br = netdev_priv(dev);
1265
1266 if (entry->ifindex != br->dev->ifindex) {
1267 pdev = __dev_get_by_index(net, entry->ifindex);
1268 if (!pdev)
1269 return -ENODEV;
1270
1271 p = br_port_get_rtnl(pdev);
1272 if (!p || p->br != br || p->state == BR_STATE_DISABLED)
1273 return -EINVAL;
1274 vg = nbp_vlan_group(p);
1275 } else {
1276 vg = br_vlan_group(br);
1277 }
1278
1279 /* If vlan filtering is enabled and VLAN is not specified
1280 * delete mdb entry on all vlans configured on the port.
1281 */
1282 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1283 list_for_each_entry(v, &vg->vlan_list, vlist) {
1284 entry->vid = v->vid;
1285 err = __br_mdb_del(br, entry, mdb_attrs);
1286 }
1287 } else {
1288 err = __br_mdb_del(br, entry, mdb_attrs);
1289 }
1290
1291 return err;
1292}
1293
1294void br_mdb_init(void)
1295{
1296 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0);
1297 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0);
1298 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0);
1299}
1300
1301void br_mdb_uninit(void)
1302{
1303 rtnl_unregister(PF_BRIDGE, RTM_GETMDB);
1304 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB);
1305 rtnl_unregister(PF_BRIDGE, RTM_DELMDB);
1306}