search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.133
[linux/fpc-iii.git] / net / bridge / br_arp_nd_proxy.c
blobeb44ae05abaafaa85f4b8374eab8a786949b0e0e
1 /*
2 * Handle bridge arp/nd proxy/suppress
3 *
4 * Copyright (C) 2017 Cumulus Networks
5 * Copyright (c) 2017 Roopa Prabhu <roopa@cumulusnetworks.com>
6 *
7 * Authors:
8 * Roopa Prabhu <roopa@cumulusnetworks.com>
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 */
15
16 #include <linux/kernel.h>
17 #include <linux/netdevice.h>
18 #include <linux/etherdevice.h>
19 #include <linux/neighbour.h>
20 #include <net/arp.h>
21 #include <linux/if_vlan.h>
22 #include <linux/inetdevice.h>
23 #include <net/addrconf.h>
24 #if IS_ENABLED(CONFIG_IPV6)
25 #include <net/ip6_checksum.h>
26 #endif
27
28 #include "br_private.h"
29
30 void br_recalculate_neigh_suppress_enabled(struct net_bridge *br)
31 {
32 struct net_bridge_port *p;
33 bool neigh_suppress = false;
34
35 list_for_each_entry(p, &br->port_list, list) {
36 if (p->flags & BR_NEIGH_SUPPRESS) {
37 neigh_suppress = true;
38 break;
39 }
40 }
41
42 br->neigh_suppress_enabled = neigh_suppress;
43 }
44
45 #if IS_ENABLED(CONFIG_INET)
46 static void br_arp_send(struct net_bridge *br, struct net_bridge_port *p,
47 struct net_device *dev, __be32 dest_ip, __be32 src_ip,
48 const unsigned char *dest_hw,
49 const unsigned char *src_hw,
50 const unsigned char *target_hw,
51 __be16 vlan_proto, u16 vlan_tci)
52 {
53 struct net_bridge_vlan_group *vg;
54 struct sk_buff *skb;
55 u16 pvid;
56
57 netdev_dbg(dev, "arp send dev %s dst %pI4 dst_hw %pM src %pI4 src_hw %pM\n",
58 dev->name, &dest_ip, dest_hw, &src_ip, src_hw);
59
60 if (!vlan_tci) {
61 arp_send(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
62 dest_hw, src_hw, target_hw);
63 return;
64 }
65
66 skb = arp_create(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
67 dest_hw, src_hw, target_hw);
68 if (!skb)
69 return;
70
71 if (p)
72 vg = nbp_vlan_group_rcu(p);
73 else
74 vg = br_vlan_group_rcu(br);
75 pvid = br_get_pvid(vg);
76 if (pvid == (vlan_tci & VLAN_VID_MASK))
77 vlan_tci = 0;
78
79 if (vlan_tci)
80 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci);
81
82 if (p) {
83 arp_xmit(skb);
84 } else {
85 skb_reset_mac_header(skb);
86 __skb_pull(skb, skb_network_offset(skb));
87 skb->ip_summed = CHECKSUM_UNNECESSARY;
88 skb->pkt_type = PACKET_HOST;
89
90 netif_rx_ni(skb);
91 }
92 }
93
94 static int br_chk_addr_ip(struct net_device *dev, void *data)
95 {
96 __be32 ip = *(__be32 *)data;
97 struct in_device *in_dev;
98 __be32 addr = 0;
99
100 in_dev = __in_dev_get_rcu(dev);
101 if (in_dev)
102 addr = inet_confirm_addr(dev_net(dev), in_dev, 0, ip,
103 RT_SCOPE_HOST);
104
105 if (addr == ip)
106 return 1;
107
108 return 0;
109 }
110
111 static bool br_is_local_ip(struct net_device *dev, __be32 ip)
112 {
113 if (br_chk_addr_ip(dev, &ip))
114 return true;
115
116 /* check if ip is configured on upper dev */
117 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip, &ip))
118 return true;
119
120 return false;
121 }
122
123 void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
124 u16 vid, struct net_bridge_port *p)
125 {
126 struct net_device *dev = br->dev;
127 struct net_device *vlandev = dev;
128 struct neighbour *n;
129 struct arphdr *parp;
130 u8 *arpptr, *sha;
131 __be32 sip, tip;
132
133 BR_INPUT_SKB_CB(skb)->proxyarp_replied = false;
134
135 if ((dev->flags & IFF_NOARP) ||
136 !pskb_may_pull(skb, arp_hdr_len(dev)))
137 return;
138
139 parp = arp_hdr(skb);
140
141 if (parp->ar_pro != htons(ETH_P_IP) ||
142 parp->ar_hln != dev->addr_len ||
143 parp->ar_pln != 4)
144 return;
145
146 arpptr = (u8 *)parp + sizeof(struct arphdr);
147 sha = arpptr;
148 arpptr += dev->addr_len; /* sha */
149 memcpy(&sip, arpptr, sizeof(sip));
150 arpptr += sizeof(sip);
151 arpptr += dev->addr_len; /* tha */
152 memcpy(&tip, arpptr, sizeof(tip));
153
154 if (ipv4_is_loopback(tip) ||
155 ipv4_is_multicast(tip))
156 return;
157
158 if (br->neigh_suppress_enabled) {
159 if (p && (p->flags & BR_NEIGH_SUPPRESS))
160 return;
161 if (ipv4_is_zeronet(sip) || sip == tip) {
162 /* prevent flooding to neigh suppress ports */
163 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
164 return;
165 }
166 }
167
168 if (parp->ar_op != htons(ARPOP_REQUEST))
169 return;
170
171 if (vid != 0) {
172 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
173 vid);
174 if (!vlandev)
175 return;
176 }
177
178 if (br->neigh_suppress_enabled && br_is_local_ip(vlandev, tip)) {
179 /* its our local ip, so don't proxy reply
180 * and don't forward to neigh suppress ports
181 */
182 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
183 return;
184 }
185
186 n = neigh_lookup(&arp_tbl, &tip, vlandev);
187 if (n) {
188 struct net_bridge_fdb_entry *f;
189
190 if (!(n->nud_state & NUD_VALID)) {
191 neigh_release(n);
192 return;
193 }
194
195 f = br_fdb_find_rcu(br, n->ha, vid);
196 if (f) {
197 bool replied = false;
198
199 if ((p && (p->flags & BR_PROXYARP)) ||
200 (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
201 BR_NEIGH_SUPPRESS)))) {
202 if (!vid)
203 br_arp_send(br, p, skb->dev, sip, tip,
204 sha, n->ha, sha, 0, 0);
205 else
206 br_arp_send(br, p, skb->dev, sip, tip,
207 sha, n->ha, sha,
208 skb->vlan_proto,
209 skb_vlan_tag_get(skb));
210 replied = true;
211 }
212
213 /* If we have replied or as long as we know the
214 * mac, indicate to arp replied
215 */
216 if (replied || br->neigh_suppress_enabled)
217 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
218 }
219
220 neigh_release(n);
221 }
222 }
223 #endif
224
225 #if IS_ENABLED(CONFIG_IPV6)
226 struct nd_msg *br_is_nd_neigh_msg(struct sk_buff *skb, struct nd_msg *msg)
227 {
228 struct nd_msg *m;
229
230 m = skb_header_pointer(skb, skb_network_offset(skb) +
231 sizeof(struct ipv6hdr), sizeof(*msg), msg);
232 if (!m)
233 return NULL;
234
235 if (m->icmph.icmp6_code != 0 ||
236 (m->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION &&
237 m->icmph.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT))
238 return NULL;
239
240 return m;
241 }
242
243 static void br_nd_send(struct net_bridge *br, struct net_bridge_port *p,
244 struct sk_buff *request, struct neighbour *n,
245 __be16 vlan_proto, u16 vlan_tci, struct nd_msg *ns)
246 {
247 struct net_device *dev = request->dev;
248 struct net_bridge_vlan_group *vg;
249 struct sk_buff *reply;
250 struct nd_msg *na;
251 struct ipv6hdr *pip6;
252 int na_olen = 8; /* opt hdr + ETH_ALEN for target */
253 int ns_olen;
254 int i, len;
255 u8 *daddr;
256 u16 pvid;
257
258 if (!dev)
259 return;
260
261 len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
262 sizeof(*na) + na_olen + dev->needed_tailroom;
263
264 reply = alloc_skb(len, GFP_ATOMIC);
265 if (!reply)
266 return;
267
268 reply->protocol = htons(ETH_P_IPV6);
269 reply->dev = dev;
270 skb_reserve(reply, LL_RESERVED_SPACE(dev));
271 skb_push(reply, sizeof(struct ethhdr));
272 skb_set_mac_header(reply, 0);
273
274 daddr = eth_hdr(request)->h_source;
275
276 /* Do we need option processing ? */
277 ns_olen = request->len - (skb_network_offset(request) +
278 sizeof(struct ipv6hdr)) - sizeof(*ns);
279 for (i = 0; i < ns_olen - 1; i += (ns->opt[i + 1] << 3)) {
280 if (!ns->opt[i + 1]) {
281 kfree_skb(reply);
282 return;
283 }
284 if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
285 daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
286 break;
287 }
288 }
289
290 /* Ethernet header */
291 ether_addr_copy(eth_hdr(reply)->h_dest, daddr);
292 ether_addr_copy(eth_hdr(reply)->h_source, n->ha);
293 eth_hdr(reply)->h_proto = htons(ETH_P_IPV6);
294 reply->protocol = htons(ETH_P_IPV6);
295
296 skb_pull(reply, sizeof(struct ethhdr));
297 skb_set_network_header(reply, 0);
298 skb_put(reply, sizeof(struct ipv6hdr));
299
300 /* IPv6 header */
301 pip6 = ipv6_hdr(reply);
302 memset(pip6, 0, sizeof(struct ipv6hdr));
303 pip6->version = 6;
304 pip6->priority = ipv6_hdr(request)->priority;
305 pip6->nexthdr = IPPROTO_ICMPV6;
306 pip6->hop_limit = 255;
307 pip6->daddr = ipv6_hdr(request)->saddr;
308 pip6->saddr = *(struct in6_addr *)n->primary_key;
309
310 skb_pull(reply, sizeof(struct ipv6hdr));
311 skb_set_transport_header(reply, 0);
312
313 na = (struct nd_msg *)skb_put(reply, sizeof(*na) + na_olen);
314
315 /* Neighbor Advertisement */
316 memset(na, 0, sizeof(*na) + na_olen);
317 na->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
318 na->icmph.icmp6_router = (n->flags & NTF_ROUTER) ? 1 : 0;
319 na->icmph.icmp6_override = 1;
320 na->icmph.icmp6_solicited = 1;
321 na->target = ns->target;
322 ether_addr_copy(&na->opt[2], n->ha);
323 na->opt[0] = ND_OPT_TARGET_LL_ADDR;
324 na->opt[1] = na_olen >> 3;
325
326 na->icmph.icmp6_cksum = csum_ipv6_magic(&pip6->saddr,
327 &pip6->daddr,
328 sizeof(*na) + na_olen,
329 IPPROTO_ICMPV6,
330 csum_partial(na, sizeof(*na) + na_olen, 0));
331
332 pip6->payload_len = htons(sizeof(*na) + na_olen);
333
334 skb_push(reply, sizeof(struct ipv6hdr));
335 skb_push(reply, sizeof(struct ethhdr));
336
337 reply->ip_summed = CHECKSUM_UNNECESSARY;
338
339 if (p)
340 vg = nbp_vlan_group_rcu(p);
341 else
342 vg = br_vlan_group_rcu(br);
343 pvid = br_get_pvid(vg);
344 if (pvid == (vlan_tci & VLAN_VID_MASK))
345 vlan_tci = 0;
346
347 if (vlan_tci)
348 __vlan_hwaccel_put_tag(reply, vlan_proto, vlan_tci);
349
350 netdev_dbg(dev, "nd send dev %s dst %pI6 dst_hw %pM src %pI6 src_hw %pM\n",
351 dev->name, &pip6->daddr, daddr, &pip6->saddr, n->ha);
352
353 if (p) {
354 dev_queue_xmit(reply);
355 } else {
356 skb_reset_mac_header(reply);
357 __skb_pull(reply, skb_network_offset(reply));
358 reply->ip_summed = CHECKSUM_UNNECESSARY;
359 reply->pkt_type = PACKET_HOST;
360
361 netif_rx_ni(reply);
362 }
363 }
364
365 static int br_chk_addr_ip6(struct net_device *dev, void *data)
366 {
367 struct in6_addr *addr = (struct in6_addr *)data;
368
369 if (ipv6_chk_addr(dev_net(dev), addr, dev, 0))
370 return 1;
371
372 return 0;
373 }
374
375 static bool br_is_local_ip6(struct net_device *dev, struct in6_addr *addr)
376
377 {
378 if (br_chk_addr_ip6(dev, addr))
379 return true;
380
381 /* check if ip is configured on upper dev */
382 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip6, addr))
383 return true;
384
385 return false;
386 }
387
388 void br_do_suppress_nd(struct sk_buff *skb, struct net_bridge *br,
389 u16 vid, struct net_bridge_port *p, struct nd_msg *msg)
390 {
391 struct net_device *dev = br->dev;
392 struct net_device *vlandev = NULL;
393 struct in6_addr *saddr, *daddr;
394 struct ipv6hdr *iphdr;
395 struct neighbour *n;
396
397 BR_INPUT_SKB_CB(skb)->proxyarp_replied = false;
398
399 if (p && (p->flags & BR_NEIGH_SUPPRESS))
400 return;
401
402 if (msg->icmph.icmp6_type == NDISC_NEIGHBOUR_ADVERTISEMENT &&
403 !msg->icmph.icmp6_solicited) {
404 /* prevent flooding to neigh suppress ports */
405 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
406 return;
407 }
408
409 if (msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION)
410 return;
411
412 iphdr = ipv6_hdr(skb);
413 saddr = &iphdr->saddr;
414 daddr = &iphdr->daddr;
415
416 if (ipv6_addr_any(saddr) || !ipv6_addr_cmp(saddr, daddr)) {
417 /* prevent flooding to neigh suppress ports */
418 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
419 return;
420 }
421
422 if (vid != 0) {
423 /* build neigh table lookup on the vlan device */
424 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
425 vid);
426 if (!vlandev)
427 return;
428 } else {
429 vlandev = dev;
430 }
431
432 if (br_is_local_ip6(vlandev, &msg->target)) {
433 /* its our own ip, so don't proxy reply
434 * and don't forward to arp suppress ports
435 */
436 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
437 return;
438 }
439
440 n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, vlandev);
441 if (n) {
442 struct net_bridge_fdb_entry *f;
443
444 if (!(n->nud_state & NUD_VALID)) {
445 neigh_release(n);
446 return;
447 }
448
449 f = br_fdb_find_rcu(br, n->ha, vid);
450 if (f) {
451 bool replied = false;
452
453 if (f->dst && (f->dst->flags & BR_NEIGH_SUPPRESS)) {
454 if (vid != 0)
455 br_nd_send(br, p, skb, n,
456 skb->vlan_proto,
457 skb_vlan_tag_get(skb), msg);
458 else
459 br_nd_send(br, p, skb, n, 0, 0, msg);
460 replied = true;
461 }
462
463 /* If we have replied or as long as we know the
464 * mac, indicate to NEIGH_SUPPRESS ports that we
465 * have replied
466 */
467 if (replied || br->neigh_suppress_enabled)
468 BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
469 }
470 neigh_release(n);
471 }
472 }
473 #endif
Linux with added FPC-III support