search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WIP FPC-III support
[linux/fpc-iii.git] / net / bridge / br_arp_nd_proxy.c
blobdfec65eca8a6e7720246834edddc9c0e575104b2
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Handle bridge arp/nd proxy/suppress
4 *
5 * Copyright (C) 2017 Cumulus Networks
6 * Copyright (c) 2017 Roopa Prabhu <roopa@cumulusnetworks.com>
7 *
8 * Authors:
9 * Roopa Prabhu <roopa@cumulusnetworks.com>
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/netdevice.h>
14 #include <linux/etherdevice.h>
15 #include <linux/neighbour.h>
16 #include <net/arp.h>
17 #include <linux/if_vlan.h>
18 #include <linux/inetdevice.h>
19 #include <net/addrconf.h>
20 #include <net/ipv6_stubs.h>
21 #if IS_ENABLED(CONFIG_IPV6)
22 #include <net/ip6_checksum.h>
23 #endif
24
25 #include "br_private.h"
26
27 void br_recalculate_neigh_suppress_enabled(struct net_bridge *br)
28 {
29 struct net_bridge_port *p;
30 bool neigh_suppress = false;
31
32 list_for_each_entry(p, &br->port_list, list) {
33 if (p->flags & BR_NEIGH_SUPPRESS) {
34 neigh_suppress = true;
35 break;
36 }
37 }
38
39 br_opt_toggle(br, BROPT_NEIGH_SUPPRESS_ENABLED, neigh_suppress);
40 }
41
42 #if IS_ENABLED(CONFIG_INET)
43 static void br_arp_send(struct net_bridge *br, struct net_bridge_port *p,
44 struct net_device *dev, __be32 dest_ip, __be32 src_ip,
45 const unsigned char *dest_hw,
46 const unsigned char *src_hw,
47 const unsigned char *target_hw,
48 __be16 vlan_proto, u16 vlan_tci)
49 {
50 struct net_bridge_vlan_group *vg;
51 struct sk_buff *skb;
52 u16 pvid;
53
54 netdev_dbg(dev, "arp send dev %s dst %pI4 dst_hw %pM src %pI4 src_hw %pM\n",
55 dev->name, &dest_ip, dest_hw, &src_ip, src_hw);
56
57 if (!vlan_tci) {
58 arp_send(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
59 dest_hw, src_hw, target_hw);
60 return;
61 }
62
63 skb = arp_create(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
64 dest_hw, src_hw, target_hw);
65 if (!skb)
66 return;
67
68 if (p)
69 vg = nbp_vlan_group_rcu(p);
70 else
71 vg = br_vlan_group_rcu(br);
72 pvid = br_get_pvid(vg);
73 if (pvid == (vlan_tci & VLAN_VID_MASK))
74 vlan_tci = 0;
75
76 if (vlan_tci)
77 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci);
78
79 if (p) {
80 arp_xmit(skb);
81 } else {
82 skb_reset_mac_header(skb);
83 __skb_pull(skb, skb_network_offset(skb));
84 skb->ip_summed = CHECKSUM_UNNECESSARY;
85 skb->pkt_type = PACKET_HOST;
86
87 netif_rx_ni(skb);
88 }
89 }
90
91 static int br_chk_addr_ip(struct net_device *dev,
92 struct netdev_nested_priv *priv)
93 {
94 __be32 ip = *(__be32 *)priv->data;
95 struct in_device *in_dev;
96 __be32 addr = 0;
97
98 in_dev = __in_dev_get_rcu(dev);
99 if (in_dev)
100 addr = inet_confirm_addr(dev_net(dev), in_dev, 0, ip,
101 RT_SCOPE_HOST);
102
103 if (addr == ip)
104 return 1;
105
106 return 0;
107 }
108
109 static bool br_is_local_ip(struct net_device *dev, __be32 ip)
110 {
111 struct netdev_nested_priv priv = {
112 .data = (void *)&ip,
113 };
114
115 if (br_chk_addr_ip(dev, &priv))
116 return true;
117
118 /* check if ip is configured on upper dev */
119 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip, &priv))
120 return true;
121
122 return false;
123 }
124
125 void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
126 u16 vid, struct net_bridge_port *p)
127 {
128 struct net_device *dev = br->dev;
129 struct net_device *vlandev = dev;
130 struct neighbour *n;
131 struct arphdr *parp;
132 u8 *arpptr, *sha;
133 __be32 sip, tip;
134
135 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 0;
136
137 if ((dev->flags & IFF_NOARP) ||
138 !pskb_may_pull(skb, arp_hdr_len(dev)))
139 return;
140
141 parp = arp_hdr(skb);
142
143 if (parp->ar_pro != htons(ETH_P_IP) ||
144 parp->ar_hln != dev->addr_len ||
145 parp->ar_pln != 4)
146 return;
147
148 arpptr = (u8 *)parp + sizeof(struct arphdr);
149 sha = arpptr;
150 arpptr += dev->addr_len; /* sha */
151 memcpy(&sip, arpptr, sizeof(sip));
152 arpptr += sizeof(sip);
153 arpptr += dev->addr_len; /* tha */
154 memcpy(&tip, arpptr, sizeof(tip));
155
156 if (ipv4_is_loopback(tip) ||
157 ipv4_is_multicast(tip))
158 return;
159
160 if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED)) {
161 if (p && (p->flags & BR_NEIGH_SUPPRESS))
162 return;
163 if (ipv4_is_zeronet(sip) || sip == tip) {
164 /* prevent flooding to neigh suppress ports */
165 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
166 return;
167 }
168 }
169
170 if (parp->ar_op != htons(ARPOP_REQUEST))
171 return;
172
173 if (vid != 0) {
174 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
175 vid);
176 if (!vlandev)
177 return;
178 }
179
180 if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED) &&
181 br_is_local_ip(vlandev, tip)) {
182 /* its our local ip, so don't proxy reply
183 * and don't forward to neigh suppress ports
184 */
185 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
186 return;
187 }
188
189 n = neigh_lookup(&arp_tbl, &tip, vlandev);
190 if (n) {
191 struct net_bridge_fdb_entry *f;
192
193 if (!(n->nud_state & NUD_VALID)) {
194 neigh_release(n);
195 return;
196 }
197
198 f = br_fdb_find_rcu(br, n->ha, vid);
199 if (f) {
200 bool replied = false;
201
202 if ((p && (p->flags & BR_PROXYARP)) ||
203 (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
204 BR_NEIGH_SUPPRESS)))) {
205 if (!vid)
206 br_arp_send(br, p, skb->dev, sip, tip,
207 sha, n->ha, sha, 0, 0);
208 else
209 br_arp_send(br, p, skb->dev, sip, tip,
210 sha, n->ha, sha,
211 skb->vlan_proto,
212 skb_vlan_tag_get(skb));
213 replied = true;
214 }
215
216 /* If we have replied or as long as we know the
217 * mac, indicate to arp replied
218 */
219 if (replied ||
220 br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED))
221 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
222 }
223
224 neigh_release(n);
225 }
226 }
227 #endif
228
229 #if IS_ENABLED(CONFIG_IPV6)
230 struct nd_msg *br_is_nd_neigh_msg(struct sk_buff *skb, struct nd_msg *msg)
231 {
232 struct nd_msg *m;
233
234 m = skb_header_pointer(skb, skb_network_offset(skb) +
235 sizeof(struct ipv6hdr), sizeof(*msg), msg);
236 if (!m)
237 return NULL;
238
239 if (m->icmph.icmp6_code != 0 ||
240 (m->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION &&
241 m->icmph.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT))
242 return NULL;
243
244 return m;
245 }
246
247 static void br_nd_send(struct net_bridge *br, struct net_bridge_port *p,
248 struct sk_buff *request, struct neighbour *n,
249 __be16 vlan_proto, u16 vlan_tci, struct nd_msg *ns)
250 {
251 struct net_device *dev = request->dev;
252 struct net_bridge_vlan_group *vg;
253 struct sk_buff *reply;
254 struct nd_msg *na;
255 struct ipv6hdr *pip6;
256 int na_olen = 8; /* opt hdr + ETH_ALEN for target */
257 int ns_olen;
258 int i, len;
259 u8 *daddr;
260 u16 pvid;
261
262 if (!dev)
263 return;
264
265 len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
266 sizeof(*na) + na_olen + dev->needed_tailroom;
267
268 reply = alloc_skb(len, GFP_ATOMIC);
269 if (!reply)
270 return;
271
272 reply->protocol = htons(ETH_P_IPV6);
273 reply->dev = dev;
274 skb_reserve(reply, LL_RESERVED_SPACE(dev));
275 skb_push(reply, sizeof(struct ethhdr));
276 skb_set_mac_header(reply, 0);
277
278 daddr = eth_hdr(request)->h_source;
279
280 /* Do we need option processing ? */
281 ns_olen = request->len - (skb_network_offset(request) +
282 sizeof(struct ipv6hdr)) - sizeof(*ns);
283 for (i = 0; i < ns_olen - 1; i += (ns->opt[i + 1] << 3)) {
284 if (!ns->opt[i + 1]) {
285 kfree_skb(reply);
286 return;
287 }
288 if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
289 daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
290 break;
291 }
292 }
293
294 /* Ethernet header */
295 ether_addr_copy(eth_hdr(reply)->h_dest, daddr);
296 ether_addr_copy(eth_hdr(reply)->h_source, n->ha);
297 eth_hdr(reply)->h_proto = htons(ETH_P_IPV6);
298 reply->protocol = htons(ETH_P_IPV6);
299
300 skb_pull(reply, sizeof(struct ethhdr));
301 skb_set_network_header(reply, 0);
302 skb_put(reply, sizeof(struct ipv6hdr));
303
304 /* IPv6 header */
305 pip6 = ipv6_hdr(reply);
306 memset(pip6, 0, sizeof(struct ipv6hdr));
307 pip6->version = 6;
308 pip6->priority = ipv6_hdr(request)->priority;
309 pip6->nexthdr = IPPROTO_ICMPV6;
310 pip6->hop_limit = 255;
311 pip6->daddr = ipv6_hdr(request)->saddr;
312 pip6->saddr = *(struct in6_addr *)n->primary_key;
313
314 skb_pull(reply, sizeof(struct ipv6hdr));
315 skb_set_transport_header(reply, 0);
316
317 na = (struct nd_msg *)skb_put(reply, sizeof(*na) + na_olen);
318
319 /* Neighbor Advertisement */
320 memset(na, 0, sizeof(*na) + na_olen);
321 na->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
322 na->icmph.icmp6_router = (n->flags & NTF_ROUTER) ? 1 : 0;
323 na->icmph.icmp6_override = 1;
324 na->icmph.icmp6_solicited = 1;
325 na->target = ns->target;
326 ether_addr_copy(&na->opt[2], n->ha);
327 na->opt[0] = ND_OPT_TARGET_LL_ADDR;
328 na->opt[1] = na_olen >> 3;
329
330 na->icmph.icmp6_cksum = csum_ipv6_magic(&pip6->saddr,
331 &pip6->daddr,
332 sizeof(*na) + na_olen,
333 IPPROTO_ICMPV6,
334 csum_partial(na, sizeof(*na) + na_olen, 0));
335
336 pip6->payload_len = htons(sizeof(*na) + na_olen);
337
338 skb_push(reply, sizeof(struct ipv6hdr));
339 skb_push(reply, sizeof(struct ethhdr));
340
341 reply->ip_summed = CHECKSUM_UNNECESSARY;
342
343 if (p)
344 vg = nbp_vlan_group_rcu(p);
345 else
346 vg = br_vlan_group_rcu(br);
347 pvid = br_get_pvid(vg);
348 if (pvid == (vlan_tci & VLAN_VID_MASK))
349 vlan_tci = 0;
350
351 if (vlan_tci)
352 __vlan_hwaccel_put_tag(reply, vlan_proto, vlan_tci);
353
354 netdev_dbg(dev, "nd send dev %s dst %pI6 dst_hw %pM src %pI6 src_hw %pM\n",
355 dev->name, &pip6->daddr, daddr, &pip6->saddr, n->ha);
356
357 if (p) {
358 dev_queue_xmit(reply);
359 } else {
360 skb_reset_mac_header(reply);
361 __skb_pull(reply, skb_network_offset(reply));
362 reply->ip_summed = CHECKSUM_UNNECESSARY;
363 reply->pkt_type = PACKET_HOST;
364
365 netif_rx_ni(reply);
366 }
367 }
368
369 static int br_chk_addr_ip6(struct net_device *dev,
370 struct netdev_nested_priv *priv)
371 {
372 struct in6_addr *addr = (struct in6_addr *)priv->data;
373
374 if (ipv6_chk_addr(dev_net(dev), addr, dev, 0))
375 return 1;
376
377 return 0;
378 }
379
380 static bool br_is_local_ip6(struct net_device *dev, struct in6_addr *addr)
381
382 {
383 struct netdev_nested_priv priv = {
384 .data = (void *)addr,
385 };
386
387 if (br_chk_addr_ip6(dev, &priv))
388 return true;
389
390 /* check if ip is configured on upper dev */
391 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip6, &priv))
392 return true;
393
394 return false;
395 }
396
397 void br_do_suppress_nd(struct sk_buff *skb, struct net_bridge *br,
398 u16 vid, struct net_bridge_port *p, struct nd_msg *msg)
399 {
400 struct net_device *dev = br->dev;
401 struct net_device *vlandev = NULL;
402 struct in6_addr *saddr, *daddr;
403 struct ipv6hdr *iphdr;
404 struct neighbour *n;
405
406 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 0;
407
408 if (p && (p->flags & BR_NEIGH_SUPPRESS))
409 return;
410
411 if (msg->icmph.icmp6_type == NDISC_NEIGHBOUR_ADVERTISEMENT &&
412 !msg->icmph.icmp6_solicited) {
413 /* prevent flooding to neigh suppress ports */
414 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
415 return;
416 }
417
418 if (msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION)
419 return;
420
421 iphdr = ipv6_hdr(skb);
422 saddr = &iphdr->saddr;
423 daddr = &iphdr->daddr;
424
425 if (ipv6_addr_any(saddr) || !ipv6_addr_cmp(saddr, daddr)) {
426 /* prevent flooding to neigh suppress ports */
427 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
428 return;
429 }
430
431 if (vid != 0) {
432 /* build neigh table lookup on the vlan device */
433 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
434 vid);
435 if (!vlandev)
436 return;
437 } else {
438 vlandev = dev;
439 }
440
441 if (br_is_local_ip6(vlandev, &msg->target)) {
442 /* its our own ip, so don't proxy reply
443 * and don't forward to arp suppress ports
444 */
445 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
446 return;
447 }
448
449 n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, vlandev);
450 if (n) {
451 struct net_bridge_fdb_entry *f;
452
453 if (!(n->nud_state & NUD_VALID)) {
454 neigh_release(n);
455 return;
456 }
457
458 f = br_fdb_find_rcu(br, n->ha, vid);
459 if (f) {
460 bool replied = false;
461
462 if (f->dst && (f->dst->flags & BR_NEIGH_SUPPRESS)) {
463 if (vid != 0)
464 br_nd_send(br, p, skb, n,
465 skb->vlan_proto,
466 skb_vlan_tag_get(skb), msg);
467 else
468 br_nd_send(br, p, skb, n, 0, 0, msg);
469 replied = true;
470 }
471
472 /* If we have replied or as long as we know the
473 * mac, indicate to NEIGH_SUPPRESS ports that we
474 * have replied
475 */
476 if (replied ||
477 br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED))
478 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
479 }
480 neigh_release(n);
481 }
482 }
483 #endif
Linux with added FPC-III support