1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2019, Vladimir Oltean <olteanv@gmail.com>
4 * This module is not a complete tagger implementation. It only provides
5 * primitives for taggers that rely on 802.1Q VLAN tags to use. The
6 * dsa_8021q_netdev_ops is registered for API compliance and not used
9 #include <linux/if_bridge.h>
10 #include <linux/if_vlan.h>
14 /* Binary structure of the fake 12-bit VID field (when the TPID is
17 * | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
18 * +-----------+-----+-----------------+-----------+-----------------------+
19 * | DIR | RSV | SWITCH_ID | RSV | PORT |
20 * +-----------+-----+-----------------+-----------+-----------------------+
24 * * 1 (0b01) for RX VLAN,
25 * * 2 (0b10) for TX VLAN.
26 * These values make the special VIDs of 0, 1 and 4095 to be left
27 * unused by this coding scheme.
30 * To be used for further expansion of SWITCH_ID or for other purposes.
31 * Must be transmitted as zero and ignored on receive.
33 * SWITCH_ID - VID[8:6]:
34 * Index of switch within DSA tree. Must be between 0 and 7.
37 * To be used for further expansion of PORT or for other purposes.
38 * Must be transmitted as zero and ignored on receive.
41 * Index of switch port. Must be between 0 and 15.
44 #define DSA_8021Q_DIR_SHIFT 10
45 #define DSA_8021Q_DIR_MASK GENMASK(11, 10)
46 #define DSA_8021Q_DIR(x) (((x) << DSA_8021Q_DIR_SHIFT) & \
48 #define DSA_8021Q_DIR_RX DSA_8021Q_DIR(1)
49 #define DSA_8021Q_DIR_TX DSA_8021Q_DIR(2)
51 #define DSA_8021Q_SWITCH_ID_SHIFT 6
52 #define DSA_8021Q_SWITCH_ID_MASK GENMASK(8, 6)
53 #define DSA_8021Q_SWITCH_ID(x) (((x) << DSA_8021Q_SWITCH_ID_SHIFT) & \
54 DSA_8021Q_SWITCH_ID_MASK)
56 #define DSA_8021Q_PORT_SHIFT 0
57 #define DSA_8021Q_PORT_MASK GENMASK(3, 0)
58 #define DSA_8021Q_PORT(x) (((x) << DSA_8021Q_PORT_SHIFT) & \
61 /* Returns the VID to be inserted into the frame from xmit for switch steering
62 * instructions on egress. Encodes switch ID and port ID.
64 u16
dsa_8021q_tx_vid(struct dsa_switch
*ds
, int port
)
66 return DSA_8021Q_DIR_TX
| DSA_8021Q_SWITCH_ID(ds
->index
) |
69 EXPORT_SYMBOL_GPL(dsa_8021q_tx_vid
);
71 /* Returns the VID that will be installed as pvid for this switch port, sent as
72 * tagged egress towards the CPU port and decoded by the rcv function.
74 u16
dsa_8021q_rx_vid(struct dsa_switch
*ds
, int port
)
76 return DSA_8021Q_DIR_RX
| DSA_8021Q_SWITCH_ID(ds
->index
) |
79 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid
);
81 /* Returns the decoded switch ID from the RX VID. */
82 int dsa_8021q_rx_switch_id(u16 vid
)
84 return (vid
& DSA_8021Q_SWITCH_ID_MASK
) >> DSA_8021Q_SWITCH_ID_SHIFT
;
86 EXPORT_SYMBOL_GPL(dsa_8021q_rx_switch_id
);
88 /* Returns the decoded port ID from the RX VID. */
89 int dsa_8021q_rx_source_port(u16 vid
)
91 return (vid
& DSA_8021Q_PORT_MASK
) >> DSA_8021Q_PORT_SHIFT
;
93 EXPORT_SYMBOL_GPL(dsa_8021q_rx_source_port
);
95 static int dsa_8021q_restore_pvid(struct dsa_switch
*ds
, int port
)
97 struct bridge_vlan_info vinfo
;
98 struct net_device
*slave
;
102 if (!dsa_is_user_port(ds
, port
))
105 slave
= dsa_to_port(ds
, port
)->slave
;
107 err
= br_vlan_get_pvid(slave
, &pvid
);
108 if (!pvid
|| err
< 0)
109 /* There is no pvid on the bridge for this port, which is
110 * perfectly valid. Nothing to restore, bye-bye!
114 err
= br_vlan_get_info(slave
, pvid
, &vinfo
);
116 dev_err(ds
->dev
, "Couldn't determine PVID attributes\n");
120 return dsa_port_vid_add(dsa_to_port(ds
, port
), pvid
, vinfo
.flags
);
123 /* If @enabled is true, installs @vid with @flags into the switch port's HW
125 * If @enabled is false, deletes @vid (ignores @flags) from the port. Had the
126 * user explicitly configured this @vid through the bridge core, then the @vid
127 * is installed again, but this time with the flags from the bridge layer.
129 static int dsa_8021q_vid_apply(struct dsa_switch
*ds
, int port
, u16 vid
,
130 u16 flags
, bool enabled
)
132 struct dsa_port
*dp
= dsa_to_port(ds
, port
);
133 struct bridge_vlan_info vinfo
;
137 return dsa_port_vid_add(dp
, vid
, flags
);
139 err
= dsa_port_vid_del(dp
, vid
);
143 /* Nothing to restore from the bridge for a non-user port.
144 * The CPU port VLANs are restored implicitly with the user ports,
145 * similar to how the bridge does in dsa_slave_vlan_add and
146 * dsa_slave_vlan_del.
148 if (!dsa_is_user_port(ds
, port
))
151 err
= br_vlan_get_info(dp
->slave
, vid
, &vinfo
);
152 /* Couldn't determine bridge attributes for this vid,
153 * it means the bridge had not configured it.
158 /* Restore the VID from the bridge */
159 err
= dsa_port_vid_add(dp
, vid
, vinfo
.flags
);
163 vinfo
.flags
&= ~BRIDGE_VLAN_INFO_PVID
;
165 return dsa_port_vid_add(dp
->cpu_dp
, vid
, vinfo
.flags
);
168 /* RX VLAN tagging (left) and TX VLAN tagging (right) setup shown for a single
169 * front-panel switch port (here swp0).
171 * Port identification through VLAN (802.1Q) tags has different requirements
172 * for it to work effectively:
173 * - On RX (ingress from network): each front-panel port must have a pvid
174 * that uniquely identifies it, and the egress of this pvid must be tagged
175 * towards the CPU port, so that software can recover the source port based
176 * on the VID in the frame. But this would only work for standalone ports;
177 * if bridged, this VLAN setup would break autonomous forwarding and would
178 * force all switched traffic to pass through the CPU. So we must also make
179 * the other front-panel ports members of this VID we're adding, albeit
180 * we're not making it their PVID (they'll still have their own).
181 * By the way - just because we're installing the same VID in multiple
182 * switch ports doesn't mean that they'll start to talk to one another, even
183 * while not bridged: the final forwarding decision is still an AND between
184 * the L2 forwarding information (which is limiting forwarding in this case)
185 * and the VLAN-based restrictions (of which there are none in this case,
186 * since all ports are members).
187 * - On TX (ingress from CPU and towards network) we are faced with a problem.
188 * If we were to tag traffic (from within DSA) with the port's pvid, all
189 * would be well, assuming the switch ports were standalone. Frames would
190 * have no choice but to be directed towards the correct front-panel port.
191 * But because we also want the RX VLAN to not break bridging, then
192 * inevitably that means that we have to give them a choice (of what
193 * front-panel port to go out on), and therefore we cannot steer traffic
194 * based on the RX VID. So what we do is simply install one more VID on the
195 * front-panel and CPU ports, and profit off of the fact that steering will
196 * work just by virtue of the fact that there is only one other port that's
197 * a member of the VID we're tagging the traffic with - the desired one.
199 * So at the end, each front-panel port will have one RX VID (also the PVID),
200 * the RX VID of all other front-panel ports, and one TX VID. Whereas the CPU
201 * port will have the RX and TX VIDs of all front-panel ports, and on top of
202 * that, is also tagged-input and tagged-output (VLAN trunk).
205 * +-------------+-----+-------------+ +-------------+-----+-------------+
206 * | RX VID | | | | TX VID | | |
207 * | of swp0 | | | | of swp0 | | |
208 * | +-----+ | | +-----+ |
209 * | ^ T | | | Tagged |
210 * | | | | | ingress |
211 * | +-------+---+---+-------+ | | +-----------+ |
212 * | | | | | | | | Untagged |
213 * | | U v U v U v | | v egress |
214 * | +-----+ +-----+ +-----+ +-----+ | | +-----+ +-----+ +-----+ +-----+ |
215 * | | | | | | | | | | | | | | | | | | | |
216 * | |PVID | | | | | | | | | | | | | | | | | |
217 * +-+-----+-+-----+-+-----+-+-----+-+ +-+-----+-+-----+-+-----+-+-----+-+
218 * swp0 swp1 swp2 swp3 swp0 swp1 swp2 swp3
220 int dsa_port_setup_8021q_tagging(struct dsa_switch
*ds
, int port
, bool enabled
)
222 int upstream
= dsa_upstream_port(ds
, port
);
223 u16 rx_vid
= dsa_8021q_rx_vid(ds
, port
);
224 u16 tx_vid
= dsa_8021q_tx_vid(ds
, port
);
227 /* The CPU port is implicitly configured by
228 * configuring the front-panel ports
230 if (!dsa_is_user_port(ds
, port
))
233 /* Add this user port's RX VID to the membership list of all others
234 * (including itself). This is so that bridging will not be hindered.
235 * L2 forwarding rules still take precedence when there are no VLAN
236 * restrictions, so there are no concerns about leaking traffic.
238 for (i
= 0; i
< ds
->num_ports
; i
++) {
244 /* The RX VID is pvid on this port */
245 flags
= BRIDGE_VLAN_INFO_UNTAGGED
|
246 BRIDGE_VLAN_INFO_PVID
;
248 /* The RX VID is a regular VLAN on all others */
249 flags
= BRIDGE_VLAN_INFO_UNTAGGED
;
251 err
= dsa_8021q_vid_apply(ds
, i
, rx_vid
, flags
, enabled
);
253 dev_err(ds
->dev
, "Failed to apply RX VID %d to port %d: %d\n",
259 /* CPU port needs to see this port's RX VID
262 err
= dsa_8021q_vid_apply(ds
, upstream
, rx_vid
, 0, enabled
);
264 dev_err(ds
->dev
, "Failed to apply RX VID %d to port %d: %d\n",
269 /* Finally apply the TX VID on this port and on the CPU port */
270 err
= dsa_8021q_vid_apply(ds
, port
, tx_vid
, BRIDGE_VLAN_INFO_UNTAGGED
,
273 dev_err(ds
->dev
, "Failed to apply TX VID %d on port %d: %d\n",
277 err
= dsa_8021q_vid_apply(ds
, upstream
, tx_vid
, 0, enabled
);
279 dev_err(ds
->dev
, "Failed to apply TX VID %d on port %d: %d\n",
280 tx_vid
, upstream
, err
);
285 err
= dsa_8021q_restore_pvid(ds
, port
);
289 EXPORT_SYMBOL_GPL(dsa_port_setup_8021q_tagging
);
291 struct sk_buff
*dsa_8021q_xmit(struct sk_buff
*skb
, struct net_device
*netdev
,
294 /* skb->data points at skb_mac_header, which
295 * is fine for vlan_insert_tag.
297 return vlan_insert_tag(skb
, htons(tpid
), tci
);
299 EXPORT_SYMBOL_GPL(dsa_8021q_xmit
);
301 /* In the DSA packet_type handler, skb->data points in the middle of the VLAN
302 * tag, after tpid and before tci. This is because so far, ETH_HLEN
303 * (DMAC, SMAC, EtherType) bytes were pulled.
304 * There are 2 bytes of VLAN tag left in skb->data, and upper
305 * layers expect the 'real' EtherType to be consumed as well.
306 * Coincidentally, a VLAN header is also of the same size as
307 * the number of bytes that need to be pulled.
309 * skb_mac_header skb->data
312 * | | | | | | | | | | | | | | | | | | |
313 * +-----------------------+-----------------------+-------+-------+-------+
314 * | Destination MAC | Source MAC | TPID | TCI | EType |
315 * +-----------------------+-----------------------+-------+-------+-------+
317 * |<--VLAN_HLEN-->to <---VLAN_HLEN--->
320 * >>>>>>> | | | | | | | | | | | | | | |
321 * >>>>>>> +-----------------------+-----------------------+-------+
322 * >>>>>>> | Destination MAC | Source MAC | EType |
323 * +-----------------------+-----------------------+-------+
326 * skb->head) skb_mac_header skb->data
328 struct sk_buff
*dsa_8021q_remove_header(struct sk_buff
*skb
)
330 u8
*from
= skb_mac_header(skb
);
331 u8
*dest
= from
+ VLAN_HLEN
;
333 memmove(dest
, from
, ETH_HLEN
- VLAN_HLEN
);
334 skb_pull(skb
, VLAN_HLEN
);
335 skb_push(skb
, ETH_HLEN
);
336 skb_reset_mac_header(skb
);
337 skb_reset_mac_len(skb
);
338 skb_pull_rcsum(skb
, ETH_HLEN
);
342 EXPORT_SYMBOL_GPL(dsa_8021q_remove_header
);
344 MODULE_LICENSE("GPL v2");