search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
KEYS: add missing permission check for request_key() destination
[linux/fpc-iii.git] / net / bridge / br_vlan.c
blobb03e884fba3e47ac75bd55673525046b1b7d61d8
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5
6 #include "br_private.h"
7
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 if (v->pvid == vid)
11 return;
12
13 smp_wmb();
14 v->pvid = vid;
15 }
16
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 if (v->pvid != vid)
20 return;
21
22 smp_wmb();
23 v->pvid = 0;
24 }
25
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 if (flags & BRIDGE_VLAN_INFO_PVID)
29 __vlan_add_pvid(v, vid);
30
31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 set_bit(vid, v->untagged_bitmap);
33 }
34
35 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36 {
37 struct net_bridge_port *p = NULL;
38 struct net_bridge *br;
39 struct net_device *dev;
40 int err;
41
42 if (test_bit(vid, v->vlan_bitmap)) {
43 __vlan_add_flags(v, vid, flags);
44 return 0;
45 }
46
47 if (v->port_idx) {
48 p = v->parent.port;
49 br = p->br;
50 dev = p->dev;
51 } else {
52 br = v->parent.br;
53 dev = br->dev;
54 }
55
56 if (p) {
57 /* Add VLAN to the device filter if it is supported.
58 * Stricly speaking, this is not necessary now, since
59 * devices are made promiscuous by the bridge, but if
60 * that ever changes this code will allow tagged
61 * traffic to enter the bridge.
62 */
63 err = vlan_vid_add(dev, br->vlan_proto, vid);
64 if (err)
65 return err;
66 }
67
68 err = br_fdb_insert(br, p, dev->dev_addr, vid);
69 if (err) {
70 br_err(br, "failed insert local address into bridge "
71 "forwarding table\n");
72 goto out_filt;
73 }
74
75 set_bit(vid, v->vlan_bitmap);
76 v->num_vlans++;
77 __vlan_add_flags(v, vid, flags);
78
79 return 0;
80
81 out_filt:
82 if (p)
83 vlan_vid_del(dev, br->vlan_proto, vid);
84 return err;
85 }
86
87 static int __vlan_del(struct net_port_vlans *v, u16 vid)
88 {
89 if (!test_bit(vid, v->vlan_bitmap))
90 return -EINVAL;
91
92 __vlan_delete_pvid(v, vid);
93 clear_bit(vid, v->untagged_bitmap);
94
95 if (v->port_idx) {
96 struct net_bridge_port *p = v->parent.port;
97 vlan_vid_del(p->dev, p->br->vlan_proto, vid);
98 }
99
100 clear_bit(vid, v->vlan_bitmap);
101 v->num_vlans--;
102 if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
103 if (v->port_idx)
104 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
105 else
106 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
107 kfree_rcu(v, rcu);
108 }
109 return 0;
110 }
111
112 static void __vlan_flush(struct net_port_vlans *v)
113 {
114 smp_wmb();
115 v->pvid = 0;
116 bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
117 if (v->port_idx)
118 RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
119 else
120 RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
121 kfree_rcu(v, rcu);
122 }
123
124 struct sk_buff *br_handle_vlan(struct net_bridge *br,
125 const struct net_port_vlans *pv,
126 struct sk_buff *skb)
127 {
128 u16 vid;
129
130 /* If this packet was not filtered at input, let it pass */
131 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
132 goto out;
133
134 /* Vlan filter table must be configured at this point. The
135 * only exception is the bridge is set in promisc mode and the
136 * packet is destined for the bridge device. In this case
137 * pass the packet as is.
138 */
139 if (!pv) {
140 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
141 goto out;
142 } else {
143 kfree_skb(skb);
144 return NULL;
145 }
146 }
147
148 /* At this point, we know that the frame was filtered and contains
149 * a valid vlan id. If the vlan id is set in the untagged bitmap,
150 * send untagged; otherwise, send tagged.
151 */
152 br_vlan_get_tag(skb, &vid);
153 if (test_bit(vid, pv->untagged_bitmap))
154 skb->vlan_tci = 0;
155
156 out:
157 return skb;
158 }
159
160 /* Called under RCU */
161 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
162 struct sk_buff *skb, u16 *vid)
163 {
164 bool tagged;
165 __be16 proto;
166
167 /* If VLAN filtering is disabled on the bridge, all packets are
168 * permitted.
169 */
170 if (!br->vlan_enabled) {
171 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
172 return true;
173 }
174
175 /* If there are no vlan in the permitted list, all packets are
176 * rejected.
177 */
178 if (!v)
179 goto drop;
180
181 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
182 proto = br->vlan_proto;
183
184 /* If vlan tx offload is disabled on bridge device and frame was
185 * sent from vlan device on the bridge device, it does not have
186 * HW accelerated vlan tag.
187 */
188 if (unlikely(!vlan_tx_tag_present(skb) &&
189 skb->protocol == proto)) {
190 skb = skb_vlan_untag(skb);
191 if (unlikely(!skb))
192 return false;
193 }
194
195 if (!br_vlan_get_tag(skb, vid)) {
196 /* Tagged frame */
197 if (skb->vlan_proto != proto) {
198 /* Protocol-mismatch, empty out vlan_tci for new tag */
199 skb_push(skb, ETH_HLEN);
200 skb = __vlan_put_tag(skb, skb->vlan_proto,
201 vlan_tx_tag_get(skb));
202 if (unlikely(!skb))
203 return false;
204
205 skb_pull(skb, ETH_HLEN);
206 skb_reset_mac_len(skb);
207 *vid = 0;
208 tagged = false;
209 } else {
210 tagged = true;
211 }
212 } else {
213 /* Untagged frame */
214 tagged = false;
215 }
216
217 if (!*vid) {
218 u16 pvid = br_get_pvid(v);
219
220 /* Frame had a tag with VID 0 or did not have a tag.
221 * See if pvid is set on this port. That tells us which
222 * vlan untagged or priority-tagged traffic belongs to.
223 */
224 if (pvid == VLAN_N_VID)
225 goto drop;
226
227 /* PVID is set on this port. Any untagged or priority-tagged
228 * ingress frame is considered to belong to this vlan.
229 */
230 *vid = pvid;
231 if (likely(!tagged))
232 /* Untagged Frame. */
233 __vlan_hwaccel_put_tag(skb, proto, pvid);
234 else
235 /* Priority-tagged Frame.
236 * At this point, We know that skb->vlan_tci had
237 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
238 * We update only VID field and preserve PCP field.
239 */
240 skb->vlan_tci |= pvid;
241
242 return true;
243 }
244
245 /* Frame had a valid vlan tag. See if vlan is allowed */
246 if (test_bit(*vid, v->vlan_bitmap))
247 return true;
248 drop:
249 kfree_skb(skb);
250 return false;
251 }
252
253 /* Called under RCU. */
254 bool br_allowed_egress(struct net_bridge *br,
255 const struct net_port_vlans *v,
256 const struct sk_buff *skb)
257 {
258 u16 vid;
259
260 /* If this packet was not filtered at input, let it pass */
261 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
262 return true;
263
264 if (!v)
265 return false;
266
267 br_vlan_get_tag(skb, &vid);
268 if (test_bit(vid, v->vlan_bitmap))
269 return true;
270
271 return false;
272 }
273
274 /* Called under RCU */
275 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
276 {
277 struct net_bridge *br = p->br;
278 struct net_port_vlans *v;
279
280 /* If filtering was disabled at input, let it pass. */
281 if (!br->vlan_enabled)
282 return true;
283
284 v = rcu_dereference(p->vlan_info);
285 if (!v)
286 return false;
287
288 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
289 *vid = 0;
290
291 if (!*vid) {
292 *vid = br_get_pvid(v);
293 if (*vid == VLAN_N_VID)
294 return false;
295
296 return true;
297 }
298
299 if (test_bit(*vid, v->vlan_bitmap))
300 return true;
301
302 return false;
303 }
304
305 /* Must be protected by RTNL.
306 * Must be called with vid in range from 1 to 4094 inclusive.
307 */
308 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
309 {
310 struct net_port_vlans *pv = NULL;
311 int err;
312
313 ASSERT_RTNL();
314
315 pv = rtnl_dereference(br->vlan_info);
316 if (pv)
317 return __vlan_add(pv, vid, flags);
318
319 /* Create port vlan infomration
320 */
321 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
322 if (!pv)
323 return -ENOMEM;
324
325 pv->parent.br = br;
326 err = __vlan_add(pv, vid, flags);
327 if (err)
328 goto out;
329
330 rcu_assign_pointer(br->vlan_info, pv);
331 return 0;
332 out:
333 kfree(pv);
334 return err;
335 }
336
337 /* Must be protected by RTNL.
338 * Must be called with vid in range from 1 to 4094 inclusive.
339 */
340 int br_vlan_delete(struct net_bridge *br, u16 vid)
341 {
342 struct net_port_vlans *pv;
343
344 ASSERT_RTNL();
345
346 pv = rtnl_dereference(br->vlan_info);
347 if (!pv)
348 return -EINVAL;
349
350 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
351
352 __vlan_del(pv, vid);
353 return 0;
354 }
355
356 void br_vlan_flush(struct net_bridge *br)
357 {
358 struct net_port_vlans *pv;
359
360 ASSERT_RTNL();
361 pv = rtnl_dereference(br->vlan_info);
362 if (!pv)
363 return;
364
365 __vlan_flush(pv);
366 }
367
368 bool br_vlan_find(struct net_bridge *br, u16 vid)
369 {
370 struct net_port_vlans *pv;
371 bool found = false;
372
373 rcu_read_lock();
374 pv = rcu_dereference(br->vlan_info);
375
376 if (!pv)
377 goto out;
378
379 if (test_bit(vid, pv->vlan_bitmap))
380 found = true;
381
382 out:
383 rcu_read_unlock();
384 return found;
385 }
386
387 /* Must be protected by RTNL. */
388 static void recalculate_group_addr(struct net_bridge *br)
389 {
390 if (br->group_addr_set)
391 return;
392
393 spin_lock_bh(&br->lock);
394 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
395 /* Bridge Group Address */
396 br->group_addr[5] = 0x00;
397 } else { /* vlan_enabled && ETH_P_8021AD */
398 /* Provider Bridge Group Address */
399 br->group_addr[5] = 0x08;
400 }
401 spin_unlock_bh(&br->lock);
402 }
403
404 /* Must be protected by RTNL. */
405 void br_recalculate_fwd_mask(struct net_bridge *br)
406 {
407 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
408 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
409 else /* vlan_enabled && ETH_P_8021AD */
410 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
411 ~(1u << br->group_addr[5]);
412 }
413
414 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
415 {
416 if (!rtnl_trylock())
417 return restart_syscall();
418
419 if (br->vlan_enabled == val)
420 goto unlock;
421
422 br->vlan_enabled = val;
423 br_manage_promisc(br);
424 recalculate_group_addr(br);
425 br_recalculate_fwd_mask(br);
426
427 unlock:
428 rtnl_unlock();
429 return 0;
430 }
431
432 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
433 {
434 int err = 0;
435 struct net_bridge_port *p;
436 struct net_port_vlans *pv;
437 __be16 proto, oldproto;
438 u16 vid, errvid;
439
440 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
441 return -EPROTONOSUPPORT;
442
443 if (!rtnl_trylock())
444 return restart_syscall();
445
446 proto = htons(val);
447 if (br->vlan_proto == proto)
448 goto unlock;
449
450 /* Add VLANs for the new proto to the device filter. */
451 list_for_each_entry(p, &br->port_list, list) {
452 pv = rtnl_dereference(p->vlan_info);
453 if (!pv)
454 continue;
455
456 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
457 err = vlan_vid_add(p->dev, proto, vid);
458 if (err)
459 goto err_filt;
460 }
461 }
462
463 oldproto = br->vlan_proto;
464 br->vlan_proto = proto;
465
466 recalculate_group_addr(br);
467 br_recalculate_fwd_mask(br);
468
469 /* Delete VLANs for the old proto from the device filter. */
470 list_for_each_entry(p, &br->port_list, list) {
471 pv = rtnl_dereference(p->vlan_info);
472 if (!pv)
473 continue;
474
475 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
476 vlan_vid_del(p->dev, oldproto, vid);
477 }
478
479 unlock:
480 rtnl_unlock();
481 return err;
482
483 err_filt:
484 errvid = vid;
485 for_each_set_bit(vid, pv->vlan_bitmap, errvid)
486 vlan_vid_del(p->dev, proto, vid);
487
488 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
489 pv = rtnl_dereference(p->vlan_info);
490 if (!pv)
491 continue;
492
493 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
494 vlan_vid_del(p->dev, proto, vid);
495 }
496
497 goto unlock;
498 }
499
500 void br_vlan_init(struct net_bridge *br)
501 {
502 br->vlan_proto = htons(ETH_P_8021Q);
503 }
504
505 /* Must be protected by RTNL.
506 * Must be called with vid in range from 1 to 4094 inclusive.
507 */
508 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
509 {
510 struct net_port_vlans *pv = NULL;
511 int err;
512
513 ASSERT_RTNL();
514
515 pv = rtnl_dereference(port->vlan_info);
516 if (pv)
517 return __vlan_add(pv, vid, flags);
518
519 /* Create port vlan infomration
520 */
521 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
522 if (!pv) {
523 err = -ENOMEM;
524 goto clean_up;
525 }
526
527 pv->port_idx = port->port_no;
528 pv->parent.port = port;
529 err = __vlan_add(pv, vid, flags);
530 if (err)
531 goto clean_up;
532
533 rcu_assign_pointer(port->vlan_info, pv);
534 return 0;
535
536 clean_up:
537 kfree(pv);
538 return err;
539 }
540
541 /* Must be protected by RTNL.
542 * Must be called with vid in range from 1 to 4094 inclusive.
543 */
544 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
545 {
546 struct net_port_vlans *pv;
547
548 ASSERT_RTNL();
549
550 pv = rtnl_dereference(port->vlan_info);
551 if (!pv)
552 return -EINVAL;
553
554 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
555
556 return __vlan_del(pv, vid);
557 }
558
559 void nbp_vlan_flush(struct net_bridge_port *port)
560 {
561 struct net_port_vlans *pv;
562 u16 vid;
563
564 ASSERT_RTNL();
565
566 pv = rtnl_dereference(port->vlan_info);
567 if (!pv)
568 return;
569
570 for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
571 vlan_vid_del(port->dev, port->br->vlan_proto, vid);
572
573 __vlan_flush(pv);
574 }
575
576 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
577 {
578 struct net_port_vlans *pv;
579 bool found = false;
580
581 rcu_read_lock();
582 pv = rcu_dereference(port->vlan_info);
583
584 if (!pv)
585 goto out;
586
587 if (test_bit(vid, pv->vlan_bitmap))
588 found = true;
589
590 out:
591 rcu_read_unlock();
592 return found;
593 }
Linux with added FPC-III support