search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ARM: dma-api: fix max_pfn off-by-one error in __dma_supported()
[linux/fpc-iii.git] / net / bridge / br_arp_nd_proxy.c
blob37908561a64b5c5551d963526b0b39bd8e9a2129
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Handle bridge arp/nd proxy/suppress
4 *
5 * Copyright (C) 2017 Cumulus Networks
6 * Copyright (c) 2017 Roopa Prabhu <roopa@cumulusnetworks.com>
7 *
8 * Authors:
9 * Roopa Prabhu <roopa@cumulusnetworks.com>
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/netdevice.h>
14 #include <linux/etherdevice.h>
15 #include <linux/neighbour.h>
16 #include <net/arp.h>
17 #include <linux/if_vlan.h>
18 #include <linux/inetdevice.h>
19 #include <net/addrconf.h>
20 #include <net/ipv6_stubs.h>
21 #if IS_ENABLED(CONFIG_IPV6)
22 #include <net/ip6_checksum.h>
23 #endif
24
25 #include "br_private.h"
26
27 void br_recalculate_neigh_suppress_enabled(struct net_bridge *br)
28 {
29 struct net_bridge_port *p;
30 bool neigh_suppress = false;
31
32 list_for_each_entry(p, &br->port_list, list) {
33 if (p->flags & BR_NEIGH_SUPPRESS) {
34 neigh_suppress = true;
35 break;
36 }
37 }
38
39 br_opt_toggle(br, BROPT_NEIGH_SUPPRESS_ENABLED, neigh_suppress);
40 }
41
42 #if IS_ENABLED(CONFIG_INET)
43 static void br_arp_send(struct net_bridge *br, struct net_bridge_port *p,
44 struct net_device *dev, __be32 dest_ip, __be32 src_ip,
45 const unsigned char *dest_hw,
46 const unsigned char *src_hw,
47 const unsigned char *target_hw,
48 __be16 vlan_proto, u16 vlan_tci)
49 {
50 struct net_bridge_vlan_group *vg;
51 struct sk_buff *skb;
52 u16 pvid;
53
54 netdev_dbg(dev, "arp send dev %s dst %pI4 dst_hw %pM src %pI4 src_hw %pM\n",
55 dev->name, &dest_ip, dest_hw, &src_ip, src_hw);
56
57 if (!vlan_tci) {
58 arp_send(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
59 dest_hw, src_hw, target_hw);
60 return;
61 }
62
63 skb = arp_create(ARPOP_REPLY, ETH_P_ARP, dest_ip, dev, src_ip,
64 dest_hw, src_hw, target_hw);
65 if (!skb)
66 return;
67
68 if (p)
69 vg = nbp_vlan_group_rcu(p);
70 else
71 vg = br_vlan_group_rcu(br);
72 pvid = br_get_pvid(vg);
73 if (pvid == (vlan_tci & VLAN_VID_MASK))
74 vlan_tci = 0;
75
76 if (vlan_tci)
77 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci);
78
79 if (p) {
80 arp_xmit(skb);
81 } else {
82 skb_reset_mac_header(skb);
83 __skb_pull(skb, skb_network_offset(skb));
84 skb->ip_summed = CHECKSUM_UNNECESSARY;
85 skb->pkt_type = PACKET_HOST;
86
87 netif_rx_ni(skb);
88 }
89 }
90
91 static int br_chk_addr_ip(struct net_device *dev, void *data)
92 {
93 __be32 ip = *(__be32 *)data;
94 struct in_device *in_dev;
95 __be32 addr = 0;
96
97 in_dev = __in_dev_get_rcu(dev);
98 if (in_dev)
99 addr = inet_confirm_addr(dev_net(dev), in_dev, 0, ip,
100 RT_SCOPE_HOST);
101
102 if (addr == ip)
103 return 1;
104
105 return 0;
106 }
107
108 static bool br_is_local_ip(struct net_device *dev, __be32 ip)
109 {
110 if (br_chk_addr_ip(dev, &ip))
111 return true;
112
113 /* check if ip is configured on upper dev */
114 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip, &ip))
115 return true;
116
117 return false;
118 }
119
120 void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
121 u16 vid, struct net_bridge_port *p)
122 {
123 struct net_device *dev = br->dev;
124 struct net_device *vlandev = dev;
125 struct neighbour *n;
126 struct arphdr *parp;
127 u8 *arpptr, *sha;
128 __be32 sip, tip;
129
130 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 0;
131
132 if ((dev->flags & IFF_NOARP) ||
133 !pskb_may_pull(skb, arp_hdr_len(dev)))
134 return;
135
136 parp = arp_hdr(skb);
137
138 if (parp->ar_pro != htons(ETH_P_IP) ||
139 parp->ar_hln != dev->addr_len ||
140 parp->ar_pln != 4)
141 return;
142
143 arpptr = (u8 *)parp + sizeof(struct arphdr);
144 sha = arpptr;
145 arpptr += dev->addr_len; /* sha */
146 memcpy(&sip, arpptr, sizeof(sip));
147 arpptr += sizeof(sip);
148 arpptr += dev->addr_len; /* tha */
149 memcpy(&tip, arpptr, sizeof(tip));
150
151 if (ipv4_is_loopback(tip) ||
152 ipv4_is_multicast(tip))
153 return;
154
155 if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED)) {
156 if (p && (p->flags & BR_NEIGH_SUPPRESS))
157 return;
158 if (ipv4_is_zeronet(sip) || sip == tip) {
159 /* prevent flooding to neigh suppress ports */
160 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
161 return;
162 }
163 }
164
165 if (parp->ar_op != htons(ARPOP_REQUEST))
166 return;
167
168 if (vid != 0) {
169 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
170 vid);
171 if (!vlandev)
172 return;
173 }
174
175 if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED) &&
176 br_is_local_ip(vlandev, tip)) {
177 /* its our local ip, so don't proxy reply
178 * and don't forward to neigh suppress ports
179 */
180 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
181 return;
182 }
183
184 n = neigh_lookup(&arp_tbl, &tip, vlandev);
185 if (n) {
186 struct net_bridge_fdb_entry *f;
187
188 if (!(n->nud_state & NUD_VALID)) {
189 neigh_release(n);
190 return;
191 }
192
193 f = br_fdb_find_rcu(br, n->ha, vid);
194 if (f) {
195 bool replied = false;
196
197 if ((p && (p->flags & BR_PROXYARP)) ||
198 (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
199 BR_NEIGH_SUPPRESS)))) {
200 if (!vid)
201 br_arp_send(br, p, skb->dev, sip, tip,
202 sha, n->ha, sha, 0, 0);
203 else
204 br_arp_send(br, p, skb->dev, sip, tip,
205 sha, n->ha, sha,
206 skb->vlan_proto,
207 skb_vlan_tag_get(skb));
208 replied = true;
209 }
210
211 /* If we have replied or as long as we know the
212 * mac, indicate to arp replied
213 */
214 if (replied ||
215 br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED))
216 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
217 }
218
219 neigh_release(n);
220 }
221 }
222 #endif
223
224 #if IS_ENABLED(CONFIG_IPV6)
225 struct nd_msg *br_is_nd_neigh_msg(struct sk_buff *skb, struct nd_msg *msg)
226 {
227 struct nd_msg *m;
228
229 m = skb_header_pointer(skb, skb_network_offset(skb) +
230 sizeof(struct ipv6hdr), sizeof(*msg), msg);
231 if (!m)
232 return NULL;
233
234 if (m->icmph.icmp6_code != 0 ||
235 (m->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION &&
236 m->icmph.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT))
237 return NULL;
238
239 return m;
240 }
241
242 static void br_nd_send(struct net_bridge *br, struct net_bridge_port *p,
243 struct sk_buff *request, struct neighbour *n,
244 __be16 vlan_proto, u16 vlan_tci, struct nd_msg *ns)
245 {
246 struct net_device *dev = request->dev;
247 struct net_bridge_vlan_group *vg;
248 struct sk_buff *reply;
249 struct nd_msg *na;
250 struct ipv6hdr *pip6;
251 int na_olen = 8; /* opt hdr + ETH_ALEN for target */
252 int ns_olen;
253 int i, len;
254 u8 *daddr;
255 u16 pvid;
256
257 if (!dev)
258 return;
259
260 len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
261 sizeof(*na) + na_olen + dev->needed_tailroom;
262
263 reply = alloc_skb(len, GFP_ATOMIC);
264 if (!reply)
265 return;
266
267 reply->protocol = htons(ETH_P_IPV6);
268 reply->dev = dev;
269 skb_reserve(reply, LL_RESERVED_SPACE(dev));
270 skb_push(reply, sizeof(struct ethhdr));
271 skb_set_mac_header(reply, 0);
272
273 daddr = eth_hdr(request)->h_source;
274
275 /* Do we need option processing ? */
276 ns_olen = request->len - (skb_network_offset(request) +
277 sizeof(struct ipv6hdr)) - sizeof(*ns);
278 for (i = 0; i < ns_olen - 1; i += (ns->opt[i + 1] << 3)) {
279 if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
280 daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
281 break;
282 }
283 }
284
285 /* Ethernet header */
286 ether_addr_copy(eth_hdr(reply)->h_dest, daddr);
287 ether_addr_copy(eth_hdr(reply)->h_source, n->ha);
288 eth_hdr(reply)->h_proto = htons(ETH_P_IPV6);
289 reply->protocol = htons(ETH_P_IPV6);
290
291 skb_pull(reply, sizeof(struct ethhdr));
292 skb_set_network_header(reply, 0);
293 skb_put(reply, sizeof(struct ipv6hdr));
294
295 /* IPv6 header */
296 pip6 = ipv6_hdr(reply);
297 memset(pip6, 0, sizeof(struct ipv6hdr));
298 pip6->version = 6;
299 pip6->priority = ipv6_hdr(request)->priority;
300 pip6->nexthdr = IPPROTO_ICMPV6;
301 pip6->hop_limit = 255;
302 pip6->daddr = ipv6_hdr(request)->saddr;
303 pip6->saddr = *(struct in6_addr *)n->primary_key;
304
305 skb_pull(reply, sizeof(struct ipv6hdr));
306 skb_set_transport_header(reply, 0);
307
308 na = (struct nd_msg *)skb_put(reply, sizeof(*na) + na_olen);
309
310 /* Neighbor Advertisement */
311 memset(na, 0, sizeof(*na) + na_olen);
312 na->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
313 na->icmph.icmp6_router = (n->flags & NTF_ROUTER) ? 1 : 0;
314 na->icmph.icmp6_override = 1;
315 na->icmph.icmp6_solicited = 1;
316 na->target = ns->target;
317 ether_addr_copy(&na->opt[2], n->ha);
318 na->opt[0] = ND_OPT_TARGET_LL_ADDR;
319 na->opt[1] = na_olen >> 3;
320
321 na->icmph.icmp6_cksum = csum_ipv6_magic(&pip6->saddr,
322 &pip6->daddr,
323 sizeof(*na) + na_olen,
324 IPPROTO_ICMPV6,
325 csum_partial(na, sizeof(*na) + na_olen, 0));
326
327 pip6->payload_len = htons(sizeof(*na) + na_olen);
328
329 skb_push(reply, sizeof(struct ipv6hdr));
330 skb_push(reply, sizeof(struct ethhdr));
331
332 reply->ip_summed = CHECKSUM_UNNECESSARY;
333
334 if (p)
335 vg = nbp_vlan_group_rcu(p);
336 else
337 vg = br_vlan_group_rcu(br);
338 pvid = br_get_pvid(vg);
339 if (pvid == (vlan_tci & VLAN_VID_MASK))
340 vlan_tci = 0;
341
342 if (vlan_tci)
343 __vlan_hwaccel_put_tag(reply, vlan_proto, vlan_tci);
344
345 netdev_dbg(dev, "nd send dev %s dst %pI6 dst_hw %pM src %pI6 src_hw %pM\n",
346 dev->name, &pip6->daddr, daddr, &pip6->saddr, n->ha);
347
348 if (p) {
349 dev_queue_xmit(reply);
350 } else {
351 skb_reset_mac_header(reply);
352 __skb_pull(reply, skb_network_offset(reply));
353 reply->ip_summed = CHECKSUM_UNNECESSARY;
354 reply->pkt_type = PACKET_HOST;
355
356 netif_rx_ni(reply);
357 }
358 }
359
360 static int br_chk_addr_ip6(struct net_device *dev, void *data)
361 {
362 struct in6_addr *addr = (struct in6_addr *)data;
363
364 if (ipv6_chk_addr(dev_net(dev), addr, dev, 0))
365 return 1;
366
367 return 0;
368 }
369
370 static bool br_is_local_ip6(struct net_device *dev, struct in6_addr *addr)
371
372 {
373 if (br_chk_addr_ip6(dev, addr))
374 return true;
375
376 /* check if ip is configured on upper dev */
377 if (netdev_walk_all_upper_dev_rcu(dev, br_chk_addr_ip6, addr))
378 return true;
379
380 return false;
381 }
382
383 void br_do_suppress_nd(struct sk_buff *skb, struct net_bridge *br,
384 u16 vid, struct net_bridge_port *p, struct nd_msg *msg)
385 {
386 struct net_device *dev = br->dev;
387 struct net_device *vlandev = NULL;
388 struct in6_addr *saddr, *daddr;
389 struct ipv6hdr *iphdr;
390 struct neighbour *n;
391
392 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 0;
393
394 if (p && (p->flags & BR_NEIGH_SUPPRESS))
395 return;
396
397 if (msg->icmph.icmp6_type == NDISC_NEIGHBOUR_ADVERTISEMENT &&
398 !msg->icmph.icmp6_solicited) {
399 /* prevent flooding to neigh suppress ports */
400 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
401 return;
402 }
403
404 if (msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION)
405 return;
406
407 iphdr = ipv6_hdr(skb);
408 saddr = &iphdr->saddr;
409 daddr = &iphdr->daddr;
410
411 if (ipv6_addr_any(saddr) || !ipv6_addr_cmp(saddr, daddr)) {
412 /* prevent flooding to neigh suppress ports */
413 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
414 return;
415 }
416
417 if (vid != 0) {
418 /* build neigh table lookup on the vlan device */
419 vlandev = __vlan_find_dev_deep_rcu(br->dev, skb->vlan_proto,
420 vid);
421 if (!vlandev)
422 return;
423 } else {
424 vlandev = dev;
425 }
426
427 if (br_is_local_ip6(vlandev, &msg->target)) {
428 /* its our own ip, so don't proxy reply
429 * and don't forward to arp suppress ports
430 */
431 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
432 return;
433 }
434
435 n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, vlandev);
436 if (n) {
437 struct net_bridge_fdb_entry *f;
438
439 if (!(n->nud_state & NUD_VALID)) {
440 neigh_release(n);
441 return;
442 }
443
444 f = br_fdb_find_rcu(br, n->ha, vid);
445 if (f) {
446 bool replied = false;
447
448 if (f->dst && (f->dst->flags & BR_NEIGH_SUPPRESS)) {
449 if (vid != 0)
450 br_nd_send(br, p, skb, n,
451 skb->vlan_proto,
452 skb_vlan_tag_get(skb), msg);
453 else
454 br_nd_send(br, p, skb, n, 0, 0, msg);
455 replied = true;
456 }
457
458 /* If we have replied or as long as we know the
459 * mac, indicate to NEIGH_SUPPRESS ports that we
460 * have replied
461 */
462 if (replied ||
463 br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED))
464 BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
465 }
466 neigh_release(n);
467 }
468 }
469 #endif
Linux with added FPC-III support