br_fdb.c 41 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Forwarding database
  4. * Linux ethernet bridge
  5. *
  6. * Authors:
  7. * Lennert Buytenhek <buytenh@gnu.org>
  8. */
  9. #include <linux/kernel.h>
  10. #include <linux/init.h>
  11. #include <linux/rculist.h>
  12. #include <linux/spinlock.h>
  13. #include <linux/times.h>
  14. #include <linux/netdevice.h>
  15. #include <linux/etherdevice.h>
  16. #include <linux/jhash.h>
  17. #include <linux/random.h>
  18. #include <linux/slab.h>
  19. #include <linux/atomic.h>
  20. #include <linux/unaligned.h>
  21. #include <linux/if_vlan.h>
  22. #include <net/switchdev.h>
  23. #include <trace/events/bridge.h>
  24. #include "br_private.h"
  25. static const struct rhashtable_params br_fdb_rht_params = {
  26. .head_offset = offsetof(struct net_bridge_fdb_entry, rhnode),
  27. .key_offset = offsetof(struct net_bridge_fdb_entry, key),
  28. .key_len = sizeof(struct net_bridge_fdb_key),
  29. .automatic_shrinking = true,
  30. };
  31. static struct kmem_cache *br_fdb_cache __read_mostly;
  32. int __init br_fdb_init(void)
  33. {
  34. br_fdb_cache = KMEM_CACHE(net_bridge_fdb_entry, SLAB_HWCACHE_ALIGN);
  35. if (!br_fdb_cache)
  36. return -ENOMEM;
  37. return 0;
  38. }
  39. void br_fdb_fini(void)
  40. {
  41. kmem_cache_destroy(br_fdb_cache);
  42. }
  43. int br_fdb_hash_init(struct net_bridge *br)
  44. {
  45. return rhashtable_init(&br->fdb_hash_tbl, &br_fdb_rht_params);
  46. }
  47. void br_fdb_hash_fini(struct net_bridge *br)
  48. {
  49. rhashtable_destroy(&br->fdb_hash_tbl);
  50. }
  51. /* if topology_changing then use forward_delay (default 15 sec)
  52. * otherwise keep longer (default 5 minutes)
  53. */
  54. static inline unsigned long hold_time(const struct net_bridge *br)
  55. {
  56. return br->topology_change ? br->forward_delay : br->ageing_time;
  57. }
  58. static inline int has_expired(const struct net_bridge *br,
  59. const struct net_bridge_fdb_entry *fdb)
  60. {
  61. return !test_bit(BR_FDB_STATIC, &fdb->flags) &&
  62. !test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags) &&
  63. time_before_eq(READ_ONCE(fdb->updated) + hold_time(br), jiffies);
  64. }
  65. static int fdb_to_nud(const struct net_bridge *br,
  66. const struct net_bridge_fdb_entry *fdb)
  67. {
  68. if (test_bit(BR_FDB_LOCAL, &fdb->flags))
  69. return NUD_PERMANENT;
  70. else if (test_bit(BR_FDB_STATIC, &fdb->flags))
  71. return NUD_NOARP;
  72. else if (has_expired(br, fdb))
  73. return NUD_STALE;
  74. else
  75. return NUD_REACHABLE;
  76. }
  77. static int fdb_fill_info(struct sk_buff *skb, const struct net_bridge *br,
  78. const struct net_bridge_fdb_entry *fdb,
  79. u32 portid, u32 seq, int type, unsigned int flags)
  80. {
  81. const struct net_bridge_port *dst = READ_ONCE(fdb->dst);
  82. unsigned long now = jiffies;
  83. struct nda_cacheinfo ci;
  84. struct nlmsghdr *nlh;
  85. struct ndmsg *ndm;
  86. u32 ext_flags = 0;
  87. nlh = nlmsg_put(skb, portid, seq, type, sizeof(*ndm), flags);
  88. if (nlh == NULL)
  89. return -EMSGSIZE;
  90. ndm = nlmsg_data(nlh);
  91. ndm->ndm_family = AF_BRIDGE;
  92. ndm->ndm_pad1 = 0;
  93. ndm->ndm_pad2 = 0;
  94. ndm->ndm_flags = 0;
  95. ndm->ndm_type = 0;
  96. ndm->ndm_ifindex = dst ? dst->dev->ifindex : br->dev->ifindex;
  97. ndm->ndm_state = fdb_to_nud(br, fdb);
  98. if (test_bit(BR_FDB_OFFLOADED, &fdb->flags))
  99. ndm->ndm_flags |= NTF_OFFLOADED;
  100. if (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags))
  101. ndm->ndm_flags |= NTF_EXT_LEARNED;
  102. if (test_bit(BR_FDB_STICKY, &fdb->flags))
  103. ndm->ndm_flags |= NTF_STICKY;
  104. if (test_bit(BR_FDB_LOCKED, &fdb->flags))
  105. ext_flags |= NTF_EXT_LOCKED;
  106. if (nla_put(skb, NDA_LLADDR, ETH_ALEN, &fdb->key.addr))
  107. goto nla_put_failure;
  108. if (nla_put_u32(skb, NDA_MASTER, br->dev->ifindex))
  109. goto nla_put_failure;
  110. if (nla_put_u32(skb, NDA_FLAGS_EXT, ext_flags))
  111. goto nla_put_failure;
  112. ci.ndm_used = jiffies_to_clock_t(now - READ_ONCE(fdb->used));
  113. ci.ndm_confirmed = 0;
  114. ci.ndm_updated = jiffies_to_clock_t(now - READ_ONCE(fdb->updated));
  115. ci.ndm_refcnt = 0;
  116. if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
  117. goto nla_put_failure;
  118. if (fdb->key.vlan_id && nla_put(skb, NDA_VLAN, sizeof(u16),
  119. &fdb->key.vlan_id))
  120. goto nla_put_failure;
  121. if (test_bit(BR_FDB_NOTIFY, &fdb->flags)) {
  122. struct nlattr *nest = nla_nest_start(skb, NDA_FDB_EXT_ATTRS);
  123. u8 notify_bits = FDB_NOTIFY_BIT;
  124. if (!nest)
  125. goto nla_put_failure;
  126. if (test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags))
  127. notify_bits |= FDB_NOTIFY_INACTIVE_BIT;
  128. if (nla_put_u8(skb, NFEA_ACTIVITY_NOTIFY, notify_bits)) {
  129. nla_nest_cancel(skb, nest);
  130. goto nla_put_failure;
  131. }
  132. nla_nest_end(skb, nest);
  133. }
  134. nlmsg_end(skb, nlh);
  135. return 0;
  136. nla_put_failure:
  137. nlmsg_cancel(skb, nlh);
  138. return -EMSGSIZE;
  139. }
  140. static inline size_t fdb_nlmsg_size(void)
  141. {
  142. return NLMSG_ALIGN(sizeof(struct ndmsg))
  143. + nla_total_size(ETH_ALEN) /* NDA_LLADDR */
  144. + nla_total_size(sizeof(u32)) /* NDA_MASTER */
  145. + nla_total_size(sizeof(u32)) /* NDA_FLAGS_EXT */
  146. + nla_total_size(sizeof(u16)) /* NDA_VLAN */
  147. + nla_total_size(sizeof(struct nda_cacheinfo))
  148. + nla_total_size(0) /* NDA_FDB_EXT_ATTRS */
  149. + nla_total_size(sizeof(u8)); /* NFEA_ACTIVITY_NOTIFY */
  150. }
  151. static void fdb_notify(struct net_bridge *br,
  152. const struct net_bridge_fdb_entry *fdb, int type,
  153. bool swdev_notify)
  154. {
  155. struct net *net = dev_net(br->dev);
  156. struct sk_buff *skb;
  157. int err = -ENOBUFS;
  158. if (swdev_notify)
  159. br_switchdev_fdb_notify(br, fdb, type);
  160. skb = nlmsg_new(fdb_nlmsg_size(), GFP_ATOMIC);
  161. if (skb == NULL)
  162. goto errout;
  163. err = fdb_fill_info(skb, br, fdb, 0, 0, type, 0);
  164. if (err < 0) {
  165. /* -EMSGSIZE implies BUG in fdb_nlmsg_size() */
  166. WARN_ON(err == -EMSGSIZE);
  167. kfree_skb(skb);
  168. goto errout;
  169. }
  170. rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
  171. return;
  172. errout:
  173. rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
  174. }
  175. static struct net_bridge_fdb_entry *fdb_find_rcu(struct rhashtable *tbl,
  176. const unsigned char *addr,
  177. __u16 vid)
  178. {
  179. struct net_bridge_fdb_key key;
  180. WARN_ON_ONCE(!rcu_read_lock_held());
  181. key.vlan_id = vid;
  182. memcpy(key.addr.addr, addr, sizeof(key.addr.addr));
  183. return rhashtable_lookup(tbl, &key, br_fdb_rht_params);
  184. }
  185. /* requires bridge hash_lock */
  186. static struct net_bridge_fdb_entry *br_fdb_find(struct net_bridge *br,
  187. const unsigned char *addr,
  188. __u16 vid)
  189. {
  190. struct net_bridge_fdb_entry *fdb;
  191. lockdep_assert_held_once(&br->hash_lock);
  192. rcu_read_lock();
  193. fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
  194. rcu_read_unlock();
  195. return fdb;
  196. }
  197. struct net_device *br_fdb_find_port(const struct net_device *br_dev,
  198. const unsigned char *addr,
  199. __u16 vid)
  200. {
  201. struct net_bridge_fdb_entry *f;
  202. struct net_device *dev = NULL;
  203. struct net_bridge *br;
  204. ASSERT_RTNL();
  205. if (!netif_is_bridge_master(br_dev))
  206. return NULL;
  207. br = netdev_priv(br_dev);
  208. rcu_read_lock();
  209. f = br_fdb_find_rcu(br, addr, vid);
  210. if (f && f->dst)
  211. dev = f->dst->dev;
  212. rcu_read_unlock();
  213. return dev;
  214. }
  215. EXPORT_SYMBOL_GPL(br_fdb_find_port);
  216. struct net_bridge_fdb_entry *br_fdb_find_rcu(struct net_bridge *br,
  217. const unsigned char *addr,
  218. __u16 vid)
  219. {
  220. return fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
  221. }
  222. /* When a static FDB entry is added, the mac address from the entry is
  223. * added to the bridge private HW address list and all required ports
  224. * are then updated with the new information.
  225. * Called under RTNL.
  226. */
  227. static void fdb_add_hw_addr(struct net_bridge *br, const unsigned char *addr)
  228. {
  229. int err;
  230. struct net_bridge_port *p;
  231. ASSERT_RTNL();
  232. list_for_each_entry(p, &br->port_list, list) {
  233. if (!br_promisc_port(p)) {
  234. err = dev_uc_add(p->dev, addr);
  235. if (err)
  236. goto undo;
  237. }
  238. }
  239. return;
  240. undo:
  241. list_for_each_entry_continue_reverse(p, &br->port_list, list) {
  242. if (!br_promisc_port(p))
  243. dev_uc_del(p->dev, addr);
  244. }
  245. }
  246. /* When a static FDB entry is deleted, the HW address from that entry is
  247. * also removed from the bridge private HW address list and updates all
  248. * the ports with needed information.
  249. * Called under RTNL.
  250. */
  251. static void fdb_del_hw_addr(struct net_bridge *br, const unsigned char *addr)
  252. {
  253. struct net_bridge_port *p;
  254. ASSERT_RTNL();
  255. list_for_each_entry(p, &br->port_list, list) {
  256. if (!br_promisc_port(p))
  257. dev_uc_del(p->dev, addr);
  258. }
  259. }
  260. static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f,
  261. bool swdev_notify)
  262. {
  263. trace_fdb_delete(br, f);
  264. if (test_bit(BR_FDB_STATIC, &f->flags))
  265. fdb_del_hw_addr(br, f->key.addr.addr);
  266. hlist_del_init_rcu(&f->fdb_node);
  267. rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode,
  268. br_fdb_rht_params);
  269. if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &f->flags))
  270. atomic_dec(&br->fdb_n_learned);
  271. fdb_notify(br, f, RTM_DELNEIGH, swdev_notify);
  272. kfree_rcu(f, rcu);
  273. }
  274. /* Delete a local entry if no other port had the same address.
  275. *
  276. * This function should only be called on entries with BR_FDB_LOCAL set,
  277. * so even with BR_FDB_ADDED_BY_USER cleared we never need to increase
  278. * the accounting for dynamically learned entries again.
  279. */
  280. static void fdb_delete_local(struct net_bridge *br,
  281. const struct net_bridge_port *p,
  282. struct net_bridge_fdb_entry *f)
  283. {
  284. const unsigned char *addr = f->key.addr.addr;
  285. struct net_bridge_vlan_group *vg;
  286. const struct net_bridge_vlan *v;
  287. struct net_bridge_port *op;
  288. u16 vid = f->key.vlan_id;
  289. /* Maybe another port has same hw addr? */
  290. list_for_each_entry(op, &br->port_list, list) {
  291. vg = nbp_vlan_group(op);
  292. if (op != p && ether_addr_equal(op->dev->dev_addr, addr) &&
  293. (!vid || br_vlan_find(vg, vid))) {
  294. f->dst = op;
  295. clear_bit(BR_FDB_ADDED_BY_USER, &f->flags);
  296. return;
  297. }
  298. }
  299. vg = br_vlan_group(br);
  300. v = br_vlan_find(vg, vid);
  301. /* Maybe bridge device has same hw addr? */
  302. if (p && ether_addr_equal(br->dev->dev_addr, addr) &&
  303. (!vid || (v && br_vlan_should_use(v)))) {
  304. f->dst = NULL;
  305. clear_bit(BR_FDB_ADDED_BY_USER, &f->flags);
  306. return;
  307. }
  308. fdb_delete(br, f, true);
  309. }
  310. void br_fdb_find_delete_local(struct net_bridge *br,
  311. const struct net_bridge_port *p,
  312. const unsigned char *addr, u16 vid)
  313. {
  314. struct net_bridge_fdb_entry *f;
  315. spin_lock_bh(&br->hash_lock);
  316. f = br_fdb_find(br, addr, vid);
  317. if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
  318. !test_bit(BR_FDB_ADDED_BY_USER, &f->flags) && f->dst == p)
  319. fdb_delete_local(br, p, f);
  320. spin_unlock_bh(&br->hash_lock);
  321. }
  322. static struct net_bridge_fdb_entry *fdb_create(struct net_bridge *br,
  323. struct net_bridge_port *source,
  324. const unsigned char *addr,
  325. __u16 vid,
  326. unsigned long flags)
  327. {
  328. bool learned = !test_bit(BR_FDB_ADDED_BY_USER, &flags) &&
  329. !test_bit(BR_FDB_LOCAL, &flags);
  330. u32 max_learned = READ_ONCE(br->fdb_max_learned);
  331. struct net_bridge_fdb_entry *fdb;
  332. int err;
  333. if (likely(learned)) {
  334. int n_learned = atomic_read(&br->fdb_n_learned);
  335. if (unlikely(max_learned && n_learned >= max_learned))
  336. return NULL;
  337. __set_bit(BR_FDB_DYNAMIC_LEARNED, &flags);
  338. }
  339. fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC);
  340. if (!fdb)
  341. return NULL;
  342. memcpy(fdb->key.addr.addr, addr, ETH_ALEN);
  343. WRITE_ONCE(fdb->dst, source);
  344. fdb->key.vlan_id = vid;
  345. fdb->flags = flags;
  346. fdb->updated = fdb->used = jiffies;
  347. err = rhashtable_lookup_insert_fast(&br->fdb_hash_tbl, &fdb->rhnode,
  348. br_fdb_rht_params);
  349. if (err) {
  350. kmem_cache_free(br_fdb_cache, fdb);
  351. return NULL;
  352. }
  353. if (likely(learned))
  354. atomic_inc(&br->fdb_n_learned);
  355. hlist_add_head_rcu(&fdb->fdb_node, &br->fdb_list);
  356. return fdb;
  357. }
  358. static int fdb_add_local(struct net_bridge *br, struct net_bridge_port *source,
  359. const unsigned char *addr, u16 vid)
  360. {
  361. struct net_bridge_fdb_entry *fdb;
  362. if (!is_valid_ether_addr(addr))
  363. return -EINVAL;
  364. fdb = br_fdb_find(br, addr, vid);
  365. if (fdb) {
  366. /* it is okay to have multiple ports with same
  367. * address, just use the first one.
  368. */
  369. if (test_bit(BR_FDB_LOCAL, &fdb->flags))
  370. return 0;
  371. br_warn(br, "adding interface %s with same address as a received packet (addr:%pM, vlan:%u)\n",
  372. source ? source->dev->name : br->dev->name, addr, vid);
  373. fdb_delete(br, fdb, true);
  374. }
  375. fdb = fdb_create(br, source, addr, vid,
  376. BIT(BR_FDB_LOCAL) | BIT(BR_FDB_STATIC));
  377. if (!fdb)
  378. return -ENOMEM;
  379. fdb_add_hw_addr(br, addr);
  380. fdb_notify(br, fdb, RTM_NEWNEIGH, true);
  381. return 0;
  382. }
  383. void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr)
  384. {
  385. struct net_bridge_vlan_group *vg;
  386. struct net_bridge_fdb_entry *f;
  387. struct net_bridge *br = p->br;
  388. struct net_bridge_vlan *v;
  389. bool local_vlan_0;
  390. local_vlan_0 = br_opt_get(br, BROPT_FDB_LOCAL_VLAN_0);
  391. spin_lock_bh(&br->hash_lock);
  392. vg = nbp_vlan_group(p);
  393. hlist_for_each_entry(f, &br->fdb_list, fdb_node) {
  394. if (f->dst == p && test_bit(BR_FDB_LOCAL, &f->flags) &&
  395. !test_bit(BR_FDB_ADDED_BY_USER, &f->flags)) {
  396. /* delete old one */
  397. fdb_delete_local(br, p, f);
  398. /* if this port has no vlan information configured, or
  399. * local entries are only kept on VLAN 0, we can safely
  400. * be done at this point.
  401. */
  402. if (!vg || !vg->num_vlans || local_vlan_0)
  403. goto insert;
  404. }
  405. }
  406. insert:
  407. /* insert new address, may fail if invalid address or dup. */
  408. fdb_add_local(br, p, newaddr, 0);
  409. if (!vg || !vg->num_vlans || local_vlan_0)
  410. goto done;
  411. /* Now add entries for every VLAN configured on the port.
  412. * This function runs under RTNL so the bitmap will not change
  413. * from under us.
  414. */
  415. list_for_each_entry(v, &vg->vlan_list, vlist)
  416. fdb_add_local(br, p, newaddr, v->vid);
  417. done:
  418. spin_unlock_bh(&br->hash_lock);
  419. }
  420. void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr)
  421. {
  422. struct net_bridge_vlan_group *vg;
  423. struct net_bridge_fdb_entry *f;
  424. struct net_bridge_vlan *v;
  425. bool local_vlan_0;
  426. local_vlan_0 = br_opt_get(br, BROPT_FDB_LOCAL_VLAN_0);
  427. spin_lock_bh(&br->hash_lock);
  428. /* If old entry was unassociated with any port, then delete it. */
  429. f = br_fdb_find(br, br->dev->dev_addr, 0);
  430. if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
  431. !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags))
  432. fdb_delete_local(br, NULL, f);
  433. fdb_add_local(br, NULL, newaddr, 0);
  434. vg = br_vlan_group(br);
  435. if (!vg || !vg->num_vlans || local_vlan_0)
  436. goto out;
  437. /* Now remove and add entries for every VLAN configured on the
  438. * bridge. This function runs under RTNL so the bitmap will not
  439. * change from under us.
  440. */
  441. list_for_each_entry(v, &vg->vlan_list, vlist) {
  442. if (!br_vlan_should_use(v))
  443. continue;
  444. f = br_fdb_find(br, br->dev->dev_addr, v->vid);
  445. if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
  446. !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags))
  447. fdb_delete_local(br, NULL, f);
  448. fdb_add_local(br, NULL, newaddr, v->vid);
  449. }
  450. out:
  451. spin_unlock_bh(&br->hash_lock);
  452. }
  453. void br_fdb_cleanup(struct work_struct *work)
  454. {
  455. struct net_bridge *br = container_of(work, struct net_bridge,
  456. gc_work.work);
  457. struct net_bridge_fdb_entry *f = NULL;
  458. unsigned long delay = hold_time(br);
  459. unsigned long work_delay = delay;
  460. unsigned long now = jiffies;
  461. /* this part is tricky, in order to avoid blocking learning and
  462. * consequently forwarding, we rely on rcu to delete objects with
  463. * delayed freeing allowing us to continue traversing
  464. */
  465. rcu_read_lock();
  466. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  467. unsigned long this_timer = READ_ONCE(f->updated) + delay;
  468. if (test_bit(BR_FDB_STATIC, &f->flags) ||
  469. test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags)) {
  470. if (test_bit(BR_FDB_NOTIFY, &f->flags)) {
  471. if (time_after(this_timer, now))
  472. work_delay = min(work_delay,
  473. this_timer - now);
  474. else if (!test_and_set_bit(BR_FDB_NOTIFY_INACTIVE,
  475. &f->flags))
  476. fdb_notify(br, f, RTM_NEWNEIGH, false);
  477. }
  478. continue;
  479. }
  480. if (time_after(this_timer, now)) {
  481. work_delay = min(work_delay, this_timer - now);
  482. } else {
  483. spin_lock_bh(&br->hash_lock);
  484. if (!hlist_unhashed(&f->fdb_node))
  485. fdb_delete(br, f, true);
  486. spin_unlock_bh(&br->hash_lock);
  487. }
  488. }
  489. rcu_read_unlock();
  490. /* Cleanup minimum 10 milliseconds apart */
  491. work_delay = max_t(unsigned long, work_delay, msecs_to_jiffies(10));
  492. mod_delayed_work(system_long_wq, &br->gc_work, work_delay);
  493. }
  494. static void br_fdb_delete_locals_per_vlan_port(struct net_bridge *br,
  495. struct net_bridge_port *p)
  496. {
  497. struct net_bridge_vlan_group *vg;
  498. struct net_bridge_vlan *v;
  499. struct net_device *dev;
  500. if (p) {
  501. vg = nbp_vlan_group(p);
  502. dev = p->dev;
  503. } else {
  504. vg = br_vlan_group(br);
  505. dev = br->dev;
  506. }
  507. if (!vg)
  508. return;
  509. list_for_each_entry(v, &vg->vlan_list, vlist)
  510. br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
  511. }
  512. static void br_fdb_delete_locals_per_vlan(struct net_bridge *br)
  513. {
  514. struct net_bridge_port *p;
  515. ASSERT_RTNL();
  516. list_for_each_entry(p, &br->port_list, list)
  517. br_fdb_delete_locals_per_vlan_port(br, p);
  518. br_fdb_delete_locals_per_vlan_port(br, NULL);
  519. }
  520. static int br_fdb_insert_locals_per_vlan_port(struct net_bridge *br,
  521. struct net_bridge_port *p,
  522. struct netlink_ext_ack *extack)
  523. {
  524. struct net_bridge_vlan_group *vg;
  525. struct net_bridge_vlan *v;
  526. struct net_device *dev;
  527. int err;
  528. if (p) {
  529. vg = nbp_vlan_group(p);
  530. dev = p->dev;
  531. } else {
  532. vg = br_vlan_group(br);
  533. dev = br->dev;
  534. }
  535. if (!vg)
  536. return 0;
  537. list_for_each_entry(v, &vg->vlan_list, vlist) {
  538. if (!br_vlan_should_use(v))
  539. continue;
  540. err = br_fdb_add_local(br, p, dev->dev_addr, v->vid);
  541. if (err)
  542. return err;
  543. }
  544. return 0;
  545. }
  546. static int br_fdb_insert_locals_per_vlan(struct net_bridge *br,
  547. struct netlink_ext_ack *extack)
  548. {
  549. struct net_bridge_port *p;
  550. int err;
  551. ASSERT_RTNL();
  552. list_for_each_entry(p, &br->port_list, list) {
  553. err = br_fdb_insert_locals_per_vlan_port(br, p, extack);
  554. if (err)
  555. goto rollback;
  556. }
  557. err = br_fdb_insert_locals_per_vlan_port(br, NULL, extack);
  558. if (err)
  559. goto rollback;
  560. return 0;
  561. rollback:
  562. NL_SET_ERR_MSG_MOD(extack, "fdb_local_vlan_0 toggle: FDB entry insertion failed");
  563. br_fdb_delete_locals_per_vlan(br);
  564. return err;
  565. }
  566. int br_fdb_toggle_local_vlan_0(struct net_bridge *br, bool on,
  567. struct netlink_ext_ack *extack)
  568. {
  569. if (!on)
  570. return br_fdb_insert_locals_per_vlan(br, extack);
  571. br_fdb_delete_locals_per_vlan(br);
  572. return 0;
  573. }
  574. static bool __fdb_flush_matches(const struct net_bridge *br,
  575. const struct net_bridge_fdb_entry *f,
  576. const struct net_bridge_fdb_flush_desc *desc)
  577. {
  578. const struct net_bridge_port *dst = READ_ONCE(f->dst);
  579. int port_ifidx = dst ? dst->dev->ifindex : br->dev->ifindex;
  580. if (desc->vlan_id && desc->vlan_id != f->key.vlan_id)
  581. return false;
  582. if (desc->port_ifindex && desc->port_ifindex != port_ifidx)
  583. return false;
  584. if (desc->flags_mask && (f->flags & desc->flags_mask) != desc->flags)
  585. return false;
  586. return true;
  587. }
  588. /* Flush forwarding database entries matching the description */
  589. void br_fdb_flush(struct net_bridge *br,
  590. const struct net_bridge_fdb_flush_desc *desc)
  591. {
  592. struct net_bridge_fdb_entry *f;
  593. rcu_read_lock();
  594. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  595. if (!__fdb_flush_matches(br, f, desc))
  596. continue;
  597. spin_lock_bh(&br->hash_lock);
  598. if (!hlist_unhashed(&f->fdb_node))
  599. fdb_delete(br, f, true);
  600. spin_unlock_bh(&br->hash_lock);
  601. }
  602. rcu_read_unlock();
  603. }
  604. static unsigned long __ndm_state_to_fdb_flags(u16 ndm_state)
  605. {
  606. unsigned long flags = 0;
  607. if (ndm_state & NUD_PERMANENT)
  608. __set_bit(BR_FDB_LOCAL, &flags);
  609. if (ndm_state & NUD_NOARP)
  610. __set_bit(BR_FDB_STATIC, &flags);
  611. return flags;
  612. }
  613. static unsigned long __ndm_flags_to_fdb_flags(u8 ndm_flags)
  614. {
  615. unsigned long flags = 0;
  616. if (ndm_flags & NTF_USE)
  617. __set_bit(BR_FDB_ADDED_BY_USER, &flags);
  618. if (ndm_flags & NTF_EXT_LEARNED)
  619. __set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &flags);
  620. if (ndm_flags & NTF_OFFLOADED)
  621. __set_bit(BR_FDB_OFFLOADED, &flags);
  622. if (ndm_flags & NTF_STICKY)
  623. __set_bit(BR_FDB_STICKY, &flags);
  624. return flags;
  625. }
  626. static int __fdb_flush_validate_ifindex(const struct net_bridge *br,
  627. int ifindex,
  628. struct netlink_ext_ack *extack)
  629. {
  630. const struct net_device *dev;
  631. dev = __dev_get_by_index(dev_net(br->dev), ifindex);
  632. if (!dev) {
  633. NL_SET_ERR_MSG_MOD(extack, "Unknown flush device ifindex");
  634. return -ENODEV;
  635. }
  636. if (!netif_is_bridge_master(dev) && !netif_is_bridge_port(dev)) {
  637. NL_SET_ERR_MSG_MOD(extack, "Flush device is not a bridge or bridge port");
  638. return -EINVAL;
  639. }
  640. if (netif_is_bridge_master(dev) && dev != br->dev) {
  641. NL_SET_ERR_MSG_MOD(extack,
  642. "Flush bridge device does not match target bridge device");
  643. return -EINVAL;
  644. }
  645. if (netif_is_bridge_port(dev)) {
  646. struct net_bridge_port *p = br_port_get_rtnl(dev);
  647. if (p->br != br) {
  648. NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
  649. return -EINVAL;
  650. }
  651. }
  652. return 0;
  653. }
  654. static const struct nla_policy br_fdb_del_bulk_policy[NDA_MAX + 1] = {
  655. [NDA_VLAN] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
  656. [NDA_IFINDEX] = NLA_POLICY_MIN(NLA_S32, 1),
  657. [NDA_NDM_STATE_MASK] = { .type = NLA_U16 },
  658. [NDA_NDM_FLAGS_MASK] = { .type = NLA_U8 },
  659. };
  660. int br_fdb_delete_bulk(struct nlmsghdr *nlh, struct net_device *dev,
  661. struct netlink_ext_ack *extack)
  662. {
  663. struct net_bridge_fdb_flush_desc desc = {};
  664. struct ndmsg *ndm = nlmsg_data(nlh);
  665. struct net_bridge_port *p = NULL;
  666. struct nlattr *tb[NDA_MAX + 1];
  667. struct net_bridge *br;
  668. u8 ndm_flags;
  669. int err;
  670. ndm_flags = ndm->ndm_flags & ~FDB_FLUSH_IGNORED_NDM_FLAGS;
  671. err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX,
  672. br_fdb_del_bulk_policy, extack);
  673. if (err)
  674. return err;
  675. if (netif_is_bridge_master(dev)) {
  676. br = netdev_priv(dev);
  677. } else {
  678. p = br_port_get_rtnl(dev);
  679. if (!p) {
  680. NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge port");
  681. return -EINVAL;
  682. }
  683. br = p->br;
  684. }
  685. if (tb[NDA_VLAN])
  686. desc.vlan_id = nla_get_u16(tb[NDA_VLAN]);
  687. if (ndm_flags & ~FDB_FLUSH_ALLOWED_NDM_FLAGS) {
  688. NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm flag bits set");
  689. return -EINVAL;
  690. }
  691. if (ndm->ndm_state & ~FDB_FLUSH_ALLOWED_NDM_STATES) {
  692. NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm state bits set");
  693. return -EINVAL;
  694. }
  695. desc.flags |= __ndm_state_to_fdb_flags(ndm->ndm_state);
  696. desc.flags |= __ndm_flags_to_fdb_flags(ndm_flags);
  697. if (tb[NDA_NDM_STATE_MASK]) {
  698. u16 ndm_state_mask = nla_get_u16(tb[NDA_NDM_STATE_MASK]);
  699. desc.flags_mask |= __ndm_state_to_fdb_flags(ndm_state_mask);
  700. }
  701. if (tb[NDA_NDM_FLAGS_MASK]) {
  702. u8 ndm_flags_mask = nla_get_u8(tb[NDA_NDM_FLAGS_MASK]);
  703. desc.flags_mask |= __ndm_flags_to_fdb_flags(ndm_flags_mask);
  704. }
  705. if (tb[NDA_IFINDEX]) {
  706. int ifidx = nla_get_s32(tb[NDA_IFINDEX]);
  707. err = __fdb_flush_validate_ifindex(br, ifidx, extack);
  708. if (err)
  709. return err;
  710. desc.port_ifindex = ifidx;
  711. } else if (p) {
  712. /* flush was invoked with port device and NTF_MASTER */
  713. desc.port_ifindex = p->dev->ifindex;
  714. }
  715. br_debug(br, "flushing port ifindex: %d vlan id: %u flags: 0x%lx flags mask: 0x%lx\n",
  716. desc.port_ifindex, desc.vlan_id, desc.flags, desc.flags_mask);
  717. br_fdb_flush(br, &desc);
  718. return 0;
  719. }
  720. /* Flush all entries referring to a specific port.
  721. * if do_all is set also flush static entries
  722. * if vid is set delete all entries that match the vlan_id
  723. */
  724. void br_fdb_delete_by_port(struct net_bridge *br,
  725. const struct net_bridge_port *p,
  726. u16 vid,
  727. int do_all)
  728. {
  729. struct net_bridge_fdb_entry *f;
  730. struct hlist_node *tmp;
  731. spin_lock_bh(&br->hash_lock);
  732. hlist_for_each_entry_safe(f, tmp, &br->fdb_list, fdb_node) {
  733. if (f->dst != p)
  734. continue;
  735. if (!do_all)
  736. if (test_bit(BR_FDB_STATIC, &f->flags) ||
  737. (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags) &&
  738. !test_bit(BR_FDB_OFFLOADED, &f->flags)) ||
  739. (vid && f->key.vlan_id != vid))
  740. continue;
  741. if (test_bit(BR_FDB_LOCAL, &f->flags))
  742. fdb_delete_local(br, p, f);
  743. else
  744. fdb_delete(br, f, true);
  745. }
  746. spin_unlock_bh(&br->hash_lock);
  747. }
  748. #if IS_ENABLED(CONFIG_ATM_LANE)
  749. /* Interface used by ATM LANE hook to test
  750. * if an addr is on some other bridge port */
  751. int br_fdb_test_addr(struct net_device *dev, unsigned char *addr)
  752. {
  753. struct net_bridge_fdb_entry *fdb;
  754. struct net_bridge_port *port;
  755. int ret;
  756. rcu_read_lock();
  757. port = br_port_get_rcu(dev);
  758. if (!port)
  759. ret = 0;
  760. else {
  761. const struct net_bridge_port *dst = NULL;
  762. fdb = br_fdb_find_rcu(port->br, addr, 0);
  763. if (fdb)
  764. dst = READ_ONCE(fdb->dst);
  765. ret = dst && dst->dev != dev &&
  766. dst->state == BR_STATE_FORWARDING;
  767. }
  768. rcu_read_unlock();
  769. return ret;
  770. }
  771. #endif /* CONFIG_ATM_LANE */
  772. /*
  773. * Fill buffer with forwarding table records in
  774. * the API format.
  775. */
  776. int br_fdb_fillbuf(struct net_bridge *br, void *buf,
  777. unsigned long maxnum, unsigned long skip)
  778. {
  779. struct net_bridge_fdb_entry *f;
  780. struct __fdb_entry *fe = buf;
  781. unsigned long delta;
  782. int num = 0;
  783. memset(buf, 0, maxnum*sizeof(struct __fdb_entry));
  784. rcu_read_lock();
  785. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  786. if (num >= maxnum)
  787. break;
  788. if (has_expired(br, f))
  789. continue;
  790. /* ignore pseudo entry for local MAC address */
  791. if (!f->dst)
  792. continue;
  793. if (skip) {
  794. --skip;
  795. continue;
  796. }
  797. /* convert from internal format to API */
  798. memcpy(fe->mac_addr, f->key.addr.addr, ETH_ALEN);
  799. /* due to ABI compat need to split into hi/lo */
  800. fe->port_no = f->dst->port_no;
  801. fe->port_hi = f->dst->port_no >> 8;
  802. fe->is_local = test_bit(BR_FDB_LOCAL, &f->flags);
  803. if (!test_bit(BR_FDB_STATIC, &f->flags)) {
  804. delta = jiffies - READ_ONCE(f->updated);
  805. fe->ageing_timer_value =
  806. jiffies_delta_to_clock_t(delta);
  807. }
  808. ++fe;
  809. ++num;
  810. }
  811. rcu_read_unlock();
  812. return num;
  813. }
  814. /* Add entry for local address of interface */
  815. int br_fdb_add_local(struct net_bridge *br, struct net_bridge_port *source,
  816. const unsigned char *addr, u16 vid)
  817. {
  818. int ret;
  819. spin_lock_bh(&br->hash_lock);
  820. ret = fdb_add_local(br, source, addr, vid);
  821. spin_unlock_bh(&br->hash_lock);
  822. return ret;
  823. }
  824. /* returns true if the fdb was modified */
  825. static bool __fdb_mark_active(struct net_bridge_fdb_entry *fdb)
  826. {
  827. return !!(test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags) &&
  828. test_and_clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags));
  829. }
  830. void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
  831. const unsigned char *addr, u16 vid, unsigned long flags)
  832. {
  833. struct net_bridge_fdb_entry *fdb;
  834. /* some users want to always flood. */
  835. if (hold_time(br) == 0)
  836. return;
  837. fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
  838. if (likely(fdb)) {
  839. /* attempt to update an entry for a local interface */
  840. if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) {
  841. if (net_ratelimit())
  842. br_warn(br, "received packet on %s with own address as source address (addr:%pM, vlan:%u)\n",
  843. source->dev->name, addr, vid);
  844. } else {
  845. unsigned long now = jiffies;
  846. bool fdb_modified = false;
  847. if (now != READ_ONCE(fdb->updated)) {
  848. WRITE_ONCE(fdb->updated, now);
  849. fdb_modified = __fdb_mark_active(fdb);
  850. }
  851. /* fastpath: update of existing entry */
  852. if (unlikely(source != READ_ONCE(fdb->dst) &&
  853. !test_bit(BR_FDB_STICKY, &fdb->flags))) {
  854. br_switchdev_fdb_notify(br, fdb, RTM_DELNEIGH);
  855. WRITE_ONCE(fdb->dst, source);
  856. fdb_modified = true;
  857. /* Take over HW learned entry */
  858. if (unlikely(test_bit(BR_FDB_ADDED_BY_EXT_LEARN,
  859. &fdb->flags)))
  860. clear_bit(BR_FDB_ADDED_BY_EXT_LEARN,
  861. &fdb->flags);
  862. /* Clear locked flag when roaming to an
  863. * unlocked port.
  864. */
  865. if (unlikely(test_bit(BR_FDB_LOCKED, &fdb->flags)))
  866. clear_bit(BR_FDB_LOCKED, &fdb->flags);
  867. }
  868. if (unlikely(test_bit(BR_FDB_ADDED_BY_USER, &flags))) {
  869. set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
  870. if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED,
  871. &fdb->flags))
  872. atomic_dec(&br->fdb_n_learned);
  873. }
  874. if (unlikely(fdb_modified)) {
  875. trace_br_fdb_update(br, source, addr, vid, flags);
  876. fdb_notify(br, fdb, RTM_NEWNEIGH, true);
  877. }
  878. }
  879. } else {
  880. spin_lock(&br->hash_lock);
  881. fdb = fdb_create(br, source, addr, vid, flags);
  882. if (fdb) {
  883. trace_br_fdb_update(br, source, addr, vid, flags);
  884. fdb_notify(br, fdb, RTM_NEWNEIGH, true);
  885. }
  886. /* else we lose race and someone else inserts
  887. * it first, don't bother updating
  888. */
  889. spin_unlock(&br->hash_lock);
  890. }
  891. }
  892. /* Dump information about entries, in response to GETNEIGH */
  893. int br_fdb_dump(struct sk_buff *skb,
  894. struct netlink_callback *cb,
  895. struct net_device *dev,
  896. struct net_device *filter_dev,
  897. int *idx)
  898. {
  899. struct ndo_fdb_dump_context *ctx = (void *)cb->ctx;
  900. struct net_bridge *br = netdev_priv(dev);
  901. struct net_bridge_fdb_entry *f;
  902. int err = 0;
  903. if (!netif_is_bridge_master(dev))
  904. return err;
  905. if (!filter_dev) {
  906. err = ndo_dflt_fdb_dump(skb, cb, dev, NULL, idx);
  907. if (err < 0)
  908. return err;
  909. }
  910. rcu_read_lock();
  911. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  912. if (*idx < ctx->fdb_idx)
  913. goto skip;
  914. if (filter_dev && (!f->dst || f->dst->dev != filter_dev)) {
  915. if (filter_dev != dev)
  916. goto skip;
  917. /* !f->dst is a special case for bridge
  918. * It means the MAC belongs to the bridge
  919. * Therefore need a little more filtering
  920. * we only want to dump the !f->dst case
  921. */
  922. if (f->dst)
  923. goto skip;
  924. }
  925. if (!filter_dev && f->dst)
  926. goto skip;
  927. err = fdb_fill_info(skb, br, f,
  928. NETLINK_CB(cb->skb).portid,
  929. cb->nlh->nlmsg_seq,
  930. RTM_NEWNEIGH,
  931. NLM_F_MULTI);
  932. if (err < 0)
  933. break;
  934. skip:
  935. *idx += 1;
  936. }
  937. rcu_read_unlock();
  938. return err;
  939. }
  940. int br_fdb_get(struct sk_buff *skb,
  941. struct nlattr *tb[],
  942. struct net_device *dev,
  943. const unsigned char *addr,
  944. u16 vid, u32 portid, u32 seq,
  945. struct netlink_ext_ack *extack)
  946. {
  947. struct net_bridge *br = netdev_priv(dev);
  948. struct net_bridge_fdb_entry *f;
  949. int err = 0;
  950. rcu_read_lock();
  951. f = br_fdb_find_rcu(br, addr, vid);
  952. if (!f) {
  953. NL_SET_ERR_MSG(extack, "Fdb entry not found");
  954. err = -ENOENT;
  955. goto errout;
  956. }
  957. err = fdb_fill_info(skb, br, f, portid, seq,
  958. RTM_NEWNEIGH, 0);
  959. errout:
  960. rcu_read_unlock();
  961. return err;
  962. }
  963. /* returns true if the fdb is modified */
  964. static bool fdb_handle_notify(struct net_bridge_fdb_entry *fdb, u8 notify)
  965. {
  966. bool modified = false;
  967. /* allow to mark an entry as inactive, usually done on creation */
  968. if ((notify & FDB_NOTIFY_INACTIVE_BIT) &&
  969. !test_and_set_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags))
  970. modified = true;
  971. if ((notify & FDB_NOTIFY_BIT) &&
  972. !test_and_set_bit(BR_FDB_NOTIFY, &fdb->flags)) {
  973. /* enabled activity tracking */
  974. modified = true;
  975. } else if (!(notify & FDB_NOTIFY_BIT) &&
  976. test_and_clear_bit(BR_FDB_NOTIFY, &fdb->flags)) {
  977. /* disabled activity tracking, clear notify state */
  978. clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags);
  979. modified = true;
  980. }
  981. return modified;
  982. }
  983. /* Update (create or replace) forwarding database entry */
  984. static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source,
  985. const u8 *addr, struct ndmsg *ndm, u16 flags, u16 vid,
  986. struct nlattr *nfea_tb[])
  987. {
  988. bool is_sticky = !!(ndm->ndm_flags & NTF_STICKY);
  989. bool refresh = !nfea_tb[NFEA_DONT_REFRESH];
  990. struct net_bridge_fdb_entry *fdb;
  991. u16 state = ndm->ndm_state;
  992. bool modified = false;
  993. u8 notify = 0;
  994. /* If the port cannot learn allow only local and static entries */
  995. if (source && !(state & NUD_PERMANENT) && !(state & NUD_NOARP) &&
  996. !(source->state == BR_STATE_LEARNING ||
  997. source->state == BR_STATE_FORWARDING))
  998. return -EPERM;
  999. if (!source && !(state & NUD_PERMANENT)) {
  1000. pr_info("bridge: RTM_NEWNEIGH %s without NUD_PERMANENT\n",
  1001. br->dev->name);
  1002. return -EINVAL;
  1003. }
  1004. if (is_sticky && (state & NUD_PERMANENT))
  1005. return -EINVAL;
  1006. if (nfea_tb[NFEA_ACTIVITY_NOTIFY]) {
  1007. notify = nla_get_u8(nfea_tb[NFEA_ACTIVITY_NOTIFY]);
  1008. if ((notify & ~BR_FDB_NOTIFY_SETTABLE_BITS) ||
  1009. (notify & BR_FDB_NOTIFY_SETTABLE_BITS) == FDB_NOTIFY_INACTIVE_BIT)
  1010. return -EINVAL;
  1011. }
  1012. fdb = br_fdb_find(br, addr, vid);
  1013. if (fdb == NULL) {
  1014. if (!(flags & NLM_F_CREATE))
  1015. return -ENOENT;
  1016. fdb = fdb_create(br, source, addr, vid,
  1017. BIT(BR_FDB_ADDED_BY_USER));
  1018. if (!fdb)
  1019. return -ENOMEM;
  1020. modified = true;
  1021. } else {
  1022. if (flags & NLM_F_EXCL)
  1023. return -EEXIST;
  1024. if (READ_ONCE(fdb->dst) != source) {
  1025. WRITE_ONCE(fdb->dst, source);
  1026. modified = true;
  1027. }
  1028. set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
  1029. if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags))
  1030. atomic_dec(&br->fdb_n_learned);
  1031. }
  1032. if (fdb_to_nud(br, fdb) != state) {
  1033. if (state & NUD_PERMANENT) {
  1034. set_bit(BR_FDB_LOCAL, &fdb->flags);
  1035. if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags))
  1036. fdb_add_hw_addr(br, addr);
  1037. } else if (state & NUD_NOARP) {
  1038. clear_bit(BR_FDB_LOCAL, &fdb->flags);
  1039. if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags))
  1040. fdb_add_hw_addr(br, addr);
  1041. } else {
  1042. clear_bit(BR_FDB_LOCAL, &fdb->flags);
  1043. if (test_and_clear_bit(BR_FDB_STATIC, &fdb->flags))
  1044. fdb_del_hw_addr(br, addr);
  1045. }
  1046. modified = true;
  1047. }
  1048. if (is_sticky != test_bit(BR_FDB_STICKY, &fdb->flags)) {
  1049. change_bit(BR_FDB_STICKY, &fdb->flags);
  1050. modified = true;
  1051. }
  1052. if (test_and_clear_bit(BR_FDB_LOCKED, &fdb->flags))
  1053. modified = true;
  1054. if (fdb_handle_notify(fdb, notify))
  1055. modified = true;
  1056. WRITE_ONCE(fdb->used, jiffies);
  1057. if (modified) {
  1058. if (refresh)
  1059. WRITE_ONCE(fdb->updated, jiffies);
  1060. fdb_notify(br, fdb, RTM_NEWNEIGH, true);
  1061. }
  1062. return 0;
  1063. }
  1064. static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
  1065. struct net_bridge_port *p, const unsigned char *addr,
  1066. u16 nlh_flags, u16 vid, struct nlattr *nfea_tb[],
  1067. bool *notified, struct netlink_ext_ack *extack)
  1068. {
  1069. int err = 0;
  1070. if (ndm->ndm_flags & NTF_USE) {
  1071. if (!p) {
  1072. pr_info("bridge: RTM_NEWNEIGH %s with NTF_USE is not supported\n",
  1073. br->dev->name);
  1074. return -EINVAL;
  1075. }
  1076. if (!nbp_state_should_learn(p))
  1077. return 0;
  1078. local_bh_disable();
  1079. rcu_read_lock();
  1080. br_fdb_update(br, p, addr, vid, BIT(BR_FDB_ADDED_BY_USER));
  1081. rcu_read_unlock();
  1082. local_bh_enable();
  1083. } else if (ndm->ndm_flags & NTF_EXT_LEARNED) {
  1084. if (!p && !(ndm->ndm_state & NUD_PERMANENT)) {
  1085. NL_SET_ERR_MSG_MOD(extack,
  1086. "FDB entry towards bridge must be permanent");
  1087. return -EINVAL;
  1088. }
  1089. err = br_fdb_external_learn_add(br, p, addr, vid, false, true);
  1090. } else {
  1091. spin_lock_bh(&br->hash_lock);
  1092. err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
  1093. spin_unlock_bh(&br->hash_lock);
  1094. }
  1095. if (!err)
  1096. *notified = true;
  1097. return err;
  1098. }
  1099. static const struct nla_policy br_nda_fdb_pol[NFEA_MAX + 1] = {
  1100. [NFEA_ACTIVITY_NOTIFY] = { .type = NLA_U8 },
  1101. [NFEA_DONT_REFRESH] = { .type = NLA_FLAG },
  1102. };
  1103. /* Add new permanent fdb entry with RTM_NEWNEIGH */
  1104. int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
  1105. struct net_device *dev,
  1106. const unsigned char *addr, u16 vid, u16 nlh_flags,
  1107. bool *notified, struct netlink_ext_ack *extack)
  1108. {
  1109. struct nlattr *nfea_tb[NFEA_MAX + 1], *attr;
  1110. struct net_bridge_vlan_group *vg;
  1111. struct net_bridge_port *p = NULL;
  1112. struct net_bridge_vlan *v;
  1113. struct net_bridge *br = NULL;
  1114. u32 ext_flags = 0;
  1115. int err = 0;
  1116. trace_br_fdb_add(ndm, dev, addr, vid, nlh_flags);
  1117. if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE))) {
  1118. pr_info("bridge: RTM_NEWNEIGH with invalid state %#x\n", ndm->ndm_state);
  1119. return -EINVAL;
  1120. }
  1121. if (is_zero_ether_addr(addr)) {
  1122. pr_info("bridge: RTM_NEWNEIGH with invalid ether address\n");
  1123. return -EINVAL;
  1124. }
  1125. if (netif_is_bridge_master(dev)) {
  1126. br = netdev_priv(dev);
  1127. vg = br_vlan_group(br);
  1128. } else {
  1129. p = br_port_get_rtnl(dev);
  1130. if (!p) {
  1131. pr_info("bridge: RTM_NEWNEIGH %s not a bridge port\n",
  1132. dev->name);
  1133. return -EINVAL;
  1134. }
  1135. br = p->br;
  1136. vg = nbp_vlan_group(p);
  1137. }
  1138. if (tb[NDA_FLAGS_EXT])
  1139. ext_flags = nla_get_u32(tb[NDA_FLAGS_EXT]);
  1140. if (ext_flags & NTF_EXT_LOCKED) {
  1141. NL_SET_ERR_MSG_MOD(extack, "Cannot add FDB entry with \"locked\" flag set");
  1142. return -EINVAL;
  1143. }
  1144. if (tb[NDA_FDB_EXT_ATTRS]) {
  1145. attr = tb[NDA_FDB_EXT_ATTRS];
  1146. err = nla_parse_nested(nfea_tb, NFEA_MAX, attr,
  1147. br_nda_fdb_pol, extack);
  1148. if (err)
  1149. return err;
  1150. } else {
  1151. memset(nfea_tb, 0, sizeof(struct nlattr *) * (NFEA_MAX + 1));
  1152. }
  1153. if (vid) {
  1154. v = br_vlan_find(vg, vid);
  1155. if (!v || !br_vlan_should_use(v)) {
  1156. pr_info("bridge: RTM_NEWNEIGH with unconfigured vlan %d on %s\n", vid, dev->name);
  1157. return -EINVAL;
  1158. }
  1159. /* VID was specified, so use it. */
  1160. err = __br_fdb_add(ndm, br, p, addr, nlh_flags, vid, nfea_tb,
  1161. notified, extack);
  1162. } else {
  1163. err = __br_fdb_add(ndm, br, p, addr, nlh_flags, 0, nfea_tb,
  1164. notified, extack);
  1165. if (err || !vg || !vg->num_vlans)
  1166. goto out;
  1167. /* We have vlans configured on this port and user didn't
  1168. * specify a VLAN. To be nice, add/update entry for every
  1169. * vlan on this port.
  1170. */
  1171. list_for_each_entry(v, &vg->vlan_list, vlist) {
  1172. if (!br_vlan_should_use(v))
  1173. continue;
  1174. err = __br_fdb_add(ndm, br, p, addr, nlh_flags, v->vid,
  1175. nfea_tb, notified, extack);
  1176. if (err)
  1177. goto out;
  1178. }
  1179. }
  1180. out:
  1181. return err;
  1182. }
  1183. static int fdb_delete_by_addr_and_port(struct net_bridge *br,
  1184. const struct net_bridge_port *p,
  1185. const u8 *addr, u16 vlan, bool *notified)
  1186. {
  1187. struct net_bridge_fdb_entry *fdb;
  1188. fdb = br_fdb_find(br, addr, vlan);
  1189. if (!fdb || READ_ONCE(fdb->dst) != p)
  1190. return -ENOENT;
  1191. fdb_delete(br, fdb, true);
  1192. *notified = true;
  1193. return 0;
  1194. }
  1195. static int __br_fdb_delete(struct net_bridge *br,
  1196. const struct net_bridge_port *p,
  1197. const unsigned char *addr, u16 vid, bool *notified)
  1198. {
  1199. int err;
  1200. spin_lock_bh(&br->hash_lock);
  1201. err = fdb_delete_by_addr_and_port(br, p, addr, vid, notified);
  1202. spin_unlock_bh(&br->hash_lock);
  1203. return err;
  1204. }
  1205. /* Remove neighbor entry with RTM_DELNEIGH */
  1206. int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
  1207. struct net_device *dev,
  1208. const unsigned char *addr, u16 vid, bool *notified,
  1209. struct netlink_ext_ack *extack)
  1210. {
  1211. struct net_bridge_vlan_group *vg;
  1212. struct net_bridge_port *p = NULL;
  1213. struct net_bridge *br;
  1214. int err;
  1215. if (netif_is_bridge_master(dev)) {
  1216. br = netdev_priv(dev);
  1217. vg = br_vlan_group(br);
  1218. } else {
  1219. p = br_port_get_rtnl(dev);
  1220. if (!p) {
  1221. pr_info("bridge: RTM_DELNEIGH %s not a bridge port\n",
  1222. dev->name);
  1223. return -EINVAL;
  1224. }
  1225. vg = nbp_vlan_group(p);
  1226. br = p->br;
  1227. }
  1228. if (vid) {
  1229. err = __br_fdb_delete(br, p, addr, vid, notified);
  1230. } else {
  1231. struct net_bridge_vlan *v;
  1232. err = -ENOENT;
  1233. err &= __br_fdb_delete(br, p, addr, 0, notified);
  1234. if (!vg || !vg->num_vlans)
  1235. return err;
  1236. list_for_each_entry(v, &vg->vlan_list, vlist) {
  1237. if (!br_vlan_should_use(v))
  1238. continue;
  1239. err &= __br_fdb_delete(br, p, addr, v->vid, notified);
  1240. }
  1241. }
  1242. return err;
  1243. }
  1244. int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p)
  1245. {
  1246. struct net_bridge_fdb_entry *f, *tmp;
  1247. int err = 0;
  1248. ASSERT_RTNL();
  1249. /* the key here is that static entries change only under rtnl */
  1250. rcu_read_lock();
  1251. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  1252. /* We only care for static entries */
  1253. if (!test_bit(BR_FDB_STATIC, &f->flags))
  1254. continue;
  1255. err = dev_uc_add(p->dev, f->key.addr.addr);
  1256. if (err)
  1257. goto rollback;
  1258. }
  1259. done:
  1260. rcu_read_unlock();
  1261. return err;
  1262. rollback:
  1263. hlist_for_each_entry_rcu(tmp, &br->fdb_list, fdb_node) {
  1264. /* We only care for static entries */
  1265. if (!test_bit(BR_FDB_STATIC, &tmp->flags))
  1266. continue;
  1267. if (tmp == f)
  1268. break;
  1269. dev_uc_del(p->dev, tmp->key.addr.addr);
  1270. }
  1271. goto done;
  1272. }
  1273. void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
  1274. {
  1275. struct net_bridge_fdb_entry *f;
  1276. ASSERT_RTNL();
  1277. rcu_read_lock();
  1278. hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
  1279. /* We only care for static entries */
  1280. if (!test_bit(BR_FDB_STATIC, &f->flags))
  1281. continue;
  1282. dev_uc_del(p->dev, f->key.addr.addr);
  1283. }
  1284. rcu_read_unlock();
  1285. }
  1286. int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
  1287. const unsigned char *addr, u16 vid, bool locked,
  1288. bool swdev_notify)
  1289. {
  1290. struct net_bridge_fdb_entry *fdb;
  1291. bool modified = false;
  1292. int err = 0;
  1293. trace_br_fdb_external_learn_add(br, p, addr, vid);
  1294. if (locked && (!p || !(p->flags & BR_PORT_MAB)))
  1295. return -EINVAL;
  1296. spin_lock_bh(&br->hash_lock);
  1297. fdb = br_fdb_find(br, addr, vid);
  1298. if (!fdb) {
  1299. unsigned long flags = BIT(BR_FDB_ADDED_BY_EXT_LEARN);
  1300. if (swdev_notify)
  1301. flags |= BIT(BR_FDB_ADDED_BY_USER);
  1302. if (!p)
  1303. flags |= BIT(BR_FDB_LOCAL);
  1304. if (locked)
  1305. flags |= BIT(BR_FDB_LOCKED);
  1306. fdb = fdb_create(br, p, addr, vid, flags);
  1307. if (!fdb) {
  1308. err = -ENOMEM;
  1309. goto err_unlock;
  1310. }
  1311. fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
  1312. } else {
  1313. if (locked &&
  1314. (!test_bit(BR_FDB_LOCKED, &fdb->flags) ||
  1315. READ_ONCE(fdb->dst) != p)) {
  1316. err = -EINVAL;
  1317. goto err_unlock;
  1318. }
  1319. WRITE_ONCE(fdb->updated, jiffies);
  1320. if (READ_ONCE(fdb->dst) != p) {
  1321. WRITE_ONCE(fdb->dst, p);
  1322. modified = true;
  1323. }
  1324. if (test_and_set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags)) {
  1325. /* Refresh entry */
  1326. WRITE_ONCE(fdb->used, jiffies);
  1327. } else {
  1328. modified = true;
  1329. }
  1330. if (locked != test_bit(BR_FDB_LOCKED, &fdb->flags)) {
  1331. change_bit(BR_FDB_LOCKED, &fdb->flags);
  1332. modified = true;
  1333. }
  1334. if (swdev_notify)
  1335. set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
  1336. if (!p)
  1337. set_bit(BR_FDB_LOCAL, &fdb->flags);
  1338. if ((swdev_notify || !p) &&
  1339. test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags))
  1340. atomic_dec(&br->fdb_n_learned);
  1341. if (modified)
  1342. fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
  1343. }
  1344. err_unlock:
  1345. spin_unlock_bh(&br->hash_lock);
  1346. return err;
  1347. }
  1348. int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
  1349. const unsigned char *addr, u16 vid,
  1350. bool swdev_notify)
  1351. {
  1352. struct net_bridge_fdb_entry *fdb;
  1353. int err = 0;
  1354. spin_lock_bh(&br->hash_lock);
  1355. fdb = br_fdb_find(br, addr, vid);
  1356. if (fdb && test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags))
  1357. fdb_delete(br, fdb, swdev_notify);
  1358. else
  1359. err = -ENOENT;
  1360. spin_unlock_bh(&br->hash_lock);
  1361. return err;
  1362. }
  1363. void br_fdb_offloaded_set(struct net_bridge *br, struct net_bridge_port *p,
  1364. const unsigned char *addr, u16 vid, bool offloaded)
  1365. {
  1366. struct net_bridge_fdb_entry *fdb;
  1367. spin_lock_bh(&br->hash_lock);
  1368. fdb = br_fdb_find(br, addr, vid);
  1369. if (fdb && offloaded != test_bit(BR_FDB_OFFLOADED, &fdb->flags))
  1370. change_bit(BR_FDB_OFFLOADED, &fdb->flags);
  1371. spin_unlock_bh(&br->hash_lock);
  1372. }
  1373. void br_fdb_clear_offload(const struct net_device *dev, u16 vid)
  1374. {
  1375. struct net_bridge_fdb_entry *f;
  1376. struct net_bridge_port *p;
  1377. ASSERT_RTNL();
  1378. p = br_port_get_rtnl(dev);
  1379. if (!p)
  1380. return;
  1381. spin_lock_bh(&p->br->hash_lock);
  1382. hlist_for_each_entry(f, &p->br->fdb_list, fdb_node) {
  1383. if (f->dst == p && f->key.vlan_id == vid)
  1384. clear_bit(BR_FDB_OFFLOADED, &f->flags);
  1385. }
  1386. spin_unlock_bh(&p->br->hash_lock);
  1387. }
  1388. EXPORT_SYMBOL_GPL(br_fdb_clear_offload);