1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Forwarding database 4 * Linux ethernet bridge 5 * 6 * Authors: 7 * Lennert Buytenhek <buytenh@gnu.org> 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/init.h> 12 #include <linux/rculist.h> 13 #include <linux/spinlock.h> 14 #include <linux/times.h> 15 #include <linux/netdevice.h> 16 #include <linux/etherdevice.h> 17 #include <linux/jhash.h> 18 #include <linux/random.h> 19 #include <linux/slab.h> 20 #include <linux/atomic.h> 21 #include <asm/unaligned.h> 22 #include <linux/if_vlan.h> 23 #include <net/switchdev.h> 24 #include <trace/events/bridge.h> 25 #include "br_private.h" 26 27 static const struct rhashtable_params br_fdb_rht_params = { 28 .head_offset = offsetof(struct net_bridge_fdb_entry, rhnode), 29 .key_offset = offsetof(struct net_bridge_fdb_entry, key), 30 .key_len = sizeof(struct net_bridge_fdb_key), 31 .automatic_shrinking = true, 32 }; 33 34 static struct kmem_cache *br_fdb_cache __read_mostly; 35 36 int __init br_fdb_init(void) 37 { 38 br_fdb_cache = kmem_cache_create("bridge_fdb_cache", 39 sizeof(struct net_bridge_fdb_entry), 40 0, 41 SLAB_HWCACHE_ALIGN, NULL); 42 if (!br_fdb_cache) 43 return -ENOMEM; 44 45 return 0; 46 } 47 48 void br_fdb_fini(void) 49 { 50 kmem_cache_destroy(br_fdb_cache); 51 } 52 53 int br_fdb_hash_init(struct net_bridge *br) 54 { 55 return rhashtable_init(&br->fdb_hash_tbl, &br_fdb_rht_params); 56 } 57 58 void br_fdb_hash_fini(struct net_bridge *br) 59 { 60 rhashtable_destroy(&br->fdb_hash_tbl); 61 } 62 63 /* if topology_changing then use forward_delay (default 15 sec) 64 * otherwise keep longer (default 5 minutes) 65 */ 66 static inline unsigned long hold_time(const struct net_bridge *br) 67 { 68 return br->topology_change ? br->forward_delay : br->ageing_time; 69 } 70 71 static inline int has_expired(const struct net_bridge *br, 72 const struct net_bridge_fdb_entry *fdb) 73 { 74 return !test_bit(BR_FDB_STATIC, &fdb->flags) && 75 !test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags) && 76 time_before_eq(fdb->updated + hold_time(br), jiffies); 77 } 78 79 static void fdb_rcu_free(struct rcu_head *head) 80 { 81 struct net_bridge_fdb_entry *ent 82 = container_of(head, struct net_bridge_fdb_entry, rcu); 83 kmem_cache_free(br_fdb_cache, ent); 84 } 85 86 static int fdb_to_nud(const struct net_bridge *br, 87 const struct net_bridge_fdb_entry *fdb) 88 { 89 if (test_bit(BR_FDB_LOCAL, &fdb->flags)) 90 return NUD_PERMANENT; 91 else if (test_bit(BR_FDB_STATIC, &fdb->flags)) 92 return NUD_NOARP; 93 else if (has_expired(br, fdb)) 94 return NUD_STALE; 95 else 96 return NUD_REACHABLE; 97 } 98 99 static int fdb_fill_info(struct sk_buff *skb, const struct net_bridge *br, 100 const struct net_bridge_fdb_entry *fdb, 101 u32 portid, u32 seq, int type, unsigned int flags) 102 { 103 const struct net_bridge_port *dst = READ_ONCE(fdb->dst); 104 unsigned long now = jiffies; 105 struct nda_cacheinfo ci; 106 struct nlmsghdr *nlh; 107 struct ndmsg *ndm; 108 u32 ext_flags = 0; 109 110 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*ndm), flags); 111 if (nlh == NULL) 112 return -EMSGSIZE; 113 114 ndm = nlmsg_data(nlh); 115 ndm->ndm_family = AF_BRIDGE; 116 ndm->ndm_pad1 = 0; 117 ndm->ndm_pad2 = 0; 118 ndm->ndm_flags = 0; 119 ndm->ndm_type = 0; 120 ndm->ndm_ifindex = dst ? dst->dev->ifindex : br->dev->ifindex; 121 ndm->ndm_state = fdb_to_nud(br, fdb); 122 123 if (test_bit(BR_FDB_OFFLOADED, &fdb->flags)) 124 ndm->ndm_flags |= NTF_OFFLOADED; 125 if (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags)) 126 ndm->ndm_flags |= NTF_EXT_LEARNED; 127 if (test_bit(BR_FDB_STICKY, &fdb->flags)) 128 ndm->ndm_flags |= NTF_STICKY; 129 if (test_bit(BR_FDB_LOCKED, &fdb->flags)) 130 ext_flags |= NTF_EXT_LOCKED; 131 132 if (nla_put(skb, NDA_LLADDR, ETH_ALEN, &fdb->key.addr)) 133 goto nla_put_failure; 134 if (nla_put_u32(skb, NDA_MASTER, br->dev->ifindex)) 135 goto nla_put_failure; 136 if (nla_put_u32(skb, NDA_FLAGS_EXT, ext_flags)) 137 goto nla_put_failure; 138 139 ci.ndm_used = jiffies_to_clock_t(now - fdb->used); 140 ci.ndm_confirmed = 0; 141 ci.ndm_updated = jiffies_to_clock_t(now - fdb->updated); 142 ci.ndm_refcnt = 0; 143 if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 144 goto nla_put_failure; 145 146 if (fdb->key.vlan_id && nla_put(skb, NDA_VLAN, sizeof(u16), 147 &fdb->key.vlan_id)) 148 goto nla_put_failure; 149 150 if (test_bit(BR_FDB_NOTIFY, &fdb->flags)) { 151 struct nlattr *nest = nla_nest_start(skb, NDA_FDB_EXT_ATTRS); 152 u8 notify_bits = FDB_NOTIFY_BIT; 153 154 if (!nest) 155 goto nla_put_failure; 156 if (test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags)) 157 notify_bits |= FDB_NOTIFY_INACTIVE_BIT; 158 159 if (nla_put_u8(skb, NFEA_ACTIVITY_NOTIFY, notify_bits)) { 160 nla_nest_cancel(skb, nest); 161 goto nla_put_failure; 162 } 163 164 nla_nest_end(skb, nest); 165 } 166 167 nlmsg_end(skb, nlh); 168 return 0; 169 170 nla_put_failure: 171 nlmsg_cancel(skb, nlh); 172 return -EMSGSIZE; 173 } 174 175 static inline size_t fdb_nlmsg_size(void) 176 { 177 return NLMSG_ALIGN(sizeof(struct ndmsg)) 178 + nla_total_size(ETH_ALEN) /* NDA_LLADDR */ 179 + nla_total_size(sizeof(u32)) /* NDA_MASTER */ 180 + nla_total_size(sizeof(u32)) /* NDA_FLAGS_EXT */ 181 + nla_total_size(sizeof(u16)) /* NDA_VLAN */ 182 + nla_total_size(sizeof(struct nda_cacheinfo)) 183 + nla_total_size(0) /* NDA_FDB_EXT_ATTRS */ 184 + nla_total_size(sizeof(u8)); /* NFEA_ACTIVITY_NOTIFY */ 185 } 186 187 static void fdb_notify(struct net_bridge *br, 188 const struct net_bridge_fdb_entry *fdb, int type, 189 bool swdev_notify) 190 { 191 struct net *net = dev_net(br->dev); 192 struct sk_buff *skb; 193 int err = -ENOBUFS; 194 195 if (swdev_notify) 196 br_switchdev_fdb_notify(br, fdb, type); 197 198 skb = nlmsg_new(fdb_nlmsg_size(), GFP_ATOMIC); 199 if (skb == NULL) 200 goto errout; 201 202 err = fdb_fill_info(skb, br, fdb, 0, 0, type, 0); 203 if (err < 0) { 204 /* -EMSGSIZE implies BUG in fdb_nlmsg_size() */ 205 WARN_ON(err == -EMSGSIZE); 206 kfree_skb(skb); 207 goto errout; 208 } 209 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC); 210 return; 211 errout: 212 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err); 213 } 214 215 static struct net_bridge_fdb_entry *fdb_find_rcu(struct rhashtable *tbl, 216 const unsigned char *addr, 217 __u16 vid) 218 { 219 struct net_bridge_fdb_key key; 220 221 WARN_ON_ONCE(!rcu_read_lock_held()); 222 223 key.vlan_id = vid; 224 memcpy(key.addr.addr, addr, sizeof(key.addr.addr)); 225 226 return rhashtable_lookup(tbl, &key, br_fdb_rht_params); 227 } 228 229 /* requires bridge hash_lock */ 230 static struct net_bridge_fdb_entry *br_fdb_find(struct net_bridge *br, 231 const unsigned char *addr, 232 __u16 vid) 233 { 234 struct net_bridge_fdb_entry *fdb; 235 236 lockdep_assert_held_once(&br->hash_lock); 237 238 rcu_read_lock(); 239 fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid); 240 rcu_read_unlock(); 241 242 return fdb; 243 } 244 245 struct net_device *br_fdb_find_port(const struct net_device *br_dev, 246 const unsigned char *addr, 247 __u16 vid) 248 { 249 struct net_bridge_fdb_entry *f; 250 struct net_device *dev = NULL; 251 struct net_bridge *br; 252 253 ASSERT_RTNL(); 254 255 if (!netif_is_bridge_master(br_dev)) 256 return NULL; 257 258 br = netdev_priv(br_dev); 259 rcu_read_lock(); 260 f = br_fdb_find_rcu(br, addr, vid); 261 if (f && f->dst) 262 dev = f->dst->dev; 263 rcu_read_unlock(); 264 265 return dev; 266 } 267 EXPORT_SYMBOL_GPL(br_fdb_find_port); 268 269 struct net_bridge_fdb_entry *br_fdb_find_rcu(struct net_bridge *br, 270 const unsigned char *addr, 271 __u16 vid) 272 { 273 return fdb_find_rcu(&br->fdb_hash_tbl, addr, vid); 274 } 275 276 /* When a static FDB entry is added, the mac address from the entry is 277 * added to the bridge private HW address list and all required ports 278 * are then updated with the new information. 279 * Called under RTNL. 280 */ 281 static void fdb_add_hw_addr(struct net_bridge *br, const unsigned char *addr) 282 { 283 int err; 284 struct net_bridge_port *p; 285 286 ASSERT_RTNL(); 287 288 list_for_each_entry(p, &br->port_list, list) { 289 if (!br_promisc_port(p)) { 290 err = dev_uc_add(p->dev, addr); 291 if (err) 292 goto undo; 293 } 294 } 295 296 return; 297 undo: 298 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 299 if (!br_promisc_port(p)) 300 dev_uc_del(p->dev, addr); 301 } 302 } 303 304 /* When a static FDB entry is deleted, the HW address from that entry is 305 * also removed from the bridge private HW address list and updates all 306 * the ports with needed information. 307 * Called under RTNL. 308 */ 309 static void fdb_del_hw_addr(struct net_bridge *br, const unsigned char *addr) 310 { 311 struct net_bridge_port *p; 312 313 ASSERT_RTNL(); 314 315 list_for_each_entry(p, &br->port_list, list) { 316 if (!br_promisc_port(p)) 317 dev_uc_del(p->dev, addr); 318 } 319 } 320 321 static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f, 322 bool swdev_notify) 323 { 324 trace_fdb_delete(br, f); 325 326 if (test_bit(BR_FDB_STATIC, &f->flags)) 327 fdb_del_hw_addr(br, f->key.addr.addr); 328 329 hlist_del_init_rcu(&f->fdb_node); 330 rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode, 331 br_fdb_rht_params); 332 if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &f->flags)) 333 atomic_dec(&br->fdb_n_learned); 334 fdb_notify(br, f, RTM_DELNEIGH, swdev_notify); 335 call_rcu(&f->rcu, fdb_rcu_free); 336 } 337 338 /* Delete a local entry if no other port had the same address. 339 * 340 * This function should only be called on entries with BR_FDB_LOCAL set, 341 * so even with BR_FDB_ADDED_BY_USER cleared we never need to increase 342 * the accounting for dynamically learned entries again. 343 */ 344 static void fdb_delete_local(struct net_bridge *br, 345 const struct net_bridge_port *p, 346 struct net_bridge_fdb_entry *f) 347 { 348 const unsigned char *addr = f->key.addr.addr; 349 struct net_bridge_vlan_group *vg; 350 const struct net_bridge_vlan *v; 351 struct net_bridge_port *op; 352 u16 vid = f->key.vlan_id; 353 354 /* Maybe another port has same hw addr? */ 355 list_for_each_entry(op, &br->port_list, list) { 356 vg = nbp_vlan_group(op); 357 if (op != p && ether_addr_equal(op->dev->dev_addr, addr) && 358 (!vid || br_vlan_find(vg, vid))) { 359 f->dst = op; 360 clear_bit(BR_FDB_ADDED_BY_USER, &f->flags); 361 return; 362 } 363 } 364 365 vg = br_vlan_group(br); 366 v = br_vlan_find(vg, vid); 367 /* Maybe bridge device has same hw addr? */ 368 if (p && ether_addr_equal(br->dev->dev_addr, addr) && 369 (!vid || (v && br_vlan_should_use(v)))) { 370 f->dst = NULL; 371 clear_bit(BR_FDB_ADDED_BY_USER, &f->flags); 372 return; 373 } 374 375 fdb_delete(br, f, true); 376 } 377 378 void br_fdb_find_delete_local(struct net_bridge *br, 379 const struct net_bridge_port *p, 380 const unsigned char *addr, u16 vid) 381 { 382 struct net_bridge_fdb_entry *f; 383 384 spin_lock_bh(&br->hash_lock); 385 f = br_fdb_find(br, addr, vid); 386 if (f && test_bit(BR_FDB_LOCAL, &f->flags) && 387 !test_bit(BR_FDB_ADDED_BY_USER, &f->flags) && f->dst == p) 388 fdb_delete_local(br, p, f); 389 spin_unlock_bh(&br->hash_lock); 390 } 391 392 static struct net_bridge_fdb_entry *fdb_create(struct net_bridge *br, 393 struct net_bridge_port *source, 394 const unsigned char *addr, 395 __u16 vid, 396 unsigned long flags) 397 { 398 bool learned = !test_bit(BR_FDB_ADDED_BY_USER, &flags) && 399 !test_bit(BR_FDB_LOCAL, &flags); 400 u32 max_learned = READ_ONCE(br->fdb_max_learned); 401 struct net_bridge_fdb_entry *fdb; 402 int err; 403 404 if (likely(learned)) { 405 int n_learned = atomic_read(&br->fdb_n_learned); 406 407 if (unlikely(max_learned && n_learned >= max_learned)) 408 return NULL; 409 __set_bit(BR_FDB_DYNAMIC_LEARNED, &flags); 410 } 411 412 fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC); 413 if (!fdb) 414 return NULL; 415 416 memcpy(fdb->key.addr.addr, addr, ETH_ALEN); 417 WRITE_ONCE(fdb->dst, source); 418 fdb->key.vlan_id = vid; 419 fdb->flags = flags; 420 fdb->updated = fdb->used = jiffies; 421 err = rhashtable_lookup_insert_fast(&br->fdb_hash_tbl, &fdb->rhnode, 422 br_fdb_rht_params); 423 if (err) { 424 kmem_cache_free(br_fdb_cache, fdb); 425 return NULL; 426 } 427 428 if (likely(learned)) 429 atomic_inc(&br->fdb_n_learned); 430 431 hlist_add_head_rcu(&fdb->fdb_node, &br->fdb_list); 432 433 return fdb; 434 } 435 436 static int fdb_add_local(struct net_bridge *br, struct net_bridge_port *source, 437 const unsigned char *addr, u16 vid) 438 { 439 struct net_bridge_fdb_entry *fdb; 440 441 if (!is_valid_ether_addr(addr)) 442 return -EINVAL; 443 444 fdb = br_fdb_find(br, addr, vid); 445 if (fdb) { 446 /* it is okay to have multiple ports with same 447 * address, just use the first one. 448 */ 449 if (test_bit(BR_FDB_LOCAL, &fdb->flags)) 450 return 0; 451 br_warn(br, "adding interface %s with same address as a received packet (addr:%pM, vlan:%u)\n", 452 source ? source->dev->name : br->dev->name, addr, vid); 453 fdb_delete(br, fdb, true); 454 } 455 456 fdb = fdb_create(br, source, addr, vid, 457 BIT(BR_FDB_LOCAL) | BIT(BR_FDB_STATIC)); 458 if (!fdb) 459 return -ENOMEM; 460 461 fdb_add_hw_addr(br, addr); 462 fdb_notify(br, fdb, RTM_NEWNEIGH, true); 463 return 0; 464 } 465 466 void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr) 467 { 468 struct net_bridge_vlan_group *vg; 469 struct net_bridge_fdb_entry *f; 470 struct net_bridge *br = p->br; 471 struct net_bridge_vlan *v; 472 473 spin_lock_bh(&br->hash_lock); 474 vg = nbp_vlan_group(p); 475 hlist_for_each_entry(f, &br->fdb_list, fdb_node) { 476 if (f->dst == p && test_bit(BR_FDB_LOCAL, &f->flags) && 477 !test_bit(BR_FDB_ADDED_BY_USER, &f->flags)) { 478 /* delete old one */ 479 fdb_delete_local(br, p, f); 480 481 /* if this port has no vlan information 482 * configured, we can safely be done at 483 * this point. 484 */ 485 if (!vg || !vg->num_vlans) 486 goto insert; 487 } 488 } 489 490 insert: 491 /* insert new address, may fail if invalid address or dup. */ 492 fdb_add_local(br, p, newaddr, 0); 493 494 if (!vg || !vg->num_vlans) 495 goto done; 496 497 /* Now add entries for every VLAN configured on the port. 498 * This function runs under RTNL so the bitmap will not change 499 * from under us. 500 */ 501 list_for_each_entry(v, &vg->vlan_list, vlist) 502 fdb_add_local(br, p, newaddr, v->vid); 503 504 done: 505 spin_unlock_bh(&br->hash_lock); 506 } 507 508 void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr) 509 { 510 struct net_bridge_vlan_group *vg; 511 struct net_bridge_fdb_entry *f; 512 struct net_bridge_vlan *v; 513 514 spin_lock_bh(&br->hash_lock); 515 516 /* If old entry was unassociated with any port, then delete it. */ 517 f = br_fdb_find(br, br->dev->dev_addr, 0); 518 if (f && test_bit(BR_FDB_LOCAL, &f->flags) && 519 !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags)) 520 fdb_delete_local(br, NULL, f); 521 522 fdb_add_local(br, NULL, newaddr, 0); 523 vg = br_vlan_group(br); 524 if (!vg || !vg->num_vlans) 525 goto out; 526 /* Now remove and add entries for every VLAN configured on the 527 * bridge. This function runs under RTNL so the bitmap will not 528 * change from under us. 529 */ 530 list_for_each_entry(v, &vg->vlan_list, vlist) { 531 if (!br_vlan_should_use(v)) 532 continue; 533 f = br_fdb_find(br, br->dev->dev_addr, v->vid); 534 if (f && test_bit(BR_FDB_LOCAL, &f->flags) && 535 !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags)) 536 fdb_delete_local(br, NULL, f); 537 fdb_add_local(br, NULL, newaddr, v->vid); 538 } 539 out: 540 spin_unlock_bh(&br->hash_lock); 541 } 542 543 void br_fdb_cleanup(struct work_struct *work) 544 { 545 struct net_bridge *br = container_of(work, struct net_bridge, 546 gc_work.work); 547 struct net_bridge_fdb_entry *f = NULL; 548 unsigned long delay = hold_time(br); 549 unsigned long work_delay = delay; 550 unsigned long now = jiffies; 551 552 /* this part is tricky, in order to avoid blocking learning and 553 * consequently forwarding, we rely on rcu to delete objects with 554 * delayed freeing allowing us to continue traversing 555 */ 556 rcu_read_lock(); 557 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 558 unsigned long this_timer = f->updated + delay; 559 560 if (test_bit(BR_FDB_STATIC, &f->flags) || 561 test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags)) { 562 if (test_bit(BR_FDB_NOTIFY, &f->flags)) { 563 if (time_after(this_timer, now)) 564 work_delay = min(work_delay, 565 this_timer - now); 566 else if (!test_and_set_bit(BR_FDB_NOTIFY_INACTIVE, 567 &f->flags)) 568 fdb_notify(br, f, RTM_NEWNEIGH, false); 569 } 570 continue; 571 } 572 573 if (time_after(this_timer, now)) { 574 work_delay = min(work_delay, this_timer - now); 575 } else { 576 spin_lock_bh(&br->hash_lock); 577 if (!hlist_unhashed(&f->fdb_node)) 578 fdb_delete(br, f, true); 579 spin_unlock_bh(&br->hash_lock); 580 } 581 } 582 rcu_read_unlock(); 583 584 /* Cleanup minimum 10 milliseconds apart */ 585 work_delay = max_t(unsigned long, work_delay, msecs_to_jiffies(10)); 586 mod_delayed_work(system_long_wq, &br->gc_work, work_delay); 587 } 588 589 static bool __fdb_flush_matches(const struct net_bridge *br, 590 const struct net_bridge_fdb_entry *f, 591 const struct net_bridge_fdb_flush_desc *desc) 592 { 593 const struct net_bridge_port *dst = READ_ONCE(f->dst); 594 int port_ifidx = dst ? dst->dev->ifindex : br->dev->ifindex; 595 596 if (desc->vlan_id && desc->vlan_id != f->key.vlan_id) 597 return false; 598 if (desc->port_ifindex && desc->port_ifindex != port_ifidx) 599 return false; 600 if (desc->flags_mask && (f->flags & desc->flags_mask) != desc->flags) 601 return false; 602 603 return true; 604 } 605 606 /* Flush forwarding database entries matching the description */ 607 void br_fdb_flush(struct net_bridge *br, 608 const struct net_bridge_fdb_flush_desc *desc) 609 { 610 struct net_bridge_fdb_entry *f; 611 612 rcu_read_lock(); 613 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 614 if (!__fdb_flush_matches(br, f, desc)) 615 continue; 616 617 spin_lock_bh(&br->hash_lock); 618 if (!hlist_unhashed(&f->fdb_node)) 619 fdb_delete(br, f, true); 620 spin_unlock_bh(&br->hash_lock); 621 } 622 rcu_read_unlock(); 623 } 624 625 static unsigned long __ndm_state_to_fdb_flags(u16 ndm_state) 626 { 627 unsigned long flags = 0; 628 629 if (ndm_state & NUD_PERMANENT) 630 __set_bit(BR_FDB_LOCAL, &flags); 631 if (ndm_state & NUD_NOARP) 632 __set_bit(BR_FDB_STATIC, &flags); 633 634 return flags; 635 } 636 637 static unsigned long __ndm_flags_to_fdb_flags(u8 ndm_flags) 638 { 639 unsigned long flags = 0; 640 641 if (ndm_flags & NTF_USE) 642 __set_bit(BR_FDB_ADDED_BY_USER, &flags); 643 if (ndm_flags & NTF_EXT_LEARNED) 644 __set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &flags); 645 if (ndm_flags & NTF_OFFLOADED) 646 __set_bit(BR_FDB_OFFLOADED, &flags); 647 if (ndm_flags & NTF_STICKY) 648 __set_bit(BR_FDB_STICKY, &flags); 649 650 return flags; 651 } 652 653 static int __fdb_flush_validate_ifindex(const struct net_bridge *br, 654 int ifindex, 655 struct netlink_ext_ack *extack) 656 { 657 const struct net_device *dev; 658 659 dev = __dev_get_by_index(dev_net(br->dev), ifindex); 660 if (!dev) { 661 NL_SET_ERR_MSG_MOD(extack, "Unknown flush device ifindex"); 662 return -ENODEV; 663 } 664 if (!netif_is_bridge_master(dev) && !netif_is_bridge_port(dev)) { 665 NL_SET_ERR_MSG_MOD(extack, "Flush device is not a bridge or bridge port"); 666 return -EINVAL; 667 } 668 if (netif_is_bridge_master(dev) && dev != br->dev) { 669 NL_SET_ERR_MSG_MOD(extack, 670 "Flush bridge device does not match target bridge device"); 671 return -EINVAL; 672 } 673 if (netif_is_bridge_port(dev)) { 674 struct net_bridge_port *p = br_port_get_rtnl(dev); 675 676 if (p->br != br) { 677 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device"); 678 return -EINVAL; 679 } 680 } 681 682 return 0; 683 } 684 685 static const struct nla_policy br_fdb_del_bulk_policy[NDA_MAX + 1] = { 686 [NDA_VLAN] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2), 687 [NDA_IFINDEX] = NLA_POLICY_MIN(NLA_S32, 1), 688 [NDA_NDM_STATE_MASK] = { .type = NLA_U16 }, 689 [NDA_NDM_FLAGS_MASK] = { .type = NLA_U8 }, 690 }; 691 692 int br_fdb_delete_bulk(struct nlmsghdr *nlh, struct net_device *dev, 693 struct netlink_ext_ack *extack) 694 { 695 struct net_bridge_fdb_flush_desc desc = {}; 696 struct ndmsg *ndm = nlmsg_data(nlh); 697 struct net_bridge_port *p = NULL; 698 struct nlattr *tb[NDA_MAX + 1]; 699 struct net_bridge *br; 700 u8 ndm_flags; 701 int err; 702 703 ndm_flags = ndm->ndm_flags & ~FDB_FLUSH_IGNORED_NDM_FLAGS; 704 705 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, 706 br_fdb_del_bulk_policy, extack); 707 if (err) 708 return err; 709 710 if (netif_is_bridge_master(dev)) { 711 br = netdev_priv(dev); 712 } else { 713 p = br_port_get_rtnl(dev); 714 if (!p) { 715 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge port"); 716 return -EINVAL; 717 } 718 br = p->br; 719 } 720 721 if (tb[NDA_VLAN]) 722 desc.vlan_id = nla_get_u16(tb[NDA_VLAN]); 723 724 if (ndm_flags & ~FDB_FLUSH_ALLOWED_NDM_FLAGS) { 725 NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm flag bits set"); 726 return -EINVAL; 727 } 728 if (ndm->ndm_state & ~FDB_FLUSH_ALLOWED_NDM_STATES) { 729 NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm state bits set"); 730 return -EINVAL; 731 } 732 733 desc.flags |= __ndm_state_to_fdb_flags(ndm->ndm_state); 734 desc.flags |= __ndm_flags_to_fdb_flags(ndm_flags); 735 if (tb[NDA_NDM_STATE_MASK]) { 736 u16 ndm_state_mask = nla_get_u16(tb[NDA_NDM_STATE_MASK]); 737 738 desc.flags_mask |= __ndm_state_to_fdb_flags(ndm_state_mask); 739 } 740 if (tb[NDA_NDM_FLAGS_MASK]) { 741 u8 ndm_flags_mask = nla_get_u8(tb[NDA_NDM_FLAGS_MASK]); 742 743 desc.flags_mask |= __ndm_flags_to_fdb_flags(ndm_flags_mask); 744 } 745 if (tb[NDA_IFINDEX]) { 746 int ifidx = nla_get_s32(tb[NDA_IFINDEX]); 747 748 err = __fdb_flush_validate_ifindex(br, ifidx, extack); 749 if (err) 750 return err; 751 desc.port_ifindex = ifidx; 752 } else if (p) { 753 /* flush was invoked with port device and NTF_MASTER */ 754 desc.port_ifindex = p->dev->ifindex; 755 } 756 757 br_debug(br, "flushing port ifindex: %d vlan id: %u flags: 0x%lx flags mask: 0x%lx\n", 758 desc.port_ifindex, desc.vlan_id, desc.flags, desc.flags_mask); 759 760 br_fdb_flush(br, &desc); 761 762 return 0; 763 } 764 765 /* Flush all entries referring to a specific port. 766 * if do_all is set also flush static entries 767 * if vid is set delete all entries that match the vlan_id 768 */ 769 void br_fdb_delete_by_port(struct net_bridge *br, 770 const struct net_bridge_port *p, 771 u16 vid, 772 int do_all) 773 { 774 struct net_bridge_fdb_entry *f; 775 struct hlist_node *tmp; 776 777 spin_lock_bh(&br->hash_lock); 778 hlist_for_each_entry_safe(f, tmp, &br->fdb_list, fdb_node) { 779 if (f->dst != p) 780 continue; 781 782 if (!do_all) 783 if (test_bit(BR_FDB_STATIC, &f->flags) || 784 (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags) && 785 !test_bit(BR_FDB_OFFLOADED, &f->flags)) || 786 (vid && f->key.vlan_id != vid)) 787 continue; 788 789 if (test_bit(BR_FDB_LOCAL, &f->flags)) 790 fdb_delete_local(br, p, f); 791 else 792 fdb_delete(br, f, true); 793 } 794 spin_unlock_bh(&br->hash_lock); 795 } 796 797 #if IS_ENABLED(CONFIG_ATM_LANE) 798 /* Interface used by ATM LANE hook to test 799 * if an addr is on some other bridge port */ 800 int br_fdb_test_addr(struct net_device *dev, unsigned char *addr) 801 { 802 struct net_bridge_fdb_entry *fdb; 803 struct net_bridge_port *port; 804 int ret; 805 806 rcu_read_lock(); 807 port = br_port_get_rcu(dev); 808 if (!port) 809 ret = 0; 810 else { 811 const struct net_bridge_port *dst = NULL; 812 813 fdb = br_fdb_find_rcu(port->br, addr, 0); 814 if (fdb) 815 dst = READ_ONCE(fdb->dst); 816 817 ret = dst && dst->dev != dev && 818 dst->state == BR_STATE_FORWARDING; 819 } 820 rcu_read_unlock(); 821 822 return ret; 823 } 824 #endif /* CONFIG_ATM_LANE */ 825 826 /* 827 * Fill buffer with forwarding table records in 828 * the API format. 829 */ 830 int br_fdb_fillbuf(struct net_bridge *br, void *buf, 831 unsigned long maxnum, unsigned long skip) 832 { 833 struct net_bridge_fdb_entry *f; 834 struct __fdb_entry *fe = buf; 835 int num = 0; 836 837 memset(buf, 0, maxnum*sizeof(struct __fdb_entry)); 838 839 rcu_read_lock(); 840 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 841 if (num >= maxnum) 842 break; 843 844 if (has_expired(br, f)) 845 continue; 846 847 /* ignore pseudo entry for local MAC address */ 848 if (!f->dst) 849 continue; 850 851 if (skip) { 852 --skip; 853 continue; 854 } 855 856 /* convert from internal format to API */ 857 memcpy(fe->mac_addr, f->key.addr.addr, ETH_ALEN); 858 859 /* due to ABI compat need to split into hi/lo */ 860 fe->port_no = f->dst->port_no; 861 fe->port_hi = f->dst->port_no >> 8; 862 863 fe->is_local = test_bit(BR_FDB_LOCAL, &f->flags); 864 if (!test_bit(BR_FDB_STATIC, &f->flags)) 865 fe->ageing_timer_value = jiffies_delta_to_clock_t(jiffies - f->updated); 866 ++fe; 867 ++num; 868 } 869 rcu_read_unlock(); 870 871 return num; 872 } 873 874 /* Add entry for local address of interface */ 875 int br_fdb_add_local(struct net_bridge *br, struct net_bridge_port *source, 876 const unsigned char *addr, u16 vid) 877 { 878 int ret; 879 880 spin_lock_bh(&br->hash_lock); 881 ret = fdb_add_local(br, source, addr, vid); 882 spin_unlock_bh(&br->hash_lock); 883 return ret; 884 } 885 886 /* returns true if the fdb was modified */ 887 static bool __fdb_mark_active(struct net_bridge_fdb_entry *fdb) 888 { 889 return !!(test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags) && 890 test_and_clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags)); 891 } 892 893 void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, 894 const unsigned char *addr, u16 vid, unsigned long flags) 895 { 896 struct net_bridge_fdb_entry *fdb; 897 898 /* some users want to always flood. */ 899 if (hold_time(br) == 0) 900 return; 901 902 fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid); 903 if (likely(fdb)) { 904 /* attempt to update an entry for a local interface */ 905 if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) { 906 if (net_ratelimit()) 907 br_warn(br, "received packet on %s with own address as source address (addr:%pM, vlan:%u)\n", 908 source->dev->name, addr, vid); 909 } else { 910 unsigned long now = jiffies; 911 bool fdb_modified = false; 912 913 if (now != fdb->updated) { 914 fdb->updated = now; 915 fdb_modified = __fdb_mark_active(fdb); 916 } 917 918 /* fastpath: update of existing entry */ 919 if (unlikely(source != READ_ONCE(fdb->dst) && 920 !test_bit(BR_FDB_STICKY, &fdb->flags))) { 921 br_switchdev_fdb_notify(br, fdb, RTM_DELNEIGH); 922 WRITE_ONCE(fdb->dst, source); 923 fdb_modified = true; 924 /* Take over HW learned entry */ 925 if (unlikely(test_bit(BR_FDB_ADDED_BY_EXT_LEARN, 926 &fdb->flags))) 927 clear_bit(BR_FDB_ADDED_BY_EXT_LEARN, 928 &fdb->flags); 929 /* Clear locked flag when roaming to an 930 * unlocked port. 931 */ 932 if (unlikely(test_bit(BR_FDB_LOCKED, &fdb->flags))) 933 clear_bit(BR_FDB_LOCKED, &fdb->flags); 934 } 935 936 if (unlikely(test_bit(BR_FDB_ADDED_BY_USER, &flags))) { 937 set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags); 938 if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, 939 &fdb->flags)) 940 atomic_dec(&br->fdb_n_learned); 941 } 942 if (unlikely(fdb_modified)) { 943 trace_br_fdb_update(br, source, addr, vid, flags); 944 fdb_notify(br, fdb, RTM_NEWNEIGH, true); 945 } 946 } 947 } else { 948 spin_lock(&br->hash_lock); 949 fdb = fdb_create(br, source, addr, vid, flags); 950 if (fdb) { 951 trace_br_fdb_update(br, source, addr, vid, flags); 952 fdb_notify(br, fdb, RTM_NEWNEIGH, true); 953 } 954 /* else we lose race and someone else inserts 955 * it first, don't bother updating 956 */ 957 spin_unlock(&br->hash_lock); 958 } 959 } 960 961 /* Dump information about entries, in response to GETNEIGH */ 962 int br_fdb_dump(struct sk_buff *skb, 963 struct netlink_callback *cb, 964 struct net_device *dev, 965 struct net_device *filter_dev, 966 int *idx) 967 { 968 struct net_bridge *br = netdev_priv(dev); 969 struct net_bridge_fdb_entry *f; 970 int err = 0; 971 972 if (!netif_is_bridge_master(dev)) 973 return err; 974 975 if (!filter_dev) { 976 err = ndo_dflt_fdb_dump(skb, cb, dev, NULL, idx); 977 if (err < 0) 978 return err; 979 } 980 981 rcu_read_lock(); 982 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 983 if (*idx < cb->args[2]) 984 goto skip; 985 if (filter_dev && (!f->dst || f->dst->dev != filter_dev)) { 986 if (filter_dev != dev) 987 goto skip; 988 /* !f->dst is a special case for bridge 989 * It means the MAC belongs to the bridge 990 * Therefore need a little more filtering 991 * we only want to dump the !f->dst case 992 */ 993 if (f->dst) 994 goto skip; 995 } 996 if (!filter_dev && f->dst) 997 goto skip; 998 999 err = fdb_fill_info(skb, br, f, 1000 NETLINK_CB(cb->skb).portid, 1001 cb->nlh->nlmsg_seq, 1002 RTM_NEWNEIGH, 1003 NLM_F_MULTI); 1004 if (err < 0) 1005 break; 1006 skip: 1007 *idx += 1; 1008 } 1009 rcu_read_unlock(); 1010 1011 return err; 1012 } 1013 1014 int br_fdb_get(struct sk_buff *skb, 1015 struct nlattr *tb[], 1016 struct net_device *dev, 1017 const unsigned char *addr, 1018 u16 vid, u32 portid, u32 seq, 1019 struct netlink_ext_ack *extack) 1020 { 1021 struct net_bridge *br = netdev_priv(dev); 1022 struct net_bridge_fdb_entry *f; 1023 int err = 0; 1024 1025 rcu_read_lock(); 1026 f = br_fdb_find_rcu(br, addr, vid); 1027 if (!f) { 1028 NL_SET_ERR_MSG(extack, "Fdb entry not found"); 1029 err = -ENOENT; 1030 goto errout; 1031 } 1032 1033 err = fdb_fill_info(skb, br, f, portid, seq, 1034 RTM_NEWNEIGH, 0); 1035 errout: 1036 rcu_read_unlock(); 1037 return err; 1038 } 1039 1040 /* returns true if the fdb is modified */ 1041 static bool fdb_handle_notify(struct net_bridge_fdb_entry *fdb, u8 notify) 1042 { 1043 bool modified = false; 1044 1045 /* allow to mark an entry as inactive, usually done on creation */ 1046 if ((notify & FDB_NOTIFY_INACTIVE_BIT) && 1047 !test_and_set_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags)) 1048 modified = true; 1049 1050 if ((notify & FDB_NOTIFY_BIT) && 1051 !test_and_set_bit(BR_FDB_NOTIFY, &fdb->flags)) { 1052 /* enabled activity tracking */ 1053 modified = true; 1054 } else if (!(notify & FDB_NOTIFY_BIT) && 1055 test_and_clear_bit(BR_FDB_NOTIFY, &fdb->flags)) { 1056 /* disabled activity tracking, clear notify state */ 1057 clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags); 1058 modified = true; 1059 } 1060 1061 return modified; 1062 } 1063 1064 /* Update (create or replace) forwarding database entry */ 1065 static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source, 1066 const u8 *addr, struct ndmsg *ndm, u16 flags, u16 vid, 1067 struct nlattr *nfea_tb[]) 1068 { 1069 bool is_sticky = !!(ndm->ndm_flags & NTF_STICKY); 1070 bool refresh = !nfea_tb[NFEA_DONT_REFRESH]; 1071 struct net_bridge_fdb_entry *fdb; 1072 u16 state = ndm->ndm_state; 1073 bool modified = false; 1074 u8 notify = 0; 1075 1076 /* If the port cannot learn allow only local and static entries */ 1077 if (source && !(state & NUD_PERMANENT) && !(state & NUD_NOARP) && 1078 !(source->state == BR_STATE_LEARNING || 1079 source->state == BR_STATE_FORWARDING)) 1080 return -EPERM; 1081 1082 if (!source && !(state & NUD_PERMANENT)) { 1083 pr_info("bridge: RTM_NEWNEIGH %s without NUD_PERMANENT\n", 1084 br->dev->name); 1085 return -EINVAL; 1086 } 1087 1088 if (is_sticky && (state & NUD_PERMANENT)) 1089 return -EINVAL; 1090 1091 if (nfea_tb[NFEA_ACTIVITY_NOTIFY]) { 1092 notify = nla_get_u8(nfea_tb[NFEA_ACTIVITY_NOTIFY]); 1093 if ((notify & ~BR_FDB_NOTIFY_SETTABLE_BITS) || 1094 (notify & BR_FDB_NOTIFY_SETTABLE_BITS) == FDB_NOTIFY_INACTIVE_BIT) 1095 return -EINVAL; 1096 } 1097 1098 fdb = br_fdb_find(br, addr, vid); 1099 if (fdb == NULL) { 1100 if (!(flags & NLM_F_CREATE)) 1101 return -ENOENT; 1102 1103 fdb = fdb_create(br, source, addr, vid, 1104 BIT(BR_FDB_ADDED_BY_USER)); 1105 if (!fdb) 1106 return -ENOMEM; 1107 1108 modified = true; 1109 } else { 1110 if (flags & NLM_F_EXCL) 1111 return -EEXIST; 1112 1113 if (READ_ONCE(fdb->dst) != source) { 1114 WRITE_ONCE(fdb->dst, source); 1115 modified = true; 1116 } 1117 1118 set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags); 1119 if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags)) 1120 atomic_dec(&br->fdb_n_learned); 1121 } 1122 1123 if (fdb_to_nud(br, fdb) != state) { 1124 if (state & NUD_PERMANENT) { 1125 set_bit(BR_FDB_LOCAL, &fdb->flags); 1126 if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags)) 1127 fdb_add_hw_addr(br, addr); 1128 } else if (state & NUD_NOARP) { 1129 clear_bit(BR_FDB_LOCAL, &fdb->flags); 1130 if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags)) 1131 fdb_add_hw_addr(br, addr); 1132 } else { 1133 clear_bit(BR_FDB_LOCAL, &fdb->flags); 1134 if (test_and_clear_bit(BR_FDB_STATIC, &fdb->flags)) 1135 fdb_del_hw_addr(br, addr); 1136 } 1137 1138 modified = true; 1139 } 1140 1141 if (is_sticky != test_bit(BR_FDB_STICKY, &fdb->flags)) { 1142 change_bit(BR_FDB_STICKY, &fdb->flags); 1143 modified = true; 1144 } 1145 1146 if (test_and_clear_bit(BR_FDB_LOCKED, &fdb->flags)) 1147 modified = true; 1148 1149 if (fdb_handle_notify(fdb, notify)) 1150 modified = true; 1151 1152 fdb->used = jiffies; 1153 if (modified) { 1154 if (refresh) 1155 fdb->updated = jiffies; 1156 fdb_notify(br, fdb, RTM_NEWNEIGH, true); 1157 } 1158 1159 return 0; 1160 } 1161 1162 static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br, 1163 struct net_bridge_port *p, const unsigned char *addr, 1164 u16 nlh_flags, u16 vid, struct nlattr *nfea_tb[], 1165 struct netlink_ext_ack *extack) 1166 { 1167 int err = 0; 1168 1169 if (ndm->ndm_flags & NTF_USE) { 1170 if (!p) { 1171 pr_info("bridge: RTM_NEWNEIGH %s with NTF_USE is not supported\n", 1172 br->dev->name); 1173 return -EINVAL; 1174 } 1175 if (!nbp_state_should_learn(p)) 1176 return 0; 1177 1178 local_bh_disable(); 1179 rcu_read_lock(); 1180 br_fdb_update(br, p, addr, vid, BIT(BR_FDB_ADDED_BY_USER)); 1181 rcu_read_unlock(); 1182 local_bh_enable(); 1183 } else if (ndm->ndm_flags & NTF_EXT_LEARNED) { 1184 if (!p && !(ndm->ndm_state & NUD_PERMANENT)) { 1185 NL_SET_ERR_MSG_MOD(extack, 1186 "FDB entry towards bridge must be permanent"); 1187 return -EINVAL; 1188 } 1189 err = br_fdb_external_learn_add(br, p, addr, vid, false, true); 1190 } else { 1191 spin_lock_bh(&br->hash_lock); 1192 err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb); 1193 spin_unlock_bh(&br->hash_lock); 1194 } 1195 1196 return err; 1197 } 1198 1199 static const struct nla_policy br_nda_fdb_pol[NFEA_MAX + 1] = { 1200 [NFEA_ACTIVITY_NOTIFY] = { .type = NLA_U8 }, 1201 [NFEA_DONT_REFRESH] = { .type = NLA_FLAG }, 1202 }; 1203 1204 /* Add new permanent fdb entry with RTM_NEWNEIGH */ 1205 int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[], 1206 struct net_device *dev, 1207 const unsigned char *addr, u16 vid, u16 nlh_flags, 1208 struct netlink_ext_ack *extack) 1209 { 1210 struct nlattr *nfea_tb[NFEA_MAX + 1], *attr; 1211 struct net_bridge_vlan_group *vg; 1212 struct net_bridge_port *p = NULL; 1213 struct net_bridge_vlan *v; 1214 struct net_bridge *br = NULL; 1215 u32 ext_flags = 0; 1216 int err = 0; 1217 1218 trace_br_fdb_add(ndm, dev, addr, vid, nlh_flags); 1219 1220 if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE))) { 1221 pr_info("bridge: RTM_NEWNEIGH with invalid state %#x\n", ndm->ndm_state); 1222 return -EINVAL; 1223 } 1224 1225 if (is_zero_ether_addr(addr)) { 1226 pr_info("bridge: RTM_NEWNEIGH with invalid ether address\n"); 1227 return -EINVAL; 1228 } 1229 1230 if (netif_is_bridge_master(dev)) { 1231 br = netdev_priv(dev); 1232 vg = br_vlan_group(br); 1233 } else { 1234 p = br_port_get_rtnl(dev); 1235 if (!p) { 1236 pr_info("bridge: RTM_NEWNEIGH %s not a bridge port\n", 1237 dev->name); 1238 return -EINVAL; 1239 } 1240 br = p->br; 1241 vg = nbp_vlan_group(p); 1242 } 1243 1244 if (tb[NDA_FLAGS_EXT]) 1245 ext_flags = nla_get_u32(tb[NDA_FLAGS_EXT]); 1246 1247 if (ext_flags & NTF_EXT_LOCKED) { 1248 NL_SET_ERR_MSG_MOD(extack, "Cannot add FDB entry with \"locked\" flag set"); 1249 return -EINVAL; 1250 } 1251 1252 if (tb[NDA_FDB_EXT_ATTRS]) { 1253 attr = tb[NDA_FDB_EXT_ATTRS]; 1254 err = nla_parse_nested(nfea_tb, NFEA_MAX, attr, 1255 br_nda_fdb_pol, extack); 1256 if (err) 1257 return err; 1258 } else { 1259 memset(nfea_tb, 0, sizeof(struct nlattr *) * (NFEA_MAX + 1)); 1260 } 1261 1262 if (vid) { 1263 v = br_vlan_find(vg, vid); 1264 if (!v || !br_vlan_should_use(v)) { 1265 pr_info("bridge: RTM_NEWNEIGH with unconfigured vlan %d on %s\n", vid, dev->name); 1266 return -EINVAL; 1267 } 1268 1269 /* VID was specified, so use it. */ 1270 err = __br_fdb_add(ndm, br, p, addr, nlh_flags, vid, nfea_tb, 1271 extack); 1272 } else { 1273 err = __br_fdb_add(ndm, br, p, addr, nlh_flags, 0, nfea_tb, 1274 extack); 1275 if (err || !vg || !vg->num_vlans) 1276 goto out; 1277 1278 /* We have vlans configured on this port and user didn't 1279 * specify a VLAN. To be nice, add/update entry for every 1280 * vlan on this port. 1281 */ 1282 list_for_each_entry(v, &vg->vlan_list, vlist) { 1283 if (!br_vlan_should_use(v)) 1284 continue; 1285 err = __br_fdb_add(ndm, br, p, addr, nlh_flags, v->vid, 1286 nfea_tb, extack); 1287 if (err) 1288 goto out; 1289 } 1290 } 1291 1292 out: 1293 return err; 1294 } 1295 1296 static int fdb_delete_by_addr_and_port(struct net_bridge *br, 1297 const struct net_bridge_port *p, 1298 const u8 *addr, u16 vlan) 1299 { 1300 struct net_bridge_fdb_entry *fdb; 1301 1302 fdb = br_fdb_find(br, addr, vlan); 1303 if (!fdb || READ_ONCE(fdb->dst) != p) 1304 return -ENOENT; 1305 1306 fdb_delete(br, fdb, true); 1307 1308 return 0; 1309 } 1310 1311 static int __br_fdb_delete(struct net_bridge *br, 1312 const struct net_bridge_port *p, 1313 const unsigned char *addr, u16 vid) 1314 { 1315 int err; 1316 1317 spin_lock_bh(&br->hash_lock); 1318 err = fdb_delete_by_addr_and_port(br, p, addr, vid); 1319 spin_unlock_bh(&br->hash_lock); 1320 1321 return err; 1322 } 1323 1324 /* Remove neighbor entry with RTM_DELNEIGH */ 1325 int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[], 1326 struct net_device *dev, 1327 const unsigned char *addr, u16 vid, 1328 struct netlink_ext_ack *extack) 1329 { 1330 struct net_bridge_vlan_group *vg; 1331 struct net_bridge_port *p = NULL; 1332 struct net_bridge_vlan *v; 1333 struct net_bridge *br; 1334 int err; 1335 1336 if (netif_is_bridge_master(dev)) { 1337 br = netdev_priv(dev); 1338 vg = br_vlan_group(br); 1339 } else { 1340 p = br_port_get_rtnl(dev); 1341 if (!p) { 1342 pr_info("bridge: RTM_DELNEIGH %s not a bridge port\n", 1343 dev->name); 1344 return -EINVAL; 1345 } 1346 vg = nbp_vlan_group(p); 1347 br = p->br; 1348 } 1349 1350 if (vid) { 1351 v = br_vlan_find(vg, vid); 1352 if (!v) { 1353 pr_info("bridge: RTM_DELNEIGH with unconfigured vlan %d on %s\n", vid, dev->name); 1354 return -EINVAL; 1355 } 1356 1357 err = __br_fdb_delete(br, p, addr, vid); 1358 } else { 1359 err = -ENOENT; 1360 err &= __br_fdb_delete(br, p, addr, 0); 1361 if (!vg || !vg->num_vlans) 1362 return err; 1363 1364 list_for_each_entry(v, &vg->vlan_list, vlist) { 1365 if (!br_vlan_should_use(v)) 1366 continue; 1367 err &= __br_fdb_delete(br, p, addr, v->vid); 1368 } 1369 } 1370 1371 return err; 1372 } 1373 1374 int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p) 1375 { 1376 struct net_bridge_fdb_entry *f, *tmp; 1377 int err = 0; 1378 1379 ASSERT_RTNL(); 1380 1381 /* the key here is that static entries change only under rtnl */ 1382 rcu_read_lock(); 1383 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 1384 /* We only care for static entries */ 1385 if (!test_bit(BR_FDB_STATIC, &f->flags)) 1386 continue; 1387 err = dev_uc_add(p->dev, f->key.addr.addr); 1388 if (err) 1389 goto rollback; 1390 } 1391 done: 1392 rcu_read_unlock(); 1393 1394 return err; 1395 1396 rollback: 1397 hlist_for_each_entry_rcu(tmp, &br->fdb_list, fdb_node) { 1398 /* We only care for static entries */ 1399 if (!test_bit(BR_FDB_STATIC, &tmp->flags)) 1400 continue; 1401 if (tmp == f) 1402 break; 1403 dev_uc_del(p->dev, tmp->key.addr.addr); 1404 } 1405 1406 goto done; 1407 } 1408 1409 void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p) 1410 { 1411 struct net_bridge_fdb_entry *f; 1412 1413 ASSERT_RTNL(); 1414 1415 rcu_read_lock(); 1416 hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) { 1417 /* We only care for static entries */ 1418 if (!test_bit(BR_FDB_STATIC, &f->flags)) 1419 continue; 1420 1421 dev_uc_del(p->dev, f->key.addr.addr); 1422 } 1423 rcu_read_unlock(); 1424 } 1425 1426 int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p, 1427 const unsigned char *addr, u16 vid, bool locked, 1428 bool swdev_notify) 1429 { 1430 struct net_bridge_fdb_entry *fdb; 1431 bool modified = false; 1432 int err = 0; 1433 1434 trace_br_fdb_external_learn_add(br, p, addr, vid); 1435 1436 if (locked && (!p || !(p->flags & BR_PORT_MAB))) 1437 return -EINVAL; 1438 1439 spin_lock_bh(&br->hash_lock); 1440 1441 fdb = br_fdb_find(br, addr, vid); 1442 if (!fdb) { 1443 unsigned long flags = BIT(BR_FDB_ADDED_BY_EXT_LEARN); 1444 1445 if (swdev_notify) 1446 flags |= BIT(BR_FDB_ADDED_BY_USER); 1447 1448 if (!p) 1449 flags |= BIT(BR_FDB_LOCAL); 1450 1451 if (locked) 1452 flags |= BIT(BR_FDB_LOCKED); 1453 1454 fdb = fdb_create(br, p, addr, vid, flags); 1455 if (!fdb) { 1456 err = -ENOMEM; 1457 goto err_unlock; 1458 } 1459 fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify); 1460 } else { 1461 if (locked && 1462 (!test_bit(BR_FDB_LOCKED, &fdb->flags) || 1463 READ_ONCE(fdb->dst) != p)) { 1464 err = -EINVAL; 1465 goto err_unlock; 1466 } 1467 1468 fdb->updated = jiffies; 1469 1470 if (READ_ONCE(fdb->dst) != p) { 1471 WRITE_ONCE(fdb->dst, p); 1472 modified = true; 1473 } 1474 1475 if (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags)) { 1476 /* Refresh entry */ 1477 fdb->used = jiffies; 1478 } else if (!test_bit(BR_FDB_ADDED_BY_USER, &fdb->flags)) { 1479 /* Take over SW learned entry */ 1480 set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags); 1481 modified = true; 1482 } 1483 1484 if (locked != test_bit(BR_FDB_LOCKED, &fdb->flags)) { 1485 change_bit(BR_FDB_LOCKED, &fdb->flags); 1486 modified = true; 1487 } 1488 1489 if (swdev_notify) 1490 set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags); 1491 1492 if (!p) 1493 set_bit(BR_FDB_LOCAL, &fdb->flags); 1494 1495 if ((swdev_notify || !p) && 1496 test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags)) 1497 atomic_dec(&br->fdb_n_learned); 1498 1499 if (modified) 1500 fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify); 1501 } 1502 1503 err_unlock: 1504 spin_unlock_bh(&br->hash_lock); 1505 1506 return err; 1507 } 1508 1509 int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p, 1510 const unsigned char *addr, u16 vid, 1511 bool swdev_notify) 1512 { 1513 struct net_bridge_fdb_entry *fdb; 1514 int err = 0; 1515 1516 spin_lock_bh(&br->hash_lock); 1517 1518 fdb = br_fdb_find(br, addr, vid); 1519 if (fdb && test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags)) 1520 fdb_delete(br, fdb, swdev_notify); 1521 else 1522 err = -ENOENT; 1523 1524 spin_unlock_bh(&br->hash_lock); 1525 1526 return err; 1527 } 1528 1529 void br_fdb_offloaded_set(struct net_bridge *br, struct net_bridge_port *p, 1530 const unsigned char *addr, u16 vid, bool offloaded) 1531 { 1532 struct net_bridge_fdb_entry *fdb; 1533 1534 spin_lock_bh(&br->hash_lock); 1535 1536 fdb = br_fdb_find(br, addr, vid); 1537 if (fdb && offloaded != test_bit(BR_FDB_OFFLOADED, &fdb->flags)) 1538 change_bit(BR_FDB_OFFLOADED, &fdb->flags); 1539 1540 spin_unlock_bh(&br->hash_lock); 1541 } 1542 1543 void br_fdb_clear_offload(const struct net_device *dev, u16 vid) 1544 { 1545 struct net_bridge_fdb_entry *f; 1546 struct net_bridge_port *p; 1547 1548 ASSERT_RTNL(); 1549 1550 p = br_port_get_rtnl(dev); 1551 if (!p) 1552 return; 1553 1554 spin_lock_bh(&p->br->hash_lock); 1555 hlist_for_each_entry(f, &p->br->fdb_list, fdb_node) { 1556 if (f->dst == p && f->key.vlan_id == vid) 1557 clear_bit(BR_FDB_OFFLOADED, &f->flags); 1558 } 1559 spin_unlock_bh(&p->br->hash_lock); 1560 } 1561 EXPORT_SYMBOL_GPL(br_fdb_clear_offload); 1562