xref: /linux/net/bridge/br_mdb.c (revision 172cdcaefea5c297fdb3d20b7d5aff60ae4fbce6)
1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/err.h>
3 #include <linux/igmp.h>
4 #include <linux/kernel.h>
5 #include <linux/netdevice.h>
6 #include <linux/rculist.h>
7 #include <linux/skbuff.h>
8 #include <linux/if_ether.h>
9 #include <net/ip.h>
10 #include <net/netlink.h>
11 #include <net/switchdev.h>
12 #if IS_ENABLED(CONFIG_IPV6)
13 #include <net/ipv6.h>
14 #include <net/addrconf.h>
15 #endif
16 
17 #include "br_private.h"
18 
19 static int br_rports_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
20 			       struct net_device *dev)
21 {
22 	struct net_bridge *br = netdev_priv(dev);
23 	struct net_bridge_port *p;
24 	struct nlattr *nest, *port_nest;
25 
26 	if (!br->multicast_router || hlist_empty(&br->router_list))
27 		return 0;
28 
29 	nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
30 	if (nest == NULL)
31 		return -EMSGSIZE;
32 
33 	hlist_for_each_entry_rcu(p, &br->router_list, rlist) {
34 		if (!p)
35 			continue;
36 		port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
37 		if (!port_nest)
38 			goto fail;
39 		if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) ||
40 		    nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER,
41 				br_timer_value(&p->multicast_router_timer)) ||
42 		    nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE,
43 			       p->multicast_router)) {
44 			nla_nest_cancel(skb, port_nest);
45 			goto fail;
46 		}
47 		nla_nest_end(skb, port_nest);
48 	}
49 
50 	nla_nest_end(skb, nest);
51 	return 0;
52 fail:
53 	nla_nest_cancel(skb, nest);
54 	return -EMSGSIZE;
55 }
56 
57 static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags)
58 {
59 	e->state = flags & MDB_PG_FLAGS_PERMANENT;
60 	e->flags = 0;
61 	if (flags & MDB_PG_FLAGS_OFFLOAD)
62 		e->flags |= MDB_FLAGS_OFFLOAD;
63 	if (flags & MDB_PG_FLAGS_FAST_LEAVE)
64 		e->flags |= MDB_FLAGS_FAST_LEAVE;
65 	if (flags & MDB_PG_FLAGS_STAR_EXCL)
66 		e->flags |= MDB_FLAGS_STAR_EXCL;
67 	if (flags & MDB_PG_FLAGS_BLOCKED)
68 		e->flags |= MDB_FLAGS_BLOCKED;
69 }
70 
71 static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
72 				 struct nlattr **mdb_attrs)
73 {
74 	memset(ip, 0, sizeof(struct br_ip));
75 	ip->vid = entry->vid;
76 	ip->proto = entry->addr.proto;
77 	switch (ip->proto) {
78 	case htons(ETH_P_IP):
79 		ip->dst.ip4 = entry->addr.u.ip4;
80 		if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
81 			ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
82 		break;
83 #if IS_ENABLED(CONFIG_IPV6)
84 	case htons(ETH_P_IPV6):
85 		ip->dst.ip6 = entry->addr.u.ip6;
86 		if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
87 			ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
88 		break;
89 #endif
90 	default:
91 		ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr);
92 	}
93 
94 }
95 
96 static int __mdb_fill_srcs(struct sk_buff *skb,
97 			   struct net_bridge_port_group *p)
98 {
99 	struct net_bridge_group_src *ent;
100 	struct nlattr *nest, *nest_ent;
101 
102 	if (hlist_empty(&p->src_list))
103 		return 0;
104 
105 	nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST);
106 	if (!nest)
107 		return -EMSGSIZE;
108 
109 	hlist_for_each_entry_rcu(ent, &p->src_list, node,
110 				 lockdep_is_held(&p->key.port->br->multicast_lock)) {
111 		nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY);
112 		if (!nest_ent)
113 			goto out_cancel_err;
114 		switch (ent->addr.proto) {
115 		case htons(ETH_P_IP):
116 			if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
117 					    ent->addr.src.ip4)) {
118 				nla_nest_cancel(skb, nest_ent);
119 				goto out_cancel_err;
120 			}
121 			break;
122 #if IS_ENABLED(CONFIG_IPV6)
123 		case htons(ETH_P_IPV6):
124 			if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
125 					     &ent->addr.src.ip6)) {
126 				nla_nest_cancel(skb, nest_ent);
127 				goto out_cancel_err;
128 			}
129 			break;
130 #endif
131 		default:
132 			nla_nest_cancel(skb, nest_ent);
133 			continue;
134 		}
135 		if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER,
136 				br_timer_value(&ent->timer))) {
137 			nla_nest_cancel(skb, nest_ent);
138 			goto out_cancel_err;
139 		}
140 		nla_nest_end(skb, nest_ent);
141 	}
142 
143 	nla_nest_end(skb, nest);
144 
145 	return 0;
146 
147 out_cancel_err:
148 	nla_nest_cancel(skb, nest);
149 	return -EMSGSIZE;
150 }
151 
152 static int __mdb_fill_info(struct sk_buff *skb,
153 			   struct net_bridge_mdb_entry *mp,
154 			   struct net_bridge_port_group *p)
155 {
156 	bool dump_srcs_mode = false;
157 	struct timer_list *mtimer;
158 	struct nlattr *nest_ent;
159 	struct br_mdb_entry e;
160 	u8 flags = 0;
161 	int ifindex;
162 
163 	memset(&e, 0, sizeof(e));
164 	if (p) {
165 		ifindex = p->key.port->dev->ifindex;
166 		mtimer = &p->timer;
167 		flags = p->flags;
168 	} else {
169 		ifindex = mp->br->dev->ifindex;
170 		mtimer = &mp->timer;
171 	}
172 
173 	__mdb_entry_fill_flags(&e, flags);
174 	e.ifindex = ifindex;
175 	e.vid = mp->addr.vid;
176 	if (mp->addr.proto == htons(ETH_P_IP))
177 		e.addr.u.ip4 = mp->addr.dst.ip4;
178 #if IS_ENABLED(CONFIG_IPV6)
179 	else if (mp->addr.proto == htons(ETH_P_IPV6))
180 		e.addr.u.ip6 = mp->addr.dst.ip6;
181 #endif
182 	else
183 		ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
184 	e.addr.proto = mp->addr.proto;
185 	nest_ent = nla_nest_start_noflag(skb,
186 					 MDBA_MDB_ENTRY_INFO);
187 	if (!nest_ent)
188 		return -EMSGSIZE;
189 
190 	if (nla_put_nohdr(skb, sizeof(e), &e) ||
191 	    nla_put_u32(skb,
192 			MDBA_MDB_EATTR_TIMER,
193 			br_timer_value(mtimer)))
194 		goto nest_err;
195 
196 	switch (mp->addr.proto) {
197 	case htons(ETH_P_IP):
198 		dump_srcs_mode = !!(mp->br->multicast_igmp_version == 3);
199 		if (mp->addr.src.ip4) {
200 			if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE,
201 					    mp->addr.src.ip4))
202 				goto nest_err;
203 			break;
204 		}
205 		break;
206 #if IS_ENABLED(CONFIG_IPV6)
207 	case htons(ETH_P_IPV6):
208 		dump_srcs_mode = !!(mp->br->multicast_mld_version == 2);
209 		if (!ipv6_addr_any(&mp->addr.src.ip6)) {
210 			if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE,
211 					     &mp->addr.src.ip6))
212 				goto nest_err;
213 			break;
214 		}
215 		break;
216 #endif
217 	default:
218 		ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
219 	}
220 	if (p) {
221 		if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol))
222 			goto nest_err;
223 		if (dump_srcs_mode &&
224 		    (__mdb_fill_srcs(skb, p) ||
225 		     nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE,
226 				p->filter_mode)))
227 			goto nest_err;
228 	}
229 	nla_nest_end(skb, nest_ent);
230 
231 	return 0;
232 
233 nest_err:
234 	nla_nest_cancel(skb, nest_ent);
235 	return -EMSGSIZE;
236 }
237 
238 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
239 			    struct net_device *dev)
240 {
241 	int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2];
242 	struct net_bridge *br = netdev_priv(dev);
243 	struct net_bridge_mdb_entry *mp;
244 	struct nlattr *nest, *nest2;
245 
246 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
247 		return 0;
248 
249 	nest = nla_nest_start_noflag(skb, MDBA_MDB);
250 	if (nest == NULL)
251 		return -EMSGSIZE;
252 
253 	hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
254 		struct net_bridge_port_group *p;
255 		struct net_bridge_port_group __rcu **pp;
256 
257 		if (idx < s_idx)
258 			goto skip;
259 
260 		nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
261 		if (!nest2) {
262 			err = -EMSGSIZE;
263 			break;
264 		}
265 
266 		if (!s_pidx && mp->host_joined) {
267 			err = __mdb_fill_info(skb, mp, NULL);
268 			if (err) {
269 				nla_nest_cancel(skb, nest2);
270 				break;
271 			}
272 		}
273 
274 		for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
275 		      pp = &p->next) {
276 			if (!p->key.port)
277 				continue;
278 			if (pidx < s_pidx)
279 				goto skip_pg;
280 
281 			err = __mdb_fill_info(skb, mp, p);
282 			if (err) {
283 				nla_nest_end(skb, nest2);
284 				goto out;
285 			}
286 skip_pg:
287 			pidx++;
288 		}
289 		pidx = 0;
290 		s_pidx = 0;
291 		nla_nest_end(skb, nest2);
292 skip:
293 		idx++;
294 	}
295 
296 out:
297 	cb->args[1] = idx;
298 	cb->args[2] = pidx;
299 	nla_nest_end(skb, nest);
300 	return err;
301 }
302 
303 static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh,
304 				 struct netlink_ext_ack *extack)
305 {
306 	struct br_port_msg *bpm;
307 
308 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) {
309 		NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request");
310 		return -EINVAL;
311 	}
312 
313 	bpm = nlmsg_data(nlh);
314 	if (bpm->ifindex) {
315 		NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request");
316 		return -EINVAL;
317 	}
318 	if (nlmsg_attrlen(nlh, sizeof(*bpm))) {
319 		NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request");
320 		return -EINVAL;
321 	}
322 
323 	return 0;
324 }
325 
326 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
327 {
328 	struct net_device *dev;
329 	struct net *net = sock_net(skb->sk);
330 	struct nlmsghdr *nlh = NULL;
331 	int idx = 0, s_idx;
332 
333 	if (cb->strict_check) {
334 		int err = br_mdb_valid_dump_req(cb->nlh, cb->extack);
335 
336 		if (err < 0)
337 			return err;
338 	}
339 
340 	s_idx = cb->args[0];
341 
342 	rcu_read_lock();
343 
344 	cb->seq = net->dev_base_seq;
345 
346 	for_each_netdev_rcu(net, dev) {
347 		if (dev->priv_flags & IFF_EBRIDGE) {
348 			struct br_port_msg *bpm;
349 
350 			if (idx < s_idx)
351 				goto skip;
352 
353 			nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
354 					cb->nlh->nlmsg_seq, RTM_GETMDB,
355 					sizeof(*bpm), NLM_F_MULTI);
356 			if (nlh == NULL)
357 				break;
358 
359 			bpm = nlmsg_data(nlh);
360 			memset(bpm, 0, sizeof(*bpm));
361 			bpm->ifindex = dev->ifindex;
362 			if (br_mdb_fill_info(skb, cb, dev) < 0)
363 				goto out;
364 			if (br_rports_fill_info(skb, cb, dev) < 0)
365 				goto out;
366 
367 			cb->args[1] = 0;
368 			nlmsg_end(skb, nlh);
369 		skip:
370 			idx++;
371 		}
372 	}
373 
374 out:
375 	if (nlh)
376 		nlmsg_end(skb, nlh);
377 	rcu_read_unlock();
378 	cb->args[0] = idx;
379 	return skb->len;
380 }
381 
382 static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
383 				   struct net_device *dev,
384 				   struct net_bridge_mdb_entry *mp,
385 				   struct net_bridge_port_group *pg,
386 				   int type)
387 {
388 	struct nlmsghdr *nlh;
389 	struct br_port_msg *bpm;
390 	struct nlattr *nest, *nest2;
391 
392 	nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0);
393 	if (!nlh)
394 		return -EMSGSIZE;
395 
396 	bpm = nlmsg_data(nlh);
397 	memset(bpm, 0, sizeof(*bpm));
398 	bpm->family  = AF_BRIDGE;
399 	bpm->ifindex = dev->ifindex;
400 	nest = nla_nest_start_noflag(skb, MDBA_MDB);
401 	if (nest == NULL)
402 		goto cancel;
403 	nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
404 	if (nest2 == NULL)
405 		goto end;
406 
407 	if (__mdb_fill_info(skb, mp, pg))
408 		goto end;
409 
410 	nla_nest_end(skb, nest2);
411 	nla_nest_end(skb, nest);
412 	nlmsg_end(skb, nlh);
413 	return 0;
414 
415 end:
416 	nla_nest_end(skb, nest);
417 cancel:
418 	nlmsg_cancel(skb, nlh);
419 	return -EMSGSIZE;
420 }
421 
422 static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg)
423 {
424 	size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) +
425 			    nla_total_size(sizeof(struct br_mdb_entry)) +
426 			    nla_total_size(sizeof(u32));
427 	struct net_bridge_group_src *ent;
428 	size_t addr_size = 0;
429 
430 	if (!pg)
431 		goto out;
432 
433 	/* MDBA_MDB_EATTR_RTPROT */
434 	nlmsg_size += nla_total_size(sizeof(u8));
435 
436 	switch (pg->key.addr.proto) {
437 	case htons(ETH_P_IP):
438 		/* MDBA_MDB_EATTR_SOURCE */
439 		if (pg->key.addr.src.ip4)
440 			nlmsg_size += nla_total_size(sizeof(__be32));
441 		if (pg->key.port->br->multicast_igmp_version == 2)
442 			goto out;
443 		addr_size = sizeof(__be32);
444 		break;
445 #if IS_ENABLED(CONFIG_IPV6)
446 	case htons(ETH_P_IPV6):
447 		/* MDBA_MDB_EATTR_SOURCE */
448 		if (!ipv6_addr_any(&pg->key.addr.src.ip6))
449 			nlmsg_size += nla_total_size(sizeof(struct in6_addr));
450 		if (pg->key.port->br->multicast_mld_version == 1)
451 			goto out;
452 		addr_size = sizeof(struct in6_addr);
453 		break;
454 #endif
455 	}
456 
457 	/* MDBA_MDB_EATTR_GROUP_MODE */
458 	nlmsg_size += nla_total_size(sizeof(u8));
459 
460 	/* MDBA_MDB_EATTR_SRC_LIST nested attr */
461 	if (!hlist_empty(&pg->src_list))
462 		nlmsg_size += nla_total_size(0);
463 
464 	hlist_for_each_entry(ent, &pg->src_list, node) {
465 		/* MDBA_MDB_SRCLIST_ENTRY nested attr +
466 		 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER
467 		 */
468 		nlmsg_size += nla_total_size(0) +
469 			      nla_total_size(addr_size) +
470 			      nla_total_size(sizeof(u32));
471 	}
472 out:
473 	return nlmsg_size;
474 }
475 
476 struct br_mdb_complete_info {
477 	struct net_bridge_port *port;
478 	struct br_ip ip;
479 };
480 
481 static void br_mdb_complete(struct net_device *dev, int err, void *priv)
482 {
483 	struct br_mdb_complete_info *data = priv;
484 	struct net_bridge_port_group __rcu **pp;
485 	struct net_bridge_port_group *p;
486 	struct net_bridge_mdb_entry *mp;
487 	struct net_bridge_port *port = data->port;
488 	struct net_bridge *br = port->br;
489 
490 	if (err)
491 		goto err;
492 
493 	spin_lock_bh(&br->multicast_lock);
494 	mp = br_mdb_ip_get(br, &data->ip);
495 	if (!mp)
496 		goto out;
497 	for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL;
498 	     pp = &p->next) {
499 		if (p->key.port != port)
500 			continue;
501 		p->flags |= MDB_PG_FLAGS_OFFLOAD;
502 	}
503 out:
504 	spin_unlock_bh(&br->multicast_lock);
505 err:
506 	kfree(priv);
507 }
508 
509 static void br_switchdev_mdb_populate(struct switchdev_obj_port_mdb *mdb,
510 				      const struct net_bridge_mdb_entry *mp)
511 {
512 	if (mp->addr.proto == htons(ETH_P_IP))
513 		ip_eth_mc_map(mp->addr.dst.ip4, mdb->addr);
514 #if IS_ENABLED(CONFIG_IPV6)
515 	else if (mp->addr.proto == htons(ETH_P_IPV6))
516 		ipv6_eth_mc_map(&mp->addr.dst.ip6, mdb->addr);
517 #endif
518 	else
519 		ether_addr_copy(mdb->addr, mp->addr.dst.mac_addr);
520 
521 	mdb->vid = mp->addr.vid;
522 }
523 
524 static int br_mdb_replay_one(struct notifier_block *nb, struct net_device *dev,
525 			     struct switchdev_obj_port_mdb *mdb,
526 			     struct netlink_ext_ack *extack)
527 {
528 	struct switchdev_notifier_port_obj_info obj_info = {
529 		.info = {
530 			.dev = dev,
531 			.extack = extack,
532 		},
533 		.obj = &mdb->obj,
534 	};
535 	int err;
536 
537 	err = nb->notifier_call(nb, SWITCHDEV_PORT_OBJ_ADD, &obj_info);
538 	return notifier_to_errno(err);
539 }
540 
541 static int br_mdb_queue_one(struct list_head *mdb_list,
542 			    enum switchdev_obj_id id,
543 			    const struct net_bridge_mdb_entry *mp,
544 			    struct net_device *orig_dev)
545 {
546 	struct switchdev_obj_port_mdb *mdb;
547 
548 	mdb = kzalloc(sizeof(*mdb), GFP_ATOMIC);
549 	if (!mdb)
550 		return -ENOMEM;
551 
552 	mdb->obj.id = id;
553 	mdb->obj.orig_dev = orig_dev;
554 	br_switchdev_mdb_populate(mdb, mp);
555 	list_add_tail(&mdb->obj.list, mdb_list);
556 
557 	return 0;
558 }
559 
560 int br_mdb_replay(struct net_device *br_dev, struct net_device *dev,
561 		  struct notifier_block *nb, struct netlink_ext_ack *extack)
562 {
563 	struct net_bridge_mdb_entry *mp;
564 	struct switchdev_obj *obj, *tmp;
565 	struct net_bridge *br;
566 	LIST_HEAD(mdb_list);
567 	int err = 0;
568 
569 	ASSERT_RTNL();
570 
571 	if (!netif_is_bridge_master(br_dev) || !netif_is_bridge_port(dev))
572 		return -EINVAL;
573 
574 	br = netdev_priv(br_dev);
575 
576 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
577 		return 0;
578 
579 	/* We cannot walk over br->mdb_list protected just by the rtnl_mutex,
580 	 * because the write-side protection is br->multicast_lock. But we
581 	 * need to emulate the [ blocking ] calling context of a regular
582 	 * switchdev event, so since both br->multicast_lock and RCU read side
583 	 * critical sections are atomic, we have no choice but to pick the RCU
584 	 * read side lock, queue up all our events, leave the critical section
585 	 * and notify switchdev from blocking context.
586 	 */
587 	rcu_read_lock();
588 
589 	hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
590 		struct net_bridge_port_group __rcu **pp;
591 		struct net_bridge_port_group *p;
592 
593 		if (mp->host_joined) {
594 			err = br_mdb_queue_one(&mdb_list,
595 					       SWITCHDEV_OBJ_ID_HOST_MDB,
596 					       mp, br_dev);
597 			if (err) {
598 				rcu_read_unlock();
599 				goto out_free_mdb;
600 			}
601 		}
602 
603 		for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
604 		     pp = &p->next) {
605 			if (p->key.port->dev != dev)
606 				continue;
607 
608 			err = br_mdb_queue_one(&mdb_list,
609 					       SWITCHDEV_OBJ_ID_PORT_MDB,
610 					       mp, dev);
611 			if (err) {
612 				rcu_read_unlock();
613 				goto out_free_mdb;
614 			}
615 		}
616 	}
617 
618 	rcu_read_unlock();
619 
620 	list_for_each_entry(obj, &mdb_list, list) {
621 		err = br_mdb_replay_one(nb, dev, SWITCHDEV_OBJ_PORT_MDB(obj),
622 					extack);
623 		if (err)
624 			goto out_free_mdb;
625 	}
626 
627 out_free_mdb:
628 	list_for_each_entry_safe(obj, tmp, &mdb_list, list) {
629 		list_del(&obj->list);
630 		kfree(SWITCHDEV_OBJ_PORT_MDB(obj));
631 	}
632 
633 	return err;
634 }
635 EXPORT_SYMBOL_GPL(br_mdb_replay);
636 
637 static void br_mdb_switchdev_host_port(struct net_device *dev,
638 				       struct net_device *lower_dev,
639 				       struct net_bridge_mdb_entry *mp,
640 				       int type)
641 {
642 	struct switchdev_obj_port_mdb mdb = {
643 		.obj = {
644 			.id = SWITCHDEV_OBJ_ID_HOST_MDB,
645 			.flags = SWITCHDEV_F_DEFER,
646 			.orig_dev = dev,
647 		},
648 	};
649 
650 	br_switchdev_mdb_populate(&mdb, mp);
651 
652 	switch (type) {
653 	case RTM_NEWMDB:
654 		switchdev_port_obj_add(lower_dev, &mdb.obj, NULL);
655 		break;
656 	case RTM_DELMDB:
657 		switchdev_port_obj_del(lower_dev, &mdb.obj);
658 		break;
659 	}
660 }
661 
662 static void br_mdb_switchdev_host(struct net_device *dev,
663 				  struct net_bridge_mdb_entry *mp, int type)
664 {
665 	struct net_device *lower_dev;
666 	struct list_head *iter;
667 
668 	netdev_for_each_lower_dev(dev, lower_dev, iter)
669 		br_mdb_switchdev_host_port(dev, lower_dev, mp, type);
670 }
671 
672 void br_mdb_notify(struct net_device *dev,
673 		   struct net_bridge_mdb_entry *mp,
674 		   struct net_bridge_port_group *pg,
675 		   int type)
676 {
677 	struct br_mdb_complete_info *complete_info;
678 	struct switchdev_obj_port_mdb mdb = {
679 		.obj = {
680 			.id = SWITCHDEV_OBJ_ID_PORT_MDB,
681 			.flags = SWITCHDEV_F_DEFER,
682 		},
683 	};
684 	struct net *net = dev_net(dev);
685 	struct sk_buff *skb;
686 	int err = -ENOBUFS;
687 
688 	if (pg) {
689 		br_switchdev_mdb_populate(&mdb, mp);
690 
691 		mdb.obj.orig_dev = pg->key.port->dev;
692 		switch (type) {
693 		case RTM_NEWMDB:
694 			complete_info = kmalloc(sizeof(*complete_info), GFP_ATOMIC);
695 			if (!complete_info)
696 				break;
697 			complete_info->port = pg->key.port;
698 			complete_info->ip = mp->addr;
699 			mdb.obj.complete_priv = complete_info;
700 			mdb.obj.complete = br_mdb_complete;
701 			if (switchdev_port_obj_add(pg->key.port->dev, &mdb.obj, NULL))
702 				kfree(complete_info);
703 			break;
704 		case RTM_DELMDB:
705 			switchdev_port_obj_del(pg->key.port->dev, &mdb.obj);
706 			break;
707 		}
708 	} else {
709 		br_mdb_switchdev_host(dev, mp, type);
710 	}
711 
712 	skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC);
713 	if (!skb)
714 		goto errout;
715 
716 	err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type);
717 	if (err < 0) {
718 		kfree_skb(skb);
719 		goto errout;
720 	}
721 
722 	rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
723 	return;
724 errout:
725 	rtnl_set_sk_err(net, RTNLGRP_MDB, err);
726 }
727 
728 static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
729 				   struct net_device *dev,
730 				   int ifindex, u32 pid,
731 				   u32 seq, int type, unsigned int flags)
732 {
733 	struct br_port_msg *bpm;
734 	struct nlmsghdr *nlh;
735 	struct nlattr *nest;
736 
737 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
738 	if (!nlh)
739 		return -EMSGSIZE;
740 
741 	bpm = nlmsg_data(nlh);
742 	memset(bpm, 0, sizeof(*bpm));
743 	bpm->family = AF_BRIDGE;
744 	bpm->ifindex = dev->ifindex;
745 	nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
746 	if (!nest)
747 		goto cancel;
748 
749 	if (nla_put_u32(skb, MDBA_ROUTER_PORT, ifindex))
750 		goto end;
751 
752 	nla_nest_end(skb, nest);
753 	nlmsg_end(skb, nlh);
754 	return 0;
755 
756 end:
757 	nla_nest_end(skb, nest);
758 cancel:
759 	nlmsg_cancel(skb, nlh);
760 	return -EMSGSIZE;
761 }
762 
763 static inline size_t rtnl_rtr_nlmsg_size(void)
764 {
765 	return NLMSG_ALIGN(sizeof(struct br_port_msg))
766 		+ nla_total_size(sizeof(__u32));
767 }
768 
769 void br_rtr_notify(struct net_device *dev, struct net_bridge_port *port,
770 		   int type)
771 {
772 	struct net *net = dev_net(dev);
773 	struct sk_buff *skb;
774 	int err = -ENOBUFS;
775 	int ifindex;
776 
777 	ifindex = port ? port->dev->ifindex : 0;
778 	skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC);
779 	if (!skb)
780 		goto errout;
781 
782 	err = nlmsg_populate_rtr_fill(skb, dev, ifindex, 0, 0, type, NTF_SELF);
783 	if (err < 0) {
784 		kfree_skb(skb);
785 		goto errout;
786 	}
787 
788 	rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
789 	return;
790 
791 errout:
792 	rtnl_set_sk_err(net, RTNLGRP_MDB, err);
793 }
794 
795 static bool is_valid_mdb_entry(struct br_mdb_entry *entry,
796 			       struct netlink_ext_ack *extack)
797 {
798 	if (entry->ifindex == 0) {
799 		NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed");
800 		return false;
801 	}
802 
803 	if (entry->addr.proto == htons(ETH_P_IP)) {
804 		if (!ipv4_is_multicast(entry->addr.u.ip4)) {
805 			NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast");
806 			return false;
807 		}
808 		if (ipv4_is_local_multicast(entry->addr.u.ip4)) {
809 			NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast");
810 			return false;
811 		}
812 #if IS_ENABLED(CONFIG_IPV6)
813 	} else if (entry->addr.proto == htons(ETH_P_IPV6)) {
814 		if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) {
815 			NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes");
816 			return false;
817 		}
818 #endif
819 	} else if (entry->addr.proto == 0) {
820 		/* L2 mdb */
821 		if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) {
822 			NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast");
823 			return false;
824 		}
825 	} else {
826 		NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol");
827 		return false;
828 	}
829 
830 	if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) {
831 		NL_SET_ERR_MSG_MOD(extack, "Unknown entry state");
832 		return false;
833 	}
834 	if (entry->vid >= VLAN_VID_MASK) {
835 		NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id");
836 		return false;
837 	}
838 
839 	return true;
840 }
841 
842 static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
843 				struct netlink_ext_ack *extack)
844 {
845 	switch (proto) {
846 	case htons(ETH_P_IP):
847 		if (nla_len(attr) != sizeof(struct in_addr)) {
848 			NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length");
849 			return false;
850 		}
851 		if (ipv4_is_multicast(nla_get_in_addr(attr))) {
852 			NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed");
853 			return false;
854 		}
855 		break;
856 #if IS_ENABLED(CONFIG_IPV6)
857 	case htons(ETH_P_IPV6): {
858 		struct in6_addr src;
859 
860 		if (nla_len(attr) != sizeof(struct in6_addr)) {
861 			NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length");
862 			return false;
863 		}
864 		src = nla_get_in6_addr(attr);
865 		if (ipv6_addr_is_multicast(&src)) {
866 			NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed");
867 			return false;
868 		}
869 		break;
870 	}
871 #endif
872 	default:
873 		NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address");
874 		return false;
875 	}
876 
877 	return true;
878 }
879 
880 static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
881 	[MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
882 					      sizeof(struct in_addr),
883 					      sizeof(struct in6_addr)),
884 };
885 
886 static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
887 			struct net_device **pdev, struct br_mdb_entry **pentry,
888 			struct nlattr **mdb_attrs, struct netlink_ext_ack *extack)
889 {
890 	struct net *net = sock_net(skb->sk);
891 	struct br_mdb_entry *entry;
892 	struct br_port_msg *bpm;
893 	struct nlattr *tb[MDBA_SET_ENTRY_MAX+1];
894 	struct net_device *dev;
895 	int err;
896 
897 	err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
898 				     MDBA_SET_ENTRY_MAX, NULL, NULL);
899 	if (err < 0)
900 		return err;
901 
902 	bpm = nlmsg_data(nlh);
903 	if (bpm->ifindex == 0) {
904 		NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
905 		return -EINVAL;
906 	}
907 
908 	dev = __dev_get_by_index(net, bpm->ifindex);
909 	if (dev == NULL) {
910 		NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
911 		return -ENODEV;
912 	}
913 
914 	if (!(dev->priv_flags & IFF_EBRIDGE)) {
915 		NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
916 		return -EOPNOTSUPP;
917 	}
918 
919 	*pdev = dev;
920 
921 	if (!tb[MDBA_SET_ENTRY]) {
922 		NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
923 		return -EINVAL;
924 	}
925 	if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
926 		NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
927 		return -EINVAL;
928 	}
929 
930 	entry = nla_data(tb[MDBA_SET_ENTRY]);
931 	if (!is_valid_mdb_entry(entry, extack))
932 		return -EINVAL;
933 	*pentry = entry;
934 
935 	if (tb[MDBA_SET_ENTRY_ATTRS]) {
936 		err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX,
937 				       tb[MDBA_SET_ENTRY_ATTRS],
938 				       br_mdbe_attrs_pol, extack);
939 		if (err)
940 			return err;
941 		if (mdb_attrs[MDBE_ATTR_SOURCE] &&
942 		    !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
943 					 entry->addr.proto, extack))
944 			return -EINVAL;
945 	} else {
946 		memset(mdb_attrs, 0,
947 		       sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1));
948 	}
949 
950 	return 0;
951 }
952 
953 static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port,
954 			    struct br_mdb_entry *entry,
955 			    struct nlattr **mdb_attrs,
956 			    struct netlink_ext_ack *extack)
957 {
958 	struct net_bridge_mdb_entry *mp, *star_mp;
959 	struct net_bridge_port_group *p;
960 	struct net_bridge_port_group __rcu **pp;
961 	struct br_ip group, star_group;
962 	unsigned long now = jiffies;
963 	unsigned char flags = 0;
964 	u8 filter_mode;
965 	int err;
966 
967 	__mdb_entry_to_br_ip(entry, &group, mdb_attrs);
968 
969 	/* host join errors which can happen before creating the group */
970 	if (!port) {
971 		/* don't allow any flags for host-joined groups */
972 		if (entry->state) {
973 			NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups");
974 			return -EINVAL;
975 		}
976 		if (!br_multicast_is_star_g(&group)) {
977 			NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined");
978 			return -EINVAL;
979 		}
980 	}
981 
982 	if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) {
983 		NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
984 		return -EINVAL;
985 	}
986 
987 	mp = br_mdb_ip_get(br, &group);
988 	if (!mp) {
989 		mp = br_multicast_new_group(br, &group);
990 		err = PTR_ERR_OR_ZERO(mp);
991 		if (err)
992 			return err;
993 	}
994 
995 	/* host join */
996 	if (!port) {
997 		if (mp->host_joined) {
998 			NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host");
999 			return -EEXIST;
1000 		}
1001 
1002 		br_multicast_host_join(mp, false);
1003 		br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB);
1004 
1005 		return 0;
1006 	}
1007 
1008 	for (pp = &mp->ports;
1009 	     (p = mlock_dereference(*pp, br)) != NULL;
1010 	     pp = &p->next) {
1011 		if (p->key.port == port) {
1012 			NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port");
1013 			return -EEXIST;
1014 		}
1015 		if ((unsigned long)p->key.port < (unsigned long)port)
1016 			break;
1017 	}
1018 
1019 	filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE :
1020 						       MCAST_INCLUDE;
1021 
1022 	if (entry->state == MDB_PERMANENT)
1023 		flags |= MDB_PG_FLAGS_PERMANENT;
1024 
1025 	p = br_multicast_new_port_group(port, &group, *pp, flags, NULL,
1026 					filter_mode, RTPROT_STATIC);
1027 	if (unlikely(!p)) {
1028 		NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group");
1029 		return -ENOMEM;
1030 	}
1031 	rcu_assign_pointer(*pp, p);
1032 	if (entry->state == MDB_TEMPORARY)
1033 		mod_timer(&p->timer, now + br->multicast_membership_interval);
1034 	br_mdb_notify(br->dev, mp, p, RTM_NEWMDB);
1035 	/* if we are adding a new EXCLUDE port group (*,G) it needs to be also
1036 	 * added to all S,G entries for proper replication, if we are adding
1037 	 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be
1038 	 * added to it for proper replication
1039 	 */
1040 	if (br_multicast_should_handle_mode(br, group.proto)) {
1041 		switch (filter_mode) {
1042 		case MCAST_EXCLUDE:
1043 			br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE);
1044 			break;
1045 		case MCAST_INCLUDE:
1046 			star_group = p->key.addr;
1047 			memset(&star_group.src, 0, sizeof(star_group.src));
1048 			star_mp = br_mdb_ip_get(br, &star_group);
1049 			if (star_mp)
1050 				br_multicast_sg_add_exclude_ports(star_mp, p);
1051 			break;
1052 		}
1053 	}
1054 
1055 	return 0;
1056 }
1057 
1058 static int __br_mdb_add(struct net *net, struct net_bridge *br,
1059 			struct net_bridge_port *p,
1060 			struct br_mdb_entry *entry,
1061 			struct nlattr **mdb_attrs,
1062 			struct netlink_ext_ack *extack)
1063 {
1064 	int ret;
1065 
1066 	spin_lock_bh(&br->multicast_lock);
1067 	ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack);
1068 	spin_unlock_bh(&br->multicast_lock);
1069 
1070 	return ret;
1071 }
1072 
1073 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1074 		      struct netlink_ext_ack *extack)
1075 {
1076 	struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1077 	struct net *net = sock_net(skb->sk);
1078 	struct net_bridge_vlan_group *vg;
1079 	struct net_bridge_port *p = NULL;
1080 	struct net_device *dev, *pdev;
1081 	struct br_mdb_entry *entry;
1082 	struct net_bridge_vlan *v;
1083 	struct net_bridge *br;
1084 	int err;
1085 
1086 	err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1087 	if (err < 0)
1088 		return err;
1089 
1090 	br = netdev_priv(dev);
1091 
1092 	if (!netif_running(br->dev)) {
1093 		NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
1094 		return -EINVAL;
1095 	}
1096 
1097 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) {
1098 		NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled");
1099 		return -EINVAL;
1100 	}
1101 
1102 	if (entry->ifindex != br->dev->ifindex) {
1103 		pdev = __dev_get_by_index(net, entry->ifindex);
1104 		if (!pdev) {
1105 			NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
1106 			return -ENODEV;
1107 		}
1108 
1109 		p = br_port_get_rtnl(pdev);
1110 		if (!p) {
1111 			NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
1112 			return -EINVAL;
1113 		}
1114 
1115 		if (p->br != br) {
1116 			NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
1117 			return -EINVAL;
1118 		}
1119 		if (p->state == BR_STATE_DISABLED) {
1120 			NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state");
1121 			return -EINVAL;
1122 		}
1123 		vg = nbp_vlan_group(p);
1124 	} else {
1125 		vg = br_vlan_group(br);
1126 	}
1127 
1128 	/* If vlan filtering is enabled and VLAN is not specified
1129 	 * install mdb entry on all vlans configured on the port.
1130 	 */
1131 	if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1132 		list_for_each_entry(v, &vg->vlan_list, vlist) {
1133 			entry->vid = v->vid;
1134 			err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1135 			if (err)
1136 				break;
1137 		}
1138 	} else {
1139 		err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1140 	}
1141 
1142 	return err;
1143 }
1144 
1145 static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry,
1146 			struct nlattr **mdb_attrs)
1147 {
1148 	struct net_bridge_mdb_entry *mp;
1149 	struct net_bridge_port_group *p;
1150 	struct net_bridge_port_group __rcu **pp;
1151 	struct br_ip ip;
1152 	int err = -EINVAL;
1153 
1154 	if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED))
1155 		return -EINVAL;
1156 
1157 	__mdb_entry_to_br_ip(entry, &ip, mdb_attrs);
1158 
1159 	spin_lock_bh(&br->multicast_lock);
1160 	mp = br_mdb_ip_get(br, &ip);
1161 	if (!mp)
1162 		goto unlock;
1163 
1164 	/* host leave */
1165 	if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) {
1166 		br_multicast_host_leave(mp, false);
1167 		err = 0;
1168 		br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB);
1169 		if (!mp->ports && netif_running(br->dev))
1170 			mod_timer(&mp->timer, jiffies);
1171 		goto unlock;
1172 	}
1173 
1174 	for (pp = &mp->ports;
1175 	     (p = mlock_dereference(*pp, br)) != NULL;
1176 	     pp = &p->next) {
1177 		if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex)
1178 			continue;
1179 
1180 		if (p->key.port->state == BR_STATE_DISABLED)
1181 			goto unlock;
1182 
1183 		br_multicast_del_pg(mp, p, pp);
1184 		err = 0;
1185 		break;
1186 	}
1187 
1188 unlock:
1189 	spin_unlock_bh(&br->multicast_lock);
1190 	return err;
1191 }
1192 
1193 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh,
1194 		      struct netlink_ext_ack *extack)
1195 {
1196 	struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1197 	struct net *net = sock_net(skb->sk);
1198 	struct net_bridge_vlan_group *vg;
1199 	struct net_bridge_port *p = NULL;
1200 	struct net_device *dev, *pdev;
1201 	struct br_mdb_entry *entry;
1202 	struct net_bridge_vlan *v;
1203 	struct net_bridge *br;
1204 	int err;
1205 
1206 	err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1207 	if (err < 0)
1208 		return err;
1209 
1210 	br = netdev_priv(dev);
1211 
1212 	if (entry->ifindex != br->dev->ifindex) {
1213 		pdev = __dev_get_by_index(net, entry->ifindex);
1214 		if (!pdev)
1215 			return -ENODEV;
1216 
1217 		p = br_port_get_rtnl(pdev);
1218 		if (!p || p->br != br || p->state == BR_STATE_DISABLED)
1219 			return -EINVAL;
1220 		vg = nbp_vlan_group(p);
1221 	} else {
1222 		vg = br_vlan_group(br);
1223 	}
1224 
1225 	/* If vlan filtering is enabled and VLAN is not specified
1226 	 * delete mdb entry on all vlans configured on the port.
1227 	 */
1228 	if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1229 		list_for_each_entry(v, &vg->vlan_list, vlist) {
1230 			entry->vid = v->vid;
1231 			err = __br_mdb_del(br, entry, mdb_attrs);
1232 		}
1233 	} else {
1234 		err = __br_mdb_del(br, entry, mdb_attrs);
1235 	}
1236 
1237 	return err;
1238 }
1239 
1240 void br_mdb_init(void)
1241 {
1242 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0);
1243 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0);
1244 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0);
1245 }
1246 
1247 void br_mdb_uninit(void)
1248 {
1249 	rtnl_unregister(PF_BRIDGE, RTM_GETMDB);
1250 	rtnl_unregister(PF_BRIDGE, RTM_NEWMDB);
1251 	rtnl_unregister(PF_BRIDGE, RTM_DELMDB);
1252 }
1253