1 #include <linux/err.h> 2 #include <linux/igmp.h> 3 #include <linux/kernel.h> 4 #include <linux/netdevice.h> 5 #include <linux/rculist.h> 6 #include <linux/skbuff.h> 7 #include <linux/if_ether.h> 8 #include <net/ip.h> 9 #include <net/netlink.h> 10 #include <net/switchdev.h> 11 #if IS_ENABLED(CONFIG_IPV6) 12 #include <net/ipv6.h> 13 #include <net/addrconf.h> 14 #endif 15 16 #include "br_private.h" 17 18 static int br_rports_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 19 struct net_device *dev) 20 { 21 struct net_bridge *br = netdev_priv(dev); 22 struct net_bridge_port *p; 23 struct nlattr *nest; 24 25 if (!br->multicast_router || hlist_empty(&br->router_list)) 26 return 0; 27 28 nest = nla_nest_start(skb, MDBA_ROUTER); 29 if (nest == NULL) 30 return -EMSGSIZE; 31 32 hlist_for_each_entry_rcu(p, &br->router_list, rlist) { 33 if (p && nla_put_u32(skb, MDBA_ROUTER_PORT, p->dev->ifindex)) 34 goto fail; 35 } 36 37 nla_nest_end(skb, nest); 38 return 0; 39 fail: 40 nla_nest_cancel(skb, nest); 41 return -EMSGSIZE; 42 } 43 44 static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags) 45 { 46 e->state = flags & MDB_PG_FLAGS_PERMANENT; 47 e->flags = 0; 48 if (flags & MDB_PG_FLAGS_OFFLOAD) 49 e->flags |= MDB_FLAGS_OFFLOAD; 50 } 51 52 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 53 struct net_device *dev) 54 { 55 struct net_bridge *br = netdev_priv(dev); 56 struct net_bridge_mdb_htable *mdb; 57 struct nlattr *nest, *nest2; 58 int i, err = 0; 59 int idx = 0, s_idx = cb->args[1]; 60 61 if (br->multicast_disabled) 62 return 0; 63 64 mdb = rcu_dereference(br->mdb); 65 if (!mdb) 66 return 0; 67 68 nest = nla_nest_start(skb, MDBA_MDB); 69 if (nest == NULL) 70 return -EMSGSIZE; 71 72 for (i = 0; i < mdb->max; i++) { 73 struct net_bridge_mdb_entry *mp; 74 struct net_bridge_port_group *p; 75 struct net_bridge_port_group __rcu **pp; 76 struct net_bridge_port *port; 77 78 hlist_for_each_entry_rcu(mp, &mdb->mhash[i], hlist[mdb->ver]) { 79 if (idx < s_idx) 80 goto skip; 81 82 nest2 = nla_nest_start(skb, MDBA_MDB_ENTRY); 83 if (nest2 == NULL) { 84 err = -EMSGSIZE; 85 goto out; 86 } 87 88 for (pp = &mp->ports; 89 (p = rcu_dereference(*pp)) != NULL; 90 pp = &p->next) { 91 struct nlattr *nest_ent; 92 struct br_mdb_entry e; 93 94 port = p->port; 95 if (!port) 96 continue; 97 98 memset(&e, 0, sizeof(e)); 99 e.ifindex = port->dev->ifindex; 100 e.vid = p->addr.vid; 101 __mdb_entry_fill_flags(&e, p->flags); 102 if (p->addr.proto == htons(ETH_P_IP)) 103 e.addr.u.ip4 = p->addr.u.ip4; 104 #if IS_ENABLED(CONFIG_IPV6) 105 if (p->addr.proto == htons(ETH_P_IPV6)) 106 e.addr.u.ip6 = p->addr.u.ip6; 107 #endif 108 e.addr.proto = p->addr.proto; 109 nest_ent = nla_nest_start(skb, 110 MDBA_MDB_ENTRY_INFO); 111 if (!nest_ent) { 112 nla_nest_cancel(skb, nest2); 113 err = -EMSGSIZE; 114 goto out; 115 } 116 if (nla_put_nohdr(skb, sizeof(e), &e) || 117 nla_put_u32(skb, 118 MDBA_MDB_EATTR_TIMER, 119 br_timer_value(&p->timer))) { 120 nla_nest_cancel(skb, nest_ent); 121 nla_nest_cancel(skb, nest2); 122 err = -EMSGSIZE; 123 goto out; 124 } 125 nla_nest_end(skb, nest_ent); 126 } 127 nla_nest_end(skb, nest2); 128 skip: 129 idx++; 130 } 131 } 132 133 out: 134 cb->args[1] = idx; 135 nla_nest_end(skb, nest); 136 return err; 137 } 138 139 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb) 140 { 141 struct net_device *dev; 142 struct net *net = sock_net(skb->sk); 143 struct nlmsghdr *nlh = NULL; 144 int idx = 0, s_idx; 145 146 s_idx = cb->args[0]; 147 148 rcu_read_lock(); 149 150 /* In theory this could be wrapped to 0... */ 151 cb->seq = net->dev_base_seq + br_mdb_rehash_seq; 152 153 for_each_netdev_rcu(net, dev) { 154 if (dev->priv_flags & IFF_EBRIDGE) { 155 struct br_port_msg *bpm; 156 157 if (idx < s_idx) 158 goto skip; 159 160 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, 161 cb->nlh->nlmsg_seq, RTM_GETMDB, 162 sizeof(*bpm), NLM_F_MULTI); 163 if (nlh == NULL) 164 break; 165 166 bpm = nlmsg_data(nlh); 167 memset(bpm, 0, sizeof(*bpm)); 168 bpm->ifindex = dev->ifindex; 169 if (br_mdb_fill_info(skb, cb, dev) < 0) 170 goto out; 171 if (br_rports_fill_info(skb, cb, dev) < 0) 172 goto out; 173 174 cb->args[1] = 0; 175 nlmsg_end(skb, nlh); 176 skip: 177 idx++; 178 } 179 } 180 181 out: 182 if (nlh) 183 nlmsg_end(skb, nlh); 184 rcu_read_unlock(); 185 cb->args[0] = idx; 186 return skb->len; 187 } 188 189 static int nlmsg_populate_mdb_fill(struct sk_buff *skb, 190 struct net_device *dev, 191 struct br_mdb_entry *entry, u32 pid, 192 u32 seq, int type, unsigned int flags) 193 { 194 struct nlmsghdr *nlh; 195 struct br_port_msg *bpm; 196 struct nlattr *nest, *nest2; 197 198 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); 199 if (!nlh) 200 return -EMSGSIZE; 201 202 bpm = nlmsg_data(nlh); 203 memset(bpm, 0, sizeof(*bpm)); 204 bpm->family = AF_BRIDGE; 205 bpm->ifindex = dev->ifindex; 206 nest = nla_nest_start(skb, MDBA_MDB); 207 if (nest == NULL) 208 goto cancel; 209 nest2 = nla_nest_start(skb, MDBA_MDB_ENTRY); 210 if (nest2 == NULL) 211 goto end; 212 213 if (nla_put(skb, MDBA_MDB_ENTRY_INFO, sizeof(*entry), entry)) 214 goto end; 215 216 nla_nest_end(skb, nest2); 217 nla_nest_end(skb, nest); 218 nlmsg_end(skb, nlh); 219 return 0; 220 221 end: 222 nla_nest_end(skb, nest); 223 cancel: 224 nlmsg_cancel(skb, nlh); 225 return -EMSGSIZE; 226 } 227 228 static inline size_t rtnl_mdb_nlmsg_size(void) 229 { 230 return NLMSG_ALIGN(sizeof(struct br_port_msg)) 231 + nla_total_size(sizeof(struct br_mdb_entry)); 232 } 233 234 static void __br_mdb_notify(struct net_device *dev, struct br_mdb_entry *entry, 235 int type, struct net_bridge_port_group *pg) 236 { 237 struct switchdev_obj_port_mdb mdb = { 238 .obj = { 239 .id = SWITCHDEV_OBJ_ID_PORT_MDB, 240 .flags = SWITCHDEV_F_DEFER, 241 }, 242 .vid = entry->vid, 243 }; 244 struct net_device *port_dev; 245 struct net *net = dev_net(dev); 246 struct sk_buff *skb; 247 int err = -ENOBUFS; 248 249 port_dev = __dev_get_by_index(net, entry->ifindex); 250 if (entry->addr.proto == htons(ETH_P_IP)) 251 ip_eth_mc_map(entry->addr.u.ip4, mdb.addr); 252 #if IS_ENABLED(CONFIG_IPV6) 253 else 254 ipv6_eth_mc_map(&entry->addr.u.ip6, mdb.addr); 255 #endif 256 257 mdb.obj.orig_dev = port_dev; 258 if (port_dev && type == RTM_NEWMDB) { 259 err = switchdev_port_obj_add(port_dev, &mdb.obj); 260 if (!err && pg) 261 pg->flags |= MDB_PG_FLAGS_OFFLOAD; 262 } else if (port_dev && type == RTM_DELMDB) { 263 switchdev_port_obj_del(port_dev, &mdb.obj); 264 } 265 266 skb = nlmsg_new(rtnl_mdb_nlmsg_size(), GFP_ATOMIC); 267 if (!skb) 268 goto errout; 269 270 err = nlmsg_populate_mdb_fill(skb, dev, entry, 0, 0, type, NTF_SELF); 271 if (err < 0) { 272 kfree_skb(skb); 273 goto errout; 274 } 275 276 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 277 return; 278 errout: 279 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 280 } 281 282 void br_mdb_notify(struct net_device *dev, struct net_bridge_port_group *pg, 283 int type) 284 { 285 struct br_mdb_entry entry; 286 287 memset(&entry, 0, sizeof(entry)); 288 entry.ifindex = pg->port->dev->ifindex; 289 entry.addr.proto = pg->addr.proto; 290 entry.addr.u.ip4 = pg->addr.u.ip4; 291 #if IS_ENABLED(CONFIG_IPV6) 292 entry.addr.u.ip6 = pg->addr.u.ip6; 293 #endif 294 entry.vid = pg->addr.vid; 295 __mdb_entry_fill_flags(&entry, pg->flags); 296 __br_mdb_notify(dev, &entry, type, pg); 297 } 298 299 static int nlmsg_populate_rtr_fill(struct sk_buff *skb, 300 struct net_device *dev, 301 int ifindex, u32 pid, 302 u32 seq, int type, unsigned int flags) 303 { 304 struct br_port_msg *bpm; 305 struct nlmsghdr *nlh; 306 struct nlattr *nest; 307 308 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), NLM_F_MULTI); 309 if (!nlh) 310 return -EMSGSIZE; 311 312 bpm = nlmsg_data(nlh); 313 memset(bpm, 0, sizeof(*bpm)); 314 bpm->family = AF_BRIDGE; 315 bpm->ifindex = dev->ifindex; 316 nest = nla_nest_start(skb, MDBA_ROUTER); 317 if (!nest) 318 goto cancel; 319 320 if (nla_put_u32(skb, MDBA_ROUTER_PORT, ifindex)) 321 goto end; 322 323 nla_nest_end(skb, nest); 324 nlmsg_end(skb, nlh); 325 return 0; 326 327 end: 328 nla_nest_end(skb, nest); 329 cancel: 330 nlmsg_cancel(skb, nlh); 331 return -EMSGSIZE; 332 } 333 334 static inline size_t rtnl_rtr_nlmsg_size(void) 335 { 336 return NLMSG_ALIGN(sizeof(struct br_port_msg)) 337 + nla_total_size(sizeof(__u32)); 338 } 339 340 void br_rtr_notify(struct net_device *dev, struct net_bridge_port *port, 341 int type) 342 { 343 struct net *net = dev_net(dev); 344 struct sk_buff *skb; 345 int err = -ENOBUFS; 346 int ifindex; 347 348 ifindex = port ? port->dev->ifindex : 0; 349 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC); 350 if (!skb) 351 goto errout; 352 353 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, 0, 0, type, NTF_SELF); 354 if (err < 0) { 355 kfree_skb(skb); 356 goto errout; 357 } 358 359 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 360 return; 361 362 errout: 363 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 364 } 365 366 static bool is_valid_mdb_entry(struct br_mdb_entry *entry) 367 { 368 if (entry->ifindex == 0) 369 return false; 370 371 if (entry->addr.proto == htons(ETH_P_IP)) { 372 if (!ipv4_is_multicast(entry->addr.u.ip4)) 373 return false; 374 if (ipv4_is_local_multicast(entry->addr.u.ip4)) 375 return false; 376 #if IS_ENABLED(CONFIG_IPV6) 377 } else if (entry->addr.proto == htons(ETH_P_IPV6)) { 378 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) 379 return false; 380 #endif 381 } else 382 return false; 383 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) 384 return false; 385 if (entry->vid >= VLAN_VID_MASK) 386 return false; 387 388 return true; 389 } 390 391 static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, 392 struct net_device **pdev, struct br_mdb_entry **pentry) 393 { 394 struct net *net = sock_net(skb->sk); 395 struct br_mdb_entry *entry; 396 struct br_port_msg *bpm; 397 struct nlattr *tb[MDBA_SET_ENTRY_MAX+1]; 398 struct net_device *dev; 399 int err; 400 401 err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY_MAX, NULL); 402 if (err < 0) 403 return err; 404 405 bpm = nlmsg_data(nlh); 406 if (bpm->ifindex == 0) { 407 pr_info("PF_BRIDGE: br_mdb_parse() with invalid ifindex\n"); 408 return -EINVAL; 409 } 410 411 dev = __dev_get_by_index(net, bpm->ifindex); 412 if (dev == NULL) { 413 pr_info("PF_BRIDGE: br_mdb_parse() with unknown ifindex\n"); 414 return -ENODEV; 415 } 416 417 if (!(dev->priv_flags & IFF_EBRIDGE)) { 418 pr_info("PF_BRIDGE: br_mdb_parse() with non-bridge\n"); 419 return -EOPNOTSUPP; 420 } 421 422 *pdev = dev; 423 424 if (!tb[MDBA_SET_ENTRY] || 425 nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) { 426 pr_info("PF_BRIDGE: br_mdb_parse() with invalid attr\n"); 427 return -EINVAL; 428 } 429 430 entry = nla_data(tb[MDBA_SET_ENTRY]); 431 if (!is_valid_mdb_entry(entry)) { 432 pr_info("PF_BRIDGE: br_mdb_parse() with invalid entry\n"); 433 return -EINVAL; 434 } 435 436 *pentry = entry; 437 return 0; 438 } 439 440 static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port, 441 struct br_ip *group, unsigned char state, 442 struct net_bridge_port_group **pg) 443 { 444 struct net_bridge_mdb_entry *mp; 445 struct net_bridge_port_group *p; 446 struct net_bridge_port_group __rcu **pp; 447 struct net_bridge_mdb_htable *mdb; 448 unsigned long now = jiffies; 449 int err; 450 451 mdb = mlock_dereference(br->mdb, br); 452 mp = br_mdb_ip_get(mdb, group); 453 if (!mp) { 454 mp = br_multicast_new_group(br, port, group); 455 err = PTR_ERR_OR_ZERO(mp); 456 if (err) 457 return err; 458 } 459 460 for (pp = &mp->ports; 461 (p = mlock_dereference(*pp, br)) != NULL; 462 pp = &p->next) { 463 if (p->port == port) 464 return -EEXIST; 465 if ((unsigned long)p->port < (unsigned long)port) 466 break; 467 } 468 469 p = br_multicast_new_port_group(port, group, *pp, state); 470 if (unlikely(!p)) 471 return -ENOMEM; 472 rcu_assign_pointer(*pp, p); 473 *pg = p; 474 if (state == MDB_TEMPORARY) 475 mod_timer(&p->timer, now + br->multicast_membership_interval); 476 477 return 0; 478 } 479 480 static int __br_mdb_add(struct net *net, struct net_bridge *br, 481 struct br_mdb_entry *entry, 482 struct net_bridge_port_group **pg) 483 { 484 struct br_ip ip; 485 struct net_device *dev; 486 struct net_bridge_port *p; 487 int ret; 488 489 if (!netif_running(br->dev) || br->multicast_disabled) 490 return -EINVAL; 491 492 dev = __dev_get_by_index(net, entry->ifindex); 493 if (!dev) 494 return -ENODEV; 495 496 p = br_port_get_rtnl(dev); 497 if (!p || p->br != br || p->state == BR_STATE_DISABLED) 498 return -EINVAL; 499 500 memset(&ip, 0, sizeof(ip)); 501 ip.vid = entry->vid; 502 ip.proto = entry->addr.proto; 503 if (ip.proto == htons(ETH_P_IP)) 504 ip.u.ip4 = entry->addr.u.ip4; 505 #if IS_ENABLED(CONFIG_IPV6) 506 else 507 ip.u.ip6 = entry->addr.u.ip6; 508 #endif 509 510 spin_lock_bh(&br->multicast_lock); 511 ret = br_mdb_add_group(br, p, &ip, entry->state, pg); 512 spin_unlock_bh(&br->multicast_lock); 513 return ret; 514 } 515 516 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh) 517 { 518 struct net *net = sock_net(skb->sk); 519 struct net_bridge_port_group *pg; 520 struct net_bridge_vlan_group *vg; 521 struct net_device *dev, *pdev; 522 struct br_mdb_entry *entry; 523 struct net_bridge_port *p; 524 struct net_bridge_vlan *v; 525 struct net_bridge *br; 526 int err; 527 528 err = br_mdb_parse(skb, nlh, &dev, &entry); 529 if (err < 0) 530 return err; 531 532 br = netdev_priv(dev); 533 534 /* If vlan filtering is enabled and VLAN is not specified 535 * install mdb entry on all vlans configured on the port. 536 */ 537 pdev = __dev_get_by_index(net, entry->ifindex); 538 if (!pdev) 539 return -ENODEV; 540 541 p = br_port_get_rtnl(pdev); 542 if (!p || p->br != br || p->state == BR_STATE_DISABLED) 543 return -EINVAL; 544 545 vg = nbp_vlan_group(p); 546 if (br_vlan_enabled(br) && vg && entry->vid == 0) { 547 list_for_each_entry(v, &vg->vlan_list, vlist) { 548 entry->vid = v->vid; 549 err = __br_mdb_add(net, br, entry, &pg); 550 if (err) 551 break; 552 __br_mdb_notify(dev, entry, RTM_NEWMDB, pg); 553 } 554 } else { 555 err = __br_mdb_add(net, br, entry, &pg); 556 if (!err) 557 __br_mdb_notify(dev, entry, RTM_NEWMDB, pg); 558 } 559 560 return err; 561 } 562 563 static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry) 564 { 565 struct net_bridge_mdb_htable *mdb; 566 struct net_bridge_mdb_entry *mp; 567 struct net_bridge_port_group *p; 568 struct net_bridge_port_group __rcu **pp; 569 struct br_ip ip; 570 int err = -EINVAL; 571 572 if (!netif_running(br->dev) || br->multicast_disabled) 573 return -EINVAL; 574 575 memset(&ip, 0, sizeof(ip)); 576 ip.vid = entry->vid; 577 ip.proto = entry->addr.proto; 578 if (ip.proto == htons(ETH_P_IP)) 579 ip.u.ip4 = entry->addr.u.ip4; 580 #if IS_ENABLED(CONFIG_IPV6) 581 else 582 ip.u.ip6 = entry->addr.u.ip6; 583 #endif 584 585 spin_lock_bh(&br->multicast_lock); 586 mdb = mlock_dereference(br->mdb, br); 587 588 mp = br_mdb_ip_get(mdb, &ip); 589 if (!mp) 590 goto unlock; 591 592 for (pp = &mp->ports; 593 (p = mlock_dereference(*pp, br)) != NULL; 594 pp = &p->next) { 595 if (!p->port || p->port->dev->ifindex != entry->ifindex) 596 continue; 597 598 if (p->port->state == BR_STATE_DISABLED) 599 goto unlock; 600 601 __mdb_entry_fill_flags(entry, p->flags); 602 rcu_assign_pointer(*pp, p->next); 603 hlist_del_init(&p->mglist); 604 del_timer(&p->timer); 605 call_rcu_bh(&p->rcu, br_multicast_free_pg); 606 err = 0; 607 608 if (!mp->ports && !mp->mglist && 609 netif_running(br->dev)) 610 mod_timer(&mp->timer, jiffies); 611 break; 612 } 613 614 unlock: 615 spin_unlock_bh(&br->multicast_lock); 616 return err; 617 } 618 619 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh) 620 { 621 struct net *net = sock_net(skb->sk); 622 struct net_bridge_vlan_group *vg; 623 struct net_device *dev, *pdev; 624 struct br_mdb_entry *entry; 625 struct net_bridge_port *p; 626 struct net_bridge_vlan *v; 627 struct net_bridge *br; 628 int err; 629 630 err = br_mdb_parse(skb, nlh, &dev, &entry); 631 if (err < 0) 632 return err; 633 634 br = netdev_priv(dev); 635 636 /* If vlan filtering is enabled and VLAN is not specified 637 * delete mdb entry on all vlans configured on the port. 638 */ 639 pdev = __dev_get_by_index(net, entry->ifindex); 640 if (!pdev) 641 return -ENODEV; 642 643 p = br_port_get_rtnl(pdev); 644 if (!p || p->br != br || p->state == BR_STATE_DISABLED) 645 return -EINVAL; 646 647 vg = nbp_vlan_group(p); 648 if (br_vlan_enabled(br) && vg && entry->vid == 0) { 649 list_for_each_entry(v, &vg->vlan_list, vlist) { 650 entry->vid = v->vid; 651 err = __br_mdb_del(br, entry); 652 if (!err) 653 __br_mdb_notify(dev, entry, RTM_DELMDB, NULL); 654 } 655 } else { 656 err = __br_mdb_del(br, entry); 657 if (!err) 658 __br_mdb_notify(dev, entry, RTM_DELMDB, NULL); 659 } 660 661 return err; 662 } 663 664 void br_mdb_init(void) 665 { 666 rtnl_register(PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, NULL); 667 rtnl_register(PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, NULL); 668 rtnl_register(PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, NULL); 669 } 670 671 void br_mdb_uninit(void) 672 { 673 rtnl_unregister(PF_BRIDGE, RTM_GETMDB); 674 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB); 675 rtnl_unregister(PF_BRIDGE, RTM_DELMDB); 676 } 677