^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Handle incoming frames
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Linux ethernet bridge
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Lennert Buytenhek <buytenh@gnu.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/etherdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/netfilter_bridge.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <net/netfilter/nf_queue.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/neighbour.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <net/arp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <net/dsa.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/rculist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include "br_private.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include "br_private_tunnel.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) br_drop_fake_rtable(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) return netif_receive_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) static int br_pass_frame_up(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct net_bridge *br = netdev_priv(brdev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) struct net_bridge_vlan_group *vg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) struct pcpu_sw_netstats *brstats = this_cpu_ptr(br->stats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) u64_stats_update_begin(&brstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) brstats->rx_packets++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) brstats->rx_bytes += skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) u64_stats_update_end(&brstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) vg = br_vlan_group_rcu(br);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) /* Bridge is just like any other port. Make sure the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * packet is allowed except in promisc modue when someone
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) * may be running packet capture.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) if (!(brdev->flags & IFF_PROMISC) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) !br_allowed_egress(vg, skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) return NET_RX_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) indev = skb->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) skb->dev = brdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) skb = br_handle_vlan(br, NULL, vg, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) return NET_RX_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) /* update the multicast stats if the packet is IGMP/MLD */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) br_multicast_count(br, NULL, skb, br_multicast_igmp_type(skb),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) BR_MCAST_DIR_TX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) dev_net(indev), NULL, skb, indev, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) br_netif_receive_skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) /* note: already called with rcu_read_lock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) struct net_bridge_port *p = br_port_get_rcu(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) enum br_pkt_type pkt_type = BR_PKT_UNICAST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) struct net_bridge_fdb_entry *dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) struct net_bridge_mdb_entry *mdst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) bool local_rcv, mcast_hit = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) struct net_bridge *br;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) u16 vid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) u8 state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (!p || p->state == BR_STATE_DISABLED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) state = p->state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) if (!br_allowed_ingress(p->br, nbp_vlan_group_rcu(p), skb, &vid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) &state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) nbp_switchdev_frame_mark(p, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) /* insert into forwarding database after filtering to avoid spoofing */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) br = p->br;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) if (p->flags & BR_LEARNING)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) local_rcv = !!(br->dev->flags & IFF_PROMISC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) if (is_multicast_ether_addr(eth_hdr(skb)->h_dest)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) /* by definition the broadcast is also a multicast address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) if (is_broadcast_ether_addr(eth_hdr(skb)->h_dest)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) pkt_type = BR_PKT_BROADCAST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) local_rcv = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) pkt_type = BR_PKT_MULTICAST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) if (br_multicast_rcv(br, p, skb, vid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) if (state == BR_STATE_LEARNING)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) BR_INPUT_SKB_CB(skb)->brdev = br->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) if (IS_ENABLED(CONFIG_INET) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) (skb->protocol == htons(ETH_P_ARP) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) skb->protocol == htons(ETH_P_RARP))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) br_do_proxy_suppress_arp(skb, br, vid, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) } else if (IS_ENABLED(CONFIG_IPV6) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) skb->protocol == htons(ETH_P_IPV6) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) pskb_may_pull(skb, sizeof(struct ipv6hdr) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) sizeof(struct nd_msg)) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) struct nd_msg *msg, _msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) msg = br_is_nd_neigh_msg(skb, &_msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) if (msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) br_do_suppress_nd(skb, br, vid, p, msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) switch (pkt_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) case BR_PKT_MULTICAST:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) mdst = br_mdb_get(br, skb, vid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) br_multicast_querier_exists(br, eth_hdr(skb))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if ((mdst && mdst->host_joined) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) br_multicast_is_router(br)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) local_rcv = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) br->dev->stats.multicast++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) mcast_hit = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) local_rcv = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) br->dev->stats.multicast++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) case BR_PKT_UNICAST:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) dst = br_fdb_find_rcu(br, eth_hdr(skb)->h_dest, vid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) if (dst) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) unsigned long now = jiffies;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) if (test_bit(BR_FDB_LOCAL, &dst->flags))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) return br_pass_frame_up(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) if (now != dst->used)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) dst->used = now;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) br_forward(dst->dst, skb, local_rcv, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) if (!mcast_hit)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) br_flood(br, skb, pkt_type, local_rcv, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) br_multicast_flood(mdst, skb, local_rcv, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) if (local_rcv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) return br_pass_frame_up(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) drop:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) EXPORT_SYMBOL_GPL(br_handle_frame_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) static void __br_handle_local_finish(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) struct net_bridge_port *p = br_port_get_rcu(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) u16 vid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) /* check if vlan is allowed, to avoid spoofing */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) if ((p->flags & BR_LEARNING) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) nbp_state_should_learn(p) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) !br_opt_get(p->br, BROPT_NO_LL_LEARN) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) br_should_learn(p, skb, &vid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) /* note: already called with rcu_read_lock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) __br_handle_local_finish(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) /* return 1 to signal the okfn() was called so it's ok to use the skb */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) static int nf_hook_bridge_pre(struct sk_buff *skb, struct sk_buff **pskb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) #ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) struct nf_hook_entries *e = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) struct nf_hook_state state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) unsigned int verdict, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) #ifdef HAVE_JUMP_LABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) if (!static_key_false(&nf_hooks_needed[NFPROTO_BRIDGE][NF_BR_PRE_ROUTING]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) goto frame_finish;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) e = rcu_dereference(net->nf.hooks_bridge[NF_BR_PRE_ROUTING]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) if (!e)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) goto frame_finish;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) nf_hook_state_init(&state, NF_BR_PRE_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) NFPROTO_BRIDGE, skb->dev, NULL, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) net, br_handle_frame_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) for (i = 0; i < e->num_hook_entries; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) verdict = nf_hook_entry_hookfn(&e->hooks[i], skb, &state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) switch (verdict & NF_VERDICT_MASK) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) case NF_ACCEPT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) if (BR_INPUT_SKB_CB(skb)->br_netfilter_broute) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) *pskb = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) case NF_DROP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) case NF_QUEUE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) ret = nf_queue(skb, &state, i, verdict);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) if (ret == 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) default: /* STOLEN */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) frame_finish:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) br_handle_frame_finish(net, NULL, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) br_handle_frame_finish(dev_net(skb->dev), NULL, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) * Return NULL if skb is handled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) * note: already called with rcu_read_lock
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) static rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) struct net_bridge_port *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) struct sk_buff *skb = *pskb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) const unsigned char *dest = eth_hdr(skb)->h_dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) skb = skb_share_check(skb, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) memset(skb->cb, 0, sizeof(struct br_input_skb_cb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) p = br_port_get_rcu(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) if (p->flags & BR_VLAN_TUNNEL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) if (br_handle_ingress_vlan_tunnel(skb, p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) nbp_vlan_group_rcu(p)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) if (unlikely(is_link_local_ether_addr(dest))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) u16 fwd_mask = p->br->group_fwd_mask_required;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) * See IEEE 802.1D Table 7-10 Reserved addresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) * Assignment Value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) * Bridge Group Address 01-80-C2-00-00-00
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) * (MAC Control) 802.3 01-80-C2-00-00-01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) * (Link Aggregation) 802.3 01-80-C2-00-00-02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) * 802.1X PAE address 01-80-C2-00-00-03
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) * 802.1AB LLDP 01-80-C2-00-00-0E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) * Others reserved for future standardization
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) fwd_mask |= p->group_fwd_mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) switch (dest[5]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) case 0x00: /* Bridge Group Address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) /* If STP is turned off,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) then must forward to keep loop detection */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) if (p->br->stp_enabled == BR_NO_STP ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) fwd_mask & (1u << dest[5]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) goto forward;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) *pskb = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) __br_handle_local_finish(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) case 0x01: /* IEEE MAC (Pause) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) case 0x0E: /* 802.1AB LLDP */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) fwd_mask |= p->br->group_fwd_mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) if (fwd_mask & (1u << dest[5]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) goto forward;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) *pskb = skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) __br_handle_local_finish(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) /* Allow selective forwarding for most other protocols */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) fwd_mask |= p->br->group_fwd_mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) if (fwd_mask & (1u << dest[5]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) goto forward;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) /* The else clause should be hit when nf_hook():
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) * - returns < 0 (drop/error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) * - returns = 0 (stolen/nf_queue)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) * Thus return 1 from the okfn() to signal the skb is ok to pass
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) dev_net(skb->dev), NULL, skb, skb->dev, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) br_handle_local_finish) == 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) if (unlikely(br_mrp_process(p, skb)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) forward:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) switch (p->state) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) case BR_STATE_FORWARDING:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) case BR_STATE_LEARNING:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) if (ether_addr_equal(p->br->dev->dev_addr, dest))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) skb->pkt_type = PACKET_HOST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) return nf_hook_bridge_pre(skb, pskb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) drop:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) return RX_HANDLER_CONSUMED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) /* This function has no purpose other than to appease the br_port_get_rcu/rtnl
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) * helpers which identify bridged ports according to the rx_handler installed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) * on them (so there _needs_ to be a bridge rx_handler even if we don't need it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) * to do anything useful). This bridge won't support traffic to/from the stack,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) * but only hardware bridging. So return RX_HANDLER_PASS so we don't steal
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) * frames from the ETH_P_XDSA packet_type handler.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) static rx_handler_result_t br_handle_frame_dummy(struct sk_buff **pskb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) return RX_HANDLER_PASS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) rx_handler_func_t *br_get_rx_handler(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) if (netdev_uses_dsa(dev))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) return br_handle_frame_dummy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) return br_handle_frame;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags