projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge tag 'mm-hotfixes-stable-2025-07-11-16-16' of git://git.kernel.org/pub/scm/linux...
[linux-2.6-block.git] / net / bridge / br_mdb.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0
2#include <linux/err.h>
3#include <linux/igmp.h>
4#include <linux/kernel.h>
5#include <linux/netdevice.h>
6#include <linux/rculist.h>
7#include <linux/skbuff.h>
8#include <linux/if_ether.h>
9#include <net/ip.h>
10#include <net/netlink.h>
11#include <net/switchdev.h>
12#if IS_ENABLED(CONFIG_IPV6)
13#include <net/ipv6.h>
14#include <net/addrconf.h>
15#endif
16
17#include "br_private.h"
18
19static bool
20br_ip4_rports_get_timer(struct net_bridge_mcast_port *pmctx,
21 unsigned long *timer)
22{
23 *timer = br_timer_value(&pmctx->ip4_mc_router_timer);
24 return !hlist_unhashed(&pmctx->ip4_rlist);
25}
26
27static bool
28br_ip6_rports_get_timer(struct net_bridge_mcast_port *pmctx,
29 unsigned long *timer)
30{
31#if IS_ENABLED(CONFIG_IPV6)
32 *timer = br_timer_value(&pmctx->ip6_mc_router_timer);
33 return !hlist_unhashed(&pmctx->ip6_rlist);
34#else
35 *timer = 0;
36 return false;
37#endif
38}
39
40static size_t __br_rports_one_size(void)
41{
42 return nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PORT */
43 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_TIMER */
44 nla_total_size(sizeof(u8)) + /* MDBA_ROUTER_PATTR_TYPE */
45 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET_TIMER */
46 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET6_TIMER */
47 nla_total_size(sizeof(u32)); /* MDBA_ROUTER_PATTR_VID */
48}
49
50size_t br_rports_size(const struct net_bridge_mcast *brmctx)
51{
52 struct net_bridge_mcast_port *pmctx;
53 size_t size = nla_total_size(0); /* MDBA_ROUTER */
54
55 rcu_read_lock();
56 hlist_for_each_entry_rcu(pmctx, &brmctx->ip4_mc_router_list,
57 ip4_rlist)
58 size += __br_rports_one_size();
59
60#if IS_ENABLED(CONFIG_IPV6)
61 hlist_for_each_entry_rcu(pmctx, &brmctx->ip6_mc_router_list,
62 ip6_rlist)
63 size += __br_rports_one_size();
64#endif
65 rcu_read_unlock();
66
67 return size;
68}
69
70int br_rports_fill_info(struct sk_buff *skb,
71 const struct net_bridge_mcast *brmctx)
72{
73 u16 vid = brmctx->vlan ? brmctx->vlan->vid : 0;
74 bool have_ip4_mc_rtr, have_ip6_mc_rtr;
75 unsigned long ip4_timer, ip6_timer;
76 struct nlattr *nest, *port_nest;
77 struct net_bridge_port *p;
78
79 if (!brmctx->multicast_router || !br_rports_have_mc_router(brmctx))
80 return 0;
81
82 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
83 if (nest == NULL)
84 return -EMSGSIZE;
85
86 list_for_each_entry_rcu(p, &brmctx->br->port_list, list) {
87 struct net_bridge_mcast_port *pmctx;
88
89 if (vid) {
90 struct net_bridge_vlan *v;
91
92 v = br_vlan_find(nbp_vlan_group(p), vid);
93 if (!v)
94 continue;
95 pmctx = &v->port_mcast_ctx;
96 } else {
97 pmctx = &p->multicast_ctx;
98 }
99
100 have_ip4_mc_rtr = br_ip4_rports_get_timer(pmctx, &ip4_timer);
101 have_ip6_mc_rtr = br_ip6_rports_get_timer(pmctx, &ip6_timer);
102
103 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr)
104 continue;
105
106 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
107 if (!port_nest)
108 goto fail;
109
110 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) ||
111 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER,
112 max(ip4_timer, ip6_timer)) ||
113 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE,
114 p->multicast_ctx.multicast_router) ||
115 (have_ip4_mc_rtr &&
116 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER,
117 ip4_timer)) ||
118 (have_ip6_mc_rtr &&
119 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER,
120 ip6_timer)) ||
121 (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid))) {
122 nla_nest_cancel(skb, port_nest);
123 goto fail;
124 }
125 nla_nest_end(skb, port_nest);
126 }
127
128 nla_nest_end(skb, nest);
129 return 0;
130fail:
131 nla_nest_cancel(skb, nest);
132 return -EMSGSIZE;
133}
134
135static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags)
136{
137 e->state = flags & MDB_PG_FLAGS_PERMANENT;
138 e->flags = 0;
139 if (flags & MDB_PG_FLAGS_OFFLOAD)
140 e->flags |= MDB_FLAGS_OFFLOAD;
141 if (flags & MDB_PG_FLAGS_FAST_LEAVE)
142 e->flags |= MDB_FLAGS_FAST_LEAVE;
143 if (flags & MDB_PG_FLAGS_STAR_EXCL)
144 e->flags |= MDB_FLAGS_STAR_EXCL;
145 if (flags & MDB_PG_FLAGS_BLOCKED)
146 e->flags |= MDB_FLAGS_BLOCKED;
147 if (flags & MDB_PG_FLAGS_OFFLOAD_FAILED)
148 e->flags |= MDB_FLAGS_OFFLOAD_FAILED;
149}
150
151static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
152 struct nlattr **mdb_attrs)
153{
154 memset(ip, 0, sizeof(struct br_ip));
155 ip->vid = entry->vid;
156 ip->proto = entry->addr.proto;
157 switch (ip->proto) {
158 case htons(ETH_P_IP):
159 ip->dst.ip4 = entry->addr.u.ip4;
160 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
161 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
162 break;
163#if IS_ENABLED(CONFIG_IPV6)
164 case htons(ETH_P_IPV6):
165 ip->dst.ip6 = entry->addr.u.ip6;
166 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
167 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
168 break;
169#endif
170 default:
171 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr);
172 }
173
174}
175
176static int __mdb_fill_srcs(struct sk_buff *skb,
177 struct net_bridge_port_group *p)
178{
179 struct net_bridge_group_src *ent;
180 struct nlattr *nest, *nest_ent;
181
182 if (hlist_empty(&p->src_list))
183 return 0;
184
185 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST);
186 if (!nest)
187 return -EMSGSIZE;
188
189 hlist_for_each_entry_rcu(ent, &p->src_list, node,
190 lockdep_is_held(&p->key.port->br->multicast_lock)) {
191 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY);
192 if (!nest_ent)
193 goto out_cancel_err;
194 switch (ent->addr.proto) {
195 case htons(ETH_P_IP):
196 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
197 ent->addr.src.ip4)) {
198 nla_nest_cancel(skb, nest_ent);
199 goto out_cancel_err;
200 }
201 break;
202#if IS_ENABLED(CONFIG_IPV6)
203 case htons(ETH_P_IPV6):
204 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
205 &ent->addr.src.ip6)) {
206 nla_nest_cancel(skb, nest_ent);
207 goto out_cancel_err;
208 }
209 break;
210#endif
211 default:
212 nla_nest_cancel(skb, nest_ent);
213 continue;
214 }
215 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER,
216 br_timer_value(&ent->timer))) {
217 nla_nest_cancel(skb, nest_ent);
218 goto out_cancel_err;
219 }
220 nla_nest_end(skb, nest_ent);
221 }
222
223 nla_nest_end(skb, nest);
224
225 return 0;
226
227out_cancel_err:
228 nla_nest_cancel(skb, nest);
229 return -EMSGSIZE;
230}
231
232static int __mdb_fill_info(struct sk_buff *skb,
233 struct net_bridge_mdb_entry *mp,
234 struct net_bridge_port_group *p)
235{
236 bool dump_srcs_mode = false;
237 struct timer_list *mtimer;
238 struct nlattr *nest_ent;
239 struct br_mdb_entry e;
240 u8 flags = 0;
241 int ifindex;
242
243 memset(&e, 0, sizeof(e));
244 if (p) {
245 ifindex = p->key.port->dev->ifindex;
246 mtimer = &p->timer;
247 flags = p->flags;
248 } else {
249 ifindex = mp->br->dev->ifindex;
250 mtimer = &mp->timer;
251 }
252
253 __mdb_entry_fill_flags(&e, flags);
254 e.ifindex = ifindex;
255 e.vid = mp->addr.vid;
256 if (mp->addr.proto == htons(ETH_P_IP)) {
257 e.addr.u.ip4 = mp->addr.dst.ip4;
258#if IS_ENABLED(CONFIG_IPV6)
259 } else if (mp->addr.proto == htons(ETH_P_IPV6)) {
260 e.addr.u.ip6 = mp->addr.dst.ip6;
261#endif
262 } else {
263 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
264 e.state = MDB_PERMANENT;
265 }
266 e.addr.proto = mp->addr.proto;
267 nest_ent = nla_nest_start_noflag(skb,
268 MDBA_MDB_ENTRY_INFO);
269 if (!nest_ent)
270 return -EMSGSIZE;
271
272 if (nla_put_nohdr(skb, sizeof(e), &e) ||
273 nla_put_u32(skb,
274 MDBA_MDB_EATTR_TIMER,
275 br_timer_value(mtimer)))
276 goto nest_err;
277
278 switch (mp->addr.proto) {
279 case htons(ETH_P_IP):
280 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_igmp_version == 3);
281 if (mp->addr.src.ip4) {
282 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE,
283 mp->addr.src.ip4))
284 goto nest_err;
285 break;
286 }
287 break;
288#if IS_ENABLED(CONFIG_IPV6)
289 case htons(ETH_P_IPV6):
290 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_mld_version == 2);
291 if (!ipv6_addr_any(&mp->addr.src.ip6)) {
292 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE,
293 &mp->addr.src.ip6))
294 goto nest_err;
295 break;
296 }
297 break;
298#endif
299 default:
300 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
301 }
302 if (p) {
303 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol))
304 goto nest_err;
305 if (dump_srcs_mode &&
306 (__mdb_fill_srcs(skb, p) ||
307 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE,
308 p->filter_mode)))
309 goto nest_err;
310 }
311 nla_nest_end(skb, nest_ent);
312
313 return 0;
314
315nest_err:
316 nla_nest_cancel(skb, nest_ent);
317 return -EMSGSIZE;
318}
319
320static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
321 struct net_device *dev)
322{
323 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2];
324 struct net_bridge *br = netdev_priv(dev);
325 struct net_bridge_mdb_entry *mp;
326 struct nlattr *nest, *nest2;
327
328 nest = nla_nest_start_noflag(skb, MDBA_MDB);
329 if (nest == NULL)
330 return -EMSGSIZE;
331
332 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
333 struct net_bridge_port_group *p;
334 struct net_bridge_port_group __rcu **pp;
335
336 if (idx < s_idx)
337 goto skip;
338
339 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
340 if (!nest2) {
341 err = -EMSGSIZE;
342 break;
343 }
344
345 if (!s_pidx && mp->host_joined) {
346 err = __mdb_fill_info(skb, mp, NULL);
347 if (err) {
348 nla_nest_cancel(skb, nest2);
349 break;
350 }
351 }
352
353 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
354 pp = &p->next) {
355 if (!p->key.port)
356 continue;
357 if (pidx < s_pidx)
358 goto skip_pg;
359
360 err = __mdb_fill_info(skb, mp, p);
361 if (err) {
362 nla_nest_end(skb, nest2);
363 goto out;
364 }
365skip_pg:
366 pidx++;
367 }
368 pidx = 0;
369 s_pidx = 0;
370 nla_nest_end(skb, nest2);
371skip:
372 idx++;
373 }
374
375out:
376 cb->args[1] = idx;
377 cb->args[2] = pidx;
378 nla_nest_end(skb, nest);
379 return err;
380}
381
382int br_mdb_dump(struct net_device *dev, struct sk_buff *skb,
383 struct netlink_callback *cb)
384{
385 struct net_bridge *br = netdev_priv(dev);
386 struct br_port_msg *bpm;
387 struct nlmsghdr *nlh;
388 int err;
389
390 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
391 cb->nlh->nlmsg_seq, RTM_GETMDB, sizeof(*bpm),
392 NLM_F_MULTI);
393 if (!nlh)
394 return -EMSGSIZE;
395
396 bpm = nlmsg_data(nlh);
397 memset(bpm, 0, sizeof(*bpm));
398 bpm->ifindex = dev->ifindex;
399
400 rcu_read_lock();
401
402 err = br_mdb_fill_info(skb, cb, dev);
403 if (err)
404 goto out;
405 err = br_rports_fill_info(skb, &br->multicast_ctx);
406 if (err)
407 goto out;
408
409out:
410 rcu_read_unlock();
411 nlmsg_end(skb, nlh);
412 return err;
413}
414
415static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
416 struct net_device *dev,
417 struct net_bridge_mdb_entry *mp,
418 struct net_bridge_port_group *pg,
419 int type)
420{
421 struct nlmsghdr *nlh;
422 struct br_port_msg *bpm;
423 struct nlattr *nest, *nest2;
424
425 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0);
426 if (!nlh)
427 return -EMSGSIZE;
428
429 bpm = nlmsg_data(nlh);
430 memset(bpm, 0, sizeof(*bpm));
431 bpm->family = AF_BRIDGE;
432 bpm->ifindex = dev->ifindex;
433 nest = nla_nest_start_noflag(skb, MDBA_MDB);
434 if (nest == NULL)
435 goto cancel;
436 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
437 if (nest2 == NULL)
438 goto end;
439
440 if (__mdb_fill_info(skb, mp, pg))
441 goto end;
442
443 nla_nest_end(skb, nest2);
444 nla_nest_end(skb, nest);
445 nlmsg_end(skb, nlh);
446 return 0;
447
448end:
449 nla_nest_end(skb, nest);
450cancel:
451 nlmsg_cancel(skb, nlh);
452 return -EMSGSIZE;
453}
454
455static size_t rtnl_mdb_nlmsg_pg_size(const struct net_bridge_port_group *pg)
456{
457 struct net_bridge_group_src *ent;
458 size_t nlmsg_size, addr_size = 0;
459
460 /* MDBA_MDB_ENTRY_INFO */
461 nlmsg_size = nla_total_size(sizeof(struct br_mdb_entry)) +
462 /* MDBA_MDB_EATTR_TIMER */
463 nla_total_size(sizeof(u32));
464
465 if (!pg)
466 goto out;
467
468 /* MDBA_MDB_EATTR_RTPROT */
469 nlmsg_size += nla_total_size(sizeof(u8));
470
471 switch (pg->key.addr.proto) {
472 case htons(ETH_P_IP):
473 /* MDBA_MDB_EATTR_SOURCE */
474 if (pg->key.addr.src.ip4)
475 nlmsg_size += nla_total_size(sizeof(__be32));
476 if (pg->key.port->br->multicast_ctx.multicast_igmp_version == 2)
477 goto out;
478 addr_size = sizeof(__be32);
479 break;
480#if IS_ENABLED(CONFIG_IPV6)
481 case htons(ETH_P_IPV6):
482 /* MDBA_MDB_EATTR_SOURCE */
483 if (!ipv6_addr_any(&pg->key.addr.src.ip6))
484 nlmsg_size += nla_total_size(sizeof(struct in6_addr));
485 if (pg->key.port->br->multicast_ctx.multicast_mld_version == 1)
486 goto out;
487 addr_size = sizeof(struct in6_addr);
488 break;
489#endif
490 }
491
492 /* MDBA_MDB_EATTR_GROUP_MODE */
493 nlmsg_size += nla_total_size(sizeof(u8));
494
495 /* MDBA_MDB_EATTR_SRC_LIST nested attr */
496 if (!hlist_empty(&pg->src_list))
497 nlmsg_size += nla_total_size(0);
498
499 hlist_for_each_entry(ent, &pg->src_list, node) {
500 /* MDBA_MDB_SRCLIST_ENTRY nested attr +
501 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER
502 */
503 nlmsg_size += nla_total_size(0) +
504 nla_total_size(addr_size) +
505 nla_total_size(sizeof(u32));
506 }
507out:
508 return nlmsg_size;
509}
510
511static size_t rtnl_mdb_nlmsg_size(const struct net_bridge_port_group *pg)
512{
513 return NLMSG_ALIGN(sizeof(struct br_port_msg)) +
514 /* MDBA_MDB */
515 nla_total_size(0) +
516 /* MDBA_MDB_ENTRY */
517 nla_total_size(0) +
518 /* Port group entry */
519 rtnl_mdb_nlmsg_pg_size(pg);
520}
521
522static void __br_mdb_notify(struct net_device *dev,
523 struct net_bridge_mdb_entry *mp,
524 struct net_bridge_port_group *pg,
525 int type, bool notify_switchdev)
526{
527 struct net *net = dev_net(dev);
528 struct sk_buff *skb;
529 int err = -ENOBUFS;
530
531 if (notify_switchdev)
532 br_switchdev_mdb_notify(dev, mp, pg, type);
533
534 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC);
535 if (!skb)
536 goto errout;
537
538 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type);
539 if (err < 0) {
540 kfree_skb(skb);
541 goto errout;
542 }
543
544 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
545 return;
546errout:
547 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
548}
549
550void br_mdb_notify(struct net_device *dev,
551 struct net_bridge_mdb_entry *mp,
552 struct net_bridge_port_group *pg,
553 int type)
554{
555 __br_mdb_notify(dev, mp, pg, type, true);
556}
557
558void br_mdb_flag_change_notify(struct net_device *dev,
559 struct net_bridge_mdb_entry *mp,
560 struct net_bridge_port_group *pg)
561{
562 __br_mdb_notify(dev, mp, pg, RTM_NEWMDB, false);
563}
564
565static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
566 struct net_device *dev,
567 int ifindex, u16 vid, u32 pid,
568 u32 seq, int type, unsigned int flags)
569{
570 struct nlattr *nest, *port_nest;
571 struct br_port_msg *bpm;
572 struct nlmsghdr *nlh;
573
574 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
575 if (!nlh)
576 return -EMSGSIZE;
577
578 bpm = nlmsg_data(nlh);
579 memset(bpm, 0, sizeof(*bpm));
580 bpm->family = AF_BRIDGE;
581 bpm->ifindex = dev->ifindex;
582 nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
583 if (!nest)
584 goto cancel;
585
586 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
587 if (!port_nest)
588 goto end;
589 if (nla_put_nohdr(skb, sizeof(u32), &ifindex)) {
590 nla_nest_cancel(skb, port_nest);
591 goto end;
592 }
593 if (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid)) {
594 nla_nest_cancel(skb, port_nest);
595 goto end;
596 }
597 nla_nest_end(skb, port_nest);
598
599 nla_nest_end(skb, nest);
600 nlmsg_end(skb, nlh);
601 return 0;
602
603end:
604 nla_nest_end(skb, nest);
605cancel:
606 nlmsg_cancel(skb, nlh);
607 return -EMSGSIZE;
608}
609
610static inline size_t rtnl_rtr_nlmsg_size(void)
611{
612 return NLMSG_ALIGN(sizeof(struct br_port_msg))
613 + nla_total_size(sizeof(__u32))
614 + nla_total_size(sizeof(u16));
615}
616
617void br_rtr_notify(struct net_device *dev, struct net_bridge_mcast_port *pmctx,
618 int type)
619{
620 struct net *net = dev_net(dev);
621 struct sk_buff *skb;
622 int err = -ENOBUFS;
623 int ifindex;
624 u16 vid;
625
626 ifindex = pmctx ? pmctx->port->dev->ifindex : 0;
627 vid = pmctx && br_multicast_port_ctx_is_vlan(pmctx) ? pmctx->vlan->vid :
628 0;
629 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC);
630 if (!skb)
631 goto errout;
632
633 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, vid, 0, 0, type,
634 NTF_SELF);
635 if (err < 0) {
636 kfree_skb(skb);
637 goto errout;
638 }
639
640 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
641 return;
642
643errout:
644 rtnl_set_sk_err(net, RTNLGRP_MDB, err);
645}
646
647static const struct nla_policy
648br_mdbe_src_list_entry_pol[MDBE_SRCATTR_MAX + 1] = {
649 [MDBE_SRCATTR_ADDRESS] = NLA_POLICY_RANGE(NLA_BINARY,
650 sizeof(struct in_addr),
651 sizeof(struct in6_addr)),
652};
653
654static const struct nla_policy
655br_mdbe_src_list_pol[MDBE_SRC_LIST_MAX + 1] = {
656 [MDBE_SRC_LIST_ENTRY] = NLA_POLICY_NESTED(br_mdbe_src_list_entry_pol),
657};
658
659static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
660 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
661 sizeof(struct in_addr),
662 sizeof(struct in6_addr)),
663 [MDBE_ATTR_GROUP_MODE] = NLA_POLICY_RANGE(NLA_U8, MCAST_EXCLUDE,
664 MCAST_INCLUDE),
665 [MDBE_ATTR_SRC_LIST] = NLA_POLICY_NESTED(br_mdbe_src_list_pol),
666 [MDBE_ATTR_RTPROT] = NLA_POLICY_MIN(NLA_U8, RTPROT_STATIC),
667};
668
669static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
670 struct netlink_ext_ack *extack)
671{
672 switch (proto) {
673 case htons(ETH_P_IP):
674 if (nla_len(attr) != sizeof(struct in_addr)) {
675 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length");
676 return false;
677 }
678 if (ipv4_is_multicast(nla_get_in_addr(attr))) {
679 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed");
680 return false;
681 }
682 break;
683#if IS_ENABLED(CONFIG_IPV6)
684 case htons(ETH_P_IPV6): {
685 struct in6_addr src;
686
687 if (nla_len(attr) != sizeof(struct in6_addr)) {
688 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length");
689 return false;
690 }
691 src = nla_get_in6_addr(attr);
692 if (ipv6_addr_is_multicast(&src)) {
693 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed");
694 return false;
695 }
696 break;
697 }
698#endif
699 default:
700 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address");
701 return false;
702 }
703
704 return true;
705}
706
707static struct net_bridge_mcast *
708__br_mdb_choose_context(struct net_bridge *br,
709 const struct br_mdb_entry *entry,
710 struct netlink_ext_ack *extack)
711{
712 struct net_bridge_mcast *brmctx = NULL;
713 struct net_bridge_vlan *v;
714
715 if (!br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED)) {
716 brmctx = &br->multicast_ctx;
717 goto out;
718 }
719
720 if (!entry->vid) {
721 NL_SET_ERR_MSG_MOD(extack, "Cannot add an entry without a vlan when vlan snooping is enabled");
722 goto out;
723 }
724
725 v = br_vlan_find(br_vlan_group(br), entry->vid);
726 if (!v) {
727 NL_SET_ERR_MSG_MOD(extack, "Vlan is not configured");
728 goto out;
729 }
730 if (br_multicast_ctx_vlan_global_disabled(&v->br_mcast_ctx)) {
731 NL_SET_ERR_MSG_MOD(extack, "Vlan's multicast processing is disabled");
732 goto out;
733 }
734 brmctx = &v->br_mcast_ctx;
735out:
736 return brmctx;
737}
738
739static int br_mdb_replace_group_sg(const struct br_mdb_config *cfg,
740 struct net_bridge_mdb_entry *mp,
741 struct net_bridge_port_group *pg,
742 struct net_bridge_mcast *brmctx,
743 unsigned char flags)
744{
745 unsigned long now = jiffies;
746
747 pg->flags = flags;
748 pg->rt_protocol = cfg->rt_protocol;
749 if (!(flags & MDB_PG_FLAGS_PERMANENT) && !cfg->src_entry)
750 mod_timer(&pg->timer,
751 now + brmctx->multicast_membership_interval);
752 else
753 timer_delete(&pg->timer);
754
755 br_mdb_notify(cfg->br->dev, mp, pg, RTM_NEWMDB);
756
757 return 0;
758}
759
760static int br_mdb_add_group_sg(const struct br_mdb_config *cfg,
761 struct net_bridge_mdb_entry *mp,
762 struct net_bridge_mcast *brmctx,
763 unsigned char flags,
764 struct netlink_ext_ack *extack)
765{
766 struct net_bridge_port_group __rcu **pp;
767 struct net_bridge_port_group *p;
768 unsigned long now = jiffies;
769
770 for (pp = &mp->ports;
771 (p = mlock_dereference(*pp, cfg->br)) != NULL;
772 pp = &p->next) {
773 if (p->key.port == cfg->p) {
774 if (!(cfg->nlflags & NLM_F_REPLACE)) {
775 NL_SET_ERR_MSG_MOD(extack, "(S, G) group is already joined by port");
776 return -EEXIST;
777 }
778 return br_mdb_replace_group_sg(cfg, mp, p, brmctx,
779 flags);
780 }
781 if ((unsigned long)p->key.port < (unsigned long)cfg->p)
782 break;
783 }
784
785 p = br_multicast_new_port_group(cfg->p, &cfg->group, *pp, flags, NULL,
786 MCAST_INCLUDE, cfg->rt_protocol, extack);
787 if (unlikely(!p))
788 return -ENOMEM;
789
790 rcu_assign_pointer(*pp, p);
791 if (!(flags & MDB_PG_FLAGS_PERMANENT) && !cfg->src_entry)
792 mod_timer(&p->timer,
793 now + brmctx->multicast_membership_interval);
794 br_mdb_notify(cfg->br->dev, mp, p, RTM_NEWMDB);
795
796 /* All of (*, G) EXCLUDE ports need to be added to the new (S, G) for
797 * proper replication.
798 */
799 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto)) {
800 struct net_bridge_mdb_entry *star_mp;
801 struct br_ip star_group;
802
803 star_group = p->key.addr;
804 memset(&star_group.src, 0, sizeof(star_group.src));
805 star_mp = br_mdb_ip_get(cfg->br, &star_group);
806 if (star_mp)
807 br_multicast_sg_add_exclude_ports(star_mp, p);
808 }
809
810 return 0;
811}
812
813static int br_mdb_add_group_src_fwd(const struct br_mdb_config *cfg,
814 struct br_ip *src_ip,
815 struct net_bridge_mcast *brmctx,
816 struct netlink_ext_ack *extack)
817{
818 struct net_bridge_mdb_entry *sgmp;
819 struct br_mdb_config sg_cfg;
820 struct br_ip sg_ip;
821 u8 flags = 0;
822
823 sg_ip = cfg->group;
824 sg_ip.src = src_ip->src;
825 sgmp = br_multicast_new_group(cfg->br, &sg_ip);
826 if (IS_ERR(sgmp)) {
827 NL_SET_ERR_MSG_MOD(extack, "Failed to add (S, G) MDB entry");
828 return PTR_ERR(sgmp);
829 }
830
831 if (cfg->entry->state == MDB_PERMANENT)
832 flags |= MDB_PG_FLAGS_PERMANENT;
833 if (cfg->filter_mode == MCAST_EXCLUDE)
834 flags |= MDB_PG_FLAGS_BLOCKED;
835
836 memset(&sg_cfg, 0, sizeof(sg_cfg));
837 sg_cfg.br = cfg->br;
838 sg_cfg.p = cfg->p;
839 sg_cfg.entry = cfg->entry;
840 sg_cfg.group = sg_ip;
841 sg_cfg.src_entry = true;
842 sg_cfg.filter_mode = MCAST_INCLUDE;
843 sg_cfg.rt_protocol = cfg->rt_protocol;
844 sg_cfg.nlflags = cfg->nlflags;
845 return br_mdb_add_group_sg(&sg_cfg, sgmp, brmctx, flags, extack);
846}
847
848static int br_mdb_add_group_src(const struct br_mdb_config *cfg,
849 struct net_bridge_port_group *pg,
850 struct net_bridge_mcast *brmctx,
851 struct br_mdb_src_entry *src,
852 struct netlink_ext_ack *extack)
853{
854 struct net_bridge_group_src *ent;
855 unsigned long now = jiffies;
856 int err;
857
858 ent = br_multicast_find_group_src(pg, &src->addr);
859 if (!ent) {
860 ent = br_multicast_new_group_src(pg, &src->addr);
861 if (!ent) {
862 NL_SET_ERR_MSG_MOD(extack, "Failed to add new source entry");
863 return -ENOSPC;
864 }
865 } else if (!(cfg->nlflags & NLM_F_REPLACE)) {
866 NL_SET_ERR_MSG_MOD(extack, "Source entry already exists");
867 return -EEXIST;
868 }
869
870 if (cfg->filter_mode == MCAST_INCLUDE &&
871 cfg->entry->state == MDB_TEMPORARY)
872 mod_timer(&ent->timer, now + br_multicast_gmi(brmctx));
873 else
874 timer_delete(&ent->timer);
875
876 /* Install a (S, G) forwarding entry for the source. */
877 err = br_mdb_add_group_src_fwd(cfg, &src->addr, brmctx, extack);
878 if (err)
879 goto err_del_sg;
880
881 ent->flags = BR_SGRP_F_INSTALLED | BR_SGRP_F_USER_ADDED;
882
883 return 0;
884
885err_del_sg:
886 __br_multicast_del_group_src(ent);
887 return err;
888}
889
890static void br_mdb_del_group_src(struct net_bridge_port_group *pg,
891 struct br_mdb_src_entry *src)
892{
893 struct net_bridge_group_src *ent;
894
895 ent = br_multicast_find_group_src(pg, &src->addr);
896 if (WARN_ON_ONCE(!ent))
897 return;
898 br_multicast_del_group_src(ent, false);
899}
900
901static int br_mdb_add_group_srcs(const struct br_mdb_config *cfg,
902 struct net_bridge_port_group *pg,
903 struct net_bridge_mcast *brmctx,
904 struct netlink_ext_ack *extack)
905{
906 int i, err;
907
908 for (i = 0; i < cfg->num_src_entries; i++) {
909 err = br_mdb_add_group_src(cfg, pg, brmctx,
910 &cfg->src_entries[i], extack);
911 if (err)
912 goto err_del_group_srcs;
913 }
914
915 return 0;
916
917err_del_group_srcs:
918 for (i--; i >= 0; i--)
919 br_mdb_del_group_src(pg, &cfg->src_entries[i]);
920 return err;
921}
922
923static int br_mdb_replace_group_srcs(const struct br_mdb_config *cfg,
924 struct net_bridge_port_group *pg,
925 struct net_bridge_mcast *brmctx,
926 struct netlink_ext_ack *extack)
927{
928 struct net_bridge_group_src *ent;
929 struct hlist_node *tmp;
930 int err;
931
932 hlist_for_each_entry(ent, &pg->src_list, node)
933 ent->flags |= BR_SGRP_F_DELETE;
934
935 err = br_mdb_add_group_srcs(cfg, pg, brmctx, extack);
936 if (err)
937 goto err_clear_delete;
938
939 hlist_for_each_entry_safe(ent, tmp, &pg->src_list, node) {
940 if (ent->flags & BR_SGRP_F_DELETE)
941 br_multicast_del_group_src(ent, false);
942 }
943
944 return 0;
945
946err_clear_delete:
947 hlist_for_each_entry(ent, &pg->src_list, node)
948 ent->flags &= ~BR_SGRP_F_DELETE;
949 return err;
950}
951
952static int br_mdb_replace_group_star_g(const struct br_mdb_config *cfg,
953 struct net_bridge_mdb_entry *mp,
954 struct net_bridge_port_group *pg,
955 struct net_bridge_mcast *brmctx,
956 unsigned char flags,
957 struct netlink_ext_ack *extack)
958{
959 unsigned long now = jiffies;
960 int err;
961
962 err = br_mdb_replace_group_srcs(cfg, pg, brmctx, extack);
963 if (err)
964 return err;
965
966 pg->flags = flags;
967 pg->filter_mode = cfg->filter_mode;
968 pg->rt_protocol = cfg->rt_protocol;
969 if (!(flags & MDB_PG_FLAGS_PERMANENT) &&
970 cfg->filter_mode == MCAST_EXCLUDE)
971 mod_timer(&pg->timer,
972 now + brmctx->multicast_membership_interval);
973 else
974 timer_delete(&pg->timer);
975
976 br_mdb_notify(cfg->br->dev, mp, pg, RTM_NEWMDB);
977
978 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto))
979 br_multicast_star_g_handle_mode(pg, cfg->filter_mode);
980
981 return 0;
982}
983
984static int br_mdb_add_group_star_g(const struct br_mdb_config *cfg,
985 struct net_bridge_mdb_entry *mp,
986 struct net_bridge_mcast *brmctx,
987 unsigned char flags,
988 struct netlink_ext_ack *extack)
989{
990 struct net_bridge_port_group __rcu **pp;
991 struct net_bridge_port_group *p;
992 unsigned long now = jiffies;
993 int err;
994
995 for (pp = &mp->ports;
996 (p = mlock_dereference(*pp, cfg->br)) != NULL;
997 pp = &p->next) {
998 if (p->key.port == cfg->p) {
999 if (!(cfg->nlflags & NLM_F_REPLACE)) {
1000 NL_SET_ERR_MSG_MOD(extack, "(*, G) group is already joined by port");
1001 return -EEXIST;
1002 }
1003 return br_mdb_replace_group_star_g(cfg, mp, p, brmctx,
1004 flags, extack);
1005 }
1006 if ((unsigned long)p->key.port < (unsigned long)cfg->p)
1007 break;
1008 }
1009
1010 p = br_multicast_new_port_group(cfg->p, &cfg->group, *pp, flags, NULL,
1011 cfg->filter_mode, cfg->rt_protocol,
1012 extack);
1013 if (unlikely(!p))
1014 return -ENOMEM;
1015
1016 err = br_mdb_add_group_srcs(cfg, p, brmctx, extack);
1017 if (err)
1018 goto err_del_port_group;
1019
1020 rcu_assign_pointer(*pp, p);
1021 if (!(flags & MDB_PG_FLAGS_PERMANENT) &&
1022 cfg->filter_mode == MCAST_EXCLUDE)
1023 mod_timer(&p->timer,
1024 now + brmctx->multicast_membership_interval);
1025 br_mdb_notify(cfg->br->dev, mp, p, RTM_NEWMDB);
1026 /* If we are adding a new EXCLUDE port group (*, G), it needs to be
1027 * also added to all (S, G) entries for proper replication.
1028 */
1029 if (br_multicast_should_handle_mode(brmctx, cfg->group.proto) &&
1030 cfg->filter_mode == MCAST_EXCLUDE)
1031 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE);
1032
1033 return 0;
1034
1035err_del_port_group:
1036 br_multicast_del_port_group(p);
1037 return err;
1038}
1039
1040static int br_mdb_add_group(const struct br_mdb_config *cfg,
1041 struct netlink_ext_ack *extack)
1042{
1043 struct br_mdb_entry *entry = cfg->entry;
1044 struct net_bridge_port *port = cfg->p;
1045 struct net_bridge_mdb_entry *mp;
1046 struct net_bridge *br = cfg->br;
1047 struct net_bridge_mcast *brmctx;
1048 struct br_ip group = cfg->group;
1049 unsigned char flags = 0;
1050
1051 brmctx = __br_mdb_choose_context(br, entry, extack);
1052 if (!brmctx)
1053 return -EINVAL;
1054
1055 mp = br_multicast_new_group(br, &group);
1056 if (IS_ERR(mp))
1057 return PTR_ERR(mp);
1058
1059 /* host join */
1060 if (!port) {
1061 if (mp->host_joined && !(cfg->nlflags & NLM_F_REPLACE)) {
1062 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host");
1063 return -EEXIST;
1064 }
1065
1066 br_multicast_host_join(brmctx, mp, false);
1067 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB);
1068
1069 return 0;
1070 }
1071
1072 if (entry->state == MDB_PERMANENT)
1073 flags |= MDB_PG_FLAGS_PERMANENT;
1074
1075 if (br_multicast_is_star_g(&group))
1076 return br_mdb_add_group_star_g(cfg, mp, brmctx, flags, extack);
1077 else
1078 return br_mdb_add_group_sg(cfg, mp, brmctx, flags, extack);
1079}
1080
1081static int __br_mdb_add(const struct br_mdb_config *cfg,
1082 struct netlink_ext_ack *extack)
1083{
1084 int ret;
1085
1086 spin_lock_bh(&cfg->br->multicast_lock);
1087 ret = br_mdb_add_group(cfg, extack);
1088 spin_unlock_bh(&cfg->br->multicast_lock);
1089
1090 return ret;
1091}
1092
1093static int br_mdb_config_src_entry_init(struct nlattr *src_entry,
1094 struct br_mdb_src_entry *src,
1095 __be16 proto,
1096 struct netlink_ext_ack *extack)
1097{
1098 struct nlattr *tb[MDBE_SRCATTR_MAX + 1];
1099 int err;
1100
1101 err = nla_parse_nested(tb, MDBE_SRCATTR_MAX, src_entry,
1102 br_mdbe_src_list_entry_pol, extack);
1103 if (err)
1104 return err;
1105
1106 if (NL_REQ_ATTR_CHECK(extack, src_entry, tb, MDBE_SRCATTR_ADDRESS))
1107 return -EINVAL;
1108
1109 if (!is_valid_mdb_source(tb[MDBE_SRCATTR_ADDRESS], proto, extack))
1110 return -EINVAL;
1111
1112 src->addr.proto = proto;
1113 nla_memcpy(&src->addr.src, tb[MDBE_SRCATTR_ADDRESS],
1114 nla_len(tb[MDBE_SRCATTR_ADDRESS]));
1115
1116 return 0;
1117}
1118
1119static int br_mdb_config_src_list_init(struct nlattr *src_list,
1120 struct br_mdb_config *cfg,
1121 struct netlink_ext_ack *extack)
1122{
1123 struct nlattr *src_entry;
1124 int rem, err;
1125 int i = 0;
1126
1127 nla_for_each_nested(src_entry, src_list, rem)
1128 cfg->num_src_entries++;
1129
1130 if (cfg->num_src_entries >= PG_SRC_ENT_LIMIT) {
1131 NL_SET_ERR_MSG_FMT_MOD(extack, "Exceeded maximum number of source entries (%u)",
1132 PG_SRC_ENT_LIMIT - 1);
1133 return -EINVAL;
1134 }
1135
1136 cfg->src_entries = kcalloc(cfg->num_src_entries,
1137 sizeof(struct br_mdb_src_entry), GFP_KERNEL);
1138 if (!cfg->src_entries)
1139 return -ENOMEM;
1140
1141 nla_for_each_nested(src_entry, src_list, rem) {
1142 err = br_mdb_config_src_entry_init(src_entry,
1143 &cfg->src_entries[i],
1144 cfg->entry->addr.proto,
1145 extack);
1146 if (err)
1147 goto err_src_entry_init;
1148 i++;
1149 }
1150
1151 return 0;
1152
1153err_src_entry_init:
1154 kfree(cfg->src_entries);
1155 return err;
1156}
1157
1158static void br_mdb_config_src_list_fini(struct br_mdb_config *cfg)
1159{
1160 kfree(cfg->src_entries);
1161}
1162
1163static int br_mdb_config_attrs_init(struct nlattr *set_attrs,
1164 struct br_mdb_config *cfg,
1165 struct netlink_ext_ack *extack)
1166{
1167 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1168 int err;
1169
1170 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, set_attrs,
1171 br_mdbe_attrs_pol, extack);
1172 if (err)
1173 return err;
1174
1175 if (mdb_attrs[MDBE_ATTR_SOURCE] &&
1176 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
1177 cfg->entry->addr.proto, extack))
1178 return -EINVAL;
1179
1180 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, mdb_attrs);
1181
1182 if (mdb_attrs[MDBE_ATTR_GROUP_MODE]) {
1183 if (!cfg->p) {
1184 NL_SET_ERR_MSG_MOD(extack, "Filter mode cannot be set for host groups");
1185 return -EINVAL;
1186 }
1187 if (!br_multicast_is_star_g(&cfg->group)) {
1188 NL_SET_ERR_MSG_MOD(extack, "Filter mode can only be set for (*, G) entries");
1189 return -EINVAL;
1190 }
1191 cfg->filter_mode = nla_get_u8(mdb_attrs[MDBE_ATTR_GROUP_MODE]);
1192 } else {
1193 cfg->filter_mode = MCAST_EXCLUDE;
1194 }
1195
1196 if (mdb_attrs[MDBE_ATTR_SRC_LIST]) {
1197 if (!cfg->p) {
1198 NL_SET_ERR_MSG_MOD(extack, "Source list cannot be set for host groups");
1199 return -EINVAL;
1200 }
1201 if (!br_multicast_is_star_g(&cfg->group)) {
1202 NL_SET_ERR_MSG_MOD(extack, "Source list can only be set for (*, G) entries");
1203 return -EINVAL;
1204 }
1205 if (!mdb_attrs[MDBE_ATTR_GROUP_MODE]) {
1206 NL_SET_ERR_MSG_MOD(extack, "Source list cannot be set without filter mode");
1207 return -EINVAL;
1208 }
1209 err = br_mdb_config_src_list_init(mdb_attrs[MDBE_ATTR_SRC_LIST],
1210 cfg, extack);
1211 if (err)
1212 return err;
1213 }
1214
1215 if (!cfg->num_src_entries && cfg->filter_mode == MCAST_INCLUDE) {
1216 NL_SET_ERR_MSG_MOD(extack, "Cannot add (*, G) INCLUDE with an empty source list");
1217 return -EINVAL;
1218 }
1219
1220 if (mdb_attrs[MDBE_ATTR_RTPROT]) {
1221 if (!cfg->p) {
1222 NL_SET_ERR_MSG_MOD(extack, "Protocol cannot be set for host groups");
1223 return -EINVAL;
1224 }
1225 cfg->rt_protocol = nla_get_u8(mdb_attrs[MDBE_ATTR_RTPROT]);
1226 }
1227
1228 return 0;
1229}
1230
1231static int br_mdb_config_init(struct br_mdb_config *cfg, struct net_device *dev,
1232 struct nlattr *tb[], u16 nlmsg_flags,
1233 struct netlink_ext_ack *extack)
1234{
1235 struct net *net = dev_net(dev);
1236
1237 memset(cfg, 0, sizeof(*cfg));
1238 cfg->filter_mode = MCAST_EXCLUDE;
1239 cfg->rt_protocol = RTPROT_STATIC;
1240 cfg->nlflags = nlmsg_flags;
1241
1242 cfg->br = netdev_priv(dev);
1243
1244 if (!netif_running(cfg->br->dev)) {
1245 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
1246 return -EINVAL;
1247 }
1248
1249 if (!br_opt_get(cfg->br, BROPT_MULTICAST_ENABLED)) {
1250 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled");
1251 return -EINVAL;
1252 }
1253
1254 cfg->entry = nla_data(tb[MDBA_SET_ENTRY]);
1255
1256 if (cfg->entry->ifindex != cfg->br->dev->ifindex) {
1257 struct net_device *pdev;
1258
1259 pdev = __dev_get_by_index(net, cfg->entry->ifindex);
1260 if (!pdev) {
1261 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
1262 return -ENODEV;
1263 }
1264
1265 cfg->p = br_port_get_rtnl(pdev);
1266 if (!cfg->p) {
1267 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
1268 return -EINVAL;
1269 }
1270
1271 if (cfg->p->br != cfg->br) {
1272 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
1273 return -EINVAL;
1274 }
1275 }
1276
1277 if (cfg->entry->addr.proto == htons(ETH_P_IP) &&
1278 ipv4_is_zeronet(cfg->entry->addr.u.ip4)) {
1279 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address 0.0.0.0 is not allowed");
1280 return -EINVAL;
1281 }
1282
1283 if (tb[MDBA_SET_ENTRY_ATTRS])
1284 return br_mdb_config_attrs_init(tb[MDBA_SET_ENTRY_ATTRS], cfg,
1285 extack);
1286 else
1287 __mdb_entry_to_br_ip(cfg->entry, &cfg->group, NULL);
1288
1289 return 0;
1290}
1291
1292static void br_mdb_config_fini(struct br_mdb_config *cfg)
1293{
1294 br_mdb_config_src_list_fini(cfg);
1295}
1296
1297int br_mdb_add(struct net_device *dev, struct nlattr *tb[], u16 nlmsg_flags,
1298 struct netlink_ext_ack *extack)
1299{
1300 struct net_bridge_vlan_group *vg;
1301 struct net_bridge_vlan *v;
1302 struct br_mdb_config cfg;
1303 int err;
1304
1305 err = br_mdb_config_init(&cfg, dev, tb, nlmsg_flags, extack);
1306 if (err)
1307 return err;
1308
1309 err = -EINVAL;
1310 /* host join errors which can happen before creating the group */
1311 if (!cfg.p && !br_group_is_l2(&cfg.group)) {
1312 /* don't allow any flags for host-joined IP groups */
1313 if (cfg.entry->state) {
1314 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups");
1315 goto out;
1316 }
1317 if (!br_multicast_is_star_g(&cfg.group)) {
1318 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined");
1319 goto out;
1320 }
1321 }
1322
1323 if (br_group_is_l2(&cfg.group) && cfg.entry->state != MDB_PERMANENT) {
1324 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
1325 goto out;
1326 }
1327
1328 if (cfg.p) {
1329 if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state != MDB_PERMANENT) {
1330 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not permanent");
1331 goto out;
1332 }
1333 vg = nbp_vlan_group(cfg.p);
1334 } else {
1335 vg = br_vlan_group(cfg.br);
1336 }
1337
1338 /* If vlan filtering is enabled and VLAN is not specified
1339 * install mdb entry on all vlans configured on the port.
1340 */
1341 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) {
1342 list_for_each_entry(v, &vg->vlan_list, vlist) {
1343 cfg.entry->vid = v->vid;
1344 cfg.group.vid = v->vid;
1345 err = __br_mdb_add(&cfg, extack);
1346 if (err)
1347 break;
1348 }
1349 } else {
1350 err = __br_mdb_add(&cfg, extack);
1351 }
1352
1353out:
1354 br_mdb_config_fini(&cfg);
1355 return err;
1356}
1357
1358static int __br_mdb_del(const struct br_mdb_config *cfg)
1359{
1360 struct br_mdb_entry *entry = cfg->entry;
1361 struct net_bridge *br = cfg->br;
1362 struct net_bridge_mdb_entry *mp;
1363 struct net_bridge_port_group *p;
1364 struct net_bridge_port_group __rcu **pp;
1365 struct br_ip ip = cfg->group;
1366 int err = -EINVAL;
1367
1368 spin_lock_bh(&br->multicast_lock);
1369 mp = br_mdb_ip_get(br, &ip);
1370 if (!mp)
1371 goto unlock;
1372
1373 /* host leave */
1374 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) {
1375 br_multicast_host_leave(mp, false);
1376 err = 0;
1377 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB);
1378 if (!mp->ports && netif_running(br->dev))
1379 mod_timer(&mp->timer, jiffies);
1380 goto unlock;
1381 }
1382
1383 for (pp = &mp->ports;
1384 (p = mlock_dereference(*pp, br)) != NULL;
1385 pp = &p->next) {
1386 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex)
1387 continue;
1388
1389 br_multicast_del_pg(mp, p, pp);
1390 err = 0;
1391 break;
1392 }
1393
1394unlock:
1395 spin_unlock_bh(&br->multicast_lock);
1396 return err;
1397}
1398
1399int br_mdb_del(struct net_device *dev, struct nlattr *tb[],
1400 struct netlink_ext_ack *extack)
1401{
1402 struct net_bridge_vlan_group *vg;
1403 struct net_bridge_vlan *v;
1404 struct br_mdb_config cfg;
1405 int err;
1406
1407 err = br_mdb_config_init(&cfg, dev, tb, 0, extack);
1408 if (err)
1409 return err;
1410
1411 if (cfg.p)
1412 vg = nbp_vlan_group(cfg.p);
1413 else
1414 vg = br_vlan_group(cfg.br);
1415
1416 /* If vlan filtering is enabled and VLAN is not specified
1417 * delete mdb entry on all vlans configured on the port.
1418 */
1419 if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid == 0) {
1420 list_for_each_entry(v, &vg->vlan_list, vlist) {
1421 cfg.entry->vid = v->vid;
1422 cfg.group.vid = v->vid;
1423 err = __br_mdb_del(&cfg);
1424 }
1425 } else {
1426 err = __br_mdb_del(&cfg);
1427 }
1428
1429 br_mdb_config_fini(&cfg);
1430 return err;
1431}
1432
1433struct br_mdb_flush_desc {
1434 u32 port_ifindex;
1435 u16 vid;
1436 u8 rt_protocol;
1437 u8 state;
1438 u8 state_mask;
1439};
1440
1441static const struct nla_policy br_mdbe_attrs_del_bulk_pol[MDBE_ATTR_MAX + 1] = {
1442 [MDBE_ATTR_RTPROT] = NLA_POLICY_MIN(NLA_U8, RTPROT_STATIC),
1443 [MDBE_ATTR_STATE_MASK] = NLA_POLICY_MASK(NLA_U8, MDB_PERMANENT),
1444};
1445
1446static int br_mdb_flush_desc_init(struct br_mdb_flush_desc *desc,
1447 struct nlattr *tb[],
1448 struct netlink_ext_ack *extack)
1449{
1450 struct br_mdb_entry *entry = nla_data(tb[MDBA_SET_ENTRY]);
1451 struct nlattr *mdbe_attrs[MDBE_ATTR_MAX + 1];
1452 int err;
1453
1454 desc->port_ifindex = entry->ifindex;
1455 desc->vid = entry->vid;
1456 desc->state = entry->state;
1457
1458 if (!tb[MDBA_SET_ENTRY_ATTRS])
1459 return 0;
1460
1461 err = nla_parse_nested(mdbe_attrs, MDBE_ATTR_MAX,
1462 tb[MDBA_SET_ENTRY_ATTRS],
1463 br_mdbe_attrs_del_bulk_pol, extack);
1464 if (err)
1465 return err;
1466
1467 if (mdbe_attrs[MDBE_ATTR_STATE_MASK])
1468 desc->state_mask = nla_get_u8(mdbe_attrs[MDBE_ATTR_STATE_MASK]);
1469
1470 if (mdbe_attrs[MDBE_ATTR_RTPROT])
1471 desc->rt_protocol = nla_get_u8(mdbe_attrs[MDBE_ATTR_RTPROT]);
1472
1473 return 0;
1474}
1475
1476static void br_mdb_flush_host(struct net_bridge *br,
1477 struct net_bridge_mdb_entry *mp,
1478 const struct br_mdb_flush_desc *desc)
1479{
1480 u8 state;
1481
1482 if (desc->port_ifindex && desc->port_ifindex != br->dev->ifindex)
1483 return;
1484
1485 if (desc->rt_protocol)
1486 return;
1487
1488 state = br_group_is_l2(&mp->addr) ? MDB_PERMANENT : 0;
1489 if (desc->state_mask && (state & desc->state_mask) != desc->state)
1490 return;
1491
1492 br_multicast_host_leave(mp, true);
1493 if (!mp->ports && netif_running(br->dev))
1494 mod_timer(&mp->timer, jiffies);
1495}
1496
1497static void br_mdb_flush_pgs(struct net_bridge *br,
1498 struct net_bridge_mdb_entry *mp,
1499 const struct br_mdb_flush_desc *desc)
1500{
1501 struct net_bridge_port_group __rcu **pp;
1502 struct net_bridge_port_group *p;
1503
1504 for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL;) {
1505 u8 state;
1506
1507 if (desc->port_ifindex &&
1508 desc->port_ifindex != p->key.port->dev->ifindex) {
1509 pp = &p->next;
1510 continue;
1511 }
1512
1513 if (desc->rt_protocol && desc->rt_protocol != p->rt_protocol) {
1514 pp = &p->next;
1515 continue;
1516 }
1517
1518 state = p->flags & MDB_PG_FLAGS_PERMANENT ? MDB_PERMANENT : 0;
1519 if (desc->state_mask &&
1520 (state & desc->state_mask) != desc->state) {
1521 pp = &p->next;
1522 continue;
1523 }
1524
1525 br_multicast_del_pg(mp, p, pp);
1526 }
1527}
1528
1529static void br_mdb_flush(struct net_bridge *br,
1530 const struct br_mdb_flush_desc *desc)
1531{
1532 struct net_bridge_mdb_entry *mp;
1533
1534 spin_lock_bh(&br->multicast_lock);
1535
1536 /* Safe variant is not needed because entries are removed from the list
1537 * upon group timer expiration or bridge deletion.
1538 */
1539 hlist_for_each_entry(mp, &br->mdb_list, mdb_node) {
1540 if (desc->vid && desc->vid != mp->addr.vid)
1541 continue;
1542
1543 br_mdb_flush_host(br, mp, desc);
1544 br_mdb_flush_pgs(br, mp, desc);
1545 }
1546
1547 spin_unlock_bh(&br->multicast_lock);
1548}
1549
1550int br_mdb_del_bulk(struct net_device *dev, struct nlattr *tb[],
1551 struct netlink_ext_ack *extack)
1552{
1553 struct net_bridge *br = netdev_priv(dev);
1554 struct br_mdb_flush_desc desc = {};
1555 int err;
1556
1557 err = br_mdb_flush_desc_init(&desc, tb, extack);
1558 if (err)
1559 return err;
1560
1561 br_mdb_flush(br, &desc);
1562
1563 return 0;
1564}
1565
1566static const struct nla_policy br_mdbe_attrs_get_pol[MDBE_ATTR_MAX + 1] = {
1567 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
1568 sizeof(struct in_addr),
1569 sizeof(struct in6_addr)),
1570};
1571
1572static int br_mdb_get_parse(struct net_device *dev, struct nlattr *tb[],
1573 struct br_ip *group, struct netlink_ext_ack *extack)
1574{
1575 struct br_mdb_entry *entry = nla_data(tb[MDBA_GET_ENTRY]);
1576 struct nlattr *mdbe_attrs[MDBE_ATTR_MAX + 1];
1577 int err;
1578
1579 if (!tb[MDBA_GET_ENTRY_ATTRS]) {
1580 __mdb_entry_to_br_ip(entry, group, NULL);
1581 return 0;
1582 }
1583
1584 err = nla_parse_nested(mdbe_attrs, MDBE_ATTR_MAX,
1585 tb[MDBA_GET_ENTRY_ATTRS], br_mdbe_attrs_get_pol,
1586 extack);
1587 if (err)
1588 return err;
1589
1590 if (mdbe_attrs[MDBE_ATTR_SOURCE] &&
1591 !is_valid_mdb_source(mdbe_attrs[MDBE_ATTR_SOURCE],
1592 entry->addr.proto, extack))
1593 return -EINVAL;
1594
1595 __mdb_entry_to_br_ip(entry, group, mdbe_attrs);
1596
1597 return 0;
1598}
1599
1600static struct sk_buff *
1601br_mdb_get_reply_alloc(const struct net_bridge_mdb_entry *mp)
1602{
1603 struct net_bridge_port_group *pg;
1604 size_t nlmsg_size;
1605
1606 nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) +
1607 /* MDBA_MDB */
1608 nla_total_size(0) +
1609 /* MDBA_MDB_ENTRY */
1610 nla_total_size(0);
1611
1612 if (mp->host_joined)
1613 nlmsg_size += rtnl_mdb_nlmsg_pg_size(NULL);
1614
1615 for (pg = mlock_dereference(mp->ports, mp->br); pg;
1616 pg = mlock_dereference(pg->next, mp->br))
1617 nlmsg_size += rtnl_mdb_nlmsg_pg_size(pg);
1618
1619 return nlmsg_new(nlmsg_size, GFP_ATOMIC);
1620}
1621
1622static int br_mdb_get_reply_fill(struct sk_buff *skb,
1623 struct net_bridge_mdb_entry *mp, u32 portid,
1624 u32 seq)
1625{
1626 struct nlattr *mdb_nest, *mdb_entry_nest;
1627 struct net_bridge_port_group *pg;
1628 struct br_port_msg *bpm;
1629 struct nlmsghdr *nlh;
1630 int err;
1631
1632 nlh = nlmsg_put(skb, portid, seq, RTM_NEWMDB, sizeof(*bpm), 0);
1633 if (!nlh)
1634 return -EMSGSIZE;
1635
1636 bpm = nlmsg_data(nlh);
1637 memset(bpm, 0, sizeof(*bpm));
1638 bpm->family = AF_BRIDGE;
1639 bpm->ifindex = mp->br->dev->ifindex;
1640 mdb_nest = nla_nest_start_noflag(skb, MDBA_MDB);
1641 if (!mdb_nest) {
1642 err = -EMSGSIZE;
1643 goto cancel;
1644 }
1645 mdb_entry_nest = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
1646 if (!mdb_entry_nest) {
1647 err = -EMSGSIZE;
1648 goto cancel;
1649 }
1650
1651 if (mp->host_joined) {
1652 err = __mdb_fill_info(skb, mp, NULL);
1653 if (err)
1654 goto cancel;
1655 }
1656
1657 for (pg = mlock_dereference(mp->ports, mp->br); pg;
1658 pg = mlock_dereference(pg->next, mp->br)) {
1659 err = __mdb_fill_info(skb, mp, pg);
1660 if (err)
1661 goto cancel;
1662 }
1663
1664 nla_nest_end(skb, mdb_entry_nest);
1665 nla_nest_end(skb, mdb_nest);
1666 nlmsg_end(skb, nlh);
1667
1668 return 0;
1669
1670cancel:
1671 nlmsg_cancel(skb, nlh);
1672 return err;
1673}
1674
1675int br_mdb_get(struct net_device *dev, struct nlattr *tb[], u32 portid, u32 seq,
1676 struct netlink_ext_ack *extack)
1677{
1678 struct net_bridge *br = netdev_priv(dev);
1679 struct net_bridge_mdb_entry *mp;
1680 struct sk_buff *skb;
1681 struct br_ip group;
1682 int err;
1683
1684 err = br_mdb_get_parse(dev, tb, &group, extack);
1685 if (err)
1686 return err;
1687
1688 /* Hold the multicast lock to ensure that the MDB entry does not change
1689 * between the time the reply size is determined and when the reply is
1690 * filled in.
1691 */
1692 spin_lock_bh(&br->multicast_lock);
1693
1694 mp = br_mdb_ip_get(br, &group);
1695 if (!mp || (!mp->ports && !mp->host_joined)) {
1696 NL_SET_ERR_MSG_MOD(extack, "MDB entry not found");
1697 err = -ENOENT;
1698 goto unlock;
1699 }
1700
1701 skb = br_mdb_get_reply_alloc(mp);
1702 if (!skb) {
1703 err = -ENOMEM;
1704 goto unlock;
1705 }
1706
1707 err = br_mdb_get_reply_fill(skb, mp, portid, seq);
1708 if (err) {
1709 NL_SET_ERR_MSG_MOD(extack, "Failed to fill MDB get reply");
1710 goto free;
1711 }
1712
1713 spin_unlock_bh(&br->multicast_lock);
1714
1715 return rtnl_unicast(skb, dev_net(dev), portid);
1716
1717free:
1718 kfree_skb(skb);
1719unlock:
1720 spin_unlock_bh(&br->multicast_lock);
1721 return err;
1722}
Linux 6.x block layer and io_uring tree(s)