br_mdb.c (28841B)
1// SPDX-License-Identifier: GPL-2.0 2#include <linux/err.h> 3#include <linux/igmp.h> 4#include <linux/kernel.h> 5#include <linux/netdevice.h> 6#include <linux/rculist.h> 7#include <linux/skbuff.h> 8#include <linux/if_ether.h> 9#include <net/ip.h> 10#include <net/netlink.h> 11#include <net/switchdev.h> 12#if IS_ENABLED(CONFIG_IPV6) 13#include <net/ipv6.h> 14#include <net/addrconf.h> 15#endif 16 17#include "br_private.h" 18 19static bool 20br_ip4_rports_get_timer(struct net_bridge_mcast_port *pmctx, 21 unsigned long *timer) 22{ 23 *timer = br_timer_value(&pmctx->ip4_mc_router_timer); 24 return !hlist_unhashed(&pmctx->ip4_rlist); 25} 26 27static bool 28br_ip6_rports_get_timer(struct net_bridge_mcast_port *pmctx, 29 unsigned long *timer) 30{ 31#if IS_ENABLED(CONFIG_IPV6) 32 *timer = br_timer_value(&pmctx->ip6_mc_router_timer); 33 return !hlist_unhashed(&pmctx->ip6_rlist); 34#else 35 *timer = 0; 36 return false; 37#endif 38} 39 40static size_t __br_rports_one_size(void) 41{ 42 return nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PORT */ 43 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_TIMER */ 44 nla_total_size(sizeof(u8)) + /* MDBA_ROUTER_PATTR_TYPE */ 45 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET_TIMER */ 46 nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET6_TIMER */ 47 nla_total_size(sizeof(u32)); /* MDBA_ROUTER_PATTR_VID */ 48} 49 50size_t br_rports_size(const struct net_bridge_mcast *brmctx) 51{ 52 struct net_bridge_mcast_port *pmctx; 53 size_t size = nla_total_size(0); /* MDBA_ROUTER */ 54 55 rcu_read_lock(); 56 hlist_for_each_entry_rcu(pmctx, &brmctx->ip4_mc_router_list, 57 ip4_rlist) 58 size += __br_rports_one_size(); 59 60#if IS_ENABLED(CONFIG_IPV6) 61 hlist_for_each_entry_rcu(pmctx, &brmctx->ip6_mc_router_list, 62 ip6_rlist) 63 size += __br_rports_one_size(); 64#endif 65 rcu_read_unlock(); 66 67 return size; 68} 69 70int br_rports_fill_info(struct sk_buff *skb, 71 const struct net_bridge_mcast *brmctx) 72{ 73 u16 vid = brmctx->vlan ? brmctx->vlan->vid : 0; 74 bool have_ip4_mc_rtr, have_ip6_mc_rtr; 75 unsigned long ip4_timer, ip6_timer; 76 struct nlattr *nest, *port_nest; 77 struct net_bridge_port *p; 78 79 if (!brmctx->multicast_router || !br_rports_have_mc_router(brmctx)) 80 return 0; 81 82 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 83 if (nest == NULL) 84 return -EMSGSIZE; 85 86 list_for_each_entry_rcu(p, &brmctx->br->port_list, list) { 87 struct net_bridge_mcast_port *pmctx; 88 89 if (vid) { 90 struct net_bridge_vlan *v; 91 92 v = br_vlan_find(nbp_vlan_group(p), vid); 93 if (!v) 94 continue; 95 pmctx = &v->port_mcast_ctx; 96 } else { 97 pmctx = &p->multicast_ctx; 98 } 99 100 have_ip4_mc_rtr = br_ip4_rports_get_timer(pmctx, &ip4_timer); 101 have_ip6_mc_rtr = br_ip6_rports_get_timer(pmctx, &ip6_timer); 102 103 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr) 104 continue; 105 106 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT); 107 if (!port_nest) 108 goto fail; 109 110 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) || 111 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER, 112 max(ip4_timer, ip6_timer)) || 113 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE, 114 p->multicast_ctx.multicast_router) || 115 (have_ip4_mc_rtr && 116 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER, 117 ip4_timer)) || 118 (have_ip6_mc_rtr && 119 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER, 120 ip6_timer)) || 121 (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid))) { 122 nla_nest_cancel(skb, port_nest); 123 goto fail; 124 } 125 nla_nest_end(skb, port_nest); 126 } 127 128 nla_nest_end(skb, nest); 129 return 0; 130fail: 131 nla_nest_cancel(skb, nest); 132 return -EMSGSIZE; 133} 134 135static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags) 136{ 137 e->state = flags & MDB_PG_FLAGS_PERMANENT; 138 e->flags = 0; 139 if (flags & MDB_PG_FLAGS_OFFLOAD) 140 e->flags |= MDB_FLAGS_OFFLOAD; 141 if (flags & MDB_PG_FLAGS_FAST_LEAVE) 142 e->flags |= MDB_FLAGS_FAST_LEAVE; 143 if (flags & MDB_PG_FLAGS_STAR_EXCL) 144 e->flags |= MDB_FLAGS_STAR_EXCL; 145 if (flags & MDB_PG_FLAGS_BLOCKED) 146 e->flags |= MDB_FLAGS_BLOCKED; 147} 148 149static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip, 150 struct nlattr **mdb_attrs) 151{ 152 memset(ip, 0, sizeof(struct br_ip)); 153 ip->vid = entry->vid; 154 ip->proto = entry->addr.proto; 155 switch (ip->proto) { 156 case htons(ETH_P_IP): 157 ip->dst.ip4 = entry->addr.u.ip4; 158 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 159 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 160 break; 161#if IS_ENABLED(CONFIG_IPV6) 162 case htons(ETH_P_IPV6): 163 ip->dst.ip6 = entry->addr.u.ip6; 164 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 165 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 166 break; 167#endif 168 default: 169 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr); 170 } 171 172} 173 174static int __mdb_fill_srcs(struct sk_buff *skb, 175 struct net_bridge_port_group *p) 176{ 177 struct net_bridge_group_src *ent; 178 struct nlattr *nest, *nest_ent; 179 180 if (hlist_empty(&p->src_list)) 181 return 0; 182 183 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST); 184 if (!nest) 185 return -EMSGSIZE; 186 187 hlist_for_each_entry_rcu(ent, &p->src_list, node, 188 lockdep_is_held(&p->key.port->br->multicast_lock)) { 189 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY); 190 if (!nest_ent) 191 goto out_cancel_err; 192 switch (ent->addr.proto) { 193 case htons(ETH_P_IP): 194 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 195 ent->addr.src.ip4)) { 196 nla_nest_cancel(skb, nest_ent); 197 goto out_cancel_err; 198 } 199 break; 200#if IS_ENABLED(CONFIG_IPV6) 201 case htons(ETH_P_IPV6): 202 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 203 &ent->addr.src.ip6)) { 204 nla_nest_cancel(skb, nest_ent); 205 goto out_cancel_err; 206 } 207 break; 208#endif 209 default: 210 nla_nest_cancel(skb, nest_ent); 211 continue; 212 } 213 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER, 214 br_timer_value(&ent->timer))) { 215 nla_nest_cancel(skb, nest_ent); 216 goto out_cancel_err; 217 } 218 nla_nest_end(skb, nest_ent); 219 } 220 221 nla_nest_end(skb, nest); 222 223 return 0; 224 225out_cancel_err: 226 nla_nest_cancel(skb, nest); 227 return -EMSGSIZE; 228} 229 230static int __mdb_fill_info(struct sk_buff *skb, 231 struct net_bridge_mdb_entry *mp, 232 struct net_bridge_port_group *p) 233{ 234 bool dump_srcs_mode = false; 235 struct timer_list *mtimer; 236 struct nlattr *nest_ent; 237 struct br_mdb_entry e; 238 u8 flags = 0; 239 int ifindex; 240 241 memset(&e, 0, sizeof(e)); 242 if (p) { 243 ifindex = p->key.port->dev->ifindex; 244 mtimer = &p->timer; 245 flags = p->flags; 246 } else { 247 ifindex = mp->br->dev->ifindex; 248 mtimer = &mp->timer; 249 } 250 251 __mdb_entry_fill_flags(&e, flags); 252 e.ifindex = ifindex; 253 e.vid = mp->addr.vid; 254 if (mp->addr.proto == htons(ETH_P_IP)) { 255 e.addr.u.ip4 = mp->addr.dst.ip4; 256#if IS_ENABLED(CONFIG_IPV6) 257 } else if (mp->addr.proto == htons(ETH_P_IPV6)) { 258 e.addr.u.ip6 = mp->addr.dst.ip6; 259#endif 260 } else { 261 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 262 e.state = MDB_PG_FLAGS_PERMANENT; 263 } 264 e.addr.proto = mp->addr.proto; 265 nest_ent = nla_nest_start_noflag(skb, 266 MDBA_MDB_ENTRY_INFO); 267 if (!nest_ent) 268 return -EMSGSIZE; 269 270 if (nla_put_nohdr(skb, sizeof(e), &e) || 271 nla_put_u32(skb, 272 MDBA_MDB_EATTR_TIMER, 273 br_timer_value(mtimer))) 274 goto nest_err; 275 276 switch (mp->addr.proto) { 277 case htons(ETH_P_IP): 278 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_igmp_version == 3); 279 if (mp->addr.src.ip4) { 280 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE, 281 mp->addr.src.ip4)) 282 goto nest_err; 283 break; 284 } 285 break; 286#if IS_ENABLED(CONFIG_IPV6) 287 case htons(ETH_P_IPV6): 288 dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_mld_version == 2); 289 if (!ipv6_addr_any(&mp->addr.src.ip6)) { 290 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE, 291 &mp->addr.src.ip6)) 292 goto nest_err; 293 break; 294 } 295 break; 296#endif 297 default: 298 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 299 } 300 if (p) { 301 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol)) 302 goto nest_err; 303 if (dump_srcs_mode && 304 (__mdb_fill_srcs(skb, p) || 305 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE, 306 p->filter_mode))) 307 goto nest_err; 308 } 309 nla_nest_end(skb, nest_ent); 310 311 return 0; 312 313nest_err: 314 nla_nest_cancel(skb, nest_ent); 315 return -EMSGSIZE; 316} 317 318static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 319 struct net_device *dev) 320{ 321 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2]; 322 struct net_bridge *br = netdev_priv(dev); 323 struct net_bridge_mdb_entry *mp; 324 struct nlattr *nest, *nest2; 325 326 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) 327 return 0; 328 329 nest = nla_nest_start_noflag(skb, MDBA_MDB); 330 if (nest == NULL) 331 return -EMSGSIZE; 332 333 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) { 334 struct net_bridge_port_group *p; 335 struct net_bridge_port_group __rcu **pp; 336 337 if (idx < s_idx) 338 goto skip; 339 340 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 341 if (!nest2) { 342 err = -EMSGSIZE; 343 break; 344 } 345 346 if (!s_pidx && mp->host_joined) { 347 err = __mdb_fill_info(skb, mp, NULL); 348 if (err) { 349 nla_nest_cancel(skb, nest2); 350 break; 351 } 352 } 353 354 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL; 355 pp = &p->next) { 356 if (!p->key.port) 357 continue; 358 if (pidx < s_pidx) 359 goto skip_pg; 360 361 err = __mdb_fill_info(skb, mp, p); 362 if (err) { 363 nla_nest_end(skb, nest2); 364 goto out; 365 } 366skip_pg: 367 pidx++; 368 } 369 pidx = 0; 370 s_pidx = 0; 371 nla_nest_end(skb, nest2); 372skip: 373 idx++; 374 } 375 376out: 377 cb->args[1] = idx; 378 cb->args[2] = pidx; 379 nla_nest_end(skb, nest); 380 return err; 381} 382 383static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh, 384 struct netlink_ext_ack *extack) 385{ 386 struct br_port_msg *bpm; 387 388 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) { 389 NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request"); 390 return -EINVAL; 391 } 392 393 bpm = nlmsg_data(nlh); 394 if (bpm->ifindex) { 395 NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request"); 396 return -EINVAL; 397 } 398 if (nlmsg_attrlen(nlh, sizeof(*bpm))) { 399 NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request"); 400 return -EINVAL; 401 } 402 403 return 0; 404} 405 406static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb) 407{ 408 struct net_device *dev; 409 struct net *net = sock_net(skb->sk); 410 struct nlmsghdr *nlh = NULL; 411 int idx = 0, s_idx; 412 413 if (cb->strict_check) { 414 int err = br_mdb_valid_dump_req(cb->nlh, cb->extack); 415 416 if (err < 0) 417 return err; 418 } 419 420 s_idx = cb->args[0]; 421 422 rcu_read_lock(); 423 424 cb->seq = net->dev_base_seq; 425 426 for_each_netdev_rcu(net, dev) { 427 if (netif_is_bridge_master(dev)) { 428 struct net_bridge *br = netdev_priv(dev); 429 struct br_port_msg *bpm; 430 431 if (idx < s_idx) 432 goto skip; 433 434 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, 435 cb->nlh->nlmsg_seq, RTM_GETMDB, 436 sizeof(*bpm), NLM_F_MULTI); 437 if (nlh == NULL) 438 break; 439 440 bpm = nlmsg_data(nlh); 441 memset(bpm, 0, sizeof(*bpm)); 442 bpm->ifindex = dev->ifindex; 443 if (br_mdb_fill_info(skb, cb, dev) < 0) 444 goto out; 445 if (br_rports_fill_info(skb, &br->multicast_ctx) < 0) 446 goto out; 447 448 cb->args[1] = 0; 449 nlmsg_end(skb, nlh); 450 skip: 451 idx++; 452 } 453 } 454 455out: 456 if (nlh) 457 nlmsg_end(skb, nlh); 458 rcu_read_unlock(); 459 cb->args[0] = idx; 460 return skb->len; 461} 462 463static int nlmsg_populate_mdb_fill(struct sk_buff *skb, 464 struct net_device *dev, 465 struct net_bridge_mdb_entry *mp, 466 struct net_bridge_port_group *pg, 467 int type) 468{ 469 struct nlmsghdr *nlh; 470 struct br_port_msg *bpm; 471 struct nlattr *nest, *nest2; 472 473 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0); 474 if (!nlh) 475 return -EMSGSIZE; 476 477 bpm = nlmsg_data(nlh); 478 memset(bpm, 0, sizeof(*bpm)); 479 bpm->family = AF_BRIDGE; 480 bpm->ifindex = dev->ifindex; 481 nest = nla_nest_start_noflag(skb, MDBA_MDB); 482 if (nest == NULL) 483 goto cancel; 484 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 485 if (nest2 == NULL) 486 goto end; 487 488 if (__mdb_fill_info(skb, mp, pg)) 489 goto end; 490 491 nla_nest_end(skb, nest2); 492 nla_nest_end(skb, nest); 493 nlmsg_end(skb, nlh); 494 return 0; 495 496end: 497 nla_nest_end(skb, nest); 498cancel: 499 nlmsg_cancel(skb, nlh); 500 return -EMSGSIZE; 501} 502 503static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg) 504{ 505 size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) + 506 nla_total_size(sizeof(struct br_mdb_entry)) + 507 nla_total_size(sizeof(u32)); 508 struct net_bridge_group_src *ent; 509 size_t addr_size = 0; 510 511 if (!pg) 512 goto out; 513 514 /* MDBA_MDB_EATTR_RTPROT */ 515 nlmsg_size += nla_total_size(sizeof(u8)); 516 517 switch (pg->key.addr.proto) { 518 case htons(ETH_P_IP): 519 /* MDBA_MDB_EATTR_SOURCE */ 520 if (pg->key.addr.src.ip4) 521 nlmsg_size += nla_total_size(sizeof(__be32)); 522 if (pg->key.port->br->multicast_ctx.multicast_igmp_version == 2) 523 goto out; 524 addr_size = sizeof(__be32); 525 break; 526#if IS_ENABLED(CONFIG_IPV6) 527 case htons(ETH_P_IPV6): 528 /* MDBA_MDB_EATTR_SOURCE */ 529 if (!ipv6_addr_any(&pg->key.addr.src.ip6)) 530 nlmsg_size += nla_total_size(sizeof(struct in6_addr)); 531 if (pg->key.port->br->multicast_ctx.multicast_mld_version == 1) 532 goto out; 533 addr_size = sizeof(struct in6_addr); 534 break; 535#endif 536 } 537 538 /* MDBA_MDB_EATTR_GROUP_MODE */ 539 nlmsg_size += nla_total_size(sizeof(u8)); 540 541 /* MDBA_MDB_EATTR_SRC_LIST nested attr */ 542 if (!hlist_empty(&pg->src_list)) 543 nlmsg_size += nla_total_size(0); 544 545 hlist_for_each_entry(ent, &pg->src_list, node) { 546 /* MDBA_MDB_SRCLIST_ENTRY nested attr + 547 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER 548 */ 549 nlmsg_size += nla_total_size(0) + 550 nla_total_size(addr_size) + 551 nla_total_size(sizeof(u32)); 552 } 553out: 554 return nlmsg_size; 555} 556 557void br_mdb_notify(struct net_device *dev, 558 struct net_bridge_mdb_entry *mp, 559 struct net_bridge_port_group *pg, 560 int type) 561{ 562 struct net *net = dev_net(dev); 563 struct sk_buff *skb; 564 int err = -ENOBUFS; 565 566 br_switchdev_mdb_notify(dev, mp, pg, type); 567 568 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC); 569 if (!skb) 570 goto errout; 571 572 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type); 573 if (err < 0) { 574 kfree_skb(skb); 575 goto errout; 576 } 577 578 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 579 return; 580errout: 581 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 582} 583 584static int nlmsg_populate_rtr_fill(struct sk_buff *skb, 585 struct net_device *dev, 586 int ifindex, u16 vid, u32 pid, 587 u32 seq, int type, unsigned int flags) 588{ 589 struct nlattr *nest, *port_nest; 590 struct br_port_msg *bpm; 591 struct nlmsghdr *nlh; 592 593 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); 594 if (!nlh) 595 return -EMSGSIZE; 596 597 bpm = nlmsg_data(nlh); 598 memset(bpm, 0, sizeof(*bpm)); 599 bpm->family = AF_BRIDGE; 600 bpm->ifindex = dev->ifindex; 601 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 602 if (!nest) 603 goto cancel; 604 605 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT); 606 if (!port_nest) 607 goto end; 608 if (nla_put_nohdr(skb, sizeof(u32), &ifindex)) { 609 nla_nest_cancel(skb, port_nest); 610 goto end; 611 } 612 if (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid)) { 613 nla_nest_cancel(skb, port_nest); 614 goto end; 615 } 616 nla_nest_end(skb, port_nest); 617 618 nla_nest_end(skb, nest); 619 nlmsg_end(skb, nlh); 620 return 0; 621 622end: 623 nla_nest_end(skb, nest); 624cancel: 625 nlmsg_cancel(skb, nlh); 626 return -EMSGSIZE; 627} 628 629static inline size_t rtnl_rtr_nlmsg_size(void) 630{ 631 return NLMSG_ALIGN(sizeof(struct br_port_msg)) 632 + nla_total_size(sizeof(__u32)) 633 + nla_total_size(sizeof(u16)); 634} 635 636void br_rtr_notify(struct net_device *dev, struct net_bridge_mcast_port *pmctx, 637 int type) 638{ 639 struct net *net = dev_net(dev); 640 struct sk_buff *skb; 641 int err = -ENOBUFS; 642 int ifindex; 643 u16 vid; 644 645 ifindex = pmctx ? pmctx->port->dev->ifindex : 0; 646 vid = pmctx && br_multicast_port_ctx_is_vlan(pmctx) ? pmctx->vlan->vid : 647 0; 648 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC); 649 if (!skb) 650 goto errout; 651 652 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, vid, 0, 0, type, 653 NTF_SELF); 654 if (err < 0) { 655 kfree_skb(skb); 656 goto errout; 657 } 658 659 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 660 return; 661 662errout: 663 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 664} 665 666static bool is_valid_mdb_entry(struct br_mdb_entry *entry, 667 struct netlink_ext_ack *extack) 668{ 669 if (entry->ifindex == 0) { 670 NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed"); 671 return false; 672 } 673 674 if (entry->addr.proto == htons(ETH_P_IP)) { 675 if (!ipv4_is_multicast(entry->addr.u.ip4)) { 676 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast"); 677 return false; 678 } 679 if (ipv4_is_local_multicast(entry->addr.u.ip4)) { 680 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast"); 681 return false; 682 } 683#if IS_ENABLED(CONFIG_IPV6) 684 } else if (entry->addr.proto == htons(ETH_P_IPV6)) { 685 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) { 686 NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes"); 687 return false; 688 } 689#endif 690 } else if (entry->addr.proto == 0) { 691 /* L2 mdb */ 692 if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) { 693 NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast"); 694 return false; 695 } 696 } else { 697 NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol"); 698 return false; 699 } 700 701 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) { 702 NL_SET_ERR_MSG_MOD(extack, "Unknown entry state"); 703 return false; 704 } 705 if (entry->vid >= VLAN_VID_MASK) { 706 NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id"); 707 return false; 708 } 709 710 return true; 711} 712 713static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto, 714 struct netlink_ext_ack *extack) 715{ 716 switch (proto) { 717 case htons(ETH_P_IP): 718 if (nla_len(attr) != sizeof(struct in_addr)) { 719 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length"); 720 return false; 721 } 722 if (ipv4_is_multicast(nla_get_in_addr(attr))) { 723 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed"); 724 return false; 725 } 726 break; 727#if IS_ENABLED(CONFIG_IPV6) 728 case htons(ETH_P_IPV6): { 729 struct in6_addr src; 730 731 if (nla_len(attr) != sizeof(struct in6_addr)) { 732 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length"); 733 return false; 734 } 735 src = nla_get_in6_addr(attr); 736 if (ipv6_addr_is_multicast(&src)) { 737 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed"); 738 return false; 739 } 740 break; 741 } 742#endif 743 default: 744 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address"); 745 return false; 746 } 747 748 return true; 749} 750 751static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = { 752 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY, 753 sizeof(struct in_addr), 754 sizeof(struct in6_addr)), 755}; 756 757static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, 758 struct net_device **pdev, struct br_mdb_entry **pentry, 759 struct nlattr **mdb_attrs, struct netlink_ext_ack *extack) 760{ 761 struct net *net = sock_net(skb->sk); 762 struct br_mdb_entry *entry; 763 struct br_port_msg *bpm; 764 struct nlattr *tb[MDBA_SET_ENTRY_MAX+1]; 765 struct net_device *dev; 766 int err; 767 768 err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb, 769 MDBA_SET_ENTRY_MAX, NULL, NULL); 770 if (err < 0) 771 return err; 772 773 bpm = nlmsg_data(nlh); 774 if (bpm->ifindex == 0) { 775 NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex"); 776 return -EINVAL; 777 } 778 779 dev = __dev_get_by_index(net, bpm->ifindex); 780 if (dev == NULL) { 781 NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist"); 782 return -ENODEV; 783 } 784 785 if (!netif_is_bridge_master(dev)) { 786 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge"); 787 return -EOPNOTSUPP; 788 } 789 790 *pdev = dev; 791 792 if (!tb[MDBA_SET_ENTRY]) { 793 NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute"); 794 return -EINVAL; 795 } 796 if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) { 797 NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length"); 798 return -EINVAL; 799 } 800 801 entry = nla_data(tb[MDBA_SET_ENTRY]); 802 if (!is_valid_mdb_entry(entry, extack)) 803 return -EINVAL; 804 *pentry = entry; 805 806 if (tb[MDBA_SET_ENTRY_ATTRS]) { 807 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, 808 tb[MDBA_SET_ENTRY_ATTRS], 809 br_mdbe_attrs_pol, extack); 810 if (err) 811 return err; 812 if (mdb_attrs[MDBE_ATTR_SOURCE] && 813 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE], 814 entry->addr.proto, extack)) 815 return -EINVAL; 816 } else { 817 memset(mdb_attrs, 0, 818 sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1)); 819 } 820 821 return 0; 822} 823 824static struct net_bridge_mcast * 825__br_mdb_choose_context(struct net_bridge *br, 826 const struct br_mdb_entry *entry, 827 struct netlink_ext_ack *extack) 828{ 829 struct net_bridge_mcast *brmctx = NULL; 830 struct net_bridge_vlan *v; 831 832 if (!br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED)) { 833 brmctx = &br->multicast_ctx; 834 goto out; 835 } 836 837 if (!entry->vid) { 838 NL_SET_ERR_MSG_MOD(extack, "Cannot add an entry without a vlan when vlan snooping is enabled"); 839 goto out; 840 } 841 842 v = br_vlan_find(br_vlan_group(br), entry->vid); 843 if (!v) { 844 NL_SET_ERR_MSG_MOD(extack, "Vlan is not configured"); 845 goto out; 846 } 847 if (br_multicast_ctx_vlan_global_disabled(&v->br_mcast_ctx)) { 848 NL_SET_ERR_MSG_MOD(extack, "Vlan's multicast processing is disabled"); 849 goto out; 850 } 851 brmctx = &v->br_mcast_ctx; 852out: 853 return brmctx; 854} 855 856static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port, 857 struct br_mdb_entry *entry, 858 struct nlattr **mdb_attrs, 859 struct netlink_ext_ack *extack) 860{ 861 struct net_bridge_mdb_entry *mp, *star_mp; 862 struct net_bridge_port_group __rcu **pp; 863 struct net_bridge_port_group *p; 864 struct net_bridge_mcast *brmctx; 865 struct br_ip group, star_group; 866 unsigned long now = jiffies; 867 unsigned char flags = 0; 868 u8 filter_mode; 869 int err; 870 871 __mdb_entry_to_br_ip(entry, &group, mdb_attrs); 872 873 brmctx = __br_mdb_choose_context(br, entry, extack); 874 if (!brmctx) 875 return -EINVAL; 876 877 /* host join errors which can happen before creating the group */ 878 if (!port && !br_group_is_l2(&group)) { 879 /* don't allow any flags for host-joined IP groups */ 880 if (entry->state) { 881 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups"); 882 return -EINVAL; 883 } 884 if (!br_multicast_is_star_g(&group)) { 885 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined"); 886 return -EINVAL; 887 } 888 } 889 890 if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) { 891 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed"); 892 return -EINVAL; 893 } 894 895 mp = br_mdb_ip_get(br, &group); 896 if (!mp) { 897 mp = br_multicast_new_group(br, &group); 898 err = PTR_ERR_OR_ZERO(mp); 899 if (err) 900 return err; 901 } 902 903 /* host join */ 904 if (!port) { 905 if (mp->host_joined) { 906 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host"); 907 return -EEXIST; 908 } 909 910 br_multicast_host_join(brmctx, mp, false); 911 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB); 912 913 return 0; 914 } 915 916 for (pp = &mp->ports; 917 (p = mlock_dereference(*pp, br)) != NULL; 918 pp = &p->next) { 919 if (p->key.port == port) { 920 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port"); 921 return -EEXIST; 922 } 923 if ((unsigned long)p->key.port < (unsigned long)port) 924 break; 925 } 926 927 filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE : 928 MCAST_INCLUDE; 929 930 if (entry->state == MDB_PERMANENT) 931 flags |= MDB_PG_FLAGS_PERMANENT; 932 933 p = br_multicast_new_port_group(port, &group, *pp, flags, NULL, 934 filter_mode, RTPROT_STATIC); 935 if (unlikely(!p)) { 936 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group"); 937 return -ENOMEM; 938 } 939 rcu_assign_pointer(*pp, p); 940 if (entry->state == MDB_TEMPORARY) 941 mod_timer(&p->timer, 942 now + brmctx->multicast_membership_interval); 943 br_mdb_notify(br->dev, mp, p, RTM_NEWMDB); 944 /* if we are adding a new EXCLUDE port group (*,G) it needs to be also 945 * added to all S,G entries for proper replication, if we are adding 946 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be 947 * added to it for proper replication 948 */ 949 if (br_multicast_should_handle_mode(brmctx, group.proto)) { 950 switch (filter_mode) { 951 case MCAST_EXCLUDE: 952 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE); 953 break; 954 case MCAST_INCLUDE: 955 star_group = p->key.addr; 956 memset(&star_group.src, 0, sizeof(star_group.src)); 957 star_mp = br_mdb_ip_get(br, &star_group); 958 if (star_mp) 959 br_multicast_sg_add_exclude_ports(star_mp, p); 960 break; 961 } 962 } 963 964 return 0; 965} 966 967static int __br_mdb_add(struct net *net, struct net_bridge *br, 968 struct net_bridge_port *p, 969 struct br_mdb_entry *entry, 970 struct nlattr **mdb_attrs, 971 struct netlink_ext_ack *extack) 972{ 973 int ret; 974 975 spin_lock_bh(&br->multicast_lock); 976 ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack); 977 spin_unlock_bh(&br->multicast_lock); 978 979 return ret; 980} 981 982static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, 983 struct netlink_ext_ack *extack) 984{ 985 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1]; 986 struct net *net = sock_net(skb->sk); 987 struct net_bridge_vlan_group *vg; 988 struct net_bridge_port *p = NULL; 989 struct net_device *dev, *pdev; 990 struct br_mdb_entry *entry; 991 struct net_bridge_vlan *v; 992 struct net_bridge *br; 993 int err; 994 995 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack); 996 if (err < 0) 997 return err; 998 999 br = netdev_priv(dev); 1000 1001 if (!netif_running(br->dev)) { 1002 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running"); 1003 return -EINVAL; 1004 } 1005 1006 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) { 1007 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled"); 1008 return -EINVAL; 1009 } 1010 1011 if (entry->ifindex != br->dev->ifindex) { 1012 pdev = __dev_get_by_index(net, entry->ifindex); 1013 if (!pdev) { 1014 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist"); 1015 return -ENODEV; 1016 } 1017 1018 p = br_port_get_rtnl(pdev); 1019 if (!p) { 1020 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port"); 1021 return -EINVAL; 1022 } 1023 1024 if (p->br != br) { 1025 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device"); 1026 return -EINVAL; 1027 } 1028 if (p->state == BR_STATE_DISABLED) { 1029 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state"); 1030 return -EINVAL; 1031 } 1032 vg = nbp_vlan_group(p); 1033 } else { 1034 vg = br_vlan_group(br); 1035 } 1036 1037 /* If vlan filtering is enabled and VLAN is not specified 1038 * install mdb entry on all vlans configured on the port. 1039 */ 1040 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) { 1041 list_for_each_entry(v, &vg->vlan_list, vlist) { 1042 entry->vid = v->vid; 1043 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack); 1044 if (err) 1045 break; 1046 } 1047 } else { 1048 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack); 1049 } 1050 1051 return err; 1052} 1053 1054static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry, 1055 struct nlattr **mdb_attrs) 1056{ 1057 struct net_bridge_mdb_entry *mp; 1058 struct net_bridge_port_group *p; 1059 struct net_bridge_port_group __rcu **pp; 1060 struct br_ip ip; 1061 int err = -EINVAL; 1062 1063 if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED)) 1064 return -EINVAL; 1065 1066 __mdb_entry_to_br_ip(entry, &ip, mdb_attrs); 1067 1068 spin_lock_bh(&br->multicast_lock); 1069 mp = br_mdb_ip_get(br, &ip); 1070 if (!mp) 1071 goto unlock; 1072 1073 /* host leave */ 1074 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) { 1075 br_multicast_host_leave(mp, false); 1076 err = 0; 1077 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB); 1078 if (!mp->ports && netif_running(br->dev)) 1079 mod_timer(&mp->timer, jiffies); 1080 goto unlock; 1081 } 1082 1083 for (pp = &mp->ports; 1084 (p = mlock_dereference(*pp, br)) != NULL; 1085 pp = &p->next) { 1086 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex) 1087 continue; 1088 1089 if (p->key.port->state == BR_STATE_DISABLED) 1090 goto unlock; 1091 1092 br_multicast_del_pg(mp, p, pp); 1093 err = 0; 1094 break; 1095 } 1096 1097unlock: 1098 spin_unlock_bh(&br->multicast_lock); 1099 return err; 1100} 1101 1102static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, 1103 struct netlink_ext_ack *extack) 1104{ 1105 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1]; 1106 struct net *net = sock_net(skb->sk); 1107 struct net_bridge_vlan_group *vg; 1108 struct net_bridge_port *p = NULL; 1109 struct net_device *dev, *pdev; 1110 struct br_mdb_entry *entry; 1111 struct net_bridge_vlan *v; 1112 struct net_bridge *br; 1113 int err; 1114 1115 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack); 1116 if (err < 0) 1117 return err; 1118 1119 br = netdev_priv(dev); 1120 1121 if (entry->ifindex != br->dev->ifindex) { 1122 pdev = __dev_get_by_index(net, entry->ifindex); 1123 if (!pdev) 1124 return -ENODEV; 1125 1126 p = br_port_get_rtnl(pdev); 1127 if (!p || p->br != br || p->state == BR_STATE_DISABLED) 1128 return -EINVAL; 1129 vg = nbp_vlan_group(p); 1130 } else { 1131 vg = br_vlan_group(br); 1132 } 1133 1134 /* If vlan filtering is enabled and VLAN is not specified 1135 * delete mdb entry on all vlans configured on the port. 1136 */ 1137 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) { 1138 list_for_each_entry(v, &vg->vlan_list, vlist) { 1139 entry->vid = v->vid; 1140 err = __br_mdb_del(br, entry, mdb_attrs); 1141 } 1142 } else { 1143 err = __br_mdb_del(br, entry, mdb_attrs); 1144 } 1145 1146 return err; 1147} 1148 1149void br_mdb_init(void) 1150{ 1151 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0); 1152 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0); 1153 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0); 1154} 1155 1156void br_mdb_uninit(void) 1157{ 1158 rtnl_unregister(PF_BRIDGE, RTM_GETMDB); 1159 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB); 1160 rtnl_unregister(PF_BRIDGE, RTM_DELMDB); 1161}