br_forward.c 6.5 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 *	Forwarding decision
 *	Linux ethernet bridge
 *
 *	Authors:
 *	Lennert Buytenhek		<buytenh@gnu.org>
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License
 *	as published by the Free Software Foundation; either version
 *	2 of the License, or (at your option) any later version.
 */

14
#include <linux/err.h>
15
#include <linux/slab.h>
L
Linus Torvalds 已提交
16 17
#include <linux/kernel.h>
#include <linux/netdevice.h>
W
WANG Cong 已提交
18
#include <linux/netpoll.h>
L
Linus Torvalds 已提交
19
#include <linux/skbuff.h>
20
#include <linux/if_vlan.h>
L
Linus Torvalds 已提交
21 22 23
#include <linux/netfilter_bridge.h>
#include "br_private.h"

24 25
static int deliver_clone(const struct net_bridge_port *prev,
			 struct sk_buff *skb,
26 27 28
			 void (*__packet_hook)(const struct net_bridge_port *p,
					       struct sk_buff *skb));

T
tanxiaojun 已提交
29
/* Don't forward packets to originating port or forwarding disabled */
30
static inline int should_deliver(const struct net_bridge_port *p,
L
Linus Torvalds 已提交
31 32
				 const struct sk_buff *skb)
{
33
	return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
34
		br_allowed_egress(p->br, nbp_get_vlan_info(p), skb) &&
35
		p->state == BR_STATE_FORWARDING);
L
Linus Torvalds 已提交
36 37
}

38
static inline unsigned int packet_length(const struct sk_buff *skb)
39 40 41 42
{
	return skb->len - (skb->protocol == htons(ETH_P_8021Q) ? VLAN_HLEN : 0);
}

L
Linus Torvalds 已提交
43 44
int br_dev_queue_push_xmit(struct sk_buff *skb)
{
45 46 47
	/* ip_fragment doesn't copy the MAC header */
	if (nf_bridge_maybe_copy_header(skb) ||
	    (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb))) {
L
Linus Torvalds 已提交
48
		kfree_skb(skb);
49 50
	} else {
		skb_push(skb, ETH_HLEN);
51
		br_drop_fake_rtable(skb);
52
		dev_queue_xmit(skb);
L
Linus Torvalds 已提交
53 54 55 56 57 58 59
	}

	return 0;
}

int br_forward_finish(struct sk_buff *skb)
{
60
	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
61
		       br_dev_queue_push_xmit);
L
Linus Torvalds 已提交
62 63 64 65 66

}

static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
{
67 68 69 70
	skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb);
	if (!skb)
		return;

L
Linus Torvalds 已提交
71
	skb->dev = to->dev;
H
Herbert Xu 已提交
72

73
	if (unlikely(netpoll_tx_running(to->br->dev))) {
H
Herbert Xu 已提交
74 75 76 77 78 79 80 81 82
		if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb))
			kfree_skb(skb);
		else {
			skb_push(skb, ETH_HLEN);
			br_netpoll_send_skb(to, skb);
		}
		return;
	}

83 84
	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
		br_forward_finish);
L
Linus Torvalds 已提交
85 86 87 88 89 90
}

static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
{
	struct net_device *indev;

H
Herbert Xu 已提交
91 92 93 94 95
	if (skb_warn_if_lro(skb)) {
		kfree_skb(skb);
		return;
	}

96 97 98 99
	skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb);
	if (!skb)
		return;

L
Linus Torvalds 已提交
100 101
	indev = skb->dev;
	skb->dev = to->dev;
102
	skb_forward_csum(skb);
L
Linus Torvalds 已提交
103

104 105
	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
		br_forward_finish);
L
Linus Torvalds 已提交
106 107 108 109 110
}

/* called with rcu_read_lock */
void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
{
111
	if (to && should_deliver(to, skb)) {
L
Linus Torvalds 已提交
112 113 114 115 116 117 118 119
		__br_deliver(to, skb);
		return;
	}

	kfree_skb(skb);
}

/* called with rcu_read_lock */
120
void br_forward(const struct net_bridge_port *to, struct sk_buff *skb, struct sk_buff *skb0)
L
Linus Torvalds 已提交
121
{
H
Herbert Xu 已提交
122
	if (should_deliver(to, skb)) {
123 124 125 126
		if (skb0)
			deliver_clone(to, skb, __br_forward);
		else
			__br_forward(to, skb);
L
Linus Torvalds 已提交
127 128 129
		return;
	}

130 131
	if (!skb0)
		kfree_skb(skb);
L
Linus Torvalds 已提交
132 133
}

134 135
static int deliver_clone(const struct net_bridge_port *prev,
			 struct sk_buff *skb,
136 137 138
			 void (*__packet_hook)(const struct net_bridge_port *p,
					       struct sk_buff *skb))
{
139 140
	struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev;

141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
	skb = skb_clone(skb, GFP_ATOMIC);
	if (!skb) {
		dev->stats.tx_dropped++;
		return -ENOMEM;
	}

	__packet_hook(prev, skb);
	return 0;
}

static struct net_bridge_port *maybe_deliver(
	struct net_bridge_port *prev, struct net_bridge_port *p,
	struct sk_buff *skb,
	void (*__packet_hook)(const struct net_bridge_port *p,
			      struct sk_buff *skb))
{
	int err;

	if (!should_deliver(p, skb))
		return prev;

	if (!prev)
		goto out;

	err = deliver_clone(prev, skb, __packet_hook);
	if (err)
		return ERR_PTR(err);

out:
	return p;
}

L
Linus Torvalds 已提交
173
/* called under bridge lock */
174
static void br_flood(struct net_bridge *br, struct sk_buff *skb,
175 176
		     struct sk_buff *skb0,
		     void (*__packet_hook)(const struct net_bridge_port *p,
177 178
					   struct sk_buff *skb),
		     bool unicast)
L
Linus Torvalds 已提交
179 180 181 182 183 184 185
{
	struct net_bridge_port *p;
	struct net_bridge_port *prev;

	prev = NULL;

	list_for_each_entry_rcu(p, &br->port_list, list) {
186 187 188
		/* Do not flood unicast traffic to ports that turn it off */
		if (unicast && !(p->flags & BR_FLOOD))
			continue;
189 190 191
		prev = maybe_deliver(prev, p, skb, __packet_hook);
		if (IS_ERR(prev))
			goto out;
L
Linus Torvalds 已提交
192 193
	}

194 195 196
	if (!prev)
		goto out;

197 198 199 200
	if (skb0)
		deliver_clone(prev, skb, __packet_hook);
	else
		__packet_hook(prev, skb);
201
	return;
L
Linus Torvalds 已提交
202

203 204 205
out:
	if (!skb0)
		kfree_skb(skb);
L
Linus Torvalds 已提交
206 207 208 209
}


/* called with rcu_read_lock */
210
void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast)
L
Linus Torvalds 已提交
211
{
212
	br_flood(br, skb, NULL, __br_deliver, unicast);
L
Linus Torvalds 已提交
213 214 215
}

/* called under bridge lock */
216
void br_flood_forward(struct net_bridge *br, struct sk_buff *skb,
217
		      struct sk_buff *skb2, bool unicast)
L
Linus Torvalds 已提交
218
{
219
	br_flood(br, skb, skb2, __br_forward, unicast);
L
Linus Torvalds 已提交
220
}
221 222 223 224 225 226 227 228 229 230 231

#ifdef CONFIG_BRIDGE_IGMP_SNOOPING
/* called with rcu_read_lock */
static void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
			       struct sk_buff *skb, struct sk_buff *skb0,
			       void (*__packet_hook)(
					const struct net_bridge_port *p,
					struct sk_buff *skb))
{
	struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev;
	struct net_bridge *br = netdev_priv(dev);
232
	struct net_bridge_port *prev = NULL;
233 234 235
	struct net_bridge_port_group *p;
	struct hlist_node *rp;

236
	rp = rcu_dereference(hlist_first_rcu(&br->router_list));
237
	p = mdst ? rcu_dereference(mdst->ports) : NULL;
238
	while (p || rp) {
239 240
		struct net_bridge_port *port, *lport, *rport;

241 242 243 244 245 246 247 248 249 250 251 252
		lport = p ? p->port : NULL;
		rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) :
			     NULL;

		port = (unsigned long)lport > (unsigned long)rport ?
		       lport : rport;

		prev = maybe_deliver(prev, port, skb, __packet_hook);
		if (IS_ERR(prev))
			goto out;

		if ((unsigned long)lport >= (unsigned long)port)
253
			p = rcu_dereference(p->next);
254
		if ((unsigned long)rport >= (unsigned long)port)
255
			rp = rcu_dereference(hlist_next_rcu(rp));
256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
	}

	if (!prev)
		goto out;

	if (skb0)
		deliver_clone(prev, skb, __packet_hook);
	else
		__packet_hook(prev, skb);
	return;

out:
	if (!skb0)
		kfree_skb(skb);
}

/* called with rcu_read_lock */
void br_multicast_deliver(struct net_bridge_mdb_entry *mdst,
			  struct sk_buff *skb)
{
	br_multicast_flood(mdst, skb, NULL, __br_deliver);
}

/* called with rcu_read_lock */
void br_multicast_forward(struct net_bridge_mdb_entry *mdst,
			  struct sk_buff *skb, struct sk_buff *skb2)
{
	br_multicast_flood(mdst, skb, skb2, __br_forward);
}
#endif