1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * Spanning tree protocol; BPDU handling |
4 | * Linux ethernet bridge |
5 | * |
6 | * Authors: |
7 | * Lennert Buytenhek <buytenh@gnu.org> |
8 | */ |
9 | |
10 | #include <linux/kernel.h> |
11 | #include <linux/netfilter_bridge.h> |
12 | #include <linux/etherdevice.h> |
13 | #include <linux/llc.h> |
14 | #include <linux/slab.h> |
15 | #include <linux/pkt_sched.h> |
16 | #include <net/net_namespace.h> |
17 | #include <net/llc.h> |
18 | #include <net/llc_pdu.h> |
19 | #include <net/stp.h> |
20 | #include <asm/unaligned.h> |
21 | |
22 | #include "br_private.h" |
23 | #include "br_private_stp.h" |
24 | |
25 | #define STP_HZ 256 |
26 | |
27 | #define LLC_RESERVE sizeof(struct llc_pdu_un) |
28 | |
29 | static int br_send_bpdu_finish(struct net *net, struct sock *sk, |
30 | struct sk_buff *skb) |
31 | { |
32 | return dev_queue_xmit(skb); |
33 | } |
34 | |
35 | static void br_send_bpdu(struct net_bridge_port *p, |
36 | const unsigned char *data, int length) |
37 | { |
38 | struct sk_buff *skb; |
39 | |
40 | skb = dev_alloc_skb(length: length+LLC_RESERVE); |
41 | if (!skb) |
42 | return; |
43 | |
44 | skb->dev = p->dev; |
45 | skb->protocol = htons(ETH_P_802_2); |
46 | skb->priority = TC_PRIO_CONTROL; |
47 | |
48 | skb_reserve(skb, LLC_RESERVE); |
49 | __skb_put_data(skb, data, len: length); |
50 | |
51 | llc_pdu_header_init(skb, LLC_PDU_TYPE_U, LLC_SAP_BSPAN, |
52 | LLC_SAP_BSPAN, LLC_PDU_CMD); |
53 | llc_pdu_init_as_ui_cmd(skb); |
54 | |
55 | llc_mac_hdr_init(skb, sa: p->dev->dev_addr, da: p->br->group_addr); |
56 | |
57 | skb_reset_mac_header(skb); |
58 | |
59 | NF_HOOK(pf: NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, |
60 | net: dev_net(dev: p->dev), NULL, skb, NULL, out: skb->dev, |
61 | okfn: br_send_bpdu_finish); |
62 | } |
63 | |
64 | static inline void br_set_ticks(unsigned char *dest, int j) |
65 | { |
66 | unsigned long ticks = (STP_HZ * j)/ HZ; |
67 | |
68 | put_unaligned_be16(val: ticks, p: dest); |
69 | } |
70 | |
71 | static inline int br_get_ticks(const unsigned char *src) |
72 | { |
73 | unsigned long ticks = get_unaligned_be16(p: src); |
74 | |
75 | return DIV_ROUND_UP(ticks * HZ, STP_HZ); |
76 | } |
77 | |
78 | /* called under bridge lock */ |
79 | void br_send_config_bpdu(struct net_bridge_port *p, struct br_config_bpdu *bpdu) |
80 | { |
81 | unsigned char buf[35]; |
82 | |
83 | if (p->br->stp_enabled != BR_KERNEL_STP) |
84 | return; |
85 | |
86 | buf[0] = 0; |
87 | buf[1] = 0; |
88 | buf[2] = 0; |
89 | buf[3] = BPDU_TYPE_CONFIG; |
90 | buf[4] = (bpdu->topology_change ? 0x01 : 0) | |
91 | (bpdu->topology_change_ack ? 0x80 : 0); |
92 | buf[5] = bpdu->root.prio[0]; |
93 | buf[6] = bpdu->root.prio[1]; |
94 | buf[7] = bpdu->root.addr[0]; |
95 | buf[8] = bpdu->root.addr[1]; |
96 | buf[9] = bpdu->root.addr[2]; |
97 | buf[10] = bpdu->root.addr[3]; |
98 | buf[11] = bpdu->root.addr[4]; |
99 | buf[12] = bpdu->root.addr[5]; |
100 | buf[13] = (bpdu->root_path_cost >> 24) & 0xFF; |
101 | buf[14] = (bpdu->root_path_cost >> 16) & 0xFF; |
102 | buf[15] = (bpdu->root_path_cost >> 8) & 0xFF; |
103 | buf[16] = bpdu->root_path_cost & 0xFF; |
104 | buf[17] = bpdu->bridge_id.prio[0]; |
105 | buf[18] = bpdu->bridge_id.prio[1]; |
106 | buf[19] = bpdu->bridge_id.addr[0]; |
107 | buf[20] = bpdu->bridge_id.addr[1]; |
108 | buf[21] = bpdu->bridge_id.addr[2]; |
109 | buf[22] = bpdu->bridge_id.addr[3]; |
110 | buf[23] = bpdu->bridge_id.addr[4]; |
111 | buf[24] = bpdu->bridge_id.addr[5]; |
112 | buf[25] = (bpdu->port_id >> 8) & 0xFF; |
113 | buf[26] = bpdu->port_id & 0xFF; |
114 | |
115 | br_set_ticks(dest: buf+27, j: bpdu->message_age); |
116 | br_set_ticks(dest: buf+29, j: bpdu->max_age); |
117 | br_set_ticks(dest: buf+31, j: bpdu->hello_time); |
118 | br_set_ticks(dest: buf+33, j: bpdu->forward_delay); |
119 | |
120 | br_send_bpdu(p, data: buf, length: 35); |
121 | |
122 | p->stp_xstats.tx_bpdu++; |
123 | } |
124 | |
125 | /* called under bridge lock */ |
126 | void br_send_tcn_bpdu(struct net_bridge_port *p) |
127 | { |
128 | unsigned char buf[4]; |
129 | |
130 | if (p->br->stp_enabled != BR_KERNEL_STP) |
131 | return; |
132 | |
133 | buf[0] = 0; |
134 | buf[1] = 0; |
135 | buf[2] = 0; |
136 | buf[3] = BPDU_TYPE_TCN; |
137 | br_send_bpdu(p, data: buf, length: 4); |
138 | |
139 | p->stp_xstats.tx_tcn++; |
140 | } |
141 | |
142 | /* |
143 | * Called from llc. |
144 | * |
145 | * NO locks, but rcu_read_lock |
146 | */ |
147 | void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb, |
148 | struct net_device *dev) |
149 | { |
150 | struct net_bridge_port *p; |
151 | struct net_bridge *br; |
152 | const unsigned char *buf; |
153 | |
154 | if (!pskb_may_pull(skb, len: 4)) |
155 | goto err; |
156 | |
157 | /* compare of protocol id and version */ |
158 | buf = skb->data; |
159 | if (buf[0] != 0 || buf[1] != 0 || buf[2] != 0) |
160 | goto err; |
161 | |
162 | p = br_port_get_check_rcu(dev); |
163 | if (!p) |
164 | goto err; |
165 | |
166 | br = p->br; |
167 | spin_lock(lock: &br->lock); |
168 | |
169 | if (br->stp_enabled != BR_KERNEL_STP) |
170 | goto out; |
171 | |
172 | if (!(br->dev->flags & IFF_UP)) |
173 | goto out; |
174 | |
175 | if (p->state == BR_STATE_DISABLED) |
176 | goto out; |
177 | |
178 | if (!ether_addr_equal(addr1: eth_hdr(skb)->h_dest, addr2: br->group_addr)) |
179 | goto out; |
180 | |
181 | if (p->flags & BR_BPDU_GUARD) { |
182 | br_notice(br, "BPDU received on blocked port %u(%s)\n" , |
183 | (unsigned int) p->port_no, p->dev->name); |
184 | br_stp_disable_port(p); |
185 | goto out; |
186 | } |
187 | |
188 | buf = skb_pull(skb, len: 3); |
189 | |
190 | if (buf[0] == BPDU_TYPE_CONFIG) { |
191 | struct br_config_bpdu bpdu; |
192 | |
193 | if (!pskb_may_pull(skb, len: 32)) |
194 | goto out; |
195 | |
196 | buf = skb->data; |
197 | bpdu.topology_change = (buf[1] & 0x01) ? 1 : 0; |
198 | bpdu.topology_change_ack = (buf[1] & 0x80) ? 1 : 0; |
199 | |
200 | bpdu.root.prio[0] = buf[2]; |
201 | bpdu.root.prio[1] = buf[3]; |
202 | bpdu.root.addr[0] = buf[4]; |
203 | bpdu.root.addr[1] = buf[5]; |
204 | bpdu.root.addr[2] = buf[6]; |
205 | bpdu.root.addr[3] = buf[7]; |
206 | bpdu.root.addr[4] = buf[8]; |
207 | bpdu.root.addr[5] = buf[9]; |
208 | bpdu.root_path_cost = |
209 | (buf[10] << 24) | |
210 | (buf[11] << 16) | |
211 | (buf[12] << 8) | |
212 | buf[13]; |
213 | bpdu.bridge_id.prio[0] = buf[14]; |
214 | bpdu.bridge_id.prio[1] = buf[15]; |
215 | bpdu.bridge_id.addr[0] = buf[16]; |
216 | bpdu.bridge_id.addr[1] = buf[17]; |
217 | bpdu.bridge_id.addr[2] = buf[18]; |
218 | bpdu.bridge_id.addr[3] = buf[19]; |
219 | bpdu.bridge_id.addr[4] = buf[20]; |
220 | bpdu.bridge_id.addr[5] = buf[21]; |
221 | bpdu.port_id = (buf[22] << 8) | buf[23]; |
222 | |
223 | bpdu.message_age = br_get_ticks(src: buf+24); |
224 | bpdu.max_age = br_get_ticks(src: buf+26); |
225 | bpdu.hello_time = br_get_ticks(src: buf+28); |
226 | bpdu.forward_delay = br_get_ticks(src: buf+30); |
227 | |
228 | if (bpdu.message_age > bpdu.max_age) { |
229 | if (net_ratelimit()) |
230 | br_notice(p->br, |
231 | "port %u config from %pM" |
232 | " (message_age %ul > max_age %ul)\n" , |
233 | p->port_no, |
234 | eth_hdr(skb)->h_source, |
235 | bpdu.message_age, bpdu.max_age); |
236 | goto out; |
237 | } |
238 | |
239 | br_received_config_bpdu(p, bpdu: &bpdu); |
240 | } else if (buf[0] == BPDU_TYPE_TCN) { |
241 | br_received_tcn_bpdu(p); |
242 | } |
243 | out: |
244 | spin_unlock(lock: &br->lock); |
245 | err: |
246 | kfree_skb(skb); |
247 | } |
248 | |