Commit cc1939e4 authored by Vladimir Oltean's avatar Vladimir Oltean Committed by David S. Miller

net: dsa: Allow drivers to filter packets they can decode source port from

Frames get processed by DSA and redirected to switch port net devices
based on the ETH_P_XDSA multiplexed packet_type handler found by the
network stack when calling eth_type_trans().

The running assumption is that once the DSA .rcv function is called, DSA
is always able to decode the switch tag in order to change the skb->dev
from its master.

However there are tagging protocols (such as the new DSA_TAG_PROTO_SJA1105,
user of DSA_TAG_PROTO_8021Q) where this assumption is not completely
true, since switch tagging piggybacks on the absence of a vlan_filtering
bridge. Moreover, management traffic (BPDU, PTP) for this switch doesn't
rely on switch tagging, but on a different mechanism. So it would make
sense to at least be able to terminate that.

Having DSA receive traffic it can't decode would put it in an impossible
situation: the eth_type_trans() function would invoke the DSA .rcv(),
which could not change skb->dev, then eth_type_trans() would be invoked
again, which again would call the DSA .rcv, and the packet would never
be able to exit the DSA filter and would spiral in a loop until the
whole system dies.

This happens because eth_type_trans() doesn't actually look at the skb
(so as to identify a potential tag) when it deems it as being
ETH_P_XDSA. It just checks whether skb->dev has a DSA private pointer
installed (therefore it's a DSA master) and that there exists a .rcv
callback (everybody except DSA_TAG_PROTO_NONE has that). This is
understandable as there are many switch tags out there, and exhaustively
checking for all of them is far from ideal.

The solution lies in introducing a filtering function for each tagging
protocol. In the absence of a filtering function, all traffic is passed
to the .rcv DSA callback. The tagging protocol should see the filtering
function as a pre-validation that it can decode the incoming skb. The
traffic that doesn't match the filter will bypass the DSA .rcv callback
and be left on the master netdevice, which wasn't previously possible.
Signed-off-by: default avatarVladimir Oltean <olteanv@gmail.com>
Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f9bbe447
...@@ -69,6 +69,11 @@ struct dsa_device_ops { ...@@ -69,6 +69,11 @@ struct dsa_device_ops {
struct packet_type *pt); struct packet_type *pt);
int (*flow_dissect)(const struct sk_buff *skb, __be16 *proto, int (*flow_dissect)(const struct sk_buff *skb, __be16 *proto,
int *offset); int *offset);
/* Used to determine which traffic should match the DSA filter in
* eth_type_trans, and which, if any, should bypass it and be processed
* as regular on the master net device.
*/
bool (*filter)(const struct sk_buff *skb, struct net_device *dev);
unsigned int overhead; unsigned int overhead;
const char *name; const char *name;
enum dsa_tag_protocol proto; enum dsa_tag_protocol proto;
...@@ -148,6 +153,7 @@ struct dsa_port { ...@@ -148,6 +153,7 @@ struct dsa_port {
struct dsa_switch_tree *dst; struct dsa_switch_tree *dst;
struct sk_buff *(*rcv)(struct sk_buff *skb, struct net_device *dev, struct sk_buff *(*rcv)(struct sk_buff *skb, struct net_device *dev,
struct packet_type *pt); struct packet_type *pt);
bool (*filter)(const struct sk_buff *skb, struct net_device *dev);
enum { enum {
DSA_PORT_TYPE_UNUSED = 0, DSA_PORT_TYPE_UNUSED = 0,
...@@ -520,6 +526,15 @@ static inline bool netdev_uses_dsa(struct net_device *dev) ...@@ -520,6 +526,15 @@ static inline bool netdev_uses_dsa(struct net_device *dev)
return false; return false;
} }
static inline bool dsa_can_decode(const struct sk_buff *skb,
struct net_device *dev)
{
#if IS_ENABLED(CONFIG_NET_DSA)
return !dev->dsa_ptr->filter || dev->dsa_ptr->filter(skb, dev);
#endif
return false;
}
struct dsa_switch *dsa_switch_alloc(struct device *dev, size_t n); struct dsa_switch *dsa_switch_alloc(struct device *dev, size_t n);
void dsa_unregister_switch(struct dsa_switch *ds); void dsa_unregister_switch(struct dsa_switch *ds);
int dsa_register_switch(struct dsa_switch *ds); int dsa_register_switch(struct dsa_switch *ds);
......
...@@ -586,6 +586,7 @@ static int dsa_port_parse_cpu(struct dsa_port *dp, struct net_device *master) ...@@ -586,6 +586,7 @@ static int dsa_port_parse_cpu(struct dsa_port *dp, struct net_device *master)
} }
dp->type = DSA_PORT_TYPE_CPU; dp->type = DSA_PORT_TYPE_CPU;
dp->filter = tag_ops->filter;
dp->rcv = tag_ops->rcv; dp->rcv = tag_ops->rcv;
dp->tag_ops = tag_ops; dp->tag_ops = tag_ops;
dp->master = master; dp->master = master;
......
...@@ -185,8 +185,12 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev) ...@@ -185,8 +185,12 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev)
* at all, so we check here whether one of those tagging * at all, so we check here whether one of those tagging
* variants has been configured on the receiving interface, * variants has been configured on the receiving interface,
* and if so, set skb->protocol without looking at the packet. * and if so, set skb->protocol without looking at the packet.
* The DSA tagging protocol may be able to decode some but not all
* traffic (for example only for management). In that case give it the
* option to filter the packets from which it can decode source port
* information.
*/ */
if (unlikely(netdev_uses_dsa(dev))) if (unlikely(netdev_uses_dsa(dev)) && dsa_can_decode(skb, dev))
return htons(ETH_P_XDSA); return htons(ETH_P_XDSA);
if (likely(eth_proto_is_802_3(eth->h_proto))) if (likely(eth_proto_is_802_3(eth->h_proto)))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment