--- zzzz-none-000/linux-4.9.231/net/bridge/br_private.h 2020-07-22 07:10:54.000000000 +0000 +++ falcon-5590-729/linux-4.9.231/net/bridge/br_private.h 2022-03-30 12:03:35.000000000 +0000 @@ -21,6 +21,7 @@ #include #include #include +#include #define BR_HASH_BITS 8 #define BR_HASH_SIZE (1 << BR_HASH_BITS) @@ -46,15 +47,13 @@ typedef struct mac_addr mac_addr; typedef __u16 port_id; -struct bridge_id -{ - unsigned char prio[2]; - unsigned char addr[ETH_ALEN]; +struct bridge_id { + unsigned char prio[2]; + unsigned char addr[ETH_ALEN]; }; -struct mac_addr -{ - unsigned char addr[ETH_ALEN]; +struct mac_addr { + unsigned char addr[ETH_ALEN]; }; #ifdef CONFIG_BRIDGE_IGMP_SNOOPING @@ -150,8 +149,7 @@ u16 pvid; }; -struct net_bridge_fdb_entry -{ +struct net_bridge_fdb_entry { struct hlist_node hlist; struct net_bridge_port *dst; @@ -166,8 +164,8 @@ struct rcu_head rcu; }; -#define MDB_PG_FLAGS_PERMANENT BIT(0) -#define MDB_PG_FLAGS_OFFLOAD BIT(1) +#define MDB_PG_FLAGS_PERMANENT BIT(0) +#define MDB_PG_FLAGS_OFFLOAD BIT(1) struct net_bridge_port_group { struct net_bridge_port *port; @@ -176,13 +174,13 @@ struct rcu_head rcu; struct timer_list timer; struct br_ip addr; + unsigned char eth_addr[ETH_ALEN] __aligned(2); unsigned char flags; }; -struct net_bridge_mdb_entry -{ +struct net_bridge_mdb_entry { struct hlist_node hlist[2]; - struct net_bridge *br; + struct net_bridge *br; struct net_bridge_port_group __rcu *ports; struct rcu_head rcu; struct timer_list timer; @@ -190,10 +188,9 @@ bool mglist; }; -struct net_bridge_mdb_htable -{ - struct hlist_head *mhash; - struct rcu_head rcu; +struct net_bridge_mdb_htable { + struct hlist_head *mhash; + struct rcu_head rcu; struct net_bridge_mdb_htable *old; u32 size; u32 max; @@ -201,10 +198,67 @@ u32 ver; }; -struct net_bridge_port -{ - struct net_bridge *br; - struct net_device *dev; +#ifdef CONFIG_MCAST_SNOOPING + +typedef enum { + IPV4 = 0, + IPV6, +} ptype_t; + +struct ipaddr { + ptype_t type; + union { + struct in_addr ip4; + struct in6_addr ip6; + } addr; +}; + +typedef struct ipaddr ipaddr_t; + +enum igmp_ver { + IGMPV1 = 1, + IGMPV2, + IGMPV3, +}; + +enum mld_ver { + MLDV1 = 1, + MLDV2, +}; + +/* Set router port ioctl request */ +struct router_port { + ptype_t type; + u32 if_index; /* interface index */ + u32 expires; /* expiry time */ +}; + +/* Multicast group record ioctl request */ +struct br_grp_rec { + u32 if_index; /* interface index */ + ipaddr_t gaddr; /* Group address */ + u32 filter_mode; /* Filter mode */ + u32 compat; /* Compatibility mode */ + u32 nsrc; /* number of sources */ + ipaddr_t slist[0]; /* source list */ +}; + +struct net_bridge_mg_entry { + struct hlist_node hlist; + ipaddr_t gaddr; /* Group ipaddr */ + u8 filter_mode; /* 0 = EX, 1 = IN */ + u8 compat_mode; /* 1 = v1, 2 = v2, 3 = v3 */ + struct net_bridge_port *port; + struct rcu_head rcu; + u32 saddr_cnt; + ipaddr_t saddr[0]; /* Array of src ipaddr */ +}; + +#endif /* CONFIG_MCAST_SNOOPING */ + +struct net_bridge_port { + struct net_bridge *br; + struct net_device *dev; struct list_head list; /* STP */ @@ -219,6 +273,7 @@ bridge_id designated_bridge; u32 path_cost; u32 designated_cost; + int learning_limit; unsigned long designated_age; struct timer_list forward_delay_timer; @@ -229,8 +284,19 @@ unsigned long flags; +#ifdef CONFIG_MCAST_SNOOPING + u32 mghash_secret; + u32 mghash_secret6; + spinlock_t mghash_lock; + struct hlist_head mghash[BR_HASH_SIZE]; + u8 igmp_router_port; + struct timer_list igmp_router_timer; + u8 mld_router_port; + struct timer_list mld_router_timer; +#endif /* CONFIG_MCAST_SNOOPING */ + #ifdef CONFIG_BRIDGE_IGMP_SNOOPING - struct bridge_mcast_own_query ip4_own_query; + struct bridge_mcast_own_query ip4_own_query; #if IS_ENABLED(CONFIG_IPV6) struct bridge_mcast_own_query ip6_own_query; #endif /* IS_ENABLED(CONFIG_IPV6) */ @@ -272,10 +338,9 @@ rtnl_dereference(dev->rx_handler_data) : NULL; } -struct net_bridge -{ +struct net_bridge { spinlock_t lock; - struct list_head port_list; + struct list_head port_list; struct net_device *dev; struct pcpu_sw_netstats __percpu *stats; @@ -290,6 +355,12 @@ bool nf_call_ip6tables; bool nf_call_arptables; #endif +#ifdef CONFIG_AVM_BRIDGE_FLOOD_RATELIMITER + atomic_t avm_flood_credits; + int avm_flood_credits_max; + int avm_flood_credits_recov_rate; + struct timer_list avm_flood_rl_timer; +#endif u16 group_fwd_mask; u16 group_fwd_mask_required; @@ -385,6 +456,7 @@ #endif bool proxyarp_replied; + bool src_port_isolated; #ifdef CONFIG_BRIDGE_VLAN_FILTERING bool vlan_filtered; @@ -529,6 +601,14 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb, enum br_pkt_type pkt_type, bool local_rcv, bool local_orig); +/* return true if both source port and dest port are isolated */ +static inline bool br_skb_isolated(const struct net_bridge_port *to, + const struct sk_buff *skb) +{ + return BR_INPUT_SKB_CB(skb)->src_port_isolated && + (to->flags & BR_ISOLATED); +} + /* br_if.c */ void br_port_carrier_check(struct net_bridge_port *p); int br_add_bridge(struct net *net, const char *name); @@ -591,7 +671,7 @@ struct net_bridge_port_group * br_multicast_new_port_group(struct net_bridge_port *port, struct br_ip *group, struct net_bridge_port_group __rcu *next, - unsigned char flags); + unsigned char flags, const unsigned char *src); void br_mdb_init(void); void br_mdb_uninit(void); void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port, @@ -982,6 +1062,22 @@ #define br_netfilter_rtable_init(x) #endif +/* br_bcast_rl.c */ +#ifdef CONFIG_AVM_BRIDGE_FLOOD_RATELIMITER +int br_flood_rl_init(void); +void br_flood_rl_fini(void); +void br_flood_rl_setup(struct net_bridge *br); +int br_flood_rl_set_credits(struct net_bridge *br, unsigned long v); +unsigned int br_flood_rl(struct net_bridge *br, + struct sk_buff *skb, + struct net_device *src_dev); +#else +#define br_flood_rl_init() (0) +#define br_flood_rl_fini() do { } while (0) +#define br_flood_rl_setup(br) do { } while (0) +#define br_flood_rl(br, skb, dev) (1) +#endif + /* br_stp.c */ void br_set_state(struct net_bridge_port *p, unsigned int state); struct net_bridge_port *br_get_port(struct net_bridge *br, u16 port_no); @@ -1033,6 +1129,20 @@ int br_getlink(struct sk_buff *skb, u32 pid, u32 seq, struct net_device *dev, u32 filter_mask, int nlflags); +#ifdef CONFIG_MCAST_SNOOPING +/* br_mcast_snooping.c */ +extern void br_mcast_port_init(struct net_bridge_port *port); +extern void br_mcast_port_cleanup(struct net_bridge_port *port); +extern int br_mg_del_record(struct net_bridge_port *port, ipaddr_t *gaddr); +extern int br_mg_add_entry(struct net_bridge_port *port, ipaddr_t *gaddr, u8 filter, u8 compat, u32 saddr_cnt, ipaddr_t *saddr); +extern int br_selective_flood(struct net_bridge_port *p, struct sk_buff *skb); +extern int bridge_igmp_snooping; +extern int bridge_mld_snooping; +extern int bridge_lanserver_hook; +extern void br_mcast_snoop_init(void); +extern void br_mcast_snoop_deinit(void); +#endif + #ifdef CONFIG_SYSFS /* br_sysfs_if.c */ extern const struct sysfs_ops brport_sysfs_ops; @@ -1058,6 +1168,11 @@ struct sk_buff *skb); bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, const struct sk_buff *skb); +int br_switchdev_set_port_flag(struct net_bridge_port *p, + unsigned long flags, + unsigned long mask); +int nbp_switchdev_avm_flood_ratelimit_set(struct net_bridge *br, + int val); #else static inline int nbp_switchdev_mark_set(struct net_bridge_port *p) { @@ -1074,6 +1189,16 @@ { return true; } + +static inline int br_switchdev_set_port_flag(struct net_bridge_port *p, + unsigned long flags, + unsigned long mask) + +static inline int nbp_switchdev_avm_flood_ratelimit_set(struct net_bridge *br, + int val) +{ + return 0; +} #endif /* CONFIG_NET_SWITCHDEV */ #endif