linux/net/dsa
Vladimir Oltean 412a1526d0 net: dsa: untag the bridge pvid from rx skbs
Currently the bridge untags VLANs present in its VLAN groups in
__allowed_ingress() only when VLAN filtering is enabled.

But when a skb is seen on the RX path as tagged with the bridge's pvid,
and that bridge has vlan_filtering=0, and there isn't any 8021q upper
with that VLAN either, then we have a problem. The bridge will not untag
it (since it is supposed to remain VLAN-unaware), and pvid-tagged
communication will be broken.

There are 2 situations where we can end up like that:

1. When installing a pvid in egress-tagged mode, like this:

ip link add dev br0 type bridge vlan_filtering 0
ip link set swp0 master br0
bridge vlan del dev swp0 vid 1
bridge vlan add dev swp0 vid 1 pvid

This happens because DSA configures the VLAN membership of the CPU port
using the same flags as swp0 (in this case "pvid and not untagged"), in
an attempt to copy the frame as-is from ingress to the CPU.

However, in this case, the packet may arrive untagged on ingress, it
will be pvid-tagged by the ingress port, and will be sent as
egress-tagged towards the CPU. Otherwise stated, the CPU will see a VLAN
tag where there was none to speak of on ingress.

When vlan_filtering is 1, this is not a problem, as stated in the first
paragraph, because __allowed_ingress() will pop it. But currently, when
vlan_filtering is 0 and we have such a VLAN configuration, we need an
8021q upper (br0.1) to be able to ping over that VLAN, which is not
symmetrical with the vlan_filtering=1 case, and therefore, confusing for
users.

Basically what DSA attempts to do is simply an approximation: try to
copy the skb with (or without) the same VLAN all the way up to the CPU.
But DSA drivers treat CPU port VLAN membership in various ways (which is
a good segue into situation 2). And some of those drivers simply tell
the CPU port to copy the frame unmodified, which is the golden standard
when it comes to VLAN processing (therefore, any driver which can
configure the hardware to do that, should do that, and discard the VLAN
flags requested by DSA on the CPU port).

2. Some DSA drivers always configure the CPU port as egress-tagged, in
an attempt to recover the classified VLAN from the skb. These drivers
cannot work at all with untagged traffic when bridged in
vlan_filtering=0 mode. And they can't go for the easy "just keep the
pvid as egress-untagged towards the CPU" route, because each front port
can have its own pvid, and that might require conflicting VLAN
membership settings on the CPU port (swp1 is pvid for VID 1 and
egress-tagged for VID 2; swp2 is egress-taggeed for VID 1 and pvid for
VID 2; with this simplistic approach, the CPU port, which is really a
separate hardware entity and has its own VLAN membership settings, would
end up being egress-untagged in both VID 1 and VID 2, therefore losing
the VLAN tags of ingress traffic).

So the only thing we can do is to create a helper function for resolving
the problematic case (that is, a function which untags the bridge pvid
when that is in vlan_filtering=0 mode), which taggers in need should
call. It isn't called from the generic DSA receive path because there
are drivers that fall neither in the first nor second category.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-09-23 18:13:45 -07:00
..
dsa2.c net: dsa: wire up devlink info get 2020-09-18 18:18:30 -07:00
dsa_priv.h net: dsa: untag the bridge pvid from rx skbs 2020-09-23 18:13:45 -07:00
dsa.c net: dsa: Add devlink regions support to DSA 2020-09-18 18:17:45 -07:00
Kconfig net: dsa: tag_rtl4_a: Implement Realtek 4 byte A tag 2020-07-08 15:36:19 -07:00
Makefile net: dsa: tag_rtl4_a: Implement Realtek 4 byte A tag 2020-07-08 15:36:19 -07:00
master.c net: dsa: stop overriding master's ndo_get_phys_port_name 2020-07-23 15:14:58 -07:00
port.c net: dsa: allow 8021q uppers while the bridge has vlan_filtering=0 2020-09-20 19:01:34 -07:00
slave.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-22 16:45:34 -07:00
switch.c net: dsa: convert denying bridge VLAN with existing 8021q upper to PRECHANGEUPPER 2020-09-20 19:01:33 -07:00
tag_8021q.c net: dsa: tag_8021q: add VLANs to the master interface too 2020-09-20 19:01:34 -07:00
tag_ar9331.c net: dsa: tag_ar9331: Make sure there is headroom for tag 2020-02-14 07:34:51 -08:00
tag_brcm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
tag_dsa.c dsa: Cleanup unneeded table and make tag structures static 2019-04-28 19:41:01 -04:00
tag_edsa.c dsa: Allow forwarding of redirected IGMP traffic 2020-06-24 14:39:43 -07:00
tag_gswip.c net: dsa: tag_gswip: fix typo in tagger name 2020-01-16 13:58:26 +01:00
tag_ksz.c net: dsa: tag_ksz: Fix __be16 warnings 2020-07-05 15:31:58 -07:00
tag_lan9303.c net: dsa: tag_lan9303: Fix __be16 warnings 2020-07-05 15:31:58 -07:00
tag_mtk.c net: dsa: tag_mtk: Fix warnings for __be16 2020-07-05 15:31:58 -07:00
tag_ocelot.c net: mscc: ocelot: add locking for the port TX timestamp ID 2020-09-18 13:52:33 -07:00
tag_qca.c net: dsa: tag_qca.c: Fix warning for __be16 vs u16 2020-07-05 15:31:58 -07:00
tag_rtl4_a.c net: dsa: tag_rtl4_a: Implement Realtek 4 byte A tag 2020-07-08 15:36:19 -07:00
tag_sja1105.c net: dsa: tag_sja1105: add compatibility with hwaccel VLAN tags 2020-09-20 19:01:34 -07:00
tag_trailer.c dsa: Cleanup unneeded table and make tag structures static 2019-04-28 19:41:01 -04:00