[NETFILTER]: Fix possible overflow in netfilters do_replace()
[linux-2.6.git] / net / bridge / br_if.c
1 /*
2  *      Userspace interface
3  *      Linux ethernet bridge
4  *
5  *      Authors:
6  *      Lennert Buytenhek               <buytenh@gnu.org>
7  *
8  *      $Id: br_if.c,v 1.7 2001/12/24 00:59:55 davem Exp $
9  *
10  *      This program is free software; you can redistribute it and/or
11  *      modify it under the terms of the GNU General Public License
12  *      as published by the Free Software Foundation; either version
13  *      2 of the License, or (at your option) any later version.
14  */
15
16 #include <linux/kernel.h>
17 #include <linux/netdevice.h>
18 #include <linux/ethtool.h>
19 #include <linux/if_arp.h>
20 #include <linux/module.h>
21 #include <linux/init.h>
22 #include <linux/rtnetlink.h>
23 #include <linux/if_ether.h>
24 #include <net/sock.h>
25
26 #include "br_private.h"
27
28 /*
29  * Determine initial path cost based on speed.
30  * using recommendations from 802.1d standard
31  *
32  * Need to simulate user ioctl because not all device's that support
33  * ethtool, use ethtool_ops.  Also, since driver might sleep need to
34  * not be holding any locks.
35  */
36 static int port_cost(struct net_device *dev)
37 {
38         struct ethtool_cmd ecmd = { ETHTOOL_GSET };
39         struct ifreq ifr;
40         mm_segment_t old_fs;
41         int err;
42
43         strncpy(ifr.ifr_name, dev->name, IFNAMSIZ);
44         ifr.ifr_data = (void __user *) &ecmd;
45
46         old_fs = get_fs();
47         set_fs(KERNEL_DS);
48         err = dev_ethtool(&ifr);
49         set_fs(old_fs);
50         
51         if (!err) {
52                 switch(ecmd.speed) {
53                 case SPEED_100:
54                         return 19;
55                 case SPEED_1000:
56                         return 4;
57                 case SPEED_10000:
58                         return 2;
59                 case SPEED_10:
60                         return 100;
61                 }
62         }
63
64         /* Old silly heuristics based on name */
65         if (!strncmp(dev->name, "lec", 3))
66                 return 7;
67
68         if (!strncmp(dev->name, "plip", 4))
69                 return 2500;
70
71         return 100;     /* assume old 10Mbps */
72 }
73
74
75 /*
76  * Check for port carrier transistions.
77  * Called from work queue to allow for calling functions that
78  * might sleep (such as speed check), and to debounce.
79  */
80 static void port_carrier_check(void *arg)
81 {
82         struct net_bridge_port *p = arg;
83
84         rtnl_lock();
85         if (netif_carrier_ok(p->dev)) {
86                 u32 cost = port_cost(p->dev);
87
88                 spin_lock_bh(&p->br->lock);
89                 if (p->state == BR_STATE_DISABLED) {
90                         p->path_cost = cost;
91                         br_stp_enable_port(p);
92                 }
93                 spin_unlock_bh(&p->br->lock);
94         } else {
95                 spin_lock_bh(&p->br->lock);
96                 if (p->state != BR_STATE_DISABLED)
97                         br_stp_disable_port(p);
98                 spin_unlock_bh(&p->br->lock);
99         }
100         rtnl_unlock();
101 }
102
103 static void destroy_nbp(struct net_bridge_port *p)
104 {
105         struct net_device *dev = p->dev;
106
107         dev->br_port = NULL;
108         p->br = NULL;
109         p->dev = NULL;
110         dev_put(dev);
111
112         br_sysfs_freeif(p);
113 }
114
115 static void destroy_nbp_rcu(struct rcu_head *head)
116 {
117         struct net_bridge_port *p =
118                         container_of(head, struct net_bridge_port, rcu);
119         destroy_nbp(p);
120 }
121
122 /* Delete port(interface) from bridge is done in two steps.
123  * via RCU. First step, marks device as down. That deletes
124  * all the timers and stops new packets from flowing through.
125  *
126  * Final cleanup doesn't occur until after all CPU's finished
127  * processing packets.
128  *
129  * Protected from multiple admin operations by RTNL mutex
130  */
131 static void del_nbp(struct net_bridge_port *p)
132 {
133         struct net_bridge *br = p->br;
134         struct net_device *dev = p->dev;
135
136         /* Race between RTNL notify and RCU callback */
137         if (p->deleted)
138                 return;
139
140         dev_set_promiscuity(dev, -1);
141
142         cancel_delayed_work(&p->carrier_check);
143         flush_scheduled_work();
144
145         spin_lock_bh(&br->lock);
146         br_stp_disable_port(p);
147         p->deleted = 1;
148         spin_unlock_bh(&br->lock);
149
150         br_fdb_delete_by_port(br, p);
151
152         list_del_rcu(&p->list);
153
154         call_rcu(&p->rcu, destroy_nbp_rcu);
155 }
156
157 /* called with RTNL */
158 static void del_br(struct net_bridge *br)
159 {
160         struct net_bridge_port *p, *n;
161
162         list_for_each_entry_safe(p, n, &br->port_list, list) {
163                 br_sysfs_removeif(p);
164                 del_nbp(p);
165         }
166
167         del_timer_sync(&br->gc_timer);
168
169         br_sysfs_delbr(br->dev);
170         unregister_netdevice(br->dev);
171 }
172
173 static struct net_device *new_bridge_dev(const char *name)
174 {
175         struct net_bridge *br;
176         struct net_device *dev;
177
178         dev = alloc_netdev(sizeof(struct net_bridge), name,
179                            br_dev_setup);
180         
181         if (!dev)
182                 return NULL;
183
184         br = netdev_priv(dev);
185         br->dev = dev;
186
187         spin_lock_init(&br->lock);
188         INIT_LIST_HEAD(&br->port_list);
189         spin_lock_init(&br->hash_lock);
190
191         br->bridge_id.prio[0] = 0x80;
192         br->bridge_id.prio[1] = 0x00;
193         memset(br->bridge_id.addr, 0, ETH_ALEN);
194
195         br->feature_mask = dev->features;
196         br->stp_enabled = 0;
197         br->designated_root = br->bridge_id;
198         br->root_path_cost = 0;
199         br->root_port = 0;
200         br->bridge_max_age = br->max_age = 20 * HZ;
201         br->bridge_hello_time = br->hello_time = 2 * HZ;
202         br->bridge_forward_delay = br->forward_delay = 15 * HZ;
203         br->topology_change = 0;
204         br->topology_change_detected = 0;
205         br->ageing_time = 300 * HZ;
206         INIT_LIST_HEAD(&br->age_list);
207
208         br_stp_timer_init(br);
209
210         return dev;
211 }
212
213 /* find an available port number */
214 static int find_portno(struct net_bridge *br)
215 {
216         int index;
217         struct net_bridge_port *p;
218         unsigned long *inuse;
219
220         inuse = kmalloc(BITS_TO_LONGS(BR_MAX_PORTS)*sizeof(unsigned long),
221                         GFP_KERNEL);
222         if (!inuse)
223                 return -ENOMEM;
224
225         memset(inuse, 0, BITS_TO_LONGS(BR_MAX_PORTS)*sizeof(unsigned long));
226         set_bit(0, inuse);      /* zero is reserved */
227         list_for_each_entry(p, &br->port_list, list) {
228                 set_bit(p->port_no, inuse);
229         }
230         index = find_first_zero_bit(inuse, BR_MAX_PORTS);
231         kfree(inuse);
232
233         return (index >= BR_MAX_PORTS) ? -EXFULL : index;
234 }
235
236 /* called with RTNL but without bridge lock */
237 static struct net_bridge_port *new_nbp(struct net_bridge *br, 
238                                        struct net_device *dev)
239 {
240         int index;
241         struct net_bridge_port *p;
242         
243         index = find_portno(br);
244         if (index < 0)
245                 return ERR_PTR(index);
246
247         p = kmalloc(sizeof(*p), GFP_KERNEL);
248         if (p == NULL)
249                 return ERR_PTR(-ENOMEM);
250
251         memset(p, 0, sizeof(*p));
252         p->br = br;
253         dev_hold(dev);
254         p->dev = dev;
255         p->path_cost = port_cost(dev);
256         p->priority = 0x8000 >> BR_PORT_BITS;
257         dev->br_port = p;
258         p->port_no = index;
259         br_init_port(p);
260         p->state = BR_STATE_DISABLED;
261         INIT_WORK(&p->carrier_check, port_carrier_check, p);
262         kobject_init(&p->kobj);
263
264         return p;
265 }
266
267 int br_add_bridge(const char *name)
268 {
269         struct net_device *dev;
270         int ret;
271
272         dev = new_bridge_dev(name);
273         if (!dev) 
274                 return -ENOMEM;
275
276         rtnl_lock();
277         if (strchr(dev->name, '%')) {
278                 ret = dev_alloc_name(dev, dev->name);
279                 if (ret < 0)
280                         goto err1;
281         }
282
283         ret = register_netdevice(dev);
284         if (ret)
285                 goto err2;
286
287         /* network device kobject is not setup until
288          * after rtnl_unlock does it's hotplug magic.
289          * so hold reference to avoid race.
290          */
291         dev_hold(dev);
292         rtnl_unlock();
293
294         ret = br_sysfs_addbr(dev);
295         dev_put(dev);
296
297         if (ret) 
298                 unregister_netdev(dev);
299  out:
300         return ret;
301
302  err2:
303         free_netdev(dev);
304  err1:
305         rtnl_unlock();
306         goto out;
307 }
308
309 int br_del_bridge(const char *name)
310 {
311         struct net_device *dev;
312         int ret = 0;
313
314         rtnl_lock();
315         dev = __dev_get_by_name(name);
316         if (dev == NULL) 
317                 ret =  -ENXIO;  /* Could not find device */
318
319         else if (!(dev->priv_flags & IFF_EBRIDGE)) {
320                 /* Attempt to delete non bridge device! */
321                 ret = -EPERM;
322         }
323
324         else if (dev->flags & IFF_UP) {
325                 /* Not shutdown yet. */
326                 ret = -EBUSY;
327         } 
328
329         else 
330                 del_br(netdev_priv(dev));
331
332         rtnl_unlock();
333         return ret;
334 }
335
336 /* MTU of the bridge pseudo-device: ETH_DATA_LEN or the minimum of the ports */
337 int br_min_mtu(const struct net_bridge *br)
338 {
339         const struct net_bridge_port *p;
340         int mtu = 0;
341
342         ASSERT_RTNL();
343
344         if (list_empty(&br->port_list))
345                 mtu = ETH_DATA_LEN;
346         else {
347                 list_for_each_entry(p, &br->port_list, list) {
348                         if (!mtu  || p->dev->mtu < mtu)
349                                 mtu = p->dev->mtu;
350                 }
351         }
352         return mtu;
353 }
354
355 /*
356  * Recomputes features using slave's features
357  */
358 void br_features_recompute(struct net_bridge *br)
359 {
360         struct net_bridge_port *p;
361         unsigned long features, checksum;
362
363         features = br->feature_mask &~ NETIF_F_IP_CSUM;
364         checksum = br->feature_mask & NETIF_F_IP_CSUM;
365
366         list_for_each_entry(p, &br->port_list, list) {
367                 if (!(p->dev->features 
368                       & (NETIF_F_IP_CSUM|NETIF_F_NO_CSUM|NETIF_F_HW_CSUM)))
369                         checksum = 0;
370                 features &= p->dev->features;
371         }
372
373         br->dev->features = features | checksum | NETIF_F_LLTX;
374 }
375
376 /* called with RTNL */
377 int br_add_if(struct net_bridge *br, struct net_device *dev)
378 {
379         struct net_bridge_port *p;
380         int err = 0;
381
382         if (dev->flags & IFF_LOOPBACK || dev->type != ARPHRD_ETHER)
383                 return -EINVAL;
384
385         if (dev->hard_start_xmit == br_dev_xmit)
386                 return -ELOOP;
387
388         if (dev->br_port != NULL)
389                 return -EBUSY;
390
391         if (IS_ERR(p = new_nbp(br, dev)))
392                 return PTR_ERR(p);
393
394         if ((err = br_fdb_insert(br, p, dev->dev_addr)))
395                 destroy_nbp(p);
396  
397         else if ((err = br_sysfs_addif(p)))
398                 del_nbp(p);
399         else {
400                 dev_set_promiscuity(dev, 1);
401
402                 list_add_rcu(&p->list, &br->port_list);
403
404                 spin_lock_bh(&br->lock);
405                 br_stp_recalculate_bridge_id(br);
406                 br_features_recompute(br);
407                 if ((br->dev->flags & IFF_UP) 
408                     && (dev->flags & IFF_UP) && netif_carrier_ok(dev))
409                         br_stp_enable_port(p);
410                 spin_unlock_bh(&br->lock);
411
412                 dev_set_mtu(br->dev, br_min_mtu(br));
413         }
414
415         return err;
416 }
417
418 /* called with RTNL */
419 int br_del_if(struct net_bridge *br, struct net_device *dev)
420 {
421         struct net_bridge_port *p = dev->br_port;
422         
423         if (!p || p->br != br) 
424                 return -EINVAL;
425
426         br_sysfs_removeif(p);
427         del_nbp(p);
428
429         spin_lock_bh(&br->lock);
430         br_stp_recalculate_bridge_id(br);
431         br_features_recompute(br);
432         spin_unlock_bh(&br->lock);
433
434         return 0;
435 }
436
437 void __exit br_cleanup_bridges(void)
438 {
439         struct net_device *dev, *nxt;
440
441         rtnl_lock();
442         for (dev = dev_base; dev; dev = nxt) {
443                 nxt = dev->next;
444                 if (dev->priv_flags & IFF_EBRIDGE)
445                         del_br(dev->priv);
446         }
447         rtnl_unlock();
448
449 }