Commit cc1939e4 authored May 05, 2019 by Vladimir Oltean Committed by David S. Miller May 05, 2019

net: dsa: Allow drivers to filter packets they can decode source port from

Frames get processed by DSA and redirected to switch port net devices
based on the ETH_P_XDSA multiplexed packet_type handler found by the
network stack when calling eth_type_trans().

The running assumption is that once the DSA .rcv function is called, DSA
is always able to decode the switch tag in order to change the skb->dev
from its master.

However there are tagging protocols (such as the new DSA_TAG_PROTO_SJA1105,
user of DSA_TAG_PROTO_8021Q) where this assumption is not completely
true, since switch tagging piggybacks on the absence of a vlan_filtering
bridge. Moreover, management traffic (BPDU, PTP) for this switch doesn't
rely on switch tagging, but on a different mechanism. So it would make
sense to at least be able to terminate that.

Having DSA receive traffic it can't decode would put it in an impossible
situation: the eth_type_trans() function would invoke the DSA .rcv(),
which could not change skb->dev, then eth_type_trans() would be invoked
again, which again would call the DSA .rcv, and the packet would never
be able to exit the DSA filter and would spiral in a loop until the
whole system dies.

This happens because eth_type_trans() doesn't actually look at the skb
(so as to identify a potential tag) when it deems it as being
ETH_P_XDSA. It just checks whether skb->dev has a DSA private pointer
installed (therefore it's a DSA master) and that there exists a .rcv
callback (everybody except DSA_TAG_PROTO_NONE has that). This is
understandable as there are many switch tags out there, and exhaustively
checking for all of them is far from ideal.

The solution lies in introducing a filtering function for each tagging
protocol. In the absence of a filtering function, all traffic is passed
to the .rcv DSA callback. The tagging protocol should see the filtering
function as a pre-validation that it can decode the incoming skb. The
traffic that doesn't match the filter will bypass the DSA .rcv callback
and be left on the master netdevice, which wasn't previously possible.

Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent f9bbe447

include/net/dsa.h

+15 −0

Original line number	Diff line number	Diff line
		@@ -69,6 +69,11 @@ struct dsa_device_ops {
		struct packet_type *pt);
		int (flow_dissect)(const struct sk_buff skb, __be16 *proto,
		int *offset);
		/* Used to determine which traffic should match the DSA filter in
		* eth_type_trans, and which, if any, should bypass it and be processed
		* as regular on the master net device.
		*/
		bool (filter)(const struct sk_buff skb, struct net_device *dev);
		unsigned int overhead;
		const char *name;
		enum dsa_tag_protocol proto;
		@@ -148,6 +153,7 @@ struct dsa_port {
		struct dsa_switch_tree *dst;
		struct sk_buff (rcv)(struct sk_buff skb, struct net_device dev,
		struct packet_type *pt);
		bool (filter)(const struct sk_buff skb, struct net_device *dev);

		enum {
		DSA_PORT_TYPE_UNUSED = 0,
		@@ -520,6 +526,15 @@ static inline bool netdev_uses_dsa(struct net_device *dev)
		return false;
		}

		static inline bool dsa_can_decode(const struct sk_buff *skb,
		struct net_device *dev)
		{
		#if IS_ENABLED(CONFIG_NET_DSA)
		return !dev->dsa_ptr->filter \|\| dev->dsa_ptr->filter(skb, dev);
		#endif
		return false;
		}

		struct dsa_switch dsa_switch_alloc(struct device dev, size_t n);
		void dsa_unregister_switch(struct dsa_switch *ds);
		int dsa_register_switch(struct dsa_switch *ds);

net/dsa/dsa2.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -586,6 +586,7 @@ static int dsa_port_parse_cpu(struct dsa_port dp, struct net_device master)
		}

		dp->type = DSA_PORT_TYPE_CPU;
		dp->filter = tag_ops->filter;
		dp->rcv = tag_ops->rcv;
		dp->tag_ops = tag_ops;
		dp->master = master;

net/ethernet/eth.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -185,8 +185,12 @@ __be16 eth_type_trans(struct sk_buff skb, struct net_device dev)
		* at all, so we check here whether one of those tagging
		* variants has been configured on the receiving interface,
		* and if so, set skb->protocol without looking at the packet.
		* The DSA tagging protocol may be able to decode some but not all
		* traffic (for example only for management). In that case give it the
		* option to filter the packets from which it can decode source port
		* information.
		*/
		if (unlikely(netdev_uses_dsa(dev)))
		if (unlikely(netdev_uses_dsa(dev)) && dsa_can_decode(skb, dev))
		return htons(ETH_P_XDSA);

		if (likely(eth_proto_is_802_3(eth->h_proto)))

Admin message