net: add generic PF_BRIDGE:RTM_ FDB hooks

This adds two new flags NTF_MASTER and NTF_SELF that can
now be used to specify where PF_BRIDGE netlink commands should
be sent. NTF_MASTER sends the commands to the 'dev->master'
device for parsing. Typically this will be the linux net/bridge,
or open-vswitch devices. Also without any flags set the command
will be handled by the master device as well so that current user
space tools continue to work as expected.

The NTF_SELF flag will push the PF_BRIDGE commands to the
device. In the basic example below the commands are then parsed
and programmed in the embedded bridge.

Note if both NTF_SELF and NTF_MASTER bits are set then the
command will be sent to both 'dev->master' and 'dev' this allows
user space to easily keep the embedded bridge and software bridge
in sync.

There is a slight complication in the case with both flags set
when an error occurs. To resolve this the rtnl handler clears
the NTF_ flag in the netlink ack to indicate which sets completed
successfully. The add/del handlers will abort as soon as any
error occurs.

To support this new net device ops were added to call into
the device and the existing bridging code was refactored
to use these. There should be no required changes in user space
to support the current bridge behavior.

A basic setup with a SR-IOV enabled NIC looks like this,

          veth0  veth2
            |      |
          ------------
          |  bridge0 |   <---- software bridging
          ------------
               /
               /
  ethx.y      ethx
    VF         PF
     \         \          <---- propagate FDB entries to HW
     \         \
  --------------------
  |  Embedded Bridge |    <---- hardware offloaded switching
  --------------------

In this case the embedded bridge must be managed to allow 'veth0'
to communicate with 'ethx.y' correctly. At present drivers managing
the embedded bridge either send frames onto the network which
then get dropped by the switch OR the embedded bridge will flood
these frames. With this patch we have a mechanism to manage the
embedded bridge correctly from user space. This example is specific
to SR-IOV but replacing the VF with another PF or dropping this
into the DSA framework generates similar management issues.

Examples session using the 'br'[1] tool to add, dump and then
delete a mac address with a new "embedded" option and enabled
ixgbe driver:

# br fdb add 22:35:19:ac:60:59 dev eth3
# br fdb
port    mac addr                flags
veth0   22:35:19:ac:60:58       static
veth0   9a:5f:81:f7:f6:ec       local
eth3    00:1b:21:55:23:59       local
eth3    22:35:19:ac:60:59       static
veth0   22:35:19:ac:60:57       static
#br fdb add 22:35:19:ac:60:59 embedded dev eth3
#br fdb
port    mac addr                flags
veth0   22:35:19:ac:60:58       static
veth0   9a:5f:81:f7:f6:ec       local
eth3    00:1b:21:55:23:59       local
eth3    22:35:19:ac:60:59       static
veth0   22:35:19:ac:60:57       static
eth3    22:35:19:ac:60:59       local embedded
#br fdb del 22:35:19:ac:60:59 embedded dev eth3

I added a couple lines to 'br' to set the flags correctly is all. It
is my opinion that the merit of this patch is now embedded and SW
bridges can both be modeled correctly in user space using very nearly
the same message passing.

[1] 'br' tool was published as an RFC here and will be renamed 'bridge'
    http://patchwork.ozlabs.org/patch/117664/

Thanks to Jamal Hadi Salim, Stephen Hemminger and Ben Hutchings for
valuable feedback, suggestions, and review.

v2: fixed api descriptions and error case with both NTF_SELF and
    NTF_MASTER set plus updated patch description.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 152 insertions, 0 deletions

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2ff6fe4bada4..b348b7fbf53a 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -35,7 +35,9 @@
 #include <linux/security.h>
 #include <linux/mutex.h>
 #include <linux/if_addr.h>
+#include <linux/if_bridge.h>
 #include <linux/pci.h>
+#include <linux/etherdevice.h>
 
 #include <asm/uaccess.h>
 
@@ -1978,6 +1980,152 @@ errout:
                 rtnl_set_sk_err(net, RTNLGRP_LINK, err);
 }
 
+static int rtnl_fdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
+{
+        struct net *net = sock_net(skb->sk);
+        struct net_device *master = NULL;
+        struct ndmsg *ndm;
+        struct nlattr *tb[NDA_MAX+1];
+        struct net_device *dev;
+        u8 *addr;
+        int err;
+
+        err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
+        if (err < 0)
+                return err;
+
+        ndm = nlmsg_data(nlh);
+        if (ndm->ndm_ifindex == 0) {
+                pr_info("PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex\n");
+                return -EINVAL;
+        }
+
+        dev = __dev_get_by_index(net, ndm->ndm_ifindex);
+        if (dev == NULL) {
+                pr_info("PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex\n");
+                return -ENODEV;
+        }
+
+        if (!tb[NDA_LLADDR] || nla_len(tb[NDA_LLADDR]) != ETH_ALEN) {
+                pr_info("PF_BRIDGE: RTM_NEWNEIGH with invalid address\n");
+                return -EINVAL;
+        }
+
+        addr = nla_data(tb[NDA_LLADDR]);
+        if (!is_valid_ether_addr(addr)) {
+                pr_info("PF_BRIDGE: RTM_NEWNEIGH with invalid ether address\n");
+                return -EINVAL;
+        }
+
+        err = -EOPNOTSUPP;
+
+        /* Support fdb on master device the net/bridge default case */
+        if ((!ndm->ndm_flags || ndm->ndm_flags & NTF_MASTER) &&
+            (dev->priv_flags & IFF_BRIDGE_PORT)) {
+                master = dev->master;
+                err = master->netdev_ops->ndo_fdb_add(ndm, dev, addr,
+                                                      nlh->nlmsg_flags);
+                if (err)
+                        goto out;
+                else
+                        ndm->ndm_flags &= ~NTF_MASTER;
+        }
+
+        /* Embedded bridge, macvlan, and any other device support */
+        if ((ndm->ndm_flags & NTF_SELF) && dev->netdev_ops->ndo_fdb_add) {
+                err = dev->netdev_ops->ndo_fdb_add(ndm, dev, addr,
+                                                   nlh->nlmsg_flags);
+
+                if (!err)
+                        ndm->ndm_flags &= ~NTF_SELF;
+        }
+out:
+        return err;
+}
+
+static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
+{
+        struct net *net = sock_net(skb->sk);
+        struct ndmsg *ndm;
+        struct nlattr *llattr;
+        struct net_device *dev;
+        int err = -EINVAL;
+        __u8 *addr;
+
+        if (nlmsg_len(nlh) < sizeof(*ndm))
+                return -EINVAL;
+
+        ndm = nlmsg_data(nlh);
+        if (ndm->ndm_ifindex == 0) {
+                pr_info("PF_BRIDGE: RTM_DELNEIGH with invalid ifindex\n");
+                return -EINVAL;
+        }
+
+        dev = __dev_get_by_index(net, ndm->ndm_ifindex);
+        if (dev == NULL) {
+                pr_info("PF_BRIDGE: RTM_DELNEIGH with unknown ifindex\n");
+                return -ENODEV;
+        }
+
+        llattr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_LLADDR);
+        if (llattr == NULL || nla_len(llattr) != ETH_ALEN) {
+                pr_info("PF_BRIGDE: RTM_DELNEIGH with invalid address\n");
+                return -EINVAL;
+        }
+
+        addr = nla_data(llattr);
+        err = -EOPNOTSUPP;
+
+        /* Support fdb on master device the net/bridge default case */
+        if ((!ndm->ndm_flags || ndm->ndm_flags & NTF_MASTER) &&
+            (dev->priv_flags & IFF_BRIDGE_PORT)) {
+                struct net_device *master = dev->master;
+
+                if (master->netdev_ops->ndo_fdb_del)
+                        err = master->netdev_ops->ndo_fdb_del(ndm, dev, addr);
+
+                if (err)
+                        goto out;
+                else
+                        ndm->ndm_flags &= ~NTF_MASTER;
+        }
+
+        /* Embedded bridge, macvlan, and any other device support */
+        if ((ndm->ndm_flags & NTF_SELF) && dev->netdev_ops->ndo_fdb_del) {
+                err = dev->netdev_ops->ndo_fdb_del(ndm, dev, addr);
+
+                if (!err)
+                        ndm->ndm_flags &= ~NTF_SELF;
+        }
+out:
+        return err;
+}
+
+static int rtnl_fdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
+{
+        int idx = 0;
+        struct net *net = sock_net(skb->sk);
+        struct net_device *dev;
+
+        rcu_read_lock();
+        for_each_netdev_rcu(net, dev) {
+                if (dev->priv_flags & IFF_BRIDGE_PORT) {
+                        struct net_device *master = dev->master;
+                        const struct net_device_ops *ops = master->netdev_ops;
+
+                        if (ops->ndo_fdb_dump)
+                                idx = ops->ndo_fdb_dump(skb, cb, dev, idx);
+                }
+
+                if (dev->netdev_ops->ndo_fdb_dump)
+                        idx = dev->netdev_ops->ndo_fdb_dump(skb, cb, dev, idx);
+        }
+        rcu_read_unlock();
+
+        cb->args[0] = idx;
+        return skb->len;
+}
+
 /* Protected by RTNL sempahore.  */
 static struct rtattr **rta_buf;
 static int rtattr_max;
@@ -2150,5 +2298,9 @@ void __init rtnetlink_init(void)
 
         rtnl_register(PF_UNSPEC, RTM_GETADDR, NULL, rtnl_dump_all, NULL);
         rtnl_register(PF_UNSPEC, RTM_GETROUTE, NULL, rtnl_dump_all, NULL);
+
+        rtnl_register(PF_BRIDGE, RTM_NEWNEIGH, rtnl_fdb_add, NULL, NULL);
+        rtnl_register(PF_BRIDGE, RTM_DELNEIGH, rtnl_fdb_del, NULL, NULL);
+        rtnl_register(PF_BRIDGE, RTM_GETNEIGH, NULL, rtnl_fdb_dump, NULL);
 }