1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2019, Vladimir Oltean <olteanv@gmail.com>
4 * This module is not a complete tagger implementation. It only provides
5 * primitives for taggers that rely on 802.1Q VLAN tags to use. The
6 * dsa_8021q_netdev_ops is registered for API compliance and not used
9 #include <linux/if_bridge.h>
10 #include <linux/if_vlan.h>
14 /* Binary structure of the fake 12-bit VID field (when the TPID is
17 * | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
18 * +-----------+-----+-----------------+-----------+-----------------------+
19 * | DIR | RSV | SWITCH_ID | RSV | PORT |
20 * +-----------+-----+-----------------+-----------+-----------------------+
24 * * 1 (0b01) for RX VLAN,
25 * * 2 (0b10) for TX VLAN.
26 * These values make the special VIDs of 0, 1 and 4095 to be left
27 * unused by this coding scheme.
30 * To be used for further expansion of SWITCH_ID or for other purposes.
31 * Must be transmitted as zero and ignored on receive.
33 * SWITCH_ID - VID[8:6]:
34 * Index of switch within DSA tree. Must be between 0 and
35 * DSA_MAX_SWITCHES - 1.
38 * To be used for further expansion of PORT or for other purposes.
39 * Must be transmitted as zero and ignored on receive.
42 * Index of switch port. Must be between 0 and DSA_MAX_PORTS - 1.
45 #define DSA_8021Q_DIR_SHIFT 10
46 #define DSA_8021Q_DIR_MASK GENMASK(11, 10)
47 #define DSA_8021Q_DIR(x) (((x) << DSA_8021Q_DIR_SHIFT) & \
49 #define DSA_8021Q_DIR_RX DSA_8021Q_DIR(1)
50 #define DSA_8021Q_DIR_TX DSA_8021Q_DIR(2)
52 #define DSA_8021Q_SWITCH_ID_SHIFT 6
53 #define DSA_8021Q_SWITCH_ID_MASK GENMASK(8, 6)
54 #define DSA_8021Q_SWITCH_ID(x) (((x) << DSA_8021Q_SWITCH_ID_SHIFT) & \
55 DSA_8021Q_SWITCH_ID_MASK)
57 #define DSA_8021Q_PORT_SHIFT 0
58 #define DSA_8021Q_PORT_MASK GENMASK(3, 0)
59 #define DSA_8021Q_PORT(x) (((x) << DSA_8021Q_PORT_SHIFT) & \
62 /* Returns the VID to be inserted into the frame from xmit for switch steering
63 * instructions on egress. Encodes switch ID and port ID.
65 u16 dsa_8021q_tx_vid(struct dsa_switch *ds, int port)
67 return DSA_8021Q_DIR_TX | DSA_8021Q_SWITCH_ID(ds->index) |
70 EXPORT_SYMBOL_GPL(dsa_8021q_tx_vid);
72 /* Returns the VID that will be installed as pvid for this switch port, sent as
73 * tagged egress towards the CPU port and decoded by the rcv function.
75 u16 dsa_8021q_rx_vid(struct dsa_switch *ds, int port)
77 return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) |
80 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid);
82 /* Returns the decoded switch ID from the RX VID. */
83 int dsa_8021q_rx_switch_id(u16 vid)
85 return (vid & DSA_8021Q_SWITCH_ID_MASK) >> DSA_8021Q_SWITCH_ID_SHIFT;
87 EXPORT_SYMBOL_GPL(dsa_8021q_rx_switch_id);
89 /* Returns the decoded port ID from the RX VID. */
90 int dsa_8021q_rx_source_port(u16 vid)
92 return (vid & DSA_8021Q_PORT_MASK) >> DSA_8021Q_PORT_SHIFT;
94 EXPORT_SYMBOL_GPL(dsa_8021q_rx_source_port);
96 static int dsa_8021q_restore_pvid(struct dsa_switch *ds, int port)
98 struct bridge_vlan_info vinfo;
99 struct net_device *slave;
103 if (!dsa_is_user_port(ds, port))
106 slave = ds->ports[port].slave;
108 err = br_vlan_get_pvid(slave, &pvid);
109 if (!pvid || err < 0)
110 /* There is no pvid on the bridge for this port, which is
111 * perfectly valid. Nothing to restore, bye-bye!
115 err = br_vlan_get_info(slave, pvid, &vinfo);
117 dev_err(ds->dev, "Couldn't determine PVID attributes\n");
121 return dsa_port_vid_add(&ds->ports[port], pvid, vinfo.flags);
124 /* If @enabled is true, installs @vid with @flags into the switch port's HW
126 * If @enabled is false, deletes @vid (ignores @flags) from the port. Had the
127 * user explicitly configured this @vid through the bridge core, then the @vid
128 * is installed again, but this time with the flags from the bridge layer.
130 static int dsa_8021q_vid_apply(struct dsa_switch *ds, int port, u16 vid,
131 u16 flags, bool enabled)
133 struct dsa_port *dp = &ds->ports[port];
134 struct bridge_vlan_info vinfo;
138 return dsa_port_vid_add(dp, vid, flags);
140 err = dsa_port_vid_del(dp, vid);
144 /* Nothing to restore from the bridge for a non-user port.
145 * The CPU port VLANs are restored implicitly with the user ports,
146 * similar to how the bridge does in dsa_slave_vlan_add and
147 * dsa_slave_vlan_del.
149 if (!dsa_is_user_port(ds, port))
152 err = br_vlan_get_info(dp->slave, vid, &vinfo);
153 /* Couldn't determine bridge attributes for this vid,
154 * it means the bridge had not configured it.
159 /* Restore the VID from the bridge */
160 err = dsa_port_vid_add(dp, vid, vinfo.flags);
164 vinfo.flags &= ~BRIDGE_VLAN_INFO_PVID;
166 return dsa_port_vid_add(dp->cpu_dp, vid, vinfo.flags);
169 /* RX VLAN tagging (left) and TX VLAN tagging (right) setup shown for a single
170 * front-panel switch port (here swp0).
172 * Port identification through VLAN (802.1Q) tags has different requirements
173 * for it to work effectively:
174 * - On RX (ingress from network): each front-panel port must have a pvid
175 * that uniquely identifies it, and the egress of this pvid must be tagged
176 * towards the CPU port, so that software can recover the source port based
177 * on the VID in the frame. But this would only work for standalone ports;
178 * if bridged, this VLAN setup would break autonomous forwarding and would
179 * force all switched traffic to pass through the CPU. So we must also make
180 * the other front-panel ports members of this VID we're adding, albeit
181 * we're not making it their PVID (they'll still have their own).
182 * By the way - just because we're installing the same VID in multiple
183 * switch ports doesn't mean that they'll start to talk to one another, even
184 * while not bridged: the final forwarding decision is still an AND between
185 * the L2 forwarding information (which is limiting forwarding in this case)
186 * and the VLAN-based restrictions (of which there are none in this case,
187 * since all ports are members).
188 * - On TX (ingress from CPU and towards network) we are faced with a problem.
189 * If we were to tag traffic (from within DSA) with the port's pvid, all
190 * would be well, assuming the switch ports were standalone. Frames would
191 * have no choice but to be directed towards the correct front-panel port.
192 * But because we also want the RX VLAN to not break bridging, then
193 * inevitably that means that we have to give them a choice (of what
194 * front-panel port to go out on), and therefore we cannot steer traffic
195 * based on the RX VID. So what we do is simply install one more VID on the
196 * front-panel and CPU ports, and profit off of the fact that steering will
197 * work just by virtue of the fact that there is only one other port that's
198 * a member of the VID we're tagging the traffic with - the desired one.
200 * So at the end, each front-panel port will have one RX VID (also the PVID),
201 * the RX VID of all other front-panel ports, and one TX VID. Whereas the CPU
202 * port will have the RX and TX VIDs of all front-panel ports, and on top of
203 * that, is also tagged-input and tagged-output (VLAN trunk).
206 * +-------------+-----+-------------+ +-------------+-----+-------------+
207 * | RX VID | | | | TX VID | | |
208 * | of swp0 | | | | of swp0 | | |
209 * | +-----+ | | +-----+ |
210 * | ^ T | | | Tagged |
211 * | | | | | ingress |
212 * | +-------+---+---+-------+ | | +-----------+ |
213 * | | | | | | | | Untagged |
214 * | | U v U v U v | | v egress |
215 * | +-----+ +-----+ +-----+ +-----+ | | +-----+ +-----+ +-----+ +-----+ |
216 * | | | | | | | | | | | | | | | | | | | |
217 * | |PVID | | | | | | | | | | | | | | | | | |
218 * +-+-----+-+-----+-+-----+-+-----+-+ +-+-----+-+-----+-+-----+-+-----+-+
219 * swp0 swp1 swp2 swp3 swp0 swp1 swp2 swp3
221 int dsa_port_setup_8021q_tagging(struct dsa_switch *ds, int port, bool enabled)
223 int upstream = dsa_upstream_port(ds, port);
224 u16 rx_vid = dsa_8021q_rx_vid(ds, port);
225 u16 tx_vid = dsa_8021q_tx_vid(ds, port);
228 /* The CPU port is implicitly configured by
229 * configuring the front-panel ports
231 if (!dsa_is_user_port(ds, port))
234 /* Add this user port's RX VID to the membership list of all others
235 * (including itself). This is so that bridging will not be hindered.
236 * L2 forwarding rules still take precedence when there are no VLAN
237 * restrictions, so there are no concerns about leaking traffic.
239 for (i = 0; i < ds->num_ports; i++) {
245 /* The RX VID is pvid on this port */
246 flags = BRIDGE_VLAN_INFO_UNTAGGED |
247 BRIDGE_VLAN_INFO_PVID;
249 /* The RX VID is a regular VLAN on all others */
250 flags = BRIDGE_VLAN_INFO_UNTAGGED;
252 err = dsa_8021q_vid_apply(ds, i, rx_vid, flags, enabled);
254 dev_err(ds->dev, "Failed to apply RX VID %d to port %d: %d\n",
260 /* CPU port needs to see this port's RX VID
263 err = dsa_8021q_vid_apply(ds, upstream, rx_vid, 0, enabled);
265 dev_err(ds->dev, "Failed to apply RX VID %d to port %d: %d\n",
270 /* Finally apply the TX VID on this port and on the CPU port */
271 err = dsa_8021q_vid_apply(ds, port, tx_vid, BRIDGE_VLAN_INFO_UNTAGGED,
274 dev_err(ds->dev, "Failed to apply TX VID %d on port %d: %d\n",
278 err = dsa_8021q_vid_apply(ds, upstream, tx_vid, 0, enabled);
280 dev_err(ds->dev, "Failed to apply TX VID %d on port %d: %d\n",
281 tx_vid, upstream, err);
286 err = dsa_8021q_restore_pvid(ds, port);
290 EXPORT_SYMBOL_GPL(dsa_port_setup_8021q_tagging);
292 struct sk_buff *dsa_8021q_xmit(struct sk_buff *skb, struct net_device *netdev,
295 /* skb->data points at skb_mac_header, which
296 * is fine for vlan_insert_tag.
298 return vlan_insert_tag(skb, htons(tpid), tci);
300 EXPORT_SYMBOL_GPL(dsa_8021q_xmit);
302 static const struct dsa_device_ops dsa_8021q_netdev_ops = {
304 .proto = DSA_TAG_PROTO_8021Q,
305 .overhead = VLAN_HLEN,
308 MODULE_LICENSE("GPL v2");
309 MODULE_ALIAS_DSA_TAG_DRIVER(DSA_TAG_PROTO_8021Q);
311 module_dsa_tag_driver(dsa_8021q_netdev_ops);