From 6b54e5471e2bf3d3893f0cc72162bd16e36a3178 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Sun, 12 Jul 2020 18:41:24 +0200 Subject: [PATCH 02/40] netifd: add bridge/vlan support Backport the vlan patches for the netifd bridge layer. Signed-off-by: John Crispin --- ...idge-allow-turning-on-vlan_filtering.patch | 93 ++++++++++ ...ridge-allow-adding-vlans-to-a-bridge.patch | 87 +++++++++ ...2-wireless-allow-adding-bridge-vlans.patch | 170 ++++++++++++++++++ 3 files changed, 350 insertions(+) create mode 100644 package/network/config/netifd/patches/0100-bridge-allow-turning-on-vlan_filtering.patch create mode 100644 package/network/config/netifd/patches/0101-bridge-allow-adding-vlans-to-a-bridge.patch create mode 100644 package/network/config/netifd/patches/0102-wireless-allow-adding-bridge-vlans.patch diff --git a/package/network/config/netifd/patches/0100-bridge-allow-turning-on-vlan_filtering.patch b/package/network/config/netifd/patches/0100-bridge-allow-turning-on-vlan_filtering.patch new file mode 100644 index 0000000000..a14368cab5 --- /dev/null +++ b/package/network/config/netifd/patches/0100-bridge-allow-turning-on-vlan_filtering.patch @@ -0,0 +1,93 @@ +From efa8f51717ce07a6764607685065b4a3f0f8c81f Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Sun, 12 Jul 2020 16:32:10 +0200 +Subject: [PATCH 100/102] bridge: allow turning on vlan_filtering + +If we want a bridge to be vlan aware we need to be able to turn on +filtering. + +Signed-off-by: John Crispin +--- + bridge.c | 6 ++++++ + system-linux.c | 6 ++++++ + system.h | 2 ++ + 3 files changed, 14 insertions(+) + +diff --git a/bridge.c b/bridge.c +index c1f4ffa..e4ec597 100644 +--- a/bridge.c ++++ b/bridge.c +@@ -38,6 +38,7 @@ enum { + BRIDGE_ATTR_QUERY_INTERVAL, + BRIDGE_ATTR_QUERY_RESPONSE_INTERVAL, + BRIDGE_ATTR_LAST_MEMBER_INTERVAL, ++ BRIDGE_ATTR_VLAN_FILTERING, + __BRIDGE_ATTR_MAX + }; + +@@ -57,6 +58,7 @@ static const struct blobmsg_policy bridge_attrs[__BRIDGE_ATTR_MAX] = { + [BRIDGE_ATTR_QUERY_INTERVAL] = { "query_interval", BLOBMSG_TYPE_INT32 }, + [BRIDGE_ATTR_QUERY_RESPONSE_INTERVAL] = { "query_response_interval", BLOBMSG_TYPE_INT32 }, + [BRIDGE_ATTR_LAST_MEMBER_INTERVAL] = { "last_member_interval", BLOBMSG_TYPE_INT32 }, ++ [BRIDGE_ATTR_VLAN_FILTERING] = { "vlan_filtering", BLOBMSG_TYPE_BOOL }, + }; + + static const struct uci_blob_param_info bridge_attr_info[__BRIDGE_ATTR_MAX] = { +@@ -577,6 +579,7 @@ bridge_apply_settings(struct bridge_state *bst, struct blob_attr **tb) + cfg->hash_max = 512; + cfg->bridge_empty = false; + cfg->priority = 0x7FFF; ++ cfg->vlan_filtering = false; + + if ((cur = tb[BRIDGE_ATTR_STP])) + cfg->stp = blobmsg_get_bool(cur); +@@ -633,6 +636,9 @@ bridge_apply_settings(struct bridge_state *bst, struct blob_attr **tb) + + if ((cur = tb[BRIDGE_ATTR_BRIDGE_EMPTY])) + cfg->bridge_empty = blobmsg_get_bool(cur); ++ ++ if ((cur = tb[BRIDGE_ATTR_VLAN_FILTERING])) ++ cfg->vlan_filtering = blobmsg_get_bool(cur); + } + + static enum dev_change_type +diff --git a/system-linux.c b/system-linux.c +index 3b09bbb..97b38e7 100644 +--- a/system-linux.c ++++ b/system-linux.c +@@ -470,6 +470,11 @@ static void system_set_sendredirects(struct device *dev, const char *val) + system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", dev->ifname, val); + } + ++static void system_bridge_set_vlan_filtering(struct device *dev, const char *val) ++{ ++ system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/vlan_filtering", dev->ifname, val); ++} ++ + static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz) + { + int fd = -1, ret = -1; +@@ -1170,6 +1175,7 @@ int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg) + system_bridge_set_forward_delay(bridge, buf); + + system_bridge_conf_multicast(bridge, cfg, buf, sizeof(buf)); ++ system_bridge_set_vlan_filtering(bridge, cfg->vlan_filtering ? "1" : "0"); + + snprintf(buf, sizeof(buf), "%d", cfg->priority); + system_bridge_set_priority(bridge, buf); +diff --git a/system.h b/system.h +index 252fd92..258b1af 100644 +--- a/system.h ++++ b/system.h +@@ -127,6 +127,8 @@ struct bridge_config { + int hello_time; + int max_age; + int hash_max; ++ ++ bool vlan_filtering; + }; + + enum macvlan_opt { +-- +2.25.1 + diff --git a/package/network/config/netifd/patches/0101-bridge-allow-adding-vlans-to-a-bridge.patch b/package/network/config/netifd/patches/0101-bridge-allow-adding-vlans-to-a-bridge.patch new file mode 100644 index 0000000000..57982001a0 --- /dev/null +++ b/package/network/config/netifd/patches/0101-bridge-allow-adding-vlans-to-a-bridge.patch @@ -0,0 +1,87 @@ +From e67eee3bda5598b2e5360c702ec064c59a1f96ec Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Sun, 12 Jul 2020 16:33:31 +0200 +Subject: [PATCH 2/3] bridge: allow adding vlans to a bridge + +Add a rtnl helper for adding vlans to a bridge interface. + +Signed-off-by: John Crispin +--- + system-linux.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + system.h | 1 + + 2 files changed, 49 insertions(+) + +diff --git a/system-linux.c b/system-linux.c +index 97b38e7..130d057 100644 +--- a/system-linux.c ++++ b/system-linux.c +@@ -854,6 +854,54 @@ int system_bridge_delif(struct device *bridge, struct device *dev) + return system_bridge_if(bridge->ifname, dev, SIOCBRDELIF, NULL); + } + ++int system_bridge_vlan(const char *iface, int pvid, int vid, int tagged, ++ int self, int add) ++{ ++ struct ifinfomsg ifi = { .ifi_family = PF_BRIDGE, }; ++ struct bridge_vlan_info vinfo = { .vid = vid, }; ++ unsigned short flags = 0; ++ struct nlattr *afspec; ++ struct nl_msg *nlm; ++ int ret = 0; ++ ++ ifi.ifi_index = if_nametoindex(iface); ++ if (!ifi.ifi_index) ++ return -1; ++ ++ nlm = nlmsg_alloc_simple(add ? RTM_SETLINK : RTM_DELLINK, NLM_F_REQUEST); ++ if (!nlm) ++ return -1; ++ ++ nlmsg_append(nlm, &ifi, sizeof(ifi), 0); ++ ++ if (self) ++ flags |= BRIDGE_FLAGS_SELF; ++ ++ if (pvid) ++ vinfo.flags |= BRIDGE_VLAN_INFO_PVID; ++ ++ if (!tagged) ++ vinfo.flags |= BRIDGE_VLAN_INFO_UNTAGGED; ++ ++ afspec = nla_nest_start(nlm, IFLA_AF_SPEC); ++ if (!afspec) { ++ ret = -ENOMEM; ++ goto failure; ++ } ++ ++ if (flags) ++ nla_put_u16(nlm, IFLA_BRIDGE_FLAGS, flags); ++ ++ nla_put(nlm, IFLA_BRIDGE_VLAN_INFO, sizeof(vinfo), &vinfo); ++ nla_nest_end(nlm, afspec); ++ ++ return system_rtnl_call(nlm); ++ ++failure: ++ nlmsg_free(nlm); ++ return ret; ++} ++ + int system_if_resolve(struct device *dev) + { + struct ifreq ifr; +diff --git a/system.h b/system.h +index 258b1af..6a7f738 100644 +--- a/system.h ++++ b/system.h +@@ -196,6 +196,7 @@ int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg); + int system_bridge_delbr(struct device *bridge); + int system_bridge_addif(struct device *bridge, struct device *dev); + int system_bridge_delif(struct device *bridge, struct device *dev); ++int system_bridge_vlan(const char *iface, int pvid, int vid, int tagged, int self, int add); + + int system_macvlan_add(struct device *macvlan, struct device *dev, struct macvlan_config *cfg); + int system_macvlan_del(struct device *macvlan); +-- +2.25.1 + diff --git a/package/network/config/netifd/patches/0102-wireless-allow-adding-bridge-vlans.patch b/package/network/config/netifd/patches/0102-wireless-allow-adding-bridge-vlans.patch new file mode 100644 index 0000000000..ac7b19761a --- /dev/null +++ b/package/network/config/netifd/patches/0102-wireless-allow-adding-bridge-vlans.patch @@ -0,0 +1,170 @@ +From 77f6eecf5e4930df950281261f94d51a43014711 Mon Sep 17 00:00:00 2001 +From: John Crispin +Date: Sun, 12 Jul 2020 17:11:10 +0200 +Subject: [PATCH 3/3] wireless: allow adding bridge vlans + +An AP/Vlan will only have a virtual 802.1q tag. Add code to make the bridge +add the define vid and take care of possibly tagging when the packet leaves +the bridge. + +Signed-off-by: John Crispin +--- + wireless.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + wireless.h | 4 ++++ + 2 files changed, 53 insertions(+) + +diff --git a/wireless.c b/wireless.c +index efb7992..0596b59 100644 +--- a/wireless.c ++++ b/wireless.c +@@ -16,6 +16,7 @@ + #include "wireless.h" + #include "handler.h" + #include "ubus.h" ++#include "system.h" + + #define WIRELESS_SETUP_RETRY 3 + +@@ -49,6 +50,8 @@ enum { + VIF_ATTR_NETWORK, + VIF_ATTR_ISOLATE, + VIF_ATTR_MODE, ++ VIF_ATTR_VID, ++ VIF_ATTR_UNTAG, + __VIF_ATTR_MAX, + }; + +@@ -57,6 +60,8 @@ static const struct blobmsg_policy vif_policy[__VIF_ATTR_MAX] = { + [VIF_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY }, + [VIF_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL }, + [VIF_ATTR_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING }, ++ [VIF_ATTR_VID] = { .name = "vid", .type = BLOBMSG_TYPE_INT32 }, ++ [VIF_ATTR_UNTAG] = { .name = "vlan_untag", .type = BLOBMSG_TYPE_BOOL }, + }; + + static const struct uci_blob_param_list vif_param = { +@@ -68,6 +73,8 @@ enum { + VLAN_ATTR_DISABLED, + VLAN_ATTR_NETWORK, + VLAN_ATTR_ISOLATE, ++ VLAN_ATTR_VID, ++ VLAN_ATTR_UNTAG, + __VLAN_ATTR_MAX, + }; + +@@ -75,6 +82,8 @@ static const struct blobmsg_policy vlan_policy[__VLAN_ATTR_MAX] = { + [VLAN_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL }, + [VLAN_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY }, + [VLAN_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL }, ++ [VLAN_ATTR_VID] = { .name = "vid", .type = BLOBMSG_TYPE_INT32 }, ++ [VLAN_ATTR_UNTAG] = { .name = "vlan_untag", .type = BLOBMSG_TYPE_BOOL }, + }; + + static const struct uci_blob_param_list vlan_param = { +@@ -313,6 +322,8 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, bool + } + + blobmsg_for_each_attr(cur, vif->network, rem) { ++ struct device *bridge; ++ + network = blobmsg_data(cur); + + iface = vlist_find(&interfaces, network, iface, node); +@@ -320,6 +331,16 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, bool + continue; + + interface_handle_link(iface, vif->ifname, up, true); ++ ++ if (!vif->vid) ++ continue; ++ ++ bridge = device_get(iface->ifname, 0); ++ if (!bridge || !bridge->type->bridge_capability) ++ continue; ++ ++ system_bridge_vlan(vif->ifname, 1, vif->vid, 0, 0, 1); ++ system_bridge_vlan(iface->ifname, 0, vif->vid, !vif->untag, 1, 1); + } + } + +@@ -343,6 +364,8 @@ static void wireless_vlan_handle_link(struct wireless_vlan *vlan, bool up) + } + + blobmsg_for_each_attr(cur, vlan->network, rem) { ++ struct device *bridge; ++ + network = blobmsg_data(cur); + + iface = vlist_find(&interfaces, network, iface, node); +@@ -350,6 +373,16 @@ static void wireless_vlan_handle_link(struct wireless_vlan *vlan, bool up) + continue; + + interface_handle_link(iface, vlan->ifname, up, true); ++ ++ if (!vlan->vid) ++ continue; ++ ++ bridge = device_get(iface->ifname, 0); ++ if (!bridge || !bridge->type->bridge_capability) ++ continue; ++ ++ system_bridge_vlan(vlan->ifname, 1, vlan->vid, 0, 0, 1); ++ system_bridge_vlan(iface->ifname, 0, vlan->vid, !vlan->untag, 1, 1); + } + } + +@@ -767,6 +800,14 @@ wireless_interface_init_config(struct wireless_interface *vif) + cur = tb[VIF_ATTR_MODE]; + if (cur) + vif->ap_mode = !strcmp(blobmsg_get_string(cur), "ap"); ++ ++ cur = tb[VIF_ATTR_UNTAG]; ++ if (cur) ++ vif->untag = blobmsg_get_bool(cur); ++ ++ cur = tb[VIF_ATTR_VID]; ++ if (cur) ++ vif->vid = blobmsg_get_u32(cur); + } + + static void +@@ -829,6 +870,14 @@ wireless_vlan_init_config(struct wireless_vlan *vlan) + cur = tb[VLAN_ATTR_ISOLATE]; + if (cur) + vlan->isolate = blobmsg_get_bool(cur); ++ ++ cur = tb[VLAN_ATTR_UNTAG]; ++ if (cur) ++ vlan->untag = blobmsg_get_bool(cur); ++ ++ cur = tb[VLAN_ATTR_VID]; ++ if (cur) ++ vlan->vid = blobmsg_get_u32(cur); + } + + static void +diff --git a/wireless.h b/wireless.h +index 5fedd20..2160451 100644 +--- a/wireless.h ++++ b/wireless.h +@@ -90,6 +90,8 @@ struct wireless_interface { + struct blob_attr *network; + bool isolate; + bool ap_mode; ++ bool untag; ++ int vid; + }; + + struct wireless_vlan { +@@ -106,6 +108,8 @@ struct wireless_vlan { + const char *ifname; + struct blob_attr *network; + bool isolate; ++ bool untag; ++ int vid; + }; + + struct wireless_station { +-- +2.25.1 + -- 2.25.1