From 1c032d319de40e3eaf457fead60e558620005459 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Wed, 22 Nov 2023 12:16:52 +0100
Subject: [PATCH 31/68] netifd: backport bridge_isolate patches

Signed-off-by: John Crispin <john@phrozen.org>
---
 ...-bogus-debug-error-messages-on-addin.patch |  45 +++++
 ...2-wireless-add-bridge_isolate-option.patch | 190 ++++++++++++++++++
 2 files changed, 235 insertions(+)
 create mode 100644 package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
 create mode 100644 package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch

diff --git a/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch b/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
new file mode 100644
index 0000000000..3f1ef587ea
--- /dev/null
+++ b/package/network/config/netifd/patches/0001-system-linux-fix-bogus-debug-error-messages-on-addin.patch
@@ -0,0 +1,45 @@
+From 7642eaba383869cab997d2e7ffdb1b58fd536e29 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 20 Nov 2023 18:35:49 +0100
+Subject: [PATCH 1/2] system-linux: fix bogus debug error messages on adding
+ bridge members
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ system-linux.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/system-linux.c b/system-linux.c
+index cc1b5e9..96cc993 100644
+--- a/system-linux.c
++++ b/system-linux.c
+@@ -948,16 +948,19 @@ int system_bridge_addif(struct device *bridge, struct device *dev)
+ 	int tries = 0;
+ 	int ret;
+ 
+-retry:
+-	ret = 0;
+-	oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf));
+-	if (!oldbr || strcmp(oldbr, bridge->ifname) != 0) {
++
++	for (tries = 0; tries < 3; tries++) {
++		ret = 0;
++		oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf));
++		if (oldbr && !strcmp(oldbr, bridge->ifname))
++			break;
++
+ 		ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL);
+-		tries++;
++		if (!ret)
++			break;
++
+ 		D(SYSTEM, "Failed to add device '%s' to bridge '%s' (tries=%d): %s\n",
+ 		  dev->ifname, bridge->ifname, tries, strerror(errno));
+-		if (tries <= 3)
+-			goto retry;
+ 	}
+ 
+ 	if (dev->wireless)
+-- 
+2.34.1
+
diff --git a/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch b/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch
new file mode 100644
index 0000000000..2a2378ed38
--- /dev/null
+++ b/package/network/config/netifd/patches/0002-wireless-add-bridge_isolate-option.patch
@@ -0,0 +1,190 @@
+From f3e06e81b347bbdec1c6c71603328b6e442728d4 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 20 Nov 2023 19:03:06 +0100
+Subject: [PATCH 2/2] wireless: add bridge_isolate option
+
+This enables the device bridge port isolate flag
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ device.c                   |  5 +++-
+ scripts/netifd-wireless.sh |  2 ++
+ wireless.c                 | 48 +++++++++++++++++++++++++++-----------
+ wireless.h                 |  2 ++
+ 4 files changed, 42 insertions(+), 15 deletions(-)
+
+diff --git a/device.c b/device.c
+index 199622f..839f7ec 100644
+--- a/device.c
++++ b/device.c
+@@ -354,7 +354,10 @@ device_init_settings(struct device *dev, struct blob_attr **tb)
+ 	struct ether_addr *ea;
+ 	bool disabled = false;
+ 
+-	s->flags = 0;
++	if (dev->wireless)
++		s->flags &= DEV_OPT_ISOLATE;
++	else
++		s->flags = 0;
+ 	if ((cur = tb[DEV_ATTR_ENABLED]))
+ 		disabled = !blobmsg_get_bool(cur);
+ 
+diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
+index 7f088cc..5b852e0 100644
+--- a/scripts/netifd-wireless.sh
++++ b/scripts/netifd-wireless.sh
+@@ -378,10 +378,12 @@ _wdev_common_device_config() {
+ 
+ _wdev_common_iface_config() {
+ 	config_add_string mode ssid encryption 'key:wpakey'
++	config_add_boolean bridge_isolate
+ }
+ 
+ _wdev_common_vlan_config() {
+ 	config_add_string name vid iface
++	config_add_boolean bridge_isolate
+ }
+ 
+ _wdev_common_station_config() {
+diff --git a/wireless.c b/wireless.c
+index 91663e8..654c87e 100644
+--- a/wireless.c
++++ b/wireless.c
+@@ -63,6 +63,7 @@ enum {
+ 	VIF_ATTR_DISABLED,
+ 	VIF_ATTR_NETWORK,
+ 	VIF_ATTR_NETWORK_VLAN,
++	VIF_ATTR_BRIDGE_ISOLATE,
+ 	VIF_ATTR_ISOLATE,
+ 	VIF_ATTR_MODE,
+ 	VIF_ATTR_PROXYARP,
+@@ -74,6 +75,7 @@ static const struct blobmsg_policy vif_policy[__VIF_ATTR_MAX] = {
+ 	[VIF_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
+ 	[VIF_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY },
+ 	[VIF_ATTR_NETWORK_VLAN] = { .name = "network_vlan", .type = BLOBMSG_TYPE_ARRAY },
++	[VIF_ATTR_BRIDGE_ISOLATE] = { .name = "bridge_isolate", .type = BLOBMSG_TYPE_BOOL },
+ 	[VIF_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL },
+ 	[VIF_ATTR_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING },
+ 	[VIF_ATTR_PROXYARP] = { .name = "proxy_arp", .type = BLOBMSG_TYPE_BOOL },
+@@ -89,6 +91,7 @@ enum {
+ 	VLAN_ATTR_DISABLED,
+ 	VLAN_ATTR_NETWORK,
+ 	VLAN_ATTR_NETWORK_VLAN,
++	VLAN_ATTR_BRIDGE_ISOLATE,
+ 	VLAN_ATTR_ISOLATE,
+ 	VLAN_ATTR_MCAST_TO_UCAST,
+ 	__VLAN_ATTR_MAX,
+@@ -98,6 +101,7 @@ static const struct blobmsg_policy vlan_policy[__VLAN_ATTR_MAX] = {
+ 	[VLAN_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
+ 	[VLAN_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY },
+ 	[VLAN_ATTR_NETWORK_VLAN] = { .name = "network_vlan", .type = BLOBMSG_TYPE_ARRAY },
++	[VLAN_ATTR_BRIDGE_ISOLATE] = { .name = "bridge_isolate", .type = BLOBMSG_TYPE_BOOL },
+ 	[VLAN_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL },
+ 	[VLAN_ATTR_MCAST_TO_UCAST] = { .name = "multicast_to_unicast", .type = BLOBMSG_TYPE_BOOL },
+ };
+@@ -338,6 +342,7 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, const
+ 	struct interface *iface;
+ 	struct blob_attr *cur;
+ 	const char *network;
++	struct device *dev;
+ 	size_t rem;
+ 
+ 	if (!vif->network || !vif->ifname)
+@@ -346,19 +351,27 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, const
+ 	if (!ifname)
+ 		ifname = vif->ifname;
+ 
+-	if (up) {
+-		struct device *dev = __device_get(ifname, 2, false);
++	if (!up)
++		goto out;
+ 
+-		if (dev && !strcmp(ifname, vif->ifname)) {
+-			dev->wireless_isolate = vif->isolate;
+-			dev->wireless_proxyarp = vif->proxyarp;
+-			dev->wireless = true;
+-			dev->wireless_ap = vif->ap_mode;
+-			wireless_device_set_mcast_to_unicast(dev, vif->multicast_to_unicast);
+-			dev->bpdu_filter = dev->wireless_ap;
+-		}
+-	}
++	dev = __device_get(ifname, 2, false);
++	if (!dev)
++		goto out;
+ 
++	dev->wireless = true;
++	dev->settings.flags |= DEV_OPT_ISOLATE;
++	dev->settings.isolate = vif->bridge_isolate;
++
++	if (strcmp(ifname, vif->ifname) != 0)
++		goto out;
++
++	dev->wireless_isolate = vif->isolate;
++	dev->wireless_proxyarp = vif->proxyarp;
++	dev->wireless_ap = vif->ap_mode;
++	wireless_device_set_mcast_to_unicast(dev, vif->multicast_to_unicast);
++	dev->bpdu_filter = dev->wireless_ap;
++
++out:
+ 	blobmsg_for_each_attr(cur, vif->network, rem) {
+ 		network = blobmsg_data(cur);
+ 
+@@ -387,6 +400,8 @@ static void wireless_vlan_handle_link(struct wireless_vlan *vlan, bool up)
+ 			dev->wireless = true;
+ 			dev->wireless_ap = true;
+ 			dev->bpdu_filter = true;
++			dev->settings.flags |= DEV_OPT_ISOLATE;
++			dev->settings.isolate = vlan->bridge_isolate;
+ 			wireless_device_set_mcast_to_unicast(dev, vlan->multicast_to_unicast);
+ 		}
+ 	}
+@@ -834,8 +849,11 @@ wireless_interface_init_config(struct wireless_interface *vif)
+ 	cur = tb[VIF_ATTR_MODE];
+ 	vif->ap_mode = cur && !strcmp(blobmsg_get_string(cur), "ap");
+ 
++	cur = tb[VIF_ATTR_BRIDGE_ISOLATE];
++	vif->bridge_isolate = cur && blobmsg_get_bool(cur);
++
+ 	cur = tb[VIF_ATTR_ISOLATE];
+-	vif->isolate = vif->ap_mode && cur && blobmsg_get_bool(cur);
++	vif->isolate = cur && blobmsg_get_bool(cur);
+ 
+ 	cur = tb[VIF_ATTR_PROXYARP];
+ 	vif->proxyarp = vif->ap_mode && cur && blobmsg_get_bool(cur);
+@@ -912,9 +930,11 @@ wireless_vlan_init_config(struct wireless_vlan *vlan)
+ 	if ((cur = tb[VLAN_ATTR_NETWORK_VLAN]))
+ 		vlan->network_vlan = cur;
+ 
++	cur = tb[VLAN_ATTR_BRIDGE_ISOLATE];
++	vlan->bridge_isolate = cur && blobmsg_get_bool(cur);
++
+ 	cur = tb[VLAN_ATTR_ISOLATE];
+-	if (cur)
+-		vlan->isolate = blobmsg_get_bool(cur);
++	vlan->isolate = cur && blobmsg_get_bool(cur);
+ 
+ 	cur = tb[VLAN_ATTR_MCAST_TO_UCAST];
+ 	vlan->multicast_to_unicast = cur ? blobmsg_get_bool(cur) : -1;
+diff --git a/wireless.h b/wireless.h
+index f8bbd2f..7059723 100644
+--- a/wireless.h
++++ b/wireless.h
+@@ -90,6 +90,7 @@ struct wireless_interface {
+ 	struct blob_attr *network_vlan;
+ 	bool proxyarp;
+ 	bool isolate;
++	bool bridge_isolate;
+ 	bool ap_mode;
+ 	int multicast_to_unicast;
+ 	int vlan_idx;
+@@ -110,6 +111,7 @@ struct wireless_vlan {
+ 	struct blob_attr *network_vlan;
+ 	int multicast_to_unicast;
+ 	bool isolate;
++	bool bridge_isolate;
+ };
+ 
+ struct wireless_station {
+-- 
+2.34.1
+
-- 
2.34.1