Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
openwrt_lede
/
target
/
linux
/
generic
/
patches-3.18
/
642-bridge_port_isolate.patch

642-bridge_port_isolate.patch 3.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. From: Felix Fietkau <nbd@nbd.name>
    2. 

  2. Subject: [PATCH] bridge: port isolate
    3. 

  3. 

  4. Isolating individual bridge ports
    5. 

  5. ---
    6. 

  6. --- a/net/bridge/br_private.h
    7. 

  7. +++ b/net/bridge/br_private.h
    8. 

  8. @@ -172,6 +172,7 @@ struct net_bridge_port
    9. 

  9.  #define BR_FLOOD		0x00000040
    10. 

  10.  #define BR_AUTO_MASK (BR_FLOOD | BR_LEARNING)
    11. 

  11.  #define BR_PROMISC		0x00000080
    12. 

  12. +#define BR_ISOLATE_MODE		0x00000100
    13. 

  13.  
    14. 

  14.  #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
    15. 

  15.  	struct bridge_mcast_own_query	ip4_own_query;
    16. 

  16. --- a/net/bridge/br_sysfs_if.c
    17. 

  17. +++ b/net/bridge/br_sysfs_if.c
    18. 

  18. @@ -171,6 +171,22 @@ BRPORT_ATTR_FLAG(root_block, BR_ROOT_BLO
    19. 

  19.  BRPORT_ATTR_FLAG(learning, BR_LEARNING);
    20. 

  20.  BRPORT_ATTR_FLAG(unicast_flood, BR_FLOOD);
    21. 

  21.  
    22. 

  22. +static ssize_t show_isolate_mode(struct net_bridge_port *p, char *buf)
    23. 

  23. +{
    24. 

  24. +	int isolate_mode = (p->flags & BR_ISOLATE_MODE) ? 1 : 0;
    25. 

  25. +	return sprintf(buf, "%d\n", isolate_mode);
    26. 

  26. +}
    27. 

  27. +static ssize_t store_isolate_mode(struct net_bridge_port *p, unsigned long v)
    28. 

  28. +{
    29. 

  29. +	if (v)
    30. 

  30. +		p->flags |= BR_ISOLATE_MODE;
    31. 

  31. +	else
    32. 

  32. +		p->flags &= ~BR_ISOLATE_MODE;
    33. 

  33. +	return 0;
    34. 

  34. +}
    35. 

  35. +static BRPORT_ATTR(isolate_mode, S_IRUGO | S_IWUSR,
    36. 

  36. +		   show_isolate_mode, store_isolate_mode);
    37. 

  37. +
    38. 

  38.  #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
    39. 

  39.  static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
    40. 

  40.  {
    41. 

  41. @@ -213,6 +229,7 @@ static const struct brport_attribute *br
    42. 

  42.  	&brport_attr_multicast_router,
    43. 

  43.  	&brport_attr_multicast_fast_leave,
    44. 

  44.  #endif
    45. 

  45. +	&brport_attr_isolate_mode,
    46. 

  46.  	NULL
    47. 

  47.  };
    48. 

  48.  
    49. 

  49. --- a/net/bridge/br_input.c
    50. 

  50. +++ b/net/bridge/br_input.c
    51. 

  51. @@ -120,8 +120,8 @@ int br_handle_frame_finish(struct sk_buf
    52. 

  52.  
    53. 

  53.  		unicast = false;
    54. 

  54.  		br->dev->stats.multicast++;
    55. 

  55. -	} else if ((dst = __br_fdb_get(br, dest, vid)) &&
    56. 

  56. -			dst->is_local) {
    57. 

  57. +	} else if ((p->flags & BR_ISOLATE_MODE) ||
    58. 

  58. +		   ((dst = __br_fdb_get(br, dest, vid)) && dst->is_local)) {
    59. 

  59.  		skb2 = skb;
    60. 

  60.  		/* Do not forward the packet since it's local. */
    61. 

  61.  		skb = NULL;
    62. 

  62. --- a/net/bridge/br_forward.c
    63. 

  63. +++ b/net/bridge/br_forward.c
    64. 

  64. @@ -117,7 +117,7 @@ EXPORT_SYMBOL_GPL(br_deliver);
    65. 

  65.  /* called with rcu_read_lock */
    66. 

  66.  void br_forward(const struct net_bridge_port *to, struct sk_buff *skb, struct sk_buff *skb0)
    67. 

  67.  {
    68. 

  68. -	if (should_deliver(to, skb)) {
    69. 

  69. +	if (should_deliver(to, skb) && !(to->flags & BR_ISOLATE_MODE)) {
    70. 

  70.  		if (skb0)
    71. 

  71.  			deliver_clone(to, skb, __br_forward);
    72. 

  72.  		else
    73. 

  73. @@ -173,7 +173,7 @@ static void br_flood(struct net_bridge *
    74. 

  74.  		     struct sk_buff *skb0,
    75. 

  75.  		     void (*__packet_hook)(const struct net_bridge_port *p,
    76. 

  76.  					   struct sk_buff *skb),
    77. 

  77. -		     bool unicast)
    78. 

  78. +		     				bool unicast, bool forward)
    79. 

  79.  {
    80. 

  80.  	struct net_bridge_port *p;
    81. 

  81.  	struct net_bridge_port *prev;
    82. 

  82. @@ -181,6 +181,8 @@ static void br_flood(struct net_bridge *
    83. 

  83.  	prev = NULL;
    84. 

  84.  
    85. 

  85.  	list_for_each_entry_rcu(p, &br->port_list, list) {
    86. 

  86. +		if (forward && (p->flags & BR_ISOLATE_MODE))
    87. 

  87. +			continue;
    88. 

  88.  		/* Do not flood unicast traffic to ports that turn it off */
    89. 

  89.  		if (unicast && !(p->flags & BR_FLOOD))
    90. 

  90.  			continue;
    91. 

  91. @@ -207,14 +209,14 @@ out:
    92. 

  92.  /* called with rcu_read_lock */
    93. 

  93.  void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast)
    94. 

  94.  {
    95. 

  95. -	br_flood(br, skb, NULL, __br_deliver, unicast);
    96. 

  96. +	br_flood(br, skb, NULL, __br_deliver, unicast, false);
    97. 

  97.  }
    98. 

  98.  
    99. 

  99.  /* called under bridge lock */
    100. 

  100.  void br_flood_forward(struct net_bridge *br, struct sk_buff *skb,
    101. 

  101.  		      struct sk_buff *skb2, bool unicast)
    102. 

  102.  {
    103. 

  103. -	br_flood(br, skb, skb2, __br_forward, unicast);
    104. 

  104. +	br_flood(br, skb, skb2, __br_forward, unicast, true);
    105. 

  105.  }
    106. 

  106.  
    107. 

  107.  #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
    108.