net: bridge: add support for port isolation (7d850abd) · Commits · e / devices / android_kernel_fairphone_FP5

include/linux/if_bridge.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -50,6 +50,7 @@ struct br_ip_list {
		#define BR_VLAN_TUNNEL BIT(13)
		#define BR_BCAST_FLOOD BIT(14)
		#define BR_NEIGH_SUPPRESS BIT(15)
		#define BR_ISOLATED BIT(16)

		#define BR_DEFAULT_AGEING_TIME (300 * HZ)

include/uapi/linux/if_link.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -333,6 +333,7 @@ enum {
		IFLA_BRPORT_BCAST_FLOOD,
		IFLA_BRPORT_GROUP_FWD_MASK,
		IFLA_BRPORT_NEIGH_SUPPRESS,
		IFLA_BRPORT_ISOLATED,
		__IFLA_BRPORT_MAX
		};
		#define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)

net/bridge/br_forward.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -30,7 +30,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
		vg = nbp_vlan_group_rcu(p);
		return ((p->flags & BR_HAIRPIN_MODE) \|\| skb->dev != p->dev) &&
		br_allowed_egress(vg, skb) && p->state == BR_STATE_FORWARDING &&
		nbp_switchdev_allowed_egress(p, skb);
		nbp_switchdev_allowed_egress(p, skb) &&
		!br_skb_isolated(p, skb);
		}

		int br_dev_queue_push_xmit(struct net net, struct sock sk, struct sk_buff *skb)

net/bridge/br_input.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -114,6 +114,7 @@ int br_handle_frame_finish(struct net net, struct sock sk, struct sk_buff *skb
		goto drop;

		BR_INPUT_SKB_CB(skb)->brdev = br->dev;
		BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED);

		if (IS_ENABLED(CONFIG_INET) &&
		(skb->protocol == htons(ETH_P_ARP) \|\|

net/bridge/br_netlink.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -139,6 +139,7 @@ static inline size_t br_port_info_size(void)
		+ nla_total_size(1) /* IFLA_BRPORT_PROXYARP_WIFI */
		+ nla_total_size(1) /* IFLA_BRPORT_VLAN_TUNNEL */
		+ nla_total_size(1) /* IFLA_BRPORT_NEIGH_SUPPRESS */
		+ nla_total_size(1) /* IFLA_BRPORT_ISOLATED */
		+ nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_ROOT_ID */
		+ nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_BRIDGE_ID */
		+ nla_total_size(sizeof(u16)) /* IFLA_BRPORT_DESIGNATED_PORT */
		@@ -213,7 +214,8 @@ static int br_port_fill_attrs(struct sk_buff *skb,
		BR_VLAN_TUNNEL)) \|\|
		nla_put_u16(skb, IFLA_BRPORT_GROUP_FWD_MASK, p->group_fwd_mask) \|\|
		nla_put_u8(skb, IFLA_BRPORT_NEIGH_SUPPRESS,
		!!(p->flags & BR_NEIGH_SUPPRESS)))
		!!(p->flags & BR_NEIGH_SUPPRESS)) \|\|
		nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED)))
		return -EMSGSIZE;

		timerval = br_timer_value(&p->message_age_timer);
		@@ -660,6 +662,7 @@ static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
		[IFLA_BRPORT_VLAN_TUNNEL] = { .type = NLA_U8 },
		[IFLA_BRPORT_GROUP_FWD_MASK] = { .type = NLA_U16 },
		[IFLA_BRPORT_NEIGH_SUPPRESS] = { .type = NLA_U8 },
		[IFLA_BRPORT_ISOLATED] = { .type = NLA_U8 },
		};

		/* Change the state of the port and notify spanning tree */
		@@ -810,6 +813,10 @@ static int br_setport(struct net_bridge_port p, struct nlattr tb[])
		if (err)
		return err;

		err = br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED);
		if (err)
		return err;

		br_port_flags_change(p, old_flags ^ p->flags);
		return 0;
		}