From 49cdf15da458c384d6c0cd19b228e2d84ba205f4 Mon Sep 17 00:00:00 2001 From: Perry Melange Date: Sat, 29 Jul 2023 21:50:28 +0200 Subject: [PATCH] tunneldigger-broker: add option to isolate bridge ports Add new option to a config bridge section to indicate if a bridge port added to the bridge should be isolated or not. The default is 0 (no isolation). example config bridge option interface 'br-mybridge1446' option mtu '1446' option isolate '1' # default '0' Signed-off-by: Perry Melange --- .../files/hook-mtu-changed | 4 +++ net/tunneldigger-broker/files/hook-setup | 5 +++ net/tunneldigger-broker/files/tunneldigger.sh | 34 +++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/net/tunneldigger-broker/files/hook-mtu-changed b/net/tunneldigger-broker/files/hook-mtu-changed index 3cfc59a14e..9be884d66a 100755 --- a/net/tunneldigger-broker/files/hook-mtu-changed +++ b/net/tunneldigger-broker/files/hook-mtu-changed @@ -21,10 +21,14 @@ if [ -z "$new_bridge" ]; then exit 1 fi +# Get the isolation option for this bridge +tunneldigger_get_bridge_isolate isolate "${NEW_MTU}" + # Remove interface from old bridge. ip link set dev ${INTERFACE} nomaster ip link set dev ${old_bridge} mtu ${OLD_MTU} # Change interface bridge and MTU. ip link set dev ${INTERFACE} master ${new_bridge} mtu ${NEW_MTU} +echo $isolate > /sys/class/net/${INTERFACE}/brport/isolated ip link set dev ${new_bridge} mtu ${NEW_MTU} diff --git a/net/tunneldigger-broker/files/hook-setup b/net/tunneldigger-broker/files/hook-setup index ed809ad6dc..08fd177547 100755 --- a/net/tunneldigger-broker/files/hook-setup +++ b/net/tunneldigger-broker/files/hook-setup @@ -13,9 +13,14 @@ if [ -z "$bridge" ]; then exit 1 fi +# Get the isolation option for this bridge +tunneldigger_get_bridge_isolate isolate "${MTU}" + # Disable IPv6 on this interface as it will be bridged. echo 1 > /proc/sys/net/ipv6/conf/${INTERFACE}/disable_ipv6 # Add the interface to the proper bridge and bring it up. ip link set dev ${INTERFACE} master ${bridge} mtu ${MTU} up +# Isolate the bridge port, if so configured +echo $isolate > /sys/class/net/${INTERFACE}/brport/isolated # Ensure bridge MTU. ip link set dev ${bridge} mtu ${MTU} diff --git a/net/tunneldigger-broker/files/tunneldigger.sh b/net/tunneldigger-broker/files/tunneldigger.sh index 3c7b8fff84..5b492d699b 100644 --- a/net/tunneldigger-broker/files/tunneldigger.sh +++ b/net/tunneldigger-broker/files/tunneldigger.sh @@ -34,3 +34,37 @@ tunneldigger_get_bridge() { export ${NO_EXPORT:+-n} "$1=$variable" } +# Get the isolation option for this bridge +tunneldigger_get_bridge_isolate() { + local variable="$1" + local mtr="$2" + + # Overwrite the destination variable. + unset $variable + + # Discover the configured bridge. + unset _isolate_bridge + _isolate_bridge="" + handle_bridge() { + local cfg="$1" + + config_get cfg_mtu "$cfg" mtu + config_get isolate "$cfg" isolate 0 + + if [ "$cfg_mtu" != "$mtu" ]; then + return + fi + + _isolate_bridge="$isolate" + } + + config_load tunneldigger-broker + config_foreach handle_bridge bridge $mtu + if [ -z "$_isolate_bridge" ]; then + return + fi + + variable="$_isolate_bridge" + export ${NO_EXPORT:+-n} "$1=$variable" + +} -- 2.30.2