diff options
| author | Felix Fietkau | 2023-11-03 06:58:59 +0000 |
|---|---|---|
| committer | Felix Fietkau | 2023-11-03 06:59:01 +0000 |
| commit | 827a02f0343c58d3efc3ba3b381ed8de392f71fc (patch) | |
| tree | 016e5d4442f36ef0763a425d0c64fb46b75fc11f | |
| parent | cab415c7aefd11f1eec61b6e975728780be4cfaa (diff) | |
| download | netifd-827a02f0343c58d3efc3ba3b381ed8de392f71fc.tar.gz | |
bridge: add support for configuring vlans for auth=1,auth_status=false
This allows detecting MAC addresses via FDB learning, or snooping
unauthenticated packets on a dedicated VLAN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
| -rw-r--r-- | bridge.c | 9 | ||||
| -rw-r--r-- | device.c | 7 | ||||
| -rw-r--r-- | device.h | 2 |
3 files changed, 16 insertions, 2 deletions
@@ -571,14 +571,19 @@ bridge_member_enable_vlans(struct bridge_member *bm) struct device *dev = bm->dev.dev; struct bridge_vlan *vlan; + if (dev->settings.auth) { + bridge_hotplug_set_member_vlans(bst, dev->config_auth_vlans, bm, + !dev->auth_status, true); + bridge_hotplug_set_member_vlans(bst, dev->auth_vlans, bm, + dev->auth_status, true); + } + if (dev->settings.auth && !dev->auth_status) return; bridge_member_add_extra_vlans(bm); vlist_for_each_element(&bst->dev.vlans, vlan, node) bridge_set_member_vlan(bm, vlan, true); - if (dev->settings.auth && dev->auth_vlans) - bridge_hotplug_set_member_vlans(bst, dev->auth_vlans, bm, true, true); } static int @@ -63,6 +63,7 @@ static const struct blobmsg_policy dev_attrs[__DEV_ATTR_MAX] = { [DEV_ATTR_DROP_UNSOLICITED_NA] = { .name = "drop_unsolicited_na", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_ARP_ACCEPT] = { .name = "arp_accept", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_AUTH] = { .name = "auth", .type = BLOBMSG_TYPE_BOOL }, + [DEV_ATTR_AUTH_VLAN] = { .name = "auth_vlan", BLOBMSG_TYPE_ARRAY }, [DEV_ATTR_SPEED] = { .name = "speed", .type = BLOBMSG_TYPE_INT32 }, [DEV_ATTR_DUPLEX] = { .name = "duplex", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_VLAN] = { .name = "vlan", .type = BLOBMSG_TYPE_ARRAY }, @@ -542,6 +543,11 @@ device_init_settings(struct device *dev, struct blob_attr **tb) s->autoneg = blobmsg_get_bool(cur); s->flags |= DEV_OPT_AUTONEG; } + + cur = tb[DEV_ATTR_AUTH_VLAN]; + free(dev->config_auth_vlans); + dev->config_auth_vlans = cur ? blob_memdup(cur) : NULL; + device_set_extra_vlans(dev, tb[DEV_ATTR_VLAN]); device_set_disabled(dev, disabled); } @@ -1000,6 +1006,7 @@ device_free(struct device *dev) free(dev->auth_vlans); free(dev->config); device_cleanup(dev); + free(dev->config_auth_vlans); free(dev->extra_vlan); dev->type->free(dev); __devlock--; @@ -60,6 +60,7 @@ enum { DEV_ATTR_DROP_UNSOLICITED_NA, DEV_ATTR_ARP_ACCEPT, DEV_ATTR_AUTH, + DEV_ATTR_AUTH_VLAN, DEV_ATTR_SPEED, DEV_ATTR_DUPLEX, DEV_ATTR_VLAN, @@ -238,6 +239,7 @@ struct device { struct vlist_tree vlans; struct kvlist vlan_aliases; + struct blob_attr *config_auth_vlans; struct blob_attr *auth_vlans; char ifname[IFNAMSIZ]; |