ramips: prevent packet forwarding on mt7620 between switch ports during init (FS...

By default, forwarding between all ports is allowed on init. This is
problematic in cases where some ports are supposed to be isolated from
each other, most commonly LAN/WAN separation.

REG_ESW_PORT_PCR(port) has a destination mask for a particular port,
controlling what other ports it is allowed to send packets to.
Instead of initializing all to 0xff (all ports), allow each physical
port to send to the CPU port, and the CPU port to send to all other
ports.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/target/linux/ramips/patches-4.4/0513-net-mediatek-add-swconfig-driver-for-gsw_mt762x.patch b/target/linux/ramips/patches-4.4/0513-net-mediatek-add-swconfig-driver-for-gsw_mt762x.patch
index 3ae5f5136355baffcc986824693d6323479621e2..4dee81d2e40f2b7b0e612983ea04f64956910e6f 100644 (file)
--- a/target/linux/ramips/patches-4.4/0513-net-mediatek-add-swconfig-driver-for-gsw_mt762x.patch
+++ b/target/linux/ramips/patches-4.4/0513-net-mediatek-add-swconfig-driver-for-gsw_mt762x.patch
@@ -61,7 +61,7 @@ Signed-off-by: John Crispin <blogic@openwrt.org>
        GSW_ATTR_ENABLE_VLAN,
 --- /dev/null
 +++ b/drivers/net/ethernet/mediatek/mt7530.c
-@@ -0,0 +1,884 @@
+@@ -0,0 +1,886 @@
 +/*
 + * This program is free software; you can redistribute it and/or
 + * modify it under the terms of the GNU General Public License
@@ -555,7 +555,9 @@ Signed-off-by: John Crispin <blogic@openwrt.org>
 +
 +      if (!priv->global_vlan_enable) {
 +              for (i = 0; i < MT7530_NUM_PORTS; i++)
-+                      mt7530_w32(priv, REG_ESW_PORT_PCR(i), 0x00ff0000);
++                      mt7530_w32(priv, REG_ESW_PORT_PCR(i), 0x00400000);
++
++              mt7530_w32(priv, REG_ESW_PORT_PCR(MT7530_CPU_PORT), 0x00ff0000);
 +
 +              for (i = 0; i < MT7530_NUM_PORTS; i++)
 +                      mt7530_w32(priv, REG_ESW_PORT_PVC(i), 0x810000c0);

diff --git a/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch b/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
index 45e320bec370b4a65e6ca6faa96bda4acac79f36..c8fbc6404c1dbcd047b1d51fa7577c2dda2423fb 100644 (file)
--- a/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
+++ b/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
@@ -1,6 +1,6 @@
 --- a/drivers/net/ethernet/mediatek/mt7530.c
 +++ b/drivers/net/ethernet/mediatek/mt7530.c
-@@ -541,6 +541,7 @@ mt7530_apply_config(struct switch_dev *d
+@@ -543,6 +543,7 @@ mt7530_apply_config(struct switch_dev *d
                u8 etags = priv->vlan_entries[i].etags;
                u32 val;
  
@@ -8,7 +8,7 @@
                /* vid of vlan */
                val = mt7530_r32(priv, REG_ESW_VLAN_VTIM(i));
                if (i % 2 == 0) {
-@@ -551,7 +552,7 @@ mt7530_apply_config(struct switch_dev *d
+@@ -553,7 +554,7 @@ mt7530_apply_config(struct switch_dev *d
                        val |= (vid << 12);
                }
                mt7530_w32(priv, REG_ESW_VLAN_VTIM(i), val);
@@ -17,7 +17,7 @@
                /* vlan port membership */
                if (member)
                        mt7530_w32(priv, REG_ESW_VLAN_VAWD1, REG_ESW_VLAN_VAWD1_IVL_MAC |
-@@ -571,7 +572,11 @@ mt7530_apply_config(struct switch_dev *d
+@@ -573,7 +574,11 @@ mt7530_apply_config(struct switch_dev *d
                mt7530_w32(priv, REG_ESW_VLAN_VAWD2, val);
  
                /* write to vlan table */