bridge: add support for isolated option

This patch adds support for the new isolated port option which, if set,
would allow the isolated ports to communicate only with non-isolated
ports and the bridge device. The option can be set via the bridge or ip
link type bridge_slave commands, e.g.:
$ ip link set dev eth0 type bridge_slave isolated on
$ bridge link set dev eth0 isolated on

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>

diff --git a/bridge/link.c b/bridge/link.c
index 8d89aca2e6381ddf4d95b119e94df38c2e36e150..9656ca338782aa1f2da1d580bdf7b96d74602d4e 100644 (file)
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -152,6 +152,9 @@ static void print_protinfo(FILE *fp, struct rtattr *attr)
                if (prtb[IFLA_BRPORT_VLAN_TUNNEL])
                        print_onoff(fp, "vlan_tunnel",
                                    rta_getattr_u8(prtb[IFLA_BRPORT_VLAN_TUNNEL]));
+               if (prtb[IFLA_BRPORT_ISOLATED])
+                       print_onoff(fp, "isolated",
+                                   rta_getattr_u8(prtb[IFLA_BRPORT_ISOLATED]));
        } else
                print_portstate(rta_getattr_u8(attr));
 }
@@ -250,6 +253,7 @@ static void usage(void)
        fprintf(stderr, "                               [ mcast_flood {on | off} ]\n");
        fprintf(stderr, "                               [ neigh_suppress {on | off} ]\n");
        fprintf(stderr, "                               [ vlan_tunnel {on | off} ]\n");
+       fprintf(stderr, "                               [ isolated {on | off} ]\n");
        fprintf(stderr, "                               [ hwmode {vepa | veb} ]\n");
        fprintf(stderr, "                               [ self ] [ master ]\n");
        fprintf(stderr, "       bridge link show [dev DEV]\n");
@@ -291,6 +295,7 @@ static int brlink_modify(int argc, char **argv)
        __s8 flood = -1;
        __s8 vlan_tunnel = -1;
        __s8 mcast_flood = -1;
+       __s8 isolated = -1;
        __s8 hairpin = -1;
        __s8 bpdu_guard = -1;
        __s8 fast_leave = -1;
@@ -386,6 +391,10 @@ static int brlink_modify(int argc, char **argv)
                        if (!on_off("vlan_tunnel", &vlan_tunnel,
                                    *argv))
                                return -1;
+               } else if (strcmp(*argv, "isolated") == 0) {
+                       NEXT_ARG();
+                       if (!on_off("isolated", &isolated, *argv))
+                               return -1;
                } else {
                        usage();
                }
@@ -444,6 +453,8 @@ static int brlink_modify(int argc, char **argv)
        if (vlan_tunnel != -1)
                addattr8(&req.n, sizeof(req), IFLA_BRPORT_VLAN_TUNNEL,
                         vlan_tunnel);
+       if (isolated != -1)
+               addattr8(&req.n, sizeof(req), IFLA_BRPORT_ISOLATED, isolated);
 
        addattr_nest_end(&req.n, nest);
 

diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index 3fbfb878cdc4f40ed952d573acc7d41d3e79242d..5a6e4855978170c61e97ce76eaa02d8df470b7a2 100644 (file)
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -40,6 +40,7 @@ static void print_explain(FILE *f)
                "                        [ group_fwd_mask MASK ]\n"
                "                        [ neigh_suppress {on | off} ]\n"
                "                        [ vlan_tunnel {on | off} ]\n"
+               "                        [ isolated {on | off} ]\n"
        );
 }
 
@@ -274,6 +275,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f,
        if (tb[IFLA_BRPORT_VLAN_TUNNEL])
                _print_onoff(f, "vlan_tunnel", "vlan_tunnel",
                             rta_getattr_u8(tb[IFLA_BRPORT_VLAN_TUNNEL]));
+
+       if (tb[IFLA_BRPORT_ISOLATED])
+               _print_onoff(f, "isolated", "isolated",
+                            rta_getattr_u8(tb[IFLA_BRPORT_ISOLATED]));
 }
 
 static void bridge_slave_parse_on_off(char *arg_name, char *arg_val,
@@ -379,6 +384,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv,
                        NEXT_ARG();
                        bridge_slave_parse_on_off("vlan_tunnel", *argv, n,
                                                  IFLA_BRPORT_VLAN_TUNNEL);
+               } else if (matches(*argv, "isolated") == 0) {
+                       NEXT_ARG();
+                       bridge_slave_parse_on_off("isolated", *argv, n,
+                                                 IFLA_BRPORT_ISOLATED);
                } else if (matches(*argv, "help") == 0) {
                        explain();
                        return -1;

diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index e7f7148315e19ddfb356839524c29976ef661715..f6d228c5ebfe77805b58b09a0e75afe9d2a53cae 100644 (file)
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -48,6 +48,7 @@ bridge \- show / manipulate bridge addresses and devices
 .BR mcast_flood " { " on " | " off " } ] [ "
 .BR neigh_suppress " { " on " | " off " } ] [ "
 .BR vlan_tunnel " { " on " | " off " } ] [ "
+.BR isolated " { " on " | " off " } ] [ "
 .BR self " ] [ " master " ]"
 
 .ti -8
@@ -345,6 +346,11 @@ Controls whether neigh discovery (arp and nd) proxy and suppression is enabled o
 .BR "vlan_tunnel on " or " vlan_tunnel off "
 Controls whether vlan to tunnel mapping is enabled on the port. By default this flag is off.
 
+.TP
+.BR "isolated on " or " isolated off "
+Controls whether a given port will be isolated, which means it will be able to communicate with non-isolated ports only.
+By default this flag is off.
+
 .TP
 .BI self
 link setting is configured on specified physical device

diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index fd2c1071c3314acebddb9a116fac38e0ce160d85..38e4ee684c2ba0628565cf2b432bcd38e5ed1c29 100644 (file)
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -2068,9 +2068,11 @@ the following additional arguments are supported:
 ] [
 .BR group_fwd_mask " MASK"
 ] [
-.BR neigh_suppress " { " on " | " off " } ]"
+.BR neigh_suppress " { " on " | " off " }"
+] [
+.BR vlan_tunnel " { " on " | " off " }"
 ] [
-.BR vlan_tunnel " { " on " | " off " } ]"
+.BR isolated " { " on " | " off " } ]"
 
 .in +8
 .sp