tunneldigger-broker: add option to isolate bridge ports

Add new option to a config bridge section to indicate if a bridge port added to the bridge should be isolated or not. The default is 0 (no isolation). example config bridge option interface 'br-mybridge1446' option mtu '1446' option isolate '1' # default '0' Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
2023-07-29 21:50:28 +02:00 · 2023-07-29 21:50:28 +02:00 · 49cdf15da4
commit 49cdf15da4
parent ab2b1ade27
3 changed files with 43 additions and 0 deletions
--- a/net/tunneldigger-broker/files/hook-mtu-changed
+++ b/net/tunneldigger-broker/files/hook-mtu-changed
@ -21,10 +21,14 @@ if [ -z "$new_bridge" ]; then
  exit 1
 fi

+# Get the isolation option for this bridge
+tunneldigger_get_bridge_isolate isolate "${NEW_MTU}"
+
 # Remove interface from old bridge.
 ip link set dev ${INTERFACE} nomaster
 ip link set dev ${old_bridge} mtu ${OLD_MTU}

 # Change interface bridge and MTU.
 ip link set dev ${INTERFACE} master ${new_bridge} mtu ${NEW_MTU}
+echo $isolate > /sys/class/net/${INTERFACE}/brport/isolated
 ip link set dev ${new_bridge} mtu ${NEW_MTU}
--- a/net/tunneldigger-broker/files/hook-setup
+++ b/net/tunneldigger-broker/files/hook-setup
@ -13,9 +13,14 @@ if [ -z "$bridge" ]; then
  exit 1
 fi

+# Get the isolation option for this bridge
+tunneldigger_get_bridge_isolate isolate "${MTU}"
+
 # Disable IPv6 on this interface as it will be bridged.
 echo 1 > /proc/sys/net/ipv6/conf/${INTERFACE}/disable_ipv6
 # Add the interface to the proper bridge and bring it up.
 ip link set dev ${INTERFACE} master ${bridge} mtu ${MTU} up
+# Isolate the bridge port, if so configured
+echo $isolate > /sys/class/net/${INTERFACE}/brport/isolated
 # Ensure bridge MTU.
 ip link set dev ${bridge} mtu ${MTU}
--- a/net/tunneldigger-broker/files/tunneldigger.sh
+++ b/net/tunneldigger-broker/files/tunneldigger.sh
@ -34,3 +34,37 @@ tunneldigger_get_bridge() {
 	export ${NO_EXPORT:+-n} "$1=$variable"
 }

+# Get the isolation option for this bridge
+tunneldigger_get_bridge_isolate() {
+	local variable="$1"
+	local mtr="$2"
+
+        # Overwrite the destination variable.
+        unset $variable
+
+        # Discover the configured bridge.
+        unset _isolate_bridge
+        _isolate_bridge=""
+        handle_bridge() {
+                local cfg="$1"
+
+                config_get cfg_mtu "$cfg" mtu
+                config_get isolate "$cfg" isolate 0
+
+                if [ "$cfg_mtu" != "$mtu" ]; then
+                        return
+                fi
+
+                _isolate_bridge="$isolate"
+        }
+
+        config_load tunneldigger-broker
+        config_foreach handle_bridge bridge $mtu
+        if [ -z "$_isolate_bridge" ]; then
+                return
+        fi
+
+        variable="$_isolate_bridge"
+        export ${NO_EXPORT:+-n} "$1=$variable"
+
+}