Home Explore Help
Register Sign In
OWEALs
/
netifd
mirror of https://git.openwrt.org/project/netifd.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

bridge: add support for configuring vlans for auth=1,auth_status=false

This allows detecting MAC addresses via FDB learning, or snooping
unauthenticated packets on a dedicated VLAN

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau 6 months ago
parent
cab415c7ae
commit
827a02f034
3 changed files with 16 additions and 2 deletions
Split View Show Diff Stats
  1. 7 2
      bridge.c
  2. 7 0
      device.c
  3. 2 0
      device.h

+ 7 - 2
bridge.c
View File 

@@ -571,14 +571,19 @@ bridge_member_enable_vlans(struct bridge_member *bm)
 
 	struct device *dev = bm->dev.dev;
 
 	struct bridge_vlan *vlan;
 
 
+	if (dev->settings.auth) {
 
+		bridge_hotplug_set_member_vlans(bst, dev->config_auth_vlans, bm,
 
+						!dev->auth_status, true);
 
+		bridge_hotplug_set_member_vlans(bst, dev->auth_vlans, bm,
 
+						dev->auth_status, true);
 
+	}
 
+
 
 	if (dev->settings.auth && !dev->auth_status)
 
 		return;
 
 
 	bridge_member_add_extra_vlans(bm);
 
 	vlist_for_each_element(&bst->dev.vlans, vlan, node)
 
 		bridge_set_member_vlan(bm, vlan, true);
 
-	if (dev->settings.auth && dev->auth_vlans)
 
-		bridge_hotplug_set_member_vlans(bst, dev->auth_vlans, bm, true, true);
 
 }
 
 
 static int

+ 7 - 0
device.c
View File 

@@ -63,6 +63,7 @@ static const struct blobmsg_policy dev_attrs[__DEV_ATTR_MAX] = {
 
 	[DEV_ATTR_DROP_UNSOLICITED_NA] = { .name = "drop_unsolicited_na", .type = BLOBMSG_TYPE_BOOL },
 
 	[DEV_ATTR_ARP_ACCEPT] = { .name = "arp_accept", .type = BLOBMSG_TYPE_BOOL },
 
 	[DEV_ATTR_AUTH] = { .name = "auth", .type = BLOBMSG_TYPE_BOOL },
 
+	[DEV_ATTR_AUTH_VLAN] = { .name = "auth_vlan", BLOBMSG_TYPE_ARRAY },
 
 	[DEV_ATTR_SPEED] = { .name = "speed", .type = BLOBMSG_TYPE_INT32 },
 
 	[DEV_ATTR_DUPLEX] = { .name = "duplex", .type = BLOBMSG_TYPE_BOOL },
 
 	[DEV_ATTR_VLAN] = { .name = "vlan", .type = BLOBMSG_TYPE_ARRAY },
 
@@ -542,6 +543,11 @@ device_init_settings(struct device *dev, struct blob_attr **tb)
 
 		s->autoneg = blobmsg_get_bool(cur);
 
 		s->flags |= DEV_OPT_AUTONEG;
 
 	}
 
+
 
+	cur = tb[DEV_ATTR_AUTH_VLAN];
 
+	free(dev->config_auth_vlans);
 
+	dev->config_auth_vlans = cur ? blob_memdup(cur) : NULL;
 
+
 
 	device_set_extra_vlans(dev, tb[DEV_ATTR_VLAN]);
 
 	device_set_disabled(dev, disabled);
 
 }
 
@@ -1000,6 +1006,7 @@ device_free(struct device *dev)
 
 	free(dev->auth_vlans);
 
 	free(dev->config);
 
 	device_cleanup(dev);
 
+	free(dev->config_auth_vlans);
 
 	free(dev->extra_vlan);
 
 	dev->type->free(dev);
 
 	__devlock--;

+ 2 - 0
device.h
View File 

@@ -60,6 +60,7 @@ enum {
 
 	DEV_ATTR_DROP_UNSOLICITED_NA,
 
 	DEV_ATTR_ARP_ACCEPT,
 
 	DEV_ATTR_AUTH,
 
+	DEV_ATTR_AUTH_VLAN,
 
 	DEV_ATTR_SPEED,
 
 	DEV_ATTR_DUPLEX,
 
 	DEV_ATTR_VLAN,
 
@@ -238,6 +239,7 @@ struct device {
 
 
 	struct vlist_tree vlans;
 
 	struct kvlist vlan_aliases;
 
+	struct blob_attr *config_auth_vlans;
 
 	struct blob_attr *auth_vlans;
 
 
 	char ifname[IFNAMSIZ];