From patchwork Tue Jul 7 20:10:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jo-Philipp Wich X-Patchwork-Id: 1324705 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mein.io Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=Zg0iXZKi; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B1YWr24lnz9sSn for ; Wed, 8 Jul 2020 06:12:39 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=U+PwJtxNWd/QU6oAU5HB7PnLxVfLrSiOX32DIGztrSU=; b=Zg0iXZKi5K7SAqX1PHAb5BK/0v k7MHCU+4zxs7F8hZ0JQX9VE7nTzVXu525q1XlBOtk/AapkNE2zx7PT0LdzICIDTNQVOV+zxyhSPsM N/FRdegeJPuzGR0IZQvxPAQ75TWCVMhvYXg6itRQmS4yPksgfl8+vtyY0lCfdRymzM/Ms0lwaBAWB RWuIr5WPPbL3cj1DHcgkaklh8WYSInaDwHZittz2NFSHey7tcax23urWZ9eehEFxXPioD2XHa85JX NG/CzyJ8LoMscNuCeow0A6OhSq/7OOTQ2tueWa5cEA3cuLbIv8NrdceV7tYVtArtgG91ShF1BduZe QUSlMScg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jstvO-0008E4-G2; Tue, 07 Jul 2020 20:10:42 +0000 Received: from mxout01.bytecamp.net ([212.204.60.217]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jstvK-0008DL-NM for openwrt-devel@lists.openwrt.org; Tue, 07 Jul 2020 20:10:39 +0000 Received: by mxout01.bytecamp.net (Postfix, from userid 1001) id 4AD741674F; Tue, 7 Jul 2020 22:10:37 +0200 (CEST) Received: from mail.bytecamp.net (mail.bytecamp.net [212.204.60.9]) by mxout01.bytecamp.net (Postfix) with ESMTP id 10B031674C for ; Tue, 7 Jul 2020 22:10:37 +0200 (CEST) Received: (qmail 21693 invoked from network); 7 Jul 2020 22:10:36 +0200 Received: from unknown (HELO j7.lan) (jo%wwsnet.net@95.90.37.230) by mail.bytecamp.net with ESMTPS (DHE-RSA-AES128-GCM-SHA256 encrypted); 7 Jul 2020 22:10:36 +0200 From: Jo-Philipp Wich To: openwrt-devel@lists.openwrt.org Subject: [RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules Date: Tue, 7 Jul 2020 22:10:34 +0200 Message-Id: <20200707201035.751527-1-jo@mein.io> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200707_161039_015044_D7B0311D X-CRM114-Status: GOOD ( 16.36 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [212.204.60.217 listed in list.dnswl.org] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [212.204.60.217 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jo-Philipp Wich Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This patch series introduces a new package "dsaconfig" which provides the necessary logic to allow configuration of bridge vlan filter rules for DSA switches. While well supported DSA switches can be programmed by solely bridging per-port netdevices together, explicit bridge VLAN filter rules are needed for more complex scenarios or for DSA switches that do not support a tagging protocol. The UCI configuration interpreted by the dsaconfig package closely follows the structure and semantics of the legacy swconfig architecture, honouring "dsa", "dsa_vlan" and "dsa_port" sections within the /etc/config/network file. The only difference compared to swconfig is that "dsa" sections are optional and that the syntax of ports within the "dsa_vlan" section differs, instead of ?, e.g. "0t", "1u" or "2", it is now (.)?, e.g. "wan.u", "lan1.t" or "lan2". The dsaconfig package will spawn a bridge device named "switchN" for each DSA switch, where N denotes the number of the switch. In contrast to swconfig, interfaces do not use the CPU port to target VLAN port groups on the switch but reference a VLAN on top of the switch, e.g. "option ifname switch0.1" to use the VLAN 1 port group on the first DSA switch. A complete configuration example for a simple LAN/WAN setup might look like below. Note that this configuration should be equivalent to just bridging lan1..lan4 without any VLAN filter rules. -- 8< -- config dsa_vlan option vlan 1 option ports 'lan1 lan2 lan3 lan4' config dsa_vlan option vlan 2 option ports 'wan' config interface lan option ifname switch0.1 option proto static option ipaddr 192.168.1.1/24 config interface wan option ifname switch0.2 option proto dhcp -- >8 -- A slightly more complex example that uses multiple tagged VLANs on different ports would look like this: -- 8< -- config dsa switch0 ## Override CPU port. Normally it is auto-discovered. #option cpu_port eth0 config dsa_vlan ## Specify the switch this vlan belongs to. ## If there is only one switch on the system, it may be omitted. #option device switch0 option vlan 1 option ports 'lan1 lan2.t' config dsa_vlan #option device switch0 option vlan 2 option ports 'wan' config dsa_vlan #option device switch0 option vlan 5 option ports 'lan2.t lan3' config dsa_vlan #option device switch0 option vlan 8 option ports 'lan2.t lan4' config dsa_vlan #option device switch0 option vlan 11 option ports 'lan2.t lan4.t' config dsa_port #option device switch0 option port lan2 ## By default, the port PVID is set to the ID of the first ## untagged VLAN the port is member of. It can be overriden here. option pvid 5 config interface lan option type bridge option ifname 'switch0.1 wlan0' option proto static option ipaddr 192.168.1.1/24 config interface wan option ifname switch0.2 option proto dhcp config interface vlan5 option ifname switch0.5 option proto static option ipaddr 10.255.5.1/24 config interface vlan8 option ifname switch0.8 option proto static option ipaddr 10.255.8.1/24 config interface vlan11 option ifname switch0.11 option proto static option ipaddr 10.255.11.1/24 -- >8 -- Additionally, the "dsaconfig" executable provided by this package implements a "show" option to display the current switch port states and their VLAN memberships in a compact manner. For the latter configuration example above, the utility would produce an output similar to the following: -- 8< -- root@OpenWrt:~# dsaconfig show Switch: switch0 VLAN/ | lan1 | lan2 | lan3 | lan4 | wan | Link: | down | 1000F | down | 1000F | down | 1 | u* | t | | | | 2 | | | | | u* | 5 | | t* | u* | | | 8 | t | t | | u* | | 11 | | t | | t | | -- >8 -- This code has been tested on a WRT3200ACM and a Mir3G but is supposed to work with any DSA switch. It requires wider testing before it is suitable for inclusion. Once the configuration format is and rule logic is finalized, the shell script code provided by this package should be implemented directly in netifd C code to reduce the amount of required external dependencies and to allow for improved performance when processing large configurations. Open questions/topics: - Ensure that the chosen configuration approach actually works with DSA_TAG_PROTO_NONE switches - Investigate potential MTU issues regarding the CPU port Changes since v1: - Rename switch, switch_vlan and switch_port sections to dsa, dsa_vlan and dsa_port respectively - Forcibly move DSA ports to the switch bridge if they're part of another bridge yet - Disallow VLAN ID 0 - Properly display unassigned ports as empty in "dsaconfig show" - Handle implicit switch0 in "dsaconfig show" Jo-Philipp Wich (1): dsaconfig: introduce package for UCI configuration of VLAN filter rules package/network/config/dsaconfig/Makefile | 40 +++ .../config/dsaconfig/files/dsaconfig.hotplug | 7 + .../config/dsaconfig/files/dsaconfig.include | 11 + .../config/dsaconfig/files/dsaconfig.sh | 306 ++++++++++++++++++ 4 files changed, 364 insertions(+) create mode 100644 package/network/config/dsaconfig/Makefile create mode 100644 package/network/config/dsaconfig/files/dsaconfig.hotplug create mode 100755 package/network/config/dsaconfig/files/dsaconfig.include create mode 100755 package/network/config/dsaconfig/files/dsaconfig.sh