From patchwork Tue Aug  4 23:00:03 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Linus_L=C3=BCssing?=
 <linus.luessing@c0d3.blue>
X-Patchwork-Id: 503843
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id AE7CC140316
	for <incoming@patchwork.ozlabs.org>;
	Wed,  5 Aug 2015 09:02:09 +1000 (AEST)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 4086628C0DB;
	Wed,  5 Aug 2015 01:00:39 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00
	autolearn=unavailable version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 3D8E028BD7C
	for <openwrt-devel@lists.openwrt.org>;
	Wed,  5 Aug 2015 00:59:46 +0200 (CEST)
X-policyd-weight: using cached result; rate: -7.6
Received: from mail.passe0815.de (mail.passe0815.de [188.40.49.9])
	by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Wed,  5 Aug 2015 00:59:43 +0200 (CEST)
Received: from mail.passe0815.de (localhost [127.0.0.1])
	by mail.passe0815.de (Postfix) with ESMTP id DFD4458698A
	for <openwrt-devel@lists.openwrt.org>;
	Wed,  5 Aug 2015 01:00:19 +0200 (CEST)
Received: from localhost (unknown [46.54.226.50])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.passe0815.de (Postfix) with ESMTPSA id 7EBB4586852;
	Wed,  5 Aug 2015 01:00:19 +0200 (CEST)
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
To: openwrt-devel@lists.openwrt.org
Date: Wed,  5 Aug 2015 01:00:03 +0200
Message-Id: <1438729208-3556-2-git-send-email-linus.luessing@c0d3.blue>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1438729208-3556-1-git-send-email-linus.luessing@c0d3.blue>
References: <1438729208-3556-1-git-send-email-linus.luessing@c0d3.blue>
MIME-Version: 1.0
X-GPG-Mailgate: Not encrypted, public key not found
Subject: [OpenWrt-Devel] [PATCHv2 netifd 1/3] bridge: Fix
	multicast_to_unicast feature by hairpin+isolate
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.

Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.

Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.

Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.

For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---
 device.h       |    1 +
 system-linux.c |   26 ++++++++++++++++++++------
 wireless.c     |   12 +++++++++++-
 wireless.h     |    1 +
 4 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/device.h b/device.h
index ce135ba..373445c 100644
--- a/device.h
+++ b/device.h
@@ -173,6 +173,7 @@ struct device {
 	bool iface_config;
 	bool default_config;
 	bool wireless;
+	bool wireless_isolate;
 
 	struct interface *config_iface;
 
diff --git a/system-linux.c b/system-linux.c
index 9ba13fd..9c4bea6 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -315,6 +315,16 @@ static void system_set_dadtransmits(struct device *dev, const char *val)
 	system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", dev->ifname, val);
 }
 
+static void system_bridge_set_multicast_to_unicast(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_to_unicast", dev->ifname, val);
+}
+
+static void system_bridge_set_hairpin_mode(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/sys/class/net/%s/brport/hairpin_mode", dev->ifname, val);
+}
+
 static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz)
 {
 	int fd = -1, ret = -1;
@@ -556,12 +566,16 @@ static char *system_get_bridge(const char *name, char *buf, int buflen)
 	return path + 1;
 }
 
-static void system_bridge_set_wireless(const char *bridge, const char *dev)
+static void
+system_bridge_set_wireless(struct device *dev)
 {
-	snprintf(dev_buf, sizeof(dev_buf),
-		 "/sys/devices/virtual/net/%s/brif/%s/multicast_to_unicast",
-		 bridge, dev);
-	system_set_sysctl(dev_buf, "1");
+	bool hairpin = true;
+
+	if (dev->wireless_isolate)
+		hairpin = false;
+
+	system_bridge_set_multicast_to_unicast(dev, "1");
+	system_bridge_set_hairpin_mode(dev, hairpin ? "1" : "0");
 }
 
 int system_bridge_addif(struct device *bridge, struct device *dev)
@@ -574,7 +588,7 @@ int system_bridge_addif(struct device *bridge, struct device *dev)
 		ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL);
 
 	if (dev->wireless)
-		system_bridge_set_wireless(bridge->ifname, dev->ifname);
+		system_bridge_set_wireless(dev);
 
 	return ret;
 }
diff --git a/wireless.c b/wireless.c
index fbd6191..337f563 100644
--- a/wireless.c
+++ b/wireless.c
@@ -35,12 +35,14 @@ static const struct uci_blob_param_list wdev_param = {
 enum {
 	VIF_ATTR_DISABLED,
 	VIF_ATTR_NETWORK,
+	VIF_ATTR_ISOLATE,
 	__VIF_ATTR_MAX,
 };
 
 static const struct blobmsg_policy vif_policy[__VIF_ATTR_MAX] = {
 	[VIF_ATTR_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
 	[VIF_ATTR_NETWORK] = { .name = "network", .type = BLOBMSG_TYPE_ARRAY },
+	[VIF_ATTR_ISOLATE] = { .name = "isolate", .type = BLOBMSG_TYPE_BOOL },
 };
 
 static const struct uci_blob_param_list vif_param = {
@@ -204,8 +206,10 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, bool
 
 	if (up) {
 		struct device *dev = device_get(vif->ifname, 2);
-		if (dev)
+		if (dev) {
+			dev->wireless_isolate = vif->isolate;
 			dev->wireless = true;
+		}
 	}
 
 	blobmsg_for_each_attr(cur, vif->network, rem) {
@@ -700,6 +704,12 @@ void wireless_interface_create(struct wireless_device *wdev, struct blob_attr *d
 	vif->wdev = wdev;
 	vif->config = data;
 	vif->section = section;
+	vif->isolate = false;
+
+	cur = tb[VIF_ATTR_ISOLATE];
+	if (cur && blobmsg_get_bool(cur))
+		vif->isolate = blobmsg_get_bool(cur);
+
 	vlist_add(&wdev->interfaces, &vif->node, vif->name);
 }
 
diff --git a/wireless.h b/wireless.h
index c5dbb88..476c63e 100644
--- a/wireless.h
+++ b/wireless.h
@@ -77,6 +77,7 @@ struct wireless_interface {
 
 	const char *ifname;
 	struct blob_attr *network;
+	bool isolate;
 };
 
 struct wireless_process {