diff options
| author | Felix Fietkau <nbd@nbd.name> | 2021-08-27 12:15:07 +0200 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2021-08-27 12:17:19 +0200 |
| commit | d590fbd255cecd4c3a4c267e7ca377772574cf72 (patch) | |
| tree | 2d3893e5c0f0e4513f5b15ea8298617a1c0dc034 | |
| parent | 454e9c33c90691d5bea12263f1801a7dc38c20b1 (diff) | |
| download | netifd-d590fbd255cecd4c3a4c267e7ca377772574cf72.tar.gz | |
wireless: always enable bpdu filter for AP interfaces and VLANs
Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link
Signed-off-by: Felix Fietkau <nbd@nbd.name>
| -rw-r--r-- | device.h | 1 | ||||
| -rw-r--r-- | system-linux.c | 8 | ||||
| -rw-r--r-- | wireless.c | 2 |
3 files changed, 11 insertions, 0 deletions
@@ -244,6 +244,7 @@ struct device { bool wireless; bool wireless_ap; bool wireless_isolate; + bool bpdu_filter; struct interface *config_iface; diff --git a/system-linux.c b/system-linux.c index 85942a5..355bf69 100644 --- a/system-linux.c +++ b/system-linux.c @@ -404,6 +404,11 @@ static void system_bridge_set_hairpin_mode(struct device *dev, const char *val) system_set_dev_sysctl("/sys/class/net/%s/brport/hairpin_mode", dev->ifname, val); } +static void system_bridge_set_bpdu_filter(struct device *dev, const char *val) +{ + system_set_dev_sysctl("/sys/class/net/%s/brport/bpdu_filter", dev->ifname, val); +} + static void system_bridge_set_isolated(struct device *dev, const char *val) { system_set_dev_sysctl("/sys/class/net/%s/brport/isolated", dev->ifname, val); @@ -893,6 +898,9 @@ retry: dev->settings.isolate) system_bridge_set_isolated(dev, "1"); + if (dev->bpdu_filter) + system_bridge_set_bpdu_filter(dev, dev->bpdu_filter ? "1" : "0"); + return ret; } @@ -332,6 +332,7 @@ static void wireless_interface_handle_link(struct wireless_interface *vif, const dev->wireless_isolate = vif->isolate; dev->wireless = true; dev->wireless_ap = vif->ap_mode; + dev->bpdu_filter = dev->wireless_ap && ifname == vif->ifname; } } @@ -362,6 +363,7 @@ static void wireless_vlan_handle_link(struct wireless_vlan *vlan, bool up) dev->wireless_isolate = vlan->isolate; dev->wireless = true; dev->wireless_ap = true; + dev->bpdu_filter = true; } } |