wireless: always enable bpdu filter for AP interfaces and VLANs

Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 8 insertions, 0 deletions

diff --git a/system-linux.c b/system-linux.c
index 85942a5..355bf69 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -404,6 +404,11 @@ static void system_bridge_set_hairpin_mode(struct device *dev, const char *val)
 	system_set_dev_sysctl("/sys/class/net/%s/brport/hairpin_mode", dev->ifname, val);
 }
 
+static void system_bridge_set_bpdu_filter(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/sys/class/net/%s/brport/bpdu_filter", dev->ifname, val);
+}
+
 static void system_bridge_set_isolated(struct device *dev, const char *val)
 {
 	system_set_dev_sysctl("/sys/class/net/%s/brport/isolated", dev->ifname, val);
@@ -893,6 +898,9 @@ retry:
 	    dev->settings.isolate)
 		system_bridge_set_isolated(dev, "1");
 
+	if (dev->bpdu_filter)
+		system_bridge_set_bpdu_filter(dev, dev->bpdu_filter ? "1" : "0");
+
 	return ret;
 }