From 19c6398aa9d2b934648e5aae4221d672a461e114 Mon Sep 17 00:00:00 2001 From: Robin Jarry Date: Wed, 24 May 2023 13:14:53 +0200 Subject: [PATCH] link: allow isolating bridge ports This is the equivalent of: bridge link set dev isolated on|off Add more bridge port netlink attributes Imported from include/uapi/linux/if_link.h in Linux v6.3. Signed-off-by: Robin Jarry --- link_linux.go | 8 ++++++++ nl/link_linux.go | 32 +++++++++++++++++++++++++++++++- protinfo.go | 4 ++++ protinfo_linux.go | 2 ++ protinfo_test.go | 17 +++++++++++++++++ 5 files changed, 62 insertions(+), 1 deletion(-) diff --git a/link_linux.go b/link_linux.go index bec560b..7222bb7 100644 --- a/link_linux.go +++ b/link_linux.go @@ -2357,6 +2357,14 @@ func (h *Handle) LinkSetFlood(link Link, mode bool) error { return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_UNICAST_FLOOD) } +func LinkSetIsolated(link Link, mode bool) error { + return pkgHandle.LinkSetIsolated(link, mode) +} + +func (h *Handle) LinkSetIsolated(link Link, mode bool) error { + return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_ISOLATED) +} + func LinkSetBrProxyArp(link Link, mode bool) error { return pkgHandle.LinkSetBrProxyArp(link, mode) } diff --git a/nl/link_linux.go b/nl/link_linux.go index e10edbc..beb0710 100644 --- a/nl/link_linux.go +++ b/nl/link_linux.go @@ -85,7 +85,37 @@ const ( IFLA_BRPORT_PROXYARP IFLA_BRPORT_LEARNING_SYNC IFLA_BRPORT_PROXYARP_WIFI - IFLA_BRPORT_MAX = IFLA_BRPORT_PROXYARP_WIFI + IFLA_BRPORT_ROOT_ID + IFLA_BRPORT_BRIDGE_ID + IFLA_BRPORT_DESIGNATED_PORT + IFLA_BRPORT_DESIGNATED_COST + IFLA_BRPORT_ID + IFLA_BRPORT_NO + IFLA_BRPORT_TOPOLOGY_CHANGE_ACK + IFLA_BRPORT_CONFIG_PENDING + IFLA_BRPORT_MESSAGE_AGE_TIMER + IFLA_BRPORT_FORWARD_DELAY_TIMER + IFLA_BRPORT_HOLD_TIMER + IFLA_BRPORT_FLUSH + IFLA_BRPORT_MULTICAST_ROUTER + IFLA_BRPORT_PAD + IFLA_BRPORT_MCAST_FLOOD + IFLA_BRPORT_MCAST_TO_UCAST + IFLA_BRPORT_VLAN_TUNNEL + IFLA_BRPORT_BCAST_FLOOD + IFLA_BRPORT_GROUP_FWD_MASK + IFLA_BRPORT_NEIGH_SUPPRESS + IFLA_BRPORT_ISOLATED + IFLA_BRPORT_BACKUP_PORT + IFLA_BRPORT_MRP_RING_OPEN + IFLA_BRPORT_MRP_IN_OPEN + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + IFLA_BRPORT_MCAST_EHT_HOSTS_CNT + IFLA_BRPORT_LOCKED + IFLA_BRPORT_MAB + IFLA_BRPORT_MCAST_N_GROUPS + IFLA_BRPORT_MCAST_MAX_GROUPS + IFLA_BRPORT_MAX = IFLA_BRPORT_MCAST_MAX_GROUPS ) const ( diff --git a/protinfo.go b/protinfo.go index 60b23b3..91ea269 100644 --- a/protinfo.go +++ b/protinfo.go @@ -14,6 +14,7 @@ type Protinfo struct { Flood bool ProxyArp bool ProxyArpWiFi bool + Isolated bool } // String returns a list of enabled flags @@ -47,6 +48,9 @@ func (prot *Protinfo) String() string { if prot.ProxyArpWiFi { boolStrings = append(boolStrings, "ProxyArpWiFi") } + if prot.Isolated { + boolStrings = append(boolStrings, "Isolated") + } return strings.Join(boolStrings, " ") } diff --git a/protinfo_linux.go b/protinfo_linux.go index 15b6512..bfd1b62 100644 --- a/protinfo_linux.go +++ b/protinfo_linux.go @@ -68,6 +68,8 @@ func parseProtinfo(infos []syscall.NetlinkRouteAttr) (pi Protinfo) { pi.ProxyArp = byteToBool(info.Value[0]) case nl.IFLA_BRPORT_PROXYARP_WIFI: pi.ProxyArpWiFi = byteToBool(info.Value[0]) + case nl.IFLA_BRPORT_ISOLATED: + pi.Isolated = byteToBool(info.Value[0]) } } return diff --git a/protinfo_test.go b/protinfo_test.go index e63a402..a2909d4 100644 --- a/protinfo_test.go +++ b/protinfo_test.go @@ -62,6 +62,9 @@ func TestProtinfo(t *testing.T) { if !pi1.RootBlock { t.Fatalf("RootBlock is not enabled for %s, but should", iface1.Name) } + if pi1.Isolated { + t.Fatalf("Isolated mode is enabled for %s, but shouldn't", iface1.Name) + } if pi1.ProxyArp != oldpi1.ProxyArp { t.Fatalf("ProxyArp field was changed for %s but shouldn't", iface1.Name) } @@ -158,4 +161,18 @@ func TestProtinfo(t *testing.T) { if pi4.Flood != oldpi4.Flood { t.Fatalf("Flood field was changed for %s but shouldn't", iface4.Name) } + + // Setting kernel requirement for next tests which require BRPORT_ISOLATED + minKernelRequired(t, 4, 18) + + if err := LinkSetIsolated(iface1, true); err != nil { + t.Fatal(err) + } + pi1, err = LinkGetProtinfo(iface1) + if err != nil { + t.Fatal(err) + } + if !pi1.Isolated { + t.Fatalf("Isolated mode is not enabled for %s, but should", iface1.Name) + } }