[RFC PATCH] Introduce UCI support for configuring DSA VLAN filter rules

Jo-Philipp Wich jo at mein.io
Tue Jul 7 09:34:52 EDT 2020


This patch series introduces a new package "dsaconfig" which provides the
necessary logic to allow configuration of bridge vlan filter rules for
DSA switches.

While well supported DSA switches can be programmed by solely bridging
per-port netdevices together, explicit bridge VLAN filter rules are needed
for more complex scenarios or for DSA switches that do not support a
tagging protocol.

The UCI configuration interpreted by the dsaconfig package closely follows
the structure and semantics of the legacy swconfig architecture, honouring
"switch", "switch_vlan" and "switch_port" sections within the
/etc/config/network file. The only difference compared to swconfig is
that "switch" sections are optional and that the syntax of ports within
the "switch_vlan" section differs, instead of <portnumber><tag>?, e.g.
"0t", "1u" or "2", it is now <portname>(.<tag>)?, e.g. "wan.u", "lan1.t"
or "lan2".

The dsaconfig package will spawn a bridge device named "switchN" for each
DSA switch, where N denotes the number of the switch. In contrast to
swconfig, interfaces do not use the CPU port to target VLAN port groups on
the switch but reference a VLAN on top of the switch, e.g.
"option ifname switch0.1" to use the VLAN 1 port group on the first DSA
switch.

A complete configuration example for a simple LAN/WAN setup might look
like below. Note that this configuration should be equivalent to just
bridging lan1..lan4 without any VLAN filter rules.

-- 8< --
config switch_vlan
  option vlan 1
  option ports 'lan1 lan2 lan3 lan4'

config switch_vlan
  option vlan 2
  option ports 'wan'

config interface lan
  option ifname switch0.1
  option proto static
  option ipaddr 192.168.1.1/24

config interface wan
  option ifname switch0.2
  option proto dhcp
-- >8 --

A slightly more complex example that uses multiple tagged VLANs on different
ports would look like this:

-- 8< --
config switch switch0
  ## Override CPU port. Normally it is auto-discovered.
  #option cpu_port eth0

config switch_vlan
  ## Specify the switch this vlan belongs to.
  ## If there is only one switch on the system, it may be omitted.
  #option device switch0
  option vlan 1
  option ports 'lan1 lan2.t'

config switch_vlan
  #option device switch0
  option vlan 2
  option ports 'wan'

config switch_vlan
  #option device switch0
  option vlan 5
  option ports 'lan2.t lan3'

config switch_vlan
  #option device switch0
  option vlan 8
  option ports 'lan2.t lan4'

config switch_vlan
  #option device switch0
  option vlan 11
  option ports 'lan2.t lan4.t'

config switch_port
  #option device switch0
  option port lan2
  ## By default, the port PVID is set to the ID of the first
  ## untagged VLAN the port is member of. It can be overriden here.
  option pvid 5

config interface lan
  option type bridge
  option ifname 'switch0.1 wlan0'
  option proto static
  option ipaddr 192.168.1.1/24

config interface wan
  option ifname switch0.2
  option proto dhcp

config interface vlan5
  option ifname switch0.5
  option proto static
  option ipaddr 10.255.5.1/24

config interface vlan8
  option ifname switch0.8
  option proto static
  option ipaddr 10.255.8.1/24

config interface vlan11
  option ifname switch0.11
  option proto static
  option ipaddr 10.255.11.1/24
-- >8 --

Additionally, the "dsaconfig" executable provided by this package implements
a "show" option to display the current switch port states and their VLAN
memberships in a compact manner. For the latter configuration example above,
the utility would produce an output similar to the following:

-- 8< --
root at OpenWrt:~# dsaconfig show
Switch: switch0
VLAN/ | lan1  | lan2  | lan3  | lan4  | wan   |
Link: | down  | 1000F | down  | 1000F | down  |
   1  |  u*   |  t    |  t    |  t    |  t    |
   2  |  t    |  t    |  t    |  t    |  u*   |
   5  |  t    |  t*   |  u*   |  t    |  t    |
   8  |  t    |  t    |  t    |  u*   |  t    |
  11  |  t    |  t    |  t    |  t    |  t    |

-- >8 --

This code has been tested on a WRT3200ACM but is supposed to work with any
DSA switch. It requires wider testing before it is suitable for inclusion.

Once the configuration format is and rule logic is finalized, the shell
script code provided by this package should be implemented directly in
netifd C code to reduce the amount of required external dependencies and
to allow for improved performance when processing large configurations.

Open questions/topics:

 - Ensure that the chosen configuration approach actually works with
   DSA_TAG_PROTO_NONE switches

 - Consider changing the types of the UCI sections from
   switch/switch_vlan/switch_port to dsa/dsa_vlan/dsa_port

 - Investigate potential MTU issues regarding the CPU port

Jo-Philipp Wich (1):
  dsaconfig: introduce package for UCI configuration of VLAN filter
    rules

 package/network/config/dsaconfig/Makefile     |  40 +++
 .../config/dsaconfig/files/dsaconfig.hotplug  |   7 +
 .../config/dsaconfig/files/dsaconfig.include  |  11 +
 .../config/dsaconfig/files/dsaconfig.sh       | 296 ++++++++++++++++++
 4 files changed, 354 insertions(+)
 create mode 100644 package/network/config/dsaconfig/Makefile
 create mode 100644 package/network/config/dsaconfig/files/dsaconfig.hotplug
 create mode 100755 package/network/config/dsaconfig/files/dsaconfig.include
 create mode 100755 package/network/config/dsaconfig/files/dsaconfig.sh

-- 
2.20.1




More information about the openwrt-devel mailing list