On Wed, Jan 22, 2020 at 06:34:06AM +0200, Daniel Golle wrote: > On Tue, Jan 21, 2020 at 11:34:22PM +0100, Mathias Kresin wrote: > > 21/01/2020 20:22, Daniel Golle: > > > On Tue, Jan 21, 2020 at 07:40:42PM +0100, Bjørn Mork wrote: > > > > Daniel Golle <dan...@makrotopia.org> writes: > > > > > > > > > On proprietary APs it looks like port isolation is enabled or disabled > > > > > globally in Linux' bridge code using sysctl or other methods, an > > > > > approach which is unlikely to get accepted into the Kernel, also given > > > > > that the netlink interface already exists and allows doing the same > > > > > thing in a more granular fashion. > > > > > > > > Huh? > > > > > > > > Won't this sysfs attribute set the same flag IFLA_BRPORT_ISOLATED sets? > > > > > > > > > > > > root@wrt1900ac-1:~# grep . /sys/class/net/br-lan/brif/*/isolated > > > > /sys/class/net/br-lan/brif/eth0.7/isolated:0 > > > > /sys/class/net/br-lan/brif/wlan0/isolated:0 > > > > /sys/class/net/br-lan/brif/wlan1/isolated:0 > > > > > > Looks like that's the thing I may have missed ;) > > > Yet we do need a way to set this to '1' once hostapd adds the AP > > > interface to the bridge. I'm not sure whether setting this via > > > sysfs is actually more simple than using netlink given that some > > > general purpose netlink code is already part of hostap. > > > In the end, either approach would be fine with me and I would > > > implement whatever is more likely to be merged into hostap.git. > > > > netifd is able to set bridge client isolation via sysfs since commit > > c06f84238952211b35c2940a82fcce3fcc3221c1. > > > > /etc/config/wireless as expected: > > > > config wifi-iface > > option device 'radio1' > > option ifname 'wlan_guest_leg' > > option network 'guest' > > option isolate '1' > > > > config wifi-iface > > option device 'radio0' > > option ifname 'wlan_guest' > > option network 'guest' > > option isolate '1 > > > > The isolation option in /etc/config/network does the trick: > > > > config interface 'guest' > > option type 'bridge' > > option proto 'static' > > > > config device 'wlan_guest' > > option isolate '1' > > > > config device 'wlan_guest_leg' > > option isolate '1' > > > > > > Of course, bridge client isolation isn't limited to wireless interface.
What about wlan0.sta1 and such created by AP-WDS? Is there a way to catch all or set a bridge-wide default? _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
