[PATCH iproute2-next V2 1/4] bridge: link: add command to set port in locked mode
From: Hans Schultz <hidden>
Date: 2022-02-28 13:37:33
Also in:
lkml
Subsystem:
networking drivers, the rest · Maintainers:
Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds
Add support for setting a bridge port in locked mode to use with 802.1X,
so that only authorized clients are allowed access through the port.
Syntax: bridge link set dev DEV locked {on, off}
Signed-off-by: Hans Schultz <redacted>
---
bridge/link.c | 13 +++++++++++++
include/uapi/linux/if_link.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/bridge/link.c b/bridge/link.c
index 205a2fe7..bb4f0b2d 100644
--- a/bridge/link.c
+++ b/bridge/link.c@@ -175,6 +175,9 @@ static void print_protinfo(FILE *fp, struct rtattr *attr) if (prtb[IFLA_BRPORT_ISOLATED]) print_on_off(PRINT_ANY, "isolated", "isolated %s ", rta_getattr_u8(prtb[IFLA_BRPORT_ISOLATED])); + if (prtb[IFLA_BRPORT_LOCKED]) + print_on_off(PRINT_ANY, "locked", "locked %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); } else print_stp_state(rta_getattr_u8(attr)); }
@@ -275,6 +278,7 @@ static void usage(void) " [ neigh_suppress {on | off} ]\n" " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" + " [ locked {on | off} ]\n" " [ hwmode {vepa | veb} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" " [ self ] [ master ]\n"
@@ -303,6 +307,7 @@ static int brlink_modify(int argc, char **argv) __s8 vlan_tunnel = -1; __s8 mcast_flood = -1; __s8 mcast_to_unicast = -1; + __s8 locked = -1; __s8 isolated = -1; __s8 hairpin = -1; __s8 bpdu_guard = -1;
@@ -415,6 +420,11 @@ static int brlink_modify(int argc, char **argv) isolated = parse_on_off("isolated", *argv, &ret); if (ret) return ret; + } else if (strcmp(*argv, "locked") == 0) { + NEXT_ARG(); + locked = parse_on_off("locked", *argv, &ret); + if (ret) + return ret; } else if (strcmp(*argv, "backup_port") == 0) { NEXT_ARG(); backup_port_idx = ll_name_to_index(*argv);
@@ -489,6 +499,9 @@ static int brlink_modify(int argc, char **argv) if (isolated != -1) addattr8(&req.n, sizeof(req), IFLA_BRPORT_ISOLATED, isolated); + if (locked >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_LOCKED, locked); + if (backup_port_idx != -1) addattr32(&req.n, sizeof(req), IFLA_BRPORT_BACKUP_PORT, backup_port_idx);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 1d4ed60b..637623bb 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h@@ -534,6 +534,7 @@ enum { IFLA_BRPORT_MRP_IN_OPEN, IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, + IFLA_BRPORT_LOCKED, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
--
2.30.2