Add support for `isolated` parameter

Add the "Isolated" parameter in the *.network file, e.g.,

[Bridge]
Isolated=true|false

When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.

When Isolated is not specified, the port uses the kernel default
setting (false).

The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 74f416cf396b59215bd89b51d823911870081c79..52d017bb78374e5597669f71053e676f58b37845 100644 (file)
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -2960,6 +2960,15 @@ Token=prefixstable:2002:da8:1::</programlisting></para>
             receiving port. When unset, the kernel's default will be used.</para>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term><varname>Isolated=</varname></term>
+          <listitem>
+            <para>Takes a boolean. Configures whether this port is isolated or not. Within a bridge,
+            isolated ports can only communicate with non-isolated ports. When set to true, this port can only
+            communicate with other ports whose Isolated setting is false.  When set to false, this port
+            can communicate with any other ports. When unset, the kernel's default will be used.</para>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term><varname>UseBPDU=</varname></term>
           <listitem>

diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 08e3f13f5a5d10958cbc9ac058ce4c9e4cc85bad..8b19ce006b63661a1741f1011cecdc22c7197966 100644 (file)
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -308,6 +308,7 @@ DHCPServerStaticLease.MACAddress,            config_parse_dhcp_static_lease_hwad
 Bridge.Cost,                                 config_parse_uint32,                                      0,                             offsetof(Network, cost)
 Bridge.UseBPDU,                              config_parse_tristate,                                    0,                             offsetof(Network, use_bpdu)
 Bridge.HairPin,                              config_parse_tristate,                                    0,                             offsetof(Network, hairpin)
+Bridge.Isolated,                             config_parse_tristate,                                    0,                             offsetof(Network, isolated)
 Bridge.FastLeave,                            config_parse_tristate,                                    0,                             offsetof(Network, fast_leave)
 Bridge.AllowPortToBeRoot,                    config_parse_tristate,                                    0,                             offsetof(Network, allow_port_to_be_root)
 Bridge.UnicastFlood,                         config_parse_tristate,                                    0,                             offsetof(Network, unicast_flood)

diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index edcd68d61679b3e8a9be74b3c0e52e630f03e063..96806524be82597d0e38ab50586c86a8407d4c62 100644 (file)
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -437,6 +437,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
 
                 .use_bpdu = -1,
                 .hairpin = -1,
+                .isolated = -1,
                 .fast_leave = -1,
                 .allow_port_to_be_root = -1,
                 .unicast_flood = -1,

diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
index f7eb37acedafcb5877b64442d0999fbad05c7ba5..f933379ac1cd0a681d0daed324363846287081f7 100644 (file)
--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@@ -244,6 +244,7 @@ struct Network {
         /* Bridge Support */
         int use_bpdu;
         int hairpin;
+        int isolated;
         int fast_leave;
         int allow_port_to_be_root;
         int unicast_flood;

diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
index 3fbc910aa2baa02df170458d11a9ba8af5612e6d..4292f8976f8041eac850bbd28363e1a24068bc25 100644 (file)
--- a/src/network/networkd-setlink.c
+++ b/src/network/networkd-setlink.c
@@ -303,6 +303,12 @@ static int link_configure_fill_message(
                                 return r;
                 }
 
+                if (link->network->isolated >= 0) {
+                        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_ISOLATED, link->network->isolated);
+                        if (r < 0)
+                                return r;
+                }
+
                 if (link->network->fast_leave >= 0) {
                         r = sd_netlink_message_append_u8(req, IFLA_BRPORT_FAST_LEAVE, link->network->fast_leave);
                         if (r < 0)

diff --git a/test/fuzz/fuzz-network-parser/26-bridge-slave-interface-1.network b/test/fuzz/fuzz-network-parser/26-bridge-slave-interface-1.network
index 81b372fb6d091e78dadd8762001f360544f8d51b..854ac5f44cfb4507b234a95c53f5df0bdbd94eae 100644 (file)
--- a/test/fuzz/fuzz-network-parser/26-bridge-slave-interface-1.network
+++ b/test/fuzz/fuzz-network-parser/26-bridge-slave-interface-1.network
@@ -7,6 +7,7 @@ Bridge=bridge99
 [Bridge]
 Cost=400
 HairPin = true
+Isolated = true
 FastLeave = true
 UnicastFlood = true
 MulticastToUnicast = true

diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network
index 48f9ad6fba982521287de078b0994a4f101c8a84..10a40d26649cef3fe00c117f4f2272a5c08f5fc9 100644 (file)
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -2,6 +2,7 @@
 Cost=
 UseBPDU=
 HairPin=
+Isolated=
 UnicastFlood=
 FastLeave=
 Priority=

diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service
index 186557f8a5431ddd747d662c8818cf362c958e8d..699a9c5ae4883e38948b811727bd36c101cf4794 100644 (file)
--- a/test/fuzz/fuzz-unit-file/directives-all.service
+++ b/test/fuzz/fuzz-unit-file/directives-all.service
@@ -451,6 +451,7 @@ Group=
 GroupForwardMask=
 GroupPolicyExtension=
 HairPin=
+Isolated=
 MulticastToUnicast=
 HelloTimeSec=
 HomeAddress=

diff --git a/test/networkd-test.py b/test/networkd-test.py
index 60622077a2274e80eac7d4c59846628009a2077b..b3ef7bc5dad3f6255a37552370f3241a2c35b4a5 100755 (executable)
--- a/test/networkd-test.py
+++ b/test/networkd-test.py
@@ -273,6 +273,7 @@ Priority=0
 [Bridge]
 UnicastFlood=true
 HairPin=true
+Isolated=true
 UseBPDU=true
 FastLeave=true
 AllowPortToBeRoot=true
@@ -286,6 +287,7 @@ Priority=23
 
         self.assertEqual(self.read_attr('port2', 'brport/priority'), '23')
         self.assertEqual(self.read_attr('port2', 'brport/hairpin_mode'), '1')
+        self.assertEqual(self.read_attr('port2', 'brport/isolated'), '1')
         self.assertEqual(self.read_attr('port2', 'brport/path_cost'), '555')
         self.assertEqual(self.read_attr('port2', 'brport/multicast_fast_leave'), '1')
         self.assertEqual(self.read_attr('port2', 'brport/unicast_flood'), '1')

diff --git a/test/test-network/conf/26-bridge-slave-interface-1.network b/test/test-network/conf/26-bridge-slave-interface-1.network
index 07c82845659321d54d36fc3d6c1b7701706d9195..8858cbf0008f176f744bc509f6a67426a2edca82 100644 (file)
--- a/test/test-network/conf/26-bridge-slave-interface-1.network
+++ b/test/test-network/conf/26-bridge-slave-interface-1.network
@@ -8,6 +8,7 @@ Bridge=bridge99
 [Bridge]
 Cost=400
 HairPin = true
+Isolated = true
 FastLeave = true
 UnicastFlood = true
 MulticastFlood = false

diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 5f64933cf90ba98344d50e8c96d82adcd36da419..4f96bca33e844de77837c9856429cbee531ec87f 100755 (executable)
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -3864,6 +3864,7 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities):
         print(output)
         self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'path_cost'), '400')
         self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'hairpin_mode'), '1')
+        self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'isolated'), '1')
         self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'multicast_fast_leave'), '1')
         self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'unicast_flood'), '1')
         self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'multicast_flood'), '0')