ramips: prevent packet forwarding on mt7620 between switch ports during init (FS#103)

By default, forwarding between all ports is allowed on init. This is
problematic in cases where some ports are supposed to be isolated from
each other, most commonly LAN/WAN separation.

REG_ESW_PORT_PCR(port) has a destination mask for a particular port,
controlling what other ports it is allowed to send packets to.
Instead of initializing all to 0xff (all ports), allow each physical
port to send to the CPU port, and the CPU port to send to all other
ports.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 3 insertions, 3 deletions

diff --git a/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch b/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
index 45e320bec3..c8fbc6404c 100644
--- a/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
+++ b/target/linux/ramips/patches-4.4/0519-gsw_mt7621.patch
@@ -1,6 +1,6 @@
 --- a/drivers/net/ethernet/mediatek/mt7530.c
 +++ b/drivers/net/ethernet/mediatek/mt7530.c
-@@ -541,6 +541,7 @@ mt7530_apply_config(struct switch_dev *d
+@@ -543,6 +543,7 @@ mt7530_apply_config(struct switch_dev *d
  		u8 etags = priv->vlan_entries[i].etags;
  		u32 val;
  
@@ -8,7 +8,7 @@
  		/* vid of vlan */
  		val = mt7530_r32(priv, REG_ESW_VLAN_VTIM(i));
  		if (i % 2 == 0) {
-@@ -551,7 +552,7 @@ mt7530_apply_config(struct switch_dev *d
+@@ -553,7 +554,7 @@ mt7530_apply_config(struct switch_dev *d
  			val |= (vid << 12);
  		}
  		mt7530_w32(priv, REG_ESW_VLAN_VTIM(i), val);
@@ -17,7 +17,7 @@
  		/* vlan port membership */
  		if (member)
  			mt7530_w32(priv, REG_ESW_VLAN_VAWD1, REG_ESW_VLAN_VAWD1_IVL_MAC |
-@@ -571,7 +572,11 @@ mt7530_apply_config(struct switch_dev *d
+@@ -573,7 +574,11 @@ mt7530_apply_config(struct switch_dev *d
  		mt7530_w32(priv, REG_ESW_VLAN_VAWD2, val);
  
  		/* write to vlan table */