From 51c094e7032b45522cc7060858196881e161e615 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 15 Nov 2018 11:12:54 -0500 Subject: kernel: enable CONFIG_BRIDGE_VLAN_FILTERING This allows us to use the bridge as a managed switch and gracefully handle mixed tagged and untagged frames. Prior to this, the only alternative was creating one bridge per vlan which quickly becomes a nightmare and still won't let you mix both tagged and untagged frames on the physical port without some complex ebtables magic. This is in line with the notion that OpenWRT is the network go-to swiss army knife when you need a nice set-and-forget, low maintenance box to handle a specific task. Current builds of the ip-bridge package already fully support this feature so the only requirement is enabling the kernel config. This is disabled by default so existing bridge configurations will not be affected. This patch only gives the ability to turn it on with an 'ip link' command. If there is interest, I could look into making the feature accessible via uci configuration. It causes about 3.1% hit on raw bridging speed, which is relatively trivial considering that I had to use 300 byte packets to strain the CPU enough to notice a slowdown at all. The ER8 would chug along at wire speed otherwise, and that's using only one core. Since the typical bridge use case on OpenWRT is wireless, I doubt it would be noticeable at all. With BRIDGE_VLAN_FILTERING iperf -u -c 192.168.1.105 -b 1G -l 300 ------------------------------------------------------------ Client connecting to 192.168.1.105, UDP port 5001 Sending 300 byte datagrams, IPG target: 2.24 us (kalman adjust) UDP buffer size: 208 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.1.12 port 58045 connected with 192.168.1.105 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 977 MBytes 820 Mbits/sec [ 3] Sent 3414986 datagrams [ 3] Server Report: [ 3] 0.0-10.0 sec 811 MBytes 680 Mbits/sec 0.000 ms 581210/3414986 (0%) Without BRIDGE_VLAN_FILTERING iperf -u -c 192.168.1.105 -b 1G -l 300 ------------------------------------------------------------ Client connecting to 192.168.1.105, UDP port 5001 Sending 300 byte datagrams, IPG target: 2.24 us (kalman adjust) UDP buffer size: 208 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.1.12 port 36645 connected with 192.168.1.105 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 977 MBytes 820 Mbits/sec [ 3] Sent 3414990 datagrams [ 3] Server Report: [ 3] 0.0-10.0 sec 836 MBytes 701 Mbits/sec 0.000 ms 493950/3414990 (0%) In terms of kernel size, it uses 16KB (6753K vs 6737K on ER8) so a 0.002% hit. The exact 16KB is probably just due to how the kernel is compressed. Suggested-by: Jonathan Thibault Signed-off-by: Daniel Golle --- target/linux/generic/config-4.14 | 2 +- target/linux/generic/config-4.9 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'target') diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 97207cf2eb..7d4750f461 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -627,7 +627,7 @@ CONFIG_BRIDGE=y CONFIG_BRIDGE_IGMP_SNOOPING=y # CONFIG_BRIDGE_NETFILTER is not set # CONFIG_BRIDGE_NF_EBTABLES is not set -# CONFIG_BRIDGE_VLAN_FILTERING is not set +CONFIG_BRIDGE_VLAN_FILTERING=y # CONFIG_BROADCOM_PHY is not set CONFIG_BROKEN_ON_SMP=y # CONFIG_BSD_DISKLABEL is not set diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9 index 979028f04a..860b39b428 100644 --- a/target/linux/generic/config-4.9 +++ b/target/linux/generic/config-4.9 @@ -598,7 +598,7 @@ CONFIG_BRIDGE=y CONFIG_BRIDGE_IGMP_SNOOPING=y # CONFIG_BRIDGE_NETFILTER is not set # CONFIG_BRIDGE_NF_EBTABLES is not set -# CONFIG_BRIDGE_VLAN_FILTERING is not set +CONFIG_BRIDGE_VLAN_FILTERING=y # CONFIG_BROADCOM_PHY is not set CONFIG_BROKEN_ON_SMP=y # CONFIG_BSD_DISKLABEL is not set -- cgit v1.2.3