How to use vlan_filtering from UCI?

yves · August 16, 2021, 4:01pm

I know it's possible to configure vlan filtering using the bridge cli.

How would you do to configure it using UCI? Is it even possible?

vgaetera · August 16, 2021, 4:09pm

https://openwrt.org/docs/guide-user/network/network_configuration?s=vlan_filtering#bridge_options

yves · August 17, 2021, 11:33am

Thank you very much, I guess it does enables vlan_filtering. But then it must be configured. Usually it is done with the bridge cli, as in vlan-filter-support-on-bridge#with_vlan_filtering . But how would you do the configuration in UCI only, without using by the bridge cli?

vgaetera · August 17, 2021, 11:37am

It doesn't need CLI tools as it relies on libraries:

yves · August 18, 2021, 1:10pm

Actually, I need to enable and configure vlan_filtering using OpenWisp. So the configuration should be accessible through UCI.

Is it possible to configure vlan_filtering through UCI? Or do I really need to pass through bridge/libnl ?

vgaetera · August 18, 2021, 1:14pm

It should be possible since the option is documented.
You can follow the UCI docs:
https://openwrt.org/docs/guide-user/base-system/uci

yves · August 18, 2021, 3:07pm

Thank you for your answer.
I've browsed the documentation to find out how to do that. But I found nothing. If someone knows how to perform UCI configuration of vlan filtering please drop a post here.

vgaetera · August 18, 2021, 3:09pm

uci set network.lan.vlan_filtering="1"
uci commit network
/etc/init.d/network restart

yves · August 23, 2021, 12:33pm

uci set network.lan.vlan_filtering="1"

is the UCI command to make the following call:

ip link set br0 type bridge vlan_filtering 1

But how would you use UCI to make the following calls?

# bridge vlan add dev guest_1_tap_0 vid 2 pvid untagged master
# bridge vlan add dev guest_2_tap_0 vid 2 pvid untagged master

# bridge vlan add dev guest_2_tap_1 vid 3 pvid untagged master
# bridge vlan add dev guest_3_tap_0 vid 3 pvid untagged master

# bridge vlan add dev bond0 vid 2 master
# bridge vlan add dev bond0 vid 3 master

vgaetera · August 23, 2021, 12:45pm

Feel free to explore the relevant source code for netifd-bridge:
https://git.openwrt.org/?p=project/netifd.git;a=blob;f=bridge.c

Note that utilizing this feature over UCI requires a relatively fresh codebase.

yves · September 1, 2021, 10:33am

This commit description is interesting for this topic:

commit 0e8cea0f2acdae3812f9603ee046055acd89d717
Author: Felix Fietkau <nbd@nbd.name> 2020-07-15 17:18:20
Committer: Felix Fietkau <nbd@nbd.name> 2020-07-19 10:46:02
Parent: a56b457656218e5b6142b6238286ea54801ac4b2 (netifd: wireless: add support for tracking wifi-station sections)
Child: 6086b63b4ca24ce4f23774d5ad49b5791f0b1705 (config: enable bridge vlan filtering by default for bridges that define VLANs)
Branches: master, origin/master

bridge: add support for VLAN filtering

VLANs can be defined using bridge-vlan sections, like the following example:

config bridge-vlan
	option device 'switch0'
	option vlan '1'
	option ports "lan1 lan2 lan3 lan4:t*"

Each member port can be confgured with optional attributes after ':'
 - t: member port is tagged
 - *: This is the primary VLAN for the port (PVID)

VLAN member interfaces are automatically added as bridge members

Signed-off-by: Felix Fietkau <nbd@nbd.name>