[systemd-devel] Support bridge-global VLAN options

Thu Mar 16 14:57:25 UTC 2023

Hi,

I'm currently working on adding support for bridge-global VLAN options 
to systemd-networkd.

Simply put, those options are multicast-related, set per VLAN and apply 
to a bridge as a whole. That is unlike the existing [BridgeVLAN] options 
which apply to just a single port.

These options also enable VLAN-aware multicast snooping and querying, 
which is exactly my use-case. Without these options set, the kernel's 
multicast querier will only inject untagged packets into the bridge.

I'm posting this RFC here because the implementation in systemd-networkd 
maybe got a little bit messy. I chose to add a new [BridgeVLAN] section 
to netdev. No other place felt quite right as these options apply to all 
of the bridge. But the settings from that section cannot be applied 
until after the bridge is aware of VLANs from one of more network units. 
The kernel rejects BRIDGE_VLANDB_GLOBAL_OPTIONS until after 
IFLA_BRIDGE_VLAN_INFO.

My approach right now is to use the async netlink completion handler of 
SET_LINK_BRIDGE_VLAN and from there hook back into netdev. There, only 
those global options will be set, which correspond to the VLANs of the 
port that just had its SET_LINK_BRIDGE_VLAN complete.

As an example, consider:

# 10-br0.netdev
[NetDev]
Name=br0
Kind=bridge

[Bridge]
MulticastVLANSnooping=yes
VLANFiltering=yes

[BridgeVLAN]
VLAN=1-2
MulticastSnooping=yes

# 10-br0-port0.network
[Match]
Name=br0-port0

[Network]
Bridge=br0

[BridgeVLAN]
VLAN=1

Here, the bridge is supposed to do multicast snooping for both VLANs 1 
and 2. This will not be configured immediately after the netdev has been 
created. Instead, the port br0-port0 is configured first. That then 
triggers configuration of the global VLAN options in netdev again. 
However, multicast snooping is only configured for VLAN 1 in this case.

My work-in-progress state is at [0] (top 4 commits). I hope you don't 
mind that it is based on an older state of systemd for this RFC. I'd 
rebase them onto main of course if this feature gets into state suitable 
for mainline systemd.

In Linux, these options exist since 5.15 [1].

I'd very much appreciate some input.

Cheers,
Dennis Hamester

[0] 
https://github.com/dennis-hamester/systemd/commits/wip/bridge-global-vlan

[1] 
https://lore.kernel.org/netdev/20210719170637.435541-1-razor@blackwall.org/

-- 
Dennis Hamester
Software Engineering Lead

jusst.engineering
Wrangelstraße 111
D - 20253 Hamburg

tel: +49 40 521 600 10
fax: +49 40 1800 86 76
mobil: +49 152 310 698 27
mail: dhamester at jusst.de

https://jusst.engineering/

jusst technologies GmbH, Ohlstedter Straße 12, D - 22397 Hamburg
Vertretungsberechtigte Geschäftsführer: Julian Scheel, Sebastian Scheel
Registergericht: Amtsgericht Hamburg
Registernummer: HRB 94300

-

Confidentiality notice:

The content of this email is confidential.
If you are not the intended addressee, or if the information provided in 
this
email or in its attachments is evidently not destined for you, please notify
us immediately and delete the message received in error including all its
attachments. Any unauthorized review, processing, distribution, copying,
storage, printout or other use of this message or its attachments is 
prohibited.