Skip to content

Commit

Permalink
feat: add support for configuring vlan filtering on the bridge
Browse files Browse the repository at this point in the history
Fixes #8941

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
smira committed Jul 1, 2024
1 parent 2d054ad commit cc345c8
Show file tree
Hide file tree
Showing 18 changed files with 1,421 additions and 947 deletions.
6 changes: 6 additions & 0 deletions api/resource/definitions/network/network.proto
Original file line number Diff line number Diff line change
Expand Up @@ -70,13 +70,19 @@ message BondSlave {
// BridgeMasterSpec describes bridge settings if Kind == "bridge".
message BridgeMasterSpec {
STPSpec stp = 1;
BridgeVLANSpec vlan = 2;
}

// BridgeSlave contains a bond's master name and slave index.
message BridgeSlave {
string master_name = 1;
}

// BridgeVLANSpec describes VLAN settings of a bridge.
message BridgeVLANSpec {
bool filtering_enabled = 1;
}

// DHCP4OperatorSpec describes DHCP4 operator options.
message DHCP4OperatorSpec {
uint32 route_metric = 1;
Expand Down
6 changes: 6 additions & 0 deletions hack/release.toml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,12 @@ A list of PCI devices can now be obtained via `PCIDevices` resource, e.g. `talos
Talos Linux now shows diagnostics information for common problems related to misconfiguration via `talosctl health` and Talos dashboard.
"""

[notes.bridge]
title = "Bridge Interface"
description = """\
Talos Linux now support configuring 'vlan_filtering' for bridge interfaces.
"""


[make_deps]

Expand Down
11 changes: 10 additions & 1 deletion internal/app/machined/pkg/adapters/network/bridge_master_spec.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,13 @@ func (a bridgeMaster) Encode() ([]byte, error) {
stpEnabled = 1
}

vlanFiltering := 0
if bridge.VLAN.FilteringEnabled {
vlanFiltering = 1
}

encoder.Uint32(unix.IFLA_BR_STP_STATE, uint32(stpEnabled))
encoder.Uint8(unix.IFLA_BR_VLAN_FILTERING, uint8(vlanFiltering))

return encoder.Encode()
}
Expand All @@ -51,8 +57,11 @@ func (a bridgeMaster) Decode(data []byte) error {
}

for decoder.Next() {
if decoder.Type() == unix.IFLA_BR_STP_STATE {
switch decoder.Type() {
case unix.IFLA_BR_STP_STATE:
bridge.STP.Enabled = decoder.Uint32() == 1
case unix.IFLA_BR_VLAN_FILTERING:
bridge.VLAN.FilteringEnabled = decoder.Uint8() == 1
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.

package network_test

import (
"testing"

"github.com/stretchr/testify/require"

networkadapter "github.com/siderolabs/talos/internal/app/machined/pkg/adapters/network"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
)

func TestBridgeMasterSpec(t *testing.T) {
spec := network.BridgeMasterSpec{
STP: network.STPSpec{
Enabled: true,
},
VLAN: network.BridgeVLANSpec{
FilteringEnabled: true,
},
}

b, err := networkadapter.BridgeMasterSpec(&spec).Encode()
require.NoError(t, err)

var decodedSpec network.BridgeMasterSpec

require.NoError(t, networkadapter.BridgeMasterSpec(&decodedSpec).Decode(b))

require.Equal(t, spec, decodedSpec)
}
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,9 @@ func (suite *LinkConfigSuite) TestMachineConfiguration() {
BridgeSTP: &v1alpha1.STP{
STPEnabled: pointer.To(true),
},
BridgeVLAN: &v1alpha1.BridgeVLAN{
BridgeVLANFiltering: pointer.To(true),
},
},
},
{
Expand Down Expand Up @@ -348,7 +351,8 @@ func (suite *LinkConfigSuite) TestMachineConfiguration() {
asrt.True(r.TypedSpec().Logical)
asrt.Equal(nethelpers.LinkEther, r.TypedSpec().Type)
asrt.Equal(network.LinkKindBridge, r.TypedSpec().Kind)
asrt.Equal(true, r.TypedSpec().BridgeMaster.STP.Enabled)
asrt.True(r.TypedSpec().BridgeMaster.STP.Enabled)
asrt.True(r.TypedSpec().BridgeMaster.VLAN.FilteringEnabled)
case "wireguard0":
asrt.True(r.TypedSpec().Up)
asrt.True(r.TypedSpec().Logical)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -702,9 +702,10 @@ func (suite *LinkSpecSuite) TestBridge() {
),
)

// attempt to enable STP
// attempt to enable STP & VLAN filtering
ctest.UpdateWithConflicts(suite, bridge, func(r *network.LinkSpec) error {
r.TypedSpec().BridgeMaster.STP.Enabled = true
r.TypedSpec().BridgeMaster.VLAN.FilteringEnabled = true

return nil
})
Expand All @@ -720,6 +721,12 @@ func (suite *LinkSpecSuite) TestBridge() {
)
}

if !r.TypedSpec().BridgeMaster.VLAN.FilteringEnabled {
return retry.ExpectedErrorf(
"vlan filtering is not enabled on bridge %s", r.Metadata().ID(),
)
}

return nil
},
)
Expand Down
3 changes: 3 additions & 0 deletions internal/app/machined/pkg/controllers/network/network.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,9 @@ func SetBridgeMaster(link *network.LinkSpecSpec, bridge talosconfig.Bridge) erro
STP: network.STPSpec{
Enabled: bridge.STP().Enabled(),
},
VLAN: network.BridgeVLANSpec{
FilteringEnabled: bridge.VLAN().FilteringEnabled(),
},
}

return nil
Expand Down
Loading

0 comments on commit cc345c8

Please sign in to comment.