#868220 ifupdown should support vlan-aware bridges

Package:
bridge-utils
Source:
bridge-utils
Description:
Utilities for configuring the Linux Ethernet bridge
Submitter:
Joerg Dorchain
Date:
2021-02-24 19:21:02 UTC
Severity:
wishlist
#868220#5
Date:
2017-07-13 07:48:49 UTC
From:
To:
Hello,

th elinux kernel support vlan aware bridges for a while now.
(cfr.
http://events.linuxfoundation.org/sites/events/files/slides/LinuxConJapan2014_makita_0.pdf)

it would be great to have support in ifupdown for them, with
config stanzas like bridge-vlan-aware, bridge-vid, bridge-pvid,
etc.
(cfr. package ifupdown2)

Please consider implementing.

Bye,

Joerg

#868220#10
Date:
2017-07-16 11:35:43 UTC
From:
To:
reassign 868220 bridge-utils
thanks

Ifupdown itself supports VLANs for any interface, but I think that's not
what you want. You want to assign VLANs to individual bridge ports. It
looks to me this functionality should be added to bridge-utils'
if-pre-up/down.d scripts, therefore I'm reassigning this bug to the
bridge-utils package.

On the other hand, it seems brctl itself is quite limited and doesn't
support any VLAN configuration, you'd have to use the "bridge" command
from iproute2.

#868220#19
Date:
2017-07-16 11:54:54 UTC
From:
To:
Well, ok with that.

Yes, that is my current way of setting up a vlan aware bride.

But them again, vlan interface setup that originally started with
the vconfig tool, is meanwhile part of the iproute2 toolset and
supported directly by ifupdown. Maybe this is also the way for
bridges?

Bye,

Joerg

#868220#24
Date:
2017-07-16 12:03:36 UTC
From:
To:
[...]

It looks to me like iproute2 now provides a superset of vconfig and
brctl, so yes, perhaps it should all be configured using iproute2.
However, the bridge support for ifupdown currently lives in the
bridge-utils package, so that's why I've reassigned the bug there. But
if there is a desire to move the ifupdown integration scripts to the
ifupdown package, I'd not be opposed to that.

#868220#29
Date:
2018-03-22 22:44:43 UTC
From:
To:
Hi!

I've also thinked about this because bridge-utils is basically dead upstream
while iproute2 is integrating more and more stuff, so having the bridge
support on ifupdown and depending on iproute2 instead of bridge-utils may be
the way to go.

If you agree with this we'll have to talk on how we do this.

Regards.

#868220#34
Date:
2018-03-23 04:06:22 UTC
From:
To:
That is fine with me.

To my understanding it is basically translating the the hook scripts that
call brctl now to corresponding call to ip. While at it, adding
vlan-awareness ;-)

Again, having a look at what ifupdown2 does exeactly could help.

Bye,

Joerg

#868220#39
Date:
2020-04-30 09:22:15 UTC
From:
To:
We still haven't talked about how to land bridge setup on ifupdown yet :-(

However recently Benedikt Spranger asked for us to enable vlan filtering
for vlan-aware switches, so next version of bridge-utils will allow enabling
this from the interfaces file.

Regards.

#868220#44
Date:
2020-06-02 17:08:44 UTC
From:
To:
Looks like bridge-utils already does it in:
/lib/bridge-utils/ifupdown.sh

# Activate VLAN filtering on VLAN aware bridges
  if [ "$IF_BRIDGE_VLAN_AWARE" = "yes" ]; then
    ip link set dev $IFACE type bridge vlan_filtering 1
  else
    ip link set dev $IFACE type bridge vlan_filtering 0
  fi


the problem is I get operation not supported when setting vlan_filtering 0
on my bridge, does the else really make sense here?


Regards

#868220#49
Date:
2020-06-03 11:50:56 UTC
From:
To:
Hi!

Well, this was added due to bugs.debian.org/950879 reported by Benedikt who
kindly supplied the patch, the patch didn't cause any trouble on the tests I
did and that's why I applied it like he sent it.

I have added Benedikt to my reply for him to comment on this.

As I understand it, Gianluigi, if we remove the else there we won't set vlan
filtering to 0 and thus you won't get the error, right?

We have two options here, one is to remove it and the other to send the
possible errors on the setting to 0 case to /dev/null.

As I see it, maybe the second option is better, as if one has set this to
yes and then sets it to no without rebooting, he wouldn't get the expected
behaviour.

Benedikt and Gianluigi, what do you think?

Regards.

#868220#54
Date:
2020-06-03 13:19:17 UTC
From:
To:
On Wed, 3 Jun 2020 13:50:56 +0200 Santiago Garcia Mantinan <manty@debian.org> wrote:

Hi,

sorry for the trouble.
Unfortunately yes.
The brigde is configured at runtime and can be reconfigured. Without the
else part a user is forced to unset the filtering by hand if set by
try/error/accident.
OK.
May I introduce a third option?
I am not shure, if that pseudo file exists on every supported kernel,
but you got the idea. If that is prefered, i can dig through the kernel
sources and provide a patch.

NOTE: untested!
---8<---
# Activate VLAN filtering on VLAN aware bridges

if [ "$IF_BRIDGE_VLAN_AWARE" = "yes" ]; then
  ip link set dev $IFACE type bridge vlan_filtering 1
else
  if [ -f /sys/devices/virtual/net/$IFACE/bridge/vlan_filtering ]; then
    ip link set dev $IFACE type bridge vlan_filtering 0
  fi
fi
---8<---

I do not like to paper over errors like sending them to /dev/null.
But I prefer that option over droping the else part.

Regards
    Benedikt Spranger

#868220#59
Date:
2021-02-24 14:04:18 UTC
From:
To:
Well, kind of, I mean, on some of the bugs, at least on #868220, we've
have talked about this. And given that upstream has been inactive for
years... we have talked about getting the bridge setup scripts on
ifupdown and leave bridge-utils with just the brctl tool.

I'm crossposting and adding Guus to the mail to see if we can agree on
something here, I don't think it is now the time to do it, it would be
for post Bullseye, but I don't have any problem in rewriting the
scripts to use just iproute2 and maintain those scripts under ifupdown
so that Guus didn't have to take care of more stuff.

Guus, what do you think?

Regards.

#868220#64
Date:
2021-02-24 19:04:11 UTC
From:
To:
whether the bridge-utils package does it or ifupdown doesn't really
matter. At this point, I think it can still be done in bridge-utils,
migrating functionality between packages during the soft-freeze is
probably a no-go.

I did something similar in the past for the ifenslave package: it used
to be a compiled C program from the kernel sources that was shipped, at
some point I replaced it with a shell script that just echoed the right
values into the /sys/class/net/ hierarchy. The brctl command is very
simple, and the same thing could be done there. The hardest part would
be to emulate the output of `brctl show`. For the if-*.d scripts this is
not an issue of course.

#868220#69
Date:
2021-02-24 19:17:05 UTC
From:
To:
ke 24. helmik. 2021 klo 21.04 Guus Sliepen (guus@debian.org) kirjoitti:

To me, from a user perspective, the main advantage of using the
'bridge' command from iproute2 and of merging the functionality into
ifupdown would be to always have bridge control functionality included
with ifupdown and to harmonize the regex syntax in
/etc/network/interfaces. I've filed #982959 on that particular point.

There are probably other advantages of migrating to this e.g. from a
technical perspective, but it's not my department.

Martin-Éric