From: Sven Eckelmann <se@simonwunderlich.de>
Date: Thu, 9 Oct 2025 12:59:16 +0000 (+0200)
Subject: realtek: dsa: Add support for port isolation
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=0eeb8b7da656cd238bdde11618a29b8438c94944;p=openwrt%2Fstaging%2Fwigyori.git

realtek: dsa: Add support for port isolation

If two ports are in isolation mode then these ports are not supposed to be
able to communicate between each other. This can be achieved in the realtek
switch by removing the other isolated port(s) from the port list of an
isolated port.

Signed-off-by: Sven Eckelmann <se@simonwunderlich.de>
Link: https://github.com/openwrt/openwrt/pull/20360
Signed-off-by: Robert Marko <robimarko@gmail.com>
---

diff --git a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/dsa.c b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/dsa.c
index 74cd728de5..bc8f9b6562 100644
--- a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/dsa.c
+++ b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/dsa.c
@@ -1533,6 +1533,7 @@ static void rtldsa_update_port_member(struct rtl838x_switch_priv *priv, int port
 	struct rtl838x_port *other_p;
 	struct dsa_port *other_dp;
 	int other_port;
+	bool isolated;
 
 	dsa_switch_for_each_user_port(other_dp, priv->ds) {
 		other_port = other_dp->index;
@@ -1547,7 +1548,9 @@ static void rtldsa_update_port_member(struct rtl838x_switch_priv *priv, int port
 		if (join && priv->is_lagmember[other_port])
 			continue;
 
-		if (join) {
+		isolated = p->isolated && other_p->isolated;
+
+		if (join && !isolated) {
 			port_mask |= BIT_ULL(other_port);
 			other_p->pm |= BIT_ULL(port);
 		} else {
@@ -1578,6 +1581,9 @@ static int rtl83xx_port_bridge_join(struct dsa_switch *ds, int port,
 		return 0;
 	}
 
+	/* reset to default flags for new net_bridge_port */
+	priv->ports[port].isolated = false;
+
 	mutex_lock(&priv->reg_mutex);
 
 	rtldsa_update_port_member(priv, port, bridge.dev, true);
@@ -2375,7 +2381,7 @@ out_unlock:
 static int rtl83xx_port_pre_bridge_flags(struct dsa_switch *ds, int port, struct switchdev_brport_flags flags, struct netlink_ext_ack *extack)
 {
 	struct rtl838x_switch_priv *priv = ds->priv;
-	unsigned long features = 0;
+	unsigned long features = BR_ISOLATED;
 	pr_debug("%s: %d %lX\n", __func__, port, flags.val);
 	if (priv->r->enable_learning)
 		features |= BR_LEARNING;
@@ -2408,6 +2414,17 @@ static int rtl83xx_port_bridge_flags(struct dsa_switch *ds, int port, struct swi
 	if (priv->r->enable_bcast_flood && (flags.mask & BR_BCAST_FLOOD))
 		priv->r->enable_bcast_flood(port, !!(flags.val & BR_BCAST_FLOOD));
 
+	if (flags.mask & BR_ISOLATED) {
+		struct dsa_port *dp = dsa_to_port(ds, port);
+		struct net_device *bridge_dev = dsa_port_bridge_dev_get(dp);
+
+		priv->ports[port].isolated = !!(flags.val & BR_ISOLATED);
+
+		mutex_lock(&priv->reg_mutex);
+		rtldsa_update_port_member(priv, port, bridge_dev, true);
+		mutex_unlock(&priv->reg_mutex);
+	}
+
 	return 0;
 }
 
diff --git a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/rtl838x.h b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/rtl838x.h
index 028e87820f..0b0557bd0c 100644
--- a/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/rtl838x.h
+++ b/target/linux/realtek/files-6.12/drivers/net/dsa/rtl83xx/rtl838x.h
@@ -684,6 +684,7 @@ struct rtl838x_port {
 	bool phy_is_integrated:1;
 	bool is10G:1;
 	bool is2G5:1;
+	bool isolated:1;
 	u64 pm;
 	u16 pvid;
 	bool eee_enabled;