From a9850c25cbdd34505ddcbbbc562edb88b3a97e7a Mon Sep 17 00:00:00 2001
From: Jakob Olsson <jakob.olsson@iopsys.eu>
Date: Mon, 24 Oct 2022 16:22:15 +0200
Subject: [PATCH] map-agent: traffic_seperation: add func isolate guest by
 ebtables

---
 map-agent/files/lib/wifi/traffic_separation | 39 ++++++++++++++++-----
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/map-agent/files/lib/wifi/traffic_separation b/map-agent/files/lib/wifi/traffic_separation
index 0e55f89cd..6aacba55b 100755
--- a/map-agent/files/lib/wifi/traffic_separation
+++ b/map-agent/files/lib/wifi/traffic_separation
@@ -185,14 +185,36 @@ EOF
 			/etc/init.d/network restart
 		fi
 
-                # enable pktfwd again and flush FlowCache rules
-                echo 1 > /proc/pktfwd_dhd/enable
-                echo 1 > /proc/pktfwd_wl/enable
-                echo 0 > /proc/pktfwd_dhd/enable
-                echo 0 > /proc/pktfwd_wl/enable
-                echo 1 > /proc/pktfwd_dhd/enable
-                echo 1 > /proc/pktfwd_wl/enable
-                fcctl flush
+		# enable pktfwd again and flush FlowCache rules
+		echo 1 > /proc/pktfwd_dhd/enable
+		echo 1 > /proc/pktfwd_wl/enable
+		echo 0 > /proc/pktfwd_dhd/enable
+		echo 0 > /proc/pktfwd_wl/enable
+		echo 1 > /proc/pktfwd_dhd/enable
+		echo 1 > /proc/pktfwd_wl/enable
+		fcctl flush
+	}
+
+	ts_isolate() {
+		local action=$1
+		shift
+		local pvid=$1 # pvid
+		shift
+		local ifname=$1 # guest fbss name
+		shift
+		local ifprefix=$@ # 4addr mode ifname prefix
+
+		[ -z "$pvid" -o -z "$ifprefix" -o -z "$ifname" ] && return
+
+		for prefix in $@; do
+			ebtables -D FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
+			ebtables -D FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
+
+			[ "$action" != "add" ] && continue
+			ebtables -A FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
+			ebtables -A FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
+		done
+
 
 	}
 
@@ -204,6 +226,7 @@ EOF
 		keep) dbg "keep $@"; ts_keep $@;;
 		reload) dbg "reload $@"; ts_reload $@;;
 		cleanup) dbg "cleanup $@"; ts_cleanup $@;;
+		isolate) dbg "isolate $@"; ts_isolate $@;;
 		--help|help) ts_usage;;
 		*) ts_usage; exit 1;;
 	esac