bridgemngr: Create centralized ebtables setup.

Create a centralized setup for ebtables. This is necessary to garantuee the order of how chains are created. Right now it provides a 1:1 drop-in replacement of how things currently work and no changes are needed in the short term.
2026-01-28 01:47:19 +01:00 · 2025-01-17 16:04:53 +01:00 · 2025-01-17 16:04:53 +01:00 · e3c9182bbc
commit e3c9182bbc
parent 5cac9516c0
6 changed files with 128 additions and 43 deletions
--- a/bridgemngr/Makefile
+++ b/bridgemngr/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.9
+PKG_VERSION:=1.0.10

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
@ -47,12 +47,18 @@ ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
 endif

 define Package/bridgemngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libbridgemngr.so $(1) $(PKG_NAME)
 ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_EXT), y)
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libbridgeext.so $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_PLUGIN) ./files/VLAN_Filtering_Extension.json $(1) $(PKG_NAME)
 endif
+
+	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
 endef

 ifeq ($(LOCAL_DEV),1)
--- a/bridgemngr/files/etc/config/bridging
+++ b/bridgemngr/files/etc/config/bridging
@ -0,0 +1,26 @@
+#L2 filter UCI file
+
+config chain 'qos_output'
+	option target 'qos_output'
+	option table 'nat'
+	option chain 'OUTPUT'
+	option policy 'RETURN'
+
+config chain 'dscp2pbits'
+	option target 'dscp2pbits'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+
+config chain 'qos'
+	option target 'qos'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+
+config chain 'prevlanxlate'
+	option target 'prevlanxlate'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+	option append 'false'
--- a/bridgemngr/files/etc/init.d/bridging
+++ b/bridgemngr/files/etc/init.d/bridging
@ -0,0 +1,93 @@
+#!/bin/sh /etc/rc.common
+
+# Start after bdmf shell, wanconf, and switch-script but before the network-script
+START=20
+STOP=10
+
+USE_PROCD=1
+
+. /lib/functions.sh
+
+handle_ebtables_chain() {
+	local sid="$1"
+	local table
+	local chain
+	local target
+	local policy
+	local append
+	local enabled
+	local ret
+
+	config_get table "$sid" table filter
+	config_get chain "$sid" chain
+	config_get policy "$sid" policy RETURN
+	config_get target "$sid" target
+	config_get_bool append "$sid" append 1
+	config_get_bool enabled "$sid" enabled 1
+
+	[ "$enabled" = "0" ] && return
+	[ -z "${chain}" -o -z "${target}" ] && return
+
+	if [ "$append" != "0" ]; then
+		append="-A"
+	else
+		append="-I"
+	fi
+
+	ebtables --concurrent -t "$table" -N "$target" -P "$policy" 2> /dev/null
+	ret=$?
+
+	if [ $ret -eq 0 ]; then
+		ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
+	else
+		ebtables --concurrent -t "$table" -D "$chain" -j "$target"
+		ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
+	fi
+}
+
+handle_ebtables_rule() {
+	local sid="$1"
+	local table
+	local chain
+	local target
+	local match
+	local value
+	local enabled
+	local ret
+
+	config_get table "$sid" table filter
+	config_get chain "$sid" chain
+	config_get match "$sid" match
+	config_get value "$sid" value
+	config_get target "$sid" target RETURN
+	config_get_bool append "$sid" append 1
+	config_get_bool enabled "$sid" enabled 1
+
+	[ "$enabled" = "0" ] && return
+	[ -z "${chain}" -o -z "${target}" ] && return
+
+	if [ "$append" != "0" ]; then
+		append="-A"
+	else
+		append="-I"
+	fi
+
+	ebtables --concurrent -t "$table" -D "$chain" ${match} -j "$target" ${value} 2> /dev/null
+	ebtables --concurrent -t "$table" ${append} "$chain" ${match} -j "$target" ${value}
+}
+
+start_service() {
+	config_load bridging
+	config_foreach handle_ebtables_chain chain
+	config_foreach handle_ebtables_rule rule
+}
+
+reload_service() {
+	stop
+	start
+}
+
+
+service_triggers() {
+	procd_add_reload_trigger bridging
+}
--- a/qosmngr/Makefile
+++ b/qosmngr/Makefile
@ -30,7 +30,7 @@ define Package/qosmngr
  TITLE:=QoS Manager
  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
  DEPENDS+=+kmod-vlantranslation +kmod-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bridgemngr
 endef

 define Package/qosmngr/description
--- a/qosmngr/files/common/lib/qos/classify.sh
+++ b/qosmngr/files/common/lib/qos/classify.sh
@ -122,7 +122,7 @@ setup_qos() {
        cp /etc/config/qos /tmp/qos/qos
    fi

-    create_ebtables_chains
+    /etc/init.d/bridging restart # Imitate the existing behaviour.
    create_iptables_chains
 }

--- a/qosmngr/files/common/lib/qos/ebtables.sh
+++ b/qosmngr/files/common/lib/qos/ebtables.sh
@ -508,46 +508,6 @@ handle_ebtables_dscp2pbit() {
    BR_RULE_DSCP2PBIT=" -i $in_if -j dscp2pbit --dscp2pbit-mapping $dscp2pbit_mapping_list --dscp2pbit-target CONTINUE"
 }

-create_ebtables_chains() {
-
-    ebtables --concurrent -t nat -N qos_output -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t nat -A OUTPUT -j qos_output
-    else
-        ebtables --concurrent -t nat -D OUTPUT -j qos_output
-        ebtables --concurrent -t nat -A OUTPUT -j qos_output
-    fi
-
-    ebtables --concurrent -t broute -N dscp2pbits -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
-    else
-        ebtables --concurrent -t broute -D BROUTING -j dscp2pbits
-        ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
-    fi
-
-    ebtables --concurrent -t broute -N qos -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -A BROUTING -j qos
-    else
-        ebtables --concurrent -t broute -D BROUTING -j qos
-        ebtables --concurrent -t broute -A BROUTING -j qos
-    fi
-
-    ebtables --concurrent -t broute -N prevlanxlate -P RETURN 2> /dev/null
-    ret=$?
-
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
-    else
-        ebtables --concurrent -t broute -D BROUTING -j prevlanxlate
-        ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
-    fi
-}
-
 flush_ebtables_chains() {
    echo "ebtables --concurrent -t nat -F qos_output" > /tmp/qos/classify.ebtables
    echo "ebtables --concurrent -t broute -F qos" > /tmp/qos/classify.ebtables