From e3c9182bbc02095398879bfb1d879526e887fe64 Mon Sep 17 00:00:00 2001
From: Markus Gothe <markus.gothe@genexis.eu>
Date: Fri, 17 Jan 2025 16:04:53 +0100
Subject: [PATCH] bridgemngr: Create centralized ebtables setup.

Create a centralized setup for ebtables.
This is necessary to garantuee the order
of how chains are created.

Right now it provides a 1:1 drop-in
replacement of how things currently work
and no changes are needed in the short term.
---
 bridgemngr/Makefile                      |  8 +-
 bridgemngr/files/etc/config/bridging     | 26 +++++++
 bridgemngr/files/etc/init.d/bridging     | 93 ++++++++++++++++++++++++
 qosmngr/Makefile                         |  2 +-
 qosmngr/files/common/lib/qos/classify.sh |  2 +-
 qosmngr/files/common/lib/qos/ebtables.sh | 40 ----------
 6 files changed, 128 insertions(+), 43 deletions(-)
 create mode 100644 bridgemngr/files/etc/config/bridging
 create mode 100755 bridgemngr/files/etc/init.d/bridging

diff --git a/bridgemngr/Makefile b/bridgemngr/Makefile
index ad81527e0..7fc449c1e 100644
--- a/bridgemngr/Makefile
+++ b/bridgemngr/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bridgemngr
-PKG_VERSION:=1.0.9
+PKG_VERSION:=1.0.10
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 LOCAL_DEV:=0
@@ -47,12 +47,18 @@ ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VLAN),y)
 endif
 
 define Package/bridgemngr/install
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+
 	$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libbridgemngr.so $(1) $(PKG_NAME)
 ifeq ($(CONFIG_BRIDGEMNGR_BRIDGE_VENDOR_EXT), y)
 	$(BBFDM_INSTALL_MS_PLUGIN) $(PKG_BUILD_DIR)/src/libbridgeext.so $(1) $(PKG_NAME)
 	$(BBFDM_INSTALL_MS_PLUGIN) ./files/VLAN_Filtering_Extension.json $(1) $(PKG_NAME)
 endif
+
+	$(INSTALL_BIN) ./files/etc/init.d/bridging $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/bridging $(1)/etc/config/
 endef
 
 ifeq ($(LOCAL_DEV),1)
diff --git a/bridgemngr/files/etc/config/bridging b/bridgemngr/files/etc/config/bridging
new file mode 100644
index 000000000..5bf163ca5
--- /dev/null
+++ b/bridgemngr/files/etc/config/bridging
@@ -0,0 +1,26 @@
+#L2 filter UCI file
+
+config chain 'qos_output'
+	option target 'qos_output'
+	option table 'nat'
+	option chain 'OUTPUT'
+	option policy 'RETURN'
+
+config chain 'dscp2pbits'
+	option target 'dscp2pbits'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+
+config chain 'qos'
+	option target 'qos'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+
+config chain 'prevlanxlate'
+	option target 'prevlanxlate'
+	option table 'broute'
+	option chain 'BROUTING'
+	option policy 'RETURN'
+	option append 'false'
diff --git a/bridgemngr/files/etc/init.d/bridging b/bridgemngr/files/etc/init.d/bridging
new file mode 100755
index 000000000..37bb2cd29
--- /dev/null
+++ b/bridgemngr/files/etc/init.d/bridging
@@ -0,0 +1,93 @@
+#!/bin/sh /etc/rc.common
+
+# Start after bdmf shell, wanconf, and switch-script but before the network-script
+START=20
+STOP=10
+
+USE_PROCD=1
+
+. /lib/functions.sh
+
+handle_ebtables_chain() {
+	local sid="$1"
+	local table
+	local chain
+	local target
+	local policy
+	local append
+	local enabled
+	local ret
+
+	config_get table "$sid" table filter
+	config_get chain "$sid" chain
+	config_get policy "$sid" policy RETURN
+	config_get target "$sid" target
+	config_get_bool append "$sid" append 1
+	config_get_bool enabled "$sid" enabled 1
+
+	[ "$enabled" = "0" ] && return
+	[ -z "${chain}" -o -z "${target}" ] && return
+
+	if [ "$append" != "0" ]; then
+		append="-A"
+	else
+		append="-I"
+	fi
+
+	ebtables --concurrent -t "$table" -N "$target" -P "$policy" 2> /dev/null
+	ret=$?
+
+	if [ $ret -eq 0 ]; then
+		ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
+	else
+		ebtables --concurrent -t "$table" -D "$chain" -j "$target"
+		ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
+	fi
+}
+
+handle_ebtables_rule() {
+	local sid="$1"
+	local table
+	local chain
+	local target
+	local match
+	local value
+	local enabled
+	local ret
+
+	config_get table "$sid" table filter
+	config_get chain "$sid" chain
+	config_get match "$sid" match
+	config_get value "$sid" value
+	config_get target "$sid" target RETURN
+	config_get_bool append "$sid" append 1
+	config_get_bool enabled "$sid" enabled 1
+
+	[ "$enabled" = "0" ] && return
+	[ -z "${chain}" -o -z "${target}" ] && return
+
+	if [ "$append" != "0" ]; then
+		append="-A"
+	else
+		append="-I"
+	fi
+
+	ebtables --concurrent -t "$table" -D "$chain" ${match} -j "$target" ${value} 2> /dev/null
+	ebtables --concurrent -t "$table" ${append} "$chain" ${match} -j "$target" ${value}
+}
+
+start_service() {
+	config_load bridging
+	config_foreach handle_ebtables_chain chain
+	config_foreach handle_ebtables_rule rule
+}
+
+reload_service() {
+	stop
+	start
+}
+
+
+service_triggers() {
+	procd_add_reload_trigger bridging
+}
diff --git a/qosmngr/Makefile b/qosmngr/Makefile
index 3c6e141f2..965e3ac5e 100644
--- a/qosmngr/Makefile
+++ b/qosmngr/Makefile
@@ -30,7 +30,7 @@ define Package/qosmngr
   TITLE:=QoS Manager
   DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
   DEPENDS+=+kmod-vlantranslation +kmod-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bridgemngr
 endef
 
 define Package/qosmngr/description
diff --git a/qosmngr/files/common/lib/qos/classify.sh b/qosmngr/files/common/lib/qos/classify.sh
index 3a2e61828..b20b72028 100755
--- a/qosmngr/files/common/lib/qos/classify.sh
+++ b/qosmngr/files/common/lib/qos/classify.sh
@@ -122,7 +122,7 @@ setup_qos() {
         cp /etc/config/qos /tmp/qos/qos
     fi
 
-    create_ebtables_chains
+    /etc/init.d/bridging restart # Imitate the existing behaviour.
     create_iptables_chains
 }
 
diff --git a/qosmngr/files/common/lib/qos/ebtables.sh b/qosmngr/files/common/lib/qos/ebtables.sh
index 704c39a2a..5049913f8 100755
--- a/qosmngr/files/common/lib/qos/ebtables.sh
+++ b/qosmngr/files/common/lib/qos/ebtables.sh
@@ -508,46 +508,6 @@ handle_ebtables_dscp2pbit() {
     BR_RULE_DSCP2PBIT=" -i $in_if -j dscp2pbit --dscp2pbit-mapping $dscp2pbit_mapping_list --dscp2pbit-target CONTINUE"
 }
 
-create_ebtables_chains() {
-
-    ebtables --concurrent -t nat -N qos_output -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t nat -A OUTPUT -j qos_output
-    else
-        ebtables --concurrent -t nat -D OUTPUT -j qos_output
-        ebtables --concurrent -t nat -A OUTPUT -j qos_output
-    fi
-
-    ebtables --concurrent -t broute -N dscp2pbits -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
-    else
-        ebtables --concurrent -t broute -D BROUTING -j dscp2pbits
-        ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
-    fi
-
-    ebtables --concurrent -t broute -N qos -P RETURN 2> /dev/null
-    ret=$?
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -A BROUTING -j qos
-    else
-        ebtables --concurrent -t broute -D BROUTING -j qos
-        ebtables --concurrent -t broute -A BROUTING -j qos
-    fi
-
-    ebtables --concurrent -t broute -N prevlanxlate -P RETURN 2> /dev/null
-    ret=$?
-
-    if [ $ret -eq 0 ]; then
-        ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
-    else
-        ebtables --concurrent -t broute -D BROUTING -j prevlanxlate
-        ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
-    fi
-}
-
 flush_ebtables_chains() {
     echo "ebtables --concurrent -t nat -F qos_output" > /tmp/qos/classify.ebtables
     echo "ebtables --concurrent -t broute -F qos" > /tmp/qos/classify.ebtables