From 38566b8fbdec60b1601ed127fd759c85802909e9 Mon Sep 17 00:00:00 2001
From: jack9603301 <jack9603301@163.com>
Date: Sat, 9 Jan 2021 21:32:19 +0800
Subject: bridge: T3137: Let VLAN aware bridge approach the behavior of
 professional equipment

According to the consensus, the specific behavior of a VLAN aware bridge should conform
to the behavior of professional equipment. This commit makes a significant change to the
behavior of VLAN aware bridge, and has the following behaviors:

1. Disable `vif 1` configuration
2. When the VLAN aware bridge is enabled, the parent interface is always VLAN 1
3. When `native-vlan` is not configured, the default behavior of the device is `native-vlan 1`
4. The VLAN ids forwarded by the bridge are determined by `vif`
5. It has an `enable-vlan` node to enable VLAN awareness
6. VLAN configuration is allowed only when VLAN aware bridge is activated
---
 interface-definitions/interfaces-bridge.xml.in | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'interface-definitions/interfaces-bridge.xml.in')

diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index c32c0ca32..e940e6685 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -86,6 +86,12 @@
           #include <include/interface-ipv6-options.xml.i>
           #include <include/interface-mac.xml.i>
           #include <include/interface-mirror.xml.i>
+          <leafNode name="enable-vlan">
+            <properties>
+              <help>Enable VLAN aware bridge</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <leafNode name="max-age">
             <properties>
               <help>Interval at which neighbor bridges are removed</help>
@@ -196,7 +202,6 @@
               <valueless/>
             </properties>
           </leafNode>
-          #include <include/vif-s.xml.i>
           #include <include/vif.xml.i>
         </children>
       </tagNode>
-- 
cgit v1.2.3


From 2d1e8a2fdba707aaae46b9f136aa8dd171ff8f3d Mon Sep 17 00:00:00 2001
From: jack9603301 <jack9603301@163.com>
Date: Sat, 16 Jan 2021 13:32:50 +0800
Subject: bridge: T3137: Improved verification logic

---
 interface-definitions/interfaces-bridge.xml.in |  2 +-
 src/conf_mode/interfaces-bridge.py             | 19 +++----------------
 src/validators/allowed-vlan                    | 19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 17 deletions(-)
 create mode 100755 src/validators/allowed-vlan

(limited to 'interface-definitions/interfaces-bridge.xml.in')

diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index e940e6685..63c543f33 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -144,7 +144,7 @@
                         <description>VLAN id range allowed on this interface (use '-' as delimiter)</description>
                       </valueHelp>
                       <constraint>
-                        <regex>^([0-9]{1,4}-[0-9]{1,4})|([0-9]{1,4})$</regex>
+                        <validator name="allowed-vlan"/>
                       </constraint>
                       <constraintErrorMessage>not a valid VLAN ID value or range</constraintErrorMessage>
                       <multi/>
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 4817947eb..ca2718423 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -138,23 +138,10 @@ def verify(bridge):
 
                 if 'wlan' in interface:
                     raise ConfigError(error_msg + 'VLAN aware cannot be set!')
-
-                if 'allowed_vlan' in interface_config:
-                    for vlan in interface_config['allowed_vlan']:
-                        if re.search('[0-9]{1,4}-[0-9]{1,4}', vlan):
-                            vlan_range = vlan.split('-')
-                            if int(vlan_range[0]) <1 and int(vlan_range[0])>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
-                            if int(vlan_range[1]) <1 and int(vlan_range[1])>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
-                        else:
-                            if int(vlan) <1 and int(vlan)>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
             else:
-                if 'allowed_vlan' in interface_config:
-                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "allowed-vlan"')
-                if 'native_vlan' in interface_config:
-                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "native-vlan"')
+                for option in ['allowed_vlan', 'native_vlan']:
+                    if option in interface_config:
+                        raise ConfigError('Can not use VLAN options on non VLAN aware bridge')
     
     if 'enable_vlan' in bridge:
         if dict_search('vif.1', bridge):
diff --git a/src/validators/allowed-vlan b/src/validators/allowed-vlan
new file mode 100755
index 000000000..11389390b
--- /dev/null
+++ b/src/validators/allowed-vlan
@@ -0,0 +1,19 @@
+#! /usr/bin/python3
+
+import sys
+import re
+
+if __name__ == '__main__':
+    if len(sys.argv)>1:
+        allowed_vlan = sys.argv[1]
+        if re.search('[0-9]{1,4}-[0-9]{1,4}', allowed_vlan):
+            for tmp in allowed_vlan.split('-'):
+                if int(tmp) not in range(1, 4095):
+                    sys.exit(1)
+        else:
+            if int(allowed_vlan) not in range(1, 4095):
+                sys.exit(1)
+    else:
+        sys.exit(2)
+    
+    sys.exit(0)
-- 
cgit v1.2.3