On Thu, Jul 9, 2020 at 4:29 AM Florian Fainelli <f.faine...@gmail.com> wrote: > Me > > The tested scenarios sure work fine with this > > set-up including video streaming from a NAS device. > > Does this maintain the requirement that by default, all DSA ports must > be isolated from one another? For instance, if you have broadcast > traffic on port 2, by virtue of having port 1 and port 2 now in VLAN ID > 1, do you see that broadcast traffic from port 1?
Unfortunately yes :( I test this by setting a host (169.254.1.1) to ping the router (169.254.1.2) and if I connect a machine to one of the other ports I can see the ARP requests on that machine as "who-has (...) tell 169.254.1.1" > If you do, then you need to find a way to maintain isolation between ports. > > It looks like the FID is used for implementing VLAN filtering so maybe > you need to dedicate a FID per port number here, and add them all to VLAN 1? The FID exist in the source code but neither the vendor driver not the OpenWrt driver make any use of them, their way of separating the ports is by using one VLAN per port and setting the PVID for each port to that VLAN, in the way described in the commit message. Is there an example of some driver using a FID for this? What do you think about the option to teach the core to set up VLANs like the driver currently does with one VLAN per port and PVID set for each? I haven't even been able to locate the code that associates all ports with VLAN1 but I figured it can't be too hard? (Famous last words.) Yours, Linus Walleij
