From 077ee44760a5dc8b029644c96d91f63811727798 Mon Sep 17 00:00:00 2001 From: Sreehari Ramanjula <220073682+RAMANJULASREEHARI@users.noreply.github.com> Date: Wed, 4 Mar 2026 14:19:37 +0000 Subject: [PATCH] XF10-528: Add support for pseudo bridge mode Reason for change: Parity Functionalities with XB devices Test Procedure: Check the test procedure at XB9-408 Priority:P1 Risks:Low Signed-off-by: Sreehari Ramanjula <220073682+RAMANJULASREEHARI@users.noreply.github.com> --- .../scripts/init/c_registration/02_bridge.c | 2 +- .../scripts/init/service.d/service_bridge.sh | 801 +++++++++--------- 2 files changed, 409 insertions(+), 394 deletions(-) diff --git a/source/scripts/init/c_registration/02_bridge.c b/source/scripts/init/c_registration/02_bridge.c index 38cb24a9..2413411b 100644 --- a/source/scripts/init/c_registration/02_bridge.c +++ b/source/scripts/init/c_registration/02_bridge.c @@ -47,7 +47,7 @@ const char* SERVICE_CUSTOM_EVENTS[] = {"wan-start|/etc/utopia/service.d/service_ const char* SERVICE_DEFAULT_HANDLER = "/etc/utopia/service.d/service_bridge_tchcbr.sh"; const char* SERVICE_CUSTOM_EVENTS[] = { NULL }; //has to be commented due to NOT hit for Commscope platform then also added by patches #elif defined (_COSA_BCM_ARM_) && ! defined (_PLATFORM_IPQ_) && ! defined (_PLATFORM_RASPBERRYPI_) && ! defined(_PLATFORM_BANANAPI_R4_) -const char* SERVICE_DEFAULT_HANDLER = "/etc/utopia/service.d/service_bridge_tchxb6.sh"; +const char* SERVICE_DEFAULT_HANDLER = "/etc/utopia/service.d/service_bridge.sh"; #if defined(DOCSIS_EXTENDED_MTU_SUPPORT) const char* SERVICE_CUSTOM_EVENTS[] = {"wan-start|/etc/utopia/service.d/service_bridge_tchxb6.sh|NULL|" TUPLE_FLAG_EVENT, NULL}; #else diff --git a/source/scripts/init/service.d/service_bridge.sh b/source/scripts/init/service.d/service_bridge.sh index 79ae213c..814e0974 100755 --- a/source/scripts/init/service.d/service_bridge.sh +++ b/source/scripts/init/service.d/service_bridge.sh @@ -19,21 +19,7 @@ # limitations under the License. ################################################################################ -####################################################################### -# Copyright [2014] [Cisco Systems, Inc.] -# -# Licensed under the Apache License, Version 2.0 (the \"License\"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an \"AS IS\" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -####################################################################### +#Script to put the private LAN into pseudo bridge mode #source /etc/utopia/service.d/interface_functions.sh source /etc/utopia/service.d/hostname_functions.sh @@ -42,141 +28,161 @@ source /etc/utopia/service.d/ulog_functions.sh source /etc/utopia/service.d/event_handler_functions.sh #source /etc/utopia/service.d/brcm_ethernet_helper.sh +source /etc/utopia/service.d/log_capture_path.sh + +POSTD_START_FILE="/tmp/.postd_started" + SERVICE_NAME="bridge" -UDHCPC_PID_FILE=/var/run/udhcpc.pid -UDHCPC_SCRIPT=/etc/utopia/service.d/service_bridge/dhcp_link.sh - -#------------------------------------------------------------- -# Registration/Deregistration of dhcp client restart/release/renew handlers -# These are only needed if the dhcp is used -# Note that service_bridge is creating the pseudo service dhcp_client -#------------------------------------------------------------- -HANDLER="/etc/utopia/service.d/service_bridge/dhcp_link.sh" - -unregister_dhcp_client_handlers() { - # ulog bridge status "$PID unregister_dhcp_client_handlers" - asyncid1=`sysevent get ${SERVICE_NAME}_async_id_1`; - if [ -n "$asyncid1" ] ; then - sysevent rm_async $asyncid1 - sysevent set ${SERVICE_NAME}_async_id_1 - fi - asyncid2=`sysevent get ${SERVICE_NAME}_async_id_2`; - if [ -n "$asyncid2" ] ; then - sysevent rm_async $asyncid2 - sysevent set ${SERVICE_NAME}_async_id_2 - fi - asyncid3=`sysevent get ${SERVICE_NAME}_async_id_3`; - if [ -n "$asyncid3" ] ; then - sysevent rm_async $asyncid3 - sysevent set ${SERVICE_NAME}_async_id_3 - fi +#Separate routing table used to ensure that responses from the web UI go directly to the LAN interface, not out erouter0 +BRIDGE_MODE_TABLE=69 + +#Mode passed in by commandline, can be "enable" or "disable" +SCRIPT_MODE="$1" + +# Current gw ip address +LAN_IP=`syscfg get lan_ipaddr` + +#Set max CPE bypass to 2 in order to account for mta0 and erouter0 +set_max_cpe_bypass() { + ncpu_exec -e service_bridge.sh set_max_cpe_bypass } -register_dhcp_client_handlers() { - # ulog bridge status "$PID register_dhcp_client_handlers" - # Remove any prior notification requests - unregister_dhcp_client_handlers - - # instantiate a request to be notified when the dhcp_client-restart changes - # make it an event (TUPLE_FLAG_EVENT = $TUPLE_FLAG_EVENT) - asyncid1=`sysevent async dhcp_client-restart "$HANDLER"`; - sysevent setoptions dhcp_client-restart $TUPLE_FLAG_EVENT - sysevent set ${SERVICE_NAME}_async_id_1 "$asyncid1" - - # instantiate a request to be notified when the dhcp_client-release / renew changes - # make it an event (TUPLE_FLAG_EVENT = $TUPLE_FLAG_EVENT) - asyncid2=`sysevent async dhcp_client-release "$HANDLER"`; - sysevent setoptions dhcp_client-release $TUPLE_FLAG_EVENT - sysevent set ${SERVICE_NAME}_async_id_2 "$asyncid2" - - asyncid3=`sysevent async dhcp_client-renew "$HANDLER"`; - sysevent setoptions dhcp_client-renew $TUPLE_FLAG_EVENT - sysevent set ${SERVICE_NAME}_async_id_3 "$asyncid3" +wait_till_steady_state () +{ + LSERVICE=$1 + TRIES=1 + while [ "30" -ge "$TRIES" ] ; do + LSTATUS=`sysevent get "${LSERVICE}"-status` + if [ "starting" = "$LSTATUS" ] || [ "stopping" = "$LSTATUS" ] || [ "partial" = "$LSTATUS" ] ; then + sleep 1 + TRIES=`expr $TRIES + 1` + else + return + fi + done + echo "$0: Timed out waiting for $LSERVICE to be in a steady state" } +flush_connection_info(){ + #Flush connection tracking - This will also flush packet processor sessions + conntrack_flush + + #Flush CPE table + ncpu_exec -e service_bridge.sh clear_cpe_table +} -#-------------------------------------------------------------- -# Enslave a physical or virtual interface to a bridge -# -# Takes parameters : -# $1 : the name of the interface to enslave -# $2 : the name of the interface to enslave it to -#-------------------------------------------------------------- -enslave_a_interface() { - ip link set $1 up - ip link set $1 allmulticast on - brctl addif $2 $1 +get_wan_if_name(){ + WAN_IF="" + while [ -z "$WAN_IF" ] ; do + WAN_IF=`sysevent get wan_ifname` + if [ -z "$WAN_IF" ] ; then + echo "Waiting for wan_ifname value..." + sleep 1 + fi + done } -#-------------------------------------------------------------- -# Bring up the ethernet interfaces -#-------------------------------------------------------------- -bringup_ethernet_interfaces() { - return 0 +#Add or remove rules to block local traffic from reaching DOCSIS bridge +filter_local_traffic(){ + if [ "$1" = "enable" ] ; then + #Create a new chain to local traffic filtering + ebtables -N BRIDGE_OUTPUT_FILTER + ebtables -F BRIDGE_OUTPUT_FILTER 2> /dev/null + ebtables -I OUTPUT -j BRIDGE_OUTPUT_FILTER + + #Don't allow LAN bridge to send traffic to DOCSIS bridge + ebtables -A BRIDGE_OUTPUT_FILTER --logical-out "a-mux" -j DROP + ebtables -A BRIDGE_OUTPUT_FILTER --logical-out "$BRIDGE_NAME" -j DROP + ebtables -A BRIDGE_OUTPUT_FILTER -o lbr0 -j DROP + ebtables -A BRIDGE_OUTPUT_FILTER -o erouter0 -j DROP + + #Return from filter chain + ebtables -A BRIDGE_OUTPUT_FILTER -j RETURN + else + #Delete the local traffic filter chain + ebtables -D OUTPUT -j BRIDGE_OUTPUT_FILTER + ebtables -X BRIDGE_OUTPUT_FILTER + fi } -#-------------------------------------------------------------- -# Tear down the ethernet interfaces -#-------------------------------------------------------------- -teardown_ethernet_interfaces() { - for loop in $SYSCFG_lan_ethernet_physical_ifnames - do - ip link set $loop down - done +#Temporarily block traffic through lbr0 while reconfiguring rules +block_bridge(){ + ifconfig lbr0 down } -#-------------------------------------------------------------- -# Bring up the wireless interfaces -#-------------------------------------------------------------- -bringup_wireless_interfaces() { - - INCR_AMOUNT=10 - WIFI_IF_INDEX=1 - - if [ -n "$SYSCFG_lan_wl_physical_ifnames" ] ; then - for loop in $SYSCFG_lan_wl_physical_ifnames - do - MAC=`syscfg get "macwifi0${WIFI_IF_INDEX}bssid1"` - - ifconfig $loop hw ether $MAC - ip link set $loop allmulticast on - ulog lan status "setting $loop hw address to $MAC" - WL_STATE=`syscfg get wl$(($WIFI_IF_INDEX-1))_state` - - ulog lan status "wlancfg $loop $WL_STATE" - wlancfg $loop $WL_STATE - wlancfg $loop $WL_STATE - WIFI_IF_INDEX=`expr $WIFI_IF_INDEX + 1` - done - fi +#Unblock bridged traffic through lbr0 +unblock_bridge(){ + ifconfig lbr0 up } -#-------------------------------------------------------------- -# Teardown the wireless interfaces -#-------------------------------------------------------------- -teardown_wireless_interfaces() { - for loop in $SYSCFG_lan_wl_physical_ifnames - do - wlancfg $loop down - ip link set $loop down - done - - teardown_wireless_daemons +cmdiag_ebtables_rules() +{ + if [ "$1" = "enable" ] ; then + CMDIAG_MAC="`cat /sys/class/net/lan0/address`" + CMDIAG_MAC_BRLAN0="`cat /sys/class/net/brlan0/address`" + MUX_MAC="`cat /sys/class/net/adp0/address`" + + #Don't allow lan0 or MUX to send traffic to DOCSIS bridge + ebtables -N BRIDGE_FORWARD_FILTER + ebtables -F BRIDGE_FORWARD_FILTER 2> /dev/null + ebtables -I FORWARD -j BRIDGE_FORWARD_FILTER + ebtables -A BRIDGE_FORWARD_FILTER -s "$CMDIAG_MAC" -o lbr0 -j DROP + ebtables -A BRIDGE_FORWARD_FILTER -s "$CMDIAG_MAC" -o eth3 -j DROP + ebtables -A BRIDGE_FORWARD_FILTER -s "$CMDIAG_MAC_BRLAN0" -o eth3 -j DROP + ebtables -A BRIDGE_FORWARD_FILTER -s "$MUX_MAC" -o lbr0 -j DROP + if [ "$ETHWAN_ENABLED" = "true" ];then + ebtables -A BRIDGE_FORWARD_FILTER -s "$CMDIAG_MAC" -o nsgmii0 -j DROP + fi + ebtables -A BRIDGE_FORWARD_FILTER -j RETURN + #Redirect traffic destined to lan0 IP to lan0 MAC address + ebtables -t nat -N BRIDGE_REDIRECT + ebtables -t nat -F BRIDGE_REDIRECT 2> /dev/null + ebtables -t nat -I PREROUTING -j BRIDGE_REDIRECT + ebtables -t nat -A BRIDGE_REDIRECT --logical-in "$BRIDGE_NAME" -p ipv4 --ip-dst "$LAN_IP" -j dnat --to-destination "$CMDIAG_MAC" + ebtables -t nat -A BRIDGE_REDIRECT --logical-in "$BRIDGE_NAME" -p ipv4 --ip-dst "$LAN_IP" -j forward --forward-dev llan0 + ebtables -t nat -A BRIDGE_REDIRECT -j RETURN + else + ebtables -D FORWARD -j BRIDGE_FORWARD_FILTER + ebtables -X BRIDGE_FORWARD_FILTER + ebtables -t nat -D PREROUTING -j BRIDGE_REDIRECT + ebtables -t nat -X BRIDGE_REDIRECT + fi } -#-------------------------------------------------------------- -# stop_firewall -# If the firewall is up, then tear it down -#-------------------------------------------------------------- -stop_firewall() +#Create a virtual lan0 management interface and connect it to the bride +#Also prevent this interface from sending any packets to the DOCSIS bridge +cmdiag_if() { - STATUS=`sysevent get firewall-status` - if [ "stopped" != "$STATUS" ] ; then - sysevent set firewall-stop - sleep 1 - wait_till_end_state firewall - fi + if [ "$1" = "enable" ] ; then + ip link add "$CMDIAG_IF" type veth peer name l"${CMDIAG_IF}" + echo 1 > /proc/sys/net/ipv6/conf/lan0/disable_ipv6 + echo 1 > /proc/sys/net/ipv6/conf/llan0/disable_ipv6 + echo 1 > /proc/sys/net/ipv6/conf/adp0/disable_ipv6 + echo 1 > /proc/sys/net/ipv6/conf/a-mux/disable_ipv6 + CMDIAG_MAC="`cat /sys/class/net/lan0/address`" + ifconfig "$CMDIAG_IF" hw ether "$CMDIAG_MAC" + cmdiag_ebtables_rules enable + ifconfig l"${CMDIAG_IF}" promisc up + ifconfig "$CMDIAG_IF" "$LAN_IP" netmask "$LAN_NETMASK" up + #add lan0 interface entry to the TOE netdevList for PP on ATOM configuration + if [ -d /etc/pp_on_atom ] ; then + echo "ADD $CMDIAG_IF" > /sys/devices/platform/toe/netif_lut + fi + ovs-vsctl add-port brlan0 l"${CMDIAG_IF}" + else + ifconfig "$CMDIAG_IF" down + ifconfig l"${CMDIAG_IF}" down + ip link del "$CMDIAG_IF" + ovs-vsctl del-port brlan0 l"${CMDIAG_IF}" + #del lan0 interface entry from the TOE netdevList for PP on ATOM configuration + if [ -d /etc/pp_on_atom ] ; then + echo 0 > /sys/devices/platform/toe/enable + echo "DEL $CMDIAG_IF" > /sys/devices/platform/toe/netif_lut + echo 1 > /sys/devices/platform/toe/enable + fi + cmdiag_ebtables_rules disable + fi } #-------------------------------------------------------------- @@ -186,23 +192,16 @@ stop_firewall() add_ebtable_rule() { # Add the rule to redirect diagnostic traffic to CM-LAN in bridge mode - prod_model=`awk -F'[-=]' '/^VERSION/ {print $2}' /etc/versions` cmdiag_if=`syscfg get cmdiag_ifname` - cmdiag_if_mac=`ip link show $cmdiag_if | awk '/link/ {print $2}'` - - wan_if=`syscfg get wan_physical_ifname` - cmdiag_ip="192.168.100.1" - subnet_wan=`ip route show | awk '/'$wan_if'/ {print $1}'` - - ip route del $subnet_wan dev $wan_if - ip route add $subnet_wan dev $cmdiag_if #proto kernel scope link src $cmdiag_ip - ip route add default dev $cmdiag_if - + cmdiag_if_mac=`ip link show "$cmdiag_if" | awk '/link/ {print $2}'` dst_ip=`syscfg get lan_ipaddr` # RT-10-580 @ XB3 - ip addr add $dst_ip/24 dev $cmdiag_if - ebtables -t nat -A PREROUTING -p ipv4 --ip-dst $dst_ip -j dnat --to-destination $cmdiag_if_mac - echo 2 > /proc/sys/net/ipv4/conf/wan0/arp_announce + if [ "$LAN_IP" != "$dst_ip" ]; then + ip addr add "$dst_ip"/24 dev "$cmdiag_if" + ebtables -t nat -A PREROUTING -p ipv4 --ip-dst "$dst_ip" -j dnat --to-destination "$cmdiag_if_mac" + echo 2 > /proc/sys/net/ipv4/conf/wan0/arp_announce + ip rule add from "$dst_ip" lookup $BRIDGE_MODE_TABLE + fi } #-------------------------------------------------------------- @@ -211,146 +210,199 @@ add_ebtable_rule() #-------------------------------------------------------------- del_ebtable_rule() { - prod_model=`awk -F'[-=]' '/^VERSION/ {print $2}' /etc/versions` cmdiag_if=`syscfg get cmdiag_ifname` - cmdiag_if_mac=`ip link show $cmdiag_if | awk '/link/ {print $2}'` - - wan_if=`syscfg get wan_physical_ifname` - wan_ip=`sysevent get ipv4_wan_ipaddr` - subnet_wan=`ip route show | grep $cmdiag_if | grep -v 192.168.100. | grep -v 10.0.0 | awk '/'$cmdiag_if'/ {print $1}'` - - ip route del $subnet_wan dev $cmdiag_if - ip route del default dev $cmdiag_if - ip route add $subnet_wan dev $wan_if proto kernel scope link src $wan_ip - - + cmdiag_if_mac=`ip link show "$cmdiag_if" | awk '/link/ {print $2}'` dst_ip=`syscfg get lan_ipaddr` # RT-10-580 @ XB3 PRD - ip addr del $dst_ip/24 dev $cmdiag_if - ebtables -t nat -D PREROUTING -p ipv4 --ip-dst $dst_ip -j dnat --to-destination $cmdiag_if_mac - echo 0 > /proc/sys/net/ipv4/conf/wan0/arp_announce + if [ "$LAN_IP" != "$dst_ip" ]; then + ip addr del "$dst_ip"/24 dev "$cmdiag_if" + ebtables -t nat -D PREROUTING -p ipv4 --ip-dst "$dst_ip" -j dnat --to-destination "$cmdiag_if_mac" + echo 0 > /proc/sys/net/ipv4/conf/wan0/arp_announce + ip rule del from "$dst_ip" lookup $BRIDGE_MODE_TABLE + fi } -#-------------------------------------------------------------- -# do_start -#-------------------------------------------------------------- -do_start() -{ - ulog bridge status "stopping firewall" - stop_firewall - ulog bridge status "firewall status is now `sysevent get firewall-status`" - - ulog bridge status "reprogramming ethernet switch to remove vlans" - #disable_vlan_mode_on_ethernet_switch - - ulog bridge status "bringing up lan interface in bridge mode" - bringup_ethernet_interfaces - bringup_wireless_interfaces - - brctl addbr $SYSCFG_lan_ifname - brctl setfd $SYSCFG_lan_ifname 0 - #brctl stp $SYSCFG_lan_ifname on - brctl stp $SYSCFG_lan_ifname off - - - # enslave interfaces to the bridge - enslave_a_interface $SYSCFG_wan_physical_ifname $SYSCFG_lan_ifname - for loop in $LAN_IFNAMES - do - enslave_a_interface $loop $SYSCFG_lan_ifname - done - - # bring up the bridge - ip link set $SYSCFG_lan_ifname up - ip link set $SYSCFG_lan_ifname allmulticast on - - ifconfig $SYSCFG_lan_ifname hw ether `get_mac $SYSCFG_wan_physical_ifname` - - # bridge_mode 1 is dhcp, bridge_mode 2 is static, bridge_mode 3 is full-static - if ( [ "2" = "$SYSCFG_bridge_mode" ] || [ "3" = "$SYSCFG_bridge_mode" ] ) && [ -n "$SYSCFG_bridge_ipaddr" ] && [ -n "$SYSCFG_bridge_netmask" ] && [ -n "$SYSCFG_bridge_default_gateway" ]; then - RESOLV_CONF="/etc/resolv.conf" - echo -n > $RESOLV_CONF - if [ -n "$SYSCFG_bridge_domain" ] ; then - echo "search $SYSCFG_bridge_domain" >> $RESOLV_CONF - fi - if [ -n "$SYSCFG_bridge_nameserver1" ] && [ "0.0.0.0" != "$SYSCFG_bridge_nameserver1" ] ; then - echo "nameserver $SYSCFG_bridge_nameserver1" >> $RESOLV_CONF - fi - if [ -n "$SYSCFG_bridge_nameserver2" ] && [ "0.0.0.0" != "$SYSCFG_bridge_nameserver2" ] ; then - echo "nameserver $SYSCFG_bridge_nameserver2" >> $RESOLV_CONF - fi - if [ -n "$SYSCFG_bridge_nameserver3" ] && [ "0.0.0.0" != "$SYSCFG_bridge_nameserver3" ] ; then - echo "nameserver $SYSCFG_bridge_nameserver3" >> $RESOLV_CONF - fi - ip -4 addr add $SYSCFG_bridge_ipaddr/$SYSCFG_bridge_netmask broadcast + dev $SYSCFG_lan_ifname - ip -4 route add default dev $SYSCFG_lan_ifname via $SYSCFG_bridge_default_gateway - # set sysevent tuple showing current state - sysevent set bridge_ipv4_ipaddr $SYSCFG_bridge_ipaddr - sysevent set bridge_ipv4_subnet $SYSCFG_bridge_netmask - sysevent set bridge_default_router $SYSCFG_bridge_default_gateway - - else - udhcpc -S -b -i $SYSCFG_lan_ifname -h $SYSCFG_hostname -p $UDHCPC_PID_FILE --arping -s $UDHCPC_SCRIPT - register_dhcp_client_handlers - fi - - # vendor_block_dos_land_attack - - bringup_wireless_daemons - - prepare_hostname - - if [ "1" = "`sysevent get byoi_bridge_mode`" ]; then - sysevent set dns-start - fi - - ulog bridge status "lan interface up" +routing_rules(){ + if [ "$1" = "enable" ] ; then + #Send responses from $BRIDGE_NAME IP to a separate bridge mode route table + ip rule add from "$LAN_IP" lookup $BRIDGE_MODE_TABLE + ip route add table $BRIDGE_MODE_TABLE default dev "$CMDIAG_IF" + add_ebtable_rule + /etc/utopia/service.d/service_dhcp_server.sh dns-restart + else + ip rule del from "$LAN_IP" lookup $BRIDGE_MODE_TABLE + ip route flush table $BRIDGE_MODE_TABLE + del_ebtable_rule + fi } -#-------------------------------------------------------------- -# do_stop -#-------------------------------------------------------------- -do_stop() +forward_wan_lan_traffic() { - sysevent set dns-stop - - unregister_dhcp_client_handlers - ip link set $SYSCFG_lan_ifname down - ip addr flush dev $SYSCFG_lan_ifname - teardown_wireless_interfaces - teardown_ethernet_interfaces + if [ "$1" = "enable" ] ; then + # set up veth interface to forward brlan0 and erouter traffic in bridge mode + echo "BRIDGE MODE case : ethwan enabled, creating veth interface" + ip link add lbr0 type veth peer name ler0 + ifconfig lbr0 up + ifconfig ler0 up + echo 1 > /proc/sys/net/ipv6/conf/ler0/disable_ipv6 + echo 1 > /proc/sys/net/ipv6/conf/lbr0/disable_ipv6 + brctl addif erouter0 ler0 + MAX_WAIT_TIME=120 + TRIES=0 + ovs-vsctl add-port brlan0 lbr0 + while [ "$TRIES" -lt "$MAX_WAIT_TIME" ] ; do + + if [ "`sysevent get multinet_$INSTANCE-status`" = "ready" ];then + # check_iface_exists_in_bridge=`brctl show brlan0 | grep lbr0` + check_iface_exists_in_bridge=`ovs-vsctl list-ports brlan0 | grep lbr0` + if [ -z "$check_iface_exists_in_bridge" ];then + echo_t "multinet_$INSTANCE-status status is ready...,adding lbr0 to brlan0 and breaking the loop" + ovs-vsctl add-port brlan0 lbr0 + # brctl addif brlan0 lbr1 + fi + break; + fi + sleep 5 + TRIES=`expr $TRIES + 5` + done + else + echo "ROUTER MODE case : ethwan enabled, deleting veth interface" + ifconfig lbr0 down + ifconfig ler0 down + # brctl delif brlan0 lbr0 + ovs-vsctl del-port brlan0 lbr0 + brctl delif erouter0 ler0 + ip link del lbr0 + fi - # remove interfaces from the bridge - for loop in $LAN_IFNAMES - do - ip link set $loop down - brctl delif $SYSCFG_lan_ifname $loop - done - ip link set $SYSCFG_wan_physical_ifname down - - ip link set $SYSCFG_lan_ifname down +} - brctl delbr $SYSCFG_lan_ifname +#-------------------------------------------------------------- +# update_bridge_mtu +# Fetch the max MTU size supported from CM agent DML and apply +# this MTU setting to the bridge +#-------------------------------------------------------------- +update_bridge_mtu() { + #Check whether in bridged mode + MODE=`sysevent get bridge_mode` + case $MODE in + ''|*[!0-9]*) + #Invalid / non-numeric result + return + ;; + *) + if [ $MODE -lt 1 ] ; then + #Not in bridged mode + return + fi + ;; + esac + + #Fetch DOCSIS max supported MTU from DML + MAXMTU=`dmcli eRT getv Device.X_RDKCENTRAL-COM_CableModem.MaxMTU | grep value | awk '/value/{print $5}'` + if [ $? -ne 0 ] ; then + #Error fetching value + return + fi + + #Check if value returned is a number and whether it is different than last iteration + case $MAXMTU in + ''|*[!0-9]*) + #Invalid / non-numeric result + return + ;; + *) + echo "Got MTU value $MAXMTU from CM DML" + ifconfig $BRIDGE_NAME mtu $MAXMTU + ;; + esac } -do_start_multi() -{ -# TODO: add brport to defaults -PRI_L2=`sysevent get primary_lan_l2net` -sysevent set multinet-start $PRI_L2 -/etc/utopia/service.d/ebtable_rules.sh -# set brport enabled -# set resync for primary l2net -# set firewall restart +#Enable pseudo bridge mode. If already enabled, just refresh parameters (in case bridges were torn down and rebuilt) +service_start(){ + wait_till_steady_state ${SERVICE_NAME} + STATUS=`sysevent get ${SERVICE_NAME}-status` + if [ "started" != "$STATUS" ] ; then + sysevent set ${SERVICE_NAME}-errinfo + sysevent set ${SERVICE_NAME}-status starting + + block_bridge + + #Connect management interface + cmdiag_if enable + + routing_rules enable + + if [ "$ETHWAN_ENABLED" = "true" ];then + forward_wan_lan_traffic enable & + fi + #Sync bridge ports + MULTILAN_FEATURE=$(syscfg get MULTILAN_FEATURE) + if [ "$MULTILAN_FEATURE" = "1" ]; then + sysevent set multinet-up "$INSTANCE" + #Sync bridge ports + sysevent set multinet-syncMembers "$INSTANCE" + else + sysevent set multinet-syncMembers $INSTANCE + fi + + #Block traffic coming from the lbr0 connector interfaces at the MUX + filter_local_traffic enable + + #Update MTU of bridge + update_bridge_mtu + + unblock_bridge + + prepare_hostname + + #Flush connection tracking and packet processor sessions to avoid stale information + flush_connection_info + + #Use Arris max_cpe_bypass parameter to allow erouter0 and mta0 not to count against max_cpe total + set_max_cpe_bypass + + sysevent set ${SERVICE_NAME}-errinfo + sysevent set ${SERVICE_NAME}-status started + fi } -do_stop_multi() -{ -# set brport disabled -# set resync primary l2net -# set firewall restart -echo +service_stop(){ + wait_till_steady_state ${SERVICE_NAME} + STATUS=`sysevent get ${SERVICE_NAME}-status` + if [ "stopped" != "$STATUS" ] ; then + + sysevent set ${SERVICE_NAME}-errinfo + sysevent set ${SERVICE_NAME}-status stopping + + block_bridge + + #Sync bridge members + MULTILAN_FEATURE=$(syscfg get MULTILAN_FEATURE) + if [ "$MULTILAN_FEATURE" = "1" ]; then + sysevent set multinet-down "$INSTANCE" + sysevent set multinet-up "$INSTANCE" + else + sysevent set multinet-syncMembers $INSTANCE + fi + + #Disconnect management interface + cmdiag_if disable + filter_local_traffic disable + routing_rules disable + + unblock_bridge + + #Flush connection tracking and packet processor sessions to avoid stale information + flush_connection_info + if [ "$ETHWAN_ENABLED" = "true" ];then + forward_wan_lan_traffic disable & + fi + sysevent set ${SERVICE_NAME}-errinfo + sysevent set ${SERVICE_NAME}-status stopped + + fi } #-------------------------------------------------------------- @@ -358,132 +410,95 @@ echo #-------------------------------------------------------------- service_init () { - # Get all provisioning data - # Figure out the names and addresses of the lan interface - # - # SYSCFG_lan_ethernet_physical_ifnames is the physical ethernet interfaces that - # will be part of the lan - # - # SYSCFG_lan_wl_physical_ifnames is the names of each wireless interface as known - # to the operating system - - SYSCFG_FAILED='false' - FOO=`utctx_cmd get bridge_mode lan_ifname lan_ethernet_physical_ifnames lan_wl_physical_ifnames wan_physical_ifname bridge_ipaddr bridge_netmask bridge_default_gateway bridge_nameserver1 bridge_nameserver2 bridge_nameserver3 bridge_domain hostname` - eval $FOO - if [ $SYSCFG_FAILED = 'true' ] ; then - ulog bridge status "$PID utctx failed to get some configuration data" - ulog bridge status "$PID BRIDGE CANNOT BE CONTROLLED" - exit - fi - - if [ -z "$SYSCFG_hostname" ] ; then - SYSCFG_hostname="Utopia" - fi - - LAN_IFNAMES="$SYSCFG_lan_ethernet_physical_ifnames" - - # if we are using wireless interfafes then add them - if [ -n "$SYSCFG_lan_wl_physical_ifnames" ] ; then - LAN_IFNAMES="$LAN_IFNAMES $SYSCFG_lan_wl_physical_ifnames" - fi + # Get all provisioning data + # Figure out the names and addresses of the lan interface + # + # SYSCFG_lan_ethernet_physical_ifnames is the physical ethernet interfaces that + # will be part of the lan + # + # SYSCFG_lan_wl_physical_ifnames is the names of each wireless interface as known + # to the operating system + + SYSCFG_FAILED='false' + FOO=`utctx_cmd get bridge_mode lan_ifname lan_ethernet_physical_ifnames lan_wl_physical_ifnames wan_physical_ifname bridge_ipaddr bridge_netmask bridge_default_gateway bridge_nameserver1 bridge_nameserver2 bridge_nameserver3 bridge_domain hostname` + eval "$FOO" + if [ $SYSCFG_FAILED = 'true' ] ; then + ulog bridge status "$PID utctx failed to get some configuration data" + ulog bridge status "$PID BRIDGE CANNOT BE CONTROLLED" + exit + fi + + if [ -z "$SYSCFG_hostname" ] ; then + SYSCFG_hostname="Utopia" + fi + + LAN_IFNAMES="$SYSCFG_lan_ethernet_physical_ifnames" + + # if we are using wireless interfafes then add them + if [ -n "$SYSCFG_lan_wl_physical_ifnames" ] ; then + LAN_IFNAMES="$LAN_IFNAMES $SYSCFG_lan_wl_physical_ifnames" + fi } -#-------------------------------------------------------------- -# service_start -#-------------------------------------------------------------- -service_start () -{ - wait_till_end_state ${SERVICE_NAME} - STATUS=`sysevent get ${SERVICE_NAME}-status` - if [ "started" != "$STATUS" ] ; then - do_start_multi - ERR=$? - if [ "$ERR" -ne "0" ] ; then - check_err $? "Unable to bringup bridge" - else - sysevent set ${SERVICE_NAME}-errinfo - sysevent set ${SERVICE_NAME}-status starting - - add_ebtable_rule - - # Flush all dynamic mac entries - echo "LearnFrom=CPE_DYNAMIC" > /proc/net/dbrctl/delalt - echo "flush_all_sessions" > /proc/net/ti_pp - # Force a DHCP renew by issuing a physical link down/up, when WAN port mode switches between bridging and routing - PSM_MODE=`sysevent get system_psm_mode` - if [ "$PSM_MODE" != "1" ]; then - # It is not a good practice to force all physical links to refresh -- should have used arguments to specify which ports/links - gw_lan_refresh - fi - #set hostname - prepare_hostname - - sysevent set ${SERVICE_NAME}-status started - - if [ -f /lib/systemd/system/xupnp.service ] ; then - systemctl stop xupnp - systemctl stop xcal-device - else - /lib/rdk/start-upnp-service stop - fi - fi - fi -} -#-------------------------------------------------------------- -# service_stop -#-------------------------------------------------------------- -service_stop () -{ - wait_till_end_state ${SERVICE_NAME} - STATUS=`sysevent get ${SERVICE_NAME}-status` - if [ "stopped" != "$STATUS" ] ; then - do_stop_multi - ERR=$? - if [ "$ERR" -ne "0" ] ; then - check_err $ERR "Unable to teardown bridge" - else - del_ebtable_rule - - # Flush all dynamic mac entries - echo "LearnFrom=CPE_DYNAMIC" > /proc/net/dbrctl/delalt - echo "flush_all_sessions" > /proc/net/ti_pp - sysevent set ${SERVICE_NAME}-errinfo - sysevent set ${SERVICE_NAME}-status stopped - - if [ -f /lib/systemd/system/xupnp.service ] ; then - systemctl restart xcal-device - systemctl restart xupnp - else - /lib/rdk/start-upnp-service start - fi - fi - fi -} +echo "service_bridge_puma7.sh called with $1 $2" +service_init + +BRIDGE_NAME="$SYSCFG_lan_ifname" +CMDIAG_IF=`syscfg get cmdiag_ifname` +# CMDIAG_MAC=`ncpu_exec -ep service_bridge.sh get_cmdiag_mac` +CMDIAG_MAC="`cat /sys/class/net/lan0/address`" +INSTANCE=`sysevent get primary_lan_l2net` +if [ -z "$INSTANCE" ];then + INSTANCE=`psmcli get dmsb.MultiLAN.PrimaryLAN_l2net` +fi +LAN_NETMASK=`syscfg get lan_netmask` -#------------------------------------------------------------------ -# ENTRY -#------------------------------------------------------------------ +ETHWAN_ENABLED=`syscfg get eth_wan_enabled` -service_init -echo "service_bridge.sh called with $1 $2" > /dev/console case "$1" in - ${SERVICE_NAME}-start) - service_start - ;; - ${SERVICE_NAME}-stop) - service_stop - ;; - ${SERVICE_NAME}-restart) - echo "service_init : setting lan-restarting to 1" - sysevent set lan-restarting 1 - service_stop - service_start - echo "service_init : setting lan-restarting to 0" - sysevent set lan-restarting 0 - ;; - *) - echo "Usage: service-${SERVICE_NAME} [ ${SERVICE_NAME}-start | ${SERVICE_NAME}-stop | ${SERVICE_NAME}-restart]" > /dev/console - exit 3 - ;; + "${SERVICE_NAME}-start") + + firewall firewall-stop + /etc/rc3.d/setup_docsis_lan0_path.sh lbr0_on_bridged + service_start + if [ ! -f "$POSTD_START_FILE" ]; + then + touch $POSTD_START_FILE + execute_dir /etc/utopia/post.d/ + fi + gw_lan_refresh + sysevent set firewall-restart + + ;; + wan-start) + update_bridge_mtu + ;; + "${SERVICE_NAME}-stop") + + /etc/rc3.d/setup_docsis_lan0_path.sh lbr0_on_routed + service_stop + if [ ! -f "$POSTD_START_FILE" ]; + then + touch $POSTD_START_FILE + execute_dir /etc/utopia/post.d/ + fi + gw_lan_refresh + sysevent set firewall-restart + ;; + "${SERVICE_NAME}-restart") + + firewall firewall-stop + sysevent set lan-restarting "$INSTANCE" + service_stop + /etc/rc3.d/setup_docsis_lan0_path.sh lbr0_on_bridged + service_start + sysevent set lan-restarting 0 + gw_lan_refresh + sysevent set firewall-restart + ;; + *) + echo "Usage: service-${SERVICE_NAME} [ ${SERVICE_NAME}-start | ${SERVICE_NAME}-stop | ${SERVICE_NAME}-restart]" > /dev/console + exit 3 + ;; esac