From 250ee7ca1bbbe5cb6b7a9366e9f2cf07cb80bb65 Mon Sep 17 00:00:00 2001
From: "siddharth.nair1" <siddharth.nair@telekom-digital.com>
Date: Mon, 16 Mar 2026 10:21:52 +0000
Subject: [PATCH] RDKBWIFI-202: Implementation of Traffic Separation

Reason for change: Added traffic seperation TLV implementation via single bridge
Test Procedure: Verify build is successfull and check if traffic seperation is functional
Risks: Medium
Priority: P2
---
 .../scripts/init/c_registration/16_vlan_ts.c  |  83 +++++++++
 .../scripts/init/defaults/system_defaults_arm |   4 +
 .../scripts/init/service.d/service_vlan_ts.sh | 159 ++++++++++++++++++
 3 files changed, 246 insertions(+)
 create mode 100644 source/scripts/init/c_registration/16_vlan_ts.c
 create mode 100644 source/scripts/init/service.d/service_vlan_ts.sh

diff --git a/source/scripts/init/c_registration/16_vlan_ts.c b/source/scripts/init/c_registration/16_vlan_ts.c
new file mode 100644
index 00000000..040e5d88
--- /dev/null
+++ b/source/scripts/init/c_registration/16_vlan_ts.c
@@ -0,0 +1,83 @@
+/*
+ * If not stated otherwise in this file or this component's Licenses.txt file the
+ * following copyright and licenses apply:
+ *
+ * Copyright 2015 RDK Management
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+/**********************************************************************
+   Copyright [2014] [Cisco Systems, Inc.]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+**********************************************************************/
+
+#include <stdio.h>
+#include "srvmgr.h"
+
+const char* SERVICE_NAME            = "vlan_ts";
+const char* SERVICE_DEFAULT_HANDLER = "/etc/utopia/service.d/service_vlan_ts.sh";
+const char* SERVICE_CUSTOM_EVENTS[] = { NULL };
+/*const char* SERVICE_CUSTOM_EVENTS[] = {
+                                        "lan-status|/etc/utopia/service.d/service_xhs.sh",
+                                                                                "multinet_2-status|/etc/utopia/service.d/service_xhs.sh",
+                                                                                "ipv4_5-status|/etc/utopia/service.d/service_xhs.sh",
+                                        NULL
+                                      }; */
+
+void srv_register(void) {
+   printf("%s %d : START \n", __func__,__LINE__);
+   sm_register(SERVICE_NAME, SERVICE_DEFAULT_HANDLER, SERVICE_CUSTOM_EVENTS);
+}
+
+void srv_unregister(void) {
+   printf("%s %d : START \n", __func__,__LINE__);
+   sm_unregister(SERVICE_NAME);
+}
+
+int main(int argc, char **argv)
+{
+   cmd_type_t choice = parse_cmd_line(argc, argv);
+   printf("%s %d : START \n", __func__,__LINE__);
+   switch(choice) {
+      case(nochoice):
+      case(start):
+         printf("%s %d : case start \n", __func__,__LINE__);
+         srv_register();
+         break;
+      case(stop):
+         printf("%s %d : case stop \n", __func__,__LINE__);
+         srv_unregister();
+         break;
+      case(restart):
+         printf("%s %d : case restart \n", __func__,__LINE__);
+         srv_unregister();
+         srv_register();
+         break;
+      default:
+         printf("%s called with invalid parameter (%s)\n", argv[0], 1==argc ? "" : argv[1]);
+   }
+   return(0);
+}
+
diff --git a/source/scripts/init/defaults/system_defaults_arm b/source/scripts/init/defaults/system_defaults_arm
index f6534cc8..4103df26 100755
--- a/source/scripts/init/defaults/system_defaults_arm
+++ b/source/scripts/init/defaults/system_defaults_arm
@@ -267,6 +267,10 @@ $$lan_ifname=brlan0
 #    This setting is not meant for users to manipulate.
 #$lan_ethernet_virtual_ifnums=1
 
++$$vlan_id_pvt =12
++$$vlan_id_mesh=13
++$$vlan_id_iot=14
+
 # lan_ethernet_physical_ifnames - a list of names of ethernet interfaces,
 #    which will be enslaved into the lan bridge (which is known as lan_ifname
 #    as described above)
diff --git a/source/scripts/init/service.d/service_vlan_ts.sh b/source/scripts/init/service.d/service_vlan_ts.sh
new file mode 100644
index 00000000..da8d29af
--- /dev/null
+++ b/source/scripts/init/service.d/service_vlan_ts.sh
@@ -0,0 +1,159 @@
+SERVICE_NAME="vlan_ts"
+source /etc/utopia/service.d/ulog_functions.sh
+source /etc/utopia/service.d/ut_plat.sh
+
+
+SELF_NAME="`basename "$0"`"
+
+service_start() {
+        vlan_pvt=`syscfg get vlan_id_pvt`
+        vlan_mesh=`syscfg get vlan_id_mesh`
+        vlan_iot=`syscfg get vlan_id_iot`
+
+        echo "service_start : START" >> /tmp/abc.txt
+
+        ip link set brlan0 type bridge vlan_filtering 1
+        bridge vlan add dev wifi0 vid $vlan_pvt pvid untagged
+        bridge vlan add dev wifi0.1 vid $vlan_mesh pvid untagged
+        bridge vlan add dev wifi0.2 vid $vlan_iot pvid untagged
+        bridge vlan add dev wifi1 vid $vlan_pvt pvid untagged
+        bridge vlan add dev wifi1.1 vid $vlan_mesh pvid untagged
+        bridge vlan add dev wifi1.2 vid $vlan_iot pvid untagged
+        bridge vlan add dev wifi2 vid $vlan_pvt pvid untagged
+        bridge vlan add dev wifi2.1 vid $vlan_mesh pvid untagged
+        bridge vlan add dev wifi2.2 vid $vlan_iot pvid untagged
+        bridge vlan add dev mld0 vid $vlan_pvt pvid untagged
+
+        ip link add link brlan0 name brlan0.$vlan_pvt type vlan id $vlan_pvt
+        ip link add link brlan0 name brlan0.$vlan_mesh type vlan id $vlan_mesh
+        ip link add link brlan0 name brlan0.$vlan_iot type vlan id $vlan_iot
+
+        bridge vlan add dev brlan0 vid $vlan_pvt self
+        bridge vlan add dev brlan0 vid $vlan_mesh self
+        bridge vlan add dev brlan0 vid $vlan_iot self
+
+        ifconfig brlan0.$vlan_pvt  192.168.13.1 netmask 255.255.255.0 up
+        ifconfig brlan0.$vlan_mesh 192.168.14.1 netmask 255.255.255.0 up
+        ifconfig brlan0.$vlan_iot  192.168.15.1 netmask 255.255.255.0 up
+
+        iptables -I FORWARD -i brlan0.$vlan_pvt -o brlan0.$vlan_mesh -j DROP
+        iptables -I FORWARD -i brlan0.$vlan_mesh -o brlan0.$vlan_pvt -j DROP
+
+        iptables -I FORWARD -i brlan0.$vlan_mesh -o brlan0.$vlan_iot -j DROP
+        iptables -I FORWARD -i brlan0.$vlan_iot -o brlan0.$vlan_mesh -j DROP
+
+        iptables -I FORWARD -i brlan0.$vlan_pvt -o brlan0.$vlan_iot -j DROP
+        iptables -I FORWARD -i brlan0.$vlan_iot -o brlan0.$vlan_pvt -j DROP
+
+	iptables -I INPUT -i brlan0.$vlan_pvt -p udp --dport 67:68 -j ACCEPT
+	iptables -I INPUT -i brlan0.$vlan_pvt -p udp --sport 67:68 -j ACCEPT
+	iptables -I INPUT -i brlan0.$vlan_mesh -p udp --dport 67:68 -j ACCEPT
+	iptables -I INPUT -i brlan0.$vlan_mesh -p udp --sport 67:68 -j ACCEPT
+	iptables -I INPUT -i brlan0.$vlan_iot -p udp --dport 67:68 -j ACCEPT
+	iptables -I INPUT -i brlan0.$vlan_iot -p udp --sport 67:68 -j ACCEPT
+
+        echo "interface=brlan0.$vlan_pvt" >> /var/dnsmasq.conf
+        echo "dhcp-range=192.168.13.2,192.168.13.253,255.255.255.0,7d" >> /var/dnsmasq.conf
+        echo "interface=brlan0.$vlan_mesh" >> /var/dnsmasq.conf
+        echo "dhcp-range=192.168.14.2,192.168.14.253,255.255.255.0,7d" >> /var/dnsmasq.conf
+        echo "interface=brlan0.$vlan_iot" >> /var/dnsmasq.conf
+        echo "dhcp-range=192.168.15.2,192.168.15.253,255.255.255.0,7d" >> /var/dnsmasq.conf
+
+        killall dnsmasq
+        dnsmasq -P 4096 -C /var/dnsmasq.conf --dhcp-authoritative
+}
+
+service_stop () {
+        ip link set brlan0 type bridge vlan_filtering 1
+
+        vlan_pvt=`syscfg get vlan_id_pvt`
+        vlan_mesh=`syscfg get vlan_id_mesh`
+        vlan_iot=`syscfg get vlan_id_iot`
+
+        echo "service_stop : START " >> /tmp/abc.txt
+
+        bridge vlan del vid $vlan_pvt dev wifi0
+        bridge vlan del vid $vlan_mesh dev wifi0.1
+        bridge vlan del vid $vlan_iot dev wifi0.2
+        bridge vlan del vid $vlan_pvt dev wifi1
+        bridge vlan del vid $vlan_mesh dev wifi1.1
+        bridge vlan del vid $vlan_iot dev wifi1.2
+        bridge vlan del vid $vlan_pvt dev wifi2
+        bridge vlan del vid $vlan_mesh dev wifi2.1
+        bridge vlan del vid $vlan_iot dev wifi2.2
+        bridge vlan del vid $vlan_pvt dev mld0
+
+        bridge vlan del dev brlan0 vid $vlan_pvt self
+        bridge vlan del dev brlan0 vid $vlan_mesh self
+        bridge vlan del dev brlan0 vid $vlan_iot self
+
+        ip link del link brlan0 name brlan0.$vlan_pvt type vlan id $vlan_pvt
+        ip link del link brlan0 name brlan0.$vlan_mesh type vlan id $vlan_mesh
+        ip link del link brlan0 name brlan0.$vlan_iot type vlan id $vlan_iot
+
+        bridge vlan del vid 1 dev wifi0
+        bridge vlan del vid 1 dev wifi0.1
+        bridge vlan del vid 1 dev wifi02
+        bridge vlan del vid 1 dev wifi0.2
+        bridge vlan del vid 1 dev wifi1.2
+        bridge vlan del vid 1 dev wifi1.1
+        bridge vlan del vid 1 dev wifi1
+        bridge vlan del vid 1 dev wifi2
+        bridge vlan del vid 1 dev wifi2.1
+        bridge vlan del vid 1 dev wifi2.2
+        bridge vlan del vid 1 dev mld0
+
+        sed -i '/brlan0./d' /var/dnsmasq.conf
+        sed -i '/brlan0./d' /var/dnsmasq.conf
+        sed -i '/brlan0./d' /var/dnsmasq.conf
+
+        sed -i '/192.168.13.2/d' /var/dnsmasq.conf
+        sed -i '/192.168.14.2/d' /var/dnsmasq.conf
+        sed -i '/192.168.15.2/d' /var/dnsmasq.conf
+
+        killall dnsmasq
+        dnsmasq -P 4096 -C /var/dnsmasq.conf --dhcp-authoritative
+
+        iptables -D FORWARD -i brlan0.$vlan_pvt -o brlan0.$vlan_mesh -j DROP
+        iptables -D FORWARD -i brlan0.$vlan_mesh -o brlan0.$vlan_pvt -j DROP
+
+        iptables -D FORWARD -i brlan0.$vlan_mesh -o brlan0.$vlan_iot -j DROP
+        iptables -D FORWARD -i brlan0.$vlan_iot -o brlan0.$vlan_mesh -j DROP
+
+        iptables -D FORWARD -i brlan0.$vlan_pvt -o brlan0.$vlan_iot -j DROP
+        iptables -D FORWARD -i brlan0.$vlan_iot -o brlan0.$vlan_pvt -j DROP
+
+        iptables -D INPUT -i brlan0.$vlan_pvt -p udp --dport 67:68 -j ACCEPT
+        iptables -D INPUT -i brlan0.$vlan_pvt -p udp --sport 67:68 -j ACCEPT
+        iptables -D INPUT -i brlan0.$vlan_mesh -p udp --dport 67:68 -j ACCEPT
+        iptables -D INPUT -i brlan0.$vlan_mesh -p udp --sport 67:68 -j ACCEPT
+        iptables -D INPUT -i brlan0.$vlan_iot -p udp --dport 67:68 -j ACCEPT
+        iptables -D INPUT -i brlan0.$vlan_iot -p udp --sport 67:68 -j ACCEPT
+}
+
+
+service_init() {
+        echo "service_init : START " >> /tmp/abc.txt
+}
+
+#---------------------------------------------------------------
+
+service_init
+
+case "$1" in
+      start)
+      service_start
+      ;;
+      stop)
+      service_stop
+      ;;
+      restart)
+      service_stop
+      service_start
+      ;;
+   *)
+      echo "Usage: $SERVICE_NAME [ start | stop | restart]" > /dev/console
+      exit 3
+      ;;
+esac
+