net: bridge: Overhaul the code to use virtual interfaces

The legacy bridging code prevented normal IP traffic to the
bridged Ethernet interfaces. This is not intuitive and differs
how bridging setup works in Linux. This commit changes that and
creates a separate virtual interface that is doing the actual
bridging. This enables the bridged Ethernet interfaces to work
normally and provide IP connectivity.

How this works in practice:

* User needs to enable CONFIG_NET_ETHERNET_BRIDGE
* User needs to have a device with more than one Ethernet
  interface
* After booting, the net-shell or program API can be used
  to add interfaces to the bridge like this.
     net bridge addif 1 3 2
  where the 1 is the bridge interface index and
  2 and 3 are the Ethernet interface indices.
* The bridging is then finally enabled / started when the
  bridge interface 1 is taken up
     net iface up 1
* If bridged interfaces are removed from the bridge (minimum
  of two interfaces are needed there), then the bridging is
  disabled automatically. The bridge interface stays up in
  this case and can be taken down manually.

Signed-off-by: Jukka Rissanen <[email protected]>

Author: jukkar

doc/releases/migration-guide-4.0.rst

@@ -220,6 +220,18 @@ Networking
   all the network shell activities can be found under ``net`` shell command.
   After this change the bridge shell is used by ``net bridge`` command.
 
+* The Ethernet bridging code is changed to allow similar configuration experience
+  as in Linux. The bridged Ethernet interface can be used normally even if bridging
+  is enabled. The actual bridging is done by a separate virtual network interface that
+  directs network packets to bridged Ethernet interfaces.
+  The :c:func:`eth_bridge_iface_allow_tx` is removed as it is not needed because the
+  bridged Ethernet interface can send and receive data normally.
+  The :c:func:`eth_bridge_listener_add` and :c:func:`eth_bridge_listener_remove` are
+  removed as same functionality can be achieved using promiscuous API.
+  Because the bridge interface is a normal network interface,
+  the :c:func:`eth_bridge_iface_add` and :c:func:`eth_bridge_iface_remove`
+  will take network interface pointer as a first parameter.
+
 Other Subsystems
 ****************
 

include/zephyr/net/ethernet.h

@@ -653,7 +653,7 @@ struct ethernet_context {
 	atomic_t flags;
 
 #if defined(CONFIG_NET_ETHERNET_BRIDGE)
-	struct eth_bridge_iface_context bridge;
+	struct net_if *bridge;
 #endif
 
 	/** Carrier ON/OFF handler worker. This is used to create

include/zephyr/net/ethernet_bridge.h

@@ -8,6 +8,7 @@
 
 /*
  * Copyright (c) 2021 BayLibre SAS
+ * Copyright (c) 2024 Nordic Semiconductor
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -33,42 +34,36 @@ extern "C" {
 
 /** @cond INTERNAL_HIDDEN */
 
-struct eth_bridge {
+#if defined(CONFIG_NET_ETHERNET_BRIDGE)
+#define NET_ETHERNET_BRIDGE_ETH_INTERFACE_COUNT CONFIG_NET_ETHERNET_BRIDGE_ETH_INTERFACE_COUNT
+#else
+#define NET_ETHERNET_BRIDGE_ETH_INTERFACE_COUNT 1
+#endif
+
+struct eth_bridge_iface_context {
+	/* Lock to protect access to interface array below */
 	struct k_mutex lock;
-	sys_slist_t interfaces;
-	sys_slist_t listeners;
-	bool initialized;
-};
 
-#define ETH_BRIDGE_INITIALIZER(obj) \
-	{ \
-		.lock		= { }, \
-		.interfaces	= SYS_SLIST_STATIC_INIT(&obj.interfaces), \
-		.listeners	= SYS_SLIST_STATIC_INIT(&obj.listeners), \
-	}
+	/* The actual bridge virtual interface  */
+	struct net_if *iface;
 
-/** @endcond */
+	/* What Ethernet interfaces are bridged together */
+	struct net_if *eth_iface[NET_ETHERNET_BRIDGE_ETH_INTERFACE_COUNT];
 
-/**
- * @brief Statically define and initialize a bridge instance.
- *
- * @param name Name of the bridge object
- */
-#define ETH_BRIDGE_INIT(name) \
-	STRUCT_SECTION_ITERABLE(eth_bridge, name) = \
-		ETH_BRIDGE_INITIALIZER(name)
+	/* How many interfaces are bridged atm */
+	size_t count;
 
-/** @cond INTERNAL_HIDDEN */
+	/* Bridge instance id */
+	int id;
 
-struct eth_bridge_iface_context {
-	sys_snode_t node;
-	struct eth_bridge *instance;
-	bool allow_tx;
-};
+	/* Is the bridge interface initialized */
+	bool is_init : 1;
+
+	/* Has user configured the bridge */
+	bool is_setup : 1;
 
-struct eth_bridge_listener {
-	sys_snode_t node;
-	struct k_fifo pkt_queue;
+	/* Is the interface enabled or not */
+	bool status : 1;
 };
 
 /** @endcond */
@@ -77,77 +72,32 @@ struct eth_bridge_listener {
  * @brief Add an Ethernet network interface to a bridge
  *
  * This adds a network interface to a bridge. The interface is then put
- * into promiscuous mode, all packets received by this interface are sent
- * to the bridge, and any other packets sent to the bridge (with some
- * exceptions) are transmitted via this interface.
- *
- * For transmission from the bridge to occur via this interface, it is
- * necessary to enable TX mode with eth_bridge_iface_tx(). TX mode is
- * initially disabled.
+ * into promiscuous mode. After more than one Ethernet interfaces are
+ * added to the bridge interface, the bridge interface is setup.
+ * After the setup is done, the bridge interface can be brought up so
+ * that it can start bridging L2 traffic.
  *
- * Once an interface is added to a bridge, all its incoming traffic is
- * diverted to the bridge. However, packets sent out with net_if_queue_tx()
- * via this interface are not subjected to the bridge.
- *
- * @param br A pointer to an initialized bridge object
+ * @param br A pointer to a bridge interface
  * @param iface Interface to add
  *
  * @return 0 if OK, negative error code otherwise.
  */
-int eth_bridge_iface_add(struct eth_bridge *br, struct net_if *iface);
+int eth_bridge_iface_add(struct net_if *br, struct net_if *iface);
 
 /**
- * @brief Remove an Ethernet network interface from a bridge
+ * @brief Remove an Ethernet network interface from a bridge.
  *
- * @param br A pointer to an initialized bridge object
- * @param iface Interface to remove
+ * If the bridge interface setup has only one Ethernet interface left
+ * after this function call, the bridge is disabled as it cannot bridge
+ * the L2 traffic any more. The bridge interface is left in UP state
+ * if this case.
  *
- * @return 0 if OK, negative error code otherwise.
- */
-int eth_bridge_iface_remove(struct eth_bridge *br, struct net_if *iface);
-
-/**
- * @brief Enable/disable transmission mode for a bridged interface
- *
- * When TX mode is off, the interface may receive packets and send them to
- * the bridge but no packets coming from the bridge will be sent through this
- * interface. When TX mode is on, both incoming and outgoing packets are
- * allowed.
- *
- * @param iface Interface to configure
- * @param allow true to activate TX mode, false otherwise
- *
- * @return 0 if OK, negative error code otherwise.
- */
-int eth_bridge_iface_allow_tx(struct net_if *iface, bool allow);
-
-/**
- * @brief Add (register) a listener to the bridge
- *
- * This lets a software listener register a pointer to a provided FIFO for
- * receiving packets sent to the bridge. The listener is responsible for
- * emptying the FIFO with k_fifo_get() which will return a struct net_pkt
- * pointer, and releasing the packet with net_pkt_unref() when done with it.
- *
- * The listener wishing not to receive any more packets should simply
- * unregister itself with eth_bridge_listener_remove().
- *
- * @param br A pointer to an initialized bridge object
- * @param l A pointer to an initialized listener instance.
- *
- * @return 0 if OK, negative error code otherwise.
- */
-int eth_bridge_listener_add(struct eth_bridge *br, struct eth_bridge_listener *l);
-
-/**
- * @brief Remove (unregister) a listener from the bridge
- *
- * @param br A pointer to an initialized bridge object
- * @param l A pointer to the listener instance to be removed.
+ * @param br A pointer to a bridge interface
+ * @param iface Interface to remove
  *
  * @return 0 if OK, negative error code otherwise.
  */
-int eth_bridge_listener_remove(struct eth_bridge *br, struct eth_bridge_listener *l);
+int eth_bridge_iface_remove(struct net_if *br, struct net_if *iface);
 
 /**
  * @brief Get bridge index according to pointer
@@ -156,28 +106,28 @@ int eth_bridge_listener_remove(struct eth_bridge *br, struct eth_bridge_listener
  *
  * @return Bridge index
  */
-int eth_bridge_get_index(struct eth_bridge *br);
+int eth_bridge_get_index(struct net_if *br);
 
 /**
  * @brief Get bridge instance according to index
  *
  * @param index Bridge instance index
  *
- * @return Pointer to bridge instance or NULL if not found.
+ * @return Pointer to bridge interface or NULL if not found.
  */
-struct eth_bridge *eth_bridge_get_by_index(int index);
+struct net_if *eth_bridge_get_by_index(int index);
 
 /**
  * @typedef eth_bridge_cb_t
  * @brief Callback used while iterating over bridge instances
  *
- * @param br Pointer to bridge instance
+ * @param br Pointer to bridge context instance
  * @param user_data User supplied data
  */
-typedef void (*eth_bridge_cb_t)(struct eth_bridge *br, void *user_data);
+typedef void (*eth_bridge_cb_t)(struct eth_bridge_iface_context *br, void *user_data);
 
 /**
- * @brief Go through all the bridge instances in order to get
+ * @brief Go through all the bridge context instances in order to get
  *        information about them. This is mainly useful in
  *        net-shell to print data about currently active bridges.
  *

include/zephyr/net/virtual.h

@@ -43,6 +43,9 @@ enum virtual_interface_caps {
 	/** Virtual LAN interface (VLAN) */
 	VIRTUAL_INTERFACE_VLAN = BIT(2),
 
+	/** Virtual Ethernet bridge interface. */
+	VIRTUAL_INTERFACE_BRIDGE = BIT(3),
+
 /** @cond INTERNAL_HIDDEN */
 	/* Marker for capabilities - must be at the end of the enum.
 	 * It is here because the capability list cannot be empty.

subsys/net/l2/ethernet/Kconfig

@@ -100,10 +100,29 @@ source "subsys/net/l2/ethernet/lldp/Kconfig"
 config NET_ETHERNET_BRIDGE
 	bool "Ethernet Bridging support"
 	select NET_PROMISCUOUS_MODE
+	select NET_L2_VIRTUAL
 	help
 	  Enables Ethernet bridging where packets can be transparently
 	  forwarded across interfaces registered to a bridge.
 
+config NET_ETHERNET_BRIDGE_COUNT
+	int "Max number of bridge interfaces"
+	default 1
+	range 1 16
+	depends on NET_ETHERNET_BRIDGE
+	help
+	  How many bridge interfaces are created. Each interface can bridge
+	  two or more Ethernet interfaces.
+
+config NET_ETHERNET_BRIDGE_ETH_INTERFACE_COUNT
+	int "Max number of Ethernet interfaces bridged together"
+	default 2
+	range 2 32
+	depends on NET_ETHERNET_BRIDGE
+	help
+	  How many Ethernet interfaces can be bridged together per each
+	  bridge interface.
+
 if NET_ETHERNET_BRIDGE
 module = NET_ETHERNET_BRIDGE
 module-dep = NET_LOG
@@ -112,23 +131,20 @@ module-help = Enables Ethernet Bridge code to output debug messages.
 source "subsys/net/Kconfig.template.log_config.net"
 endif # NET_ETHERNET_BRIDGE
 
+config NET_ETHERNET_BRIDGE_TXRX_DEBUG
+	bool "Debug received and sent packets in bridge"
+	depends on NET_L2_ETHERNET_LOG_LEVEL_DBG && NET_ETHERNET_BRIDGE
+	help
+	  Enables printing of received and sent network packets.
+	  This can produce lot of output so it is disabled by default.
+
 config NET_ETHERNET_BRIDGE_SHELL
 	bool "Ethernet Bridging management shell"
 	depends on NET_ETHERNET_BRIDGE
 	select NET_SHELL
 	help
 	  Enables shell utility to manage bridge configuration interactively.
 
-config NET_ETHERNET_BRIDGE_DEFAULT
-	bool "Declare one bridge instance for shell usage"
-	depends on NET_ETHERNET_BRIDGE_SHELL
-	default y
-	help
-	  If the bridge shell is the sole user of the bridge code then
-	  it needs at least one bridge instance to be useful.
-	  Say y if this is the case. If you only want to inspect
-	  existing bridge instances then say n.
-
 config NET_ETHERNET_FORWARD_UNRECOGNISED_ETHERTYPE
 	bool "Forward unrecognized EtherType frames further into net stack"
 	default y if NET_SOCKETS_PACKET