On 2020-08-23 17:42, Linus Lüssing wrote: > On Sun, Aug 16, 2020 at 03:08:13PM -0700, Stephen Hemminger wrote: >> Rather than adding yet another feature to the bridge, could this hack be done by >> having a BPF hook? or netfilter module? > > Hi Stephen, > > Thanks for the constructive feedback and suggestions! > > The netfilter approach sounds tempting. However as far as I know > OpenWrt's firewall has no easy layer 2 netfilter integration yet. > So it has default layer 3 netfilter rules, but not for layer 2. > > Ideally I'd want to work towards a solution where things "just > work as expected" when a user enables "IGMP Snooping" in the UI. > I could hack the netfilter rules into netifd, the OpenWrt network > manager, when it configures the bridge. But not sure if the > OpenWrt maintainers would like that... > > Any preferences from the OpenWrt maintainers side? Enabling bridge netfilter comes with a very significant performance cost, so it's not something that should be done in a default configuration. - Felix
