From 38a0245fb2248744f3c38f451231c4f45bffdc42 Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Thu, 23 Jul 2015 09:09:11 +0000
Subject: [PATCH 1/4] Add bridge NL params to missing.h

---
 configure.ac        | 2 +-
 src/basic/missing.h | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index ff6364aba2..17c2f2b17d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -302,7 +302,7 @@ AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE,
                 IFLA_IPTUN_ENCAP_DPORT,
                 IFLA_GRE_ENCAP_DPORT,
                 IFLA_BRIDGE_VLAN_INFO,
-                IFLA_BRPORT_UNICAST_FLOOD,
+                IFLA_BRPORT_LEARNING_SYNC,
                 NDA_IFINDEX,
                 IFA_FLAGS],
 [], [], [[
diff --git a/src/basic/missing.h b/src/basic/missing.h
index bd49f10e76..ed6cd80c75 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -832,7 +832,7 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
 #endif
 
-#if !HAVE_DECL_IFLA_BRPORT_UNICAST_FLOOD
+#if !HAVE_DECL_IFLA_BRPORT_LEARNING_SYNC
 #define IFLA_BRPORT_UNSPEC 0
 #define IFLA_BRPORT_STATE 1
 #define IFLA_BRPORT_PRIORITY 2
@@ -843,7 +843,9 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_BRPORT_FAST_LEAVE 7
 #define IFLA_BRPORT_LEARNING 8
 #define IFLA_BRPORT_UNICAST_FLOOD 9
-#define __IFLA_BRPORT_MAX 10
+#define IFLA_BRPORT_PROXYARP 10
+#define IFLA_BRPORT_LEARNING_SYNC 11
+#define __IFLA_BRPORT_MAX 12
 
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
 #endif

From 0c1f248ef6af11d8f0c4632bc5da037fbf62b688 Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Thu, 23 Jul 2015 09:09:43 +0000
Subject: [PATCH 2/4] sd-netlink: add bridge NL params

---
 src/libsystemd/sd-netlink/netlink-types.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c
index 8c6fd8ad30..ff1b8a260f 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/sd-netlink/netlink-types.c
@@ -329,8 +329,11 @@ static const struct NLType rtnl_prot_info_bridge_port_types[IFLA_BRPORT_MAX + 1]
         [IFLA_BRPORT_MODE]              = { .type = NETLINK_TYPE_U8 },
         [IFLA_BRPORT_GUARD]             = { .type = NETLINK_TYPE_U8 },
         [IFLA_BRPORT_PROTECT]           = { .type = NETLINK_TYPE_U8 },
+        [IFLA_BRPORT_FAST_LEAVE]        = { .type = NETLINK_TYPE_U8 },
         [IFLA_BRPORT_LEARNING]          = { .type = NETLINK_TYPE_U8 },
         [IFLA_BRPORT_UNICAST_FLOOD]     = { .type = NETLINK_TYPE_U8 },
+        [IFLA_BRPORT_PROXYARP]          = { .type = NETLINK_TYPE_U8 },
+        [IFLA_BRPORT_LEARNING_SYNC]     = { .type = NETLINK_TYPE_U8 },
 };
 
 static const NLTypeSystem rtnl_prot_info_type_systems[AF_MAX] = {

From eb7ff4dd5f89bd5f811176be499bbdf9b0da6ec9 Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Thu, 23 Jul 2015 23:31:58 +0530
Subject: [PATCH 3/4] networkd: add bridge link properties

new bridge properties

br.network

[Match]
Name=enp0s25

[Network]
Bridge=br-test

[Bridge]
Cost=332
BPDUGuard = true
HairPin = true
FastLeave = true
RootBlock = true
UnicastFlood = true
---
 src/network/networkd-link.c              | 23 ++++++++++++++++++++---
 src/network/networkd-network-gperf.gperf |  5 +++++
 src/network/networkd.h                   |  5 +++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 9550e89a15..55510b46e9 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -846,9 +846,6 @@ static int link_set_bridge(Link *link) {
         assert(link);
         assert(link->network);
 
-        if(link->network->cost == 0)
-                return 0;
-
         r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m");
@@ -861,6 +858,26 @@ static int link_set_bridge(Link *link) {
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not append IFLA_PROTINFO attribute: %m");
 
+        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, link->network->bpdu_guard);
+        if (r < 0)
+                return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_GUARD attribute: %m");
+
+        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_MODE, link->network->hairpin);
+        if (r < 0)
+                return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_MODE attribute: %m");
+
+        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_FAST_LEAVE, link->network->fast_leave);
+        if (r < 0)
+                return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_FAST_LEAVE attribute: %m");
+
+        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, link->network->root_block);
+        if (r < 0)
+                return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_PROTECT attribute: %m");
+
+        r = sd_netlink_message_append_u8(req, IFLA_BRPORT_UNICAST_FLOOD, link->network->unicast_flood);
+        if (r < 0)
+                return log_link_error_errno(link, r, "Could not append IFLA_BRPORT_UNICAST_FLOOD attribute: %m");
+
         if(link->network->cost != 0) {
                 r = sd_netlink_message_append_u32(req, IFLA_BRPORT_COST, link->network->cost);
                 if (r < 0)
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 3a78c3d8a8..720f6b9d0b 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -73,6 +73,11 @@ DHCP.CriticalConnection,       config_parse_bool,                              0
 DHCP.VendorClassIdentifier,    config_parse_string,                            0,                             offsetof(Network, dhcp_vendor_class_identifier)
 DHCP.RouteMetric,              config_parse_unsigned,                          0,                             offsetof(Network, dhcp_route_metric)
 Bridge.Cost,                   config_parse_unsigned,                          0,                             offsetof(Network, cost)
+Bridge.BPDUGuard,              config_parse_bool,                              0,                             offsetof(Network, bpdu_guard)
+Bridge.HairPin,                config_parse_bool,                              0,                             offsetof(Network, hairpin)
+Bridge.FastLeave,              config_parse_bool,                              0,                             offsetof(Network, fast_leave)
+Bridge.RootBlock,              config_parse_bool,                              0,                             offsetof(Network, root_block)
+Bridge.UnicastFlood,           config_parse_bool,                              0,                             offsetof(Network, unicast_flood)
 BridgeFDB.MACAddress,          config_parse_fdb_hwaddr,                        0,                             0
 BridgeFDB.VLANId,              config_parse_fdb_vlan_id,                       0,                             0
 /* backwards compatibility: do not add new entries to this section */
diff --git a/src/network/networkd.h b/src/network/networkd.h
index fb95f90169..6418c0a536 100644
--- a/src/network/networkd.h
+++ b/src/network/networkd.h
@@ -150,6 +150,11 @@ struct Network {
 
         bool dhcp_server;
 
+        bool bpdu_guard;
+        bool hairpin;
+        bool fast_leave;
+        bool root_block;
+        bool unicast_flood;
         unsigned cost;
 
         AddressFamilyBoolean ip_forward;

From 165c41a99ab6002ef3ba6bd1f9361abf32c077f2 Mon Sep 17 00:00:00 2001
From: Susant Sahani <susant@redhat.com>
Date: Thu, 23 Jul 2015 23:33:40 +0530
Subject: [PATCH 4/4] man: add man for bridge params

---
 man/systemd.network.xml | 43 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 90a0e8fff6..d654db4993 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -668,6 +668,48 @@
       <para>The <literal>[Bridge]</literal> section accepts the
       following keys.</para>
       <variablelist class='network-directives'>
+        <varlistentry>
+          <term><varname>UnicastFlood=</varname></term>
+          <listitem>
+            <para>A boolean. UnicastFlood configures whether a given port will flood
+            unicast traffic for which there is no FDB entry. By default this
+            flag is off.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>HairPin=</varname></term>
+          <listitem>
+            <para> A boolean. Configures whether traffic may be send back
+            out of the port on which it was received.  By default, this
+            flag is false. and the bridge will not forward traffic back
+            out of the receiving port. By default the flag is off.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>BPDUGuard=</varname></term>
+          <listitem>
+            <para> A boolean. Configures whether STP Bridge Protocol Data Units will be
+            processed by the bridge port. By default, the flag is false allowing BPDU
+            processing. Turning this flag on will cause the port to stop processing
+            STP Bridge Protocol Data Units. By default the flag is off.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>FastLeave=</varname></term>
+          <listitem>
+            <para> A boolean. This flag allows the bridge to immediately stop multicast
+            traffic on a port that receives IGMP Leave message. It is only used with
+            IGMP snooping if enabled on the bridge. By default the flag is off.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>RootBlock=</varname></term>
+          <listitem>
+            <para> A boolean. Configures whether a given port is allowed to
+            become root port or not. Only used when STP is enabled on the bridge.
+            By default the flag is off.</para>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term><varname>Cost=</varname></term>
           <listitem>
@@ -678,7 +720,6 @@
         </varlistentry>
       </variablelist>
   </refsect1>
-
   <refsect1>
     <title>[BridgeFDB] Section Options</title>
       <para>The <literal>[BridgeFDB]</literal> section manages the