bridge: allow member interface vlan to be configured
Add two new bridge(4) interface options, 'vlanfilter' and 'untagged':
- ifconfig bridge0 vlanfilter ix0
- ifconfig bridge0 -vlanfilter ix0
- ifconfig bridge0 untagged ix0 20
- ifconfig bridge0 -untagged ix0
Setting 'vlanfilter' causes the bridge to filter ingress and egress
traffic on that interface based on the frame's VLAN, rather than simply
passing all frames. By default, an interface is not permitted on any
VLANs, so all frames will be dropped.
Setting 'untagged' allows the interface to send and receive untagged
traffic in the given VLAN, allowing two (or more) interfaces in the
same VLAN to communicate with each other, but not with any other
interface.
Setting 'untagged' on an interface automatically enables 'vlanfilter'
as well. The untagged VLAN may be removed using the '-untagged'
option, but this does not disable VLAN filtering automatically.
Tagged frames may not be sent or received on a port with VLAN filtering
enabled.
Update bridge.4 to document this change, and also add an overview of the
existing vlan/.1q support in if_bridge.
Basic tests for the new functionality are included.
Bump __FreeBSD_version for struct ibfreq ABI change.
Reviewed by: kevans, kp
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D49993