--- zzzz-none-000/linux-4.4.271/net/bridge/Kconfig	2021-06-03 06:22:09.000000000 +0000
+++ hawkeye-5590-750/linux-4.4.271/net/bridge/Kconfig	2023-04-19 10:22:30.000000000 +0000
@@ -33,6 +33,24 @@
 
 	  If unsure, say N.
 
+config AVM_BRIDGE_FLOOD_RATELIMITER
+	bool "Port flood rate limiting"
+	depends on AVM_ENHANCED
+	depends on BRIDGE
+	default y
+	---help---
+	  AVM extension
+
+	  This enables a simple, configurable bridge flood rate limiting mechanism, to
+	  help protect accidental or willful network loops. You can configure a
+	  maximum packet rate and a reserve. The reserve can be higher to allow for
+	  short bursts.
+
+	  The ratelimiter will only limit packets which are forwarded on all ports.
+	  Traffic (unicast and multicast) that is forwarded to specific ports is
+	  unaffected. Locally generated traffic is unaffected as well. It is
+	  disabled by default and must be configured through sysfs.
+
 config BRIDGE_IGMP_SNOOPING
 	bool "IGMP/MLD snooping"
 	depends on BRIDGE
@@ -47,6 +65,38 @@
 
 	  If unsure, say Y.
 
+config AVM_BRIDGE_MULTICAST_TO_UNICAST
+	bool "bridge multicast to unicast conversion"
+	depends on BRIDGE_IGMP_SNOOPING
+	default y
+	---help---
+	  AVM extension
+
+	  If you say Y here, then the Ethernet bridge ports record the source
+	  MAC addresses of IGMP report senders, and perform a multicast-to-unicast
+	  conversion (Layer 2) before forwarding corresponding multicast packets. This
+	  is useful in wireless networks where multicast traffic is severely limited
+	  by 802.11.
+
+	  Even with this being configured, the feature must be turned on on a per-port
+	  basis at runtime.
+
+	  Say N to exclude this support and reduce the binary size.
+
+	  If unsure, say Y.
+
+config AVM_BRIDGE_MULTICAST_TO_UNICAST_DEFAULT_THRESHOLD
+	int "multicast to unicast default threshold"
+	depends on AVM_BRIDGE_MULTICAST_TO_UNICAST
+	default 3
+	---help---
+	  AVM extension
+
+	  This selects the default threshold for switching from multicast-as-unicast
+	  transmission back to plain multicast. This is really only the default,
+	  the threshold can be configured on a per port basis on sysfs. The threshold
+	  is multicast group specific.
+
 config BRIDGE_VLAN_FILTERING
 	bool "VLAN filtering"
 	depends on BRIDGE
@@ -60,3 +110,22 @@
 	  Say N to exclude this support and reduce the binary size.
 
 	  If unsure, say Y.
+
+config AVM_BRIDGE_ISOLATION
+	bool "Isolate bridge ports from each other"
+	depends on BRIDGE
+	depends on NETFILTER
+	depends on SYSFS
+	depends on AVM_ENHANCED
+	default y
+	---help---
+	  AVM extension
+
+	  This feature allows to create isolated bridge ports pairs, so that clients
+	  connected through an isolated port cannot communicate with clients
+	  behind other isolated ports. Traffic flowing from/to non-isolated ports
+	  is not affected.
+
+	  This is implemented in a bridge netfilter hook, therefore
+	  at least one of net.bridge.br-nf-call-* sysctl must be enabled.
+	  net.bridge.br-nf-call-custom is sufficient.