Felix Fietkau [Fri, 10 Nov 2023 14:34:23 +0000 (15:34 +0100)]
wireless: fix premature removal of hotplug devices due to down state
When a device is added that isn't up, status toggles can sometimes lead to a
DEV_EVENT_REMOVE event, which causes the device to be removed from an interface
or a bridge.
Fix this by toggling the dev->disabled status instead based on IFF_UP, and
adding a check to bridge/interface code to only permanently remove devices that
are actually gone.
Fixes: 516ab774cc16 ("system-linux: fix race condition on bringing up wireless devices")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 10 Nov 2023 12:53:38 +0000 (13:53 +0100)]
wireless: fix sign comparison warning
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rahul Thakur [Sat, 19 Aug 2023 03:33:46 +0000 (09:03 +0530)]
device: add support to configure eee
Add support for configurable EEE option i.e. energy efficient ethernet.
The option can be configured by adding the config for the device in the
network uci config. Example:
config device
option name 'eth0'
option eee '1'
Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
Christian Marangi [Thu, 9 Nov 2023 16:24:36 +0000 (17:24 +0100)]
system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
Changing DSA port conduit was introduced only with kernel 6.1. Fix
compilation error by disabling support for this on unsupported kernels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 9 Nov 2023 16:19:48 +0000 (17:19 +0100)]
system-linux: make system_if_get_master_ifindex static
Make system_if_get_master_ifindex static as it was wrongly exposed and
is only used in system-linux.c.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Thu, 2 Nov 2023 15:34:47 +0000 (16:34 +0100)]
system-linux: add option to configure DSA conduit device
Device might have multiple CPU port with DSA based switch and OEM
firmware might set specific port to one CPU port (for example WAN) to
sustain full gigabit traffic with the kernel.
To set them iproute2 tool is currently required.
Add support to set the DSA port conduit directly from network config
using netlink. Example:
config device
option name 'lan1'
option conduit 'eth1'
Conduit option refer to the CPU port interface. Invalid option will
simply be ignored and won't be applied similar to what iproute2 does.
Option can also be set in board.json by setting the conduit option.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Wed, 25 Oct 2023 01:27:58 +0000 (03:27 +0200)]
system-linux: add support for configurable GRO option
Add support for configurable GRO option. Some device doesn't have HW
Checksum support and may suffer from performance regression by using
GRO. Disabling GRO restore the original performance and make the device
usable again.
The option can be configured by adding the config for the device in the
network config. Example:
config device
option name 'eth0'
option gro '0'
The option can also be configured by adding the config to the
board.json.
Notice that a new "kind" of settings are introduced
"system_if_apply_settings_after_up". Option set in this function will be
executed AFTER the interface is UP. This is needed as some option
(example GRO) needs to be applied after the interface is UP and applying
them before results in error in ioctl.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Jo-Philipp Wich [Thu, 24 Aug 2023 12:43:31 +0000 (14:43 +0200)]
interface-ip: allow configuring routes without explicit interface
Support the configuration of network routes not bound to any specific
interface. In case such a route is configured, it will be internally
owned by the loopback interface and have a new DEVROUTE_NODEV flag
set to inhibit the RTA_OIF attribute when installing the kernel route.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 24 Aug 2023 12:16:00 +0000 (14:16 +0200)]
interface-ip: mask out host bits in IPv4 route targets
The kernel will reject attempts to install routes with target addresses
having host bits set with an "Invalid prefix for given prefix length"
error.
A route configuration like the one below will silently fail to apply:
config route
option interface lan
option target 10.40.40.1/24
Attempting to do the same with iproute2 will fail as well:
# ip route add 10.40.40.1/24 dev br-lan
Error: Invalid prefix for given prefix length.
However, for IPv6 route targets with set host bits are allowed:
# ip -6 route add 3000::1/64 via fe80::1234:5678:9abcd:ef01 dev br-lan
# ip -6 route list 3000::1/64
3000::/64 via fe80::1234:5678:9abc:def1 dev br-lan metric 1024 pref medium
In order to stay consistent here, and to avoid unecessary configuration
pitfalls, make netifd more lenient and simply mask out excess host bits
while parsing IPv4 route configuration.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Tue, 7 Nov 2023 12:22:06 +0000 (13:22 +0100)]
system-linux: fix race condition on bringing up wireless devices
When wireless devices are added via hotplug before their state is set to up,
adding routes to the device can fail in the kernel.
Since the up state is managed externally, use it as input for netifd's device
present state, so that they are only brought up when ready.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 6 Nov 2023 12:16:38 +0000 (13:16 +0100)]
device: fix build error on 32 bit systems
Increase size of the diff fields for uci_blob_diff calls, since the device
attribute list increased to >32 entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 3 Nov 2023 06:58:59 +0000 (07:58 +0100)]
bridge: add support for configuring vlans for auth=1,auth_status=false
This allows detecting MAC addresses via FDB learning, or snooping
unauthenticated packets on a dedicated VLAN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 2 Nov 2023 16:45:29 +0000 (17:45 +0100)]
bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
This allows auth decisions based on FDB information of the port (MAC auth)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 1 Nov 2023 08:44:26 +0000 (09:44 +0100)]
device: send notifications for device events via ubus
Send them on the network.device object
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 1 Nov 2023 05:25:16 +0000 (06:25 +0100)]
device/bridge: support passing extra vlans in the device_set_state call
This can be used by RADIUS based 802.1x auth to dynamically define the member
vlans for the port based on its authentication status.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Christian Marangi [Fri, 20 Oct 2023 10:40:27 +0000 (12:40 +0200)]
config: fix incompatible with jshn network-device entry
On parsing jshn "normalize" the entry of any non alphanumeric char to
'_'. This resulted in the secanrio where the data passed by board.json
with entry 'network-device' being converted to 'network_device', and the
system still expecting data with the original 'network-device'.
To fix this, changes needs to be done in multiple place. Any function in
core uci-defaults.sh that expect 'network-device' needs to be changed to
'network_device' and here in netifd core, we need to switch to use
'network_device' directly to prevent any conflict with jshn conversion.
The issue was exposed by commit
4ebba8a05d09 ("realtek: add support for
HPE 1920-8g-poe+") in openwrt core where board_config_load call from
03_gpio introduced the key normalization by jshn.
board.json is not considered stable and is not migrated on sysupgrade
but actually recreated with up to date data, hence no migration or
special handling are needed and the entry can be directly changed.
Ref: https://forum.openwrt.org/t/57875/2589
Ref: https://github.com/openwrt/openwrt/pull/13622
Reported-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
Fixes: 42c48866f1c1 ("config: parse default mac address from board.json")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Erik Karlsson [Tue, 19 Sep 2023 11:37:59 +0000 (13:37 +0200)]
interface: do not release device on link down
On IFPEV_DOWN, do not release the main device if the interface is
intended to be brought back up again by interface_handle_config_change
and there is no configuration change. This avoids releasing the device
and then claiming it again when link is lost.
Releasing and then claiming the device can, if the driver is
configured to power the PHY down when IFF_UP is cleared, cause the PHY
to be power cycled. This can in combination with glitchy hardware
and/or drivers where it takes a few seconds for the link to stabilize
after the PHY has been powered up cause a loop where loss of link
causes netifd to power cycle the PHY and when the PHY comes back up
the link glitches and the cycle repeats.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
Felix Fietkau [Tue, 19 Sep 2023 09:44:34 +0000 (11:44 +0200)]
wireless: update prev_config on SET_DATA notify
Fixes passing phy name from setup to teardown
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 15 Sep 2023 18:30:04 +0000 (20:30 +0200)]
wireless: dynamically enable/disable virtual interfaces base on network interface autostart
This allows disabling individual interfaces with ifup/ifdown calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 15 Sep 2023 18:12:04 +0000 (20:12 +0200)]
wireless: clean up prev_config handling
Always update prev_config directly after creating it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 15 Sep 2023 11:06:02 +0000 (13:06 +0200)]
wireless: rework and fix vlan/station config reload handling
The vif name of sections was not properly updated.
Rework the config structure to maintain stations/vlans in a vlist in the vif struct.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Daniel Golle [Thu, 31 Aug 2023 23:56:35 +0000 (00:56 +0100)]
make_ethtool_modes_h.sh: apply anti-bashism
Use 'printf' instead of 'echo -e' and use 'sed' instead of 'cut' to be
compatible with shells other than bash and not require cut.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ruiwei Chen [Sat, 25 Mar 2023 05:44:53 +0000 (13:44 +0800)]
system-linux: switch to new ETHTOOL_xLINKSETTINGS API
ETHTOOL_GSET / ETHTOOL_SSET API is deprecated since Linux v5.2
released in 2016, see torvalds/linux@
3f1ac7a700d03 ("net: ethtool: add
new ETHTOOL_xLINKSETTINGS API"). All still maintained OpenWrt versions
use kernel versions new enough to support the new API.
Hence migrate to ETHTOOL_xLINKSETTINGS API API to handle
auto-negotiation for flow-control as well as higher bandwidth like
2.5G, 5G and 10G.
Use ethtool API to switch on or off auto-negotiation of Ethernet
interfaces, and set speed and duplex accordingly in case auto-
negotiation is switched off.
Add support for flow-control settings, both manual/force mode for
RX and TX pause frames as well as advertising Pause and Asym_Pause
bits.
Instead of hard-coding the supported modes, generate a header file
describing them from <linux/ethtool.h>.
Signed-off-by: Ruiwei Chen <crwbak@gmail.com>
[generate list of link modes from toolchain headers, select by speed
and duplex, also use new API for dump function, add support for flow-
control settings]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Thu, 31 Aug 2023 09:19:04 +0000 (11:19 +0200)]
scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Prasun Maiti [Thu, 17 Aug 2023 12:17:18 +0000 (17:47 +0530)]
netifd: fix disabling radio via config if reconf is being used
Do not bypass down/up reconfig codepath if the radio is being disabled,
otherwise it will be left running.
Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix commit description]
Felix Fietkau [Mon, 17 Jul 2023 09:04:29 +0000 (11:04 +0200)]
wireless: enable dynamic reconfiguration by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 17 Jul 2023 09:03:30 +0000 (11:03 +0200)]
wireless: add support for replacing data blobs at runtime
Needed for dynamic reconfiguration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 3 Jul 2023 09:09:08 +0000 (11:09 +0200)]
bridge: fix config reload on 32 bit systems
unsigned long diff overflows and needs to be turned into an array
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Jun 2023 10:27:02 +0000 (12:27 +0200)]
wireless: fix another reconf issue
Defer handling wdev config updates until the entire config has been processed.
Fixes an issue where only the changes of the first modified vif would be accepted
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 28 Jun 2023 12:35:46 +0000 (14:35 +0200)]
wireless: fix handling config reload with reconf=1
If reload triggers while the wdev is up, and reconf is set to 1, run the
setup handler immediately, otherwise the change will not be applied.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 28 Jun 2023 12:22:15 +0000 (14:22 +0200)]
wireless: fix changing reconf/serialize options in configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 27 Jun 2023 08:48:26 +0000 (10:48 +0200)]
bridge: add support for configuring extra vlans for the bridge itself
Can be configured in the same way as extra bridge member vlans
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Christian Marangi [Sat, 24 Jun 2023 12:34:12 +0000 (14:34 +0200)]
bridge: fix coverity false positive report
Fix Coverity Defect
1532481 reporting a Resource leak when
!bm->node.avl.key is false in bridge_hotplug_add.
This is not a real issue, since bm->node.avl.key is always NULL for newly
allocated entries and guaranteed to be non-NULL for entries returned by
vlist_find.
Fixes: edf3aced9f9a ("bridge: add support for adding vlan ranges via hotplug")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 23 Jun 2023 10:36:51 +0000 (12:36 +0200)]
bridge: add support for adding vlan ranges via hotplug
This simplifies using wireless devices as VLAN trunking ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 23 Jun 2023 09:48:20 +0000 (11:48 +0200)]
bridge: make hotplug-added vlans default to tagged
This simplifies adding extra vlans and ranges
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 23 Jun 2023 08:17:45 +0000 (10:17 +0200)]
bridge: add support for configuring extra tagged vlans on member devices
This can be used to allow trunking dynamically allocated VLANs into a specific
member port. In order to use this, add a device section for the member port with
the 'vlan' array option, which can contain vlan numbers or ranges.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 21 Jun 2023 18:47:05 +0000 (20:47 +0200)]
wireless: add network_vlan config attribute
This can be used to make a wireless interface/vlan a tagged member of extra VLANs.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 21 Jun 2023 18:46:24 +0000 (20:46 +0200)]
vlan/vlandev: pass through extra vlan information passed via hotplug
This adds support for adding extra tagged VLANs in addition to the primary one
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 4 Jun 2023 16:34:01 +0000 (18:34 +0200)]
system-linux: fix memory leak in system_bridge_vlan_check
The message passed to nl_send_auto_complete still needs to be freed
even in the normal path
Fixes: https://github.com/openwrt/netifd/issues/4
Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Petr Štetiar [Thu, 9 Mar 2023 13:57:51 +0000 (14:57 +0100)]
bridge: bridge_dump_info: add dumping of bridge attributes
There are internal decisions being made using several bridge attributes
like for example in bridge_reload(), but those attributes are not
available for the outside inspection, thus hard to follow.
So lets make inspection easier and simply just add dumping of those
bridge attributes as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 9 Mar 2023 08:30:19 +0000 (09:30 +0100)]
bridge: make it more clear why the config was applied
In some cases we see, that the bridge configuration was applied, but its
not exactly clear why it was done, so lets add a simple debugging output
which should provide currently missing clue.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Wed, 29 Mar 2023 07:29:54 +0000 (09:29 +0200)]
cmake: fix build by reordering the cflags definitions
I've noticed bunch of build errors being emitted by clang-15/gcc-10:
netifd.h:83:33: error: unused parameter 'level' [-Werror,-Wunused-parameter]
and it seems, that the order of definitions matters as -Wextra probably
enables previously disabled warnings like -Wno-unused-parameter.
So lets fix it, by reordering the cflags definitions.
Fixes: 463a1207f076 ("netifd: Activate -Wextra compile warnings")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Wed, 29 Mar 2023 07:45:04 +0000 (09:45 +0200)]
treewide: fix multiple compiler warnings
Fixes bunch of clang-15/gcc-10 compiler warnings, mostly related to
blobmsg_for_each_attr() usage:
error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Felix Fietkau [Thu, 4 May 2023 13:14:59 +0000 (15:14 +0200)]
bridge: remove stray newline from device status vlan port list
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 17 Apr 2023 11:11:53 +0000 (13:11 +0200)]
device: fix segfault when recreating devices
Depending on the configuration, the callback on device_release could end up
deleting the device_dep from the list. If that happens, it must not be added
back to the recreated device, since that leads to use-after-free issues.
Check dep->dev before adding it back.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hauke Mehrtens [Sun, 12 Feb 2023 20:02:08 +0000 (21:02 +0100)]
netifd: Activate -Wextra compile warnings
This activates some more compile warnings.
-pedantic is not yet activated, then we see too many errors which I do
not know how to mitigate.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 20:38:04 +0000 (21:38 +0100)]
netifd: Explicitly zero initialize variables
The -pedantic option was complaining about the old initialization and
prefers if it is explicitly initialized to zero.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:14 +0000 (21:07 +0100)]
netifd: Do not return values in void function
These two functions return void, do not try to return a parameter.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:31 +0000 (21:07 +0100)]
netifd: Fix multiple -Wsign-compare warnings
This fixes warnings like this:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
Mostly this was an int compared to a size_t returned by ARRAY_SIZE().
The easiest fix is to count on the size_t type.
The ifindex is sometimes an unsigned int and sometimes a signed int in
the kernel interfaces. I think it normally fits into an unsigned 16 bit
value, so this should be fine. Do the one comparison where the
compiler complains as a long.
Casting the result of sizeof() to int should be safe. These values are
never out of range of int.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 20:01:57 +0000 (21:01 +0100)]
netifd: bridge: Fix format string position
This fixes the following compile error:
error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
blobmsg_printf() has the following signature:
int blobmsg_printf(struct blob_buf *buf, const char *name, const char *format, ...)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Felix Fietkau [Fri, 30 Dec 2022 15:38:41 +0000 (16:38 +0100)]
device: fix vlan device issues with disappearing lower devices
In some cases, if a VLAN is created on top of a bridge, a config reload
can lead to the bridge being torn down while netifd still considers the
VLAN device to be up.
In that case even a setup retry of an interface on top of the vlan does
not recreate the vlan device, because it is still claimed.
Fix this by releasing all device claims whenever a device goes away.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 30 Dec 2022 14:16:50 +0000 (15:16 +0100)]
vlandev: propagate topology changes
Same as vlan
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Dec 2022 18:56:08 +0000 (19:56 +0100)]
utils: include utils.h last
Fixes conflict with some system headers that use the fallthrough keyword
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Dec 2022 18:55:30 +0000 (19:55 +0100)]
system: move netdev types to system-linux.c where they are used
Fixes compile error on non-linux systems (used for testing)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 19 Dec 2022 17:15:01 +0000 (18:15 +0100)]
wireless: add support for disabling multicast-to-unicast per virtual interface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 30 Sep 2022 12:34:44 +0000 (14:34 +0200)]
wireless: allow set_retry ubus notify command to trigger a wdev restart
This can be used to retry bringing up a wireless device after receiving a
hotplug event
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jo-Philipp Wich [Thu, 17 Nov 2022 08:09:09 +0000 (09:09 +0100)]
treewide: correctly apply IFNAMSIZ limit
The `IFNAMSIZ` macro defines the required buffer size to hold a Linux
interface name including the terminating zero byte while netifd currently
uses an `IFNAMSIZ + 1` limit for interface name buffers.
This causes netifd to use overlong names (16 instead of 15 bytes) in
netlink communication with the kernel, leading to netlink failure replies
due to policy violations.
Fix this issue by applying the correct length, that is `IFNAMSIZ` directly,
to the corresponding buffers.
Ref: https://github.com/openwrt/openwrt/issues/11259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Thu, 25 Aug 2022 19:09:24 +0000 (21:09 +0200)]
interface: fix use-after-free bug when rewriting resolv.conf
After the call to interface_handle_config_change, the iface pointer will no
longer be valid if the interface has been deleted from the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Joerg Werner [Mon, 15 Aug 2022 12:10:22 +0000 (14:10 +0200)]
netifd: fix WPA3 enterprise ciphers
WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
Rafał Miłecki [Wed, 27 Jul 2022 05:34:39 +0000 (07:34 +0200)]
interface: support "zone" config option
Many protocol handlers support "zone" option independently and they pass
it in the "data". Then it's read e.g. by a firewall[34].
Add support for "zone" directly to the netifd so:
1. It works for all protocols
2. Handlers don't have to duplicate code
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Junnan Xu [Tue, 31 May 2022 14:31:19 +0000 (22:31 +0800)]
interface-ip: fix memory corruption bug when using jail network namespaces
memory corruption when resolv_conf specified by input -r parameters
and the resolv_conf length less than "/tmp/resolv.conf-.d/resolv.conf.auto"
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
Daniel Golle [Sun, 3 Apr 2022 12:02:22 +0000 (13:02 +0100)]
netifd: fix hwmode for 60g band
hwmode should be set to 'ad' for 60g band.
Reported-by: herman@zeilsteenfilm.nl
Fixes: 62e3cb5 ("scripts/netifd-wireless.sh: add support for specifying the operating band")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Thu, 19 May 2022 15:21:23 +0000 (17:21 +0200)]
interface-ip: add support for excluding interfaces in host route lookup
When adding host routes needed for an interface to communicate, it may be
necessary to skip the interface itself, in case it provides a default route.
This helps with avoiding accidental loops
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 19 May 2022 14:45:52 +0000 (16:45 +0200)]
interface-ip: unify host and proto route handling
Make host routes use the same update logic as regular proto routes, including
the enable/disable handling.
This avoids unnecessary remove/add cycles when adding the same host route
multiple times
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Petr Štetiar [Sun, 20 Feb 2022 09:41:53 +0000 (10:41 +0100)]
cmake: fix usage of implicit library and include paths
And thus allow building in out of tree setups etc.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Julian Squires [Fri, 30 Apr 2021 14:30:37 +0000 (12:00 -0230)]
netifd: interface-ip: don't set fib6 policies if ipv6 disabled
If IPv6 is disabled on a device, netifd still creates rules for it:
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000002: from all iif eth0 lookup unspec 12
4200000003: from all iif eth1 lookup unspec 12
When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.
This change only sets up the v6 rules if ipv6 is enabled on the
device.
Signed-off-by: Julian Squires <julian@cipht.net>
Jo-Philipp Wich [Fri, 4 Feb 2022 18:06:52 +0000 (19:06 +0100)]
system-linux: expose hw-tc-offload ethtool feature in device status dump
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Tue, 1 Feb 2022 11:53:50 +0000 (12:53 +0100)]
system-linux: add wrapper function for creating link config messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 1 Feb 2022 10:58:44 +0000 (11:58 +0100)]
system-linux: delete bridge devices using netlink
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 1 Feb 2022 10:56:54 +0000 (11:56 +0100)]
system-linux: create bridge devices using netlink
The legacy ioctl + sysfs configuration is deprecated, and the netlink code
is smaller and easier to read
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Matthew Hagan [Sun, 16 Jan 2022 00:21:17 +0000 (00:21 +0000)]
iprule: add support for uidrange
Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 14 Jan 2022 20:27:39 +0000 (21:27 +0100)]
system: fix compilation with glibc 2.34
Fixes ARPHRD_PHONET/ARPHRD_PHONET_PIPE undeclared compilation error with
glibc 2.34
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 12 Jan 2022 19:39:04 +0000 (20:39 +0100)]
Revert "netifd: add devtype to ubus call"
This reverts commit
7ccbf08570619a4d3eccf6401791075908bb1d78 as the
commit accidently slipped into the git tree
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Florian Eckert [Tue, 11 Jan 2022 14:42:59 +0000 (15:42 +0100)]
netifd: add devtype to ubus call
Every network device has a type but there is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> string
in the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [commit rewording]
Florian Eckert [Thu, 9 Dec 2021 15:18:19 +0000 (16:18 +0100)]
netifd: add devtype to ubus call
Every network device has a type. There is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> sring in
the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Vladislav Grigoryev [Thu, 2 Dec 2021 11:26:49 +0000 (14:26 +0300)]
netifd: allow disabling rule/rule6 config sections
Allow disabling IP rules similar to routes:
https://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=
327da9895327bc56b23413ee91a6e6b6e0e4329d
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
Alin Nastac [Mon, 15 Nov 2021 15:54:43 +0000 (16:54 +0100)]
interface-ip: add support for IPv6 prefix invalidation
On dhcpv6 interfaces, DHCPv6 server might invalidate previous
PD by advertising it with valid lifetime set to 0. In this case,
netifd must immediately remove PD assignments.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Luiz Angelo Daros de Luca [Tue, 23 Nov 2021 02:04:51 +0000 (23:04 -0300)]
interface-ip: use metric when looking for a route
When there were multiple routes with the same target but different
metrics, __find_ip_route_target was returning the first one,
independently of the metric.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Stijn Tintel [Tue, 23 Nov 2021 15:57:06 +0000 (17:57 +0200)]
main: fix hotplug script usage message
Commit
41842d3f9173 introduced a new command line option, and its usage
message was added in between the two lines of the hotplug script usage
message. Move both lines back together.
Fixes: 41842d3f9173 ("add some code for keeping track of dns servers ...")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Hans Dedecker [Sat, 9 Oct 2021 19:14:59 +0000 (21:14 +0200)]
system-linux: fix deletion of ip tunnels (FS#4058)
The deletion of IP tunnels via the ioctl interface is broken; instead of
fixing the ioctl interface switch to the netlink based interface to delete
IP tunnel devices as this simplifies and unifies the code
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Thu, 21 Oct 2021 09:28:35 +0000 (11:28 +0200)]
wireless: fix handling vif attributes on reload with mode change
When switching from AP to station mode, some AP specific flags such as proxyarp
could become sticky and lead to hairpin being enabled on the sta interface.
Fix this by ensuring that vif fields are always properly rewritten
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 20 Oct 2021 19:09:32 +0000 (21:09 +0200)]
wireless: fix creating AP mode WDS station interfaces
Ensure that devices are created without attempting to create a VLAN chain
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Daniel Golle [Mon, 11 Oct 2021 23:17:26 +0000 (00:17 +0100)]
interface, ubus: rework netns up/down
Let per-container netifd instance handle the netns bringdown, it makes
everything easier and gets rid of the fork() when bringing down
container network interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 11 Oct 2021 22:51:08 +0000 (23:51 +0100)]
interface: don't fork() to start jail interface
As we got a persistent per-netns-jail instance of netifd now which
handles interface configuration we no longer need to fork() the host
netifd to bring up jail interfaces.
The follow-up commit will deal with stopping jail interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Wed, 29 Sep 2021 13:16:33 +0000 (15:16 +0200)]
wireless: fix index for stations
Use wdev->sta_idx instead of the VLAN counter wdev->vlan_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Sep 2021 12:59:11 +0000 (14:59 +0200)]
wireless: reset retry counter when setup succeeds
A wireless device restart cycle can be triggered if a tracked process
(e.g. hostapd) dies and is restarted, and this left the retry counter
untouched
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Sep 2021 11:29:22 +0000 (13:29 +0200)]
wireless: reset number of retries on config change
Ensure that enough retries are performed, just like on a user triggered
down/up cycle.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Sep 2021 12:45:16 +0000 (14:45 +0200)]
main: poll process log stream even if processes are killed
Ensures that pending log messages are still received
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Sep 2021 12:03:55 +0000 (14:03 +0200)]
wireless: process and close script file descriptor when rerunning setup
On reloading, setup is called without a teardown, so the previous fd might
still be open. Clear it to avoid a leak.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 29 Sep 2021 12:35:56 +0000 (14:35 +0200)]
wireless: display log messages for setup/teardown/retry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Andre Heider [Tue, 28 Sep 2021 11:29:27 +0000 (13:29 +0200)]
wireless: fix applying wireless devices attributes on hotplug events
Hotplug events pass their own 'ifname' copy, so we need to compare the
strings, not just the pointers.
Additionally, the check condition was accidentally inverted
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 27 Sep 2021 16:56:21 +0000 (18:56 +0200)]
netifd: rework/fix device free handling
Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 21 Sep 2021 16:04:32 +0000 (18:04 +0200)]
bonding: claim the port device before creating the bonding device
Avoids create/destroy cycles of the bonding device if the port devices are unavailable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 20 Sep 2021 16:00:03 +0000 (18:00 +0200)]
wireless: only enable proxyarp/isolate for AP vifs
The settings might be present in the config as leftovers when switching
a vif from AP to sta mode. In that case, they will not be applied by wpad,
so they also must not be used by netifd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 20 Sep 2021 15:55:39 +0000 (17:55 +0200)]
wireless: only apply wireless device attributes to the base vif interface
Per-station interfaces in 4-addr AP mode must not inherit them, because
this can cause reflected packets by enabling hairpin mode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 2 Sep 2021 18:26:33 +0000 (20:26 +0200)]
device: add support for configuring bonding devices
Supported options:
- ports: member devices
- policy: bonding policy
supported values:
- balance-rr
- active-backup
- balance-xor
- broadcast
- 802.3ad
- balance-tlb
- balance-alb
- xmit_hash_policy: slave selection tx hash policy
supported values:
- layer2
- layer2+3
- layer3+4
- encap2+3
- encap3+4
- all_ports_active: allow receiving on inactive ports
- min_links: minimum number of active links
- ad_actor_system: LACPDU exchange MAC address
- ad_actor_sys_prio: LACPDU priority value
- ad_select: 802.3ad aggregation logic
supported values:
- stable
- bandwidth
- count
- lacp_rate: 802.3ad LACPDU packet rate
supported values:
- slow (every 30 seconds)
- fast (every second)
- packets_per_port: number of packets before switching
ports (balance-rr mode).
- lp_interval: number of seconds between sent learning packets
- dynamic_lb: distribute traffic according to port load
- resend_igmp: number if IGMP membership updates after failover event
- num_peer_notif: number of tx unsolicited ARP/NA after failover event
- primary: name of the primary port
- primary_reselect: primary port reselection policy
supported values:
- always
- better
- failure
- failover_mac: MAC address selection policy
supported values:
- none
- active
- follow
- monitor_mode: select ARP or MII link monitor:
supported values:
- arp
- mii
- monitor_interval: link monitor update interval (msec)
- arp_target: ARP monitor target IP address (list)
- arp_all_targets: all targets must be reachable to consider the link valid
- arp_validate: ARP validation policy
supported values:
- none
- active
- backup
- all
- filter
- filter_active
- filter_backup
- use_carrier: use carrier status instead of MII ioctl result
- updelay: delay before enabling port after MII link up event (msec)
- downdelay: delay before disabling port after MII link down event (msec)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 1 Sep 2021 17:00:41 +0000 (19:00 +0200)]
wireless: improve reliability of proxyarp support
instead of relying on hostapd to manipulate bridge attributes (which can race
against netifd adding/removing of member ports), set the proxyarp related
attributes in netifd directly when bringing up the member port
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 31 Aug 2021 19:01:40 +0000 (21:01 +0200)]
system-linux: remove copy&paste from /proc and /sys path names
Preparation for making the /proc and /sys path configurable for configuring
containers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 27 Aug 2021 10:15:07 +0000 (12:15 +0200)]
wireless: always enable bpdu filter for AP interfaces and VLANs
Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 24 Aug 2021 15:16:05 +0000 (17:16 +0200)]
bridge: tune default stp parameters
The default forwarding delay 2 is broken and makes STP non-functional by
default. The kernel's default of 15 is rather long.
This commit changes makes the timer settings more aggressive than the
kernel's default while still being consistent and allowing proper
convergence for a network diameter up to 4
Signed-off-by: Felix Fietkau <nbd@nbd.name>