project/netifd.git
4 years agosystem-linux: add retry for adding member devices to a bridge
Felix Fietkau [Mon, 23 Nov 2020 11:42:36 +0000 (12:42 +0100)]
system-linux: add retry for adding member devices to a bridge

When netifd tries to add bridge members brought up by hostapd asynchronously
(e.g. after an autochannel run), the first try often fails with EBUSY or
EAGAIN, since it's racing against hostapd's own setup.
Add retry logic, which includes checking if the device was added to the
bridge in the meantime to deal with this issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agosystem-linux: implement full device present state management for force-external devices
Felix Fietkau [Mon, 23 Nov 2020 11:11:42 +0000 (12:11 +0100)]
system-linux: implement full device present state management for force-external devices

We need to detect when devices are present, because they can be created
asynchronously by hostapd after they have already been added by the wifi
setup script

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge-vlan: add support for defining aliases for vlan ids
Felix Fietkau [Fri, 20 Nov 2020 17:58:10 +0000 (18:58 +0100)]
bridge-vlan: add support for defining aliases for vlan ids

When defining a bridge-vlan like this:

config bridge-vlan
option device 'switch0'
option vlan '1'
option ports 'lan1 lan2 lan3 lan4'
option alias 'lan'

You can use switch0.lan instead of switch0.1 to refer to the VLAN.
This ensures that the VLAN ID can be kept in a single place in the config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agointerface: do not force link-ext hotplug interfaces to present by default
Felix Fietkau [Fri, 20 Nov 2020 12:49:00 +0000 (13:49 +0100)]
interface: do not force link-ext hotplug interfaces to present by default

On wireless interfaces, hostapd can sometimes defer the bringup of secondary
virtual interfaces until autochannel or coex scan completes.
Do not force the present state in that case in order to avoid attempting
to bring up the device before it is ready

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoconfig: initialize bridge and bridge vlans before other devices
Felix Fietkau [Wed, 18 Nov 2020 14:15:01 +0000 (15:15 +0100)]
config: initialize bridge and bridge vlans before other devices

This allows vlan devices to access bridge vlan data safely, regardless
of the order in which sections appear in the config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agowireless: fix passing bridge name for vlan hotplug pass-through
Felix Fietkau [Wed, 18 Nov 2020 12:38:17 +0000 (13:38 +0100)]
wireless: fix passing bridge name for vlan hotplug pass-through

When preparing the interface for hotplug add, pass the bridge
device back to the caller, since it may not match the original device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agosystem-linux: only overwrite dev->present state on check_state for simple devices
Felix Fietkau [Fri, 13 Nov 2020 11:44:56 +0000 (12:44 +0100)]
system-linux: only overwrite dev->present state on check_state for simple devices

After settting config_pending for vlan devices, a check_state call from
device_init_pending was leading to the vlan device present state being
overwritten because the linux device didn't exist yet, even though the
vlan code had already indicated its present state based on the lower dev.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: only overwrite implicit vlan assignment if vlans are configured
Felix Fietkau [Thu, 5 Nov 2020 11:00:12 +0000 (12:00 +0100)]
bridge: only overwrite implicit vlan assignment if vlans are configured

When VLAN filtering is enabled, but no vlans are defined, the implicit
VLANs should stay, so that forwarding between ports still works.
This is useful for setups where VLANs are assigned by external scripts
instead of being configured via netifd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agosystem-dummy: set present state only for simple devices
Felix Fietkau [Thu, 5 Nov 2020 10:58:40 +0000 (11:58 +0100)]
system-dummy: set present state only for simple devices

Fixes an issue with bringing up VLANs/bridges too early

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: fix use-after-free bug on bridge member free
Felix Fietkau [Wed, 4 Nov 2020 15:20:14 +0000 (16:20 +0100)]
bridge: fix use-after-free bug on bridge member free

When removing the device reference, the core might free the device.
Use device_lock/unlock to keep the reference valid until it is no longer needed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: preserve hotplug ports on vlan update if config is unchanged
Felix Fietkau [Wed, 4 Nov 2020 11:19:20 +0000 (12:19 +0100)]
bridge: preserve hotplug ports on vlan update if config is unchanged

Fixes cleanup of port state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: show vlans in device status
Felix Fietkau [Wed, 28 Oct 2020 17:54:39 +0000 (18:54 +0100)]
bridge: show vlans in device status

List vlans with member ports, VLAN IDs and flags

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agovlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
Felix Fietkau [Fri, 7 Aug 2020 12:33:33 +0000 (14:33 +0200)]
vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge

Only used for 802.1q devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agovlan: add pass-through hotplug ops that pass the VLAN info to the bridge
Felix Fietkau [Fri, 7 Aug 2020 12:26:33 +0000 (14:26 +0200)]
vlan: add pass-through hotplug ops that pass the VLAN info to the bridge

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: add support for defining port member vlans via hotplug ops
Felix Fietkau [Fri, 7 Aug 2020 12:19:06 +0000 (14:19 +0200)]
bridge: add support for defining port member vlans via hotplug ops

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agointerface: proto_ip: order by address index first
Yousong Zhou [Tue, 20 Oct 2020 02:49:18 +0000 (10:49 +0800)]
interface: proto_ip: order by address index first

At the moment, dnsmasq initscript generates dhcp-range for an interface
by inspecting first address of that interface from netifd ubus output.

Order by address index as specified in the uci config makes netifd ubus
output consistent with linux network interfaces' primary/secondary
address settings.  More importantly, the ubus output and dnsmasq config
generation will be more predictable.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agodevice_addr: record address index as in the blob
Yousong Zhou [Wed, 21 Oct 2020 02:50:54 +0000 (10:50 +0800)]
device_addr: record address index as in the blob

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoproto: rework parse_addr to return struct device_addr
Yousong Zhou [Wed, 14 Oct 2020 06:37:13 +0000 (14:37 +0800)]
proto: rework parse_addr to return struct device_addr

This is a preparation for the next commit to record address index for
the returned device_addr struct

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agobuild: find and use libnl header dirs
Yousong Zhou [Wed, 14 Oct 2020 08:04:01 +0000 (16:04 +0800)]
build: find and use libnl header dirs

Name of the libnl .pc file is libnl-3.0.pc

This commit is mainly for testing netifd build on usual Linux systems.

netifd Makefile in current OpenWrt build system specifies custom cmake
flags to directly point to libnl-tiny

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agosystem-linux: initialize ifreq struct before using it
Alin Nastac [Thu, 8 Oct 2020 11:31:37 +0000 (13:31 +0200)]
system-linux: initialize ifreq struct before using it

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
4 years agonetifd: vxlan: add aging and maxaddress options
Johannes Kimmel [Fri, 4 Sep 2020 02:59:43 +0000 (04:59 +0200)]
netifd: vxlan: add aging and maxaddress options

For both options the values can just be passed to the kernel. All
unsigned values are accepted, thus no range checking required.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
4 years agonetifd: vxlan: add most missing boolean options
Johannes Kimmel [Fri, 4 Sep 2020 02:59:42 +0000 (04:59 +0200)]
netifd: vxlan: add most missing boolean options

adds the folloing missing options:
  - learning
  - rsc
  - proxy
  - l2miss
  - l3miss
  - gbp

See ip-link(3) for their meaning.

still missing:
  - external
  - gpe

I'm not sure how to handle them at the moment. It's unclear to me what
IFLA_VXLAN_* value corresponds to the 'external' option and according to
the manpage, gpe depends on it.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
4 years agonetifd: vxlan: refactor mapping of boolean attrs
Johannes Kimmel [Fri, 4 Sep 2020 02:59:41 +0000 (04:59 +0200)]
netifd: vxlan: refactor mapping of boolean attrs

Add a small function to handle boolean options and make use of it to handle:
  - rxcsum
  - txcsum

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
4 years agonetifd: vxlan: handle srcport range
Johannes Kimmel [Fri, 4 Sep 2020 02:59:40 +0000 (04:59 +0200)]
netifd: vxlan: handle srcport range

This adds adds the ability to set the source port range for vxlan
interfaces.

By default vxlans will use a random port within the ephermal range as
source ports for packets. This is done to aid scaleability within a
datacenter.

But with these defaults it's impossible to punch through NATs or
traverese most stateful firewalls easily. One solution is to fix the
srcport to the same as dstport.

If only srcportmin is specified, then srcportmax is set in a way that
outgoing packets will only use srcportmin.

If a range is to be specified, srcportmin and srcportmax have to be
specified. srcportmax is exclusive.

If only srcportmax is specified, the value is ignored and defaults are
used.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
4 years agonetifd-wireless: parse 'osen' encryption
Daniel Golle [Tue, 8 Sep 2020 16:33:29 +0000 (17:33 +0100)]
netifd-wireless: parse 'osen' encryption

Support Hotspot 2.0 online signup with encryption, either as only
encryption type of a dedicated SSID or together with WPA-EAP for
single SSID setups.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agointerface-ip: clear host bits of the device prefix
Hans Dedecker [Sun, 9 Aug 2020 20:46:54 +0000 (22:46 +0200)]
interface-ip: clear host bits of the device prefix

Clear the host bits of the device prefix in
interface_ip_add_device_prefix as interface_set_prefix_address just ORs
the calculated assignment part which would lead to an invalid IPv6
address if the host bits are not masked out

Suggested-by: Daniel Gröber <dxld@darkboxed.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agobridge: flush vlan list on bridge free
Felix Fietkau [Fri, 7 Aug 2020 10:07:53 +0000 (12:07 +0200)]
bridge: flush vlan list on bridge free

Fixes a potential memory leak

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agodevice: look up full device name before traversing vlan chain
Felix Fietkau [Mon, 27 Jul 2020 11:27:52 +0000 (13:27 +0200)]
device: look up full device name before traversing vlan chain

The user may have configured a VLAN device with explicit settings and the same
name by adding a config device section

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoconfig: enable bridge vlan filtering by default for bridges that define VLANs
Felix Fietkau [Sat, 18 Jul 2020 10:01:23 +0000 (12:01 +0200)]
config: enable bridge vlan filtering by default for bridges that define VLANs

Only enables it if the config option is not present. It can still be disabled.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: add support for VLAN filtering
Felix Fietkau [Wed, 15 Jul 2020 15:18:20 +0000 (17:18 +0200)]
bridge: add support for VLAN filtering

VLANs can be defined using bridge-vlan sections, like the following example:

config bridge-vlan
option device 'switch0'
option vlan '1'
option ports "lan1 lan2 lan3 lan4:t*"

Each member port can be confgured with optional attributes after ':'
 - t: member port is tagged
 - *: This is the primary VLAN for the port (PVID)

VLAN member interfaces are automatically added as bridge members

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: add support for adding vlans to a bridge
John Crispin [Sun, 12 Jul 2020 16:50:19 +0000 (18:50 +0200)]
bridge: add support for adding vlans to a bridge

Add a rtnl helper for adding vlans to a bridge interface.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agobridge: add support for turning on vlan_filtering
John Crispin [Sun, 12 Jul 2020 16:50:18 +0000 (18:50 +0200)]
bridge: add support for turning on vlan_filtering

If we want a bridge to be vlan aware we need to be able to turn on
filtering.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agosystem-dummy: fix resolving ifindex
Felix Fietkau [Sat, 18 Jul 2020 14:03:18 +0000 (16:03 +0200)]
system-dummy: fix resolving ifindex

Fixes bringup of devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agodevice: do not check state from within device_init
Felix Fietkau [Sat, 18 Jul 2020 12:58:15 +0000 (14:58 +0200)]
device: do not check state from within device_init

At this point the device is usually not fully set up yet and cannot handle
state changes / bringup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agovlan: initialize device ifname earlier at creation time
Felix Fietkau [Sat, 18 Jul 2020 12:26:07 +0000 (14:26 +0200)]
vlan: initialize device ifname earlier at creation time

Avoids attempting to add the device with an empty string as ifname

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agoutils: fix check_pid_path to work with deleted file as well
Karel Kočí [Thu, 2 Jul 2020 10:49:56 +0000 (12:49 +0200)]
utils: fix check_pid_path to work with deleted file as well

check_pid_patch is checking if process with given PID and executable
path is running. If this code fails the rest of the code can be
convinced that program is no longer running and possibly spawns new
instance that can collide with already running one. This behavior was
reproduced with hostapd.

Symbolic link exe in process subdirectory in /proc points to original
executable. The problem is that it reads as original path plus string
' (deleted)' if file is removed. The process is still running but
original file is no longer available on files system.

This behavior is triggered not only when file is removed (unlinked) but
also when file is replaced. This happens clearly on package update. In
general this happens any time all references (hard links) to file are
removed from file system.

This is not ultimate fix as exe link points to any last reference on
file system with preference for original one. The problem is if there
are multiple references and the original one is removed. This can be
reproduced just by copying executable (hard linking) and unlinking the
original one. In such case exe link would point to copy and not to
original deleted one.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
4 years agosystem-linux: improve handling of device rename
Kristian Evensen [Wed, 11 Mar 2020 13:13:10 +0000 (14:13 +0100)]
system-linux: improve handling of device rename

After an interface has been renamed on a "fast" device (for example
x86_64), the interface is sometimes not handled correctly by netifd.
Looking in the logs, I see the following messages when renaming fails:

Wed Mar 11 08:52:44 2020 kern.info kernel: [68383.522038] igb 0000:03:00.0 nlw_1: renamed from eth2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: __device_add_user(710): Add user for device 'nlw_1', refcount=2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(413): Claim Network device nlw_1, new active count: 2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(432): claim Network device nlw_1 failed: -1

Instrumenting netifd further reveals that there is a race between the hotplug
"@move" event and ioctl(SIOCGIFINDEX). When the above error happens, the
ioctl-call fails with ENODEV. Looking closer at the kernel code, it seems the
hotplug-event is triggered before the renaming is completed. The easiest way to
trigger the race, is if an interface name with the old name is not handled by
netifd and an interface with the new name is. If only the old name is handled,
or both names, I was not able to provoke the race.

When the renaming is complete, a NEWLINK-message is generated. This patch
modifies the logic surrounding renaming, so that we wait for the
NEWLINK-message before marking an interface as present. The changes made are:

* We only handle move-events for interfaces we know, and we return after
device has been set as not present.
* When we receive a NEWLINK message for an interface managed by netifd,
we call device_set_present. device_set_present is guarded by the same
checks as the add hotplug-event.

After these changes, renaming works properly on both "fast" and "slow"
devices. Removing a device is also handled correctly.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agointerface-ip: fix build on non-linux systems
Felix Fietkau [Thu, 4 Jun 2020 11:27:05 +0000 (13:27 +0200)]
interface-ip: fix build on non-linux systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agosystem-dummy: fix missing return
Felix Fietkau [Thu, 4 Jun 2020 11:26:46 +0000 (13:26 +0200)]
system-dummy: fix missing return

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 years agonetifd: wireless: add support for tracking wifi-station sections
John Crispin [Mon, 25 May 2020 09:49:19 +0000 (11:49 +0200)]
netifd: wireless: add support for tracking wifi-station sections

This new section allows us to assign mac specific key/vid settings to a
station.

Signed-off-by: John Crispin <john@phrozen.org>
4 years agonetifd: wireless: add support for tracking wifi-vlan sections
John Crispin [Mon, 25 May 2020 09:49:18 +0000 (11:49 +0200)]
netifd: wireless: add support for tracking wifi-vlan sections

This new section allows us to create apvlan settings for hostapd.

Signed-off-by: John Crispin <john@phrozen.org>
4 years agovlandev: support setting ingress/egress QoS mappings
Pau Espin Pedrol [Sun, 17 May 2020 18:39:44 +0000 (20:39 +0200)]
vlandev: support setting ingress/egress QoS mappings

It allows setting mappings for instance this way:
"""
config device
  option name 'vlan41'
  option type '8021q'
  option vid '41'
  option ifname 'eth1'
  list   ingress_qos_mapping '1:2'
  list   ingress_qos_mapping '2:5'
  list   egress_qos_mapping '0:3'
"""

Signed-off-by: Pau Espin Pedrol <pespin.shar@gmail.com>
Tested-by: Pedro <pedrowrt@cas.cat>
4 years agointerface, system: clean up netns functionality
Daniel Golle [Tue, 14 Apr 2020 11:51:47 +0000 (12:51 +0100)]
interface, system: clean up netns functionality

Use struct device pointer as parameter instead of bare ifname allows
for some simplication and again removing system_ifname_resolve()
function introduced in commit d93126d.

Fixes: d93126d ("interface: allow renaming interface when moving to jail netns")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agointerface: fix jail ifdown and jails without jail_ifname
Daniel Golle [Mon, 13 Apr 2020 23:36:29 +0000 (00:36 +0100)]
interface: fix jail ifdown and jails without jail_ifname

Fixes: d93126d ("interface: allow renaming interface when moving to jail netns")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agointerface: allow renaming interface when moving to jail netns
Daniel Golle [Mon, 13 Apr 2020 19:03:35 +0000 (20:03 +0100)]
interface: allow renaming interface when moving to jail netns

Introduce jail_ifname option to define the name of a Linux network
interface when moved into a jail's network namespace.
This is useful for containers which expect the network interface to
have a specific name (eg. 'host0' in case of systemd).
While at it, clean-up and fix bugs in jail interface up/down routines.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agointerface: allocate and free memory for jail name
Daniel Golle [Mon, 13 Apr 2020 15:24:25 +0000 (16:24 +0100)]
interface: allocate and free memory for jail name

Memory returned by blogmsg_get_string() is volatile, hence use strdup()
to have a permanent copy of the returned string and free it when no
longer needed.

Fixes: 1321c1b ("add basic support for jail network namespaces")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agosystem-linux: fix PATH_MAX undeclared compilation error
Alin Nastac [Fri, 27 Mar 2020 10:56:09 +0000 (11:56 +0100)]
system-linux: fix PATH_MAX undeclared compilation error

Issue was introduced in commit 1321c1bd8fe921986c4eb39c3783ddd827b79543.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
4 years agosystem-linux: fix compilation with musl 1.2.0
Rosen Penev [Wed, 25 Mar 2020 23:11:40 +0000 (16:11 -0700)]
system-linux: fix compilation with musl 1.2.0

Switched to the plain function instead of the now gone syscall.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years agointerface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel
Alin Nastac [Wed, 5 Feb 2020 13:36:33 +0000 (14:36 +0100)]
interface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel

When netifd manages the prefix route directly, it will remove it
the moment prefix gets deprecated. This will make it impossible
for the target to send ICMPv6 errors back to LAN devices still
using the deprecated prefix, thus breaking the L-14 requirement
of RFC 7084.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
4 years agoadd basic support for jail network namespaces
Daniel Golle [Mon, 30 Dec 2019 12:57:47 +0000 (14:57 +0200)]
add basic support for jail network namespaces

Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).

Example /etc/config/network snippet:

config device 'veth0'
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'

config interface 'virt'
    option type 'bridge'
    list ifname 'vhost0'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

config interface 'virt0'
    option ifname 'virt0'
    option proto 'static'
    option ipaddr '10.0.0.2'
    option netmask '255.255.255.0'
    option gateway '10.0.0.1'
    option dns '10.0.0.1'
    option jail 'transmission'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agomove resolv.conf.auto to /tmp/resolv.conf.d/
Daniel Golle [Tue, 31 Dec 2019 23:27:38 +0000 (01:27 +0200)]
move resolv.conf.auto to /tmp/resolv.conf.d/

Using /tmp/resolv.conf.d/ has the advantage that we can mount-bind it.
Mount-bind'ing /tmp/resolv.conf.auto directly previously caused
problems as the file is being deleted/replaced at run-time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years agoRevert "interface: warn if ip6hint is truncated"
Jo-Philipp Wich [Wed, 4 Dec 2019 20:05:12 +0000 (21:05 +0100)]
Revert "interface: warn if ip6hint is truncated"

This reverts commit e45b1408284c05984b38a910a1f0a07d6c761397.

Reverting the commit as the submitters Signed-off-by has been mistakingly
added without the authors consent.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agointerface: warn if ip6hint is truncated
Uwe Kleine-König [Wed, 20 Nov 2019 18:11:31 +0000 (19:11 +0100)]
interface: warn if ip6hint is truncated

When for example a /60 is assigned to a network the last 4 bits of the
ip6hint are unused. Emit a warning if any of these unused bits is set as
it indicates that someone didn't understand how the hint is used. (As I
did earlier today resulting in spending some time understanding the
code.)

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agowireless: make reconf opt-in and allow serializing configuration
John Crispin [Fri, 25 Oct 2019 12:06:30 +0000 (14:06 +0200)]
wireless: make reconf opt-in and allow serializing configuration

Add option 'reconf' to make dynamic re-configuration opt-in.
Also add option 'serialize' to 'wifi-device' section and if set
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agowireless: add ubus method for reloading configuration
John Crispin [Fri, 25 Oct 2019 12:02:03 +0000 (14:02 +0200)]
wireless: add ubus method for reloading configuration

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agosystem-linux: fix resource leak
Hans Dedecker [Mon, 5 Aug 2019 20:05:36 +0000 (22:05 +0200)]
system-linux: fix resource leak

Fix cb leak in case invalid type is specified in system_if_clear_entries
Detected by Coverity in CID1431183

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agosystem-linux: Coverity fixes
Hans Dedecker [Sun, 21 Jul 2019 21:10:34 +0000 (23:10 +0200)]
system-linux: Coverity fixes

Fixes CID 122043014322261432807 and 1433508

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agonetifd: fix xfrm interface deletion and standardize netlink call
André Valentin [Fri, 14 Jun 2019 11:09:45 +0000 (13:09 +0200)]
netifd: fix xfrm interface deletion and standardize netlink call

-xfrm interfaces were deleted before
-use standard parameters for xfrm interface created

Signed-off-by: André Valentin <avalentin@marcant.net>
5 years agointerface-ip: fix possible null pointer dereference
Hans Dedecker [Thu, 13 Jun 2019 19:59:31 +0000 (21:59 +0200)]
interface-ip: fix possible null pointer dereference

Reported by Coverity in CID 1445749

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agosystem-linux: remove superfluous dev check
Hans Dedecker [Thu, 13 Jun 2019 19:48:00 +0000 (21:48 +0200)]
system-linux: remove superfluous dev check

No need to check if dev is NULL as device is always set when
system_neigh is called

Fixes issue reported by Coverity in CID 1445818

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agonetifd: add xfrm tunnel interface support
André Valentin [Sat, 8 Jun 2019 11:48:09 +0000 (13:48 +0200)]
netifd: add xfrm tunnel interface support

This adds support for xfrm interfaces. These interfaces can be used since
linux 4.19 for IPsec traffic, like VTI interface.
XFRM interfaces are less complicated compared to VTI because they need no IP
tunnel endpoints.

5 years agoiprule: fix missing ip rules after a reload (FS#2296)
Hans Dedecker [Mon, 27 May 2019 19:01:25 +0000 (21:01 +0200)]
iprule: fix missing ip rules after a reload (FS#2296)

Since commit 5cf79759a24e9bb2a6a3aef7c83d73efb9bf2df3 (iprule: rework
interface based rules to handle dynamic interfaces) the rule
comparison is broken and doesn't correctly recognize matching rules.
This in turn break the reloading as adding the "new" rule fails
because it already exists and it then delete the "old" rule.

The comparison is broken because it now include fields that are not
defining the rule itself, as well as some pointer to malloced strings.
To fix this we move back the offending fields in the iprule struct
before the 'flags' field and match the malloced strings separately.

Signed-off-by: Alban Bedel <albeu@free.fr>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface-ip: use ptp address as well to find local address target
Hans Dedecker [Fri, 17 May 2019 16:27:59 +0000 (18:27 +0200)]
interface-ip: use ptp address as well to find local address target

In case of tunnel over PPP(such as gretap over l2tp): tunnel interface
use PPP's peer address as remote address, netifd script will call
proto_add_host_dependency function, then netifd will search which device
can reach to the remote address. Before the patch, netifd don't consider
the PPP interface can reach to the remote address, so netifd will select
default route to remote address, it will lead to remote address unreachable.

Based on a patch by xiaofan <xfan1024@live.com>

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agotreewide: pass bool as second argument of blobmsg_check_attr
Hans Dedecker [Thu, 16 May 2019 20:09:36 +0000 (22:09 +0200)]
treewide: pass bool as second argument of blobmsg_check_attr

blobmsg_check_attr() takes as second argument a bool; fix it where needed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface-ip: fine tune IPv6 mtu warning
Hans Dedecker [Wed, 8 May 2019 19:33:05 +0000 (21:33 +0200)]
interface-ip: fine tune IPv6 mtu warning

Failing to set the IPv6 mtu is only a real issue if the mtu to be set is
smaller than the current mtu as in that case it would break IPv6 path mtu;
adapt the logic to generate the warning accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface: tidy ipv6 mtu warning
Kevin Darbyshire-Bryant [Tue, 7 May 2019 19:37:25 +0000 (20:37 +0100)]
interface: tidy ipv6 mtu warning

Add missing space to change from:

netifd: Failed to set IPv6 mtu to 1500on interface 'wg0'

to:

netifd: Failed to set IPv6 mtu to 1500 on interface 'wg0'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
5 years agosystem-linux: remove debug tracing
Hans Dedecker [Mon, 15 Apr 2019 21:13:51 +0000 (23:13 +0200)]
system-linux: remove debug tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface: add neighbor config support
meurisa [Fri, 12 Apr 2019 07:56:28 +0000 (09:56 +0200)]
interface: add neighbor config support

The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries

The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
 (can be 1 or 0)

Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface: fix "if-down" hotplug event handling
Martin Schiller [Fri, 12 Apr 2019 07:19:14 +0000 (09:19 +0200)]
interface: fix "if-down" hotplug event handling

commit a97297d83e42 ("interface: set interface in TEARDOWN state when checking link state")
broke the if-down hotplug event handling, as the iface->state is now IFS_TEARDOWN when
calling the mark_interface_down() function from the IFPEV_DOWN event.

Fixes: a97297d83e42 ("interface: set interface in TEARDOWN state when checking link state")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
5 years agoproto-shell: return error in case setup fails
Hans Dedecker [Mon, 1 Apr 2019 11:53:50 +0000 (13:53 +0200)]
proto-shell: return error in case setup fails

In case PROTO_CMD_SETUP cannot be handled due to an invalid state; return
-1 so the calling functions are aware the PROTO_CMD_SETUP has failed.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agointerface: set interface in TEARDOWN state when checking link state
Hans dedecker [Mon, 1 Apr 2019 08:34:26 +0000 (10:34 +0200)]
interface: set interface in TEARDOWN state when checking link state

When launching PROTO_CMD_TEARDOWN in interface_check_state() the interface
was set in IFS_DOWN state. In case an interface is now brought into IFS_SETUP
state in __interface_set_up() it will launch PROTO_CMD_SETUP trying to
bring the proto shell handler in S_SETUP state which will fail as the proto
shell handler is still in the S_TEARDOWN state.

Fix this by setting the interface in IFS_TEARDOWN state when the PROTO_CMD_TEARDOWN
event is launched which will prevent the interface being brought into IFS_SETUP state
as long as it's not in the IFS_DOWN state.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agonetifd: wireless: Add support for 802.11ad
Robert Marko [Wed, 13 Mar 2019 13:34:57 +0000 (14:34 +0100)]
netifd: wireless: Add support for 802.11ad

This simple patch adds 802.11ad to hwmode list so that netifd-wireless.sh does not otherwise overwrite it with the default hwmode=g

Signed-off-by: Robert Marko <robimarko@gmail.com>
5 years agonetifd: wireless: Add support for GCMP cipher
Robert Marko [Thu, 14 Mar 2019 10:03:16 +0000 (11:03 +0100)]
netifd: wireless: Add support for GCMP cipher

This patch will add support for using GCMP as cipher suite.
This is not a strong cipher but is only one supported by
wil6210 driver in order to have encrypted traffic.

Signed-off-by: Robert Marko <robimarko@gmail.com>
5 years agointerface-ip: fix delegate config update on reload (FS#2087)
Hans Dedecker [Wed, 13 Mar 2019 13:56:21 +0000 (14:56 +0100)]
interface-ip: fix delegate config update on reload (FS#2087)

Update the no_delegation parameter on a config reload; in case prefixes
are present update the prefix assignments as well according to the
no_delegation status

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agosystem-linux: handle hotplug event socket ENOBUFS errors
Alin Nastac [Thu, 31 Jan 2019 10:20:29 +0000 (11:20 +0100)]
system-linux: handle hotplug event socket ENOBUFS errors

Hotplug events are no longer handled after socket RX queue is
overrun. The issue has been fixed by:
  - setting SO_RCVBUF initially to 65535
  - doubling SO_RCVBUF value each time RX queue gets overrun

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
5 years agoproto: fix logic inversion in previous commit
Kevin Darbyshire-Bryant [Mon, 17 Dec 2018 18:26:11 +0000 (18:26 +0000)]
proto: fix logic inversion in previous commit

Rogue ! effectively disabled the ipv6 multicast check.  Fix cd089c52

Why is it always the simple changes that catch you out?

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
5 years agoproto: Support class-e addressing in netifd
Dave Taht [Sun, 9 Dec 2018 04:52:33 +0000 (04:52 +0000)]
proto: Support class-e addressing in netifd

Signed-off-by: Dave Taht <dave.taht@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
5 years agosystem-linux: get rid of SIOCSDEVPRIVATE
Hans Dedecker [Thu, 13 Dec 2018 15:13:06 +0000 (16:13 +0100)]
system-linux: get rid of SIOCSDEVPRIVATE

Use sysfs to configure the bridge settings stp/forward_delay/priority
ageing_time/hello_time and max_age as the SIOCDEVPRIVATE bridge ioctl
has no compat ioctl support which makes it impossible to set the above
mentioned bridge paramaters if the kernel is compiled in 64 bit mode
and user_space in 32 bit mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix return code of __interface_add()
Hans Dedecker [Mon, 26 Nov 2018 12:55:53 +0000 (13:55 +0100)]
interface: fix return code of __interface_add()

For dynamic interfaces don't return false if vlist_find returns NULL as
the calling function will try to free iface in case of an error which has
already been freed in interface_change_config()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetifd: fix resource leak on error in netifd_add_dynamic()
Hans Dedecker [Mon, 26 Nov 2018 08:59:52 +0000 (09:59 +0100)]
netifd: fix resource leak on error in netifd_add_dynamic()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoconfig: fix resource leaks on error in config_parse_interface()
Hans Dedecker [Mon, 26 Nov 2018 08:45:47 +0000 (09:45 +0100)]
config: fix resource leaks on error in config_parse_interface()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix memory leak on error in __interface_add()
Hans Dedecker [Mon, 26 Nov 2018 08:24:02 +0000 (09:24 +0100)]
interface: fix memory leak on error in __interface_add()

Detected by Coverity in cid 1441495

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: switch to C-code style comments
Hans Dedecker [Mon, 19 Nov 2018 08:59:05 +0000 (09:59 +0100)]
treewide: switch to C-code style comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: make some functions static
Hans Dedecker [Sat, 17 Nov 2018 17:41:16 +0000 (18:41 +0100)]
treewide: make some functions static

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix removal of dynamic interfaces
Hans Dedecker [Fri, 16 Nov 2018 15:25:41 +0000 (16:25 +0100)]
interface: fix removal of dynamic interfaces

Set config state to remove for dynamic interfaces in the following cases :
-interface is set as not available
-interface is set as down
-interface is set as having no link state
This will trigger an interface delete upon the next call of interface_handle_config_change

Before this change you could end up with lingering inactive dynamic
interfaces in case the aliased interface went down as before a dynamic
interface was only removed when set down via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: rework code to get rid of interface_set_dynamic
Hans Dedecker [Sun, 11 Nov 2018 20:15:56 +0000 (21:15 +0100)]
interface: rework code to get rid of interface_set_dynamic

Integrate dynamic interface creation code into interface_alloc and
__interface_add so we can get rid of interface_set_dynamic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: enable by default ignore encaplimit for grev6 tunnels
Hans Dedecker [Wed, 17 Oct 2018 07:35:11 +0000 (09:35 +0200)]
system-linux: enable by default ignore encaplimit for grev6 tunnels

Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs
support the destination option header containing the tunnel encapsulation
limit resulting into broken connectivity

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: fix a typo in gre tunnel data parsing logic
Hans Dedecker [Tue, 16 Oct 2018 14:16:49 +0000 (16:16 +0200)]
system-linux: fix a typo in gre tunnel data parsing logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agowireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)
Hauke Mehrtens [Tue, 9 Oct 2018 20:57:52 +0000 (22:57 +0200)]
wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agowireless: Add Opportunistic Wireless Encryption (OWE)
Hauke Mehrtens [Tue, 9 Oct 2018 20:57:13 +0000 (22:57 +0200)]
wireless: Add Opportunistic Wireless Encryption (OWE)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agowireless: Add Simultaneous Authentication of Equals (SAE)
Hauke Mehrtens [Thu, 4 Oct 2018 20:34:48 +0000 (22:34 +0200)]
wireless: Add Simultaneous Authentication of Equals (SAE)

This adds PSK3 / SAE support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoiprule: coding style fixes
Hans Dedecker [Mon, 1 Oct 2018 20:24:26 +0000 (22:24 +0200)]
iprule: coding style fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiprule: fix segfault (FS#1875)
Hans Dedecker [Mon, 1 Oct 2018 15:52:01 +0000 (17:52 +0200)]
iprule: fix segfault (FS#1875)

Fix segfault in generic_interface_cb by checking the
IPRULE_OUT/IPRULE_IN flags before doing the strcmp for the possible
configured out/in interface(s) of the ip rule.
Also don't copy the interface layer3 device as the layer 3 device is
not yet known when IFEV_CREATE event is launched.
The layer3 device will be known when the IFEV_UP event is processed in
rule_out_cb/rule_in_cb.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoscripts: fix previous commit
Jo-Philipp Wich [Wed, 19 Sep 2018 14:55:00 +0000 (16:55 +0200)]
scripts: fix previous commit

Actually change the glob pattern as described in the previous commit.

Fixes: 3c8ac1c ("netifd: fix wpa mixed mode matching")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agonetifd: fix wpa mixed mode matching
Rick Farina (Zero_Chaos) [Wed, 19 Sep 2018 14:43:42 +0000 (10:43 -0400)]
netifd: fix wpa mixed mode matching

Change wpa mixed mode matching to not accidently catch wep+mixed.

All documented cases have the character between {wpa,psk} and mixed as a
'-' but no need to break things which were working, so preserve the *
case.

Reported-by: "Rick Farina (Zero_Chaos)" <zerochaos@gentoo.org>
[Allow "psk-mixed" to be prefixed, to align with the *psk2* and *psk* cases,
 slightly reword subject and commit message.]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agosystem-linux: enable by default ignore encaplimit for ip6 tunnels
Hans Dedecker [Mon, 17 Sep 2018 19:41:16 +0000 (21:41 +0200)]
system-linux: enable by default ignore encaplimit for ip6 tunnels

Enable ignore encaplimit by default for ip6 tunnels as not all ISPs support
the destination option header containing the tunnel encapsulation limit
resulting into broken map/ds-lite connectivity.
Setting the ignore encaplimit flag by default is a more sane setting as it
avoids user configuation of the encaplimit uci option for ds-lite/map tunnels
in case of broken connectivity.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoCMakeList: Check that compiler supports -Wimplicit-fallthrough
Florian Fainelli [Wed, 12 Sep 2018 00:14:19 +0000 (17:14 -0700)]
CMakeList: Check that compiler supports -Wimplicit-fallthrough

This is a GCC >= 7 feature, not all compilers support it.

Fixes: 908a9f4f1027 ("CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
6 years agointerface: let interface_set_down() return void
Hans Dedecker [Mon, 20 Aug 2018 12:28:00 +0000 (14:28 +0200)]
interface: let interface_set_down() return void

Let interface_set_down() return void as no usefull error code
is returned by __interface_set_down()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: make __interface_set_down() static
Hans Dedecker [Mon, 20 Aug 2018 12:21:06 +0000 (14:21 +0200)]
interface: make __interface_set_down() static

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: extend interface error messages in interface_set_up()
Hans Dedecker [Mon, 20 Aug 2018 11:53:17 +0000 (13:53 +0200)]
interface: extend interface error messages in interface_set_up()

Don't return an error code in interface_set_up as it's ignored anyway by the
calling functions; but rather add more interface error messages so the actual
problem is visible for the user by doing ifstatus <interface>

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>