Felix Fietkau [Tue, 24 Aug 2021 15:16:05 +0000 (17:16 +0200)]
bridge: tune default stp parameters
The default forwarding delay 2 is broken and makes STP non-functional by
default. The kernel's default of 15 is rather long.
This commit changes makes the timer settings more aggressive than the
kernel's default while still being consistent and allowing proper
convergence for a network diameter up to 4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 22 Aug 2021 06:00:18 +0000 (08:00 +0200)]
bridge: add support for an external STP daemon
netifd notifies the stp daemon through the network.device object and sends
STP related configuration parameters. The daemon can also trigger a STP
restart in order to close the race on init
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 24 Aug 2021 10:58:35 +0000 (12:58 +0200)]
bridge: memset bst->config by default to avoid stale config values
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 2 Aug 2021 20:48:44 +0000 (22:48 +0200)]
device: add support for configuring device link speed/duplex
The 'speed' option can be set to the speed in Mbps
The 'duplex' option can be 1 or 0 for full or half duplex
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Jul 2021 18:06:14 +0000 (20:06 +0200)]
device: extend device settings flags to 64 bit
The previous 32 bit limit is almost used up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 26 Jul 2021 18:39:17 +0000 (20:39 +0200)]
bridge: fix regression in bringing up bridge ports
Move the DEV_EVENT_LINK_UP case to avoid messing with a fallthrough
Only restart members if the vlan check returns a positive result
Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 23 Jul 2021 09:37:57 +0000 (11:37 +0200)]
wireless: add back regular virtual interfaces on hotplug-add events as well
When hostapd does a DFS channel switch, it tears down all vifs except for the
primary one, which causes them got get dropped from the device configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 23 Jul 2021 09:04:45 +0000 (11:04 +0200)]
bridge: check bridge port vlan membership on link-up events
When changing to a dfs channel, hostapd can bring down wlan interfaces and
reset their bridge membership. If that happens, the port loses its vlan
membership settings and needs to be reconfigured by netifd.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 14 Jul 2021 13:22:09 +0000 (15:22 +0200)]
vlan: fix device vlan alias handling
A recent commit changed the vlan chain handling to not treat devices with
non-digit characters after "." as vlan devices. This broke aliases, which
rely on names after the "." component.
Fix dealing with both cases by first trying to set up a vlan regardless
of the non-digit characters, but for the first component allow falling back
to treating the first two parts as a full device name
Fixes: 013a1171e9b0 ("device: do not treat devices with non-digit characters after . as vlan devices")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 13 Jul 2021 05:53:40 +0000 (07:53 +0200)]
bridge: fix hotplug vlan overwrite on big-endian systems
The avl key type for bridge vlans is uint16_t, so any lookup with a wider
type is going to fail on big-endian systems
This resulted in hotplug-added devices replacing configured member ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 23 Jun 2021 08:01:41 +0000 (10:01 +0200)]
bridge: bring up pre-existing vlans on hotplug as well
When adding a member to an existing VLAN, it needs to be updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 22 Jun 2021 14:56:39 +0000 (16:56 +0200)]
bridge: fix enabling hotplug-added VLANs on the bridge port
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 19 Jun 2021 06:36:06 +0000 (08:36 +0200)]
wireless: handle WDS per-sta devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 19 Jun 2021 06:55:10 +0000 (08:55 +0200)]
device: do not treat devices with non-digit characters after . as vlan devices
Fixes corner cases related to AP WDS station interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 19 Jun 2021 07:08:17 +0000 (09:08 +0200)]
examples: make dummy wireless vif names shorter
avoids running into ifname size limits
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 19 Jun 2021 06:19:02 +0000 (08:19 +0200)]
ubus: add a dummy mode ubus call to simulate hotplug events
Can be used to test the device hotplug handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 19 Jun 2021 06:11:21 +0000 (08:11 +0200)]
device: move hotplug handling logic from system-linux.c to device.c
Preparation for dealing with wifi per-station devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 17 Jun 2021 08:39:26 +0000 (10:39 +0200)]
bridge: fix setting pvid for updated vlans
defer adding back changed vlans until config processing is done
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Alexander Couzens [Thu, 7 Jan 2021 01:59:33 +0000 (02:59 +0100)]
wireless: add some comments to functions
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Felix Fietkau [Fri, 4 Jun 2021 07:05:31 +0000 (09:05 +0200)]
bridge: allow adding/removing VLANs to configured member ports via hotplug
This is useful for a dynamic VLAN setup, where extra tags need to be created
on the trunking port on demand
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Jun 2021 06:41:34 +0000 (08:41 +0200)]
wireless: pass the real network ifname to the setup script
If the network ifname is a VLAN on top of a VLAN-filtering bridge, hostapd
needs to know the VLAN ifname to communicate with other APs, if 802.11r is enabled.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 2 Jun 2021 16:23:40 +0000 (18:23 +0200)]
bridge: fix dynamic delete of hotplug vlans
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 2 Jun 2021 15:59:03 +0000 (17:59 +0200)]
bridge: dynamically create vlans for hotplug members
This makes it possible to use dynamic tags without changing the configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rafał Miłecki [Tue, 25 May 2021 15:17:26 +0000 (17:17 +0200)]
interface: support "device" attribute and deprecate "ifname"
Interfaces need to be assigned to devices. For that purpose a "device"
option should be more accurate than "ifname" one.
For backward compatibility old option remains supported too.
Config example:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Felix Fietkau [Mon, 24 May 2021 10:37:55 +0000 (12:37 +0200)]
scripts/netifd-wireless.sh: add support for specifying the operating band
Add the new 'band' option, which supports the following values: 2g, 5g, 6g, 60g
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 20 May 2021 08:57:52 +0000 (10:57 +0200)]
config: fix ifname->ports compat rename
Instead of looking it up as a string, use uci_rename.
That way it works both on list and string options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rafał Miłecki [Fri, 14 May 2021 13:20:28 +0000 (15:20 +0200)]
bridge: rename "ifname" attribute to "ports"
Bridge aggregates multiple ports so use a more accurate name ("ports").
For backward compatibility add a temporary config translation.
Config example:
config interface 'lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Felix Fietkau [Tue, 18 May 2021 04:20:00 +0000 (06:20 +0200)]
wireless: fix memory corruption bug when using vlans/station entries in the config
On config reload, any vif entries in the config added to the vlist will be
matched against existing ones, and the old entries preserved.
This means that the vif pointer is no longer valid after vlist_add.
Look up the vif again before using it for vlan/station entries.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 17 May 2021 09:20:09 +0000 (11:20 +0200)]
device: add support for configuring devices with external auth handler
This can be used to support 802.1x on wired devices.
In order to use this, the device section for each port needing authentication
needs to contain the option auth 1
When set, this option prevents devices from being added to bridges or configured
with IP settings by default, until the set_state ubus call on network.device
sets "auth_status" to true for the device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 16 May 2021 16:06:48 +0000 (18:06 +0200)]
extdev: remove unused function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 16 May 2021 16:04:18 +0000 (18:04 +0200)]
fix unannotated fall-through warnings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Florian Eckert [Tue, 24 Nov 2020 07:18:00 +0000 (08:18 +0100)]
netifd: add possibility to switch off route config
This change adds the new configuration option `disabled` for the route
section, which can be used to temporarily disable the section so that
the route is not set. The advantage is that we do not have to delete
this route configuration section to achieve this.
config route
option disabled '1
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Zheng Qian [Tue, 2 Mar 2021 01:36:51 +0000 (09:36 +0800)]
netifd: bridge: set default value for igmp_snoop
When unchecked the igmp snoop option for a bridge by luci, it
just delete the igmp_snooping key from the config file.
So netifd can't change /sys/devices/virtual/net/br-lan/bridge/multicast_snooping from "1" to "0".
Option multicast_querier seems no input entry in luci, but it's
an related option.
This patch will set a default value to false for the bridge
option to fix this bug.
Signed-off-by: Zheng Qian <sotux82@gmail.com>
Daniel Golle [Sat, 12 Dec 2020 21:13:24 +0000 (21:13 +0000)]
system-linux: add device options used by wpad
Add device options used by wpad in preparation of running hostapd and
wpa_supplicant non-root (and hence those options will need to be taken
care of by netifd as sysctl is root-only):
* drop_v4_unicast_in_l2_multicast
* drop_v6_unicast_in_l2_multicast
* drop_gratuitous_arp
* drop_unsolicited_na
* arp_accept
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 12 Dec 2020 17:16:11 +0000 (17:16 +0000)]
system-linux: reorder sysctl functions
Move system_set_sendredirects up to the other non-bridge-related sysctl
functions.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Arne Kappen [Wed, 9 Dec 2020 15:01:24 +0000 (16:01 +0100)]
extdev: add support for external device handlers
This allows to integrate external daemons that configure network devices with
netifd. At startup, netifd generates device handler stubs from descriptions in
/lib/netifd/extdev-config via the mechanism in handler.c. These are then added
to the list of device handlers. Device handlers stubs act as relays forwarding
calls against the device handler interface to the external daemon.
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
Arne Kappen [Wed, 9 Dec 2020 15:01:23 +0000 (16:01 +0100)]
handler: add mechanism to generate external device handler stubs
Parse JSON files in a given directory and pass the information on to a callback
function for creation of an external device handler stub.
The description contains:
- 'name': the name of the device type,
- 'ubus_name': the name of the external device handler daemon on ubus,
- 'bridge': a flag indicating whether the devices are bridge-like,
- optionally 'br_prefix': a prefix for created devices
(only for bridge-like, defaults to type name),
- 'config': the UCI config options for devices of this type, and
- optionally 'info' and 'stats': the format of calls to info() and dump().
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
Arne Kappen [Wed, 9 Dec 2020 15:01:22 +0000 (16:01 +0100)]
device: remove left-over comment
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
Hans Dedecker [Sat, 9 Jan 2021 20:18:45 +0000 (21:18 +0100)]
interface-ip: add unreachable route if address is offlink
In order to avoid a routing loop add an unreachable route for the
address prefix is the offlink flag is set for an address.
This fixes a routing loop which is currently present on point-to-point
links (e.g PPP) when the wan interface is assigned a globally unique
prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked
and installed on the wan interface
(e.g. 2001:db8:1:0:5054:ff:feab:d87c/64)
The prefix route 2001:db8:1::/64 would be present in the routing table
which will route any packet with as destination 2001:db8:1::/64 to the wan
interface and would be routed back by the upstream router due to the
wan interface due to the assigned global unique prefix.
Besides not installing the prefix route 2001:db8:1::/64 on point-to-point links
adding an unreachable route is required to avoid the routing loop.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Sat, 9 Jan 2021 20:12:05 +0000 (21:12 +0100)]
interface-ip: coding style fixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Daniel Golle [Tue, 5 Jan 2021 01:11:21 +0000 (01:11 +0000)]
netifd: wireless: default to GCMP WPA cipher on 802.11ad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Mon, 28 Dec 2020 13:42:30 +0000 (14:42 +0100)]
wireless: add support for not killing processes on teardown
When using a global hostapd/wpa_supplicant instance, it should not be killed
if a single radio is torn down
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 14 Dec 2020 11:59:32 +0000 (12:59 +0100)]
netifd: fix a typo in vlandev hotplug support
Need to check the type of the vlan device, not the underlying device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Nick Hainke [Sat, 12 Dec 2020 20:50:53 +0000 (21:50 +0100)]
netifd: add segment routing support
seg6_enabled - Bool
Accept or drop SR-enabled IPv6 packets on this interface.
More Information:
https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html
Now you can set as interface option
option ip6segmentrouting '1'
It is not enough to turn on "seg6_enabled" on the interface. Further,
we have to enable "/all/seg6_enabled". This means that a working config
is "interface + all".
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [style fixes]
Felix Fietkau [Mon, 30 Nov 2020 11:34:13 +0000 (12:34 +0100)]
config: parse default mac address from board.json
Example:
{
"network-device": {
"eth0": {
"macaddr": "bc:a5:11:16:76:d7"
}
}
}
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 30 Nov 2020 11:08:32 +0000 (12:08 +0100)]
system-linux: move device settings handling to device.c
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 30 Nov 2020 10:52:22 +0000 (11:52 +0100)]
system-linux: simplify mask check in system_if_apply_settings
Mask flags against apply_mask only once instead of once per field
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 30 Nov 2020 09:55:05 +0000 (10:55 +0100)]
system-dummy: print configured mac address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 26 Nov 2020 09:23:01 +0000 (10:23 +0100)]
vlandev: support bridge-vlan aliases in the vid config parameter
This can be used to generate default network configurations that define
the lan/wan interfaces as vlandevs with custom names and specify the actual
VLAN ID only in the bridge-vlan section without repeating it elsewhere
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 26 Nov 2020 09:20:11 +0000 (10:20 +0100)]
vlandev: dump vlan id in device status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 23 Nov 2020 11:42:36 +0000 (12:42 +0100)]
system-linux: add retry for adding member devices to a bridge
When netifd tries to add bridge members brought up by hostapd asynchronously
(e.g. after an autochannel run), the first try often fails with EBUSY or
EAGAIN, since it's racing against hostapd's own setup.
Add retry logic, which includes checking if the device was added to the
bridge in the meantime to deal with this issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 23 Nov 2020 11:11:42 +0000 (12:11 +0100)]
system-linux: implement full device present state management for force-external devices
We need to detect when devices are present, because they can be created
asynchronously by hostapd after they have already been added by the wifi
setup script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 20 Nov 2020 17:58:10 +0000 (18:58 +0100)]
bridge-vlan: add support for defining aliases for vlan ids
When defining a bridge-vlan like this:
config bridge-vlan
option device 'switch0'
option vlan '1'
option ports 'lan1 lan2 lan3 lan4'
option alias 'lan'
You can use switch0.lan instead of switch0.1 to refer to the VLAN.
This ensures that the VLAN ID can be kept in a single place in the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 20 Nov 2020 12:49:00 +0000 (13:49 +0100)]
interface: do not force link-ext hotplug interfaces to present by default
On wireless interfaces, hostapd can sometimes defer the bringup of secondary
virtual interfaces until autochannel or coex scan completes.
Do not force the present state in that case in order to avoid attempting
to bring up the device before it is ready
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 18 Nov 2020 14:15:01 +0000 (15:15 +0100)]
config: initialize bridge and bridge vlans before other devices
This allows vlan devices to access bridge vlan data safely, regardless
of the order in which sections appear in the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 18 Nov 2020 12:38:17 +0000 (13:38 +0100)]
wireless: fix passing bridge name for vlan hotplug pass-through
When preparing the interface for hotplug add, pass the bridge
device back to the caller, since it may not match the original device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 13 Nov 2020 11:44:56 +0000 (12:44 +0100)]
system-linux: only overwrite dev->present state on check_state for simple devices
After settting config_pending for vlan devices, a check_state call from
device_init_pending was leading to the vlan device present state being
overwritten because the linux device didn't exist yet, even though the
vlan code had already indicated its present state based on the lower dev.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 5 Nov 2020 11:00:12 +0000 (12:00 +0100)]
bridge: only overwrite implicit vlan assignment if vlans are configured
When VLAN filtering is enabled, but no vlans are defined, the implicit
VLANs should stay, so that forwarding between ports still works.
This is useful for setups where VLANs are assigned by external scripts
instead of being configured via netifd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 5 Nov 2020 10:58:40 +0000 (11:58 +0100)]
system-dummy: set present state only for simple devices
Fixes an issue with bringing up VLANs/bridges too early
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 4 Nov 2020 15:20:14 +0000 (16:20 +0100)]
bridge: fix use-after-free bug on bridge member free
When removing the device reference, the core might free the device.
Use device_lock/unlock to keep the reference valid until it is no longer needed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 4 Nov 2020 11:19:20 +0000 (12:19 +0100)]
bridge: preserve hotplug ports on vlan update if config is unchanged
Fixes cleanup of port state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 28 Oct 2020 17:54:39 +0000 (18:54 +0100)]
bridge: show vlans in device status
List vlans with member ports, VLAN IDs and flags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 7 Aug 2020 12:33:33 +0000 (14:33 +0200)]
vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
Only used for 802.1q devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 7 Aug 2020 12:26:33 +0000 (14:26 +0200)]
vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 7 Aug 2020 12:19:06 +0000 (14:19 +0200)]
bridge: add support for defining port member vlans via hotplug ops
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Yousong Zhou [Tue, 20 Oct 2020 02:49:18 +0000 (10:49 +0800)]
interface: proto_ip: order by address index first
At the moment, dnsmasq initscript generates dhcp-range for an interface
by inspecting first address of that interface from netifd ubus output.
Order by address index as specified in the uci config makes netifd ubus
output consistent with linux network interfaces' primary/secondary
address settings. More importantly, the ubus output and dnsmasq config
generation will be more predictable.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Yousong Zhou [Wed, 21 Oct 2020 02:50:54 +0000 (10:50 +0800)]
device_addr: record address index as in the blob
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Yousong Zhou [Wed, 14 Oct 2020 06:37:13 +0000 (14:37 +0800)]
proto: rework parse_addr to return struct device_addr
This is a preparation for the next commit to record address index for
the returned device_addr struct
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Yousong Zhou [Wed, 14 Oct 2020 08:04:01 +0000 (16:04 +0800)]
build: find and use libnl header dirs
Name of the libnl .pc file is libnl-3.0.pc
This commit is mainly for testing netifd build on usual Linux systems.
netifd Makefile in current OpenWrt build system specifies custom cmake
flags to directly point to libnl-tiny
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Alin Nastac [Thu, 8 Oct 2020 11:31:37 +0000 (13:31 +0200)]
system-linux: initialize ifreq struct before using it
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Johannes Kimmel [Fri, 4 Sep 2020 02:59:43 +0000 (04:59 +0200)]
netifd: vxlan: add aging and maxaddress options
For both options the values can just be passed to the kernel. All
unsigned values are accepted, thus no range checking required.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Johannes Kimmel [Fri, 4 Sep 2020 02:59:42 +0000 (04:59 +0200)]
netifd: vxlan: add most missing boolean options
adds the folloing missing options:
- learning
- rsc
- proxy
- l2miss
- l3miss
- gbp
See ip-link(3) for their meaning.
still missing:
- external
- gpe
I'm not sure how to handle them at the moment. It's unclear to me what
IFLA_VXLAN_* value corresponds to the 'external' option and according to
the manpage, gpe depends on it.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Johannes Kimmel [Fri, 4 Sep 2020 02:59:41 +0000 (04:59 +0200)]
netifd: vxlan: refactor mapping of boolean attrs
Add a small function to handle boolean options and make use of it to handle:
- rxcsum
- txcsum
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Johannes Kimmel [Fri, 4 Sep 2020 02:59:40 +0000 (04:59 +0200)]
netifd: vxlan: handle srcport range
This adds adds the ability to set the source port range for vxlan
interfaces.
By default vxlans will use a random port within the ephermal range as
source ports for packets. This is done to aid scaleability within a
datacenter.
But with these defaults it's impossible to punch through NATs or
traverese most stateful firewalls easily. One solution is to fix the
srcport to the same as dstport.
If only srcportmin is specified, then srcportmax is set in a way that
outgoing packets will only use srcportmin.
If a range is to be specified, srcportmin and srcportmax have to be
specified. srcportmax is exclusive.
If only srcportmax is specified, the value is ignored and defaults are
used.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Daniel Golle [Tue, 8 Sep 2020 16:33:29 +0000 (17:33 +0100)]
netifd-wireless: parse 'osen' encryption
Support Hotspot 2.0 online signup with encryption, either as only
encryption type of a dedicated SSID or together with WPA-EAP for
single SSID setups.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hans Dedecker [Sun, 9 Aug 2020 20:46:54 +0000 (22:46 +0200)]
interface-ip: clear host bits of the device prefix
Clear the host bits of the device prefix in
interface_ip_add_device_prefix as interface_set_prefix_address just ORs
the calculated assignment part which would lead to an invalid IPv6
address if the host bits are not masked out
Suggested-by: Daniel Gröber <dxld@darkboxed.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Fri, 7 Aug 2020 10:07:53 +0000 (12:07 +0200)]
bridge: flush vlan list on bridge free
Fixes a potential memory leak
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 27 Jul 2020 11:27:52 +0000 (13:27 +0200)]
device: look up full device name before traversing vlan chain
The user may have configured a VLAN device with explicit settings and the same
name by adding a config device section
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 18 Jul 2020 10:01:23 +0000 (12:01 +0200)]
config: enable bridge vlan filtering by default for bridges that define VLANs
Only enables it if the config option is not present. It can still be disabled.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 15 Jul 2020 15:18:20 +0000 (17:18 +0200)]
bridge: add support for VLAN filtering
VLANs can be defined using bridge-vlan sections, like the following example:
config bridge-vlan
option device 'switch0'
option vlan '1'
option ports "lan1 lan2 lan3 lan4:t*"
Each member port can be confgured with optional attributes after ':'
- t: member port is tagged
- *: This is the primary VLAN for the port (PVID)
VLAN member interfaces are automatically added as bridge members
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Sun, 12 Jul 2020 16:50:19 +0000 (18:50 +0200)]
bridge: add support for adding vlans to a bridge
Add a rtnl helper for adding vlans to a bridge interface.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Sun, 12 Jul 2020 16:50:18 +0000 (18:50 +0200)]
bridge: add support for turning on vlan_filtering
If we want a bridge to be vlan aware we need to be able to turn on
filtering.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 18 Jul 2020 14:03:18 +0000 (16:03 +0200)]
system-dummy: fix resolving ifindex
Fixes bringup of devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 18 Jul 2020 12:58:15 +0000 (14:58 +0200)]
device: do not check state from within device_init
At this point the device is usually not fully set up yet and cannot handle
state changes / bringup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 18 Jul 2020 12:26:07 +0000 (14:26 +0200)]
vlan: initialize device ifname earlier at creation time
Avoids attempting to add the device with an empty string as ifname
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Karel Kočí [Thu, 2 Jul 2020 10:49:56 +0000 (12:49 +0200)]
utils: fix check_pid_path to work with deleted file as well
check_pid_patch is checking if process with given PID and executable
path is running. If this code fails the rest of the code can be
convinced that program is no longer running and possibly spawns new
instance that can collide with already running one. This behavior was
reproduced with hostapd.
Symbolic link exe in process subdirectory in /proc points to original
executable. The problem is that it reads as original path plus string
' (deleted)' if file is removed. The process is still running but
original file is no longer available on files system.
This behavior is triggered not only when file is removed (unlinked) but
also when file is replaced. This happens clearly on package update. In
general this happens any time all references (hard links) to file are
removed from file system.
This is not ultimate fix as exe link points to any last reference on
file system with preference for original one. The problem is if there
are multiple references and the original one is removed. This can be
reproduced just by copying executable (hard linking) and unlinking the
original one. In such case exe link would point to copy and not to
original deleted one.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Kristian Evensen [Wed, 11 Mar 2020 13:13:10 +0000 (14:13 +0100)]
system-linux: improve handling of device rename
After an interface has been renamed on a "fast" device (for example
x86_64), the interface is sometimes not handled correctly by netifd.
Looking in the logs, I see the following messages when renaming fails:
Wed Mar 11 08:52:44 2020 kern.info kernel: [68383.522038] igb 0000:03:00.0 nlw_1: renamed from eth2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: __device_add_user(710): Add user for device 'nlw_1', refcount=2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(413): Claim Network device nlw_1, new active count: 2
Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(432): claim Network device nlw_1 failed: -1
Instrumenting netifd further reveals that there is a race between the hotplug
"@move" event and ioctl(SIOCGIFINDEX). When the above error happens, the
ioctl-call fails with ENODEV. Looking closer at the kernel code, it seems the
hotplug-event is triggered before the renaming is completed. The easiest way to
trigger the race, is if an interface name with the old name is not handled by
netifd and an interface with the new name is. If only the old name is handled,
or both names, I was not able to provoke the race.
When the renaming is complete, a NEWLINK-message is generated. This patch
modifies the logic surrounding renaming, so that we wait for the
NEWLINK-message before marking an interface as present. The changes made are:
* We only handle move-events for interfaces we know, and we return after
device has been set as not present.
* When we receive a NEWLINK message for an interface managed by netifd,
we call device_set_present. device_set_present is guarded by the same
checks as the add hotplug-event.
After these changes, renaming works properly on both "fast" and "slow"
devices. Removing a device is also handled correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Thu, 4 Jun 2020 11:27:05 +0000 (13:27 +0200)]
interface-ip: fix build on non-linux systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 4 Jun 2020 11:26:46 +0000 (13:26 +0200)]
system-dummy: fix missing return
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Mon, 25 May 2020 09:49:19 +0000 (11:49 +0200)]
netifd: wireless: add support for tracking wifi-station sections
This new section allows us to assign mac specific key/vid settings to a
station.
Signed-off-by: John Crispin <john@phrozen.org>
John Crispin [Mon, 25 May 2020 09:49:18 +0000 (11:49 +0200)]
netifd: wireless: add support for tracking wifi-vlan sections
This new section allows us to create apvlan settings for hostapd.
Signed-off-by: John Crispin <john@phrozen.org>
Pau Espin Pedrol [Sun, 17 May 2020 18:39:44 +0000 (20:39 +0200)]
vlandev: support setting ingress/egress QoS mappings
It allows setting mappings for instance this way:
"""
config device
option name 'vlan41'
option type '8021q'
option vid '41'
option ifname 'eth1'
list ingress_qos_mapping '1:2'
list ingress_qos_mapping '2:5'
list egress_qos_mapping '0:3'
"""
Signed-off-by: Pau Espin Pedrol <pespin.shar@gmail.com>
Tested-by: Pedro <pedrowrt@cas.cat>
Daniel Golle [Tue, 14 Apr 2020 11:51:47 +0000 (12:51 +0100)]
interface, system: clean up netns functionality
Use struct device pointer as parameter instead of bare ifname allows
for some simplication and again removing system_ifname_resolve()
function introduced in commit
d93126d.
Fixes: d93126d ("interface: allow renaming interface when moving to jail netns")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 13 Apr 2020 23:36:29 +0000 (00:36 +0100)]
interface: fix jail ifdown and jails without jail_ifname
Fixes: d93126d ("interface: allow renaming interface when moving to jail netns")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 13 Apr 2020 19:03:35 +0000 (20:03 +0100)]
interface: allow renaming interface when moving to jail netns
Introduce jail_ifname option to define the name of a Linux network
interface when moved into a jail's network namespace.
This is useful for containers which expect the network interface to
have a specific name (eg. 'host0' in case of systemd).
While at it, clean-up and fix bugs in jail interface up/down routines.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 13 Apr 2020 15:24:25 +0000 (16:24 +0100)]
interface: allocate and free memory for jail name
Memory returned by blogmsg_get_string() is volatile, hence use strdup()
to have a permanent copy of the returned string and free it when no
longer needed.
Fixes: 1321c1b ("add basic support for jail network namespaces")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Alin Nastac [Fri, 27 Mar 2020 10:56:09 +0000 (11:56 +0100)]
system-linux: fix PATH_MAX undeclared compilation error
Issue was introduced in commit
1321c1bd8fe921986c4eb39c3783ddd827b79543.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Rosen Penev [Wed, 25 Mar 2020 23:11:40 +0000 (16:11 -0700)]
system-linux: fix compilation with musl 1.2.0
Switched to the plain function instead of the now gone syscall.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Alin Nastac [Wed, 5 Feb 2020 13:36:33 +0000 (14:36 +0100)]
interface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel
When netifd manages the prefix route directly, it will remove it
the moment prefix gets deprecated. This will make it impossible
for the target to send ICMPv6 errors back to LAN devices still
using the deprecated prefix, thus breaking the L-14 requirement
of RFC 7084.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Daniel Golle [Mon, 30 Dec 2019 12:57:47 +0000 (14:57 +0200)]
add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>