Felix Fietkau [Tue, 22 Nov 2016 09:43:25 +0000 (10:43 +0100)]
bridge: fix MAC address override on config reload
When no MAC address option is given, the MAC address of
bst->primary_port is used to override the bridge device address.
When the config changes and a new MAC address is provided in the config,
bridge_reset_primary needs to stop overriding it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 4 Nov 2016 12:20:46 +0000 (13:20 +0100)]
system-linux: cosmetic cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Günther Kelleter [Thu, 3 Nov 2016 12:40:53 +0000 (13:40 +0100)]
system-linux: check for open failure
Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
Hans Dedecker [Wed, 2 Nov 2016 08:22:10 +0000 (09:22 +0100)]
interface: Fix triggering of interface update event
In case the keep flag is set in proto_shell_update_link no interface
update event is triggered when IPv4/6 addresses/routes/... are updated
as the proto_event callback is not called due to keep being set.
Unconditionally call the proto_event callback handler in proto_shell_update_link
but let the proto_event callback handler; in this case interface_proto_event_cb,
decide which actions need to be taken dependant on the interface state.
In case the interface is already in the up state trigger an update event
only if the interface updated flag actually indicates either an IP address/
route/data change; before interface update events were actually sent wihtout
any parameter change.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 25 Oct 2016 09:08:34 +0000 (11:08 +0200)]
wireless: Call wireless_interface_handle_link before deleting the vif
Similar as when updating a vif; call wireless_interface_handle_link removing the vif from
the network when deleting a vif
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 25 Oct 2016 09:08:33 +0000 (11:08 +0200)]
bridge: Don't use device name as bridge member name
The bridge name is a copy of the device name; but the device name can
change which is the case when an aliased interface is used as bridge member.
This will result into unwanted side effects like bridge reload triggering
a topology change effect after doing network reload; therefore use the
configured ifname as fixed bridge member name.
Also don't display bridge member devices which are hidden
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Marcin Jurkowski [Wed, 26 Oct 2016 01:04:01 +0000 (03:04 +0200)]
proto-shell: add helpers for generic options in proto handlers
Adding helpers for virtual interfaces generic options in ncm, qmi, mbim
and directip protocols as suggested by Felix in
https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Felix Fietkau [Wed, 28 Sep 2016 07:55:07 +0000 (09:55 +0200)]
device: ignore MTU values below minimum
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hans Dedecker [Fri, 23 Sep 2016 13:08:23 +0000 (15:08 +0200)]
device: Drop device down event during device release if device gets active again
Fixes a race condition as the device can be active again; due to a device_claim; by the logic
behind the set_state device type function. In this case the down event cannot be sent anymore
as it would bring down the interface(s) referencing the device.
This can be the case for an aliased device when the underlying device is switched during a reload;
the alias_set_device function can add a new dependency on the new active device which will put the
aliased device in active mode again as the aliased device is already claimed by the interface
using it.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:22 +0000 (15:08 +0200)]
vlandev: Rework 8021ad/8021q detection based on vlandevice type
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:21 +0000 (15:08 +0200)]
vlandev: Register 8021ad and 8021q s device types
Fixes creation of vlan 8021ad/8021q devices by UCI due to device handlers rework
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:20 +0000 (15:08 +0200)]
tunnel: Use tunnel as device type name
Fixes creation of tunnel devices by UCI due to device handlers rework
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:19 +0000 (15:08 +0200)]
macvlan: Use macvlan as device type name
Fixes creation of macvlan devices by UCI due to device handlers rework
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:18 +0000 (15:08 +0200)]
bridge: Make bridge_device_type static
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Fri, 23 Sep 2016 13:08:17 +0000 (15:08 +0200)]
device: Move the different device type registrations to the device type file
While at it; make device_types static if only used in the device type file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 13 Sep 2016 12:33:40 +0000 (14:33 +0200)]
interface-event: Don't dequeue hotplug event in case of interface reload event
Dropping hotplug event in case of interface reload results into hotplug scripts
not being being run for the interface and thus external actors not being informed
about the actual state of the interface.
This is clearly visible if the interface auto parameter is set to disabled for
multiple interfaces resulting into no hotplug down event for all interfaces.
Therefore don't flush the interface hotplug queue in case an interface reload
event is observed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 13 Sep 2016 12:33:39 +0000 (14:33 +0200)]
interface-ip: DNS name server sorting support in resolv.conf.auto
Interface name servers when being written to resolv.conf.auto are sorted
based on the following parameters:
-Primary sorting key is interface dns_metric; name servers having lowest
interface dns_metric are listed first
-Secondary sorting key is interface metric; in case of equal interface
dns_metric name servers having lowest interface metric are listed first
-Finally alphabetical order of the interface names in case of equal
interface dns_metric and metric
In case the resolver queries the multiple servers in the order
listed; sorting is usefull in the following scenarios :
-Name resolving over a main and backup interface
-Assign priority to IPv6 name servers over IPv4 or vice versa
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 13 Sep 2016 12:33:38 +0000 (14:33 +0200)]
bridge: Allow setting multicast_fast_leave_option
Setting the multicast_fast_leave option of a bridge allows to control
the forwarding of multicast traffic when an IGMP/MLD leave is received.
In case multicast_leave_option is enabled and a leave is received the
multicast membership will immediately be dropped on the bridge port while
in the other case the multicast membership will time out in the bridge.
This could be usefull in scenarios where explicit multicast membership
host tracking is not supported in the upstream network. In this case the
multicast stream is still flowing after a leave is received resulting into
possible bandwidth saturation on the lan if a new stream is joined as
multiple multicast streams are received.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Arne Kappen [Thu, 18 Aug 2016 09:35:29 +0000 (11:35 +0200)]
device: add device handler list
Device handlers now also declare if they have bridge capabilities and include
a string to prefix device names for their types.
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup/fixes]
Arne Kappen [Thu, 18 Aug 2016 09:35:28 +0000 (11:35 +0200)]
device: prepare for adding device handlers dynamically
- remove const from device handler struct
- pass device handler type to create function
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
Eduardo Abinader [Thu, 25 Aug 2016 09:13:13 +0000 (11:13 +0200)]
wireless: remove config_autostart
just a cleanup for an unused member.
Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
Eduardo Abinader [Wed, 24 Aug 2016 10:15:21 +0000 (12:15 +0200)]
wireless: add retry_setup_failed to status notification
As autostart is now more aligned to user intention of automatic
starting the wdev, to add retry_setup_failed to status msg may be of a help
for current stating how setup is proceeding.
Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
Eduardo Abinader [Fri, 12 Aug 2016 06:51:58 +0000 (08:51 +0200)]
netifd: track when wdev setup fails
When netifd failed to load a valid configuration, after an invalid one,
it was not possible to setup the wireless device. This patch
aims to track this situation and behave acordingly, by keeping
track of failed setup without affecting autostart behavior. Also
block the restart of the wdev, when not applied.
Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 11 Aug 2016 17:36:09 +0000 (19:36 +0200)]
Prevent premature device free in interface_claim_device
interface_set_device_config can trigger a device free (for example
if the device is here only present in a bridge), which renders dev
invalid and leads to segfault. Add a lock to prevent this and
clean-up the code for readability.
Signed-off-by: Gino Peeters <peeters.gino@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hans Dedecker [Thu, 11 Aug 2016 13:53:29 +0000 (15:53 +0200)]
utils: Move IP address validation to parse_addr function
Commit
7a51f23e adds IP address validation in the function parse_ip_and_netmask;
however the added check is too restrictive as the function is used on several places
resulting into the problem multicast routes cannot be added anymore via UCI.
Therefore move the IP host address validation to the function parse_addr so
experimantal/multicast addresses cannot be added as a host IP address while
multicast routes can be added again.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 11 Aug 2016 13:53:27 +0000 (15:53 +0200)]
proto: Display proto flags when dumping the protocol handlers in ubus
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 11 Aug 2016 13:53:26 +0000 (15:53 +0200)]
proto-shell: Model config parameter "no-proto-task" as a proto flag
Export the config parameter "no-proto-task" as a proto flag so it's available for other
other netifd modules
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 11 Aug 2016 13:53:25 +0000 (15:53 +0200)]
proto-shell: Support teardown on layer 3 link loss
Commit
c6858766 added interface teardown support on layer 3 device link loss
mainly for shell protocols who have no proto task like xl2tp. However for
shell protocols having a proto task it is not always the correct action to
teardown the interface; as an example the PPP daemon can be put into
persist state trying to re-establish the link via a hold-off mechanism
if layer 3 link loss is detected.
Therefore shell handlers can enable via TEARDOWN_ON_L3_LINK_DOWN a proto
flag which will teardown the interface when layer 3 link loss is detected
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Fri, 29 Jul 2016 17:47:32 +0000 (19:47 +0200)]
interface: do not process hotplug events for link up event
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 29 Jul 2016 14:12:17 +0000 (16:12 +0200)]
interface: report link up events for force_link interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hans Dedecker [Wed, 29 Jun 2016 12:02:18 +0000 (14:02 +0200)]
alias: Set alias link device status to disabled when device is removed
Fixes missing link state event propagation for an aliased device in case a new device is added
as the link state has the last known status of the old device possible resulting into
no link state change detection.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Hans Dedecker [Mon, 6 Jun 2016 12:58:33 +0000 (14:58 +0200)]
system-linux: Replace device_get by device_find where appropriate
Replace device_get by device_find so it's clear a device needs to be found present
in the device list.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 6 Jun 2016 12:58:32 +0000 (14:58 +0200)]
device: Fix dotted vlan interface staying down
Using the config below a dotted vlan interface stays down as get_vlan_device
does not find the device due to the aliased device stacked on top of the base
device.
As all devices; aliased devices being the exception; are in the device list
use device_find to find the device when setting the link state
config interface 'test'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'test2'
option ifname '@test.1'
option proto 'dhcp'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 6 Jun 2016 12:58:31 +0000 (14:58 +0200)]
device: Fix device find failure in avl list due to device name change
As device name is used as key in avl list a device name change will break the avl find logic.
Function device_set_ifname offers api to set the device name and re-inserts the avl node in the list
when the avl key value is changed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Alin Năstac [Tue, 24 May 2016 15:02:20 +0000 (17:02 +0200)]
netifd: Add option to configure gc_stale_time for each device
The UCI parameter neighgcstaletime allows to control how much time will
STALE entries be kept in the neighbour table for both IPv4 and IPv6.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Linus Lüssing [Sun, 22 May 2016 20:33:48 +0000 (22:33 +0200)]
bridge: make learning and unicast-flood configurable per bridge port
Tuning these two options allows a more fine grained configuration of the
forwarding database (fdb) of a bridge.
The former allows to enable or disable the learning of the presence of
MAC addresses behind a bridge port. (default: enabled on all ports)
The latter allows to tune the behaviour in case a destination MAC address
of a frame is unknown to the fdb, like only flooding on specific ports or
not flooding on any port. (default: flood on all ports, except incoming)
This can be useful to create a dumb hub, for instance for monitoring
purposes. Or in larger layer 2 mesh networks to avoid keeping redundant
databases (e.g. with the batman-adv translation table).
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Hans Dedecker [Thu, 31 Mar 2016 10:18:27 +0000 (12:18 +0200)]
alias : Fix interface aliased on top of a static interface not getting active
An interfaces referring to a static interface is not getting active when doing a network
reload or ifup.
The problem is triggered by alias_set_device which is not clearing the pending update
(mostly a null device due to the previous down event) when the same device is set as the
current device via alias_notify_device.
As a result alias_set_device_state when called will overwrite the device with an invalid
pending device meaning the interface will not be set available anymore and thus will
stay down.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Wed, 30 Mar 2016 21:56:24 +0000 (23:56 +0200)]
Revert "add prelocal table to manipulate locally destinated traffic"
Revert commit
3eea8576d48d9b20cc1c6b46f54c7345a39d13aa since it changes the
default behaviour of user ip rules in unexpected ways.
When an ip rule is added without an explicit priority then the kernel will
use the priority value of the 2nd rule, decreased by one.
On an ordinary system, the 2nd rule usually is "from all lookup main" with
priority 32766 which means that user rules are added beginning with priority
32765 in decreasing order.
Since the introduction of the prelocal rule at prio 0 and the subsequent
moving of "from all lookup local" to prio 1, the kernel will insert all user
rules with priority 0, between the prelocal and local lookup rules, leading
to broken routing in many common scenarios.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Linus Lüssing [Sat, 5 Mar 2016 22:53:52 +0000 (23:53 +0100)]
bridge: multicast: Export some parameters RFCs suggest to be tunable
RFCs suggest some parameters of IGMP and MLD to be configurable by
the administrator. With this patch the following parameters are
configurable:
* robustness (default: 2)
* query_interval (default: 12500 [125s])
* query_response_interval (default: 1000 [10s])
* last_member_interval (default: 100 [1s])
Depending on the size and nature of the network topology administrators
might want to increase or decrease these parameters.
netifd will take care of configuring any other parameters which are
dependant on the ones above and set them according to the formulas
provided in the RFCs. These parameters of the bridge are
membership_interval, querier_interval, startup_query_interval,
startup_query_count and last_member_count.
RFCs allow setting three more parameters to be configurable:
startup_query_interval, startup_query_count and last_member_count.
However this patch does not export them, as they can be indirectly
tuned via the given, exported four parameters, too.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Naresh Kumar Mehta [Tue, 23 Feb 2016 05:53:15 +0000 (11:23 +0530)]
utils.c: Add ip address validation
Do not allow configuring invalid IPv4/IPv6 addresses.
Curently if I configure LAN IP Address as 224.1.1.1, netifd will
configure it.
e.g.
uci set network.lan.ipaddr='224.1.1.1'
uci commit
/etc/init.d/network restart
Now ifconfig br-lan returns
br-lan Link encap:Ethernet HWaddr 00:03:7F:13:BA:17
inet addr:224.1.1.1 Bcast:224.1.1.255 Mask:255.255.255.0
which is wrong.
If I use ifconfig eth1 224.1.1.1, I will get
ifconfig: SIOCSIFADDR: Invalid argument
it means ifconfig is working fine, whereas netifd not.
Proposed patch will test IPv4 address to make sure it is class A/B/C only.
Similarly IPv6 multicast addresses will not be allowed.
Signed-off-by: Naresh Kumar Mehta <naresh@codeaurora.org>
Jo-Philipp Wich [Fri, 4 Mar 2016 18:36:32 +0000 (19:36 +0100)]
system-linux: fix build error
The libnl-tiny library does not provide a nla_put_be32(), use nla_put_u32()
again in conjunction with htonl() to convert the values.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Fri, 4 Mar 2016 17:43:54 +0000 (18:43 +0100)]
system-linux: Fix VTI ikey/okey on little endian systems
The kernel expects the IFLA_VTI_IKEY and IFLA_VTI_OKEY netlink attributes to
be in network byte order, so ensure that the values are stored accordingly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Hans Dedecker [Mon, 15 Feb 2016 17:59:22 +0000 (18:59 +0100)]
interface-ip: Don't handle external addresses and routes
Prevent external routes and address being added or deleted when changing
the state of the interface ip settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:30 +0000 (10:56 +0100)]
device: Fix null pointer derefence if device is unset
Fix null pointer deference in device_claim if device is unset in device_user
struct. Typically this is observed when the parent device is removed
from (mac)vlan device config followed by a network reload
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:29 +0000 (10:56 +0100)]
device: Support multicast config option
Make multicast device flag configurable by extending device attributes
with the multicast attribute
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:28 +0000 (10:56 +0100)]
alias: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:27 +0000 (10:56 +0100)]
system-linux: Fix memory leak
Call globfree to free dynamically allocated storage from a previous glob call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:26 +0000 (10:56 +0100)]
proto: Fix possible segfaults
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:25 +0000 (10:56 +0100)]
handler: Fix memory leak
Call globfree to free dynamically allocated storage from a previous glob call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:24 +0000 (10:56 +0100)]
interface-event: Fix possible out of bounds array access
The array eventnames is of size 3 while the interface_event type may use
the indexes 3 or 4.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:23 +0000 (10:56 +0100)]
interface-ip: Fix possbile segfaults
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:22 +0000 (10:56 +0100)]
interface: Fix possbile segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:21 +0000 (10:56 +0100)]
proto-shell: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:20 +0000 (10:56 +0100)]
proto: Fix possible buffer overflow due to non null terminated string
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:19 +0000 (10:56 +0100)]
tunnel: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:18 +0000 (10:56 +0100)]
tunnel: Fix uninitialized access
Fix tb_dev uninitialized access by device_init_settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:17 +0000 (10:56 +0100)]
ubus: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:16 +0000 (10:56 +0100)]
vlan: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 1 Feb 2016 09:56:15 +0000 (10:56 +0100)]
device: Fix possible segfault
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Kristian Evensen [Thu, 21 Jan 2016 16:37:40 +0000 (17:37 +0100)]
netifd: Route traffic from LAN to WAN using rules
After commit
ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.
This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Felix Fietkau [Thu, 28 Jan 2016 21:37:25 +0000 (22:37 +0100)]
alias: clean up device dependencies on free
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Daniel Golle [Mon, 18 Jan 2016 23:24:38 +0000 (00:24 +0100)]
wireless: rename 'wpa_pairwise' variable to 'wpa_cipher'
We shall enforce the cipher for both, pairwise and group, thus change
the name of the variable to a more generic phrasing, 'cipher' instead
of 'pairwise'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org> [keep a copy for compatibility reasons]
André Valentin [Sat, 26 Dec 2015 22:57:32 +0000 (23:57 +0100)]
netifd/system-linux: add VTI tunnel support
This patch adds support for VTI interfaces. VTI interfaces can be used to
tunnel IPsec ESP traffic to a device so common firewall zones may be used.
This also enables routing protocols to work over IPsec tunnels.
Signed-off-by: André Valentin <avalentin@marcant.net>
Kristian Evensen [Thu, 7 Jan 2016 13:46:04 +0000 (14:46 +0100)]
netifd: Do not add local/source policy rules multiple times
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Felix Fietkau [Sat, 9 Jan 2016 00:46:13 +0000 (01:46 +0100)]
system: mark tunnel_attr_list as extern
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 9 Jan 2016 00:45:44 +0000 (01:45 +0100)]
wireless: mark wireless_drivers/wireless_devices as extern
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Hans Dedecker [Thu, 17 Dec 2015 14:02:06 +0000 (15:02 +0100)]
interface: Trigger interface update event when interface data is updated via ubus
Interface update event will trigger an interface hotplug event and an ubus notify event
which will inform subscribers about the updated interface data field
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Wed, 16 Dec 2015 23:13:54 +0000 (00:13 +0100)]
interface: toggle proto_ip along with config_ip to fix ordering issues with routes/rules added dynamically
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Wed, 16 Dec 2015 22:48:09 +0000 (23:48 +0100)]
interface-ip: unify handling of interface metric/table for routes, fixes handling for prefixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 15 Dec 2015 10:57:48 +0000 (11:57 +0100)]
interface-ip: fix subnet route handling
When the kernel subnet route has to be replaced, the cleanup call needs
to match the properties of the replacement route exactly, mainly the
metric and the routing table.
Fix handling this by embedding the device_route for the subnet in the
device_addr struct and using it in the cleanup path.
This fixes issues on config reload with changes to the routing table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 15 Dec 2015 10:56:54 +0000 (11:56 +0100)]
interface-ip: move struct device_addr below struct device_route
This is needed to embed the subnet route in struct device_addr
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Wed, 2 Dec 2015 13:49:10 +0000 (14:49 +0100)]
wireless: call wireless_interface_handle_link before updating vif config
If the network changes, we need to remove the vif from the old network
before we lose access to the previous state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Steven Barth [Thu, 19 Nov 2015 13:09:53 +0000 (14:09 +0100)]
ubus: export dynamic-flag for interfaces
Signed-off-by: Steven Barth <steven@midlink.org>
Felix Fietkau [Tue, 17 Nov 2015 14:15:08 +0000 (15:15 +0100)]
device: fetch settings from external devices to make them usable for status output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Tue, 17 Nov 2015 14:05:01 +0000 (15:05 +0100)]
device: preserve orig_settings flags for querying device status
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 12 Nov 2015 00:16:11 +0000 (01:16 +0100)]
interface: fix moving interface address routes to the table specified by ip[46]table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Hans Dedecker [Mon, 2 Nov 2015 10:16:12 +0000 (11:16 +0100)]
device: Don't process link events anymore in device user specific callback handlers
Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Thu, 29 Oct 2015 15:06:12 +0000 (16:06 +0100)]
system-linux: fix memory leak on error in system_if_check
Detected by Coverity CID
1330302
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 29 Oct 2015 14:58:30 +0000 (15:58 +0100)]
system-linux: fix memory leak in system_addr()
Detected by Coverity CID
1330178
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 29 Oct 2015 14:41:31 +0000 (15:41 +0100)]
main: remove redundant error check in netifd_start_process
Detected by Coverity CID
1329378
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Hans Dedecker [Mon, 28 Sep 2015 06:51:07 +0000 (08:51 +0200)]
interface-ip: Remove table specific nw rules for IPv4/6 addresses
Hans Dedecker [Mon, 28 Sep 2015 06:51:06 +0000 (08:51 +0200)]
interface-ip: Re-enable iif lo policy rules after main table lookup
Hans Dedecker [Mon, 28 Sep 2015 06:51:05 +0000 (08:51 +0200)]
interface-ip: Support source ip rule updates when reloading
Felix Fietkau [Sat, 26 Sep 2015 23:15:22 +0000 (01:15 +0200)]
wireless: fix bogus isolate setting on unbridged configuration
This was caused by a faulty test for the isolate option (arithmetic on a
variable with no default)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Dmitry Ivanov [Mon, 14 Sep 2015 09:53:14 +0000 (12:53 +0300)]
Initialize wireless interface attributes in proper function
Currently multicast to unicast feature may be configured for incorrect wireless interface in case of reconfiguration.
Test case:
Initial wireless configuration:
config wifi-iface
option mode ap
option disabled 1
config wifi-iface
option mode sta
option disabled 0
config wifi-iface
option mode ap
option disabled 0
After reboot, multicast to unicast feature is configured for interface #3 (wlan0-1) only.
Next, enable interface #1 and issue "wifi" command. Now, multicast to unicast feature is configured for interface #2 (wlan0) which is wrong.
It should be configured for interfaces #1 and #3 only. This patch resolves this problem.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Baptiste Jonglez [Mon, 14 Sep 2015 10:25:33 +0000 (12:25 +0200)]
interface-ip: Fix broadcast address when using /31 or /32 IPv4 addressing
A /31-addressed interface requires a broadcast address of 255.255.255.255,
because there is no room for a proper broadcast address. Without this,
any packet destinated to the other end of the link is sent as broadcast,
which is incorrect.
For consistency with the Linux kernel, /32-addressed interfaces are
treated in the same way.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Kristian Evensen [Fri, 18 Sep 2015 11:13:10 +0000 (13:13 +0200)]
netifd: Prevent flapping IPv6 routes
Comparing valid_until will always return false as the value is updated for each
route update message. This causes IPv6 routes to jump more around than House of
Pain, which might have undesirable consequences for user-space and user-space
applications.
Removing the valid_until comparison when setting keep fixes this problem, and
seems to have no side-effects. I am no IPv6 expert, but I see that valid of the
route is updated correctly and route is deleted if I block the route update
messages.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Felix Fietkau [Thu, 10 Sep 2015 20:59:33 +0000 (22:59 +0200)]
wireless: fix mcast_to_ucast handling, only apply it to AP mode
Fixes a regression that caused WDS stations to repeat packets back to
the AP.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Hans Dedecker [Wed, 9 Sep 2015 13:45:52 +0000 (15:45 +0200)]
interface-ip: Set route table when enabling interface ip settings
Routes are now inserted in the correct routing table when interface ip4table and/or
ip6table was changed during interface_change_config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Sep 2015 13:45:51 +0000 (15:45 +0200)]
interface-ip: Don't create ip network rule if address mask is equal to full mask
Prevents the creation of identical address and network IP rules
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Sep 2015 13:45:50 +0000 (15:45 +0200)]
interface-ip: Insert network and address ip rules for external addresses as well
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Sep 2015 13:45:49 +0000 (15:45 +0200)]
interface-ip: Remove ip loop policy rules as kernel issue is fixed
Remove ip loop policy rules as workaround for the kernel using unspecified address
to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Sep 2015 13:45:48 +0000 (15:45 +0200)]
iprule: Insert network and address ip rules before main table lookup rule
Specific IP address and network rules are now checked before the main table lookup as the main table
often holds a default route. As a result the IP address and network rules pointing to a specific
routing table will not be checked anymore; by reversing the order the specific routing tables
are checked first if the ip rule matches.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 9 Sep 2015 13:45:47 +0000 (15:45 +0200)]
device: Resolve ifindex for external claimed devices
Fixes regression issues introduced by commit
3224b80 as external (PPP)
device ifindex was not in sync with kernel device ifindex due to re-creation
of the device by the PPP daemon
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 1 Sep 2015 12:43:58 +0000 (14:43 +0200)]
device: Don't call set_state for external device in device_claim
The function set_state disable is not called for external devices in device_release
which means for external vlan/macvlan devices they won't be deleted.
As a result of this the set_state enable call for external devices by device_claim fails
as vlan/macvlan devices cannot be created since the device already exists in the kernel.
Therefore move the external device check from device_set_state to device_claim so
external vlan/macvlan devices are not created again and can also be external.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Tue, 1 Sep 2015 12:43:57 +0000 (14:43 +0200)]
device: apply settings when existing device becomes external
Make sure device settings are applied when existing device becomes external
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Linus Lüssing [Sun, 23 Aug 2015 15:19:28 +0000 (17:19 +0200)]
bridge: Allow setting multicast_router option
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Linus Lüssing [Sun, 23 Aug 2015 15:19:27 +0000 (17:19 +0200)]
bridge: Allow setting multicast_to_unicast option
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Linus Lüssing [Sun, 23 Aug 2015 15:19:26 +0000 (17:19 +0200)]
bridge: Fix multicast_to_unicast feature by hairpin+isolate
All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.
Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.
Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.
Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.
For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Yousong Zhou [Fri, 21 Aug 2015 02:11:57 +0000 (10:11 +0800)]
proto-shell: add checkup timeout to restart interface.
This is mainly for protocols with no_proto_task set. L2TP with xl2tpd
is such a case and the issue this commit tries to address is that xl2tpd
could fail redialing the connection (segfault or abort) without the
notice of netifd causing the concerned interface being left down.
This patch solves it by allowing users to configure an timeout value
instructing netifd to check if the interface is in up state after its
last attempt to setup it and try again if that is not the case.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>