project/netifd.git
3 years agonetifd: Add option to configure gc_stale_time for each device
Alin Năstac [Tue, 24 May 2016 15:02:20 +0000 (17:02 +0200)]
netifd: Add option to configure gc_stale_time for each device

The UCI parameter neighgcstaletime allows to control how much time will
STALE entries be kept in the neighbour table for both IPv4 and IPv6.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
3 years agobridge: make learning and unicast-flood configurable per bridge port
Linus Lüssing [Sun, 22 May 2016 20:33:48 +0000 (22:33 +0200)]
bridge: make learning and unicast-flood configurable per bridge port

Tuning these two options allows a more fine grained configuration of the
forwarding database (fdb) of a bridge.

The former allows to enable or disable the learning of the presence of
MAC addresses behind a bridge port. (default: enabled on all ports)

The latter allows to tune the behaviour in case a destination MAC address
of a frame is unknown to the fdb, like only flooding on specific ports or
not flooding on any port. (default: flood on all ports, except incoming)

This can be useful to create a dumb hub, for instance for monitoring
purposes. Or in larger layer 2 mesh networks to avoid keeping redundant
databases (e.g. with the batman-adv translation table).

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
3 years agoalias : Fix interface aliased on top of a static interface not getting active
Hans Dedecker [Thu, 31 Mar 2016 10:18:27 +0000 (12:18 +0200)]
alias : Fix interface aliased on top of a static interface not getting active

An interfaces referring to a static interface is not getting active when doing a network
reload or ifup.
The problem is triggered by alias_set_device which is not clearing the pending update
(mostly a null device due to the previous down event) when the same device is set as the
current device via alias_notify_device.
As a result alias_set_device_state when called will overwrite the device with an invalid
pending device meaning the interface will not be set available anymore and thus will
stay down.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoRevert "add prelocal table to manipulate locally destinated traffic"
Jo-Philipp Wich [Wed, 30 Mar 2016 21:56:24 +0000 (23:56 +0200)]
Revert "add prelocal table to manipulate locally destinated traffic"

Revert commit 3eea8576d48d9b20cc1c6b46f54c7345a39d13aa since it changes the
default behaviour of user ip rules in unexpected ways.

When an ip rule is added without an explicit priority then the kernel will
use the priority value of the 2nd rule, decreased by one.

On an ordinary system, the 2nd rule usually is "from all lookup main" with
priority 32766 which means that user rules are added beginning with priority
32765 in decreasing order.

Since the introduction of the prelocal rule at prio 0 and the subsequent
moving of "from all lookup local" to prio 1, the kernel will insert all user
rules with priority 0, between the prelocal and local lookup rules, leading
to broken routing in many common scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
3 years agobridge: multicast: Export some parameters RFCs suggest to be tunable
Linus Lüssing [Sat, 5 Mar 2016 22:53:52 +0000 (23:53 +0100)]
bridge: multicast: Export some parameters RFCs suggest to be tunable

RFCs suggest some parameters of IGMP and MLD to be configurable by
the administrator. With this patch the following parameters are
configurable:

* robustness (default: 2)
* query_interval (default: 12500 [125s])
* query_response_interval (default: 1000 [10s])
* last_member_interval (default: 100 [1s])

Depending on the size and nature of the network topology administrators
might want to increase or decrease these parameters.

netifd will take care of configuring any other parameters which are
dependant on the ones above and set them according to the formulas
provided in the RFCs. These parameters of the bridge are
membership_interval, querier_interval, startup_query_interval,
startup_query_count and last_member_count.

RFCs allow setting three more parameters to be configurable:
startup_query_interval, startup_query_count and last_member_count.
However this patch does not export them, as they can be indirectly
tuned via the given, exported four parameters, too.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
3 years agoutils.c: Add ip address validation
Naresh Kumar Mehta [Tue, 23 Feb 2016 05:53:15 +0000 (11:23 +0530)]
utils.c: Add ip address validation

Do not allow configuring invalid IPv4/IPv6 addresses.
Curently if I configure LAN IP Address as 224.1.1.1, netifd will
configure it.
e.g.
uci set network.lan.ipaddr='224.1.1.1'
uci commit
/etc/init.d/network restart

Now ifconfig br-lan returns
br-lan    Link encap:Ethernet  HWaddr 00:03:7F:13:BA:17
          inet addr:224.1.1.1  Bcast:224.1.1.255  Mask:255.255.255.0
which is wrong.

If I use ifconfig eth1 224.1.1.1, I will get
ifconfig: SIOCSIFADDR: Invalid argument

it means ifconfig is working fine, whereas netifd not.
Proposed patch will test IPv4 address to make sure it is class A/B/C only.
Similarly IPv6 multicast addresses will not be allowed.

Signed-off-by: Naresh Kumar Mehta <naresh@codeaurora.org>
3 years agosystem-linux: fix build error
Jo-Philipp Wich [Fri, 4 Mar 2016 18:36:32 +0000 (19:36 +0100)]
system-linux: fix build error

The libnl-tiny library does not provide a nla_put_be32(), use nla_put_u32()
again in conjunction with htonl() to convert the values.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
3 years agosystem-linux: Fix VTI ikey/okey on little endian systems
Jo-Philipp Wich [Fri, 4 Mar 2016 17:43:54 +0000 (18:43 +0100)]
system-linux: Fix VTI ikey/okey on little endian systems

The kernel expects the IFLA_VTI_IKEY and IFLA_VTI_OKEY netlink attributes to
be in network byte order, so ensure that the values are stored accordingly.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
3 years agointerface-ip: Don't handle external addresses and routes
Hans Dedecker [Mon, 15 Feb 2016 17:59:22 +0000 (18:59 +0100)]
interface-ip: Don't handle external addresses and routes

Prevent external routes and address being added or deleted when changing
the state of the interface ip settings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: Fix null pointer derefence if device is unset
Hans Dedecker [Mon, 1 Feb 2016 09:56:30 +0000 (10:56 +0100)]
device: Fix null pointer derefence if device is unset

Fix null pointer deference in device_claim if device is unset in device_user
struct. Typically this is observed when the parent device is removed
from (mac)vlan device config followed by a network reload

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: Support multicast config option
Hans Dedecker [Mon, 1 Feb 2016 09:56:29 +0000 (10:56 +0100)]
device: Support multicast config option

Make multicast device flag configurable by extending device attributes
with the multicast attribute

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
3 years agoalias: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:28 +0000 (10:56 +0100)]
alias: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agosystem-linux: Fix memory leak
Hans Dedecker [Mon, 1 Feb 2016 09:56:27 +0000 (10:56 +0100)]
system-linux: Fix memory leak

Call globfree to free dynamically allocated storage from a previous glob call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoproto: Fix possible segfaults
Hans Dedecker [Mon, 1 Feb 2016 09:56:26 +0000 (10:56 +0100)]
proto: Fix possible segfaults

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agohandler: Fix memory leak
Hans Dedecker [Mon, 1 Feb 2016 09:56:25 +0000 (10:56 +0100)]
handler: Fix memory leak

Call globfree to free dynamically allocated storage from a previous glob call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface-event: Fix possible out of bounds array access
Hans Dedecker [Mon, 1 Feb 2016 09:56:24 +0000 (10:56 +0100)]
interface-event: Fix possible out of bounds array access

The array eventnames is of size 3 while the interface_event type may use
the indexes 3 or 4.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface-ip: Fix possbile segfaults
Hans Dedecker [Mon, 1 Feb 2016 09:56:23 +0000 (10:56 +0100)]
interface-ip: Fix possbile segfaults

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface: Fix possbile segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:22 +0000 (10:56 +0100)]
interface: Fix possbile segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoproto-shell: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:21 +0000 (10:56 +0100)]
proto-shell: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoproto: Fix possible buffer overflow due to non null terminated string
Hans Dedecker [Mon, 1 Feb 2016 09:56:20 +0000 (10:56 +0100)]
proto: Fix possible buffer overflow due to non null terminated string

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agotunnel: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:19 +0000 (10:56 +0100)]
tunnel: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agotunnel: Fix uninitialized access
Hans Dedecker [Mon, 1 Feb 2016 09:56:18 +0000 (10:56 +0100)]
tunnel: Fix uninitialized access

Fix tb_dev uninitialized access by device_init_settings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoubus: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:17 +0000 (10:56 +0100)]
ubus: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agovlan: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:16 +0000 (10:56 +0100)]
vlan: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: Fix possible segfault
Hans Dedecker [Mon, 1 Feb 2016 09:56:15 +0000 (10:56 +0100)]
device: Fix possible segfault

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agonetifd: Route traffic from LAN to WAN using rules
Kristian Evensen [Thu, 21 Jan 2016 16:37:40 +0000 (17:37 +0100)]
netifd: Route traffic from LAN to WAN using rules

After commit ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.

This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
3 years agoalias: clean up device dependencies on free
Felix Fietkau [Thu, 28 Jan 2016 21:37:25 +0000 (22:37 +0100)]
alias: clean up device dependencies on free

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agowireless: rename 'wpa_pairwise' variable to 'wpa_cipher'
Daniel Golle [Mon, 18 Jan 2016 23:24:38 +0000 (00:24 +0100)]
wireless: rename 'wpa_pairwise' variable to 'wpa_cipher'

We shall enforce the cipher for both, pairwise and group, thus change
the name of the variable to a more generic phrasing, 'cipher' instead
of 'pairwise'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org> [keep a copy for compatibility reasons]
3 years agonetifd/system-linux: add VTI tunnel support
André Valentin [Sat, 26 Dec 2015 22:57:32 +0000 (23:57 +0100)]
netifd/system-linux: add VTI tunnel support

This patch adds support for VTI interfaces. VTI interfaces can be used to
tunnel IPsec ESP traffic to a device so common firewall zones may be used.
This also enables routing protocols to work over IPsec tunnels.

Signed-off-by: André Valentin <avalentin@marcant.net>
3 years agonetifd: Do not add local/source policy rules multiple times
Kristian Evensen [Thu, 7 Jan 2016 13:46:04 +0000 (14:46 +0100)]
netifd: Do not add local/source policy rules multiple times

interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.

This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.

Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.

I have tested the patch in different configurations and have not found any
regression.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
3 years agosystem: mark tunnel_attr_list as extern
Felix Fietkau [Sat, 9 Jan 2016 00:46:13 +0000 (01:46 +0100)]
system: mark tunnel_attr_list as extern

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agowireless: mark wireless_drivers/wireless_devices as extern
Felix Fietkau [Sat, 9 Jan 2016 00:45:44 +0000 (01:45 +0100)]
wireless: mark wireless_drivers/wireless_devices as extern

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface: Trigger interface update event when interface data is updated via ubus
Hans Dedecker [Thu, 17 Dec 2015 14:02:06 +0000 (15:02 +0100)]
interface: Trigger interface update event when interface data is updated via ubus

Interface update event will trigger an interface hotplug event and an ubus notify event
which will inform subscribers about the updated interface data field

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface: toggle proto_ip along with config_ip to fix ordering issues with routes...
Felix Fietkau [Wed, 16 Dec 2015 23:13:54 +0000 (00:13 +0100)]
interface: toggle proto_ip along with config_ip to fix ordering issues with routes/rules added dynamically

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: unify handling of interface metric/table for routes, fixes handling...
Felix Fietkau [Wed, 16 Dec 2015 22:48:09 +0000 (23:48 +0100)]
interface-ip: unify handling of interface metric/table for routes, fixes handling for prefixes

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: fix subnet route handling
Felix Fietkau [Tue, 15 Dec 2015 10:57:48 +0000 (11:57 +0100)]
interface-ip: fix subnet route handling

When the kernel subnet route has to be replaced, the cleanup call needs
to match the properties of the replacement route exactly, mainly the
metric and the routing table.
Fix handling this by embedding the device_route for the subnet in the
device_addr struct and using it in the cleanup path.

This fixes issues on config reload with changes to the routing table

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: move struct device_addr below struct device_route
Felix Fietkau [Tue, 15 Dec 2015 10:56:54 +0000 (11:56 +0100)]
interface-ip: move struct device_addr below struct device_route

This is needed to embed the subnet route in struct device_addr

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agowireless: call wireless_interface_handle_link before updating vif config
Felix Fietkau [Wed, 2 Dec 2015 13:49:10 +0000 (14:49 +0100)]
wireless: call wireless_interface_handle_link before updating vif config

If the network changes, we need to remove the vif from the old network
before we lose access to the previous state

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agoubus: export dynamic-flag for interfaces
Steven Barth [Thu, 19 Nov 2015 13:09:53 +0000 (14:09 +0100)]
ubus: export dynamic-flag for interfaces

Signed-off-by: Steven Barth <steven@midlink.org>
3 years agodevice: fetch settings from external devices to make them usable for status output
Felix Fietkau [Tue, 17 Nov 2015 14:15:08 +0000 (15:15 +0100)]
device: fetch settings from external devices to make them usable for status output

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agodevice: preserve orig_settings flags for querying device status
Felix Fietkau [Tue, 17 Nov 2015 14:05:01 +0000 (15:05 +0100)]
device: preserve orig_settings flags for querying device status

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface: fix moving interface address routes to the table specified by ip[46]table
Felix Fietkau [Thu, 12 Nov 2015 00:16:11 +0000 (01:16 +0100)]
interface: fix moving interface address routes to the table specified by ip[46]table

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agodevice: Don't process link events anymore in device user specific callback handlers
Hans Dedecker [Mon, 2 Nov 2015 10:16:12 +0000 (11:16 +0100)]
device: Don't process link events anymore in device user specific callback handlers

Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agosystem-linux: fix memory leak on error in system_if_check
Felix Fietkau [Thu, 29 Oct 2015 15:06:12 +0000 (16:06 +0100)]
system-linux: fix memory leak on error in system_if_check

Detected by Coverity CID 1330302

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agosystem-linux: fix memory leak in system_addr()
Felix Fietkau [Thu, 29 Oct 2015 14:58:30 +0000 (15:58 +0100)]
system-linux: fix memory leak in system_addr()

Detected by Coverity CID 1330178

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agomain: remove redundant error check in netifd_start_process
Felix Fietkau [Thu, 29 Oct 2015 14:41:31 +0000 (15:41 +0100)]
main: remove redundant error check in netifd_start_process

Detected by Coverity CID 1329378

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: Remove table specific nw rules for IPv4/6 addresses
Hans Dedecker [Mon, 28 Sep 2015 06:51:07 +0000 (08:51 +0200)]
interface-ip: Remove table specific nw rules for IPv4/6 addresses

3 years agointerface-ip: Re-enable iif lo policy rules after main table lookup
Hans Dedecker [Mon, 28 Sep 2015 06:51:06 +0000 (08:51 +0200)]
interface-ip: Re-enable iif lo policy rules after main table lookup

3 years agointerface-ip: Support source ip rule updates when reloading
Hans Dedecker [Mon, 28 Sep 2015 06:51:05 +0000 (08:51 +0200)]
interface-ip: Support source ip rule updates when reloading

3 years agowireless: fix bogus isolate setting on unbridged configuration
Felix Fietkau [Sat, 26 Sep 2015 23:15:22 +0000 (01:15 +0200)]
wireless: fix bogus isolate setting on unbridged configuration

This was caused by a faulty test for the isolate option (arithmetic on a
variable with no default)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agoInitialize wireless interface attributes in proper function
Dmitry Ivanov [Mon, 14 Sep 2015 09:53:14 +0000 (12:53 +0300)]
Initialize wireless interface attributes in proper function

Currently multicast to unicast feature may be configured for incorrect wireless interface in case of reconfiguration.

Test case:

Initial wireless configuration:

config wifi-iface
  option mode ap
  option disabled 1

config wifi-iface
  option mode sta
  option disabled 0

config wifi-iface
  option mode ap
  option disabled 0

After reboot, multicast to unicast feature is configured for interface #3 (wlan0-1) only.

Next, enable interface #1 and issue "wifi" command. Now, multicast to unicast feature is configured for interface #2 (wlan0) which is wrong.
It should be configured for interfaces #1 and #3 only. This patch resolves this problem.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: Fix broadcast address when using /31 or /32 IPv4 addressing
Baptiste Jonglez [Mon, 14 Sep 2015 10:25:33 +0000 (12:25 +0200)]
interface-ip: Fix broadcast address when using /31 or /32 IPv4 addressing

A /31-addressed interface requires a broadcast address of 255.255.255.255,
because there is no room for a proper broadcast address.  Without this,
any packet destinated to the other end of the link is sent as broadcast,
which is incorrect.

For consistency with the Linux kernel, /32-addressed interfaces are
treated in the same way.

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
3 years agonetifd: Prevent flapping IPv6 routes
Kristian Evensen [Fri, 18 Sep 2015 11:13:10 +0000 (13:13 +0200)]
netifd: Prevent flapping IPv6 routes

Comparing valid_until will always return false as the value is updated for each
route update message. This causes IPv6 routes to jump more around than House of
Pain, which might have undesirable consequences for user-space and user-space
applications.

Removing the valid_until comparison when setting keep fixes this problem, and
seems to have no side-effects. I am no IPv6 expert, but I see that valid of the
route is updated correctly and route is deleted if I block the route update
messages.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
3 years agowireless: fix mcast_to_ucast handling, only apply it to AP mode
Felix Fietkau [Thu, 10 Sep 2015 20:59:33 +0000 (22:59 +0200)]
wireless: fix mcast_to_ucast handling, only apply it to AP mode

Fixes a regression that caused WDS stations to repeat packets back to
the AP.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agointerface-ip: Set route table when enabling interface ip settings
Hans Dedecker [Wed, 9 Sep 2015 13:45:52 +0000 (15:45 +0200)]
interface-ip: Set route table when enabling interface ip settings

Routes are now inserted in the correct routing table when interface ip4table and/or
ip6table was changed during interface_change_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface-ip: Don't create ip network rule if address mask is equal to full mask
Hans Dedecker [Wed, 9 Sep 2015 13:45:51 +0000 (15:45 +0200)]
interface-ip: Don't create ip network rule if address mask is equal to full mask

Prevents the creation of identical address and network IP rules

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface-ip: Insert network and address ip rules for external addresses as well
Hans Dedecker [Wed, 9 Sep 2015 13:45:50 +0000 (15:45 +0200)]
interface-ip: Insert network and address ip rules for external addresses as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agointerface-ip: Remove ip loop policy rules as kernel issue is fixed
Hans Dedecker [Wed, 9 Sep 2015 13:45:49 +0000 (15:45 +0200)]
interface-ip: Remove ip loop policy rules as kernel issue is fixed

Remove ip loop policy rules as workaround for the kernel using unspecified address
to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoiprule: Insert network and address ip rules before main table lookup rule
Hans Dedecker [Wed, 9 Sep 2015 13:45:48 +0000 (15:45 +0200)]
iprule: Insert network and address ip rules before main table lookup rule

Specific IP address and network rules are now checked before the main table lookup as the main table
often holds a default route. As a result the IP address and network rules pointing to a specific
routing table will not be checked anymore; by reversing the order the specific routing tables
are checked first if the ip rule matches.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: Resolve ifindex for external claimed devices
Hans Dedecker [Wed, 9 Sep 2015 13:45:47 +0000 (15:45 +0200)]
device: Resolve ifindex for external claimed devices

Fixes regression issues introduced by commit 3224b80 as external (PPP)
device ifindex was not in sync with kernel device ifindex due to re-creation
of the device by the PPP daemon

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: Don't call set_state for external device in device_claim
Hans Dedecker [Tue, 1 Sep 2015 12:43:58 +0000 (14:43 +0200)]
device: Don't call set_state for external device in device_claim

The function set_state disable is not called for external devices in device_release
which means for external vlan/macvlan devices they won't be deleted.
As a result of this the set_state enable call for external devices by device_claim fails
as vlan/macvlan devices cannot be created since the device already exists in the kernel.
Therefore move the external device check from device_set_state to device_claim so
external vlan/macvlan devices are not created again and can also be external.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: apply settings when existing device becomes external
Hans Dedecker [Tue, 1 Sep 2015 12:43:57 +0000 (14:43 +0200)]
device: apply settings when existing device becomes external

Make sure device settings are applied when existing device becomes external

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agobridge: Allow setting multicast_router option
Linus Lüssing [Sun, 23 Aug 2015 15:19:28 +0000 (17:19 +0200)]
bridge: Allow setting multicast_router option

The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:

* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
  was detected (currently only learned via query messages, no MRD
  support yet)
* 2: Always forward any multicast traffic on this port

Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.

Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
3 years agobridge: Allow setting multicast_to_unicast option
Linus Lüssing [Sun, 23 Aug 2015 15:19:27 +0000 (17:19 +0200)]
bridge: Allow setting multicast_to_unicast option

With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.

This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
3 years agobridge: Fix multicast_to_unicast feature by hairpin+isolate
Linus Lüssing [Sun, 23 Aug 2015 15:19:26 +0000 (17:19 +0200)]
bridge: Fix multicast_to_unicast feature by hairpin+isolate

All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.

Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.

Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.

Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.

For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
3 years agoproto-shell: add checkup timeout to restart interface.
Yousong Zhou [Fri, 21 Aug 2015 02:11:57 +0000 (10:11 +0800)]
proto-shell: add checkup timeout to restart interface.

This is mainly for protocols with no_proto_task set.  L2TP with xl2tpd
is such a case and the issue this commit tries to address is that xl2tpd
could fail redialing the connection (segfault or abort) without the
notice of netifd causing the concerned interface being left down.

This patch solves it by allowing users to configure an timeout value
instructing netifd to check if the interface is in up state after its
last attempt to setup it and try again if that is not the case.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
3 years agoChanges for more readability.
Yousong Zhou [Fri, 21 Aug 2015 02:11:56 +0000 (10:11 +0800)]
Changes for more readability.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
3 years agonetifd: Spawn device events when registering dependency in device_replace
Hans Dedecker [Tue, 4 Aug 2015 14:22:45 +0000 (16:22 +0200)]
netifd: Spawn device events when registering dependency in device_replace

Spawn device events when adding dependency in device_replace so the dependency installer gets
the actual device status

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agonetifd: Remove obsolete device_set_present in device_replace
Hans Dedecker [Tue, 4 Aug 2015 14:22:44 +0000 (16:22 +0200)]
netifd: Remove obsolete device_set_present in device_replace

New device does not need to be set present as device_check_state called via device_init
sets the device present after probing the kernel device

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agonetifd: Fix device usage after free
Hans Dedecker [Tue, 4 Aug 2015 14:22:43 +0000 (16:22 +0200)]
netifd: Fix device usage after free

Prevent new device from being freed in device_replace when
device_unlock is called along the function chain triggered
by setting the old device as not present

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agonetifd: Fix SEG fault when device cannot be allocated
Hans Dedecker [Tue, 4 Aug 2015 14:22:42 +0000 (16:22 +0200)]
netifd: Fix SEG fault when device cannot be allocated

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agodevice: apply initial settings when creating an external device
Felix Fietkau [Sat, 18 Jul 2015 23:09:56 +0000 (01:09 +0200)]
device: apply initial settings when creating an external device

Fixes RPS/XPS settings for wlan devices

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
3 years agonetifd: Add dadtransmits config option
Hans Dedecker [Thu, 25 Jun 2015 10:38:52 +0000 (12:38 +0200)]
netifd: Add dadtransmits config option

Config option dadtransmits allows to configure the amount of
Duplicate Address Detection probes to be sent

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoAdd mtu6 option to override IPv6 MTU
Steven Barth [Wed, 24 Jun 2015 11:02:37 +0000 (13:02 +0200)]
Add mtu6 option to override IPv6 MTU

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agoproto-shell: add support for generic host-dependencies to interfaces
Steven Barth [Wed, 10 Jun 2015 18:36:17 +0000 (20:36 +0200)]
proto-shell: add support for generic host-dependencies to interfaces

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agoFix removal of dynamic interfaces
Steven Barth [Mon, 8 Jun 2015 11:02:00 +0000 (13:02 +0200)]
Fix removal of dynamic interfaces

Also remove obsolete "del_dynamic" call (use "down" instead)

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agonetifd: Add old style vlan devices to device list
Hans Dedecker [Tue, 26 May 2015 12:41:47 +0000 (14:41 +0200)]
netifd: Add old style vlan devices to device list

Just like other device types old vlan style devices are added to
the device list which means they're displayed when the device list
is displayed via ubus.
Additionally global device setting config like default packet
steering behavior is now also applied for old style vlan devices
when doing a network reload.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agobridge: allow setting hash_max value
Linus Lüssing [Tue, 26 May 2015 19:49:11 +0000 (21:49 +0200)]
bridge: allow setting hash_max value

If the number of entries in the MDB exceeds hash_max then the
multicast snooping capabilities of the bridge are disabled
automatically.

The default value for hash_max is 512 which is already exceeded by some
wireless community mesh networks. They need to be able to set a higher
value.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
4 years agouclibc: backwards-compatibility fixes
Steven Barth [Tue, 26 May 2015 11:59:02 +0000 (13:59 +0200)]
uclibc: backwards-compatibility fixes

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agolinux: more IPv6 onlink-route handling fixes / improvements
Steven Barth [Tue, 26 May 2015 11:51:52 +0000 (13:51 +0200)]
linux: more IPv6 onlink-route handling fixes / improvements

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agointerface: teardown on l3_dev link lost.
Yousong Zhou [Tue, 19 May 2015 12:38:33 +0000 (20:38 +0800)]
interface: teardown on l3_dev link lost.

This is mainly for shell protocols that has no_proto_task so that we can
still teardown and setup the interface on l3_dev link lost instead of
depending on running state of proto_task.

Also rename related callbacks for better clarification.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agoproto-shell: simplify no_proto_task assignment
Felix Fietkau [Sat, 23 May 2015 14:42:20 +0000 (16:42 +0200)]
proto-shell: simplify no_proto_task assignment

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agoproto-shell: allow running protocols without proto_task.
Yousong Zhou [Tue, 19 May 2015 12:38:32 +0000 (20:38 +0800)]
proto-shell: allow running protocols without proto_task.

Adds a new config parameter "no-proto-task" for noting that no
proto_task will be running for this protocol type.  This is required
since then change in commit "d0dcf74 proto-shell: retry setup if the
proto handler script quits without changing the state or starting a
process".

The change is mainly for protocols like xl2tpd in which control commands
are sent to another daemon xl2tpd to start L2TP negotiation and pppd
process who is not under netifd's control as proto_task as is the case
in other ppp related protocols like pppoe, pptp, etc.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agointerface: minor fix for unnecessary ++ operation.
Yousong Zhou [Tue, 19 May 2015 12:38:31 +0000 (20:38 +0800)]
interface: minor fix for unnecessary ++ operation.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agointerface: remove redundant iface_attr_info.
Yousong Zhou [Tue, 19 May 2015 12:38:30 +0000 (20:38 +0800)]
interface: remove redundant iface_attr_info.

BLOBMSG_TYPE_STRING is the default type for elements of
BLOBMSG_TYPE_ARRAY.  Array type IFACE_ATTR_DNS_SEARCH was already
missing there, so drop the whole part anyway.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agosystem: fix typo in returning address length.
Yousong Zhou [Tue, 19 May 2015 12:38:29 +0000 (20:38 +0800)]
system: fix typo in returning address length.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
4 years agolinux: add compat-define for IFA_F_NOPREFIXROUTE
Steven Barth [Tue, 19 May 2015 09:01:27 +0000 (11:01 +0200)]
linux: add compat-define for IFA_F_NOPREFIXROUTE

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agoipv6: use kernel >= 3.14 handling of offlink-addresses
Steven Barth [Tue, 19 May 2015 08:58:34 +0000 (10:58 +0200)]
ipv6: use kernel >= 3.14 handling of offlink-addresses

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agonetifd: Support for configurable default packet steering behavior
Hans Dedecker [Tue, 12 May 2015 11:11:52 +0000 (13:11 +0200)]
netifd: Support for configurable default packet steering behavior

The default packet steering behavior can be configured via the parameter
default_ps in the global section; the default value is true to keep
backwards compatibility.
Device packet steering (rps/xps) config can still be used to override the
default behavior.
This allows you to disable packet steering for all devices without the need
to define a device config list which disables receive/transmit packet steering

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoproto-shell: retry setup if the proto handler script quits without changing the state...
Felix Fietkau [Tue, 21 Apr 2015 12:09:48 +0000 (14:09 +0200)]
proto-shell: retry setup if the proto handler script quits without changing the state or starting a process

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agointerface: remove obsolete device config apply code
Felix Fietkau [Sun, 19 Apr 2015 09:50:19 +0000 (11:50 +0200)]
interface: remove obsolete device config apply code

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agointerface: allow an interface to specify device configs even when there are other...
Felix Fietkau [Sun, 19 Apr 2015 09:49:51 +0000 (11:49 +0200)]
interface: allow an interface to specify device configs even when there are other interfaces attached to the same device

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agonetifd: fix an uninitialized variable
Felix Fietkau [Sun, 19 Apr 2015 09:32:27 +0000 (11:32 +0200)]
netifd: fix an uninitialized variable

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agodevice: add support for removing interface config on reload
Felix Fietkau [Sat, 18 Apr 2015 21:27:15 +0000 (23:27 +0200)]
device: add support for removing interface config on reload

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agointerface: detect and handle changes in device config
Felix Fietkau [Sat, 18 Apr 2015 21:26:51 +0000 (23:26 +0200)]
interface: detect and handle changes in device config

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agoutils.h: remove leftover commented out code
Felix Fietkau [Fri, 17 Apr 2015 19:25:36 +0000 (21:25 +0200)]
utils.h: remove leftover commented out code

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agodevice: remove DEV_ATTR_IFNAME, it is unused
Felix Fietkau [Fri, 17 Apr 2015 19:24:29 +0000 (21:24 +0200)]
device: remove DEV_ATTR_IFNAME, it is unused

Ensures that interfaces with only 'ifname' matching the device config
don't cause iface->device_config to be set

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
4 years agoCleanup issues reported by scan-build
Steven Barth [Tue, 14 Apr 2015 06:45:26 +0000 (08:45 +0200)]
Cleanup issues reported by scan-build

Signed-off-by: Steven Barth <steven@midlink.org>
4 years agonetifd: Interface last error support
Hans Dedecker [Wed, 8 Apr 2015 14:20:22 +0000 (16:20 +0200)]
netifd: Interface last error support

Adds interface last error support which preserves the last reported
error reported by the protocol handler till the interface is up;
e.g. survives network reload and interface restarts.
This is mainly usefull for tracking down why an interface fails
to establish; eg auth failure/traffic limit for PPP interfaces

Protocol handlers register last error support by setting lasterror=1
in the proto_init function

Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4 years agoRevert "linux: adjust default policy rules"
Steven Barth [Tue, 31 Mar 2015 13:12:53 +0000 (15:12 +0200)]
Revert "linux: adjust default policy rules"

Signed-off-by: Steven Barth <steven@midlink.org>