| Age | Commit message (Collapse) | Author |
|---|
|
Introduce jail_ifname option to define the name of a Linux network
interface when moved into a jail's network namespace.
This is useful for containers which expect the network interface to
have a specific name (eg. 'host0' in case of systemd).
While at it, clean-up and fix bugs in jail interface up/down routines.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Memory returned by blogmsg_get_string() is volatile, hence use strdup()
to have a permanent copy of the returned string and free it when no
longer needed.
Fixes: 1321c1b ("add basic support for jail network namespaces")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Issue was introduced in commit 1321c1bd8fe921986c4eb39c3783ddd827b79543.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Switched to the plain function instead of the now gone syscall.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
When netifd manages the prefix route directly, it will remove it
the moment prefix gets deprecated. This will make it impossible
for the target to send ICMPv6 errors back to LAN devices still
using the deprecated prefix, thus breaking the L-14 requirement
of RFC 7084.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Using /tmp/resolv.conf.d/ has the advantage that we can mount-bind it.
Mount-bind'ing /tmp/resolv.conf.auto directly previously caused
problems as the file is being deleted/replaced at run-time.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
This reverts commit e45b1408284c05984b38a910a1f0a07d6c761397.
Reverting the commit as the submitters Signed-off-by has been mistakingly
added without the authors consent.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
When for example a /60 is assigned to a network the last 4 bits of the
ip6hint are unused. Emit a warning if any of these unused bits is set as
it indicates that someone didn't understand how the hint is used. (As I
did earlier today resulting in spending some time understanding the
code.)
Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Add option 'reconf' to make dynamic re-configuration opt-in.
Also add option 'serialize' to 'wifi-device' section and if set
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Fix cb leak in case invalid type is specified in system_if_clear_entries
Detected by Coverity in CID1431183
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes CID 1220430, 1432226, 1432807 and 1433508
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
-xfrm interfaces were deleted before
-use standard parameters for xfrm interface created
Signed-off-by: André Valentin <avalentin@marcant.net>
|
|
Reported by Coverity in CID 1445749
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
No need to check if dev is NULL as device is always set when
system_neigh is called
Fixes issue reported by Coverity in CID 1445818
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
This adds support for xfrm interfaces. These interfaces can be used since
linux 4.19 for IPsec traffic, like VTI interface.
XFRM interfaces are less complicated compared to VTI because they need no IP
tunnel endpoints.
|
|
Since commit 5cf79759a24e9bb2a6a3aef7c83d73efb9bf2df3 (iprule: rework
interface based rules to handle dynamic interfaces) the rule
comparison is broken and doesn't correctly recognize matching rules.
This in turn break the reloading as adding the "new" rule fails
because it already exists and it then delete the "old" rule.
The comparison is broken because it now include fields that are not
defining the rule itself, as well as some pointer to malloced strings.
To fix this we move back the offending fields in the iprule struct
before the 'flags' field and match the malloced strings separately.
Signed-off-by: Alban Bedel <albeu@free.fr>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
In case of tunnel over PPP(such as gretap over l2tp): tunnel interface
use PPP's peer address as remote address, netifd script will call
proto_add_host_dependency function, then netifd will search which device
can reach to the remote address. Before the patch, netifd don't consider
the PPP interface can reach to the remote address, so netifd will select
default route to remote address, it will lead to remote address unreachable.
Based on a patch by xiaofan <xfan1024@live.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
blobmsg_check_attr() takes as second argument a bool; fix it where needed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Failing to set the IPv6 mtu is only a real issue if the mtu to be set is
smaller than the current mtu as in that case it would break IPv6 path mtu;
adapt the logic to generate the warning accordingly
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Add missing space to change from:
netifd: Failed to set IPv6 mtu to 1500on interface 'wg0'
to:
netifd: Failed to set IPv6 mtu to 1500 on interface 'wg0'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries
The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
(can be 1 or 0)
Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
commit a97297d83e42 ("interface: set interface in TEARDOWN state when checking link state")
broke the if-down hotplug event handling, as the iface->state is now IFS_TEARDOWN when
calling the mark_interface_down() function from the IFPEV_DOWN event.
Fixes: a97297d83e42 ("interface: set interface in TEARDOWN state when checking link state")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
|
In case PROTO_CMD_SETUP cannot be handled due to an invalid state; return
-1 so the calling functions are aware the PROTO_CMD_SETUP has failed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
When launching PROTO_CMD_TEARDOWN in interface_check_state() the interface
was set in IFS_DOWN state. In case an interface is now brought into IFS_SETUP
state in __interface_set_up() it will launch PROTO_CMD_SETUP trying to
bring the proto shell handler in S_SETUP state which will fail as the proto
shell handler is still in the S_TEARDOWN state.
Fix this by setting the interface in IFS_TEARDOWN state when the PROTO_CMD_TEARDOWN
event is launched which will prevent the interface being brought into IFS_SETUP state
as long as it's not in the IFS_DOWN state.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
This simple patch adds 802.11ad to hwmode list so that netifd-wireless.sh does not otherwise overwrite it with the default hwmode=g
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
|
This patch will add support for using GCMP as cipher suite.
This is not a strong cipher but is only one supported by
wil6210 driver in order to have encrypted traffic.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
|
Update the no_delegation parameter on a config reload; in case prefixes
are present update the prefix assignments as well according to the
no_delegation status
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Hotplug events are no longer handled after socket RX queue is
overrun. The issue has been fixed by:
- setting SO_RCVBUF initially to 65535
- doubling SO_RCVBUF value each time RX queue gets overrun
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Rogue ! effectively disabled the ipv6 multicast check. Fix cd089c52
Why is it always the simple changes that catch you out?
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
Signed-off-by: Dave Taht <dave.taht@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
|
|
Use sysfs to configure the bridge settings stp/forward_delay/priority
ageing_time/hello_time and max_age as the SIOCDEVPRIVATE bridge ioctl
has no compat ioctl support which makes it impossible to set the above
mentioned bridge paramaters if the kernel is compiled in 64 bit mode
and user_space in 32 bit mode.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
For dynamic interfaces don't return false if vlist_find returns NULL as
the calling function will try to free iface in case of an error which has
already been freed in interface_change_config()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity in cid 1441495
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Set config state to remove for dynamic interfaces in the following cases :
-interface is set as not available
-interface is set as down
-interface is set as having no link state
This will trigger an interface delete upon the next call of interface_handle_config_change
Before this change you could end up with lingering inactive dynamic
interfaces in case the aliased interface went down as before a dynamic
interface was only removed when set down via ubus
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Integrate dynamic interface creation code into interface_alloc and
__interface_add so we can get rid of interface_set_dynamic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs
support the destination option header containing the tunnel encapsulation
limit resulting into broken connectivity
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
This adds PSK3 / SAE support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fix segfault in generic_interface_cb by checking the
IPRULE_OUT/IPRULE_IN flags before doing the strcmp for the possible
configured out/in interface(s) of the ip rule.
Also don't copy the interface layer3 device as the layer 3 device is
not yet known when IFEV_CREATE event is launched.
The layer3 device will be known when the IFEV_UP event is processed in
rule_out_cb/rule_in_cb.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Actually change the glob pattern as described in the previous commit.
Fixes: 3c8ac1c ("netifd: fix wpa mixed mode matching")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
