| Age | Commit message (Collapse) | Author |
|---|
|
VLANs can be defined using bridge-vlan sections, like the following example:
config bridge-vlan
option device 'switch0'
option vlan '1'
option ports "lan1 lan2 lan3 lan4:t*"
Each member port can be confgured with optional attributes after ':'
- t: member port is tagged
- *: This is the primary VLAN for the port (PVID)
VLAN member interfaces are automatically added as bridge members
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Add a rtnl helper for adding vlans to a bridge interface.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Instead of truncating the device name when it exceeds IFNAMSIZ length;
let device_set_ifname return an error code and do not add the device
to the device list.
This avoids possible issues with device names becoming identical due the
truncation and as a result unexpected behavior.
Further let the different device types gracefully handle the error code
returned by device_init
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
It is overly complex, yet does not cover common scenarios very well.
It will be replaced with a simpler shell script that provides a better
default policy
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Check if a mac address is actually present when generating an eui64 based
IPv6 address; in case of failure bail out.
At the same time make sure the active mac address is used as input for the
eui64 based IPv6 address and guarantee IPv6 prefix address generation is
based on the actual config by resetting the IPv6 prefix address in the
assignment structure when it gets deleted.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: John Crispin <john@phrozen.org>
|
|
When -1 is written in /proc/sys/net/ipv4/neigh/<iface>/locktime,
kernel disables ARP trashing protection. A value of 0 does not completely
disable this protection, a second ARP update being discarded if it
is processed during the same jiffie as the first update.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
cppcheck found printf functions with signed instead of unsigned
formats. Fix those as well as some non-matching function
declarations.
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
The UCI parameter neighlocktime allows to control the hardware
address to IP mapping lock time in the IPv4 neighbour table.
The IPv6 lock time was not set because it is not used at all in any
kernel versions, hardware address override being controlled in this case
by the override flag present in the NA packet.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Commit abf52371db75eb449f12209ca1b7ffaa9d2baa22 adds sendredirects
device config support by defining DEV_OPT_SENDREDIRECTS. Fix definition
overlap of DEV_OPT_SENREDIRECTS with DEV_OPT_LEARNING.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Setting /proc/sys/net/ipv4/conf/*/send_redirects is useful if a single
layer-2 domain is shared among routed subnets.
Sending redirects will prevents traffic from taking unnessesary detours
through a gateway in cases where direct connectivity on layer 2 exists.
This is commonly the case if an existing LAN infratructure with dump
switches is used to additionally carry routing protocols like OLSR
which are supported only by some nodes on the network.
It's important to note that the default value for send_redirects
differs for interface types (it's enabled on physical ethernet
interfaces, but disabled e.g. on VLANs) due to olsrd changing
/proc/sys/net/ipv4/conf/default/send_redirects during boot, thus the
default differs also depending e.g. on the way an on-board switch is
integrated on specific boards (as eth0 exists before olsrd is started,
eth0.1 gets created by netifd later on...)
Having a way to explicitely enable or disable send_redirects is
thus desireable also to unify the default behaviour among different,
but seemingly similar devices supported.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
While at it; make device_types static if only used in the device type file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Setting the multicast_fast_leave option of a bridge allows to control
the forwarding of multicast traffic when an IGMP/MLD leave is received.
In case multicast_leave_option is enabled and a leave is received the
multicast membership will immediately be dropped on the bridge port while
in the other case the multicast membership will time out in the bridge.
This could be usefull in scenarios where explicit multicast membership
host tracking is not supported in the upstream network. In this case the
multicast stream is still flowing after a leave is received resulting into
possible bandwidth saturation on the lan if a new stream is joined as
multiple multicast streams are received.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Device handlers now also declare if they have bridge capabilities and include
a string to prefix device names for their types.
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup/fixes]
|
|
- remove const from device handler struct
- pass device handler type to create function
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
|
|
Using the config below a dotted vlan interface stays down as get_vlan_device
does not find the device due to the aliased device stacked on top of the base
device.
As all devices; aliased devices being the exception; are in the device list
use device_find to find the device when setting the link state
config interface 'test'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'test2'
option ifname '@test.1'
option proto 'dhcp'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
As device name is used as key in avl list a device name change will break the avl find logic.
Function device_set_ifname offers api to set the device name and re-inserts the avl node in the list
when the avl key value is changed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The UCI parameter neighgcstaletime allows to control how much time will
STALE entries be kept in the neighbour table for both IPv4 and IPv6.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Tuning these two options allows a more fine grained configuration of the
forwarding database (fdb) of a bridge.
The former allows to enable or disable the learning of the presence of
MAC addresses behind a bridge port. (default: enabled on all ports)
The latter allows to tune the behaviour in case a destination MAC address
of a frame is unknown to the fdb, like only flooding on specific ports or
not flooding on any port. (default: flood on all ports, except incoming)
This can be useful to create a dumb hub, for instance for monitoring
purposes. Or in larger layer 2 mesh networks to avoid keeping redundant
databases (e.g. with the batman-adv translation table).
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Make multicast device flag configurable by extending device attributes
with the multicast attribute
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
handlers
Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes a regression that caused WDS stations to repeat packets back to
the AP.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.
Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.
Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.
Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.
For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
Config option dadtransmits allows to configure the amount of
Duplicate Address Detection probes to be sent
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
The default packet steering behavior can be configured via the parameter
default_ps in the global section; the default value is true to keep
backwards compatibility.
Device packet steering (rps/xps) config can still be used to override the
default behavior.
This allows you to disable packet steering for all devices without the need
to define a device config list which disables receive/transmit packet steering
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
other interfaces attached to the same device
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Ensures that interfaces with only 'ifname' matching the device config
don't cause iface->device_config to be set
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Fixes issue interface device config is not applied in some cases.
As the interface device config was applied but not always cached;
an interface device config diff was not always detected.
Simplify device config setting by exposing as api only device_apply_config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The UCI parameter neighreachabletime allows to control the hardware address
to IP mapping lifetime in the neighbour table for both IPv4 and IPv6
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Jean-Francois Remy <jeff@melix.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Config support to set the MLD host version on device level; possible values are :
1 : MLDv1
2 : MLDv2
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleaned up and simplified.
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Config support to set the IGMP host version on device level; possible values are :
1 : IGMPv1
2 : IGMPv2
3 : IGMPv3
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleand up and simplified
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Adds support to accept packets with local source address.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Reverse path filtering config support; possible values are:
0: no source validation
1|strict: strict mode as packet will be dropped if the
incoming interface is not the best reverse path
2|loose: loose mode as packet will be dropped if the
source address is not reachable via any interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes a race condition that triggers endless link loss / detect calls
when VLAN devices are created.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Martin Hundebøll <martin@hundeboll.net>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
At moment netifd supports just 802.1q vlan, you can configure them using a concise but "hacky"
syntax using an interface config section, with this patch netifd acquire the capability
of configuring 802.1ad and 802.1q vlan using config device sections, so you can define a vlan device
plus interface with something like this:
config device 'test'
option type '8021ad'
option name 'test'
option ifname 'eth0'
option vid '1000'
config interface 'testif'
option ifname 'test'
option proto 'none'
option auto '1'
old syntax for 802.1q keeps working so no retrocompatibility problems,
to keep retrocompatibility means also that user must not use name/ifname like eth0.2
for devices declared with the new style because this would trigger the "old style"
when interface config section is parsed
Signed-off-by: Gioacchino Mazzurco <gmazzurco89@gmail.com>
|
|
per device
Main use case is being able to disable IPv6 on (a) WAN interface(s) when only IPv4 connectivity is offered or 6rd is used.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
