| Age | Commit message (Collapse) | Author |
|---|
|
Setting the multicast_fast_leave option of a bridge allows to control
the forwarding of multicast traffic when an IGMP/MLD leave is received.
In case multicast_leave_option is enabled and a leave is received the
multicast membership will immediately be dropped on the bridge port while
in the other case the multicast membership will time out in the bridge.
This could be usefull in scenarios where explicit multicast membership
host tracking is not supported in the upstream network. In this case the
multicast stream is still flowing after a leave is received resulting into
possible bandwidth saturation on the lan if a new stream is joined as
multiple multicast streams are received.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Replace device_get by device_find so it's clear a device needs to be found present
in the device list.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Using the config below a dotted vlan interface stays down as get_vlan_device
does not find the device due to the aliased device stacked on top of the base
device.
As all devices; aliased devices being the exception; are in the device list
use device_find to find the device when setting the link state
config interface 'test'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'test2'
option ifname '@test.1'
option proto 'dhcp'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The UCI parameter neighgcstaletime allows to control how much time will
STALE entries be kept in the neighbour table for both IPv4 and IPv6.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Tuning these two options allows a more fine grained configuration of the
forwarding database (fdb) of a bridge.
The former allows to enable or disable the learning of the presence of
MAC addresses behind a bridge port. (default: enabled on all ports)
The latter allows to tune the behaviour in case a destination MAC address
of a frame is unknown to the fdb, like only flooding on specific ports or
not flooding on any port. (default: flood on all ports, except incoming)
This can be useful to create a dumb hub, for instance for monitoring
purposes. Or in larger layer 2 mesh networks to avoid keeping redundant
databases (e.g. with the batman-adv translation table).
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Revert commit 3eea8576d48d9b20cc1c6b46f54c7345a39d13aa since it changes the
default behaviour of user ip rules in unexpected ways.
When an ip rule is added without an explicit priority then the kernel will
use the priority value of the 2nd rule, decreased by one.
On an ordinary system, the 2nd rule usually is "from all lookup main" with
priority 32766 which means that user rules are added beginning with priority
32765 in decreasing order.
Since the introduction of the prelocal rule at prio 0 and the subsequent
moving of "from all lookup local" to prio 1, the kernel will insert all user
rules with priority 0, between the prelocal and local lookup rules, leading
to broken routing in many common scenarios.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
RFCs suggest some parameters of IGMP and MLD to be configurable by
the administrator. With this patch the following parameters are
configurable:
* robustness (default: 2)
* query_interval (default: 12500 [125s])
* query_response_interval (default: 1000 [10s])
* last_member_interval (default: 100 [1s])
Depending on the size and nature of the network topology administrators
might want to increase or decrease these parameters.
netifd will take care of configuring any other parameters which are
dependant on the ones above and set them according to the formulas
provided in the RFCs. These parameters of the bridge are
membership_interval, querier_interval, startup_query_interval,
startup_query_count and last_member_count.
RFCs allow setting three more parameters to be configurable:
startup_query_interval, startup_query_count and last_member_count.
However this patch does not export them, as they can be indirectly
tuned via the given, exported four parameters, too.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
The libnl-tiny library does not provide a nla_put_be32(), use nla_put_u32()
again in conjunction with htonl() to convert the values.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
The kernel expects the IFLA_VTI_IKEY and IFLA_VTI_OKEY netlink attributes to
be in network byte order, so ensure that the values are stored accordingly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Make multicast device flag configurable by extending device attributes
with the multicast attribute
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
|
|
Call globfree to free dynamically allocated storage from a previous glob call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
This patch adds support for VTI interfaces. VTI interfaces can be used to
tunnel IPsec ESP traffic to a device so common firewall zones may be used.
This also enables routing protocols to work over IPsec tunnels.
Signed-off-by: André Valentin <avalentin@marcant.net>
|
|
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
handlers
Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity CID 1330302
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Detected by Coverity CID 1330178
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Fixes a regression that caused WDS stations to repeat packets back to
the AP.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.
Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.
Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.
Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.
For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Config option dadtransmits allows to configure the amount of
Duplicate Address Detection probes to be sent
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
If the number of entries in the MDB exceeds hash_max then the
multicast snooping capabilities of the bridge are disabled
automatically.
The default value for hash_max is 512 which is already exceeded by some
wireless community mesh networks. They need to be able to set a higher
value.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
|
|
IGMP snooping
In larger networks, especially big batman-adv meshes, it may be desirable to
enable IGMP snooping on every bridge without enabling the multicast querier
to specifically put the querier on a well-connected node.
This patch adds a new UCI option 'multicast_querier' for bridges which allows
this. The default is still the value of the 'igmp_snooping' option to maintain
backwards compatiblity.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
The UCI parameter neighreachabletime allows to control the hardware address
to IP mapping lifetime in the neighbour table for both IPv4 and IPv6
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Jean-Francois Remy <jeff@melix.org>
|
|
Config support to set the MLD host version on device level; possible values are :
1 : MLDv1
2 : MLDv2
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleaned up and simplified.
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Config support to set the IGMP host version on device level; possible values are :
1 : IGMPv1
2 : IGMPv2
3 : IGMPv3
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleand up and simplified
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Don't restore original device settings based on the device settings flags in system_if_down
as device flags are already reset when the device config is deleted.
Therefore move the masking of the relevant original device settings to system_if_up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
According to the OpenWRT Network documentation for route, the 'source' option is
"The preferred source address when sending to destinations covered by the
target". However, netifd currently stores this value in RTA_SRC on
NEWROUTE/DELROUTE.
RTA_SRC is not used by kernel when handling NEWROUTE nor DELROUTE for IPv4
routes. When adding a new IPv4 route, the source is stored in RTA_PREFSRC and
the option works as specified in documentation. For IPv6, the address is still
stored in RTA_SRC as to not break source-destination routing for IPv6.
v2: Limit patch to IPv4, to prevent breaking IPv6 configurations (thanks Steven
Barth)
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
Adds support to accept packets with local source address.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Reverse path filtering config support; possible values are:
0: no source validation
1|strict: strict mode as packet will be dropped if the
incoming interface is not the best reverse path
2|loose: loose mode as packet will be dropped if the
source address is not reachable via any interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Don't resolve the ifindex of the parent device again
when adding vlandev and macvlan devices as the ifindex
has already been resolved.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
When a device with the same name is deleted and created again in the kernel
the ifindex changes.
A race condition will occur when netlink event messages linked to the old device
are processed and will thus overwrite the correct ifindex of the new device.
Further make sure a valid ifindex is in place for both external and internal
devices when setting the state to enabled.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Netifd commit b2dcb02570939d98b92c7c55db1c328693a5d52a introduces
a race condition resulting into infinite toggling interfaces
(eg static interfaces with linksensing enabled, vlan interfaces
with proto none (#18106)) when linksensing is enabled resulting into
a crash.
As netlink event messages will be queued on the netlink event socket
the included lower up interface flag will not always represent the
current link state when netifd processes the netlink messages;
by reading the current link state when a netlink event message is
parsed the correct info is passed to the device layer.
This will avoid continuous interface toggling (down/up) triggered
by link state changes based on outdated netlink interface info.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Fixes a race condition that triggers endless link loss / detect calls
when VLAN devices are created.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Adds IPIP tunnel support to netifd.
Following IPIP tunnel parameters can be configured :
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-mtu (IPIP tunnel mtu)
-ttl (time to live of encapsulting packets)
-tos (type of service either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packets)
-tunlink (bind tunnel to this interface)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
