| Age | Commit message (Collapse) | Author |
|---|
|
Fix cb leak in case invalid type is specified in system_if_clear_entries
Detected by Coverity in CID1431183
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes CID 1220430, 1432226, 1432807 and 1433508
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
-xfrm interfaces were deleted before
-use standard parameters for xfrm interface created
Signed-off-by: André Valentin <avalentin@marcant.net>
|
|
No need to check if dev is NULL as device is always set when
system_neigh is called
Fixes issue reported by Coverity in CID 1445818
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
This adds support for xfrm interfaces. These interfaces can be used since
linux 4.19 for IPsec traffic, like VTI interface.
XFRM interfaces are less complicated compared to VTI because they need no IP
tunnel endpoints.
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries
The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
(can be 1 or 0)
Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Hotplug events are no longer handled after socket RX queue is
overrun. The issue has been fixed by:
- setting SO_RCVBUF initially to 65535
- doubling SO_RCVBUF value each time RX queue gets overrun
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
Use sysfs to configure the bridge settings stp/forward_delay/priority
ageing_time/hello_time and max_age as the SIOCDEVPRIVATE bridge ioctl
has no compat ioctl support which makes it impossible to set the above
mentioned bridge paramaters if the kernel is compiled in 64 bit mode
and user_space in 32 bit mode.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs
support the destination option header containing the tunnel encapsulation
limit resulting into broken connectivity
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Enable ignore encaplimit by default for ip6 tunnels as not all ISPs support
the destination option header containing the tunnel encapsulation limit
resulting into broken map/ds-lite connectivity.
Setting the ignore encaplimit flag by default is a more sane setting as it
avoids user configuation of the encaplimit uci option for ds-lite/map tunnels
in case of broken connectivity.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Add an #ifdef guard around 56000base* definitions, which don't exist on
Linux 3.18
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Add all available link mode speed definitions as defined in ethtool.h
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
This adds an array that contains the link modes advertised by the other device and also
indicates whether auto negotiation is true or false.
link-partner may or may not be populated depending on hardware, driver and/or settings.
Signed-off-by: Joe Holden <jwh@zorins.co.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Make encapsulation limit of IP6 tunnels configurable for the ds-lite/map
proto shell handlers as not all ISPs support the destination option header
containing the tunnel encapsulation limit value as reported in FS#1501.
The IP6 tunnel specific setting encaplimit is parsed as a nested json
data object; setting it to ignore disables the insertion of the
destination option header while a value from 0 till 255 sets the
tunnel encapsulation limit accordingly in the destination option header.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fix strncpy bounds as reported by Coverity in CID 1434988, 1328977,
1328953, 1328952, 1328951, 1328950, 1328949 and 1328944.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity in CID 1433754
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity in CID 1433760
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity in CID 1433686
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by Coverity in CID 1430884
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Detected by coverity in CID 1329735
|
|
Detected by coverity in CID 1412449
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
It is overly complex, yet does not cover common scenarios very well.
It will be replaced with a simpler shell script that provides a better
default policy
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
If you rename a network interface, there is a move uevent
invoked instead of remove/add.
This patch adds support for this kind of event.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Parse map-e fmrs parameters IPv6 prefix, IPv4 prefix, ealen and offset
as array elements nested in a data json object.
At the same time remove the now obsolete TUNNEL_ATTR_FMRS tunnel attribute.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: John Crispin <john@phrozen.org>
|
|
When -1 is written in /proc/sys/net/ipv4/neigh/<iface>/locktime,
kernel disables ARP trashing protection. A value of 0 does not completely
disable this protection, a second ARP update being discarded if it
is processed during the same jiffie as the first update.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
object
|
|
The kernel expects IFLA_GRE_IKEY and IFLA_GRE_OKEY to be in network byte
order, so convert the values from host byte order.
Fixes ikey/okey on little endian systems.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
cppcheck found printf functions with signed instead of unsigned
formats. Fix those as well as some non-matching function
declarations.
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
After applying this patch, policy routing rules can be employed that ignore
parts of a routing table. The following config snippet ignores routing lookups
from the specified main routing table yielding the default route, passing the
lookup process on to the next rule (that might provide a special default route
for marked packets):
config rule
option priority 10
# check main routing table first, but ignore default route result
option lookup main
option suppress_prefixlength 0
config rule
option priority 11
# use special routing table for marked packets
# (unless already consumed by previous rule)
option mark 0xFF
option lookup 100
The result is a ruleset like this (only visible using the full 'ip' binary):
# ip rule
0: from all lookup local
10: from all lookup main suppress_prefixlength 0
11: from all fwmark 0xff lookup 100
32766: from all lookup main
32767: from all lookup default
#
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
|
|
Fix 6rd regression introduced in commit 7573880ac042c6e5c8d48b1ad83d357b5e02743b
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Parse 6rd specific settings prefix, relay-prefix as nested json data objects.
At the same time improve 6rd error handling.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Fixes
system-linux.c:1998:33: error: comparison of unsigned expression >= 0 is always true [-Werror,-Wtautological-compare]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
system_rtn_aton() was already parsing "throw" correctly, but system_rt()
did now allow it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Parse vti specific settings ikey and okey as nested json data object.
At the same time remove the now obsolete TUNNEL_ATTR_INFO attribute.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Parse gre specific settings ikey, okey, icsum, ocsum, iseqno and oseqno
as nested json data object
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
VXLAN shares many attributes with the tunnel devices, so it is implemented
as a new tunnel type. The 'remote' attribute can be used for an unicast
peer or a multicast group.
The IANA-assigned port 4789 is used by default, instead of the non-standard
port Linux defaults to.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
The UCI parameter neighlocktime allows to control the hardware
address to IP mapping lock time in the IPv4 neighbour table.
The IPv6 lock time was not set because it is not used at all in any
kernel versions, hardware address override being controlled in this case
by the override flag present in the NA packet.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
The veth config code mostly handles the primary interface of a veth pair,
the secondary interface is not explicitly referenced and will be found as
an unrelated interface after the pair has been created.
This doesn't only allow us to keep the veth code simple (and similar to
existing device handlers), but will also avoid complicating handling
unnecessarily in case the secondary interface is moved into another network
namespace.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Route proto support is usefull when using route distribution
via a routing daemon.
The route proto parameter can be specified via the route proto
uci config parameter, it can hold a numerical value or the string
values unspec, kernel, boot, static or a string present in
/etc/iproute2/rt_protos.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Setting /proc/sys/net/ipv4/conf/*/send_redirects is useful if a single
layer-2 domain is shared among routed subnets.
Sending redirects will prevents traffic from taking unnessesary detours
through a gateway in cases where direct connectivity on layer 2 exists.
This is commonly the case if an existing LAN infratructure with dump
switches is used to additionally carry routing protocols like OLSR
which are supported only by some nodes on the network.
It's important to note that the default value for send_redirects
differs for interface types (it's enabled on physical ethernet
interfaces, but disabled e.g. on VLANs) due to olsrd changing
/proc/sys/net/ipv4/conf/default/send_redirects during boot, thus the
default differs also depending e.g. on the way an on-board switch is
integrated on specific boards (as eth0 exists before olsrd is started,
eth0.1 gets created by netifd later on...)
Having a way to explicitely enable or disable send_redirects is
thus desireable also to unify the default behaviour among different,
but seemingly similar devices supported.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
As the ttl of a gre tunnel was set by default to 64 the gre tunnel
failed to get active if don't fragment was disabled as setting
nopmtudisc and ttl is incompatible.
Fix this by setting the default ttl value after don't fragment
and ttl config values have been parsed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
