summaryrefslogtreecommitdiffhomepage
path: root/system-linux.c
AgeCommit message (Collapse)Author
2020-10-10system-linux: initialize ifreq struct before using itAlin Nastac
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2020-09-12netifd: vxlan: add aging and maxaddress optionsJohannes Kimmel
For both options the values can just be passed to the kernel. All unsigned values are accepted, thus no range checking required. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-09-12netifd: vxlan: add most missing boolean optionsJohannes Kimmel
adds the folloing missing options: - learning - rsc - proxy - l2miss - l3miss - gbp See ip-link(3) for their meaning. still missing: - external - gpe I'm not sure how to handle them at the moment. It's unclear to me what IFLA_VXLAN_* value corresponds to the 'external' option and according to the manpage, gpe depends on it. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-09-12netifd: vxlan: refactor mapping of boolean attrsJohannes Kimmel
Add a small function to handle boolean options and make use of it to handle: - rxcsum - txcsum Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-09-12netifd: vxlan: handle srcport rangeJohannes Kimmel
This adds adds the ability to set the source port range for vxlan interfaces. By default vxlans will use a random port within the ephermal range as source ports for packets. This is done to aid scaleability within a datacenter. But with these defaults it's impossible to punch through NATs or traverese most stateful firewalls easily. One solution is to fix the srcport to the same as dstport. If only srcportmin is specified, then srcportmax is set in a way that outgoing packets will only use srcportmin. If a range is to be specified, srcportmin and srcportmax have to be specified. srcportmax is exclusive. If only srcportmax is specified, the value is ignored and defaults are used. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-07-18bridge: add support for adding vlans to a bridgeJohn Crispin
Add a rtnl helper for adding vlans to a bridge interface. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-07-18bridge: add support for turning on vlan_filteringJohn Crispin
If we want a bridge to be vlan aware we need to be able to turn on filtering. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-06system-linux: improve handling of device renameKristian Evensen
After an interface has been renamed on a "fast" device (for example x86_64), the interface is sometimes not handled correctly by netifd. Looking in the logs, I see the following messages when renaming fails: Wed Mar 11 08:52:44 2020 kern.info kernel: [68383.522038] igb 0000:03:00.0 nlw_1: renamed from eth2 Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: __device_add_user(710): Add user for device 'nlw_1', refcount=2 Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(413): Claim Network device nlw_1, new active count: 2 Wed Mar 11 08:52:44 2020 daemon.err netifd[2739]: device_claim(432): claim Network device nlw_1 failed: -1 Instrumenting netifd further reveals that there is a race between the hotplug "@move" event and ioctl(SIOCGIFINDEX). When the above error happens, the ioctl-call fails with ENODEV. Looking closer at the kernel code, it seems the hotplug-event is triggered before the renaming is completed. The easiest way to trigger the race, is if an interface name with the old name is not handled by netifd and an interface with the new name is. If only the old name is handled, or both names, I was not able to provoke the race. When the renaming is complete, a NEWLINK-message is generated. This patch modifies the logic surrounding renaming, so that we wait for the NEWLINK-message before marking an interface as present. The changes made are: * We only handle move-events for interfaces we know, and we return after device has been set as not present. * When we receive a NEWLINK message for an interface managed by netifd, we call device_set_present. device_set_present is guarded by the same checks as the add hotplug-event. After these changes, renaming works properly on both "fast" and "slow" devices. Removing a device is also handled correctly. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21vlandev: support setting ingress/egress QoS mappingsPau Espin Pedrol
It allows setting mappings for instance this way: """ config device option name 'vlan41' option type '8021q' option vid '41' option ifname 'eth1' list ingress_qos_mapping '1:2' list ingress_qos_mapping '2:5' list egress_qos_mapping '0:3' """ Signed-off-by: Pau Espin Pedrol <pespin.shar@gmail.com> Tested-by: Pedro <pedrowrt@cas.cat>
2020-04-14interface, system: clean up netns functionalityDaniel Golle
Use struct device pointer as parameter instead of bare ifname allows for some simplication and again removing system_ifname_resolve() function introduced in commit d93126d. Fixes: d93126d ("interface: allow renaming interface when moving to jail netns") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14interface: allow renaming interface when moving to jail netnsDaniel Golle
Introduce jail_ifname option to define the name of a Linux network interface when moved into a jail's network namespace. This is useful for containers which expect the network interface to have a specific name (eg. 'host0' in case of systemd). While at it, clean-up and fix bugs in jail interface up/down routines. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-27system-linux: fix PATH_MAX undeclared compilation errorAlin Nastac
Issue was introduced in commit 1321c1bd8fe921986c4eb39c3783ddd827b79543. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2020-03-26system-linux: fix compilation with musl 1.2.0Rosen Penev
Switched to the plain function instead of the now gone syscall. Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-18add basic support for jail network namespacesDaniel Golle
Prepare netifd for handling procd service jails having their own network namespace. Intefaces having the jail attribute will only be brought inside the jail's network namespace by procd calling the newly introduced ubus method 'netns_updown'. Currently proto 'static' is supported and configuration changes are not yet being handled (ie. you'll have to restart the jailed service for changes to take effect). Example /etc/config/network snippet: config device 'veth0' option type 'veth' option name 'vhost0' option peer_name 'virt0' config interface 'virt' option type 'bridge' list ifname 'vhost0' option proto 'static' option ipaddr '10.0.0.1' option netmask '255.255.255.0' config interface 'virt0' option ifname 'virt0' option proto 'static' option ipaddr '10.0.0.2' option netmask '255.255.255.0' option gateway '10.0.0.1' option dns '10.0.0.1' option jail 'transmission' Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-05system-linux: fix resource leakHans Dedecker
Fix cb leak in case invalid type is specified in system_if_clear_entries Detected by Coverity in CID1431183 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-22system-linux: Coverity fixesHans Dedecker
Fixes CID 1220430, 1432226, 1432807 and 1433508 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-14netifd: fix xfrm interface deletion and standardize netlink callAndré Valentin
-xfrm interfaces were deleted before -use standard parameters for xfrm interface created Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-13system-linux: remove superfluous dev checkHans Dedecker
No need to check if dev is NULL as device is always set when system_neigh is called Fixes issue reported by Coverity in CID 1445818 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-08netifd: add xfrm tunnel interface supportAndré Valentin
This adds support for xfrm interfaces. These interfaces can be used since linux 4.19 for IPsec traffic, like VTI interface. XFRM interfaces are less complicated compared to VTI because they need no IP tunnel endpoints.
2019-04-15system-linux: remove debug tracingHans Dedecker
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15interface: add neighbor config supportmeurisa
The neighbor or neighbor6 network section makes neighbours configurable via UCI or proto shell handlers. It allows to install neighbor proxy entries or static neighbor entries The neighbor or neighbor6 section has the following types: interface : declares the logical OpenWrt interface ipaddr : the ip address of the neighbor mac : the mac address of the neighbor proxy : specifies whether the neighbor ia a proxy entry (can be 1 or 0) router : specifies whether the neighbor is a router (can be 1 or 0) Signed-off-by: Alexander Meuris <meurisalexander@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-31system-linux: handle hotplug event socket ENOBUFS errorsAlin Nastac
Hotplug events are no longer handled after socket RX queue is overrun. The issue has been fixed by: - setting SO_RCVBUF initially to 65535 - doubling SO_RCVBUF value each time RX queue gets overrun Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2018-12-13system-linux: get rid of SIOCSDEVPRIVATEHans Dedecker
Use sysfs to configure the bridge settings stp/forward_delay/priority ageing_time/hello_time and max_age as the SIOCDEVPRIVATE bridge ioctl has no compat ioctl support which makes it impossible to set the above mentioned bridge paramaters if the kernel is compiled in 64 bit mode and user_space in 32 bit mode. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-11-19treewide: switch to C-code style commentsHans Dedecker
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-17system-linux: enable by default ignore encaplimit for grev6 tunnelsHans Dedecker
Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken connectivity Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-16system-linux: fix a typo in gre tunnel data parsing logicHans Dedecker
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-18system-linux: enable by default ignore encaplimit for ip6 tunnelsHans Dedecker
Enable ignore encaplimit by default for ip6 tunnels as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken map/ds-lite connectivity. Setting the ignore encaplimit flag by default is a more sane setting as it avoids user configuation of the encaplimit uci option for ds-lite/map tunnels in case of broken connectivity. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-04system-linux: fix build error on older kernelsFelix Fietkau
Add an #ifdef guard around 56000base* definitions, which don't exist on Linux 3.18 Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-04system-linux: adjust bridge isolate mode for upstream attribute namingFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-04system-linux: extend link mode speed definitionsHans Dedecker
Add all available link mode speed definitions as defined in ethtool.h Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-28system-linux: add autoneg and link-partner outputJoe Holden
This adds an array that contains the link modes advertised by the other device and also indicates whether auto negotiation is true or false. link-partner may or may not be populated depending on hardware, driver and/or settings. Signed-off-by: Joe Holden <jwh@zorins.co.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-30system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)Hans Dedecker
Make encapsulation limit of IP6 tunnels configurable for the ds-lite/map proto shell handlers as not all ISPs support the destination option header containing the tunnel encapsulation limit value as reported in FS#1501. The IP6 tunnel specific setting encaplimit is parsed as a nested json data object; setting it to ignore disables the insertion of the destination option header while a value from 0 till 255 sets the tunnel encapsulation limit accordingly in the destination option header. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-24system-linux: fix strncpy boundsHans Dedecker
Fix strncpy bounds as reported by Coverity in CID 1434988, 1328977, 1328953, 1328952, 1328951, 1328950, 1328949 and 1328944. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-16system-linux: check ioctl return value in system_vlan()Hans Dedecker
Detected by Coverity in CID 1433754 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-14system-linux: check ioctl return value in system_if_flags()Hans Dedecker
Detected by Coverity in CID 1433760 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-14system-linux: fix segfault on alloc failure in system_if_check()Hans Dedecker
Detected by Coverity in CID 1433686 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-14system-linux: fix segfault on error in system_add_ip6_tunnel()Hans Dedecker
Detected by Coverity in CID 1430884 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-12system-linux: remove unnecessary open call in system_if_dump_info()Hans Dedecker
Detected by coverity in CID 1329735
2018-04-12system-linux: fix memory leak on error in system_add_vxlan()Hans Dedecker
Detected by coverity in CID 1412449 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-13device: add support for setting the isolate options for bridge portsFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-26remove rps/xps configuration supportFelix Fietkau
It is overly complex, yet does not cover common scenarios very well. It will be replaced with a simpler shell script that provides a better default policy Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-24system-linux: VXLAN: add options to enable and disable UDP checksumsMatthias Schiffer
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-10-06system-linux: add support for hotplug event 'move'Martin Schiller
If you rename a network interface, there is a move uevent invoked instead of remove/add. This patch adds support for this kind of event. Signed-off-by: Martin Schiller <ms@dev.tdt.de> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-29system-linux: parse map-e fmrs parameters as nested data json objectHans Dedecker
Parse map-e fmrs parameters IPv6 prefix, IPv4 prefix, ealen and offset as array elements nested in a data json object. At the same time remove the now obsolete TUNNEL_ATTR_FMRS tunnel attribute. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-22allow setting rps/xps defualt values via uciJohn Crispin
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-17netifd: allow negative neighlocktime valuesAlin Năstac
When -1 is written in /proc/sys/net/ipv4/neigh/<iface>/locktime, kernel disables ARP trashing protection. A value of 0 does not completely disable this protection, a second ARP update being discarded if it is processed during the same jiffie as the first update. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-08-15system-linux: parse ipv6 specific tunnel settings as nested data jsonHans Dedecker
object
2017-07-21system-linux: fix GRE ikey/okey endiannessStijn Tintel
The kernel expects IFLA_GRE_IKEY and IFLA_GRE_OKEY to be in network byte order, so convert the values from host byte order. Fixes ikey/okey on little endian systems. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-26netifd: Fix printf calls + function declarations.Rosen Penev
cppcheck found printf functions with signed instead of unsigned formats. Fix those as well as some non-matching function declarations. Signed-off by: Rosen Penev <rosenp@gmail.com>
2017-06-11iprule: Add option to suppress unspecific routing lookupsStefan Tomanek
After applying this patch, policy routing rules can be employed that ignore parts of a routing table. The following config snippet ignores routing lookups from the specified main routing table yielding the default route, passing the lookup process on to the next rule (that might provide a special default route for marked packets): config rule option priority 10 # check main routing table first, but ignore default route result option lookup main option suppress_prefixlength 0 config rule option priority 11 # use special routing table for marked packets # (unless already consumed by previous rule) option mark 0xFF option lookup 100 The result is a ruleset like this (only visible using the full 'ip' binary): # ip rule 0: from all lookup local 10: from all lookup main suppress_prefixlength 0 11: from all fwmark 0xff lookup 100 32766: from all lookup main 32767: from all lookup default # Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>