| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Fix tb_dev uninitialized access by device_init_settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After commit ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.
This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
| |
We shall enforce the cipher for both, pairwise and group, thus change
the name of the variable to a more generic phrasing, 'cipher' instead
of 'pairwise'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org> [keep a copy for compatibility reasons]
|
| |
|
|
|
|
|
|
| |
This patch adds support for VTI interfaces. VTI interfaces can be used to
tunnel IPsec ESP traffic to a device so common firewall zones may be used.
This also enables routing protocols to work over IPsec tunnels.
Signed-off-by: André Valentin <avalentin@marcant.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
| |
ubus
Interface update event will trigger an interface hotplug event and an ubus notify event
which will inform subscribers about the updated interface data field
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
routes/rules added dynamically
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
handling for prefixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the kernel subnet route has to be replaced, the cleanup call needs
to match the properties of the replacement route exactly, mainly the
metric and the routing table.
Fix handling this by embedding the device_route for the subnet in the
device_addr struct and using it in the cleanup path.
This fixes issues on config reload with changes to the routing table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
This is needed to embed the subnet route in struct device_addr
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
| |
If the network changes, we need to remove the vif from the old network
before we lose access to the previous state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
| |
output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
ip[46]table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handlers
Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Detected by Coverity CID 1330302
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
Detected by Coverity CID 1330178
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
Detected by Coverity CID 1329378
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This was caused by a faulty test for the isolate option (arithmetic on a
variable with no default)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently multicast to unicast feature may be configured for incorrect wireless interface in case of reconfiguration.
Test case:
Initial wireless configuration:
config wifi-iface
option mode ap
option disabled 1
config wifi-iface
option mode sta
option disabled 0
config wifi-iface
option mode ap
option disabled 0
After reboot, multicast to unicast feature is configured for interface #3 (wlan0-1) only.
Next, enable interface #1 and issue "wifi" command. Now, multicast to unicast feature is configured for interface #2 (wlan0) which is wrong.
It should be configured for interfaces #1 and #3 only. This patch resolves this problem.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A /31-addressed interface requires a broadcast address of 255.255.255.255,
because there is no room for a proper broadcast address. Without this,
any packet destinated to the other end of the link is sent as broadcast,
which is incorrect.
For consistency with the Linux kernel, /32-addressed interfaces are
treated in the same way.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Comparing valid_until will always return false as the value is updated for each
route update message. This causes IPv6 routes to jump more around than House of
Pain, which might have undesirable consequences for user-space and user-space
applications.
Removing the valid_until comparison when setting keep fixes this problem, and
seems to have no side-effects. I am no IPv6 expert, but I see that valid of the
route is updated correctly and route is deleted if I block the route update
messages.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
|
|
|
| |
Fixes a regression that caused WDS stations to repeat packets back to
the AP.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
| |
Routes are now inserted in the correct routing table when interface ip4table and/or
ip6table was changed during interface_change_config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Prevents the creation of identical address and network IP rules
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Remove ip loop policy rules as workaround for the kernel using unspecified address
to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Specific IP address and network rules are now checked before the main table lookup as the main table
often holds a default route. As a result the IP address and network rules pointing to a specific
routing table will not be checked anymore; by reversing the order the specific routing tables
are checked first if the ip rule matches.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes regression issues introduced by commit 3224b80 as external (PPP)
device ifindex was not in sync with kernel device ifindex due to re-creation
of the device by the PPP daemon
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The function set_state disable is not called for external devices in device_release
which means for external vlan/macvlan devices they won't be deleted.
As a result of this the set_state enable call for external devices by device_claim fails
as vlan/macvlan devices cannot be created since the device already exists in the kernel.
Therefore move the external device check from device_set_state to device_claim so
external vlan/macvlan devices are not created again and can also be external.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Make sure device settings are applied when existing device becomes external
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
| |
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.
Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.
Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.
Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.
For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is mainly for protocols with no_proto_task set. L2TP with xl2tpd
is such a case and the issue this commit tries to address is that xl2tpd
could fail redialing the connection (segfault or abort) without the
notice of netifd causing the concerned interface being left down.
This patch solves it by allowing users to configure an timeout value
instructing netifd to check if the interface is in up state after its
last attempt to setup it and try again if that is not the case.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
| |
Spawn device events when adding dependency in device_replace so the dependency installer gets
the actual device status
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
New device does not need to be set present as device_check_state called via device_init
sets the device present after probing the kernel device
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
