| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Avoids create/destroy cycles of the bonding device if the port devices are unavailable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
The settings might be present in the config as leftovers when switching
a vif from AP to sta mode. In that case, they will not be applied by wpad,
so they also must not be used by netifd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Per-station interfaces in 4-addr AP mode must not inherit them, because
this can cause reflected packets by enabling hairpin mode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Supported options:
- ports: member devices
- policy: bonding policy
supported values:
- balance-rr
- active-backup
- balance-xor
- broadcast
- 802.3ad
- balance-tlb
- balance-alb
- xmit_hash_policy: slave selection tx hash policy
supported values:
- layer2
- layer2+3
- layer3+4
- encap2+3
- encap3+4
- all_ports_active: allow receiving on inactive ports
- min_links: minimum number of active links
- ad_actor_system: LACPDU exchange MAC address
- ad_actor_sys_prio: LACPDU priority value
- ad_select: 802.3ad aggregation logic
supported values:
- stable
- bandwidth
- count
- lacp_rate: 802.3ad LACPDU packet rate
supported values:
- slow (every 30 seconds)
- fast (every second)
- packets_per_port: number of packets before switching
ports (balance-rr mode).
- lp_interval: number of seconds between sent learning packets
- dynamic_lb: distribute traffic according to port load
- resend_igmp: number if IGMP membership updates after failover event
- num_peer_notif: number of tx unsolicited ARP/NA after failover event
- primary: name of the primary port
- primary_reselect: primary port reselection policy
supported values:
- always
- better
- failure
- failover_mac: MAC address selection policy
supported values:
- none
- active
- follow
- monitor_mode: select ARP or MII link monitor:
supported values:
- arp
- mii
- monitor_interval: link monitor update interval (msec)
- arp_target: ARP monitor target IP address (list)
- arp_all_targets: all targets must be reachable to consider the link valid
- arp_validate: ARP validation policy
supported values:
- none
- active
- backup
- all
- filter
- filter_active
- filter_backup
- use_carrier: use carrier status instead of MII ioctl result
- updelay: delay before enabling port after MII link up event (msec)
- downdelay: delay before disabling port after MII link down event (msec)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
instead of relying on hostapd to manipulate bridge attributes (which can race
against netifd adding/removing of member ports), set the proxyarp related
attributes in netifd directly when bringing up the member port
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Preparation for making the /proc and /sys path configurable for configuring
containers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
The default forwarding delay 2 is broken and makes STP non-functional by
default. The kernel's default of 15 is rather long.
This commit changes makes the timer settings more aggressive than the
kernel's default while still being consistent and allowing proper
convergence for a network diameter up to 4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
netifd notifies the stp daemon through the network.device object and sends
STP related configuration parameters. The daemon can also trigger a STP
restart in order to close the race on init
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
The 'speed' option can be set to the speed in Mbps
The 'duplex' option can be 1 or 0 for full or half duplex
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
The previous 32 bit limit is almost used up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Move the DEV_EVENT_LINK_UP case to avoid messing with a fallthrough
Only restart members if the vlan check returns a positive result
Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
When hostapd does a DFS channel switch, it tears down all vifs except for the
primary one, which causes them got get dropped from the device configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
When changing to a dfs channel, hostapd can bring down wlan interfaces and
reset their bridge membership. If that happens, the port loses its vlan
membership settings and needs to be reconfigured by netifd.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A recent commit changed the vlan chain handling to not treat devices with
non-digit characters after "." as vlan devices. This broke aliases, which
rely on names after the "." component.
Fix dealing with both cases by first trying to set up a vlan regardless
of the non-digit characters, but for the first component allow falling back
to treating the first two parts as a full device name
Fixes: 013a1171e9b0 ("device: do not treat devices with non-digit characters after . as vlan devices")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
The avl key type for bridge vlans is uint16_t, so any lookup with a wider
type is going to fail on big-endian systems
This resulted in hotplug-added devices replacing configured member ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
When adding a member to an existing VLAN, it needs to be updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Fixes corner cases related to AP WDS station interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
avoids running into ifname size limits
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Can be used to test the device hotplug handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Preparation for dealing with wifi per-station devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
defer adding back changed vlans until config processing is done
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
| |
This is useful for a dynamic VLAN setup, where extra tags need to be created
on the trunking port on demand
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
If the network ifname is a VLAN on top of a VLAN-filtering bridge, hostapd
needs to know the VLAN ifname to communicate with other APs, if 802.11r is enabled.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
This makes it possible to use dynamic tags without changing the configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Interfaces need to be assigned to devices. For that purpose a "device"
option should be more accurate than "ifname" one.
For backward compatibility old option remains supported too.
Config example:
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
Add the new 'band' option, which supports the following values: 2g, 5g, 6g, 60g
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Instead of looking it up as a string, use uci_rename.
That way it works both on list and string options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bridge aggregates multiple ports so use a more accurate name ("ports").
For backward compatibility add a temporary config translation.
Config example:
config interface 'lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
| |
config
On config reload, any vif entries in the config added to the vlist will be
matched against existing ones, and the old entries preserved.
This means that the vif pointer is no longer valid after vlist_add.
Look up the vif again before using it for vlan/station entries.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used to support 802.1x on wired devices.
In order to use this, the device section for each port needing authentication
needs to contain the option auth 1
When set, this option prevents devices from being added to bridges or configured
with IP settings by default, until the set_state ubus call on network.device
sets "auth_status" to true for the device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the new configuration option `disabled` for the route
section, which can be used to temporarily disable the section so that
the route is not set. The advantage is that we do not have to delete
this route configuration section to achieve this.
config route
option disabled '1
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When unchecked the igmp snoop option for a bridge by luci, it
just delete the igmp_snooping key from the config file.
So netifd can't change /sys/devices/virtual/net/br-lan/bridge/multicast_snooping from "1" to "0".
Option multicast_querier seems no input entry in luci, but it's
an related option.
This patch will set a default value to false for the bridge
option to fix this bug.
Signed-off-by: Zheng Qian <sotux82@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add device options used by wpad in preparation of running hostapd and
wpa_supplicant non-root (and hence those options will need to be taken
care of by netifd as sysctl is root-only):
* drop_v4_unicast_in_l2_multicast
* drop_v6_unicast_in_l2_multicast
* drop_gratuitous_arp
* drop_unsolicited_na
* arp_accept
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Move system_set_sendredirects up to the other non-bridge-related sysctl
functions.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
This allows to integrate external daemons that configure network devices with
netifd. At startup, netifd generates device handler stubs from descriptions in
/lib/netifd/extdev-config via the mechanism in handler.c. These are then added
to the list of device handlers. Device handlers stubs act as relays forwarding
calls against the device handler interface to the external daemon.
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parse JSON files in a given directory and pass the information on to a callback
function for creation of an external device handler stub.
The description contains:
- 'name': the name of the device type,
- 'ubus_name': the name of the external device handler daemon on ubus,
- 'bridge': a flag indicating whether the devices are bridge-like,
- optionally 'br_prefix': a prefix for created devices
(only for bridge-like, defaults to type name),
- 'config': the UCI config options for devices of this type, and
- optionally 'info' and 'stats': the format of calls to info() and dump().
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
|
|
|
|
| |
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid a routing loop add an unreachable route for the
address prefix is the offlink flag is set for an address.
This fixes a routing loop which is currently present on point-to-point
links (e.g PPP) when the wan interface is assigned a globally unique
prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked
and installed on the wan interface
(e.g. 2001:db8:1:0:5054:ff:feab:d87c/64)
The prefix route 2001:db8:1::/64 would be present in the routing table
which will route any packet with as destination 2001:db8:1::/64 to the wan
interface and would be routed back by the upstream router due to the
wan interface due to the assigned global unique prefix.
Besides not installing the prefix route 2001:db8:1::/64 on point-to-point links
adding an unreachable route is required to avoid the routing loop.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
When using a global hostapd/wpa_supplicant instance, it should not be killed
if a single radio is torn down
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|