| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
IFNAMSIZ already includes an extra byte for the null character
terminating the string. Adding an extra byte can cause the interface
name to be truncated, resulting in undefined behaviour.
Drop the extra byte. For the bonding case, the interface name written to
sysfs should be prefixed with + or - so we do need an extra byte.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
| |
After the call to interface_handle_config_change, the iface pointer will no
longer be valid if the interface has been deleted from the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Many protocol handlers support "zone" option independently and they pass
it in the "data". Then it's read e.g. by a firewall[34].
Add support for "zone" directly to the netifd so:
1. It works for all protocols
2. Handlers don't have to duplicate code
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
memory corruption when resolv_conf specified by input -r parameters
and the resolv_conf length less than "/tmp/resolv.conf-.d/resolv.conf.auto"
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
|
|
|
|
|
|
|
|
| |
hwmode should be set to 'ad' for 60g band.
Reported-by: herman@zeilsteenfilm.nl
Fixes: 62e3cb5 ("scripts/netifd-wireless.sh: add support for specifying the operating band")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
When adding host routes needed for an interface to communicate, it may be
necessary to skip the interface itself, in case it provides a default route.
This helps with avoiding accidental loops
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Make host routes use the same update logic as regular proto routes, including
the enable/disable handling.
This avoids unnecessary remove/add cycles when adding the same host route
multiple times
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
And thus allow building in out of tree setups etc.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If IPv6 is disabled on a device, netifd still creates rules for it:
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000002: from all iif eth0 lookup unspec 12
4200000003: from all iif eth1 lookup unspec 12
When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.
This change only sets up the v6 rules if ipv6 is enabled on the
device.
Signed-off-by: Julian Squires <julian@cipht.net>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
The legacy ioctl + sysfs configuration is deprecated, and the netlink code
is smaller and easier to read
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
Fixes ARPHRD_PHONET/ARPHRD_PHONET_PIPE undeclared compilation error with
glibc 2.34
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
This reverts commit 7ccbf08570619a4d3eccf6401791075908bb1d78 as the
commit accidently slipped into the git tree
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every network device has a type but there is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> string
in the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [commit rewording]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every network device has a type. There is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> sring in
the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
| |
Allow disabling IP rules similar to routes:
https://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=327da9895327bc56b23413ee91a6e6b6e0e4329d
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
|
|
|
|
|
|
|
|
| |
On dhcpv6 interfaces, DHCPv6 server might invalidate previous
PD by advertising it with valid lifetime set to 0. In this case,
netifd must immediately remove PD assignments.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
|
|
|
|
|
|
| |
When there were multiple routes with the same target but different
metrics, __find_ip_route_target was returning the first one,
independently of the metric.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Commit 41842d3f9173 introduced a new command line option, and its usage
message was added in between the two lines of the hotplug script usage
message. Move both lines back together.
Fixes: 41842d3f9173 ("add some code for keeping track of dns servers ...")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
The deletion of IP tunnels via the ioctl interface is broken; instead of
fixing the ioctl interface switch to the netlink based interface to delete
IP tunnel devices as this simplifies and unifies the code
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
When switching from AP to station mode, some AP specific flags such as proxyarp
could become sticky and lead to hairpin being enabled on the sta interface.
Fix this by ensuring that vif fields are always properly rewritten
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Ensure that devices are created without attempting to create a VLAN chain
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Let per-container netifd instance handle the netns bringdown, it makes
everything easier and gets rid of the fork() when bringing down
container network interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
As we got a persistent per-netns-jail instance of netifd now which
handles interface configuration we no longer need to fork() the host
netifd to bring up jail interfaces.
The follow-up commit will deal with stopping jail interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Use wdev->sta_idx instead of the VLAN counter wdev->vlan_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
A wireless device restart cycle can be triggered if a tracked process
(e.g. hostapd) dies and is restarted, and this left the retry counter
untouched
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Ensure that enough retries are performed, just like on a user triggered
down/up cycle.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Ensures that pending log messages are still received
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
On reloading, setup is called without a teardown, so the previous fd might
still be open. Clear it to avoid a leak.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Hotplug events pass their own 'ifname' copy, so we need to compare the
strings, not just the pointers.
Additionally, the check condition was accidentally inverted
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Avoids create/destroy cycles of the bonding device if the port devices are unavailable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
The settings might be present in the config as leftovers when switching
a vif from AP to sta mode. In that case, they will not be applied by wpad,
so they also must not be used by netifd
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Per-station interfaces in 4-addr AP mode must not inherit them, because
this can cause reflected packets by enabling hairpin mode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Supported options:
- ports: member devices
- policy: bonding policy
supported values:
- balance-rr
- active-backup
- balance-xor
- broadcast
- 802.3ad
- balance-tlb
- balance-alb
- xmit_hash_policy: slave selection tx hash policy
supported values:
- layer2
- layer2+3
- layer3+4
- encap2+3
- encap3+4
- all_ports_active: allow receiving on inactive ports
- min_links: minimum number of active links
- ad_actor_system: LACPDU exchange MAC address
- ad_actor_sys_prio: LACPDU priority value
- ad_select: 802.3ad aggregation logic
supported values:
- stable
- bandwidth
- count
- lacp_rate: 802.3ad LACPDU packet rate
supported values:
- slow (every 30 seconds)
- fast (every second)
- packets_per_port: number of packets before switching
ports (balance-rr mode).
- lp_interval: number of seconds between sent learning packets
- dynamic_lb: distribute traffic according to port load
- resend_igmp: number if IGMP membership updates after failover event
- num_peer_notif: number of tx unsolicited ARP/NA after failover event
- primary: name of the primary port
- primary_reselect: primary port reselection policy
supported values:
- always
- better
- failure
- failover_mac: MAC address selection policy
supported values:
- none
- active
- follow
- monitor_mode: select ARP or MII link monitor:
supported values:
- arp
- mii
- monitor_interval: link monitor update interval (msec)
- arp_target: ARP monitor target IP address (list)
- arp_all_targets: all targets must be reachable to consider the link valid
- arp_validate: ARP validation policy
supported values:
- none
- active
- backup
- all
- filter
- filter_active
- filter_backup
- use_carrier: use carrier status instead of MII ioctl result
- updelay: delay before enabling port after MII link up event (msec)
- downdelay: delay before disabling port after MII link down event (msec)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
instead of relying on hostapd to manipulate bridge attributes (which can race
against netifd adding/removing of member ports), set the proxyarp related
attributes in netifd directly when bringing up the member port
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Preparation for making the /proc and /sys path configurable for configuring
containers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
The default forwarding delay 2 is broken and makes STP non-functional by
default. The kernel's default of 15 is rather long.
This commit changes makes the timer settings more aggressive than the
kernel's default while still being consistent and allowing proper
convergence for a network diameter up to 4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
netifd notifies the stp daemon through the network.device object and sends
STP related configuration parameters. The daemon can also trigger a STP
restart in order to close the race on init
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
The 'speed' option can be set to the speed in Mbps
The 'duplex' option can be 1 or 0 for full or half duplex
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
The previous 32 bit limit is almost used up
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|