| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration, the callback on device_release could end up
deleting the device_dep from the list. If that happens, it must not be added
back to the recreated device, since that leads to use-after-free issues.
Check dep->dev before adding it back.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
This activates some more compile warnings.
-pedantic is not yet activated, then we see too many errors which I do
not know how to mitigate.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
The -pedantic option was complaining about the old initialization and
prefers if it is explicitly initialized to zero.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
These two functions return void, do not try to return a parameter.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes warnings like this:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
Mostly this was an int compared to a size_t returned by ARRAY_SIZE().
The easiest fix is to count on the size_t type.
The ifindex is sometimes an unsigned int and sometimes a signed int in
the kernel interfaces. I think it normally fits into an unsigned 16 bit
value, so this should be fine. Do the one comparison where the
compiler complains as a long.
Casting the result of sizeof() to int should be safe. These values are
never out of range of int.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following compile error:
error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
blobmsg_printf() has the following signature:
int blobmsg_printf(struct blob_buf *buf, const char *name, const char *format, ...)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, if a VLAN is created on top of a bridge, a config reload
can lead to the bridge being torn down while netifd still considers the
VLAN device to be up.
In that case even a setup retry of an interface on top of the vlan does
not recreate the vlan device, because it is still claimed.
Fix this by releasing all device claims whenever a device goes away.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Same as vlan
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Fixes conflict with some system headers that use the fallthrough keyword
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Fixes compile error on non-linux systems (used for testing)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
This can be used to retry bringing up a wireless device after receiving a
hotplug event
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `IFNAMSIZ` macro defines the required buffer size to hold a Linux
interface name including the terminating zero byte while netifd currently
uses an `IFNAMSIZ + 1` limit for interface name buffers.
This causes netifd to use overlong names (16 instead of 15 bytes) in
netlink communication with the kernel, leading to netlink failure replies
due to policy violations.
Fix this issue by applying the correct length, that is `IFNAMSIZ` directly,
to the corresponding buffers.
Ref: https://github.com/openwrt/openwrt/issues/11259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
After the call to interface_handle_config_change, the iface pointer will no
longer be valid if the interface has been deleted from the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Many protocol handlers support "zone" option independently and they pass
it in the "data". Then it's read e.g. by a firewall[34].
Add support for "zone" directly to the netifd so:
1. It works for all protocols
2. Handlers don't have to duplicate code
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
memory corruption when resolv_conf specified by input -r parameters
and the resolv_conf length less than "/tmp/resolv.conf-.d/resolv.conf.auto"
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
|
|
|
|
|
|
|
|
| |
hwmode should be set to 'ad' for 60g band.
Reported-by: herman@zeilsteenfilm.nl
Fixes: 62e3cb5 ("scripts/netifd-wireless.sh: add support for specifying the operating band")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
When adding host routes needed for an interface to communicate, it may be
necessary to skip the interface itself, in case it provides a default route.
This helps with avoiding accidental loops
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Make host routes use the same update logic as regular proto routes, including
the enable/disable handling.
This avoids unnecessary remove/add cycles when adding the same host route
multiple times
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
And thus allow building in out of tree setups etc.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If IPv6 is disabled on a device, netifd still creates rules for it:
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000002: from all iif eth0 lookup unspec 12
4200000003: from all iif eth1 lookup unspec 12
When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.
This change only sets up the v6 rules if ipv6 is enabled on the
device.
Signed-off-by: Julian Squires <julian@cipht.net>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
The legacy ioctl + sysfs configuration is deprecated, and the netlink code
is smaller and easier to read
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
Fixes ARPHRD_PHONET/ARPHRD_PHONET_PIPE undeclared compilation error with
glibc 2.34
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
This reverts commit 7ccbf08570619a4d3eccf6401791075908bb1d78 as the
commit accidently slipped into the git tree
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every network device has a type but there is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> string
in the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [commit rewording]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every network device has a type. There is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.
This new function first checks whether there is a DEVTYPE=<type> sring in
the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.
This new 'devtype' information can be found in the network.device ubus
call.
Command:
ubus call network.device status
Output:
{
"eth0": {
"devtype": "ethernet",
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
| |
Allow disabling IP rules similar to routes:
https://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=327da9895327bc56b23413ee91a6e6b6e0e4329d
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
|
|
|
|
|
|
|
|
| |
On dhcpv6 interfaces, DHCPv6 server might invalidate previous
PD by advertising it with valid lifetime set to 0. In this case,
netifd must immediately remove PD assignments.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
|
|
|
|
|
|
| |
When there were multiple routes with the same target but different
metrics, __find_ip_route_target was returning the first one,
independently of the metric.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Commit 41842d3f9173 introduced a new command line option, and its usage
message was added in between the two lines of the hotplug script usage
message. Move both lines back together.
Fixes: 41842d3f9173 ("add some code for keeping track of dns servers ...")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
The deletion of IP tunnels via the ioctl interface is broken; instead of
fixing the ioctl interface switch to the netlink based interface to delete
IP tunnel devices as this simplifies and unifies the code
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
When switching from AP to station mode, some AP specific flags such as proxyarp
could become sticky and lead to hairpin being enabled on the sta interface.
Fix this by ensuring that vif fields are always properly rewritten
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Ensure that devices are created without attempting to create a VLAN chain
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Let per-container netifd instance handle the netns bringdown, it makes
everything easier and gets rid of the fork() when bringing down
container network interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
As we got a persistent per-netns-jail instance of netifd now which
handles interface configuration we no longer need to fork() the host
netifd to bring up jail interfaces.
The follow-up commit will deal with stopping jail interfaces.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Use wdev->sta_idx instead of the VLAN counter wdev->vlan_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
A wireless device restart cycle can be triggered if a tracked process
(e.g. hostapd) dies and is restarted, and this left the retry counter
untouched
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Ensure that enough retries are performed, just like on a user triggered
down/up cycle.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Ensures that pending log messages are still received
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
On reloading, setup is called without a teardown, so the previous fd might
still be open. Clear it to avoid a leak.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Hotplug events pass their own 'ifname' copy, so we need to compare the
strings, not just the pointers.
Additionally, the check condition was accidentally inverted
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Avoids create/destroy cycles of the bonding device if the port devices are unavailable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|