| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Depending on the configuration, the callback on device_release could end up
deleting the device_dep from the list. If that happens, it must not be added
back to the recreated device, since that leads to use-after-free issues.
Check dep->dev before adding it back.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
In some cases, if a VLAN is created on top of a bridge, a config reload
can lead to the bridge being torn down while netifd still considers the
VLAN device to be up.
In that case even a setup retry of an interface on top of the vlan does
not recreate the vlan device, because it is still claimed.
Fix this by releasing all device claims whenever a device goes away.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
| |
netifd notifies the stp daemon through the network.device object and sends
STP related configuration parameters. The daemon can also trigger a STP
restart in order to close the race on init
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
The 'speed' option can be set to the speed in Mbps
The 'duplex' option can be 1 or 0 for full or half duplex
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Fixes corner cases related to AP WDS station interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Preparation for dealing with wifi per-station devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
defer adding back changed vlans until config processing is done
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
This can be used to support 802.1x on wired devices.
In order to use this, the device section for each port needing authentication
needs to contain the option auth 1
When set, this option prevents devices from being added to bridges or configured
with IP settings by default, until the set_state ubus call on network.device
sets "auth_status" to true for the device.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add device options used by wpad in preparation of running hostapd and
wpa_supplicant non-root (and hence those options will need to be taken
care of by netifd as sysctl is root-only):
* drop_v4_unicast_in_l2_multicast
* drop_v6_unicast_in_l2_multicast
* drop_gratuitous_arp
* drop_unsolicited_na
* arp_accept
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Arne Kappen <arne.kappen@hhi.fraunhofer.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
seg6_enabled - Bool
Accept or drop SR-enabled IPv6 packets on this interface.
More Information:
https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html
Now you can set as interface option
option ip6segmentrouting '1'
It is not enough to turn on "seg6_enabled" on the interface. Further,
we have to enable "/all/seg6_enabled". This means that a working config
is "interface + all".
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [style fixes]
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Example:
{
"network-device": {
"eth0": {
"macaddr": "bc:a5:11:16:76:d7"
}
}
}
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When defining a bridge-vlan like this:
config bridge-vlan
option device 'switch0'
option vlan '1'
option ports 'lan1 lan2 lan3 lan4'
option alias 'lan'
You can use switch0.lan instead of switch0.1 to refer to the VLAN.
This ensures that the VLAN ID can be kept in a single place in the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
The user may have configured a VLAN device with explicit settings and the same
name by adding a config device section
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VLANs can be defined using bridge-vlan sections, like the following example:
config bridge-vlan
option device 'switch0'
option vlan '1'
option ports "lan1 lan2 lan3 lan4:t*"
Each member port can be confgured with optional attributes after ':'
- t: member port is tagged
- *: This is the primary VLAN for the port (PVID)
VLAN member interfaces are automatically added as bridge members
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
At this point the device is usually not fully set up yet and cannot handle
state changes / bringup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of truncating the device name when it exceeds IFNAMSIZ length;
let device_set_ifname return an error code and do not add the device
to the device list.
This avoids possible issues with device names becoming identical due the
truncation and as a result unexpected behavior.
Further let the different device types gracefully handle the error code
returned by device_init
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
| |
It is overly complex, yet does not cover common scenarios very well.
It will be replaced with a simpler shell script that provides a better
default policy
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
Check if a mac address is actually present when generating an eui64 based
IPv6 address; in case of failure bail out.
At the same time make sure the active mac address is used as input for the
eui64 based IPv6 address and guarantee IPv6 prefix address generation is
based on the actual config by resetting the IPv6 prefix address in the
assignment structure when it gets deleted.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The UCI parameter neighlocktime allows to control the hardware
address to IP mapping lock time in the IPv4 neighbour table.
The IPv6 lock time was not set because it is not used at all in any
kernel versions, hardware address override being controlled in this case
by the override flag present in the NA packet.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting /proc/sys/net/ipv4/conf/*/send_redirects is useful if a single
layer-2 domain is shared among routed subnets.
Sending redirects will prevents traffic from taking unnessesary detours
through a gateway in cases where direct connectivity on layer 2 exists.
This is commonly the case if an existing LAN infratructure with dump
switches is used to additionally carry routing protocols like OLSR
which are supported only by some nodes on the network.
It's important to note that the default value for send_redirects
differs for interface types (it's enabled on physical ethernet
interfaces, but disabled e.g. on VLANs) due to olsrd changing
/proc/sys/net/ipv4/conf/default/send_redirects during boot, thus the
default differs also depending e.g. on the way an on-board switch is
integrated on specific boards (as eth0 exists before olsrd is started,
eth0.1 gets created by netifd later on...)
Having a way to explicitely enable or disable send_redirects is
thus desireable also to unify the default behaviour among different,
but seemingly similar devices supported.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Use device_find in device_create so it's clear a device lookup
is being done in the device list.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes a race condition as the device can be active again; due to a device_claim; by the logic
behind the set_state device type function. In this case the down event cannot be sent anymore
as it would bring down the interface(s) referencing the device.
This can be the case for an aliased device when the underlying device is switched during a reload;
the alias_set_device function can add a new dependency on the new active device which will put the
aliased device in active mode again as the aliased device is already claimed by the interface
using it.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
While at it; make device_types static if only used in the device type file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting the multicast_fast_leave option of a bridge allows to control
the forwarding of multicast traffic when an IGMP/MLD leave is received.
In case multicast_leave_option is enabled and a leave is received the
multicast membership will immediately be dropped on the bridge port while
in the other case the multicast membership will time out in the bridge.
This could be usefull in scenarios where explicit multicast membership
host tracking is not supported in the upstream network. In this case the
multicast stream is still flowing after a leave is received resulting into
possible bandwidth saturation on the lan if a new stream is joined as
multiple multicast streams are received.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Device handlers now also declare if they have bridge capabilities and include
a string to prefix device names for their types.
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup/fixes]
|
| |
|
|
|
|
|
|
| |
- remove const from device handler struct
- pass device handler type to create function
Signed-off-by: Arne Kappen <akappen@inet.tu-berlin.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the config below a dotted vlan interface stays down as get_vlan_device
does not find the device due to the aliased device stacked on top of the base
device.
As all devices; aliased devices being the exception; are in the device list
use device_find to find the device when setting the link state
config interface 'test'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'test2'
option ifname '@test.1'
option proto 'dhcp'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
As device name is used as key in avl list a device name change will break the avl find logic.
Function device_set_ifname offers api to set the device name and re-inserts the avl node in the list
when the avl key value is changed.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
The UCI parameter neighgcstaletime allows to control how much time will
STALE entries be kept in the neighbour table for both IPv4 and IPv6.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tuning these two options allows a more fine grained configuration of the
forwarding database (fdb) of a bridge.
The former allows to enable or disable the learning of the presence of
MAC addresses behind a bridge port. (default: enabled on all ports)
The latter allows to tune the behaviour in case a destination MAC address
of a frame is unknown to the fdb, like only flooding on specific ports or
not flooding on any port. (default: flood on all ports, except incoming)
This can be useful to create a dumb hub, for instance for monitoring
purposes. Or in larger layer 2 mesh networks to avoid keeping redundant
databases (e.g. with the batman-adv translation table).
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
| |
Fix null pointer deference in device_claim if device is unset in device_user
struct. Typically this is observed when the parent device is removed
from (mac)vlan device config followed by a network reload
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Make multicast device flag configurable by extending device attributes
with the multicast attribute
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
| |
Fixes regression issues introduced by commit 3224b80 as external (PPP)
device ifindex was not in sync with kernel device ifindex due to re-creation
of the device by the PPP daemon
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The function set_state disable is not called for external devices in device_release
which means for external vlan/macvlan devices they won't be deleted.
As a result of this the set_state enable call for external devices by device_claim fails
as vlan/macvlan devices cannot be created since the device already exists in the kernel.
Therefore move the external device check from device_set_state to device_claim so
external vlan/macvlan devices are not created again and can also be external.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Make sure device settings are applied when existing device becomes external
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
| |
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
| |
Spawn device events when adding dependency in device_replace so the dependency installer gets
the actual device status
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
New device does not need to be set present as device_check_state called via device_init
sets the device present after probing the kernel device
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
