| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid a routing loop add an unreachable route for the
address prefix is the offlink flag is set for an address.
This fixes a routing loop which is currently present on point-to-point
links (e.g PPP) when the wan interface is assigned a globally unique
prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked
and installed on the wan interface
(e.g. 2001:db8:1:0:5054:ff:feab:d87c/64)
The prefix route 2001:db8:1::/64 would be present in the routing table
which will route any packet with as destination 2001:db8:1::/64 to the wan
interface and would be routed back by the upstream router due to the
wan interface due to the assigned global unique prefix.
Besides not installing the prefix route 2001:db8:1::/64 on point-to-point links
adding an unreachable route is required to avoid the routing loop.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit c00c8335d6188daa326ecfe5a62da15a9b9987e1)
|
| |
|
|
|
|
| |
Reported by Coverity in CID 1445749
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In case of tunnel over PPP(such as gretap over l2tp): tunnel interface
use PPP's peer address as remote address, netifd script will call
proto_add_host_dependency function, then netifd will search which device
can reach to the remote address. Before the patch, netifd don't consider
the PPP interface can reach to the remote address, so netifd will select
default route to remote address, it will lead to remote address unreachable.
Based on a patch by xiaofan <xfan1024@live.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
blobmsg_check_attr() takes as second argument a bool; fix it where needed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Failing to set the IPv6 mtu is only a real issue if the mtu to be set is
smaller than the current mtu as in that case it would break IPv6 path mtu;
adapt the logic to generate the warning accordingly
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add missing space to change from:
netifd: Failed to set IPv6 mtu to 1500on interface 'wg0'
to:
netifd: Failed to set IPv6 mtu to 1500 on interface 'wg0'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries
The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
(can be 1 or 0)
Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Update the no_delegation parameter on a config reload; in case prefixes
are present update the prefix assignments as well according to the
no_delegation status
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Always override the downstream IPv6 mtu in case it differs with the IPv6 mtu
of the upstream link. This allows to increase the downstream IPv6 mtu in
case RA messages are received on the upstream link having a mtu attribute
higher than the downstream IPv6 mtu.
At the same be verbose when failing to set the IPv6 mtu on the downstream link.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
netifd-2018-07-30-75ee7905/interface-ip.c:724:11: error: unused variable 'macaddr' [-Werror=unused-variable]
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
|
|
| |
Use the mac address stored in the device_settings struct to generate the
eui64 ifaceid as the interface layer3 device does not contain a mac address
for non bridge interfaces
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
No need to check iface pointer in interface_ip_set_enabled as the
interface is always set by the function __interface_ip_init().
Reported by Coverity in CID 1330437
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Detected by coverity in CID 141267
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Commit 9c8d781 introduced a memory leak in interface_ip_add_target_route
in case interface_ip_find_addr_target returns true for a given address
by not freeing the previously allocated route.
While at it rework the logic so a host route is only allocated when it's
really required.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes an issue where interfaces with host dependencies that resolve to a
local subnet stay down.
Fixes: 1f5a29c3de6e ("ip: do not add local routes for host dependencies")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
| |
In order to find the best match, allow overriding the last found entry
if route->mask for the new entry is bigger than the one from the previous
entry.
Patch submitted by 'Mikael' in FS#1358
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
This avoids creating invalid routes in cases where another daemon is
handling local routes for an interface, e.g. on mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
Check if a mac address is actually present when generating an eui64 based
IPv6 address; in case of failure bail out.
At the same time make sure the active mac address is used as input for the
eui64 based IPv6 address and guarantee IPv6 prefix address generation is
based on the actual config by resetting the IPv6 prefix address in the
assignment structure when it gets deleted.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't generate an IPv6 prefix address without taking into account the
interface state. In case eui64 is configured to generate the ifaceid this
could fail as the layer3 device mac address could not yet be available if
the interface is not yet in setup or up state.
While at it remove the interface metric assignment as this is already done
by the function interface_set_route_info.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
table support; as a result for IPv6 the prefix route linked to the IPv6
address is added to the specified IPv6 interface routing table.
In order to route traffic having as destination the IPv6 prefix a policy
rule is required using the prefix destination as policy so the traffic is
passed to the correct routing table.
The IPv6 prefix address logic was not installing this policy rule effectively
breaking routing when trying to reach a global or ULA IPv6 address in the
lan from either the device or another wan device.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add config support support for point-to-point IPv4 addresses by providing
the uci parameter ptpaddr. This allows to support a gateway being in a
different subnet than the assigned IP by modeling the local IP having a
point-to-point address.
This is similar to the point-to-point IPv4 address support already present
for the protocol handlers.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
| |
Commit 235a02424c3ab1b59308895c4f00395dacf2557c adds support for IPv6 link-local
DNS server by appending the device name; however the interface ifname parameter
does not always contain the layer 3 device name (e.g it can hold the aliased
interface name)
Fix this by passing the device name of the referenced layer 3 device.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Trigger interface update event when IPv6 prefix lifetime changes by setting
the prefix indicator flag to inform external subsystems (eg hnetd) about IPv6
prefix lifetime changes.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of prefix delegation prefixes are assigned to one or more
configured downstream interfaces. The delegated prefix length in
combination with the assignment length of the downstream interfaces
determines the number of subnets which can be allocated from the
delegated prefix.
The interface ip6weight parameter allows to prioritize the allocation
of subnets to interfaces in case of multiple configured downstream
interfaces.
The order of interface prefix assignment from a delegated prefix is
based on the following parameters:
- Primary key is prefix assignment based on the configured interface ip6hint
- Secondary key is the requested downstream interface prefix length,
interfaces configured with the smallest ip6hint will be assigned first
- Third key is the assigned interface ip6weight in case of equal prefix
assignment length; interfaces having the highest ip6weight will be
assigned first
- Finally the alphabetical order of the interfaces in case of equal
ip6weight
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
|
| |
|
|
|
|
|
|
|
|
|
| |
Route proto support is usefull when using route distribution
via a routing daemon.
The route proto parameter can be specified via the route proto
uci config parameter, it can hold a numerical value or the string
values unspec, kernel, boot, static or a string present in
/etc/iproute2/rt_protos.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Interface name servers when being written to resolv.conf.auto are sorted
based on the following parameters:
-Primary sorting key is interface dns_metric; name servers having lowest
interface dns_metric are listed first
-Secondary sorting key is interface metric; in case of equal interface
dns_metric name servers having lowest interface metric are listed first
-Finally alphabetical order of the interface names in case of equal
interface dns_metric and metric
In case the resolver queries the multiple servers in the order
listed; sorting is usefull in the following scenarios :
-Name resolving over a main and backup interface
-Assign priority to IPv6 name servers over IPv4 or vice versa
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Prevent external routes and address being added or deleted when changing
the state of the interface ip settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After commit ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.
This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
|
|
| |
handling for prefixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the kernel subnet route has to be replaced, the cleanup call needs
to match the properties of the replacement route exactly, mainly the
metric and the routing table.
Fix handling this by embedding the device_route for the subnet in the
device_addr struct and using it in the cleanup path.
This fixes issues on config reload with changes to the routing table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
ip[46]table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A /31-addressed interface requires a broadcast address of 255.255.255.255,
because there is no room for a proper broadcast address. Without this,
any packet destinated to the other end of the link is sent as broadcast,
which is incorrect.
For consistency with the Linux kernel, /32-addressed interfaces are
treated in the same way.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Comparing valid_until will always return false as the value is updated for each
route update message. This causes IPv6 routes to jump more around than House of
Pain, which might have undesirable consequences for user-space and user-space
applications.
Removing the valid_until comparison when setting keep fixes this problem, and
seems to have no side-effects. I am no IPv6 expert, but I see that valid of the
route is updated correctly and route is deleted if I block the route update
messages.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
|
|
|
| |
Routes are now inserted in the correct routing table when interface ip4table and/or
ip6table was changed during interface_change_config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Prevents the creation of identical address and network IP rules
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Remove ip loop policy rules as workaround for the kernel using unspecified address
to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ip6ifaceid UCI interface parameter makes the interface identifier of the delegated IPv6 address configurable.
The parameter can have the following values:
eui64 : Interface identifier is generated from the interface's MAC address
random : Interface identifier is generated randomly
fixed value : Interface identifier is a fixed value (eg ::1:2)
The latter is the default value with a fixed value of ::1 for backwards compatibility
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Joeri Barbarien <joeri.barbarien@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
