| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes warnings like this:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
Mostly this was an int compared to a size_t returned by ARRAY_SIZE().
The easiest fix is to count on the size_t type.
The ifindex is sometimes an unsigned int and sometimes a signed int in
the kernel interfaces. I think it normally fits into an unsigned 16 bit
value, so this should be fine. Do the one comparison where the
compiler complains as a long.
Casting the result of sizeof() to int should be safe. These values are
never out of range of int.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
memory corruption when resolv_conf specified by input -r parameters
and the resolv_conf length less than "/tmp/resolv.conf-.d/resolv.conf.auto"
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
|
|
|
|
|
|
|
|
| |
When adding host routes needed for an interface to communicate, it may be
necessary to skip the interface itself, in case it provides a default route.
This helps with avoiding accidental loops
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Make host routes use the same update logic as regular proto routes, including
the enable/disable handling.
This avoids unnecessary remove/add cycles when adding the same host route
multiple times
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If IPv6 is disabled on a device, netifd still creates rules for it:
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000002: from all iif eth0 lookup unspec 12
4200000003: from all iif eth1 lookup unspec 12
When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)
See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.
This change only sets up the v6 rules if ipv6 is enabled on the
device.
Signed-off-by: Julian Squires <julian@cipht.net>
|
|
|
|
|
|
|
|
| |
On dhcpv6 interfaces, DHCPv6 server might invalidate previous
PD by advertising it with valid lifetime set to 0. In this case,
netifd must immediately remove PD assignments.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
|
|
|
|
|
|
| |
When there were multiple routes with the same target but different
metrics, __find_ip_route_target was returning the first one,
independently of the metric.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the new configuration option `disabled` for the route
section, which can be used to temporarily disable the section so that
the route is not set. The advantage is that we do not have to delete
this route configuration section to achieve this.
config route
option disabled '1
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid a routing loop add an unreachable route for the
address prefix is the offlink flag is set for an address.
This fixes a routing loop which is currently present on point-to-point
links (e.g PPP) when the wan interface is assigned a globally unique
prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked
and installed on the wan interface
(e.g. 2001:db8:1:0:5054:ff:feab:d87c/64)
The prefix route 2001:db8:1::/64 would be present in the routing table
which will route any packet with as destination 2001:db8:1::/64 to the wan
interface and would be routed back by the upstream router due to the
wan interface due to the assigned global unique prefix.
Besides not installing the prefix route 2001:db8:1::/64 on point-to-point links
adding an unreachable route is required to avoid the routing loop.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Example:
{
"network-device": {
"eth0": {
"macaddr": "bc:a5:11:16:76:d7"
}
}
}
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment, dnsmasq initscript generates dhcp-range for an interface
by inspecting first address of that interface from netifd ubus output.
Order by address index as specified in the uci config makes netifd ubus
output consistent with linux network interfaces' primary/secondary
address settings. More importantly, the ubus output and dnsmasq config
generation will be more predictable.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Clear the host bits of the device prefix in
interface_ip_add_device_prefix as interface_set_prefix_address just ORs
the calculated assignment part which would lead to an invalid IPv6
address if the host bits are not masked out
Suggested-by: Daniel Gröber <dxld@darkboxed.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
When netifd manages the prefix route directly, it will remove it
the moment prefix gets deprecated. This will make it impossible
for the target to send ICMPv6 errors back to LAN devices still
using the deprecated prefix, thus breaking the L-14 requirement
of RFC 7084.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).
Example /etc/config/network snippet:
config device 'veth0'
option type 'veth'
option name 'vhost0'
option peer_name 'virt0'
config interface 'virt'
option type 'bridge'
list ifname 'vhost0'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
config interface 'virt0'
option ifname 'virt0'
option proto 'static'
option ipaddr '10.0.0.2'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
option dns '10.0.0.1'
option jail 'transmission'
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Reported by Coverity in CID 1445749
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of tunnel over PPP(such as gretap over l2tp): tunnel interface
use PPP's peer address as remote address, netifd script will call
proto_add_host_dependency function, then netifd will search which device
can reach to the remote address. Before the patch, netifd don't consider
the PPP interface can reach to the remote address, so netifd will select
default route to remote address, it will lead to remote address unreachable.
Based on a patch by xiaofan <xfan1024@live.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
blobmsg_check_attr() takes as second argument a bool; fix it where needed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
Failing to set the IPv6 mtu is only a real issue if the mtu to be set is
smaller than the current mtu as in that case it would break IPv6 path mtu;
adapt the logic to generate the warning accordingly
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing space to change from:
netifd: Failed to set IPv6 mtu to 1500on interface 'wg0'
to:
netifd: Failed to set IPv6 mtu to 1500 on interface 'wg0'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The neighbor or neighbor6 network section makes neighbours
configurable via UCI or proto shell handlers. It allows to
install neighbor proxy entries or static neighbor entries
The neighbor or neighbor6 section has the following types:
interface : declares the logical OpenWrt interface
ipaddr : the ip address of the neighbor
mac : the mac address of the neighbor
proxy : specifies whether the neighbor ia a proxy
entry (can be 1 or 0)
router : specifies whether the neighbor is a router
(can be 1 or 0)
Signed-off-by: Alexander Meuris <meurisalexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
Update the no_delegation parameter on a config reload; in case prefixes
are present update the prefix assignments as well according to the
no_delegation status
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Always override the downstream IPv6 mtu in case it differs with the IPv6 mtu
of the upstream link. This allows to increase the downstream IPv6 mtu in
case RA messages are received on the upstream link having a mtu attribute
higher than the downstream IPv6 mtu.
At the same be verbose when failing to set the IPv6 mtu on the downstream link.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
netifd-2018-07-30-75ee7905/interface-ip.c:724:11: error: unused variable 'macaddr' [-Werror=unused-variable]
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
| |
Use the mac address stored in the device_settings struct to generate the
eui64 ifaceid as the interface layer3 device does not contain a mac address
for non bridge interfaces
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
No need to check iface pointer in interface_ip_set_enabled as the
interface is always set by the function __interface_ip_init().
Reported by Coverity in CID 1330437
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
Detected by coverity in CID 141267
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Commit 9c8d781 introduced a memory leak in interface_ip_add_target_route
in case interface_ip_find_addr_target returns true for a given address
by not freeing the previously allocated route.
While at it rework the logic so a host route is only allocated when it's
really required.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
Fixes an issue where interfaces with host dependencies that resolve to a
local subnet stay down.
Fixes: 1f5a29c3de6e ("ip: do not add local routes for host dependencies")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
In order to find the best match, allow overriding the last found entry
if route->mask for the new entry is bigger than the one from the previous
entry.
Patch submitted by 'Mikael' in FS#1358
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
This avoids creating invalid routes in cases where another daemon is
handling local routes for an interface, e.g. on mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Check if a mac address is actually present when generating an eui64 based
IPv6 address; in case of failure bail out.
At the same time make sure the active mac address is used as input for the
eui64 based IPv6 address and guarantee IPv6 prefix address generation is
based on the actual config by resetting the IPv6 prefix address in the
assignment structure when it gets deleted.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Don't generate an IPv6 prefix address without taking into account the
interface state. In case eui64 is configured to generate the ifaceid this
could fail as the layer3 device mac address could not yet be available if
the interface is not yet in setup or up state.
While at it remove the interface metric assignment as this is already done
by the function interface_set_route_info.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
table support; as a result for IPv6 the prefix route linked to the IPv6
address is added to the specified IPv6 interface routing table.
In order to route traffic having as destination the IPv6 prefix a policy
rule is required using the prefix destination as policy so the traffic is
passed to the correct routing table.
The IPv6 prefix address logic was not installing this policy rule effectively
breaking routing when trying to reach a global or ULA IPv6 address in the
lan from either the device or another wan device.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add config support support for point-to-point IPv4 addresses by providing
the uci parameter ptpaddr. This allows to support a gateway being in a
different subnet than the assigned IP by modeling the local IP having a
point-to-point address.
This is similar to the point-to-point IPv4 address support already present
for the protocol handlers.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
| |
Commit 235a02424c3ab1b59308895c4f00395dacf2557c adds support for IPv6 link-local
DNS server by appending the device name; however the interface ifname parameter
does not always contain the layer 3 device name (e.g it can hold the aliased
interface name)
Fix this by passing the device name of the referenced layer 3 device.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
Trigger interface update event when IPv6 prefix lifetime changes by setting
the prefix indicator flag to inform external subsystems (eg hnetd) about IPv6
prefix lifetime changes.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of prefix delegation prefixes are assigned to one or more
configured downstream interfaces. The delegated prefix length in
combination with the assignment length of the downstream interfaces
determines the number of subnets which can be allocated from the
delegated prefix.
The interface ip6weight parameter allows to prioritize the allocation
of subnets to interfaces in case of multiple configured downstream
interfaces.
The order of interface prefix assignment from a delegated prefix is
based on the following parameters:
- Primary key is prefix assignment based on the configured interface ip6hint
- Secondary key is the requested downstream interface prefix length,
interfaces configured with the smallest ip6hint will be assigned first
- Third key is the assigned interface ip6weight in case of equal prefix
assignment length; interfaces having the highest ip6weight will be
assigned first
- Finally the alphabetical order of the interfaces in case of equal
ip6weight
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
|
|
|
|
|
|
|
|
|
|
|
| |
Route proto support is usefull when using route distribution
via a routing daemon.
The route proto parameter can be specified via the route proto
uci config parameter, it can hold a numerical value or the string
values unspec, kernel, boot, static or a string present in
/etc/iproute2/rt_protos.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Interface name servers when being written to resolv.conf.auto are sorted
based on the following parameters:
-Primary sorting key is interface dns_metric; name servers having lowest
interface dns_metric are listed first
-Secondary sorting key is interface metric; in case of equal interface
dns_metric name servers having lowest interface metric are listed first
-Finally alphabetical order of the interface names in case of equal
interface dns_metric and metric
In case the resolver queries the multiple servers in the order
listed; sorting is usefull in the following scenarios :
-Name resolving over a main and backup interface
-Assign priority to IPv6 name servers over IPv4 or vice versa
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
Prevent external routes and address being added or deleted when changing
the state of the interface ip settings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
After commit ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.
This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
|
|
|
|
| |
handling for prefixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the kernel subnet route has to be replaced, the cleanup call needs
to match the properties of the replacement route exactly, mainly the
metric and the routing table.
Fix handling this by embedding the device_route for the subnet in the
device_addr struct and using it in the cleanup path.
This fixes issues on config reload with changes to the routing table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
| |
ip[46]table
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|