| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFCs suggest some parameters of IGMP and MLD to be configurable by
the administrator. With this patch the following parameters are
configurable:
* robustness (default: 2)
* query_interval (default: 12500 [125s])
* query_response_interval (default: 1000 [10s])
* last_member_interval (default: 100 [1s])
Depending on the size and nature of the network topology administrators
might want to increase or decrease these parameters.
netifd will take care of configuring any other parameters which are
dependant on the ones above and set them according to the formulas
provided in the RFCs. These parameters of the bridge are
membership_interval, querier_interval, startup_query_interval,
startup_query_count and last_member_count.
RFCs allow setting three more parameters to be configurable:
startup_query_interval, startup_query_count and last_member_count.
However this patch does not export them, as they can be indirectly
tuned via the given, exported four parameters, too.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
| |
The libnl-tiny library does not provide a nla_put_be32(), use nla_put_u32()
again in conjunction with htonl() to convert the values.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
| |
|
|
|
|
|
| |
The kernel expects the IFLA_VTI_IKEY and IFLA_VTI_OKEY netlink attributes to
be in network byte order, so ensure that the values are stored accordingly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
| |
|
|
|
|
|
|
| |
Make multicast device flag configurable by extending device attributes
with the multicast attribute
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
|
| |
|
|
|
|
| |
Call globfree to free dynamically allocated storage from a previous glob call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
This patch adds support for VTI interfaces. VTI interfaces can be used to
tunnel IPsec ESP traffic to a device so common firewall zones may be used.
This also enables routing protocols to work over IPsec tunnels.
Signed-off-by: André Valentin <avalentin@marcant.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interface_ip_set_enabled() is usually called two times right after one another,
once to handle config_ip and once to handle proto_ip. As long as
ip->iface->l3_dev.dev is set, the local/source policy rules are updated.
This value is in several cases set on both config_ip and proto_ip, causing the
rules to be added multiple time. The reason is that the kernel does not respect
the NLM_F_* flag for rules. In other words, the rule state has to be managed by
the routing daemon.
Since the local/source policy rules are bound to iface, this commit solves the
problem by adding a flag to interface which stores the current rule state. The
flag follows the enabled-paramter passed to interface_ip_set_enabled(), similar
to route-> and addr->enabled. The flag breaks the alignment of the interface
struct, but based on earlier commits this seems to be ok.
I have tested the patch in different configurations and have not found any
regression.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
|
|
| |
output
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handlers
Set link_state for all device types via the device_set_link API as all devices are registered
in the device tree list making it possible to always get the device via device_get.
The decice link state parameter will now actually reflect the corresponding kernel device
carrier state in all cases.
Before this change a vlan/macvlan device could still have link_state enabled if an interface
was brought down; this was the case when the parent vlan/macvlan device was still enabled as
the netlink link_state event would be dropped for vlan/macvlan devices due to keep_link_state
in the function cb_rtnl_event.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Detected by Coverity CID 1330302
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
| |
Detected by Coverity CID 1330178
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
| |
Fixes a regression that caused WDS stations to repeat packets back to
the AP.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast router
was detected (currently only learned via query messages, no MRD
support yet)
* 2: Always forward any multicast traffic on this port
Since MRD is not mandated you might end up with silent multicast routers
(e.g. if your link has more than one multicast router; only one can
become the selected, "noisy" querier). Here you might need a manual
configuration option like the "multicast_router" option.
Other scenarios where this can be useful are for instance:
* Segmentation of IGMP/MLD domains together with ebtables
* Dedicated bridge port for monitoring/debugging purposes
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
| |
With this patch the multicast_to_unicast feature can be disabled for all
wireless interfaces via an according option on the uci bridge interface.
This patch also exports the setting information to wireless handler
scripts. The hostapd script will need that information to determine
whether to enable or disable ap-isolation, for instance.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All IGMP and MLD versions suffer from a specific limitation (from a
snooping switch perspective): Report suppression.
Once a listener hears an IGMPv2/3 or MLDv1 report for the same group
itself participates in then it might (if this listener is an IGMPv3 or
MLDv2 listener) or will (if this is an IGMPv1/2 or MLDv1 listener)
refrain from sending its own report.
Therefore we might currently miss such surpressing listeners as they
won't receive the multicast packet with the mangled, unicasted
destination.
Fixing this by first isolating the STAs and giving the bridge more
control over traffic forwarding. E.g. refraining to forward listener
reports to other STAs.
For broadcast and unicast traffic to an STA on the same AP, the hairpin
feature of the bridge will reflect such traffic back to the AP
interface. However, if the AP interface is actually configured to
isolate STAs, then hairpin is kept disabled.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
|
|
|
| |
Config option dadtransmits allows to configure the amount of
Duplicate Address Detection probes to be sent
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the number of entries in the MDB exceeds hash_max then the
multicast snooping capabilities of the bridge are disabled
automatically.
The default value for hash_max is 512 which is already exceeded by some
wireless community mesh networks. They need to be able to set a higher
value.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
IGMP snooping
In larger networks, especially big batman-adv meshes, it may be desirable to
enable IGMP snooping on every bridge without enabling the multicast querier
to specifically put the querier on a well-connected node.
This patch adds a new UCI option 'multicast_querier' for bridges which allows
this. The default is still the value of the 'igmp_snooping' option to maintain
backwards compatiblity.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
|
|
| |
The UCI parameter neighreachabletime allows to control the hardware address
to IP mapping lifetime in the neighbour table for both IPv4 and IPv6
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Jean-Francois Remy <jeff@melix.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Config support to set the MLD host version on device level; possible values are :
1 : MLDv1
2 : MLDv2
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleaned up and simplified.
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Config support to set the IGMP host version on device level; possible values are :
1 : IGMPv1
2 : IGMPv2
3 : IGMPv3
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cleand up and simplified
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
|
|
| |
Don't restore original device settings based on the device settings flags in system_if_down
as device flags are already reset when the device config is deleted.
Therefore move the masking of the relevant original device settings to system_if_up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the OpenWRT Network documentation for route, the 'source' option is
"The preferred source address when sending to destinations covered by the
target". However, netifd currently stores this value in RTA_SRC on
NEWROUTE/DELROUTE.
RTA_SRC is not used by kernel when handling NEWROUTE nor DELROUTE for IPv4
routes. When adding a new IPv4 route, the source is stored in RTA_PREFSRC and
the option works as specified in documentation. For IPv6, the address is still
stored in RTA_SRC as to not break source-destination routing for IPv6.
v2: Limit patch to IPv4, to prevent breaking IPv6 configurations (thanks Steven
Barth)
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
| |
Adds support to accept packets with local source address.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reverse path filtering config support; possible values are:
0: no source validation
1|strict: strict mode as packet will be dropped if the
incoming interface is not the best reverse path
2|loose: loose mode as packet will be dropped if the
source address is not reachable via any interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Don't resolve the ifindex of the parent device again
when adding vlandev and macvlan devices as the ifindex
has already been resolved.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a device with the same name is deleted and created again in the kernel
the ifindex changes.
A race condition will occur when netlink event messages linked to the old device
are processed and will thus overwrite the correct ifindex of the new device.
Further make sure a valid ifindex is in place for both external and internal
devices when setting the state to enabled.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Netifd commit b2dcb02570939d98b92c7c55db1c328693a5d52a introduces
a race condition resulting into infinite toggling interfaces
(eg static interfaces with linksensing enabled, vlan interfaces
with proto none (#18106)) when linksensing is enabled resulting into
a crash.
As netlink event messages will be queued on the netlink event socket
the included lower up interface flag will not always represent the
current link state when netifd processes the netlink messages;
by reading the current link state when a netlink event message is
parsed the correct info is passed to the device layer.
This will avoid continuous interface toggling (down/up) triggered
by link state changes based on outdated netlink interface info.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
| |
Fixes a race condition that triggers endless link loss / detect calls
when VLAN devices are created.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds IPIP tunnel support to netifd.
Following IPIP tunnel parameters can be configured :
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-mtu (IPIP tunnel mtu)
-ttl (time to live of encapsulting packets)
-tos (type of service either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packets)
-tunlink (bind tunnel to this interface)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Tos support is added as a generic gre parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Martin Hundebøll <martin@hundeboll.net>
|
| |
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
|
| |
|
|
|
|
| |
Adds support for gre, gretap, grev6 and grev6tap tunnels
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
