project/netifd.git
17 months agobridge: make hotplug-added vlans default to tagged
Felix Fietkau [Fri, 23 Jun 2023 09:48:20 +0000 (11:48 +0200)]
bridge: make hotplug-added vlans default to tagged

This simplifies adding extra vlans and ranges

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: add support for configuring extra tagged vlans on member devices
Felix Fietkau [Fri, 23 Jun 2023 08:17:45 +0000 (10:17 +0200)]
bridge: add support for configuring extra tagged vlans on member devices

This can be used to allow trunking dynamically allocated VLANs into a specific
member port. In order to use this, add a device section for the member port with
the 'vlan' array option, which can contain vlan numbers or ranges.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agowireless: add network_vlan config attribute
Felix Fietkau [Wed, 21 Jun 2023 18:47:05 +0000 (20:47 +0200)]
wireless: add network_vlan config attribute

This can be used to make a wireless interface/vlan a tagged member of extra VLANs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agovlan/vlandev: pass through extra vlan information passed via hotplug
Felix Fietkau [Wed, 21 Jun 2023 18:46:24 +0000 (20:46 +0200)]
vlan/vlandev: pass through extra vlan information passed via hotplug

This adds support for adding extra tagged VLANs in addition to the primary one

Signed-off-by: Felix Fietkau <nbd@nbd.name>
18 months agosystem-linux: fix memory leak in system_bridge_vlan_check
Felix Fietkau [Sun, 4 Jun 2023 16:34:01 +0000 (18:34 +0200)]
system-linux: fix memory leak in system_bridge_vlan_check

The message passed to nl_send_auto_complete still needs to be freed
even in the normal path

Fixes: https://github.com/openwrt/netifd/issues/4
Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
18 months agobridge: bridge_dump_info: add dumping of bridge attributes staging/ynezz/fixes-bridge-inspect
Petr Štetiar [Thu, 9 Mar 2023 13:57:51 +0000 (14:57 +0100)]
bridge: bridge_dump_info: add dumping of bridge attributes

There are internal decisions being made using several bridge attributes
like for example in bridge_reload(), but those attributes are not
available for the outside inspection, thus hard to follow.

So lets make inspection easier and simply just add dumping of those
bridge attributes as well.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
18 months agobridge: make it more clear why the config was applied
Petr Štetiar [Thu, 9 Mar 2023 08:30:19 +0000 (09:30 +0100)]
bridge: make it more clear why the config was applied

In some cases we see, that the bridge configuration was applied, but its
not exactly clear why it was done, so lets add a simple debugging output
which should provide currently missing clue.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
18 months agocmake: fix build by reordering the cflags definitions
Petr Štetiar [Wed, 29 Mar 2023 07:29:54 +0000 (09:29 +0200)]
cmake: fix build by reordering the cflags definitions

I've noticed bunch of build errors being emitted by clang-15/gcc-10:

 netifd.h:83:33: error: unused parameter 'level' [-Werror,-Wunused-parameter]

and it seems, that the order of definitions matters as -Wextra probably
enables previously disabled warnings like -Wno-unused-parameter.

So lets fix it, by reordering the cflags definitions.

Fixes: 463a1207f076 ("netifd: Activate -Wextra compile warnings")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
18 months agotreewide: fix multiple compiler warnings
Petr Štetiar [Wed, 29 Mar 2023 07:45:04 +0000 (09:45 +0200)]
treewide: fix multiple compiler warnings

Fixes bunch of clang-15/gcc-10 compiler warnings, mostly related to
blobmsg_for_each_attr() usage:

 error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 error: format string is not a string literal [-Werror,-Wformat-nonliteral]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
19 months agobridge: remove stray newline from device status vlan port list
Felix Fietkau [Thu, 4 May 2023 13:14:59 +0000 (15:14 +0200)]
bridge: remove stray newline from device status vlan port list

Signed-off-by: Felix Fietkau <nbd@nbd.name>
20 months agodevice: fix segfault when recreating devices
Felix Fietkau [Mon, 17 Apr 2023 11:11:53 +0000 (13:11 +0200)]
device: fix segfault when recreating devices

Depending on the configuration, the callback on device_release could end up
deleting the device_dep from the list. If that happens, it must not be added
back to the recreated device, since that leads to use-after-free issues.
Check dep->dev before adding it back.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
21 months agonetifd: Activate -Wextra compile warnings
Hauke Mehrtens [Sun, 12 Feb 2023 20:02:08 +0000 (21:02 +0100)]
netifd: Activate -Wextra compile warnings

This activates some more compile warnings.
-pedantic is not yet activated, then we see too many errors which I do
not know how to mitigate.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Explicitly zero initialize variables
Hauke Mehrtens [Sun, 12 Feb 2023 20:38:04 +0000 (21:38 +0100)]
netifd: Explicitly zero initialize variables

The -pedantic option was complaining about the old initialization and
prefers if it is explicitly initialized to zero.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Do not return values in void function
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:14 +0000 (21:07 +0100)]
netifd: Do not return values in void function

These two functions return void, do not try to return a parameter.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Fix multiple -Wsign-compare warnings
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:31 +0000 (21:07 +0100)]
netifd: Fix multiple -Wsign-compare warnings

This fixes warnings like this:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]

Mostly this was an int compared to a size_t returned by ARRAY_SIZE().
The easiest fix is to count on the size_t type.

The ifindex is sometimes an unsigned int and sometimes a signed int in
the kernel interfaces. I think it normally fits into an unsigned 16 bit
value, so this should be fine. Do the one comparison where the
compiler complains as a long.

Casting the result of sizeof() to int should be safe. These values are
never out of range of int.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: bridge: Fix format string position
Hauke Mehrtens [Sun, 12 Feb 2023 20:01:57 +0000 (21:01 +0100)]
netifd: bridge: Fix format string position

This fixes the following compile error:
error: format not a string literal, argument types not checked [-Werror=format-nonliteral]

blobmsg_printf() has the following signature:
int blobmsg_printf(struct blob_buf *buf, const char *name, const char *format, ...)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
23 months agodevice: fix vlan device issues with disappearing lower devices
Felix Fietkau [Fri, 30 Dec 2022 15:38:41 +0000 (16:38 +0100)]
device: fix vlan device issues with disappearing lower devices

In some cases, if a VLAN is created on top of a bridge, a config reload
can lead to the bridge being torn down while netifd still considers the
VLAN device to be up.
In that case even a setup retry of an interface on top of the vlan does
not recreate the vlan device, because it is still claimed.
Fix this by releasing all device claims whenever a device goes away.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agovlandev: propagate topology changes
Felix Fietkau [Fri, 30 Dec 2022 14:16:50 +0000 (15:16 +0100)]
vlandev: propagate topology changes

Same as vlan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agoutils: include utils.h last
Felix Fietkau [Thu, 29 Dec 2022 18:56:08 +0000 (19:56 +0100)]
utils: include utils.h last

Fixes conflict with some system headers that use the fallthrough keyword

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agosystem: move netdev types to system-linux.c where they are used
Felix Fietkau [Thu, 29 Dec 2022 18:55:30 +0000 (19:55 +0100)]
system: move netdev types to system-linux.c where they are used

Fixes compile error on non-linux systems (used for testing)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agowireless: add support for disabling multicast-to-unicast per virtual interface
Felix Fietkau [Mon, 19 Dec 2022 17:15:01 +0000 (18:15 +0100)]
wireless: add support for disabling multicast-to-unicast per virtual interface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agowireless: allow set_retry ubus notify command to trigger a wdev restart
Felix Fietkau [Fri, 30 Sep 2022 12:34:44 +0000 (14:34 +0200)]
wireless: allow set_retry ubus notify command to trigger a wdev restart

This can be used to retry bringing up a wireless device after receiving a
hotplug event

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agotreewide: correctly apply IFNAMSIZ limit
Jo-Philipp Wich [Thu, 17 Nov 2022 08:09:09 +0000 (09:09 +0100)]
treewide: correctly apply IFNAMSIZ limit

The `IFNAMSIZ` macro defines the required buffer size to hold a Linux
interface name including the terminating zero byte while netifd currently
uses an `IFNAMSIZ + 1` limit for interface name buffers.

This causes netifd to use overlong names (16 instead of 15 bytes) in
netlink communication with the kernel, leading to netlink failure replies
due to policy violations.

Fix this issue by applying the correct length, that is `IFNAMSIZ` directly,
to the corresponding buffers.

Ref: https://github.com/openwrt/openwrt/issues/11259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agointerface: fix use-after-free bug when rewriting resolv.conf
Felix Fietkau [Thu, 25 Aug 2022 19:09:24 +0000 (21:09 +0200)]
interface: fix use-after-free bug when rewriting resolv.conf

After the call to interface_handle_config_change, the iface pointer will no
longer be valid if the interface has been deleted from the config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agonetifd: fix WPA3 enterprise ciphers
Joerg Werner [Mon, 15 Aug 2022 12:10:22 +0000 (14:10 +0200)]
netifd: fix WPA3 enterprise ciphers

WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.

Signed-off-by: Joerg Werner <schreibubi@gmail.com>
2 years agointerface: support "zone" config option
Rafał Miłecki [Wed, 27 Jul 2022 05:34:39 +0000 (07:34 +0200)]
interface: support "zone" config option

Many protocol handlers support "zone" option independently and they pass
it in the "data". Then it's read e.g. by a firewall[34].

Add support for "zone" directly to the netifd so:
1. It works for all protocols
2. Handlers don't have to duplicate code

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2 years agointerface-ip: fix memory corruption bug when using jail network namespaces
Junnan Xu [Tue, 31 May 2022 14:31:19 +0000 (22:31 +0800)]
interface-ip: fix memory corruption bug when using jail network namespaces

memory corruption when resolv_conf specified by input -r parameters
and the resolv_conf length less than "/tmp/resolv.conf-.d/resolv.conf.auto"

Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
2 years agonetifd: fix hwmode for 60g band
Daniel Golle [Sun, 3 Apr 2022 12:02:22 +0000 (13:02 +0100)]
netifd: fix hwmode for 60g band

hwmode should be set to 'ad' for 60g band.

Reported-by: herman@zeilsteenfilm.nl
Fixes: 62e3cb5 ("scripts/netifd-wireless.sh: add support for specifying the operating band")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 years agointerface-ip: add support for excluding interfaces in host route lookup
Felix Fietkau [Thu, 19 May 2022 15:21:23 +0000 (17:21 +0200)]
interface-ip: add support for excluding interfaces in host route lookup

When adding host routes needed for an interface to communicate, it may be
necessary to skip the interface itself, in case it provides a default route.
This helps with avoiding accidental loops

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agointerface-ip: unify host and proto route handling
Felix Fietkau [Thu, 19 May 2022 14:45:52 +0000 (16:45 +0200)]
interface-ip: unify host and proto route handling

Make host routes use the same update logic as regular proto routes, including
the enable/disable handling.
This avoids unnecessary remove/add cycles when adding the same host route
multiple times

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agocmake: fix usage of implicit library and include paths
Petr Štetiar [Sun, 20 Feb 2022 09:41:53 +0000 (10:41 +0100)]
cmake: fix usage of implicit library and include paths

And thus allow building in out of tree setups etc.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agonetifd: interface-ip: don't set fib6 policies if ipv6 disabled
Julian Squires [Fri, 30 Apr 2021 14:30:37 +0000 (12:00 -0230)]
netifd: interface-ip: don't set fib6 policies if ipv6 disabled

If IPv6 is disabled on a device, netifd still creates rules for it:

0:      from all lookup local
32766:  from all lookup main
4200000001:     from all iif lo lookup unspec 12
4200000002:     from all iif eth0 lookup unspec 12
4200000003:     from all iif eth1 lookup unspec 12

When logread is asked to log to a remote system, it invokes usock such
that getaddrinfo is called with AI_ADDRCONFIG in the flags; if ipv6 is
disabled on lo, musl attempts to connect to ::1 but gets EACCES from
the kernel, because of the reject policy added; this causes logread to
fail to connect:

socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_UDP) = 8
connect(8, {sa_family=AF_INET6, sin6_port=htons(65535), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)

See <https://www.openwall.com/lists/musl/2021/04/30/2> for a
discussion of musl's handling of this.

This change only sets up the v6 rules if ipv6 is enabled on the
device.

Signed-off-by: Julian Squires <julian@cipht.net>
2 years agosystem-linux: expose hw-tc-offload ethtool feature in device status dump
Jo-Philipp Wich [Fri, 4 Feb 2022 18:06:52 +0000 (19:06 +0100)]
system-linux: expose hw-tc-offload ethtool feature in device status dump

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 years agosystem-linux: add wrapper function for creating link config messages
Felix Fietkau [Tue, 1 Feb 2022 11:53:50 +0000 (12:53 +0100)]
system-linux: add wrapper function for creating link config messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agosystem-linux: delete bridge devices using netlink
Felix Fietkau [Tue, 1 Feb 2022 10:58:44 +0000 (11:58 +0100)]
system-linux: delete bridge devices using netlink

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agosystem-linux: create bridge devices using netlink
Felix Fietkau [Tue, 1 Feb 2022 10:56:54 +0000 (11:56 +0100)]
system-linux: create bridge devices using netlink

The legacy ioctl + sysfs configuration is deprecated, and the netlink code
is smaller and easier to read

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agoiprule: add support for uidrange
Matthew Hagan [Sun, 16 Jan 2022 00:21:17 +0000 (00:21 +0000)]
iprule: add support for uidrange

Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2 years agosystem: fix compilation with glibc 2.34
Hans Dedecker [Fri, 14 Jan 2022 20:27:39 +0000 (21:27 +0100)]
system: fix compilation with glibc 2.34

Fixes ARPHRD_PHONET/ARPHRD_PHONET_PIPE undeclared compilation error with
glibc 2.34

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2 years agoRevert "netifd: add devtype to ubus call"
Hans Dedecker [Wed, 12 Jan 2022 19:39:04 +0000 (20:39 +0100)]
Revert "netifd: add devtype to ubus call"

This reverts commit 7ccbf08570619a4d3eccf6401791075908bb1d78 as the
commit accidently slipped into the git tree

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2 years agonetifd: add devtype to ubus call
Florian Eckert [Tue, 11 Jan 2022 14:42:59 +0000 (15:42 +0100)]
netifd: add devtype to ubus call

Every network device has a type but there is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.

This new function first checks whether there is a DEVTYPE=<type> string
in the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.

This new 'devtype' information can be found in the network.device ubus
call.

Command:
ubus call network.device status

Output:
{
    "eth0": {
        "devtype": "ethernet",

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [commit rewording]
2 years agonetifd: add devtype to ubus call
Florian Eckert [Thu, 9 Dec 2021 15:18:19 +0000 (16:18 +0100)]
netifd: add devtype to ubus call

Every network device has a type. There is no standard interface here.
The type can be determined either from the file
'/sys/class/net/<device>/uevent' or, if no information is found
there, from the file '/sys/class/net/<device>/type'.

This new function first checks whether there is a DEVTYPE=<type> sring in
the 'uevent' file and uses it. If it does not find this information,
the 'type' is used as a fallback and mapped the number to a character
sequence.

This new 'devtype' information can be found in the network.device ubus
call.

Command:
ubus call network.device status

Output:
{
"eth0": {
"devtype": "ethernet",

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
3 years agonetifd: allow disabling rule/rule6 config sections
Vladislav Grigoryev [Thu, 2 Dec 2021 11:26:49 +0000 (14:26 +0300)]
netifd: allow disabling rule/rule6 config sections

Allow disabling IP rules similar to routes:
https://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=327da9895327bc56b23413ee91a6e6b6e0e4329d

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
3 years agointerface-ip: add support for IPv6 prefix invalidation
Alin Nastac [Mon, 15 Nov 2021 15:54:43 +0000 (16:54 +0100)]
interface-ip: add support for IPv6 prefix invalidation

On dhcpv6 interfaces, DHCPv6 server might invalidate previous
PD by advertising it with valid lifetime set to 0. In this case,
netifd must immediately remove PD assignments.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
3 years agointerface-ip: use metric when looking for a route
Luiz Angelo Daros de Luca [Tue, 23 Nov 2021 02:04:51 +0000 (23:04 -0300)]
interface-ip: use metric when looking for a route

When there were multiple routes with the same target but different
metrics, __find_ip_route_target was returning the first one,
independently of the metric.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 years agomain: fix hotplug script usage message
Stijn Tintel [Tue, 23 Nov 2021 15:57:06 +0000 (17:57 +0200)]
main: fix hotplug script usage message

Commit 41842d3f9173 introduced a new command line option, and its usage
message was added in between the two lines of the hotplug script usage
message. Move both lines back together.

Fixes: 41842d3f9173 ("add some code for keeping track of dns servers ...")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
3 years agosystem-linux: fix deletion of ip tunnels (FS#4058)
Hans Dedecker [Sat, 9 Oct 2021 19:14:59 +0000 (21:14 +0200)]
system-linux: fix deletion of ip tunnels (FS#4058)

The deletion of IP tunnels via the ioctl interface is broken; instead of
fixing the ioctl interface switch to the netlink based interface to delete
IP tunnel devices as this simplifies and unifies the code

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agowireless: fix handling vif attributes on reload with mode change
Felix Fietkau [Thu, 21 Oct 2021 09:28:35 +0000 (11:28 +0200)]
wireless: fix handling vif attributes on reload with mode change

When switching from AP to station mode, some AP specific flags such as proxyarp
could become sticky and lead to hairpin being enabled on the sta interface.
Fix this by ensuring that vif fields are always properly rewritten

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: fix creating AP mode WDS station interfaces
Felix Fietkau [Wed, 20 Oct 2021 19:09:32 +0000 (21:09 +0200)]
wireless: fix creating AP mode WDS station interfaces

Ensure that devices are created without attempting to create a VLAN chain

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agointerface, ubus: rework netns up/down
Daniel Golle [Mon, 11 Oct 2021 23:17:26 +0000 (00:17 +0100)]
interface, ubus: rework netns up/down

Let per-container netifd instance handle the netns bringdown, it makes
everything easier and gets rid of the fork() when bringing down
container network interfaces.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 years agointerface: don't fork() to start jail interface
Daniel Golle [Mon, 11 Oct 2021 22:51:08 +0000 (23:51 +0100)]
interface: don't fork() to start jail interface

As we got a persistent per-netns-jail instance of netifd now which
handles interface configuration we no longer need to fork() the host
netifd to bring up jail interfaces.
The follow-up commit will deal with stopping jail interfaces.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 years agowireless: fix index for stations
Felix Fietkau [Wed, 29 Sep 2021 13:16:33 +0000 (15:16 +0200)]
wireless: fix index for stations

Use wdev->sta_idx instead of the VLAN counter wdev->vlan_idx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: reset retry counter when setup succeeds
Felix Fietkau [Wed, 29 Sep 2021 12:59:11 +0000 (14:59 +0200)]
wireless: reset retry counter when setup succeeds

A wireless device restart cycle can be triggered if a tracked process
(e.g. hostapd) dies and is restarted, and this left the retry counter
untouched

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: reset number of retries on config change
Felix Fietkau [Wed, 29 Sep 2021 11:29:22 +0000 (13:29 +0200)]
wireless: reset number of retries on config change

Ensure that enough retries are performed, just like on a user triggered
down/up cycle.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agomain: poll process log stream even if processes are killed
Felix Fietkau [Wed, 29 Sep 2021 12:45:16 +0000 (14:45 +0200)]
main: poll process log stream even if processes are killed

Ensures that pending log messages are still received

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: process and close script file descriptor when rerunning setup
Felix Fietkau [Wed, 29 Sep 2021 12:03:55 +0000 (14:03 +0200)]
wireless: process and close script file descriptor when rerunning setup

On reloading, setup is called without a teardown, so the previous fd might
still be open. Clear it to avoid a leak.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: display log messages for setup/teardown/retry
Felix Fietkau [Wed, 29 Sep 2021 12:35:56 +0000 (14:35 +0200)]
wireless: display log messages for setup/teardown/retry

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: fix applying wireless devices attributes on hotplug events
Andre Heider [Tue, 28 Sep 2021 11:29:27 +0000 (13:29 +0200)]
wireless: fix applying wireless devices attributes on hotplug events

Hotplug events pass their own 'ifname' copy, so we need to compare the
strings, not just the pointers.
Additionally, the check condition was accidentally inverted

Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agonetifd: rework/fix device free handling
Felix Fietkau [Mon, 27 Sep 2021 16:56:21 +0000 (18:56 +0200)]
netifd: rework/fix device free handling

Instead of explicitly preventing free in specific code sections using
device_lock/device_unlock, defer all device free handling via uloop timeout
This avoids an entire class of lurking use-after-free bugs triggered
by device event processing and simplifies the code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobonding: claim the port device before creating the bonding device
Felix Fietkau [Tue, 21 Sep 2021 16:04:32 +0000 (18:04 +0200)]
bonding: claim the port device before creating the bonding device

Avoids create/destroy cycles of the bonding device if the port devices are unavailable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: only enable proxyarp/isolate for AP vifs
Felix Fietkau [Mon, 20 Sep 2021 16:00:03 +0000 (18:00 +0200)]
wireless: only enable proxyarp/isolate for AP vifs

The settings might be present in the config as leftovers when switching
a vif from AP to sta mode. In that case, they will not be applied by wpad,
so they also must not be used by netifd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: only apply wireless device attributes to the base vif interface
Felix Fietkau [Mon, 20 Sep 2021 15:55:39 +0000 (17:55 +0200)]
wireless: only apply wireless device attributes to the base vif interface

Per-station interfaces in 4-addr AP mode must not inherit them, because
this can cause reflected packets by enabling hairpin mode.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: add support for configuring bonding devices
Felix Fietkau [Thu, 2 Sep 2021 18:26:33 +0000 (20:26 +0200)]
device: add support for configuring bonding devices

Supported options:

- ports: member devices
- policy: bonding policy
supported values:
- balance-rr
- active-backup
- balance-xor
- broadcast
- 802.3ad
- balance-tlb
- balance-alb
- xmit_hash_policy: slave selection tx hash policy
supported values:
- layer2
- layer2+3
- layer3+4
- encap2+3
- encap3+4
- all_ports_active: allow receiving on inactive ports
- min_links: minimum number of active links
- ad_actor_system: LACPDU exchange MAC address
- ad_actor_sys_prio: LACPDU priority value
- ad_select: 802.3ad aggregation logic
supported values:
- stable
- bandwidth
- count
- lacp_rate: 802.3ad LACPDU packet rate
supported values:
- slow (every 30 seconds)
- fast (every second)
- packets_per_port: number of packets before switching
  ports (balance-rr mode).
- lp_interval: number of seconds between sent learning packets
- dynamic_lb: distribute traffic according to port load
- resend_igmp: number if IGMP membership updates after failover event
- num_peer_notif: number of tx unsolicited ARP/NA after failover event
- primary: name of the primary port
- primary_reselect: primary port reselection policy
supported values:
- always
- better
- failure
- failover_mac: MAC address selection policy
supported values:
- none
- active
- follow
- monitor_mode: select ARP or MII link monitor:
supported values:
- arp
- mii
- monitor_interval: link monitor update interval (msec)
- arp_target: ARP monitor target IP address (list)
- arp_all_targets: all targets must be reachable to consider the link valid
- arp_validate: ARP validation policy
supported values:
- none
- active
- backup
- all
- filter
- filter_active
- filter_backup
- use_carrier: use carrier status instead of MII ioctl result
- updelay: delay before enabling port after MII link up event (msec)
- downdelay: delay before disabling port after MII link down event (msec)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: improve reliability of proxyarp support
Felix Fietkau [Wed, 1 Sep 2021 17:00:41 +0000 (19:00 +0200)]
wireless: improve reliability of proxyarp support

instead of relying on hostapd to manipulate bridge attributes (which can race
against netifd adding/removing of member ports), set the proxyarp related
attributes in netifd directly when bringing up the member port

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agosystem-linux: remove copy&paste from /proc and /sys path names
Felix Fietkau [Tue, 31 Aug 2021 19:01:40 +0000 (21:01 +0200)]
system-linux: remove copy&paste from /proc and /sys path names

Preparation for making the /proc and /sys path configurable for configuring
containers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: always enable bpdu filter for AP interfaces and VLANs
Felix Fietkau [Fri, 27 Aug 2021 10:15:07 +0000 (12:15 +0200)]
wireless: always enable bpdu filter for AP interfaces and VLANs

Regular AP/VLAN interfaces using 3-address modes should transmit any
STP packets, since devices behind them can not be part of any working bridge
topology. Enable a feature that drops any incoming or outgoing STP packets.
This does not apply to WDS AP VLAN or client mode interfaces, since they
could act as a proper bridge link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: tune default stp parameters
Felix Fietkau [Tue, 24 Aug 2021 15:16:05 +0000 (17:16 +0200)]
bridge: tune default stp parameters

The default forwarding delay 2 is broken and makes STP non-functional by
default. The kernel's default of 15 is rather long.
This commit changes makes the timer settings more aggressive than the
kernel's default while still being consistent and allowing proper
convergence for a network diameter up to 4

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: add support for an external STP daemon
Felix Fietkau [Sun, 22 Aug 2021 06:00:18 +0000 (08:00 +0200)]
bridge: add support for an external STP daemon

netifd notifies the stp daemon through the network.device object and sends
STP related configuration parameters. The daemon can also trigger a STP
restart in order to close the race on init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: memset bst->config by default to avoid stale config values
Felix Fietkau [Tue, 24 Aug 2021 10:58:35 +0000 (12:58 +0200)]
bridge: memset bst->config by default to avoid stale config values

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: add support for configuring device link speed/duplex
Felix Fietkau [Mon, 2 Aug 2021 20:48:44 +0000 (22:48 +0200)]
device: add support for configuring device link speed/duplex

The 'speed' option can be set to the speed in Mbps
The 'duplex' option can be 1 or 0 for full or half duplex

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: extend device settings flags to 64 bit
Felix Fietkau [Thu, 29 Jul 2021 18:06:14 +0000 (20:06 +0200)]
device: extend device settings flags to 64 bit

The previous 32 bit limit is almost used up

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: fix regression in bringing up bridge ports
Felix Fietkau [Mon, 26 Jul 2021 18:39:17 +0000 (20:39 +0200)]
bridge: fix regression in bringing up bridge ports

Move the DEV_EVENT_LINK_UP case to avoid messing with a fallthrough
Only restart members if the vlan check returns a positive result

Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: add back regular virtual interfaces on hotplug-add events as well
Felix Fietkau [Fri, 23 Jul 2021 09:37:57 +0000 (11:37 +0200)]
wireless: add back regular virtual interfaces on hotplug-add events as well

When hostapd does a DFS channel switch, it tears down all vifs except for the
primary one, which causes them got get dropped from the device configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: check bridge port vlan membership on link-up events
Felix Fietkau [Fri, 23 Jul 2021 09:04:45 +0000 (11:04 +0200)]
bridge: check bridge port vlan membership on link-up events

When changing to a dfs channel, hostapd can bring down wlan interfaces and
reset their bridge membership. If that happens, the port loses its vlan
membership settings and needs to be reconfigured by netifd.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agovlan: fix device vlan alias handling
Felix Fietkau [Wed, 14 Jul 2021 13:22:09 +0000 (15:22 +0200)]
vlan: fix device vlan alias handling

A recent commit changed the vlan chain handling to not treat devices with
non-digit characters after "." as vlan devices. This broke aliases, which
rely on names after the "." component.
Fix dealing with both cases by first trying to set up a vlan regardless
of the non-digit characters, but for the first component allow falling back
to treating the first two parts as a full device name

Fixes: 013a1171e9b0 ("device: do not treat devices with non-digit characters after . as vlan devices")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: fix hotplug vlan overwrite on big-endian systems
Felix Fietkau [Tue, 13 Jul 2021 05:53:40 +0000 (07:53 +0200)]
bridge: fix hotplug vlan overwrite on big-endian systems

The avl key type for bridge vlans is uint16_t, so any lookup with a wider
type is going to fail on big-endian systems
This resulted in hotplug-added devices replacing configured member ports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: bring up pre-existing vlans on hotplug as well
Felix Fietkau [Wed, 23 Jun 2021 08:01:41 +0000 (10:01 +0200)]
bridge: bring up pre-existing vlans on hotplug as well

When adding a member to an existing VLAN, it needs to be updated as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: fix enabling hotplug-added VLANs on the bridge port
Felix Fietkau [Tue, 22 Jun 2021 14:56:39 +0000 (16:56 +0200)]
bridge: fix enabling hotplug-added VLANs on the bridge port

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: handle WDS per-sta devices
Felix Fietkau [Sat, 19 Jun 2021 06:36:06 +0000 (08:36 +0200)]
wireless: handle WDS per-sta devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: do not treat devices with non-digit characters after . as vlan devices
Felix Fietkau [Sat, 19 Jun 2021 06:55:10 +0000 (08:55 +0200)]
device: do not treat devices with non-digit characters after . as vlan devices

Fixes corner cases related to AP WDS station interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agoexamples: make dummy wireless vif names shorter
Felix Fietkau [Sat, 19 Jun 2021 07:08:17 +0000 (09:08 +0200)]
examples: make dummy wireless vif names shorter

avoids running into ifname size limits

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agoubus: add a dummy mode ubus call to simulate hotplug events
Felix Fietkau [Sat, 19 Jun 2021 06:19:02 +0000 (08:19 +0200)]
ubus: add a dummy mode ubus call to simulate hotplug events

Can be used to test the device hotplug handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: move hotplug handling logic from system-linux.c to device.c
Felix Fietkau [Sat, 19 Jun 2021 06:11:21 +0000 (08:11 +0200)]
device: move hotplug handling logic from system-linux.c to device.c

Preparation for dealing with wifi per-station devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: fix setting pvid for updated vlans
Felix Fietkau [Thu, 17 Jun 2021 08:39:26 +0000 (10:39 +0200)]
bridge: fix setting pvid for updated vlans

defer adding back changed vlans until config processing is done

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: add some comments to functions
Alexander Couzens [Thu, 7 Jan 2021 01:59:33 +0000 (02:59 +0100)]
wireless: add some comments to functions

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
3 years agobridge: allow adding/removing VLANs to configured member ports via hotplug
Felix Fietkau [Fri, 4 Jun 2021 07:05:31 +0000 (09:05 +0200)]
bridge: allow adding/removing VLANs to configured member ports via hotplug

This is useful for a dynamic VLAN setup, where extra tags need to be created
on the trunking port on demand

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agowireless: pass the real network ifname to the setup script
Felix Fietkau [Fri, 4 Jun 2021 06:41:34 +0000 (08:41 +0200)]
wireless: pass the real network ifname to the setup script

If the network ifname is a VLAN on top of a VLAN-filtering bridge, hostapd
needs to know the VLAN ifname to communicate with other APs, if 802.11r is enabled.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: fix dynamic delete of hotplug vlans
Felix Fietkau [Wed, 2 Jun 2021 16:23:40 +0000 (18:23 +0200)]
bridge: fix dynamic delete of hotplug vlans

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: dynamically create vlans for hotplug members
Felix Fietkau [Wed, 2 Jun 2021 15:59:03 +0000 (17:59 +0200)]
bridge: dynamically create vlans for hotplug members

This makes it possible to use dynamic tags without changing the configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agointerface: support "device" attribute and deprecate "ifname"
Rafał Miłecki [Tue, 25 May 2021 15:17:26 +0000 (17:17 +0200)]
interface: support "device" attribute and deprecate "ifname"

Interfaces need to be assigned to devices. For that purpose a "device"
option should be more accurate than "ifname" one.

For backward compatibility old option remains supported too.

Config example:

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'

config interface 'lan'
option device 'br-lan'
option proto 'static'

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
3 years agoscripts/netifd-wireless.sh: add support for specifying the operating band
Felix Fietkau [Mon, 24 May 2021 10:37:55 +0000 (12:37 +0200)]
scripts/netifd-wireless.sh: add support for specifying the operating band

Add the new 'band' option, which supports the following values: 2g, 5g, 6g, 60g

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agoconfig: fix ifname->ports compat rename
Felix Fietkau [Thu, 20 May 2021 08:57:52 +0000 (10:57 +0200)]
config: fix ifname->ports compat rename

Instead of looking it up as a string, use uci_rename.
That way it works both on list and string options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agobridge: rename "ifname" attribute to "ports"
Rafał Miłecki [Fri, 14 May 2021 13:20:28 +0000 (15:20 +0200)]
bridge: rename "ifname" attribute to "ports"

Bridge aggregates multiple ports so use a more accurate name ("ports").
For backward compatibility add a temporary config translation.

Config example:

config interface 'lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
3 years agowireless: fix memory corruption bug when using vlans/station entries in the config
Felix Fietkau [Tue, 18 May 2021 04:20:00 +0000 (06:20 +0200)]
wireless: fix memory corruption bug when using vlans/station entries in the config

On config reload, any vif entries in the config added to the vlist will be
matched against existing ones, and the old entries preserved.
This means that the vif pointer is no longer valid after vlist_add.
Look up the vif again before using it for vlan/station entries.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agodevice: add support for configuring devices with external auth handler
Felix Fietkau [Mon, 17 May 2021 09:20:09 +0000 (11:20 +0200)]
device: add support for configuring devices with external auth handler

This can be used to support 802.1x on wired devices.
In order to use this, the device section for each port needing authentication
needs to contain the option auth 1
When set, this option prevents devices from being added to bridges or configured
with IP settings by default, until the set_state ubus call on network.device
sets "auth_status" to true for the device.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agoextdev: remove unused function
Felix Fietkau [Sun, 16 May 2021 16:06:48 +0000 (18:06 +0200)]
extdev: remove unused function

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agofix unannotated fall-through warnings
Felix Fietkau [Sun, 16 May 2021 16:04:18 +0000 (18:04 +0200)]
fix unannotated fall-through warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
3 years agonetifd: add possibility to switch off route config
Florian Eckert [Tue, 24 Nov 2020 07:18:00 +0000 (08:18 +0100)]
netifd: add possibility to switch off route config

This change adds the new configuration option `disabled` for the route
section, which can be used to temporarily disable the section so that
the route is not set. The advantage is that we do not have to delete
this route configuration section to achieve this.

config route
  option disabled '1

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
3 years agonetifd: bridge: set default value for igmp_snoop
Zheng Qian [Tue, 2 Mar 2021 01:36:51 +0000 (09:36 +0800)]
netifd: bridge: set default value for igmp_snoop

When unchecked the igmp snoop option for a bridge by luci, it
just delete the igmp_snooping key from the config file.
So netifd can't change /sys/devices/virtual/net/br-lan/bridge/multicast_snooping from "1" to "0".

Option multicast_querier seems no input entry in luci, but it's
an related option.

This patch will set a default value to false for the bridge
option to fix this bug.

Signed-off-by: Zheng Qian <sotux82@gmail.com>
3 years agosystem-linux: add device options used by wpad
Daniel Golle [Sat, 12 Dec 2020 21:13:24 +0000 (21:13 +0000)]
system-linux: add device options used by wpad

Add device options used by wpad in preparation of running hostapd and
wpa_supplicant non-root (and hence those options will need to be taken
care of by netifd as sysctl is root-only):
 * drop_v4_unicast_in_l2_multicast
 * drop_v6_unicast_in_l2_multicast
 * drop_gratuitous_arp
 * drop_unsolicited_na
 * arp_accept

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 years agosystem-linux: reorder sysctl functions
Daniel Golle [Sat, 12 Dec 2020 17:16:11 +0000 (17:16 +0000)]
system-linux: reorder sysctl functions

Move system_set_sendredirects up to the other non-bridge-related sysctl
functions.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>