project/netifd.git
6 years agoconfig: fix resource leaks on error in config_parse_interface()
Hans Dedecker [Mon, 26 Nov 2018 08:45:47 +0000 (09:45 +0100)]
config: fix resource leaks on error in config_parse_interface()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix memory leak on error in __interface_add()
Hans Dedecker [Mon, 26 Nov 2018 08:24:02 +0000 (09:24 +0100)]
interface: fix memory leak on error in __interface_add()

Detected by Coverity in cid 1441495

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: switch to C-code style comments
Hans Dedecker [Mon, 19 Nov 2018 08:59:05 +0000 (09:59 +0100)]
treewide: switch to C-code style comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotreewide: make some functions static
Hans Dedecker [Sat, 17 Nov 2018 17:41:16 +0000 (18:41 +0100)]
treewide: make some functions static

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix removal of dynamic interfaces
Hans Dedecker [Fri, 16 Nov 2018 15:25:41 +0000 (16:25 +0100)]
interface: fix removal of dynamic interfaces

Set config state to remove for dynamic interfaces in the following cases :
-interface is set as not available
-interface is set as down
-interface is set as having no link state
This will trigger an interface delete upon the next call of interface_handle_config_change

Before this change you could end up with lingering inactive dynamic
interfaces in case the aliased interface went down as before a dynamic
interface was only removed when set down via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: rework code to get rid of interface_set_dynamic
Hans Dedecker [Sun, 11 Nov 2018 20:15:56 +0000 (21:15 +0100)]
interface: rework code to get rid of interface_set_dynamic

Integrate dynamic interface creation code into interface_alloc and
__interface_add so we can get rid of interface_set_dynamic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: enable by default ignore encaplimit for grev6 tunnels
Hans Dedecker [Wed, 17 Oct 2018 07:35:11 +0000 (09:35 +0200)]
system-linux: enable by default ignore encaplimit for grev6 tunnels

Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs
support the destination option header containing the tunnel encapsulation
limit resulting into broken connectivity

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: fix a typo in gre tunnel data parsing logic
Hans Dedecker [Tue, 16 Oct 2018 14:16:49 +0000 (16:16 +0200)]
system-linux: fix a typo in gre tunnel data parsing logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agowireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)
Hauke Mehrtens [Tue, 9 Oct 2018 20:57:52 +0000 (22:57 +0200)]
wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agowireless: Add Opportunistic Wireless Encryption (OWE)
Hauke Mehrtens [Tue, 9 Oct 2018 20:57:13 +0000 (22:57 +0200)]
wireless: Add Opportunistic Wireless Encryption (OWE)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agowireless: Add Simultaneous Authentication of Equals (SAE)
Hauke Mehrtens [Thu, 4 Oct 2018 20:34:48 +0000 (22:34 +0200)]
wireless: Add Simultaneous Authentication of Equals (SAE)

This adds PSK3 / SAE support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoiprule: coding style fixes
Hans Dedecker [Mon, 1 Oct 2018 20:24:26 +0000 (22:24 +0200)]
iprule: coding style fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiprule: fix segfault (FS#1875)
Hans Dedecker [Mon, 1 Oct 2018 15:52:01 +0000 (17:52 +0200)]
iprule: fix segfault (FS#1875)

Fix segfault in generic_interface_cb by checking the
IPRULE_OUT/IPRULE_IN flags before doing the strcmp for the possible
configured out/in interface(s) of the ip rule.
Also don't copy the interface layer3 device as the layer 3 device is
not yet known when IFEV_CREATE event is launched.
The layer3 device will be known when the IFEV_UP event is processed in
rule_out_cb/rule_in_cb.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoscripts: fix previous commit
Jo-Philipp Wich [Wed, 19 Sep 2018 14:55:00 +0000 (16:55 +0200)]
scripts: fix previous commit

Actually change the glob pattern as described in the previous commit.

Fixes: 3c8ac1c ("netifd: fix wpa mixed mode matching")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agonetifd: fix wpa mixed mode matching
Rick Farina (Zero_Chaos) [Wed, 19 Sep 2018 14:43:42 +0000 (10:43 -0400)]
netifd: fix wpa mixed mode matching

Change wpa mixed mode matching to not accidently catch wep+mixed.

All documented cases have the character between {wpa,psk} and mixed as a
'-' but no need to break things which were working, so preserve the *
case.

Reported-by: "Rick Farina (Zero_Chaos)" <zerochaos@gentoo.org>
[Allow "psk-mixed" to be prefixed, to align with the *psk2* and *psk* cases,
 slightly reword subject and commit message.]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agosystem-linux: enable by default ignore encaplimit for ip6 tunnels
Hans Dedecker [Mon, 17 Sep 2018 19:41:16 +0000 (21:41 +0200)]
system-linux: enable by default ignore encaplimit for ip6 tunnels

Enable ignore encaplimit by default for ip6 tunnels as not all ISPs support
the destination option header containing the tunnel encapsulation limit
resulting into broken map/ds-lite connectivity.
Setting the ignore encaplimit flag by default is a more sane setting as it
avoids user configuation of the encaplimit uci option for ds-lite/map tunnels
in case of broken connectivity.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoCMakeList: Check that compiler supports -Wimplicit-fallthrough
Florian Fainelli [Wed, 12 Sep 2018 00:14:19 +0000 (17:14 -0700)]
CMakeList: Check that compiler supports -Wimplicit-fallthrough

This is a GCC >= 7 feature, not all compilers support it.

Fixes: 908a9f4f1027 ("CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
6 years agointerface: let interface_set_down() return void
Hans Dedecker [Mon, 20 Aug 2018 12:28:00 +0000 (14:28 +0200)]
interface: let interface_set_down() return void

Let interface_set_down() return void as no usefull error code
is returned by __interface_set_down()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: make __interface_set_down() static
Hans Dedecker [Mon, 20 Aug 2018 12:21:06 +0000 (14:21 +0200)]
interface: make __interface_set_down() static

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: extend interface error messages in interface_set_up()
Hans Dedecker [Mon, 20 Aug 2018 11:53:17 +0000 (13:53 +0200)]
interface: extend interface error messages in interface_set_up()

Don't return an error code in interface_set_up as it's ignored anyway by the
calling functions; but rather add more interface error messages so the actual
problem is visible for the user by doing ifstatus <interface>

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: ensure NO_DEVICE error is always reported
Hans Dedecker [Fri, 17 Aug 2018 13:55:00 +0000 (15:55 +0200)]
interface: ensure NO_DEVICE error is always reported

Remove interface available checks in the functions interface_start_pending
and interface_handle_config_change so the NO_DEVICE error is reported in
ifstatus <interface> making it clear to the user the configured device in
ifname is not found

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodevice: gracefully handle device names exceeding IFNAMESIZ
Hans Dedecker [Sun, 12 Aug 2018 20:08:22 +0000 (22:08 +0200)]
device: gracefully handle device names exceeding IFNAMESIZ

Instead of truncating the device name when it exceeds IFNAMSIZ length;
let device_set_ifname return an error code and do not add the device
to the device list.
This avoids possible issues with device names becoming identical due the
truncation and as a result unexpected behavior.
Further let the different device types gracefully handle the error code
returned by device_init

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface-ip: always override downstream IPv6 mtu
Hans Dedecker [Sun, 5 Aug 2018 12:46:22 +0000 (14:46 +0200)]
interface-ip: always override downstream IPv6 mtu

Always override the downstream IPv6 mtu in case it differs with the IPv6 mtu
of the upstream link. This allows to increase the downstream IPv6 mtu in
case RA messages are received on the upstream link having a mtu attribute
higher than the downstream IPv6 mtu.
At the same be verbose when failing to set the IPv6 mtu on the downstream link.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agofix compile error
John Crispin [Mon, 30 Jul 2018 21:52:06 +0000 (23:52 +0200)]
fix compile error

netifd-2018-07-30-75ee7905/interface-ip.c:724:11: error: unused variable 'macaddr' [-Werror=unused-variable]

Signed-off-by: John Crispin <john@phrozen.org>
6 years agointerface-ip: fix eui64 ifaceid generation (FS#1668)
Hans Dedecker [Mon, 30 Jul 2018 19:19:47 +0000 (21:19 +0200)]
interface-ip: fix eui64 ifaceid generation (FS#1668)

Use the mac address stored in the device_settings struct to generate the
eui64 ifaceid as the interface layer3 device does not contain a mac address
for non bridge interfaces

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetifd: make sure the vlan ifname fits into the buffer
John Crispin [Mon, 16 Jul 2018 08:32:08 +0000 (10:32 +0200)]
netifd: make sure the vlan ifname fits into the buffer

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoiprule: remove bogus assert calls
Felix Fietkau [Wed, 25 Jul 2018 08:44:27 +0000 (10:44 +0200)]
iprule: remove bogus assert calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoiprule: fix broken in_dev/out_dev checks
Felix Fietkau [Wed, 25 Jul 2018 08:43:41 +0000 (10:43 +0200)]
iprule: fix broken in_dev/out_dev checks

Since they are both char arrays, they can never be NULL

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agovlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
Hans Dedecker [Mon, 16 Jul 2018 21:03:25 +0000 (23:03 +0200)]
vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoubus: display correct prefix size for IPv6 prefix address
Hans Dedecker [Mon, 16 Jul 2018 12:31:47 +0000 (14:31 +0200)]
ubus: display correct prefix size for IPv6 prefix address

Make sure the displayed prefix size is identical to the kernel installed
prefix size for local IPv6 prefix addresses

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoCMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
Alexander Couzens [Thu, 5 Jul 2018 01:13:03 +0000 (03:13 +0200)]
CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoproto-shell.c: add a explicit "fall through" comment to make the compiler happy
Alexander Couzens [Thu, 5 Jul 2018 01:12:26 +0000 (03:12 +0200)]
proto-shell.c: add a explicit "fall through" comment to make the compiler happy

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoreplace fall throughs in switch/cases where possible with simple code changes
Alexander Couzens [Fri, 29 Jun 2018 02:30:13 +0000 (04:30 +0200)]
replace fall throughs in switch/cases where possible with simple code changes

fall throughs are usually error-prone, especially when someone else extend
it.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiprule: rework interface based rules to handle dynamic interfaces
Alexander Couzens [Fri, 29 Jun 2018 21:15:28 +0000 (23:15 +0200)]
iprule: rework interface based rules to handle dynamic interfaces

Previous netifd would only apply `ip rule`s while config phase.
If the iprule is depending on an interface (iif or oif), the rule
will fail if the interface is not up.

Allow iprules to track interfaces and their devices by using
the interface events.

Fixes: FS#1571
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
6 years agoIntroduce new interface event "create" (IFEV_CREATE)
Alexander Couzens [Fri, 29 Jun 2018 03:23:14 +0000 (05:23 +0200)]
Introduce new interface event "create" (IFEV_CREATE)

"create" will be called before the proto handlers initialised.

Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
6 years agosystem-linux: fix build error on older kernels
Felix Fietkau [Wed, 4 Jul 2018 19:15:58 +0000 (21:15 +0200)]
system-linux: fix build error on older kernels

Add an #ifdef guard around 56000base* definitions, which don't exist on
Linux 3.18

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agosystem-linux: adjust bridge isolate mode for upstream attribute naming
Felix Fietkau [Wed, 4 Jul 2018 17:48:03 +0000 (19:48 +0200)]
system-linux: adjust bridge isolate mode for upstream attribute naming

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agosystem-linux: extend link mode speed definitions
Hans Dedecker [Tue, 3 Jul 2018 13:49:18 +0000 (15:49 +0200)]
system-linux: extend link mode speed definitions

Add all available link mode speed definitions as defined in ethtool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: add autoneg and link-partner output
Joe Holden [Wed, 27 Jun 2018 21:14:33 +0000 (22:14 +0100)]
system-linux: add autoneg and link-partner output

This adds an array that contains the link modes advertised by the other device and also
indicates whether auto negotiation is true or false.

link-partner may or may not be populated depending on hardware, driver and/or settings.

Signed-off-by: Joe Holden <jwh@zorins.co.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: make encaplimit configurable for ip6 tunnels (FS#1501)
Hans Dedecker [Tue, 29 May 2018 20:40:00 +0000 (22:40 +0200)]
system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)

Make encapsulation limit of IP6 tunnels configurable for the ds-lite/map
proto shell handlers as not all ISPs support the destination option header
containing the tunnel encapsulation limit value as reported in FS#1501.

The IP6 tunnel specific setting encaplimit is parsed as a nested json
data object; setting it to ignore disables the insertion of the
destination option header while a value from 0 till 255 sets the
tunnel encapsulation limit accordingly in the destination option header.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonterface-ip: remove superfluous iface check in interface_ip_set_enabled()
Hans Dedecker [Thu, 26 Apr 2018 20:40:24 +0000 (22:40 +0200)]
nterface-ip: remove superfluous iface check in interface_ip_set_enabled()

No need to check iface pointer in interface_ip_set_enabled as the
interface is always set by the function __interface_ip_init().
Reported by Coverity in CID 1330437

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: fix strncpy bounds
Hans Dedecker [Sun, 22 Apr 2018 20:23:49 +0000 (22:23 +0200)]
system-linux: fix strncpy bounds

Fix strncpy bounds as reported by Coverity in CID 14349881328977,
13289531328952132895113289501328949 and 1328944.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agowireless: include noscan option in common wdev vars
Daniel Golle [Fri, 20 Apr 2018 05:27:16 +0000 (07:27 +0200)]
wireless: include noscan option in common wdev vars

'noscan' can be passed down to wpa_supplicant to enforce channel
settings in mesh mode. Allow hostapd.sh to take care of it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agosystem-linux: check ioctl return value in system_vlan()
Hans Dedecker [Mon, 16 Apr 2018 11:02:28 +0000 (13:02 +0200)]
system-linux: check ioctl return value in system_vlan()

Detected by Coverity in CID 1433754

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: check ioctl return value in system_if_flags()
Hans Dedecker [Sat, 14 Apr 2018 19:15:42 +0000 (21:15 +0200)]
system-linux: check ioctl return value in system_if_flags()

Detected by Coverity in CID 1433760

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: fix segfault on alloc failure in system_if_check()
Hans Dedecker [Sat, 14 Apr 2018 19:05:25 +0000 (21:05 +0200)]
system-linux: fix segfault on alloc failure in system_if_check()

Detected by Coverity in CID 1433686

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: fix segfault on error in system_add_ip6_tunnel()
Hans Dedecker [Sat, 14 Apr 2018 18:58:42 +0000 (20:58 +0200)]
system-linux: fix segfault on error in system_add_ip6_tunnel()

Detected by Coverity in CID 1430884

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agohandler: fix resource leak on error in netifd_init_script_handlers()
Hans Dedecker [Thu, 12 Apr 2018 20:46:35 +0000 (22:46 +0200)]
handler: fix resource leak on error in netifd_init_script_handlers()

Detected by Coverity in CID 1412486

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: remove unnecessary open call in system_if_dump_info()
Hans Dedecker [Thu, 12 Apr 2018 20:36:38 +0000 (22:36 +0200)]
system-linux: remove unnecessary open call in system_if_dump_info()

Detected by coverity in CID 1329735

6 years agosystem-linux: fix memory leak on error in system_add_vxlan()
Hans Dedecker [Thu, 12 Apr 2018 20:14:52 +0000 (22:14 +0200)]
system-linux: fix memory leak on error in system_add_vxlan()

Detected by coverity in CID 1412449

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface-ip: fix memory leak on error in interface_update_prefix_assignments()
Hans Dedecker [Thu, 12 Apr 2018 20:08:18 +0000 (22:08 +0200)]
interface-ip: fix memory leak on error in interface_update_prefix_assignments()

Detected by coverity in CID 141267

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agointerface: fix "ifup-failed" hotplug event handling
Martin Schiller [Tue, 10 Apr 2018 04:21:39 +0000 (06:21 +0200)]
interface: fix "ifup-failed" hotplug event handling

The ifup-failed event should only be triggered when the former
interface state is IFS_SETUP.

Otherwise, there will also be an ifup-failed event in the
IFS_TEARDOWN stateif you do an manual ifdown <IFC>.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
6 years agointerface-ip: fix memory leak in interface_ip_add_target_route()
Hans Dedecker [Sun, 1 Apr 2018 10:21:38 +0000 (12:21 +0200)]
interface-ip: fix memory leak in interface_ip_add_target_route()

Commit 9c8d781 introduced a memory leak in interface_ip_add_target_route
in case interface_ip_find_addr_target returns true for a given address
by not freeing the previously allocated route.
While at it rework the logic so a host route is only allocated when it's
really required.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetifd: return the interface for locally addressable host dependencies (FS#1452)
Felix Fietkau [Tue, 27 Mar 2018 09:28:54 +0000 (11:28 +0200)]
netifd: return the interface for locally addressable host dependencies (FS#1452)

Fixes an issue where interfaces with host dependencies that resolve to a
local subnet stay down.

Fixes: 1f5a29c3de6e ("ip: do not add local routes for host dependencies")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agointerface-ip: fix route selection for host dependencies
Felix Fietkau [Tue, 13 Mar 2018 12:05:28 +0000 (13:05 +0100)]
interface-ip: fix route selection for host dependencies

In order to find the best match, allow overriding the last found entry
if route->mask for the new entry is bigger than the one from the previous
entry.

Patch submitted by 'Mikael' in FS#1358

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agodevice: add support for setting the isolate options for bridge ports
Felix Fietkau [Tue, 13 Mar 2018 11:52:43 +0000 (12:52 +0100)]
device: add support for setting the isolate options for bridge ports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoip: do not add local routes for host dependencies
Felix Fietkau [Wed, 7 Mar 2018 22:14:57 +0000 (23:14 +0100)]
ip: do not add local routes for host dependencies

This avoids creating invalid routes in cases where another daemon is
handling local routes for an interface, e.g. on mesh interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoremove rps/xps configuration support
Felix Fietkau [Mon, 26 Feb 2018 11:21:00 +0000 (12:21 +0100)]
remove rps/xps configuration support

It is overly complex, yet does not cover common scenarios very well.
It will be replaced with a simpler shell script that provides a better
default policy

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agonetifd-proto: add proto_config_add_array wrapper
Hans Dedecker [Mon, 5 Feb 2018 08:57:47 +0000 (09:57 +0100)]
netifd-proto: add proto_config_add_array wrapper

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosystem-linux: VXLAN: add options to enable and disable UDP checksums
Matthias Schiffer [Wed, 24 Jan 2018 12:21:44 +0000 (13:21 +0100)]
system-linux: VXLAN: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoproto: allow dumping protocol handlers without config_params
Olof Sivertsson [Wed, 3 Jan 2018 09:35:13 +0000 (10:35 +0100)]
proto: allow dumping protocol handlers without config_params

When ubus invokes proto_dump_handlers, and a struct proto_handler has
been added with a NULL config_params, a segmentation fault occurs.

Avoid this segmentation fault by checking for a NULL config_params
before further access.

Signed-off-by: Olof Sivertsson <olof.sivertsson@zenterio.com>
7 years agointerface-ip: harden eui64 IPv6 prefix address generation
Hans Dedecker [Thu, 14 Dec 2017 13:13:35 +0000 (14:13 +0100)]
interface-ip: harden eui64 IPv6 prefix address generation

Check if a mac address is actually present when generating an eui64 based
IPv6 address; in case of failure bail out.
At the same time make sure the active mac address is used as input for the
eui64 based IPv6 address and guarantee IPv6 prefix address generation is
based on the actual config by resetting the IPv6 prefix address in the
assignment structure when it gets deleted.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agointerface-ip: fix race condition in IPv6 prefix address generation
Hans Dedecker [Thu, 14 Dec 2017 13:13:34 +0000 (14:13 +0100)]
interface-ip: fix race condition in IPv6 prefix address generation

Don't generate an IPv6 prefix address without taking into account the
interface state. In case eui64 is configured to generate the ifaceid this
could fail as the layer3 device mac address could not yet be available if
the interface is not yet in setup or up state.
While at it remove the interface metric assignment as this is already done
by the function interface_set_route_info.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agohandler: replace is_error() helper with NULL check
Alexandru Ardelean [Fri, 8 Dec 2017 14:22:13 +0000 (16:22 +0200)]
handler: replace is_error() helper with NULL check

The `is_error()` is just a macro that checks
that object is NULL (which is considered an error
in libjson-c terminology).

Newer libjson-c versions have deprecated this.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
7 years agointerface-ip: add missing IPv6 policy rule
Hans Dedecker [Thu, 16 Nov 2017 14:42:41 +0000 (15:42 +0100)]
interface-ip: add missing IPv6 policy rule

Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
table support; as a result for IPv6 the prefix route linked to the IPv6
address is added to the specified IPv6 interface routing table.
In order to route traffic having as destination the IPv6 prefix a policy
rule is required using the prefix destination as policy so the traffic is
passed to the correct routing table.
The IPv6 prefix address logic was not installing this policy rule effectively
breaking routing when trying to reach a global or ULA IPv6 address in the
lan from either the device or another wan device.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoproto: add point-to-point IPv4 address config support (FS#1037)
Hans Dedecker [Tue, 17 Oct 2017 20:16:43 +0000 (22:16 +0200)]
proto: add point-to-point IPv4 address config support (FS#1037)

Add config support support for point-to-point IPv4 addresses by providing
the uci parameter ptpaddr. This allows to support a gateway being in a
different subnet than the assigned IP by modeling the local IP having a
point-to-point address.
This is similar to the point-to-point IPv4 address support already present
for the protocol handlers.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoubus: display the point-to-point IPv4 address
Hans Dedecker [Tue, 17 Oct 2017 20:16:44 +0000 (22:16 +0200)]
ubus: display the point-to-point IPv4 address

Display the point-to-point IPv4 address as well when dumping
the IP address list in ubus.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoubus: fix ubus error code on reload failure
Hans Dedecker [Sat, 7 Oct 2017 17:46:44 +0000 (19:46 +0200)]
ubus: fix ubus error code on reload failure

Return the more approriate error code UBUS_STATUS_NOT_FOUND in case
network reload fails

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoconfig: suppress error if no wireless config present (FS#1030)
Hans Dedecker [Fri, 6 Oct 2017 14:56:42 +0000 (16:56 +0200)]
config: suppress error if no wireless config present (FS#1030)

Wireless config is optional as not all targets have a wireless interface;
therefore don't report an error if the wireless config is missing so
network reload is not reporting an error to the user.
While at it use netifd_log_message to print an error if the config cannot
be loaded.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: add support for hotplug event 'move'
Martin Schiller [Thu, 28 Sep 2017 08:32:28 +0000 (10:32 +0200)]
system-linux: add support for hotplug event 'move'

If you rename a network interface, there is a move uevent
invoked instead of remove/add.

This patch adds support for this kind of event.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: parse map-e fmrs parameters as nested data json object
Hans Dedecker [Sun, 27 Aug 2017 19:48:28 +0000 (21:48 +0200)]
system-linux: parse map-e fmrs parameters as nested data json object

Parse map-e fmrs parameters IPv6 prefix, IPv4 prefix, ealen and offset
as array elements nested in a data json object.
At the same time remove the now obsolete TUNNEL_ATTR_FMRS tunnel attribute.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoallow setting rps/xps defualt values via uci
John Crispin [Tue, 22 Aug 2017 07:10:58 +0000 (09:10 +0200)]
allow setting rps/xps defualt values via uci

Signed-off-by: John Crispin <john@phrozen.org>
7 years agosystem: remove unused 6rd tunnel attributes
Hans Dedecker [Mon, 21 Aug 2017 17:32:25 +0000 (19:32 +0200)]
system: remove unused 6rd tunnel attributes

Commit 7573880ac042c6e5c8d48b1ad83d357b5e02743b added support for 6rd
attributes as a nested json data object which makes the attributes
TUNNEL_ATTR_6RD_PREFIX and TUNNEL_ATTR_6RD_RELAY_PREFIX unused

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agonetifd: allow negative neighlocktime values
Alin Năstac [Thu, 17 Aug 2017 12:12:05 +0000 (14:12 +0200)]
netifd: allow negative neighlocktime values

When -1 is written in /proc/sys/net/ipv4/neigh/<iface>/locktime,
kernel disables ARP trashing protection. A value of 0 does not completely
disable this protection, a second ARP update being discarded if it
is processed during the same jiffie as the first update.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
7 years agosystem-linux: parse ipv6 specific tunnel settings as nested data json
Hans Dedecker [Tue, 15 Aug 2017 20:00:14 +0000 (22:00 +0200)]
system-linux: parse ipv6 specific tunnel settings as nested data json
object

7 years agosystem-linux: fix GRE ikey/okey endianness
Stijn Tintel [Fri, 21 Jul 2017 18:57:47 +0000 (20:57 +0200)]
system-linux: fix GRE ikey/okey endianness

The kernel expects IFLA_GRE_IKEY and IFLA_GRE_OKEY to be in network byte
order, so convert the values from host byte order.

Fixes ikey/okey on little endian systems.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agonetifd: Fix printf calls + function declarations.
Rosen Penev [Mon, 26 Jun 2017 00:18:06 +0000 (17:18 -0700)]
netifd: Fix printf calls + function declarations.

cppcheck found printf functions with signed instead of unsigned
formats. Fix those as well as some non-matching function
declarations.

Signed-off by: Rosen Penev <rosenp@gmail.com>

7 years agoubus: remove superfluous error check in netifd_add_dynamic
Hans Dedecker [Tue, 13 Jun 2017 11:33:56 +0000 (13:33 +0200)]
ubus: remove superfluous error check in netifd_add_dynamic

Check for main device and main device having default config for a dynamic
interface was orginally added in commit 266d92dd83bd5bfe520f3e2838794bf9bb827c07
with as purpose to set the device config. The latter was later removed in
commit 4bf89afc22b43d5bd155d32d3998348a77179c1a which makes the device checks
superfluous.

Also not all interfaces have a main device (eg tunnel interfaces) resulting
into netifd_add_dynamic returning an error code when such interfaces are added.
As an example 6rd interfaces dynamically added by the DHCP script the log
messages are cluttered with the trace 'wan (7803): Command failed: Unknown error'
after each DHCP renew.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoiprule: coding style line up
Hans Dedecker [Sun, 11 Jun 2017 13:08:19 +0000 (15:08 +0200)]
iprule: coding style line up

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoiprule: Add option to suppress unspecific routing lookups
Stefan Tomanek [Wed, 7 Jun 2017 10:47:04 +0000 (12:47 +0200)]
iprule: Add option to suppress unspecific routing lookups

After applying this patch, policy routing rules can be employed that ignore
parts of a routing table. The following config snippet ignores routing lookups
from the specified main routing table yielding the default route, passing the
lookup process on to the next rule (that might provide a special default route
for marked packets):

config rule
option priority 10
# check main routing table first, but ignore default route result
option lookup main
option suppress_prefixlength 0

config rule
option priority 11
# use special routing table for marked packets
# (unless already consumed by previous rule)
option mark 0xFF
option lookup 100

The result is a ruleset like this (only visible using the full 'ip' binary):

 # ip rule
 0: from all lookup local
 10: from all lookup main suppress_prefixlength 0
 11: from all fwmark 0xff lookup 100
 32766: from all lookup main
 32767: from all lookup default
 #

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
7 years agosystem-linux: fix 6rd regression
Hans Dedecker [Sat, 27 May 2017 11:07:33 +0000 (13:07 +0200)]
system-linux: fix 6rd regression

Fix 6rd regression introduced in commit 7573880ac042c6e5c8d48b1ad83d357b5e02743b

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: parse 6rd specific settings as nested json data object
Hans Dedecker [Fri, 19 May 2017 10:05:55 +0000 (12:05 +0200)]
system-linux: parse 6rd specific settings as nested json data object

Parse 6rd specific settings prefix, relay-prefix as nested json data objects.
At the same time improve 6rd error handling.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: remove redundant check for strtoul() return value
Khem Raj [Fri, 19 May 2017 00:02:14 +0000 (17:02 -0700)]
system-linux: remove redundant check for strtoul() return value

Fixes
system-linux.c:1998:33: error: comparison of unsigned expression >= 0 is always true [-Werror,-Wtautological-compare]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
7 years agobuild: disable unknown warning option error in clang
Felix Fietkau [Tue, 9 May 2017 10:56:07 +0000 (12:56 +0200)]
build: disable unknown warning option error in clang

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agointerface: add new "ifup-failed" hotplug event
Martin Schiller [Fri, 31 Mar 2017 06:31:39 +0000 (08:31 +0200)]
interface: add new "ifup-failed" hotplug event

This hook makes it possible to do some helper work in hotplug scripts
when a connection is not established successfully.

example: try several username/passwords from a pool to establish a
pppoe or wwan connection by replacing the configured values of the
connection in a hotplug script.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
7 years agobridge: reset primary only after marking the member not present
Alex Oprea [Mon, 8 May 2017 14:30:13 +0000 (16:30 +0200)]
bridge: reset primary only after marking the member not present

Run the bridge_reset_primary function only after the member being removed
has been marked as not present.
This change prevents the bridge_reset_primary function from choosing the
member being removed as the new primary member.

Signed-off-by: Alex Oprea <alex.oprea@inteno.se>
7 years agobuild: suppress format truncation warnings to avoid errors with gcc7
Felix Fietkau [Thu, 4 May 2017 13:49:53 +0000 (15:49 +0200)]
build: suppress format truncation warnings to avoid errors with gcc7

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoubus: add interface method to trigger renew event
Matthias Schiffer [Wed, 12 Apr 2017 17:53:20 +0000 (19:53 +0200)]
ubus: add interface method to trigger renew event

Not all topology or connectivity changes may be detected by netifd,
depending on the underlying technology (e.g. VPN software); this adds a way
to explicitly trigger a renew.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: allow "throw" route type
Matthias Schiffer [Fri, 14 Apr 2017 00:24:08 +0000 (02:24 +0200)]
system-linux: allow "throw" route type

system_rtn_aton() was already parsing "throw" correctly, but system_rt()
did now allow it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agonetifd: propagate error code on netifd_reload()
Alexandru Ardelean [Mon, 27 Mar 2017 06:35:04 +0000 (09:35 +0300)]
netifd: propagate error code on netifd_reload()

The context is that we generate some of the UCI config
for netifd via scripts/programs.

Every once in a while, there's a goof when doing that
UCI generation, and netifd prints out the error at
stderr, but returns 0 (success) err-code.

This change will fail the ubus call if UCI config
is invalid or missing for /etc/config/network.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agointerface-ip: fix device name for IPv6 link-local DNS server
Hans Dedecker [Mon, 3 Apr 2017 07:47:08 +0000 (09:47 +0200)]
interface-ip: fix device name for IPv6 link-local DNS server

Commit 235a02424c3ab1b59308895c4f00395dacf2557c adds support for IPv6 link-local
DNS server by appending the device name; however the interface ifname parameter
does not always contain the layer 3 device name (e.g it can hold the aliased
interface name)
Fix this by passing the device name of the referenced layer 3 device.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agointerface-ip: set prefix indicator flag when IPv6 prefix lifetime changes
Hans Dedecker [Thu, 9 Mar 2017 16:33:00 +0000 (17:33 +0100)]
interface-ip: set prefix indicator flag when IPv6 prefix lifetime changes

Trigger interface update event when IPv6 prefix lifetime changes by setting
the prefix indicator flag to inform external subsystems (eg hnetd) about IPv6
prefix lifetime changes.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: parse vti specific settings as nested json data object
Hans Dedecker [Tue, 14 Mar 2017 20:36:39 +0000 (21:36 +0100)]
system-linux: parse vti specific settings as nested json data object

Parse vti specific settings ikey and okey as nested json data object.
At the same time remove the now obsolete TUNNEL_ATTR_INFO attribute.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: parse gre specific settings as nested json data object
Hans Dedecker [Tue, 14 Mar 2017 20:36:38 +0000 (21:36 +0100)]
system-linux: parse gre specific settings as nested json data object

Parse gre specific settings ikey, okey, icsum, ocsum, iseqno and oseqno
as nested json data object

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosystem-linux: add VXLAN support
Matthias Schiffer [Tue, 28 Feb 2017 09:57:05 +0000 (10:57 +0100)]
system-linux: add VXLAN support

VXLAN shares many attributes with the tunnel devices, so it is implemented
as a new tunnel type. The 'remote' attribute can be used for an unicast
peer or a multicast group.

The IANA-assigned port 4789 is used by default, instead of the non-standard
port Linux defaults to.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agonetifd: Add option to configure locktime for each device
Alin Năstac [Tue, 17 Jan 2017 15:16:04 +0000 (16:16 +0100)]
netifd: Add option to configure locktime for each device

The UCI parameter neighlocktime allows to control the hardware
address to IP mapping lock time in the IPv4 neighbour table.

The IPv6 lock time was not set because it is not used at all in any
kernel versions, hardware address override being controlled in this case
by the override flag present in the NA packet.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
7 years agointerface: add prefix assignment priority support
Hans Dedecker [Tue, 31 Jan 2017 15:46:15 +0000 (16:46 +0100)]
interface: add prefix assignment priority support

In case of prefix delegation prefixes are assigned to one or more
configured downstream interfaces. The delegated prefix length in
combination with the assignment length of the downstream interfaces
determines the number of subnets which can be allocated from the
delegated prefix.
The interface ip6weight parameter allows to prioritize the allocation
of subnets to interfaces in case of multiple configured downstream
interfaces.

The order of interface prefix assignment from a delegated prefix is
based on the following parameters:
- Primary key is prefix assignment based on the configured interface ip6hint
- Secondary key is the requested downstream interface prefix length,
  interfaces configured with the smallest ip6hint will be assigned first
- Third key is the assigned interface ip6weight in case of equal prefix
  assignment length; interfaces having the highest ip6weight will be
  assigned first
- Finally the alphabetical order of the interfaces in case of equal
  ip6weight

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
7 years agodevice: add veth support
Matthias Schiffer [Fri, 10 Feb 2017 05:30:17 +0000 (06:30 +0100)]
device: add veth support

The veth config code mostly handles the primary interface of a veth pair,
the secondary interface is not explicitly referenced and will be found as
an unrelated interface after the pair has been created.

This doesn't only allow us to keep the veth code simple (and similar to
existing device handlers), but will also avoid complicating handling
unnecessarily in case the secondary interface is moved into another network
namespace.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agowireless: fix _wireless_add_process
Günther Kelleter [Wed, 8 Feb 2017 15:47:22 +0000 (16:47 +0100)]
wireless: fix _wireless_add_process

The pid is in $1, not $pid.
Use proper test condition for nonmatching exe warning.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
7 years agotreewide: fix white space errors
Hans Dedecker [Tue, 31 Jan 2017 08:30:27 +0000 (09:30 +0100)]
treewide: fix white space errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>