GitLab

In order to avoid a routing loop add an unreachable route for the
address prefix is the offlink flag is set for an address.
This fixes a routing loop which is currently present on point-to-point
links (e.g PPP) when the wan interface is assigned a globally unique
prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked
and installed on the wan interface
(e.g. 2001:db8:1:0:5054:ff:feab:d87c/64)

The prefix route 2001:db8:1::/64 would be present in the routing table
which will route any packet with as destination 2001:db8:1::/64 to the wan
interface and would be routed back by the upstream router due to the
wan interface due to the assigned global unique prefix.
Besides not installing the prefix route 2001:db8:1::/64 on point-to-point links
adding an unreachable route is required to avoid the routing loop.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

When using a global hostapd/wpa_supplicant instance, it should not be killed
if a single radio is torn down
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Need to check the type of the vlan device, not the underlying device
Signed-off-by: Felix Fietkau <nbd@nbd.name>

seg6_enabled - Bool
  Accept or drop SR-enabled IPv6 packets on this interface.

More Information:
https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html



Now you can set as interface option
  option ip6segmentrouting '1'

It is not enough to turn on "seg6_enabled" on the interface. Further,
we have to enable "/all/seg6_enabled". This means that a working config
is "interface + all".
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [style fixes]

Example:
{
	"network-device": {
		"eth0": {
			"macaddr": "bc:a5:11:16:76:d7"
		}
	}
}
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Mask flags against apply_mask only once instead of once per field
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

This can be used to generate default network configurations that define
the lan/wan interfaces as vlandevs with custom names and specify the actual
VLAN ID only in the bridge-vlan section without repeating it elsewhere
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

When netifd tries to add bridge members brought up by hostapd asynchronously
(e.g. after an autochannel run), the first try often fails with EBUSY or
EAGAIN, since it's racing against hostapd's own setup.
Add retry logic, which includes checking if the device was added to the
bridge in the meantime to deal with this issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>

We need to detect when devices are present, because they can be created
asynchronously by hostapd after they have already been added by the wifi
setup script
Signed-off-by: Felix Fietkau <nbd@nbd.name>

When defining a bridge-vlan like this:

config bridge-vlan
	option device 'switch0'
	option vlan '1'
	option ports 'lan1 lan2 lan3 lan4'
	option alias 'lan'

You can use switch0.lan instead of switch0.1 to refer to the VLAN.
This ensures that the VLAN ID can be kept in a single place in the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>

On wireless interfaces, hostapd can sometimes defer the bringup of secondary
virtual interfaces until autochannel or coex scan completes.
Do not force the present state in that case in order to avoid attempting
to bring up the device before it is ready
Signed-off-by: Felix Fietkau <nbd@nbd.name>

This allows vlan devices to access bridge vlan data safely, regardless
of the order in which sections appear in the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>

When preparing the interface for hotplug add, pass the bridge
device back to the caller, since it may not match the original device
Signed-off-by: Felix Fietkau <nbd@nbd.name>

After settting config_pending for vlan devices, a check_state call from
device_init_pending was leading to the vlan device present state being
overwritten because the linux device didn't exist yet, even though the
vlan code had already indicated its present state based on the lower dev.
Signed-off-by: Felix Fietkau <nbd@nbd.name>

When VLAN filtering is enabled, but no vlans are defined, the implicit
VLANs should stay, so that forwarding between ports still works.
This is useful for setups where VLANs are assigned by external scripts
instead of being configured via netifd
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Fixes an issue with bringing up VLANs/bridges too early
Signed-off-by: Felix Fietkau <nbd@nbd.name>

When removing the device reference, the core might free the device.
Use device_lock/unlock to keep the reference valid until it is no longer needed
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Fixes cleanup of port state
Signed-off-by: Felix Fietkau <nbd@nbd.name>

List vlans with member ports, VLAN IDs and flags
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Only used for 802.1q devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

At the moment, dnsmasq initscript generates dhcp-range for an interface
by inspecting first address of that interface from netifd ubus output.

Order by address index as specified in the uci config makes netifd ubus
output consistent with linux network interfaces' primary/secondary
address settings.  More importantly, the ubus output and dnsmasq config
generation will be more predictable.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

This is a preparation for the next commit to record address index for
the returned device_addr struct
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>

Name of the libnl .pc file is libnl-3.0.pc

This commit is mainly for testing netifd build on usual Linux systems.

netifd Makefile in current OpenWrt build system specifies custom cmake
flags to directly point to libnl-tiny
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>

For both options the values can just be passed to the kernel. All
unsigned values are accepted, thus no range checking required.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>

adds the folloing missing options:
  - learning
  - rsc
  - proxy
  - l2miss
  - l3miss
  - gbp

See ip-link(3) for their meaning.

still missing:
  - external
  - gpe

I'm not sure how to handle them at the moment. It's unclear to me what
IFLA_VXLAN_* value corresponds to the 'external' option and according to
the manpage, gpe depends on it.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>

Add a small function to handle boolean options and make use of it to handle:
  - rxcsum
  - txcsum
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>

This adds adds the ability to set the source port range for vxlan
interfaces.

By default vxlans will use a random port within the ephermal range as
source ports for packets. This is done to aid scaleability within a
datacenter.

But with these defaults it's impossible to punch through NATs or
traverese most stateful firewalls easily. One solution is to fix the
srcport to the same as dstport.

If only srcportmin is specified, then srcportmax is set in a way that
outgoing packets will only use srcportmin.

If a range is to be specified, srcportmin and srcportmax have to be
specified. srcportmax is exclusive.

If only srcportmax is specified, the value is ignored and defaults are
used.
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>

Support Hotspot 2.0 online signup with encryption, either as only
encryption type of a dedicated SSID or together with WPA-EAP for
single SSID setups.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Clear the host bits of the device prefix in
interface_ip_add_device_prefix as interface_set_prefix_address just ORs
the calculated assignment part which would lead to an invalid IPv6
address if the host bits are not masked out
Suggested-by: Daniel Gröber <dxld@darkboxed.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Fixes a potential memory leak
Signed-off-by: Felix Fietkau <nbd@nbd.name>

The user may have configured a VLAN device with explicit settings and the same
name by adding a config device section
Signed-off-by: Felix Fietkau <nbd@nbd.name>