return true;
}
+static bool
+system_tos_aton(const char *src, unsigned *dst)
+{
+ char *e;
+
+ *dst = strtoul(src, &e, 16);
+ if (e == src || *e || *dst > 255)
+ return false;
+
+ return true;
+}
+
int system_init(void)
{
static struct event_socket rtnl_event;
system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val);
}
+static void system_set_rpfilter(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val);
+}
+
+static void system_set_acceptlocal(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", dev->ifname, val);
+}
+
+static void system_set_igmpversion(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", dev->ifname, val);
+}
+
+static void system_set_mldversion(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", dev->ifname, val);
+}
+
+static void system_set_neigh4reachabletime(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", dev->ifname, val);
+}
+
+static void system_set_neigh6reachabletime(struct device *dev, const char *val)
+{
+ system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", dev->ifname, val);
+}
+
static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz)
{
int fd = -1, ret = -1;
dev->ifname, buf, buf_sz);
}
-#ifndef IFF_LOWER_UP
-#define IFF_LOWER_UP 0x10000
-#endif
+static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_acceptlocal(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_igmpversion(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_mldversion(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_neigh4reachabletime(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms",
+ dev->ifname, buf, buf_sz);
+}
+
+static int system_get_neigh6reachabletime(struct device *dev, char *buf, const size_t buf_sz)
+{
+ return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms",
+ dev->ifname, buf, buf_sz);
+}
// Evaluate netlink messages
static int cb_rtnl_event(struct nl_msg *msg, void *arg)
struct nlmsghdr *nh = nlmsg_hdr(msg);
struct ifinfomsg *ifi = NLMSG_DATA(nh);
struct nlattr *nla[__IFLA_MAX];
+ int link_state = 0;
+ char buf[10];
if (nh->nlmsg_type != RTM_NEWLINK)
goto out;
goto out;
struct device *dev = device_get(nla_data(nla[IFLA_IFNAME]), false);
- if (!dev)
+ if (!dev || dev->type->keep_link_status)
goto out;
- device_set_ifindex(dev, ifi->ifi_index);
- device_set_link(dev, ifi->ifi_flags & IFF_LOWER_UP ? true : false);
+ if (!system_get_dev_sysctl("/sys/class/net/%s/carrier", dev->ifname, buf, sizeof(buf)))
+ link_state = strtoul(buf, NULL, 0);
+
+ device_set_link(dev, link_state ? true : false);
out:
return 0;
static char *system_get_bridge(const char *name, char *buf, int buflen)
{
char *path;
- ssize_t len;
+ ssize_t len = -1;
glob_t gl;
snprintf(buf, buflen, "/sys/devices/virtual/net/*/brif/%s/bridge", name);
if (glob(buf, GLOB_NOSORT, NULL, &gl) < 0)
return NULL;
- if (gl.gl_pathc == 0)
- return NULL;
+ if (gl.gl_pathc > 0)
+ len = readlink(gl.gl_pathv[0], buf, buflen);
+
+ globfree(&gl);
- len = readlink(gl.gl_pathv[0], buf, buflen);
if (len < 0)
return NULL;
return system_bridge_if(bridge->ifname, dev, SIOCBRDELIF, NULL);
}
-static int system_if_resolve(struct device *dev)
+int system_if_resolve(struct device *dev)
{
struct ifreq ifr;
strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name));
struct nl_msg *msg;
struct nlattr *linkinfo, *data;
struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, };
- int ifindex = system_if_resolve(dev);
int i, rv;
static const struct {
const char *name;
{ "passthru", MACVLAN_MODE_PASSTHRU },
};
- if (ifindex == 0)
- return -ENOENT;
-
msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL);
if (!msg)
if (cfg->flags & MACVLAN_OPT_MACADDR)
nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr);
nla_put_string(msg, IFLA_IFNAME, macvlan->ifname);
- nla_put_u32(msg, IFLA_LINK, ifindex);
+ nla_put_u32(msg, IFLA_LINK, dev->ifindex);
if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO)))
goto nla_put_failure;
struct nl_msg *msg;
struct nlattr *linkinfo, *data;
struct ifinfomsg iim = { .ifi_family = AF_UNSPEC };
- int ifindex = system_if_resolve(dev);
int rv;
- if (ifindex == 0)
- return -ENOENT;
-
msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL);
if (!msg)
nlmsg_append(msg, &iim, sizeof(iim), 0);
nla_put_string(msg, IFLA_IFNAME, vlandev->ifname);
- nla_put_u32(msg, IFLA_LINK, ifindex);
+ nla_put_u32(msg, IFLA_LINK, dev->ifindex);
if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO)))
goto nla_put_failure;
s->ipv6 = !strtoul(buf, NULL, 0);
s->flags |= DEV_OPT_IPV6;
}
+
+ if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) {
+ s->promisc = ifr.ifr_flags & IFF_PROMISC;
+ s->flags |= DEV_OPT_PROMISC;
+ }
+
+ if (!system_get_rpfilter(dev, buf, sizeof(buf))) {
+ s->rpfilter = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_RPFILTER;
+ }
+
+ if (!system_get_acceptlocal(dev, buf, sizeof(buf))) {
+ s->acceptlocal = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_ACCEPTLOCAL;
+ }
+
+ if (!system_get_igmpversion(dev, buf, sizeof(buf))) {
+ s->igmpversion = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_IGMPVERSION;
+ }
+
+ if (!system_get_mldversion(dev, buf, sizeof(buf))) {
+ s->mldversion = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_MLDVERSION;
+ }
+
+ if (!system_get_neigh4reachabletime(dev, buf, sizeof(buf))) {
+ s->neigh4reachabletime = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_NEIGHREACHABLETIME;
+ }
+
+ if (!system_get_neigh6reachabletime(dev, buf, sizeof(buf))) {
+ s->neigh6reachabletime = strtoul(buf, NULL, 0);
+ s->flags |= DEV_OPT_NEIGHREACHABLETIME;
+ }
}
void
}
if (s->flags & DEV_OPT_IPV6 & apply_mask)
system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1");
+ if (s->flags & DEV_OPT_PROMISC & apply_mask) {
+ if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0,
+ !s->promisc ? IFF_PROMISC : 0) < 0)
+ s->flags &= ~DEV_OPT_PROMISC;
+ }
+ if (s->flags & DEV_OPT_RPFILTER & apply_mask) {
+ char buf[2];
+
+ snprintf(buf, sizeof(buf), "%d", s->rpfilter);
+ system_set_rpfilter(dev, buf);
+ }
+ if (s->flags & DEV_OPT_ACCEPTLOCAL & apply_mask)
+ system_set_acceptlocal(dev, s->acceptlocal ? "1" : "0");
+ if (s->flags & DEV_OPT_IGMPVERSION & apply_mask) {
+ char buf[2];
+
+ snprintf(buf, sizeof(buf), "%d", s->igmpversion);
+ system_set_igmpversion(dev, buf);
+ }
+ if (s->flags & DEV_OPT_MLDVERSION & apply_mask) {
+ char buf[2];
+
+ snprintf(buf, sizeof(buf), "%d", s->mldversion);
+ system_set_mldversion(dev, buf);
+ }
+ if (s->flags & DEV_OPT_NEIGHREACHABLETIME & apply_mask) {
+ char buf[12];
+
+ snprintf(buf, sizeof(buf), "%d", s->neigh4reachabletime);
+ system_set_neigh4reachabletime(dev, buf);
+ snprintf(buf, sizeof(buf), "%d", s->neigh6reachabletime);
+ system_set_neigh6reachabletime(dev, buf);
+ }
}
int system_if_up(struct device *dev)
{
system_if_get_settings(dev, &dev->orig_settings);
+ /* Only keep orig settings based on what needs to be set */
+ dev->orig_settings.flags &= dev->settings.flags;
system_if_apply_settings(dev, &dev->settings, dev->settings.flags);
- device_set_ifindex(dev, system_if_resolve(dev));
return system_if_flags(dev->ifname, IFF_UP, 0);
}
int system_if_down(struct device *dev)
{
int ret = system_if_flags(dev->ifname, 0, IFF_UP);
- dev->orig_settings.flags &= dev->settings.flags;
system_if_apply_settings(dev, &dev->orig_settings, dev->orig_settings.flags);
return ret;
}
int ret;
};
+#ifndef IFF_LOWER_UP
+#define IFF_LOWER_UP 0x10000
+#endif
+
static int cb_if_check_valid(struct nl_msg *msg, void *arg)
{
struct nlmsghdr *nh = nlmsg_hdr(msg);
rtm.rtm_table = RT_TABLE_LOCAL;
}
- if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_NAT)
+ if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_NAT) {
rtm.rtm_scope = RT_SCOPE_HOST;
- else if (rtm.rtm_type == RTN_BROADCAST || rtm.rtm_type == RTN_MULTICAST ||
- rtm.rtm_type == RTN_ANYCAST)
+ } else if (rtm.rtm_type == RTN_BROADCAST || rtm.rtm_type == RTN_MULTICAST ||
+ rtm.rtm_type == RTN_ANYCAST) {
rtm.rtm_scope = RT_SCOPE_LINK;
+ } else if (rtm.rtm_type == RTN_BLACKHOLE || rtm.rtm_type == RTN_UNREACHABLE ||
+ rtm.rtm_type == RTN_PROHIBIT || rtm.rtm_type == RTN_FAILED_POLICY) {
+ rtm.rtm_scope = RT_SCOPE_UNIVERSE;
+ dev = NULL;
+ }
}
msg = nlmsg_alloc_simple(cmd, flags);
if (route->mask)
nla_put(msg, RTA_DST, alen, &route->addr);
- if (route->sourcemask)
- nla_put(msg, RTA_SRC, alen, &route->source);
+ if (route->sourcemask) {
+ if (rtm.rtm_family == AF_INET)
+ nla_put(msg, RTA_PREFSRC, alen, &route->source);
+ else
+ nla_put(msg, RTA_SRC, alen, &route->source);
+ }
if (route->metric > 0)
nla_put_u32(msg, RTA_PRIORITY, route->metric);
return (id == RT_TABLE_MAIN);
}
+bool system_resolve_rpfilter(const char *filter, unsigned int *id)
+{
+ char *e;
+ unsigned int n;
+
+ if (!strcmp(filter, "strict"))
+ n = 1;
+ else if (!strcmp(filter, "loose"))
+ n = 2;
+ else {
+ n = strtoul(filter, &e, 0);
+ if (*e || e == filter || n > 2)
+ return false;
+ }
+
+ *id = n;
+ return true;
+}
+
static int system_iprule(struct iprule *rule, int cmd)
{
int alen = ((rule->flags & IPRULE_FAMILY) == IPRULE_INET4) ? 4 : 16;
}
#ifdef IFLA_IPTUN_MAX
+#define IP6_FLOWINFO_TCLASS htonl(0x0FF00000)
static int system_add_gre_tunnel(const char *name, const char *kind,
const unsigned int link, struct blob_attr **tb, bool v6)
{
struct nl_msg *nlm;
struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, };
struct blob_attr *cur;
- uint32_t ikey = 0, okey = 0;
+ uint32_t ikey = 0, okey = 0, flags = 0, flowinfo = 0;
uint16_t iflags = 0, oflags = 0;
+ uint8_t tos = 0;
int ret = 0, ttl = 64;
nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE);
nla_put_u8(nlm, IFLA_GRE_TTL, ttl);
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ char *str = blobmsg_get_string(cur);
+ if (strcmp(str, "inherit")) {
+ unsigned uval;
+
+ if (!system_tos_aton(str, &uval)) {
+ ret = -EINVAL;
+ goto failure;
+ }
+
+ if (v6)
+ flowinfo |= htonl(uval << 20) & IP6_FLOWINFO_TCLASS;
+ else
+ tos = uval;
+ } else {
+ if (v6)
+ flags |= IP6_TNL_F_USE_ORIG_TCLASS;
+ else
+ tos = 1;
+ }
+ }
+
if ((cur = tb[TUNNEL_ATTR_INFO]) && (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)) {
uint8_t icsum, ocsum, iseqno, oseqno;
if (sscanf(blobmsg_get_string(cur), "%u,%u,%hhu,%hhu,%hhu,%hhu",
nla_put(nlm, IFLA_GRE_REMOTE, sizeof(in6buf), &in6buf);
}
nla_put_u8(nlm, IFLA_GRE_ENCAP_LIMIT, 4);
+
+ if (flowinfo)
+ nla_put_u32(nlm, IFLA_GRE_FLOWINFO, flowinfo);
+
+ if (flags)
+ nla_put_u32(nlm, IFLA_GRE_FLAGS, flags);
} else {
struct in_addr inbuf;
bool set_df = true;
if ((cur = tb[TUNNEL_ATTR_DF]))
set_df = blobmsg_get_bool(cur);
+ /* ttl !=0 and nopmtudisc are incompatible */
+ if (ttl && !set_df) {
+ ret = -EINVAL;
+ goto failure;
+ }
+
nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0);
+
+ nla_put_u8(nlm, IFLA_GRE_TOS, tos);
}
if (oflags)
}
#endif
+static int system_add_proto_tunnel(const char *name, const uint8_t proto, const unsigned int link, struct blob_attr **tb)
+{
+ struct blob_attr *cur;
+ bool set_df = true;
+ struct ip_tunnel_parm p = {
+ .link = link,
+ .iph = {
+ .version = 4,
+ .ihl = 5,
+ .protocol = proto,
+ }
+ };
+
+ if ((cur = tb[TUNNEL_ATTR_LOCAL]) &&
+ inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1)
+ return -EINVAL;
+
+ if ((cur = tb[TUNNEL_ATTR_REMOTE]) &&
+ inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1)
+ return -EINVAL;
+
+ if ((cur = tb[TUNNEL_ATTR_DF]))
+ set_df = blobmsg_get_bool(cur);
+
+ if ((cur = tb[TUNNEL_ATTR_TTL]))
+ p.iph.ttl = blobmsg_get_u32(cur);
+
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ char *str = blobmsg_get_string(cur);
+ if (strcmp(str, "inherit")) {
+ unsigned uval;
+
+ if (!system_tos_aton(str, &uval))
+ return -EINVAL;
+
+ p.iph.tos = uval;
+ } else
+ p.iph.tos = 1;
+ }
+
+ p.iph.frag_off = set_df ? htons(IP_DF) : 0;
+ /* ttl !=0 and nopmtudisc are incompatible */
+ if (p.iph.ttl && p.iph.frag_off == 0)
+ return -EINVAL;
+
+ strncpy(p.name, name, sizeof(p.name));
+
+ switch (p.iph.protocol) {
+ case IPPROTO_IPIP:
+ return tunnel_ioctl("tunl0", SIOCADDTUNNEL, &p);
+ case IPPROTO_IPV6:
+ return tunnel_ioctl("sit0", SIOCADDTUNNEL, &p);
+ default:
+ break;
+ }
+ return -1;
+}
+
static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb)
{
struct blob_attr *cur;
{
struct blob_attr *tb[__TUNNEL_ATTR_MAX];
struct blob_attr *cur;
- bool set_df = true;
const char *str;
blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb,
return -EINVAL;
str = blobmsg_data(cur);
- if ((cur = tb[TUNNEL_ATTR_DF]))
- set_df = blobmsg_get_bool(cur);
-
unsigned int ttl = 0;
if ((cur = tb[TUNNEL_ATTR_TTL])) {
ttl = blobmsg_get_u32(cur);
- if (ttl > 255 || (!set_df && ttl))
+ if (ttl > 255)
return -EINVAL;
}
}
if (!strcmp(str, "sit")) {
- struct ip_tunnel_parm p = {
- .link = link,
- .iph = {
- .version = 4,
- .ihl = 5,
- .frag_off = set_df ? htons(IP_DF) : 0,
- .protocol = IPPROTO_IPV6,
- .ttl = ttl
- }
- };
-
- if ((cur = tb[TUNNEL_ATTR_LOCAL]) &&
- inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1)
- return -EINVAL;
-
- if ((cur = tb[TUNNEL_ATTR_REMOTE]) &&
- inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1)
- return -EINVAL;
-
- strncpy(p.name, name, sizeof(p.name));
- if (tunnel_ioctl("sit0", SIOCADDTUNNEL, &p) < 0)
+ if (system_add_proto_tunnel(name, IPPROTO_IPV6, link, tb) < 0)
return -1;
#ifdef SIOCADD6RD
} else if (!strcmp(str, "gretapip6")) {
return system_add_gre_tunnel(name, "ip6gretap", link, tb, true);
#endif
+ } else if (!strcmp(str, "ipip")) {
+ return system_add_proto_tunnel(name, IPPROTO_IPIP, link, tb);
}
else
return -EINVAL;