325 lines
12 KiB
Diff
325 lines
12 KiB
Diff
From: Johannes Kimmel <fff@bareminimum.eu>
|
|
Date: Fri, 1 Jan 2021 09:55:25 +0100
|
|
Subject: netifd: backport vxlan patches
|
|
|
|
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
[refresh patches]
|
|
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
diff --git a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..0b803aca8bebe33ad47f7e441bc9aa36d42b0aea
|
|
--- /dev/null
|
|
+++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
|
|
@@ -0,0 +1,89 @@
|
|
+From a3c033e2afc289672e0ed4b8d8a835d509715af8 Mon Sep 17 00:00:00 2001
|
|
+From: Johannes Kimmel <fff@bareminimum.eu>
|
|
+Date: Fri, 4 Sep 2020 04:59:40 +0200
|
|
+Subject: [PATCH 1/4] netifd: vxlan: handle srcport range
|
|
+
|
|
+This adds adds the ability to set the source port range for vxlan
|
|
+interfaces.
|
|
+
|
|
+By default vxlans will use a random port within the ephermal range as
|
|
+source ports for packets. This is done to aid scaleability within a
|
|
+datacenter.
|
|
+
|
|
+But with these defaults it's impossible to punch through NATs or
|
|
+traverese most stateful firewalls easily. One solution is to fix the
|
|
+srcport to the same as dstport.
|
|
+
|
|
+If only srcportmin is specified, then srcportmax is set in a way that
|
|
+outgoing packets will only use srcportmin.
|
|
+
|
|
+If a range is to be specified, srcportmin and srcportmax have to be
|
|
+specified. srcportmax is exclusive.
|
|
+
|
|
+If only srcportmax is specified, the value is ignored and defaults are
|
|
+used.
|
|
+
|
|
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
+---
|
|
+ system-linux.c | 26 ++++++++++++++++++++++++++
|
|
+ system.c | 2 ++
|
|
+ system.h | 2 ++
|
|
+ 3 files changed, 30 insertions(+)
|
|
+
|
|
+--- a/system-linux.c
|
|
++++ b/system-linux.c
|
|
+@@ -3062,6 +3062,32 @@ static int system_add_vxlan(const char *
|
|
+ }
|
|
+ nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port));
|
|
+
|
|
++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) {
|
|
++ struct ifla_vxlan_port_range srcports = {0,0};
|
|
++
|
|
++ uint32_t low = blobmsg_get_u32(cur);
|
|
++ if (low < 1 || low > 65535 - 1) {
|
|
++ ret = -EINVAL;
|
|
++ goto failure;
|
|
++ }
|
|
++
|
|
++ srcports.low = htons((uint16_t) low);
|
|
++ srcports.high = htons((uint16_t) (low+1));
|
|
++
|
|
++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) {
|
|
++ uint32_t high = blobmsg_get_u32(cur);
|
|
++ if (high < 1 || high > 65535) {
|
|
++ ret = -EINVAL;
|
|
++ goto failure;
|
|
++ }
|
|
++
|
|
++ if (high > low)
|
|
++ srcports.high = htons((uint16_t) high);
|
|
++ }
|
|
++
|
|
++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
|
|
++ }
|
|
++
|
|
+ if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
|
|
+ bool rxcsum = blobmsg_get_bool(cur);
|
|
+ nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
|
|
+--- a/system.c
|
|
++++ b/system.c
|
|
+@@ -38,6 +38,8 @@ static const struct blobmsg_policy vxlan
|
|
+ [VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type = BLOBMSG_TYPE_STRING },
|
|
+ [VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type = BLOBMSG_TYPE_BOOL },
|
|
+ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
|
|
++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
|
|
+ };
|
|
+
|
|
+ const struct uci_blob_param_list vxlan_data_attr_list = {
|
|
+--- a/system.h
|
|
++++ b/system.h
|
|
+@@ -43,6 +43,8 @@ enum vxlan_data {
|
|
+ VXLAN_DATA_ATTR_MACADDR,
|
|
+ VXLAN_DATA_ATTR_RXCSUM,
|
|
+ VXLAN_DATA_ATTR_TXCSUM,
|
|
++ VXLAN_DATA_ATTR_SRCPORTMIN,
|
|
++ VXLAN_DATA_ATTR_SRCPORTMAX,
|
|
+ __VXLAN_DATA_ATTR_MAX
|
|
+ };
|
|
+
|
|
diff --git a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..3c60665354a52159566826bbedf59964077205d5
|
|
--- /dev/null
|
|
+++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
|
|
@@ -0,0 +1,54 @@
|
|
+From 226566b967dc4ef4d83ed7844b8ad746f4306f8d Mon Sep 17 00:00:00 2001
|
|
+From: Johannes Kimmel <fff@bareminimum.eu>
|
|
+Date: Fri, 4 Sep 2020 04:59:41 +0200
|
|
+Subject: [PATCH 2/4] netifd: vxlan: refactor mapping of boolean attrs
|
|
+
|
|
+Add a small function to handle boolean options and make use of it to handle:
|
|
+ - rxcsum
|
|
+ - txcsum
|
|
+
|
|
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
+---
|
|
+ system-linux.c | 24 ++++++++++++++----------
|
|
+ 1 file changed, 14 insertions(+), 10 deletions(-)
|
|
+
|
|
+--- a/system-linux.c
|
|
++++ b/system-linux.c
|
|
+@@ -2951,6 +2951,17 @@ failure:
|
|
+ #endif
|
|
+
|
|
+ #ifdef IFLA_VXLAN_MAX
|
|
++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) {
|
|
++ struct blob_attr *cur;
|
|
++ if ((cur = tb_data[vxlandatatype])) {
|
|
++ bool val = blobmsg_get_bool(cur);
|
|
++ if (invert) {
|
|
++ val = !val;
|
|
++ }
|
|
++ nla_put_u8(msg, attrtype, val);
|
|
++ }
|
|
++}
|
|
++
|
|
+ static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6)
|
|
+ {
|
|
+ struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX];
|
|
+@@ -3088,16 +3099,9 @@ static int system_add_vxlan(const char *
|
|
+ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
|
|
+ }
|
|
+
|
|
+- if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
|
|
+- bool rxcsum = blobmsg_get_bool(cur);
|
|
+- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
|
|
+- }
|
|
+-
|
|
+- if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) {
|
|
+- bool txcsum = blobmsg_get_bool(cur);
|
|
+- nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum);
|
|
+- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, !txcsum);
|
|
+- }
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
|
|
+
|
|
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
|
|
+ char *str = blobmsg_get_string(cur);
|
|
diff --git a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..693e92b9f6b50f20d8fd220c196440d7bf894eb9
|
|
--- /dev/null
|
|
+++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
|
|
@@ -0,0 +1,93 @@
|
|
+From 11223f5550f7dd8faefb85441065b682be16e61f Mon Sep 17 00:00:00 2001
|
|
+From: Johannes Kimmel <fff@bareminimum.eu>
|
|
+Date: Fri, 4 Sep 2020 04:59:42 +0200
|
|
+Subject: [PATCH 3/4] netifd: vxlan: add most missing boolean options
|
|
+
|
|
+adds the folloing missing options:
|
|
+ - learning
|
|
+ - rsc
|
|
+ - proxy
|
|
+ - l2miss
|
|
+ - l3miss
|
|
+ - gbp
|
|
+
|
|
+See ip-link(3) for their meaning.
|
|
+
|
|
+still missing:
|
|
+ - external
|
|
+ - gpe
|
|
+
|
|
+I'm not sure how to handle them at the moment. It's unclear to me what
|
|
+IFLA_VXLAN_* value corresponds to the 'external' option and according to
|
|
+the manpage, gpe depends on it.
|
|
+
|
|
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
+---
|
|
+ system-linux.c | 16 +++++++++++++---
|
|
+ system.c | 6 ++++++
|
|
+ system.h | 6 ++++++
|
|
+ 3 files changed, 25 insertions(+), 3 deletions(-)
|
|
+
|
|
+--- a/system-linux.c
|
|
++++ b/system-linux.c
|
|
+@@ -2955,10 +2955,14 @@ static void system_vxlan_map_bool_attr(s
|
|
+ struct blob_attr *cur;
|
|
+ if ((cur = tb_data[vxlandatatype])) {
|
|
+ bool val = blobmsg_get_bool(cur);
|
|
+- if (invert) {
|
|
++ if (invert)
|
|
+ val = !val;
|
|
+- }
|
|
+- nla_put_u8(msg, attrtype, val);
|
|
++
|
|
++ if ((attrtype == IFLA_VXLAN_GBP) && val)
|
|
++ nla_put_flag(msg, attrtype);
|
|
++ else
|
|
++ nla_put_u8(msg, attrtype, val);
|
|
++
|
|
+ }
|
|
+ }
|
|
+
|
|
+@@ -3102,6 +3106,12 @@ static int system_add_vxlan(const char *
|
|
+ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
|
|
+ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
|
|
+ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
|
|
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
|
|
+
|
|
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
|
|
+ char *str = blobmsg_get_string(cur);
|
|
+--- a/system.c
|
|
++++ b/system.c
|
|
+@@ -40,6 +40,12 @@ static const struct blobmsg_policy vxlan
|
|
+ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
|
|
+ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
|
|
+ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
|
|
++ [VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
|
|
+ };
|
|
+
|
|
+ const struct uci_blob_param_list vxlan_data_attr_list = {
|
|
+--- a/system.h
|
|
++++ b/system.h
|
|
+@@ -45,6 +45,12 @@ enum vxlan_data {
|
|
+ VXLAN_DATA_ATTR_TXCSUM,
|
|
+ VXLAN_DATA_ATTR_SRCPORTMIN,
|
|
+ VXLAN_DATA_ATTR_SRCPORTMAX,
|
|
++ VXLAN_DATA_ATTR_LEARNING,
|
|
++ VXLAN_DATA_ATTR_RSC,
|
|
++ VXLAN_DATA_ATTR_PROXY,
|
|
++ VXLAN_DATA_ATTR_L2MISS,
|
|
++ VXLAN_DATA_ATTR_L3MISS,
|
|
++ VXLAN_DATA_ATTR_GBP,
|
|
+ __VXLAN_DATA_ATTR_MAX
|
|
+ };
|
|
+
|
|
diff --git a/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..8a2b4424fe282492ecf64522ecf3d1b3ba106bbb
|
|
--- /dev/null
|
|
+++ b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
|
|
@@ -0,0 +1,56 @@
|
|
+From 55a7b6b7f2f773c06a79cb7359ffdab54ba32450 Mon Sep 17 00:00:00 2001
|
|
+From: Johannes Kimmel <fff@bareminimum.eu>
|
|
+Date: Fri, 4 Sep 2020 04:59:43 +0200
|
|
+Subject: [PATCH 4/4] netifd: vxlan: add aging and maxaddress options
|
|
+
|
|
+For both options the values can just be passed to the kernel. All
|
|
+unsigned values are accepted, thus no range checking required.
|
|
+
|
|
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
|
|
+---
|
|
+ system-linux.c | 10 ++++++++++
|
|
+ system.c | 2 ++
|
|
+ system.h | 2 ++
|
|
+ 3 files changed, 14 insertions(+)
|
|
+
|
|
+--- a/system-linux.c
|
|
++++ b/system-linux.c
|
|
+@@ -3113,6 +3113,16 @@ static int system_add_vxlan(const char *
|
|
+ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
|
|
+ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
|
|
+
|
|
++ if ((cur = tb_data[VXLAN_DATA_ATTR_AGEING])) {
|
|
++ uint32_t ageing = blobmsg_get_u32(cur);
|
|
++ nla_put_u32(msg, IFLA_VXLAN_AGEING, ageing);
|
|
++ }
|
|
++
|
|
++ if ((cur = tb_data[VXLAN_DATA_ATTR_LIMIT])) {
|
|
++ uint32_t maxaddress = blobmsg_get_u32(cur);
|
|
++ nla_put_u32(msg, IFLA_VXLAN_LIMIT, maxaddress);
|
|
++ }
|
|
++
|
|
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
|
|
+ char *str = blobmsg_get_string(cur);
|
|
+ unsigned tos = 1;
|
|
+--- a/system.c
|
|
++++ b/system.c
|
|
+@@ -46,6 +46,8 @@ static const struct blobmsg_policy vxlan
|
|
+ [VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
|
|
+ [VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
|
|
+ [VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
|
|
++ [VXLAN_DATA_ATTR_AGEING] = { .name = "ageing", .type = BLOBMSG_TYPE_INT32 },
|
|
++ [VXLAN_DATA_ATTR_LIMIT] = { .name = "maxaddress", .type = BLOBMSG_TYPE_INT32 },
|
|
+ };
|
|
+
|
|
+ const struct uci_blob_param_list vxlan_data_attr_list = {
|
|
+--- a/system.h
|
|
++++ b/system.h
|
|
+@@ -51,6 +51,8 @@ enum vxlan_data {
|
|
+ VXLAN_DATA_ATTR_L2MISS,
|
|
+ VXLAN_DATA_ATTR_L3MISS,
|
|
+ VXLAN_DATA_ATTR_GBP,
|
|
++ VXLAN_DATA_ATTR_AGEING,
|
|
++ VXLAN_DATA_ATTR_LIMIT,
|
|
+ __VXLAN_DATA_ATTR_MAX
|
|
+ };
|
|
+
|