vxlan: backport vxlan patches to 19.07.5

vxlan support in 19.07.5 is very limited. This set of patches adds - more flexible source ip selection - control over most options - multiple remote endpoint configuration List of patches backported: - 5222aadbf3 vxlan: remove mandatory peeraddr - 65e9de3c33 vxlan: add capability for multiple fdb entries - 036221ce5a vxlan: add extra config options - ad3044c424 vxlan: fix rsc config option - 3f5619f259 vxlan: allow for dynamic source ip selection (FS#3426) - a3c033e2af netifd: vxlan: handle srcport range - 226566b967 netifd: vxlan: refactor mapping of boolean attrs - 11223f5550 netifd: vxlan: add most missing boolean options - 55a7b6b7f2 netifd: vxlan: add aging and maxaddress options Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2021-01-01 10:00:33 +01:00 · 2021-01-01 10:00:33 +01:00 · af77d3841d
parent 5469399112
commit af77d3841d
6 changed files with 637 additions and 7 deletions
--- a/build_patches/openwrt/0004-vxlan-remove-mandatory-peeraddr.patch
+++ b/build_patches/openwrt/0004-vxlan-remove-mandatory-peeraddr.patch
@ -1,6 +1,7 @@
+From 5222aadbf353b7cc030c39aa816f33951b104552 Mon Sep 17 00:00:00 2001
 From: Johannes Kimmel <fff@bareminimum.eu>
 Date: Mon, 20 Jul 2020 08:05:09 +0200
-Subject: vxlan: remove mandatory peeraddr
+Subject: [PATCH 4/8] vxlan: remove mandatory peeraddr

 vxlan can be configured without a peer address. This is used to prepare
 an interface and add peers later.
@ -9,10 +10,12 @@ Fixes: FS#2743

 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
 Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
-(cherry picked from commit 5222aadbf353b7cc030c39aa816f33951b104552)
+---
+ package/network/config/vxlan/files/vxlan.sh | 12 ------------
+ 1 file changed, 12 deletions(-)

 diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index 7b1c7039551b7781f5f7a8e73b964db698f3697b..bdcaa628c4416cc83258dd38a6fc0978ea55a3bb 100755
+index 7b1c703955..bdcaa628c4 100755
 --- a/package/network/config/vxlan/files/vxlan.sh
 +++ b/package/network/config/vxlan/files/vxlan.sh
@@ -55,12 +55,6 @@ proto_vxlan_setup() {
@ -41,3 +44,6 @@ index 7b1c7039551b7781f5f7a8e73b964db698f3697b..bdcaa628c4416cc83258dd38a6fc0978
 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
 
 	[ -z "$ip6addr" ] && {
+-- 
+2.30.0
+
--- a/build_patches/openwrt/0005-vxlan-add-capability-for-multiple-fdb-entries.patch
+++ b/build_patches/openwrt/0005-vxlan-add-capability-for-multiple-fdb-entries.patch
@ -1,6 +1,7 @@
+From 65e9de3c333bae1ccef1dfb0cc008ad6f13958e4 Mon Sep 17 00:00:00 2001
 From: Johannes Kimmel <fff@bareminimum.eu>
 Date: Mon, 20 Jul 2020 08:05:10 +0200
-Subject: vxlan: add capability for multiple fdb entries
+Subject: [PATCH 5/8] vxlan: add capability for multiple fdb entries

 Similar to wireguard, vxlan can configure multiple peers or add specific
 entries to the fdb for a single mac address.
@ -69,10 +70,13 @@ All available peer options for completeness:
      option src_vni '123'               # see man 3 bridge

 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
-(cherry picked from commit 65e9de3c333bae1ccef1dfb0cc008ad6f13958e4)
+---
+ package/network/config/vxlan/Makefile       |  2 +-
+ package/network/config/vxlan/files/vxlan.sh | 48 ++++++++++++++++++++-
+ 2 files changed, 48 insertions(+), 2 deletions(-)

 diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
-index 13fcf0c55d07d97f5dcc3cbfcf2478020e7107cc..7232f71b45e6f72f2c62a245ad44cb9ade144f52 100644
+index 13fcf0c55d..7232f71b45 100644
 --- a/package/network/config/vxlan/Makefile
 +++ b/package/network/config/vxlan/Makefile
@@ -1,7 +1,7 @@
@ -85,7 +89,7 @@ index 13fcf0c55d07d97f5dcc3cbfcf2478020e7107cc..7232f71b45e6f72f2c62a245ad44cb9a
 
 include $(INCLUDE_DIR)/package.mk
 diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
-index bdcaa628c4416cc83258dd38a6fc0978ea55a3bb..d063c47d47d0f4e339b21e97f4e25f55a33c0497 100755
+index bdcaa628c4..d063c47d47 100755
 --- a/package/network/config/vxlan/files/vxlan.sh
 +++ b/package/network/config/vxlan/files/vxlan.sh
@@ -7,6 +7,50 @@
@ -157,3 +161,6 @@ index bdcaa628c4416cc83258dd38a6fc0978ea55a3bb..d063c47d47d0f4e339b21e97f4e25f55
 }
 
 proto_vxlan_setup() {
+-- 
+2.30.0
+
--- a/build_patches/openwrt/0006-vxlan-add-extra-config-options.patch
+++ b/build_patches/openwrt/0006-vxlan-add-extra-config-options.patch
@ -0,0 +1,97 @@
+From 036221ce5a899eb99ef1c1623fc9460af00a69e7 Mon Sep 17 00:00:00 2001
+From: Hans Dedecker <dedeckeh@gmail.com>
+Date: Mon, 14 Sep 2020 21:55:01 +0200
+Subject: [PATCH 6/8] vxlan: add extra config options
+
+Add config options:
+  srcportmin/srcportmax : range of port numbers to use as  UDP source ports
+                          to communicate to the remote VXLAN tunnel endpoint
+  ageing                : lifetime in seconds of FDB entries learnt by the kernel
+  maxaddress            : maximum number of FDB entries
+  learning              : enable/disable entering unknown source link layer addresses
+                          and IP addresses into the VXLAN device FDB.
+  rsc                   : enable/disable route short circuit
+  proxy                 : enable/disable ARP proxy
+  l2miss                : enable/disable netlink LLADDR miss notifications
+  l3miss                : enable/disable netlink IP ADDR miss notifications
+  gbp                   : enable/disable the Group Policy extension
+
+Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
+---
+ package/network/config/vxlan/Makefile       |  2 +-
+ package/network/config/vxlan/files/vxlan.sh | 26 +++++++++++++++++++--
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
+index 7232f71b45..eb053bf111 100644
+--- a/package/network/config/vxlan/Makefile
+++ b/package/network/config/vxlan/Makefile
+@@ -1,7 +1,7 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=vxlan
+-PKG_RELEASE:=4
+PKG_RELEASE:=5
+ PKG_LICENSE:=GPL-2.0
+ 
+ include $(INCLUDE_DIR)/package.mk
+diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
+index d063c47d47..8b3a0a53d4 100755
+--- a/package/network/config/vxlan/files/vxlan.sh
+++ b/package/network/config/vxlan/files/vxlan.sh
+@@ -59,8 +59,8 @@ vxlan_generic_setup() {
+ 
+ 	local link="$cfg"
+ 
+-	local port vid ttl tos mtu macaddr zone rxcsum txcsum
+-	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
+	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
+	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
+ 
+ 	proto_init_update "$link" 1
+ 
+@@ -78,9 +78,20 @@ vxlan_generic_setup() {
+ 	json_add_object 'data'
+ 	[ -n "$port" ] && json_add_int port "$port"
+ 	[ -n "$vid" ] && json_add_int id "$vid"
+	[ -n "$srcportmin" ] && json_add_int srcportmin "$srcportmin"
+	[ -n "$srcportmax" ] && json_add_int srcportmax "$srcportmax"
+	[ -n "$ageing" ] && json_add_int ageing "$ageing"
+	[ -n "$maxaddress" ] && json_add_int maxaddress "$maxaddress"
+ 	[ -n "$macaddr" ] && json_add_string macaddr "$macaddr"
+ 	[ -n "$rxcsum" ] && json_add_boolean rxcsum "$rxcsum"
+ 	[ -n "$txcsum" ] && json_add_boolean txcsum "$txcsum"
+	[ -n "$learning" ] && json_add_boolean learning "$learning"
+	[ -n "$rsc" ] && json_add_boolean rsc "$rsc"
+	[ -n "$proxy" ] && json_add_boolean proxy "$proxy"
+	[ -n "$l2miss" ] && json_add_boolean l2miss "$l2miss"
+	[ -n "$l3miss" ] && json_add_boolean l3miss "$l3miss"
+	[ -n "$gbp" ] && json_add_boolean gbp "$gbp"
+
+ 	json_close_object
+ 
+ 	proto_close_tunnel
+@@ -163,9 +174,20 @@ vxlan_generic_init_config() {
+ 	proto_config_add_int "ttl"
+ 	proto_config_add_int "tos"
+ 	proto_config_add_int "mtu"
+	proto_config_add_int "srcportmin"
+	proto_config_add_int "srcportmax"
+	proto_config_add_int "ageing"
+	proto_config_add_int "maxaddress"
+ 	proto_config_add_boolean "rxcsum"
+ 	proto_config_add_boolean "txcsum"
+	proto_config_add_boolean "learning"
+	proto_config_add_boolean "rsc"
+	proto_config_add_boolean "proxy"
+	proto_config_add_boolean "l2miss"
+	proto_config_add_boolean "l3miss"
+	proto_config_add_boolean "gbp"
+ 	proto_config_add_string "macaddr"
+
+ }
+ 
+ proto_vxlan_init_config() {
+-- 
+2.30.0
+
--- a/build_patches/openwrt/0007-vxlan-fix-rsc-config-option.patch
+++ b/build_patches/openwrt/0007-vxlan-fix-rsc-config-option.patch
@ -0,0 +1,44 @@
+From ad3044c424510668dd318c6a48c0b56bfba3c2da Mon Sep 17 00:00:00 2001
+From: Hans Dedecker <dedeckeh@gmail.com>
+Date: Thu, 24 Sep 2020 22:04:39 +0200
+Subject: [PATCH 7/8] vxlan: fix rsc config option
+
+Fix route short circuit config option; fixes commit 036221ce5a899eb99ef1c1623fc9460af00a69e7
+
+Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
+---
+ package/network/config/vxlan/Makefile       | 2 +-
+ package/network/config/vxlan/files/vxlan.sh | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
+index eb053bf111..0b4d6713f9 100644
+--- a/package/network/config/vxlan/Makefile
+++ b/package/network/config/vxlan/Makefile
+@@ -1,7 +1,7 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=vxlan
+-PKG_RELEASE:=5
+PKG_RELEASE:=6
+ PKG_LICENSE:=GPL-2.0
+ 
+ include $(INCLUDE_DIR)/package.mk
+diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
+index 8b3a0a53d4..5c1c484c47 100755
+--- a/package/network/config/vxlan/files/vxlan.sh
+++ b/package/network/config/vxlan/files/vxlan.sh
+@@ -59,8 +59,8 @@ vxlan_generic_setup() {
+ 
+ 	local link="$cfg"
+ 
+-	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
+-	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning proxy l2miss l3miss gbp
+	local port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning rsc proxy l2miss l3miss gbp
+	json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum srcportmin srcportmax ageing maxaddress learning rsc proxy l2miss l3miss gbp
+ 
+ 	proto_init_update "$link" 1
+ 
+-- 
+2.30.0
+
--- a/build_patches/openwrt/0008-vxlan-allow-for-dynamic-source-ip-selection-FS-3426.patch
+++ b/build_patches/openwrt/0008-vxlan-allow-for-dynamic-source-ip-selection-FS-3426.patch
@ -0,0 +1,108 @@
+From 3f5619f259de42af4404e0e36d11df4adcef9f5e Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Tue, 15 Dec 2020 00:31:52 +0100
+Subject: [PATCH 8/8] vxlan: allow for dynamic source ip selection (FS#3426)
+
+By setting 'auto', the zero address or the empty string as source
+address (option ipaddr, option ip6addr), vxlan will choose one
+dynamically. This helps in setups where a wan ip or prefix changes.
+
+This corresponse to setting up an vxlan tunnel with:
+
+proto vxlan6:
+    # ip link add vx0 type vxlan id ID local :: ...
+proto vxlan:
+    # ip link add vx0 type vxlan id ID local 0.0.0.0 ...
+
+While it is possible to not specify a source ip at all, the kernel will
+default to setting up a ipv4 tunnel. The kernel will take any hint from
+source and peer ips to figure out, what tunnel type to use. To make sure
+we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.
+
+This will not change the behaviour of currently working configurations.
+However this will allow former broken configurations, namely those not
+specifying both a source address and tunnel interface, to setup a
+tunnel interface. Previously those configurations weren't reporting an
+error and were stueck in a setup loop like in Bug FS#3426.
+
+This change lifts the currently very strict behaviour and should fix the
+following bug:
+
+Fixes: FS#3426
+Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ package/network/config/vxlan/Makefile       |  2 +-
+ package/network/config/vxlan/files/vxlan.sh | 35 +++++++--------------
+ 2 files changed, 12 insertions(+), 25 deletions(-)
+
+diff --git a/package/network/config/vxlan/Makefile b/package/network/config/vxlan/Makefile
+index 0b4d6713f9..97972d6d85 100644
+--- a/package/network/config/vxlan/Makefile
+++ b/package/network/config/vxlan/Makefile
+@@ -1,7 +1,7 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=vxlan
+-PKG_RELEASE:=6
+PKG_RELEASE:=7
+ PKG_LICENSE:=GPL-2.0
+ 
+ include $(INCLUDE_DIR)/package.mk
+diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
+index 5c1c484c47..a087c4a3ce 100755
+--- a/package/network/config/vxlan/files/vxlan.sh
+++ b/package/network/config/vxlan/files/vxlan.sh
+@@ -114,18 +114,11 @@ proto_vxlan_setup() {
+ 
+ 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
+ 
+-	[ -z "$ipaddr" ] && {
+-		local wanif="$tunlink"
+-		if [ -z "$wanif" ] && ! network_find_wan wanif; then
+-			proto_notify_error "$cfg" "NO_WAN_LINK"
+-			exit
+-		fi
+-
+-		if ! network_get_ipaddr ipaddr "$wanif"; then
+-			proto_notify_error "$cfg" "NO_WAN_LINK"
+-			exit
+-		fi
+-	}
+	case "$ipaddr" in
+		"auto"|"")
+			ipaddr="0.0.0.0"
+			;;
+	esac
+ 
+ 	vxlan_generic_setup "$cfg" 'vxlan' "$ipaddr" "$peeraddr"
+ }
+@@ -138,18 +131,12 @@ proto_vxlan6_setup() {
+ 
+ 	( proto_add_host_dependency "$cfg" '' "$tunlink" )
+ 
+-	[ -z "$ip6addr" ] && {
+-		local wanif="$tunlink"
+-		if [ -z "$wanif" ] && ! network_find_wan6 wanif; then
+-			proto_notify_error "$cfg" "NO_WAN_LINK"
+-			exit
+-		fi
+-
+-		if ! network_get_ipaddr6 ip6addr "$wanif"; then
+-			proto_notify_error "$cfg" "NO_WAN_LINK"
+-			exit
+-		fi
+-	}
+	case "$ip6addr" in
+		"auto"|"")
+			# ensure tunnel via ipv6
+			ip6addr="::"
+			;;
+	esac
+ 
+ 	vxlan_generic_setup "$cfg" 'vxlan6' "$ip6addr" "$peer6addr"
+ }
+-- 
+2.30.0
+
--- a/build_patches/openwrt/0009-netifd-backport-vxlan-patches.patch
+++ b/build_patches/openwrt/0009-netifd-backport-vxlan-patches.patch
@ -0,0 +1,368 @@
+From 3b4d344d36327b551ba325e6ce87f905e374c7ca Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Fri, 1 Jan 2021 09:55:25 +0100
+Subject: [PATCH] netifd: backport vxlan patches
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ ...01-netifd-vxlan-handle-srcport-range.patch |  98 +++++++++++++++++
+ ...an-refactor-mapping-of-boolean-attrs.patch |  59 ++++++++++
+ ...lan-add-most-missing-boolean-options.patch | 102 ++++++++++++++++++
+ ...lan-add-aging-and-maxaddress-options.patch |  65 +++++++++++
+ 4 files changed, 324 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+ create mode 100644 package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+ create mode 100644 package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+ create mode 100644 package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
+
+diff --git a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+new file mode 100644
+index 0000000000..e035fc65a1
+--- /dev/null
+++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+@@ -0,0 +1,98 @@
+From a3c033e2afc289672e0ed4b8d8a835d509715af8 Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Fri, 4 Sep 2020 04:59:40 +0200
+Subject: [PATCH 1/4] netifd: vxlan: handle srcport range
+
+This adds adds the ability to set the source port range for vxlan
+interfaces.
+
+By default vxlans will use a random port within the ephermal range as
+source ports for packets. This is done to aid scaleability within a
+datacenter.
+
+But with these defaults it's impossible to punch through NATs or
+traverese most stateful firewalls easily. One solution is to fix the
+srcport to the same as dstport.
+
+If only srcportmin is specified, then srcportmax is set in a way that
+outgoing packets will only use srcportmin.
+
+If a range is to be specified, srcportmin and srcportmax have to be
+specified. srcportmax is exclusive.
+
+If only srcportmax is specified, the value is ignored and defaults are
+used.
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ system-linux.c | 26 ++++++++++++++++++++++++++
+ system.c       |  2 ++
+ system.h       |  2 ++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/system-linux.c b/system-linux.c
+index c5583e0..42f0de3 100644
+--- a/system-linux.c
++++ b/system-linux.c
+@@ -3184,6 +3184,32 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
+ 	}
+ 	nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port));
+ 
++	if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) {
++		struct ifla_vxlan_port_range srcports = {0,0};
++
++		uint32_t low = blobmsg_get_u32(cur);
++		if (low < 1 || low > 65535 - 1) {
++			ret = -EINVAL;
++			goto failure;
++		}
++
++		srcports.low = htons((uint16_t) low);
++		srcports.high = htons((uint16_t) (low+1));
++
++		if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) {
++			uint32_t high = blobmsg_get_u32(cur);
++			if (high < 1 || high > 65535) {
++				ret = -EINVAL;
++				goto failure;
++			}
++
++			if (high > low)
++				srcports.high = htons((uint16_t) high);
++		}
++
++		nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
++	}
++
+ 	if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
+ 		bool rxcsum = blobmsg_get_bool(cur);
+ 		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
+diff --git a/system.c b/system.c
+index bbdfef7..4133e55 100644
+--- a/system.c
++++ b/system.c
+@@ -38,6 +38,8 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
+ 	[VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type = BLOBMSG_TYPE_STRING },
+ 	[VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type = BLOBMSG_TYPE_BOOL },
+ 	[VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
++	[VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
+ };
+ 
+ const struct uci_blob_param_list vxlan_data_attr_list = {
+diff --git a/system.h b/system.h
+index 015987f..bf9e1d7 100644
+--- a/system.h
++++ b/system.h
+@@ -44,6 +44,8 @@ enum vxlan_data {
+ 	VXLAN_DATA_ATTR_MACADDR,
+ 	VXLAN_DATA_ATTR_RXCSUM,
+ 	VXLAN_DATA_ATTR_TXCSUM,
++	VXLAN_DATA_ATTR_SRCPORTMIN,
++	VXLAN_DATA_ATTR_SRCPORTMAX,
+ 	__VXLAN_DATA_ATTR_MAX
+ };
+ 
+-- 
+2.30.0
+
+diff --git a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+new file mode 100644
+index 0000000000..f0dbc385b9
+--- /dev/null
+++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+@@ -0,0 +1,59 @@
+From 226566b967dc4ef4d83ed7844b8ad746f4306f8d Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Fri, 4 Sep 2020 04:59:41 +0200
+Subject: [PATCH 2/4] netifd: vxlan: refactor mapping of boolean attrs
+
+Add a small function to handle boolean options and make use of it to handle:
+  - rxcsum
+  - txcsum
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ system-linux.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/system-linux.c b/system-linux.c
+index 42f0de3..d87a9ee 100644
+--- a/system-linux.c
++++ b/system-linux.c
+@@ -3073,6 +3073,17 @@ failure:
+ #endif
+ 
+ #ifdef IFLA_VXLAN_MAX
++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) {
++	struct blob_attr *cur;
++	if ((cur = tb_data[vxlandatatype])) {
++		bool val = blobmsg_get_bool(cur);
++		if (invert) {
++			val = !val;
++		}
++		nla_put_u8(msg, attrtype, val);
++	}
++}
++
+ static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6)
+ {
+ 	struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX];
+@@ -3210,16 +3221,9 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
+ 		nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
+ 	}
+ 
+-	if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
+-		bool rxcsum = blobmsg_get_bool(cur);
+-		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
+-	}
+-
+-	if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) {
+-		bool txcsum = blobmsg_get_bool(cur);
+-		nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum);
+-		nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, !txcsum);
+-	}
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
+ 
+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ 		char *str = blobmsg_get_string(cur);
+-- 
+2.30.0
+
+diff --git a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+new file mode 100644
+index 0000000000..e8aee863a1
+--- /dev/null
+++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+@@ -0,0 +1,102 @@
+From 11223f5550f7dd8faefb85441065b682be16e61f Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Fri, 4 Sep 2020 04:59:42 +0200
+Subject: [PATCH 3/4] netifd: vxlan: add most missing boolean options
+
+adds the folloing missing options:
+  - learning
+  - rsc
+  - proxy
+  - l2miss
+  - l3miss
+  - gbp
+
+See ip-link(3) for their meaning.
+
+still missing:
+  - external
+  - gpe
+
+I'm not sure how to handle them at the moment. It's unclear to me what
+IFLA_VXLAN_* value corresponds to the 'external' option and according to
+the manpage, gpe depends on it.
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ system-linux.c | 16 +++++++++++++---
+ system.c       |  6 ++++++
+ system.h       |  6 ++++++
+ 3 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/system-linux.c b/system-linux.c
+index d87a9ee..c232c5f 100644
+--- a/system-linux.c
++++ b/system-linux.c
+@@ -3077,10 +3077,14 @@ static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb
+ 	struct blob_attr *cur;
+ 	if ((cur = tb_data[vxlandatatype])) {
+ 		bool val = blobmsg_get_bool(cur);
+-		if (invert) {
++		if (invert)
+ 			val = !val;
+-		}
+-		nla_put_u8(msg, attrtype, val);
++
++		if ((attrtype == IFLA_VXLAN_GBP) && val)
++			nla_put_flag(msg, attrtype);
++		else 
++			nla_put_u8(msg, attrtype, val);
++
+ 	}
+ }
+ 
+@@ -3224,6 +3228,12 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
++	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
+ 
+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ 		char *str = blobmsg_get_string(cur);
+diff --git a/system.c b/system.c
+index 4133e55..95721e1 100644
+--- a/system.c
++++ b/system.c
+@@ -40,6 +40,12 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
+ 	[VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
+ 	[VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
+ 	[VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
++	[VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
+ };
+ 
+ const struct uci_blob_param_list vxlan_data_attr_list = {
+diff --git a/system.h b/system.h
+index bf9e1d7..290c2e5 100644
+--- a/system.h
++++ b/system.h
+@@ -46,6 +46,12 @@ enum vxlan_data {
+ 	VXLAN_DATA_ATTR_TXCSUM,
+ 	VXLAN_DATA_ATTR_SRCPORTMIN,
+ 	VXLAN_DATA_ATTR_SRCPORTMAX,
++	VXLAN_DATA_ATTR_LEARNING,
++	VXLAN_DATA_ATTR_RSC,
++	VXLAN_DATA_ATTR_PROXY,
++	VXLAN_DATA_ATTR_L2MISS,
++	VXLAN_DATA_ATTR_L3MISS,
++	VXLAN_DATA_ATTR_GBP,
+ 	__VXLAN_DATA_ATTR_MAX
+ };
+ 
+-- 
+2.30.0
+
+diff --git a/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
+new file mode 100644
+index 0000000000..a8f8bcc039
+--- /dev/null
+++ b/package/network/config/netifd/patches/0004-netifd-vxlan-add-aging-and-maxaddress-options.patch
+@@ -0,0 +1,65 @@
+From 55a7b6b7f2f773c06a79cb7359ffdab54ba32450 Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff@bareminimum.eu>
+Date: Fri, 4 Sep 2020 04:59:43 +0200
+Subject: [PATCH 4/4] netifd: vxlan: add aging and maxaddress options
+
+For both options the values can just be passed to the kernel. All
+unsigned values are accepted, thus no range checking required.
+
+Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
+---
+ system-linux.c | 10 ++++++++++
+ system.c       |  2 ++
+ system.h       |  2 ++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/system-linux.c b/system-linux.c
+index c232c5f..6778b1d 100644
+--- a/system-linux.c
++++ b/system-linux.c
+@@ -3235,6 +3235,16 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
+ 	system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
+ 
++	if ((cur = tb_data[VXLAN_DATA_ATTR_AGEING])) {
++		uint32_t ageing = blobmsg_get_u32(cur);
++		nla_put_u32(msg, IFLA_VXLAN_AGEING, ageing);
++	}
++
++	if ((cur = tb_data[VXLAN_DATA_ATTR_LIMIT])) {
++		uint32_t maxaddress = blobmsg_get_u32(cur);
++		nla_put_u32(msg, IFLA_VXLAN_LIMIT, maxaddress);
++	}
++
+ 	if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ 		char *str = blobmsg_get_string(cur);
+ 		unsigned tos = 1;
+diff --git a/system.c b/system.c
+index 95721e1..834748e 100644
+--- a/system.c
++++ b/system.c
+@@ -46,6 +46,8 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
+ 	[VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
+ 	[VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
+ 	[VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
++	[VXLAN_DATA_ATTR_AGEING] = { .name = "ageing", .type = BLOBMSG_TYPE_INT32 },
++	[VXLAN_DATA_ATTR_LIMIT] = { .name = "maxaddress", .type = BLOBMSG_TYPE_INT32 },
+ };
+ 
+ const struct uci_blob_param_list vxlan_data_attr_list = {
+diff --git a/system.h b/system.h
+index 290c2e5..52161a8 100644
+--- a/system.h
++++ b/system.h
+@@ -52,6 +52,8 @@ enum vxlan_data {
+ 	VXLAN_DATA_ATTR_L2MISS,
+ 	VXLAN_DATA_ATTR_L3MISS,
+ 	VXLAN_DATA_ATTR_GBP,
++	VXLAN_DATA_ATTR_AGEING,
++	VXLAN_DATA_ATTR_LIMIT,
+ 	__VXLAN_DATA_ATTR_MAX
+ };
+ 
+-- 
+2.30.0
+
+-- 
+2.30.0
+