#include <string.h>
#include <stdlib.h>
#include <stdio.h>
+#include <libgen.h>
+#include <sys/stat.h>
#include <limits.h>
#include <arpa/inet.h>
#include <netinet/in.h>
+#ifdef linux
+#include <netinet/ether.h>
+#else
+#include <net/ethernet.h>
+#endif
+
#include "netifd.h"
#include "device.h"
#include "interface.h"
.params = route_attr,
};
+enum {
+ NEIGHBOR_INTERFACE,
+ NEIGHBOR_ADDRESS,
+ NEIGHBOR_MAC,
+ NEIGHBOR_PROXY,
+ NEIGHBOR_ROUTER,
+ __NEIGHBOR_MAX
+};
+
+static const struct blobmsg_policy neighbor_attr[__NEIGHBOR_MAX]={
+ [NEIGHBOR_INTERFACE]= { .name = "interface", .type = BLOBMSG_TYPE_STRING},
+ [NEIGHBOR_ADDRESS]= { .name = "ipaddr", .type = BLOBMSG_TYPE_STRING},
+ [NEIGHBOR_MAC]= { .name = "mac", .type = BLOBMSG_TYPE_STRING},
+ [NEIGHBOR_PROXY]= { .name = "proxy", .type = BLOBMSG_TYPE_BOOL},
+ [NEIGHBOR_ROUTER]= {.name = "router", .type = BLOBMSG_TYPE_BOOL},
+};
+
+const struct uci_blob_param_list neighbor_attr_list = {
+ .n_params = __NEIGHBOR_MAX,
+ .params = neighbor_attr,
+};
+
struct list_head prefixes = LIST_HEAD_INIT(prefixes);
static struct device_prefix *ula_prefix = NULL;
if (v6 != ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6))
continue;
- // Handle offlink addresses correctly
+ if (((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET4) &&
+ addr->point_to_point && a->in.s_addr == addr->point_to_point)
+ return true;
+
+ /* Handle offlink addresses correctly */
unsigned int mask = addr->mask;
if ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET6 &&
(addr->flags & DEVADDR_OFFLINK))
}
}
+void
+interface_ip_add_neighbor(struct interface *iface, struct blob_attr *attr, bool v6)
+{
+ struct interface_ip_settings *ip;
+ struct blob_attr *tb[__NEIGHBOR_MAX], *cur;
+ struct device_neighbor *neighbor;
+ int af = v6 ? AF_INET6: AF_INET;
+ struct ether_addr *ea;
+
+ blobmsg_parse(neighbor_attr, __NEIGHBOR_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr));
+
+ if (!iface) {
+ if ((cur = tb[NEIGHBOR_INTERFACE]) == NULL)
+ return;
+
+ iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node);
+
+ if (!iface)
+ return;
+
+ ip = &iface->config_ip;
+ } else
+ ip = &iface->proto_ip;
+
+ neighbor = calloc(1,sizeof(*neighbor));
+ if (!neighbor)
+ return;
+
+ neighbor->flags = v6 ? DEVADDR_INET6 : DEVADDR_INET4;
+
+ if ((cur = tb[NEIGHBOR_ADDRESS]) != NULL){
+ if (!inet_pton(af, blobmsg_data(cur), &neighbor->addr))
+ goto error;
+ } else
+ goto error;
+
+ if ((cur = tb[NEIGHBOR_MAC]) != NULL) {
+ neighbor->flags |= DEVNEIGH_MAC;
+ ea = ether_aton(blobmsg_data(cur));
+ if (!ea)
+ goto error;
+
+ memcpy(neighbor->macaddr, ea, 6);
+ }
+
+ if ((cur = tb[NEIGHBOR_PROXY]) != NULL)
+ neighbor->proxy = blobmsg_get_bool(cur);
+
+ if ((cur = tb[NEIGHBOR_ROUTER]) != NULL)
+ neighbor->router = blobmsg_get_bool(cur);
+
+ vlist_add(&ip->neighbor, &neighbor->node, neighbor);
+ return;
+
+error:
+ free(neighbor);
+}
+
void
interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6)
{
route->flags |= DEVROUTE_MTU;
}
- // Use source-based routing
+ /* Use source-based routing */
if ((cur = tb[ROUTE_SOURCE]) != NULL) {
char *saveptr, *source = alloca(blobmsg_data_len(cur));
memcpy(source, blobmsg_data(cur), blobmsg_data_len(cur));
if ((cur = tb[ROUTE_VALID]) != NULL) {
int64_t valid = blobmsg_get_u32(cur);
int64_t valid_until = valid + (int64_t)system_get_rtime();
- if (valid_until <= LONG_MAX && valid != 0xffffffffLL) // Catch overflow
+ if (valid_until <= LONG_MAX && valid != 0xffffffffLL) /* Catch overflow */
route->valid_until = valid_until;
}
offsetof(struct device_addr, flags));
}
+static int
+neighbor_cmp(const void *k1, const void *k2, void *ptr)
+{
+ const struct device_neighbor *n1 = k1, *n2 = k2;
+
+ return memcmp(&n1->addr, &n2->addr, sizeof(n2->addr));
+}
+
static int
route_cmp(const void *k1, const void *k2, void *ptr)
{
if (node_old) {
if (a_old->enabled && !keep) {
- //This is needed for source routing to work correctly. If a device
- //has two connections to a network using the same subnet, adding
- //only the network-rule will cause packets to be routed through the
- //first matching network (source IP matches both masks).
+ /*
+ * This is needed for source routing to work correctly. If a device
+ * has two connections to a network using the same subnet, adding
+ * only the network-rule will cause packets to be routed through the
+ * first matching network (source IP matches both masks)
+ */
if (a_old->policy_table)
interface_add_addr_rules(a_old, false);
return ip->enabled;
}
+static void
+interface_update_proto_neighbor(struct vlist_tree *tree,
+ struct vlist_node * node_new,
+ struct vlist_node *node_old)
+{
+ struct device *dev;
+ struct device_neighbor *neighbor_old, *neighbor_new;
+ struct interface_ip_settings *ip;
+ bool keep = false;
+
+ ip = container_of(tree, struct interface_ip_settings, neighbor);
+ dev = ip->iface->l3_dev.dev;
+
+ neighbor_old = container_of(node_old, struct device_neighbor, node);
+ neighbor_new = container_of(node_new, struct device_neighbor, node);
+
+ if (node_old && node_new) {
+ keep = (!memcmp(neighbor_old->macaddr, neighbor_new->macaddr, sizeof(neighbor_old->macaddr)) &&
+ (neighbor_old->proxy == neighbor_new->proxy) &&
+ (neighbor_old->router == neighbor_new->router));
+ }
+
+ if (node_old) {
+ if (!keep && neighbor_old->enabled)
+ system_del_neighbor(dev, neighbor_old);
+
+ free(neighbor_old);
+ }
+
+ if (node_new) {
+ if (!keep && ip->enabled)
+ if (system_add_neighbor(dev, neighbor_new))
+ neighbor_new->failed = true;
+
+ neighbor_new->enabled = ip->enabled;
+ }
+}
+
static void
interface_update_proto_route(struct vlist_tree *tree,
struct vlist_node *node_new,
addr.addr.in6 = assignment->addr;
addr.mask = assignment->length;
- addr.flags = DEVADDR_INET6 | DEVADDR_OFFLINK;
+ addr.flags = DEVADDR_INET6;
addr.preferred_until = prefix->preferred_until;
addr.valid_until = prefix->valid_until;
route.addr = addr.addr;
}
+ addr.flags |= DEVADDR_OFFLINK;
if (system_add_address(l3_downlink, &addr))
return;
int mtu_old = system_update_ipv6_mtu(l3_downlink, 0);
if (mtu > 0 && mtu_old != mtu) {
- if (system_update_ipv6_mtu(l3_downlink, mtu) < 0)
- netifd_log_message(L_WARNING, "Failed to set IPv6 mtu to %d"
+ if (system_update_ipv6_mtu(l3_downlink, mtu) < 0 && mtu < mtu_old)
+ netifd_log_message(L_WARNING, "Failed to set IPv6 mtu to %d "
"on interface '%s'\n", mtu, iface->name);
}
}
struct device_prefix_assignment *c;
struct interface *iface;
- // Delete all assignments
+ /* Delete all assignments */
while (!list_empty(&prefix->assignments)) {
c = list_first_entry(&prefix->assignments,
struct device_prefix_assignment, head);
if (!setup)
return;
- // End-of-assignment sentinel
+ /* End-of-assignment sentinel */
c = malloc(sizeof(*c) + 1);
if (!c)
return;
c->addr = in6addr_any;
list_add(&c->head, &prefix->assignments);
- // Excluded prefix
+ /* Excluded prefix */
if (prefix->excl_length > 0) {
const char name[] = "!excluded";
c = malloc(sizeof(*c) + sizeof(name));
iface->assignment_length > 64)
continue;
- // Test whether there is a matching class
+ /* Test whether there is a matching class */
if (!list_empty(&iface->assignment_classes)) {
bool found = false;
c->enabled = false;
memcpy(c->name, iface->name, namelen);
- // First process all custom assignments, put all others in later-list
+ /* First process all custom assignments, put all others in later-list */
if (c->assigned == -1 || !interface_prefix_assign(&prefix->assignments, c)) {
if (c->assigned != -1) {
c->assigned = -1;
refresh = hint;
}
+void interface_update_prefix_delegation(struct interface_ip_settings *ip)
+{
+ struct device_prefix *prefix;
+
+ vlist_for_each_element(&ip->prefix, prefix, node) {
+ interface_update_prefix_assignments(prefix, !ip->no_delegation);
+
+ if (ip->no_delegation) {
+ if (prefix->head.next)
+ list_del(&prefix->head);
+ } else
+ list_add(&prefix->head, &prefixes);
+ }
+}
static void
interface_update_prefix(struct vlist_tree *tree,
struct interface *iface;
if (node_old && node_new) {
- // Move assignments and refresh addresses to update valid times
+ /* Move assignments and refresh addresses to update valid times */
list_splice(&prefix_old->assignments, &prefix_new->assignments);
list_for_each_entry(c, &prefix_new->assignments, head)
prefix_new->valid_until != prefix_old->valid_until)
ip->iface->updated |= IUF_PREFIX;
} else if (node_new) {
- // Set null-route to avoid routing loops
+ /* Set null-route to avoid routing loops */
system_add_route(NULL, &route);
if (!prefix_new->iface || !prefix_new->iface->proto_ip.no_delegation)
interface_update_prefix_assignments(prefix_new, true);
} else if (node_old) {
- // Remove null-route
+ /* Remove null-route */
interface_update_prefix_assignments(prefix_old, false);
system_del_route(NULL, &route);
}
uint8_t length, time_t valid_until, time_t preferred_until,
struct in6_addr *excl_addr, uint8_t excl_length, const char *pclass)
{
+ union if_addr a = { .in6 = *addr };
+
if (!pclass)
pclass = (iface) ? iface->name : "local";
if (!prefix)
return NULL;
+ clear_if_addr(&a, length);
+
prefix->length = length;
- prefix->addr = *addr;
+ prefix->addr = a.in6;
prefix->preferred_until = preferred_until;
prefix->valid_until = valid_until;
prefix->iface = iface;
if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
continue;
- if (!blobmsg_check_attr(cur, NULL))
+ if (!blobmsg_check_attr(cur, false))
continue;
interface_add_dns_server(ip, blobmsg_data(cur));
if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
continue;
- if (!blobmsg_check_attr(cur, NULL))
+ if (!blobmsg_check_attr(cur, false))
continue;
interface_add_dns_search_domain(ip, blobmsg_data(cur));
}
static void
-__interface_write_dns_entries(FILE *f)
+__interface_write_dns_entries(FILE *f, const char *jail)
{
struct interface *iface;
struct {
if (iface->state != IFS_UP)
continue;
+ if (jail && (!iface->jail || strcmp(jail, iface->jail)))
+ continue;
+
if (vlist_simple_empty(&iface->proto_ip.dns_search) &&
vlist_simple_empty(&iface->proto_ip.dns_servers) &&
vlist_simple_empty(&iface->config_ip.dns_search) &&
}
void
-interface_write_resolv_conf(void)
+interface_write_resolv_conf(const char *jail)
{
- char *path = alloca(strlen(resolv_conf) + 5);
+ size_t plen = (jail ? strlen(jail) + 1 : 0 ) + strlen(resolv_conf) + 1;
+ char *path = alloca(plen);
+ char *dpath = alloca(plen);
+ char *tmppath = alloca(plen + 4);
FILE *f;
uint32_t crcold, crcnew;
- sprintf(path, "%s.tmp", resolv_conf);
- unlink(path);
- f = fopen(path, "w+");
+ if (jail) {
+ sprintf(path, "/tmp/resolv.conf-%s.d/resolv.conf.auto", jail);
+ strcpy(dpath, path);
+ dpath = dirname(dpath);
+ mkdir(dpath, 0755);
+ } else {
+ strcpy(path, resolv_conf);
+ }
+
+ sprintf(tmppath, "%s.tmp", path);
+ unlink(tmppath);
+ f = fopen(tmppath, "w+");
if (!f) {
D(INTERFACE, "Failed to open %s for writing\n", path);
return;
}
- __interface_write_dns_entries(f);
+ __interface_write_dns_entries(f, jail);
fflush(f);
rewind(f);
fclose(f);
crcold = crcnew + 1;
- f = fopen(resolv_conf, "r");
+ f = fopen(path, "r");
if (f) {
crcold = crc32_file(f);
fclose(f);
}
if (crcold == crcnew) {
- unlink(path);
- } else if (rename(path, resolv_conf) < 0) {
- D(INTERFACE, "Failed to replace %s\n", resolv_conf);
- unlink(path);
+ unlink(tmppath);
+ } else if (rename(tmppath, path) < 0) {
+ D(INTERFACE, "Failed to replace %s\n", path);
+ unlink(tmppath);
}
}
{
struct device_addr *addr;
struct device_route *route;
+ struct device_neighbor *neighbor;
struct device *dev;
struct interface *iface;
if (!enable_route(ip, route))
_enabled = false;
-
if (route->enabled == _enabled)
continue;
route->enabled = _enabled;
}
+ vlist_for_each_element(&ip->neighbor, neighbor, node) {
+ if (neighbor->enabled == enabled)
+ continue;
+
+ if (enabled) {
+ if(system_add_neighbor(dev, neighbor))
+ neighbor->failed = true;
+ } else
+ system_del_neighbor(dev, neighbor);
+
+ neighbor->enabled = enabled;
+ }
+
struct device_prefix *c;
struct device_prefix_assignment *a;
list_for_each_entry(c, &prefixes, head)
vlist_update(&ip->route);
vlist_update(&ip->addr);
vlist_update(&ip->prefix);
+ vlist_update(&ip->neighbor);
}
void
vlist_flush(&ip->route);
vlist_flush(&ip->addr);
vlist_flush(&ip->prefix);
- interface_write_resolv_conf();
+ vlist_flush(&ip->neighbor);
+ interface_write_resolv_conf(ip->iface->jail);
}
void
vlist_simple_flush_all(&ip->dns_search);
vlist_flush_all(&ip->route);
vlist_flush_all(&ip->addr);
+ vlist_flush_all(&ip->neighbor);
vlist_flush_all(&ip->prefix);
}
vlist_simple_init(&ip->dns_search, struct dns_search_domain, node);
vlist_simple_init(&ip->dns_servers, struct dns_server, node);
vlist_init(&ip->route, route_cmp, interface_update_proto_route);
+ vlist_init(&ip->neighbor, neighbor_cmp, interface_update_proto_neighbor);
vlist_init(&ip->addr, addr_cmp, interface_update_proto_addr);
vlist_init(&ip->prefix, prefix_cmp, interface_update_prefix);
}