From patchwork Mon Jul 27 22:38:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_Gr=C3=B6ber?= X-Patchwork-Id: 1337418 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=darkboxed.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=y8VkNpjf; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BFwqz10H3z9sTK for ; Tue, 28 Jul 2020 09:24:30 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=GPfo2jqgsAGfz1L7opOf2swIeK6qf+wdVq75ARF6Z5Y=; b=y8VkNpjfIhhcMA3aOdPIt6s92D 3LfDK5AbCuOtTAx4HEjGUmehkRND2x/+KplF4hnETNfnhBqUq32lbhuxZgw+tZp/IX4P316uuKBeD 8HhyrW/tLPmLhMc4gZdhAabDXl2fwwTTB1sf1zanJfeDGcuHvD7ZxANIj9ofsmug9b4ad4ZrNqmH8 PaTYtLJtUl3u43lzYGPMc7do05UgKr+9b8d4i0OpTJwxEYKBHmpevzQ1X/svf81VXSe0iqpJCGjli bpNklxP2U80YFWXTlp953Y44QkblwH/dfKCXkF6Ya/8wDjs8Um2kTjXOHg8eliEfQbTMLSZ3Q4Zov XUft/ROw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k0CRw-0007fB-0t; Mon, 27 Jul 2020 23:22:28 +0000 Received: from janet.servers.dxld.at ([2a01:4f8:201:89f4::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k0CRt-0007ei-KY for openwrt-devel@lists.openwrt.org; Mon, 27 Jul 2020 23:22:26 +0000 Received: from dxld by janet.servers.dxld.at with local (Exim 4.92) (envelope-from ) id 1k0C7d-000VOT-G2; Tue, 28 Jul 2020 01:01:29 +0200 From: dxld@darkboxed.org To: openwrt-devel@lists.openwrt.org Subject: [PATCH] wireguard: Make IPv6 addrs available for automatic prefix assignment Date: Tue, 28 Jul 2020 00:38:02 +0200 Message-Id: <20200727223800.79798-1-dxld@darkboxed.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200727_192225_697485_F90B5E5B X-CRM114-Status: GOOD ( 20.35 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Daniel_Gr=C3=B6ber?= , Felix Fietkau Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Daniel Gröber Currently when assigning IPv6 addresses with large prefixes to a wireguard interface, like config interface 'wg' option proto 'wireguard' list addresses 'fd::/48' and having, say, a LAN interface such as config interface 'lan' option proto 'static' option ip6assign '60' as is default the interface does not automatically receive the wg interface's prefix. For this to happen the proto needs to use proto_add_ipv6_prefix to register the fact that a prefix is available for assignment which is simple enough. Note that the addresses configured here usually include a non-zero host part but currently netifd handles this poorly when more than one interface should receive a sub-prefix. I'm including another one-line patch in netifd's patches/ dir for your testing convinence. --- This applies cleanly on both master and the 19.07 branch so I hope this can be applied there too. Also I'm not sure if I should send just the netifd patch to the list too? ...malise-prefix-address-using-netmask-.patch | 48 +++++++++++++++++++ .../utils/wireguard-tools/files/wireguard.sh | 1 + 2 files changed, 49 insertions(+) create mode 100644 package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch diff --git a/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch b/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch new file mode 100644 index 0000000000..bc599ee9ea --- /dev/null +++ b/package/network/config/netifd/patches/0001-interface-ip-Normalise-prefix-address-using-netmask-.patch @@ -0,0 +1,48 @@ +From 280d0b713cce731bc4516b16184c0b4c5af005d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20Gr=C3=B6ber?= +Date: Mon, 27 Jul 2020 22:52:28 +0200 +Subject: [PATCH] interface-ip: Normalise prefix address using netmask before + using it + +When a proto registers a prefix with an address which has bits outside the +netmask set this confuses the prefix-assignment code further down the line. + +For example if we have an interface with + + option ip6prefix fdff:ffff:ffff:ffff::1/48 + +and a couple with + + option ip6assign 64 + +then all these interfaces will be assigned fdff:ffff:ffff:ffff::1/64 which +is obviously wrong, they should at least have unique prefixes. + +What is happening here is that we simply OR the calculated assignment part +into the address in interface_set_prefix_address:961, like so: + + addr.addr.in6.s6_addr32[1] |= htonl(assignment->assigned); + +but we never masked the host address bits out of the address after parsing +it using inet_pton. To fix this we simply mask away the host bits in the +address before using it. +--- + interface-ip.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/interface-ip.c b/interface-ip.c +index 2e46f14..5cad5f7 100644 +--- a/interface-ip.c ++++ b/interface-ip.c +@@ -1284,6 +1284,8 @@ interface_ip_add_device_prefix(struct interface *iface, struct in6_addr *addr, + prefix->iface = iface; + INIT_LIST_HEAD(&prefix->assignments); + ++ clear_if_addr((union if_addr *)&prefix->addr, prefix->length); ++ + if (excl_addr) { + prefix->excl_addr = *excl_addr; + prefix->excl_length = excl_length; +-- +2.20.1 + diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index ccac34e45f..d977c2ba45 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -150,6 +150,7 @@ proto_wireguard_setup() { case "${address}" in *:*/*) proto_add_ipv6_address "${address%%/*}" "${address##*/}" + proto_add_ipv6_prefix "${address}" ;; *.*/*) proto_add_ipv4_address "${address%%/*}" "${address##*/}"