From patchwork Sat Dec 12 20:50:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick X-Patchwork-Id: 1415470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=systemli.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CtfyQ3bxGz9sSf for ; Sun, 13 Dec 2020 07:53:48 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=9blC5VMzyn7g+b6I5S8V2yE7EIsOcGMyQRS79Mwvoqw=; b=rtgXkYrpaMX2KUeqeAD8SxRgfW kbAYag4INJIhAPwfAi5YE29eGgdP3rH+dvt5wy5LeDxmnNHcUAqQ2p88RgR5YRuVV1xWqasFXFfsl 7lsiW6R5hr516YpJ8tgdfoeQqay9VWb+RwCQow7q112vhLMBlq+oTkaegTnYz417RBXa7HvoD1P5G K4vZkThAk0YEdOSavepBULov/A0xxUu22O3NVe4oMnJWXtPNhDnrvGcA5BHADf7g9XT/+iUj0Csmm ueosMYZ7nJcZWbZzg5hfu6EfwgUIipmKHLLbtnSM3BohzJtaX+dV40O7KlNaDvM3YRiW7QX2KzLGp 6uTQXZMw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1koBrF-0005BA-PB; Sat, 12 Dec 2020 20:51:13 +0000 Received: from mail1.systemli.org ([2a00:c38:11e:ffff::a032]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1koBr9-0005Aj-RK for openwrt-devel@lists.openwrt.org; Sat, 12 Dec 2020 20:51:11 +0000 From: vincent@systemli.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org; s=default; t=1607806259; bh=VJ/nO89zLh/RNrMb4d5AsVBCRS2i5Sr/TeDpP2krKDE=; h=From:To:Cc:Subject:Date:From; b=GW7W52IPRGVfneYl5Qpa3BAy10Hs+x6TtAvETcDRj1DPk5fUTTo3X2PrGHJULD6so BJO9E+FIQL1bW/E5ZD5C6bOuIhzzpSrGD88dX6uf/lhlwTVWu54yTO6ml/FBQ32vdC W8WexbhXO+cdxcDpk+IEr6jiInKuk+kYQJ2/b0qZ1tdcwqKlLKeYhKF3VNaJds/pS2 aO42/6xCvHilksFtLznGw1o+s57oRRIE6Y93toPv4Nj0+HL4dTSU8OPZAvlwilsafn OjZuZiPqaT8Buap0/cDTmgYKMzYAmgtHJtZD6VRIkz8DSh0YB/LvUaY04M/Zwrn0hN di4X5LdgA20Vw== To: openwrt-devel@lists.openwrt.org Subject: [PATCH] netifd: add segment routing support Date: Sat, 12 Dec 2020 21:50:53 +0100 Message-Id: <20201212205053.2807651-1-vincent@systemli.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201212_155108_278282_161AAAE3 X-CRM114-Status: GOOD ( 17.19 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Nick Hainke Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Nick Hainke seg6_enabled - Bool Accept or drop SR-enabled IPv6 packets on this interface. More Information: https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html Now you can set as interface option option ip6segmentrouting '1' It is not enough to turn on "seg6_enabled" on the interface. Further, we have to enable "/all/seg6_enabled". This means that a working config is "interface + all". Signed-off-by: Nick Hainke --- device.c | 21 +++++++++++++++++++++ device.h | 5 +++++ system-linux.c | 22 ++++++++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/device.c b/device.c index 73cc4bf..7145788 100644 --- a/device.c +++ b/device.c @@ -36,6 +36,7 @@ static const struct blobmsg_policy dev_attrs[__DEV_ATTR_MAX] = { [DEV_ATTR_TXQUEUELEN] = { .name = "txqueuelen", .type = BLOBMSG_TYPE_INT32 }, [DEV_ATTR_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_IPV6] = { .name = "ipv6", .type = BLOBMSG_TYPE_BOOL }, + [DEV_ATTR_IP6SEGMENTROUTING] = { .name = "ip6segmentrouting", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_PROMISC] = { .name = "promisc", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_RPFILTER] = { .name = "rpfilter", .type = BLOBMSG_TYPE_STRING }, [DEV_ATTR_ACCEPTLOCAL] = { .name = "acceptlocal", .type = BLOBMSG_TYPE_BOOL }, @@ -230,6 +231,7 @@ device_merge_settings(struct device *dev, struct device_settings *n) (s->flags & (DEV_OPT_MACADDR|DEV_OPT_DEFAULT_MACADDR) ? s->macaddr : os->macaddr), sizeof(n->macaddr)); n->ipv6 = s->flags & DEV_OPT_IPV6 ? s->ipv6 : os->ipv6; + n->ip6segmentrouting = s->flags & DEV_OPT_IP6SEGMENTROUTING ? s->ip6segmentrouting : os->ip6segmentrouting; n->promisc = s->flags & DEV_OPT_PROMISC ? s->promisc : os->promisc; n->rpfilter = s->flags & DEV_OPT_RPFILTER ? s->rpfilter : os->rpfilter; n->acceptlocal = s->flags & DEV_OPT_ACCEPTLOCAL ? s->acceptlocal : os->acceptlocal; @@ -299,6 +301,11 @@ device_init_settings(struct device *dev, struct blob_attr **tb) s->flags |= DEV_OPT_IPV6; } + if ((cur = tb[DEV_ATTR_IP6SEGMENTROUTING])) { + s->ip6segmentrouting = blobmsg_get_bool(cur); + s->flags |= DEV_OPT_IP6SEGMENTROUTING; + } + if ((cur = tb[DEV_ATTR_PROMISC])) { s->promisc = blobmsg_get_bool(cur); s->flags |= DEV_OPT_PROMISC; @@ -844,6 +851,18 @@ device_init_pending(void) } } +bool +check_ip6segmentrouting(void) +{ + struct device *dev, *tmp; + bool ip6segmentrouting = false; + + avl_for_each_element_safe(&devices, dev, avl, tmp) { + ip6segmentrouting |= dev->settings.ip6segmentrouting; + } + return ip6segmentrouting; +} + static enum dev_change_type device_set_config(struct device *dev, struct device_type *type, struct blob_attr *attr) @@ -1053,6 +1072,8 @@ device_dump_status(struct blob_buf *b, struct device *dev) blobmsg_add_u32(b, "txqueuelen", st.txqueuelen); if (st.flags & DEV_OPT_IPV6) blobmsg_add_u8(b, "ipv6", st.ipv6); + if (st.flags & DEV_OPT_IP6SEGMENTROUTING) + blobmsg_add_u8(b, "ip6segmentrouting", st.ip6segmentrouting); if (st.flags & DEV_OPT_PROMISC) blobmsg_add_u8(b, "promisc", st.promisc); if (st.flags & DEV_OPT_RPFILTER) diff --git a/device.h b/device.h index ab5a162..6ee439d 100644 --- a/device.h +++ b/device.h @@ -53,6 +53,7 @@ enum { DEV_ATTR_SENDREDIRECTS, DEV_ATTR_NEIGHLOCKTIME, DEV_ATTR_ISOLATE, + DEV_ATTR_IP6SEGMENTROUTING, __DEV_ATTR_MAX, }; @@ -107,6 +108,7 @@ enum { DEV_OPT_SENDREDIRECTS = (1 << 21), DEV_OPT_NEIGHLOCKTIME = (1 << 22), DEV_OPT_ISOLATE = (1 << 23), + DEV_OPT_IP6SEGMENTROUTING = (1 << 24), }; /* events broadcasted to all users of a device */ @@ -173,6 +175,7 @@ struct device_settings { bool learning; bool unicast_flood; bool sendredirects; + bool ip6segmentrouting; bool isolate; }; @@ -320,4 +323,6 @@ device_set_disabled(struct device *dev, bool value) device_refresh_present(dev); } +bool check_ip6segmentrouting(void); + #endif diff --git a/system-linux.c b/system-linux.c index bf746f9..53a02e9 100644 --- a/system-linux.c +++ b/system-linux.c @@ -304,6 +304,11 @@ static void system_set_disable_ipv6(struct device *dev, const char *val) system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val); } +static void system_set_ip6segmentrouting(struct device *dev, const char *val) +{ + system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", dev->ifname, val); +} + static void system_set_rpfilter(struct device *dev, const char *val) { system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val); @@ -509,6 +514,12 @@ static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t b dev->ifname, buf, buf_sz); } +static int system_get_ip6segmentrouting(struct device *dev, char *buf, const size_t buf_sz) +{ + return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", + dev->ifname, buf, buf_sz); +} + static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz) { return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", @@ -1572,6 +1583,11 @@ system_if_get_settings(struct device *dev, struct device_settings *s) s->flags |= DEV_OPT_IPV6; } + if (!system_get_ip6segmentrouting(dev, buf, sizeof(buf))) { + s->ip6segmentrouting = strtoul(buf, NULL, 0); + s->flags |= DEV_OPT_IP6SEGMENTROUTING; + } + if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) { s->promisc = ifr.ifr_flags & IFF_PROMISC; s->flags |= DEV_OPT_PROMISC; @@ -1667,6 +1683,12 @@ system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned } if (apply_mask & DEV_OPT_IPV6) system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1"); + if (s->flags & DEV_OPT_IP6SEGMENTROUTING & apply_mask) { + system_set_ip6segmentrouting(dev, s->ip6segmentrouting ? "1" : "0"); + struct device dummy = {.ifname="all"}; + bool ip6segmentrouting = check_ip6segmentrouting(); + system_set_ip6segmentrouting(&dummy, ip6segmentrouting ? "1" : "0"); + } if (apply_mask & DEV_OPT_PROMISC) { if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0, !s->promisc ? IFF_PROMISC : 0) < 0)