From patchwork Wed Dec 2 10:08:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick X-Patchwork-Id: 1409607 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=systemli.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CmFB71pRRz9s0b for ; Wed, 2 Dec 2020 21:11:42 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=wi6+oV2iF7flERZcIT3KsNRkvQfLpcKWM6c3Wj9v3bg=; b=dYchWGnkIlFddyNLCHvC4lCbiO tYqAnZvPSU7+QuSozRjuYzFfDIOGEIyg+a+aOkVrpk91H/GjC3RFH2wuE2563jG6CtR7KVevkc6RS NHWEvawfz8FWpPqMxs96IVsRj3GAmCxIdYn0CFNWdr3t0QpJE82xpmq4qGPAAC91kywZDhi8kO9zS fZB7XtMVilbLq+67zR1QD/VyTTE90U8dR2FH52bw64XXxE1GUH6RRBLVvLYCFw8B1mBLiaUR2risg xj5P8E0fRgk8avQPadpdXkqtgvyl+a4Xbs24SXcvhVMGuDykuCcERWOiOijBeMMo3g5MguoJBNRnv BoYs5DbQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kkP4B-00087Y-53; Wed, 02 Dec 2020 10:08:55 +0000 Received: from mail1.systemli.org ([212.103.72.247]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kkP48-00086j-2Z for openwrt-devel@lists.openwrt.org; Wed, 02 Dec 2020 10:08:53 +0000 From: vincent@systemli.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org; s=default; t=1606903723; bh=6UCCLBFNYa2II66frOV8doXy5yTt3Jm7gu/oJPOZPr8=; h=From:To:Cc:Subject:Date:From; b=Q/IrNavJ4Pgzsv0gUwt/KL/atZPJueMKiHu6rEnzTlvCkkvlG/ao78R9deMCsywD1 8TL4Tecy2urjqgSKCWspk1Kzb9EZk4QLuW5bUcGyFdQp1X7QT79pi4vptbxq0r910N 9RDPafCDNfJxfJBnKk3lgTS70FFKaoohFljkoQpED2yM7VUwvTZR7+HzbhWWGFMfjd 4TFYoOZdG8kObK/bulytPI8cQnnJSCVhz7J1uOHjo1R0PcBTDXqFa8guTUpwmyM17k pDsYOvy/CUHLQfVFUCKhjcJMA8aP8g8AdH+9Sm+tWzh5iUrSNhjSJ+UNEGxVPJg1P1 8ahsOe8x7SDQQ== To: openwrt-devel@lists.openwrt.org Subject: [PATCH] netifd: add segment routing support Date: Wed, 2 Dec 2020 11:08:37 +0100 Message-Id: <20201202100837.142427-1-vincent@systemli.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201202_050852_493296_7C41347B X-CRM114-Status: GOOD ( 17.14 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [212.103.72.247 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Nick Hainke Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Nick Hainke seg6_enabled - Bool Accept or drop SR-enabled IPv6 packets on this interface. More Information: https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html Now you can set as interface option option seg6_enabled '1' It is not enough to turn on "seg6_enabled" on the interface. Further, we have to enable "/all/seg6_enabled". This means that a working config is "interface + all". Signed-off-by: Nick Hainke --- device.c | 21 +++++++++++++++++++++ device.h | 5 +++++ system-linux.c | 22 ++++++++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/device.c b/device.c index 3e2b5e9..fc64387 100644 --- a/device.c +++ b/device.c @@ -41,6 +41,7 @@ static const struct blobmsg_policy dev_attrs[__DEV_ATTR_MAX] = { [DEV_ATTR_TXQUEUELEN] = { .name = "txqueuelen", .type = BLOBMSG_TYPE_INT32 }, [DEV_ATTR_ENABLED] = { .name = "enabled", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_IPV6] = { .name = "ipv6", .type = BLOBMSG_TYPE_BOOL }, + [DEV_ATTR_SEG6_ENABLED] = { .name = "seg6_enabled", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_PROMISC] = { .name = "promisc", .type = BLOBMSG_TYPE_BOOL }, [DEV_ATTR_RPFILTER] = { .name = "rpfilter", .type = BLOBMSG_TYPE_STRING }, [DEV_ATTR_ACCEPTLOCAL] = { .name = "acceptlocal", .type = BLOBMSG_TYPE_BOOL }, @@ -228,6 +229,7 @@ device_merge_settings(struct device *dev, struct device_settings *n) (s->flags & DEV_OPT_MACADDR ? s->macaddr : os->macaddr), sizeof(n->macaddr)); n->ipv6 = s->flags & DEV_OPT_IPV6 ? s->ipv6 : os->ipv6; + n->seg6_enabled = s->flags & DEV_OPT_SEG6_ENABLED ? s->seg6_enabled : os->seg6_enabled; n->promisc = s->flags & DEV_OPT_PROMISC ? s->promisc : os->promisc; n->rpfilter = s->flags & DEV_OPT_RPFILTER ? s->rpfilter : os->rpfilter; n->acceptlocal = s->flags & DEV_OPT_ACCEPTLOCAL ? s->acceptlocal : os->acceptlocal; @@ -297,6 +299,11 @@ device_init_settings(struct device *dev, struct blob_attr **tb) s->flags |= DEV_OPT_IPV6; } + if ((cur = tb[DEV_ATTR_SEG6_ENABLED])) { + s->seg6_enabled = blobmsg_get_bool(cur); + s->flags |= DEV_OPT_SEG6_ENABLED; + } + if ((cur = tb[DEV_ATTR_PROMISC])) { s->promisc = blobmsg_get_bool(cur); s->flags |= DEV_OPT_PROMISC; @@ -826,6 +833,18 @@ device_init_pending(void) } } +bool +check_seg6_enabled(void) +{ + struct device *dev, *tmp; + bool seg6_enabled = false; + + avl_for_each_element_safe(&devices, dev, avl, tmp) { + seg6_enabled |= dev->settings.seg6_enabled; + } + return seg6_enabled; +} + static enum dev_change_type device_set_config(struct device *dev, struct device_type *type, struct blob_attr *attr) @@ -1035,6 +1054,8 @@ device_dump_status(struct blob_buf *b, struct device *dev) blobmsg_add_u32(b, "txqueuelen", st.txqueuelen); if (st.flags & DEV_OPT_IPV6) blobmsg_add_u8(b, "ipv6", st.ipv6); + if (st.flags & DEV_OPT_SEG6_ENABLED) + blobmsg_add_u8(b, "seg6_enabled", st.seg6_enabled); if (st.flags & DEV_OPT_PROMISC) blobmsg_add_u8(b, "promisc", st.promisc); if (st.flags & DEV_OPT_RPFILTER) diff --git a/device.h b/device.h index b2b18ab..645d8dc 100644 --- a/device.h +++ b/device.h @@ -53,6 +53,7 @@ enum { DEV_ATTR_SENDREDIRECTS, DEV_ATTR_NEIGHLOCKTIME, DEV_ATTR_ISOLATE, + DEV_ATTR_SEG6_ENABLED, __DEV_ATTR_MAX, }; @@ -106,6 +107,7 @@ enum { DEV_OPT_SENDREDIRECTS = (1 << 21), DEV_OPT_NEIGHLOCKTIME = (1 << 22), DEV_OPT_ISOLATE = (1 << 23), + DEV_OPT_SEG6_ENABLED = (1 << 24), }; /* events broadcasted to all users of a device */ @@ -172,6 +174,7 @@ struct device_settings { bool learning; bool unicast_flood; bool sendredirects; + bool seg6_enabled; bool isolate; }; @@ -319,4 +322,6 @@ device_set_disabled(struct device *dev, bool value) device_refresh_present(dev); } +bool check_seg6_enabled(void); + #endif diff --git a/system-linux.c b/system-linux.c index 1d5d232..3e2a017 100644 --- a/system-linux.c +++ b/system-linux.c @@ -304,6 +304,11 @@ static void system_set_disable_ipv6(struct device *dev, const char *val) system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val); } +static void system_set_seg6_enabled(struct device *dev, const char *val) +{ + system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", dev->ifname, val); +} + static void system_set_rpfilter(struct device *dev, const char *val) { system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val); @@ -509,6 +514,12 @@ static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t b dev->ifname, buf, buf_sz); } +static int system_get_seg6_enabled(struct device *dev, char *buf, const size_t buf_sz) +{ + return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", + dev->ifname, buf, buf_sz); +} + static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz) { return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", @@ -1572,6 +1583,11 @@ system_if_get_settings(struct device *dev, struct device_settings *s) s->flags |= DEV_OPT_IPV6; } + if (!system_get_seg6_enabled(dev, buf, sizeof(buf))) { + s->seg6_enabled = strtoul(buf, NULL, 0); + s->flags |= DEV_OPT_SEG6_ENABLED; + } + if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) { s->promisc = ifr.ifr_flags & IFF_PROMISC; s->flags |= DEV_OPT_PROMISC; @@ -1665,6 +1681,12 @@ system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned } if (s->flags & DEV_OPT_IPV6 & apply_mask) system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1"); + if (s->flags & DEV_OPT_SEG6_ENABLED & apply_mask) { + system_set_seg6_enabled(dev, s->seg6_enabled ? "1" : "0"); + struct device dummy = {.ifname="all"}; + bool seg6_enabled = check_seg6_enabled(); + system_set_seg6_enabled(&dummy, seg6_enabled ? "1" : "0"); + } if (s->flags & DEV_OPT_PROMISC & apply_mask) { if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0, !s->promisc ? IFF_PROMISC : 0) < 0)