dce388fdc7
c3cdc53164 ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
e07ee06aad ar71xx: QCA956X: add missing register
7bc25dfa63 mvebu: fix mvneta build with Linux 4.4.110
541a1a7ff5 lantiq: activate noise margin delta for VDSL too
dea8979a81 Lantiq: make possible to tweak DSL SRN from UCI
9934231670 libubox: update to latest lede-17.01 git HEAD
7f5a040359 kernel: update kernel 4.4 to version 4.4.110
ddedcb19e5 brcm47xx: relocate the stack in loader
da43069f5b brcm47xx: relocate loader to higher address
f19416ae9d fstools: backport fix from master branch
55c23e44f4 procd: update to latest git HEAD
ffbbcc9b34 brcm47xx: image: build firmware for Asus WL-500g Deluxe
0426596453 Revert "iptables: fix nftables compile issue (FS#711)"
da126d557c iptables: fix nftables compile issue (FS#711)
473e994571 rpcd: backport version 2017-12-07 from master
b833944eb2 uci: update to HEAD of lede-17.01 branch
dca4dfacf2 iproute2: cake: fix patch format error
ee55629a30 kernel: bump 4.4 to 4.4.108 for 17.01
c4e9487cf5 iproute2: cake: support new operating modes for 17.01
4f1dca9eca kmod-sched-cake: bump to latest bake of cake for 17.01
959a49dc15 ramips: fix widora neo diag led
a1908023cc base-files: fix logic when to show failsafe banner
1c9299877b base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
2603c85060 wireguard: bump to 20171221
f8a441e020 kernel: bump 4.4 to 4.4.107
ceea0ac25d wireguard: bump to 20171211
ebb54740c7 brcm47xx: remove target specific network preinit config
b41d154f50 rules.mk: export TMPDIR
e719a08cc1 usbutils: Update usb.ids file to latest
4cfcfecf76 hostapd: remove unused local var declaration
796bc21023 hostapd: don't set htmode for wpa_supplicant
50147d41b9 libnl-tiny: use fixed message size instead of using the page size
0625814426 packages: nvram: fix memory leak in _nvram_free
0f175041ad mac80211: don't pass the hostapd ctrl iface in adhoc
05f0fac189 hostapd: explicitly set beacon interval for wpa_supplicant
7f78a86254 hostapd: set mcast_rate in mesh mode
c315843f88 igmpproxy: remove firewall rules when service is stopped
91e48304a9 openvpn: add support to start/stop single instances
e5c284bb81 package/elfutils: add CFLAG -Wno-format-nonliteral
dde29b2b01 tools/coreutils: install readlink
2f75641b1f uhttpd: fix query string handling
79024cd3be openssl: fix cryptodev config dependency
bead60c2d3 uqmi: replace legacy command invoke with newer type
5872c19c63 procd: Always tell cmake whether to include seccomp support or not
cd901ef1a6 libunwind: disable building with ssp
1aedf2f149 tools/squashfs: use host cflags
7fa70027d4 ppp: make the patches apply correctly again
d63eb474b3 ppp: fix compile warning
9bd667fc24 dropbear: fix PKG_CONFIG_DEPENDS
9d1bfb8f4d dropbear: make ssh compression support configurable
ed4f4f1a8e procd: Install seccomp-trace symlink
77e79b2dd0 openvpn: update to 2.4.4
5beb0abc83 build: remove @ as it's causing an error
eff1f7e7ef usbutils: avoid duplicating the git revision
9cf371c1f4 dnsmasq: Pass TARGET_CPPFLAGS to Makefile
2f80d84638 wwan: json format in some modem definitions
c61cf4a447 base-files: add /etc/profile.d to conffiles
bdc998c696 base-files: order conffiles alphabetically
c58e824acc procd: mdns: Support txt values with spaces
aaa73fea36 ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
b69ea02a00 scripts/dowload.pl: use glob to expand target dir
80a22eee4b samba36: Remove syslog and load printers lines.
71797b6eca samba36: Don't resolve interfaces.
1458bc2d9c samba36: Remove guest ok since LuCI configures it.
f0065554b2 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
2b88309335 nvram: add help message for nvram magic not found
118a2ea0bc nvram: improve argument check when program start
c446ee4ad4 nvram: add usage() function
9e84d333b1 nvram: fix memory leak
3b6b892d67 ca-certificates: Update to 20170717
23b9dc2eca base-files: drop unused preinit_echo function
ca7c9db47f tools/pkg-config: Update to 0.29.2
75d8127338 base-files: suppress uci not found output in login.sh
b616aa6db7 scripts/package-metadata.pl: inhibit compile deps on missing build types
2e1a87a3e1 build: bundle-libraries.sh: do not override argv[0] in inner exec calls
a37f8b0c6e samba36: Remove legacy options
89c4f47caa scripts/download.pl: Adjust URLs
338968a170 build: fix invocation of bundled ld.so in SDK and Imagebuilder
0a976262a5 kmod-sched-cake: drop maintainer
610e2afdcc zlib: use default Build/Configure rule
cf11a41af6 lzo: use default Build/Configure rule
c86490605c netfilter: add iptables-mod-rpfilter package
ea23ba9a25 bzip2: add symlink to binary
d413c75d24 dropbear: add option to set max auth tries
8693ab5152 dropbear: server support option '-T' max auth tries
0e6a6c8487 hostapd: configure NAS ID regardless of encryption
ef3649d90e hostapd: add acct_interval option
3027a68093 valgrind: bump to 3.13.0
3129db331c busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
86158ad37d libunwind: update to version 1.2.1
59004433e9 imagebuilder: don't rewrite package list output
74eeb07817 imagebuilder: clean package_list
7f3f2bc03b build: remove old kernel-headers build directories
c7234e3036 imagebuilder: add package_list function
9c3e4b5434 base-files: board.json's switch reset means existence, not argument
7d1f4073ce gdb: remove Build/Compile rule ; default one works
9a99039989 rb532: enable high-res timers, refresh kernel config
e802cbfc25 xburst: enable high-res timers, refresh kernel config
e01367e3af kernel: add CONFIG_SCHED_HRTICK=y to the generic config
6e1e2e7b96 package/grub2: update to 2.02
13a5568d6e ip17xx: correct aneg_done return value
816fb3433b mvswitch: fix autonegotiation issue
41ee45428b ppp: propagate master firewall zone to dynamic slave interface
a44c44077e usbmode: remove devices with unsupported modes
e8bd0a606a tar: override symlink permissions
59a1c1675d tools/sparse: Update to snapshot 2017-03-31
a6e5943a2a elfutils: Pass -Wno-unused-result to silence warnings as errors
08070221ed gcc: fix documentation entries added by 910-mbsd_multi.patch
ef43c04c34 scripts/download.pl: print the command used to download files
6e09b20563 tools/libressl: update to 2.5.4
08be74f699 tools/isl: update to 0.18
26ea59cd01 lldpd: bump to 0.9.7
444b64f533 libunwind: update to 1.2
e5612d6640 lantiq: spi: double time out tolerance
28c350f2f0 base-files: fix default procd reload
108a42bcba ramips: support jumbo frame on mt7621 up to 2k
8d4c047dd1 lldpd: drop specific respawn params [use system-wide]
8ee15ed61a elfutils: bump to 0.169
9754a9c606 devel/trace-cmd: Update to 2.6.1
79def69047 comgt-3g: enable modem before to setpin
070463fb61 devel/strace: Update to 4.16
67caf6bbce network/utils/ipset: Update to 6.32
f0a493160c mac80211: gracefully handle preexisting VIF
827f108b42 scripts: Probe external toolchains for libthread-db
bb9eb2c96e build: new fixes for symlinked .config handling
4607007a86 build: allow val.% targets to bypass the prepare steps
90575776b7 x86: keep /boot mounted for kexec
6b9eb0c73a hostapd: fix reload frequency change patch
040ff6fdbd build: remove absolute path to perl and replace with /usr/bin/env perl
98588273b1 kernel: allow selecting RTC drivers on targets without explicit RTC support
f30114c7c4 dropbear: fix procd interface trigger install
3e7f191008 include/packages-defaults.mk: Remove LARGEFILE option
a1392e08c5 netifd: return error status in reload_service
10182cb2c6 grub2: update to 2.02~rc2
38ea91ea9a base-files: use restart if no reload hook for service
9b24d99b91 iproute2: add libgenl.h and ll_map.h to InstallDev section
94597229c3 busybox: fix installation of cron and ntpd scripts in the default config
9ce30f7175 kernel: move initramfs's init script out of base-files
c8a0f3aa29 target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
977db9f08a scripts/download.pl: fix error message on hash mismatch
7fb03d9610 netifd: fix fw3 warnings in dhcp script
f69d73f1b2 build: allow specifying flow-control to grub on serial console
91821c8c0b kexec-tools: get kexec running on MUSL and x86 hardware
affff02798 busybox: don't install NTP scripts if NTP isn't configured
7ccfa826ee ar8327: Add workarounds for AR8337 switch.
0aafbf6c00 build: fix STAMP_PREPARED with quilt
80304ace58 lantiq: remove lantiq_board_model, it is unused
8be5b12ea1 lantiq: remove lantiq_board_name, use the generic function instead
0f0d742ae3 lantiq: move lantiq_board_detect() to 03_preinit_board.sh
f173464f13 base-files: add generic board_name function to functions.sh
62a8252a0f mac80211: Fix race condition leading to wifi interfaces not coming up at boot sometimes.
5f03ce1213 scripts: only generate config from feature flag if fully match
f7f69130e5 lzo: Update to 2.10
6ba0cc14e9 tools/coreutils: Update to 8.27
100553d605 tools/libressl: Update to 2.5.1
25fe034861 tools/dosfstools: Update to 4.1
ed4976d884 tools/sed: Update to 4.4
7263e3cdca lldpd: bump to 0.9.6
3225fbfcbf x86: image: drop duplicated copy of bzImage into vmlinuz
37aae44a47 libnl: Fix building with uClibc
950439234e toolchain: add musl libc.so to external toolchain
cfb5a550e4 iwcap: fix handling kill signal during dump
1411493569 x86: image: drop unneeded grub call
58e0c0feec x86: image: drop unused ROOTDELAY variable
05f0b8d18b ccache: update to 3.3.4
15efa09507 base-files: add submission service port
56b9f0ffc0 procd.sh: use parameterized respawn values
28c9731984 toolchain: Allow external toolchains to specify libthread-db
2dd9b62f82 rssileds: Fix build with external toolchains
2d31ec4c1b adb: Also pass TARGET_CPPFLAGS
ec395eeb17 swconfig: Link with libubox
c6dd059a9a px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS
12b811a609 omcproxy: Update to latest HEAD
1e3ff02ea5 bsdiff: Also pass down TARGET_CPPFLAGS
051a33e7c9 thc-ipv6: Allow overriding CFLAGS
a91d8dd162 tools/m4: update 1.4.18
acd481470c build: get rid of FIND_L from host.mk
11cd6077ba build: unsilence move command
903a404663 build: skip headers install and config on make target/linux/prepare
a7fc27edce build: make Host/Install/Default use Host/Compile/Default with an extra argument
94f079e338 build: Pass -iremap gcc option as a single argument
3056122bf7 toolchain/gcc: parallelize make install
a33b0ced78 toolchain/musl: parallelize make install
1d0f7e3136 imagebuilder: make submake invocations less verbose
bdb05f5ef5 gcc: remove obsolete uclibc patch
90a43e508e toolchain/gcc: reduce source directory size by about 420 MB
82615922b0 bcm53xx: suppress osafeloader info error messages during flashing
c566a9e563 toolchain: Broaden the executable loader pattern
3387158e45 build: Suffix build directory with _$(LIBC) for external toolchains
2428b6d6b6 tools/sstrip: Fix compile under standard linux.
50b478956a openssl: update to 1.0.2n
135aa3ba7e base-files: upgrade: make get_partitions() endian agnostic
207bcea1de cyassl: update to wolfssl 3.12.2 (1 CVE)
3bb881862b mdadm: fix parameter quoting
6c1b6e8221 mdadm: Fix config generation
4fc0fb3ca3 mdadm: Do not check RUN_DIR
157b892994 kernel: remove out of tree direct-io disable hack
adc9f935c3 utils/mdadm: Update to 4.0
8bf67f63b9 mdadm: extend uci config support
4af145ea67 rules.mk: make PKG_CONFIG_DEPENDS properly track string values
2b664499cd kernel: bump 4.4 to 4.4.103 for 17.01
ed82c52a4a uqmi: also try newer pin verification
b41a2e646e opkg: bump to version 2017-12-08
f5f5f583f9 hostapd: backport fix for wnm_sleep_mode=0
19ebc19f54 hostapd: Expose the tdls_prohibit option to UCI
3590316121 dnsmasq: backport infinite dns retries fix
060b7f1fbb curl: apply CVE 2017-8816 and 2017-8817 security patches
4b5861c47d mt76: update to the latest version
f19d47f848 tools: patch various gnu tools for macOS 10.13
e5a10bc0fc samba36: backport an upstream fix for an information leak (CVE-2017-15275)
d77fe9219a ramips: backport MT7628 pinmux fixes
9601e6a0e2 ramips: add missing reset button for Nexx WT1520
0946ec0f46 wireguard: bump to snapshot 20171127
437 lines
16 KiB
Diff
437 lines
16 KiB
Diff
From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
Date: Wed, 21 Jun 2017 00:54:57 +0200
|
|
Subject: generic: vxlan: backport support for VXLAN over link-local IPv6
|
|
|
|
diff --git a/target/linux/generic/patches-4.4/075-0001-vxlan-improve-validation-of-address-family-configura.patch b/target/linux/generic/patches-4.4/075-0001-vxlan-improve-validation-of-address-family-configura.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..439eb5d0f769f1cde23ff4deacc80728e82605f2
|
|
--- /dev/null
|
|
+++ b/target/linux/generic/patches-4.4/075-0001-vxlan-improve-validation-of-address-family-configura.patch
|
|
@@ -0,0 +1,68 @@
|
|
+From 434a1bb54b24b538f81d7945128b7ca25976d19b Mon Sep 17 00:00:00 2001
|
|
+Message-Id: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Date: Mon, 19 Jun 2017 10:03:57 +0200
|
|
+Subject: [PATCH 1/4] vxlan: improve validation of address family configuration
|
|
+
|
|
+Address families of source and destination addresses must match, and
|
|
+changelink operations can't change the address family.
|
|
+
|
|
+In addition, always use the VXLAN_F_IPV6 to check if a VXLAN device uses
|
|
+IPv4 or IPv6.
|
|
+
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
+[Matthias Schiffer: rebase to v4.4.y]
|
|
+---
|
|
+ drivers/net/vxlan.c | 23 +++++++++++++++--------
|
|
+ 1 file changed, 15 insertions(+), 8 deletions(-)
|
|
+
|
|
+--- a/drivers/net/vxlan.c
|
|
++++ b/drivers/net/vxlan.c
|
|
+@@ -2784,12 +2784,20 @@ static int vxlan_dev_configure(struct ne
|
|
+
|
|
+ memcpy(&dst->remote_ip, &conf->remote_ip, sizeof(conf->remote_ip));
|
|
+
|
|
+- /* Unless IPv6 is explicitly requested, assume IPv4 */
|
|
+- if (!dst->remote_ip.sa.sa_family)
|
|
++ if (!dst->remote_ip.sa.sa_family && !conf->saddr.sa.sa_family) {
|
|
++ /* Unless IPv6 is explicitly requested, assume IPv4 */
|
|
+ dst->remote_ip.sa.sa_family = AF_INET;
|
|
++ conf->saddr.sa.sa_family = AF_INET;
|
|
++ } else if (!dst->remote_ip.sa.sa_family) {
|
|
++ dst->remote_ip.sa.sa_family = conf->saddr.sa.sa_family;
|
|
++ } else if (!conf->saddr.sa.sa_family) {
|
|
++ conf->saddr.sa.sa_family = dst->remote_ip.sa.sa_family;
|
|
++ }
|
|
++
|
|
++ if (conf->saddr.sa.sa_family != dst->remote_ip.sa.sa_family)
|
|
++ return -EINVAL;
|
|
+
|
|
+- if (dst->remote_ip.sa.sa_family == AF_INET6 ||
|
|
+- vxlan->cfg.saddr.sa.sa_family == AF_INET6) {
|
|
++ if (conf->saddr.sa.sa_family == AF_INET6) {
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
+ return -EPFNOSUPPORT;
|
|
+ use_ipv6 = true;
|
|
+@@ -2843,11 +2851,9 @@ static int vxlan_dev_configure(struct ne
|
|
+
|
|
+ list_for_each_entry(tmp, &vn->vxlan_list, next) {
|
|
+ if (tmp->cfg.vni == conf->vni &&
|
|
+- (tmp->default_dst.remote_ip.sa.sa_family == AF_INET6 ||
|
|
+- tmp->cfg.saddr.sa.sa_family == AF_INET6) == use_ipv6 &&
|
|
+ tmp->cfg.dst_port == vxlan->cfg.dst_port &&
|
|
+- (tmp->flags & VXLAN_F_RCV_FLAGS) ==
|
|
+- (vxlan->flags & VXLAN_F_RCV_FLAGS))
|
|
++ (tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) ==
|
|
++ (vxlan->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)))
|
|
+ return -EEXIST;
|
|
+ }
|
|
+
|
|
+@@ -2915,6 +2921,7 @@ static int vxlan_newlink(struct net *src
|
|
+
|
|
+ if (data[IFLA_VXLAN_GROUP]) {
|
|
+ conf.remote_ip.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_GROUP]);
|
|
++ conf.remote_ip.sa.sa_family = AF_INET;
|
|
+ } else if (data[IFLA_VXLAN_GROUP6]) {
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
+ return -EPFNOSUPPORT;
|
|
diff --git a/target/linux/generic/patches-4.4/075-0002-vxlan-check-valid-combinations-of-address-scopes.patch b/target/linux/generic/patches-4.4/075-0002-vxlan-check-valid-combinations-of-address-scopes.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..abf9b8a0eae88aa5a64be5cc82a6827d4d562c55
|
|
--- /dev/null
|
|
+++ b/target/linux/generic/patches-4.4/075-0002-vxlan-check-valid-combinations-of-address-scopes.patch
|
|
@@ -0,0 +1,84 @@
|
|
+From 8956b9db43347a51e88dddc3c08fb88ff60dea54 Mon Sep 17 00:00:00 2001
|
|
+Message-Id: <8956b9db43347a51e88dddc3c08fb88ff60dea54.1498005061.git.mschiffer@universe-factory.net>
|
|
+In-Reply-To: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+References: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Date: Mon, 19 Jun 2017 10:03:58 +0200
|
|
+Subject: [PATCH 2/4] vxlan: check valid combinations of address scopes
|
|
+
|
|
+* Multicast addresses are never valid as local address
|
|
+* Link-local IPv6 unicast addresses may only be used as remote when the
|
|
+ local address is link-local as well
|
|
+* Don't allow link-local IPv6 local/remote addresses without interface
|
|
+
|
|
+We also store in the flags field if link-local addresses are used for the
|
|
+follow-up patches that actually make VXLAN over link-local IPv6 work.
|
|
+
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
+[Matthias Schiffer: rebase to v4.4.y]
|
|
+---
|
|
+ drivers/net/vxlan.c | 29 +++++++++++++++++++++++++++++
|
|
+ include/net/vxlan.h | 1 +
|
|
+ 2 files changed, 30 insertions(+)
|
|
+
|
|
+--- a/drivers/net/vxlan.c
|
|
++++ b/drivers/net/vxlan.c
|
|
+@@ -2797,11 +2797,35 @@ static int vxlan_dev_configure(struct ne
|
|
+ if (conf->saddr.sa.sa_family != dst->remote_ip.sa.sa_family)
|
|
+ return -EINVAL;
|
|
+
|
|
++ if (vxlan_addr_multicast(&conf->saddr))
|
|
++ return -EINVAL;
|
|
++
|
|
+ if (conf->saddr.sa.sa_family == AF_INET6) {
|
|
+ if (!IS_ENABLED(CONFIG_IPV6))
|
|
+ return -EPFNOSUPPORT;
|
|
+ use_ipv6 = true;
|
|
+ vxlan->flags |= VXLAN_F_IPV6;
|
|
++
|
|
++ if (!(conf->flags & VXLAN_F_COLLECT_METADATA)) {
|
|
++ int local_type =
|
|
++ ipv6_addr_type(&conf->saddr.sin6.sin6_addr);
|
|
++ int remote_type =
|
|
++ ipv6_addr_type(&dst->remote_ip.sin6.sin6_addr);
|
|
++
|
|
++ if (local_type & IPV6_ADDR_LINKLOCAL) {
|
|
++ if (!(remote_type & IPV6_ADDR_LINKLOCAL) &&
|
|
++ (remote_type != IPV6_ADDR_ANY))
|
|
++ return -EINVAL;
|
|
++
|
|
++ vxlan->flags |= VXLAN_F_IPV6_LINKLOCAL;
|
|
++ } else {
|
|
++ if (remote_type ==
|
|
++ (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL))
|
|
++ return -EINVAL;
|
|
++
|
|
++ vxlan->flags &= ~VXLAN_F_IPV6_LINKLOCAL;
|
|
++ }
|
|
++ }
|
|
+ }
|
|
+
|
|
+ if (conf->remote_ifindex) {
|
|
+@@ -2827,6 +2851,11 @@ static int vxlan_dev_configure(struct ne
|
|
+ dev->mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
|
|
+
|
|
+ needed_headroom = lowerdev->hard_header_len;
|
|
++ } else {
|
|
++#if IS_ENABLED(CONFIG_IPV6)
|
|
++ if (vxlan->flags & VXLAN_F_IPV6_LINKLOCAL)
|
|
++ return -EINVAL;
|
|
++#endif
|
|
+ }
|
|
+
|
|
+ if (conf->mtu) {
|
|
+--- a/include/net/vxlan.h
|
|
++++ b/include/net/vxlan.h
|
|
+@@ -185,6 +185,7 @@ struct vxlan_dev {
|
|
+ #define VXLAN_F_GBP 0x800
|
|
+ #define VXLAN_F_REMCSUM_NOPARTIAL 0x1000
|
|
+ #define VXLAN_F_COLLECT_METADATA 0x2000
|
|
++#define VXLAN_F_IPV6_LINKLOCAL 0x8000
|
|
+
|
|
+ /* Flags that are used in the receive path. These flags must match in
|
|
+ * order for a socket to be shareable
|
|
diff --git a/target/linux/generic/patches-4.4/075-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch b/target/linux/generic/patches-4.4/075-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..5ebbce6e0682fff11b0d86c8df781a5c2fab5125
|
|
--- /dev/null
|
|
+++ b/target/linux/generic/patches-4.4/075-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
|
|
@@ -0,0 +1,88 @@
|
|
+From e3bdb4bc6c4020e90c1bbafd91645ff3ae8966b9 Mon Sep 17 00:00:00 2001
|
|
+Message-Id: <e3bdb4bc6c4020e90c1bbafd91645ff3ae8966b9.1498005061.git.mschiffer@universe-factory.net>
|
|
+In-Reply-To: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+References: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Date: Mon, 19 Jun 2017 10:03:59 +0200
|
|
+Subject: [PATCH 3/4] vxlan: fix snooping for link-local IPv6 addresses
|
|
+
|
|
+If VXLAN is run over link-local IPv6 addresses, it is necessary to store
|
|
+the ifindex in the FDB entries. Otherwise, the used interface is undefined
|
|
+and unicast communication will most likely fail.
|
|
+
|
|
+Support for link-local IPv4 addresses should be possible as well, but as
|
|
+the semantics aren't as well defined as for IPv6, and there doesn't seem to
|
|
+be much interest in having the support, it's not implemented for now.
|
|
+
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
+[Matthias Schiffer: rebase to v4.4.y]
|
|
+---
|
|
+ drivers/net/vxlan.c | 20 +++++++++++++++-----
|
|
+ 1 file changed, 15 insertions(+), 5 deletions(-)
|
|
+
|
|
+--- a/drivers/net/vxlan.c
|
|
++++ b/drivers/net/vxlan.c
|
|
+@@ -947,16 +947,25 @@ out:
|
|
+ * Return true if packet is bogus and should be dropped.
|
|
+ */
|
|
+ static bool vxlan_snoop(struct net_device *dev,
|
|
+- union vxlan_addr *src_ip, const u8 *src_mac)
|
|
++ union vxlan_addr *src_ip, const u8 *src_mac,
|
|
++ u32 src_ifindex)
|
|
+ {
|
|
+ struct vxlan_dev *vxlan = netdev_priv(dev);
|
|
+ struct vxlan_fdb *f;
|
|
++ u32 ifindex = 0;
|
|
++
|
|
++#if IS_ENABLED(CONFIG_IPV6)
|
|
++ if (src_ip->sa.sa_family == AF_INET6 &&
|
|
++ (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL))
|
|
++ ifindex = src_ifindex;
|
|
++#endif
|
|
+
|
|
+ f = vxlan_find_mac(vxlan, src_mac);
|
|
+ if (likely(f)) {
|
|
+ struct vxlan_rdst *rdst = first_remote_rcu(f);
|
|
+
|
|
+- if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip)))
|
|
++ if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip) &&
|
|
++ rdst->remote_ifindex == ifindex))
|
|
+ return false;
|
|
+
|
|
+ /* Don't migrate static entries, drop packets */
|
|
+@@ -982,7 +991,7 @@ static bool vxlan_snoop(struct net_devic
|
|
+ NLM_F_EXCL|NLM_F_CREATE,
|
|
+ vxlan->cfg.dst_port,
|
|
+ vxlan->default_dst.remote_vni,
|
|
+- 0, NTF_SELF);
|
|
++ ifindex, NTF_SELF);
|
|
+ spin_unlock(&vxlan->hash_lock);
|
|
+ }
|
|
+
|
|
+@@ -1157,6 +1166,7 @@ static void vxlan_rcv(struct vxlan_sock
|
|
+ struct vxlan_dev *vxlan;
|
|
+ struct pcpu_sw_netstats *stats;
|
|
+ union vxlan_addr saddr;
|
|
++ u32 ifindex = skb->dev->ifindex;
|
|
+ int err = 0;
|
|
+
|
|
+ /* For flow based devices, map all packets to VNI 0 */
|
|
+@@ -1196,7 +1206,7 @@ static void vxlan_rcv(struct vxlan_sock
|
|
+ }
|
|
+
|
|
+ if ((vxlan->flags & VXLAN_F_LEARN) &&
|
|
+- vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source))
|
|
++ vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source, ifindex))
|
|
+ goto drop;
|
|
+
|
|
+ skb_reset_network_header(skb);
|
|
+@@ -1898,7 +1908,7 @@ static void vxlan_encap_bypass(struct sk
|
|
+ }
|
|
+
|
|
+ if (dst_vxlan->flags & VXLAN_F_LEARN)
|
|
+- vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source);
|
|
++ vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source, 0);
|
|
+
|
|
+ u64_stats_update_begin(&tx_stats->syncp);
|
|
+ tx_stats->tx_packets++;
|
|
diff --git a/target/linux/generic/patches-4.4/075-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch b/target/linux/generic/patches-4.4/075-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..c184c32385e6c802f1bed7647ce720f0e429f4a5
|
|
--- /dev/null
|
|
+++ b/target/linux/generic/patches-4.4/075-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch
|
|
@@ -0,0 +1,168 @@
|
|
+From 7a1fa05f8d460e2a81cb724f441f7346f950680a Mon Sep 17 00:00:00 2001
|
|
+Message-Id: <7a1fa05f8d460e2a81cb724f441f7346f950680a.1498005061.git.mschiffer@universe-factory.net>
|
|
+In-Reply-To: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+References: <434a1bb54b24b538f81d7945128b7ca25976d19b.1498005061.git.mschiffer@universe-factory.net>
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Date: Mon, 19 Jun 2017 10:04:00 +0200
|
|
+Subject: [PATCH 4/4] vxlan: allow multiple VXLANs with same VNI for IPv6
|
|
+ link-local addresses
|
|
+
|
|
+As link-local addresses are only valid for a single interface, we can allow
|
|
+to use the same VNI for multiple independent VXLANs, as long as the used
|
|
+interfaces are distinct. This way, VXLANs can always be used as a drop-in
|
|
+replacement for VLANs with greater ID space.
|
|
+
|
|
+This also extends VNI lookup to respect the ifindex when link-local IPv6
|
|
+addresses are used, so using the same VNI on multiple interfaces can
|
|
+actually work.
|
|
+
|
|
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
+Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
+[Matthias Schiffer: rebase to v4.4.y]
|
|
+---
|
|
+ drivers/net/vxlan.c | 53 +++++++++++++++++++++++++++++++++++++----------------
|
|
+ 1 file changed, 37 insertions(+), 16 deletions(-)
|
|
+
|
|
+--- a/drivers/net/vxlan.c
|
|
++++ b/drivers/net/vxlan.c
|
|
+@@ -242,22 +242,33 @@ static struct vxlan_sock *vxlan_find_soc
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+-static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, u32 id)
|
|
++static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, int ifindex,
|
|
++ u32 id)
|
|
+ {
|
|
+ struct vxlan_dev *vxlan;
|
|
+
|
|
+ hlist_for_each_entry_rcu(vxlan, vni_head(vs, id), hlist) {
|
|
+- if (vxlan->default_dst.remote_vni == id)
|
|
+- return vxlan;
|
|
++ if (vxlan->default_dst.remote_vni != id)
|
|
++ continue;
|
|
++
|
|
++ if (IS_ENABLED(CONFIG_IPV6)) {
|
|
++ const struct vxlan_config *cfg = &vxlan->cfg;
|
|
++
|
|
++ if ((vxlan->flags & VXLAN_F_IPV6_LINKLOCAL) &&
|
|
++ cfg->remote_ifindex != ifindex)
|
|
++ continue;
|
|
++ }
|
|
++
|
|
++ return vxlan;
|
|
+ }
|
|
+
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ /* Look up VNI in a per net namespace table */
|
|
+-static struct vxlan_dev *vxlan_find_vni(struct net *net, u32 id,
|
|
+- sa_family_t family, __be16 port,
|
|
+- u32 flags)
|
|
++static struct vxlan_dev *vxlan_find_vni(struct net *net, int ifindex,
|
|
++ u32 id, sa_family_t family,
|
|
++ __be16 port, u32 flags)
|
|
+ {
|
|
+ struct vxlan_sock *vs;
|
|
+
|
|
+@@ -265,7 +276,7 @@ static struct vxlan_dev *vxlan_find_vni(
|
|
+ if (!vs)
|
|
+ return NULL;
|
|
+
|
|
+- return vxlan_vs_find_vni(vs, id);
|
|
++ return vxlan_vs_find_vni(vs, ifindex, id);
|
|
+ }
|
|
+
|
|
+ /* Fill in neighbour message in skbuff. */
|
|
+@@ -1174,7 +1185,7 @@ static void vxlan_rcv(struct vxlan_sock
|
|
+ vni = 0;
|
|
+
|
|
+ /* Is this VNI defined? */
|
|
+- vxlan = vxlan_vs_find_vni(vs, vni);
|
|
++ vxlan = vxlan_vs_find_vni(vs, skb->dev->ifindex, vni);
|
|
+ if (!vxlan)
|
|
+ goto drop;
|
|
+
|
|
+@@ -1942,6 +1953,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ u32 vni;
|
|
+ __be16 df = 0;
|
|
+ __u8 tos, ttl;
|
|
++ int ifindex;
|
|
+ int err;
|
|
+ u32 flags = vxlan->flags;
|
|
+
|
|
+@@ -1950,6 +1962,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ if (rdst) {
|
|
+ dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
|
|
+ vni = rdst->remote_vni;
|
|
++ ifindex = rdst->remote_ifindex;
|
|
+ dst = &rdst->remote_ip;
|
|
+ } else {
|
|
+ if (!info) {
|
|
+@@ -1959,6 +1972,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ }
|
|
+ dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
|
|
+ vni = be64_to_cpu(info->key.tun_id);
|
|
++ ifindex = 0;
|
|
+ remote_ip.sa.sa_family = ip_tunnel_info_af(info);
|
|
+ if (remote_ip.sa.sa_family == AF_INET)
|
|
+ remote_ip.sin.sin_addr.s_addr = info->key.u.ipv4.dst;
|
|
+@@ -2015,7 +2029,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ }
|
|
+
|
|
+ memset(&fl4, 0, sizeof(fl4));
|
|
+- fl4.flowi4_oif = rdst ? rdst->remote_ifindex : 0;
|
|
++ fl4.flowi4_oif = ifindex;
|
|
+ fl4.flowi4_tos = RT_TOS(tos);
|
|
+ fl4.flowi4_mark = skb->mark;
|
|
+ fl4.flowi4_proto = IPPROTO_UDP;
|
|
+@@ -2043,7 +2057,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ struct vxlan_dev *dst_vxlan;
|
|
+
|
|
+ ip_rt_put(rt);
|
|
+- dst_vxlan = vxlan_find_vni(vxlan->net, vni,
|
|
++ dst_vxlan = vxlan_find_vni(vxlan->net, ifindex, vni,
|
|
+ dst->sa.sa_family, dst_port,
|
|
+ vxlan->flags);
|
|
+ if (!dst_vxlan)
|
|
+@@ -2076,8 +2090,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ goto drop;
|
|
+ sk = vxlan->vn6_sock->sock->sk;
|
|
+
|
|
+- ndst = vxlan6_get_route(vxlan, skb,
|
|
+- rdst ? rdst->remote_ifindex : 0,
|
|
++ ndst = vxlan6_get_route(vxlan, skb, ifindex,
|
|
+ &dst->sin6.sin6_addr, &saddr);
|
|
+ if (IS_ERR(ndst)) {
|
|
+ netdev_dbg(dev, "no route to %pI6\n",
|
|
+@@ -2101,7 +2114,7 @@ static void vxlan_xmit_one(struct sk_buf
|
|
+ struct vxlan_dev *dst_vxlan;
|
|
+
|
|
+ dst_release(ndst);
|
|
+- dst_vxlan = vxlan_find_vni(vxlan->net, vni,
|
|
++ dst_vxlan = vxlan_find_vni(vxlan->net, ifindex, vni,
|
|
+ dst->sa.sa_family, dst_port,
|
|
+ vxlan->flags);
|
|
+ if (!dst_vxlan)
|
|
+@@ -2889,10 +2902,18 @@ static int vxlan_dev_configure(struct ne
|
|
+ vxlan->cfg.age_interval = FDB_AGE_DEFAULT;
|
|
+
|
|
+ list_for_each_entry(tmp, &vn->vxlan_list, next) {
|
|
+- if (tmp->cfg.vni == conf->vni &&
|
|
+- tmp->cfg.dst_port == vxlan->cfg.dst_port &&
|
|
+- (tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) ==
|
|
++ if (tmp->cfg.vni != conf->vni)
|
|
++ continue;
|
|
++ if (tmp->cfg.dst_port != vxlan->cfg.dst_port)
|
|
++ continue;
|
|
++ if ((tmp->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) !=
|
|
+ (vxlan->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)))
|
|
++ continue;
|
|
++
|
|
++ if ((vxlan->flags & VXLAN_F_IPV6_LINKLOCAL) &&
|
|
++ tmp->cfg.remote_ifindex != vxlan->cfg.remote_ifindex)
|
|
++ continue;
|
|
++
|
|
+ return -EEXIST;
|
|
+ }
|
|
+
|