From patchwork Fri Dec 8 09:33:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pierre Pfister (ppfister)" X-Patchwork-Id: 846104 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TZK0wEH/"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="k+x/ivQy"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ytSHp149Sz9s82 for ; Fri, 8 Dec 2017 20:49:42 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=h7T40vcdHg1C53lMtxLSivKbRyi/oLckHqx5MeyMRko=; b=TZK0wEH/nvNMdo odo4ezaMLX/Bd8QntHjNlSxp68s4mhLiP0KYJ2hT1bnM83gjlxvT1BmS+RKvz61WpfT2FYjqWh4Al 2f5ZM74jtxI5hCD7lPdo2t6jsJKcE0py3KPqGrVQxt6ruwVM1olNdR+u4luA7R3TqOM3+gbj+Ghbr 4hRgzhrKBEb7dRXcYlpg+YfG5uwhOvmnqbZCQsaUolZMlDO+yDpRJSdt/gZSKvkzcu4JGKlxDr95S 3L8HgDBf+ddgboZVJ1uF7LosgdBuMK2noEDdhfRXTzHze7qrJWN083w59YormsaeXvU33rVHUmgGR MMLtxmoxz5gW3HykWrHw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eNFHb-0000mn-Hv; Fri, 08 Dec 2017 09:49:27 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1eNFFe-0006rk-MP for lede-dev@bombadil.infradead.org; Fri, 08 Dec 2017 09:47:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7P9RCSmosW1mokGfC3jIspOiM4f5n9lfsFevETdMtw4=; b=k+x/ivQyYSCvfTj9PTCkJROiK xaoaNT8WSCgkNpTSQ7EQ20eI+syusxoIU3EH7yJaElkDJkXcmIFwrVO2mb0/svprox0ChgA6sDYEe nBLzTYLnl1vffMPXU9fLYPX/nN/X/VWZmpyRakZgKxpWZbNzZLlsuwp031vJZzW3xtQZPSb0vCHm7 WNkCPZKWbqgNhHff2Y0XM6mNUgr41DWqEoBWV3bwNP1CppmoRt8Ruqqx771F1oigllUlzIdEBo6tO Vvf0OFRO1yph+3qtIZ8M336wLfphE3oSJax/Z7EaDKKvhkOCCpjQy4rzA7z8P6aoggnKkPkPT+Zqf SAuNXW2SQ==; Received: from mx1.polytechnique.org ([129.104.30.34]) by casper.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1eNF3T-0007XB-Hl for lede-dev@lists.infradead.org; Fri, 08 Dec 2017 09:34:54 +0000 Received: from PPFISTER-M-HB03.cisco.com (unknown [173.38.220.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 3099C5649CA; Fri, 8 Dec 2017 10:34:24 +0100 (CET) From: ppfister@cisco.com To: lede-dev@lists.infradead.org Date: Fri, 8 Dec 2017 10:33:45 +0100 Message-Id: <20171208093345.81372-1-ppfister@cisco.com> X-Mailer: git-send-email 2.13.6 (Apple Git-96) X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Fri Dec 8 10:34:24 2017 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=998385649CB X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171208_093451_651370_49204684 X-CRM114-Status: GOOD ( 16.47 ) X-Spam-Score: -4.0 (----) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (-4.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [129.104.30.34 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [129.104.30.34 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Subject: [LEDE-DEV] [PATCH odhcpd] Support muliple RAs on single interface X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pierre Pfister MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Pierre Pfister IETF is moving toward implementing IPv6 multihoming by sending multiple RAs on a single interface: - draft-ietf-intarea-provisioning-domains-00 - draft-ietf-rtgwg-enterprise-pa-multihoming-02 odhcpd supports configuration of multiple software interfaces on the same physical interface, which already advertises multiple RAs, but had two issues: - Each RA includes all the prefixes available on the interface. - Replies to sollicits with a single RA. This patch introduces the prefix_filter configuration parameter which allows filtering prefixes that are sent in a given RA, and fixes the sollicit code in order to reply with all the RAs that are configured on a given interface. Signed-off-by: Pierre Pfister --- src/config.c | 19 +++++++++++++++++++ src/odhcpd.c | 28 +++++++++++++++++++--------- src/odhcpd.h | 2 ++ src/router.c | 5 +++++ 4 files changed, 45 insertions(+), 9 deletions(-) diff --git a/src/config.c b/src/config.c index bb885d0..409b3b8 100644 --- a/src/config.c +++ b/src/config.c @@ -62,6 +62,7 @@ enum { IFACE_ATTR_PD_CER, IFACE_ATTR_NDPROXY_ROUTING, IFACE_ATTR_NDPROXY_SLAVE, + IFACE_ATTR_PREFIX_FILTER, IFACE_ATTR_MAX }; @@ -104,6 +105,7 @@ static const struct blobmsg_policy iface_attrs[IFACE_ATTR_MAX] = { [IFACE_ATTR_RA_MTU] = { .name = "ra_mtu", .type = BLOBMSG_TYPE_INT32 }, [IFACE_ATTR_NDPROXY_ROUTING] = { .name = "ndproxy_routing", .type = BLOBMSG_TYPE_BOOL }, [IFACE_ATTR_NDPROXY_SLAVE] = { .name = "ndproxy_slave", .type = BLOBMSG_TYPE_BOOL }, + [IFACE_ATTR_PREFIX_FILTER] = { .name = "prefix_filter", .type = BLOBMSG_TYPE_STRING }, }; static const struct uci_blob_param_info iface_attr_info[IFACE_ATTR_MAX] = { @@ -720,6 +722,23 @@ int config_parse_interface(void *data, size_t len, const char *name, bool overwr if ((c = tb[IFACE_ATTR_NDPROXY_SLAVE])) iface->external = blobmsg_get_bool(c); + if ((c = tb[IFACE_ATTR_PREFIX_FILTER])) { + const char *str = blobmsg_get_string(c); + char *astr = malloc(strlen(str) + 1); + char *delim; + int l; + if (!astr || !strcpy(astr, str) || + (delim = strchr(astr, '/')) == NULL || (*(delim++) = 0) || + sscanf(delim, "%i", &l) == 0 || l > 128 || + inet_pton(AF_INET6, astr, &iface->pio_filter_addr) == 0) { + iface->pio_filter_length = 0; + } else { + iface->pio_filter_length = l; + } + if (astr) + free(astr); + } + return 0; err: diff --git a/src/odhcpd.c b/src/odhcpd.c index 97a6de9..58c4338 100644 --- a/src/odhcpd.c +++ b/src/odhcpd.c @@ -371,12 +371,6 @@ static void odhcpd_receive_packets(struct uloop_fd *u, _unused unsigned int even if (addr.ll.sll_family == AF_PACKET) destiface = addr.ll.sll_ifindex; - struct interface *iface = - odhcpd_get_interface_by_index(destiface); - - if (!iface && addr.nl.nl_family != AF_NETLINK) - continue; - char ipbuf[INET6_ADDRSTRLEN] = "kernel"; if (addr.ll.sll_family == AF_PACKET && len >= (ssize_t)sizeof(struct ip6_hdr)) @@ -386,10 +380,26 @@ static void odhcpd_receive_packets(struct uloop_fd *u, _unused unsigned int even else if (addr.in.sin_family == AF_INET) inet_ntop(AF_INET, &addr.in.sin_addr, ipbuf, sizeof(ipbuf)); - syslog(LOG_DEBUG, "Received %li Bytes from %s%%%s", (long)len, - ipbuf, (iface) ? iface->ifname : "netlink"); + // From netlink + if (addr.nl.nl_family == AF_NETLINK) { + syslog(LOG_DEBUG, "Received %li Bytes from %s%%%s", (long)len, + ipbuf, "netlink"); + e->handle_dgram(&addr, data_buf, len, NULL, dest); + return; + } else if (destiface != 0) { + struct interface *iface; + list_for_each_entry(iface, &interfaces, head) { + if (iface->ifindex != destiface) + continue; + + syslog(LOG_DEBUG, "Received %li Bytes from %s%%%s", (long)len, + ipbuf, iface->ifname); + + e->handle_dgram(&addr, data_buf, len, iface, dest); + } + } + - e->handle_dgram(&addr, data_buf, len, iface, dest); } } diff --git a/src/odhcpd.h b/src/odhcpd.h index fbfeb67..48ee51e 100644 --- a/src/odhcpd.h +++ b/src/odhcpd.h @@ -208,6 +208,8 @@ struct interface { bool ra_advrouter; bool ra_useleasetime; bool no_dynamic_dhcp; + uint8_t pio_filter_length; + struct in6_addr pio_filter_addr; // RA int learn_routes; diff --git a/src/router.c b/src/router.c index c35cd12..7bc94ed 100644 --- a/src/router.c +++ b/src/router.c @@ -380,6 +380,11 @@ static uint64_t send_router_advert(struct interface *iface, const struct in6_add continue; } + if (odhcpd_bmemcmp(&addr->addr, &iface->pio_filter_addr, + iface->pio_filter_length) != 0 || + addr->prefix < iface->pio_filter_length) + continue; // PIO filtered out of this RA + struct nd_opt_prefix_info *p = NULL; for (size_t i = 0; i < pfxs_cnt; ++i) { if (addr->prefix == pfxs[i].nd_opt_pi_prefix_len &&