From patchwork Thu Aug 24 12:53:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jo-Philipp Wich X-Patchwork-Id: 1825383 X-Patchwork-Delegate: jow@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=p2uwmdUn; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RWjmh0Fj9z1yZs for ; Thu, 24 Aug 2023 22:57:53 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=PebC9RBd7sFWZntx2GbI3SFOvdzjUnlnGUP317hOUWo=; b=p2uwmdUns2Ey0f uPioaj/0/i6Kv6dvRy0bY1t0zfXzP/OeQsKmnpx0CL/DnwTGpU9hlij1q9ukRcwqeaDCooZcOEbb+ TSGcIlrOzTcodcZkt9WOO9WGMTXlvfE6kujkxfP7Uk8GPSXTBiFRC776ay98FmK5i9djswvPrQShD nAbP2z4S8YCxxu9en3seIxi7qJ9ZrzHCBPuK3+dWF51S6zbXEVf2hWmLsC8z+IPFsQhd/ikeBLFhh OqT6dwO0SCmGht22m5wrl4MUpQiax9Zp/wR1/qwQXVgM6ul0sbcvFrAjG95sjM5u27N3bIK3yTmz7 g2WnRQrijyTPhVpOnWWA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qZ9qm-0035xw-2k; Thu, 24 Aug 2023 12:54:13 +0000 Received: from mxout01.bytecamp.net ([212.204.60.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qZ9qi-0035wu-0N for openwrt-devel@lists.openwrt.org; Thu, 24 Aug 2023 12:54:10 +0000 Received: by mxout01.bytecamp.net (Postfix, from userid 1001) id 0DCAA542D4; Thu, 24 Aug 2023 14:54:02 +0200 (CEST) Received: from mail.bytecamp.net (mail.bytecamp.net [212.204.60.9]) by mxout01.bytecamp.net (Postfix) with ESMTP id C781F542D0 for ; Thu, 24 Aug 2023 14:54:01 +0200 (CEST) Received: (qmail 72232 invoked from network); 24 Aug 2023 14:54:01 +0200 Received: from unknown (HELO j7.lan) (jo%wwsnet.net@91.67.227.44) by mail.bytecamp.net with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 24 Aug 2023 14:54:01 +0200 From: Jo-Philipp Wich To: openwrt-devel@lists.openwrt.org Cc: Jo-Philipp Wich Subject: [RFC netifd 1/2] interface-ip: mask out host bits in IPv4 route targets Date: Thu, 24 Aug 2023 14:53:54 +0200 Message-Id: <20230824125355.2762457-1-jo@mein.io> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230824_055408_328005_C6CE5184 X-CRM114-Status: UNSURE ( 8.73 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.7 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The kernel will reject attempts to install routes with target addresses having host bits set with an "Invalid prefix for given prefix length" error. A route configuration like the one below will silently fail to apply: Content analysis details: (-0.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.204.60.217 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The kernel will reject attempts to install routes with target addresses having host bits set with an "Invalid prefix for given prefix length" error. A route configuration like the one below will silently fail to apply: config route option interface lan option target 10.40.40.1/24 Attempting to do the same with iproute2 will fail as well: # ip route add 10.40.40.1/24 dev br-lan Error: Invalid prefix for given prefix length. However, for IPv6 route targets with set host bits are allowed: # ip -6 route add 3000::1/64 via fe80::1234:5678:9abcd:ef01 dev br-lan # ip -6 route list 3000::1/64 3000::/64 via fe80::1234:5678:9abc:def1 dev br-lan metric 1024 pref medium In order to stay consistent here, and to avoid unecessary configuration pitfalls, make netifd more lenient and simply mask out excess host bits while parsing IPv4 route configuration. Signed-off-by: Jo-Philipp Wich --- interface-ip.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/interface-ip.c b/interface-ip.c index a06a514..fee29a9 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -441,6 +441,10 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) DPRINTF("Failed to parse route target: %s\n", (char *) blobmsg_data(cur)); goto error; } + + /* Mask out IPv4 host bits to avoid "Invalid prefix for given prefix length" */ + if (af == AF_INET && route->mask < 32) + route->addr.in.s_addr &= ((1u << route->mask) - 1); } if ((cur = tb[ROUTE_GATEWAY]) != NULL) { From patchwork Thu Aug 24 12:53:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jo-Philipp Wich X-Patchwork-Id: 1825384 X-Patchwork-Delegate: jow@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=2egDTK81; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RWjmh0q8Rz1ygJ for ; Thu, 24 Aug 2023 22:57:54 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=99OQj4VuPGDuWRL0DC/jAP7fLF+j5PjsQtTHTwjEiSM=; b=2egDTK81NkfA4m MnE82+tOtcLJasFP6zAkJVxGJ7kl5pUOYECjlwo6QssJUDYGW9/Tb9m7IEwff8aF1AKXshWr3JNE+ 53mKI1Xty77g4Fo0hBk2xl52Z3YFD3AQytLEk+Fd7fIS/pHPV8edWU7Pj5AV+qu1vjLSFuIH8f8EE QLLdcDTfFV9caqDi1S53q730Cu4k1Tz94CY+ewQFZLmu4V+cuK3bhSJW3rGJQwNUlM2TzFuC1nSLJ Eba7HfMlWynio1FHMYQjhSEDRZiWoCsBX3o4ImZRbBFvEXGF8qDISQ/JdYqBrknihIrEb9yEuyQm3 wBa9IQ7cnl9/xTfd1MyA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qZ9qo-0035y8-0x; Thu, 24 Aug 2023 12:54:14 +0000 Received: from mxout01.bytecamp.net ([212.204.60.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qZ9qi-0035wt-0f for openwrt-devel@lists.openwrt.org; Thu, 24 Aug 2023 12:54:11 +0000 Received: by mxout01.bytecamp.net (Postfix, from userid 1001) id 04858542D2; Thu, 24 Aug 2023 14:54:02 +0200 (CEST) Received: from mail.bytecamp.net (mail.bytecamp.net [212.204.60.9]) by mxout01.bytecamp.net (Postfix) with ESMTP id BC141542CF for ; Thu, 24 Aug 2023 14:54:01 +0200 (CEST) Received: (qmail 72240 invoked from network); 24 Aug 2023 14:54:01 +0200 Received: from unknown (HELO j7.lan) (jo%wwsnet.net@91.67.227.44) by mail.bytecamp.net with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 24 Aug 2023 14:54:01 +0200 From: Jo-Philipp Wich To: openwrt-devel@lists.openwrt.org Cc: Jo-Philipp Wich Subject: [RFC netifd 2/2] interface-ip: allow configuring routes without explicit interface Date: Thu, 24 Aug 2023 14:53:55 +0200 Message-Id: <20230824125355.2762457-2-jo@mein.io> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230824125355.2762457-1-jo@mein.io> References: <20230824125355.2762457-1-jo@mein.io> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230824_055408_420522_ECEFA9AB X-CRM114-Status: GOOD ( 15.11 ) X-Spam-Score: -0.7 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Support the configuration of network routes not bound to any specific interface. In case such a route is configured, it will be internally owned by the loopback interface and have a new DEVROUTE_NODEV [...] Content analysis details: (-0.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [212.204.60.217 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Support the configuration of network routes not bound to any specific interface. In case such a route is configured, it will be internally owned by the loopback interface and have a new DEVROUTE_NODEV flag set to inhibit the RTA_OIF attribute when installing the kernel route. Signed-off-by: Jo-Philipp Wich --- interface-ip.c | 16 ++++++++++++---- interface-ip.h | 3 +++ system-linux.c | 3 +++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/interface-ip.c b/interface-ip.c index fee29a9..d2fe385 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -405,6 +405,7 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) struct blob_attr *tb[__ROUTE_MAX], *cur; struct device_route *route; int af = v6 ? AF_INET6 : AF_INET; + bool no_device = false; blobmsg_parse(route_attr, __ROUTE_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr)); @@ -412,10 +413,13 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) return; if (!iface) { - if ((cur = tb[ROUTE_INTERFACE]) == NULL) - return; + if ((cur = tb[ROUTE_INTERFACE]) == NULL) { + iface = vlist_find(&interfaces, "loopback", iface, node); + no_device = true; + } else { + iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node); + } - iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node); if (!iface) return; @@ -520,7 +524,11 @@ interface_ip_add_route(struct interface *iface, struct blob_attr *attr, bool v6) route->flags |= DEVROUTE_PROTO; } - interface_set_route_info(iface, route); + if (no_device) + route->flags |= DEVROUTE_NODEV; + else + interface_set_route_info(iface, route); + vlist_add(&ip->route, &route->node, route); return; diff --git a/interface-ip.h b/interface-ip.h index 8843349..cc7efbd 100644 --- a/interface-ip.h +++ b/interface-ip.h @@ -51,6 +51,9 @@ enum device_addr_flags { /* neighbor mac address */ DEVNEIGH_MAC = (1 << 11), + + /* route specifies no device */ + DEVROUTE_NODEV = (1 << 12), }; union if_addr { diff --git a/system-linux.c b/system-linux.c index 0760e73..a8add1e 100644 --- a/system-linux.c +++ b/system-linux.c @@ -2789,6 +2789,9 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd) } } + if (route->flags & DEVROUTE_NODEV) + dev = NULL; + msg = nlmsg_alloc_simple(cmd, flags); if (!msg) return -1;