From patchwork Sat Aug 1 03:39:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [RFC] vxlan: netifd and vxlan package patches From: Johannes Kimmel X-Patchwork-Id: 1412 Message-Id: <20200801033902.30245-1-fff@bareminimum.eu> To: franken-dev@freifunk.net Date: Sat, 1 Aug 2020 05:39:02 +0200 netifd: - add srcportmin option - add srcportmax option (port exclusive) - add most missing boolean options vxlan: - wire up the new vxlan options support - srcport option srcport "1337 31337" # for range, max is exclusive option srcport "1337" # for single srcport srcport string is split before sending over to netifd to make processing more robust on the netifd side. - learning - rsc - proxy - l2miss - l3miss - gbp see ip-link(3) Signed-off-by: Johannes Kimmel --- .../openwrt/0015-netifd-vxlan-patches.patch | 281 ++++++++++++++++++ .../0016-vxlan-wire-up-more-options.patch | 69 +++++ 2 files changed, 350 insertions(+) create mode 100644 build_patches/openwrt/0015-netifd-vxlan-patches.patch create mode 100644 build_patches/openwrt/0016-vxlan-wire-up-more-options.patch diff --git a/build_patches/openwrt/0015-netifd-vxlan-patches.patch b/build_patches/openwrt/0015-netifd-vxlan-patches.patch new file mode 100644 index 0000000..9861a40 --- /dev/null +++ b/build_patches/openwrt/0015-netifd-vxlan-patches.patch @@ -0,0 +1,281 @@ +From a86c039c41e8dab1015766c677208181f5afbf4f Mon Sep 17 00:00:00 2001 +From: Johannes Kimmel +Date: Sat, 1 Aug 2020 04:23:41 +0200 +Subject: [PATCH 15/16] netifd: vxlan patches + +8fe4321 netifd: vxlan: add most missing boolean options +9b258d8 netifd: vxlan: refactor mapping of boolean attrs +84e8570 netifd: vxlan: handle srcport range + +Signed-off-by: Johannes Kimmel +--- + ...01-netifd-vxlan-handle-srcport-range.patch | 98 +++++++++++++++++++ + ...an-refactor-mapping-of-boolean-attrs.patch | 59 +++++++++++ + ...lan-add-most-missing-boolean-options.patch | 84 ++++++++++++++++ + 3 files changed, 241 insertions(+) + create mode 100644 package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch + create mode 100644 package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch + create mode 100644 package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch + +diff --git a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch +new file mode 100644 +index 0000000000..46cf1ef893 +--- /dev/null ++++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch +@@ -0,0 +1,98 @@ ++From 84e857013a2880362d16aa7890cd62981c152ddb Mon Sep 17 00:00:00 2001 ++From: Johannes Kimmel ++Date: Sat, 1 Aug 2020 03:38:27 +0200 ++Subject: [PATCH 1/3] netifd: vxlan: handle srcport range ++ ++This adds adds the ability to set the source port range for vxlan ++interfaces. ++ ++By default vxlans will use a random port within the ephermal range as ++source ports for packets. This is done to aid scaleability within a ++datacenter. ++ ++But with these defaults it's impossible to punch through NATs or ++traverese most stateful firewalls easily. One solution is to fix the ++srcport to the same as dstport. ++ ++If only srcportmin is specified, then srcportmax is set in a way that ++outgoing packets will only use srcportmin. ++ ++If a range is to be specified, srcportmin and srcportmax have to be ++specified. srcportmax is exclusive. ++ ++If only srcportmax is specified, the value is ignored and defaults are ++used. ++ ++Signed-off-by: Johannes Kimmel ++--- ++ system-linux.c | 26 ++++++++++++++++++++++++++ ++ system.c | 2 ++ ++ system.h | 2 ++ ++ 3 files changed, 30 insertions(+) ++ ++diff --git a/system-linux.c b/system-linux.c ++index c5583e0..5ff8749 100644 ++--- a/system-linux.c +++++ b/system-linux.c ++@@ -3184,6 +3184,32 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl ++ } ++ nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port)); ++ +++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) { +++ struct ifla_vxlan_port_range srcports = {0,0}; +++ +++ uint32_t low = blobmsg_get_u32(cur); +++ if (low < 1 || low > 65535 - 1) { +++ ret = -EINVAL; +++ goto failure; +++ } +++ +++ srcports.low = htons((uint16_t) low); +++ srcports.high = htons((uint16_t) (low+1)); +++ +++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) { +++ uint32_t high = blobmsg_get_u32(cur); +++ if (high < 1 || high > 65535) { +++ ret = -EINVAL; +++ goto failure; +++ } +++ if (high > low) { +++ srcports.high = htons((uint16_t) high); +++ } +++ } +++ +++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports); +++ } +++ ++ if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) { ++ bool rxcsum = blobmsg_get_bool(cur); ++ nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum); ++diff --git a/system.c b/system.c ++index bbdfef7..4133e55 100644 ++--- a/system.c +++++ b/system.c ++@@ -38,6 +38,8 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = { ++ [VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type = BLOBMSG_TYPE_STRING }, ++ [VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type = BLOBMSG_TYPE_BOOL }, ++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 }, +++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 }, ++ }; ++ ++ const struct uci_blob_param_list vxlan_data_attr_list = { ++diff --git a/system.h b/system.h ++index 015987f..bf9e1d7 100644 ++--- a/system.h +++++ b/system.h ++@@ -44,6 +44,8 @@ enum vxlan_data { ++ VXLAN_DATA_ATTR_MACADDR, ++ VXLAN_DATA_ATTR_RXCSUM, ++ VXLAN_DATA_ATTR_TXCSUM, +++ VXLAN_DATA_ATTR_SRCPORTMIN, +++ VXLAN_DATA_ATTR_SRCPORTMAX, ++ __VXLAN_DATA_ATTR_MAX ++ }; ++ ++-- ++2.28.0 ++ +diff --git a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch +new file mode 100644 +index 0000000000..a868ad64f8 +--- /dev/null ++++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch +@@ -0,0 +1,59 @@ ++From 9b258d8c7f5140fa3e19d3e5c19b9cef84ff80f7 Mon Sep 17 00:00:00 2001 ++From: Johannes Kimmel ++Date: Sat, 1 Aug 2020 03:59:55 +0200 ++Subject: [PATCH 2/3] netifd: vxlan: refactor mapping of boolean attrs ++ ++Add a small function to handle boolean options and make use of it to handle: ++ - rxcsum ++ - txcsum ++ ++Signed-off-by: Johannes Kimmel ++--- ++ system-linux.c | 24 ++++++++++++++---------- ++ 1 file changed, 14 insertions(+), 10 deletions(-) ++ ++diff --git a/system-linux.c b/system-linux.c ++index 5ff8749..82b65e3 100644 ++--- a/system-linux.c +++++ b/system-linux.c ++@@ -3073,6 +3073,17 @@ failure: ++ #endif ++ ++ #ifdef IFLA_VXLAN_MAX +++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) { +++ struct blob_attr *cur; +++ if ((cur = tb_data[vxlandatatype])) { +++ bool val = blobmsg_get_bool(cur); +++ if (invert) { +++ val = !val; +++ } +++ nla_put_u8(msg, attrtype, val); +++ } +++} +++ ++ static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6) ++ { ++ struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX]; ++@@ -3210,16 +3221,9 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl ++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports); ++ } ++ ++- if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) { ++- bool rxcsum = blobmsg_get_bool(cur); ++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum); ++- } ++- ++- if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) { ++- bool txcsum = blobmsg_get_bool(cur); ++- nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum); ++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, !txcsum); ++- } +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true); ++ ++ if ((cur = tb[TUNNEL_ATTR_TOS])) { ++ char *str = blobmsg_get_string(cur); ++-- ++2.28.0 ++ +diff --git a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch +new file mode 100644 +index 0000000000..228c0cd37f +--- /dev/null ++++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch +@@ -0,0 +1,84 @@ ++From 8fe4321a8d7ec7b28b7011f67c88a07584160a47 Mon Sep 17 00:00:00 2001 ++From: Johannes Kimmel ++Date: Sat, 1 Aug 2020 04:05:31 +0200 ++Subject: [PATCH 3/3] netifd: vxlan: add most missing boolean options ++ ++adds the folloing missing options: ++ - learning ++ - rsc ++ - proxy ++ - l2miss ++ - l3miss ++ - gbp ++ ++See ip-link(3) for their meaning. ++ ++still missing: ++ - external ++ - gpe ++ ++I'm not sure how to handle them at the moment. It's unclear to me what ++IFLA_VXLAN_* value corresponds to the 'external' option and according to ++the manpage, gpe depends on it. ++ ++Signed-off-by: Johannes Kimmel ++--- ++ system-linux.c | 6 ++++++ ++ system.c | 6 ++++++ ++ system.h | 6 ++++++ ++ 3 files changed, 18 insertions(+) ++ ++diff --git a/system-linux.c b/system-linux.c ++index 82b65e3..d129fef 100644 ++--- a/system-linux.c +++++ b/system-linux.c ++@@ -3224,6 +3224,12 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl ++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true); ++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false); ++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false); +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false); ++ ++ if ((cur = tb[TUNNEL_ATTR_TOS])) { ++ char *str = blobmsg_get_string(cur); ++diff --git a/system.c b/system.c ++index 4133e55..95721e1 100644 ++--- a/system.c +++++ b/system.c ++@@ -40,6 +40,12 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = { ++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL }, ++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 }, ++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 }, +++ [VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL }, +++ [VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL }, ++ }; ++ ++ const struct uci_blob_param_list vxlan_data_attr_list = { ++diff --git a/system.h b/system.h ++index bf9e1d7..290c2e5 100644 ++--- a/system.h +++++ b/system.h ++@@ -46,6 +46,12 @@ enum vxlan_data { ++ VXLAN_DATA_ATTR_TXCSUM, ++ VXLAN_DATA_ATTR_SRCPORTMIN, ++ VXLAN_DATA_ATTR_SRCPORTMAX, +++ VXLAN_DATA_ATTR_LEARNING, +++ VXLAN_DATA_ATTR_RSC, +++ VXLAN_DATA_ATTR_PROXY, +++ VXLAN_DATA_ATTR_L2MISS, +++ VXLAN_DATA_ATTR_L3MISS, +++ VXLAN_DATA_ATTR_GBP, ++ __VXLAN_DATA_ATTR_MAX ++ }; ++ ++-- ++2.28.0 ++ +-- +2.28.0 + diff --git a/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch new file mode 100644 index 0000000..97d3422 --- /dev/null +++ b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch @@ -0,0 +1,69 @@ +From a013910a253fdbaf3eccd546eb93dc10e2291689 Mon Sep 17 00:00:00 2001 +From: Johannes Kimmel +Date: Sat, 1 Aug 2020 04:33:11 +0200 +Subject: [PATCH 16/16] vxlan: wire-up more options + +Signed-off-by: Johannes Kimmel +--- + package/network/config/vxlan/files/vxlan.sh | 22 +++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh +index d063c47d47..b1d106c47d 100755 +--- a/package/network/config/vxlan/files/vxlan.sh ++++ b/package/network/config/vxlan/files/vxlan.sh +@@ -59,8 +59,11 @@ vxlan_generic_setup() { + + local link="$cfg" + +- local port vid ttl tos mtu macaddr zone rxcsum txcsum +- json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum ++ local port srcport srcportmin srcportmax vid ttl tos mtu macaddr zone rxcsum txcsum learning rsc proxy l2miss l3miss gbp ++ json_get_vars port srcport vid ttl tos mtu macaddr zone rxcsum txcsum learning rsc proxy l2miss l3miss gbp ++ ++ srcportmin=$(echo $srcport | cut -d' ' -f1) ++ srcportmax=$(echo $srcport | cut -d' ' -f2) + + proto_init_update "$link" 1 + +@@ -77,10 +80,18 @@ vxlan_generic_setup() { + + json_add_object 'data' + [ -n "$port" ] && json_add_int port "$port" ++ [ -n "$srcportmin" ] && json_add_int srcportmin "$srcportmin" ++ [ -n "$srcportmax" ] && json_add_int srcportmax "$srcportmax" + [ -n "$vid" ] && json_add_int id "$vid" + [ -n "$macaddr" ] && json_add_string macaddr "$macaddr" + [ -n "$rxcsum" ] && json_add_boolean rxcsum "$rxcsum" + [ -n "$txcsum" ] && json_add_boolean txcsum "$txcsum" ++ [ -n "$learning" ] && json_add_boolean learning "$learning" ++ [ -n "$rsc" ] && json_add_boolean rsc "$rsc" ++ [ -n "$proxy" ] && json_add_boolean proxy "$proxy" ++ [ -n "$l2miss" ] && json_add_boolean l2miss "$l2miss" ++ [ -n "$l3miss" ] && json_add_boolean l3miss "$l3miss" ++ [ -n "$gbp" ] && json_add_boolean gbp "$gbp" + json_close_object + + proto_close_tunnel +@@ -160,11 +171,18 @@ vxlan_generic_init_config() { + + proto_config_add_int "vid" + proto_config_add_int "port" ++ proto_config_add_string "srcport" + proto_config_add_int "ttl" + proto_config_add_int "tos" + proto_config_add_int "mtu" + proto_config_add_boolean "rxcsum" + proto_config_add_boolean "txcsum" ++ proto_config_add_boolean "learning" ++ proto_config_add_boolean "rsc" ++ proto_config_add_boolean "proxy" ++ proto_config_add_boolean "l2miss" ++ proto_config_add_boolean "l3miss" ++ proto_config_add_boolean "gbp" + proto_config_add_string "macaddr" + } + +-- +2.28.0 +