[RFC PATCH] vxlan: netifd and vxlan package patches
Johannes Kimmel
fff at bareminimum.eu
Sa Aug 1 05:39:02 CEST 2020
netifd:
- add srcportmin option
- add srcportmax option (port exclusive)
- add most missing boolean options
vxlan:
- wire up the new vxlan options support
- srcport
option srcport "1337 31337" # for range, max is exclusive
option srcport "1337" # for single srcport
srcport string is split before sending over to netifd to make
processing more robust on the netifd side.
- learning
- rsc
- proxy
- l2miss
- l3miss
- gbp
see ip-link(3)
Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
---
.../openwrt/0015-netifd-vxlan-patches.patch | 281 ++++++++++++++++++
.../0016-vxlan-wire-up-more-options.patch | 69 +++++
2 files changed, 350 insertions(+)
create mode 100644 build_patches/openwrt/0015-netifd-vxlan-patches.patch
create mode 100644 build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
diff --git a/build_patches/openwrt/0015-netifd-vxlan-patches.patch b/build_patches/openwrt/0015-netifd-vxlan-patches.patch
new file mode 100644
index 0000000..9861a40
--- /dev/null
+++ b/build_patches/openwrt/0015-netifd-vxlan-patches.patch
@@ -0,0 +1,281 @@
+From a86c039c41e8dab1015766c677208181f5afbf4f Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff at bareminimum.eu>
+Date: Sat, 1 Aug 2020 04:23:41 +0200
+Subject: [PATCH 15/16] netifd: vxlan patches
+
+8fe4321 netifd: vxlan: add most missing boolean options
+9b258d8 netifd: vxlan: refactor mapping of boolean attrs
+84e8570 netifd: vxlan: handle srcport range
+
+Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
+---
+ ...01-netifd-vxlan-handle-srcport-range.patch | 98 +++++++++++++++++++
+ ...an-refactor-mapping-of-boolean-attrs.patch | 59 +++++++++++
+ ...lan-add-most-missing-boolean-options.patch | 84 ++++++++++++++++
+ 3 files changed, 241 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+ create mode 100644 package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+ create mode 100644 package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+
+diff --git a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+new file mode 100644
+index 0000000000..46cf1ef893
+--- /dev/null
++++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-range.patch
+@@ -0,0 +1,98 @@
++From 84e857013a2880362d16aa7890cd62981c152ddb Mon Sep 17 00:00:00 2001
++From: Johannes Kimmel <fff at bareminimum.eu>
++Date: Sat, 1 Aug 2020 03:38:27 +0200
++Subject: [PATCH 1/3] netifd: vxlan: handle srcport range
++
++This adds adds the ability to set the source port range for vxlan
++interfaces.
++
++By default vxlans will use a random port within the ephermal range as
++source ports for packets. This is done to aid scaleability within a
++datacenter.
++
++But with these defaults it's impossible to punch through NATs or
++traverese most stateful firewalls easily. One solution is to fix the
++srcport to the same as dstport.
++
++If only srcportmin is specified, then srcportmax is set in a way that
++outgoing packets will only use srcportmin.
++
++If a range is to be specified, srcportmin and srcportmax have to be
++specified. srcportmax is exclusive.
++
++If only srcportmax is specified, the value is ignored and defaults are
++used.
++
++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
++---
++ system-linux.c | 26 ++++++++++++++++++++++++++
++ system.c | 2 ++
++ system.h | 2 ++
++ 3 files changed, 30 insertions(+)
++
++diff --git a/system-linux.c b/system-linux.c
++index c5583e0..5ff8749 100644
++--- a/system-linux.c
+++++ b/system-linux.c
++@@ -3184,6 +3184,32 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
++ }
++ nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port));
++
+++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) {
+++ struct ifla_vxlan_port_range srcports = {0,0};
+++
+++ uint32_t low = blobmsg_get_u32(cur);
+++ if (low < 1 || low > 65535 - 1) {
+++ ret = -EINVAL;
+++ goto failure;
+++ }
+++
+++ srcports.low = htons((uint16_t) low);
+++ srcports.high = htons((uint16_t) (low+1));
+++
+++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) {
+++ uint32_t high = blobmsg_get_u32(cur);
+++ if (high < 1 || high > 65535) {
+++ ret = -EINVAL;
+++ goto failure;
+++ }
+++ if (high > low) {
+++ srcports.high = htons((uint16_t) high);
+++ }
+++ }
+++
+++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
+++ }
+++
++ if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
++ bool rxcsum = blobmsg_get_bool(cur);
++ nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
++diff --git a/system.c b/system.c
++index bbdfef7..4133e55 100644
++--- a/system.c
+++++ b/system.c
++@@ -38,6 +38,8 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
++ [VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type = BLOBMSG_TYPE_STRING },
++ [VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type = BLOBMSG_TYPE_BOOL },
++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
+++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
++ };
++
++ const struct uci_blob_param_list vxlan_data_attr_list = {
++diff --git a/system.h b/system.h
++index 015987f..bf9e1d7 100644
++--- a/system.h
+++++ b/system.h
++@@ -44,6 +44,8 @@ enum vxlan_data {
++ VXLAN_DATA_ATTR_MACADDR,
++ VXLAN_DATA_ATTR_RXCSUM,
++ VXLAN_DATA_ATTR_TXCSUM,
+++ VXLAN_DATA_ATTR_SRCPORTMIN,
+++ VXLAN_DATA_ATTR_SRCPORTMAX,
++ __VXLAN_DATA_ATTR_MAX
++ };
++
++--
++2.28.0
++
+diff --git a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+new file mode 100644
+index 0000000000..a868ad64f8
+--- /dev/null
++++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-mapping-of-boolean-attrs.patch
+@@ -0,0 +1,59 @@
++From 9b258d8c7f5140fa3e19d3e5c19b9cef84ff80f7 Mon Sep 17 00:00:00 2001
++From: Johannes Kimmel <fff at bareminimum.eu>
++Date: Sat, 1 Aug 2020 03:59:55 +0200
++Subject: [PATCH 2/3] netifd: vxlan: refactor mapping of boolean attrs
++
++Add a small function to handle boolean options and make use of it to handle:
++ - rxcsum
++ - txcsum
++
++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
++---
++ system-linux.c | 24 ++++++++++++++----------
++ 1 file changed, 14 insertions(+), 10 deletions(-)
++
++diff --git a/system-linux.c b/system-linux.c
++index 5ff8749..82b65e3 100644
++--- a/system-linux.c
+++++ b/system-linux.c
++@@ -3073,6 +3073,17 @@ failure:
++ #endif
++
++ #ifdef IFLA_VXLAN_MAX
+++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) {
+++ struct blob_attr *cur;
+++ if ((cur = tb_data[vxlandatatype])) {
+++ bool val = blobmsg_get_bool(cur);
+++ if (invert) {
+++ val = !val;
+++ }
+++ nla_put_u8(msg, attrtype, val);
+++ }
+++}
+++
++ static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6)
++ {
++ struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX];
++@@ -3210,16 +3221,9 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports);
++ }
++
++- if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
++- bool rxcsum = blobmsg_get_bool(cur);
++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, !rxcsum);
++- }
++-
++- if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) {
++- bool txcsum = blobmsg_get_bool(cur);
++- nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum);
++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, !txcsum);
++- }
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
++
++ if ((cur = tb[TUNNEL_ATTR_TOS])) {
++ char *str = blobmsg_get_string(cur);
++--
++2.28.0
++
+diff --git a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+new file mode 100644
+index 0000000000..228c0cd37f
+--- /dev/null
++++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-missing-boolean-options.patch
+@@ -0,0 +1,84 @@
++From 8fe4321a8d7ec7b28b7011f67c88a07584160a47 Mon Sep 17 00:00:00 2001
++From: Johannes Kimmel <fff at bareminimum.eu>
++Date: Sat, 1 Aug 2020 04:05:31 +0200
++Subject: [PATCH 3/3] netifd: vxlan: add most missing boolean options
++
++adds the folloing missing options:
++ - learning
++ - rsc
++ - proxy
++ - l2miss
++ - l3miss
++ - gbp
++
++See ip-link(3) for their meaning.
++
++still missing:
++ - external
++ - gpe
++
++I'm not sure how to handle them at the moment. It's unclear to me what
++IFLA_VXLAN_* value corresponds to the 'external' option and according to
++the manpage, gpe depends on it.
++
++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
++---
++ system-linux.c | 6 ++++++
++ system.c | 6 ++++++
++ system.h | 6 ++++++
++ 3 files changed, 18 insertions(+)
++
++diff --git a/system-linux.c b/system-linux.c
++index 82b65e3..d129fef 100644
++--- a/system-linux.c
+++++ b/system-linux.c
++@@ -3224,6 +3224,12 @@ static int system_add_vxlan(const char *name, const unsigned int link, struct bl
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false);
+++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false);
++
++ if ((cur = tb[TUNNEL_ATTR_TOS])) {
++ char *str = blobmsg_get_string(cur);
++diff --git a/system.c b/system.c
++index 4133e55..95721e1 100644
++--- a/system.c
+++++ b/system.c
++@@ -40,6 +40,12 @@ static const struct blobmsg_policy vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type = BLOBMSG_TYPE_BOOL },
++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type = BLOBMSG_TYPE_INT32 },
++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type = BLOBMSG_TYPE_INT32 },
+++ [VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type = BLOBMSG_TYPE_BOOL },
+++ [VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type = BLOBMSG_TYPE_BOOL },
++ };
++
++ const struct uci_blob_param_list vxlan_data_attr_list = {
++diff --git a/system.h b/system.h
++index bf9e1d7..290c2e5 100644
++--- a/system.h
+++++ b/system.h
++@@ -46,6 +46,12 @@ enum vxlan_data {
++ VXLAN_DATA_ATTR_TXCSUM,
++ VXLAN_DATA_ATTR_SRCPORTMIN,
++ VXLAN_DATA_ATTR_SRCPORTMAX,
+++ VXLAN_DATA_ATTR_LEARNING,
+++ VXLAN_DATA_ATTR_RSC,
+++ VXLAN_DATA_ATTR_PROXY,
+++ VXLAN_DATA_ATTR_L2MISS,
+++ VXLAN_DATA_ATTR_L3MISS,
+++ VXLAN_DATA_ATTR_GBP,
++ __VXLAN_DATA_ATTR_MAX
++ };
++
++--
++2.28.0
++
+--
+2.28.0
+
diff --git a/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
new file mode 100644
index 0000000..97d3422
--- /dev/null
+++ b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
@@ -0,0 +1,69 @@
+From a013910a253fdbaf3eccd546eb93dc10e2291689 Mon Sep 17 00:00:00 2001
+From: Johannes Kimmel <fff at bareminimum.eu>
+Date: Sat, 1 Aug 2020 04:33:11 +0200
+Subject: [PATCH 16/16] vxlan: wire-up more options
+
+Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
+---
+ package/network/config/vxlan/files/vxlan.sh | 22 +++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/package/network/config/vxlan/files/vxlan.sh b/package/network/config/vxlan/files/vxlan.sh
+index d063c47d47..b1d106c47d 100755
+--- a/package/network/config/vxlan/files/vxlan.sh
++++ b/package/network/config/vxlan/files/vxlan.sh
+@@ -59,8 +59,11 @@ vxlan_generic_setup() {
+
+ local link="$cfg"
+
+- local port vid ttl tos mtu macaddr zone rxcsum txcsum
+- json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
++ local port srcport srcportmin srcportmax vid ttl tos mtu macaddr zone rxcsum txcsum learning rsc proxy l2miss l3miss gbp
++ json_get_vars port srcport vid ttl tos mtu macaddr zone rxcsum txcsum learning rsc proxy l2miss l3miss gbp
++
++ srcportmin=$(echo $srcport | cut -d' ' -f1)
++ srcportmax=$(echo $srcport | cut -d' ' -f2)
+
+ proto_init_update "$link" 1
+
+@@ -77,10 +80,18 @@ vxlan_generic_setup() {
+
+ json_add_object 'data'
+ [ -n "$port" ] && json_add_int port "$port"
++ [ -n "$srcportmin" ] && json_add_int srcportmin "$srcportmin"
++ [ -n "$srcportmax" ] && json_add_int srcportmax "$srcportmax"
+ [ -n "$vid" ] && json_add_int id "$vid"
+ [ -n "$macaddr" ] && json_add_string macaddr "$macaddr"
+ [ -n "$rxcsum" ] && json_add_boolean rxcsum "$rxcsum"
+ [ -n "$txcsum" ] && json_add_boolean txcsum "$txcsum"
++ [ -n "$learning" ] && json_add_boolean learning "$learning"
++ [ -n "$rsc" ] && json_add_boolean rsc "$rsc"
++ [ -n "$proxy" ] && json_add_boolean proxy "$proxy"
++ [ -n "$l2miss" ] && json_add_boolean l2miss "$l2miss"
++ [ -n "$l3miss" ] && json_add_boolean l3miss "$l3miss"
++ [ -n "$gbp" ] && json_add_boolean gbp "$gbp"
+ json_close_object
+
+ proto_close_tunnel
+@@ -160,11 +171,18 @@ vxlan_generic_init_config() {
+
+ proto_config_add_int "vid"
+ proto_config_add_int "port"
++ proto_config_add_string "srcport"
+ proto_config_add_int "ttl"
+ proto_config_add_int "tos"
+ proto_config_add_int "mtu"
+ proto_config_add_boolean "rxcsum"
+ proto_config_add_boolean "txcsum"
++ proto_config_add_boolean "learning"
++ proto_config_add_boolean "rsc"
++ proto_config_add_boolean "proxy"
++ proto_config_add_boolean "l2miss"
++ proto_config_add_boolean "l3miss"
++ proto_config_add_boolean "gbp"
+ proto_config_add_string "macaddr"
+ }
+
+--
+2.28.0
+
--
2.28.0
Mehr Informationen über die Mailingliste franken-dev