[RFC PATCH] vxlan: netifd and vxlan package patches
mail at adrianschmutzler.de
mail at adrianschmutzler.de
Sa Aug 1 12:16:26 CEST 2020
Hallo lemmi,
ich habe gesehen, dass da RFC dran steht; wenn/falls es eine Diskussion hier gegeben hat, sollte dies aber meiner Meinung nach erstmal durch Upstream durch (zumindest so, dass es mal in netifd drin ist).
Zur Diskussion selbst kann ich leider nicht viel beitragen.
Beste Grüße
Adrian
> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
> Of Johannes Kimmel
> Sent: Samstag, 1. August 2020 05:39
> To: franken-dev at freifunk.net
> Subject: [RFC PATCH] vxlan: netifd and vxlan package patches
>
> netifd:
> - add srcportmin option
> - add srcportmax option (port exclusive)
> - add most missing boolean options
>
> vxlan:
> - wire up the new vxlan options support
> - srcport
> option srcport "1337 31337" # for range, max is exclusive
> option srcport "1337" # for single srcport
> srcport string is split before sending over to netifd to make
> processing more robust on the netifd side.
> - learning
> - rsc
> - proxy
> - l2miss
> - l3miss
> - gbp
>
> see ip-link(3)
>
> Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> ---
> .../openwrt/0015-netifd-vxlan-patches.patch | 281 ++++++++++++++++++
> .../0016-vxlan-wire-up-more-options.patch | 69 +++++
> 2 files changed, 350 insertions(+)
> create mode 100644 build_patches/openwrt/0015-netifd-vxlan-
> patches.patch
> create mode 100644 build_patches/openwrt/0016-vxlan-wire-up-more-
> options.patch
>
> diff --git a/build_patches/openwrt/0015-netifd-vxlan-patches.patch
> b/build_patches/openwrt/0015-netifd-vxlan-patches.patch
> new file mode 100644
> index 0000000..9861a40
> --- /dev/null
> +++ b/build_patches/openwrt/0015-netifd-vxlan-patches.patch
> @@ -0,0 +1,281 @@
> +From a86c039c41e8dab1015766c677208181f5afbf4f Mon Sep 17 00:00:00
> 2001
> +From: Johannes Kimmel <fff at bareminimum.eu>
> +Date: Sat, 1 Aug 2020 04:23:41 +0200
> +Subject: [PATCH 15/16] netifd: vxlan patches
> +
> +8fe4321 netifd: vxlan: add most missing boolean options
> +9b258d8 netifd: vxlan: refactor mapping of boolean attrs
> +84e8570 netifd: vxlan: handle srcport range
> +
> +Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> +---
> + ...01-netifd-vxlan-handle-srcport-range.patch | 98
> +++++++++++++++++++
> +...an-refactor-mapping-of-boolean-attrs.patch | 59 +++++++++++
> +...lan-add-most-missing-boolean-options.patch | 84 ++++++++++++++++
> + 3 files changed, 241 insertions(+)
> + create mode 100644
> +package/network/config/netifd/patches/0001-netifd-vxlan-handle-srcport-
> +range.patch create mode 100644
> +package/network/config/netifd/patches/0002-netifd-vxlan-refactor-
> mappin
> +g-of-boolean-attrs.patch create mode 100644
> +package/network/config/netifd/patches/0003-netifd-vxlan-add-most-
> missin
> +g-boolean-options.patch
> +
> +diff --git
> +a/package/network/config/netifd/patches/0001-netifd-vxlan-handle-
> srcpor
> +t-range.patch
> +b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-
> srcpor
> +t-range.patch
> +new file mode 100644
> +index 0000000000..46cf1ef893
> +--- /dev/null
> ++++ b/package/network/config/netifd/patches/0001-netifd-vxlan-handle-
> sr
> ++++ cport-range.patch
> +@@ -0,0 +1,98 @@
> ++From 84e857013a2880362d16aa7890cd62981c152ddb Mon Sep 17 00:00:00
> 2001
> ++From: Johannes Kimmel <fff at bareminimum.eu>
> ++Date: Sat, 1 Aug 2020 03:38:27 +0200
> ++Subject: [PATCH 1/3] netifd: vxlan: handle srcport range
> ++
> ++This adds adds the ability to set the source port range for vxlan
> ++interfaces.
> ++
> ++By default vxlans will use a random port within the ephermal range as
> ++source ports for packets. This is done to aid scaleability within a
> ++datacenter.
> ++
> ++But with these defaults it's impossible to punch through NATs or
> ++traverese most stateful firewalls easily. One solution is to fix the
> ++srcport to the same as dstport.
> ++
> ++If only srcportmin is specified, then srcportmax is set in a way that
> ++outgoing packets will only use srcportmin.
> ++
> ++If a range is to be specified, srcportmin and srcportmax have to be
> ++specified. srcportmax is exclusive.
> ++
> ++If only srcportmax is specified, the value is ignored and defaults are
> ++used.
> ++
> ++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> ++---
> ++ system-linux.c | 26 ++++++++++++++++++++++++++
> ++ system.c | 2 ++
> ++ system.h | 2 ++
> ++ 3 files changed, 30 insertions(+)
> ++
> ++diff --git a/system-linux.c b/system-linux.c index c5583e0..5ff8749
> ++100644
> ++--- a/system-linux.c
> +++++ b/system-linux.c
> ++@@ -3184,6 +3184,32 @@ static int system_add_vxlan(const char *name,
> const unsigned int link, struct bl
> ++ }
> ++ nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port));
> ++
> +++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) {
> +++ struct ifla_vxlan_port_range srcports = {0,0};
> +++
> +++ uint32_t low = blobmsg_get_u32(cur);
> +++ if (low < 1 || low > 65535 - 1) {
> +++ ret = -EINVAL;
> +++ goto failure;
> +++ }
> +++
> +++ srcports.low = htons((uint16_t) low);
> +++ srcports.high = htons((uint16_t) (low+1));
> +++
> +++ if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) {
> +++ uint32_t high = blobmsg_get_u32(cur);
> +++ if (high < 1 || high > 65535) {
> +++ ret = -EINVAL;
> +++ goto failure;
> +++ }
> +++ if (high > low) {
> +++ srcports.high = htons((uint16_t) high);
> +++ }
> +++ }
> +++
> +++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports),
> &srcports);
> +++ }
> +++
> ++ if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
> ++ bool rxcsum = blobmsg_get_bool(cur);
> ++ nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
> !rxcsum); diff --git
> ++a/system.c b/system.c index bbdfef7..4133e55 100644
> ++--- a/system.c
> +++++ b/system.c
> ++@@ -38,6 +38,8 @@ static const struct blobmsg_policy
> vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
> ++ [VXLAN_DATA_ATTR_MACADDR] = { .name = "macaddr", .type =
> BLOBMSG_TYPE_STRING },
> ++ [VXLAN_DATA_ATTR_RXCSUM] = { .name = "rxcsum", .type =
> BLOBMSG_TYPE_BOOL },
> ++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type =
> ++BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type
> = BLOBMSG_TYPE_INT32 },
> +++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type
> =
> +++BLOBMSG_TYPE_INT32 },
> ++ };
> ++
> ++ const struct uci_blob_param_list vxlan_data_attr_list = { diff --git
> ++a/system.h b/system.h index 015987f..bf9e1d7 100644
> ++--- a/system.h
> +++++ b/system.h
> ++@@ -44,6 +44,8 @@ enum vxlan_data {
> ++ VXLAN_DATA_ATTR_MACADDR,
> ++ VXLAN_DATA_ATTR_RXCSUM,
> ++ VXLAN_DATA_ATTR_TXCSUM,
> +++ VXLAN_DATA_ATTR_SRCPORTMIN,
> +++ VXLAN_DATA_ATTR_SRCPORTMAX,
> ++ __VXLAN_DATA_ATTR_MAX
> ++ };
> ++
> ++--
> ++2.28.0
> ++
> +diff --git
> +a/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-
> mapp
> +ing-of-boolean-attrs.patch
> +b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-
> mapp
> +ing-of-boolean-attrs.patch
> +new file mode 100644
> +index 0000000000..a868ad64f8
> +--- /dev/null
> ++++ b/package/network/config/netifd/patches/0002-netifd-vxlan-refactor-
> ++++ mapping-of-boolean-attrs.patch
> +@@ -0,0 +1,59 @@
> ++From 9b258d8c7f5140fa3e19d3e5c19b9cef84ff80f7 Mon Sep 17 00:00:00
> 2001
> ++From: Johannes Kimmel <fff at bareminimum.eu>
> ++Date: Sat, 1 Aug 2020 03:59:55 +0200
> ++Subject: [PATCH 2/3] netifd: vxlan: refactor mapping of boolean attrs
> ++
> ++Add a small function to handle boolean options and make use of it to
> handle:
> ++ - rxcsum
> ++ - txcsum
> ++
> ++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> ++---
> ++ system-linux.c | 24 ++++++++++++++----------
> ++ 1 file changed, 14 insertions(+), 10 deletions(-)
> ++
> ++diff --git a/system-linux.c b/system-linux.c index 5ff8749..82b65e3
> ++100644
> ++--- a/system-linux.c
> +++++ b/system-linux.c
> ++@@ -3073,6 +3073,17 @@ failure:
> ++ #endif
> ++
> ++ #ifdef IFLA_VXLAN_MAX
> +++static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct
> blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) {
> +++ struct blob_attr *cur;
> +++ if ((cur = tb_data[vxlandatatype])) {
> +++ bool val = blobmsg_get_bool(cur);
> +++ if (invert) {
> +++ val = !val;
> +++ }
> +++ nla_put_u8(msg, attrtype, val);
> +++ }
> +++}
> +++
> ++ static int system_add_vxlan(const char *name, const unsigned int
> ++link, struct blob_attr **tb, bool v6) {
> ++ struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX]; @@ -
> 3210,16
> +++3221,9 @@ static int system_add_vxlan(const char *name, const
> unsigned int link, struct bl
> ++ nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports),
> &srcports);
> ++ }
> ++
> ++- if ((cur = tb_data[VXLAN_DATA_ATTR_RXCSUM])) {
> ++- bool rxcsum = blobmsg_get_bool(cur);
> ++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
> !rxcsum);
> ++- }
> ++-
> ++- if ((cur = tb_data[VXLAN_DATA_ATTR_TXCSUM])) {
> ++- bool txcsum = blobmsg_get_bool(cur);
> ++- nla_put_u8(msg, IFLA_VXLAN_UDP_CSUM, txcsum);
> ++- nla_put_u8(msg, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
> !txcsum);
> ++- }
> +++ system_vxlan_map_bool_attr(msg, tb_data,
> IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
> +++ system_vxlan_map_bool_attr(msg, tb_data,
> IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data,
> +++IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM,
> true);
> ++
> ++ if ((cur = tb[TUNNEL_ATTR_TOS])) {
> ++ char *str = blobmsg_get_string(cur);
> ++--
> ++2.28.0
> ++
> +diff --git
> +a/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-
> miss
> +ing-boolean-options.patch
> +b/package/network/config/netifd/patches/0003-netifd-vxlan-add-most-
> miss
> +ing-boolean-options.patch
> +new file mode 100644
> +index 0000000000..228c0cd37f
> +--- /dev/null
> ++++ b/package/network/config/netifd/patches/0003-netifd-vxlan-add-
> most-
> ++++ missing-boolean-options.patch
> +@@ -0,0 +1,84 @@
> ++From 8fe4321a8d7ec7b28b7011f67c88a07584160a47 Mon Sep 17 00:00:00
> 2001
> ++From: Johannes Kimmel <fff at bareminimum.eu>
> ++Date: Sat, 1 Aug 2020 04:05:31 +0200
> ++Subject: [PATCH 3/3] netifd: vxlan: add most missing boolean options
> ++
> ++adds the folloing missing options:
> ++ - learning
> ++ - rsc
> ++ - proxy
> ++ - l2miss
> ++ - l3miss
> ++ - gbp
> ++
> ++See ip-link(3) for their meaning.
> ++
> ++still missing:
> ++ - external
> ++ - gpe
> ++
> ++I'm not sure how to handle them at the moment. It's unclear to me what
> ++IFLA_VXLAN_* value corresponds to the 'external' option and according
> ++to the manpage, gpe depends on it.
> ++
> ++Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> ++---
> ++ system-linux.c | 6 ++++++
> ++ system.c | 6 ++++++
> ++ system.h | 6 ++++++
> ++ 3 files changed, 18 insertions(+)
> ++
> ++diff --git a/system-linux.c b/system-linux.c index 82b65e3..d129fef
> ++100644
> ++--- a/system-linux.c
> +++++ b/system-linux.c
> ++@@ -3224,6 +3224,12 @@ static int system_add_vxlan(const char *name,
> const unsigned int link, struct bl
> ++ system_vxlan_map_bool_attr(msg, tb_data,
> IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true);
> ++ system_vxlan_map_bool_attr(msg, tb_data,
> IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false);
> ++ system_vxlan_map_bool_attr(msg, tb_data,
> ++IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM,
> true);
> +++ system_vxlan_map_bool_attr(msg, tb_data,
> IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC ,
> VXLAN_DATA_ATTR_RSC, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY ,
> VXLAN_DATA_ATTR_PROXY, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS ,
> VXLAN_DATA_ATTR_L2MISS, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS ,
> VXLAN_DATA_ATTR_L3MISS, false);
> +++ system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP ,
> +++VXLAN_DATA_ATTR_GBP, false);
> ++
> ++ if ((cur = tb[TUNNEL_ATTR_TOS])) {
> ++ char *str = blobmsg_get_string(cur); diff --git a/system.c
> ++b/system.c index 4133e55..95721e1 100644
> ++--- a/system.c
> +++++ b/system.c
> ++@@ -40,6 +40,12 @@ static const struct blobmsg_policy
> vxlan_data_attrs[__VXLAN_DATA_ATTR_MAX] = {
> ++ [VXLAN_DATA_ATTR_TXCSUM] = { .name = "txcsum", .type =
> BLOBMSG_TYPE_BOOL },
> ++ [VXLAN_DATA_ATTR_SRCPORTMIN] = { .name = "srcportmin", .type
> = BLOBMSG_TYPE_INT32 },
> ++ [VXLAN_DATA_ATTR_SRCPORTMAX] = { .name = "srcportmax", .type
> =
> ++BLOBMSG_TYPE_INT32 },
> +++ [VXLAN_DATA_ATTR_LEARNING] = { .name = "learning", .type =
> BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_RSC] = { .name = "rsc", .type =
> BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_PROXY] = { .name = "proxy", .type =
> BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_L2MISS] = { .name = "l2miss", .type =
> BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_L3MISS] = { .name = "l3miss", .type =
> BLOBMSG_TYPE_BOOL },
> +++ [VXLAN_DATA_ATTR_GBP] = { .name = "gbp", .type =
> BLOBMSG_TYPE_BOOL
> +++},
> ++ };
> ++
> ++ const struct uci_blob_param_list vxlan_data_attr_list = { diff --git
> ++a/system.h b/system.h index bf9e1d7..290c2e5 100644
> ++--- a/system.h
> +++++ b/system.h
> ++@@ -46,6 +46,12 @@ enum vxlan_data {
> ++ VXLAN_DATA_ATTR_TXCSUM,
> ++ VXLAN_DATA_ATTR_SRCPORTMIN,
> ++ VXLAN_DATA_ATTR_SRCPORTMAX,
> +++ VXLAN_DATA_ATTR_LEARNING,
> +++ VXLAN_DATA_ATTR_RSC,
> +++ VXLAN_DATA_ATTR_PROXY,
> +++ VXLAN_DATA_ATTR_L2MISS,
> +++ VXLAN_DATA_ATTR_L3MISS,
> +++ VXLAN_DATA_ATTR_GBP,
> ++ __VXLAN_DATA_ATTR_MAX
> ++ };
> ++
> ++--
> ++2.28.0
> ++
> +--
> +2.28.0
> +
> diff --git a/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
> b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
> new file mode 100644
> index 0000000..97d3422
> --- /dev/null
> +++ b/build_patches/openwrt/0016-vxlan-wire-up-more-options.patch
> @@ -0,0 +1,69 @@
> +From a013910a253fdbaf3eccd546eb93dc10e2291689 Mon Sep 17 00:00:00
> 2001
> +From: Johannes Kimmel <fff at bareminimum.eu>
> +Date: Sat, 1 Aug 2020 04:33:11 +0200
> +Subject: [PATCH 16/16] vxlan: wire-up more options
> +
> +Signed-off-by: Johannes Kimmel <fff at bareminimum.eu>
> +---
> + package/network/config/vxlan/files/vxlan.sh | 22
> +++++++++++++++++++--
> + 1 file changed, 20 insertions(+), 2 deletions(-)
> +
> +diff --git a/package/network/config/vxlan/files/vxlan.sh
> +b/package/network/config/vxlan/files/vxlan.sh
> +index d063c47d47..b1d106c47d 100755
> +--- a/package/network/config/vxlan/files/vxlan.sh
> ++++ b/package/network/config/vxlan/files/vxlan.sh
> +@@ -59,8 +59,11 @@ vxlan_generic_setup() {
> +
> + local link="$cfg"
> +
> +- local port vid ttl tos mtu macaddr zone rxcsum txcsum
> +- json_get_vars port vid ttl tos mtu macaddr zone rxcsum txcsum
> ++ local port srcport srcportmin srcportmax vid ttl tos mtu macaddr zone
> rxcsum txcsum learning rsc proxy l2miss l3miss gbp
> ++ json_get_vars port srcport vid ttl tos mtu macaddr zone rxcsum
> txcsum
> ++learning rsc proxy l2miss l3miss gbp
> ++
> ++ srcportmin=$(echo $srcport | cut -d' ' -f1)
> ++ srcportmax=$(echo $srcport | cut -d' ' -f2)
> +
> + proto_init_update "$link" 1
> +
> +@@ -77,10 +80,18 @@ vxlan_generic_setup() {
> +
> + json_add_object 'data'
> + [ -n "$port" ] && json_add_int port "$port"
> ++ [ -n "$srcportmin" ] && json_add_int srcportmin "$srcportmin"
> ++ [ -n "$srcportmax" ] && json_add_int srcportmax "$srcportmax"
> + [ -n "$vid" ] && json_add_int id "$vid"
> + [ -n "$macaddr" ] && json_add_string macaddr "$macaddr"
> + [ -n "$rxcsum" ] && json_add_boolean rxcsum "$rxcsum"
> + [ -n "$txcsum" ] && json_add_boolean txcsum "$txcsum"
> ++ [ -n "$learning" ] && json_add_boolean learning "$learning"
> ++ [ -n "$rsc" ] && json_add_boolean rsc "$rsc"
> ++ [ -n "$proxy" ] && json_add_boolean proxy "$proxy"
> ++ [ -n "$l2miss" ] && json_add_boolean l2miss "$l2miss"
> ++ [ -n "$l3miss" ] && json_add_boolean l3miss "$l3miss"
> ++ [ -n "$gbp" ] && json_add_boolean gbp "$gbp"
> + json_close_object
> +
> + proto_close_tunnel
> +@@ -160,11 +171,18 @@ vxlan_generic_init_config() {
> +
> + proto_config_add_int "vid"
> + proto_config_add_int "port"
> ++ proto_config_add_string "srcport"
> + proto_config_add_int "ttl"
> + proto_config_add_int "tos"
> + proto_config_add_int "mtu"
> + proto_config_add_boolean "rxcsum"
> + proto_config_add_boolean "txcsum"
> ++ proto_config_add_boolean "learning"
> ++ proto_config_add_boolean "rsc"
> ++ proto_config_add_boolean "proxy"
> ++ proto_config_add_boolean "l2miss"
> ++ proto_config_add_boolean "l3miss"
> ++ proto_config_add_boolean "gbp"
> + proto_config_add_string "macaddr"
> + }
> +
> +--
> +2.28.0
> +
> --
> 2.28.0
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : openpgp-digital-signature.asc
Dateityp : application/pgp-signature
Dateigröße : 834 bytes
Beschreibung: nicht verfügbar
URL : <https://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20200801/f31a3e32/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev