Re: [OpenWrt-Devel] Leaking packest in routing/firewall

2016-09-23 Thread Farid Farid 
Thanks Sami for the reply.
I have upgraded firewall and iptables to the trunk.I have picked many packages 
from the trunk .
I was wondering if there is a known issue in this regard in Kernel or somewhere 
else and if it is possible to apply a patch or upgrade few packages to overcome 
this issue.

Thanks,Farid


 

On Friday, September 23, 2016 1:28 PM, Sami Olmari  wrote:
 

 Well, you are running old and obsolete version of OpenWrt, you should try at 
least latest stable CC 15.05.1, or preferably even trunk.
--  Sami Olmari
On Fri, Sep 23, 2016 at 8:39 PM, Farid Farid  wrote:

Hello OpenWrt Team,

I am experiencing an issue possibly firewall/routing layer in Openwrt AA 
running Linux 3.10.xx.
In my unit there is a gateway interface with masq set to 1. There is wifi 
interface operating as AP running DHCP server. If clients connect to this 
device and run some IP traffic I can see once awhile some outgoing packets 
going out from gateway interface with source address of WIFI clients instead of 
the gateway interface address.
It seems to me a bug in firewall layer.  Has anyone experienced this issue?
I am running firewall version 2014-04-14 and  iptables version  1.4.21.-2.

Thanks,Farid

__ _
openwrt-devel mailing list
openwrt-devel@lists.openwrt. org
https://lists.openwrt.org/cgi- bin/mailman/listinfo/openwrt- devel





   ___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Leaking packest in routing/firewall

2016-09-23 Thread Sami Olmari 
Well, you are running old and obsolete version of OpenWrt, you should try
at least latest stable CC 15.05.1, or preferably even trunk.

-- 
 Sami Olmari

On Fri, Sep 23, 2016 at 8:39 PM, Farid Farid  wrote:

> Hello OpenWrt Team,
>
>
> I am experiencing an issue possibly firewall/routing layer in Openwrt AA
> running Linux 3.10.xx.
>
> In my unit there is a gateway interface with masq set to 1. There is wifi
> interface operating as AP running DHCP server. If clients connect to this
> device and run some IP traffic I can see once awhile some outgoing packets
> going out from gateway interface with source address of WIFI clients
> instead of the gateway interface address.
>
> It seems to me a bug in firewall layer.  Has anyone experienced this issue?
>
> I am running firewall version 2014-04-14 and  iptables version  1.4.21.-2.
>
>
> Thanks,
> Farid
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Leaking packest in routing/firewall

2016-09-23 Thread Farid Farid 
Hello OpenWrt Team,

I am experiencing an issue possibly firewall/routing layer in Openwrt AA 
running Linux 3.10.xx.
In my unit there is a gateway interface with masq set to 1. There is wifi 
interface operating as AP running DHCP server. If clients connect to this 
device and run some IP traffic I can see once awhile some outgoing packets 
going out from gateway interface with source address of WIFI clients instead of 
the gateway interface address.
It seems to me a bug in firewall layer.  Has anyone experienced this issue?
I am running firewall version 2014-04-14 and  iptables version  1.4.21.-2.

Thanks,Farid
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 7/7] device: Drop device down event during device release if device gets active again

2016-09-23 Thread Hans Dedecker 
Fixes a race condition as the device can be active again; due to a 
device_claim; by the logic
behind the set_state device type function. In this case the down event cannot 
be sent anymore
as it would bring down the interface(s) referencing the device.
This can be the case for an aliased device when the underlying device is 
switched during a reload;
the alias_set_device function can add a new dependency on the new active device 
which will put the
aliased device in active mode again as the aliased device is already claimed by 
the interface
using it.

Signed-off-by: Hans Dedecker 
---
 device.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/device.c b/device.c
index e17df13..996ffab 100644
--- a/device.c
+++ b/device.c
@@ -450,6 +450,10 @@ void device_release(struct device_user *dep)
device_broadcast_event(dev, DEV_EVENT_TEARDOWN);
if (!dev->external)
dev->set_state(dev, false);
+
+   if (dev->active)
+   return;
+
device_broadcast_event(dev, DEV_EVENT_DOWN);
 }
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 6/7] vlandev: Rework 8021ad/8021q detection based on vlandevice type

2016-09-23 Thread Hans Dedecker 
Signed-off-by: Hans Dedecker 
---
 vlandev.c | 13 -
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/vlandev.c b/vlandev.c
index b065c27..7e46251 100644
--- a/vlandev.c
+++ b/vlandev.c
@@ -20,14 +20,12 @@
 #include "system.h"
 
 enum {
-   VLANDEV_ATTR_TYPE,
VLANDEV_ATTR_IFNAME,
VLANDEV_ATTR_VID,
__VLANDEV_ATTR_MAX
 };
 
 static const struct blobmsg_policy vlandev_attrs[__VLANDEV_ATTR_MAX] = {
-   [VLANDEV_ATTR_TYPE] = { "type", BLOBMSG_TYPE_STRING },
[VLANDEV_ATTR_IFNAME] = { "ifname", BLOBMSG_TYPE_STRING },
[VLANDEV_ATTR_VID] = { "vid", BLOBMSG_TYPE_INT32 },
 };
@@ -40,6 +38,8 @@ static const struct uci_blob_param_list vlandev_attr_list = {
.next = { _attr_list },
 };
 
+static struct device_type vlan8021q_device_type;
+
 struct vlandev_device {
struct device dev;
struct device_user parent;
@@ -158,15 +158,10 @@ vlandev_apply_settings(struct vlandev_device *mvdev, 
struct blob_attr **tb)
struct vlandev_config *cfg = >config;
struct blob_attr *cur;
 
-   cfg->proto = VLAN_PROTO_8021Q;
+   cfg->proto = (mvdev->dev.type == _device_type) ?
+   VLAN_PROTO_8021Q : VLAN_PROTO_8021AD;
cfg->vid = 1;
 
-   if ((cur = tb[VLANDEV_ATTR_TYPE]))
-   {
-   if(!strcmp(blobmsg_data(cur), "8021ad"))
-   cfg->proto = VLAN_PROTO_8021AD;
-   }
-
if ((cur = tb[VLANDEV_ATTR_VID]))
cfg->vid = (uint16_t) blobmsg_get_u32(cur);
 }
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 5/7] vlandev: Register 8021ad and 8021q s device types

2016-09-23 Thread Hans Dedecker 
Fixes creation of vlan 8021ad/8021q devices by UCI due to device handlers rework

Signed-off-by: Hans Dedecker 
---
 vlandev.c | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/vlandev.c b/vlandev.c
index becaed8..b065c27 100644
--- a/vlandev.c
+++ b/vlandev.c
@@ -241,8 +241,18 @@ vlandev_create(const char *name, struct device_type 
*devtype,
return dev;
 }
 
-static struct device_type vlandev_device_type = {
-   .name = "VLANDEV",
+static struct device_type vlan8021ad_device_type = {
+   .name = "8021ad",
+   .config_params = _attr_list,
+   .create = vlandev_create,
+   .config_init = vlandev_config_init,
+   .reload = vlandev_reload,
+   .free = vlandev_free,
+   .dump_info = vlandev_dump_info,
+};
+
+static struct device_type vlan8021q_device_type = {
+   .name = "8021q",
.config_params = _attr_list,
.create = vlandev_create,
.config_init = vlandev_config_init,
@@ -253,5 +263,6 @@ static struct device_type vlandev_device_type = {
 
 static void __init vlandev_device_type_init(void)
 {
-   device_type_add(_device_type);
+   device_type_add(_device_type);
+   device_type_add(_device_type);
 }
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 4/7] tunnel: Use tunnel as device type name

2016-09-23 Thread Hans Dedecker 
Fixes creation of tunnel devices by UCI due to device handlers rework

Signed-off-by: Hans Dedecker 
---
 tunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tunnel.c b/tunnel.c
index 32f3613..3fa3e21 100644
--- a/tunnel.c
+++ b/tunnel.c
@@ -90,7 +90,7 @@ tunnel_free(struct device *dev)
 }
 
 struct device_type tunnel_device_type = {
-   .name = "IP tunnel",
+   .name = "tunnel",
.config_params = _attr_list,
.reload = tunnel_reload,
.create = tunnel_create,
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 3/7] macvlan: Use macvlan as device type name

2016-09-23 Thread Hans Dedecker 
Fixes creation of macvlan devices by UCI due to device handlers rework

Signed-off-by: Hans Dedecker 
---
 macvlan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/macvlan.c b/macvlan.c
index 01a48cd..021d394 100644
--- a/macvlan.c
+++ b/macvlan.c
@@ -254,7 +254,7 @@ macvlan_create(const char *name, struct device_type 
*devtype,
 }
 
 static struct device_type macvlan_device_type = {
-   .name = "MAC VLAN",
+   .name = "macvlan",
.config_params = _attr_list,
.create = macvlan_create,
.config_init = macvlan_config_init,
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 2/7] bridge: Make bridge_device_type static

2016-09-23 Thread Hans Dedecker 
Signed-off-by: Hans Dedecker 
---
 bridge.c   | 2 +-
 device.h   | 1 -
 wireless.c | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/bridge.c b/bridge.c
index 98e237b..8e6c9a6 100644
--- a/bridge.c
+++ b/bridge.c
@@ -80,7 +80,7 @@ static void bridge_dump_info(struct device *dev, struct 
blob_buf *b);
 enum dev_change_type
 bridge_reload(struct device *dev, struct blob_attr *attr);
 
-struct device_type bridge_device_type = {
+static struct device_type bridge_device_type = {
.name = "bridge",
.config_params = _attr_list,
 
diff --git a/device.h b/device.h
index f3ca957..2af93bb 100644
--- a/device.h
+++ b/device.h
@@ -226,7 +226,6 @@ struct device_hotplug_ops {
 
 extern const struct uci_blob_param_list device_attr_list;
 extern struct device_type simple_device_type;
-extern struct device_type bridge_device_type;
 extern struct device_type tunnel_device_type;
 
 void device_lock(void);
diff --git a/wireless.c b/wireless.c
index be94c34..9109ce1 100644
--- a/wireless.c
+++ b/wireless.c
@@ -83,7 +83,7 @@ vif_config_add_bridge(struct blob_buf *buf, struct blob_attr 
*networks, bool pre
if (!dev)
return;
 
-   if (dev->type != _device_type)
+   if (!dev->type->bridge_capability)
return;
}
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH netifd 1/7] device: Move the different device type registrations to the device type file

2016-09-23 Thread Hans Dedecker 
While at it; make device_types static if only used in the device type file

Signed-off-by: Hans Dedecker 
---
 alias.c   |  2 --
 bridge.c  |  5 +
 device.c  | 15 +--
 device.h  |  2 --
 macvlan.c |  7 ++-
 tunnel.c  |  5 -
 vlandev.c |  7 ++-
 7 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/alias.c b/alias.c
index f95c9f5..649f2d1 100644
--- a/alias.c
+++ b/alias.c
@@ -30,8 +30,6 @@ struct alias_device {
char name[];
 };
 
-static struct device_type alias_device_type;
-
 static void alias_set_device(struct alias_device *alias, struct device *dev)
 {
if (dev == alias->dep.dev) {
diff --git a/bridge.c b/bridge.c
index bcece52..98e237b 100644
--- a/bridge.c
+++ b/bridge.c
@@ -729,3 +729,8 @@ bridge_create(const char *name, struct device_type *devtype,
 
return dev;
 }
+
+static void __init bridge_device_type_init(void)
+{
+   device_type_add(_device_type);
+}
diff --git a/device.c b/device.c
index a7d18af..e17df13 100644
--- a/device.c
+++ b/device.c
@@ -82,16 +82,6 @@ int device_type_add(struct device_type *devtype)
return 0;
 }
 
-/* initialize device type list and add known types */
-static void __init devtypes_init(void)
-{
-   device_type_add(_device_type);
-   device_type_add(_device_type);
-   device_type_add(_device_type);
-   device_type_add(_device_type);
-   device_type_add(_device_type);
-}
-
 /* Retrieve the device type for the given name. If 'bridge' is true, the type
  * must have bridge capabilities
  */
@@ -1065,3 +1055,8 @@ device_dump_status(struct blob_buf *b, struct device *dev)
system_if_dump_stats(dev, b);
blobmsg_close_table(b, s);
 }
+
+static void __init simple_device_type_init(void)
+{
+   device_type_add(_device_type);
+}
diff --git a/device.h b/device.h
index c669beb..f3ca957 100644
--- a/device.h
+++ b/device.h
@@ -228,8 +228,6 @@ extern const struct uci_blob_param_list device_attr_list;
 extern struct device_type simple_device_type;
 extern struct device_type bridge_device_type;
 extern struct device_type tunnel_device_type;
-extern struct device_type macvlan_device_type;
-extern struct device_type vlandev_device_type;
 
 void device_lock(void);
 void device_unlock(void);
diff --git a/macvlan.c b/macvlan.c
index ffadfd4..01a48cd 100644
--- a/macvlan.c
+++ b/macvlan.c
@@ -253,7 +253,7 @@ macvlan_create(const char *name, struct device_type 
*devtype,
return dev;
 }
 
-struct device_type macvlan_device_type = {
+static struct device_type macvlan_device_type = {
.name = "MAC VLAN",
.config_params = _attr_list,
.create = macvlan_create,
@@ -262,3 +262,8 @@ struct device_type macvlan_device_type = {
.free = macvlan_free,
.dump_info = macvlan_dump_info,
 };
+
+static void __init macvlan_device_type_init(void)
+{
+   device_type_add(_device_type);
+}
diff --git a/tunnel.c b/tunnel.c
index ec622d8..32f3613 100644
--- a/tunnel.c
+++ b/tunnel.c
@@ -97,4 +97,7 @@ struct device_type tunnel_device_type = {
.free = tunnel_free,
 };
 
-
+static void __init tunnel_device_type_init(void)
+{
+   device_type_add(_device_type);
+}
diff --git a/vlandev.c b/vlandev.c
index b8f7a25..becaed8 100644
--- a/vlandev.c
+++ b/vlandev.c
@@ -241,7 +241,7 @@ vlandev_create(const char *name, struct device_type 
*devtype,
return dev;
 }
 
-struct device_type vlandev_device_type = {
+static struct device_type vlandev_device_type = {
.name = "VLANDEV",
.config_params = _attr_list,
.create = vlandev_create,
@@ -250,3 +250,8 @@ struct device_type vlandev_device_type = {
.free = vlandev_free,
.dump_info = vlandev_dump_info,
 };
+
+static void __init vlandev_device_type_init(void)
+{
+   device_type_add(_device_type);
+}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel