[OpenWrt-Devel] [PATCH v3 2/3] network/config: add xfrm interface support scripts
Hans Dedecker
dedeckeh at gmail.com
Thu Jun 13 03:24:43 EDT 2019
On Thu, Jun 13, 2019 at 9:18 AM Andre Valentin <avalentin at marcant.net> wrote:
>
> Hi!
>
> On 13.06.19 08:44, Hans Dedecker wrote:
> > Hi,
> >
> > On Wed, Jun 12, 2019 at 8:28 PM Andre Valentin <avalentin at marcant.net> wrote:
> >>
> >> Hi Hans!!
> >> Am 11.06.19 um 22:16 schrieb Hans Dedecker:
> >>> Hi,
> >>>
> >>> On Mon, Jun 10, 2019 at 8:10 PM Andre Valentin <avalentin at marcant.net> wrote:
> >>>>
> >>>> Hi Hans,
> >>>>
> >>>> after testing xfrm tunnels a bit I found to big differences compared to other convential tunnels.
> >>>> 1) xfrm tunnel interfaces cannot be replaced with netlink
> >>>> 2) xfrm tunnel interfaces DO NOT vanish if parent is deleted
> >>>>
> >>>> This leads to some errors and a loop in interface creation. With the changes below,
> >>>> it works smoothly when not bound to ppp interfaces (using lan instead), see:
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command failed: Unknown error
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now down
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is setting up now
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command failed: Unknown error
> >>>> and so on
> >>>>>> What do you think?
> >>> The description is a bit cryptic to me; could you explain what works
> >>> and what does not work and why ?
> >> Sorry for being cryptic, I tend to that;-) Okay, I do the following:
> >> # ifup xfrm0
> >> ... use it
> >> # ifdown xfrm0
> >> The interface still exists (checked with ip link)
> >>
> >> Now I'll do ifup again and this happens endlessly:
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command failed: Unknown error
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now down
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is setting up now
> >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command failed: Unknown error
> >>
> >> In netifd the xfrm0 interface is created with the REPLACE flag, but that does not seem to work, it cannot be recreated and fails.
> >> The result is the upper error repeating.
> >> That's why I think about the call to "ip link delete xfrm0" before proto_init_update call and in the teardown call.
> > Adding the ip link calls does not make sense to me as netifd should
> > take care of deleting the xfrm interfaces
> > Are you sure the xfrm interfaces can be deleted by the ioctl call
> > SIOCDELTUNNEL as is the case now ?
> > For the other tunnel interfaces like vti/gre deletion is done via the
> > netlink interface.
>
> Good point, I will check that.
> >
> > Next to that I noticed a tunlink is specified in xfrm.sh but no
> > proto_add_host_dependency is added; is this on purpose ?
> Yes, that is on purpose. The tunlink specified is a must, but is noted
> used for decrypting and encrypting packets. It works on every interface.
>
> Also the XFRM interface has no IP endpoint, so there no possibility to
> add this to the interface, it would be only cosmetical.
You can install a proto_add_host_dependency on an interface (tunlink
in this case); so it's not required to have an IP endpoint.
Hans
>
> Thanks,
>
> André
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list