January 2022 - B.A.T.M.A.N - lists.open-mesh.org

[PATCH net 00/12] net: iflink and link-netnsid fixes

by Sabrina Dubroca

In a lot of places, we use this kind of comparison to detect if a device has a lower link: dev->ifindex != dev_get_iflink(dev) This seems to be a leftover of the pre-netns days, when the ifindex was unique over the whole system. Nowadays, with network namespaces, it's very easy to create a device with the same ifindex as its lower link: ip netns add main ip netns add peer ip -net main link add dummy0 type dummy ip -net main link add link dummy0 macvlan0 netns peer type macvlan ip -net main link show type dummy 9: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop ... ip -net peer link show type macvlan 9: macvlan0@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop ... To detect if a device has a lower link, we can simply check the existence of the dev->netdev_ops->ndo_get_iflink operation, instead of checking its return value. In particular, I attempted to fix one of these checks in commit feadc4b6cf42 ("rtnetlink: always put IFLA_LINK for links with a link-netnsid"), but this patch isn't correct, since tunnel devices can export IFLA_LINK_NETNSID without IFLA_LINK. That patch needs to be reverted. This series will fix all those bogus comparisons, and export missing IFLA_LINK_NETNSID attributes in bridge and ipv6 dumps. ipvlan and geneve are also missing the get_link_net operation, so userspace can't know when those device are cross-netns. There are a couple of other device types that have an ndo_get_iflink op but no get_link_net (virt_wifi, ipoib), and should probably also have a get_link_net. Sabrina Dubroca (12): ipvlan: add get_link_net geneve: add get_link_net Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid" rtnetlink: always put IFLA_LINK for links with ndo_get_iflink bridge: always put IFLA_LINK for ports with ndo_get_iflink bridge: advertise IFLA_LINK_NETNSID when dumping bridge ports ipv6: always put IFLA_LINK for devices with ndo_get_iflink ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses net: link_watch: fix operstate when the link has the same index as the device net: link_watch: fix detection of urgent events batman-adv: fix iflink detection in batadv_is_on_batman_iface batman-adv: fix detection of lower link in batadv_get_real_netdevice drivers/net/can/vxcan.c | 2 +- drivers/net/geneve.c | 8 ++++++++ drivers/net/ipvlan/ipvlan_main.c | 9 +++++++++ drivers/net/veth.c | 2 +- include/net/rtnetlink.h | 4 ++++ net/batman-adv/hard-interface.c | 4 ++-- net/bridge/br_netlink.c | 4 +++- net/core/link_watch.c | 4 ++-- net/core/rtnetlink.c | 25 ++++++++++++------------- net/ipv6/addrconf.c | 11 ++++++++++- 10 files changed, 52 insertions(+), 21 deletions(-) -- 2.28.0

4 months, 2 weeks

3
5
0 / 0

[PATCH] batman-adv: compat: Fix linux/build_bug.h include for Linux 4.9.297

by Sven Eckelmann

Linux 4.9.297 doesn't provide BUILD_BUG_ON anymore in linux/bug.h also identified itself with the version number 4.9.255 when decoding the LINUX_VERSION_CODE. So we have to try to guess now if we need to include linux/build_bug.h based on whether BUILD_BUG_ON is defined or not after including linux/bug.h. If not doing this, the build will fail with errors like: net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' net/batman-adv/bat_algo.c:146:1: error: undefined identifier 'BUILD_BUG_ON_ZERO' In file included from ./arch/x86/include/asm/cpufeatures.h:5, from ./arch/x86/include/asm/cmpxchg.h:5, from ./arch/x86/include/asm/atomic.h:7, from ./include/linux/atomic.h:4, from net/batman-adv/main.h:207, from net/batman-adv/bat_algo.c:7: ./arch/x86/include/asm/qspinlock.h: In function ‘virt_spin_lock’: ./arch/x86/include/asm/required-features.h:104:29: error: implicit declaration of function ‘BUILD_BUG_ON_ZERO’ [-Werror=implicit-function-declaration] Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- compat-include/linux/build_bug.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/compat-include/linux/build_bug.h b/compat-include/linux/build_bug.h index 0eecc688..1002431d 100644 --- a/compat-include/linux/build_bug.h +++ b/compat-include/linux/build_bug.h @@ -15,6 +15,17 @@ #include_next <linux/build_bug.h> #else #include <linux/bug.h> + +/* Linux 4.9.297 doesn't provide BUILD_BUG_ON anymore in linux/bug.h + * also identified itself with the version number 4.9.255 when decoding the + * LINUX_VERSION_CODE. So we have to try to guess now if we need to include + * linux/build_bug.h based on whether BUILD_BUG_ON is defined or not after + * including linux/bug.h + */ +#ifndef BUILD_BUG_ON +#include_next <linux/build_bug.h> +#endif + #endif #endif /* _NET_BATMAN_ADV_COMPAT_LINUX_BUILD_BUG_H_ */ -- 2.30.2

8 months, 1 week

1
0
0 / 0

alfred: allow startup without network interface

by Marek Lindner

Hi, alfred could be used without any interface at all and operate as local data storage between 2 processes on the same system or the interface could be configured at a later time (via unix socket). To allow for these additional use cases and keep the current behavior, the interface command line parameter shall accept 'none' as interface name (similar to the batman-adv interface). Cheers, Marek

8 months, 1 week

2
8
0 / 0

[PATCH] batman-adv: Migrate to linux/container_of.h

by Sven Eckelmann

The commit d2a8ebbf8192 ("kernel.h: split out container_of() and typeof_member() macros") introduced a new header for the container_of related macros from (previously) linux/kernel.h. Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- compat-include/linux/container_of.h | 20 ++++++++++++++++++++ net/batman-adv/bat_iv_ogm.c | 2 +- net/batman-adv/bat_v_elp.c | 2 +- net/batman-adv/bat_v_ogm.c | 2 +- net/batman-adv/bridge_loop_avoidance.c | 1 + net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/gateway_client.c | 1 + net/batman-adv/hard-interface.c | 2 +- net/batman-adv/main.c | 1 + net/batman-adv/multicast.c | 1 + net/batman-adv/network-coding.c | 2 +- net/batman-adv/originator.c | 2 +- net/batman-adv/send.c | 2 +- net/batman-adv/soft-interface.c | 2 +- net/batman-adv/tp_meter.c | 2 +- net/batman-adv/translation-table.c | 2 +- net/batman-adv/tvlv.c | 2 +- 17 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 compat-include/linux/container_of.h diff --git a/compat-include/linux/container_of.h b/compat-include/linux/container_of.h new file mode 100644 index 00000000..f1e8e1b6 --- /dev/null +++ b/compat-include/linux/container_of.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) B.A.T.M.A.N. contributors: + * + * Marek Lindner, Simon Wunderlich + * + * This file contains macros for maintaining compatibility with older versions + * of the Linux kernel. + */ + +#ifndef _NET_BATMAN_ADV_COMPAT_LINUX_CONTAINER_OF_H_ +#define _NET_BATMAN_ADV_COMPAT_LINUX_CONTAINER_OF_H_ + +#include <linux/version.h> +#if LINUX_VERSION_IS_GEQ(5, 16, 0) +#include_next <linux/container_of.h> +#else +#include <linux/kernel.h> +#endif + +#endif /* _NET_BATMAN_ADV_COMPAT_LINUX_CONTAINER_OF_H_ */ diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index f94f538f..7f6a7c96 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -13,13 +13,13 @@ #include <linux/bug.h> #include <linux/byteorder/generic.h> #include <linux/cache.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/if_ether.h> #include <linux/init.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 71999e13..b6db999a 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -10,13 +10,13 @@ #include <linux/atomic.h> #include <linux/bitops.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> #include <linux/gfp.h> #include <linux/if_ether.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/minmax.h> #include <linux/netdevice.h> diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index 1d750f3c..033639df 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -9,12 +9,12 @@ #include <linux/atomic.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/if_ether.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index 2ed9496f..337e20b6 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -10,6 +10,7 @@ #include <linux/atomic.h> #include <linux/byteorder/generic.h> #include <linux/compiler.h> +#include <linux/container_of.h> #include <linux/crc16.h> #include <linux/errno.h> #include <linux/etherdevice.h> diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 2f008e32..fefb51a5 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -11,6 +11,7 @@ #include <linux/atomic.h> #include <linux/bitops.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> @@ -20,7 +21,6 @@ #include <linux/in.h> #include <linux/ip.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/netlink.h> diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c index b7466136..d26124bc 100644 --- a/net/batman-adv/gateway_client.c +++ b/net/batman-adv/gateway_client.c @@ -9,6 +9,7 @@ #include <linux/atomic.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c index 8a2b78f9..59d19097 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c @@ -9,11 +9,11 @@ #include <linux/atomic.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/gfp.h> #include <linux/if.h> #include <linux/if_arp.h> #include <linux/if_ether.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/limits.h> #include <linux/list.h> diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c index 5207cd8d..4a8de470 100644 --- a/net/batman-adv/main.c +++ b/net/batman-adv/main.c @@ -9,6 +9,7 @@ #include <linux/atomic.h> #include <linux/build_bug.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/crc32c.h> #include <linux/device.h> #include <linux/errno.h> diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c index f4004cf0..1860de73 100644 --- a/net/batman-adv/multicast.c +++ b/net/batman-adv/multicast.c @@ -11,6 +11,7 @@ #include <linux/bitops.h> #include <linux/bug.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 974d726f..5f4aeeb6 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -11,6 +11,7 @@ #include <linux/bitops.h> #include <linux/byteorder/generic.h> #include <linux/compiler.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> @@ -19,7 +20,6 @@ #include <linux/init.h> #include <linux/jhash.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index aadc653c..34903df4 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -8,11 +8,11 @@ #include "main.h" #include <linux/atomic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c index 477d85a3..0379b126 100644 --- a/net/batman-adv/send.c +++ b/net/batman-adv/send.c @@ -10,13 +10,13 @@ #include <linux/atomic.h> #include <linux/bug.h> #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/errno.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/if.h> #include <linux/if_ether.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/netdevice.h> diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index 2dbbe6c1..0f5c0679 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -11,6 +11,7 @@ #include <linux/byteorder/generic.h> #include <linux/cache.h> #include <linux/compiler.h> +#include <linux/container_of.h> #include <linux/cpumask.h> #include <linux/errno.h> #include <linux/etherdevice.h> @@ -19,7 +20,6 @@ #include <linux/if_ether.h> #include <linux/if_vlan.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/tp_meter.c b/net/batman-adv/tp_meter.c index 93730d30..7f3dd3c3 100644 --- a/net/batman-adv/tp_meter.c +++ b/net/batman-adv/tp_meter.c @@ -12,13 +12,13 @@ #include <linux/byteorder/generic.h> #include <linux/cache.h> #include <linux/compiler.h> +#include <linux/container_of.h> #include <linux/err.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/if_ether.h> #include <linux/init.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/kthread.h> #include <linux/limits.h> diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 4b7ad668..8478034d 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -13,6 +13,7 @@ #include <linux/byteorder/generic.h> #include <linux/cache.h> #include <linux/compiler.h> +#include <linux/container_of.h> #include <linux/crc32c.h> #include <linux/errno.h> #include <linux/etherdevice.h> @@ -21,7 +22,6 @@ #include <linux/init.h> #include <linux/jhash.h> #include <linux/jiffies.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> diff --git a/net/batman-adv/tvlv.c b/net/batman-adv/tvlv.c index 0cb58eb0..7ec2e234 100644 --- a/net/batman-adv/tvlv.c +++ b/net/batman-adv/tvlv.c @@ -7,10 +7,10 @@ #include "main.h" #include <linux/byteorder/generic.h> +#include <linux/container_of.h> #include <linux/etherdevice.h> #include <linux/gfp.h> #include <linux/if_ether.h> -#include <linux/kernel.h> #include <linux/kref.h> #include <linux/list.h> #include <linux/lockdep.h> -- 2.30.2

8 months, 1 week

1
0
0 / 0

[RFC PATCH] batman-adv: Drop support for Linux < 4.9

by Sven Eckelmann

The Linux Kernel 4.4 reached its end of life [1] after 6 years. Instead it is recommended to use at least kernel 4.9. It is also over 5 years old but still maintained by the stable kernel team. All older kernels (4.4 - v4.8) will be dropped to reduce the support overhead. [1] TODO Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- README.external.rst | 2 +- compat-include/linux/cache.h | 22 ------ compat-include/linux/ethtool.h | 51 ------------- compat-include/linux/netdevice.h | 17 +---- compat-include/linux/netlink.h | 102 -------------------------- compat-include/linux/prandom.h | 1 - compat-include/linux/skbuff.h | 15 ---- compat-include/net/cfg80211.h | 18 ----- compat-include/uapi/linux/genetlink.h | 22 ------ 9 files changed, 2 insertions(+), 248 deletions(-) delete mode 100644 compat-include/linux/cache.h delete mode 100644 compat-include/linux/ethtool.h delete mode 100644 compat-include/linux/netlink.h delete mode 100644 compat-include/uapi/linux/genetlink.h diff --git a/README.external.rst b/README.external.rst index 217abdd4..95991d0e 100644 --- a/README.external.rst +++ b/README.external.rst @@ -12,7 +12,7 @@ and as an external module. The external module allows to get new features without upgrading to a newer kernel version and to get batman-adv specific bug fixes for kernels that are not supported anymore. It compiles against and should work -with Linux 4.4 - 5.16. Supporting older versions is not +with Linux 4.9 - 5.16. Supporting older versions is not planned, but it's probably easy to backport it. If you work on a backport, feel free to contact us. :-) diff --git a/compat-include/linux/cache.h b/compat-include/linux/cache.h deleted file mode 100644 index 9d7efab5..00000000 --- a/compat-include/linux/cache.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (C) B.A.T.M.A.N. contributors: - * - * Marek Lindner, Simon Wunderlich - * - * This file contains macros for maintaining compatibility with older versions - * of the Linux kernel. - */ - -#ifndef _NET_BATMAN_ADV_COMPAT_LINUX_CACHE_H -#define _NET_BATMAN_ADV_COMPAT_LINUX_CACHE_H - -#include <linux/version.h> -#include_next <linux/cache.h> - -#if LINUX_VERSION_IS_LESS(4, 6, 0) - -#define __ro_after_init - -#endif /* LINUX_VERSION_IS_LESS(4, 6, 0) */ - -#endif /* _NET_BATMAN_ADV_COMPAT_LINUX_CACHE_H */ diff --git a/compat-include/linux/ethtool.h b/compat-include/linux/ethtool.h deleted file mode 100644 index 0a69fc16..00000000 --- a/compat-include/linux/ethtool.h +++ /dev/null @@ -1,51 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (C) B.A.T.M.A.N. contributors: - * - * Antonio Quartulli - * - * This file contains macros for maintaining compatibility with older versions - * of the Linux kernel. - */ - -#ifndef _NET_BATMAN_ADV_COMPAT_LINUX_ETHTOOL_H_ -#define _NET_BATMAN_ADV_COMPAT_LINUX_ETHTOOL_H_ - -#include <linux/version.h> -#include_next <linux/ethtool.h> - -#if LINUX_VERSION_IS_LESS(4, 6, 0) - -#define ethtool_link_ksettings batadv_ethtool_link_ksettings - -struct batadv_ethtool_link_ksettings { - struct { - __u32 speed; - __u8 duplex; - } base; -}; - -#define __ethtool_get_link_ksettings(__dev, __link_settings) \ - batadv_ethtool_get_link_ksettings(__dev, __link_settings) - -static inline int -batadv_ethtool_get_link_ksettings(struct net_device *dev, - struct ethtool_link_ksettings *link_ksettings) -{ - struct ethtool_cmd cmd; - int ret; - - memset(&cmd, 0, sizeof(cmd)); - ret = __ethtool_get_settings(dev, &cmd); - - if (ret != 0) - return ret; - - link_ksettings->base.duplex = cmd.duplex; - link_ksettings->base.speed = ethtool_cmd_speed(&cmd); - - return 0; -} - -#endif /* LINUX_VERSION_IS_LESS(4, 6, 0) */ - -#endif /* _NET_BATMAN_ADV_COMPAT_LINUX_ETHTOOL_H_ */ diff --git a/compat-include/linux/netdevice.h b/compat-include/linux/netdevice.h index 9a62afcc..6ee0d21c 100644 --- a/compat-include/linux/netdevice.h +++ b/compat-include/linux/netdevice.h @@ -13,28 +13,13 @@ #include <linux/version.h> #include_next <linux/netdevice.h> -#if LINUX_VERSION_IS_LESS(4, 5, 0) - -#define netdev_master_upper_dev_link(dev, upper_dev, upper_priv, upper_info, extack) \ - netdev_master_upper_dev_link(dev, upper_dev) - -#elif LINUX_VERSION_IS_LESS(4, 15, 0) +#if LINUX_VERSION_IS_LESS(4, 15, 0) #define netdev_master_upper_dev_link(dev, upper_dev, upper_priv, upper_info, extack) \ netdev_master_upper_dev_link(dev, upper_dev, upper_priv, upper_info) #endif /* LINUX_VERSION_IS_LESS(4, 15, 0) */ -#if LINUX_VERSION_IS_LESS(4, 7, 0) - -#define netif_trans_update batadv_netif_trans_update -static inline void batadv_netif_trans_update(struct net_device *dev) -{ - dev->trans_start = jiffies; -} - -#endif /* LINUX_VERSION_IS_LESS(4, 7, 0) */ - #if LINUX_VERSION_IS_LESS(4, 11, 9) /* work around missing attribute needs_free_netdev and priv_destructor in diff --git a/compat-include/linux/netlink.h b/compat-include/linux/netlink.h deleted file mode 100644 index ef6a0358..00000000 --- a/compat-include/linux/netlink.h +++ /dev/null @@ -1,102 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (C) B.A.T.M.A.N. contributors: - * - * Marek Lindner, Simon Wunderlich - * - * This file contains macros for maintaining compatibility with older versions - * of the Linux kernel. - */ - -#ifndef _NET_BATMAN_ADV_COMPAT_LINUX_NETLINK_H_ -#define _NET_BATMAN_ADV_COMPAT_LINUX_NETLINK_H_ - -#include <linux/version.h> -#include_next <linux/netlink.h> - -#if LINUX_VERSION_IS_LESS(4, 7, 0) - -#include_next <net/netlink.h> - -static inline bool batadv_nla_need_padding_for_64bit(struct sk_buff *skb); - -static inline int batadv_nla_align_64bit(struct sk_buff *skb, int padattr) -{ - if (batadv_nla_need_padding_for_64bit(skb) && - !nla_reserve(skb, padattr, 0)) - return -EMSGSIZE; - - return 0; -} - -static inline struct nlattr *batadv__nla_reserve_64bit(struct sk_buff *skb, - int attrtype, - int attrlen, int padattr) -{ - if (batadv_nla_need_padding_for_64bit(skb)) - batadv_nla_align_64bit(skb, padattr); - - return __nla_reserve(skb, attrtype, attrlen); -} - -static inline void batadv__nla_put_64bit(struct sk_buff *skb, int attrtype, - int attrlen, const void *data, - int padattr) -{ - struct nlattr *nla; - - nla = batadv__nla_reserve_64bit(skb, attrtype, attrlen, padattr); - memcpy(nla_data(nla), data, attrlen); -} - -static inline bool batadv_nla_need_padding_for_64bit(struct sk_buff *skb) -{ -#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS - /* The nlattr header is 4 bytes in size, that's why we test - * if the skb->data _is_ aligned. A NOP attribute, plus - * nlattr header for next attribute, will make nla_data() - * 8-byte aligned. - */ - if (IS_ALIGNED((unsigned long)skb_tail_pointer(skb), 8)) - return true; -#endif - return false; -} - -static inline int batadv_nla_total_size_64bit(int payload) -{ - return NLA_ALIGN(nla_attr_size(payload)) -#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS - + NLA_ALIGN(nla_attr_size(0)) -#endif - ; -} - -static inline int batadv_nla_put_64bit(struct sk_buff *skb, int attrtype, - int attrlen, const void *data, - int padattr) -{ - size_t len; - - if (batadv_nla_need_padding_for_64bit(skb)) - len = batadv_nla_total_size_64bit(attrlen); - else - len = nla_total_size(attrlen); - if (unlikely(skb_tailroom(skb) < len)) - return -EMSGSIZE; - - batadv__nla_put_64bit(skb, attrtype, attrlen, data, padattr); - return 0; -} - -#define nla_put_u64_64bit(_skb, _attrtype, _value, _padattr) \ - batadv_nla_put_u64_64bit(_skb, _attrtype, _value, _padattr) -static inline int batadv_nla_put_u64_64bit(struct sk_buff *skb, int attrtype, - u64 value, int padattr) -{ - return batadv_nla_put_64bit(skb, attrtype, sizeof(u64), &value, - padattr); -} - -#endif /* LINUX_VERSION_IS_LESS(4, 7, 0) */ - -#endif /* _NET_BATMAN_ADV_COMPAT_LINUX_NETLINK_H_ */ diff --git a/compat-include/linux/prandom.h b/compat-include/linux/prandom.h index 7dd51ac7..dc227e61 100644 --- a/compat-include/linux/prandom.h +++ b/compat-include/linux/prandom.h @@ -12,7 +12,6 @@ #include <linux/version.h> #if LINUX_VERSION_IS_GEQ(5, 8, 1) || \ - (LINUX_VERSION_IS_GEQ(4, 4, 233) && LINUX_VERSION_IS_LESS(4, 5, 0)) || \ (LINUX_VERSION_IS_GEQ(4, 9, 233) && LINUX_VERSION_IS_LESS(4, 10, 0)) || \ (LINUX_VERSION_IS_GEQ(4, 14, 193) && LINUX_VERSION_IS_LESS(4, 15, 0)) || \ (LINUX_VERSION_IS_GEQ(4, 19, 138) && LINUX_VERSION_IS_LESS(4, 20, 0)) || \ diff --git a/compat-include/linux/skbuff.h b/compat-include/linux/skbuff.h index 4c04f165..77c4e99f 100644 --- a/compat-include/linux/skbuff.h +++ b/compat-include/linux/skbuff.h @@ -13,21 +13,6 @@ #include <linux/version.h> #include_next <linux/skbuff.h> -#if LINUX_VERSION_IS_LESS(4, 5, 0) - -static inline void batadv_skb_postpush_rcsum(struct sk_buff *skb, - const void *start, - unsigned int len) -{ - if (skb->ip_summed == CHECKSUM_COMPLETE) - skb->csum = csum_block_add(skb->csum, - csum_partial(start, len, 0), 0); -} - -#define skb_postpush_rcsum batadv_skb_postpush_rcsum - -#endif /* LINUX_VERSION_IS_LESS(4, 5, 0) */ - #if LINUX_VERSION_IS_LESS(4, 13, 0) static inline void *batadv_skb_put(struct sk_buff *skb, unsigned int len) diff --git a/compat-include/net/cfg80211.h b/compat-include/net/cfg80211.h index 6b756007..4bfcd5a3 100644 --- a/compat-include/net/cfg80211.h +++ b/compat-include/net/cfg80211.h @@ -13,24 +13,6 @@ #include <linux/version.h> #include_next <net/cfg80211.h> -#if LINUX_VERSION_IS_LESS(4, 8, 0) - -#if !IS_ENABLED(CONFIG_CFG80211) && \ - LINUX_VERSION_IS_GEQ(3, 16, 0) - -#define cfg80211_get_station(dev, mac_addr, sinfo) \ - batadv_cfg80211_get_station(dev, mac_addr, sinfo) - -static inline int batadv_cfg80211_get_station(struct net_device *dev, - const u8 *mac_addr, - struct station_info *sinfo) -{ - return -ENOENT; -} -#endif - -#endif /* LINUX_VERSION_IS_LESS(4, 8, 0) */ - #if LINUX_VERSION_IS_LESS(4, 18, 0) && IS_ENABLED(CONFIG_CFG80211) diff --git a/compat-include/uapi/linux/genetlink.h b/compat-include/uapi/linux/genetlink.h deleted file mode 100644 index 5fd58e22..00000000 --- a/compat-include/uapi/linux/genetlink.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* Copyright (C) B.A.T.M.A.N. contributors: - * - * Marek Lindner, Simon Wunderlich - * - * This file contains macros for maintaining compatibility with older versions - * of the Linux kernel. - */ - -#ifndef _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_ -#define _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_ - -#include <linux/version.h> -#include_next <uapi/linux/genetlink.h> - -#if LINUX_VERSION_IS_LESS(4, 6, 0) - -#define GENL_UNS_ADMIN_PERM GENL_ADMIN_PERM - -#endif /* LINUX_VERSION_IS_LESS(4, 6, 0) */ - -#endif /* _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_ */ -- 2.30.2

8 months, 1 week

1
0
0 / 0

alfred: runtime configuration

by Marek Lindner

Hi, the alfred daemon has built-in capabilities for accepting runtime configuration. Network interfaces and alfred 'mode' (primary/secondary) settings can be modified via instructions sent over unix socket. To make all settings configurable, the unix socket commands are extended to also support setting the batman-adv interface name at runtime. Network interfaces should no longer be required at startup as those can be configured at runtime. All these runtime settings make understanding the current alfred configuration tricky. Therefore, alfred should be able to export its operating configuration via unix socket. Cheers, Marek

8 months, 2 weeks

2
11
0 / 0

[PATCH AUTOSEL 5.4 08/73] batman-adv: allow netlink usage in unprivileged containers

by Sasha Levin

From: Linus Lüssing <linus.luessing(a)c0d3.blue> [ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ] Currently, creating a batman-adv interface in an unprivileged LXD container and attaching secondary interfaces to it with "ip" or "batctl" works fine. However all batctl debug and configuration commands fail: root@container:~# batctl originators Error received: Operation not permitted root@container:~# batctl orig_interval 1000 root@container:~# batctl orig_interval 2000 root@container:~# batctl orig_interval 1000 To fix this change the generic netlink permissions from GENL_ADMIN_PERM to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully maintainable as root from within a user namespace, from an unprivileged container. All except one batman-adv netlink setting are per interface and do not leak information or change settings from the host system and are therefore save to retrieve or modify as root from within an unprivileged container. "batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only exception: It provides the batman-adv kernel module wide default routing algorithm. However it is read-only from netlink and an unprivileged container is still not allowed to modify /sys/module/batman_adv/parameters/routing_algo. Instead it is advised to use the newly introduced "batctl if create routing_algo RA_NAME" / IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface creation, which already works fine in an unprivileged container. Cc: Tycho Andersen <tycho(a)tycho.pizza> Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/netlink.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index 7e052d6f759b6..e59c5aa27ee0b 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -1351,21 +1351,21 @@ static const struct genl_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_TP_METER, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_start, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER_CANCEL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_cancel, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_GET_ROUTING_ALGOS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_algo_dump, }, { @@ -1380,68 +1380,68 @@ static const struct genl_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_local_dump, }, { .cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_global_dump, }, { .cmd = BATADV_CMD_GET_ORIGINATORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_orig_dump, }, { .cmd = BATADV_CMD_GET_NEIGHBORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_hardif_neigh_dump, }, { .cmd = BATADV_CMD_GET_GATEWAYS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_gw_dump, }, { .cmd = BATADV_CMD_GET_BLA_CLAIM, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_claim_dump, }, { .cmd = BATADV_CMD_GET_BLA_BACKBONE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_backbone_dump, }, { .cmd = BATADV_CMD_GET_DAT_CACHE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_dat_cache_dump, }, { .cmd = BATADV_CMD_GET_MCAST_FLAGS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_mcast_flags_dump, }, { .cmd = BATADV_CMD_SET_MESH, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_SET_HARDIF, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_hardif, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_HARDIF, @@ -1457,7 +1457,7 @@ static const struct genl_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_SET_VLAN, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_vlan, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_VLAN, -- 2.34.1

8 months, 2 weeks

1
0
0 / 0

[PATCH AUTOSEL 5.10 013/116] batman-adv: allow netlink usage in unprivileged containers

by Sasha Levin

From: Linus Lüssing <linus.luessing(a)c0d3.blue> [ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ] Currently, creating a batman-adv interface in an unprivileged LXD container and attaching secondary interfaces to it with "ip" or "batctl" works fine. However all batctl debug and configuration commands fail: root@container:~# batctl originators Error received: Operation not permitted root@container:~# batctl orig_interval 1000 root@container:~# batctl orig_interval 2000 root@container:~# batctl orig_interval 1000 To fix this change the generic netlink permissions from GENL_ADMIN_PERM to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully maintainable as root from within a user namespace, from an unprivileged container. All except one batman-adv netlink setting are per interface and do not leak information or change settings from the host system and are therefore save to retrieve or modify as root from within an unprivileged container. "batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only exception: It provides the batman-adv kernel module wide default routing algorithm. However it is read-only from netlink and an unprivileged container is still not allowed to modify /sys/module/batman_adv/parameters/routing_algo. Instead it is advised to use the newly introduced "batctl if create routing_algo RA_NAME" / IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface creation, which already works fine in an unprivileged container. Cc: Tycho Andersen <tycho(a)tycho.pizza> Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/netlink.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index c7a55647b520e..121459704b069 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -1361,21 +1361,21 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_TP_METER, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_start, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER_CANCEL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_cancel, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_GET_ROUTING_ALGOS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_algo_dump, }, { @@ -1390,68 +1390,68 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_local_dump, }, { .cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_global_dump, }, { .cmd = BATADV_CMD_GET_ORIGINATORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_orig_dump, }, { .cmd = BATADV_CMD_GET_NEIGHBORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_hardif_neigh_dump, }, { .cmd = BATADV_CMD_GET_GATEWAYS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_gw_dump, }, { .cmd = BATADV_CMD_GET_BLA_CLAIM, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_claim_dump, }, { .cmd = BATADV_CMD_GET_BLA_BACKBONE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_backbone_dump, }, { .cmd = BATADV_CMD_GET_DAT_CACHE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_dat_cache_dump, }, { .cmd = BATADV_CMD_GET_MCAST_FLAGS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_mcast_flags_dump, }, { .cmd = BATADV_CMD_SET_MESH, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_SET_HARDIF, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_hardif, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_HARDIF, @@ -1467,7 +1467,7 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_SET_VLAN, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_vlan, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_VLAN, -- 2.34.1

8 months, 2 weeks

1
0
0 / 0

[PATCH AUTOSEL 5.15 020/188] batman-adv: allow netlink usage in unprivileged containers

by Sasha Levin

From: Linus Lüssing <linus.luessing(a)c0d3.blue> [ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ] Currently, creating a batman-adv interface in an unprivileged LXD container and attaching secondary interfaces to it with "ip" or "batctl" works fine. However all batctl debug and configuration commands fail: root@container:~# batctl originators Error received: Operation not permitted root@container:~# batctl orig_interval 1000 root@container:~# batctl orig_interval 2000 root@container:~# batctl orig_interval 1000 To fix this change the generic netlink permissions from GENL_ADMIN_PERM to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully maintainable as root from within a user namespace, from an unprivileged container. All except one batman-adv netlink setting are per interface and do not leak information or change settings from the host system and are therefore save to retrieve or modify as root from within an unprivileged container. "batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only exception: It provides the batman-adv kernel module wide default routing algorithm. However it is read-only from netlink and an unprivileged container is still not allowed to modify /sys/module/batman_adv/parameters/routing_algo. Instead it is advised to use the newly introduced "batctl if create routing_algo RA_NAME" / IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface creation, which already works fine in an unprivileged container. Cc: Tycho Andersen <tycho(a)tycho.pizza> Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/netlink.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index 29276284d281c..00875e1d8c44c 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -1368,21 +1368,21 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_TP_METER, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_start, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER_CANCEL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_cancel, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_GET_ROUTING_ALGOS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_algo_dump, }, { @@ -1397,68 +1397,68 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_local_dump, }, { .cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_global_dump, }, { .cmd = BATADV_CMD_GET_ORIGINATORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_orig_dump, }, { .cmd = BATADV_CMD_GET_NEIGHBORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_hardif_neigh_dump, }, { .cmd = BATADV_CMD_GET_GATEWAYS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_gw_dump, }, { .cmd = BATADV_CMD_GET_BLA_CLAIM, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_claim_dump, }, { .cmd = BATADV_CMD_GET_BLA_BACKBONE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_backbone_dump, }, { .cmd = BATADV_CMD_GET_DAT_CACHE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_dat_cache_dump, }, { .cmd = BATADV_CMD_GET_MCAST_FLAGS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_mcast_flags_dump, }, { .cmd = BATADV_CMD_SET_MESH, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_SET_HARDIF, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_hardif, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_HARDIF, @@ -1474,7 +1474,7 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_SET_VLAN, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_vlan, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_VLAN, -- 2.34.1

8 months, 2 weeks

1
0
0 / 0

[PATCH AUTOSEL 5.16 025/217] batman-adv: allow netlink usage in unprivileged containers

by Sasha Levin

From: Linus Lüssing <linus.luessing(a)c0d3.blue> [ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ] Currently, creating a batman-adv interface in an unprivileged LXD container and attaching secondary interfaces to it with "ip" or "batctl" works fine. However all batctl debug and configuration commands fail: root@container:~# batctl originators Error received: Operation not permitted root@container:~# batctl orig_interval 1000 root@container:~# batctl orig_interval 2000 root@container:~# batctl orig_interval 1000 To fix this change the generic netlink permissions from GENL_ADMIN_PERM to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully maintainable as root from within a user namespace, from an unprivileged container. All except one batman-adv netlink setting are per interface and do not leak information or change settings from the host system and are therefore save to retrieve or modify as root from within an unprivileged container. "batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only exception: It provides the batman-adv kernel module wide default routing algorithm. However it is read-only from netlink and an unprivileged container is still not allowed to modify /sys/module/batman_adv/parameters/routing_algo. Instead it is advised to use the newly introduced "batctl if create routing_algo RA_NAME" / IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface creation, which already works fine in an unprivileged container. Cc: Tycho Andersen <tycho(a)tycho.pizza> Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/netlink.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index 29276284d281c..00875e1d8c44c 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -1368,21 +1368,21 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_TP_METER, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_start, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_TP_METER_CANCEL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_tp_meter_cancel, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_GET_ROUTING_ALGOS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_algo_dump, }, { @@ -1397,68 +1397,68 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_local_dump, }, { .cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_tt_global_dump, }, { .cmd = BATADV_CMD_GET_ORIGINATORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_orig_dump, }, { .cmd = BATADV_CMD_GET_NEIGHBORS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_hardif_neigh_dump, }, { .cmd = BATADV_CMD_GET_GATEWAYS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_gw_dump, }, { .cmd = BATADV_CMD_GET_BLA_CLAIM, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_claim_dump, }, { .cmd = BATADV_CMD_GET_BLA_BACKBONE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_bla_backbone_dump, }, { .cmd = BATADV_CMD_GET_DAT_CACHE, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_dat_cache_dump, }, { .cmd = BATADV_CMD_GET_MCAST_FLAGS, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .dumpit = batadv_mcast_flags_dump, }, { .cmd = BATADV_CMD_SET_MESH, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_mesh, .internal_flags = BATADV_FLAG_NEED_MESH, }, { .cmd = BATADV_CMD_SET_HARDIF, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_hardif, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_HARDIF, @@ -1474,7 +1474,7 @@ static const struct genl_small_ops batadv_netlink_ops[] = { { .cmd = BATADV_CMD_SET_VLAN, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, - .flags = GENL_ADMIN_PERM, + .flags = GENL_UNS_ADMIN_PERM, .doit = batadv_netlink_set_vlan, .internal_flags = BATADV_FLAG_NEED_MESH | BATADV_FLAG_NEED_VLAN, -- 2.34.1

8 months, 2 weeks

1
0
0 / 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N January 2022