Hi!
On 13.06.19 08:44, Hans Dedecker wrote:
Hi,
On Wed, Jun 12, 2019 at 8:28 PM Andre Valentin <[email protected]> wrote:
Hi Hans!!
Am 11.06.19 um 22:16 schrieb Hans Dedecker:
Hi,
On Mon, Jun 10, 2019 at 8:10 PM Andre Valentin <[email protected]> wrote:
Hi Hans,
after testing xfrm tunnels a bit I found to big differences compared to other
convential tunnels.
1) xfrm tunnel interfaces cannot be replaced with netlink
2) xfrm tunnel interfaces DO NOT vanish if parent is deleted
This leads to some errors and a loop in interface creation. With the changes
below,
it works smoothly when not bound to ppp interfaces (using lan instead), see:
Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command failed:
Unknown error
Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now down
Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is setting up
now
Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command failed:
Unknown error
and so on
What do you think?
The description is a bit cryptic to me; could you explain what works
and what does not work and why ?
Sorry for being cryptic, I tend to that;-) Okay, I do the following:
# ifup xfrm0
... use it
# ifdown xfrm0
The interface still exists (checked with ip link)
Now I'll do ifup again and this happens endlessly:
Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command failed:
Unknown error
Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now down
Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is setting up
now
Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command failed:
Unknown error
In netifd the xfrm0 interface is created with the REPLACE flag, but that does
not seem to work, it cannot be recreated and fails.
The result is the upper error repeating.
That's why I think about the call to "ip link delete xfrm0" before
proto_init_update call and in the teardown call.
Adding the ip link calls does not make sense to me as netifd should
take care of deleting the xfrm interfaces
Are you sure the xfrm interfaces can be deleted by the ioctl call
SIOCDELTUNNEL as is the case now ?
For the other tunnel interfaces like vti/gre deletion is done via the
netlink interface.
Good point, I will check that.
Next to that I noticed a tunlink is specified in xfrm.sh but no
proto_add_host_dependency is added; is this on purpose ?
Yes, that is on purpose. The tunlink specified is a must, but is noted
used for decrypting and encrypting packets. It works on every interface.
Also the XFRM interface has no IP endpoint, so there no possibility to
add this to the interface, it would be only cosmetical.
Thanks,
André
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
