On Thu, Jun 13, 2019 at 9:18 AM Andre Valentin <[email protected]> wrote: > > Hi! > > On 13.06.19 08:44, Hans Dedecker wrote: > > Hi, > > > > On Wed, Jun 12, 2019 at 8:28 PM Andre Valentin <[email protected]> > > wrote: > >> > >> Hi Hans!! > >> Am 11.06.19 um 22:16 schrieb Hans Dedecker: > >>> Hi, > >>> > >>> On Mon, Jun 10, 2019 at 8:10 PM Andre Valentin <[email protected]> > >>> wrote: > >>>> > >>>> Hi Hans, > >>>> > >>>> after testing xfrm tunnels a bit I found to big differences compared to > >>>> other convential tunnels. > >>>> 1) xfrm tunnel interfaces cannot be replaced with netlink > >>>> 2) xfrm tunnel interfaces DO NOT vanish if parent is deleted > >>>> > >>>> This leads to some errors and a loop in interface creation. With the > >>>> changes below, > >>>> it works smoothly when not bound to ppp interfaces (using lan instead), > >>>> see: > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command > >>>> failed: Unknown error > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now > >>>> down > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is > >>>> setting up now > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command > >>>> failed: Unknown error > >>>> and so on > >>>>>> What do you think? > >>> The description is a bit cryptic to me; could you explain what works > >>> and what does not work and why ? > >> Sorry for being cryptic, I tend to that;-) Okay, I do the following: > >> # ifup xfrm0 > >> ... use it > >> # ifdown xfrm0 > >> The interface still exists (checked with ip link) > >> > >> Now I'll do ifup again and this happens endlessly: > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14255): Command > >>>> failed: Unknown error > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is now > >>>> down > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: Interface 'xfrm0' is > >>>> setting up now > >>>> Mon Jun 10 11:42:06 2019 daemon.notice netifd: xfrm0 (14281): Command > >>>> failed: Unknown error > >> > >> In netifd the xfrm0 interface is created with the REPLACE flag, but that > >> does not seem to work, it cannot be recreated and fails. > >> The result is the upper error repeating. > >> That's why I think about the call to "ip link delete xfrm0" before > >> proto_init_update call and in the teardown call. > > Adding the ip link calls does not make sense to me as netifd should > > take care of deleting the xfrm interfaces > > Are you sure the xfrm interfaces can be deleted by the ioctl call > > SIOCDELTUNNEL as is the case now ? > > For the other tunnel interfaces like vti/gre deletion is done via the > > netlink interface. > > Good point, I will check that. > > > > Next to that I noticed a tunlink is specified in xfrm.sh but no > > proto_add_host_dependency is added; is this on purpose ? > Yes, that is on purpose. The tunlink specified is a must, but is noted > used for decrypting and encrypting packets. It works on every interface. > > Also the XFRM interface has no IP endpoint, so there no possibility to > add this to the interface, it would be only cosmetical. You can install a proto_add_host_dependency on an interface (tunlink in this case); so it's not required to have an IP endpoint.
Hans > > Thanks, > > André _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
