From cfd95dc3008642e22105f7c56a3b4a0a179a0558 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Tue, 23 Apr 2024 17:17:45 +0200 Subject: [PATCH] confd: use the system base mac as mac address on bridges To prevent the kernel from setting a random mac address on new bridges, before we have added any bridge ports, we create bridges using the: 1. Custom mac address from the configuration (phys-address) 2. System base mac from /run/system.json 3. None, if there is no base mac address in system.json, e.g. r2s Fixes #357 Signed-off-by: Joachim Wiberg --- doc/ChangeLog.md | 4 ++++ src/confd/src/core.c | 2 +- src/confd/src/core.h | 3 +++ src/confd/src/ietf-interfaces.c | 26 ++++++++++++++++++++++++-- 4 files changed, 32 insertions(+), 3 deletions(-) diff --git a/doc/ChangeLog.md b/doc/ChangeLog.md index 8dcfb502d..eba0c23c6 100644 --- a/doc/ChangeLog.md +++ b/doc/ChangeLog.md @@ -357,6 +357,10 @@ future releases. - Fix #349: minor changes to `bridge-port` settings, like setting `pvid` when you forget it, did not take without a reboot - Fix #353: impossible to remove bridge port with `no bridge-port` +- Fix #357: EUI-64 based IPv6 autoconf address on bridges seem to be + randomized. Problem caused by kernel setting a random MAC before any + bridge port is added. Fixed by using the device's base MAC address on + bridge interfaces. Possible to override using `phys-address` option - Fix #358: MAC address no longer shown for bridge interfaces in CLI `show interfaces` command - Fix #365: not possible to run `ping` from container diff --git a/src/confd/src/core.c b/src/confd/src/core.c index 7ef80d76f..050d50c75 100644 --- a/src/confd/src/core.c +++ b/src/confd/src/core.c @@ -4,7 +4,7 @@ #include "core.h" -static struct confd confd; +struct confd confd; uint32_t core_hook_prio(void) { diff --git a/src/confd/src/core.h b/src/confd/src/core.h index 633ace04d..ea4a7d634 100644 --- a/src/confd/src/core.h +++ b/src/confd/src/core.h @@ -32,6 +32,9 @@ #define CB_PRIO_PRIMARY 65535 #define CB_PRIO_PASSIVE 65000 +extern struct confd confd; + + static inline void print_val(sr_val_t *val) { char *str; diff --git a/src/confd/src/ietf-interfaces.c b/src/confd/src/ietf-interfaces.c index 08da45153..772abbc3c 100644 --- a/src/confd/src/ietf-interfaces.c +++ b/src/confd/src/ietf-interfaces.c @@ -1284,15 +1284,37 @@ static int netdag_gen_bridge(sr_session_ctx_t *session, struct dagger *net, stru vlan_filtering = bridge_vlan_settings(cif, &proto, &vlan_mcast); fwd_mask = bridge_fwd_mask(cif); + fprintf(ip, "link %s dev %s", op, brname); + /* + * Must set base mac on add to prevent kernel from seeding ipv6 + * addrgenmode eui64 with random mac, issue #357. + */ + if (add) { + const char *mac; + + mac = lydx_get_cattr(cif, "phys-address"); + if (!mac) { + struct json_t *j; + + j = json_object_get(confd.root, "mac-address"); + if (j) + mac = json_string_value(j); + } + if (mac) + fprintf(ip, " address %s", mac); + + /* on failure, fall back to kernel's random mac */ + } + /* * Issue #198: we require explicit VLAN assignment for ports * when VLAN filtering is enabled. We strongly * believe this is the only sane way of doing it. * Issue #310: malplaced 'vlan_default_pvid 0' */ - fprintf(ip, "link %s dev %s type bridge group_fwd_mask %d mcast_flood_always 1" + fprintf(ip, " type bridge group_fwd_mask %d mcast_flood_always 1" " vlan_filtering %d vlan_default_pvid 0", - op, brname, fwd_mask, vlan_filtering ? 1 : 0); + fwd_mask, vlan_filtering ? 1 : 0); if ((err = bridge_mcast_settings(ip, brname, cif, vlan_mcast))) goto out;