Swconfig versus etc/config/network

Pippo · November 16, 2018, 5:51pm

HI Jeff,

hope its the case !! I spent last two months trying to rewire the router to get the two plug i needed for the

monitoring ( of course in the meanwhile I learnt the very basic of patches, git, repos, nano, wireshark, serial etc.. not to mention managing VMs with full virtual HDD..)

just today I figured out 'git worktree add' to work at the same time with the standard router configuration and

my modded one.

I believe the road is going to be bumpy again soon but its big fun.

Thanks a lot to everybody

dlang · November 16, 2018, 7:14pm

They will need the entire file, not just a snippet of it.

David Lang

Pippo · November 17, 2018, 8:29am

Just realized my swconfig dev eth0 show

root@OpenWrt:/# swconfig dev eth0 help
switch0: eth0(AR934X built-in switch), ports: 6 (cpu @ 0), vlans: 16
     --switch
        Attribute 1 (int): enable_vlan (Enable VLAN mode)
        Attribute 2 (int): mirror_monitor_port (Mirror monitor port)
        Attribute 3 (none): apply (Activate changes in the hardware)
        Attribute 4 (none): reset (Reset the switch)
     --vlan
        Attribute 1 (int): vid (VLAN ID)
        Attribute 2 (ports): ports (VLAN port mapping)
     --port
        Attribute 1 (int): enable_mirror_rx (Enable mirroring of RX packets)
        Attribute 2 (int): enable_mirror_tx (Enable mirroring of TX packets)
        Attribute 3 (int): pvid (Primary VLAN ID)
        Attribute 4 (unknown): link (Get port link information)

Is missing the

 option mirror_source_port '

Pretty sure this happen in both the normal and modded configuration

Any clue ?

lleachii · November 17, 2018, 10:05am

~~Interesting...this means...~~

~~You can mirror packets; but cannot select what port...oddly enough, those options appear under switch on my device.~~

You do understand, this is a two (2) port switch per the techdata page, correct?
Also, I noticed your screenshot of the Switch page on the web GUI is blank...

Pippo · November 17, 2018, 11:36am

Yes I understand that but since I am completely unaware of linuxing and routing and having swconfig in normal build showing me 4 ports I assumed that the switch was there only and that only the physical rj45 connections were missing. In normal config ar7240 built in switch I could only see port 0 (CPU maybe) and port 1 eth1. In my random ar9344 built in switch config I got an extra port 5 where I can see link up and speed data and where I saw data flowing using wireshark on my PC with my mic in promiscuous mode. At first I thought that vlan was not necessary for port mirroring and that the options on swconfig dev switch0 help were there because of the hardware ability through specific driver to mirror ports. Now as you explained me I understand that for my switch to be able to port mirror I need to set up Vlans; a topic that so far I deliberately skipped because seems really difficult to understand. I’ll try to figure it out and ask less questions untill I have a more defined picture of what is going on clear in my mind. That is why at the beginning of my adventure I was asking about ways to understand openwrt overview in terms of how the system works. I know I should read the code as per Linus Torvald doctrine but I am missing the basic so trying to give my best with what I have got. Thank again. I’ll try to bother less.

Pippo · November 18, 2018, 1:04pm

Hi again

to have a way to better understand my set up I got my hands on a nice and very cheap USB to ethernet adapter.

Now my PC has got 2 nic cards one is connected to my minirouter 1st rj45 plug and the second to the 2nd
rj45 plug.

I connect my PC to the router using the 1st card (I add the ethernet card MAC address to the Connection
configuration to be sure to use that one)

As per my [Solved] Router-set-up advertising problem (but let's not discuss that here)
I need to ping a random device on the subnet from serial console to have my PC aware of the minirouter
but after that (help please !!??) I am able to ssh to the router and I have access to Luci.

Now using these three lines from console on my 2 physical port router where swconfig shows 5 port entries


 swconfig dev eth0 set mirror_monitor_port '5'
 
 swconfig dev eth0 port '1' set enable_mirror_rx '1'

 swconfig dev eth0 port '1' set enable_mirror_tx '1'

I get

Global attributes:
        enable_vlan: 0
        mirror_monitor_port: 5
Port 0:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
	enable_mirror_rx: 1
	enable_mirror_tx: 1
	pvid: 0
	link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:2 link:down
Port 3:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:4 link:down
Port 5:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:5 link:up speed:100baseT full-duplex auto
VLAN 0:
        vid: 0
        ports: 0 1 2 3 4 5

Opening up two wireshark instances on my PC

-1st using 1st card connected to router in promiscuous mode port 1

-2nd using 2nd card connected to router in promiscuous mode port 5 (THE MONITOR PORT)

Everything works nicely !!!!

1st Wireshark istance sees traffic from 192.168.1.1 to 192.168.1.2
and from 192.168.1.2 to 192.168.1.1

2nd Wireshark istances THE MONITOR PORT sees traffic from 192.168.1.1 to 192.168.1.2
and from 192.168.1.2 to 192.168.1.1

if I type on router console

swconfig dev eth0 port '1' set enable_mirror_tx '0'

1st Wireshark istance sees traffic from 192.168.1.1 to 192.168.1.2
and from 192.168.1.2 to 192.168.1.1

2nd Wireshark istances THE MONITOR PORT sees traffic from 192.168.1.2 to 192.168.1.1

and if I type

if I type on router console

swconfig dev eth0 port '1' set enable_mirror_tx '1'

swconfig dev eth0 port '1' set enable_mirror_rx '0'

1st Wireshark istance sees traffic from 192.168.1.1 to 192.168.1.2
and from 192.168.1.2 to 192.168.1.1

2nd Wiresharkistances THE MONITOR PORT sees traffic from 192.168.1.1 to 192.168.1.2

so apparently my set up doesnt need Vlan to enable port mirroring.

Problem remains because when I start Luci (I was monitoring packets relating to Luci itself)

I get

luci_monitor_ok

and if save and apply Luci switch config page I end up with

config switch 'eth0'
	option name 'eth0'
	option reset '1'
	option enable_mirror_rx '1'
	option enable_mirror_tx '1'
	option mirror_monitor_port '5'
	option mirror_source_port '0'

in my etc/config/network file

once again when I use etc/init.d/network reload

I loose my monitor port and swconfig dev eth0 shows:

Global attributes:
	enable_vlan: 1
	mirror_monitor_port: 5
Port 0:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:2 link:down
Port 3:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:3 link:down
Port 4:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:4 link:down
Port 5:
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	pvid: 0
	link: port:5 link:up speed:100baseT full-duplex auto
VLAN 0:
	vid: 0
	ports: 0 1 2 3 4 5

Any clue ?

Pippo · November 19, 2018, 10:42am

wrong information in previous post, deleted by me.

Pippo · November 19, 2018, 3:19pm

Hi using new approach:

deleted all my etc/config/network : rm etc/config/network

changed the etc/board.d/02_network for gl-ar150

from

gl-ar150)
	ucidef_set_interfaces_lan_wan "eth1" "eth0"

to

gl-ar150)
                 ucidef_add_switch "switch0" \
                        "0@eth0" "1:lan:1" "5:mir:5"

removed etc/board.json: rm etc/board.json

start from scratch reboot (or rebuild board.json with bin/board_detect and then

config_generate then etc/init.d/network reload)

Still problems with [Solved] Router-set-up advertising

need to ping subnet from router to be able to access Luci e ssh

nevertheless Luci/uci created:

ls -ls sys/class/net/

     0 lrwxrwxrwx    1 root     root             0 Nov 12 16:16 br-lan -> ../../devices/virtual/net/br-lan
     0 lrwxrwxrwx    1 root     root             0 Jan  1  1970 eth0 -> ../../devices/platform/ag71xx.1/net/eth0
     0 lrwxrwxrwx    1 root     root             0 Nov 12 16:16 eth0.1 -> ../../devices/virtual/net/eth0.1
     0 lrwxrwxrwx    1 root     root             0 Nov 12 16:21 eth0.2 -> ../../devices/virtual/net/eth0.2
     0 lrwxrwxrwx    1 root     root             0 Jan  1  1970 lo -> ../../devices/virtual/net/lo
     0 lrwxrwxrwx    1 root     root             0 Nov 12 16:16 wlan0 -> ../../devices/platform/ar933x_wmac/net/wlan0

etc/confignetwork:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'auto'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'mir'
        option ifname 'eth0.2'
        option proto 'none'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

swconfig dev eth0 show gives:

Global attributes:
        enable_vlan: 1
        mirror_monitor_port: 15
Port 0:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 1
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:2 link:down
Port 3:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:4 link:down
Port 5:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 2
        link: port:5 link:up speed:100baseT full-duplex auto
VLAN 0:
        vid: 0
        ports: 0t 2 3 4 
VLAN 1:
        vid: 1
        ports: 0t 1 
VLAN 2:
        vid: 2
        ports: 0t 5

pinging 192.168.1.8

I can connect to Luci:

luci-switch-before

If I set enable mirroring of incoming/outgoing packets:

luci-switch-after

and then Save & Apply:

etc/config/network change in

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'auto'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'mir'
        option ifname 'eth0.2'
        option proto 'none'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option enable_mirror_rx '1'
        option enable_mirror_tx '1'
        option mirror_source_port '1'
        option mirror_monitor_port '5'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 1'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 5'
        option vid '2'

swconfig dev eth0 show:

Global attributes:
       enable_vlan: 1
       mirror_monitor_port: 5
Port 0:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 0
       link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 1
       link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 0
       link: port:2 link:down
Port 3:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 0
       link: port:3 link:down
Port 4:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 0
       link: port:4 link:down
Port 5:
       enable_mirror_rx: 0
       enable_mirror_tx: 0
       pvid: 2
       link: port:5 link:up speed:100baseT full-duplex auto
VLAN 0:
       vid: 0
       ports: 0t 2 3 4 
VLAN 1:
       vid: 1
       ports: 0t 1 
VLAN 2:
       vid: 2
       ports: 0t 5

still port mirroring doesnt work untill I add:

root@OpenWrt:/# swconfig dev eth0 port '1' set enable_mirror_rx '1'     
root@OpenWrt:/# swconfig dev eth0 port '1' set enable_mirror_tx '1'
root@OpenWrt:/# swconfig dev eth0 show

that gives:

Global attributes:
        enable_vlan: 1
        mirror_monitor_port: 5
Port 0:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 
Port 1:
        enable_mirror_rx: 1
        enable_mirror_tx: 1
        pvid: 1
        link: port:1 link:up speed:100baseT full-duplex auto
Port 2:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:2 link:down
Port 3:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:3 link:down
Port 4:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 0
        link: port:4 link:down
Port 5:
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        pvid: 2
        link: port:5 link:up speed:100baseT full-duplex auto
VLAN 0:
        vid: 0
        ports: 0t 2 3 4 
VLAN 1:
        vid: 1
        ports: 0t 1 
VLAN 2:
        vid: 2
        ports: 0t 5

I'll try @jow


config switch_port
        option device 'eth0'
        option port '1'
        option enable_mirror_rx '1'

in etc/config/network and let you know.

Pippo · November 21, 2018, 10:38am

deleted wrong

Pippo · November 22, 2018, 3:57pm

Hi, tried

config switch_port
        option device 'eth0'
        option port '1'
        option enable_mirror_rx '1'

and

config switch_port
        option device 'switch0'
        option port '1'
        option enable_mirror_rx '1'

no luck.

Quite interesting my etc/config/network switch part (the one I put in openwrt/etc/config/network before building)

doesnt change my boot up swconfig dev eth0 show

in

mirror_monitor_port: 5   that shows  mirror_monitor_port: 15

while works for

 enable_vlan: 1

that part being:

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option mirror_monitor_port '5'

if I do etc/init.d/network reload

mirror_monitor_port: 5    is fine

as per the switch_port problem

config switch_port
        option device 'eth0'
        option port '1'
        option enable_mirror_rx '1'

doesn't work even with if etc/init.d/network reload

uci network show does give

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='auto'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.mir=interface
network.mir.ifname='eth0.2'
network.mir.proto='none'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch[0].mirror_monitor_port='5'
network.@switch[0].enable_mirror_rx='1'
network.@switch[0].enable_mirror_tx='1'
network.@switch[0].mirror_source_port='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0t 1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].vid='2'
network.@switch_port[0]=switch_port
network.@switch_port[0].device='eth0'
network.@switch_port[0].port='1'
network.@switch_port[0].enable_mirror_rx='1'

but nothing gets to swconfig

Any Idea. I'll try to understand how Luci <---> uci <---> swconfig works but I don't think I would be able to grasp even the basics of it

lleachii · November 24, 2018, 3:08pm

I noticed you have the monitor port MIR in your picture set as ""untagged." Have you tried setting this port to "off" except for CPU?

jow · November 24, 2018, 5:51pm

You can cut out LuCI of the equation, I don't think it is related at all here. The swconfig utility is actually processing the /etc/config/network file directly by itself (using the swconfig dev switch0 load network command). So I think that swconfig's C code reading the config is applying the settings in a wrong order.

jow · November 24, 2018, 6:01pm

Note that it must be "option device switch0", not "eth0".

Pippo · November 26, 2018, 1:37pm

used both of them , no luck

Pippo · November 26, 2018, 4:40pm

tried today

port off works the same as port on

means need to manually add

swconfig dev eth0 set mirror_monitor_port '5' && swconfig dev eth0 port '1' set enable_mirror_rx '1' && swconfig dev eth0 port '1' set enable_mirror_tx '1'

but the monitoring port works as well as the other one that I use for Luci connection

Pippo · November 26, 2018, 5:09pm

/* look for port or vlan sections */
	uci_foreach_element(&p->sections, e) {
		struct uci_element *os;
		s = uci_to_section(e);

		if (!strcmp(s->type, "switch_port")) {
			char *devn = NULL, *port = NULL, *port_err = NULL;
			int port_n;

			uci_foreach_element(&s->options, os) {
				o = uci_to_option(os);
				if (o->type != UCI_TYPE_STRING)
					continue;

				if (!strcmp(os->name, "device")) {
					devn = o->v.string;
					if (!swlib_match_name(dev, devn))
						devn = NULL;
				} else if (!strcmp(os->name, "port")) {
					port = o->v.string;
				}
			}
			if (!devn || !port || !port[0])
				continue;

			port_n = strtoul(port, &port_err, 0);
			if (port_err && port_err[0])
				continue;

			swlib_map_settings(dev, SWLIB_ATTR_GROUP_PORT, port_n, s);
		} else if (!strcmp(s->type, "switch_vlan")) {
			char *devn = NULL, *vlan = NULL, *vlan_err = NULL;
			int vlan_n;

			uci_foreach_element(&s->options, os) {
				o = uci_to_option(os);
				if (o->type != UCI_TYPE_STRING)
					continue;

here ?

Given that I gave up after

#include <stdio.h>
int main()
{
   // printf() displays the string inside quotation
   printf("Hello, World!");
   return 0;
}

I think I'll pass on it and see if I can something like

swconfig dev eth0 set mirror_monitor_port '5' && swconfig dev eth0 port '1' set enable_mirror_rx '1' && swconfig dev eth0 port '1' set enable_mirror_tx '1'

everytime the network reinitialise ?

Any help with that ??

Pippo · November 27, 2018, 4:09pm

Hi jow,

just to be sure I got it right if swconfig reads in the wrong order the network config means that

root@OpenWrt:/# swconfig dev eth0 help
switch0: eth0(AR934X built-in switch), ports: 6 (cpu @ 0), vlans: 16
     --switch
        Attribute 1 (int): enable_vlan (Enable VLAN mode)
        Attribute 2 (int): mirror_monitor_port (Mirror monitor port)
        Attribute 3 (none): apply (Activate changes in the hardware)
        Attribute 4 (none): reset (Reset the switch)
     --vlan
        Attribute 1 (int): vid (VLAN ID)
        Attribute 2 (ports): ports (VLAN port mapping)
     --port
        Attribute 1 (int): enable_mirror_rx (Enable mirroring of RX packets)
        Attribute 2 (int): enable_mirror_tx (Enable mirroring of TX packets)
        Attribute 3 (int): pvid (Primary VLAN ID)
        Attribute 4 (unknown): link (Get port link information)
root@OpenWrt:/#

are the valid attributes ?

when Luci tries to set them Luci writes the in wrong order too ?

mkrle · January 20, 2019, 2:45pm

Apparently the swconfig load operation always triggers 'apply' function which in this switch driver currently clears port mirroring flags effectively undoing port mirroring configuration.

I've submitted a patch for this, however there's one more issue that I'm trying to resolve:

/etc/init.d/network reload works fine
/etc/init.d/network restart initially works fine, the mirror flags are set, but after about 3 seconds they are reset
the same issue is present after reboot, can be worked around with network reload

I cannot determine where this is triggered from though.

mkrle · January 29, 2019, 1:51pm

According to my research, swconfig load sets up vlans and mirror flags via swconfig netlink API, but shortly afterwards netifd triggers switch reset via ioctl. This occurs when interface eth0 comes up, which happens on boot, during '/etc/init.d/network restart', basically when the first interface (e.g. 'lan') is attached to eth0.

When soft reset is triggered from the driver, the switch chip appears to clear mirror flags, while preserving the vlan config.

         ar7240sw_reg_write(mii, AR7240_REG_MASK_CTRL,
                           AR7240_MASK_CTRL_SOFT_RESET);

I don't know how to fix this - swconfig/netifd behaviour is probably expected and not to be touched, and the driver issuing soft reset during switch reset operation also looks good, and is probably necessary. I'm not sure whether preserving mirror flags in the driver during a switch reset operation should be done.

Any ideas?

Pippo · January 29, 2019, 8:49pm

Where did you find the

 ar7240sw_reg_write(mii, AR7240_REG_MASK_CTRL,
                           AR7240_MASK_CTRL_SOFT_RESET);

Just curios about how openwrt works ?