Commit Graph

591 Commits

Author SHA1 Message Date
Steven Barth
eb866e413f firewall: Remove src_port from firewall.config to receive dhcpv6 replies
Seems like my second try was again whitespace broken. Sorry for the noise.

Remove src_port from firewall.config to receive dhcpv6 replies. Fixes #20295.

Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de>

SVN-Revision: 46842
2015-09-11 06:46:35 +00:00
Felix Fietkau
7e57d753a1 netifd: update to the latest version, fixes a WDS STA mode regression caused by multicast-to-unicast handling (#20466)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46841
2015-09-10 21:00:19 +00:00
Steven Barth
e07959cade package: replace ifconfig-usage with ip
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46832
2015-09-08 17:44:24 +00:00
Felix Fietkau
d4e9c8d7ef netifd: update to the latest version, adds multicast-to-unicast fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46719
2015-08-25 07:24:53 +00:00
Steven Barth
9f67c7fc8a netifd: various updates
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46718
2015-08-25 06:27:37 +00:00
Steven Barth
6831883100 firewall: fix typo in ESP rule
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46506
2015-07-27 11:47:20 +00:00
Steven Barth
f6abd042c2 firewall: comply with REC-22, REC-24 of RFC 6092
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46478
2015-07-24 10:00:45 +00:00
Felix Fietkau
26d71e9b25 netifd: update to the latest version, fixes setting RPS/XPS for wlan devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46421
2015-07-18 23:14:19 +00:00
John Crispin
d42b6c1afb swconfig: libsw.so should be installed into /usr/lib/
otherwise it's not picked up by toolchain:

staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_musl-1.1.10/lib/gcc/mipsel-openwrt-linux-musl/4.8.3/../../../../mipsel-openwrt-linux-musl/bin/ld: cannot find -lsw

Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 46406
2015-07-17 12:51:24 +00:00
John Crispin
c71ef0499b swconfig: Split libsw out of swconfig for reuse in other packages
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46358
2015-07-14 09:56:59 +00:00
Felix Fietkau
7a04fd0e3a swconfig: swlib.c: Fix another memleak
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46275
2015-07-08 15:59:38 +00:00
John Crispin
5da98f3478 swconfig: swlib.c: free name and description of attributes
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46232
2015-07-07 13:46:16 +00:00
John Crispin
294907aa3a swconfig: swlib.c: free portmaps in swlib_free()
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46231
2015-07-07 13:46:05 +00:00
John Crispin
2b9bdf4d6f swconfig: swlib.c: remove const qualifier for val.s since this is supposed to be free'd
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46230
2015-07-07 13:45:56 +00:00
John Crispin
08d4d4921d swconfig: swlib.c: free device name and alias
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46229
2015-07-07 13:45:44 +00:00
Steven Barth
a742fcaf3b netifd: add mtu6 option to override IPv6 MTU
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46135
2015-06-29 06:47:19 +00:00
Matteo Croce
1090df82be ltq-vdsl-app: build fix for MUSL
SVN-Revision: 46006
2015-06-16 21:43:26 +00:00
Steven Barth
ebfe8d8b08 netifd: bump to latest, various fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45926
2015-06-08 11:04:10 +00:00
Steven Barth
e6f9641df1 netifd: fix and optimize ipv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45768
2015-05-26 12:48:12 +00:00
Jo-Philipp Wich
35497a0400 firewall: link iptables extensions dynamically
Use shared libipt{,4,6}ext.so libraries instead of statically linking
the userspace matches into the fw3 executable.

As a side effect the match initialization is extremely simplified
compared to the weak function pointer juggling performed before.

This also fixes the initialization of the multiport match.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45764
2015-05-26 11:11:48 +00:00
Felix Fietkau
4eeeb91661 netifd: bump to current HEAD
This introduces a new config parameter "no-proto-task" useful for
xl2tpd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45748
2015-05-25 21:15:31 +00:00
Steven Barth
241dbffcf9 netifd: improve IPv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45701
2015-05-19 09:01:34 +00:00
Felix Fietkau
bf84a53f9b netifd-dhcp: supply parameters to user-script
hand over parameters to user-script e.g. $1=deconfig

Signed-off-by: Leon George <leon@georgemail.de>
Signed-off-by: Christian Mehlis <christian@m3hlis.de>

SVN-Revision: 45626
2015-05-08 10:44:19 +00:00
Steven Barth
d534883a52 firewall: Allow IGMP and MLD input on WAN
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.

RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

SVN-Revision: 45613
2015-05-05 13:22:41 +00:00
Steven Barth
a132313238 dhcp: add option specifying overriding custom-routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45594
2015-05-02 07:44:55 +00:00
Felix Fietkau
fe14e2a674 netifd: update to the latest version, fixes retry when proto handlers exit without changing the state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45550
2015-04-21 12:11:07 +00:00
Felix Fietkau
a285a0a034 netifd: update to the latest version, fixes more interface device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45503
2015-04-19 09:50:49 +00:00
Felix Fietkau
6293aae9d3 netifd: update to the latest version, fixes more device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45497
2015-04-18 21:35:16 +00:00
Felix Fietkau
bdd241ee29 netifd: update to the latest version, fixes issues in handling device config from interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45483
2015-04-17 19:28:10 +00:00
Felix Fietkau
c909a0354a qos-scripts: drop obsolete depdendency on iptabes-mod-filter (#19506)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45482
2015-04-17 18:52:28 +00:00
Steven Barth
6b062ad848 network: shorten names of generated interfaces
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45476
2015-04-17 13:10:19 +00:00
Felix Fietkau
bdb6c313de qos-scripts: remove layer7 support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45425
2015-04-13 22:23:26 +00:00
John Crispin
dcdd5c1ecb netifd: Interface last error support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45334
2015-04-09 10:33:05 +00:00
Steven Barth
4a1f19e15d netifd: revert policy routing (broke some custom user rules)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45185
2015-03-31 13:14:40 +00:00
Steven Barth
edf9b7a2a5 netifd: add metric argument for ipv4 proto routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45182
2015-03-31 11:36:20 +00:00
Steven Barth
7edbd6b4d7 netifd: adjust default local policy rules
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45059
2015-03-27 14:19:10 +00:00
John Crispin
242e37454a netifd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45020
2015-03-26 10:59:40 +00:00
Felix Fietkau
7cacd6bdb6 netifd: fix default initialization of RPS/XPS
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44944
2015-03-22 17:40:39 +00:00
Felix Fietkau
78692595e7 netifd: update to the latest version, adds support for configuring RPS/XPS (enabled by default where available)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44943
2015-03-22 16:42:44 +00:00
Steven Barth
8cfe2fb30b netifd: fix ipv6 route regression
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44919
2015-03-21 18:28:08 +00:00
Steven Barth
b27efd6e07 netifd: device update fixes, improvements in policy routing
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44899
2015-03-20 07:50:45 +00:00
Jo-Philipp Wich
eb7f470e7b netifd: dhcp: install host route to gateway (#19182)
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations install a host route towards the gateway.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44789
2015-03-15 14:48:18 +00:00
John Crispin
59c20174f8 json-c: update to 0.12 and bump all depending services
Version 0.12 deprecates json_object_object_get and moves the header files around

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44657
2015-03-11 15:54:33 +00:00
Steven Barth
0f365e4cb9 firewall: fix some more null-pointer accesses
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44540
2015-02-26 07:14:41 +00:00
Steven Barth
c975f83cc2 netifd: various device config / event fixes (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44480
2015-02-17 14:14:51 +00:00
Felix Fietkau
00d422fc60 netifd: update to the latest version, reverts a commit causing MTU issues (fixes #18869)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44461
2015-02-16 09:07:19 +00:00
Steven Barth
6ee8d1f178 netifd: fix device config handling and add some config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44331
2015-02-09 08:30:06 +00:00
Felix Fietkau
ea638e4eba netifd: fix a regression with some VLAN configurations introduced in the last update
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44098
2015-01-24 14:16:36 +00:00
Felix Fietkau
18d4b8783c netifd: do not stop service on shutdown, only call ifdown
Also add a small delay, like on restart

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44096
2015-01-24 13:41:04 +00:00
Felix Fietkau
c71cf8e6e4 netifd: update to the latest version, fixes bridge reload (#18351) and device config issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44093
2015-01-24 00:30:36 +00:00
Jo-Philipp Wich
1f6411e436 netifd: store additional DHCP lease information
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44092
2015-01-23 22:19:29 +00:00
Steven Barth
99fa07d07e netifd: add option to customize IPv6 interface identifiers (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44050
2015-01-19 08:39:04 +00:00
Jo-Philipp Wich
a6a142caf6 firewall: respect src_dip option for reflection (#18544)
Also fix wrong IPv4 netmask calculation on x86-64, thanks Ulrich Weber.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43874
2015-01-08 16:10:46 +00:00
Jo-Philipp Wich
7f6af5ddc9 qos-scripts: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43860
2015-01-06 12:42:38 +00:00
Steven Barth
4746ffd7a6 netifd: minor fixes, add mldversion option
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43771
2014-12-23 13:34:04 +00:00
Steven Barth
f565e0598d netifd: Set source IP for DHCP static routes as well
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 43645
2014-12-12 09:39:07 +00:00
Steven Barth
1f4ddec7f2 netifd: several fixes and optimizations
Thanks to Hans Dedecker and Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43583
2014-12-08 17:43:14 +00:00
Steven Barth
15d67644f1 This patch depends on "Pass source address to proto_add_ipv4_route".
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.

Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>

SVN-Revision: 43582
2014-12-08 17:43:03 +00:00
Felix Fietkau
62c33d9f62 qos-scripts: fix insmod commands
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43562
2014-12-08 12:03:47 +00:00
Steven Barth
200c30b426 netifd: correctly handle source-parameter for IPv4 routes
Thanks to Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43400
2014-11-27 07:26:10 +00:00
Felix Fietkau
185172bdd3 netifd: update to the latest version, fixes issues when changing a bridge member from a vlan to its base device (#18351)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43346
2014-11-23 16:07:00 +00:00
Steven Barth
047f1c8dca netifd: fix race, expose config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43299
2014-11-19 08:31:13 +00:00
Steven Barth
990b501ec4 netifd: fix default ORO-setting for 6rd
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43214
2014-11-08 12:24:49 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
John Crispin
26e308019d ltq-vdsl-app: use VDSL tone-setup if annex is unset
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 43114
2014-10-30 08:08:01 +00:00
Felix Fietkau
3cefd0af7d netifd: update to the latest version, fixes a use-after-free bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43044
2014-10-24 13:04:12 +00:00
Felix Fietkau
188eb85f5b netifd: update to the latest version, fixes link status handling on VLAN devices (#18106)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43007
2014-10-20 20:09:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
Steven Barth
9106cc0af9 netifd: Make mtu configurable of dynamic 6rd tunnel interface
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42871
2014-10-12 12:27:21 +00:00
Steven Barth
36b05bbed3 IPIP: IP in IP package support
The package supports IP in IP by registering the ipip protocol handler

Following options are configurable
    -peeraddr (IPv4 remote address)
    -ipaddr (IPv4 local address)
    -ttl (time to live of encapsulating packet)
    -tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
    -df (don't fragment flag of encapsulating packet)
    -mtu (IPIP tunnel mtu)
    -tunlink (bind tunnel to this interface)
    -zone (firewall zone to which the IPIP tunnel will be added)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42746
2014-10-02 19:37:36 +00:00
Steven Barth
73179a188c netifd: fix an error message during network shutdown
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.

Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42745
2014-10-02 19:37:25 +00:00
Steven Barth
1c166058df netifd: add IPIP tunnel support (thx Hans Dedecker)
SVN-Revision: 42744
2014-10-02 19:37:17 +00:00
Steven Barth
6e2262898f GRE: Tos support
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
     -inherit (outer header inherits the tos value of the inner header)
     -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42700
2014-09-29 18:00:02 +00:00
Steven Barth
30912c5d81 netifd: add support for promisc and GRE tos option
SVN-Revision: 42699
2014-09-29 17:59:50 +00:00
Jo-Philipp Wich
68147004e2 firewall: allow '*' as synonym for any / all in family and proto options
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42620
2014-09-19 18:18:58 +00:00
Jo-Philipp Wich
36e2179c10 firewall: fix heap corruption in fw3_bitlen2netmask() with IPv6 addresses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42610
2014-09-18 12:05:12 +00:00
Jo-Philipp Wich
cbf50a0ffd firewall: fix invalid memory access when processing /128 IPv6 addresses from ubus, properly emit REDIRECT rules for local port forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42604
2014-09-17 22:09:52 +00:00
John Crispin
50d313f409 lantiq: revert vr9 driver update as it causes problems
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42556
2014-09-15 16:19:33 +00:00
Felix Fietkau
8d699086c3 qos-scripts: disable fq_codel ecn by default to improve compatibility
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42479
2014-09-11 23:13:24 +00:00
John Crispin
e9dab2de72 lantiq: update to a newer versions of the vr9 drivers
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42478
2014-09-11 18:22:31 +00:00
Steven Barth
bd74df01b1 netifd: work-around kernel IPv6 on-link route issue
SVN-Revision: 42439
2014-09-08 14:45:56 +00:00
Felix Fietkau
008c7a9e5a netifd: update to the latest version, adds interface cleanup fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42345
2014-08-31 13:09:01 +00:00
Felix Fietkau
ba62bcbf24 netifd: update to the latest version, fixes proto-shell teardown after renew
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42344
2014-08-31 12:26:26 +00:00
John Crispin
2ae05c57f8 package/*: remove useless explicit set of function returncode
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.

myfunction()
{
	fire_command

	return $?
}

a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:

http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42278
2014-08-25 06:35:50 +00:00
John Crispin
b9ea44f947 firewall: the firewall did not start properly on boot
https://dev.openwrt.org/ticket/17593

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42233
2014-08-21 09:53:25 +00:00
Steven Barth
92ef017054 netifd: assign ipv6-prefixes with length <64 with /64 on-link routes
SVN-Revision: 42161
2014-08-13 14:57:11 +00:00
Jo-Philipp Wich
aa9e69908e firewall: fix potential NULL pointer access
Properly skip struct ifaddr entries with NULL ifa_addr, thanks Kostas Papadopoulos for reporting.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42138
2014-08-11 17:45:18 +00:00
Jo-Philipp Wich
fa37594f50 firewall: implement selective conntrack flushing (#10225)
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42114
2014-08-11 09:41:20 +00:00
Steven Barth
b95b4ede4c netifd: unblock some proto shell actions in teardown state
SVN-Revision: 42032
2014-08-07 10:21:08 +00:00
Steven Barth
6656292619 netifd: disable ds-lite, map & gre for old kernels
this unbreaks netifd compilation on old kernels

SVN-Revision: 42019
2014-08-06 19:57:19 +00:00
Steven Barth
1e6ab23098 netifd: minor fixes (thanks Hans Dedecker)
SVN-Revision: 42000
2014-08-05 10:03:10 +00:00
Steven Barth
bc0acb9db9 gre: Change hostdependcy to remote endpoint tunnel address
Depend on the GRE tunnel peeraddr to trigger setup of the tunnel interface.
Addresses the issue reported in https://lists.openwrt.org/pipermail/openwrt-devel/2014-August/027201.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41998
2014-08-05 09:57:55 +00:00
Steven Barth
7dabdbde78 gre: Generic Routing Encapsulation package support
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
    -gre
    -gretap
    -grev6
    -grev6tap

Following options are valid for gre and gretap kinds:
    -ipaddr
    -peeraddr
    -df
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The gretap kind supports additionally the network option

Following options are valid for grev6 and grev6tap kinds:
    -ip6addr
    -peer6addr
    -weakif
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The grev6tap kind supports additionally the network option

Typical network config for a GREv4 tunnel :

config interface 'gre'
        option peeraddr '172.16.18.240'
        option mtu '1400'
        option proto 'gre'
        option tunlink 'wan'
        option zone 'tunnel'

Typical network config for a GREv4 tap tunnel :

config interface 'gretap'
        option peeraddr '195.207.5.79'
        option mtu '1400'
        option proto 'gretap'
        option zone 'tunnel'
        option tunlink 'wan'
        option network 'wlan_ap'

I added myself as maintainer for the moment; feel free to change.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41897
2014-07-30 13:22:24 +00:00
Steven Barth
e413bb0e7e netifd: fixes and GRE support (thx Hans Dedecker)
SVN-Revision: 41896
2014-07-30 13:21:52 +00:00
Steven Barth
86671615de netifd: suppress fw3 warnings in dhcp script
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41892
2014-07-30 13:17:56 +00:00
Steven Barth
6a50e69b21 netifd: more race condition fixes in proto-shell
SVN-Revision: 41887
2014-07-29 17:24:23 +00:00
Steven Barth
7f17639742 netifd: more dynamic interface improvements
SVN-Revision: 41862
2014-07-28 20:35:53 +00:00
Felix Fietkau
76d7397bc2 netifd: fix a small issue in r41831
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41836
2014-07-26 14:35:15 +00:00
Felix Fietkau
ee4f8c8b99 netifd: update to the latest version, fixes a race condition with renew/setup
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41831
2014-07-26 01:46:34 +00:00
Steven Barth
ae50480d77 netifd: Fix some race-conditions in interface handling
SVN-Revision: 41825
2014-07-24 22:05:19 +00:00
Steven Barth
9231df5665 softwires: redesign dhcp(v6) provisioning
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 41823
2014-07-24 14:17:41 +00:00
Felix Fietkau
5206b2dac0 netifd: update to the latest version, enables bridge multicast querier and fixes interface reload issues with wifi
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41818
2014-07-24 09:13:04 +00:00
John Crispin
64a07e6a8b lantiq-dsl: add 2 ugly workarounds for the IB to work
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41787
2014-07-21 18:41:46 +00:00
Jo-Philipp Wich
2dd087ccee firewall: implement support for abritary netmasks
Properly parse and pass arbritary netmasks to iptables, this allows
specifying ranges like '::c23f:eff:fe7a:a094/::ffff:ffff:ffff:ffff' to
match the host part of an IPv6 address regardless of the currently active
IPv6 prefix.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41760
2014-07-19 16:30:47 +00:00
Felix Fietkau
51fbfde474 netifd: update to the latest version, adds a small validation fix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41731
2014-07-18 11:45:42 +00:00
Felix Fietkau
4ecb9289ef qos-scripts: convert to procd
Signed-off-by: John Crispin <blogic@openwrt.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41730
2014-07-18 11:25:07 +00:00
Felix Fietkau
51b11ba5ea netifd: update to the latest version, enables igmp snooping by default
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41683
2014-07-17 14:55:17 +00:00
Felix Fietkau
4ef8d2e014 qos-scripts: fix ingress packet marking with ifb
Split connection mark into two parts:

The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.

For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41682
2014-07-17 12:02:06 +00:00
Jo-Philipp Wich
f4781cae6d firewall: fix segfault introduced by latest update
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41558
2014-07-10 16:44:20 +00:00
Jo-Philipp Wich
8b0650838d firewall: fix regressions introduced after latest ubus rework
The commit 92281eb747b56e748b7c3d754055919c23befdd4 broke fw3_ubus_addresses() so that
no addresses where returned at all, this caused fw3 to not emit NAT reflection rules
anymore.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41556
2014-07-10 10:21:17 +00:00
Felix Fietkau
a6c4ef18b7 qos-scripts: remove maxsize options and packet size based reclassify from the default config
They should be unnecessary with fq_codel, and simplifying rules helps
with performance

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41549
2014-07-08 11:19:51 +00:00
Jo-Philipp Wich
b321f718c2 firewall: fix issue with parsing network options
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41491
2014-07-03 09:21:44 +00:00
Felix Fietkau
2b274eb719 firewall: update to the latest version, adds support for fetching firewall rules from procd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41480
2014-07-02 19:18:13 +00:00
Felix Fietkau
5db42f92fd netifd: update to the latest version, fixes a crash on reload with hotplugged devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41393
2014-06-29 21:27:28 +00:00
Felix Fietkau
50c05b20cb netifd: update to the latest version, addds a few fixes and enables multicast->unicast for igmp snooping on wireless devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41390
2014-06-29 18:34:22 +00:00
Steven Barth
2ad9907cd5 firewall3: add fw3 zone function to enumerate devices
SVN-Revision: 41349
2014-06-26 12:20:47 +00:00
Steven Barth
22ffa5ef16 netifd: various routing table handling fixes
SVN-Revision: 41287
2014-06-20 17:51:25 +00:00
Jo-Philipp Wich
005884bff4 Revert "netifd: fix handling of "lookup main" for ip rules (#15315)"
The netifd fixes went to the wrong repository, revert until it is sorted out.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41283
2014-06-20 12:28:35 +00:00
Jo-Philipp Wich
de51f6022f netifd: fix handling of "lookup main" for ip rules (#15315)
Reworks the handling of RT_TABLE_MAIN in system-linux.c so that ip rules
with lookup main can be properly setup.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41282
2014-06-20 09:58:16 +00:00
Steven Barth
8d177a8e78 netifd: various bugfixes (thanks Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 41259
2014-06-18 11:29:09 +00:00
Felix Fietkau
500d3072ec netifd: use procd_add_reload_trigger
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41147
2014-06-11 17:05:50 +00:00
Felix Fietkau
3ab9651cb0 netifd: update to latest version, fixes reload issue (#16754) and adds 802.1ad support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41112
2014-06-11 10:23:12 +00:00
Steven Barth
b81ebf6db1 netifd: add support for onlink-flag for routes
SVN-Revision: 41098
2014-06-10 16:04:40 +00:00
John Crispin
7a0606124a netfid: make procd watch the network.interface object for events
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41010
2014-06-05 10:56:14 +00:00
John Crispin
91de9c589c netifd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41009
2014-06-05 10:56:10 +00:00
John Crispin
5a9c834a12 package: swconfig: let variable name be local
Let the first parameter of function config_get be local, because there
is a chance that config_get won't export the variable.

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>

SVN-Revision: 41000
2014-06-04 07:20:31 +00:00
John Crispin
35d3c91c86 soloscli: upgrade to 1.04
- The package does not compile at the moment. Since there is a new
  upstream version avaiable, use this new source instead.
- Upstream has already included our both patches.
- This is only compile tested, since I do not own any test hardware.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 40940
2014-06-02 12:45:01 +00:00
John Crispin
40218343cd package: netifd: remove blank line at the end of file
Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>

SVN-Revision: 40937
2014-06-02 12:44:51 +00:00
John Crispin
46a4f13283 qos-script: Add comments to existing rules
Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 40936
2014-06-02 12:44:47 +00:00
John Crispin
9e65c01a4b qos-script: Improve usability by adding comment field to rules
It's quite unconveniet to remember which ports are used by which applications, especially for not so advanced users.
Together with luci patch (discussed on IRC) this improves qos-scripts usability.

Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 40935
2014-06-02 12:44:44 +00:00
Felix Fietkau
d866ee2e30 netifd: replace the sleep 5 with an ubus wait_for call to speed up init script
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40891
2014-05-31 23:49:23 +00:00
Steven Barth
5696b94b76 netifd: fix a segfault and improve ipip6 tunnel setup
SVN-Revision: 40821
2014-05-22 20:04:43 +00:00
Felix Fietkau
cfbd90d2bf netifd: update to the latest version, fixes wireless setup cancellation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40771
2014-05-15 20:03:04 +00:00
Felix Fietkau
127ce4d5ec netifd: update to latest version, fixes a regression on wds client support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40748
2014-05-10 18:03:24 +00:00
Steven Barth
0c06d76c79 netifd: Fix nested protocols going offline at reload + various route issues
Much thanks to Hans Dedecker

SVN-Revision: 40746
2014-05-09 13:55:34 +00:00
Felix Fietkau
770ec0082b netifd: update to the latest version, fixes some corner cases related to hotplug device handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40660
2014-05-02 18:12:28 +00:00
Felix Fietkau
d33c6f7b80 netifd: update to the latest version, fixes a use-after-free bug on wireless config reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40589
2014-04-29 13:18:59 +00:00
Felix Fietkau
b4532ad21e netifd: update to the latest version, fixes some route table and dynamic interface issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40572
2014-04-26 19:48:11 +00:00
Felix Fietkau
b079019bd9 netifd: update to latest version, adds support for disabling interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40555
2014-04-22 17:28:14 +00:00
Felix Fietkau
3c95232ab7 netifd: update to the latest version, fixes some more issues related to l3_dev handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40529
2014-04-19 09:58:40 +00:00
Steven Barth
daf69ee1da firewall: add support for nat-rules and netifd-proto-originating rules
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 40510
2014-04-14 10:11:34 +00:00
John Crispin
390e856cb2 lantiq: more vdsl related cleanups
* atm module needs to be loaded before linux-atm
* use absolute firmware paths
* extended validation
* add a script for mounting an optional firmware partition

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40460
2014-04-11 20:40:24 +00:00
Felix Fietkau
7b960069a2 netifd: switch to using git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40459
2014-04-11 20:28:55 +00:00
Felix Fietkau
92ab194d63 netifd: update to latest version, adds a force_link parameter to bring up an interface without active device carrier
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40456
2014-04-11 13:48:41 +00:00
Felix Fietkau
a28b8ecc47 netifd: update to the latest version, fixes some reload issues with proto=static
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40449
2014-04-10 15:21:13 +00:00
Felix Fietkau
8a7a02bd2e netifd: fix a regression related to ppp + multiple updates (ipv4 + ipv6)
Fixes #15504

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40443
2014-04-10 11:31:21 +00:00
John Crispin
eebc673f1e lantiq: move the dsl-modem config to network.@dsl-modem[-1]
make sure uci_defaults generates a proper uci config for the v/adsl modem

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40439
2014-04-10 08:14:33 +00:00
John Crispin
8bfe9acecf lantiq: vdsl init.d script should auto start
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40438
2014-04-09 16:36:28 +00:00
John Crispin
76e873a289 lantiq: cleanup vdsl driver bringup
config interface 'wan'
	# a, b, j
	option annex b
	# a, b, av, bv
	option tone b
	# vdsl.bin
	option firmware
	# atm, ptm
	option xfer_mode atm

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40437
2014-04-09 16:31:24 +00:00
Felix Fietkau
255546bbfd netifd: update to the latest version, fixes a l3_dev handling regression leading to a crash
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40414
2014-04-07 11:12:06 +00:00
Felix Fietkau
dca014db76 netifd: Add renew handler for proto dhcp
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 40385
2014-04-05 18:17:22 +00:00
Felix Fietkau
0dd2d18400 netifd: update to latest version, fixes issues when l3 interface changes on reload (e.g. ppp -> dhcp/static)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40384
2014-04-05 18:17:18 +00:00
John Crispin
f464b7d176 lantiq: cleanup the dsl control scripts
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40381
2014-04-05 16:34:20 +00:00
John Crispin
c7168b64ef dhcp: Fix broadcast parameter validation support, remove unused netmask parameter
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 40332
2014-03-30 13:07:52 +00:00
John Crispin
1335853ae5 ltq-vdsl: add led status reporting
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 40322
2014-03-30 09:16:27 +00:00
Steven Barth
0555ebf66d 6rd / ds-lite: make the firewall-zones of nested-protocols configurable
SVN-Revision: 40020
2014-03-26 10:12:49 +00:00
Steven Barth
2a893c2057 dhcp: send 6rd-ORO when expecting 6rd-information
SVN-Revision: 40019
2014-03-26 09:48:20 +00:00
Felix Fietkau
5c53e63836 netifd: update to the latest version, adds support for reloading proto handlers on toplogy changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40001
2014-03-21 15:55:27 +00:00
Felix Fietkau
3eb2d6d5d4 netifd: update to the latest version, fixes ubus handling of proto data items
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39970
2014-03-20 20:06:59 +00:00
Felix Fietkau
e926cfd9ac netifd: update to latest version, fixes an autostart handling with link detection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39967
2014-03-20 13:57:28 +00:00
Felix Fietkau
66393168d3 firewall: update to latest version, fixes a musl build error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39965
2014-03-20 13:51:43 +00:00
Felix Fietkau
ad72198abb netifd: update to latest version, adds support for specifying a config path
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39956
2014-03-19 14:26:51 +00:00
Steven Barth
edd75e332c netifd: pass on delegate flag from dhcp to 6rd
SVN-Revision: 39909
2014-03-13 10:33:26 +00:00
Felix Fietkau
83f9fc12d6 netifd: update to latest version, includes interface handling fixes by Hans Dedecker
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39870
2014-03-11 09:28:28 +00:00
Felix Fietkau
452d019d3e netifd: update to latest version, adds a bridge reload fix and fixes #15157
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39791
2014-03-07 18:14:41 +00:00
Steven Barth
f294f23c02 netifd: don't incorrectly announce up-status via ubus
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 39777
2014-03-05 17:36:14 +00:00
Steven Barth
1b3a868309 netifd: Reintroduce link-layer sensing (thx Hans Decker, Karl Vogel)
SVN-Revision: 39757
2014-02-27 12:42:38 +00:00
Steven Barth
0bf9032145 netifd: don't always assume addrs & routes are applied
netifd didn't check the netlink return values and kept assuming
routes are in place even if they weren't

SVN-Revision: 39755
2014-02-26 13:27:32 +00:00
Felix Fietkau
a15524582c netifd: depend on libubox directly to rebuild on ABI changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39723
2014-02-23 17:32:15 +00:00
Felix Fietkau
6c8300df3d netifd: update to latest version, fixes wireless device reload handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39706
2014-02-23 08:13:28 +00:00
Jo-Philipp Wich
b22ad85bc6 firewall: fix validation constraints
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39649
2014-02-21 00:22:23 +00:00
Jo-Philipp Wich
354efde275 netifd: fix validation constraints
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39648
2014-02-21 00:17:04 +00:00
Jo-Philipp Wich
21f4cf1a73 firewall: fix several ipset integration issues (#15016)
- Do not consider bitmap storage for IPv6 family sets
	- Move ipset family parameter before any additional option
	- Only emit family parameter for hash sets
	- Do not allow IPv6 iprange for IPv4 sets and vice versa

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39647
2014-02-20 23:20:10 +00:00
John Crispin
8fb44e0d1e netifd: add validation support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39621
2014-02-18 13:34:04 +00:00
John Crispin
15ebcfc04e firewall3: update init.d script to make use of procd
add validation data

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39617
2014-02-18 13:33:47 +00:00
John Crispin
204e859542 netifd: update to latest git head
this adds support for proto and wireless handler adding uci validation rules

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39614
2014-02-18 13:33:36 +00:00
Steven Barth
41acaaf893 netifd: work around dangling prefix kernel-routes (fixes #14963)
SVN-Revision: 39597
2014-02-16 11:20:22 +00:00
Steven Barth
af8f06beca netifd: fix source-routing breaking 6in4 + others
6in4 historically allowed an ip6addr without a mask however the newly
introduced source-routing segfaulted in this scenario (#14958 + #14858).

Fixes include: "Fix ubus route src mask printing" and
"Disable netlink auto ack" (thanks to Hans Dedecker)

SVN-Revision: 39586
2014-02-14 21:21:44 +00:00
Steven Barth
229d186490 netifd: don't add unnecessary NOP policy rules
SVN-Revision: 39351
2014-01-20 18:23:02 +00:00
Steven Barth
fac5e62abd firewall: don't reload if there were no address or data changes
This fixes packet loss due to reloading firewall every minute with IPv6
implementation of certain ISPs.

SVN-Revision: 39332
2014-01-19 17:35:33 +00:00
Steven Barth
bc8412b90e netifd: Add IFUPDATE-flags and use main IPv6 routing table again
SVN-Revision: 39306
2014-01-17 13:59:40 +00:00
John Crispin
a844275f37 firewall: improve logging in hotplug script
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

SVN-Revision: 39300
2014-01-15 18:29:59 +00:00
John Crispin
4810de8e4b swconfig: improve usability when switch device incorrect
http://patchwork.openwrt.org/patch/4701/

Signed-off-by: Andreas Mohr <andim2@users.sf.net>

SVN-Revision: 39229
2014-01-12 12:07:01 +00:00
Felix Fietkau
20151a3394 netifd: initialize the switch early at start time and on reload (fixes #13015)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39183
2013-12-31 13:09:20 +00:00
Felix Fietkau
6865f1d6b2 netifd: update to the latest version, fixes wireless related segfaults on arm
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39180
2013-12-29 02:26:34 +00:00
Felix Fietkau
5607a13aa1 netifd: update to the latest version, fixes wifi related segfaults
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39176
2013-12-28 14:19:54 +00:00
John Crispin
d1156bca0a swconfig: remove useless variables, return -1 on errors
spotted with cppcheck

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 39170
2013-12-27 21:15:20 +00:00
Jo-Philipp Wich
1789744958 netifd: add reload trigger for /etc/config/wireless as well
SVN-Revision: 39131
2013-12-18 12:38:29 +00:00
Jo-Philipp Wich
de5ebc19c0 firewall: fix handling of tcp_ecn parameter
The firewall3 implementation as well as the shell implementation predating it
used to process the tcp_ecnoption as boolean while it actually is an integer.

Change the code to parse tcp_ecn as integer.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39122
2013-12-17 16:59:47 +00:00
Felix Fietkau
12c05542e8 netifd: update to latest version, fixes a null pointer crash
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39088
2013-12-16 10:08:13 +00:00
Steven Barth
e49d67f192 Convert DHCP->6rd and DHCPv6->DS-Lite autoconfig to dynamic interface
SVN-Revision: 39061
2013-12-15 19:38:53 +00:00
Felix Fietkau
ce062a7b5c netifd: update to the latest version, adds a revert of the link state handling patches which caused regressions in combination with wifi devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39050
2013-12-14 14:59:05 +00:00
Felix Fietkau
47730fe355 netifd: prevent an unnecessary restart of netifd-managed wifi interfaces at boot time
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39046
2013-12-13 16:43:11 +00:00
Felix Fietkau
3f744a4ad3 netifd: fix crashes triggered by adding/removing wireless devices on reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39035
2013-12-11 18:23:52 +00:00
John Crispin
31a2912cd9 netifd: enable coredumps again
got broken due procd startup. Requires procd resource limit patch.

Signed-off-by: Ulrich Weber <uw@xyne.com>

SVN-Revision: 39020
2013-12-09 17:29:34 +00:00
Felix Fietkau
6242255df2 netifd: update to the latest version, adds tunnel fixes by Hans Dedecker and adds back support for multiple networks per wifi-iface
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39004
2013-12-08 18:00:05 +00:00
Felix Fietkau
4155016637 netifd: update to the latest version, improves wireless status output and fixes some bridge handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38992
2013-12-03 14:17:44 +00:00
Felix Fietkau
3c50feca19 wifi: rename the "reload" (restarting non-netifd wifi) command to "reload_legacy"
Add a new "reload" command that reloads the netifd config as well

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38989
2013-12-02 16:53:24 +00:00
Felix Fietkau
498d84fc4e netifd: add wireless configuration support and port mac80211 to the new framework
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38988
2013-12-02 16:41:03 +00:00
Felix Fietkau
107bcb5de3 netifd: remove redundant calls to /sbin/wifi down
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38982
2013-12-02 13:08:00 +00:00
Jo-Philipp Wich
bc9043cc53 firewall: optimize DNAT rules and skip invalid rules and redirects (#14485)
- instead of writing one (or more) ACCEPT rules in the filter table
	  for each redirect install a global ctstate DNAT accept rule per zone

	- discard rules and redirects which have invalid options set instead
	  of silently skipping the invalid values

SVN-Revision: 38849
2013-11-18 11:59:27 +00:00
Felix Fietkau
e78e720a6f netifd: remove connect_time from /var/state, it is unused
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38704
2013-11-10 10:01:33 +00:00
John Crispin
edf6236838 lantiq: fix vdsl-app dependency
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38666
2013-11-07 12:45:39 +00:00
Felix Fietkau
e16f104a6f netifd: update to the latest version, fixes regression in proto-shell scripts (#14400, #14402)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38627
2013-10-31 11:22:01 +00:00
Felix Fietkau
22890e6382 netifd: update to latest version, adds fixes and some preparation for supporting wifi devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38606
2013-10-30 11:25:01 +00:00
Steven Barth
bb699867e0 firewall: Improve ubus support
* Use network.interface dump call instead of individual status calls
  to reduce overall netifd lookups and invokes to 1 per fw3 process.

* Allow protocol handlers to assign a firewall zone for an interface
  in the data section to allow for dynamic firewall zone assignment.

SVN-Revision: 38504
2013-10-23 10:25:26 +00:00
Steven Barth
91b173d231 netifd: Fix ifupdate events
SVN-Revision: 38458
2013-10-19 11:01:25 +00:00
Steven Barth
c3bcdd59de netifd: various improvements
* Add ubus methods for global interface status
* Add ubus function to create nested interfaces
* Add protocol update notifications and hotplug legacy calls
* Fix: key to data elements point at wrong memory area
* Add support for source-restricted routes
* Add option "delegate" to toggle prefix delegation
* Reevaluate target routes also on interface update

SVN-Revision: 38453
2013-10-18 13:39:43 +00:00
Steven Barth
56bc536713 netifd: rename customopts to sendopts for consistency
SVN-Revision: 38437
2013-10-17 13:12:06 +00:00
Steven Barth
c759b49a4f Added 'customopts' dhcp protocol option, which is an array passed along to udhcpc as series of -x options.
Signed-off-by: Markus Stenberg <markus.stenberg@iki.fi>

SVN-Revision: 38436
2013-10-17 12:55:40 +00:00
Hauke Mehrtens
e1523b5504 switch: remove old switch driver
The switch driver is not used by brcm47xx any more and can be removed,
instead of this switch driver b53 is used now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 38387
2013-10-13 22:15:31 +00:00
Hauke Mehrtens
af32e63bae lantiq: add some missing PKG_SOURCE_URLs
These URLs where missing and causes build failures.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 38376
2013-10-12 22:33:55 +00:00
Jo-Philipp Wich
db3013852a firewall: small improvements in nat reflection
- do not insert duplicate rules when setting up reflection to a zone containing multiple interfaces
	- set up reflection for any protocol, not just TCP and UDP

SVN-Revision: 38361
2013-10-10 18:15:10 +00:00
Felix Fietkau
e96695df10 netifd: update to latest version, adds macvlan support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38299
2013-10-03 14:51:34 +00:00
Steven Barth
1d485c737e netifd: don't remove & readd addresses that only have a changed lifetime
SVN-Revision: 38269
2013-10-01 17:30:05 +00:00
John Crispin
f874094402 procd: convert various packages to procd style init.d scripts
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38023
2013-09-17 21:45:30 +00:00
Felix Fietkau
7fc90889d5 netifd: update to the latest version, fixes a bridge handling corner case on config reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37856
2013-08-29 22:20:36 +00:00
Jo-Philipp Wich
2864fb107f firewall: update to git head
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
	- fixes support for rule sections with target "NOTRACK"

SVN-Revision: 37777
2013-08-14 15:40:38 +00:00
Jo-Philipp Wich
d6e8047f83 firewall: update to git head
- handles redirects as port relocations if the dest_ip points to the router itself

SVN-Revision: 37374
2013-07-16 14:04:59 +00:00
Steven Barth
54ae5ce507 netifd: Fix IPv6-prefix assignment with continuous hints
SVN-Revision: 37371
2013-07-16 12:07:11 +00:00
Luka Perkov
1a963355b0 netifd: update to latest version, add bridge_empty option
with this option enabled it's possible to create empty bridges

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 37318
2013-07-14 18:50:04 +00:00
John Crispin
7d7c2ff5f9 swconfig: fix dependency bug introduced by [37304]
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37316
2013-07-14 18:16:42 +00:00
Hauke Mehrtens
f8d55e7541 brcm47xx: use b53 phy driver for the switch in kernel 3.10
This makes it possible to use swconfig to controll the switch.

This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.

SVN-Revision: 37304
2013-07-14 14:11:17 +00:00
Felix Fietkau
f98f69adc9 firewall: add missing dependencies
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37224
2013-07-10 11:33:48 +00:00
John Crispin
fc40051569 lantiq: move dsl tools to package/network/config
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37198
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich
4aa82d07a6 firewall: allow routed lan<->lan traffic by default
SVN-Revision: 37171
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich
2d506f46fb firewall: update to git head
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser

SVN-Revision: 37082
2013-06-29 13:28:27 +00:00
Steven Barth
d8051a8814 netifd: fix typo in dhcp script
SVN-Revision: 37051
2013-06-28 04:19:21 +00:00
Felix Fietkau
b4babf9f81 netifd: update to latest version, fixes a NULL pointer deref bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36965
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich
65f82e2311 firewall: update to git head
- fixes misprocessing of unknown symbolic protocol names

SVN-Revision: 36963
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich
37ae268729 firewall: update to git head
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs

SVN-Revision: 36960
2013-06-18 14:14:35 +00:00
Steven Barth
9f1899242c netifd: IPv6: Fix sorting order in last commit.
SVN-Revision: 36952
2013-06-17 21:29:14 +00:00
Steven Barth
213269a8f7 netifd: Satisfy IPv6 assignments ordered by prefix length
SVN-Revision: 36950
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich
36d3fafd77 firewall: update to git head
- properly process intermediate "!" options in argument list (fixes negated ipsets)

SVN-Revision: 36935
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich
0db38adf1c firewall: update to git head
- fixes handling of reject target for rule sections with specific destination zone

SVN-Revision: 36933
2013-06-13 12:49:00 +00:00
Felix Fietkau
9fb5bf176e netifd: update to latest version, uses the new uci/blob code from libuci
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36909
2013-06-10 12:42:30 +00:00
Steven Barth
491deaed2c netifd: improve reloading behaviour
SVN-Revision: 36903
2013-06-10 10:42:15 +00:00
Steven Barth
f995c90329 netifd: Improve IPv6 source-routing policies
SVN-Revision: 36884
2013-06-08 13:26:33 +00:00
Jonas Gorski
b9de8ca7f5 netifd: bring wifi down before shutting down
works around wifiX references not being freed on network restart.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 36883
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich
e7b15446a8 firewall: udpate to git head (#13652, #13654, #13658)
- optimizes chain usage for ingress rules
  - adds limit match support for redirect rules
  - fixes automatic redirect dest detection on little endian systems
  - leaves base chains in place on reload to allow user rules to target e.g. "reject"

SVN-Revision: 36871
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich
5cf06bd17b firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
SVN-Revision: 36868
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich
ecc95dcba8 firewall: update to git head (#13652)
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
  - uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones

SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3 firewall3: fix accidentally changed install directive
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88 firewall: fix git source url
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09 Drop legacy firewall package
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257 firewall3: update to git head (#13641)
* Fixes wrong chain used for zone forward policy

SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e firewall3: update to git head
- Fixes problems with reusing matches or targets from loadable extensions

SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich
3bb397c997 firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
519f27cd33 netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Steven Barth
439fdd4d65 netifd: fix IPv6-addresses disappearing due to lifetime-overflows
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich
63603ee478 firewall3: update to git head
- allows building without IPv6 support
	- uses more robust rules to cope with missing libext.a
	- uses better linking strategy to avoid symbol clashes with older iptables
	- introduces source compatiblity layer for different libxtables versions

SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1 firewall3: update to git head
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
  - automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
  - properly support output rules with dest '*' to hook directly into delegate_output
  - fixes crash when processing rules with unresolved targets

SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich
90887b5fb3 firewall3: update to git head
- fixes linking issues with some toolchains

SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich
c1ff8cd9bb firewall3: update to git head
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
  - Do not leak memory when processing rules with unknown targets or matches

SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Steven Barth
32c6ffb5a1 firewall3: Remove abandonend include
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259 firewall3: update to git head
- fix build on Linux < 3.7
  - limit zone names to 14 bytes

SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich
c12189b379 firewall3: update to git head
- fixes reload when firewall is not running already
  - fixes crash when ipsets are supported but undeclared
  - fixes handling of per zone user chains on reload

SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich
dd83e87ab0 firewall3: update to git head
- fixes segfault in flush command if ipset support is not available
  - fixes internal rule generation if custom chains are enabled

SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
9b6c31d4cc firewall3: move libext*.a copying to compile phase
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
e8050c6c35 firewall3: update to git head
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
 * make ipset integration more reliable

SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Steven Barth
0f1be4425f netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.

SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Steven Barth
5ce135ed87 netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
SVN-Revision: 36627
2013-05-13 17:12:34 +00:00
Steven Barth
ea71678b09 netifd: added support for setting up 6rd from DHCP
SVN-Revision: 36626
2013-05-13 17:12:30 +00:00
Steven Barth
973dad61b0 firewall3: Remove obsoleted ULA-border
SVN-Revision: 36624
2013-05-13 17:12:20 +00:00
Steven Barth
07d99b62b7 firewall3: add wan6 interface to wan-zone by default
SVN-Revision: 36623
2013-05-13 17:12:15 +00:00
Steven Barth
4cb9d9715c firewall: Remove obsoleted ULA-border rule
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
4bba31b64c firewall3: update to git head
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
	- add support for fwmark matches and mark setting targets

SVN-Revision: 36521
2013-05-02 13:42:20 +00:00
Jo-Philipp Wich
f1497ccf4f netifd: update to git head - disables multicast snooping by default on bridges
SVN-Revision: 36463
2013-04-27 09:28:40 +00:00
Felix Fietkau
5062838fa5 netifd: update to the latest version, fixes interface reload issues when removing the ifname option
SVN-Revision: 36424
2013-04-25 16:28:19 +00:00
Steven Barth
2c78c1457b firewall3: Make IPv6 ULA-Border generation dynamic
This fixes working behind another router which gives out ULAs.

SVN-Revision: 36416
2013-04-24 14:17:24 +00:00
Steven Barth
17b8c0c7b8 netifd: Improve IPv6-ULA assignment handling
SVN-Revision: 36383
2013-04-22 19:40:06 +00:00
Felix Fietkau
099e3d8183 netifd: update to latest version, fixes some device handling crashes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36336
2013-04-15 14:21:45 +00:00
Felix Fietkau
88c418bc75 qos-scripts: add queue length and quantum limit, suggested by dtaht
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36294
2013-04-09 14:59:10 +00:00
John Crispin
04dcd12c91 add portmap support to userland
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36284
2013-04-09 14:19:13 +00:00
John Crispin
f13ae9965c add "swconfig list" support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36282
2013-04-09 14:19:05 +00:00
Jo-Philipp Wich
f90f025f20 netifd: fix route / route6 regression (#13303)
SVN-Revision: 36281
2013-04-09 12:21:12 +00:00
Steven Barth
3abc915522 Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
SVN-Revision: 36280
2013-04-09 12:12:30 +00:00
Steven Barth
35d716fbbb netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
SVN-Revision: 36196
2013-04-05 12:28:06 +00:00
Steven Barth
0393e52623 netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
SVN-Revision: 36193
2013-04-03 17:08:21 +00:00
Jo-Philipp Wich
6fa1b5346e firewall3: update to git head
* fixes parsing of src/dest '*'
	* fixes parsing of proto 'all'

SVN-Revision: 36111
2013-03-22 14:10:29 +00:00
Jo-Philipp Wich
76d1c0a067 firewall3: update to git head
* fixes port remapping rules (#13217)

SVN-Revision: 36100
2013-03-21 14:25:17 +00:00
Steven Barth
261be7b8f3 netifd: Fix adding IPv6 DNS-servers to resolv.conf
In some cases IPv6 DNS-servers were not added correctly.

SVN-Revision: 36095
2013-03-20 13:49:39 +00:00
Jo-Philipp Wich
6fbd824e9b firewall3: update to git head
* fixes reload handling of zones and ipsets that are still running but already deleted from the config

SVN-Revision: 36092
2013-03-19 16:18:05 +00:00
Jo-Philipp Wich
03cb7986fc firewall3: update to git head
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197)
	- do not allow src_mac option for SNAT rules

SVN-Revision: 36090
2013-03-19 13:54:34 +00:00
Jo-Philipp Wich
54f9f47a28 firewall3: update to git head
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
 * Allow "network" and "device" commands while firewall is running (to make them usable in includes)

SVN-Revision: 36009
2013-03-14 15:29:43 +00:00
Jo-Philipp Wich
9faa312dbb firewall3: update to git head
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
 * Make NAT reflection direction configurable
 * Map init script stop action to flush
 * Map init script reload action to reload
 * Respect init script disabled state in hotplug handler

SVN-Revision: 35998
2013-03-13 15:46:30 +00:00
Jo-Philipp Wich
8c7ed1cb7b firewall3: update to git head
* Fixes compilation against eglibc
 * Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
 * Fixes tracking logic for user chains by differentiating between reloads and restarts
 * Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
 * Supports legacy "tcpudp" protocol notation again

SVN-Revision: 35969
2013-03-11 20:52:20 +00:00
Jo-Philipp Wich
e259ecad7e Revert "firewall3: update to git head"
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.

SVN-Revision: 35904
2013-03-08 19:52:18 +00:00
Jo-Philipp Wich
50213fc354 firewall3: update to git head
- introduce per-zone user chains
	- support legacy "tcpudp" protocol notation

SVN-Revision: 35903
2013-03-08 15:27:33 +00:00
Jo-Philipp Wich
d75c632de6 firewall3: add default config and firewall.user
SVN-Revision: 35889
2013-03-05 13:45:09 +00:00
Jo-Philipp Wich
89be702bff firewall3: update to git head, introduces support for "enabled" option
SVN-Revision: 35845
2013-03-02 17:09:33 +00:00
Jo-Philipp Wich
557c047f71 firewall3: clear contnrack table on flush, set policies to drop during rule reload
SVN-Revision: 35820
2013-02-27 14:09:37 +00:00
Jo-Philipp Wich
92062542e2 firewall: fix logging rule regression (#12999)
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
4fb2cd18c1 firewall3: add support for shell script and iptables-restore style includes
SVN-Revision: 35744
2013-02-22 12:45:38 +00:00
Steven Barth
a7b262dc0a netifd: only update resolv.conf.auto if changed This avoids logspam under certain conditions.
SVN-Revision: 35743
2013-02-22 08:56:29 +00:00
Jo-Philipp Wich
7d7d88b580 firewall3: update to git head
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
	- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
	- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
	- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')

SVN-Revision: 35738
2013-02-21 22:33:44 +00:00
Jo-Philipp Wich
02b0c62f33 firewall3 - a C implementation of the current firewall scripts
SVN-Revision: 35643
2013-02-17 19:26:52 +00:00