Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.
Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:
tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
4ead2a6 treewide: move executables to /sbin
9ebc2f4 fw4.uc: filter duplicates in fw4.set
85b74f3 treewide: support flow offloading
be3b4e6 treewide: support hardware flow offloading
38889b7 treewide: support set timeout
31c7550 fw4.uc: do not skip defaults with invalid option
334a127 fw4.uc: introduce DEPRECATED flag
7a0d38f fw4.uc: add _name as deprecated option
5e7ad3b fw4.uc: don't fail on unknown options
be5f4e3 fw4.uc: allow use of cidr in ipsets
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
5ca5e0b netifd: allow disabling rule/rule6 config sections
8875960 interface-ip: add support for IPv6 prefix invalidation
e589c05 interface-ip: use metric when looking for a route
b54ffde main: fix hotplug script usage message
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Among other things, this can be used to auto-configure the DHCP server
address for wireless APs using FILS, if the bridged interface is
configured to DHCP
Signed-off-by: Felix Fietkau <nbd@nbd.name>
68961a555e42 ubus: drop dnsmasq check for dns_result method
1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection
3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure
bc54c97e3333 map, bpf: create a separate map for configured dscp classes
46cf3eae2d99 bpf: fix bulk flow detaction
88f1db7dd611 bpf: fix priority flow detection
b5dec7874373 bpf: remove access to skb->gso_size
e728a319a9a5 interface: unify status, always include ifname, ingress, egress
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since sqm-scripts and qos-scripts packages are in the same category as qosify,
the firsts being in the Base System category, I find it understandable to move
the latter to Base System instead of network section.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
eb0a3ee fw4.uc: Do not quote port ranges
c5a8e3e tests: adapt test to new ICMP print logic
Also start using $(AUTORELEASE)
Signed-off-by: Paul Spooren <mail@aparcar.org>
0750f2b4d329 README: dnsmasq integration is complete
8e48d0b0cbba bpf: add initial support for splitting map dscp value into ingress and egress
bfc2cafe2a8c map: add support for defining aliases
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Now that wildcard matching is supported, this makes it easier for packages
to supply their own qosify rules
Signed-off-by: Felix Fietkau <nbd@nbd.name>
737970946bc0 map: default to fnmatch matching for dns patterns. support regex via leading /
b56b112e62e2 ubus: fix crash caused by missing static keyword
3a420e272c18 qosify: support wildcards in classifier filenames
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2ca7352543da map: make a helper function for freeing entries
411432ec853b map: add support for adding dns regex patterns
14803cb559d8 ubus: remove unused enum
a0740172eda6 ubus: add api for providing dns lookup results for dns regex rules
406fbf478e87 ubus: add support for dynamically adding dns based rules
5fc91183d60a README: mention dns regex entries
3ed8c3eb1a3b README: document mapping file syntax
91ce2e77d302 map: introduce low effort codepoint from RFC8622
5ff14acca0e7 interface: enable NAT on interfaces by default
e70f70e496d7 README: fix typo
f25ded617478 README: fix another typo
675238bc2ce5 loader: always reinitialize programs
010eea0d98c3 map: improve timeout handling of IP entries
7ef54a7f04a0 map: add DF codepoint
6f7fbe698555 map: increase active timeout to 300
60e06a579a13 qosify-bpf: inline check_flow() to ensure that it is jited
f5ae89e8d869 ubus: subscribe to dnsmasq.dns for dns lookup results
Signed-off-by: Felix Fietkau <nbd@nbd.name>
qosify is simple daemon for setting up and managing CAKE along with a custom
eBPF based classifier that sets DSCP fields of packets.
It is configured via UCI and it supports the following features:
- simple TCP/UDP port based mapping
- IP address based mapping
- priority boosting based on average packet size
- bulk flow detection based on number of packets per second
- dynamically add IP entries with timeout
Signed-off-by: Felix Fietkau <nbd@nbd.name>
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.
That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.
Switch to AUTORELEASE while at it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
186f6eaeba70 wireless: display log messages for setup/teardown/retry
fac471c4934a wireless: process and close script file descriptor when rerunning setup
62e2bb56f48e main: poll process log stream even if processes are killed
0e311d3f2d1a wireless: reset number of retries on config change
e467e0ff44c0 wireless: reset retry counter when setup succeeds
448ffc154fe7 wireless: fix index for stations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d590fbd255ce wireless: always enable bpdu filter for AP interfaces and VLANs
f8ff6d820283 system-linux: remove copy&paste from /proc and /sys path names
300b1220fab3 wireless: improve reliability of proxyarp support
5ba9744aac6d device: add support for configuring bonding devices
6fa9b042ff4d wireless: only apply wireless device attributes to the base vif interface
06d11bbf1f2b wireless: only enable proxyarp/isolate for AP vifs
08e954e137ff bonding: claim the port device before creating the bonding device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
94170ae24bc9 device: extend device settings flags to 64 bit
1eb0fafaa986 device: add support for configuring device link speed/duplex
ed84473b7af9 bridge: memset bst->config by default to avoid stale config values
6519cf31e4b0 bridge: add support for an external STP daemon
454e9c33c906 bridge: tune default stp parameters
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The userspace application now uses the model=full option to match the
configuration of the kernel module. The source no longer contains SOAP
support, which was the primary reason to build only typical instead
of full before.
This makes several CLI commands, which were already supported in the
kernel module, available in the userspace application. For example, this
includes bbsg which allows to get information about VDSL2 bands.
Some previously applied build options were redundant. Disabling ADSL MIB
support is unnecessary, as it only applies to Danube. ADSL LED support
is no longer included in the source. ReTx counters are already included
with model type full.
This increases the size of the userspace application by approximately
15 kB (uncompressed). The kernel module does not change at all.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
