Commit Graph

392 Commits

Author SHA1 Message Date
Jo-Philipp Wich
81399345fe netifd: fix VTI ikey/okey endianess
Ensure that ikey and okey are sent in network byte order to the kernel.
Also don't mangle external IP addrs and routes when reconfiguring iinterfaces.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48919
2016-03-04 17:48:18 +00:00
John Crispin
f94d2ec90f ltq-vdsl-app: Enable T1.413 in Annex A xTSE set
Before r47933 Bit 1 (first bit) of xTSE Octet 1 (first octet) defaulted
to 1, which allowed T1.413 to operate.

Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net>

SVN-Revision: 48763
2016-02-25 10:13:51 +00:00
John Crispin
8c7aa9b6e1 vti: fix kmod dependencies
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 48704
2016-02-12 08:30:18 +00:00
Rafał Miłecki
6219b3deae swconfig: support setting SWITCH_TYPE_LINK attributes
Supported syntax is inspired by ethtool. Example usages:
swconfig dev switch0 port 2 set link "duplex half speed 100"
swconfig dev switch0 port 2 set link "autoneg on"

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48624
2016-02-03 09:38:42 +00:00
Felix Fietkau
b3c9321b9e gre: Support multicast configurable gre interfaces
UCI paramater multicast is added which allows to toggle multicast support on gre interfaces.
By default multicast support is enabled as gre tunnels are often used in combination with
routing protocols using multicast.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>

SVN-Revision: 48596
2016-02-01 12:02:11 +00:00
Felix Fietkau
208b3098f0 netifd: update to the latest version, adds many fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48595
2016-02-01 12:02:05 +00:00
Jo-Philipp Wich
6064710b90 firewall: drop invalid by default, remove chain indirection, fix invert flags (#21738)
* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48551
2016-01-29 17:26:41 +00:00
Felix Fietkau
fe2007bb07 ltq-vdsl-app: mask out VDSL bits when ATM is selected, fixes compatibility issues with some DSLAMs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48457
2016-01-23 12:37:17 +00:00
Felix Fietkau
908d281beb qos-scripts: bump version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48455
2016-01-22 13:06:09 +00:00
Felix Fietkau
d3f3132057 qos-scripts: Add IPv6 support
This adds IPv6 support to qos-scripts for both tc/qdisc and the
iptables classification rules.  The tc/qdisc part is accomplished
by removing "protocol ip" from the tc command line, causing the
rule to be applied to all protocols.  The iptables part is
accomplished by adding each rule using both iptables and ip6tables.

This patch is based on previous work by Ilkka Ollakka and
Dominique Martinet.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48452
2016-01-22 11:59:03 +00:00
Felix Fietkau
269ab387ff qos-scripts: Allow classification by the traffic's source interface
This adds a "srciface" option that can be used on classification
rules in /etc/config/qos.  This is useful to allow prioritization
based on the local network from which the traffic originates, for
example to deprioritize traffic from a guest network.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48446
2016-01-21 23:22:06 +00:00
Felix Fietkau
b1f1b528a1 qos-scripts: stop overriding tx queue length
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48445
2016-01-21 22:26:15 +00:00
Felix Fietkau
c49bc55669 netifd: update to the latest version, adds a cosmetic fix for a wpa related variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48397
2016-01-20 19:11:41 +00:00
Felix Fietkau
5cafb9240e qos-scripts: Fix classification of ingress traffic
Set the save-mark mask for the qos_${cg} chain to 0xff instead of
0xf0.  With the old value, the nibble that was saved would be
masked during the restore, preventing ingress traffic from being
classified.  Thanks to nbd for recommending the fix.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48388
2016-01-19 23:56:34 +00:00
Felix Fietkau
614ebec4d2 firewall: add CONFIG_IPV6 to PKG_CONFIG_DEPENDS to fix a rebuild error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48315
2016-01-18 13:21:37 +00:00
Jo-Philipp Wich
5cf88bb032 netifd: fix PKG_VERSION (#21630)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48280
2016-01-17 17:15:01 +00:00
Felix Fietkau
e2e8cb8347 network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.

Example config:
config interface 'vti1'
	option proto 'vti'
	option mtu '1500'
	option tunlink 'wan'
	option peeraddr '192.168.5.16'
	option zone 'VPN'
	option ikey 2
	option okey 2

config interface 'vti1_static'
	option proto 'static'
	option ifname '@vti1'
	option ipaddr '192.168.7.2/24'

The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
	left=%any
	leftcert=peer2.test.der
	leftid=@peer2.test
	right=192.168.5.16
	rightid=@peer3.test
	leftsubnet=0.0.0.0/0
	rightsubnet=0.0.0.0/0
	mark=2
	auto=route

Signed-off-by: André Valentin <avalentin@marcant.net>

SVN-Revision: 48274
2016-01-17 11:06:02 +00:00
Felix Fietkau
eb1ac66ce7 netifd: update to the latest version, adds VTI support and a policy routing fix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48273
2016-01-17 11:05:53 +00:00
Rafał Miłecki
a09e713299 swconfig: support sending SWITCH_TYPE_LINK to kernel
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48141
2016-01-06 18:32:13 +00:00
Felix Fietkau
9632c00435 firewall: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48128
2016-01-04 15:13:10 +00:00
Felix Fietkau
9cd6162b63 packages: use OPENWRT_GIT to point at the main openwrt git repo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48118
2016-01-04 15:11:49 +00:00
Felix Fietkau
c5dfbea1e8 package/network/config/gre: ipv6 gre kmod package name was wrong
Source package gre was depending on kmod-ip6-gre, however the actual
kernel module package that is created is kmod-gre6.  Therefore
update (source) package gre for ipv6 gre support.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 48100
2016-01-03 20:57:06 +00:00
John Crispin
dc69b89c24 ltq-vdsl-app: re-add lowlevel settings
Add back a slightly modified version of the lowlevel settings which
where removed with r46920.

In compare to the old lowlevel settings, the B43c tone is added to
tone_adsl_b and tone_adsl_bv.

If an unsupported tone value is used, the auto probing mode is used, in
compare to the fallback to tone_adsl_av and tone_vdsl_av with the old
lowlevel settings.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48054
2016-01-01 21:20:24 +00:00
John Crispin
4908088268 ltq-vdsl-app: enable G.993.5 XTSE bit by default
According to ITU-T G.997.1 Amendment 2 (04/2013) section 2.1, bit 3 of
XTSE octet 8 either allow or denies the initialization of G.993.5.

Even if the current redistributable xDSL firmware doesn't include
G.993.5 vectoring support, enable this bit by default to allow people to
get their G.993.5 line working using a custom xDSL firmware.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48053
2016-01-01 21:20:16 +00:00
John Crispin
846124f536 ltq-vdsl-app: let the driver/app probe the xtse on missing annex
r47933 revealed that the driver/app in combination with the chosen
firmware does a good job in selecting a working xtse.

Use this probing mode if no annex is specified.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48052
2016-01-01 21:20:08 +00:00
John Crispin
7816dffd03 ltq-vdsl-app: add/enable missing G.993.2 XTSE bits
This patch adds the missing VDSL2 bits to the annex specific XTSE (like
it should be according to the comments above the XTSE bits).

Since r47933 it's mandatory to remove the annex option to switch to
VDSL2 (only) operation mode.

As shown by ticket #21436 and a few mails I received personally, even
experienced users are not aware that they have to remove the annex
option to get their VDSL2 line working and as shown by this patch it
doesn't need to be that "complicated".

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48051
2016-01-01 21:20:02 +00:00
John Crispin
2625c5621d ltq-vdsl-app: use the final xtse format
This way we can drop the call to sed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48050
2016-01-01 21:19:55 +00:00
John Crispin
8536afae6f swconfig: support receiving SWITCH_TYPE_LINK from kernel
When using cli, print link state the same way kernel used to do it.
This will allow kernel switching PORT_LINK from SWITCH_TYPE_STRING.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47998
2015-12-23 19:24:45 +00:00
Felix Fietkau
41aa066df9 ltq-vdsl-app: enable Annex-M support, disable unsupported Annex-A modes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47934
2015-12-18 21:47:49 +00:00
Felix Fietkau
57ccd6c9e7 ltq-vdsl-app: remove whitespace after -i, it prevents vdsl_cpe_control from parsing the XTSE bits
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47933
2015-12-18 21:47:33 +00:00
Felix Fietkau
a99c78a09a netifd: update to the latest version, fixes more route table issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47897
2015-12-16 23:15:15 +00:00
Felix Fietkau
513702e658 netifd: update to the latest version, fixes reload issues on routing table changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47893
2015-12-15 11:01:47 +00:00
Felix Fietkau
be00acca5a lantiq: ltq-vdsl-app: cleanup Makefile
- CONFIG_IFX_CLI is unused, couldn't find any reference to this config variable
- use disable-feature instead of enable-feature=no
- reorder configure args to have depending args together
- remove configure args which set the default value
- group enable-model and configure args which enable or disable features that
  are covered by the feature set

The config.log contains the same values as before. The vdsl_cpe_control binary
has the same checksum as before.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47888
2015-12-13 17:04:12 +00:00
Felix Fietkau
d984e3836f lantiq: ltq-vdsl-app: re-add showtime counters support
The typicial feature set doesn't include "DSL PM showtime counters support"
(INCLUDE_DSL_CPE_PM_SHOWTIME_COUNTERS). This feature provides the
vdsl_cpe_control command 'pmccsg', which is used by 'dsl_control status' to get
the line uptime.

The binary size increases to 103912 byte (+4256 byte) uncompressed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47887
2015-12-13 17:04:02 +00:00
Felix Fietkau
6fb259b6df netifd: ifup-shellscript - fix wrong usage of 'local'
this error was not visible until recent bump to
busybox 1.24.1 stable which introduced a warning message
when keyword 'local' is not used with a shell-function.

this does not change behavior and is a cosmetic cleanup.
fixes the following output:

root@box:~ ifup <interface>
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 1: not in a function

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 47828
2015-12-10 12:53:30 +00:00
Felix Fietkau
7516989383 lantiq: debloat the ltq-vdsl-app binary
Use the 'typical' compile configuration instead of 'full', which most
notably excludes the soap support.

/sbin/vdsl_cpe_control shrinks down to ~50%, from 178kb(!) to 90kb.

Signed-off-by: Andre Heider <a.heider@gmail.com>

SVN-Revision: 47769
2015-12-04 20:26:17 +00:00
Felix Fietkau
435e7fb295 lantiq: move esi calls to dsl_cpe_control scripts to fix ordering wrt. loading vr9 drivers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47764
2015-12-04 17:42:51 +00:00
Felix Fietkau
59dbc9fa4e netifd: update to the latest version, fixes an issue with moving a wifi iface to a different network
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47683
2015-12-02 13:52:08 +00:00
John Crispin
11f2007895 lantiq: ltq-vdsl-app: update to version 4.16.6.3
In this upstream dsl driver app version the autoboot is deactivated activate
it again.
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47637
2015-11-24 20:41:30 +00:00
John Crispin
41587675ec lantiq: ltq-vdsl-app: add dsl_cpe_pipe.sh
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47636
2015-11-24 20:41:18 +00:00
Felix Fietkau
f5970b9472 qos-scripts: remove faulty fallback of the device variable to eth0 (#20834)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47629
2015-11-24 20:30:06 +00:00
Jo-Philipp Wich
49b3fc70e5 netifd: fix device status reporting for external interfaces
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47493
2015-11-17 16:34:43 +00:00
Felix Fietkau
96a66d683b ltq-app-vdsl: convert init script to procd, add support for switching between atm and ptm
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47485
2015-11-16 11:02:14 +00:00
Felix Fietkau
e4859508be netifd: update to the latest version, contains several fixes, including one for interface ip4/ip6table for device routes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47460
2015-11-12 00:24:27 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Felix Fietkau
38182373e0 netifd: update to the latest version, fixes spurious client isolation in unbridged AP configurations (#20574)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47053
2015-09-26 23:18:40 +00:00
Jo-Philipp Wich
f30ccc8991 firewall: allow DHCPv6 traffic to/from fc00::/6 instead of fe80::/10
There is no RFC requirement that DHCPv6 servers must reply with a link local
address and some ISP servers in the wild appear to using addresses in the ULA
range to send DHCPv6 offers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47048
2015-09-25 08:41:12 +00:00
Steven Barth
836d462b10 package: Remove dependencies to kmod-ipv6
Since r46834, IPv6 support is builtin if selected. Therefor, dependencies
on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore.

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 47022
2015-09-21 21:15:41 +00:00
Jo-Philipp Wich
f2a19350fd firewall: depend on kmod-ipt-conntrack (#20542)
Our ruleset requires kernel support for conntrack state matching, therfore
depend on the require kmod. Fixes #20542.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46990
2015-09-17 15:31:45 +00:00
John Crispin
2c1d56af50 lantiq: Update to the latest DSL driver / application versions
Thanks to Sylwester Petela for testing my patch (successfully on an
ADSL connection) and for pointing out some configuration mistakes.
Others (including me) have also successfully tested this extensively
on VDSL connections.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 46920
2015-09-14 20:09:22 +00:00