Commit Graph

486 Commits

Author SHA1 Message Date
Jo-Philipp Wich
6064710b90 firewall: drop invalid by default, remove chain indirection, fix invert flags (#21738)
* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48551
2016-01-29 17:26:41 +00:00
Felix Fietkau
fe2007bb07 ltq-vdsl-app: mask out VDSL bits when ATM is selected, fixes compatibility issues with some DSLAMs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48457
2016-01-23 12:37:17 +00:00
Felix Fietkau
908d281beb qos-scripts: bump version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48455
2016-01-22 13:06:09 +00:00
Felix Fietkau
d3f3132057 qos-scripts: Add IPv6 support
This adds IPv6 support to qos-scripts for both tc/qdisc and the
iptables classification rules.  The tc/qdisc part is accomplished
by removing "protocol ip" from the tc command line, causing the
rule to be applied to all protocols.  The iptables part is
accomplished by adding each rule using both iptables and ip6tables.

This patch is based on previous work by Ilkka Ollakka and
Dominique Martinet.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48452
2016-01-22 11:59:03 +00:00
Felix Fietkau
269ab387ff qos-scripts: Allow classification by the traffic's source interface
This adds a "srciface" option that can be used on classification
rules in /etc/config/qos.  This is useful to allow prioritization
based on the local network from which the traffic originates, for
example to deprioritize traffic from a guest network.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48446
2016-01-21 23:22:06 +00:00
Felix Fietkau
b1f1b528a1 qos-scripts: stop overriding tx queue length
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48445
2016-01-21 22:26:15 +00:00
Felix Fietkau
c49bc55669 netifd: update to the latest version, adds a cosmetic fix for a wpa related variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48397
2016-01-20 19:11:41 +00:00
Felix Fietkau
5cafb9240e qos-scripts: Fix classification of ingress traffic
Set the save-mark mask for the qos_${cg} chain to 0xff instead of
0xf0.  With the old value, the nibble that was saved would be
masked during the restore, preventing ingress traffic from being
classified.  Thanks to nbd for recommending the fix.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48388
2016-01-19 23:56:34 +00:00
Felix Fietkau
614ebec4d2 firewall: add CONFIG_IPV6 to PKG_CONFIG_DEPENDS to fix a rebuild error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48315
2016-01-18 13:21:37 +00:00
Jo-Philipp Wich
5cf88bb032 netifd: fix PKG_VERSION (#21630)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48280
2016-01-17 17:15:01 +00:00
Felix Fietkau
e2e8cb8347 network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.

Example config:
config interface 'vti1'
	option proto 'vti'
	option mtu '1500'
	option tunlink 'wan'
	option peeraddr '192.168.5.16'
	option zone 'VPN'
	option ikey 2
	option okey 2

config interface 'vti1_static'
	option proto 'static'
	option ifname '@vti1'
	option ipaddr '192.168.7.2/24'

The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
	left=%any
	leftcert=peer2.test.der
	leftid=@peer2.test
	right=192.168.5.16
	rightid=@peer3.test
	leftsubnet=0.0.0.0/0
	rightsubnet=0.0.0.0/0
	mark=2
	auto=route

Signed-off-by: André Valentin <avalentin@marcant.net>

SVN-Revision: 48274
2016-01-17 11:06:02 +00:00
Felix Fietkau
eb1ac66ce7 netifd: update to the latest version, adds VTI support and a policy routing fix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48273
2016-01-17 11:05:53 +00:00
Rafał Miłecki
a09e713299 swconfig: support sending SWITCH_TYPE_LINK to kernel
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48141
2016-01-06 18:32:13 +00:00
Felix Fietkau
9632c00435 firewall: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48128
2016-01-04 15:13:10 +00:00
Felix Fietkau
9cd6162b63 packages: use OPENWRT_GIT to point at the main openwrt git repo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48118
2016-01-04 15:11:49 +00:00
Felix Fietkau
c5dfbea1e8 package/network/config/gre: ipv6 gre kmod package name was wrong
Source package gre was depending on kmod-ip6-gre, however the actual
kernel module package that is created is kmod-gre6.  Therefore
update (source) package gre for ipv6 gre support.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 48100
2016-01-03 20:57:06 +00:00
John Crispin
dc69b89c24 ltq-vdsl-app: re-add lowlevel settings
Add back a slightly modified version of the lowlevel settings which
where removed with r46920.

In compare to the old lowlevel settings, the B43c tone is added to
tone_adsl_b and tone_adsl_bv.

If an unsupported tone value is used, the auto probing mode is used, in
compare to the fallback to tone_adsl_av and tone_vdsl_av with the old
lowlevel settings.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48054
2016-01-01 21:20:24 +00:00
John Crispin
4908088268 ltq-vdsl-app: enable G.993.5 XTSE bit by default
According to ITU-T G.997.1 Amendment 2 (04/2013) section 2.1, bit 3 of
XTSE octet 8 either allow or denies the initialization of G.993.5.

Even if the current redistributable xDSL firmware doesn't include
G.993.5 vectoring support, enable this bit by default to allow people to
get their G.993.5 line working using a custom xDSL firmware.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48053
2016-01-01 21:20:16 +00:00
John Crispin
846124f536 ltq-vdsl-app: let the driver/app probe the xtse on missing annex
r47933 revealed that the driver/app in combination with the chosen
firmware does a good job in selecting a working xtse.

Use this probing mode if no annex is specified.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48052
2016-01-01 21:20:08 +00:00
John Crispin
7816dffd03 ltq-vdsl-app: add/enable missing G.993.2 XTSE bits
This patch adds the missing VDSL2 bits to the annex specific XTSE (like
it should be according to the comments above the XTSE bits).

Since r47933 it's mandatory to remove the annex option to switch to
VDSL2 (only) operation mode.

As shown by ticket #21436 and a few mails I received personally, even
experienced users are not aware that they have to remove the annex
option to get their VDSL2 line working and as shown by this patch it
doesn't need to be that "complicated".

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48051
2016-01-01 21:20:02 +00:00
John Crispin
2625c5621d ltq-vdsl-app: use the final xtse format
This way we can drop the call to sed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48050
2016-01-01 21:19:55 +00:00
John Crispin
8536afae6f swconfig: support receiving SWITCH_TYPE_LINK from kernel
When using cli, print link state the same way kernel used to do it.
This will allow kernel switching PORT_LINK from SWITCH_TYPE_STRING.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47998
2015-12-23 19:24:45 +00:00
Felix Fietkau
41aa066df9 ltq-vdsl-app: enable Annex-M support, disable unsupported Annex-A modes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47934
2015-12-18 21:47:49 +00:00
Felix Fietkau
57ccd6c9e7 ltq-vdsl-app: remove whitespace after -i, it prevents vdsl_cpe_control from parsing the XTSE bits
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47933
2015-12-18 21:47:33 +00:00
Felix Fietkau
a99c78a09a netifd: update to the latest version, fixes more route table issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47897
2015-12-16 23:15:15 +00:00
Felix Fietkau
513702e658 netifd: update to the latest version, fixes reload issues on routing table changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47893
2015-12-15 11:01:47 +00:00
Felix Fietkau
be00acca5a lantiq: ltq-vdsl-app: cleanup Makefile
- CONFIG_IFX_CLI is unused, couldn't find any reference to this config variable
- use disable-feature instead of enable-feature=no
- reorder configure args to have depending args together
- remove configure args which set the default value
- group enable-model and configure args which enable or disable features that
  are covered by the feature set

The config.log contains the same values as before. The vdsl_cpe_control binary
has the same checksum as before.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47888
2015-12-13 17:04:12 +00:00
Felix Fietkau
d984e3836f lantiq: ltq-vdsl-app: re-add showtime counters support
The typicial feature set doesn't include "DSL PM showtime counters support"
(INCLUDE_DSL_CPE_PM_SHOWTIME_COUNTERS). This feature provides the
vdsl_cpe_control command 'pmccsg', which is used by 'dsl_control status' to get
the line uptime.

The binary size increases to 103912 byte (+4256 byte) uncompressed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47887
2015-12-13 17:04:02 +00:00
Felix Fietkau
6fb259b6df netifd: ifup-shellscript - fix wrong usage of 'local'
this error was not visible until recent bump to
busybox 1.24.1 stable which introduced a warning message
when keyword 'local' is not used with a shell-function.

this does not change behavior and is a cosmetic cleanup.
fixes the following output:

root@box:~ ifup <interface>
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 1: not in a function

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 47828
2015-12-10 12:53:30 +00:00
Felix Fietkau
7516989383 lantiq: debloat the ltq-vdsl-app binary
Use the 'typical' compile configuration instead of 'full', which most
notably excludes the soap support.

/sbin/vdsl_cpe_control shrinks down to ~50%, from 178kb(!) to 90kb.

Signed-off-by: Andre Heider <a.heider@gmail.com>

SVN-Revision: 47769
2015-12-04 20:26:17 +00:00
Felix Fietkau
435e7fb295 lantiq: move esi calls to dsl_cpe_control scripts to fix ordering wrt. loading vr9 drivers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47764
2015-12-04 17:42:51 +00:00
Felix Fietkau
59dbc9fa4e netifd: update to the latest version, fixes an issue with moving a wifi iface to a different network
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47683
2015-12-02 13:52:08 +00:00
John Crispin
11f2007895 lantiq: ltq-vdsl-app: update to version 4.16.6.3
In this upstream dsl driver app version the autoboot is deactivated activate
it again.
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47637
2015-11-24 20:41:30 +00:00
John Crispin
41587675ec lantiq: ltq-vdsl-app: add dsl_cpe_pipe.sh
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47636
2015-11-24 20:41:18 +00:00
Felix Fietkau
f5970b9472 qos-scripts: remove faulty fallback of the device variable to eth0 (#20834)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47629
2015-11-24 20:30:06 +00:00
Jo-Philipp Wich
49b3fc70e5 netifd: fix device status reporting for external interfaces
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47493
2015-11-17 16:34:43 +00:00
Felix Fietkau
96a66d683b ltq-app-vdsl: convert init script to procd, add support for switching between atm and ptm
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47485
2015-11-16 11:02:14 +00:00
Felix Fietkau
e4859508be netifd: update to the latest version, contains several fixes, including one for interface ip4/ip6table for device routes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47460
2015-11-12 00:24:27 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Felix Fietkau
38182373e0 netifd: update to the latest version, fixes spurious client isolation in unbridged AP configurations (#20574)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47053
2015-09-26 23:18:40 +00:00
Jo-Philipp Wich
f30ccc8991 firewall: allow DHCPv6 traffic to/from fc00::/6 instead of fe80::/10
There is no RFC requirement that DHCPv6 servers must reply with a link local
address and some ISP servers in the wild appear to using addresses in the ULA
range to send DHCPv6 offers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47048
2015-09-25 08:41:12 +00:00
Steven Barth
836d462b10 package: Remove dependencies to kmod-ipv6
Since r46834, IPv6 support is builtin if selected. Therefor, dependencies
on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore.

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 47022
2015-09-21 21:15:41 +00:00
Jo-Philipp Wich
f2a19350fd firewall: depend on kmod-ipt-conntrack (#20542)
Our ruleset requires kernel support for conntrack state matching, therfore
depend on the require kmod. Fixes #20542.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46990
2015-09-17 15:31:45 +00:00
John Crispin
2c1d56af50 lantiq: Update to the latest DSL driver / application versions
Thanks to Sylwester Petela for testing my patch (successfully on an
ADSL connection) and for pointing out some configuration mistakes.
Others (including me) have also successfully tested this extensively
on VDSL connections.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 46920
2015-09-14 20:09:22 +00:00
Felix Fietkau
ced2b641e2 base-files: set kernel.core_pattern in sysctl.conf
Move the pattern setting from netifd's service script to
/etc/sysctl.conf.  Put the timestamp component '%t' just after
executable name '%e' for more natural order from output of ls command.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 46867
2015-09-11 16:35:17 +00:00
Steven Barth
eb866e413f firewall: Remove src_port from firewall.config to receive dhcpv6 replies
Seems like my second try was again whitespace broken. Sorry for the noise.

Remove src_port from firewall.config to receive dhcpv6 replies. Fixes #20295.

Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de>

SVN-Revision: 46842
2015-09-11 06:46:35 +00:00
Felix Fietkau
7e57d753a1 netifd: update to the latest version, fixes a WDS STA mode regression caused by multicast-to-unicast handling (#20466)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46841
2015-09-10 21:00:19 +00:00
Steven Barth
e07959cade package: replace ifconfig-usage with ip
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46832
2015-09-08 17:44:24 +00:00
Felix Fietkau
d4e9c8d7ef netifd: update to the latest version, adds multicast-to-unicast fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46719
2015-08-25 07:24:53 +00:00
Steven Barth
9f67c7fc8a netifd: various updates
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46718
2015-08-25 06:27:37 +00:00
Steven Barth
6831883100 firewall: fix typo in ESP rule
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46506
2015-07-27 11:47:20 +00:00
Steven Barth
f6abd042c2 firewall: comply with REC-22, REC-24 of RFC 6092
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46478
2015-07-24 10:00:45 +00:00
Felix Fietkau
26d71e9b25 netifd: update to the latest version, fixes setting RPS/XPS for wlan devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46421
2015-07-18 23:14:19 +00:00
John Crispin
d42b6c1afb swconfig: libsw.so should be installed into /usr/lib/
otherwise it's not picked up by toolchain:

staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_musl-1.1.10/lib/gcc/mipsel-openwrt-linux-musl/4.8.3/../../../../mipsel-openwrt-linux-musl/bin/ld: cannot find -lsw

Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 46406
2015-07-17 12:51:24 +00:00
John Crispin
c71ef0499b swconfig: Split libsw out of swconfig for reuse in other packages
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46358
2015-07-14 09:56:59 +00:00
Felix Fietkau
7a04fd0e3a swconfig: swlib.c: Fix another memleak
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46275
2015-07-08 15:59:38 +00:00
John Crispin
5da98f3478 swconfig: swlib.c: free name and description of attributes
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46232
2015-07-07 13:46:16 +00:00
John Crispin
294907aa3a swconfig: swlib.c: free portmaps in swlib_free()
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46231
2015-07-07 13:46:05 +00:00
John Crispin
2b9bdf4d6f swconfig: swlib.c: remove const qualifier for val.s since this is supposed to be free'd
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46230
2015-07-07 13:45:56 +00:00
John Crispin
08d4d4921d swconfig: swlib.c: free device name and alias
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46229
2015-07-07 13:45:44 +00:00
Steven Barth
a742fcaf3b netifd: add mtu6 option to override IPv6 MTU
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46135
2015-06-29 06:47:19 +00:00
Matteo Croce
1090df82be ltq-vdsl-app: build fix for MUSL
SVN-Revision: 46006
2015-06-16 21:43:26 +00:00
Steven Barth
ebfe8d8b08 netifd: bump to latest, various fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45926
2015-06-08 11:04:10 +00:00
Steven Barth
e6f9641df1 netifd: fix and optimize ipv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45768
2015-05-26 12:48:12 +00:00
Jo-Philipp Wich
35497a0400 firewall: link iptables extensions dynamically
Use shared libipt{,4,6}ext.so libraries instead of statically linking
the userspace matches into the fw3 executable.

As a side effect the match initialization is extremely simplified
compared to the weak function pointer juggling performed before.

This also fixes the initialization of the multiport match.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45764
2015-05-26 11:11:48 +00:00
Felix Fietkau
4eeeb91661 netifd: bump to current HEAD
This introduces a new config parameter "no-proto-task" useful for
xl2tpd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45748
2015-05-25 21:15:31 +00:00
Steven Barth
241dbffcf9 netifd: improve IPv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45701
2015-05-19 09:01:34 +00:00
Felix Fietkau
bf84a53f9b netifd-dhcp: supply parameters to user-script
hand over parameters to user-script e.g. $1=deconfig

Signed-off-by: Leon George <leon@georgemail.de>
Signed-off-by: Christian Mehlis <christian@m3hlis.de>

SVN-Revision: 45626
2015-05-08 10:44:19 +00:00
Steven Barth
d534883a52 firewall: Allow IGMP and MLD input on WAN
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.

RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

SVN-Revision: 45613
2015-05-05 13:22:41 +00:00
Steven Barth
a132313238 dhcp: add option specifying overriding custom-routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45594
2015-05-02 07:44:55 +00:00
Felix Fietkau
fe14e2a674 netifd: update to the latest version, fixes retry when proto handlers exit without changing the state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45550
2015-04-21 12:11:07 +00:00
Felix Fietkau
a285a0a034 netifd: update to the latest version, fixes more interface device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45503
2015-04-19 09:50:49 +00:00
Felix Fietkau
6293aae9d3 netifd: update to the latest version, fixes more device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45497
2015-04-18 21:35:16 +00:00
Felix Fietkau
bdd241ee29 netifd: update to the latest version, fixes issues in handling device config from interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45483
2015-04-17 19:28:10 +00:00
Felix Fietkau
c909a0354a qos-scripts: drop obsolete depdendency on iptabes-mod-filter (#19506)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45482
2015-04-17 18:52:28 +00:00
Steven Barth
6b062ad848 network: shorten names of generated interfaces
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45476
2015-04-17 13:10:19 +00:00
Felix Fietkau
bdb6c313de qos-scripts: remove layer7 support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45425
2015-04-13 22:23:26 +00:00
John Crispin
dcdd5c1ecb netifd: Interface last error support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45334
2015-04-09 10:33:05 +00:00
Steven Barth
4a1f19e15d netifd: revert policy routing (broke some custom user rules)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45185
2015-03-31 13:14:40 +00:00
Steven Barth
edf9b7a2a5 netifd: add metric argument for ipv4 proto routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45182
2015-03-31 11:36:20 +00:00
Steven Barth
7edbd6b4d7 netifd: adjust default local policy rules
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45059
2015-03-27 14:19:10 +00:00
John Crispin
242e37454a netifd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45020
2015-03-26 10:59:40 +00:00
Felix Fietkau
7cacd6bdb6 netifd: fix default initialization of RPS/XPS
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44944
2015-03-22 17:40:39 +00:00
Felix Fietkau
78692595e7 netifd: update to the latest version, adds support for configuring RPS/XPS (enabled by default where available)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44943
2015-03-22 16:42:44 +00:00
Steven Barth
8cfe2fb30b netifd: fix ipv6 route regression
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44919
2015-03-21 18:28:08 +00:00
Steven Barth
b27efd6e07 netifd: device update fixes, improvements in policy routing
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44899
2015-03-20 07:50:45 +00:00
Jo-Philipp Wich
eb7f470e7b netifd: dhcp: install host route to gateway (#19182)
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations install a host route towards the gateway.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44789
2015-03-15 14:48:18 +00:00
John Crispin
59c20174f8 json-c: update to 0.12 and bump all depending services
Version 0.12 deprecates json_object_object_get and moves the header files around

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44657
2015-03-11 15:54:33 +00:00
Steven Barth
0f365e4cb9 firewall: fix some more null-pointer accesses
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44540
2015-02-26 07:14:41 +00:00
Steven Barth
c975f83cc2 netifd: various device config / event fixes (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44480
2015-02-17 14:14:51 +00:00
Felix Fietkau
00d422fc60 netifd: update to the latest version, reverts a commit causing MTU issues (fixes #18869)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44461
2015-02-16 09:07:19 +00:00
Steven Barth
6ee8d1f178 netifd: fix device config handling and add some config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44331
2015-02-09 08:30:06 +00:00
Felix Fietkau
ea638e4eba netifd: fix a regression with some VLAN configurations introduced in the last update
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44098
2015-01-24 14:16:36 +00:00
Felix Fietkau
18d4b8783c netifd: do not stop service on shutdown, only call ifdown
Also add a small delay, like on restart

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44096
2015-01-24 13:41:04 +00:00
Felix Fietkau
c71cf8e6e4 netifd: update to the latest version, fixes bridge reload (#18351) and device config issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44093
2015-01-24 00:30:36 +00:00
Jo-Philipp Wich
1f6411e436 netifd: store additional DHCP lease information
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44092
2015-01-23 22:19:29 +00:00
Steven Barth
99fa07d07e netifd: add option to customize IPv6 interface identifiers (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44050
2015-01-19 08:39:04 +00:00
Jo-Philipp Wich
a6a142caf6 firewall: respect src_dip option for reflection (#18544)
Also fix wrong IPv4 netmask calculation on x86-64, thanks Ulrich Weber.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43874
2015-01-08 16:10:46 +00:00
Jo-Philipp Wich
7f6af5ddc9 qos-scripts: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43860
2015-01-06 12:42:38 +00:00
Steven Barth
4746ffd7a6 netifd: minor fixes, add mldversion option
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43771
2014-12-23 13:34:04 +00:00
Steven Barth
f565e0598d netifd: Set source IP for DHCP static routes as well
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 43645
2014-12-12 09:39:07 +00:00
Steven Barth
1f4ddec7f2 netifd: several fixes and optimizations
Thanks to Hans Dedecker and Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43583
2014-12-08 17:43:14 +00:00
Steven Barth
15d67644f1 This patch depends on "Pass source address to proto_add_ipv4_route".
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.

Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>

SVN-Revision: 43582
2014-12-08 17:43:03 +00:00
Felix Fietkau
62c33d9f62 qos-scripts: fix insmod commands
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43562
2014-12-08 12:03:47 +00:00
Steven Barth
200c30b426 netifd: correctly handle source-parameter for IPv4 routes
Thanks to Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43400
2014-11-27 07:26:10 +00:00
Felix Fietkau
185172bdd3 netifd: update to the latest version, fixes issues when changing a bridge member from a vlan to its base device (#18351)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43346
2014-11-23 16:07:00 +00:00
Steven Barth
047f1c8dca netifd: fix race, expose config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43299
2014-11-19 08:31:13 +00:00
Steven Barth
990b501ec4 netifd: fix default ORO-setting for 6rd
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43214
2014-11-08 12:24:49 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
John Crispin
26e308019d ltq-vdsl-app: use VDSL tone-setup if annex is unset
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 43114
2014-10-30 08:08:01 +00:00
Felix Fietkau
3cefd0af7d netifd: update to the latest version, fixes a use-after-free bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43044
2014-10-24 13:04:12 +00:00
Felix Fietkau
188eb85f5b netifd: update to the latest version, fixes link status handling on VLAN devices (#18106)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43007
2014-10-20 20:09:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
Steven Barth
9106cc0af9 netifd: Make mtu configurable of dynamic 6rd tunnel interface
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42871
2014-10-12 12:27:21 +00:00
Steven Barth
36b05bbed3 IPIP: IP in IP package support
The package supports IP in IP by registering the ipip protocol handler

Following options are configurable
    -peeraddr (IPv4 remote address)
    -ipaddr (IPv4 local address)
    -ttl (time to live of encapsulating packet)
    -tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
    -df (don't fragment flag of encapsulating packet)
    -mtu (IPIP tunnel mtu)
    -tunlink (bind tunnel to this interface)
    -zone (firewall zone to which the IPIP tunnel will be added)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42746
2014-10-02 19:37:36 +00:00
Steven Barth
73179a188c netifd: fix an error message during network shutdown
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.

Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42745
2014-10-02 19:37:25 +00:00
Steven Barth
1c166058df netifd: add IPIP tunnel support (thx Hans Dedecker)
SVN-Revision: 42744
2014-10-02 19:37:17 +00:00
Steven Barth
6e2262898f GRE: Tos support
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
     -inherit (outer header inherits the tos value of the inner header)
     -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42700
2014-09-29 18:00:02 +00:00
Steven Barth
30912c5d81 netifd: add support for promisc and GRE tos option
SVN-Revision: 42699
2014-09-29 17:59:50 +00:00
Jo-Philipp Wich
68147004e2 firewall: allow '*' as synonym for any / all in family and proto options
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42620
2014-09-19 18:18:58 +00:00
Jo-Philipp Wich
36e2179c10 firewall: fix heap corruption in fw3_bitlen2netmask() with IPv6 addresses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42610
2014-09-18 12:05:12 +00:00
Jo-Philipp Wich
cbf50a0ffd firewall: fix invalid memory access when processing /128 IPv6 addresses from ubus, properly emit REDIRECT rules for local port forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42604
2014-09-17 22:09:52 +00:00
John Crispin
50d313f409 lantiq: revert vr9 driver update as it causes problems
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42556
2014-09-15 16:19:33 +00:00
Felix Fietkau
8d699086c3 qos-scripts: disable fq_codel ecn by default to improve compatibility
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42479
2014-09-11 23:13:24 +00:00
John Crispin
e9dab2de72 lantiq: update to a newer versions of the vr9 drivers
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42478
2014-09-11 18:22:31 +00:00
Steven Barth
bd74df01b1 netifd: work-around kernel IPv6 on-link route issue
SVN-Revision: 42439
2014-09-08 14:45:56 +00:00
Felix Fietkau
008c7a9e5a netifd: update to the latest version, adds interface cleanup fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42345
2014-08-31 13:09:01 +00:00
Felix Fietkau
ba62bcbf24 netifd: update to the latest version, fixes proto-shell teardown after renew
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42344
2014-08-31 12:26:26 +00:00
John Crispin
2ae05c57f8 package/*: remove useless explicit set of function returncode
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.

myfunction()
{
	fire_command

	return $?
}

a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:

http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42278
2014-08-25 06:35:50 +00:00
John Crispin
b9ea44f947 firewall: the firewall did not start properly on boot
https://dev.openwrt.org/ticket/17593

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42233
2014-08-21 09:53:25 +00:00
Steven Barth
92ef017054 netifd: assign ipv6-prefixes with length <64 with /64 on-link routes
SVN-Revision: 42161
2014-08-13 14:57:11 +00:00
Jo-Philipp Wich
aa9e69908e firewall: fix potential NULL pointer access
Properly skip struct ifaddr entries with NULL ifa_addr, thanks Kostas Papadopoulos for reporting.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42138
2014-08-11 17:45:18 +00:00
Jo-Philipp Wich
fa37594f50 firewall: implement selective conntrack flushing (#10225)
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42114
2014-08-11 09:41:20 +00:00
Steven Barth
b95b4ede4c netifd: unblock some proto shell actions in teardown state
SVN-Revision: 42032
2014-08-07 10:21:08 +00:00
Steven Barth
6656292619 netifd: disable ds-lite, map & gre for old kernels
this unbreaks netifd compilation on old kernels

SVN-Revision: 42019
2014-08-06 19:57:19 +00:00
Steven Barth
1e6ab23098 netifd: minor fixes (thanks Hans Dedecker)
SVN-Revision: 42000
2014-08-05 10:03:10 +00:00
Steven Barth
bc0acb9db9 gre: Change hostdependcy to remote endpoint tunnel address
Depend on the GRE tunnel peeraddr to trigger setup of the tunnel interface.
Addresses the issue reported in https://lists.openwrt.org/pipermail/openwrt-devel/2014-August/027201.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41998
2014-08-05 09:57:55 +00:00
Steven Barth
7dabdbde78 gre: Generic Routing Encapsulation package support
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
    -gre
    -gretap
    -grev6
    -grev6tap

Following options are valid for gre and gretap kinds:
    -ipaddr
    -peeraddr
    -df
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The gretap kind supports additionally the network option

Following options are valid for grev6 and grev6tap kinds:
    -ip6addr
    -peer6addr
    -weakif
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The grev6tap kind supports additionally the network option

Typical network config for a GREv4 tunnel :

config interface 'gre'
        option peeraddr '172.16.18.240'
        option mtu '1400'
        option proto 'gre'
        option tunlink 'wan'
        option zone 'tunnel'

Typical network config for a GREv4 tap tunnel :

config interface 'gretap'
        option peeraddr '195.207.5.79'
        option mtu '1400'
        option proto 'gretap'
        option zone 'tunnel'
        option tunlink 'wan'
        option network 'wlan_ap'

I added myself as maintainer for the moment; feel free to change.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41897
2014-07-30 13:22:24 +00:00
Steven Barth
e413bb0e7e netifd: fixes and GRE support (thx Hans Dedecker)
SVN-Revision: 41896
2014-07-30 13:21:52 +00:00
Steven Barth
86671615de netifd: suppress fw3 warnings in dhcp script
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41892
2014-07-30 13:17:56 +00:00
Steven Barth
6a50e69b21 netifd: more race condition fixes in proto-shell
SVN-Revision: 41887
2014-07-29 17:24:23 +00:00
Steven Barth
7f17639742 netifd: more dynamic interface improvements
SVN-Revision: 41862
2014-07-28 20:35:53 +00:00
Felix Fietkau
76d7397bc2 netifd: fix a small issue in r41831
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41836
2014-07-26 14:35:15 +00:00
Felix Fietkau
ee4f8c8b99 netifd: update to the latest version, fixes a race condition with renew/setup
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41831
2014-07-26 01:46:34 +00:00
Steven Barth
ae50480d77 netifd: Fix some race-conditions in interface handling
SVN-Revision: 41825
2014-07-24 22:05:19 +00:00
Steven Barth
9231df5665 softwires: redesign dhcp(v6) provisioning
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 41823
2014-07-24 14:17:41 +00:00
Felix Fietkau
5206b2dac0 netifd: update to the latest version, enables bridge multicast querier and fixes interface reload issues with wifi
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41818
2014-07-24 09:13:04 +00:00
John Crispin
64a07e6a8b lantiq-dsl: add 2 ugly workarounds for the IB to work
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41787
2014-07-21 18:41:46 +00:00