Use shared libipt{,4,6}ext.so libraries instead of statically linking
the userspace matches into the fw3 executable.
As a side effect the match initialization is extremely simplified
compared to the weak function pointer juggling performed before.
This also fixes the initialization of the multiport match.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45764
hand over parameters to user-script e.g. $1=deconfig
Signed-off-by: Leon George <leon@georgemail.de>
Signed-off-by: Christian Mehlis <christian@m3hlis.de>
SVN-Revision: 45626
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations install a host route towards the gateway.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44789
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44092
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 43645
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.
Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>
SVN-Revision: 43582
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43114
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42871
The package supports IP in IP by registering the ipip protocol handler
Following options are configurable
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-ttl (time to live of encapsulating packet)
-tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packet)
-mtu (IPIP tunnel mtu)
-tunlink (bind tunnel to this interface)
-zone (firewall zone to which the IPIP tunnel will be added)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42746
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42745
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42700
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42114
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
-gre
-gretap
-grev6
-grev6tap
Following options are valid for gre and gretap kinds:
-ipaddr
-peeraddr
-df
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The gretap kind supports additionally the network option
Following options are valid for grev6 and grev6tap kinds:
-ip6addr
-peer6addr
-weakif
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The grev6tap kind supports additionally the network option
Typical network config for a GREv4 tunnel :
config interface 'gre'
option peeraddr '172.16.18.240'
option mtu '1400'
option proto 'gre'
option tunlink 'wan'
option zone 'tunnel'
Typical network config for a GREv4 tap tunnel :
config interface 'gretap'
option peeraddr '195.207.5.79'
option mtu '1400'
option proto 'gretap'
option zone 'tunnel'
option tunlink 'wan'
option network 'wlan_ap'
I added myself as maintainer for the moment; feel free to change.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 41897
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41787
Properly parse and pass arbritary netmasks to iptables, this allows
specifying ranges like '::c23f:eff:fe7a:a094/::ffff:ffff:ffff:ffff' to
match the host part of an IPv6 address regardless of the currently active
IPv6 prefix.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41760
Split connection mark into two parts:
The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.
For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41682
The commit 92281eb747b56e748b7c3d754055919c23befdd4 broke fw3_ubus_addresses() so that
no addresses where returned at all, this caused fw3 to not emit NAT reflection rules
anymore.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41556
They should be unnecessary with fq_codel, and simplifying rules helps
with performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41549
Reworks the handling of RT_TABLE_MAIN in system-linux.c so that ip rules
with lookup main can be properly setup.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41282
Let the first parameter of function config_get be local, because there
is a chance that config_get won't export the variable.
Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
SVN-Revision: 41000
- The package does not compile at the moment. Since there is a new
upstream version avaiable, use this new source instead.
- Upstream has already included our both patches.
- This is only compile tested, since I do not own any test hardware.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 40940
It's quite unconveniet to remember which ports are used by which applications, especially for not so advanced users.
Together with luci patch (discussed on IRC) this improves qos-scripts usability.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
SVN-Revision: 40935
* atm module needs to be loaded before linux-atm
* use absolute firmware paths
* extended validation
* add a script for mounting an optional firmware partition
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 40460