Commit graph

317 commits

Author SHA1 Message Date
Jo-Philipp Wich
e4f8c38ed1 firewall3: update to git head
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
  - automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
  - properly support output rules with dest '*' to hook directly into delegate_output
  - fixes crash when processing rules with unresolved targets

SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Steven Barth
f63064a257 6relayd: Fix DHCPv6-server picking up addresses from master interface
SVN-Revision: 36718
2013-05-26 10:06:02 +00:00
Jo-Philipp Wich
90887b5fb3 firewall3: update to git head
- fixes linking issues with some toolchains

SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Steven Barth
d8d7d7f4aa 6relayd: fix a lease-timing issue with stateful DHCPv6
SVN-Revision: 36702
2013-05-24 12:31:30 +00:00
Jo-Philipp Wich
c1ff8cd9bb firewall3: update to git head
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
  - Do not leak memory when processing rules with unknown targets or matches

SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Felix Fietkau
75bb3138aa uhttpd: update to latest version, fixes #13564, #13560, improves error handling as pointed out in #13537
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36696
2013-05-23 10:50:42 +00:00
Steven Barth
32c6ffb5a1 firewall3: Remove abandonend include
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259 firewall3: update to git head
- fix build on Linux < 3.7
  - limit zone names to 14 bytes

SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Steven Barth
9c3ac668e0 6relayd: Let OpenWrt override default CFLAGS
SVN-Revision: 36690
2013-05-22 11:58:54 +00:00
Jo-Philipp Wich
c12189b379 firewall3: update to git head
- fixes reload when firewall is not running already
  - fixes crash when ipsets are supported but undeclared
  - fixes handling of per zone user chains on reload

SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Steven Barth
9d115df749 6relayd: Fix a segfault when multiple downstream interfaces are present
SVN-Revision: 36687
2013-05-21 18:05:37 +00:00
Jo-Philipp Wich
dd83e87ab0 firewall3: update to git head
- fixes segfault in flush command if ipset support is not available
  - fixes internal rule generation if custom chains are enabled

SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
6eec8009ba ipset: remove dependency on iptables-mod-ipset - technically it does not depend on it and the iptables matches are now part of the base
SVN-Revision: 36685
2013-05-21 13:00:28 +00:00
Jo-Philipp Wich
9b6c31d4cc firewall3: move libext*.a copying to compile phase
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
8df6cd005c netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset
SVN-Revision: 36683
2013-05-21 12:58:15 +00:00
Jo-Philipp Wich
e8050c6c35 firewall3: update to git head
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
 * make ipset integration more reliable

SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Jo-Philipp Wich
a9a9644efd iptables: use -ffunction-sections, -fdata-sections and --gc-sections
SVN-Revision: 36680
2013-05-21 10:15:10 +00:00
Steven Barth
24c39ddcf7 odhcp6c: Various fixes * Honour T1 and T2 values from servers better * Correctly send Reconfigure-Accept option in requests
SVN-Revision: 36678
2013-05-21 09:13:48 +00:00
Steven Barth
37baf2d6b2 6relayd: Various DHCPv6-fixes * Be more standards-compliant in stateful mode * Handle hostnames from Windows-clients correctly * Handle messages from DHCPv6-relays better
SVN-Revision: 36677
2013-05-21 09:13:40 +00:00
Steven Barth
c6f70381c9 odhcp6c: Fix address / prefix expiry logic
SVN-Revision: 36675
2013-05-20 14:54:20 +00:00
Steven Barth
dd161ae62b dnsmasq: add directory for external hosts-files
SVN-Revision: 36655
2013-05-17 14:44:12 +00:00
Steven Barth
334c40da14 6relayd: Add stateful DHCPv6-support (IA_NA) * Add management_level option (0: set O-flag, >=1: set M-flag) * Add support for static DHCPv6-leases * Various fixes for DHCPv6-PD
SVN-Revision: 36654
2013-05-17 14:44:07 +00:00
Steven Barth
0f1be4425f netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.

SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Felix Fietkau
7365e647f6 uhttpd: update to latest version, fixes index page processing order
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36644
2013-05-16 11:38:19 +00:00
Luka Perkov
4fc8e64a40 iproute2: workaround compile issues with gcc 4.8.x
SVN-Revision: 36642
2013-05-16 00:04:48 +00:00
Steven Barth
a62ca72309 odhcp6c: Fix handling of RAs when no DHCPv6-server is present
SVN-Revision: 36641
2013-05-15 11:07:01 +00:00
Luka Perkov
580481cd6d iproute2: upgrade to 3.9.0
SVN-Revision: 36638
2013-05-14 23:49:34 +00:00
Luka Perkov
5be36cbe83 iproute2: print help in connmark
SVN-Revision: 36637
2013-05-14 23:49:31 +00:00
Felix Fietkau
d090eea125 uhttpd: update to latest version, fixes a SSL connection memory leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36636
2013-05-14 17:43:00 +00:00
Felix Fietkau
d481486aad package: fold the IPv6 menu into Network
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36634
2013-05-14 15:02:31 +00:00
Steven Barth
e8f3897389 6relayd: Always announce the current MAC-address
* Fixes #13516 thanks to berni for the detailed bugreport.

SVN-Revision: 36629
2013-05-13 17:54:36 +00:00
Steven Barth
a1af842016 ds-lite: add ds-lite network protocol handler
SVN-Revision: 36628
2013-05-13 17:12:39 +00:00
Steven Barth
5ce135ed87 netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
SVN-Revision: 36627
2013-05-13 17:12:34 +00:00
Steven Barth
ea71678b09 netifd: added support for setting up 6rd from DHCP
SVN-Revision: 36626
2013-05-13 17:12:30 +00:00
Steven Barth
ad93a571c6 odhcp6c: added support for DS-Lite + various fixes
SVN-Revision: 36625
2013-05-13 17:12:25 +00:00
Steven Barth
973dad61b0 firewall3: Remove obsoleted ULA-border
SVN-Revision: 36624
2013-05-13 17:12:20 +00:00
Steven Barth
07d99b62b7 firewall3: add wan6 interface to wan-zone by default
SVN-Revision: 36623
2013-05-13 17:12:15 +00:00
Steven Barth
4cb9d9715c firewall: Remove obsoleted ULA-border rule
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Steven Barth
8560648082 6rd: increase metric of default route
This will prefer native IPv6 over 6rd if both are present.

SVN-Revision: 36605
2013-05-12 08:07:15 +00:00
Jo-Philipp Wich
d59f8cfa8e iwinfo: only consider joined bss when finding current operating frequency, fixes spurious misreporting of frequencies in ad-hoc mode
SVN-Revision: 36604
2013-05-12 01:12:56 +00:00
Steven Barth
29d4c36622 add uci support for "proxy-dnssec" in dnsmasq
This patch simply adds support for the "--proxy-dnssec" command in dnsmasq into the init file so it can be used with /etc/config/dhcp.

Signed-off-by: Adam Gensler <openwrt@kristenandadam.net>

SVN-Revision: 36570
2013-05-07 07:19:51 +00:00
Felix Fietkau
9d8e3e03df iw: update to 3.10, sync with nl80211.h changes in compat-wireless
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36569
2013-05-06 22:35:50 +00:00
Steven Barth
9c1ed6447b odhcp6c: Make SLAAC-only work without reqprefix=no
Previously if the upstream router did not provide any DHCPv6-service
the wan6 interface would not come up even if RAs were received. The new
behavior allows the wan6 interface to comeup with RA-only configuration
after a timeout of 10s.

SVN-Revision: 36555
2013-05-06 10:20:43 +00:00
Jo-Philipp Wich
95e139d0b2 ipset-dns: support simultaneously populating IPv4 and IPv6 sets
SVN-Revision: 36554
2013-05-06 10:01:45 +00:00
Jo-Philipp Wich
3c17fd41a4 Add ipset-dns - a tiny DNS proxy service which puts resolved ip addresses into a specified ipset
SVN-Revision: 36552
2013-05-06 08:44:54 +00:00
Felix Fietkau
b85c442e81 hostapd: enable 802.11r for the -full variant (#13250)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36533
2013-05-03 10:39:57 +00:00
Jo-Philipp Wich
4bba31b64c firewall3: update to git head
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
	- add support for fwmark matches and mark setting targets

SVN-Revision: 36521
2013-05-02 13:42:20 +00:00
Jo-Philipp Wich
a0b655b8f2 Fix install of iptables pkg-config files.
libiptc.pc depends on libip[4|6]tc.pc, thus all of those need to be
installed.
Should fix collectd build and thus #13146; which should make collectd
appear in snapshots again.

Signed-off-by: Danny Baumann <dannybaumann@web.de>

SVN-Revision: 36509
2013-05-02 08:10:55 +00:00
Jo-Philipp Wich
f1e214411d iwinfo: fix iwinfo_hardware() return value if chip id is not found
SVN-Revision: 36471
2013-04-28 14:04:39 +00:00
Jo-Philipp Wich
f1497ccf4f netifd: update to git head - disables multicast snooping by default on bridges
SVN-Revision: 36463
2013-04-27 09:28:40 +00:00