Steven Barth
0bf9032145
netifd: don't always assume addrs & routes are applied
...
netifd didn't check the netlink return values and kept assuming
routes are in place even if they weren't
SVN-Revision: 39755
2014-02-26 13:27:32 +00:00
Felix Fietkau
a15524582c
netifd: depend on libubox directly to rebuild on ABI changes
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39723
2014-02-23 17:32:15 +00:00
Felix Fietkau
6c8300df3d
netifd: update to latest version, fixes wireless device reload handling
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39706
2014-02-23 08:13:28 +00:00
Jo-Philipp Wich
b22ad85bc6
firewall: fix validation constraints
...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39649
2014-02-21 00:22:23 +00:00
Jo-Philipp Wich
354efde275
netifd: fix validation constraints
...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39648
2014-02-21 00:17:04 +00:00
Jo-Philipp Wich
21f4cf1a73
firewall: fix several ipset integration issues ( #15016 )
...
- Do not consider bitmap storage for IPv6 family sets
- Move ipset family parameter before any additional option
- Only emit family parameter for hash sets
- Do not allow IPv6 iprange for IPv4 sets and vice versa
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39647
2014-02-20 23:20:10 +00:00
John Crispin
8fb44e0d1e
netifd: add validation support
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39621
2014-02-18 13:34:04 +00:00
John Crispin
15ebcfc04e
firewall3: update init.d script to make use of procd
...
add validation data
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39617
2014-02-18 13:33:47 +00:00
John Crispin
204e859542
netifd: update to latest git head
...
this adds support for proto and wireless handler adding uci validation rules
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39614
2014-02-18 13:33:36 +00:00
Steven Barth
41acaaf893
netifd: work around dangling prefix kernel-routes ( fixes #14963 )
...
SVN-Revision: 39597
2014-02-16 11:20:22 +00:00
Steven Barth
af8f06beca
netifd: fix source-routing breaking 6in4 + others
...
6in4 historically allowed an ip6addr without a mask however the newly
introduced source-routing segfaulted in this scenario (#14958 + #14858 ).
Fixes include: "Fix ubus route src mask printing" and
"Disable netlink auto ack" (thanks to Hans Dedecker)
SVN-Revision: 39586
2014-02-14 21:21:44 +00:00
Steven Barth
229d186490
netifd: don't add unnecessary NOP policy rules
...
SVN-Revision: 39351
2014-01-20 18:23:02 +00:00
Steven Barth
fac5e62abd
firewall: don't reload if there were no address or data changes
...
This fixes packet loss due to reloading firewall every minute with IPv6
implementation of certain ISPs.
SVN-Revision: 39332
2014-01-19 17:35:33 +00:00
Steven Barth
bc8412b90e
netifd: Add IFUPDATE-flags and use main IPv6 routing table again
...
SVN-Revision: 39306
2014-01-17 13:59:40 +00:00
John Crispin
a844275f37
firewall: improve logging in hotplug script
...
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 39300
2014-01-15 18:29:59 +00:00
John Crispin
4810de8e4b
swconfig: improve usability when switch device incorrect
...
http://patchwork.openwrt.org/patch/4701/
Signed-off-by: Andreas Mohr <andim2@users.sf.net>
SVN-Revision: 39229
2014-01-12 12:07:01 +00:00
Felix Fietkau
20151a3394
netifd: initialize the switch early at start time and on reload ( fixes #13015 )
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39183
2013-12-31 13:09:20 +00:00
Felix Fietkau
6865f1d6b2
netifd: update to the latest version, fixes wireless related segfaults on arm
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39180
2013-12-29 02:26:34 +00:00
Felix Fietkau
5607a13aa1
netifd: update to the latest version, fixes wifi related segfaults
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39176
2013-12-28 14:19:54 +00:00
John Crispin
d1156bca0a
swconfig: remove useless variables, return -1 on errors
...
spotted with cppcheck
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
SVN-Revision: 39170
2013-12-27 21:15:20 +00:00
Jo-Philipp Wich
1789744958
netifd: add reload trigger for /etc/config/wireless as well
...
SVN-Revision: 39131
2013-12-18 12:38:29 +00:00
Jo-Philipp Wich
de5ebc19c0
firewall: fix handling of tcp_ecn parameter
...
The firewall3 implementation as well as the shell implementation predating it
used to process the tcp_ecnoption as boolean while it actually is an integer.
Change the code to parse tcp_ecn as integer.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39122
2013-12-17 16:59:47 +00:00
Felix Fietkau
12c05542e8
netifd: update to latest version, fixes a null pointer crash
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39088
2013-12-16 10:08:13 +00:00
Steven Barth
e49d67f192
Convert DHCP->6rd and DHCPv6->DS-Lite autoconfig to dynamic interface
...
SVN-Revision: 39061
2013-12-15 19:38:53 +00:00
Felix Fietkau
ce062a7b5c
netifd: update to the latest version, adds a revert of the link state handling patches which caused regressions in combination with wifi devices
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39050
2013-12-14 14:59:05 +00:00
Felix Fietkau
47730fe355
netifd: prevent an unnecessary restart of netifd-managed wifi interfaces at boot time
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39046
2013-12-13 16:43:11 +00:00
Felix Fietkau
3f744a4ad3
netifd: fix crashes triggered by adding/removing wireless devices on reload
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39035
2013-12-11 18:23:52 +00:00
John Crispin
31a2912cd9
netifd: enable coredumps again
...
got broken due procd startup. Requires procd resource limit patch.
Signed-off-by: Ulrich Weber <uw@xyne.com>
SVN-Revision: 39020
2013-12-09 17:29:34 +00:00
Felix Fietkau
6242255df2
netifd: update to the latest version, adds tunnel fixes by Hans Dedecker and adds back support for multiple networks per wifi-iface
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39004
2013-12-08 18:00:05 +00:00
Felix Fietkau
4155016637
netifd: update to the latest version, improves wireless status output and fixes some bridge handling issues
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38992
2013-12-03 14:17:44 +00:00
Felix Fietkau
3c50feca19
wifi: rename the "reload" (restarting non-netifd wifi) command to "reload_legacy"
...
Add a new "reload" command that reloads the netifd config as well
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38989
2013-12-02 16:53:24 +00:00
Felix Fietkau
498d84fc4e
netifd: add wireless configuration support and port mac80211 to the new framework
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38988
2013-12-02 16:41:03 +00:00
Felix Fietkau
107bcb5de3
netifd: remove redundant calls to /sbin/wifi down
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38982
2013-12-02 13:08:00 +00:00
Jo-Philipp Wich
bc9043cc53
firewall: optimize DNAT rules and skip invalid rules and redirects ( #14485 )
...
- instead of writing one (or more) ACCEPT rules in the filter table
for each redirect install a global ctstate DNAT accept rule per zone
- discard rules and redirects which have invalid options set instead
of silently skipping the invalid values
SVN-Revision: 38849
2013-11-18 11:59:27 +00:00
Felix Fietkau
e78e720a6f
netifd: remove connect_time from /var/state, it is unused
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38704
2013-11-10 10:01:33 +00:00
John Crispin
edf6236838
lantiq: fix vdsl-app dependency
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 38666
2013-11-07 12:45:39 +00:00
Felix Fietkau
e16f104a6f
netifd: update to the latest version, fixes regression in proto-shell scripts ( #14400 , #14402 )
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38627
2013-10-31 11:22:01 +00:00
Felix Fietkau
22890e6382
netifd: update to latest version, adds fixes and some preparation for supporting wifi devices
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38606
2013-10-30 11:25:01 +00:00
Steven Barth
bb699867e0
firewall: Improve ubus support
...
* Use network.interface dump call instead of individual status calls
to reduce overall netifd lookups and invokes to 1 per fw3 process.
* Allow protocol handlers to assign a firewall zone for an interface
in the data section to allow for dynamic firewall zone assignment.
SVN-Revision: 38504
2013-10-23 10:25:26 +00:00
Steven Barth
91b173d231
netifd: Fix ifupdate events
...
SVN-Revision: 38458
2013-10-19 11:01:25 +00:00
Steven Barth
c3bcdd59de
netifd: various improvements
...
* Add ubus methods for global interface status
* Add ubus function to create nested interfaces
* Add protocol update notifications and hotplug legacy calls
* Fix: key to data elements point at wrong memory area
* Add support for source-restricted routes
* Add option "delegate" to toggle prefix delegation
* Reevaluate target routes also on interface update
SVN-Revision: 38453
2013-10-18 13:39:43 +00:00
Steven Barth
56bc536713
netifd: rename customopts to sendopts for consistency
...
SVN-Revision: 38437
2013-10-17 13:12:06 +00:00
Steven Barth
c759b49a4f
Added 'customopts' dhcp protocol option, which is an array passed along to udhcpc as series of -x options.
...
Signed-off-by: Markus Stenberg <markus.stenberg@iki.fi>
SVN-Revision: 38436
2013-10-17 12:55:40 +00:00
Hauke Mehrtens
e1523b5504
switch: remove old switch driver
...
The switch driver is not used by brcm47xx any more and can be removed,
instead of this switch driver b53 is used now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 38387
2013-10-13 22:15:31 +00:00
Hauke Mehrtens
af32e63bae
lantiq: add some missing PKG_SOURCE_URLs
...
These URLs where missing and causes build failures.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 38376
2013-10-12 22:33:55 +00:00
Jo-Philipp Wich
db3013852a
firewall: small improvements in nat reflection
...
- do not insert duplicate rules when setting up reflection to a zone containing multiple interfaces
- set up reflection for any protocol, not just TCP and UDP
SVN-Revision: 38361
2013-10-10 18:15:10 +00:00
Felix Fietkau
e96695df10
netifd: update to latest version, adds macvlan support
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38299
2013-10-03 14:51:34 +00:00
Steven Barth
1d485c737e
netifd: don't remove & readd addresses that only have a changed lifetime
...
SVN-Revision: 38269
2013-10-01 17:30:05 +00:00
John Crispin
f874094402
procd: convert various packages to procd style init.d scripts
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 38023
2013-09-17 21:45:30 +00:00
Felix Fietkau
7fc90889d5
netifd: update to the latest version, fixes a bridge handling corner case on config reload
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37856
2013-08-29 22:20:36 +00:00
Jo-Philipp Wich
2864fb107f
firewall: update to git head
...
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
- fixes support for rule sections with target "NOTRACK"
SVN-Revision: 37777
2013-08-14 15:40:38 +00:00
Jo-Philipp Wich
d6e8047f83
firewall: update to git head
...
- handles redirects as port relocations if the dest_ip points to the router itself
SVN-Revision: 37374
2013-07-16 14:04:59 +00:00
Steven Barth
54ae5ce507
netifd: Fix IPv6-prefix assignment with continuous hints
...
SVN-Revision: 37371
2013-07-16 12:07:11 +00:00
Luka Perkov
1a963355b0
netifd: update to latest version, add bridge_empty option
...
with this option enabled it's possible to create empty bridges
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37318
2013-07-14 18:50:04 +00:00
John Crispin
7d7c2ff5f9
swconfig: fix dependency bug introduced by [37304]
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37316
2013-07-14 18:16:42 +00:00
Hauke Mehrtens
f8d55e7541
brcm47xx: use b53 phy driver for the switch in kernel 3.10
...
This makes it possible to use swconfig to controll the switch.
This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.
SVN-Revision: 37304
2013-07-14 14:11:17 +00:00
Felix Fietkau
f98f69adc9
firewall: add missing dependencies
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37224
2013-07-10 11:33:48 +00:00
John Crispin
fc40051569
lantiq: move dsl tools to package/network/config
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37198
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich
4aa82d07a6
firewall: allow routed lan<->lan traffic by default
...
SVN-Revision: 37171
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich
2d506f46fb
firewall: update to git head
...
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
SVN-Revision: 37082
2013-06-29 13:28:27 +00:00
Steven Barth
d8051a8814
netifd: fix typo in dhcp script
...
SVN-Revision: 37051
2013-06-28 04:19:21 +00:00
Felix Fietkau
b4babf9f81
netifd: update to latest version, fixes a NULL pointer deref bug
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36965
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich
65f82e2311
firewall: update to git head
...
- fixes misprocessing of unknown symbolic protocol names
SVN-Revision: 36963
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich
37ae268729
firewall: update to git head
...
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
2013-06-18 14:14:35 +00:00
Steven Barth
9f1899242c
netifd: IPv6: Fix sorting order in last commit.
...
SVN-Revision: 36952
2013-06-17 21:29:14 +00:00
Steven Barth
213269a8f7
netifd: Satisfy IPv6 assignments ordered by prefix length
...
SVN-Revision: 36950
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich
36d3fafd77
firewall: update to git head
...
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich
0db38adf1c
firewall: update to git head
...
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
2013-06-13 12:49:00 +00:00
Felix Fietkau
9fb5bf176e
netifd: update to latest version, uses the new uci/blob code from libuci
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36909
2013-06-10 12:42:30 +00:00
Steven Barth
491deaed2c
netifd: improve reloading behaviour
...
SVN-Revision: 36903
2013-06-10 10:42:15 +00:00
Steven Barth
f995c90329
netifd: Improve IPv6 source-routing policies
...
SVN-Revision: 36884
2013-06-08 13:26:33 +00:00
Jonas Gorski
b9de8ca7f5
netifd: bring wifi down before shutting down
...
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 36883
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich
e7b15446a8
firewall: udpate to git head ( #13652 , #13654 , #13658 )
...
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich
5cf06bd17b
firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
...
SVN-Revision: 36868
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich
ecc95dcba8
firewall: update to git head ( #13652 )
...
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3
firewall3: fix accidentally changed install directive
...
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88
firewall: fix git source url
...
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221
firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
...
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09
Drop legacy firewall package
...
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257
firewall3: update to git head ( #13641 )
...
* Fixes wrong chain used for zone forward policy
SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e
firewall3: update to git head
...
- Fixes problems with reusing matches or targets from loadable extensions
SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich
3bb397c997
firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
...
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
519f27cd33
netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
...
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Steven Barth
439fdd4d65
netifd: fix IPv6-addresses disappearing due to lifetime-overflows
...
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich
63603ee478
firewall3: update to git head
...
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1
firewall3: update to git head
...
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich
90887b5fb3
firewall3: update to git head
...
- fixes linking issues with some toolchains
SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich
c1ff8cd9bb
firewall3: update to git head
...
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Steven Barth
32c6ffb5a1
firewall3: Remove abandonend include
...
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259
firewall3: update to git head
...
- fix build on Linux < 3.7
- limit zone names to 14 bytes
SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich
c12189b379
firewall3: update to git head
...
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich
dd83e87ab0
firewall3: update to git head
...
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
9b6c31d4cc
firewall3: move libext*.a copying to compile phase
...
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
e8050c6c35
firewall3: update to git head
...
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Steven Barth
0f1be4425f
netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
...
Based on a patch by Kristian Evensen. Thank You.
SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Steven Barth
5ce135ed87
netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
...
SVN-Revision: 36627
2013-05-13 17:12:34 +00:00
Steven Barth
ea71678b09
netifd: added support for setting up 6rd from DHCP
...
SVN-Revision: 36626
2013-05-13 17:12:30 +00:00
Steven Barth
973dad61b0
firewall3: Remove obsoleted ULA-border
...
SVN-Revision: 36624
2013-05-13 17:12:20 +00:00
Steven Barth
07d99b62b7
firewall3: add wan6 interface to wan-zone by default
...
SVN-Revision: 36623
2013-05-13 17:12:15 +00:00
Steven Barth
4cb9d9715c
firewall: Remove obsoleted ULA-border rule
...
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
4bba31b64c
firewall3: update to git head
...
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422 , #13386 )
- add support for fwmark matches and mark setting targets
SVN-Revision: 36521
2013-05-02 13:42:20 +00:00
Jo-Philipp Wich
f1497ccf4f
netifd: update to git head - disables multicast snooping by default on bridges
...
SVN-Revision: 36463
2013-04-27 09:28:40 +00:00
Felix Fietkau
5062838fa5
netifd: update to the latest version, fixes interface reload issues when removing the ifname option
...
SVN-Revision: 36424
2013-04-25 16:28:19 +00:00
Steven Barth
2c78c1457b
firewall3: Make IPv6 ULA-Border generation dynamic
...
This fixes working behind another router which gives out ULAs.
SVN-Revision: 36416
2013-04-24 14:17:24 +00:00
Steven Barth
17b8c0c7b8
netifd: Improve IPv6-ULA assignment handling
...
SVN-Revision: 36383
2013-04-22 19:40:06 +00:00
Felix Fietkau
099e3d8183
netifd: update to latest version, fixes some device handling crashes
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36336
2013-04-15 14:21:45 +00:00
Felix Fietkau
88c418bc75
qos-scripts: add queue length and quantum limit, suggested by dtaht
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36294
2013-04-09 14:59:10 +00:00
John Crispin
04dcd12c91
add portmap support to userland
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36284
2013-04-09 14:19:13 +00:00
John Crispin
f13ae9965c
add "swconfig list" support
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36282
2013-04-09 14:19:05 +00:00
Jo-Philipp Wich
f90f025f20
netifd: fix route / route6 regression ( #13303 )
...
SVN-Revision: 36281
2013-04-09 12:21:12 +00:00
Steven Barth
3abc915522
Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
...
SVN-Revision: 36280
2013-04-09 12:12:30 +00:00
Steven Barth
35d716fbbb
netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
...
SVN-Revision: 36196
2013-04-05 12:28:06 +00:00
Steven Barth
0393e52623
netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
...
SVN-Revision: 36193
2013-04-03 17:08:21 +00:00
Jo-Philipp Wich
6fa1b5346e
firewall3: update to git head
...
* fixes parsing of src/dest '*'
* fixes parsing of proto 'all'
SVN-Revision: 36111
2013-03-22 14:10:29 +00:00
Jo-Philipp Wich
76d1c0a067
firewall3: update to git head
...
* fixes port remapping rules (#13217 )
SVN-Revision: 36100
2013-03-21 14:25:17 +00:00
Steven Barth
261be7b8f3
netifd: Fix adding IPv6 DNS-servers to resolv.conf
...
In some cases IPv6 DNS-servers were not added correctly.
SVN-Revision: 36095
2013-03-20 13:49:39 +00:00
Jo-Philipp Wich
6fbd824e9b
firewall3: update to git head
...
* fixes reload handling of zones and ipsets that are still running but already deleted from the config
SVN-Revision: 36092
2013-03-19 16:18:05 +00:00
Jo-Philipp Wich
03cb7986fc
firewall3: update to git head
...
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197 )
- do not allow src_mac option for SNAT rules
SVN-Revision: 36090
2013-03-19 13:54:34 +00:00
Jo-Philipp Wich
54f9f47a28
firewall3: update to git head
...
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
SVN-Revision: 36009
2013-03-14 15:29:43 +00:00
Jo-Philipp Wich
9faa312dbb
firewall3: update to git head
...
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
SVN-Revision: 35998
2013-03-13 15:46:30 +00:00
Jo-Philipp Wich
8c7ed1cb7b
firewall3: update to git head
...
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
SVN-Revision: 35969
2013-03-11 20:52:20 +00:00
Jo-Philipp Wich
e259ecad7e
Revert "firewall3: update to git head"
...
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.
SVN-Revision: 35904
2013-03-08 19:52:18 +00:00
Jo-Philipp Wich
50213fc354
firewall3: update to git head
...
- introduce per-zone user chains
- support legacy "tcpudp" protocol notation
SVN-Revision: 35903
2013-03-08 15:27:33 +00:00
Jo-Philipp Wich
d75c632de6
firewall3: add default config and firewall.user
...
SVN-Revision: 35889
2013-03-05 13:45:09 +00:00
Jo-Philipp Wich
89be702bff
firewall3: update to git head, introduces support for "enabled" option
...
SVN-Revision: 35845
2013-03-02 17:09:33 +00:00
Jo-Philipp Wich
557c047f71
firewall3: clear contnrack table on flush, set policies to drop during rule reload
...
SVN-Revision: 35820
2013-02-27 14:09:37 +00:00
Jo-Philipp Wich
92062542e2
firewall: fix logging rule regression ( #12999 )
...
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
4fb2cd18c1
firewall3: add support for shell script and iptables-restore style includes
...
SVN-Revision: 35744
2013-02-22 12:45:38 +00:00
Steven Barth
a7b262dc0a
netifd: only update resolv.conf.auto if changed This avoids logspam under certain conditions.
...
SVN-Revision: 35743
2013-02-22 08:56:29 +00:00
Jo-Philipp Wich
7d7d88b580
firewall3: update to git head
...
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')
SVN-Revision: 35738
2013-02-21 22:33:44 +00:00
Jo-Philipp Wich
02b0c62f33
firewall3 - a C implementation of the current firewall scripts
...
SVN-Revision: 35643
2013-02-17 19:26:52 +00:00
Jo-Philipp Wich
e106f25ee7
firewall: various enhancements
...
- reduce mssfix related log spam (#10681 )
- separate src and dest terminal chains (#11453 , #12945 )
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
2013-02-04 14:38:33 +00:00
Steven Barth
6a43437908
netifd: Improved IPv6 featureset * Fix reloading of ula-prefixes * Added support for temporary addresses and routes * Added support for offlink addresses * Improved status-output for assigned prefixes
...
SVN-Revision: 35420
2013-02-01 12:28:43 +00:00
Felix Fietkau
65657fb585
netifd: update to latest version
...
fixes DNS servers on reload (#12910 )
fixes ubus object race on reload or down/up (#12612 )
SVN-Revision: 35383
2013-01-29 14:40:04 +00:00
Steven Barth
777f7b30ae
netifd: implement IPv6 prefix deprecation according to RFC 6204
...
SVN-Revision: 35377
2013-01-29 11:05:22 +00:00
Steven Barth
fac1ed35ac
netifd: remove IPv6 forwarding-sysctl workaround
...
SVN-Revision: 35369
2013-01-29 10:13:39 +00:00
Felix Fietkau
6ea9abadeb
netifd: update to latest version, fixes setting addresses/routes on alias interfaces
...
SVN-Revision: 35362
2013-01-28 20:35:55 +00:00
Jo-Philipp Wich
839f3ab0e7
firewall: flush conntrack table after changing interface rules
...
SVN-Revision: 35348
2013-01-28 15:53:44 +00:00
Steven Barth
ec41a6a08c
netifd: IPv6 sysctl, restart IPv6 in static mode to send RS
...
SVN-Revision: 35347
2013-01-28 14:07:27 +00:00
Steven Barth
75b06607db
netifd: add SLAAC ipv6 value for static-proto
...
SVN-Revision: 35346
2013-01-28 13:53:48 +00:00
Felix Fietkau
55eab5ac44
netifd: update to latest version, adds another fix for interface aliases
...
SVN-Revision: 35297
2013-01-22 16:05:59 +00:00
Steven Barth
5859fc7a39
netifd: Fix a segfault when globals.ula_prefix is empty
...
SVN-Revision: 35296
2013-01-22 15:49:42 +00:00
Steven Barth
f129c6786e
netifd: Fix segfaults in IPv6 prefix handling
...
SVN-Revision: 35259
2013-01-21 09:21:30 +00:00
Felix Fietkau
5bc6555e08
netifd: update to latest version, fixes alias support
...
SVN-Revision: 35251
2013-01-20 15:47:09 +00:00
Jo-Philipp Wich
f2766239ea
netifd: add a band-aid fix for the wifi setup vs. netifd init race by increasing the wait time to five seconds
...
SVN-Revision: 35240
2013-01-19 10:13:14 +00:00
Steven Barth
1ecc744583
netifd: @aliases use layer 3 devices instead of main devices Fixes dhcpv6 protocol alias
...
SVN-Revision: 35187
2013-01-17 08:28:51 +00:00
Steven Barth
06890959d1
netifd: Introduce native IPv6 prefix-handling
...
SVN-Revision: 35167
2013-01-15 13:07:41 +00:00
Jo-Philipp Wich
e5548b03e5
netifd: update to git head, adds 64bit counters
...
SVN-Revision: 35140
2013-01-13 19:48:52 +00:00
Steven Barth
b077480a59
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
...
SVN-Revision: 35012
2013-01-04 15:59:28 +00:00
Felix Fietkau
bf34eeaea4
netifd: update to latest version, fixes interface error reporting for shell proto handlers
...
SVN-Revision: 34741
2012-12-17 22:24:31 +00:00