Commit graph

272 commits

Author SHA1 Message Date
Steven Barth
0bf9032145 netifd: don't always assume addrs & routes are applied
netifd didn't check the netlink return values and kept assuming
routes are in place even if they weren't

SVN-Revision: 39755
2014-02-26 13:27:32 +00:00
Felix Fietkau
a15524582c netifd: depend on libubox directly to rebuild on ABI changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39723
2014-02-23 17:32:15 +00:00
Felix Fietkau
6c8300df3d netifd: update to latest version, fixes wireless device reload handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39706
2014-02-23 08:13:28 +00:00
Jo-Philipp Wich
b22ad85bc6 firewall: fix validation constraints
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39649
2014-02-21 00:22:23 +00:00
Jo-Philipp Wich
354efde275 netifd: fix validation constraints
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39648
2014-02-21 00:17:04 +00:00
Jo-Philipp Wich
21f4cf1a73 firewall: fix several ipset integration issues (#15016)
- Do not consider bitmap storage for IPv6 family sets
	- Move ipset family parameter before any additional option
	- Only emit family parameter for hash sets
	- Do not allow IPv6 iprange for IPv4 sets and vice versa

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39647
2014-02-20 23:20:10 +00:00
John Crispin
8fb44e0d1e netifd: add validation support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39621
2014-02-18 13:34:04 +00:00
John Crispin
15ebcfc04e firewall3: update init.d script to make use of procd
add validation data

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39617
2014-02-18 13:33:47 +00:00
John Crispin
204e859542 netifd: update to latest git head
this adds support for proto and wireless handler adding uci validation rules

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39614
2014-02-18 13:33:36 +00:00
Steven Barth
41acaaf893 netifd: work around dangling prefix kernel-routes (fixes #14963)
SVN-Revision: 39597
2014-02-16 11:20:22 +00:00
Steven Barth
af8f06beca netifd: fix source-routing breaking 6in4 + others
6in4 historically allowed an ip6addr without a mask however the newly
introduced source-routing segfaulted in this scenario (#14958 + #14858).

Fixes include: "Fix ubus route src mask printing" and
"Disable netlink auto ack" (thanks to Hans Dedecker)

SVN-Revision: 39586
2014-02-14 21:21:44 +00:00
Steven Barth
229d186490 netifd: don't add unnecessary NOP policy rules
SVN-Revision: 39351
2014-01-20 18:23:02 +00:00
Steven Barth
fac5e62abd firewall: don't reload if there were no address or data changes
This fixes packet loss due to reloading firewall every minute with IPv6
implementation of certain ISPs.

SVN-Revision: 39332
2014-01-19 17:35:33 +00:00
Steven Barth
bc8412b90e netifd: Add IFUPDATE-flags and use main IPv6 routing table again
SVN-Revision: 39306
2014-01-17 13:59:40 +00:00
John Crispin
a844275f37 firewall: improve logging in hotplug script
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

SVN-Revision: 39300
2014-01-15 18:29:59 +00:00
John Crispin
4810de8e4b swconfig: improve usability when switch device incorrect
http://patchwork.openwrt.org/patch/4701/

Signed-off-by: Andreas Mohr <andim2@users.sf.net>

SVN-Revision: 39229
2014-01-12 12:07:01 +00:00
Felix Fietkau
20151a3394 netifd: initialize the switch early at start time and on reload (fixes #13015)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39183
2013-12-31 13:09:20 +00:00
Felix Fietkau
6865f1d6b2 netifd: update to the latest version, fixes wireless related segfaults on arm
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39180
2013-12-29 02:26:34 +00:00
Felix Fietkau
5607a13aa1 netifd: update to the latest version, fixes wifi related segfaults
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39176
2013-12-28 14:19:54 +00:00
John Crispin
d1156bca0a swconfig: remove useless variables, return -1 on errors
spotted with cppcheck

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 39170
2013-12-27 21:15:20 +00:00
Jo-Philipp Wich
1789744958 netifd: add reload trigger for /etc/config/wireless as well
SVN-Revision: 39131
2013-12-18 12:38:29 +00:00
Jo-Philipp Wich
de5ebc19c0 firewall: fix handling of tcp_ecn parameter
The firewall3 implementation as well as the shell implementation predating it
used to process the tcp_ecnoption as boolean while it actually is an integer.

Change the code to parse tcp_ecn as integer.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 39122
2013-12-17 16:59:47 +00:00
Felix Fietkau
12c05542e8 netifd: update to latest version, fixes a null pointer crash
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39088
2013-12-16 10:08:13 +00:00
Steven Barth
e49d67f192 Convert DHCP->6rd and DHCPv6->DS-Lite autoconfig to dynamic interface
SVN-Revision: 39061
2013-12-15 19:38:53 +00:00
Felix Fietkau
ce062a7b5c netifd: update to the latest version, adds a revert of the link state handling patches which caused regressions in combination with wifi devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39050
2013-12-14 14:59:05 +00:00
Felix Fietkau
47730fe355 netifd: prevent an unnecessary restart of netifd-managed wifi interfaces at boot time
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39046
2013-12-13 16:43:11 +00:00
Felix Fietkau
3f744a4ad3 netifd: fix crashes triggered by adding/removing wireless devices on reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39035
2013-12-11 18:23:52 +00:00
John Crispin
31a2912cd9 netifd: enable coredumps again
got broken due procd startup. Requires procd resource limit patch.

Signed-off-by: Ulrich Weber <uw@xyne.com>

SVN-Revision: 39020
2013-12-09 17:29:34 +00:00
Felix Fietkau
6242255df2 netifd: update to the latest version, adds tunnel fixes by Hans Dedecker and adds back support for multiple networks per wifi-iface
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39004
2013-12-08 18:00:05 +00:00
Felix Fietkau
4155016637 netifd: update to the latest version, improves wireless status output and fixes some bridge handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38992
2013-12-03 14:17:44 +00:00
Felix Fietkau
3c50feca19 wifi: rename the "reload" (restarting non-netifd wifi) command to "reload_legacy"
Add a new "reload" command that reloads the netifd config as well

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38989
2013-12-02 16:53:24 +00:00
Felix Fietkau
498d84fc4e netifd: add wireless configuration support and port mac80211 to the new framework
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38988
2013-12-02 16:41:03 +00:00
Felix Fietkau
107bcb5de3 netifd: remove redundant calls to /sbin/wifi down
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38982
2013-12-02 13:08:00 +00:00
Jo-Philipp Wich
bc9043cc53 firewall: optimize DNAT rules and skip invalid rules and redirects (#14485)
- instead of writing one (or more) ACCEPT rules in the filter table
	  for each redirect install a global ctstate DNAT accept rule per zone

	- discard rules and redirects which have invalid options set instead
	  of silently skipping the invalid values

SVN-Revision: 38849
2013-11-18 11:59:27 +00:00
Felix Fietkau
e78e720a6f netifd: remove connect_time from /var/state, it is unused
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38704
2013-11-10 10:01:33 +00:00
John Crispin
edf6236838 lantiq: fix vdsl-app dependency
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38666
2013-11-07 12:45:39 +00:00
Felix Fietkau
e16f104a6f netifd: update to the latest version, fixes regression in proto-shell scripts (#14400, #14402)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38627
2013-10-31 11:22:01 +00:00
Felix Fietkau
22890e6382 netifd: update to latest version, adds fixes and some preparation for supporting wifi devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38606
2013-10-30 11:25:01 +00:00
Steven Barth
bb699867e0 firewall: Improve ubus support
* Use network.interface dump call instead of individual status calls
  to reduce overall netifd lookups and invokes to 1 per fw3 process.

* Allow protocol handlers to assign a firewall zone for an interface
  in the data section to allow for dynamic firewall zone assignment.

SVN-Revision: 38504
2013-10-23 10:25:26 +00:00
Steven Barth
91b173d231 netifd: Fix ifupdate events
SVN-Revision: 38458
2013-10-19 11:01:25 +00:00
Steven Barth
c3bcdd59de netifd: various improvements
* Add ubus methods for global interface status
* Add ubus function to create nested interfaces
* Add protocol update notifications and hotplug legacy calls
* Fix: key to data elements point at wrong memory area
* Add support for source-restricted routes
* Add option "delegate" to toggle prefix delegation
* Reevaluate target routes also on interface update

SVN-Revision: 38453
2013-10-18 13:39:43 +00:00
Steven Barth
56bc536713 netifd: rename customopts to sendopts for consistency
SVN-Revision: 38437
2013-10-17 13:12:06 +00:00
Steven Barth
c759b49a4f Added 'customopts' dhcp protocol option, which is an array passed along to udhcpc as series of -x options.
Signed-off-by: Markus Stenberg <markus.stenberg@iki.fi>

SVN-Revision: 38436
2013-10-17 12:55:40 +00:00
Hauke Mehrtens
e1523b5504 switch: remove old switch driver
The switch driver is not used by brcm47xx any more and can be removed,
instead of this switch driver b53 is used now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 38387
2013-10-13 22:15:31 +00:00
Hauke Mehrtens
af32e63bae lantiq: add some missing PKG_SOURCE_URLs
These URLs where missing and causes build failures.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 38376
2013-10-12 22:33:55 +00:00
Jo-Philipp Wich
db3013852a firewall: small improvements in nat reflection
- do not insert duplicate rules when setting up reflection to a zone containing multiple interfaces
	- set up reflection for any protocol, not just TCP and UDP

SVN-Revision: 38361
2013-10-10 18:15:10 +00:00
Felix Fietkau
e96695df10 netifd: update to latest version, adds macvlan support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38299
2013-10-03 14:51:34 +00:00
Steven Barth
1d485c737e netifd: don't remove & readd addresses that only have a changed lifetime
SVN-Revision: 38269
2013-10-01 17:30:05 +00:00
John Crispin
f874094402 procd: convert various packages to procd style init.d scripts
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 38023
2013-09-17 21:45:30 +00:00
Felix Fietkau
7fc90889d5 netifd: update to the latest version, fixes a bridge handling corner case on config reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37856
2013-08-29 22:20:36 +00:00
Jo-Philipp Wich
2864fb107f firewall: update to git head
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
	- fixes support for rule sections with target "NOTRACK"

SVN-Revision: 37777
2013-08-14 15:40:38 +00:00
Jo-Philipp Wich
d6e8047f83 firewall: update to git head
- handles redirects as port relocations if the dest_ip points to the router itself

SVN-Revision: 37374
2013-07-16 14:04:59 +00:00
Steven Barth
54ae5ce507 netifd: Fix IPv6-prefix assignment with continuous hints
SVN-Revision: 37371
2013-07-16 12:07:11 +00:00
Luka Perkov
1a963355b0 netifd: update to latest version, add bridge_empty option
with this option enabled it's possible to create empty bridges

Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 37318
2013-07-14 18:50:04 +00:00
John Crispin
7d7c2ff5f9 swconfig: fix dependency bug introduced by [37304]
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37316
2013-07-14 18:16:42 +00:00
Hauke Mehrtens
f8d55e7541 brcm47xx: use b53 phy driver for the switch in kernel 3.10
This makes it possible to use swconfig to controll the switch.

This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.

SVN-Revision: 37304
2013-07-14 14:11:17 +00:00
Felix Fietkau
f98f69adc9 firewall: add missing dependencies
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37224
2013-07-10 11:33:48 +00:00
John Crispin
fc40051569 lantiq: move dsl tools to package/network/config
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37198
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich
4aa82d07a6 firewall: allow routed lan<->lan traffic by default
SVN-Revision: 37171
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich
2d506f46fb firewall: update to git head
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser

SVN-Revision: 37082
2013-06-29 13:28:27 +00:00
Steven Barth
d8051a8814 netifd: fix typo in dhcp script
SVN-Revision: 37051
2013-06-28 04:19:21 +00:00
Felix Fietkau
b4babf9f81 netifd: update to latest version, fixes a NULL pointer deref bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36965
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich
65f82e2311 firewall: update to git head
- fixes misprocessing of unknown symbolic protocol names

SVN-Revision: 36963
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich
37ae268729 firewall: update to git head
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs

SVN-Revision: 36960
2013-06-18 14:14:35 +00:00
Steven Barth
9f1899242c netifd: IPv6: Fix sorting order in last commit.
SVN-Revision: 36952
2013-06-17 21:29:14 +00:00
Steven Barth
213269a8f7 netifd: Satisfy IPv6 assignments ordered by prefix length
SVN-Revision: 36950
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich
36d3fafd77 firewall: update to git head
- properly process intermediate "!" options in argument list (fixes negated ipsets)

SVN-Revision: 36935
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich
0db38adf1c firewall: update to git head
- fixes handling of reject target for rule sections with specific destination zone

SVN-Revision: 36933
2013-06-13 12:49:00 +00:00
Felix Fietkau
9fb5bf176e netifd: update to latest version, uses the new uci/blob code from libuci
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36909
2013-06-10 12:42:30 +00:00
Steven Barth
491deaed2c netifd: improve reloading behaviour
SVN-Revision: 36903
2013-06-10 10:42:15 +00:00
Steven Barth
f995c90329 netifd: Improve IPv6 source-routing policies
SVN-Revision: 36884
2013-06-08 13:26:33 +00:00
Jonas Gorski
b9de8ca7f5 netifd: bring wifi down before shutting down
works around wifiX references not being freed on network restart.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 36883
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich
e7b15446a8 firewall: udpate to git head (#13652, #13654, #13658)
- optimizes chain usage for ingress rules
  - adds limit match support for redirect rules
  - fixes automatic redirect dest detection on little endian systems
  - leaves base chains in place on reload to allow user rules to target e.g. "reject"

SVN-Revision: 36871
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich
5cf06bd17b firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
SVN-Revision: 36868
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich
ecc95dcba8 firewall: update to git head (#13652)
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
  - uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones

SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3 firewall3: fix accidentally changed install directive
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88 firewall: fix git source url
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09 Drop legacy firewall package
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257 firewall3: update to git head (#13641)
* Fixes wrong chain used for zone forward policy

SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e firewall3: update to git head
- Fixes problems with reusing matches or targets from loadable extensions

SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich
3bb397c997 firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
519f27cd33 netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Steven Barth
439fdd4d65 netifd: fix IPv6-addresses disappearing due to lifetime-overflows
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich
63603ee478 firewall3: update to git head
- allows building without IPv6 support
	- uses more robust rules to cope with missing libext.a
	- uses better linking strategy to avoid symbol clashes with older iptables
	- introduces source compatiblity layer for different libxtables versions

SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1 firewall3: update to git head
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
  - automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
  - properly support output rules with dest '*' to hook directly into delegate_output
  - fixes crash when processing rules with unresolved targets

SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich
90887b5fb3 firewall3: update to git head
- fixes linking issues with some toolchains

SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich
c1ff8cd9bb firewall3: update to git head
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
  - Do not leak memory when processing rules with unknown targets or matches

SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Steven Barth
32c6ffb5a1 firewall3: Remove abandonend include
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259 firewall3: update to git head
- fix build on Linux < 3.7
  - limit zone names to 14 bytes

SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich
c12189b379 firewall3: update to git head
- fixes reload when firewall is not running already
  - fixes crash when ipsets are supported but undeclared
  - fixes handling of per zone user chains on reload

SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich
dd83e87ab0 firewall3: update to git head
- fixes segfault in flush command if ipset support is not available
  - fixes internal rule generation if custom chains are enabled

SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
9b6c31d4cc firewall3: move libext*.a copying to compile phase
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
e8050c6c35 firewall3: update to git head
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
 * make ipset integration more reliable

SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Steven Barth
0f1be4425f netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.

SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Steven Barth
5ce135ed87 netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
SVN-Revision: 36627
2013-05-13 17:12:34 +00:00
Steven Barth
ea71678b09 netifd: added support for setting up 6rd from DHCP
SVN-Revision: 36626
2013-05-13 17:12:30 +00:00
Steven Barth
973dad61b0 firewall3: Remove obsoleted ULA-border
SVN-Revision: 36624
2013-05-13 17:12:20 +00:00
Steven Barth
07d99b62b7 firewall3: add wan6 interface to wan-zone by default
SVN-Revision: 36623
2013-05-13 17:12:15 +00:00
Steven Barth
4cb9d9715c firewall: Remove obsoleted ULA-border rule
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
4bba31b64c firewall3: update to git head
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
	- add support for fwmark matches and mark setting targets

SVN-Revision: 36521
2013-05-02 13:42:20 +00:00
Jo-Philipp Wich
f1497ccf4f netifd: update to git head - disables multicast snooping by default on bridges
SVN-Revision: 36463
2013-04-27 09:28:40 +00:00
Felix Fietkau
5062838fa5 netifd: update to the latest version, fixes interface reload issues when removing the ifname option
SVN-Revision: 36424
2013-04-25 16:28:19 +00:00
Steven Barth
2c78c1457b firewall3: Make IPv6 ULA-Border generation dynamic
This fixes working behind another router which gives out ULAs.

SVN-Revision: 36416
2013-04-24 14:17:24 +00:00
Steven Barth
17b8c0c7b8 netifd: Improve IPv6-ULA assignment handling
SVN-Revision: 36383
2013-04-22 19:40:06 +00:00
Felix Fietkau
099e3d8183 netifd: update to latest version, fixes some device handling crashes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36336
2013-04-15 14:21:45 +00:00
Felix Fietkau
88c418bc75 qos-scripts: add queue length and quantum limit, suggested by dtaht
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36294
2013-04-09 14:59:10 +00:00
John Crispin
04dcd12c91 add portmap support to userland
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36284
2013-04-09 14:19:13 +00:00
John Crispin
f13ae9965c add "swconfig list" support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36282
2013-04-09 14:19:05 +00:00
Jo-Philipp Wich
f90f025f20 netifd: fix route / route6 regression (#13303)
SVN-Revision: 36281
2013-04-09 12:21:12 +00:00
Steven Barth
3abc915522 Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
SVN-Revision: 36280
2013-04-09 12:12:30 +00:00
Steven Barth
35d716fbbb netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
SVN-Revision: 36196
2013-04-05 12:28:06 +00:00
Steven Barth
0393e52623 netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
SVN-Revision: 36193
2013-04-03 17:08:21 +00:00
Jo-Philipp Wich
6fa1b5346e firewall3: update to git head
* fixes parsing of src/dest '*'
	* fixes parsing of proto 'all'

SVN-Revision: 36111
2013-03-22 14:10:29 +00:00
Jo-Philipp Wich
76d1c0a067 firewall3: update to git head
* fixes port remapping rules (#13217)

SVN-Revision: 36100
2013-03-21 14:25:17 +00:00
Steven Barth
261be7b8f3 netifd: Fix adding IPv6 DNS-servers to resolv.conf
In some cases IPv6 DNS-servers were not added correctly.

SVN-Revision: 36095
2013-03-20 13:49:39 +00:00
Jo-Philipp Wich
6fbd824e9b firewall3: update to git head
* fixes reload handling of zones and ipsets that are still running but already deleted from the config

SVN-Revision: 36092
2013-03-19 16:18:05 +00:00
Jo-Philipp Wich
03cb7986fc firewall3: update to git head
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197)
	- do not allow src_mac option for SNAT rules

SVN-Revision: 36090
2013-03-19 13:54:34 +00:00
Jo-Philipp Wich
54f9f47a28 firewall3: update to git head
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
 * Allow "network" and "device" commands while firewall is running (to make them usable in includes)

SVN-Revision: 36009
2013-03-14 15:29:43 +00:00
Jo-Philipp Wich
9faa312dbb firewall3: update to git head
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
 * Make NAT reflection direction configurable
 * Map init script stop action to flush
 * Map init script reload action to reload
 * Respect init script disabled state in hotplug handler

SVN-Revision: 35998
2013-03-13 15:46:30 +00:00
Jo-Philipp Wich
8c7ed1cb7b firewall3: update to git head
* Fixes compilation against eglibc
 * Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
 * Fixes tracking logic for user chains by differentiating between reloads and restarts
 * Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
 * Supports legacy "tcpudp" protocol notation again

SVN-Revision: 35969
2013-03-11 20:52:20 +00:00
Jo-Philipp Wich
e259ecad7e Revert "firewall3: update to git head"
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.

SVN-Revision: 35904
2013-03-08 19:52:18 +00:00
Jo-Philipp Wich
50213fc354 firewall3: update to git head
- introduce per-zone user chains
	- support legacy "tcpudp" protocol notation

SVN-Revision: 35903
2013-03-08 15:27:33 +00:00
Jo-Philipp Wich
d75c632de6 firewall3: add default config and firewall.user
SVN-Revision: 35889
2013-03-05 13:45:09 +00:00
Jo-Philipp Wich
89be702bff firewall3: update to git head, introduces support for "enabled" option
SVN-Revision: 35845
2013-03-02 17:09:33 +00:00
Jo-Philipp Wich
557c047f71 firewall3: clear contnrack table on flush, set policies to drop during rule reload
SVN-Revision: 35820
2013-02-27 14:09:37 +00:00
Jo-Philipp Wich
92062542e2 firewall: fix logging rule regression (#12999)
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
4fb2cd18c1 firewall3: add support for shell script and iptables-restore style includes
SVN-Revision: 35744
2013-02-22 12:45:38 +00:00
Steven Barth
a7b262dc0a netifd: only update resolv.conf.auto if changed This avoids logspam under certain conditions.
SVN-Revision: 35743
2013-02-22 08:56:29 +00:00
Jo-Philipp Wich
7d7d88b580 firewall3: update to git head
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
	- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
	- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
	- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')

SVN-Revision: 35738
2013-02-21 22:33:44 +00:00
Jo-Philipp Wich
02b0c62f33 firewall3 - a C implementation of the current firewall scripts
SVN-Revision: 35643
2013-02-17 19:26:52 +00:00
Jo-Philipp Wich
e106f25ee7 firewall: various enhancements
- reduce mssfix related log spam (#10681)
	- separate src and dest terminal chains (#11453, #12945)
	- disable per-zone custom chains by default, they're rarely used

Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.

SVN-Revision: 35484
2013-02-04 14:38:33 +00:00
Steven Barth
6a43437908 netifd: Improved IPv6 featureset * Fix reloading of ula-prefixes * Added support for temporary addresses and routes * Added support for offlink addresses * Improved status-output for assigned prefixes
SVN-Revision: 35420
2013-02-01 12:28:43 +00:00
Felix Fietkau
65657fb585 netifd: update to latest version
fixes DNS servers on reload (#12910)
fixes ubus object race on reload or down/up (#12612)

SVN-Revision: 35383
2013-01-29 14:40:04 +00:00
Steven Barth
777f7b30ae netifd: implement IPv6 prefix deprecation according to RFC 6204
SVN-Revision: 35377
2013-01-29 11:05:22 +00:00
Steven Barth
fac1ed35ac netifd: remove IPv6 forwarding-sysctl workaround
SVN-Revision: 35369
2013-01-29 10:13:39 +00:00
Felix Fietkau
6ea9abadeb netifd: update to latest version, fixes setting addresses/routes on alias interfaces
SVN-Revision: 35362
2013-01-28 20:35:55 +00:00
Jo-Philipp Wich
839f3ab0e7 firewall: flush conntrack table after changing interface rules
SVN-Revision: 35348
2013-01-28 15:53:44 +00:00
Steven Barth
ec41a6a08c netifd: IPv6 sysctl, restart IPv6 in static mode to send RS
SVN-Revision: 35347
2013-01-28 14:07:27 +00:00
Steven Barth
75b06607db netifd: add SLAAC ipv6 value for static-proto
SVN-Revision: 35346
2013-01-28 13:53:48 +00:00
Felix Fietkau
55eab5ac44 netifd: update to latest version, adds another fix for interface aliases
SVN-Revision: 35297
2013-01-22 16:05:59 +00:00
Steven Barth
5859fc7a39 netifd: Fix a segfault when globals.ula_prefix is empty
SVN-Revision: 35296
2013-01-22 15:49:42 +00:00
Steven Barth
f129c6786e netifd: Fix segfaults in IPv6 prefix handling
SVN-Revision: 35259
2013-01-21 09:21:30 +00:00
Felix Fietkau
5bc6555e08 netifd: update to latest version, fixes alias support
SVN-Revision: 35251
2013-01-20 15:47:09 +00:00
Jo-Philipp Wich
f2766239ea netifd: add a band-aid fix for the wifi setup vs. netifd init race by increasing the wait time to five seconds
SVN-Revision: 35240
2013-01-19 10:13:14 +00:00
Steven Barth
1ecc744583 netifd: @aliases use layer 3 devices instead of main devices Fixes dhcpv6 protocol alias
SVN-Revision: 35187
2013-01-17 08:28:51 +00:00
Steven Barth
06890959d1 netifd: Introduce native IPv6 prefix-handling
SVN-Revision: 35167
2013-01-15 13:07:41 +00:00
Jo-Philipp Wich
e5548b03e5 netifd: update to git head, adds 64bit counters
SVN-Revision: 35140
2013-01-13 19:48:52 +00:00
Steven Barth
b077480a59 firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
2013-01-04 15:59:28 +00:00
Felix Fietkau
bf34eeaea4 netifd: update to latest version, fixes interface error reporting for shell proto handlers
SVN-Revision: 34741
2012-12-17 22:24:31 +00:00