aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
Commit message (Collapse)AuthorAgeFilesLines
* firewall: update to latest Git HEADJo-Philipp Wich2019-11-221-3/+3
| | | | | | | | 8174814 utils: persist effective extra_src and extra_dest options in state file 72a486f zones: fix emitting match rules for zones with only "extra" options Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 482114d3f78df2a19904cc8edf7d9adcfdbb8625)
* firewall: update to latest git HEADHans Dedecker2019-11-221-3/+3
| | | | | | | daed0cf utils: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 27bf8abe69f3b048cbcbf9d2e796ecba5f0a42e7)
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | 383eb58 ubus: do not overwrite ipset name attribute c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type 487bd0d utils: Fix string format message 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [cherry picked and squashed from commits 7db655991443a98f84e4c39e733232d41d2d6137, 359bff605244c2cf2bff75bce0f0b16b496a6a77, 2cf209ce9166575d8259b5b4176ee91d8b48d2ff, 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2] Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: update to latest git HEADKevin Darbyshire-Bryant2019-09-041-3/+3
| | | | | | | bf29c1e firewall3: ipset: Handle reload_set properly Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)
* firewall: improve ipset supportKevin Darbyshire-Bryant2019-09-041-4/+4
| | | | | | | | | | | | | | | | | | | | | Bump to latest git HEAD 509e673 firewall3: Improve ipset support The enabled option did not work properly for ipsets, as it was not checked on create/destroy of a set. After this commit, sets are only created/destroyed if enabled is set to true. Add support for reloading, or recreating, ipsets on firewall reload. By setting "reload_set" to true, the set will be destroyed and then re-created when the firewall is reloaded. Add support for the counters and comment extensions. By setting "counters" or "comment" to true, then counters or comments are added to the set. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 51ffce069424f86e894369cee5cd327dd503db5f)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 5e02f94 system-linux: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit d70a35c365ae607671f8698fee10f29fd9023161)
* firewall: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | de94097 utils: coverity resource leak warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit efb7b7a12af55758458cdb945a0833af411289f7)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 899f168 system-linux: Coverity fixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 11617bcb3be6778d5427723a09922aae50956a8c)
* package/network: add PKGARCH:=all to non-binary packagesDeng Qingfang2019-09-045-0/+5
| | | | | | | Packages such as xfrm contain only script files, add PKGARCH:=all Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 6762e72524075c37928ad4ae9a979257759b2703)
* netifd: xfrm fixesHans Dedecker2019-09-041-3/+3
| | | | | | | 9932ed0 netifd: fix xfrm interface deletion and standardize netlink call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1fd900ddc2d10cde8e86d8059bfd112f3d0aae65)
* network/config/xfrm: add host-dependency for xfrm interface parentAndré Valentin2019-09-042-8/+12
| | | | | | | | Add proto_add_host_dependency to add a dependency to the tunlink interface Signed-off-by: André Valentin <avalentin@marcant.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit f6dab9804413139c3bd2647a81652d04baa1e59d)
* netifd: update to latest git HEADHans Dedecker2019-09-041-4/+4
| | | | | | | | 42a3878 interface-ip: fix possible null pointer dereference c1964d8 system-linux: remove superfluous dev check Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 55fcc77072c9ca0baee8e79c00d2342be26fce47)
* config: add xfrm interface support scriptsAndré Valentin2019-06-102-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | This package adds scripts for xfrm interfaces support. Example configuration via /etc/config/network: config interface 'xfrm0' option proto 'xfrm' option mtu '1300' option zone 'VPN' option tunlink 'wan' option ifid 30 config interface 'xfrm0_static' option proto 'static' option ifname '@xfrm0' option ip6addr 'fe80::1/64' option ipaddr '10.0.0.1/30' Now set in strongswan IPsec policy: if_id_in = 30 if_id_out = 30 Signed-off-by: André Valentin <avalentin@marcant.net>
* netifd: xfrm tunnel supportHans Dedecker2019-06-081-3/+3
| | | | | | 8c6358b netifd: add xfrm tunnel interface support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: introduce 'nohostroute' optionFabian Bläse2019-05-312-5/+11
| | | | | | | | | | | It is not always necessary to add a host route for the gre peer address. This introduces a new config option 'nohostroute' (similar to the option introduced for wireguard in d8e2e19) to allow to disable the creation of those routes explicitely. Signed-off-by: Fabian Bläse <fabian@blaese.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* netifd: fix missing ip rules after network reload (FS#2296)Hans Dedecker2019-05-281-3/+3
| | | | | | beb810d iprule: fix missing ip rules after a reload (FS#2296) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: add support for the new ar8xxx MIB counters settingsPetr Štetiar2019-05-202-2/+4
| | | | | | | | | Commit "generic: ar8216: add mib_poll_interval switch attribute" has added mib_poll_interval global config option and commit "generic: ar8216: group MIB counters and use two basic ones only by default" has added mib_type config option. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* netifd: update to latest git HEADHans Dedecker2019-05-181-3/+3
| | | | | | | 22e8e58 interface-ip: use ptp address as well to find local address target f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2019-05-081-3/+3
| | | | | | | f6fb700 interface-ip: fine tune IPv6 mtu warning 975a5c4 interface: tidy ipv6 mtu warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2019-04-151-3/+3
| | | | | | | | 666c14f system-linux: remove debug tracing 08989e4 interface: add neighbor config support bfd4de3 interface: fix "if-down" hotplug event handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2019-04-011-3/+3
| | | | | | | 361b3e4 proto-shell: return error in case setup fails a97297d interface: set interface in TEARDOWN state when checking link state Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHauke Mehrtens2019-03-211-3/+3
| | | | | | | a8cf037 netifd: wireless: Add support for GCMP cipher 34a70b6 netifd: wireless: Add support for 802.11ad Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: add support for suppressing the DHCP request hostname by setting it to *Felix Fietkau2019-03-161-0/+2
| | | | | | | | | dnsmasq (and probably other DHCP servers as well) does not like to hand out leases with duplicate host names. Adding support for skipping the hostname makes it easier to deploy setups where it is not guaranteed to be unique Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to latest git HEAD (FS#2087)Hans Dedecker2019-03-141-3/+3
| | | | | | 81ac3bc interface-ip: fix delegate config update on reload (FS#2087) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vti: remove setting default firewall zone to wanHans Dedecker2019-02-092-3/+1
| | | | | | | | | Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set default firewall zone to wan as the firewall zone for the vti interface can be configured in the firewall config or it makes it impossible not to specify a firewall zone for the vti interface. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipip: remove setting default firewall zone to wanHans Dedecker2019-02-092-3/+1
| | | | | | | | | Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set default firewall zone to wan as the firewall zone for the ipip interface can be configured in the firewall config or it makes it impossible not to specify a firewall zone for the ipip interface. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: remove setting default firewall zone to wanFlorian Eckert2019-02-072-2/+1
| | | | | | | | | | | | | | | | | | | | | | There are two problems with this behaviour that the zone is set to wan if no zone config option is defined in the interface section. * The zone for the interface is "normally" specified in the firewall config file. So if we have defined "no" zone for this interface zone option is set now to "wan" additonaly if we add the interface in the firewall config section to the "lan" zone, the interface is added to lan and wan at once. iptables-save | grep <iface> This is not what I expect. * If I do not want to set a zone to this interface it is not possible. Remove the default assigment to wan if no zone option is defined. If some one need the option it stil possible to define this option. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* netifd: handle hotplug event socket errorsHans Dedecker2019-01-311-3/+3
| | | | | | 5cd7215 system-linux: handle hotplug event socket ENOBUFS errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest git HEADHans Dedecker2019-01-031-3/+3
| | | | | | | | 70f8785 zones: add zone identifying local traffic in raw OUTPUT chain 6920de7 utils: Free args in __fw3_command_pipe() 6ba9105 options: redirects: Fix possible buffer overflows Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: fix ipv6 multicast check in previous commitKevin Darbyshire-Bryant2018-12-171-2/+2
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: support configuring class e 240.0.0.0/4 addressesKevin Darbyshire-Bryant2018-12-171-3/+3
| | | | | | cd089c5 proto: Support class-e addressing in netifd Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* swconfig: Add missing includeRosen Penev2018-12-162-1/+2
| | | | | | | | | Fixes these warnings: swlib.c:455:18: warning: implicit declaration of function 'isspace' swlib.c:461:9: warning: implicit declaration of function 'isdigit' Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-12-131-3/+3
| | | | | | 1ac1c78 system-linux: get rid of SIOCSDEVPRIVATE Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest git HEADHans Dedecker2018-12-091-3/+3
| | | | | | 14589c8 redirects: properly handle src_dport in SNAT rules Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-11-261-4/+4
| | | | | | | | | dfa4ede interface: fix return code of __interface_add() a82a8f6 netifd: fix resource leak on error in netifd_add_dynamic() fa2403d config: fix resource leaks on error in config_parse_interface() 85de9de interface: fix memory leak on error in __interface_add() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-11-191-3/+3
| | | | | | | | | 4b83102 treewide: switch to C-code style comments 70506bf treewide: make some functions static d9872db interface: fix removal of dynamic interfaces 2f7ef7d interface: rework code to get rid of interface_set_dynamic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-10-171-3/+3
| | | | | | | 841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels 125cbee system-linux: fix a typo in gre tunnel data parsing logic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: make encaplimit support configurableHans Dedecker2018-10-172-2/+4
| | | | | | | | | | | Make inclusion of the destination option header containing the tunnel encapsulation limit configurable for IPv6 GRE packets. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the IPv6 GRE packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHauke Mehrtens2018-10-141-2/+2
| | | | | | | | 22476ff wireless: Add Simultaneous Authentication of Equals (SAE) c6c3a0d wireless: Add Opportunistic Wireless Encryption (OWE) a117e41 wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* package/: fix $(PROJECT_GIT) usageJohn Crispin2018-10-111-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* soloscli: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | Hotplug is managed by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firewall: Install config files as 600Rosen Penev2018-10-111-6/+6
| | | | | | None of the files in firewall are used by non-root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: update to latest git HEAD (FS#1875)Hans Dedecker2018-10-021-3/+3
| | | | | | | 83428fa iprule: coding style fixes aeec2a0 iprule: fix segfault (FS#1875) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-09-301-3/+3
| | | | | | | 94e156f scripts: fix previous commit 3c8ac1c netifd: fix wpa mixed mode matching Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: do not validate relevant section when ipv6 is not supportedRosy Song2018-09-252-3/+3
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* netifd: update to latest git HEADHans Dedecker2018-09-191-3/+3
| | | | | | 23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest HEADFlorian Fainelli2018-09-111-3/+3
| | | | | | 0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-08-201-3/+3
| | | | | | | | | 7454d12 interface: let interface_set_down() return void 32f11a8 interface: make __interface_set_down() static b9d5a8c interface: extend interface error messages in interface_set_up() de394b3 interface: ensure NO_DEVICE error is always reported Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-08-141-3/+3
| | | | | | 522456b device: gracefully handle device names exceeding IFNAMESIZ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to git HEADStijn Tintel2018-08-131-3/+3
| | | | | | | | 12a7cf9 Add support for DSCP matches and target 06fa692 defaults: use a generic check_kmod() function 1c4d5bc defaults: fix check_kmod() function Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-19 18:16:08 +0000