aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
Commit message (Collapse)AuthorAgeFilesLines
* firewall3: bump to latest git HEADRui Salvaterra2022-07-191-3/+3
| | | | | | | | | 4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+" 50979cc firewall3: remove unnecessary fw3_has_table Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry-picked from commit 435d7a052bf1b6a3a01cb3ad6cda6ba4b25b1879) Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
* firewall4: bump to git HEADStijn Tintel2022-07-011-3/+3
| | | | | | | | | | | | | | | | | | | 11f5c7b fw4.uc: fix zone helper assignment b9d35ff fw4.uc: don't skip zone for unavailable helper e35e26b tests: add test for zone helpers a063317 ruleset: fix conntrack helpers e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps 11410b8 ruleset: reorder declarations & output tweaks 880dd31 fw4: fix skipping invalid IPv6 ipset entries 5994466 fw4: simplify `is_loopback_dev()` 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present 11256ff fw4: add support for configurable includes 3b5a033 tests: add test coverage for firewall includes d79911c fw4: support sets with timeout capability but without default expiry 15c3831 fw4: add support for `option log` in rule and redirect sections Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit e8433fb4336b72e44a40cb667ee2eb06e0a31109)
* ltq-vdsl-app: disconnect when service is stoppedJan Hoffmann2022-06-073-3/+78
| | | | | | | | | | | | | | | Stop the connection when the control daemon is terminated. The code is a modified version of the termination routine in version 4.23.1 of the daemon (which doesn't support VR9 modems anymore). This could also be implemented by calling the acos and acs commands via dsl_cpe_pipe.sh in the init script. However, doing it in the daemon itself has the advantage of also working if it is terminated in another way (for example during sysupgrade). Signed-off-by: Jan Hoffmann <jan@3e8.eu> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (cherry picked from commit 1daaef31b35201a9c15a2084e25dac41b48c1867)
* ltq-vdsl-app: set MAC address for vectoring error reportsJan Hoffmann2022-06-071-6/+14
| | | | | | | | | | | | | This tells the modem about the WAN MAC address, which is used as source address for vectoring error reports that are generated by the firmware. It needs to be set early, as the MEI driver only actually writes the value to the modem when is in reset state (i.e. the firmware has been loaded, but connection has not started yet). Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Jan Hoffmann <jan@3e8.eu> (cherry picked from commit b35d33c8b8a7b96f06179982b5d944cde7234004)
* netifd: update to git HEADDaniel Golle2022-06-051-3/+3
| | | | | | | | 2e1fcf4 netifd: fix hwmode for 60g band 39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 7eb83b20159aadeeb5ca4679bdb428bd3052f19c)
* netifd: update to the latest versionFelix Fietkau2022-06-051-3/+3
| | | | | | | | 4b4849cf5e5a interface-ip: unify host and proto route handling 507c0513d176 interface-ip: add support for excluding interfaces in host route lookup Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 24cc341fdc917460721e7c09708f5676c1361c91)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-06-011-3/+3
| | | | | | | | | | | | | | | 210991d fw4: prefer /dev/stdin if available 4e5e322 fw4: make `fw4 restart` behavior more robust 221040e ruleset: emit time ranges when both start and stop times are specified 30a7d47 fw4: fix datetime parsing fb9a6b2 ruleset: correct mangle_output chain type 6dd2617 fw4: fix logic flaw in testing hw flow offloading support c7c9c84 fw4: ensure that negative bitcounts are properly translated c4a78ed fw4: fix typo in emitted set types Fixes: #9764, #9923, #9927, #9935, #9955 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit a7ddef6ef122a935d6bdf38d7ead686b12738007)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-05-201-3/+3
| | | | | | | | | | | | | | | | | | | | c22eeef fw4: support negative CIDR bit notation 628d791 hotplug: reliably handle interfaces with ubus zone hints d005293 fw4: store zone associations from ubus in statefile as well b268225 fw4: filter non hw-offload capable devices when resolving lower devices 57984e0 fw4: always resolve lower flowtable devices 7782017 tests: fix mocked `fd.read("line")` api 72b196d config: remove restictions on DHCPv6 allow rule f0cc317 fw4: refactor family selection for forwarding rules b0b8122 treewide: use modern syntax 05995f1 fw4: fix emitting device jump rules for family restricted zones b479815 fw4: fix family auto-selection for config nat rules 2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well 2379c3d tests: add test coverage for zone family selection logic Fixes: #5066, #9611, #9765, #9854 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2df17604a4f891447beb66988e3d83e23ab3a3b0)
* firewall: config: remove restictions on DHCPv6 allow ruleTiago Gaspar2022-05-042-4/+2
| | | | | | | | | | | | | | | Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue #5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them. Fixes: #5066 Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> [rebase onto firewall3, clarify subject, bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 65258f5d6093809c541050256646795bc0a460a9)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-04-251-4/+4
| | | | | | | | | | | | | | fc83d46 ruleset: set auto-merge directive for interval sets 9bce873 fw4: fix skipping invalid ipset entries 425ea8a fw4: fix applying zone flags for source bound rules a378883 fw4: fix emitting family specific redirect rules without any addrs 11feddf fw4: bracketize IPv6 addresses in dnat addr:port notation 9972f7d fw4: ensure to capitalize weekday names fde8070 treewide: forward compatibility changes Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commits 1a35ac99905adc35059489d6e19c7de42ef4cc01 and af02a12d7ccb64a3abbd9683dd22275b538f6d50)
* netifd: relax check in dhcp proto handlerDaniel Golle2022-04-151-1/+1
| | | | | | | | | | Checking whether /sbin/udhcpc is a symbolic link breaks using the DHCP proto handler inside procd-ujail where bind-mounts are used for the resolved link. Check whether /sbin/udhcpc is executable instead to allow using the proto handler for DHCP-provisioned containers. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c5f113c43f43c20555298c8500bf91bffbe1f58b)
* qosify: update to the latest versionFelix Fietkau2022-03-221-3/+3
| | | | | | | | | | | | | | | | | 391a9fbd5ace dns: fix parsing vlan encapsulated protocol 6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well 1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed ca21e729af23 interface: switch to using clsact for filters 5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress bdfcb11847ce interface: fix duplicated dns filter line b97405aa632a Revert "ubus: remove dnsmasq subscriber" 8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME 91cf440db9e2 loader: fix use of deprecated functions 57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit af434e0da2485bd7a82895b5bb63b1182154b98e)
* bpftools: update to standalone bpftools + libbpf, use the latest versionFelix Fietkau2022-03-191-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2022-03-061-3/+3
| | | | | | | | | | | 3276aed81c73 move run_cmd() to main.c 558eabc13c64 map: move dns host based lookup code to a separate function 6ff06d66c36c dns: add code for snooping dns packets a78bd43c4a54 ubus: remove dnsmasq subscriber 9773ffa70f1f map: process dns patterns in the order in which they were defined f13b67c9a786 dns: allow limiting dns entry matching to cname name Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: bump to git HEADStijn Tintel2022-03-042-4/+4
| | | | | | | | interface: disable autorate-ingress by default Also change the example config to reflect this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* qosify: add PKG_RELEASEStijn Tintel2022-03-041-0/+1
| | | | | | | | | Without PKG_RELEASE, it's impossible to trigger package updates when changing files included in the package that are not in the qosify git repository. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Felix Fietkau <nbd@nbd.name>
* iptables: move libiptext* to their own packagesEtienne Champetier2022-02-281-1/+1
| | | | | | | | iptables-nft doesn't depend on libip{4,6}tc, so move libiptext* libs in their own packages to clean up dependencies Rename libxtables-nft to libiptext-nft Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* qosify: update to the latest versionFelix Fietkau2022-02-201-3/+3
| | | | | | 65b42032063f interface: add missing autorate-ingress options Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: bump to version 2022-02-20Petr Štetiar2022-02-201-3/+3
| | | | | | | | | Contains following changes: 136006b88826 cmake: fix usage of implicit library and include paths bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled Signed-off-by: Petr Štetiar <ynezz@true.cz>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-121-3/+3
| | | | | | | | | | | | | 53caa1a fw4: resolve zone layer 2 devices for hw flow offloading 9fe58f5 fw4: rework and fix family inheritance logic 8795296 tests: mocklib: fix infinite recursion in wrapped print() 281b1bc tests: change mocked wan interface type to PPPoE 93b710d tests: mocklib: forward compatibility change 1a94915 fw4: only stage reflection rules if all required addrs are known 5c21714 fw4: add device iifname/oifname matches to DSCP and MARK rules 3eacc97 tests: adjust 01_ruleset test case to latest changes Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* qosify: update to the latest versionFelix Fietkau2022-02-101-3/+3
| | | | | | | | e230e71e0a12 map: fix copy-paste error in codepoints map 580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef 8d6c19a81f3f ubus: fix a use-after-free bug Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | a0518b6 fw4: gracefully handle unsupported hardware offloading ac99eba init: fix boot action in init script Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | | | | | b54f462 fw4: parse traffic rules before forwarding rules 4d5af8b fw4: consolidate helper code 300c737 fw4: fix applying zone family restrictions to forwardings eb9c25a tests: implement fs.opendir() mock interface d30ff48 tests: fix mocked fs.popen() trace log 52831a0 fw4: improve flowtable handling 7cb10c8 fw4: disable "flow_offloading_hw" option for now b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump 3d76f2e system-linux: add wrapper function for creating link config messages 88af2f1 system-linux: delete bridge devices using netlink 85c3548 system-linux: create bridge devices using netlink Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-01-281-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | 16a1070 fw4.uc: handle zone masq6 option 5f61dbf ruleset: fix chain selection for mark and dscp targets 0bc844b ruleset: properly deal with wildcards in zone device selectors 101988d fw4: fix family comparisons 127dbc0 ruleset: emit AF specific rules for DSCP matches d63cb89 fw4: fix parsing inverted numeric DSCP values 8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains 5669bc7 fw4: consolidate device grouping logic 94f03e0 ruleset: properly render redirect targets without port fff9779 fw4: fix family selection logic for redirect rules ca88fcd tests: update interface dump mock data e60bb4b ruleset: support non-contiguous address masks 8fec51a fw4: fix potential crashes when parsing invalid redirect sections c08eb44 fw4: fix redirect destination zone resolving 0df6ba0 fw4: fix address selection logic for DNAT reflection rules 60a2518 tests: add test coverage for redirect rules e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark ac8a737 ruleset: remove redundant syn check bd5dc4b tests: run testcases in strict mode 3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEADHans Dedecker2022-01-231-3/+3
| | | | | | ed71876 iprule: add support for uidrange Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipip: add 'nohostroute' optionMatthew Hagan2022-01-192-3/+6
| | | | | | | | Add the nohostroute option as available for gre and wg tunnels to allow the user to prevent explicit creation of a route to the peer address. Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
* netifd: update to git HEADHans Dedecker2022-01-141-3/+3
| | | | | | 3043206 system: fix compilation with glibc 2.34 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEADHans Dedecker2022-01-121-3/+3
| | | | | | | | 96902e8 Revert "netifd: add devtype to ubus call" 29e6acf netifd: add devtype to ubus call 7ccbf08 netifd: add devtype to ubus call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest HEADKevin Darbyshire-Bryant2022-01-101-3/+3
| | | | | | | | | 0f16ea5 options.c: add DSCP code LE Least Effort 24ba465 firewall3: remove redundant syn check df1306a firewall3: fix locking issue 3624c37 firewall3: support table load on access on Linux 5.15+ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall4: bump to git HEADStijn Tintel2022-01-091-3/+3
| | | | | | | | | | | | 9a509d4 ruleset.uc: consolidate ip and ip6 offload 21f311d ruleset.uc: don't trim newline before comment sign f121383 tests: enable flow offloading in tests 550df40 tests: add test for unknown defaults option 47c5a5b tests: add test for deprecated rule option 69a89d6 tests: add test for unknown rule option 07579df fw4.uc: handle interface zone option Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0Andre Heider2022-01-082-12/+1
| | | | | | | This makes patching it for ltq-vdsl-app unnecessary and paves the way for VRX518 support. Signed-off-by: Andre Heider <a.heider@gmail.com>
* firewall4: bump to git HEADStijn Tintel2022-01-061-2/+2
| | | | | | main.uc: fix device gathering Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: fix syntax error in dependency specJo-Philipp Wich2022-01-061-1/+1
| | | | | Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall/firewall4: provide uci-firewallStijn Tintel2022-01-062-2/+4
| | | | | | | | | | | | | | | | Provide uci-firewall via PROVIDES in both firewall and firewall4. This will allow us to change the dependency of luci-app-firewall to uci-firewall, making it possible to use it with either implementation. Move CONFLICTS from firewall4 to firewall, to solve this recursive dependency problem: tmp/.config-package.in:307:error: recursive dependency detected! tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4 tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-061-4/+4
| | | | | | | | | | | | | | | | 4ead2a6 treewide: move executables to /sbin 9ebc2f4 fw4.uc: filter duplicates in fw4.set 85b74f3 treewide: support flow offloading be3b4e6 treewide: support hardware flow offloading 38889b7 treewide: support set timeout 31c7550 fw4.uc: do not skip defaults with invalid option 334a127 fw4.uc: introduce DEPRECATED flag 7a0d38f fw4.uc: add _name as deprecated option 5e7ad3b fw4.uc: don't fail on unknown options be5f4e3 fw4.uc: allow use of cidr in ipsets Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: order DEPENDS alphabeticallyStijn Tintel2022-01-061-1/+5
| | | | | | | Add some line breaks while at at, to improve readability. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: drop kmod-ipt-nat from CONFLICTSStijn Tintel2022-01-061-1/+1
| | | | | | | | The limitation of not being able to use iptables and nft nat at the same time exists only in kernels before 4.18. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADHans Dedecker2021-12-171-3/+3
| | | | | | | | | 5ca5e0b netifd: allow disabling rule/rule6 config sections 8875960 interface-ip: add support for IPv6 prefix invalidation e589c05 interface-ip: use metric when looking for a route b54ffde main: fix hotplug script usage message Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: on dhcp interfaces, store the dhcp server in interface dataFelix Fietkau2021-12-101-0/+1
| | | | | | | | Among other things, this can be used to auto-configure the DHCP server address for wireless APs using FILS, if the bridged interface is configured to DHCP Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: remove bulk flow detection from default portsFelix Fietkau2021-12-011-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add besteffort class and switch all default classifications to class ↵Felix Fietkau2021-12-012-13/+17
| | | | | | names Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-221-3/+3
| | | | | | 06872673c10f map: allow referring to a class index directly in tcp/udp default entries Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: install hotplug handler into /etc/hotplug.d/iface as wellFelix Fietkau2021-11-221-1/+9
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add support for configuring overheadFelix Fietkau2021-11-212-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-211-3/+3
| | | | | | 2743e58741b3 bpf: work around a verifier issue Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add qosify-status scriptFelix Fietkau2021-11-192-1/+74
| | | | | | This will show detailed status for all devices/interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add class specific bulk flow detection example to voice classFelix Fietkau2021-11-191-0/+3
| | | | | | | With the new version, priority/bulk flow detection can be selectively enabled and configured per class Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-193-16/+24
| | | | | | | | | | | | | 68961a555e42 ubus: drop dnsmasq check for dns_result method 1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection 3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure bc54c97e3333 map, bpf: create a separate map for configured dscp classes 46cf3eae2d99 bpf: fix bulk flow detaction 88f1db7dd611 bpf: fix priority flow detection b5dec7874373 bpf: remove access to skb->gso_size e728a319a9a5 interface: unify status, always include ifname, ingress, egress Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: keep ICMP in the default best-effort classFelix Fietkau2021-11-191-1/+1
| | | | | | | Also preserve existing DSCP tags to make it easier to test latency for different DSCP values Signed-off-by: Felix Fietkau <nbd@nbd.name>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 00:37:01 +0000