aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
Commit message (Collapse)AuthorAgeFilesLines
* treewide: clean up download hashesFelix Fietkau2016-12-165-5/+5
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* swconfig: replace the shared library with a static oneFelix Fietkau2016-12-142-5/+5
| | | | | | Reduces binary size Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall3: drop support for automatic NOTRACK rulesJo-Philipp Wich2016-12-141-3/+3
| | | | | | | | | | | | Update to current HEAD in order to drop automatic generation of per-zone NOTRACK rules. The NOTRACK rules used to provide a little performance improvement but the later introduction of the netfilter conntrack cache made those rules largely unnecessary. Additionally, those rules caused various issues which broke stateful firewalling in some scenarios. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to the latest versionFelix Fietkau2016-11-221-3/+3
| | | | | | Fixes config reload on bridge MAC address changes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall: update to fix FS#31, FS#73, FS#154, FS#248Jo-Philipp Wich2016-11-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Git head in order to import several fixes and enhancements. - Disable drop invalid by default (FS#73, FS#154) Instead of dropping packets with conntrack state INVALID, only allow streams with explicit NEW or UNTRACKED conntrack state. This change gives user defined rules the chance to accept traffic like ICMPv6 multicast which would be filtered away by the very early ctstate INVALID drop rule otherwise. The old behaviour can be restored by explicitely setting "drop_invalid" to 1 in the global firewall config section. - Fix re-initialization of loadable iptables extensions on musl (FS#31) Since musl does not implement actual dlclose() semantics, it is impossible to re-run initializers on subsequent dlopen() calls. The firewall3 executable now intercepts the extension registration calls instead in order to be able to re-call them when needed. This also allowed us to switch to libxtables' builtin extension loader as a positive side-effect. - Fix masquerade rules for multiple negated IP addresses (FS#248) When building MASQUERADE rules for zones which specify multiple negated addresses in masq_src or masq_dest, emit -j RETURN rules which jump out of the masquerading chain instead of creating multiple rules with inverted "-s" arguments. - Tag own rules using comments Instead of relying on the nonstandard xt_id match, use the xt_comment match to mark own rules. Existing comments are prefixed with "!fw3: " while uncommented rules are marked with a sole "!fw3" string. This allows removing the xt_id match entirely in a later commit. - Make missing ubus connection nonfatal Technically, firewall3 is able to operate without ubus just fine as long as the zones are declared using "option device" or "option subnet" instead of "option network" so do not abort execution if ubus could not be connected or of no network namespace is exported in ubus. This allows running firewall3 on ordinary Linux systems. - Fix conntrack requirement detection for indirectly connected zones The current code fails to apply the conntrack requirement flag recursively to zones, leading to stray NOTRACK rules which break conntrack based traffic policing. Change the implementation to iteratively reapply the conntrack fixup logic until no more zones had been changed in order to ensure that all directly and indirectly connected zones receive the conntrack requirement flag. - Add support for iptables 1.6.x Adds support for the xtables version 11 api in order to allow building against iptables 1.6.x Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADJohn Crispin2016-10-271-3/+3
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* ipip: Support fqdn as remote tunnel endpointHans Dedecker2016-10-262-3/+16
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: Request DHCP option 121 (classless route) by defaultBaptiste Jonglez2016-10-261-2/+5
| | | | | | | | | | | | | | | | | | | This option, defined by RFC3442, allows a DHCP server to send static routes to a client. But the client has to request this option explicitely. Static routes are useful when the gateway configured by DHCP cannot be in the same subnet as the client. This happens, for instance, when using DHCP to hand out addresses in /32 subnets. A new configuration option "classlessroute" is available, allowing users to disable this feature (the option defaults to true). Other DHCP clients already request this option by default (dhcpcd, for instance, and possibly Windows). If a DHCP server does not support this option, it will simply ignore it. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* network/config/swconfig: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-062-4/+4
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* gre: Support fqdn as remote tunnel endpointHans Dedecker2016-10-042-5/+31
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest version, adds various fixesFelix Fietkau2016-09-281-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ltq-vdsl-app: update to version 4.17.18.6Hauke Mehrtens2016-09-203-28/+5
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* netifd: update to the latest versionFelix Fietkau2016-08-231-2/+2
| | | | | | | Adds fixes for wireless device error handling Adds link state fixes for shell proto handlers Signed-off-by: Felix Fietkau <nbd@nbd.name>
* swconfig: revert the portmapping patches, they seem to cause a segfaultJohn Crispin2016-08-163-0/+104
| | | | | | | | | | | | Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig" This reverts commit 675407baa44a8700de20b6b2857009a552a807ba. Revert "swconfig: remove obsolete portmapping feature" This reverts commit fca1eb349ef31b133a62880cbd562d6bf17500aa. Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: remove obsolete portmapping featureJohn Crispin2016-08-153-104/+0
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: update to the latest version, adds an event handling fixFelix Fietkau2016-07-291-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2016-07-291-2/+2
| | | | | | | | Emits an initial event after the first link-up of a force_link interface. This is needed for making the dnsmasq dhcp check more reliable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: Use -x hostname:$hostname instead of -HMerlijn Wajer2016-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | Passing the hostname is currently broken in since the shipped busybox includes this commit: https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21 Before: Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150' After: Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600 Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
* firewall3: update to latest git HEADJohn Crispin2016-07-241-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: quote vendorid and hostname variables in dhcp scriptHans Dedecker2016-07-121-2/+2
| | | | | | | Quote hostname and vendorid variables in dhcp script so they can hold strings having white spaces Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* lantiq: Correct ADSL race conditionDaniel Gimpelevich2016-06-221-1/+1
| | | | | | | puts br2684ctl init after ADSL init instead of before, so that the ESI is set at the right time, and for consistency with the PTM driver. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* package/lantiq: make lantiq kernel modules work with xway_legacyJohn Crispin2016-06-131-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* package/*: update git urls for project reposJohn Crispin2016-06-132-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: improve failure reportingJo-Philipp Wich2016-06-112-7/+7
| | | | | | Report the translated error to the user if a get/set netlink operation failed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-077-7/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2016-06-061-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* lantiq: fix segfault inside ltq-adsl-appDaniel Gimpelevich2016-05-271-0/+65
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* global: change my email addressJohn Crispin2016-05-121-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: Remove hardcoded DHCP release optionHans Dedecker2016-05-111-1/+1
| | | | | | | Remove the udhcpc -R release option as sending a DHCP release is configurable via the uci option release. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall3: fix mark rules for local traffic, fix race conditionJo-Philipp Wich2016-05-021-3/+4
| | | | | | | Update to latest HEAD in order to fix MARK rule generation for local traffic, also fix a possible race condition during firewall start. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: Add configurable DHCP release behaviorHans Dedecker2016-04-281-3/+5
| | | | | | | Make sending a DHCP release configurable when the client exits allowing to clean up IP/mac state info in intermediate devices. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* package: flag further target specific packages as nonsharedJo-Philipp Wich2016-04-261-0/+2
| | | | | | | Add nonshared flag to package depending on specific targets or subtargets as there's no guarantee otherwise that they'll be available in the shared repo. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: Send DHCP release when client exitsHans Dedecker2016-03-311-1/+1
| | | | | | | | Let DHCP client send a release when it exists so the DHCP server is informed the IP address is released and allowing to clean up IP/mac state info in intermediate devices. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: fix default ip rulesJo-Philipp Wich2016-03-311-2/+2
| | | | | | | Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading to unexpected policy rule precedence. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ltq-vdsl-app: do not set the reserved bit 4 in the xTSE 8Felix Fietkau2016-03-071-3/+3
| | | | | | | | | | I do not know if this causes any problems now, but we should not set it, because it is reserved. Some more recent versions of the Lantiq DSL API driver and Control is checking if only valid bits are set. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48948
* ltq-vdsl-app: make it possible to configure ADSL/VDSL independentlyFelix Fietkau2016-03-071-2/+18
| | | | | | | | | | | There are some cases where ISPs are running ATM over VDSL or PTM over ADSL, this is not the common case, but these cases exist. Make it possible to configure OpenWrt for such cases by adding a new config option line_mode. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48947
* ltq-vdsl-app: sync annex option between from ADSL packageFelix Fietkau2016-03-071-3/+41
| | | | | | | | | | The detailed annex option were only available in the danube DSL app including the activation of G.992.2 Annex A (ADSL Lite). This is now also added to the vdsl app for the vrx200. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48946
* ltq-adsl-app: sync annex option between from VDSL packageFelix Fietkau2016-03-071-2/+3
| | | | | | | | | | | | The adsl control app missed the activation of annex M and annex L in the Annex A part, this now activates everything the firmware supports. In Annex L type only the wide US (Mask1) was activated, now also the narrow US (Mask2) version gets activated. In addition annex J was also added. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48945
* ltq-vdsl-app: make the dsl_control application stop cleanlyFelix Fietkau2016-03-071-0/+2
| | | | | | | | | | | I am not calling dsl_cmd because I want to ignore the lock, quit should also be send when someone else is accessing it. I saw that some other call was stuck here and all following calls were stuck in the dsl_cmd lock. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48943
* ltq-vdsl-app: load the vrx200 firmware or patch itFelix Fietkau2016-03-072-1/+43
| | | | | | | | This checks for the VRX firmware provided in the OpenWrt package. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48940
* netifd: fix build errorJo-Philipp Wich2016-03-041-1/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48920
* netifd: fix VTI ikey/okey endianessJo-Philipp Wich2016-03-041-2/+2
| | | | | | | | | Ensure that ikey and okey are sent in network byte order to the kernel. Also don't mangle external IP addrs and routes when reconfiguring iinterfaces. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48919
* ltq-vdsl-app: Enable T1.413 in Annex A xTSE setJohn Crispin2016-02-251-1/+1
| | | | | | | | | Before r47933 Bit 1 (first bit) of xTSE Octet 1 (first octet) defaulted to 1, which allowed T1.413 to operate. Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net> SVN-Revision: 48763
* vti: fix kmod dependenciesJohn Crispin2016-02-121-2/+2
| | | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> SVN-Revision: 48704
* swconfig: support setting SWITCH_TYPE_LINK attributesRafał Miłecki2016-02-031-0/+51
| | | | | | | | | | Supported syntax is inspired by ethtool. Example usages: swconfig dev switch0 port 2 set link "duplex half speed 100" swconfig dev switch0 port 2 set link "autoneg on" Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48624
* gre: Support multicast configurable gre interfacesFelix Fietkau2016-02-011-2/+5
| | | | | | | | | | | UCI paramater multicast is added which allows to toggle multicast support on gre interfaces. By default multicast support is enabled as gre tunnels are often used in combination with routing protocols using multicast. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com> SVN-Revision: 48596
* netifd: update to the latest version, adds many fixesFelix Fietkau2016-02-011-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48595
* firewall: drop invalid by default, remove chain indirection, fix invert ↵Jo-Philipp Wich2016-01-291-3/+3
| | | | | | | | | | | | flags (#21738) * Enable drop_invalid by default to catch unnatted packets (#21738) * Fix processing of inversions for -i, -o, -s, -d and -p flags * Remove delegate_* chain indirection but rely on xt_id to identify own rules Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48551
* ltq-vdsl-app: mask out VDSL bits when ATM is selected, fixes compatibility ↵Felix Fietkau2016-01-231-2/+5
| | | | | | | | issues with some DSLAMs Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48457
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 05:14:38 +0000