aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
Commit message (Collapse)AuthorAgeFilesLines
* netifd: fix IPv6 routing loop on point-to-point linksHans Dedecker2021-01-171-3/+3
| | | | | | | | c00c833 interface-ip: add unreachable route if address is offlink e71909c interface-ip: coding style fixes Tested-by: Karl Vogel <karl.vogel@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEADDaniel Golle2021-01-051-3/+3
| | | | | | 0c83439 netifd: wireless: default to GCMP WPA cipher on 802.11ad Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: update to the latest versionFelix Fietkau2020-12-311-3/+3
| | | | | | 39fb8c3edc74 wireless: add support for not killing processes on teardown Signed-off-by: Felix Fietkau <nbd@nbd.name>
* vxlan: allow for dynamic source ip selection (FS#3426)Johannes Kimmel2020-12-312-25/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By setting 'auto', the zero address or the empty string as source address (option ipaddr, option ip6addr), vxlan will choose one dynamically. This helps in setups where a wan ip or prefix changes. This corresponse to setting up an vxlan tunnel with: proto vxlan6: # ip link add vx0 type vxlan id ID local :: ... proto vxlan: # ip link add vx0 type vxlan id ID local 0.0.0.0 ... While it is possible to not specify a source ip at all, the kernel will default to setting up a ipv4 tunnel. The kernel will take any hint from source and peer ips to figure out, what tunnel type to use. To make sure we setup an ipv6 tunnel for proto vxlan6, this workaround is needed. This will not change the behaviour of currently working configurations. However this will allow former broken configurations, namely those not specifying both a source address and tunnel interface, to setup a tunnel interface. Previously those configurations weren't reporting an error and were stueck in a setup loop like in Bug FS#3426. This change lifts the currently very strict behaviour and should fix the following bug: Fixes: FS#3426 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
* netifd: update to the latest versionFelix Fietkau2020-12-231-3/+3
| | | | | | 88c6003e2b4f netifd: fix a typo in vlandev hotplug support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to latest versionNick Hainke2020-12-141-3/+3
| | | | | | 458b1a7e9473 netifd: add segment routing support Signed-off-by: Nick Hainke <vincent@systemli.org>
* xfrm: support 'multicast' attribute on interfacesPhilip Prindeville2020-12-112-3/+6
| | | | | | | | | | | | | | You shouldn't need the overhead of GRE just to add multicast capability on a point-to-point interface (for instance, you might want to run mDNS over IPsec transport connections, and Avahi requires IFF_MULTICAST be set on interfaces, even point-to-point ones). Borrowed heavily from: b3c9321b9e gre: Support multicast configurable gre interfaces Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netifd: update to the latest versionFelix Fietkau2020-12-021-3/+3
| | | | | | | | | | | d6bd1047d004 vlandev: dump vlan id in device status e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter 574dc4a17105 system-dummy: print configured mac address 14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings 524310276f20 system-linux: move device settings handling to device.c 42c48866f1c1 config: parse default mac address from board.json Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2020-11-231-3/+3
| | | | | | | 213748a9bcd9 system-linux: implement full device present state management for force-external devices 3abe1fc87151 system-linux: add retry for adding member devices to a bridge Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2020-11-211-3/+3
| | | | | | | | | 351d690f1a09 wireless: fix passing bridge name for vlan hotplug pass-through c1c2728946b5 config: initialize bridge and bridge vlans before other devices 5e18d5b9ccb1 interface: do not force link-ext hotplug interfaces to present by default 4544f026bb09 bridge-vlan: add support for defining aliases for vlan ids Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2020-11-131-3/+3
| | | | | | 4a41135750d9 system-linux: only overwrite dev->present state on check_state for simple devices Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2020-11-121-3/+3
| | | | | | | | | | | | | 3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge dd5e61153636 bridge: show vlans in device status a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged d1e8884f8911 bridge: fix use-after-free bug on bridge member free 3a2b21001c3c system-dummy: set present state only for simple devices ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ltq-vdsl-app: use new extra_command wrapperFlorian Eckert2020-11-022-4/+3
| | | | | | Use new `extra_command` wrapper to fix the alignement. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* ltq-adsl-app: use new extra_command wrapperFlorian Eckert2020-11-022-4/+3
| | | | | | Use new `extra_command` wrapper to fix the alignement. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* netifd: bump to version 2020-10-22Yousong Zhou2020-10-241-3/+3
| | | | | | | | | | | | | | | Changelog follows ced0d535 build: find and use libnl header dirs 5722218e proto: rework parse_addr to return struct device_addr 3d7bf604 device_addr: record address index as in the blob 24ce1eab interface: proto_ip: order by address index first This bump mainly affects order of interface addresses in ubus output. At the moment dnsmasq uses first address of an interface for setting dhcp-range option in its config Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: update to latest git HEADHans Dedecker2020-10-101-3/+3
| | | | | | 64ff909 system-linux: initialize ifreq struct before using it Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vxlan: fix rsc config optionHans Dedecker2020-09-242-3/+3
| | | | | | Fix route short circuit config option; fixes commit 036221ce5a899eb99ef1c1623fc9460af00a69e7 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vxlan: add extra config optionsHans Dedecker2020-09-232-3/+25
| | | | | | | | | | | | | | | | | Add config options: srcportmin/srcportmax : range of port numbers to use as UDP source ports to communicate to the remote VXLAN tunnel endpoint ageing : lifetime in seconds of FDB entries learnt by the kernel maxaddress : maximum number of FDB entries learning : enable/disable entering unknown source link layer addresses and IP addresses into the VXLAN device FDB. rsc : enable/disable route short circuit proxy : enable/disable ARP proxy l2miss : enable/disable netlink LLADDR miss notifications l3miss : enable/disable netlink IP ADDR miss notifications gbp : enable/disable the Group Policy extension Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2020-09-121-3/+3
| | | | | | | | | 55a7b6b netifd: vxlan: add aging and maxaddress options 11223f5 netifd: vxlan: add most missing boolean options 226566b netifd: vxlan: refactor mapping of boolean attrs a3c033e netifd: vxlan: handle srcport range Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEADDaniel Golle2020-09-081-3/+3
| | | | | | | | | | | | | | | | | 3d9bd73 utils: fix check_pid_path to work with deleted file as well 330f403 vlan: initialize device ifname earlier at creation time c057e71 device: do not check state from within device_init cb0c07b system-dummy: fix resolving ifindex ccd9ddc bridge: add support for turning on vlan_filtering 82bcb64 bridge: add support for adding vlans to a bridge 0e8cea0 bridge: add support for VLAN filtering 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs ac0710b device: look up full device name before traversing vlan chain e32e21e bridge: flush vlan list on bridge free 645ceed interface-ip: clear host bits of the device prefix d7b614a netifd-wireless: parse 'osen' encryption Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall: bump to latest HEADDavid Bauer2020-09-051-3/+3
| | | | | | | 8c2f9fa fw3: zones: limit zone names to 11 bytes 78d52a2 options: fix parsing of boolean attributes Signed-off-by: David Bauer <mail@david-bauer.net>
* firewall: Fix PKG_MIRROR_HASHHauke Mehrtens2020-08-241-1/+1
| | | | | Fixes: 6c57fb7aa93d ("firewall: bump to version 2020-07-05") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "dsaconfig: introduce package for UCI configuration of VLAN filter rules"Jo-Philipp Wich2020-08-064-364/+0
| | | | | | | | This reverts commit 96b87196b0788d4cdaa81a49a65d198d9f6c90d2. This commit was not meant to go into master. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "add vfconfig"Jo-Philipp Wich2020-08-064-292/+0
| | | | | | | | This reverts commit 34553e8cc9ad4530d3f52c3423e5c52fdacac539. This commit was not meant to go into master. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add vfconfigJo-Philipp Wich2020-08-064-0/+292
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dsaconfig: introduce package for UCI configuration of VLAN filter rulesJo-Philipp Wich2020-08-064-0/+364
| | | | | | | | | | | | | | This package provides the necessary files to translate `config dsa_vlan` and `config dsa_port` sections of `/etc/config/network` into appropriate bridge vlan filter rules. The approach of the configuration is to bridge all DSA ports into a logical bridge device, called "switch0" by default, and to set VLAN port membership, tagging state and PVID as specified by UCI on each port and on the switch bridge device itself, allowing logical interfaces to reference port VLAN groups by using "switch0.N" as ifname, where N denotes the VLAN ID. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* package: replace remaining occurrences of ifconfig with ipAdrian Schmutzler2020-08-032-4/+4
| | | | | | | | ifconfig is effectively deprecated for quite some time now. Let's replace the remaining occurrences for packages by the corresponding ip commands now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* firewall: bump to version 2020-07-05Yousong Zhou2020-07-261-3/+3
| | | | | | | | | | | | | | | Changes since last source version e9b90df zones: apply tcp mss clamping also on ingress path 050816a redirects: fix segmentation fault f62a52b treewide: replace unsafe string functions 23cc543 improve reload logic 9d7f49d redurects: add support to define multiple zones for dnat reflection rules f87d0b0 firewall3: defaults: fix uci flow_offloading option fe9602c rules: fix typo 7cc2a84 defaults: robustify flow table detection. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* vxlan: add capability for multiple fdb entriesJohannes Kimmel2020-07-202-2/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to wireguard, vxlan can configure multiple peers or add specific entries to the fdb for a single mac address. While you can still use peeraddr/peer6addr option within the proto vxlan/vxlan6 section to not break existing configurations, this patch allows to add multiple sections that conigure fdb entries via the bridge command. As such, the bridge command is now a dependency of the vxlan package. (To be honest without the bridge command available, vxlan isn't very much fun to use or debug at all) Field names are taken direclty from the bridge command. Example with all supported parameters, since this hasn't been documented so far: config interface 'vx0' option proto 'vxlan6' # use vxlan over ipv6 # main options option ip6addr '2001:db8::1' # listen address option tunlink 'wan6' # optional if listen address given option peer6addr '2001:db8::2' # now optional option port '8472' # this is the standard port under linux option vid '42' # VXLAN Network Identifier to use option mtu '1430' # vxlan6 has 70 bytes overhead # extra options option rxcsum '0' # allow receiving packets without checksum option txcsum '0' # send packets without checksum option ttl '16' # specifies the TTL value for outgoing packets option tos '0' # specifies the TOS value for outgoing packets option macaddr '11:22:33:44:55:66' # optional, manually specify mac # default is a random address Single peer with head-end replication. Corresponds to the following call to bridge: $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 config vxlan_peer option vxlan 'vx0' option dst '2001:db8::3' # always required For multiple peers, this section can be repeated for each dst address. It's possible to specify a multicast address as destination. Useful when multicast routing is available or within one lan segment: config vxlan_peer option vxlan 'vx0' option dst 'ff02::1337' # multicast group to join. # all bum traffic will be send there option via 'eth1' # for multicast, an outgoing interface needs # to be specified All available peer options for completeness: config vxlan_peer option vxlan 'vx0' # the interface to configure option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, option dst '2001:db8::4' # connected to this peer option via 'eth0.1' # use this interface only option port '4789' # use different port for this peer option vni '23' # override vni for this peer option src_vni '123' # see man 3 bridge Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
* vxlan: remove mandatory peeraddrJohannes Kimmel2020-07-201-12/+0
| | | | | | | | | | vxlan can be configured without a peer address. This is used to prepare an interface and add peers later. Fixes: FS#2743 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ltq-*dsl-app: dsl_control: remove unneeded check for lantiq_dsl.shMartin Schiller2020-07-174-4/+4
| | | | | | | | | | This file is always present because it is part of the ltq-dsl-base package on which these packages depend. This check would not have been necessary in the past, because the script was part of the TARGET_LANTIQ on which these packages also depend. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* lantiq: move dsl related base-files into own packageMartin Schiller2020-07-172-2/+2
| | | | | | | | | | It does not make sense to install this components on lantiq systems where the dsl subsystem is not needed/used. This also makes it possible to use the files also on other targets. (hopefully ipq401x / FritzBox 7530 in the near future) Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
* package: drop PKG_VERSION for purely local packagesAdrian Schmutzler2020-07-154-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the package guidelines, PKG_VERSION is supposed to be used as "The upstream version number that we're downloading", while PKG_RELEASE is referred to as "The version of this package Makefile". Thus, the variables in a strict interpretation provide a clear distinction between "their" (upstream) version in PKG_VERSION and "our" (local OpenWrt trunk) version in PKG_RELEASE. For local (OpenWrt-only) packages, this implies that those will only need PKG_RELEASE defined, while PKG_VERSION does not apply following a strict interpretation. While the majority of "our" packages actually follow that scheme, there are also some that mix both variables or have one of them defined but keep them at "1". This is misleading and confusing, which can be observed by the fact that there typically either one of the variables is never bumped or the choice of the variable to increase depends on the person doing the change. Consequently, this patch aims at clarifying the situation by consistently using only PKG_RELEASE for "our" packages. To achieve that, PKG_VERSION is removed there, bumping PKG_RELEASE where necessary to ensure the resulting package version string is bigger than before. During adjustment, one has to make sure that the new resulting composite package version will not be considered "older" than the previous one. A useful tool for evaluating that is 'opkg compare-versions'. In principle, there are the following cases: 1. Sole PKG_VERSION replaced by sole PKG_RELEASE: In this case, the resulting version string does not change, it's just the value of the variable put in the file. Consequently, we do not bump the number in these cases so nobody is tempted to install the same package again. 2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE: In this case, the resulting version string has been "version-release", e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just need to be higher than the previous PKG_VERSION. For the cases where PKG_VERSION has always sticked to "1", and PKG_RELEASE has been incremented, we take the most recent value of PKG_RELEASE. Apart from that, a few packages appear to have developed their own complex versioning scheme, e.g. using x.y.z number for PKG_VERSION _and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION (adb-enablemodem, wwan). I didn't touch these few in this patch. Cc: Hans Dedecker <dedeckeh@gmail.com> Cc: Felix Fietkau <nbd@nbd.name> Cc: Andre Valentin <avalentin@marcant.net> Cc: Matthias Schiffer <mschiffer@universe-factory.net> Cc: Jo-Philipp Wich <jo@mein.io> Cc: Steven Barth <steven@midlink.org> Cc: Daniel Golle <dgolle@allnet.de> Cc: John Crispin <john@phrozen.org> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* vxlan: bump and change to PKG_RELEASEAdrian Schmutzler2020-07-151-1/+1
| | | | | | | | | | | | | Bumping package version has been overlooked in a previous commit. While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter is meant for upstream version number only. (The effective version string for the package would be "3" in both cases, so there is no harm done for version comparison.) Fixes: 0453c3866feb ("vxlan: fix udp checksum control") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* vxlan: fix udp checksum controlJohannes Kimmel2020-07-151-0/+2
| | | | | | | | | | | So far, passing "rxcsum" and "txcsum" had no effect. Fixes: 95ab18e0124e ("vxlan: add options to enable and disable UDP checksums") Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> [add Fixes:] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* netifd: replace timesvr with timesrvSukru Senli2020-06-271-1/+7
| | | | | | | | /lib/netifd/dhcp.script: Keep support for 'timesvr' while also supporting 'timesrv' Add log message indicating deprecation of 'timesvr' Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu>
* soloscli: fix uci-defaults fileAdrian Schmutzler2020-06-112-3/+1
| | | | | | | | | | The folder for the uci-defaults file of this package is wrong, so the file most probably has not been executed at all for several years at least. Fix the folder and remove the useless shebang for the file. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* netifd: disable receive packet steering for DSA slave devicesFelix Fietkau2020-06-101-4/+9
| | | | | | | It is already handled on the master device. Doing it twice reduces performance Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to latest git HEADHans Dedecker2020-06-061-3/+3
| | | | | | 51e9fb8 system-linux: improve handling of device rename Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest HEADJohn Crispin2020-06-041-4/+4
| | | | | | | | | db275e1 interface-ip: fix build on non-linux systems 3392046 system-dummy: fix missing return a56b457 netifd: wireless: add support for tracking wifi-station sections 4ce33ce netifd: wireless: add support for tracking wifi-vlan sections Signed-off-by: John Crispin <john@phrozen.org>
* qos-scripts: fix interface resolvingJo-Philipp Wich2020-05-292-8/+14
| | | | | | | | Also ensure that the error message is actually printed to stderr and that the rule generation is aborted if an interface cannot be resolved. Ref: https://github.com/openwrt/luci/issues/3975 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: add rule for traceroute supportPhilip Prindeville2020-05-211-0/+13
| | | | | | | | | | | | | | | | | Running your firewall's "wan" zone in REJECT zone (1) exposes the presence of the router, (2) depending on the sophistication of fingerprinting tools might identify the OS and release running on the firewall which then identifies known vulnerabilities with it and (3) perhaps most importantly of all, your firewall can be used in a DDoS reflection attack with spoofed traffic generating ICMP Unreachables or TCP RST's to overwhelm a victim or saturate his link. This rule, when enabled, allows traceroute to work even when the default input policy of the firewall for the wan zone has been set to DROP. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netifd: ingress/egress vlan qos mapping supportHans Dedecker2020-05-211-3/+3
| | | | | | 74e0222 vlandev: support setting ingress/egress QoS mappings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: replace backticks by $(...)Adrian Schmutzler2020-05-133-3/+3
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ltq-vdsl-app: replace backticks by $(...)Adrian Schmutzler2020-05-131-1/+1
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* netifd: clean up netns functionalityDaniel Golle2020-04-141-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: fix jail ifdown and jails without jail_ifnameDaniel Golle2020-04-141-3/+3
| | | | | | | | The previous commit introduced a regression for netns jails without jail_ifname set. Fix that. Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: network namespace jail improvementsDaniel Golle2020-04-141-3/+3
| | | | | | | aaaca2e interface: allocate and free memory for jail name d93126d interface: allow renaming interface when moving to jail netns Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: fix 14_migrate-dhcp-release scriptPeter Stadler2020-04-051-1/+1
| | | | | | prepend 'uci' to 'commit network' Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* netifd: fix compilation with musl 1.2.0Hans Dedecker2020-03-261-3/+3
| | | | | | 1e8328 system-linux: fix compilation with musl 1.2.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>