aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config
Commit message (Collapse)AuthorAgeFilesLines
* netifd: return error status in reload_serviceHans Dedecker2017-12-131-1/+4
| | | | | | | | | Based on a patch by Alexandru Ardelean. netifd ubus reload call returns the actual reload error status; return error status as well in reload_service Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 4b195a611fe146969e813ce77ecf74ce5f9c176b)
* netifd: fix fw3 warnings in dhcp scriptHans Dedecker2017-12-131-1/+1
| | | | | | | Fix fw3 warnings in dhcp script in case fw3 is not enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 20e40db524fb6c391f47619b18bf36bf7932478a)
* swconfig: Link with libuboxFlorian Fainelli2017-12-131-1/+1
| | | | | | | | | | | | | | | | | | | | Fixes linking failures observed with external toolchains: /home/florian/dev/toolchains/stbgcc-4.8-1.5/bin/../lib/gcc/mipsel-linux-gnu/4.8.5/../../../../mipsel-linux-gnu/bin/ld: warning: libubox.so, needed by /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so, not found (try using -rpath or -rpath-link) /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_open_nested' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_parse' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blob_nest_end' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_add_field' Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> (cherry picked from commit fe8618a8fe0db1bc8f343c0f75082ff96e9991ab)
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-132-2/+2
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* firewall: resync with masterJo-Philipp Wich2017-05-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Git HEAD in order to import a number of fixes and other improvements: a4d98ae options: remove stray continue statement 3d2c18a options: improve handling of negations when parsing space separated values 0e5dd73 iptables: support -i, -o, -s and -d in option extra 4cb06c7 ubus: increase ubus network interface dump timeout e5dfc82 iptables: add exception handling f625954 firewall3: add check_snat() function 7d3d9dc firewall3: display the section type for UBUS rules 53ef9f1 firewall3: add UBUS support for include scripts 5cd4af4 firewall3: add UBUS support for ipset sections 02d6832 firewall3: add UBUS support for forwarding sections 0a7d36d firewall3: add UBUS support for redirect sections d44f418 firewall3: add fw3_attr_parse_name_type() function e264c8e firewall3: replace warn_rule() by warn_section() 6039c7f firewall3: check the return value of fw3_parse_options() c328d1f build: use -Wno-format-truncation instead of -Wno-error=format-truncation e06e537 utils: replace sprintf use with snprintf to avoid overflows 533f834 build: disable the format-truncation warning error to fix gcc 7 build errors e751cde zones: drop outgoing invalid traffic in masqueraded zones d596f72 rules: fix UCI context in error reporting 1d0564c ubus: fix interface name and proto lookup 82ccd9e firewall3: fix handling of UTC times 1949e0c iptables: support xtables API > 11 Fixes FS#548, FS#640, FS#806, FS#811. Ref: https://forum.lede-project.org/t/nat-leakage-on-tl-wr1043nd-v4/1712 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: document rules for IPSec ESP/ISAKMP with 'name' optionYousong Zhou2017-03-282-15/+16
| | | | | | | | | | These are recommended practices by REC-22 and REC-24 of RFC6092: "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service" Fixes FS#640 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* swconfig: Bugfix switch_port uci option parsingBen Kelly2017-03-011-2/+2
| | | | | | | | When not defining 'device' or 'vlan' in relevant switch_port uci sections, behaviour is inconsistent due to *devn, *port and *vlan pointers not being zero initialized. Signed-off-by: Ben Kelly <ben@benjii.net>
* netifd: fix stopping netifd + interfacesFelix Fietkau2017-03-011-10/+3
| | | | | | | stop() is overwritten by rc.common, so implement stop_service instead. While at it, remove the now unnecessary restart() override Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qos-scripts: fix module load commands (FS#438)Felix Fietkau2017-02-151-2/+1
| | | | | | | fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark module Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | 650758b interface-ip: route proto config support (FS#170) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* packages: mark packages depending on a target as nonsharedMathias Kresin2017-01-241-0/+2
| | | | | | | | | The packages can't be build as shared packages due to the unmet dependencies. Fixes FS#418. Signed-off-by: Mathias Kresin <dev@kresin.me>
* netifd: update to git HEAD versionHans Dedecker2017-01-171-2/+2
| | | | | | a057f6e device: fix DEV_OPT_SENDREDIRECTS definition Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: fix forwarding local subnet trafficJo-Philipp Wich2017-01-131-3/+3
| | | | | | | | | | | | | Packets which are merely forwarded by the router and which are neither involved in any DNAT/SNAT nor originate locally, are considered INVALID from a conntrack point of view, causing them to get dropped in the zone_*_dest_ACCEPT chains, since those only allow stream with state NEW or UNTRACKED. Remove the ctstate restriction on dest accept chains to properly pass- through unrelated 3rd party traffic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to the latest versionFelix Fietkau2017-01-131-3/+3
| | | | | | | This disables IGMP snooping by default, which was causing various issues over time, like FS#95 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.Roger Pueyo Centelles2017-01-032-7/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit modifies the /lib/netifd/proto/gre.sh script so that, when GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen interface name contains the "tap" substring, to differentiate them from non-TAP GRE tunnels. Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname) upon creation. For instance, the following tunnels: config interface 'tuna' option peeraddr '172.30.22.1' option proto 'gre' config interface 'tunb' option peeraddr '192.168.233.4' option proto 'gretap' config interface 'tunc' option peer6addr 'fdc5:7c9e:e93d:45af::1' option proto 'grev6' config interface 'tund' option peer6addr 'fdc0:6071:1348:31ff::2' option proto 'grev6tap' are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund". The current change makes that each GRE tunnel interface of the four different types available (gre, gretap, grev6 and grev6tap) gets a different prefix. Therefore, the abovementioned tunnels will be named, respectively: "gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund". This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA) where the whole protocol name is used. For instance, a PPPoA interface named "p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1" and "pppoe-p2", not as "ppp-p1" and "ppp-p2"). Since Linux interfaces names are limited to 15 characters, these prefixes leave, for the worst case (TAP tunnels), 9 characters for the actual name. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
* netifd: Upstep to git HEAD versionHans Dedecker2016-12-251-3/+3
| | | | | | | | | 64a655d proto: allow configuring deprecated static IPv6 addresses c99182e remove obsolete /opt/local prefix on Mac OS X 0249d5f system-linux: Don't set gre tunnel ttl by default to 64 (#FS312) edc15ca ubus: Display the IPv6 prefix assigned address Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: Remove ttl default value assignment (FS#312)Hans Dedecker2016-12-252-2/+2
| | | | | | | Don't assign a default ttl of 64 for gre tunnels as netifd takes care of the default ttl assignment Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: clean up and unify PKG_VERSION for git based downloadsFelix Fietkau2016-12-222-10/+6
| | | | | | Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE Signed-off-by: Felix Fietkau <nbd@nbd.name>
* vti: add empty install rules for vtiv4 & vtiv6Alexandru Ardelean2016-12-221-0/+8
| | | | | | Same as for grev4 & grev6 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* gre: add empty install rules for grev4 & grev6Alexandru Ardelean2016-12-221-0/+8
| | | | | | | | | | | | | | | Build seems to fail with: ``` Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies for X: * grev4 * * opkg_install_cmd: Cannot install package X ``` After adding an empty install rule, the failure goes away. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* treewide: clean up download hashesFelix Fietkau2016-12-165-5/+5
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* swconfig: replace the shared library with a static oneFelix Fietkau2016-12-142-5/+5
| | | | | | Reduces binary size Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall3: drop support for automatic NOTRACK rulesJo-Philipp Wich2016-12-141-3/+3
| | | | | | | | | | | | Update to current HEAD in order to drop automatic generation of per-zone NOTRACK rules. The NOTRACK rules used to provide a little performance improvement but the later introduction of the netfilter conntrack cache made those rules largely unnecessary. Additionally, those rules caused various issues which broke stateful firewalling in some scenarios. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to the latest versionFelix Fietkau2016-11-221-3/+3
| | | | | | Fixes config reload on bridge MAC address changes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall: update to fix FS#31, FS#73, FS#154, FS#248Jo-Philipp Wich2016-11-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Git head in order to import several fixes and enhancements. - Disable drop invalid by default (FS#73, FS#154) Instead of dropping packets with conntrack state INVALID, only allow streams with explicit NEW or UNTRACKED conntrack state. This change gives user defined rules the chance to accept traffic like ICMPv6 multicast which would be filtered away by the very early ctstate INVALID drop rule otherwise. The old behaviour can be restored by explicitely setting "drop_invalid" to 1 in the global firewall config section. - Fix re-initialization of loadable iptables extensions on musl (FS#31) Since musl does not implement actual dlclose() semantics, it is impossible to re-run initializers on subsequent dlopen() calls. The firewall3 executable now intercepts the extension registration calls instead in order to be able to re-call them when needed. This also allowed us to switch to libxtables' builtin extension loader as a positive side-effect. - Fix masquerade rules for multiple negated IP addresses (FS#248) When building MASQUERADE rules for zones which specify multiple negated addresses in masq_src or masq_dest, emit -j RETURN rules which jump out of the masquerading chain instead of creating multiple rules with inverted "-s" arguments. - Tag own rules using comments Instead of relying on the nonstandard xt_id match, use the xt_comment match to mark own rules. Existing comments are prefixed with "!fw3: " while uncommented rules are marked with a sole "!fw3" string. This allows removing the xt_id match entirely in a later commit. - Make missing ubus connection nonfatal Technically, firewall3 is able to operate without ubus just fine as long as the zones are declared using "option device" or "option subnet" instead of "option network" so do not abort execution if ubus could not be connected or of no network namespace is exported in ubus. This allows running firewall3 on ordinary Linux systems. - Fix conntrack requirement detection for indirectly connected zones The current code fails to apply the conntrack requirement flag recursively to zones, leading to stray NOTRACK rules which break conntrack based traffic policing. Change the implementation to iteratively reapply the conntrack fixup logic until no more zones had been changed in order to ensure that all directly and indirectly connected zones receive the conntrack requirement flag. - Add support for iptables 1.6.x Adds support for the xtables version 11 api in order to allow building against iptables 1.6.x Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADJohn Crispin2016-10-271-3/+3
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* ipip: Support fqdn as remote tunnel endpointHans Dedecker2016-10-262-3/+16
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: Request DHCP option 121 (classless route) by defaultBaptiste Jonglez2016-10-261-2/+5
| | | | | | | | | | | | | | | | | | | This option, defined by RFC3442, allows a DHCP server to send static routes to a client. But the client has to request this option explicitely. Static routes are useful when the gateway configured by DHCP cannot be in the same subnet as the client. This happens, for instance, when using DHCP to hand out addresses in /32 subnets. A new configuration option "classlessroute" is available, allowing users to disable this feature (the option defaults to true). Other DHCP clients already request this option by default (dhcpcd, for instance, and possibly Windows). If a DHCP server does not support this option, it will simply ignore it. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* network/config/swconfig: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-062-4/+4
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* gre: Support fqdn as remote tunnel endpointHans Dedecker2016-10-042-5/+31
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest version, adds various fixesFelix Fietkau2016-09-281-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ltq-vdsl-app: update to version 4.17.18.6Hauke Mehrtens2016-09-203-28/+5
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* netifd: update to the latest versionFelix Fietkau2016-08-231-2/+2
| | | | | | | Adds fixes for wireless device error handling Adds link state fixes for shell proto handlers Signed-off-by: Felix Fietkau <nbd@nbd.name>
* swconfig: revert the portmapping patches, they seem to cause a segfaultJohn Crispin2016-08-163-0/+104
| | | | | | | | | | | | Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig" This reverts commit 675407baa44a8700de20b6b2857009a552a807ba. Revert "swconfig: remove obsolete portmapping feature" This reverts commit fca1eb349ef31b133a62880cbd562d6bf17500aa. Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: remove obsolete portmapping featureJohn Crispin2016-08-153-104/+0
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: update to the latest version, adds an event handling fixFelix Fietkau2016-07-291-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2016-07-291-2/+2
| | | | | | | | Emits an initial event after the first link-up of a force_link interface. This is needed for making the dnsmasq dhcp check more reliable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: Use -x hostname:$hostname instead of -HMerlijn Wajer2016-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | Passing the hostname is currently broken in since the shipped busybox includes this commit: https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21 Before: Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150' After: Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600 Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
* firewall3: update to latest git HEADJohn Crispin2016-07-241-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: quote vendorid and hostname variables in dhcp scriptHans Dedecker2016-07-121-2/+2
| | | | | | | Quote hostname and vendorid variables in dhcp script so they can hold strings having white spaces Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* lantiq: Correct ADSL race conditionDaniel Gimpelevich2016-06-221-1/+1
| | | | | | | puts br2684ctl init after ADSL init instead of before, so that the ESI is set at the right time, and for consistency with the PTM driver. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* package/lantiq: make lantiq kernel modules work with xway_legacyJohn Crispin2016-06-131-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* package/*: update git urls for project reposJohn Crispin2016-06-132-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: improve failure reportingJo-Philipp Wich2016-06-112-7/+7
| | | | | | Report the translated error to the user if a get/set netlink operation failed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-077-7/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2016-06-061-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* lantiq: fix segfault inside ltq-adsl-appDaniel Gimpelevich2016-05-271-0/+65
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* global: change my email addressJohn Crispin2016-05-121-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: Remove hardcoded DHCP release optionHans Dedecker2016-05-111-1/+1
| | | | | | | Remove the udhcpc -R release option as sending a DHCP release is configurable via the uci option release. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 07:32:38 +0000