aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-09-047-11/+0
| | | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit e545fac8d968864a965edb9e50c6f90940b0a6c9)
* ethtool: bump to 5.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 379c096 Release version 5.2. 2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes 67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019 687152b ethtool.spec: Use standard file location macros Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 018395392c2608698201042bbaa180b82eb7120f)
* firewall: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | de94097 utils: coverity resource leak warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit efb7b7a12af55758458cdb945a0833af411289f7)
* ipset: update to 7.3DENG Qingfang2019-09-041-3/+3
| | | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit edd9b39fab46a7231b8662697ba8c10de42d5a66)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 899f168 system-linux: Coverity fixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 11617bcb3be6778d5427723a09922aae50956a8c)
* curl: update to 7.65.3Hans Dedecker2019-09-041-2/+2
| | | | | | | For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit fc2df4f7050adae3ca6284a499fa914e07cba70b)
* openvpn: add new list option tls_ciphersuitesMartin Schiller2019-09-041-1/+2
| | | | | | | | To configure the list of allowable TLS 1.3 ciphersuites, the option tls_ciphersuites is used instead of tls_ciphers. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 261df949faad6dda43454868628f79265e9cc5e7)
* iperf3: update to 3.7DENG Qingfang2019-09-041-2/+2
| | | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 42b3a3a89b6d60e10c6c266d29ebc779b7fee718)
* comgt: add delay option for 3g protoFlorian Eckert2019-09-041-0/+4
| | | | | | | | All protos for wwan (ncm,qmi,mbim) do have a delay option. To standardize that add also the missing delay option to the 3g proto. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 313444a79e9d1ced42223a9c92cb677b6e6e286e)
* uqmi: fix indentation style and boundaryFlorian Eckert2019-09-041-5/+9
| | | | | | | Fix indentation style and boundary. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit c06f2a2dcb2350d00cc6bd8300ec3861353d96ae)
* uqmi: add mtu config option possibilityFlorian Eckert2019-09-041-2/+8
| | | | | | | | | There are mobile carrier who have different MTU size in their network. With this change it is now possible to configure this with the qmi proto handler. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 8eb63cb7df4db3c92a9a010accc9b8444d06d4a2)
* wireguard: bump to 0.0.20190702Jason A. Donenfeld2019-09-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * curve25519: not all linkers support bmi2 and adx This should allow WireGuard to build on older toolchains. * global: switch to coarse ktime Our prior use of fast ktime before meant that sometimes, depending on how broken the motherboard was, we'd wind up calling into the HPET slow path. Here we move to coarse ktime which is always super speedy. In the process we had to fix the resolution of the clock, as well as introduce a new interface for it, landing in 5.3. Older kernels fall back to a fast-enough mechanism based on jiffies. https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/ https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/ * netlink: cast struct over cb->args for type safety This follow recent upstream changes such as: https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/ * peer: use LIST_HEAD macro Style nit. * receive: queue dead packets to napi queue instead of empty rx_queue This mitigates a WARN_ON being triggered by the workqueue code. It was quite hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind enough to mail me. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 7c23f741e97f6645bb5cd662a4943796a344b26a)
* rssileds: change rssileds.init STOP indexJoseph Tingiris2019-09-042-2/+2
| | | | | | | | | | This patch is in a series to allow additional STOP indexes after umount, so that other block devices may stop cleanly. rssileds.init is now STOP=89 Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com> (cherry picked from commit 8a5a01a67769f3822e365342d706b3cb57ef97f3)
* package/network: add PKGARCH:=all to non-binary packagesDeng Qingfang2019-09-045-0/+5
| | | | | | | Packages such as xfrm contain only script files, add PKGARCH:=all Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 6762e72524075c37928ad4ae9a979257759b2703)
* hostapd: remove stale WPA_SUPPLICANT_NO_TIMESTAMP_CHECK optionChristian Lamparter2019-09-042-26/+0
| | | | | | | | | | | Support to disable the timestamp check for certificates in wpa_supplicant (Useful for devices without RTC that cannot reliably get the real date/time) has been accepted in the upstream hostapd. It's implemented in wpa_supplicant as a per-AP flag tls_disable_time_checks=[0|1]. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 99bf9a1ac2b754e708ec845059689b293d1abab0)
* netifd: xfrm fixesHans Dedecker2019-09-041-3/+3
| | | | | | | 9932ed0 netifd: fix xfrm interface deletion and standardize netlink call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1fd900ddc2d10cde8e86d8059bfd112f3d0aae65)
* network/config/xfrm: add host-dependency for xfrm interface parentAndré Valentin2019-09-042-8/+12
| | | | | | | | Add proto_add_host_dependency to add a dependency to the tunlink interface Signed-off-by: André Valentin <avalentin@marcant.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit f6dab9804413139c3bd2647a81652d04baa1e59d)
* netifd: update to latest git HEADHans Dedecker2019-09-041-4/+4
| | | | | | | | 42a3878 interface-ip: fix possible null pointer dereference c1964d8 system-linux: remove superfluous dev check Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 55fcc77072c9ca0baee8e79c00d2342be26fce47)
* odhcpd: various fixesHans Dedecker2019-09-031-3/+3
| | | | | | | 8f1347b odhcpd: router: Fix out of scope memory access d37736e dhcpv6-ia: free assignment when validity timer expires Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: add libcap support, enabled in ip-fullAlin Nastac2019-08-302-9/+22
| | | | | | | | | | Preserve optionality of libcap by having configuration script follow the HAVE_CAP environment variable, used similarly to the HAVE_ELF variable. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches] (backported from commit a6da3f9ef746101b84a6f530f5a40de28341b69a) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-08-281-3/+3
| | | | | | | | | a9f9557 nl80211: support reading hardware id from phy directly c586cd3 iwinfo: add device id for MediaTek MT7612E d4382dd iwinfo: add device id for Atheros AR9390 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit b13f3300d5a370305d6ecbd71620a4c1c40a166e)
* odhcpd: remove socket from uloop upon NETEV_IFINDEX_CHANGEHans Dedecker2019-08-191-3/+3
| | | | | | 949476e router: close socket upon NETEV_IFINDEX_CHANGE fixed Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-08-181-3/+3
| | | | | | | 6b03f96 ubus: increase maximum ubus request size to 64KB Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d1f207ecc9f045e091d7008d86f0449bcf0b35bc)
* uhttpd: add direct dependency on libjson-cJo-Philipp Wich2019-08-181-1/+1
| | | | | | | | | | | | The OpenWrt buildroot ABI version rebuild tracker does not handle transient dependencies, therefor add all libraries linked by uhttpd as direct dependencies to the corresponding binary package definition. This ensures that uhttpd is automatically rebuilt and relinked if any of these libraries has its ABI_VERSION updated in the future. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit a95ddaba0272f254a3aeade3aa0c086e1625d672)
* uhttpd: Fix format string build problemsHauke Mehrtens2019-08-181-3/+3
| | | | | | | | | 91fcac34ac uhttpd: Fix multiple format string problems Fixes: fc454ca15305 libubox: update to latest git HEAD Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3c401f45c988aa6333a03efea1b1ac0318a8c11d)
* odhcpd: fix closing of router socketHans Dedecker2019-08-171-3/+3
| | | | | | c2d6032 router: fix previous commit Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: fix sending RA when link state brings bridge downHans Dedecker2019-08-161-3/+3
| | | | | | 13928b3 router: close socket upon NETEV_IFINDEX_CHANGE Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: fix lingering uloop socket descriptorHans Dedecker2019-08-101-3/+3
| | | | | | e9e8240 router: fix lingering uloop socket descriptor Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: fix handling of list optionsMatt Merhar2019-07-172-3/+4
| | | | | | | | | | | | | | | This addresses an issue where the list option specified in /etc/config/openvpn i.e. 'tls_cipher' would instead show up in the generated openvpn-<name>.conf as 'ncp-ciphers'. For context, 'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from openvpn.options. Also, the ordering of the options in the UCI config file is now preserved when generating the OpenVPN config. The two currently supported list options deal with cipher preferences. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com> (cherry picked from commit 1d4c4cbd20580dd211431ab58460a6eebd5e021e)
* iptables: update to 1.8.3Deng Qingfang2019-07-178-170/+28
| | | | | | | | | | | | | | | | | | | | | | Update iptables to 1.8.3 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt Removed upstream patches: - 001-extensions_format-security_fixes_in_libip.patch - 002-include_fix_build_with_kernel_headers_before_4_2.patch - 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch Altered patches: - 200-configurable_builtin.patch - 600-shared-libext.patch No notable size changes Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix] (cherry picked from commit 299f6cb2da0a443484339aaa51b3d9edcc21ce4e)
* uqmi: bump to latest git HEADKoen Vandeputte2019-06-271-4/+4
| | | | | | | | 1965c7139374 uqmi: add explicit check for message type when expecting a response 01944dd7089b uqmi_add_command: fixed command argument assignment Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
* iproute2: update ctinfo supportKevin Darbyshire-Bryant2019-06-201-10/+5
| | | | | | | | | Follow upstream changes - header file changes only no functional or executable changes, hence no package bump required Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit a8f0c02f80fa0c7c55702770b3ca99f6db5405e7)
* iwinfo: update PKG_MIRROR_HASHChristian Lamparter2019-06-151-1/+1
| | | | | | | This patch updates the PKG_MIRROR_HASH to match the one of the current version. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* iwinfo: update to latest git HEADKoen Vandeputte2019-06-121-2/+2
| | | | | | 1372f47eff34 iwinfo: Add Mikrotik R11e-5HnDr2 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: move feature detection inside a shell funcYousong Zhou2019-06-112-7/+10
| | | | | | | Resolves openwrt/packages#9219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 04b45d3a31fac45c472ad3c31d98268d1c309763)
* config: add xfrm interface support scriptsAndré Valentin2019-06-102-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | This package adds scripts for xfrm interfaces support. Example configuration via /etc/config/network: config interface 'xfrm0' option proto 'xfrm' option mtu '1300' option zone 'VPN' option tunlink 'wan' option ifid 30 config interface 'xfrm0_static' option proto 'static' option ifname '@xfrm0' option ip6addr 'fe80::1/64' option ipaddr '10.0.0.1/30' Now set in strongswan IPsec policy: if_id_in = 30 if_id_out = 30 Signed-off-by: André Valentin <avalentin@marcant.net>
* curl: update to 7.65.1Hans Dedecker2019-06-101-2/+2
| | | | | | For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: skip options that are not compiled inYousong Zhou2019-06-092-3/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to make life easier for users with customized build of dnsmasq-full variant. Currently dnsmasq config generated by current service script will be rejected by dnsmasq build lacking DHCP feature - Options like --dhcp-leasefile have default values. Deleting them from uci config or setting them to empty value will make them take on default value in the end - Options like --dhcp-broadcast are output unconditionally Tackle this by - Check availablility of features from output of "dnsmasq --version" - Make a list of options guarded by HAVE_xx macros in src/options.c of dnsmasq source code - Ignore these options in xappend() Two things to note in this implementation - The option list is not exhaustive. Supposedly only those options that may cause dnsmasq to reject with "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken into account here - This provides a way out but users' cooperation is still needed. E.g. option dnssec needs to be turned off, otherwise the service script will try to add --conf-file pointing to dnssec specific anchor file which dnsmasq lacking dnssec support will reject Resolves FS#2281 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: xfrm tunnel supportHans Dedecker2019-06-081-3/+3
| | | | | | 8c6358b netifd: add xfrm tunnel interface support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: add tc action ctinfo supportKevin Darbyshire-Bryant2019-06-072-1/+595
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the userspace control portion of the backported kernelspace act_ctinfo. ctinfo is a tc action restoring data stored in conntrack marks to various fields. At present it has two independent modes of operation, restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack marks into packet skb marks. It understands a number of parameters specific to this action in additional to the usual action syntax. Each operating mode is independent of the other so all options are optional, however not specifying at least one mode is a bit pointless. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] DSCP mode dscp enables copying of a DSCP stored in the conntrack mark into the ipv4/v6 diffserv field. The mask is a 32bit field and specifies where in the conntrack mark the DSCP value is located. It must be 6 contiguous bits long. eg. 0xfc000000 would restore the DSCP from the upper 6 bits of the conntrack mark. The DSCP copying may be optionally controlled by a statemask. The statemask is a 32bit field, usually with a single bit set and must not overlap the dscp mask. The DSCP restore operation will only take place if the corresponding bit/s in conntrack mark ANDed with the statemask yield a non zero result. eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this example. CPMARK mode cpmark enables copying of the conntrack mark to the packet skb mark. In this mode it is completely equivalent to the existing act_connmark action. Additional functionality is provided by the optional mask parameter, whereby the stored conntrack mark is logically ANDed with the cpmark mask before being stored into skb mark. This allows shared usage of the conntrack mark between applications. eg. cpmark 0x00ffffff would restore only the lower 24 bits of the conntrack mark, thus may be useful in the event that the upper 8 bits are used by the DSCP function. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] where : dscp MASK is the bitmask to restore DSCP STATEMASK is the bitmask to determine conditional restoring cpmark MASK mask applied to restored packet mark ZONE is the conntrack zone CONTROL := reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* layerscape: update restool to LSDK 19.03Yangbo Lu2019-06-061-3/+3
| | | | | | Update restool to LSDK 19.03. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* wireguard: bump to 0.0.20190601Jason A. Donenfeld2019-06-011-2/+2
| | | | | | | | | | | | | | There was an issue with the backport compat layer in yesterday's snapshot, causing issues on certain (mostly Atom) Intel chips on kernels older than 4.2, due to the use of xgetbv without checking cpu flags for xsave support. This manifested itself simply at module load time. Indeed it's somewhat tricky to support 33 different kernel versions (3.10+), plus weird distro frankenkernels. If OpenWRT doesn't support < 4.2, you probably don't need to apply this. But it also can't hurt, and probably best to stay updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20190531Jason A. Donenfeld2019-05-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools: add wincompat layer to wg(8) Consistent with a lot of the Windows work we've been doing this last cycle, wg(8) now supports the WireGuard for Windows app by talking through a named pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw. Because programming things for Windows is pretty ugly, we've done this via a separate standalone wincompat layer, so that we don't pollute our pretty *nix utility. * compat: udp_tunnel: force cast sk_data_ready This is a hack to work around broken Android kernel wrapper scripts. * wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel FreeBSD had a number of kernel race conditions, some of which we can vaguely work around. These are in the process of being fixed upstream, but probably people won't update for a while. * wg-quick: make darwin and freebsd path search strict like linux Correctness. * socket: set ignore_df=1 on xmit This was intended from early on but didn't work on IPv6 without the ignore_df flag. It allows sending fragments over IPv6. * qemu: use newer iproute2 and kernel * qemu: build iproute2 with libmnl support * qemu: do not check for alignment with ubsan The QEMU build system has been improved to compile newer versions. Linking against libmnl gives us better error messages. As well, enabling the alignment check on x86 UBSAN isn't realistic. * wg-quick: look up existing routes properly * wg-quick: specify protocol to ip(8), because of inconsistencies The route inclusion check was wrong prior, and Linux 5.1 made it break entirely. This makes a better invocation of `ip route show match`. * netlink: use new strict length types in policy for 5.2 * kbuild: account for recent upstream changes * zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2 The usual churn of changes required for the upcoming 5.2. * timers: add jitter on ack failure reinitiation Correctness tweak in the timer system. * blake2s,chacha: latency tweak * blake2s: shorten ssse3 loop In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. As well, the blake2s AVX implementation is now SSSE3 and considerably shorter. * tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES System integrators can now specify things like WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init scripts and services, or 0, or any other integer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ppp: add config options to tune discovery timeout and attemptsHans Dedecker2019-05-312-1/+8
| | | | | | | | | | | Upstream PPP project has added in commit 8e77984 options to tune discovery timeout and attempts in the rp-pppoe plugin. Expose these options in the uci datamodel for pppoe: padi_attempts: Number of discovery attempts padi_timeout: Initial timeout for discovery packets in seconds Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: update to version 2.4.7.git-2019-05-25Hans Dedecker2019-05-311-3/+3
| | | | | | 8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: introduce 'nohostroute' optionFabian Bläse2019-05-312-5/+11
| | | | | | | | | | | It is not always necessary to add a host route for the gre peer address. This introduces a new config option 'nohostroute' (similar to the option introduced for wireguard in d8e2e19) to allow to disable the creation of those routes explicitely. Signed-off-by: Fabian Bläse <fabian@blaese.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* netifd: fix missing ip rules after network reload (FS#2296)Hans Dedecker2019-05-281-3/+3
| | | | | | beb810d iprule: fix missing ip rules after a reload (FS#2296) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: bump to 7.65.0Hans Dedecker2019-05-261-2/+2
| | | | | | For changes in 7.65.0; see https://curl.haxx.se/changes.html#7_65_0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: don't set default firewall zone to wanHans Dedecker2019-05-262-23/+27
| | | | | | | | | | Don't set the default firewall zone to wan if not specified to keep the behavior aligned with other tunnel protocols like gre and 6rd. If the interface zone is not specified try to get it from the firewall config when constructing the procd firewall rule. While at it only add procd inbound/outbound firewall rules if a zone is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 464xlat: don't set default firewall zone to wanHans Dedecker2019-05-262-13/+17
| | | | | | | | | | Don't set the default firewall zone to wan if not specified to keep the behavior aligned with other tunnel protocols like gre and 6rd. If the interface zone is not specified try to get it from the firewall config when constructing the procd firewall rule. While at it only add a procd inbound firewall rule if a zone is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>