Commit Graph

121 Commits (9a38a3a105a83b932255da6212221961a0416fdf)

Author SHA1 Message Date
Jo-Philipp Wich 380cbeb729 firewall: update to git head
- handles redirects as port relocations if the dest_ip points to the router itself

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37374 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-16 14:04:59 +00:00
Steven Barth 3b7e47ae52 netifd: Fix IPv6-prefix assignment with continuous hints
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37371 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-16 12:07:11 +00:00
Luka Perkov 23ff0696be netifd: update to latest version, add bridge_empty option
with this option enabled it's possible to create empty bridges

Signed-off-by: Luka Perkov <luka@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37318 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-14 18:50:04 +00:00
John Crispin a741a5ff14 swconfig: fix dependency bug introduced by [37304]
Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37316 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-14 18:16:42 +00:00
Hauke Mehrtens 4cd2167005 brcm47xx: use b53 phy driver for the switch in kernel 3.10
This makes it possible to use swconfig to controll the switch.

This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37304 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-14 14:11:17 +00:00
Felix Fietkau 9441aef40a firewall: add missing dependencies
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37224 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-10 11:33:48 +00:00
John Crispin 995a33804f lantiq: move dsl tools to package/network/config
Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37198 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich fb5527b8db firewall: allow routed lan<->lan traffic by default
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37171 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich 24632d6be8 firewall: update to git head
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37082 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-29 13:28:27 +00:00
Steven Barth bf72314fcb netifd: fix typo in dhcp script
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37051 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-28 04:19:21 +00:00
Felix Fietkau 3ce3b38c70 netifd: update to latest version, fixes a NULL pointer deref bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36965 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich 85f4e54cbe firewall: update to git head
- fixes misprocessing of unknown symbolic protocol names

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36963 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich b403f780e9 firewall: update to git head
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36960 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-18 14:14:35 +00:00
Steven Barth 28aeb64578 netifd: IPv6: Fix sorting order in last commit.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36952 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-17 21:29:14 +00:00
Steven Barth 89fe8241e4 netifd: Satisfy IPv6 assignments ordered by prefix length
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36950 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich 8cbd945e7c firewall: update to git head
- properly process intermediate "!" options in argument list (fixes negated ipsets)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36935 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich fdcddce043 firewall: update to git head
- fixes handling of reject target for rule sections with specific destination zone

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36933 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-13 12:49:00 +00:00
Felix Fietkau 81450bd00d netifd: update to latest version, uses the new uci/blob code from libuci
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36909 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-10 12:42:30 +00:00
Steven Barth 5bab66f331 netifd: improve reloading behaviour
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36903 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-10 10:42:15 +00:00
Steven Barth f70a350203 netifd: Improve IPv6 source-routing policies
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36884 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-08 13:26:33 +00:00
Jonas Gorski 3d9c1a0ebc netifd: bring wifi down before shutting down
works around wifiX references not being freed on network restart.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich f77f1322b8 firewall: udpate to git head (#13652, #13654, #13658)
- optimizes chain usage for ingress rules
  - adds limit match support for redirect rules
  - fixes automatic redirect dest detection on little endian systems
  - leaves base chains in place on reload to allow user rules to target e.g. "reject"

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36871 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich 36e8f9b769 firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36868 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich ab659cd65b firewall: update to git head (#13652)
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
  - uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich 3e804240df firewall3: fix accidentally changed install directive
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36840 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich ea4472d138 firewall: fix git source url
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36839 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich 0f0fb56719 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36838 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich 484c42a934 Drop legacy firewall package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36837 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich 2c61fc7f42 firewall3: update to git head (#13641)
* Fixes wrong chain used for zone forward policy

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36830 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich d3cb5e8ecb firewall3: update to git head
- Fixes problems with reusing matches or targets from loadable extensions

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36826 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich 13abaf7561 firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36806 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-31 13:23:23 +00:00
Steven Barth 2837eb86ef netifd: updated IPv6 prefix delegation
* Added support for prefix classes
* Various bugfixes

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36771 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-30 15:42:25 +00:00
Steven Barth c802b55757 netifd: fix IPv6-addresses disappearing due to lifetime-overflows
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36748 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich e461a87b6f firewall3: update to git head
- allows building without IPv6 support
	- uses more robust rules to cope with missing libext.a
	- uses better linking strategy to avoid symbol clashes with older iptables
	- introduces source compatiblity layer for different libxtables versions

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36736 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich bebdc6222a firewall3: update to git head
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
  - automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
  - properly support output rules with dest '*' to hook directly into delegate_output
  - fixes crash when processing rules with unresolved targets

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich 7a2cfe6c7b firewall3: update to git head
- fixes linking issues with some toolchains

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36703 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich ab98ef05fc firewall3: update to git head
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
  - Do not leak memory when processing rules with unknown targets or matches

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36698 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-23 13:07:44 +00:00
Steven Barth cee5ff18de firewall3: Remove abandonend include
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36692 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich d164d12b83 firewall3: update to git head
- fix build on Linux < 3.7
  - limit zone names to 14 bytes

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36691 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich 2d37cb839e firewall3: update to git head
- fixes reload when firewall is not running already
  - fixes crash when ipsets are supported but undeclared
  - fixes handling of per zone user chains on reload

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36689 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich d3c5b49487 firewall3: update to git head
- fixes segfault in flush command if ipset support is not available
  - fixes internal rule generation if custom chains are enabled

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36686 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich 557bb37cc1 firewall3: move libext*.a copying to compile phase
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36684 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich 3538668acf firewall3: update to git head
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
 * make ipset integration more reliable

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36681 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-21 10:15:14 +00:00
Steven Barth 456cbe5af8 netifd: Unify interface-based routing for IPv4 and IPv6
* Add interface option to set routing table for protocol routes
* Enabled for IPv6 for source-based filtering, disabled for IPv4

Based on a patch by Kristian Evensen. Thank You.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36653 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-17 14:44:02 +00:00
Steven Barth 18473a01f8 netifd: Various IPv6 improvements
* Add support for IP-in-IPv6 tunnels (DS-Lite)
* Use source-based routing for IPv6 to allow multi-wan
* Various smaller tunnel setup improvements

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36627 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:34 +00:00
Steven Barth 683810fbff netifd: added support for setting up 6rd from DHCP
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36626 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:30 +00:00
Steven Barth 761238ce0a firewall3: Remove obsoleted ULA-border
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36624 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:20 +00:00
Steven Barth b20c42e9d1 firewall3: add wan6 interface to wan-zone by default
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36623 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:15 +00:00
Steven Barth ac82d7ad0a firewall: Remove obsoleted ULA-border rule
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36622 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich 339f78f6e9 firewall3: update to git head
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
	- add support for fwmark matches and mark setting targets

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-02 13:42:20 +00:00