Commit Graph

340 Commits

Author SHA1 Message Date
Jo-Philipp Wich
ecc95dcba8 firewall: update to git head (#13652)
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
  - uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones

SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3 firewall3: fix accidentally changed install directive
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88 firewall: fix git source url
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09 Drop legacy firewall package
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257 firewall3: update to git head (#13641)
* Fixes wrong chain used for zone forward policy

SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e firewall3: update to git head
- Fixes problems with reusing matches or targets from loadable extensions

SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Felix Fietkau
8c69057980 uhttpd: update to latest version, fixes CGI related crashes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36817
2013-06-01 21:43:06 +00:00
Steven Barth
089d6612ce 6relayd: Work around Windows DHCPv6 quirks Announcing deprecated addresses breaks Windows clients
SVN-Revision: 36815
2013-06-01 17:51:02 +00:00
Steven Barth
7ae506c7d4 odhcp6c: work around spurious false-positive address DECLINEs
SVN-Revision: 36809
2013-05-31 13:49:17 +00:00
Jo-Philipp Wich
3bb397c997 firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
bf582fbb7b odhcp6c: fix handling of multiple RAs in a row
SVN-Revision: 36804
2013-05-31 10:02:39 +00:00
Steven Barth
cdc3caf533 6relayd: Better compatibility with misbheaving DHCPv6 clients * Make the "best" address / prefix the first one being announced * Only add the "best" address to the hosts-file
SVN-Revision: 36772
2013-05-30 15:42:30 +00:00
Steven Barth
519f27cd33 netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Felix Fietkau
02fe12c00d uhttpd: update again to fix a ubus plugin crash bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36770
2013-05-30 13:16:38 +00:00
Felix Fietkau
eeb7fdc13e uhttpd: update to latest version, fixes script timeout for ubus requests
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36767
2013-05-30 10:44:20 +00:00
Steven Barth
dc6625f977 6relayd: more verbosity in leases and logging
SVN-Revision: 36764
2013-05-30 07:56:55 +00:00
Steven Barth
56a3396bf2 iptables: bump to 1.4.19.1
SVN-Revision: 36760
2013-05-29 14:58:04 +00:00
Steven Barth
439fdd4d65 netifd: fix IPv6-addresses disappearing due to lifetime-overflows
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Steven Barth
23b3cebd56 odhcp6c: fix or debug disappearing IPv6 addresses
SVN-Revision: 36745
2013-05-28 16:28:14 +00:00
Felix Fietkau
e6250644be mac80211: add support for "active" monitor interfaces which allow userspace tools to connect to APs via injection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36743
2013-05-28 11:10:41 +00:00
Steven Barth
61c0c6ab68 6relayd: RFC 6204 and naming improvements * Announce delegated prefixes using route info according to RFC 6204 L-3 * Enable hybrid stateless + stateful DHCPv6-mode as default
SVN-Revision: 36738
2013-05-27 20:38:13 +00:00
Jo-Philipp Wich
63603ee478 firewall3: update to git head
- allows building without IPv6 support
	- uses more robust rules to cope with missing libext.a
	- uses better linking strategy to avoid symbol clashes with older iptables
	- introduces source compatiblity layer for different libxtables versions

SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1 firewall3: update to git head
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
  - automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
  - properly support output rules with dest '*' to hook directly into delegate_output
  - fixes crash when processing rules with unresolved targets

SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Steven Barth
f63064a257 6relayd: Fix DHCPv6-server picking up addresses from master interface
SVN-Revision: 36718
2013-05-26 10:06:02 +00:00
Jo-Philipp Wich
90887b5fb3 firewall3: update to git head
- fixes linking issues with some toolchains

SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Steven Barth
d8d7d7f4aa 6relayd: fix a lease-timing issue with stateful DHCPv6
SVN-Revision: 36702
2013-05-24 12:31:30 +00:00
Jo-Philipp Wich
c1ff8cd9bb firewall3: update to git head
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
  - Do not leak memory when processing rules with unknown targets or matches

SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Felix Fietkau
75bb3138aa uhttpd: update to latest version, fixes #13564, #13560, improves error handling as pointed out in #13537
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36696
2013-05-23 10:50:42 +00:00
Steven Barth
32c6ffb5a1 firewall3: Remove abandonend include
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259 firewall3: update to git head
- fix build on Linux < 3.7
  - limit zone names to 14 bytes

SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Steven Barth
9c3ac668e0 6relayd: Let OpenWrt override default CFLAGS
SVN-Revision: 36690
2013-05-22 11:58:54 +00:00
Jo-Philipp Wich
c12189b379 firewall3: update to git head
- fixes reload when firewall is not running already
  - fixes crash when ipsets are supported but undeclared
  - fixes handling of per zone user chains on reload

SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Steven Barth
9d115df749 6relayd: Fix a segfault when multiple downstream interfaces are present
SVN-Revision: 36687
2013-05-21 18:05:37 +00:00
Jo-Philipp Wich
dd83e87ab0 firewall3: update to git head
- fixes segfault in flush command if ipset support is not available
  - fixes internal rule generation if custom chains are enabled

SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
6eec8009ba ipset: remove dependency on iptables-mod-ipset - technically it does not depend on it and the iptables matches are now part of the base
SVN-Revision: 36685
2013-05-21 13:00:28 +00:00
Jo-Philipp Wich
9b6c31d4cc firewall3: move libext*.a copying to compile phase
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
8df6cd005c netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset
SVN-Revision: 36683
2013-05-21 12:58:15 +00:00
Jo-Philipp Wich
e8050c6c35 firewall3: update to git head
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
 * make ipset integration more reliable

SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Jo-Philipp Wich
a9a9644efd iptables: use -ffunction-sections, -fdata-sections and --gc-sections
SVN-Revision: 36680
2013-05-21 10:15:10 +00:00
Steven Barth
24c39ddcf7 odhcp6c: Various fixes * Honour T1 and T2 values from servers better * Correctly send Reconfigure-Accept option in requests
SVN-Revision: 36678
2013-05-21 09:13:48 +00:00
Steven Barth
37baf2d6b2 6relayd: Various DHCPv6-fixes * Be more standards-compliant in stateful mode * Handle hostnames from Windows-clients correctly * Handle messages from DHCPv6-relays better
SVN-Revision: 36677
2013-05-21 09:13:40 +00:00
Steven Barth
c6f70381c9 odhcp6c: Fix address / prefix expiry logic
SVN-Revision: 36675
2013-05-20 14:54:20 +00:00
Steven Barth
dd161ae62b dnsmasq: add directory for external hosts-files
SVN-Revision: 36655
2013-05-17 14:44:12 +00:00
Steven Barth
334c40da14 6relayd: Add stateful DHCPv6-support (IA_NA) * Add management_level option (0: set O-flag, >=1: set M-flag) * Add support for static DHCPv6-leases * Various fixes for DHCPv6-PD
SVN-Revision: 36654
2013-05-17 14:44:07 +00:00
Steven Barth
0f1be4425f netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.

SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Felix Fietkau
7365e647f6 uhttpd: update to latest version, fixes index page processing order
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36644
2013-05-16 11:38:19 +00:00
Luka Perkov
4fc8e64a40 iproute2: workaround compile issues with gcc 4.8.x
SVN-Revision: 36642
2013-05-16 00:04:48 +00:00
Steven Barth
a62ca72309 odhcp6c: Fix handling of RAs when no DHCPv6-server is present
SVN-Revision: 36641
2013-05-15 11:07:01 +00:00
Luka Perkov
580481cd6d iproute2: upgrade to 3.9.0
SVN-Revision: 36638
2013-05-14 23:49:34 +00:00