Drop wireless-adhoc port

This was only useful for B.A.T.M.A.N. and could not be
attached to a bridge zone which leaves it useless for us.

The backend functionality is kept to potentially implement
this as a zone again.

Fixes #11460

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove B.A.T.M.A.N.

We do not seem to have an obvious application for this
and since 802.11s is wider supported we will support
that for wireless mesh networks instead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bridge: Correctly apply STP priority

Fixes #10609

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Rename make_parent_dir to make_parent_directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dhclient-script: IP addresses could change on REBIND

When the client binds to a new DHCP server, the IP address
could change and therefore we need to check if that has
happened and update everything accordingly.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dhclient-script: No need to set up the device again

To get the lease, the device must have been up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Use nl80211 instead of wext to communicate with the kernel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Fix typo in variable name

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Move configuration to /etc/wpa_supplicant

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Drop config helper

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

802.11s: Write WPA supplicant configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Support 802.11s

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove obsolete comment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

802.11s: Allow setting a PSK for SAE authentication

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Rename zone variable to device

Since we are using this for ports now, too, the variable
should have a generic name and the zone check must be removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove zone_dir and zone_file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Dropping port_dir()

This function is always returning constant values but
needs to fork a subshell for that which has some performance
impact.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

device_get_all: Drop function

This is basically device_list which is used everywhere else
in the code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Introduce list_directory

This function lists all files in a directory which
is a functionality that we use very very often.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hooks_list: Remove duplicate function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-pools: reload pools after destroying pools

Fixes: #11433
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-pool: delete on destroy also the swanctl configuration file

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network reset: destroy all IPsec pools

Fixes: #11432
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop bridge-stp script

This is not doing anything useful for us any more and the kernel
is always logging "failed to start userspace STP" which is true,
but it is not meant to start.

So to avoid any confusion, we will just drop this script.

Fixes: #11464
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-connection: add description feature

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-connection: add color support

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: accept also psk and use pre-shared-key instead of psk

Fixes: #11454
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: move pool function in a seperated file

Fixes: #11447
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network fix parameter passing when using ""

When we use "" on the command line to pass a value with spaces
the argument was broken when passing it to the next function.
Now the argument is kept as one string with spaces

Fixes: #11438
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vpn-security-policies: fix +/- syntax handling for group type and integrity

Fixes: #11445
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Validate channels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Always destroy zones immediately

The delayed destroyal does not make much sense when this is not
implemented for ports, etc.

Fixes #11434

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Print a useful message when bringing up a port that has not been created, yet

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add port hook for wireless mesh devices after 802.11s

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Allow creating mesh points

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Allow setting the channel when creating a device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Make a generic hook_new function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Bump version to 009

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: Don't destroy if it could not be shut down

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Drop unused and complicated info function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop port_get_parents function

This does not do anything useful

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Improve function that returns the children

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove some unnecessary assertions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: Allow destroying ports that are detached

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Cannot delete a port that does not exist

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Allow using no encryption

Fixes #11461

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Remove stuff that does not belong to certain connection types

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: fix check if a pool is valid

We want to append the pool if the pool exist and if the pool is valid.
Not when the pool is invalid and not exists.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: add type

We now specific at creation time if a connection is net-to-net or host-to-net.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: remove whitespace

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: log debug message when generating an ipsec config

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: make it possible to use ipsec pools for ipsec connections

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: refactor ipsec pool

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

wireless: Show signal quality in percent

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Show signal quality in percent

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Show channel number as well as frequency

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: add pool feature

These functions add the possibility to maintain ipsec pools.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Improve loading of kernel modules

This does not need to call grep any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bonding: Cleanup loading of kernel module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

batman-adv: Use new function to remove device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

batman-adv: Make sure kernel module is loaded

The kernel module must be loaded when creating a new device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Use "ip link set X master" where ever we can

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bridge: Show any errors when connecting a device to a bridge

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bonding: Use port_restart to restart a port

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless-ap: Improve command line parsing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

DHCP: Fix options parsing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bonding: Major rewrite of the hook

The bonding code now uses ip instead of writing to /sys
and the hook has been cleaned up, improved, tested and
received minor fixes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dummy: Cleanup hook

No functional changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vlan: Create devices when they don't exist, yet

The hotplug triggers will take care of attaching the
device to the zone it should belong to.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Revert "Never overwrite PATH"

This reverts commit 42249a1489fab6c1baae91e23fd8a91302570b48.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

util: Drop cmd_clean_environment function

cmd is now doing this by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

util: Fix cmd function and never leak anything into the environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Save START_ACTION parameter

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: log a debug message when deleting a strongswan config

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: fix enable and disable

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Only set traffic selector marks in VTI mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Make sure not to reload strongswan if it is not running

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

settings: Use file_delete to delete a file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Properly shut down connections when destroyed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Make sure strongswan is started when it should be

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reset: Destroy all user-defined security policies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reset: Destroy all IPsec VPN connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

settings: Don't log skipped configuration lines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Add our configuration header to each configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Fix typo in variable check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Enable strongswan to start at boot when needed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Always make sure that n2n connections are unique

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: add status feature

We can now disable and enable IPsec connections.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: reload connection when the security policy changes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: reload connection when the config changes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Set routes to peered networks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: GRE: Use outer IP addresses for peering

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Use "ip link" instead of "ip tunnel"

ip tunnel seems to be in an awful condition and ip
link works just fine.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Let the updown script handle all events

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Rename fwrite to fappend

Because that is what the function is actually doing.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

security-policies: Delete cached content when policy is deleted

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

security-policies: Rename AH proposals to IKE proposals

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Revert "ipsec: Only allow strict use of security policies"

This reverts commit a48e4dd265d6256fdc3c5b2fc8e6b85ca4d40361.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

security-policies: Cache output of proposal generators

These functions are really really slow and the output stays
constants as long as the configuration is not being changed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>