]>
git.ipfire.org Git - people/stevee/network.git/log
Michael Tremer [Sun, 31 Mar 2019 18:08:00 +0000 (20:08 +0200)]
man: Make distcheck happy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 18:01:00 +0000 (20:01 +0200)]
man: Cleanup XML files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 15:53:20 +0000 (17:53 +0200)]
man: Convert network-zone-wireless(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 15:42:10 +0000 (17:42 +0200)]
man: Convert network-zone-pppoe(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 15:34:10 +0000 (17:34 +0200)]
man: Convert network-zone-modem(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 15:23:07 +0000 (17:23 +0200)]
man: Convert network-zone-ip-tunnel(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 15:15:50 +0000 (17:15 +0200)]
man: Convert network-zone-config-pppoe-server(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 14:59:10 +0000 (16:59 +0200)]
man: Convert network-zone-bridge(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 14:46:07 +0000 (16:46 +0200)]
man: Convert network-zone(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 14:30:26 +0000 (16:30 +0200)]
man: Convert network-vpn-security-policies(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 13:59:21 +0000 (15:59 +0200)]
man: Convert network-vpn(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 13:47:14 +0000 (15:47 +0200)]
man: Convert network-settings(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 13:34:19 +0000 (15:34 +0200)]
man: Convert network-route-static(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 13:10:49 +0000 (15:10 +0200)]
.gitignore: Ignore DS_Store
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 13:08:46 +0000 (15:08 +0200)]
man: Convert network-route(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:55:51 +0000 (22:55 +0200)]
man: Fix page headers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:54:02 +0000 (22:54 +0200)]
man: Drop old network-color(8) man page
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:53:20 +0000 (22:53 +0200)]
man: Use include for color commands
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:40:35 +0000 (22:40 +0200)]
man: Converting network-quick-start(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:27:40 +0000 (22:27 +0200)]
man: Convert network-port(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 20:04:08 +0000 (22:04 +0200)]
man: Convert network-performance-tuning(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 19:59:01 +0000 (21:59 +0200)]
man: Convert network-dns-server(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 19:46:49 +0000 (21:46 +0200)]
man: Convert network-dhcp(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 19:40:53 +0000 (21:40 +0200)]
man: Convert network-device(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 19:24:48 +0000 (21:24 +0200)]
man: Convert network-description(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 19:16:10 +0000 (21:16 +0200)]
man: Convert firewall-settings to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 22:47:19 +0000 (00:47 +0200)]
man: network-color: Add synopsis
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 22:36:02 +0000 (00:36 +0200)]
man: Drop test page
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 22:34:35 +0000 (00:34 +0200)]
man: Convert network-color(8) to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 22:25:12 +0000 (00:25 +0200)]
man: Convert network(8) from docbook to asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 22:22:59 +0000 (00:22 +0200)]
man: Add asciidoc configuration file
This adds a short command to link to other man pages
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 21:04:35 +0000 (23:04 +0200)]
man: Use asciidoc to generate HTML pages directly
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 20:42:36 +0000 (22:42 +0200)]
man: Add test page for asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 26 Sep 2018 20:14:27 +0000 (22:14 +0200)]
configure: Require asciidoc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 12:28:44 +0000 (14:28 +0200)]
bird: Make sure the daemon is always running
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 12:21:18 +0000 (14:21 +0200)]
.gitignore: Ignore vim's swp files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 12:20:40 +0000 (14:20 +0200)]
Drop code for radvd
This is now being replaced by bird.
Bird is running anyways and can do this job just as well.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 12:14:55 +0000 (14:14 +0200)]
bird: Write IPv6 router advertisement configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Mar 2019 11:10:30 +0000 (13:10 +0200)]
hostapd: Require MFP for SAE when it is enabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 18:03:24 +0000 (19:03 +0100)]
lock: Cleanup lock files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 17:56:04 +0000 (18:56 +0100)]
ip-tunnel: Enable support for 6in4 tunnels
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 17:51:13 +0000 (18:51 +0100)]
Drop old locking functions
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 17:14:07 +0000 (18:14 +0100)]
wireless-ap: Check that secret has the correct length and no invalid characters
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 16:05:58 +0000 (17:05 +0100)]
hooks: Add HOOK_UNIQUE which stops us from creating multiple instances
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 16:05:44 +0000 (17:05 +0100)]
dhcp: Fix syntax error in last commit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:57:31 +0000 (16:57 +0100)]
dhcp: Rename "enabled" from configuration parameters
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:54:04 +0000 (16:54 +0100)]
hook: Rename HOOK_CONFIG_SETTINGS to HOOK_SETTINGS
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:30:05 +0000 (16:30 +0100)]
hooks: Use cli_get_bool convenience function where ever possible
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:23:55 +0000 (16:23 +0100)]
wireless-ap: Enable 802.11w by default
This causes some problems on broken Intel systems, but I
guess it is better to prefer security than compatibility in the
default settings.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:22:45 +0000 (16:22 +0100)]
hostapd: Allow WPA2 authentication only with SHA256
This experimental change disables support for the legacy WPA2
authentication that does not support SHA256.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:19:24 +0000 (16:19 +0100)]
hotplug-rename: Drop unused variable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 15:12:53 +0000 (16:12 +0100)]
wireless-ap: Add support for WPA3 and rewrite WPA2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 14:02:34 +0000 (15:02 +0100)]
wireless-ap: Remove support for WPA
This is a deprecated protocol and not secure.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 13:58:12 +0000 (14:58 +0100)]
hotplug: Remove multiple copies of the same function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 13:14:56 +0000 (14:14 +0100)]
ports: Drop HOOK_SETTINGS variable
This does not need to be passed to the port_settings_* functions
any more which makes them more easy to use
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 13:04:35 +0000 (14:04 +0100)]
settings: Some code refactoring
No functional changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 12:49:08 +0000 (13:49 +0100)]
Convert HOOK_SETTINGS into an array
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 12:10:58 +0000 (13:10 +0100)]
hooks: Import zone default settings, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 12:03:59 +0000 (13:03 +0100)]
hooks: Automatically set defaults for all port hooks
Before, this was broken so that all configuration parameters
had to be passed all the time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 11:47:32 +0000 (12:47 +0100)]
hostapd: Enable WPA authentication with SHA256
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 10:27:50 +0000 (11:27 +0100)]
wireless-ap: Automatically enable all supported ciphers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Mar 2019 10:26:38 +0000 (11:26 +0100)]
hostapd: Dump config file in debug mode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 29 Mar 2019 17:47:47 +0000 (18:47 +0100)]
Move cli_device_status_phy() to functions.phy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 29 Mar 2019 17:46:25 +0000 (18:46 +0100)]
network: Show when a PHY supports ACS
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 11:27:38 +0000 (12:27 +0100)]
wireless-ap: Allow to enable/disable 802.11w Management Frame Protection
This is disabled by default, because loads of stations have issues
associating with an AP that has 802.11w enabled.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 11:08:08 +0000 (12:08 +0100)]
hostapd: Always qoute SSID
hostapd has a new parameter that always allows us to set
the SSID as a quoted UTF8 string
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 11:02:46 +0000 (12:02 +0100)]
hostapd: Kick stations that are too far away
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 11:02:25 +0000 (12:02 +0100)]
hostapd: Set default WMM settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 10:45:03 +0000 (11:45 +0100)]
hostapd: Always enable Transmit Power Control
Also advertise this to clients
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Mar 2019 10:40:32 +0000 (11:40 +0100)]
hostapd: Remove now useless comment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Mar 2019 21:14:43 +0000 (22:14 +0100)]
wireless-ap: Allow setting the wireless environment (indoor/outdoor)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Mar 2019 19:22:56 +0000 (20:22 +0100)]
wireless-ap: Enable ACS only for ath* devices
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 20:24:02 +0000 (21:24 +0100)]
hostapd: Apply channel bandwidth to configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 20:21:37 +0000 (21:21 +0100)]
wireless-ap: Forgot to add configuration variables to file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 19:50:44 +0000 (20:50 +0100)]
wireless-ap: Add CLI to set channel bandwidth
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 19:10:56 +0000 (20:10 +0100)]
hostapd: Disable DFS automatically when not supported by hardware
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 18:58:25 +0000 (19:58 +0100)]
wireless-ap: Allow to disable DFS in configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 18:46:06 +0000 (19:46 +0100)]
wireless-ap: Use automatic channel selection (ACS) by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 13 Feb 2019 17:45:05 +0000 (17:45 +0000)]
dns: Always enable EDNS0
This is for all DNS queries originating from the firewall.
Since we have had DNS Flag Day, we are expecting all DNS servers
to support this now. If not, then you are very unlucky.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Dec 2018 17:55:25 +0000 (17:55 +0000)]
bird: (Re-)generate configuration when network is initialised
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Dec 2018 17:47:57 +0000 (17:47 +0000)]
bird: Apply static routes instead of doing that manually with ip
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Dec 2018 17:10:47 +0000 (17:10 +0000)]
bird: Add some generic configuration file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 3 Dec 2018 12:38:13 +0000 (13:38 +0100)]
ip-tunnel: Set TTL to 255 by default
By default, the Linux kernel inherits the TTL of the transported
packet. Usually with BGP, the TTL is deliberately set to 1 or very
low numbers which causes the packet to be dropped after the first
hop.
Since the tunnel should be routed, we set this to a default value
of 255 and ignore the TTL of the encapsulated packet.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 23:02:27 +0000 (01:02 +0200)]
bonding; Validate any MAC address passed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 30 Sep 2018 22:07:37 +0000 (00:07 +0200)]
Remove unused function
Fixes: #11423
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:32:40 +0000 (23:32 +0200)]
bridge: Add option to missing --stp-max-age=
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:31:43 +0000 (23:31 +0200)]
bridge: Order arguments in alphabetical order
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:29:25 +0000 (23:29 +0200)]
bridge: Set proper defaults
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:17:30 +0000 (23:17 +0200)]
bridge: Reorder functions into the common order
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:15:26 +0000 (23:15 +0200)]
bridge: Fix assertion for MTU
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 21:13:22 +0000 (23:13 +0200)]
bridge: Check input and return useful errors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 20:55:51 +0000 (21:55 +0100)]
Bump version to 011
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 24 Sep 2018 20:54:39 +0000 (21:54 +0100)]
Bump version to 010
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 23:21:45 +0000 (01:21 +0200)]
ipsec: security policies: system: Order by complexity
strongswan uses the cipher suites in the order as listed by first
match instead of complexity. This patch re-orders them so that
maximum complexity is tried first and everything else after.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 23:14:59 +0000 (01:14 +0200)]
ipsec: Set traffic selectors to all when using GRE/VTI devices
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 22:28:40 +0000 (00:28 +0200)]
port: ip-tunnel: Allow to set MAC address
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 20:22:20 +0000 (22:22 +0200)]
ports: Use default port pattern for all ports
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 19:18:09 +0000 (21:18 +0200)]
ip-tunnel: New port hook
This allows to create layer-2 tunnels using the GRETAP protocol
Fixes: #11608
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 19:17:10 +0000 (21:17 +0200)]
ip-tunnel: Add support for GRETAP tunnels
Fixes: 11608
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 23 Sep 2018 18:34:59 +0000 (20:34 +0200)]
hotplug: Do not attempt to rename any devices with an invalid MAC address
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>