]>
git.ipfire.org Git - people/jschlag/network.git/log
Michael Tremer [Sat, 15 Sep 2018 21:57:09 +0000 (22:57 +0100)]
nitsi: Add phase1
This is supposed to be a good base to build on for any test that
needs a working layer 2 and some IP addresses on the network
to reach any other machines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 16:04:40 +0000 (17:04 +0100)]
Make make distcheck happy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 15:59:49 +0000 (17:59 +0200)]
Change ipv6 addresses from global to "private" addresses in nitsi
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 15:55:01 +0000 (17:55 +0200)]
Make setting of traffic selectors in nitsi test easier
We now include the file for ipv4 and for ipv6 into the file for ipv64
which makes maintenance easier.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 15:49:26 +0000 (17:49 +0200)]
Include ping test of ipv4 and ipv6 into ipv64 test
This make changing ip addresses easier.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 18:40:31 +0000 (20:40 +0200)]
Makefile: Install dhclient-helper as an executable script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 15:06:05 +0000 (16:06 +0100)]
vpn: Poly1305 is AEAD
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 14:58:16 +0000 (15:58 +0100)]
nitsi: Rename make-install include file to setup
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 14:53:25 +0000 (15:53 +0100)]
nitsi: Include some inital commands in make-install template
This allows us to have a couple fewer includes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 13:33:55 +0000 (14:33 +0100)]
nitsi: Install configuration files into the right place
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 13:32:22 +0000 (14:32 +0100)]
nitsi: Remove lines that are already in the default settings file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Sep 2018 13:29:48 +0000 (14:29 +0100)]
nitsi: Remove reference to non-existant strongswan.conf file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 13:25:08 +0000 (15:25 +0200)]
Merge branch 'nitsi-zone-commands'
Michael Tremer [Sat, 15 Sep 2018 12:49:59 +0000 (13:49 +0100)]
IPsec: Add support for ChaCha20-Poly1305
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sat, 11 Aug 2018 19:21:27 +0000 (21:21 +0200)]
Fix hook for static address configuration.
Add the required hook_new function and "id" information which have been
introduced in earlier commits to make this hook work again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 11:59:24 +0000 (13:59 +0200)]
Add recipe for port vars
These vars contain the port name which is plugged into the virtual
network.
As this relation changes every reboot these vars make it possible to
write recipes which depends on correct links between two ports.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 11:57:21 +0000 (13:57 +0200)]
Add gitignore in include dir of nitsi recipes
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 11:48:08 +0000 (13:48 +0200)]
Add include recipe for nitsi vpn n2n tests
This recipes are the base for all n2n ipsec tests.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 15 Sep 2018 11:41:55 +0000 (13:41 +0200)]
Add default settings file for nitsi tests
This makes writing a test much faster.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Wed, 15 Aug 2018 09:31:14 +0000 (10:31 +0100)]
reset: Trigger udev to re-add all network interfaces
Fixes: #11815
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 15 Aug 2018 09:26:51 +0000 (10:26 +0100)]
Remove registration of functions called on init
Only one function used this and it was slow since it got initialised
every time the functions were loaded.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 15 Aug 2018 09:24:05 +0000 (10:24 +0100)]
dns: Re-generate resolv.conf when flushing settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 11 Aug 2018 12:32:59 +0000 (14:32 +0200)]
Add a test to check that we can attach ports to a zone of type bridge
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Tue, 7 Aug 2018 17:15:34 +0000 (19:15 +0200)]
Add new test zone-new-bridge
This test checks if we can create a new zone of type bridge.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Sat, 28 Jul 2018 11:59:16 +0000 (13:59 +0200)]
Add test for command raw device-get-by-mac-address
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 28 Jul 2018 11:59:15 +0000 (13:59 +0200)]
Add new function device_get_by_mac_address()
We need this function and the command to identify ports in a nitsi test.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 28 Jul 2018 11:59:14 +0000 (13:59 +0200)]
Add recipe to set network settings
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 28 Jul 2018 11:59:13 +0000 (13:59 +0200)]
Add recipe to reset network configuration
We use --force here to avoid the y/n question.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 30 Jun 2018 15:54:04 +0000 (17:54 +0200)]
Add include dir for nitsi test
When we include recipes in our recipe we must be shure in some cases
that the recipe are generated out of a .in file.
All files in the include dir will be generated before every test so we
can be shure that these files are present.
This is useful for recipes like the make-install recipe in this test,
which needs to be generated and will be included in nearly every test.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 30 Jun 2018 15:53:48 +0000 (17:53 +0200)]
Fix network reset
The functions zone_destroy and zone_destroy_now where merged to
zone_destroy in an earlier commit. So we have to use zone_destroy here.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 25 Jun 2018 09:01:43 +0000 (11:01 +0200)]
We need to change the path of the image in the settings file to
When we do not change this path accordingly to the place where we store
our images the copy in feature does not work.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 25 Jun 2018 09:01:42 +0000 (11:01 +0200)]
Adapt settings file of nitsi tests to new syntax
Nitsi is using a new syntax for settings file so we need to change the
settings files of our tests.
I dropped some settings in the hello-world test because we do not need
them for this test.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 25 Jun 2018 09:01:41 +0000 (11:01 +0200)]
Adapt nitsi command line to new syntax
Nitsi is now using subparsers so we have to add 'run-test' to the
command line.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:32 +0000 (16:38 +0100)]
Drop README file from virtual environment
Those instructions are no longer valid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:31 +0000 (16:38 +0100)]
NITSI: Automatically download required images
This patch lets make automatically download all required
images and extracts them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:30 +0000 (16:38 +0100)]
Makefile: Ship virtual environment files in release tarball
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:29 +0000 (16:38 +0100)]
nitsi: Add a test that calls "make check" in the virtual environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:28 +0000 (16:38 +0100)]
Makefile: Remove any excess substitution rules
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:27 +0000 (16:38 +0100)]
Build source tarball before running any NITSI tests
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 4 Jun 2018 15:38:26 +0000 (16:38 +0100)]
nitsi: Create "nitsi" Makefile target
Calling "make nitsi" will run all nitsi tests
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 4 Jun 2018 09:57:31 +0000 (11:57 +0200)]
Fix test hello-world
In the moment a single all statement is not supported by nitsi.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 4 Jun 2018 09:50:53 +0000 (11:50 +0200)]
Fix path to virtual environment of hello-world test
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 28 May 2018 14:12:26 +0000 (16:12 +0200)]
Add first test for nitsi
This commit introduce NITSI. Nitsi is the "Networking integration test
suite for IPFire". We can test the network code in a virtual environment
on any system.
This test has the only purpose to check if nitsi is working.
For more information about nitsi see the manpages and the git
repository on git.ipfire.org
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 4 Jun 2018 07:45:35 +0000 (09:45 +0200)]
Add simple Readme for the basic virtual-environment
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 4 Jun 2018 07:45:34 +0000 (09:45 +0200)]
Add first basic virtual environment for nitsi
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Thu, 8 Mar 2018 09:09:02 +0000 (09:09 +0000)]
IPsec: regenerate a swanctl config on connection startup if no config is found
This is an easy way to forcing a regenration if we do not want to change any setting.
Fixes: #11627
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 18:24:59 +0000 (18:24 +0000)]
ip-tunnel: choose the correct type based on the ip protocol
IPv4 and IPv6 need different types for iproute2.
So in the _add function we have to determine the mode
based on the IP protocol of the ${remote_address}.
When we change ikey and okey we have to dertermine the mode the device
have currently.
Fixes: #11431
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 18:24:58 +0000 (18:24 +0000)]
ip-tunnel: Improve checks
We cannot mix ipv6 and ipv4 and we also need to detect the IP protocol
version to decide which mode we have to use.
This is done in a seperated commit.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 18:24:57 +0000 (18:24 +0000)]
device: add new function device_tunnel_get_type()
If we already know that the device must be a ip-tunnel device
we can save time when we check just for the types
a ip-tunnel device can have.
To avoid code duplication we call this function from device_get_type()
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 18:24:56 +0000 (18:24 +0000)]
device: add new function device_is_vti6
This functions checks if a device is a vti6 device.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 18:24:55 +0000 (18:24 +0000)]
ip-tunnel: add new function
To be undependent from the IP protocol we use, when we use tunnel modes
in our code, this function converts the modes
to the modes the iproute2 tool uses
which often depend on the IP protocol version.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 4 Mar 2018 16:19:55 +0000 (16:19 +0000)]
IPsec: Fix routing in tunnel mode
Two syntax errors make the routing in tunnel mode non working
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 1 Mar 2018 15:22:47 +0000 (15:22 +0000)]
firewall: Disable PMTU by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 1 Mar 2018 15:21:13 +0000 (15:21 +0000)]
firewall: Enable ECN by default
Apple has tried this and it seems to be safe now
https://www.ietf.org/proceedings/98/slides/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 1 Mar 2018 15:16:27 +0000 (15:16 +0000)]
firewall: Enable ECN fallback mechanism when ECN is enabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Thu, 1 Mar 2018 15:15:38 +0000 (15:15 +0000)]
IPsec: Fix routing
Based on the examples found in strongswan
we need to specific the source IP for our routes through an IPsec VPN.
If we have no source IP (a router can route packages
which do not belong to the network assigned to our zones) we set no routes,
but clients can still use the tunnel.
For IPsec VPNs in tunnel mode we
also need the device which has the ${PLUTO_ME} IP address asigned.
The source IP is determined ip_get_assigned_addresses_from_net()
the device is determined by the device_get_by_ip_address() function.
For tunnel mode see:
https://www.strongswan.org/testing/testresults/ipv6-stroke/net2net-ip4-in-ip6-ikev2/moon.ip.route
Fixes: #11629
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag via network [Fri, 23 Feb 2018 11:05:35 +0000 (11:05 +0000)]
IPsec: Log the content of all PLUTO variables in debug mode
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 28 Feb 2018 16:31:27 +0000 (16:31 +0000)]
Add new function ip_get__assigned_addresses_from_net()
This function is neede by IPsec to set the routes correctly.
We can now now find a source IP for a given net.
This way is ugly because the source IP
is unpredictable if we get multiple IPs.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag via network [Fri, 23 Feb 2018 11:05:33 +0000 (11:05 +0000)]
Add new function: device_get_by_assigned_ip_address()
This function is used to get a device from an IP address
which is assigned to the device.
This function needs to be introduced
to set the routes for IPsec correctly.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 7 Feb 2018 14:53:47 +0000 (14:53 +0000)]
Fix zone_config_check_same_setting
Every time we edited a config zone_config_check_same_setting
returns that a identical config was found but this config was the config
we want to edit. So we now generate the id inside hook_new and pass the
id always to hook_parse_cmdline and to zone_config_check_same_setting.
So we can skip this config.
Fixes: #11451
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 10 Feb 2018 12:14:05 +0000 (12:14 +0000)]
Fix radvd startup
We now only start radvd when we write a config for a zone into the config
file.
Fixes: #11450
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 14:49:21 +0000 (14:49 +0000)]
Replace ipv[64]-static by one static hook
There is no need to split this into multiple hooks
since they share a lot of common configuration, etc.
There is no migration path provided here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:43:38 +0000 (13:43 +0000)]
ipv6-static: Remove shell switches to define address and prefix
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:39:41 +0000 (13:39 +0000)]
Makefile: All shell library files where executable which they shouldn't be
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:36:36 +0000 (13:36 +0000)]
functions: Include path to new utils
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:32:40 +0000 (13:32 +0000)]
network-phy-list-ht-caps: Don't print empty lines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:31:48 +0000 (13:31 +0000)]
libnetwork: Don't fail when wireless devices are not supported by nl80211
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 13:21:29 +0000 (13:21 +0000)]
libnetwork: Properly handle errors from netlink messages
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 11:46:56 +0000 (11:46 +0000)]
network-phy-list-ht-caps: Fix SEGV when no PHY was found
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Feb 2018 10:47:03 +0000 (10:47 +0000)]
libnetwork: Add command that returns supported HT caps for wireless PHYs
Fixes #11611
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Feb 2018 18:29:38 +0000 (18:29 +0000)]
libnetwork: Add objects for 802.11 PHYs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Feb 2018 18:08:13 +0000 (18:08 +0000)]
libnetwork: Initialise netlink connection when initialising context
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Feb 2018 17:41:07 +0000 (17:41 +0000)]
libnetwork: Depend on libnl >= 3.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Feb 2018 17:11:16 +0000 (17:11 +0000)]
libnetwork: Get index for interfaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Feb 2018 16:58:20 +0000 (16:58 +0000)]
libnetwork: Add network_log function to header
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 13:56:15 +0000 (13:56 +0000)]
libnetwork: Actually free context
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 13:55:20 +0000 (13:55 +0000)]
libnetwork: Add interface objects
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 12:47:41 +0000 (12:47 +0000)]
libnetwork: Add logging infrastructure
Fixes #11610
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 12:18:37 +0000 (12:18 +0000)]
libnetwork: Add central context object
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 11:34:41 +0000 (11:34 +0000)]
ip-tunnel: Make delete function an alias for device_delete
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 2 Feb 2018 11:33:51 +0000 (11:33 +0000)]
Shut down devices before we remove them
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 28 Aug 2017 13:27:12 +0000 (15:27 +0200)]
dhclient-script: fix bound
When we get a BOUND we should have only new_* variables set.
So it is stated in the manpage.
Apparently, also old_* variables are set so we never got into the block where the IP address was set.
We now always set a new IP Address when we get a BOUND.
Fixes: #11363
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Jonatan Schlag <<a href="mailto:jonatan.schlag@ipfire.org">jonatan.schlag@ipfire.org</a>>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Thu, 24 Aug 2017 09:46:36 +0000 (11:46 +0200)]
wireless-networks: validate priority
Fixes: #11469
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Thu, 24 Aug 2017 09:37:23 +0000 (11:37 +0200)]
wireless-networks: change encryption-mode to modes
We also use now our great +/- syntax.
Fixes: #11471
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 21 Aug 2017 12:19:01 +0000 (12:19 +0000)]
ipsec: Properly validate FQDNs
Fixes #11441
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 21 Aug 2017 12:07:27 +0000 (12:07 +0000)]
Make testuite run properly to make make distcheck happy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 21 Aug 2017 11:59:35 +0000 (11:59 +0000)]
Create configuration directories on install
Fixes #11455
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 20 Aug 2017 12:29:09 +0000 (12:29 +0000)]
Drop placeholder for WEP key validation
We don't support WEP any more.
Fixes #11468
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 20 Aug 2017 12:28:39 +0000 (12:28 +0000)]
man: Update wireless zone documentation according to latest changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 20 Aug 2017 12:03:13 +0000 (12:03 +0000)]
Add new libnetwork
This is going to be a central place to all things that needed
to be implemented in C here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 20 Aug 2017 11:10:39 +0000 (13:10 +0200)]
man: Add documentation for VPN security policies
Fixes #11426
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 12:27:40 +0000 (12:27 +0000)]
wireless networks: Actively scan for hidden networks
Fixes #11476
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 11:12:44 +0000 (11:12 +0000)]
wireless networks: Allow using a client certificate to authenticate
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 11:04:09 +0000 (11:04 +0000)]
wireless networks: Set default MODES
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:57:28 +0000 (10:57 +0000)]
wireless networks: Set default priority to 0
This is wpa_supplicant's default, too and the user can
then set any priority higher and order the networks according
to own preferences.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:53:40 +0000 (10:53 +0000)]
wireless: Use random MAC addresses when scanning for better privacy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:51:10 +0000 (10:51 +0000)]
wireless networks: Allow using WPA-EAP
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:31:11 +0000 (10:31 +0000)]
wireless networks: Allow using a custom CA per network
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:09:42 +0000 (10:09 +0000)]
wireless networks: Verify server certificates against CAs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Aug 2017 10:05:56 +0000 (10:05 +0000)]
wireless networks: Write user credentials into configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>