libnetwork: Add command that returns supported HT caps for wireless PHYs

Fixes #11611

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Add objects for 802.11 PHYs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Initialise netlink connection when initialising context

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Depend on libnl >= 3.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Get index for interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Add network_log function to header

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Actually free context

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Add interface objects

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Add logging infrastructure

Fixes #11610

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Add central context object

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Make delete function an alias for device_delete

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Shut down devices before we remove them

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dhclient-script: fix bound

When we get a BOUND we should have only new_* variables set.
So it is stated in the manpage.
Apparently, also old_* variables are set so we never got into the block where the IP address was set.
We now always set a new IP Address when we get a BOUND.

Fixes: #11363
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Jonatan Schlag &lt;<a href="mailto:jonatan.schlag@ipfire.org">jonatan.schlag@ipfire.org</a>&gt;
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless-networks: validate priority

Fixes: #11469
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless-networks: change encryption-mode to modes

We also use now our great +/- syntax.

Fixes: #11471
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Properly validate FQDNs

Fixes #11441

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Make testuite run properly to make make distcheck happy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Create configuration directories on install

Fixes #11455

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop placeholder for WEP key validation

We don't support WEP any more.

Fixes #11468

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

man: Update wireless zone documentation according to latest changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add new libnetwork

This is going to be a central place to all things that needed
to be implemented in C here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

man: Add documentation for VPN security policies

Fixes #11426

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Actively scan for hidden networks

Fixes #11476

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Allow using a client certificate to authenticate

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Set default MODES

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Set default priority to 0

This is wpa_supplicant's default, too and the user can
then set any priority higher and order the networks according
to own preferences.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Use random MAC addresses when scanning for better privacy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Allow using WPA-EAP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Allow using a custom CA per network

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Verify server certificates against CAs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Write user credentials into configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Rename ENCRYPTION_MODES to MODES

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Drop complicated config generation function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

802.11s: Generate config in extra function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Forgot to move one line

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Move config header generation into own function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Add support for 802.1X authentication

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Fix crash of status if not connected

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Doesn't like spaces here

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Add ctrl_interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

interrupts: Fix passing of command line args with $@

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

interrupts: Fix directory listing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Drop old network configuration from hook and use new one

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Add priority to WPA supplicant configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Allow using multiple modes at the same time

To be more compatible with networks where encryption methods
are unknown, we allow using multiple (or all) methods that
we support at the same time.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Drop support for WEP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Add configured EAP modes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Convert to use handles internally

SSIDs are hard to handle since we have no efficient way to
list them all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Allow exporting configuration into WPA supplicant format

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Validate any PSKs for WPA*

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Only delete one network at a time

Destroying multiple networks in one go is not really a good
idea here, since error codes are not properly passed on.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Properly validate encryption modes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless networks: Call pre-shared-key correctly

The name "key" is used multiple times here. Once for the
pre-shared-key of the network and secondly for the configuration
field in the settings file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cli_wireless_network: Refactor for better application logic

No functional changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move wireless networks functions into extra file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Rename NETWORK_WIRELESS_NETWORK_DIR to NETWORK_WIRELESS_NETWORKS_DIR

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: add network feature

See http://wiki.ipfire.org/devel/network/wireless-networks

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

util: add normalize function

This function remove all non alpha numerical characters from a string
and substitute this characters with one -

So HELLO%%/$&/)%$%(&&HH becomes hello-hh

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop wireless-adhoc port

This was only useful for B.A.T.M.A.N. and could not be
attached to a bridge zone which leaves it useless for us.

The backend functionality is kept to potentially implement
this as a zone again.

Fixes #11460

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove B.A.T.M.A.N.

We do not seem to have an obvious application for this
and since 802.11s is wider supported we will support
that for wireless mesh networks instead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

bridge: Correctly apply STP priority

Fixes #10609

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Rename make_parent_dir to make_parent_directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dhclient-script: IP addresses could change on REBIND

When the client binds to a new DHCP server, the IP address
could change and therefore we need to check if that has
happened and update everything accordingly.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

dhclient-script: No need to set up the device again

To get the lease, the device must have been up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Use nl80211 instead of wext to communicate with the kernel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Fix typo in variable name

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Move configuration to /etc/wpa_supplicant

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Drop config helper

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

802.11s: Write WPA supplicant configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Support 802.11s

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove obsolete comment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

802.11s: Allow setting a PSK for SAE authentication

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wpa_supplicant: Rename zone variable to device

Since we are using this for ports now, too, the variable
should have a generic name and the zone check must be removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove zone_dir and zone_file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Dropping port_dir()

This function is always returning constant values but
needs to fork a subshell for that which has some performance
impact.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

device_get_all: Drop function

This is basically device_list which is used everywhere else
in the code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Introduce list_directory

This function lists all files in a directory which
is a functionality that we use very very often.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hooks_list: Remove duplicate function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-pools: reload pools after destroying pools

Fixes: #11433
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-pool: delete on destroy also the swanctl configuration file

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network reset: destroy all IPsec pools

Fixes: #11432
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop bridge-stp script

This is not doing anything useful for us any more and the kernel
is always logging "failed to start userspace STP" which is true,
but it is not meant to start.

So to avoid any confusion, we will just drop this script.

Fixes: #11464
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-connection: add description feature

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec-connection: add color support

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: accept also psk and use pre-shared-key instead of psk

Fixes: #11454
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: move pool function in a seperated file

Fixes: #11447
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network fix parameter passing when using ""

When we use "" on the command line to pass a value with spaces
the argument was broken when passing it to the next function.
Now the argument is kept as one string with spaces

Fixes: #11438
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vpn-security-policies: fix +/- syntax handling for group type and integrity

Fixes: #11445
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Validate channels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Always destroy zones immediately

The delayed destroyal does not make much sense when this is not
implemented for ports, etc.

Fixes #11434

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Print a useful message when bringing up a port that has not been created, yet

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add port hook for wireless mesh devices after 802.11s

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Allow creating mesh points

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

wireless: Allow setting the channel when creating a device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Make a generic hook_new function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Bump version to 009

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: Don't destroy if it could not be shut down

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Drop unused and complicated info function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Drop port_get_parents function

This does not do anything useful

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>