ports: Fix saving HOOK name

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Refactor hotplug script

This script is doing the same as before, but has been refactored
to be cleaner and faster.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hotplug: Continue running through script for ipsec devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

zones: Drop unused commands

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Extend "network status"

This now takes ports, devices and PHYs and prints the appropriate
status.

This is very handy and just a shortcut.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Speed up device_list() by removing the alphabetical sort

We are now returning all devices, then all PHYs, then all
serial devices.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix generating device_list()

It was returning values like bonding_masters which are not
an actual device.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Validate input for --offloading flag and throw an error when empty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: ethernet+bonding: Allow to disable all offloading

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move offloading code into an own file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add support for hardware offloading

Hardware offloading will now be enabled on physical
and bonding devices automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move DEFAULT_MTU to constants

This is where it belongs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Rewrite adding routes script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

constants: Remove unused BATMAN variable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Use combined setting for advertised link speeds

This patch removes the speed and duplex settings and replaces them
with a configuration option that allows to change advertised link
speeds to a certain speed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting duplex mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting link speed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Bring back accidentially dropped hook_create function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Return OK only to rename ports

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Use default hook_new() function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header-port: Start with empty set of settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting the MTU

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Restart ports after edit to apply settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header-port: Print errors if config could not be read/written

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: ethernet: Allow changing MAC address

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add support for LEDs

This patch configures LEDs on some Wireless PHYs to flash
on activity. This makes debugging easier.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Add support for 802.11ac

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Always enable 802.11d

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Write VHT capabilities to configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Actually store index

Index was always zero and therefore only the first PHY could
be queried only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Remove debug output

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Fix typo in RX-LDPC HT capability

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Fix looping though HT capabilities

The last capability was never looped through

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ibnetwork: Add command to show available VHT capabilities of phys

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Always enable all HT caps

Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Make --peer optional

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: VTI keys are static now and don't need to be updated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: GRE/VTI connections are now possible as on-demand

This change implements using zones as GRE/VTI devices so that
we can use IPsec connections in on-demand mode, too.

The device will be created first (as a zone) and might trigger
an IPsec connection. If that happens, the settings of the device
will be updated automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Add support for VTI interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Show ZONE setting when configuration is being dumped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Change mode to transport/tunnel only

VTI is being removed and will be possible via the new
zone command.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Allow adding a zone to a VPN connection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security policies: Fix typos in plural variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Add tests for ip-tunnels in GRE mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile: Forgot to remove 6to4-tunnel hook

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'jschlag/master'

Drop 6to4-tunnel hook which is (partly) replaced by ip-tunnel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

man: Add documentation for IP tunnel hook

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add generic IP tunnel zone hook

This is useful to create GRE connections and can easily
be extended to do more later.

Fixes: #11607
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Create a function that determines if all IP addresses match

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Fix protocol detection when local address is empty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security policies: Add documentation for pseudo-random-functions command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

CLI: Fix destroying zones

The old delayed removal process doesn't exist any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

ipsec: security policies: Make integrity command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

Move vpn tests into an own directory structure

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security policies: Make group type command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Adjust include paths because of the new include path feature

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security policies: Show PRFs when dumping SecPol conf

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security polices: Make cipher command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Use new include path feature of nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security-policies: Make PRF command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security-policies: Add CLI to modify PRFs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Generate IKE proposals with PRFs

This is now a requirement for AEAD ciphers and strongswan
refuses to start.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Nitsi: port vlan test- check if detach works

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Add vlan port test for nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Merge remote-tracking branch 'jschlag/master'

nitsi: Add test for PPPoE server/client

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe: Bring up port when zone is coming up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add VPN n2n tests for vti

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Use new phase1 and setup recipes in vpn tests

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

nitsi: Make sure that we are always running with the most recent source

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Automatically drop to a shell in case a test fails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe-server: Run with absolute path

Because PATH has been changed this script is executing
itself recursively

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe-server: Read configuration again

This was broken since config IDs have been introduced

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Install ppp scripts with executable permissions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

nitsi: Drop Hello World test

This is a little bit useless now that we have tests
that do stuff that is more useful.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Add phase1

This is supposed to be a good base to build on for any test that
needs a working layer 2 and some IP addresses on the network
to reach any other machines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Make make distcheck happy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Change ipv6 addresses from global to "private" addresses in nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Make setting of traffic selectors in nitsi test easier

We now include the file for ipv4 and for ipv6 into the file for ipv64
which makes maintenance easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Include ping test of ipv4 and ipv6 into ipv64 test

This make changing ip addresses easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Makefile: Install dhclient-helper as an executable script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Change ipv6 addresses from global to "private" addresses in nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Make setting of traffic selectors in nitsi test easier

We now include the file for ipv4 and for ipv6 into the file for ipv64
which makes maintenance easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Include ping test of ipv4 and ipv6 into ipv64 test

This make changing ip addresses easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

vpn: Poly1305 is AEAD

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Rename make-install include file to setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Include some inital commands in make-install template

This allows us to have a couple fewer includes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Install configuration files into the right place

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Remove lines that are already in the default settings file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Remove reference to non-existant strongswan.conf file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'nitsi-zone-commands'

IPsec: Add support for ChaCha20-Poly1305

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix hook for static address configuration.

Add the required hook_new function and "id" information which have been
introduced in earlier commits to make this hook work again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add recipe for port vars

These vars contain the port name which is plugged into the virtual
network.

As this relation changes every reboot these vars make it possible to
write recipes which depends on correct links between two ports.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Add gitignore in include dir of nitsi recipes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Add include recipe for nitsi vpn n2n tests

This recipes are the base for all n2n ipsec tests.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>