colors: Remove extra space character in BLOCKING msg

This message was not properly aligned

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move creating port configurations into network-hotplug-rename

This script is now actually creating a new configuration while
it is holding the lock.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Refactor network-hotplug-rename

This is now using a new locking mechanism that is working
faster and more reliable then looping for forever.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Correctly create new configurations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: Fix saving HOOK name

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Refactor hotplug script

This script is doing the same as before, but has been refactored
to be cleaner and faster.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hotplug: Continue running through script for ipsec devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

zones: Drop unused commands

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Extend "network status"

This now takes ports, devices and PHYs and prints the appropriate
status.

This is very handy and just a shortcut.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Speed up device_list() by removing the alphabetical sort

We are now returning all devices, then all PHYs, then all
serial devices.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix generating device_list()

It was returning values like bonding_masters which are not
an actual device.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Validate input for --offloading flag and throw an error when empty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: ethernet+bonding: Allow to disable all offloading

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move offloading code into an own file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add support for hardware offloading

Hardware offloading will now be enabled on physical
and bonding devices automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Move DEFAULT_MTU to constants

This is where it belongs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Rewrite adding routes script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

constants: Remove unused BATMAN variable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Use combined setting for advertised link speeds

This patch removes the speed and duplex settings and replaces them
with a configuration option that allows to change advertised link
speeds to a certain speed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting duplex mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting link speed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Bring back accidentially dropped hook_create function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Return OK only to rename ports

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Use default hook_new() function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header-port: Start with empty set of settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

port: ethernet: Allow setting the MTU

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Restart ports after edit to apply settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header-port: Print errors if config could not be read/written

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ports: ethernet: Allow changing MAC address

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add support for LEDs

This patch configures LEDs on some Wireless PHYs to flash
on activity. This makes debugging easier.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Add support for 802.11ac

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Always enable 802.11d

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Write VHT capabilities to configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Actually store index

Index was always zero and therefore only the first PHY could
be queried only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Remove debug output

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Fix typo in RX-LDPC HT capability

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

libnetwork: Fix looping though HT capabilities

The last capability was never looped through

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ibnetwork: Add command to show available VHT capabilities of phys

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

hostapd: Always enable all HT caps

Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Make --peer optional

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: VTI keys are static now and don't need to be updated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: GRE/VTI connections are now possible as on-demand

This change implements using zones as GRE/VTI devices so that
we can use IPsec connections in on-demand mode, too.

The device will be created first (as a zone) and might trigger
an IPsec connection. If that happens, the settings of the device
will be updated automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Add support for VTI interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Show ZONE setting when configuration is being dumped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Change mode to transport/tunnel only

VTI is being removed and will be possible via the new
zone command.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Allow adding a zone to a VPN connection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security policies: Fix typos in plural variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Add tests for ip-tunnels in GRE mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile: Forgot to remove 6to4-tunnel hook

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'jschlag/master'

Drop 6to4-tunnel hook which is (partly) replaced by ip-tunnel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

man: Add documentation for IP tunnel hook

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add generic IP tunnel zone hook

This is useful to create GRE connections and can easily
be extended to do more later.

Fixes: #11607
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Create a function that determines if all IP addresses match

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ip-tunnel: Fix protocol detection when local address is empty

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security policies: Add documentation for pseudo-random-functions command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

CLI: Fix destroying zones

The old delayed removal process doesn't exist any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

ipsec: security policies: Make integrity command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

Move vpn tests into an own directory structure

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security policies: Make group type command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Adjust include paths because of the new include path feature

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security policies: Show PRFs when dumping SecPol conf

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security polices: Make cipher command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Use new include path feature of nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

ipsec: security-policies: Make PRF command plural

References: #11446

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: security-policies: Add CLI to modify PRFs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ipsec: Generate IKE proposals with PRFs

This is now a requirement for AEAD ciphers and strongswan
refuses to start.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Nitsi: port vlan test- check if detach works

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Add vlan port test for nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Merge remote-tracking branch 'jschlag/master'

nitsi: Add test for PPPoE server/client

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe: Bring up port when zone is coming up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Add VPN n2n tests for vti

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Use new phase1 and setup recipes in vpn tests

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

nitsi: Make sure that we are always running with the most recent source

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Automatically drop to a shell in case a test fails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe-server: Run with absolute path

Because PATH has been changed this script is executing
itself recursively

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

pppoe-server: Read configuration again

This was broken since config IDs have been introduced

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Install ppp scripts with executable permissions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge remote-tracking branch 'upstream/master'

nitsi: Drop Hello World test

This is a little bit useless now that we have tests
that do stuff that is more useful.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Add phase1

This is supposed to be a good base to build on for any test that
needs a working layer 2 and some IP addresses on the network
to reach any other machines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Make make distcheck happy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Change ipv6 addresses from global to "private" addresses in nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Make setting of traffic selectors in nitsi test easier

We now include the file for ipv4 and for ipv6 into the file for ipv64
which makes maintenance easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Include ping test of ipv4 and ipv6 into ipv64 test

This make changing ip addresses easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Makefile: Install dhclient-helper as an executable script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Change ipv6 addresses from global to "private" addresses in nitsi

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Make setting of traffic selectors in nitsi test easier

We now include the file for ipv4 and for ipv6 into the file for ipv64
which makes maintenance easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

Include ping test of ipv4 and ipv6 into ipv64 test

This make changing ip addresses easier.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>

vpn: Poly1305 is AEAD

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Rename make-install include file to setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Include some inital commands in make-install template

This allows us to have a couple fewer includes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Install configuration files into the right place

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Remove lines that are already in the default settings file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

nitsi: Remove reference to non-existant strongswan.conf file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Merge branch 'nitsi-zone-commands'

IPsec: Add support for ChaCha20-Poly1305

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>