[PATCH][netifd] vlandev: fix system_vlandev_add error triggered by multiple vlandev_set_up calls

will prevent calling system_vlandev_add() when vlan device was already created, thus solving the root cause of the issue. Signed-off-by: Alin Nastac --- vlandev.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/vlandev.c b/vlandev.c index 31b82b1..4780ca3 100644 --- a/vland

[PATCH] vlandev: fix system_vlandev_add error triggered by multiple vlandev_set_up calls

will prevent calling system_vlandev_add() when vlan device was already created, thus solving the root cause of the issue. Signed-off-by: Alin Nastac --- vlandev.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/vlandev.c b/vlandev.c index 31b82b1..4780ca3 100644 --- a/vland

[PATCH][odhcp6c] odhcp6c_find_entry: exclude priority from the list of fields that must match

t was previously stored with medium precedence, it will fail to remove the existing STATE_RA_ROUTE default route, hence preventing odhcpd from advertising RAs with lifetime 0 to LAN. Signed-off-by: Alin Nastac --- src/dhcpv6.c | 4 ++-- src/odhcp6c.h | 2 +- 2 files changed, 3 insertions(+), 3 dele

[PATCH][odhcp6c] ra: exit on RTM_DELLINK event

hat will impede default route creation for wan interface (pppoe-wan device will store the incorrect ifindex). Signed-off-by: Alin Nastac --- src/dhcpv6.c | 6 +- src/ra.c | 54 ++ 2 files changed, 35 insertions(+), 25 deletions(-) diff --g

[PATCH][netifd] system-linux: initialize ifreq struct before using it

Signed-off-by: Alin Nastac --- system-linux.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system-linux.c b/system-linux.c index 6778b1d..9188899 100644 --- a/system-linux.c +++ b/system-linux.c @@ -904,6 +904,8 @@ failure: int system_if_resolve(struct device *dev) { struct

[firewall3][PATCH] zones: limit masq_allow_invalid effect to ipv4 family

Preventing NAT leakage on ipv6 doesn't make sense, as all other masq* options have effect only on ipv4. Signed-off-by: Alin Nastac --- zones.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zones.c b/zones.c index 68b02ab..dbf23dc 100644 --- a/zones.c +++ b/zo

[OpenWrt-Devel] [firewall3][PATCH] redirects: fix segmentation fault

Fixes 9d7f49df47ad ("redurects: add support to define multiple zones for dnat reflection rules") Signed-off-by: Alin Nastac --- redirects.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/redirects.c b/redirects.c index b928287..45a6cb1 100644 --- a/r

[OpenWrt-Devel] [firewall3][PATCH v3] redirect & nat: add IPv6 NAT support

rt '53' option dest_ip 'lan' option target 'DNAT' It was also tested on a build that did not supported IPv6 NAT (nat was not present in /proc/net/ip6_tables_names), fw3 -d restart did not signaled any error. Signed-of

[OpenWrt-Devel] [firewall3][PATCH v2] redirect & nat: add IPv6 NAT support

From: Alin Nastac 1) Remove hardcoded restrictions that disable redirect support on IPv6. 2) Allow usage of IP address lists in redirect and snat uci sections. This is needed for 2 scenarios: - use the interface address that matches the redirect & nat family when dest_ip is set t

[OpenWrt-Devel] [PATCH][uci] file: preserve original file mode after commit

Because mkstemp() create a file with mode 0600, only user doing the commit (typically root) will be allowed to inspect the content of the file after uci commit. Signed-off-by: Alin Nastac --- file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/file.c b/file.c index

[OpenWrt-Devel] [PATCH] system-linux: fix PATH_MAX undeclared compilation error

From: Alin Nastac Issue was introduced in commit 1321c1bd8fe921986c4eb39c3783ddd827b79543. Signed-off-by: Alin Nastac --- system-linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/system-linux.c b/system-linux.c index d36d287..775b448 100644 --- a/system-linux.c +++ b/system-linux.c

[OpenWrt-Devel] [firewall3][PATCH] redirect & nat: add IPv6 NAT support

From: Alin Nastac 1) Remove hardcoded restrictions that disable redirect support on IPv6. 2) Allow usage of IP address lists in redirect and snat uci sections. This is needed for 2 scenarios: - use the interface address that matches the redirect & nat family when dest_ip is set t

[OpenWrt-Devel] [netifd][PATCH] interface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel

From: Alin Nastac When netifd manages the prefix route directly, it will remove it the moment prefix gets deprecated. This will make it impossible for the target to send ICMPv6 errors back to LAN devices still using the deprecated prefix, thus breaking the L-14 requirement of RFC 7084. Signed

[OpenWrt-Devel] [netifd][PATCH] interface-ip: transfer prefix route ownership to kernel when IPv6 address becomes deprecated

From: Alin Nastac When netifd manages the prefix route directly, it will remove it the moment prefix gets deprecated. This will make it impossible for the target to send ICMPv6 errors back to LAN devices still using the deprecated prefix, thus breaking the L-14 requirement of RFC 7084. Signed

[OpenWrt-Devel] [PATCH] ubus: lua binding does not allow a reply with 64 bit numbers

Numbers originated from lua bindings get explicitly truncated to 32 bit. Signed-off-by: Alin Nastac --- lua/ubus.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lua/ubus.c b/lua/ubus.c index 86dcc50..aa01ac9 100644 --- a/lua/ubus.c +++ b/lua/ubus.c @@ -196,7 +196,11

[OpenWrt-Devel] [PATCH] interface: add IPv6 addresses without IFA_F_NOPREFIXROUTE

When netifd manages the prefix route directly, it will remove it the moment prefix gets deprecated. This will make it impossible for the target to send ICMPv6 errors back to LAN devices still using the deprecated prefix, thus breaking the L-14 requirement of RFC 7084. Signed-off-by: Alin Nastac

[OpenWrt-Devel] [PATCH v2] fstools: add a hook before mounting the overlay

From: Alin Nastac Scripts located in the directory /etc/mount_root.d will be executed before mounting the overlay. It can be used to implement configuration merges between old & new setup after doing sysupgrade. Signed-off-by: Alin Nastac --- libfstools/overlay.c

[OpenWrt-Devel] [PATCH] fstools: add a hook before mounting the overlay

Scripts located in the directory /lib/mount_root will be executed before mounting the overlay. Signed-off-by: Alin Nastac --- libfstools/hook.h| 51 +++ libfstools/overlay.c | 3 ++- 2 files changed, 53 insertions(+), 1 deletion(-) create

[OpenWrt-Devel] [PATCH] firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type

From: Alin Nastac Problem can be reproduced with a rule like this: option src 'wan' option family 'ipv6' option proto 'icmp' option icmp_type '128' option target 'DROP' The resulted rule will set --icmpv6-type to 128/255. Signed-

[OpenWrt-Devel] [PATCH] iproute2: add libcap support, enabled in ip-full

Preserve optionality of libcap by having configuration script follow the HAVE_CAP environment variable, used similarly to the HAVE_ELF variable. Signed-off-by: Alin Nastac --- package/network/utils/iproute2/Makefile| 18 ++ .../iproute2/patches/150

[OpenWrt-Devel] [PATCH] ipset: add support for hash(ip,mac)

Signed-off-by: Alin Nastac --- package/kernel/linux/modules/netfilter.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 25715be..ef17524 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b

[OpenWrt-Devel] [PATCH] system-linux: handle hotplug event socket ENOBUFS errors

Hotplug events are no longer handled after socket RX queue is overrun. The issue has been fixed by: - setting SO_RCVBUF initially to 65535 - doubling SO_RCVBUF value each time RX queue gets overrun Signed-off-by: Alin Nastac --- system-linux.c | 53

[OpenWrt-Devel] [PATCH] firewall3: link zone_loopback_helper chain through an OUTPUT rule

From: Alin Nastac Locally-generated packets are passing through OUTPUT chain, not PREROUTING. Signed-off-by: Alin Nastac --- zones.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/zones.c b/zones.c index 505ab20..8c3daef 100644 --- a/zones.c +++ b/zones.c

[OpenWrt-Devel] [PATCH v2] firewall3: make reject types selectable by user

From: Alin Nastac RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error code 1 (Communication with destination administratively prohibited). Signed-off-by: Alin Nastac --- defaults.c | 34

[OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user

From: Alin Nastac RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error code 1 (Communication with destination administratively prohibited). Signed-off-by: Alin Nastac --- defaults.c | 21

[OpenWrt-Devel] [PATCH v2] netfilter: add bpf match support

From: Alin Nastac Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac --- include/netfilter.mk | 1 + package

[OpenWrt-Devel] [PATCH] netfilter: add bpf match support

Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac --- include/netfilter.mk | 1 + 1 file changed, 1 insertion(+) diff --git a

[OpenWrt-Devel] [PATCH] procd: service gets deleted when its last instance is freed

run "ifup wan" 4) although the same DHCP lease was obtained, sysntpd would be stopped Because sysntpd service is deleted when last instance is freed, its triggers will also be released. Without these triggers in place, sysntpd will not be reloaded when a new DHCP lease containing option 42 wil

[OpenWrt-Devel] [PATCH] procd: service gets deleted when its last instance is freed

Signed-off-by: Alin Nastac --- service/service.c | 5 - service/service.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/service/service.c b/service/service.c index 0584ee0..9675ba2 100644 --- a/service/service.c +++ b/service/service.c @@ -140,6 +140,8

[OpenWrt-Devel] [PATCH] procd: stop service using SIGKILL if SIGTERM failed to do so

SIGKILL is sent if instance process is still running after seconds after SIGTERM has been sent. To prevent another daemon process being launched before old process dies, the instance is kept until SIGCHLD confirms that service has been stopped. Signed-off-by: Alin Nastac --- service/instance.c

[OpenWrt-Devel] [PATCH] netifd: Add option to configure locktime for each device

the NA packet. Signed-off-by: Alin Nastac --- device.c | 10 ++ device.h | 3 +++ system-linux.c | 20 3 files changed, 33 insertions(+) diff --git a/device.c b/device.c index 43881e5..306496c 100644 --- a/device.c +++ b/device.c @@ -59,6 +59,7 @@ static

[OpenWrt-Devel] [PATCH] libnetfilter_queue: fix checksum computation

There are 2 issues fixed by this patch: - UDP checksum is computed incorrectly, the used pseudo IP header contains transport protocol 6 iso 17 - on big endian arches the UDP/TCP checksum is incorrectly computed when payload length is odd Signed-off-by: Alin Nastac --- .../patches

[OpenWrt-Devel] [PATCH] [NG-57971] libnetfilter_queue: fix UDP checksum computation

This patch was copied from http://www.spinics.net/lists/netfilter/msg56704.html . Signed-off-by: Alin Nastac --- .../patches/100-udp_checksum_computation.patch | 95 ++ 1 file changed, 95 insertions(+) create mode 100644 package/libs/libnetfilter-queue/patches/100

[OpenWrt-Devel] [PATCH] libnetfilter_queue: fix UDP checksum computation

This patch was copied from http://www.spinics.net/lists/netfilter/msg56704.html . --- .../patches/100-udp_checksum_computation.patch | 95 ++ 1 file changed, 95 insertions(+) create mode 100644 package/libs/libnetfilter-queue/patches/100-udp_checksum_computation.patch di

[OpenWrt-Devel] [PATCH] netifd: Add option to configure gc_stale_time for each device

The UCI parameter neighgcstaletime allows to control how much time will STALE entries be kept in the neighbour table for both IPv4 and IPv6. Signed-off-by: Alin Nastac --- device.c | 14 ++ device.h | 4 system-linux.c | 38 ++ 3

[OpenWrt-Devel] [PATCH] libnet-1.2.x: enable HAVE_PACKET_SOCKET

There is already a CONFIGURE_VAR set in here that seem to have the same purpose, but it doesn't do the trick in my cause (autoconf 2.69). --- libs/libnet-1.2.x/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/libs/libnet-1.2.x/Makefile b/libs/libnet-1.2.x/Makefile index a791163..062c7b

[OpenWrt-Devel] [PATCH] conntrack: enable support for netfilter conntrack zones

Storage of such zones is provided by a nf_ct_ext struct, hence conntrack memory foot print will not be increased if zones are not used. --- package/kernel/linux/modules/netfilter.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linu

[OpenWrt-Devel] [PATCH] load running state after lock is acquired

When running "/etc/init.d/firewall reload & fw3 -q restart", the fw3 instance that handle the reload might try to read the running state after firewall was stopped by the fw3 instance that does the restarting. Since a NULL run_state will transform reload operation in start operation, the resulted i

[OpenWrt-Devel] [PATCH] [package] firewall: Redirect incoming WAN traffic only when destination IP address matches the IP address used for masquerading

From 56820e2e3e09f68e4f9a74e6aff832fbcf2c5729 Mon Sep 17 00:00:00 2001 From: Alin Nastac Date: Fri, 4 Sep 2015 13:54:10 +0200 Subject: [PATCH] Redirect incoming WAN traffic only when destination IP address matches the IP address configured on the incoming interface --- zones.c