| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Allow disabling IP rules similar to routes:
https://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=327da9895327bc56b23413ee91a6e6b6e0e4329d
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit 5cf79759a24e9bb2a6a3aef7c83d73efb9bf2df3 (iprule: rework
interface based rules to handle dynamic interfaces) the rule
comparison is broken and doesn't correctly recognize matching rules.
This in turn break the reloading as adding the "new" rule fails
because it already exists and it then delete the "old" rule.
The comparison is broken because it now include fields that are not
defining the rule itself, as well as some pointer to malloced strings.
To fix this we move back the offending fields in the iprule struct
before the 'flags' field and match the malloced strings separately.
Signed-off-by: Alban Bedel <albeu@free.fr>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix segfault in generic_interface_cb by checking the
IPRULE_OUT/IPRULE_IN flags before doing the strcmp for the possible
configured out/in interface(s) of the ip rule.
Also don't copy the interface layer3 device as the layer 3 device is
not yet known when IFEV_CREATE event is launched.
The layer3 device will be known when the IFEV_UP event is processed in
rule_out_cb/rule_in_cb.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Since they are both char arrays, they can never be NULL
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previous netifd would only apply `ip rule`s while config phase.
If the iprule is depending on an interface (iif or oif), the rule
will fail if the interface is not up.
Allow iprules to track interfaces and their devices by using
the interface events.
Fixes: FS#1571
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After applying this patch, policy routing rules can be employed that ignore
parts of a routing table. The following config snippet ignores routing lookups
from the specified main routing table yielding the default route, passing the
lookup process on to the next rule (that might provide a special default route
for marked packets):
config rule
option priority 10
# check main routing table first, but ignore default route result
option lookup main
option suppress_prefixlength 0
config rule
option priority 11
# use special routing table for marked packets
# (unless already consumed by previous rule)
option mark 0xFF
option lookup 100
The result is a ruleset like this (only visible using the full 'ip' binary):
# ip rule
0: from all lookup local
10: from all lookup main suppress_prefixlength 0
11: from all fwmark 0xff lookup 100
32766: from all lookup main
32767: from all lookup default
#
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
| |
|
|
| |
rtnl_socket is not available
|
| | |
|
| |
|
|
| |
generic multiwan support
|
| | |
|
| |
|
