kernelkit
diff --git a/‎doc/ChangeLog.md‎
Lines changed: 4 additions & 0 deletions b/‎doc/ChangeLog.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎doc/dhcp.md‎
Lines changed: 13 additions & 14 deletions b/‎doc/dhcp.md‎
Lines changed: 13 additions & 14 deletions
diff --git a/‎doc/firewall.md‎
Lines changed: 36 additions & 36 deletions b/‎doc/firewall.md‎
Lines changed: 36 additions & 36 deletions
diff --git a/‎doc/networking.md‎
Lines changed: 27 additions & 27 deletions b/‎doc/networking.md‎
Lines changed: 27 additions & 27 deletions
diff --git a/‎doc/syslog.md‎
Lines changed: 15 additions & 16 deletions b/‎doc/syslog.md‎
Lines changed: 15 additions & 16 deletions
@@ -20,6 +20,10 @@ All notable changes to the project are documented in this file.
      the [`latest-boot` release][lastest-boot] tag
    - The `utils/mkimage.sh` script now supports fetching the bootloader
    - The raspberrypi-rpi64 board's bootloader is now aptly named rpi64
+- Add support for configuring TTL, ToS/DSCP, and Path MTU Discovery on GRE and
+  VXLAN tunnels.  This also changes the default TTL of tunnels to 64, from the
+  kernel default (*inherit*), which in turn fixes reported issues with dropped
+  OSPF Hello frames in GRE tunnels
 
 ### Fixes
 
 
@@ -21,10 +21,9 @@ with an address pool:
 
 ```
 admin@example:/> configure
-admin@example:/config/> edit dhcp-server
-admin@example:/config/dhcp-server/> edit subnet 192.168.2.0/24
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/> set pool start-address 192.168.2.100 end-address 192.168.2.200
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/> leave
+admin@example:/config/> edit dhcp-server subnet 192.168.2.0/24
+admin@example:/config/dhcp-server/…/192.168.2.0/24/> set pool start-address 192.168.2.100 end-address 192.168.2.200
+admin@example:/config/dhcp-server/…/192.168.2.0/24/> leave
 ```
 
 When setting up the server from the CLI, the system automatically adds a
@@ -70,21 +69,21 @@ To reserve specific IP addresses for clients based on their MAC address,
 hostname, or client ID:
 
 ```
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/> edit host 192.168.2.10
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/host/192.168.2.10/> set match mac-address 00:11:22:33:44:55
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/host/192.168.2.10/> set hostname printer
-admin@example:/config/dhcp-server/subnet/192.168.2.0/24/host/192.168.2.10/> leave
+admin@example:/config/dhcp-server/…/192.168.2.0/24/> edit host 192.168.2.10
+admin@example:/config/dhcp-server/…/192.168.2.10/> set match mac-address 00:11:22:33:44:55
+admin@example:/config/dhcp-server/…/192.168.2.10/> set hostname printer
+admin@example:/config/dhcp-server/…/192.168.2.10/> leave
 ```
 
 Match hosts using a client identifier instead of MAC address:
 
 ```
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/> edit host 192.168.1.50
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/host/192.168.1.50/> edit match
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/host/192.168.1.50/match/> set client-id hex c0:ff:ee
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/host/192.168.1.50/match/> leave
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/host/192.168.1.50/> set lease-time infinite
-admin@example:/config/dhcp-server/subnet/192.168.1.0/24/host/192.168.1.50/> leave
+admin@example:/config/dhcp-server/…/192.168.1.0/24/> edit host 192.168.1.50
+admin@example:/config/dhcp-server/…/192.168.1.50/> edit match
+admin@example:/config/dhcp-server/…/match/> set client-id hex c0:ff:ee
+admin@example:/config/dhcp-server/…/match/> leave
+admin@example:/config/dhcp-server/…/192.168.1.50/> set lease-time infinite
+admin@example:/config/dhcp-server/…/192.168.1.50/> leave
 ```
 
 The `hex` prefix here ensures matching of client ID is done using the
 
@@ -289,25 +289,25 @@ blocks external threats.
 admin@example:/config/> <b>edit firewall</b>
 admin@example:/config/firewall/> <b>set default wan</b>
 admin@example:/config/firewall/> <b>edit zone lan</b>
-admin@example:/config/firewall/zone/lan/> <b>set description "Internal LAN network - trusted"</b>
-admin@example:/config/firewall/zone/lan/> <b>set action accept</b>
-admin@example:/config/firewall/zone/lan/> <b>set interface eth1</b>
-admin@example:/config/firewall/zone/lan/> <b>set service ssh</b>
-admin@example:/config/firewall/zone/lan/> <b>set service dhcp</b>
-admin@example:/config/firewall/zone/lan/> <b>set service dns</b>
-admin@example:/config/firewall/zone/lan/> <b>end</b>
+admin@example:/config/firewall/…/lan/> <b>set description "Internal LAN network - trusted"</b>
+admin@example:/config/firewall/…/lan/> <b>set action accept</b>
+admin@example:/config/firewall/…/lan/> <b>set interface eth1</b>
+admin@example:/config/firewall/…/lan/> <b>set service ssh</b>
+admin@example:/config/firewall/…/lan/> <b>set service dhcp</b>
+admin@example:/config/firewall/…/lan/> <b>set service dns</b>
+admin@example:/config/firewall/…/lan/> <b>end</b>
 admin@example:/config/firewall/> <b>edit zone wan</b>
-admin@example:/config/firewall/zone/wan/> <b>set description "External WAN interface - untrusted"</b>
-admin@example:/config/firewall/zone/wan/> <b>set action drop</b>
-admin@example:/config/firewall/zone/wan/> <b>set interface eth0</b>
-admin@example:/config/firewall/zone/wan/> <b>end</b>
+admin@example:/config/firewall/…/wan/> <b>set description "External WAN interface - untrusted"</b>
+admin@example:/config/firewall/…/wan/> <b>set action drop</b>
+admin@example:/config/firewall/…/wan/> <b>set interface eth0</b>
+admin@example:/config/firewall/…/wan/> <b>end</b>
 admin@example:/config/firewall/> <b>edit policy loc-to-wan</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set description "Allow LAN traffic to WAN with SNAT"</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set ingress lan</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set egress wan</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set action accept</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set masquerade</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>leave</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set description "Allow LAN traffic to WAN with SNAT"</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set ingress lan</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set egress wan</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set action accept</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set masquerade</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>leave</b>
 </pre></code>
 
 ### Enterprise Gateway
@@ -317,28 +317,28 @@ resources.  We can build upon the Home/Office Router example above and add
 a DMZ zone with additional policies for controlled access.
 <code><pre>admin@example:/> <b>configure</b>
 admin@example:/config/> <b>edit firewall zone dmz</b>
-admin@example:/config/firewall/zone/dmz/> <b>set description "Semi-trusted public services"</b>
-admin@example:/config/firewall/zone/dmz/> <b>set action drop</b>
-admin@example:/config/firewall/zone/dmz/> <b>set interface eth1</b>
-admin@example:/config/firewall/zone/dmz/> <b>set service ssh</b>
-admin@example:/config/firewall/zone/dmz/> <b>end</b>
+admin@example:/config/firewall/…/dmz/> <b>set description "Semi-trusted public services"</b>
+admin@example:/config/firewall/…/dmz/> <b>set action drop</b>
+admin@example:/config/firewall/…/dmz/> <b>set interface eth1</b>
+admin@example:/config/firewall/…/dmz/> <b>set service ssh</b>
+admin@example:/config/firewall/…/dmz/> <b>end</b>
 admin@example:/config/firewall/> <b>edit policy loc-to-wan</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set description "Allow local networks (LAN+DMZ) to WAN with SNAT"</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set ingress dmz</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set egress wan</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set action accept</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>set masquerade</b>
-admin@example:/config/firewall/policy/loc-to-wan/> <b>end</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set description "Allow local networks (LAN+DMZ) to WAN with SNAT"</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set ingress dmz</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set egress wan</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set action accept</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>set masquerade</b>
+admin@example:/config/firewall/…/loc-to-wan/> <b>end</b>
 admin@example:/config/firewall/> <b>edit policy lan-to-dmz</b>
-admin@example:/config/firewall/policy/lan-to-dmz/> <b>set description "Allow LAN to manage DMZ services"</b>
-admin@example:/config/firewall/policy/lan-to-dmz/> <b>set ingress lan</b>
-admin@example:/config/firewall/policy/lan-to-dmz/> <b>set egress dmz</b>
-admin@example:/config/firewall/policy/lan-to-dmz/> <b>set action accept</b>
-admin@example:/config/firewall/policy/lan-to-dmz/> <b>end</b>
+admin@example:/config/firewall/…/lan-to-dmz/> <b>set description "Allow LAN to manage DMZ services"</b>
+admin@example:/config/firewall/…/lan-to-dmz/> <b>set ingress lan</b>
+admin@example:/config/firewall/…/lan-to-dmz/> <b>set egress dmz</b>
+admin@example:/config/firewall/…/lan-to-dmz/> <b>set action accept</b>
+admin@example:/config/firewall/…/lan-to-dmz/> <b>end</b>
 admin@example:/config/firewall/> <b>edit zone wan port-forward 8080 tcp</b>
-admin@example:/config/firewall/zone/wan/port-forward/8080/tcp/> <b>set to addr 192.168.2.10</b>
-admin@example:/config/firewall/zone/wan/port-forward/8080/tcp/> <b>set to port 80</b>
-admin@example:/config/firewall/zone/wan/port-forward/8080/tcp/> <b>leave</b>
+admin@example:/config/firewall/…/tcp/> <b>set to addr 192.168.2.10</b>
+admin@example:/config/firewall/…/tcp/> <b>set to port 80</b>
+admin@example:/config/firewall/…/tcp/> <b>leave</b>
 </pre></code>
 
 This adds a DMZ zone for public services, updates the internet access policy
 
@@ -1264,18 +1264,18 @@ control plane protocol.  For our examples we use the instance name
 For a route with destination 192.168.200.0/24 via 192.168.1.1:
 
     admin@example:/> configure
-    admin@example:/config/> edit routing control-plane-protocol static name default
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> set ipv4 route 192.168.200.0/24 next-hop next-hop-address 192.168.1.1
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol static name default ipv4
+    admin@example:/config/routing/…/ipv4/> set route 192.168.200.0/24 next-hop next-hop-address 192.168.1.1
+    admin@example:/config/routing/…/ipv4/> leave
     admin@example:/>
 
 For a "floating" static route with destination 10.0.0.0/16 via a backup
 router 192.168.1.1, using the highest possible distance:
 
     admin@example:/> configure
-    admin@example:/config/> edit routing control-plane-protocol static name default
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> set ipv4 route 10.0.0.0/16 next-hop next-hop-address 192.168.1.1 route-preference 254
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol static name default ipv4
+    admin@example:/config/routing/…/ipv4/> set route 10.0.0.0/16 next-hop next-hop-address 192.168.1.1 route-preference 254
+    admin@example:/config/routing/…/ipv4/> leave
     admin@example:/>
 
 > [!TIP]
@@ -1286,9 +1286,9 @@ router 192.168.1.1, using the highest possible distance:
 ### IPv6 Static routes
 
     admin@example:/> configure
-    admin@example:/config/> edit routing control-plane-protocol static name default
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> set ipv6 route 2001:db8:3c4d:200::/64 next-hop next-hop-address 2001:db8:3c4d:1::1
-    admin@example:/config/routing/control-plane-protocol/static/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol static name default ipv6
+    admin@example:/config/routing/…/ipv6/> set route 2001:db8:3c4d:200::/64 next-hop next-hop-address 2001:db8:3c4d:1::1
+    admin@example:/config/routing/…/ipv6/> leave
     admin@example:/>
 
 
@@ -1297,9 +1297,9 @@ router 192.168.1.1, using the highest possible distance:
 The system supports OSPF dynamic routing for IPv4, i.e., OSPFv2.  To
 enable OSPF and set one active interface in area 0:
 
-    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> set ospf area 0.0.0.0 interface e0 enabled
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default ospf
+    admin@example:/config/routing/…/ospf/> set area 0.0.0.0 interface e0 enabled
+    admin@example:/config/routing/…/ospf/> leave
     admin@example:/>
 
 > [!TIP]
@@ -1312,10 +1312,10 @@ enable OSPF and set one active interface in area 0:
 In addition to *regular* OSPF areas, area types *NSSA* and *Stub* are
 also supported.  To configure an NSSA area with summary routes:
 
-    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> set ospf area 0.0.0.1 area-type nssa-area
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> set ospf area 0.0.0.1 summary true
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default ospf
+    admin@example:/config/routing/…/ospf/> set area 0.0.0.1 area-type nssa-area
+    admin@example:/config/routing/…/ospf/> set area 0.0.0.1 summary true
+    admin@example:/config/routing/…/ospf/> leave
     admin@example:/>
 
 
@@ -1324,9 +1324,9 @@ also supported.  To configure an NSSA area with summary routes:
 It is possible to enable BFD per OSPF interface to speed up detection of
 link loss.
 
-    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/> set area 0.0.0.0 interface e0 bfd enabled true
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> leave
+    admin@example:/config/> edit routing control-plane-protocol ospfv2 name default ospf
+    admin@example:/config/routing/…/ospf/> set area 0.0.0.0 interface e0 bfd enabled true
+    admin@example:/config/routing/…/ospf/> leave
     admin@example:/>
 
 
@@ -1337,9 +1337,9 @@ and BFD for OSPF per interface (*bfd enabled true*).  These and other
 OSPF interface settings are done in context of an OSFP area, e.g., *area
 0.0.0.0*.  Available commands can be listed using the `?` mark.
 
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/> edit ospf area 0.0.0.0
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/area/0.0.0.0/> edit interface e0
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/area/0.0.0.0/interface/e0/> set ?
+    admin@example:/config/routing/…/> edit ospf area 0.0.0.0
+    admin@example:/config/routing/…/ospf/area/0.0.0.0/> edit interface e0
+    admin@example:/config/routing/…/ospf/area/0.0.0.0/interface/e0/> set ?
       bfd                  BFD interface configuration.
       cost                 Interface's cost.
       dead-interval        Interval after which a neighbor is declared down
@@ -1349,13 +1349,13 @@ OSPF interface settings are done in context of an OSFP area, e.g., *area
       passive              Enables/disables a passive interface.  A passive
       retransmit-interval  Interval between retransmitting unacknowledged Link
       transmit-delay       Estimated time needed to transmit Link State Update
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/area/0.0.0.0/interface/e0/> set
+    admin@example:/config/routing/…/ospf/area/0.0.0.0/interface/e0/> set
 
 For example, setting the OSPF *interface type* to *point-to-point* for
 an Ethernet interface can be done as follows.
 
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/area/0.0.0.0/interface/e0/> set interface-type point-to-point
-    admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/area/0.0.0.0/interface/e0/>
+    admin@example:/config/routing/…/ospf/area/0.0.0.0/interface/e0/> set interface-type point-to-point
+    admin@example:/config/routing/…/ospf/area/0.0.0.0/interface/e0/>
 
 #### OSPF global settings
 
@@ -1364,12 +1364,12 @@ global settings for route redistribution and OSPF router identifier.
 
 ```
 admin@example:/config/> edit routing control-plane-protocol ospfv2 name default ospf
-admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/> set ?
+admin@example:/config/routing/…/ospf/> set ?
   area                     List of OSPF areas.
   default-route-advertise  Distribute default route to network
   explicit-router-id       Defined in RFC 2328.  A 32-bit number
   redistribute             Redistribute protocols into OSPF
-admin@example:/config/routing/control-plane-protocol/ospfv2/name/default/ospf/> set
+admin@example:/config/routing/…/ospf/> set
 ```
 
 - Explicit router ID: By default the router will pick an IP address
 
@@ -23,17 +23,16 @@ For a list of available log facilities, see the table in a later section.
 
 ```
 admin@example:/> configure
-admin@example:/config/> edit syslog
-admin@example:/config/syslog/> edit actions log-file file:/media/log/mylog
-admin@example:/config/syslog/actions/log-file/file:/media/log/mylog/> set facility-list
+admin@example:/config/> edit syslog actions log-file file:/media/log/mylog
+admin@example:/config/syslog/…/file:/media/log/mylog/> set facility-list
       all    audit     auth authpriv  console     cron    cron2   daemon      ftp     kern
    local0   local1   local2   local3   local4   local5   local6   local7      lpr     mail
      news      ntp   syslog     user     uucp
-admin@example:/config/syslog/actions/log-file/file:/media/log/mylog/> set facility-list all severity
+admin@example:/config/syslog/…/file:/media/log/mylog/> set facility-list all severity
      alert       all  critical     debug emergency     error      info      none    notice   warning
-admin@example:/config/syslog/actions/log-file/file:/media/log/mylog/> set facility-list all severity critical
-admin@example:/config/syslog/actions/log-file/file:/media/log/mylog/> set facility-list mail severity warning
-admin@example:/config/syslog/actions/log-file/file:/media/log/mylog/> leave
+admin@example:/config/syslog/…/file:/media/log/mylog/> set facility-list all severity critical
+admin@example:/config/syslog/…/file:/media/log/mylog/> set facility-list mail severity warning
+admin@example:/config/syslog/…/file:/media/log/mylog/> leave
 admin@example:/>
 ```
 
@@ -137,11 +136,11 @@ perform time stamping at the time of arrival.
 Configuring the log format is the same for log files and remotes:
 
 ```
-admin@example:/config/> edit syslog actions log-file file:foobar 
-admin@example:/config/syslog/actions/log-file/file:foobar/> set log-format 
+admin@example:/config/> edit syslog actions log-file file:foobar
+admin@example:/config/syslog/…/file:foobar/> set log-format
                   bsd               rfc3164              rfc5424
-admin@example:/config/syslog/actions/log-file/file:foobar/> set log-format rfc5424 
-admin@example:/config/syslog/actions/log-file/file:foobar/> leave
+admin@example:/config/syslog/…/file:foobar/> set log-format rfc5424
+admin@example:/config/syslog/…/file:foobar/> leave
 admin@example:/>
 ```
 
@@ -163,13 +162,13 @@ up, as well as local policy.
 admin@example:/config/> edit syslog
        actions file-rotation        server
 admin@example:/config/> edit syslog actions destination moon
-admin@example:/config/syslog/actions/destination/moon/> set
+admin@example:/config/syslog/…/moon/> set
  facility-list    log-format           udp
-admin@example:/config/syslog/actions/destination/moon/> set udp
+admin@example:/config/syslog/…/moon/> set udp
  address    port
-admin@example:/config/syslog/actions/destination/moon/> set udp address 192.168.0.12
-admin@example:/config/syslog/actions/destination/moon/> set facility-list container severity all
-admin@example:/config/syslog/actions/destination/moon/> leave
+admin@example:/config/syslog/…/moon/> set udp address 192.168.0.12
+admin@example:/config/syslog/…/moon/> set facility-list container severity all
+admin@example:/config/syslog/…/moon/> leave
 admin@example:/>
 ```