Commit Graph

2390 Commits

Author SHA1 Message Date
Hans Dedecker
99e5bec2c6 netifd: quote vendorid and hostname variables in dhcp script
Quote hostname and vendorid variables in dhcp script so they can
hold strings having white spaces

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-07-12 14:33:49 +02:00
Kevin Darbyshire-Bryant
17f4d3967e samba: update smb template socket options defaults
Removed socket options = TCP_NODELAY IPTOS_LOWDELAY

TCP_NODELAY (disables Nagle algorithm) is default since samba2.
IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2)
The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1)

CS1 is a scavenger class, whilst CS2 is more OAM/interactive
(SNMP,SSH,syslog)

Using CS2 is definitely an abuse of DSCP classification, CS1 less so
however even if the ISP takes note of DSCP codings having a default that
sets traffic to CS2 is wrong.  Better to use the default Best Effort
class.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Kevin Darbyshire-Bryant
3dded42f05 iftop: fix mac address display
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Kevin Darbyshire-Bryant
527696674a igmpproxy: logging options - make work & improve
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy

Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Felix Fietkau
ad430c1080 hostapd: add a WDS AP fix for reconnecting clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-06 10:12:37 +02:00
neheb
a3e7d5e7ae samba: Update smb.conf.template
Removed some options which are default anyway and added bind interfaces
only which causes the interfaces line to actually have an effect. Can be
verified with netstat.

Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-07-05 22:59:14 +02:00
John Crispin
d643ee0260 umbim: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-07-05 22:59:13 +02:00
Jo-Philipp Wich
dd9afb8207 iwinfo: fix nl80211 phy lookup without platform prefix
Commit d9b20a6f35 (SVN r48426) changed the
mac80211 phy lookup logic to strip the platform/ directory component from
the phy path specification.

Fix iwinfo to follow that logic by trying to lookup phys both with and
without "platform/" prefix.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-07-04 16:26:38 +02:00
Hans Dedecker
ecbc138343 odhcp6c: Upstep to latest version
Following fixes are included in the latest version:
    -Script is launched with incorrect action
    -Possible buffer overflows
    -Lots of minor bugfixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-30 14:53:21 +02:00
Kevin Darbyshire-Bryant
6d7f54ccdb iproute2: cake AQM prepare tc for COBALT algorithm
Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead
of just using codel alone. This patch updates tc to cope with some new
stats produced by COBALT.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-30 00:43:03 +02:00
Hans Dedecker
c2bd469521 dnsmasq: Add broken realtime clock build switch in full variant
By default dnsmasq uses the time function; which returns the time since
Epoch; to retrieve the current time. On boards which have no realtime
clock this can lead to side effects when the time is synced via ntp
as the "time wrap" forces dhcp leases to be considered as expired.
By enabling the broken realtime clock build switch dnsmasq uses the
times utility which returns the number of clock tick.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
[Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 00:42:46 +02:00
Jo-Philipp Wich
f98f4601de openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.

Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.

Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 10:47:22 +02:00
Daniel Dickinson
4a3b8e0596 lldpd: Use /etc/os-release instead of /etc/openwrt_*
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-27 15:16:01 +02:00
Jo-Philipp Wich
cb7aa4b1fe ebtables: fix segmentation fault due to uninitialized extension data
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.

Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.

In order to fix the issue ...
 - remove the use of the -nostartfiles linker flag
 - rename the init procedures to a generic name without implicit semantics
 - explicitely annotate those init procedures as constructors

The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-24 15:59:36 +02:00
Kevin Darbyshire-Bryant
5acfe55d71 dnsmasq: dnssec time handling uses ntpd hotplug
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file.  This saves flash device wear.

If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.

If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
  dnsmasq checks dnssec timestamps
else
  sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
  sysntp script enabled & uci ntp enabled  - look for timestamp file
  sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
2016-06-24 13:53:39 +02:00
Hauke Mehrtens
3f38356893 packages: prefer http over git for git protocol
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-22 19:32:06 +02:00
Daniel Gimpelevich
7385f754b1 lantiq: Correct ADSL race condition
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-06-22 19:32:06 +02:00
Felix Fietkau
475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
Felix Fietkau
4e0a533f60 hostapd: fix breakage with non-nl80211 drivers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 19:28:55 +02:00
Jo-Philipp Wich
e2a9c638e7 hostapd: fix compilation error in wext backend
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-15 19:10:32 +02:00
Felix Fietkau
ef74d5cbf8 hostapd: implement fallback for incomplete survey data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:31:48 +02:00
Felix Fietkau
13b44abcff hostapd: update to version 2016-06-15
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:11:43 +02:00
Michal Hrusecky
b67af71181 hostapd: Update to version 2016-05-05
Fixes CVE-2016-4476 and few possible memory leaks.

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-06-15 17:11:18 +02:00
John Crispin
abc346db0e package/lantiq: make lantiq kernel modules work with xway_legacy
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Magnus Kroken
4260d11e8b openvpn: update to 2.3.11
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data

Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-06-13 22:51:43 +02:00
John Crispin
62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00
Jo-Philipp Wich
dd182011e1 swconfig: improve failure reporting
Report the translated error to the user if a get/set netlink operation failed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:51:22 +02:00
Kevin Darbyshire-Bryant
e815036460 dnsmasq: support hostid ipv6 address suffix option
Add support for hostid dhcp config entry to dnsmasq. This allows
specification of dhcpv6 hostid suffix and works in the same way as
odhcpd.

Entries in auto generated dnsmasq.conf should conform to:

dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname

example based on sample config/dhcp entry:

config host
        option name 'Kermit'
        option mac 'E0:3F:49:A1:D4:AA'
        option ip '192.168.235.4'
        option hostid '4'

dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-10 18:16:47 +02:00
Hans Dedecker
7eaacd4d23 dnsmasq: Add option --max-port
By default dnsmasq uses random ports for outbound dns queries;
when the maxport UCI option is specified the ports used will
always be smaller than the specified value.
This is usefull for systems behind firewalls.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-10 18:05:07 +02:00
Felix Fietkau
a88fc0db9d xtables-addons: add missing dependency
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-09 15:53:43 +02:00
Dirk Neukirchen
652ac2c6fd xtables-addons: update to 2.11
- fix compilation w. Kernel 4.6 due to
hash->shash crypto API
- remove a patch integrated upstream

- remove unrecognized configure option
removed upstream in 2010
commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-07 23:03:11 +02:00
Matteo Panella
20c608db0a openvpn: add support for tls-version-min
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 23:02:58 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Hannu Nyman
23147dd43a iproute2: Add support for cake qdisc
Add cake support to 'tc' in iproute2
  - Use a patch to modify tc instead of adding a new tc-adv package.
    Patch creates q_cake.c that matches commit 3314230bc4
  - Do not include the other things from tc-adv (cake0, cake2, pie etc.).

V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
v4 - KDB Split into individual patches, tc & kmod

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-06 14:58:11 +02:00
Felix Fietkau
754565a84b netifd: update to the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-06 15:46:35 +02:00
Dirk Neukirchen
04cb722e9f openvpn: remove unrecognized option
removed upstream in
9ffd00e754
now its always on

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-01 15:18:42 +02:00
Daniel Gimpelevich
96ad827e17 lantiq: fix segfault inside ltq-adsl-app
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-05-27 16:08:47 +02:00
Daniel Engberg
32ae0da2b7 iproute2: Use URL alias
Remove hardcoded URLs and use alias instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-05-24 19:42:49 +02:00
Daniel Engberg
6e7403e1e6 iw: Use URL alias
Remove hardcoded URL and use alias instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-05-24 19:41:52 +02:00
Dario Ernst
4d1c75c601 dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.
Fix a „semantic typo“ introduced in b78aae793e,
where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH.

Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
2016-05-24 16:31:17 +02:00
Daniel Dickinson
2ac21bd793 dnsmasq: Set the default dhcp lease file and resolv file
Instead of making assumptions about the leasefile and resolv file make sure
we use what the user configures, but fall back to defaults if no configuration
is specified

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-05-24 13:30:58 +02:00
Kevin Darbyshire-Bryant
a6e96998fb dnsmasq: update to dnsmasq v2.76
Update to dnsmasq2.76.  Refresh patches.  Add new patch to fix musl
'poll.h' location warning.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-24 13:30:58 +02:00
John Crispin
31293752c8 mdns: update to latest git HEAD
* fixes loopback handling

Signed-off-by: John Crispin <john@phrozen.org>
2016-05-23 10:26:32 +02:00
Felix Fietkau
b570c0c88e uhttpd: use configured distribution name for SSL certificate CN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-21 12:42:44 +02:00
Felix Fietkau
1d0d5ddb07 curl: remove axtls config option, the library does not exist in our tree
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 16:56:34 +02:00
Dirk Neukirchen
6aebc6b16b curl: update to 7.49
fixes:
 CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL

- remove crypto auth compile fix
curl changelog of 7.46 states its fixed

- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package

tested on ar71xx w. curl/mbedtls/wolfssl

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-19 16:56:34 +02:00
Kevin Darbyshire-Bryant
7938e8d60a dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-19 10:28:18 +02:00
Jo-Philipp Wich
85a59127a7 Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"
This reverts commit d830cb0882.

Reverting this commit due to a missing Signed-off-by.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-19 10:28:17 +02:00
Kevin Darbyshire-Bryant
d830cb0882 dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
2016-05-18 22:17:33 +02:00
Felix Fietkau
e30608b736 iw: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
df93d53a4b mac80211: update to wireless-testing 2016-05-12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Jo-Philipp Wich
1c61b21489 dropbear: update to 2016.73
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:

  94588	dropbear_2015.71-3_x86_64.ipk
  95316	dropbear_2016.73-1_x86_64.ipk

This is an increase of roughly 700 bytes after compression.

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-13 10:23:52 +02:00
Bert Vermeulen
34b6c8b075 iperf: Drop single-threaded variant
Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-12 03:29:36 +02:00
Bert Vermeulen
b4a23f83f9 iperf: Upgrade to version 2.0.8
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.

Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.

Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.

Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-12 03:29:36 +02:00
John Crispin
b8ab6af1a9 global: change my email address
Signed-off-by: John Crispin <john@phrozen.org>
2016-05-12 03:29:36 +02:00
Hans Dedecker
861266c9ec dropbear: Add --disable-utmpx again
The option --disable-utmpx was deleted by accident in commit 7545c1d;
add it again to the CONFIGURE_ARGS list

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-12 03:29:35 +02:00
Hans Dedecker
f9a3123bbf netifd: Remove hardcoded DHCP release option
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-11 16:46:17 +02:00
Bert Vermeulen
fda951c443 iftop: Update to latest version, and drop patch
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.

Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-10 14:06:50 +02:00
Jo-Philipp Wich
4076d863bd firewall3: fix mark rules for local traffic, fix race condition
Update to latest HEAD in order to fix MARK rule generation for local traffic,
also fix a possible race condition during firewall start.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-02 18:46:30 +01:00
Hans Dedecker
6a06cd8331 xtables-addons: Avoid redefinition of SHRT_MAX in lua packet script
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-02 18:28:01 +01:00
Hans Dedecker
ec9f6fe04d ppp: Add ppp-mod-passwordfd subpackage to ppp
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:41 +02:00
Hans Dedecker
ce9e5e16ff dnsmasq: Add conntrack support in the full variant
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:20 +02:00
Hans Dedecker
16122117a5 dropbear: Add procd interface triggers when interface config is specified
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:37 +02:00
Hans Dedecker
b3f6c4b3ac iproute2: Add package for nstat utility
Add support for the command line utility nstat displaying network statistics

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:17 +02:00
Hans Dedecker
7545c1d96b dropbear: Make utmp and putuline support configurable via seperate config options
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:47:48 +02:00
Hans Dedecker
a83f049b5b netifd: Add configurable DHCP release behavior
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:44:47 +02:00
Hans Dedecker
312cb987f9 xtables-addons: Fix Lua packet script implementation
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
2016-04-28 11:45:43 +02:00
Jo-Philipp Wich
b04a25491f package: flag further target specific packages as nonshared
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-26 23:26:43 +02:00
Hans Dedecker
81a5f1ac9e netifd: Send DHCP release when client exits
Let DHCP client send a release when it exists so the DHCP server is
informed the IP address is released and allowing to clean up IP/mac
state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-03-31 12:18:29 +02:00
Jo-Philipp Wich
564330e013 netifd: fix default ip rules
Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading
to unexpected policy rule precedence.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-31 00:05:02 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
John Crispin
3481d0d793 dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 49252
2016-04-26 11:44:10 +00:00
John Crispin
79c67071c6 xtables-addons: build: fix configure compatiblity with POSIX shells
Fixes build with /bin/sh pointing to certain versions of dash (for example
on Void Linux).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 49218
2016-04-21 19:47:26 +00:00
Hauke Mehrtens
a16ae0b6df curl: remove file accidentally committed in r49197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49199
2016-04-19 20:18:50 +00:00
Hauke Mehrtens
012da658a4 oxnas: add support for Akitio MyCloud mini
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 49197
2016-04-19 20:12:41 +00:00
Hauke Mehrtens
fc7368fd82 curl: fix deprecated 'depends' syntax
This was introduced in r49183

Reported-by: swalker
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49192
2016-04-17 15:35:18 +00:00
Hauke Mehrtens
3fabbb814d dnsmasq: Add enable parameter in the UCI DHCP host section
Parameter allows to enable/disable static leases; by default the value is 1
to keep backwards compatibility

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49187
2016-04-17 12:52:54 +00:00
Hauke Mehrtens
ba97a03d7d curl: add flags to allow gc-sections to strip out unused code
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49184
2016-04-17 12:51:57 +00:00
Hauke Mehrtens
a4d646cf15 curl: add config option for NTLM support
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49183
2016-04-17 12:51:41 +00:00
Hauke Mehrtens
a2b15e6c1d curl: upstep to latest version 7.48.0
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49182
2016-04-17 12:51:19 +00:00
Hauke Mehrtens
3830200d6a hostapd.sh: Add support for "anonymous_identity" config field
The wpa_supplicant supports an "anonymous_identity" field, which some
EAP networks require.  From the documentation:

anonymous_identity: Anonymous identity string for EAP (to be used as the
    unencrypted identity with EAP types that support different tunnelled
    identity, e.g., EAP-TTLS).

This change modifies the hostapd.sh script to propagate this field
from the UCI config to the wpa_supplicant.conf file.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Reviewed-by: Manuel Munz <freifunk@somakoma.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49181
2016-04-17 12:50:55 +00:00
Hauke Mehrtens
1414f1647d samba: fix some security problems
This fixes the following security problems:
* CVE-2015-7560
* CVE-2015-5370
* CVE-2016-2110
* CVE-2016-2111
* CVE-2016-2112
* CVE-2016-2115
* CVE-2016-2118

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49175
2016-04-16 20:06:34 +00:00
blogic
ac7858a0f3 odhcp6c : Silence mtu write error warnings
Silence warning "daemon.notice netifd: wan6 (1139): sh: write error: Invalid argument"
when an invalid MTU is received via RA as kernel refuses to accept IPv6 mtu values
which are smaller than 1280 and bigger than the device mtu.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

git-svn-id: svn+ssh://svn.openwrt.org/openwrt/trunk@49054 3c298f89-4303-0410-b956-a3cf2f4a3e73
2016-03-20 18:48:59 +00:00
John Crispin
0ca7071632 openvpn: add support for X.509 name options
x509-username-field was added in OpenVPN 2.2, and verify-x509-name was
added in 2.3. This fixes ticket #18807.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

SVN-Revision: 48969
2016-03-08 18:12:02 +00:00
Felix Fietkau
fa5688c432 ltq-vdsl-app: do not set the reserved bit 4 in the xTSE 8
I do not know if this causes any problems now, but we should not set
it, because it is reserved. Some more recent versions of the Lantiq DSL
API driver and Control is checking if only valid bits are set.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48948
2016-03-07 11:03:41 +00:00
Felix Fietkau
0d40211fad ltq-vdsl-app: make it possible to configure ADSL/VDSL independently
There are some cases where ISPs are running ATM over VDSL or PTM over
ADSL, this is not the common case, but these cases exist. Make it
possible to configure OpenWrt for such cases by adding a new config
option line_mode.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48947
2016-03-07 11:03:38 +00:00
Felix Fietkau
a4b818e0bb ltq-vdsl-app: sync annex option between from ADSL package
The detailed annex option were only available in the danube DSL app
including the activation of G.992.2 Annex A (ADSL Lite). This is now
also added to the vdsl app for the vrx200.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48946
2016-03-07 11:03:35 +00:00
Felix Fietkau
fb50282a62 ltq-adsl-app: sync annex option between from VDSL package
The adsl control app missed the activation of annex M and annex L in
the Annex A part, this now activates everything the firmware supports.
In Annex L type only the wide US (Mask1) was activated, now also the
narrow US (Mask2) version gets activated.
In addition annex J was also added.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48945
2016-03-07 11:03:32 +00:00
Felix Fietkau
a5a8ffb0b6 ltq-vdsl-app: make the dsl_control application stop cleanly
I am not calling dsl_cmd because I want to ignore the lock, quit
should also be send when someone else is accessing it. I saw that some
other call was stuck here and all following calls were stuck in the
dsl_cmd lock.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48943
2016-03-07 11:03:26 +00:00
Felix Fietkau
a937e160c8 ltq-vdsl-app: load the vrx200 firmware or patch it
This checks for the VRX firmware provided in the OpenWrt package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48940
2016-03-07 11:03:13 +00:00
Jo-Philipp Wich
dab37abc4d netifd: fix build error
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48920
2016-03-04 18:37:45 +00:00
Jo-Philipp Wich
81399345fe netifd: fix VTI ikey/okey endianess
Ensure that ikey and okey are sent in network byte order to the kernel.
Also don't mangle external IP addrs and routes when reconfiguring iinterfaces.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48919
2016-03-04 17:48:18 +00:00
John Crispin
b5bfb3534b dnsmasq: add host-specific lease time option for static hosts
Enable setting a host-specific lease time for static hosts.
The new option is called "leasetime" and the format is similar
as for the default lease time: e.g. 12h, 3d, infinite

Default lease time is used for all hosts for which there is
no host-specific definition.

The option is added to /etc/config/dhcp for the selected hosts:
  config host
        option name 'Nexus'
        option mac 'd8:50:66:55:59:7c'
        option ip '192.168.1.245'
        option leasetime '2h'

It gets appended to /var/etc/dnsmasq.conf like this:
  dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 48801
2016-02-26 09:13:03 +00:00
John Crispin
c503984876 dnsmasq: add dhcp relay option
Signed-off-by: dbugnar <dnbugnar@ocedo.com>

SVN-Revision: 48800
2016-02-26 08:35:48 +00:00
Hauke Mehrtens
9c394f4cbe linux-atm: activate format security checks
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48786
2016-02-25 22:00:34 +00:00
John Crispin
f94d2ec90f ltq-vdsl-app: Enable T1.413 in Annex A xTSE set
Before r47933 Bit 1 (first bit) of xTSE Octet 1 (first octet) defaulted
to 1, which allowed T1.413 to operate.

Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net>

SVN-Revision: 48763
2016-02-25 10:13:51 +00:00
Felix Fietkau
b4a1bd8992 dnsmasq: export tftp root to the procd jail
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48761
2016-02-25 09:24:31 +00:00
Felix Fietkau
5e84051a0f dnsmasq: only enable tftp if the tftp root exists
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48760
2016-02-25 09:24:24 +00:00
John Crispin
7a29f7c22d lldp: Upgrade to 0.9.0
Signed-off-by: Ben Kelly <ben@benjii.net>

SVN-Revision: 48738
2016-02-18 08:22:07 +00:00
John Crispin
8c7aa9b6e1 vti: fix kmod dependencies
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 48704
2016-02-12 08:30:18 +00:00
Jo-Philipp Wich
b78aae793e dropbear: honor CONFIG_TARGET_INIT_PATH
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48679
2016-02-08 14:28:57 +00:00
Felix Fietkau
d8684c7068 relayd: update to the latest version, fixes some more connectivity issues (#21817)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48655
2016-02-08 08:03:06 +00:00
Felix Fietkau
3f1c0c8ef7 iptables: using external kernel tree should not alter patch behaviour.
iptables is the only exception in the package tree, causing patch
behaviour to be inconsistent on this package.

Signed-off-by: Rick van der Zwet <rick.vanderzwet@anywi.com>

SVN-Revision: 48643
2016-02-07 13:29:27 +00:00
Felix Fietkau
2d7840b505 relayd: update to the latest version, fixes route table issues when connecting to the router
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48635
2016-02-05 15:59:41 +00:00
Rafał Miłecki
6219b3deae swconfig: support setting SWITCH_TYPE_LINK attributes
Supported syntax is inspired by ethtool. Example usages:
swconfig dev switch0 port 2 set link "duplex half speed 100"
swconfig dev switch0 port 2 set link "autoneg on"

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48624
2016-02-03 09:38:42 +00:00
Hauke Mehrtens
3a2e25bc77 curl: add support for mbedtls
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48615
2016-02-01 22:37:41 +00:00
Hauke Mehrtens
969ec949a8 curl: update curl to version 7.47.0
This fixes the following security problems:

CVE-2016-0754: remote file name path traversal in curl tool for Windows
http://curl.haxx.se/docs/adv_20160127A.html

CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
http://curl.haxx.se/docs/adv_20160127B.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48614
2016-02-01 22:37:05 +00:00
Felix Fietkau
29044db278 iproute2: refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48613
2016-02-01 18:04:00 +00:00
Felix Fietkau
6af8f1429d iproute2: Update to version 4.4
Update iproute2 to latest version 4.4 with full MPLS support.

Signed-off-by: André Valentin <avalentin@marcant.net>

SVN-Revision: 48612
2016-02-01 18:03:54 +00:00
Felix Fietkau
b3c9321b9e gre: Support multicast configurable gre interfaces
UCI paramater multicast is added which allows to toggle multicast support on gre interfaces.
By default multicast support is enabled as gre tunnels are often used in combination with
routing protocols using multicast.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>

SVN-Revision: 48596
2016-02-01 12:02:11 +00:00
Felix Fietkau
208b3098f0 netifd: update to the latest version, adds many fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48595
2016-02-01 12:02:05 +00:00
Jo-Philipp Wich
6064710b90 firewall: drop invalid by default, remove chain indirection, fix invert flags (#21738)
* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48551
2016-01-29 17:26:41 +00:00
Felix Fietkau
eb47ddd557 hostapd: remove useless TLS provider selection override for wpad-mesh/wpa_supplicant-mesh
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48537
2016-01-28 22:42:14 +00:00
Felix Fietkau
18b2f2d694 hostapd: fix mesh interface bridge handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48529
2016-01-28 17:20:10 +00:00
Felix Fietkau
b4ef1fca48 hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48528
2016-01-28 17:19:48 +00:00
Felix Fietkau
924407b253 hostapd: update to version 2016-01-15
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48527
2016-01-28 17:19:13 +00:00
Jo-Philipp Wich
d8da5c5630 dnsmasq: Don't add local hostname if ula prefix is not specified
Commit 6a7e56b adds support for adding local hostname for own lan ula adress
but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1)
causing dnsmasq not to start up.
Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the
UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 48495
2016-01-25 17:47:22 +00:00
Felix Fietkau
565570cfd5 package/uhttpd: generate 2048 bit RSA key
RSA keys should be generated with sufficient length.
Using 1024 bits is considered unsafe.
In other packages the used key length is 2048 bits.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

SVN-Revision: 48494
2016-01-25 17:42:25 +00:00
Jo-Philipp Wich
0ae15ad439 iwinfo: add support for VHT rates to Lua binding
Update to Git HEAD in order to include VHT rate support in the Lua binding.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48488
2016-01-25 15:04:29 +00:00
Jo-Philipp Wich
94d665239e iwinfo: add support for VHT rates
Update to upstream Git HEAD to include VHT rate support and a number of
coverity scan fixes.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48487
2016-01-25 14:31:32 +00:00
Jo-Philipp Wich
eda1ea9eaa iptables: improve iptables listing output of xt_id match
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48478
2016-01-24 18:01:40 +00:00
Felix Fietkau
98a9177342 linux-atm: add missing br2684ctl patch chunk
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48458
2016-01-23 15:24:19 +00:00
Felix Fietkau
fe2007bb07 ltq-vdsl-app: mask out VDSL bits when ATM is selected, fixes compatibility issues with some DSLAMs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48457
2016-01-23 12:37:17 +00:00
Felix Fietkau
908d281beb qos-scripts: bump version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48455
2016-01-22 13:06:09 +00:00
Felix Fietkau
d3f3132057 qos-scripts: Add IPv6 support
This adds IPv6 support to qos-scripts for both tc/qdisc and the
iptables classification rules.  The tc/qdisc part is accomplished
by removing "protocol ip" from the tc command line, causing the
rule to be applied to all protocols.  The iptables part is
accomplished by adding each rule using both iptables and ip6tables.

This patch is based on previous work by Ilkka Ollakka and
Dominique Martinet.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48452
2016-01-22 11:59:03 +00:00
Felix Fietkau
269ab387ff qos-scripts: Allow classification by the traffic's source interface
This adds a "srciface" option that can be used on classification
rules in /etc/config/qos.  This is useful to allow prioritization
based on the local network from which the traffic originates, for
example to deprioritize traffic from a guest network.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48446
2016-01-21 23:22:06 +00:00
Felix Fietkau
b1f1b528a1 qos-scripts: stop overriding tx queue length
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48445
2016-01-21 22:26:15 +00:00
Felix Fietkau
c49bc55669 netifd: update to the latest version, adds a cosmetic fix for a wpa related variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48397
2016-01-20 19:11:41 +00:00
Felix Fietkau
99856ebf5c 6in4: use uclient-fetch instead of wget/curl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48391
2016-01-20 10:15:29 +00:00
Felix Fietkau
5cafb9240e qos-scripts: Fix classification of ingress traffic
Set the save-mark mask for the qos_${cg} chain to 0xff instead of
0xf0.  With the old value, the nibble that was saved would be
masked during the restore, preventing ingress traffic from being
classified.  Thanks to nbd for recommending the fix.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48388
2016-01-19 23:56:34 +00:00
Felix Fietkau
208b96cacd uhttpd: fix typo in default config for px5g
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48385
2016-01-19 23:27:14 +00:00
Jo-Philipp Wich
939b944c6e Revert "6in4: Corrected tunnelbroker tunnel update URL"
The auth change appears to break the endpoint update for most users and with
my local tests the old update url works just fine.

This reverts commit 99c03a88cb6fed0519efdfaac305794653a12542.

SVN-Revision: 48384
2016-01-19 23:25:38 +00:00
Felix Fietkau
faad8b68a4 wpa_supplicant: add support for EAP-TLS phase2
Introduce config options client_cert2, priv_key2 and priv_key2_pwd
used for EAP-TLS phase2 authentication in WPA-EAP client mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48345
2016-01-19 10:06:29 +00:00
Felix Fietkau
3b15eb0ade hostap/wpa_supplicant: enable EAP-FAST in -full builds
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48344
2016-01-19 10:06:23 +00:00
Felix Fietkau
808a605453 uhttpd: add option for mbedtls
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48343
2016-01-19 10:06:18 +00:00
Felix Fietkau
f6e38ec125 br2684ctl: resolve a boot time race condition with nas0 bringup by using explicit notification when init is done
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48321
2016-01-18 15:35:30 +00:00
Felix Fietkau
262f054c6e br2684ctl: add support for notifying nas* bringup via a script
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48320
2016-01-18 15:35:24 +00:00
Felix Fietkau
614ebec4d2 firewall: add CONFIG_IPV6 to PKG_CONFIG_DEPENDS to fix a rebuild error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48315
2016-01-18 13:21:37 +00:00
Felix Fietkau
3c8827fa7f iptables: fix rebuild errors on configuration changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48314
2016-01-18 13:21:32 +00:00
Felix Fietkau
e4cf25cfab wpa_supplicant: improve generating phase2 config line for WPA-EAP
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...

The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.

Examples:
  eap_type   auth
  'ttls'     'EAP-MSCHAPV2'     -> phase2="autheap=MSCHAPV2"
  'ttls'     'MSCHAPV2'         -> phase2="auth=MSCHAPV2"
  'peap'     'EAP-GTC'          -> phase2="auth=GTC"

Deprecated syntax supported for compatibility:
  'ttls'     'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"

I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48309
2016-01-18 11:40:44 +00:00
Felix Fietkau
495935a3b8 iproute2: remove odd conffiles generation
This was generating a conffiles list that included the binary
and CONTROL/ files.

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>

SVN-Revision: 48296
2016-01-17 20:41:09 +00:00
Jo-Philipp Wich
5cf88bb032 netifd: fix PKG_VERSION (#21630)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48280
2016-01-17 17:15:01 +00:00
Felix Fietkau
e2e8cb8347 network: add virtual tunnel interface (VTI) support
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.

Example config:
config interface 'vti1'
	option proto 'vti'
	option mtu '1500'
	option tunlink 'wan'
	option peeraddr '192.168.5.16'
	option zone 'VPN'
	option ikey 2
	option okey 2

config interface 'vti1_static'
	option proto 'static'
	option ifname '@vti1'
	option ipaddr '192.168.7.2/24'

The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
	left=%any
	leftcert=peer2.test.der
	leftid=@peer2.test
	right=192.168.5.16
	rightid=@peer3.test
	leftsubnet=0.0.0.0/0
	rightsubnet=0.0.0.0/0
	mark=2
	auto=route

Signed-off-by: André Valentin <avalentin@marcant.net>

SVN-Revision: 48274
2016-01-17 11:06:02 +00:00
Felix Fietkau
eb1ac66ce7 netifd: update to the latest version, adds VTI support and a policy routing fix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48273
2016-01-17 11:05:53 +00:00
Felix Fietkau
56f6d35716 dnsmasq: Add option --min-port
By default dnsmasq uses random ports for outbound dns queries;
when the minport UCI option is specified the ports used will
always be larger than the specified value.
This is usefull for systems behind firewalls.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 48244
2016-01-15 11:24:15 +00:00
Felix Fietkau
64c23711ea dropbear: update version to 2015.71
Update dropbear to version 2015.71, released on 3 Dec 2015.
Refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 48243
2016-01-15 11:24:09 +00:00
Jo-Philipp Wich
722badfa82 dnsmasq: add local hostname record for own lan ula address as well
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48214
2016-01-12 10:03:50 +00:00
Rafał Miłecki
2611a5538e hostapd: fix disassociation with FullMAC drivers and multi-BSS
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48202
2016-01-11 18:51:47 +00:00
Felix Fietkau
37a57c1d71 openvpn: update to version 2.3.10
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48201
2016-01-11 18:37:28 +00:00
Felix Fietkau
4c7983a00a dropbear: enable curve25519 support by default, increases compressed binary size by ~5 kb
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48196
2016-01-10 22:38:59 +00:00
Felix Fietkau
1455b5b89a dropbear: split out curve25519 support into a separate config option
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48195
2016-01-10 22:38:53 +00:00
Felix Fietkau
6c40914c0c hostapd: fix post v2.4 security issues
- WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141)
- EAP-pwd peer: Fix payload length validation for Commit and Confirm
  (CVE-2015-4143)
- EAP-pwd server: Fix payload length validation for Commit and Confirm
  (CVE-2015-4143)
- EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
  (CVE-2015-4144, CVE-2015-4145)
- EAP-pwd server: Fix Total-Length parsing for fragment reassembly
  (CVE-2015-4144, CVE-2015-4145)
- EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146)
- NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041)
- WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
  (CVE-2015-5310)
- EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315)
- EAP-pwd server: Fix last fragment length validation (CVE-2015-5314)
- EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316)

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

SVN-Revision: 48185
2016-01-10 17:03:37 +00:00
Felix Fietkau
1aa774053b openvpn: added service_triggers() to init script
Follow up of #21469
This patch enables autoreloading openvpn via procd.

Signed-off-by: Federico Capoano <nemesis@ninux.org>

SVN-Revision: 48150
2016-01-07 21:08:05 +00:00
Rafał Miłecki
a09e713299 swconfig: support sending SWITCH_TYPE_LINK to kernel
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48141
2016-01-06 18:32:13 +00:00
Felix Fietkau
44b6a5e549 samba36: add three CVE patches from 2015-12-16
This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A
patchset for these vulnerabilities was published on 16th December 2015.

Signed-off-by: Jan Čermák <jan.cermak@nic.cz>

SVN-Revision: 48133
2016-01-05 10:42:52 +00:00
Felix Fietkau
f500c8f3ac relayd: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48129
2016-01-04 15:13:17 +00:00
Felix Fietkau
9632c00435 firewall: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48128
2016-01-04 15:13:10 +00:00
Felix Fietkau
286e0917f3 uqmi: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48124
2016-01-04 15:12:33 +00:00
Felix Fietkau
a5dc438274 uhttpd: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48122
2016-01-04 15:12:21 +00:00
Felix Fietkau
9cd6162b63 packages: use OPENWRT_GIT to point at the main openwrt git repo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48118
2016-01-04 15:11:49 +00:00
Felix Fietkau
c5dfbea1e8 package/network/config/gre: ipv6 gre kmod package name was wrong
Source package gre was depending on kmod-ip6-gre, however the actual
kernel module package that is created is kmod-gre6.  Therefore
update (source) package gre for ipv6 gre support.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 48100
2016-01-03 20:57:06 +00:00
Felix Fietkau
74c36b9d20 wpa_supplicant: set regulatory domain the same way as hostapd
In sta-only configuration, wpa_supplicant needs correct regulatory
domain because otherwise it may skip channel of its AP during scan.

Another alternative is to fix "iw reg set" in mac80211 netifd script.
Currently it fails if some phy has private regulatory domain which
matches configured one.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 48099
2016-01-03 20:56:57 +00:00
Felix Fietkau
8e9eed3442 iproute2: update to 4.3.0
iproute2-4.0 had connmark support added by nbd.  This does not work
with 4.x kernels.  iproute2-4.3 is the latest version and has his
changes mainlined.  This patch updates the package to iproute2-4.3
and fixes the patches so that it compiles.  This should resolve
ticket #21374.

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>

SVN-Revision: 48098
2016-01-03 20:56:45 +00:00
John Crispin
dc69b89c24 ltq-vdsl-app: re-add lowlevel settings
Add back a slightly modified version of the lowlevel settings which
where removed with r46920.

In compare to the old lowlevel settings, the B43c tone is added to
tone_adsl_b and tone_adsl_bv.

If an unsupported tone value is used, the auto probing mode is used, in
compare to the fallback to tone_adsl_av and tone_vdsl_av with the old
lowlevel settings.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48054
2016-01-01 21:20:24 +00:00
John Crispin
4908088268 ltq-vdsl-app: enable G.993.5 XTSE bit by default
According to ITU-T G.997.1 Amendment 2 (04/2013) section 2.1, bit 3 of
XTSE octet 8 either allow or denies the initialization of G.993.5.

Even if the current redistributable xDSL firmware doesn't include
G.993.5 vectoring support, enable this bit by default to allow people to
get their G.993.5 line working using a custom xDSL firmware.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48053
2016-01-01 21:20:16 +00:00
John Crispin
846124f536 ltq-vdsl-app: let the driver/app probe the xtse on missing annex
r47933 revealed that the driver/app in combination with the chosen
firmware does a good job in selecting a working xtse.

Use this probing mode if no annex is specified.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48052
2016-01-01 21:20:08 +00:00
John Crispin
7816dffd03 ltq-vdsl-app: add/enable missing G.993.2 XTSE bits
This patch adds the missing VDSL2 bits to the annex specific XTSE (like
it should be according to the comments above the XTSE bits).

Since r47933 it's mandatory to remove the annex option to switch to
VDSL2 (only) operation mode.

As shown by ticket #21436 and a few mails I received personally, even
experienced users are not aware that they have to remove the annex
option to get their VDSL2 line working and as shown by this patch it
doesn't need to be that "complicated".

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48051
2016-01-01 21:20:02 +00:00
John Crispin
2625c5621d ltq-vdsl-app: use the final xtse format
This way we can drop the call to sed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48050
2016-01-01 21:19:55 +00:00
Nicolas Thill
98f27a223d dante: fix MD5SUM
MD5SUM is wrong, it was not updated during last update to v1.4.1.

Thanks to Daniel Dickinson <openwrt@daniel.thecshore.com> for reporting it.

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 48017
2015-12-31 09:20:59 +00:00
Hauke Mehrtens
f80cee1ce5 6in4: Corrected tunnelbroker tunnel update URL
Changed the tunnel update URL into format tunnelbrokers
example has, that made it work again. Current method gives "Username/Password
Authentication Failed." when I tried the wget line manually and logread
eventually says also "6in4: update failed". With corrected URL it works fine:
"good 111.222.333.444" or "nochg 111.222.333.444" and logread concurs with
success, and tunnel actually updates.

Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi>
Signed-off-by: Sami Olmari <sami@olmari.fi>

SVN-Revision: 48006
2015-12-27 20:42:26 +00:00
John Crispin
8536afae6f swconfig: support receiving SWITCH_TYPE_LINK from kernel
When using cli, print link state the same way kernel used to do it.
This will allow kernel switching PORT_LINK from SWITCH_TYPE_STRING.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47998
2015-12-23 19:24:45 +00:00
John Crispin
7029ee5abe openvpn: fix configure options
- eurephia:
commit: Remove the --disable-eurephia configure option

- fix option name:
http proxy option is now called http-proxy (see configure.ac)

fixes:
configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 47979
2015-12-23 14:44:24 +00:00
John Crispin
fde2ac3537 package/lldpd: Remove extraneous select
Only the conditional dependency ought to be required;
if build fails with JSON there is some other problem
at work.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 47976
2015-12-23 14:44:05 +00:00
John Crispin
a621edbb0a dnsmasq: Add option --no-ping
By default dnsmasq sends an ICMP echo request before allocating
an IP address to a host; the uci option noping allows to disable
this check.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 47974
2015-12-23 14:43:41 +00:00
Felix Fietkau
f45697d904 dnsmasq: changed option nonwildcard to --bind-dynamic
Changed option nonwildcard from --bind-interfaces into --bind-dynamic.
With this, Dnsmasq binds the address of individual interfaces, allowing multiple
dnsmasq instances, but if new interfaces or addresses appear, it automatically
listens on those. This makes dynamically created interfaces work in the same way as
the default, but allows also use of other DNS-servers (like Named) at the same time
on diffirent interfaces where Dnsmasq is NOT configured, whereas with
--bind-interfaces will still reserve every interface even if not used and thus
disallowing use of any other DNS-program even on unused interfaces.

Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi>
Signed-off-by: Sami Olmari <sami@olmari.fi>

SVN-Revision: 47953
2015-12-19 13:18:26 +00:00
Felix Fietkau
41aa066df9 ltq-vdsl-app: enable Annex-M support, disable unsupported Annex-A modes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47934
2015-12-18 21:47:49 +00:00
Felix Fietkau
57ccd6c9e7 ltq-vdsl-app: remove whitespace after -i, it prevents vdsl_cpe_control from parsing the XTSE bits
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47933
2015-12-18 21:47:33 +00:00
John Crispin
fa532b839f network/services/lldpd: Fix missing dependency when using JSON
Using the JSON output option depends on json library so
add select json-c library when JSON output is selected.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 47928
2015-12-17 09:30:16 +00:00
John Crispin
a418d03d6d dante: update to 1.4.1
- 1.4.x has IPv6 support

- set C std explicitly due to gcc 5 changes/old code style of dante
- disable pam via configure vars since detection of without pam option
  is broken (-lpam gets linked in if available)
- remove and refresh patches

only compile tested

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 47926
2015-12-17 09:29:54 +00:00
Felix Fietkau
a99c78a09a netifd: update to the latest version, fixes more route table issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47897
2015-12-16 23:15:15 +00:00
Felix Fietkau
513702e658 netifd: update to the latest version, fixes reload issues on routing table changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47893
2015-12-15 11:01:47 +00:00
Felix Fietkau
510f5a7209 linux-atm: add wrapper for br2684ctl to defer nasX device bringup
Fixes a race condition on netifd device bringup.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47891
2015-12-14 11:02:12 +00:00
Felix Fietkau
be00acca5a lantiq: ltq-vdsl-app: cleanup Makefile
- CONFIG_IFX_CLI is unused, couldn't find any reference to this config variable
- use disable-feature instead of enable-feature=no
- reorder configure args to have depending args together
- remove configure args which set the default value
- group enable-model and configure args which enable or disable features that
  are covered by the feature set

The config.log contains the same values as before. The vdsl_cpe_control binary
has the same checksum as before.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47888
2015-12-13 17:04:12 +00:00
Felix Fietkau
d984e3836f lantiq: ltq-vdsl-app: re-add showtime counters support
The typicial feature set doesn't include "DSL PM showtime counters support"
(INCLUDE_DSL_CPE_PM_SHOWTIME_COUNTERS). This feature provides the
vdsl_cpe_control command 'pmccsg', which is used by 'dsl_control status' to get
the line uptime.

The binary size increases to 103912 byte (+4256 byte) uncompressed.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 47887
2015-12-13 17:04:02 +00:00
John Crispin
725fc09cec dnsmasq: Add option "--all-servers"
Add the option "--all-servers" which forces dnsmasq to send all
queries to all servers and then take the first answer.

Signed-off-by: Andréas Gustafsson <gurgalof@gmail.com>

SVN-Revision: 47857
2015-12-11 15:06:59 +00:00
Felix Fietkau
f2b0ae8698 br2684ctl: add atm-bridge disabled option
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47830
2015-12-10 14:40:55 +00:00
Felix Fietkau
47ecb5dfd2 br2684ctl: fix config reload trigger
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47829
2015-12-10 14:40:19 +00:00
Felix Fietkau
6fb259b6df netifd: ifup-shellscript - fix wrong usage of 'local'
this error was not visible until recent bump to
busybox 1.24.1 stable which introduced a warning message
when keyword 'local' is not used with a shell-function.

this does not change behavior and is a cosmetic cleanup.
fixes the following output:

root@box:~ ifup <interface>
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 362: not in a function
/sbin/ifup: local: line 1: not in a function

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 47828
2015-12-10 12:53:30 +00:00
Felix Fietkau
b580ebb5a8 lldpd: add STOP=01 param in init script
This should ensure that lldpd is among the first processes to stop,
so that it has time to send the shutdown LLDPU to the other side,
before the network goes down.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47786
2015-12-05 09:57:19 +00:00
Felix Fietkau
cbb1227c4c iw: add VHT80 support for 802.11s
Support next to the non-HT/HT channel widths like HT20 or NOHT also VHT80
channels during the mesh join

    iw dev mesh0 mesh join "meshnet" freq 5180 80MHz

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47782
2015-12-05 09:52:18 +00:00
Felix Fietkau
5425d27339 iw: add VHT80 support for IBSS
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47780
2015-12-05 09:52:02 +00:00
Felix Fietkau
9dd65e5493 iw: display interface TX power if available
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47779
2015-12-05 09:51:53 +00:00
Felix Fietkau
c9cb3f4d1c iw: sync nl80211.h with compat-wireless 2015-10-26
Fix the id of NL80211_ATTR_WIPHY_ANTENNA_GAIN for antenna_gain command when
using compat-wireless 2015-10-26.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47778
2015-12-05 09:51:48 +00:00
Felix Fietkau
a86a5699d9 iw: update to version 4.3
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47777
2015-12-05 09:51:39 +00:00
Felix Fietkau
7516989383 lantiq: debloat the ltq-vdsl-app binary
Use the 'typical' compile configuration instead of 'full', which most
notably excludes the soap support.

/sbin/vdsl_cpe_control shrinks down to ~50%, from 178kb(!) to 90kb.

Signed-off-by: Andre Heider <a.heider@gmail.com>

SVN-Revision: 47769
2015-12-04 20:26:17 +00:00
Felix Fietkau
1d1265b40b br2684ctl: convert init script to procd, add hotplug/reload support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47765
2015-12-04 17:44:00 +00:00
Felix Fietkau
435e7fb295 lantiq: move esi calls to dsl_cpe_control scripts to fix ordering wrt. loading vr9 drivers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47764
2015-12-04 17:42:51 +00:00
Jonas Gorski
9c0ca6082d xtables-addons: update to 2.10
Fixes compilation with linux 4.4.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 47699
2015-12-02 22:19:11 +00:00
Felix Fietkau
59dbc9fa4e netifd: update to the latest version, fixes an issue with moving a wifi iface to a different network
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47683
2015-12-02 13:52:08 +00:00
John Crispin
11f2007895 lantiq: ltq-vdsl-app: update to version 4.16.6.3
In this upstream dsl driver app version the autoboot is deactivated activate
it again.
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47637
2015-11-24 20:41:30 +00:00
John Crispin
41587675ec lantiq: ltq-vdsl-app: add dsl_cpe_pipe.sh
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>

SVN-Revision: 47636
2015-11-24 20:41:18 +00:00
Felix Fietkau
f5970b9472 qos-scripts: remove faulty fallback of the device variable to eth0 (#20834)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47629
2015-11-24 20:30:06 +00:00
John Crispin
3afe39af72 wpa-supplicant: Get 802.11s ssid information from option mesh_id
The scripts for authsae and iw use the option mesh_id to get set the
"meshid" during a mesh join. But the script for wpad-mesh ignores the
option mesh_id and instead uses the option ssid. Unify the mesh
configuration and let the wpa_supplicant script also use the mesh_id from
the configuration.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47615
2015-11-24 18:28:44 +00:00
John Crispin
939175e9f2 authsae: Use kbit/s as mcast_rate unit like wpad
The OpenWrt wireless configuration for mcast_rate is defined as Kbit/s when
using wpa_supplicant for IBSS/802.11s and iw for unencrypted IBSS/802.11s.
But when using authsae, the unit for the same option is redefined as
Mbit/s. Better use the same unit for this option independent of the backend
which is used.

Old values for mcast_rate (< 1000) are still interpreted Mbit/s to avoid
problems during upgrades from older versions.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47614
2015-11-24 18:28:35 +00:00
John Crispin
b816d6276d authsae: Fix meshid in authsae config
The variable $mesh_id was never defined in authsae_start_interface and thus
the option meshid in $authsae_conf_file was always set to "".

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47613
2015-11-24 18:28:19 +00:00
Hauke Mehrtens
e5ef5d7be4 iperf: activate format-security checks
This patch was taken from debian.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47586
2015-11-22 14:18:40 +00:00
John Crispin
deff5fb6c8 conntrack-tools: create /etc/conntrackd directory
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 47571
2015-11-21 21:26:20 +00:00
John Crispin
b143506b17 conntrack-tools: use INSTALL_DIR once
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 47570
2015-11-21 21:26:12 +00:00
Steven Barth
0c450f1f47 odhcpd: correctly handle netlink congestion case
Thanks to @ktgeek and @willmo for diagnosing

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 47514
2015-11-19 11:49:21 +00:00
Jo-Philipp Wich
49b3fc70e5 netifd: fix device status reporting for external interfaces
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47493
2015-11-17 16:34:43 +00:00
Felix Fietkau
96a66d683b ltq-app-vdsl: convert init script to procd, add support for switching between atm and ptm
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47485
2015-11-16 11:02:14 +00:00
Felix Fietkau
970a393fd4 conntrack-tools: preserve /etc/conntrackd during upgrade
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 47480
2015-11-15 21:34:15 +00:00
Felix Fietkau
124b8c653f xtables-addons: update to 2.9
Fixes compilation with Linux 4.3. Runtime tested on Ubiquiti EdgeRouter
Lite with Linux 3.18, 4.1 and 4.3.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 47470
2015-11-15 21:33:07 +00:00
Felix Fietkau
e4859508be netifd: update to the latest version, contains several fixes, including one for interface ip4/ip6table for device routes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47460
2015-11-12 00:24:27 +00:00
Felix Fietkau
047f9ef8eb hostapd: Use network_get_device instead of uci_get_state
This fixes the IAPP functionality.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>

SVN-Revision: 47455
2015-11-11 08:34:59 +00:00
Luka Perkov
b18c9d271e uhttpd: add support for configuration option ubus_cors
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47448
2015-11-10 22:28:45 +00:00
Felix Fietkau
b613c96d94 openvpn: enable options consistency check even in the small build
Only costs about 3k compressed, but significantly improves handling of
configuration mismatch

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47439
2015-11-10 12:04:04 +00:00
Felix Fietkau
4eb55d71de conntrack-tools: split into conntrack/conntrackd
as conntrack and conntrackd are completely independent programs,
serving a different purpose.

Also split by other distributions, as Debian and Ubuntu.

Signed-off-by: Ulrich Weber <uw@ocedo.com>

SVN-Revision: 47424
2015-11-08 20:39:49 +00:00
Felix Fietkau
1361a863df conntrack-tools: upgrade to 1.4.3
Signed-off-by: Ulrich Weber <uw@ocedo.com>

SVN-Revision: 47423
2015-11-08 20:39:44 +00:00
Felix Fietkau
17ce564107 conntrack-tools: remove default config file
default configuration will fill up disk by
writing /var/log/conntrackd-stats.log

Introduced due init script auto start.

Signed-off-by: Ulrich Weber <uw@ocedo.com>

SVN-Revision: 47422
2015-11-08 20:39:37 +00:00
Felix Fietkau
1d6a530fe6 uhttpd: update to the latest version, adds support for redirect helper scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47419
2015-11-08 20:39:09 +00:00
Felix Fietkau
322de4101a lldpd: implement a reload hook
Seems the default one is not working as expected.
The way that reload should work is that the 'start' service
call should return 1 (if lldpd is running) and then a normal
restart would be called.

However, for lldpd a reload would mean just clearing all custom TLVs
(if they're configured) and reloading the configuration.

So, this patch adds a reload hook, which would:
 - 'start' lldpd if it's not running (because we return 1 if not running)
 - reload configuration if it is running (also previously
    clearing custom TLVs if present)

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47367
2015-11-03 11:59:09 +00:00
Felix Fietkau
460640b6d7 hostapd: add default value to eapol_version (#20641)
r46861 introduced a new option eapol_version to hostapd, but did not
provide a default value. When the option value is evaluated,
the non-existing value causes errors to the systen log:
"netifd: radio0: sh: out of range"

Add a no-op default value 0 for eapol_version. Only values 1 or 2 are
actually passed on, so 0 will not change the default action in hostapd.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 47361
2015-11-02 18:12:54 +00:00
Felix Fietkau
8ca8fd757a iproute2: always use -DHAVE_SETNS, since the old uclibc is gone now
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47358
2015-11-02 18:12:23 +00:00
Felix Fietkau
0a95179556 samba: convert init script to procd, add reload support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47292
2015-10-30 15:32:54 +00:00
Felix Fietkau
6de8a82f85 iproute2: fix compile with uClibc-ng
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 47291
2015-10-30 15:20:41 +00:00
Felix Fietkau
f79bae2fc0 relayd: update to the latest version, fixes some issues found by Coverity
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47285
2015-10-30 15:17:47 +00:00
John Crispin
4725cde867 omcproxy: fix PKG_LICENSE string
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 47264
2015-10-26 09:01:48 +00:00
John Crispin
27002c207e uhttpd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47240
2015-10-20 18:16:05 +00:00
John Crispin
00df239f60 uhttpd: update to latest git revision
adds URL alias support

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 47206
2015-10-19 10:08:01 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Steven Barth
8e9196d1cb 6in4: add tunlink option support
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 47189
2015-10-15 08:56:59 +00:00
Luka Perkov
d57bba8560 iperf3: update URL
Update iperf3 to point to the correct project website. Prior URL was the
old iperf2 website.

Signed-off-by: Karl Palsson <karlp@remake.is>

SVN-Revision: 47184
2015-10-11 22:41:30 +00:00
Jo-Philipp Wich
b345461070 uhttpd: fix keep-alive bug (#20607, #20661)
The two commits

  5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
	"allow request handlers to disable chunked reponses"

and

  618493e378e2239f0d30902e47adfa134e649fdc
	"file: disable chunked encoding for file responses"

broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.

The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.

Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47161
2015-10-07 22:14:48 +00:00
Felix Fietkau
8aa110f7a2 hostapd: wait longer for inactive client probe (empty data frame)
One second is not enough for some devices to ackowledge null data frame
which is sent at the end of ap_max_inactivity interval. In particular,
this causes severe Wi-Fi instability with Apple iPhone which may take
up to 3 seconds to respond.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 47149
2015-10-06 12:33:10 +00:00
John Crispin
8181976067 lldpd: wrap procd command args in separate quotes
Seems the match pattern was being adapted from 'eth0' to ' eth0'
because of the way I added the procd command args.

This did not seem to be a problem when there were multiple interfaces,
just on devices with single interfaces for lldpd to listen on.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47136
2015-10-05 10:29:01 +00:00
John Crispin
af2429f104 openvpn: add handling for route-pre-down option
OpenVPN 2.3 added a route-pre-down option, to run a command before
routes are removed upon disconnection.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

SVN-Revision: 47134
2015-10-05 10:28:47 +00:00
Jo-Philipp Wich
cd8a615d4f iwinfo: nl80211: add support for reading TX power from netlink
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47108
2015-10-05 09:10:17 +00:00
Steven Barth
79494ae8e8 iproute2: adapt coexistence layer to new unified path
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 47081
2015-10-02 08:24:35 +00:00
Rafał Miłecki
b6320a63a2 hostapd: check for banned client on association event
When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47064
2015-09-28 09:09:00 +00:00
Felix Fietkau
4e4b4c8cb5 igmpproxy: fix spurious restarts on interface events, pass used netdevs to procd instead
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47055
2015-09-26 23:27:23 +00:00
Felix Fietkau
38182373e0 netifd: update to the latest version, fixes spurious client isolation in unbridged AP configurations (#20574)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47053
2015-09-26 23:18:40 +00:00
Jo-Philipp Wich
f30ccc8991 firewall: allow DHCPv6 traffic to/from fc00::/6 instead of fe80::/10
There is no RFC requirement that DHCPv6 servers must reply with a link local
address and some ISP servers in the wild appear to using addresses in the ULA
range to send DHCPv6 offers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 47048
2015-09-25 08:41:12 +00:00
Felix Fietkau
68f5382407 dropbear: add respawn param in case dropbear crashes
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47033
2015-09-24 08:37:40 +00:00
Steven Barth
836d462b10 package: Remove dependencies to kmod-ipv6
Since r46834, IPv6 support is builtin if selected. Therefor, dependencies
on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore.

Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>

SVN-Revision: 47022
2015-09-21 21:15:41 +00:00
Felix Fietkau
d4760cd9b4 uqmi: Add qmi.sh executable bit and fix option dhcp
Using protocol qmi does not work since qmi.sh is not executable.
Setting option dhcp explicitely to 0 actually enables it.
This patch fixes both problems.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 47014
2015-09-21 17:40:59 +00:00
Felix Fietkau
c2babe7cb2 iw: restore limited event monitor functionality (#20546)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47006
2015-09-18 13:40:03 +00:00
Jo-Philipp Wich
f2a19350fd firewall: depend on kmod-ipt-conntrack (#20542)
Our ruleset requires kernel support for conntrack state matching, therfore
depend on the require kmod. Fixes #20542.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46990
2015-09-17 15:31:45 +00:00
John Crispin
251b58a0a5 lldpd: add extra respawn params
Signed-off-by: Alexandru Ardelean <aa@ocedo.com>

SVN-Revision: 46969
2015-09-16 08:32:41 +00:00
John Crispin
9885e32521 lldpd: conversion of init script to procd format
And add respawn param (the main reason for this conversion).

Signed-off-by: Alexandru Ardelean <aa@ocedo.com>

SVN-Revision: 46968
2015-09-16 08:32:33 +00:00
John Crispin
fc19ec21e4 lldpd: move /var/run creation + chmod earlier
Signed-off-by: Alexandru Ardelean <aa@ocedo.com>

SVN-Revision: 46967
2015-09-16 08:32:27 +00:00
John Crispin
5007f488bb lldpd: remove obsolete/unsupported lldpctl call
This call is no longer supported.
Maybe a come-back for it would be to use a config /etc/lldpd.conf
or /etc/lldpd.d/<some-file>.conf

Signed-off-by: Alexandru Ardelean <aa@ocedo.com>

SVN-Revision: 46966
2015-09-16 08:32:18 +00:00
Steven Barth
3c335bb439 ppp: use more reliable way to set script environment
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46942
2015-09-15 14:52:47 +00:00
Steven Barth
76ed9f3dbd omcproxy: use 100ms query response interval by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46940
2015-09-15 07:54:55 +00:00
John Crispin
2c1d56af50 lantiq: Update to the latest DSL driver / application versions
Thanks to Sylwester Petela for testing my patch (successfully on an
ADSL connection) and for pointing out some configuration mistakes.
Others (including me) have also successfully tested this extensively
on VDSL connections.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 46920
2015-09-14 20:09:22 +00:00
Felix Fietkau
42a3d7811f mac80211/hostapd: rework 802.11w driver support selection, do not hardcode drivers in hostapd makefile
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46903
2015-09-14 06:51:10 +00:00
Hauke Mehrtens
1d05e2962f wpan-tools: bump to wpan-tools-0.5
Signed-off-by: Varka Bhadram <varkabhadram@gmail.com>

SVN-Revision: 46888
2015-09-11 20:52:35 +00:00
Felix Fietkau
ced2b641e2 base-files: set kernel.core_pattern in sysctl.conf
Move the pattern setting from netifd's service script to
/etc/sysctl.conf.  Put the timestamp component '%t' just after
executable name '%e' for more natural order from output of ls command.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 46867
2015-09-11 16:35:17 +00:00
Felix Fietkau
9abc02479e hostapd: Add eapol_version config option
Add eapol_version to the openwrt wireless config ssid section.
Only eapol_version=1 and 2 will get passed to hostapd, the default
in hostapd is 2.

This is only useful for really old client devices that don't
accept eapol_version=2.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46861
2015-09-11 16:33:54 +00:00
Felix Fietkau
beabe8af46 openvpn: remove __DATE__ from options output
reported by:
https://reproducible.debian.net/openwrt/dbd/ar71xx/base/openvpn-nossl_2.3.7-1_ar71xx.ipk.html

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 46860
2015-09-11 16:33:39 +00:00
Felix Fietkau
3adce75a67 hostapd: work around unconditional libopenssl build dependency
As the OpenWrt build system only resolves build dependencies per directory,
all hostapd variants were causing libopenssl to be downloaded and built,
not only wpad-mesh. Fix this by applying the same workaround as in
ustream-ssl.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 46851
2015-09-11 16:31:18 +00:00
Steven Barth
60a96cfdb7 comgt-ncm: Add possibility to choose PDP context type
By setting the option pdptype to IP, IPV6 or IPV4V6 the user can
choose the context type between IPv4, IPv6 and dual stack,
respectively. The default setting is dual stack, except if option
ipv6=0 is specified, in which case IPv4 context is the default.
This allows for an out-of-the-box IPv6 support with modems
utilizing NCM-like protocols.

While we are at it, also add commands for Sierra DirectIP modems
(currently untested), which will allow us to drop the separate
comgt-directip package (once tested and verified working).

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 46844
2015-09-11 06:46:42 +00:00
Steven Barth
8f24ee6382 uqmi: Add proper IPv6 support
Use the new --ip-family option to start both IPv4 and IPv6 sessions
by default. Autoconnect can't be used when starting two sessions,
so revert back to using the client IDs and packet data handles for
handling the network connection.

Some modem firmwares do not implement a RA server, therefore by
default use outband IP configuration and static addressing. Some
other firmwares report bogus IP configuration with the WDS get
current settings command. In this case inband configuration with
DHCP/RA can be optionally enabled by setting option dhcp to 1.

Per 3GPP standard a /64 prefix is served to all clients, which is
extended to LAN as specified in RFC 7278.

v2: Restrict the IPv6 gateway route source address
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 46843
2015-09-11 06:46:40 +00:00
Steven Barth
eb866e413f firewall: Remove src_port from firewall.config to receive dhcpv6 replies
Seems like my second try was again whitespace broken. Sorry for the noise.

Remove src_port from firewall.config to receive dhcpv6 replies. Fixes #20295.

Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de>

SVN-Revision: 46842
2015-09-11 06:46:35 +00:00
Felix Fietkau
7e57d753a1 netifd: update to the latest version, fixes a WDS STA mode regression caused by multicast-to-unicast handling (#20466)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46841
2015-09-10 21:00:19 +00:00
Steven Barth
0c8f0186d5 linux: make IPv6 builtin if selected (saves >30KB)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46834
2015-09-09 12:20:36 +00:00
Steven Barth
e07959cade package: replace ifconfig-usage with ip
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46832
2015-09-08 17:44:24 +00:00
Steven Barth
579fe7f52a iproute2: improve ip-full coexistence, remove rt_table
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46831
2015-09-08 17:44:17 +00:00
Steven Barth
1b91cd2663 map: be less restrictive when matching lw4over6 prefixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46819
2015-09-08 12:13:29 +00:00
Felix Fietkau
48fe93ea6b iw: reduce size even more (~12k after gzip)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46818
2015-09-08 11:48:48 +00:00
Steven Barth
8a7a939470 dropbear: remove generation and configuration of DSS keys
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46815
2015-09-08 08:59:40 +00:00
Felix Fietkau
a4cf4c35af dropbear: disable 3des, cbc mode, dss support, saves about 5k gzipped
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46814
2015-09-08 08:55:10 +00:00
Steven Barth
d196b1fc2e Disable telnet in favor of passwordless SSH
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46809
2015-09-07 19:29:25 +00:00
Felix Fietkau
b850e1e59f uhttpd: update to the latest version, fixes deferred cgi script processing (#20458)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46807
2015-09-07 19:18:58 +00:00
Steven Barth
7af30b4cef map: ignore insignificant PSID bits
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46804
2015-09-07 16:21:15 +00:00
Steven Barth
8ac42ac28b odhcpd: fix parsing of host entries without duid
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46803
2015-09-07 13:31:36 +00:00
Steven Barth
60e786c4cd odhcpd: various bugfixes
* ra: don't announce as default router if we aren't (regression)
* ra: reduce maximum announced dns lifetimes due to buggy clients
* dhcpv6: fix mac-based lease-matching

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46802
2015-09-07 09:49:35 +00:00
Steven Barth
4b7ba93083 odhcp6c: correctly extend prefix from RAs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46781
2015-09-04 06:29:36 +00:00
Steven Barth
f96bf30dc6 comgt/umbim/uqmi: enable RFC 7278 for 3g/4g by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46780
2015-09-03 15:53:40 +00:00
Steven Barth
72b4ed113a odhcp6c: add RFC 7278 3gpp IPv6 prefix extension
Use option extendprefix 1 to enable

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46779
2015-09-03 15:53:33 +00:00
Felix Fietkau
f5ba6aad34 mdns: update to the latest version, fixes a spurious build error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46778
2015-09-03 13:15:19 +00:00
Steven Barth
fc41846248 dnsmasq: make /tmp/dnsmasq.d and /tmp/hosts preferred over UCI settings
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46770
2015-09-02 11:49:00 +00:00
Steven Barth
a0d06f65ae dropbear: bump to 2015.68
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46769
2015-09-02 11:48:57 +00:00
Felix Fietkau
c8b481e0c1 mdns: fix having mulitple network entries in uci
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46764
2015-09-02 09:23:52 +00:00
Steven Barth
7e009c1598 map: add debug-code for mapcalc
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46763
2015-09-01 18:48:22 +00:00
Steven Barth
750a344a55 odhcpd: fix incorrect address assignment for DHCPv6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46761
2015-09-01 13:31:00 +00:00
Felix Fietkau
5da52afa79 hostapd: properly enable 802.11w support
Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w
support is properly compiled in full variant.

This fixes #20179

Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>

SVN-Revision: 46737
2015-08-27 12:43:22 +00:00
Felix Fietkau
d4e9c8d7ef netifd: update to the latest version, adds multicast-to-unicast fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46719
2015-08-25 07:24:53 +00:00
Steven Barth
9f67c7fc8a netifd: various updates
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46718
2015-08-25 06:27:37 +00:00
Steven Barth
ab71e84084 omcproxy: fix last commit
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46717
2015-08-24 08:53:16 +00:00
Steven Barth
e81f860bca omcproxy: add new igmpv3 & mldv2 multicast proxy
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46716
2015-08-24 08:28:11 +00:00
Steven Barth
c154130ebd odhcpd: various RA improvements
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46694
2015-08-20 12:43:45 +00:00
Imre Kaloz
996399ba08 uhttpd: we don't know where the device is located, so reflect that in the cert
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 46688
2015-08-19 08:20:11 +00:00
Jo-Philipp Wich
241d151b9c uhttpd: pass X-HTTP-Method-Override header to cgi scripts
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46677
2015-08-17 16:17:36 +00:00
John Crispin
eb42485093 iwinfo: update to latest git HEAD
adds extra station info reporting

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46669
2015-08-17 11:25:51 +00:00
John Crispin
e5488123e6 hostapd: Add vlan_file option to netifd.sh
Other VLAN related options are already being processed in netifd.sh
but the vlan_file option is missing. This option allows the mapping
of vlan IDs to network interfaces and will be used in dynamic VLAN
feature for binding stations to interfaces based on VLAN
assignments. The change is done similarly to the wpa_psk_file
option.

Signed-off-by: Gong Cheng <chengg11@yahoo.com>

SVN-Revision: 46652
2015-08-17 06:17:13 +00:00
Hauke Mehrtens
c9d7aa8704 samba36: preserve smbpasswd across sysupgrade
Add /etc/samba/smbpasswd to list of samba conffiles
thus preserving samba passwords across sysupgrade
by default.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

SVN-Revision: 46606
2015-08-15 14:49:06 +00:00
Hauke Mehrtens
186c711ccd dnsmasq: Bump to dnsmasq2.75
Fixes a 100% cpu usage issue if using dhcp-script.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46550
2015-08-03 20:33:57 +00:00
Felix Fietkau
29de31f8ba iw: update to version 4.1
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46534
2015-07-31 19:49:22 +00:00
Steven Barth
677f0e3e72 dnsmasq: Bump to dnsmasq2.74
Bump to dnsmasq2.74 & refresh patches to fix fuzz

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

SVN-Revision: 46522
2015-07-30 08:53:43 +00:00
Steven Barth
9a2132156d odhcp6c: minor fixes
Better synchronize RA & DHCPv6 events
Accumulate some events to avoid flooding
Restart softwires for address and prefix changes

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46518
2015-07-29 06:13:15 +00:00
Steven Barth
6831883100 firewall: fix typo in ESP rule
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46506
2015-07-27 11:47:20 +00:00
Steven Barth
fefb6758f9 odhcpd: fix RA lifetimes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46479
2015-07-24 13:51:43 +00:00
Steven Barth
f6abd042c2 firewall: comply with REC-22, REC-24 of RFC 6092
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46478
2015-07-24 10:00:45 +00:00
John Crispin
e7b34b2b0d buttons: make all button handler scripts return 0
this is required by the new button timeout feature

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46471
2015-07-24 09:11:35 +00:00
John Crispin
027230ade2 dnsmasq: add some missing files to the jail
found with strace, not sure we got all of them though

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

SVN-Revision: 46467
2015-07-24 09:11:06 +00:00
Felix Fietkau
26d71e9b25 netifd: update to the latest version, fixes setting RPS/XPS for wlan devices
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46421
2015-07-18 23:14:19 +00:00
Steven Barth
706adb1601 odhcp6c: add option "sourcefilter" to disable source filter
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46408
2015-07-18 05:44:50 +00:00
John Crispin
d42b6c1afb swconfig: libsw.so should be installed into /usr/lib/
otherwise it's not picked up by toolchain:

staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_musl-1.1.10/lib/gcc/mipsel-openwrt-linux-musl/4.8.3/../../../../mipsel-openwrt-linux-musl/bin/ld: cannot find -lsw

Signed-off-by: Roman Yeryomin <roman@advem.lv>

SVN-Revision: 46406
2015-07-17 12:51:24 +00:00
Steven Barth
56e7ba4a1e odhcpd: fix last commit
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46393
2015-07-17 11:09:13 +00:00
Steven Barth
9a977c2b11 odhcpd: fix dhcpv6 relay forwarding
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46392
2015-07-17 08:47:48 +00:00
Jonas Gorski
46a69e96a4 xtables-addons: update to 2.7 to fix compilation with 4.1
Also drop the configure (not .ac) patch part as autoreconf will
overwrite it anyway with a newly generated version.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>
Acked-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46385
2015-07-15 14:41:45 +00:00
Felix Fietkau
e23c3bb339 wpa-supplicant: add 802.11r client support
Add 802.11r client support to wpa_supplicant. It's only enabled in
wpa_supplicant-full. hostapd gained 802.11r support in commit r45051.

Tested on a TP-Link TL-WR710N sta psk client with two 802.11r enabled
openwrt accesspoints (TP-Link TL-WDR3600).

Signed-off-by: Stefan Hellermann <stefan@the2masters.de>

SVN-Revision: 46377
2015-07-15 08:16:22 +00:00
Steven Barth
f08895d0e9 odhcpd: also unify router and DNS lifetimes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46376
2015-07-15 07:38:54 +00:00
Steven Barth
d8e082c593 odhcpd: fix RA lifetime calculation
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46375
2015-07-15 06:57:43 +00:00
Steven Barth
a5641a6444 odhcpd: use 65535s as default lifetime and make interval configurable
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46370
2015-07-14 20:10:46 +00:00
John Crispin
c71ef0499b swconfig: Split libsw out of swconfig for reuse in other packages
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46358
2015-07-14 09:56:59 +00:00
Steven Barth
63ef3540d1 odhcpd: unsolicited unicast RAs + fix NDP-relay
odhcpd now sends unsolicited RAs also via unicast to known link-local
neighbors. This is an attempt to work-around common smartphone issues
https://code.google.com/p/android/issues/detail?id=32662

Also NDP-relay should now work more reliably now

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46357
2015-07-14 09:12:29 +00:00
Steven Barth
a06c1c810e odhcp6c: fix some more compatibility issues
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46335
2015-07-13 21:51:38 +00:00
Steven Barth
fab6209f71 odhcp6c: work-around more ISP DHCPv6-PD issues
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46317
2015-07-13 14:17:38 +00:00
Felix Fietkau
1c8148a858 ebtables: fix miscompilation on 64bit targets
The musl build "fix" introduced in r45108 removed all netinet/ether.h
includes, which made the prototypes of ether_aton and ether_ntoa
unavailable. As a result, the compiler assumed they return int instead
of a pointer. This currupted the pointer on 64bit targets, causing ebtables
to segfault in commands containing MAC addresses.

Since r46161 made it possible to include both the kernel and the libc
if_ether.h as long as the libc version is included first, this patch
changes the fix to remove the linux/if_ether.h from the ebtables source
(so the fixed version from the kernel is used) and ensures netinet/ether.h
is included early.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 46292
2015-07-10 11:36:49 +00:00
Felix Fietkau
7a04fd0e3a swconfig: swlib.c: Fix another memleak
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46275
2015-07-08 15:59:38 +00:00
John Crispin
657300d418 comgt: make ncm proto work via wwan proto
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46272
2015-07-08 14:26:04 +00:00
John Crispin
5da98f3478 swconfig: swlib.c: free name and description of attributes
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46232
2015-07-07 13:46:16 +00:00
John Crispin
294907aa3a swconfig: swlib.c: free portmaps in swlib_free()
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46231
2015-07-07 13:46:05 +00:00
John Crispin
2b9bdf4d6f swconfig: swlib.c: remove const qualifier for val.s since this is supposed to be free'd
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46230
2015-07-07 13:45:56 +00:00
John Crispin
08d4d4921d swconfig: swlib.c: free device name and alias
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 46229
2015-07-07 13:45:44 +00:00
Steven Barth
59f5eefe8c dnsmasq: Add sequential_ip UCI parameter
When enabled the dnsmasq DHCP server allocates the IP addresses sequentially
starting from the lowest available IP address.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 46211
2015-07-07 08:13:22 +00:00
Steven Barth
c5c819c494 dnsmasq: enable extra tracing by default when UCI parameter logqueries is set
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 46210
2015-07-07 08:13:16 +00:00
Hauke Mehrtens
97b14fd700 curl: update curl to version 7.43.0
This brings curl to version 7.43.0 and contains fixes for the following
security vulnerabilities:

CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html

The 100-check_long_long patch is not needed any more, because the
upstream autoconf script already checks for long long when cyassl is
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46169
2015-07-03 23:21:01 +00:00
Felix Fietkau
a9c39a27b5 mdns: fix ubus wait_for command
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46156
2015-07-02 11:26:12 +00:00
Steven Barth
a742fcaf3b netifd: add mtu6 option to override IPv6 MTU
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46135
2015-06-29 06:47:19 +00:00
Jonas Gorski
518ab154e0 xtables-addons: disable for kernel 4.1 for now
Netfilter APIs have changed, so the code requuires updates to compile
successfully.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46111
2015-06-22 12:27:38 +00:00
Steven Barth
23633249c8 ppp: honor LDFLAGS
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46068
2015-06-19 17:07:11 +00:00
Steven Barth
539d02eb0b iproute2: honor LDFLAGS
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46064
2015-06-19 13:30:18 +00:00
Steven Barth
3cb3da9556 linux-atm: add PKG_FIXUP
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46037
2015-06-18 11:10:46 +00:00
Felix Fietkau
63cb31d9ec openvpn: bump to 2.3.7.
Two patches are dropped as they were already applied upstream.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 46027
2015-06-18 06:41:49 +00:00
Matteo Croce
1090df82be ltq-vdsl-app: build fix for MUSL
SVN-Revision: 46006
2015-06-16 21:43:26 +00:00
Steven Barth
54bbebc633 Update dnsmasq to v2.73.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

SVN-Revision: 45988
2015-06-15 08:10:59 +00:00
Felix Fietkau
7afbd4fc36 openvpn: bump PKG_RELEASE.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 45962
2015-06-14 17:41:54 +00:00
Felix Fietkau
2c9fbdf0bc openvpn: let instances drop to nobody in default config.
This is for security precautions.  As persist_tun and persist_key are
already there, this should not cause compatibility issue.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 45961
2015-06-14 17:41:43 +00:00
Felix Fietkau
3f726e7b2e openvpn: fix handling option auth_retry.
As reported in ticket #19104, auth_retry takes a <type> argument with 3
choices: none, nointeract, interact.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 45960
2015-06-14 17:41:38 +00:00
Felix Fietkau
32055c0833 samba36: remove host build paths
- fix iconv detection because it adds host paths
- disable python detection (host python-config is found)

iconv issue is reported by buildbot config.log + replicated locally
see config.log in logs.tar.gz
python issue observed locally on Arch Linux

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45953
2015-06-14 17:40:52 +00:00
Steven Barth
cd89dbd91d ppp: bump PKG_RELEASE
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45949
2015-06-12 07:38:00 +00:00
Steven Barth
48a95eff38 ppp : Unnumbered support
Adds PPP unnumbered support via the parameter unnumbered which points to a logical OpenWRT interface.
The PPP proto shell handler will "borrow" an IP address from the unnumbered interface (if multiple
IP addresses are present the longest prefix different from 32 will be "borrowed") for which a host
interface dependency will be created. Due to the host interface dependency the PPP unnumbered interface
will only "borrow" an IP address from an interface which is up.
The borrowed IP address will be shared as local IP address by the PPP daemon and no other local IP
will be accepted from the peer in the IPCP negotiation.

A typical use case is the usage of a public IP subnet on the Lan interface which will be shared
by the PPP interface as local IP address.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45948
2015-06-12 07:37:53 +00:00
Steven Barth
4734c4459b odhcp6c: work around RIOs matching PIOs as sent by some apple routers
Thanks to Mikael Abrahamsson for reporting.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45941
2015-06-10 15:54:24 +00:00
Steven Barth
908b9065bb 6to4: Remove sourcerouting parameter registration
Commit 31214c38c8dd0f70366b523f9b0335145b9386bd removes IPv6 unneeded source-dest-routing workarounds;
as a result sourcerouting parameter is unused and can be removed.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45940
2015-06-10 11:50:13 +00:00
Steven Barth
66f9d344b1 6rd: Remove sourcerouting parameter registration
Commit 31214c38c8dd0f70366b523f9b0335145b9386bd removes IPv6 unneeded source-dest-routing workarounds;
as a result sourcerouting parameter is unused and can be removed.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45939
2015-06-10 11:50:09 +00:00
Steven Barth
e23052ab74 map: add sleep work-around for lw4o6 race-condition
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45936
2015-06-09 21:18:55 +00:00
Steven Barth
2fed0fffe1 odhcp6c: fix handling of custom DHCPv6 options
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45935
2015-06-09 20:28:35 +00:00
Steven Barth
ebfe8d8b08 netifd: bump to latest, various fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45926
2015-06-08 11:04:10 +00:00
Steven Barth
73fb57ada4 dnsmasq: bump to 2.73rc9
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45924
2015-06-08 04:48:16 +00:00
Steven Barth
c6a6f75436 dnsmasq: fix config file typo
s/loclal/local/

Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>

SVN-Revision: 45923
2015-06-08 04:48:08 +00:00
Felix Fietkau
ecaacad14d hostapd: move ht_coex variable to mac80211.sh, guarded by 802.11n support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45917
2015-06-06 23:09:43 +00:00
Hauke Mehrtens
5621a56d25 ppp: fix download URL
The file is not available at the older path any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 45910
2015-06-06 13:50:00 +00:00
John Crispin
281cb95a9d lldpd: add option to disable custom TLVs
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 45884
2015-06-03 13:59:14 +00:00
Felix Fietkau
91467cec6f hostapd: add a new option to control HT coexistance separate from noscan
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45873
2015-06-02 08:39:19 +00:00
Steven Barth
09ad0ae4bd odhcp6c: silence fw3 warnings
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45867
2015-06-01 08:31:13 +00:00
Jo-Philipp Wich
570790173d iwinfo: fix segfault in mtd parsing code (#19768)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45863
2015-06-01 04:31:45 +00:00
John Crispin
2bc9e8e50c lldpd: disable xml explicitly
This prevents auto-detection of libxml2 and thus the error:
Package lldpd is missing dependencies for the following libraries:
libxml2.so.2

Preventing a dependency to libxml2 is preferred, since libxml2
would be a out-of-(core-)tree dependency.

Reported-by: Buildbot
Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 45859
2015-05-31 17:46:09 +00:00
Jo-Philipp Wich
531a7e469a uhttpd: use 307 for HTTPS redirections to retain request method
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45853
2015-05-30 21:14:33 +00:00
Jo-Philipp Wich
4f58248a7d uhttpd: add support for enforcing https
Also set HTTPS environment variable for CGI programs on SSL connections.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45852
2015-05-30 20:55:14 +00:00
Jo-Philipp Wich
be16b184e2 uhttpd: inhibit chunked transfer encoding for static file responses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45850
2015-05-30 14:05:40 +00:00
Jo-Philipp Wich
8df45565e9 lldpd: update to v0.7.15 and add support for parsing /etc/openwrt_release
Also drop superseded patches.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45810
2015-05-28 16:19:38 +00:00
Steven Barth
a28470a3cc map: add support for lw4o6 address matching, minor optimizations
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45770
2015-05-26 14:36:20 +00:00
Steven Barth
e6f9641df1 netifd: fix and optimize ipv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45768
2015-05-26 12:48:12 +00:00
Jo-Philipp Wich
5e5c0edd7e iwinfo: fix hostapd status query (#19662)
* Rework hostapd and wpa_supplicant status parsing code
 * Add support for querying available HT rates
 * Relax definition of restricted channels

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45766
2015-05-26 11:50:04 +00:00
Jo-Philipp Wich
35497a0400 firewall: link iptables extensions dynamically
Use shared libipt{,4,6}ext.so libraries instead of statically linking
the userspace matches into the fw3 executable.

As a side effect the match initialization is extremely simplified
compared to the weak function pointer juggling performed before.

This also fixes the initialization of the multiport match.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45764
2015-05-26 11:11:48 +00:00
Jo-Philipp Wich
1c00b6bc7f iptables: reduce binary size
* drop unused lenient restore patch
 * instead of statically linking core extensions, build shared libraries
   for reuse in fw3
 * strip outdated match revisions and aliases to trim down library size

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45758
2015-05-26 09:16:50 +00:00
Felix Fietkau
27aada7658 ppp: do not warn if connect() before close() on pppoe terminate fails (fixes #19651)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45755
2015-05-26 07:02:49 +00:00
Felix Fietkau
4eeeb91661 netifd: bump to current HEAD
This introduces a new config parameter "no-proto-task" useful for
xl2tpd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45748
2015-05-25 21:15:31 +00:00
John Crispin
841b50a665 comgt: the package contained too many files
fixes #19698

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45741
2015-05-23 15:29:46 +00:00
John Crispin
a2d0d58a8e conntrack-tools: add init script for conntrackd
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45737
2015-05-23 15:28:56 +00:00
Jonas Gorski
5caa23551e ds-lite: fix resolve retry for fqdn peeraddrs
If the first resolveip call will fail, peeraddr will be now empty, and
the subsequent resolveip call will try to resolve an empty string.

Fix this by storing the result in a temporary variable.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 45712
2015-05-22 10:24:30 +00:00
Steven Barth
8304c0c04d odhcpd: fix DHCPv6 downstream PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45707
2015-05-21 15:07:54 +00:00
Steven Barth
241dbffcf9 netifd: improve IPv6 onlink-route handling
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45701
2015-05-19 09:01:34 +00:00
Steven Barth
08f057c703 ipv6: remove now unneeded source-dest-routing workarounds
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45700
2015-05-19 07:53:08 +00:00
Steven Barth
51d97db185 dnsmasq: bump to dnsmasq2.73rc8 Important.
Bump dnsmasq to v2.73rc8

Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

SVN-Revision: 45693
2015-05-17 08:06:45 +00:00
Steven Barth
1ffe824e81 map: set ealen to psidlen for lw4over6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45689
2015-05-16 10:12:15 +00:00
Steven Barth
356a9f0280 odhcp6c: fix parsing of LW4over6 parameters
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45688
2015-05-16 07:29:42 +00:00
Steven Barth
a11d2f1cb2 odhcpd: ignore /64 on interface when doing PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45679
2015-05-13 12:31:06 +00:00
Steven Barth
e9999a7168 odhcpd: remove invalid call to free()
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45675
2015-05-11 19:49:03 +00:00
Felix Fietkau
53a5647414 ppp: remove the persist option, netifd handles reconnects
Significantly reduces reconnect delay

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45654
2015-05-09 21:14:46 +00:00
Felix Fietkau
bf84a53f9b netifd-dhcp: supply parameters to user-script
hand over parameters to user-script e.g. $1=deconfig

Signed-off-by: Leon George <leon@georgemail.de>
Signed-off-by: Christian Mehlis <christian@m3hlis.de>

SVN-Revision: 45626
2015-05-08 10:44:19 +00:00
Felix Fietkau
06556a8e6b hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45619
2015-05-06 09:45:39 +00:00
Felix Fietkau
1f689613b6 iptables: disable unused xml support to save some space
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45617
2015-05-06 00:59:41 +00:00
Felix Fietkau
a503023ec2 hostapd: enable 802.11w only for the full variants
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45616
2015-05-06 00:59:36 +00:00
Steven Barth
d534883a52 firewall: Allow IGMP and MLD input on WAN
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.

RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

SVN-Revision: 45613
2015-05-05 13:22:41 +00:00
Felix Fietkau
632ba15a56 curl: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45609
2015-05-05 10:12:49 +00:00
Felix Fietkau
5533a67e3a openvpn: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45608
2015-05-05 10:09:16 +00:00
Jo-Philipp Wich
a28deda590 openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.

The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.

Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.

References:

 * https://dev.openwrt.org/ticket/19101
 * https://community.openvpn.net/openvpn/ticket/524
 * https://github.com/ARMmbed/mbedtls/pull/185

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45602
2015-05-04 08:49:21 +00:00
Steven Barth
a132313238 dhcp: add option specifying overriding custom-routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45594
2015-05-02 07:44:55 +00:00
Steven Barth
58f7d9676b map: shorten autogenerated sub-interface names to account for limits
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45590
2015-04-30 12:43:46 +00:00
Steven Barth
fc84123c2f dnsmasq: bump to 2.73rc7
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45587
2015-04-29 07:19:24 +00:00
Steven Barth
4fb99ec22f odhcpd: Remove prefix class config option as not supported anymore by odhcpd
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45586
2015-04-28 14:58:54 +00:00
Steven Barth
64aa0929b9 odhcp6c: Fix white space errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45585
2015-04-28 14:57:52 +00:00
Steven Barth
62e7f07615 dnsmasq: bump to 2.73rc6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45572
2015-04-23 13:05:15 +00:00
Felix Fietkau
eba659cbba hostapd: backport fix for CVE-2015-1863, refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45567
2015-04-23 08:01:51 +00:00
Nicolas Thill
05d28c47e8 hostapd: mark wpa-supplicant & wpad-mesh as broken on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45561
2015-04-22 15:36:00 +00:00
John Crispin
f03226afe7 uqmi: auto retry when bringup fails
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45556
2015-04-21 13:18:46 +00:00
John Crispin
acf74d9b6a umbim: auto retry when bringup fails
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45555
2015-04-21 13:18:40 +00:00
Felix Fietkau
fe14e2a674 netifd: update to the latest version, fixes retry when proto handlers exit without changing the state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45550
2015-04-21 12:11:07 +00:00
Steven Barth
c6cd1f1632 odhcpd: minor fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45539
2015-04-21 07:45:49 +00:00
Felix Fietkau
ce0eddc2fb hostapd/netifd: encrypted mesh with wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45519
2015-04-20 15:00:07 +00:00
Steven Barth
42c75c690e odhcp6c: fix SOL_MAX_RT to match RFC 3315
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45514
2015-04-20 09:17:13 +00:00
Steven Barth
9715e1d520 nftables: bump version
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45513
2015-04-20 06:30:34 +00:00
Steven Barth
38519cad0b iproute2: update to v4.0.0
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished.  That section of the patch was removed.

Built and lightly tested on ar71xx against uClibc and musl.

Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 45512
2015-04-20 06:26:09 +00:00
Felix Fietkau
a285a0a034 netifd: update to the latest version, fixes more interface device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45503
2015-04-19 09:50:49 +00:00
Felix Fietkau
6293aae9d3 netifd: update to the latest version, fixes more device config handling issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45497
2015-04-18 21:35:16 +00:00
Felix Fietkau
563c26a34f iptables: remove obsolete files
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45494
2015-04-18 17:59:31 +00:00
Steven Barth
af4d04ed36 dropbear: update to 2015.67
fixes dbclient login into OpenSSH 6.8p1
error: "Bad hostkey signature"

reported on irc, replicated with Arch Linux

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45493
2015-04-18 11:25:01 +00:00
John Crispin
125b2ced63 hostapd: Fix wps button hotplug script to handle multiple radios
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.

https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh

The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.

Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.

root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf  /var/run/hostapd-phy1.conf

/var/run/hostapd:
wlan0  wlan1

The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/

The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
                    [-G<ping interval>] [command..]
...
    -p<path>     path to find control sockets (default: /var/run/hostapd)
...
    -i<ifname>   Interface to listen on (default: first interface found in the
                 socket path)

Below is a run with the default script and with my proposed solution.

Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         for dir in /var/run/hostapd*; do
                 [ -d "$dir" ] || continue
                 logger "WPS activated for: $dir"
                 hostapd_cli -p "$dir" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd

wlan0 got WPS activated, while wlan1 remained inactive.

I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.

Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         cd /var/run/hostapd
         for dir in *; do
                 [ -S "$socket" ] || continue
                 logger "WPS activated for: $socket"
                 hostapd_cli -i "$socket" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1

Both radios got their WPS activated properly.

I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.

The modified script has been in a slightly different format in my community
build since r42420 in September 2014.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45492
2015-04-18 10:19:37 +00:00
Felix Fietkau
bdd241ee29 netifd: update to the latest version, fixes issues in handling device config from interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45483
2015-04-17 19:28:10 +00:00
Felix Fietkau
c909a0354a qos-scripts: drop obsolete depdendency on iptabes-mod-filter (#19506)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45482
2015-04-17 18:52:28 +00:00
Felix Fietkau
6057a09ae6 iptables: remove layer7 leftovers (#19506)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45481
2015-04-17 18:52:24 +00:00
Steven Barth
0d1b5a1fd2 network: also shorten virtual interface names of ppp and 3g/4g connections
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45479
2015-04-17 14:47:12 +00:00
Steven Barth
6b062ad848 network: shorten names of generated interfaces
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45476
2015-04-17 13:10:19 +00:00
Steven Barth
f1119373f2 odhcp6c: silence "bad number" warnings
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45449
2015-04-15 14:04:17 +00:00
Steven Barth
2eefcd1048 odhcp6c: avoid saving empty RA search domains
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45448
2015-04-15 12:57:41 +00:00
Steven Barth
6fad3d5524 odhcpd: fix accidental logic inversion
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45435
2015-04-14 14:21:52 +00:00
Steven Barth
56573fdb0d odhcp6c: fix some issue discovered by scan-build
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45429
2015-04-14 08:33:37 +00:00
Steven Barth
7e5bf40cac odhcpd: avoid illegal memory access in some corner cases
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45428
2015-04-14 08:31:53 +00:00
Felix Fietkau
bdb6c313de qos-scripts: remove layer7 support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45425
2015-04-13 22:23:26 +00:00
Felix Fietkau
4e4060138a iptables: remove layer7 support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45424
2015-04-13 22:23:19 +00:00
Steven Barth
3633523ba6 dnsmasq: fix dnssec timestamp logic, backport crashfix
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45410
2015-04-13 07:49:29 +00:00
Felix Fietkau
e8a45bfc15 netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.

The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.

https://dev.openwrt.org/ticket/19345

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45380
2015-04-11 10:52:01 +00:00
Steven Barth
f9b0423836 odhcpd: send current hop-limit by default in RAs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45359
2015-04-10 11:52:42 +00:00
Steven Barth
0dbbbda4bf odhcp6c: move IPv6 /proc config to userspace and sanitize
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45358
2015-04-10 11:33:15 +00:00
Steven Barth
747c33859b dnsmasq: bump to 2.73rc4
Fix crash caused by malformed DNS requests
Improved DNSSEC handling

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45354
2015-04-10 10:19:17 +00:00
John Crispin
2b95d21fdb hostapd: remove unused asprintf parameter
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45351
2015-04-10 08:31:26 +00:00
John Crispin
7872f4e1dc iptables: revert r40916
it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45350
2015-04-10 08:31:06 +00:00
John Crispin
e7559353db wpan-tools: adds wpan-tools utility
This patch adds the wpan-tools (iwpan) utility to OpenWRT
build system. This utility required to manage IEE-802.15.4
devices.

Signed-off-by: Varka Bhadram <varkab@cdac.in>

SVN-Revision: 45349
2015-04-10 08:30:11 +00:00
John Crispin
dcdd5c1ecb netifd: Interface last error support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45334
2015-04-09 10:33:05 +00:00
John Crispin
4b0211b547 ppp: Detailed last error support
Enables last error support for the PPP protocol handlers.
In generic teardown the PPP daemon exit code is translated into
a self explaining error string which is set as interface error
by proto_notify_error in case of failure.

Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45333
2015-04-09 10:32:54 +00:00
John Crispin
88fa9a8422 dnsmasq: Add option '--servers-file'
The option '--servers-file' is available since dnsmasq v2.69.

Signed-off-by: Lars Kruse <lists@sumpfralle.de>

SVN-Revision: 45332
2015-04-09 10:32:46 +00:00
John Crispin
3c9dcadcf5 umbim: update to latest git HEAD
merge patches from Bjørn Mork

http://patchwork.ozlabs.org/patch/459277/

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45327
2015-04-09 10:32:01 +00:00
John Crispin
ff211def3e hostapd: add update_beacon to ubus binding
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45325
2015-04-09 10:31:45 +00:00
Steven Barth
4b1257137c odhcp6c: add 464xlat integration, fix dslite integration
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45323
2015-04-09 08:17:32 +00:00
Steven Barth
d5a477cc38 ds-lite: add support for fqdn peeraddrs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45322
2015-04-09 08:17:23 +00:00
Steven Barth
6f5bbfa181 odhcpd: fix infinite lifetime handling in dhcpv6
thanks to Arjen de Korte

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45279
2015-04-06 10:50:54 +00:00
Felix Fietkau
fe8d9f59da hostapd: when running AP+STA, preserve the AP 802.11n-enabled setting
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45270
2015-04-04 17:51:46 +00:00
John Crispin
16d291e2c9 ppp: Fix missing arg argument when using option flag OPT_A2STRVAL
The arg argument is missing to the printer call in the print_option
utility when the option flag OPT_A2STRVAL is set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45264
2015-04-03 19:06:56 +00:00
John Crispin
9ccfbb841c ppp: Fix seg fault when using pppol2tp
PPPD crashes (SEGV) when the dump or dryrun options are specified and an option
is internally defined as "o_special" with an option flag of "OPT_A2STRVAL".
As the option value is not saved when the parameter is processed, a reference
to the option will result into a crash (e.g. when printing).

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45263
2015-04-03 19:06:45 +00:00
John Crispin
4bb94e5b2d samba36: add smb.conf.template to conffiles
User might have modified/extended template direct or by LuCI application.
So do not overwrite on update/upgrade.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 45258
2015-04-03 19:06:06 +00:00
Nicolas Thill
fe46689f10 packages: use $(LN) macro, make symlinks relative
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45250
2015-04-03 00:07:43 +00:00
Nicolas Thill
d1070a6330 mdns: add conffiles section
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45241
2015-04-02 14:53:07 +00:00
John Crispin
546ba7a39f samba: use INSTALL_CONF for the uci file
sorry about the broken commit earlier

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45226
2015-04-01 16:12:43 +00:00
Nicolas Thill
b7130aff21 samba36: fix typo in package/samba36-server/install
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45225
2015-04-01 15:59:14 +00:00
John Crispin
26a27231e6 samba: don't overwrite config file
fixes #19087

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45220
2015-04-01 13:39:23 +00:00
John Crispin
8acbb5783d dnsmasq: backport --tftp-no-fail to ignore missing tftp root
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 45213
2015-04-01 08:33:10 +00:00
Steven Barth
78552c24ba odhcpd: compile fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45192
2015-03-31 17:30:56 +00:00
Steven Barth
4f00a51723 odhcp6c: some more code compliance
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45191
2015-03-31 17:30:47 +00:00
Steven Barth
4a1f19e15d netifd: revert policy routing (broke some custom user rules)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45185
2015-03-31 13:14:40 +00:00
Steven Barth
edf9b7a2a5 netifd: add metric argument for ipv4 proto routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45182
2015-03-31 11:36:20 +00:00
Steven Barth
23db1800f8 nftables: bump to 2015-03-24
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45158
2015-03-30 17:04:14 +00:00
John Crispin
6aff392bff uhttpd: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45153
2015-03-30 12:35:13 +00:00
Steven Barth
24be294d8e odhcpd: fix default dhcpv6 behavior for non-/64
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45148
2015-03-30 08:53:22 +00:00
Steven Barth
0a0dec1c4a odhcpd: fix musl build, change default DHCPv6 behavior
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45147
2015-03-30 08:49:47 +00:00
Steven Barth
bbe5dc48a2 odhcp6c: musl fixes (thanks Felix)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45146
2015-03-30 08:49:20 +00:00
Felix Fietkau
4a7f1bb54c iputils: fix musl compile errors
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45111
2015-03-29 04:30:12 +00:00
Felix Fietkau
e0e8900edd ead: clean up, fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45110
2015-03-29 04:30:05 +00:00
Felix Fietkau
86841522d5 arptables: fix musl build issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45109
2015-03-29 04:29:56 +00:00
Felix Fietkau
55aa123732 ebtables: fix musl build issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45108
2015-03-29 04:29:44 +00:00
Felix Fietkau
9f8be0befc authsae: remove bogus #include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45107
2015-03-29 04:29:26 +00:00
Felix Fietkau
e0f421dcab iperf3: use -D_GNU_SOURCE to fix build error on musl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45103
2015-03-29 04:26:57 +00:00
Felix Fietkau
f93a316430 conntrack-tools: add a build dependency on librpc (fixes #19342)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45099
2015-03-29 01:44:14 +00:00
Felix Fietkau
efebc77f94 conntrack-tools: add more missing include statements
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45096
2015-03-28 18:26:24 +00:00
Felix Fietkau
2d13d8dc76 conntrack-tools: update package (along with associated libraries) to the latest version, fix musl build issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45077
2015-03-28 10:19:26 +00:00
Felix Fietkau
89abb27f2c hostapd: fix compile errors with nl80211 disabled (#19325)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45063
2015-03-27 14:55:01 +00:00
Felix Fietkau
44218424f1 hostapd: fix a compiler warning in ap+station patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45062
2015-03-27 14:54:53 +00:00
Felix Fietkau
8905eb39b6 hostapd: disable the bridge packet receive workaround, it is unnecessary on openwrt and could potentially harm performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45060
2015-03-27 14:54:41 +00:00
Steven Barth
7edbd6b4d7 netifd: adjust default local policy rules
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45059
2015-03-27 14:19:10 +00:00
John Crispin
d8fc4d31d0 dnsmasq: we dont want to run in debug mode
a left over from the dnsmasq jail testing

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45058
2015-03-27 09:11:56 +00:00
Felix Fietkau
23b4bf6507 hostapd: add 802.11r support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45051
2015-03-26 23:34:33 +00:00
Felix Fietkau
07b17c6b25 hostapd: allow multiple key management algorithms
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45050
2015-03-26 23:34:24 +00:00
Felix Fietkau
4482d10a04 hostapd: append nasid to config for all WPA types
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45049
2015-03-26 23:34:10 +00:00
Felix Fietkau
eedf17dc9e hostapd: add dependency to hostapd-common
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

SVN-Revision: 45048
2015-03-26 23:34:01 +00:00
Felix Fietkau
cec80c7267 hostapd: package wpad-mesh and wpa_supplicant-mesh variants
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45047
2015-03-26 23:33:56 +00:00
Felix Fietkau
184bac2707 hostapd: add switch_chan and set_vendor_elements ubus methods
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45046
2015-03-26 23:33:52 +00:00
Felix Fietkau
9c7784e5f3 hostapd: update hostapd to 2015-03-25
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45045
2015-03-26 23:33:47 +00:00
John Crispin
242e37454a netifd: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45020
2015-03-26 10:59:40 +00:00
John Crispin
eadb51fa98 mdns: add jail and seccomp support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45012
2015-03-26 10:58:44 +00:00
John Crispin
f5e2b62ab7 dnsmasq: add jail support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45011
2015-03-26 10:58:30 +00:00
Steven Barth
6c0d6a3cb3 odhcp6c: various small fixes
SVN-Revision: 45001
2015-03-25 18:24:54 +00:00
Felix Fietkau
31b0f0be12 iproute2: fix build error with musl (#19302)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44973
2015-03-25 00:11:07 +00:00
Jo-Philipp Wich
437d710546 lldpd: add option to disable privilege separation
Helpful to disable when debugging lldpd crashes (when working on it).
When privilege separation is on, some crashes are stack-traced to
some privilege separation code.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44967
2015-03-24 10:13:08 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
Felix Fietkau
59b55e6a94 iwinfo: update to the latest version, fixes 802.11ac capability reporting
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44948
2015-03-23 12:31:28 +00:00
Felix Fietkau
7cacd6bdb6 netifd: fix default initialization of RPS/XPS
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44944
2015-03-22 17:40:39 +00:00
Felix Fietkau
78692595e7 netifd: update to the latest version, adds support for configuring RPS/XPS (enabled by default where available)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44943
2015-03-22 16:42:44 +00:00
John Crispin
b16cf34c95 curl: fix PKG_CONFIG_DEPENDS
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 44925
2015-03-21 21:47:41 +00:00
John Crispin
1312cd9263 lldpd: add Build/InstallDev rule
For using liblldpctl to talk to lldpd (via unix sockets).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44924
2015-03-21 21:47:34 +00:00
Steven Barth
8cfe2fb30b netifd: fix ipv6 route regression
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44919
2015-03-21 18:28:08 +00:00
Steven Barth
b27efd6e07 netifd: device update fixes, improvements in policy routing
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44899
2015-03-20 07:50:45 +00:00
Felix Fietkau
f88687aaf9 igmpproxy: add names for default config lan/wan phyint sections to make it easier to refer to them from scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44896
2015-03-19 20:37:40 +00:00
Felix Fietkau
0db8c86666 ifenslave: remove package, as it depends on obsolete kernels
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44891
2015-03-19 11:59:09 +00:00
Felix Fietkau
31681f0878 ipset: use in-tree kernel modules to fix crash issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44883
2015-03-19 11:58:17 +00:00
John Crispin
29c3611294 igmpproxy: Multiple downlink interfaces fix.
from Erik Tews <erik@datenzone.de>

This patch has two effects. First, the quickleave feature/behaviour is
disabled for all groups that are used on more than one interface. The
idea of quickleave is to leave a group fast and later figure out whether
there is still somebody interested in that group. For groups used on
more than one interface, it is already known that there is still
somebody interested in that group.

Second, when a leave is received for a group that is used on more than
one interface, igmpproxy sends queries on all interface to discover
remeining listeners for that group. Previously these queries were only
send on the interface the leave was received on, so that listeners on
the other interfaces were not discovered and the group might be left on
the upstream router incorrectly.

This patch can be improved by sending the queries only on the interface
the leave was received on and adapting the algorithm in
internAgeRoute(...) in rttable.c in a way that only one interface is
actually processed and all other interfaces of the route are silently
assumed to be still active.

Signed-off-by: Erik Tews <erik@datenzone.de>

SVN-Revision: 44859
2015-03-17 09:43:07 +00:00
Nicolas Thill
81ff0511df packages: more (e)glibc fixes after r44701
_GNU_SOURCE has been declared "deprecated" in favor of _DEFAULT_SOURCE in glibc

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44843
2015-03-16 12:32:22 +00:00
Nicolas Thill
4b382a440b packages: some (e)glibc fixes after r44701
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44842
2015-03-16 12:25:06 +00:00
Jo-Philipp Wich
eb7f470e7b netifd: dhcp: install host route to gateway (#19182)
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations install a host route towards the gateway.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44789
2015-03-15 14:48:18 +00:00
Felix Fietkau
83cdd1623c uhttpd: make generating SSL keys more reliable against interrupted boots
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44772
2015-03-15 10:32:10 +00:00
John Crispin
ba21cbae3e dnsmasq: enable pxe-prompt, pxe-service config options
DNSMASQ has the ability to provide a menu to a pxeboot system, using
the --pxe-prompt and --pxe-service configuration options.  The current
init.d script converting the "dhcp" file to "dnsmasq.conf" does not
find these options, but they are supported.  This patch thus enables
the options.

Signed-off-by: Derek LaHousse <dlahouss@mtu.edu>

SVN-Revision: 44747
2015-03-13 08:39:08 +00:00
John Crispin
f728bfdae0 relayd: bump to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44745
2015-03-13 08:38:46 +00:00
John Crispin
fb60dd2ae6 dnsmasq: Make parameters optional in dhcpboot config
The --dhcp-boot option of dnsmasq does not require servername and serveraddress
arguments if the builtin tftp server is used.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44744
2015-03-13 08:38:35 +00:00
John Crispin
31b8de4587 lldpd: make LLDP-MED, DOT1 and DOT3 extensions disable-able
The names for the config options were taken from lldpd's
configure.ac file.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44743
2015-03-13 08:38:25 +00:00
John Crispin
d8e61b088f ipset: add ipmark support
Below you'll find a patch to add ipmark module support to ipset.
Changeset 44671 already bumped ipset to version 6.24, but it's still
compiled without ipmark support. This is a requirement for mwan3 v1.6.

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>

SVN-Revision: 44742
2015-03-13 08:38:17 +00:00
John Crispin
470e89f977 lldpd: add support for 'readonly_mode'
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44689
2015-03-12 10:06:08 +00:00
John Crispin
e69626901e uhttp: update to latest git HEAD
this add json-c 0.12, sorry forgot to push this earlier today

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44682
2015-03-11 17:58:47 +00:00
John Crispin
5b04e0dc4e ipset: Bump to 6.24
Included you'll find a patch to bump ipset to version 6.24. This
version supports the ip,fwmark set, which is needed for mwan3 1.6.

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>

SVN-Revision: 44671
2015-03-11 16:41:58 +00:00
John Crispin
59c20174f8 json-c: update to 0.12 and bump all depending services
Version 0.12 deprecates json_object_object_get and moves the header files around

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44657
2015-03-11 15:54:33 +00:00
Felix Fietkau
ee1e8c2f2d iw: update to 3.17
Patch by Bryan Forbes <bryan@reigndropsfall.net>

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44654
2015-03-11 15:02:32 +00:00
Steven Barth
e151d05622 6rd: make host dependency more specific
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44636
2015-03-10 08:43:54 +00:00
Steven Barth
853a1d4baf 6in4: make host dependency more specific
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44635
2015-03-10 08:43:40 +00:00
Nicolas Thill
a7f198b12c ebtables: revert "disable rpath" (closes: #19088)
This reverts commit 9340723d70bce9d905c3f53b2bf415963153b34d.

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44634
2015-03-09 22:07:05 +00:00
John Crispin
f1dcfec6d8 ncm, qmi, mbim: Add dependency on wwan package
The wwan package holds the hotplug script to set mobile broadband
interfaces (un)available. Add it as a dependency to comgt-ncm,
uqmi and umbim.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44631
2015-03-09 14:07:06 +00:00
John Crispin
6ab19b7f46 ncm: Remove unnecessary proto_set_available commands
Interface should not be set unavailable in all error cases,
returning 1 is enough.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44630
2015-03-09 14:06:50 +00:00
John Crispin
3f0f0b8ece wwan: Improve USB modem hotplug script
Adds ncm proto to the list of checked protocols, sets interfaces
unavailable on device removal and removes the unnecessary ifup
command.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44629
2015-03-09 14:06:30 +00:00
John Crispin
dfb9e7c31c comgt, wwan: Move USB data files to wwan package
USB modem data files should be a part of the wwan package, which
actually uses them unlike comgt.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44628
2015-03-09 14:06:20 +00:00
Steven Barth
8dc388f769 odhcpd: improvements for DHCPv4 and compile fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44619
2015-03-06 14:41:07 +00:00
Jo-Philipp Wich
c20e46f792 lldpd: fix passing multiple ifnames to the daemon
Instead of multiple -I arguments, lldpd expects a comma separated list.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44585
2015-03-01 12:25:02 +00:00
Jo-Philipp Wich
b977134dc7 uhttpd: relay stderr to syslog
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44548
2015-02-26 13:44:05 +00:00
Steven Barth
547ac60813 6rd: honor tunlink in host dependency
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44541
2015-02-26 07:42:12 +00:00
Steven Barth
0f365e4cb9 firewall: fix some more null-pointer accesses
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44540
2015-02-26 07:14:41 +00:00
Felix Fietkau
ae9999a766 samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44515
2015-02-24 07:21:25 +00:00
John Crispin
5e7d004633 ppp: Allow PPTP over a specified interface
In a dual-WAN setup, it's useful to specify an interface over which to
have PPTP.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>

SVN-Revision: 44507
2015-02-22 08:29:34 +00:00
John Crispin
291e04ee8f comgt: Use TCGETS and TCSETS ioctls for struct termios
When passing struct termios to ioctl TCGETS and TCSETS should be
used instead of TCGETA and TCSETA, which are meant for the older
struct termio. Should fix https://dev.openwrt.org/ticket/19012

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44506
2015-02-22 08:29:26 +00:00
Nicolas Thill
4b8ebb5d50 packages: remove uneeded PKG_BUILD_DIR overrides
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44498
2015-02-22 01:31:21 +00:00
John Crispin
ef87acc6a5 hostapd: fix c&p typo
https://dev.openwrt.org/ticket/19010

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44484
2015-02-17 15:59:28 +00:00
Steven Barth
c975f83cc2 netifd: various device config / event fixes (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44480
2015-02-17 14:14:51 +00:00
Steven Barth
c091515d68 iproute2: bump version from v3.18.0 to v3.19.0
with refreshed patches

Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 44479
2015-02-17 14:14:39 +00:00
Felix Fietkau
00d422fc60 netifd: update to the latest version, reverts a commit causing MTU issues (fixes #18869)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44461
2015-02-16 09:07:19 +00:00
John Crispin
8f3e9c91a8 hostapd: backport BSSID black/whitelists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.

This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.

In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).

This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':

config wifi-iface
	option device 'radio2'
	option network 'uplink'
	option mode 'sta'
	option ssid 'MyNetwork'
	option encryption 'none'
	list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'

This change consists of the following cherry-picked upstream commits:

b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)

0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44438
2015-02-13 10:53:54 +00:00
Nicolas Thill
e97228fde9 ebtables: disable rpath
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44396
2015-02-11 11:31:07 +00:00
Felix Fietkau
658a33688e relayd: update to the latest version, adds fixes by Alejandro Enrique
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44389
2015-02-11 10:09:57 +00:00
Steven Barth
6ee8d1f178 netifd: fix device config handling and add some config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44331
2015-02-09 08:30:06 +00:00
Jo-Philipp Wich
7be42a71e1 6in4: fix update timeout
The recent rework of the 6in4 endpoint update broke the retry mechanism.
Rework the timeout handling and make the update status more verbose.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44327
2015-02-08 22:20:38 +00:00
Jo-Philipp Wich
ccc33238a4 openvpn: autostart openvpn instances for each .conf file in /etc/openvpn
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.

Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44310
2015-02-07 21:01:28 +00:00
Jo-Philipp Wich
84c6ee610b 6in4: don't use /dev/stdout for wget calls
Busybox ash does not implement /dev/stdout, therfore any wget output
is written into a file /dev/stdout instead of onto the standard output.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44301
2015-02-07 13:33:15 +00:00
John Crispin
fd2689ecfc map: Fix white space errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 44246
2015-02-03 10:10:54 +00:00
John Crispin
83693349fc cURL: implement new functionality with cleanup and fixes
remove obsolete configuration settings
  --disable-thread
  --enable-nonblocking
  --without-krb4
remove SSPI support
  only supported on windows
correct --with/without-ca-path handling
  only supported with OpenSSL and PolarSSL
correct LDAP/LDAPS protocol
  add dependency libopenldap
added SCP/SFTP protocol
  default "No"
  depends on libssh2
added IDN support
  default "No"
  depends on libidn
added SMB protocol (new in 7.40)
  default "No"
  require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected
added Unix sockets support (new in 7.40)
  default "No"
added error verbose messages
  default "No"
changes to Makefile
  Increase PKG_RELEASE
  PKG_CONFIG_DEPENDS and CONFIGURE_ARGS
    extended for new functionality
    use "autoconf_bool" for all --enable/--disable options
    restructure for easier reading
changes to Config.in
  extended for new functionality
  implement dependencies
  restructure and grouping for easier reading
build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800)

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 44243
2015-02-02 09:02:24 +00:00
Jo-Philipp Wich
6dd422a256 curl: fix build with --disable-crypto-auth (#18838)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44192
2015-01-29 16:52:15 +00:00
Nicolas Thill
fc5cec97d2 curl: fix typo in 2 config symbols
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44191
2015-01-29 16:37:08 +00:00
John Crispin
623716dd43 comgt-ncm: Fix NCM protocol
This patch fixes the NCM protocol by adding the missing ifname
to the netifd script and changing one unintended "send" statement to
"print" in runcommand.gcom. It also cleans up logging and makes the
manufacturer names case-insensitive. Furthermore, comgt-ncm should
not depend on the USB-serial-related kernel modules, as the cdc-wdm
control device works without them. There is also no need to depend on
kmod-huawei-cdc-ncm, since other manufacturers (like Sony-Ericsson
and Samsung) which use other kernel modules should also be supported.

I'd appreciate if someone with Samsung or Sony-Ericsson modems could
test this, I was only able to test it with Huawei E3276, E3372 and
E353.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44182
2015-01-28 19:19:33 +00:00
John Crispin
89df45295e cURL: Update to version 7.40.0
* Update to version 7.40.0
* remove non existing config options around enable/disable HTTPS protocoll
* remove --with-ca-path if ssl support disabled
* set proxy support as default like all versions before CC did

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 44176
2015-01-28 12:07:47 +00:00
Jo-Philipp Wich
a7c27877e2 uhttpd: fix another remaining relro issue in the Lua plugin
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44143
2015-01-25 20:43:17 +00:00
Jo-Philipp Wich
634c8c215c uhttpd: fix time_t type mismatch on 32bit systems
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.

Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44138
2015-01-25 17:59:08 +00:00
Jo-Philipp Wich
b82bd94b62 uhttpd: fix crash with enabled relro, memory leak in dirlists and lfs
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
   constant as uhttpd needs to modify its list_head member
 * Make sure that uhttpd supports large files by using 64bit ints
   where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
 * Plug a possible memleak in the directory listing code

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44135
2015-01-25 17:23:26 +00:00
Jo-Philipp Wich
8f5c0708ed uhttpd: fix exit code of mod-ubus postinstall script
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44132
2015-01-25 15:54:43 +00:00
Felix Fietkau
3120c9c9c2 build: drop obsolete kernel version dependencies
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44110
2015-01-24 20:02:09 +00:00
Felix Fietkau
768d09be87 mac80211/hostapd: fix HT mode setup for RSN ad-hoc networks
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44100
2015-01-24 19:27:22 +00:00
Felix Fietkau
c180e8df1e relayd: prevent start for disabled interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44099
2015-01-24 18:12:09 +00:00
Felix Fietkau
ea638e4eba netifd: fix a regression with some VLAN configurations introduced in the last update
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44098
2015-01-24 14:16:36 +00:00
Felix Fietkau
929559c946 ppp: on PPPoE, always send PADT when shutting down the connection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44097
2015-01-24 13:41:10 +00:00
Felix Fietkau
18d4b8783c netifd: do not stop service on shutdown, only call ifdown
Also add a small delay, like on restart

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44096
2015-01-24 13:41:04 +00:00
Jo-Philipp Wich
639f388fc2 ppp: rework host-uniq support to take hex encoded strings
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.

Switch the format to a hex encoded string to support binary data.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44094
2015-01-24 11:30:45 +00:00
Felix Fietkau
c71cf8e6e4 netifd: update to the latest version, fixes bridge reload (#18351) and device config issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44093
2015-01-24 00:30:36 +00:00
Jo-Philipp Wich
1f6411e436 netifd: store additional DHCP lease information
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44092
2015-01-23 22:19:29 +00:00
Steven Barth
fd0e95fe7b nftables: bump for minor fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44062
2015-01-20 13:42:47 +00:00
John Crispin
eb6acdf6b4 comgt: Allow using non-TTY devices
Some Huawei mobile broadband sticks utilizing the NCM protocol expose
the control channel as a cdc-wdm device node instead of a virtual TTY.
This device node does not support the terminal ioctls. This patch
adds a check whether the provided device is a TTY or not and does not
attempt to use the terminal ioctls if they are not supported.

v2: reduce diffstat by simplifying code a little
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 44054
2015-01-20 06:33:49 +00:00
Steven Barth
99fa07d07e netifd: add option to customize IPv6 interface identifiers (thx Hans Dedecker)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44050
2015-01-19 08:39:04 +00:00
Felix Fietkau
2f43d3dcba igmpproxy: add patch to silence unnecessary logging of downstream igmp traffic
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.

Without this patch igmpproxy floods openwrt syslog with messages such as:
  user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
  239.255.250.250, is not in any valid net for upstream VIF.

Signed-off-by: Antti Seppälä <a.seppala@gmail.com>

SVN-Revision: 44020
2015-01-18 00:42:43 +00:00
John Crispin
16b45d21c6 dnsmasq: add option --quiet-dhcp
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

SVN-Revision: 44006
2015-01-17 14:38:55 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
John Crispin
ff3448adaa curl: allow enabling https protocol
Provide optional --enable-https flag for curl.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

SVN-Revision: 43997
2015-01-17 13:57:56 +00:00
Felix Fietkau
6774c43dde add iperf3, a new and smaller version of iperf
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43996
2015-01-17 13:14:02 +00:00
Steven Barth
18f76fbef1 iproute2: add package for bridge program
The 'bridge' program has been part of iproute2 for a while, and it was once
declared[1] to the the intended longterm replacement for bridge-utils, but
its features are still mostly distinct[2] from the venerable brctl.

[1] http://lwn.net/Articles/435845/
[2] http://sgros-students.blogspot.com/2013/11/comparison-of-brctl-and-bridge-commands.html

Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 43993
2015-01-17 10:58:34 +00:00
Steven Barth
d644d1bd5e iproute2: fix header problem for musl
iproute2 includes "sanitized" linux kernel headers, which work fine for uClibc, however
with musl there is some header conflict, principally some ipv6 structure redefinition.  This
patch removes <linux/in6.h> from include/linux/if_bridge.h to solve the problem.

Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 43992
2015-01-17 10:58:29 +00:00
Steven Barth
148684bbf4 iproute2: bump version to 3.18.0
Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 43991
2015-01-17 10:58:22 +00:00
Jo-Philipp Wich
59cab6dd48 dnsmasq: support and use local-service by default (#14951)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43982
2015-01-16 19:04:19 +00:00
Luka Perkov
5b0849b97f mdns: install uci package as config
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

SVN-Revision: 43967
2015-01-14 09:59:26 +00:00
Steven Barth
252bb0eeae map: export calculated ruleset to /tmp
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43961
2015-01-13 19:00:39 +00:00
Rafał Miłecki
adaac86c7f hostapd: backport patch fixing handling new stations
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43951
2015-01-12 22:10:00 +00:00
Steven Barth
98cb5c3a55 nftables: add missing patch
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43949
2015-01-12 12:40:08 +00:00
Steven Barth
05220c415c nftables: bump again and disable building docs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43948
2015-01-12 12:39:14 +00:00
Steven Barth
d73c382a73 map: ignore psid and psidlen if psidlen is 0
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43946
2015-01-12 10:56:54 +00:00
Steven Barth
6150714eb0 nftables: bump to latest and enable debugging
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43944
2015-01-12 06:16:51 +00:00
Jo-Philipp Wich
da9782f935 thc-ipv6: update to v2.7
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43894
2015-01-09 12:49:55 +00:00
Jo-Philipp Wich
39d0b8fea8 lldpd: update to v0.7.13
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43891
2015-01-09 12:35:09 +00:00
John Crispin
52c949e448 openvpn: procd_set_param respawn
Makes sure that the openvpn instance gets restarted in case of a crash.

Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.

Signed-off-by: Lars Gierth <larsg@systemli.org>

SVN-Revision: 43886
2015-01-08 20:26:41 +00:00
Jo-Philipp Wich
a6a142caf6 firewall: respect src_dip option for reflection (#18544)
Also fix wrong IPv4 netmask calculation on x86-64, thanks Ulrich Weber.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43874
2015-01-08 16:10:46 +00:00
Steven Barth
afff105706 nftables: bump to latest git / all patches upstreamed
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43870
2015-01-08 11:31:36 +00:00
Jo-Philipp Wich
7f6af5ddc9 qos-scripts: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43860
2015-01-06 12:42:38 +00:00
Jo-Philipp Wich
a0fb139369 openvpn: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43859
2015-01-06 12:41:22 +00:00
Felix Fietkau
6493328c8f dnsmasq: fix dependency problems of the dnsmasq-full variant.
This patch tries to

 - Let the DHCPv6 feature depend on CONFIG_IPV6.
 - Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
   corresponding features are enabled.
 - Install `trust-anchors.conf` only if DNSSEC is selected.
 - Add PKG_CONFIG_DEPENDS for the configurable options.
 - Add a patch to let the Makefile of dnsmasq be aware of changes in
   COPTS variable.

Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 43851
2015-01-05 13:03:48 +00:00
Felix Fietkau
fe35a1cb8b package: remove references to symbols TARGET_{ps3,pxcab}.
Target pxcab and ps3 were removed from maintaince in r34764 and r34765
respectively.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 43850
2015-01-05 13:03:40 +00:00
Felix Fietkau
4ea1edf840 hostapd: Add uapsd option to netifd.sh
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.

The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e

So this can be safely set to 1 as default.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43846
2015-01-05 13:03:12 +00:00
Imre Kaloz
f9cf1e97fd upgrade to latest revision
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43826
2015-01-04 18:39:58 +00:00
Felix Fietkau
8bd2c446d4 openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43823
2015-01-04 12:03:29 +00:00
Felix Fietkau
b2de18bea4 hostapd: add support for configuring supported rates
patch by Wilco Baan Hofman from #18627

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43782
2014-12-27 12:59:47 +00:00
Steven Barth
4746ffd7a6 netifd: minor fixes, add mldversion option
thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43771
2014-12-23 13:34:04 +00:00
Steven Barth
d945d7d647 dnsmasq: also add the actual patches...
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43759
2014-12-22 09:52:19 +00:00
Steven Barth
1472eaec65 dnsmasq: backport some dnssec fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43758
2014-12-22 09:51:22 +00:00
Steven Barth
d9011ad6be dnsmasq: allow de-selecting features from -full variant.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 43733
2014-12-17 05:59:12 +00:00
Steven Barth
f0ecc0ec37 iproute2: bump version from 3.16.0 to 3.17.0
Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 43731
2014-12-16 12:43:50 +00:00
Steven Barth
5628648f87 nftables: bump to release 0.4, cleanup our patches
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43730
2014-12-16 09:28:59 +00:00
Steven Barth
8aa9160274 nftables: mini-bump and patch cleanup
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43710
2014-12-15 09:41:47 +00:00
Steven Barth
c927daaf76 nftables: bump to latest git, fix mini-gmp patches
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43707
2014-12-14 16:03:45 +00:00
John Crispin
d64e4392df iwinfo: bump to latest git HEAD
http://patchwork.ozlabs.org/patch/420128/

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43666
2014-12-12 16:17:24 +00:00
Felix Fietkau
8afce572b7 igmpproxy: do not attempt to ifstatus error messages as json
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43660
2014-12-12 14:52:29 +00:00
Felix Fietkau
f48b7aa6e4 igmpproxy: do not start instance if no upstream interface is available
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43659
2014-12-12 14:52:24 +00:00
Felix Fietkau
b37dc7e7ce igmpproxy: fix init script indentation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43658
2014-12-12 14:52:18 +00:00
Steven Barth
f565e0598d netifd: Set source IP for DHCP static routes as well
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 43645
2014-12-12 09:39:07 +00:00
John Crispin
a8d0b41530 umbim: fix build for 64bit targets
the CC builder fails to build umbim for 64bit targets (xlp, malta64, ....)

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43595
2014-12-10 15:50:43 +00:00
Steven Barth
89e3a8b3b5 odhcp6c: correctly handle renew-replies with short lease times
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43592
2014-12-10 10:41:51 +00:00
Steven Barth
1f4ddec7f2 netifd: several fixes and optimizations
Thanks to Hans Dedecker and Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43583
2014-12-08 17:43:14 +00:00
Steven Barth
15d67644f1 This patch depends on "Pass source address to proto_add_ipv4_route".
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.

Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>

SVN-Revision: 43582
2014-12-08 17:43:03 +00:00
Felix Fietkau
62c33d9f62 qos-scripts: fix insmod commands
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43562
2014-12-08 12:03:47 +00:00
John Crispin
1e8a83e553 uqmi: Add --delete-message for deleting SMS messages
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43504
2014-12-03 09:17:28 +00:00
Felix Fietkau
fe05893ffb openvpn: update to 2.3.6, fixes CVE-2014-8104
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43482
2014-12-01 19:49:59 +00:00
John Crispin
2dad4c2e07 uqmi: fix SEGFAULT on reading Unicode sms messages
Added complementary blobmsg_close_table() before returning from function
on error.

Signed-off-by: Sławomir Demeszko <s.demeszko@wireless-instruments.com>

SVN-Revision: 43477
2014-12-01 16:23:55 +00:00
John Crispin
d40842d180 hostapd: improve 802.1x dynamic vlan support with bridge names
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.

Signed-off-by: Ben Franske <ben.mm@franske.com>

SVN-Revision: 43473
2014-12-01 16:15:20 +00:00
Steven Barth
490a5ebe23 odhcp6c: avoid busylooping with strangely behaving dhcpv6 servers
Thanks to Dave Taht for debugging and thanks to Comcast for
shipping strangely behaving software so I can fix some corner cases.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43415
2014-11-28 00:39:19 +00:00
Steven Barth
200c30b426 netifd: correctly handle source-parameter for IPv4 routes
Thanks to Kristian Evensen

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43400
2014-11-27 07:26:10 +00:00
Felix Fietkau
9f803fca44 uqmi: update to the latest version, also set 802.3 data format via the WDA service
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43381
2014-11-25 20:34:08 +00:00
Felix Fietkau
185172bdd3 netifd: update to the latest version, fixes issues when changing a bridge member from a vlan to its base device (#18351)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43346
2014-11-23 16:07:00 +00:00
Felix Fietkau
ed5ed9cf6f hostapd: fix build error on some variants with CONFIG_WPA_RFKILL_SUPPORT=y (#17765)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43345
2014-11-23 14:16:47 +00:00
Felix Fietkau
6c1c3cac55 hostapd: switch dependency from mac80211 to cfg80211
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43339
2014-11-21 20:38:14 +00:00
John Crispin
2d09efcd26 nf_conntrack_rtsp: update to latest version
Update nf_conntrack_rtsp to latest version based on http://mike.it-loops.com/rtsp/ (rtsp-module-3.7-v2.tar.gz).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

SVN-Revision: 43311
2014-11-19 09:21:12 +00:00
John Crispin
d460500a72 uqmi: update to latest git HEAD
* fixes a bug in multipart sms
* adds a new call to read the sim phone number (partially functioanl)

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43310
2014-11-19 09:21:07 +00:00
Steven Barth
047f1c8dca netifd: fix race, expose config options
Thanks to Hans Dedecker

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43299
2014-11-19 08:31:13 +00:00
Steven Barth
d2e0fa517f odhcp6c: be less verbose by default, increase musl compatibility
SVN-Revision: 43294
2014-11-18 09:40:39 +00:00
Matteo Croce
9ee442d0f9 pppd: add option to set custom host-uniq pppoe tag
SVN-Revision: 43241
2014-11-14 16:39:59 +00:00
Jo-Philipp Wich
6966aa0d50 lldpd: allow discovery protocols to be disabled from menuconfig
Signed-off-by: Michel Stam <m.stam@fugro.nl>
[jow: fixed condition for CONFIG_LLDPD_WITH_JSON]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43233
2014-11-11 09:49:20 +00:00
Steven Barth
c5b5e68879 6in4: detect curl and busybox wget
b52053b 6in4: https support for he.net tunnel api
introduced HTTPS support using wget.
The busybox version of wget, however, doesn't support the -V option,
thus poluting logfiles with a full invalid-parameter-output.
Redirect stderr to fix that.
As libcurl and curl support selecting the SSL library of your choice,
also add support for curl which is more commonly used on OpenWrt than
"real" wget which needs libopenssl.
Also make sure to respect SSL_CERT_DIR and increase timeouts.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 43228
2014-11-09 13:46:29 +00:00
Steven Barth
990b501ec4 netifd: fix default ORO-setting for 6rd
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43214
2014-11-08 12:24:49 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
Steven Barth
4e26b81c48 odhcpd: disable flash-renumbering hack for non-64 prefixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43202
2014-11-06 13:37:50 +00:00
Felix Fietkau
9a2cf10c33 netfilter: Enable compiling iptables match cluster
This patch adds the userspace and kernelspace for

- match NETFILTER_XT_MATCH_CLUSTER
  This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
  This module allows you to configure a simple cluster of nodes
  that share a certain IP and MAC address
  without an explicit load balancer in front of them.
  Connections are statically distributed between the nodes in this cluster.

This is used i.e. by strongswan-ha.

Signed-off-by: Christian Scheele <cs@embedd.com>

SVN-Revision: 43174
2014-11-03 22:01:45 +00:00
Steven Barth
c7ae195c9e mdnsd: add query / fetch methods, fix some bugs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43169
2014-11-03 19:35:53 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Jo-Philipp Wich
bc356cef82 ppp: support adaptive LCP echos
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.

When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.

Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43143
2014-11-01 12:37:03 +00:00
John Crispin
9d11a9e832 uqmi: update to latest git HEAD
this adds support for pin set/unlock/... and iccid.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43127
2014-10-31 11:02:06 +00:00
Steven Barth
8f877ff42b 6in4: https support for he.net tunnel api
HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed.  Certificate validation is
conditionally enabled if the CA certs are available.

Signed-off-by: Andrew Skalski <askalski@gmail.com>

SVN-Revision: 43124
2014-10-30 13:15:18 +00:00
John Crispin
26e308019d ltq-vdsl-app: use VDSL tone-setup if annex is unset
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 43114
2014-10-30 08:08:01 +00:00
Jo-Philipp Wich
38e72c779e iwinfo: add cli support for phy lookup from uci section
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43092
2014-10-27 16:35:41 +00:00
Jo-Philipp Wich
6149caf01e iwinfo: switch to external git repo, support lookup by phyname & macaddr
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43087
2014-10-27 14:35:44 +00:00
Jo-Philipp Wich
ba48074622 uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43078
2014-10-27 10:25:07 +00:00
John Crispin
27570407f4 comgt: fix typo in the ncm proto handler
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43071
2014-10-26 16:57:38 +00:00
Felix Fietkau
3c9fcd2526 hostapd: update to 2014-10-25
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43059
2014-10-25 16:48:45 +00:00
Steven Barth
a0d9489e84 odhcp6c: avoid some unnecessary big mallocs
SVN-Revision: 43056
2014-10-25 10:39:02 +00:00
Felix Fietkau
3cefd0af7d netifd: update to the latest version, fixes a use-after-free bug
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43044
2014-10-24 13:04:12 +00:00
Felix Fietkau
2579261b7b comgt: drop the use of the non-standard XCASE termios flag (#18186)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43014
2014-10-21 20:32:05 +00:00
Steven Barth
71d05d211d nftables: bump to latest, fix minigmp
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43013
2014-10-21 20:00:56 +00:00
Felix Fietkau
188eb85f5b netifd: update to the latest version, fixes link status handling on VLAN devices (#18106)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43007
2014-10-20 20:09:35 +00:00
John Crispin
d5b734e145 hostapd: Add wpa_psk_file option to netifd.sh
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:

mac_address wpa_passphrase_or_hex_key

Example:

00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43001
2014-10-20 11:19:21 +00:00
Imre Kaloz
48c507b7ed fix compile against musl
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 43000
2014-10-20 10:00:02 +00:00
Felix Fietkau
5ef89f1ec5 iproute2: fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42981
2014-10-19 23:04:17 +00:00
Felix Fietkau
6c2a017553 authsae: fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42980
2014-10-19 23:04:02 +00:00
Steven Barth
6d3fd947e4 odhcpd: fix regression in dhcpv6 t1 and t2 calculation
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42951
2014-10-18 15:47:31 +00:00
Steven Barth
f71f3afd20 odhcpd: multiple fixes
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42944
2014-10-17 11:18:52 +00:00
Steven Barth
99984eaeb3 hostapd: CVE-2014-3686 fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42942
2014-10-17 06:15:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
Steven Barth
9106cc0af9 netifd: Make mtu configurable of dynamic 6rd tunnel interface
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42871
2014-10-12 12:27:21 +00:00
Steven Barth
1db4cb9c92 odhcp6c: fix parse errors with some dhcpv6 servers
SVN-Revision: 42869
2014-10-12 12:18:33 +00:00
John Crispin
51a5ff0947 comgt: add ncm proto support
This will not work for all board/dongle combinations until we hit 3.17.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>

SVN-Revision: 42866
2014-10-10 08:56:33 +00:00
Steven Barth
aad6cb99cf ppp: add unconditional autoipv6-trigger
SVN-Revision: 42860
2014-10-09 07:38:25 +00:00
Steven Barth
3f700643fa ppp: remove ugly ipv6-workaround
This is not needed after all:

Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).

Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42859
2014-10-09 07:35:28 +00:00
Steven Barth
b2d099c11c dropbear: ensure the interface has an ip-address
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.

Use the returned ip-address(es) to construct the dropbear listen address.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 42857
2014-10-09 07:16:35 +00:00
Steven Barth
c62b07b2ce ppp: allow auto-detecting and creation of ipv6 subinterface
this makes ipv6 with ppp a bit more comfortable

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42854
2014-10-08 20:37:15 +00:00
Steven Barth
ea0a01d7e2 odhcp6c: fix typo in last commit
SVN-Revision: 42852
2014-10-08 15:27:17 +00:00
Steven Barth
c7a941cf02 odhcp6c: don't assign addresses or prefixes prematurely
SVN-Revision: 42850
2014-10-08 15:16:19 +00:00
Steven Barth
5fa47c3c04 odhcp6c: ensure signal-safety of signal handlers
SVN-Revision: 42841
2014-10-08 09:58:40 +00:00
John Crispin
344a304524 lldp: make use of new USERID syntax
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42839
2014-10-08 08:01:33 +00:00
John Crispin
90120bb771 wwan: add a generic 3g/4g proto
this proto handler will detect which of 3g, qmi, mbim, ncm or directip you need
for a stick and setup uci automagically

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42837
2014-10-08 08:01:20 +00:00
John Crispin
1df98fcd5a comgt: split directip support into its own package
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42836
2014-10-08 08:00:55 +00:00
John Crispin
bb64826bdb uqmi: dont use proto_block_restart
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42835
2014-10-08 08:00:45 +00:00
John Crispin
e53734ddef uqmi: make the proto depend on the usb driver
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42834
2014-10-08 08:00:21 +00:00
John Crispin
87edc29ea1 umbim: dont use proto_block_restart
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42833
2014-10-08 08:00:17 +00:00
John Crispin
2fa06954a3 umbim: work out the ifname instead of relying on it being in uci
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42832
2014-10-08 08:00:07 +00:00
Steven Barth
8691d75917 odhcp6c: add route-workaround for broken IPv6-ISPs
Some ISP seem to only do stateful DHCPv6 and not sending RAs.
This is technically broken because plain DHCPv6 doesn't carry routes.

We work around here by faking a default route to the DHCPv6 server
if we do not receive a useful RA from the ISP.

This workaround can be turned off with: option fakeroutes 0

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42803
2014-10-06 11:19:33 +00:00
Steven Barth
8243e57167 nftables: bump to 2014-09-30, disable gmp
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42802
2014-10-06 06:24:53 +00:00
John Crispin
74397a14ca iwinfo: add AR9580 with new subsystem device ID and QCA9880 with no subsystem vendor/device IDs
The AR9580 with the new ID can be found in the EnGenius ESR900 and the
QCA9880 without any subsystem IDs can be found in the EnGenius ESR1750.

Signed-off-by: Forest Crossman <cyrozap@gmail.com>

SVN-Revision: 42793
2014-10-06 04:53:04 +00:00
John Crispin
70d56d749b hostapd: read missing parameter for dynamic VLANs
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 42787
2014-10-06 04:52:21 +00:00
Felix Fietkau
5121981a9e iproute2: add conflict for ip with ip-full
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42774
2014-10-05 17:13:34 +00:00
Felix Fietkau
bf0305725a hostapd: add conflicts with wpad(-mini) to hostapd and wpa_supplicant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42772
2014-10-05 16:41:50 +00:00
Felix Fietkau
62e6e788dd relayd: update to the latest version, fixes a build error with the new gcc (#18010)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42765
2014-10-05 11:01:49 +00:00
Felix Fietkau
281f40cef2 hostapd: allow using iapp for any encryption type (fixes #18022)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42764
2014-10-05 10:55:55 +00:00
Felix Fietkau
cd80931e03 hostapd: merge an upstream patch for pmksa cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42762
2014-10-05 10:26:26 +00:00
Felix Fietkau
b5529ed26b iwinfo: detect AC PHY for broadcom-wl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42761
2014-10-05 10:26:17 +00:00
Felix Fietkau
dac05f6724 iwinfo: detect HT PHY for broadcom-wl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42760
2014-10-05 10:26:10 +00:00
Felix Fietkau
349b20c197 iwinfo: fix handling of accessing nl80211 interfaces via radio*
look up device path via uci instead of assuming a direct phy index

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42759
2014-10-05 10:26:05 +00:00
Felix Fietkau
0e439d8a2a iwinfo: enable nl80211 support based on cfg80211, not mac80211
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42758
2014-10-05 10:25:55 +00:00
Jo-Philipp Wich
3158e7cca2 iwinfo: handle 802.11ac mode for lua
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>

SVN-Revision: 42757
2014-10-04 09:38:17 +00:00
Steven Barth
e15f03e5de authsae: update to latest version
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack

Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42750
2014-10-02 19:47:28 +00:00
Steven Barth
75572d0d31 6in4: Tos support
Tos support is added as a string parameter which can have the following values :
   -inherit (outer header inherits the tos value of the inner header)
   -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42749
2014-10-02 19:38:15 +00:00
Steven Barth
e7e54ef672 6to4: Tos support
Tos support is added as a string parameter which can have the following values :
   -inherit (outer header inherits the tos value of the inner header)
   -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42748
2014-10-02 19:38:04 +00:00
Steven Barth
e9d15da0da 6rd: Tos support
Tos support is added as a string parameter which can have the following values :
     -inherit (outer header inherits the tos value of the inner header)
     -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42747
2014-10-02 19:37:58 +00:00
Steven Barth
36b05bbed3 IPIP: IP in IP package support
The package supports IP in IP by registering the ipip protocol handler

Following options are configurable
    -peeraddr (IPv4 remote address)
    -ipaddr (IPv4 local address)
    -ttl (time to live of encapsulating packet)
    -tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
    -df (don't fragment flag of encapsulating packet)
    -mtu (IPIP tunnel mtu)
    -tunlink (bind tunnel to this interface)
    -zone (firewall zone to which the IPIP tunnel will be added)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42746
2014-10-02 19:37:36 +00:00
Steven Barth
73179a188c netifd: fix an error message during network shutdown
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.

Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42745
2014-10-02 19:37:25 +00:00
Steven Barth
1c166058df netifd: add IPIP tunnel support (thx Hans Dedecker)
SVN-Revision: 42744
2014-10-02 19:37:17 +00:00
Steven Barth
def69a96e9 map: fix portsets starting with 0 and use regular NAT for 1:1 MAP
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42741
2014-10-02 19:15:38 +00:00
Felix Fietkau
f9fb48c6bc uqmi: set data format to 802.3 at startup
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42724
2014-10-02 12:19:37 +00:00
Felix Fietkau
bf4cab37b7 uqmi: do not wait for network connection before starting dhcp
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42723
2014-10-02 12:19:26 +00:00
Felix Fietkau
179bfca038 uqmi: update to the latest version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42722
2014-10-02 12:19:09 +00:00
Felix Fietkau
4955a2cd10 uqmi: use the autoconnect feature
Instead of connecting once and saving the packet data handle, let the
firmware handle connecting/reconnecting automatically. This is more
reliable and reduces reliance on potentially stale data.

Use the global packet data handle to attempt to disable autoconnect
before restarting the connection. This ensures that the firmware will
take the new APN/auth settings.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42721
2014-10-02 12:18:58 +00:00
Felix Fietkau
b54144a4c7 uqmi: replace logger calls in netifd with echo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42720
2014-10-02 12:18:43 +00:00
Felix Fietkau
cf595fe834 uqmi: work out the ifname instead of relying on it being in uci
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42719
2014-10-02 12:18:28 +00:00
Steven Barth
6e2262898f GRE: Tos support
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
     -inherit (outer header inherits the tos value of the inner header)
     -hex value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 42700
2014-09-29 18:00:02 +00:00
Steven Barth
30912c5d81 netifd: add support for promisc and GRE tos option
SVN-Revision: 42699
2014-09-29 17:59:50 +00:00
Steven Barth
c2f510f2bd nftables: bump for bugfixes
SVN-Revision: 42698
2014-09-29 08:35:18 +00:00
Felix Fietkau
ca25f76e82 iw: add support for dynamic distance selection (supported by ath9k now)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42689
2014-09-27 21:19:27 +00:00
Felix Fietkau
d27893122d iw: sync nl80211.h
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42688
2014-09-27 21:19:18 +00:00
Steven Barth
36115321be odhcp6c: work around weird ISP RS behaviour
SVN-Revision: 42674
2014-09-27 16:57:47 +00:00
Felix Fietkau
16b3eae040 comgt: fix directip auth type
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42671
2014-09-26 15:55:45 +00:00
Steven Barth
e5190a77e1 comgt: fireup a dhcpv6-client for directip as well
SVN-Revision: 42670
2014-09-26 13:58:40 +00:00
Felix Fietkau
45bd5ebfef comgt: in directip, derive the wwan ifname automatically instead of specifying it in the config
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42669
2014-09-26 13:44:21 +00:00
Steven Barth
dd948b7990 dnsmasq: bump to 2.72
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42668
2014-09-26 08:57:36 +00:00
Steven Barth
71960baa7d odhcpd: fix segfault when parsing domain options in UCI
SVN-Revision: 42663
2014-09-25 11:53:12 +00:00
Felix Fietkau
6edad5a849 curl: only set ca path for openssl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42662
2014-09-25 10:51:56 +00:00
Felix Fietkau
5ad7d7cc97 curl: use the system certificates
Signed-off-by: Cristian Morales Vega <cristian@samknows.com>

SVN-Revision: 42661
2014-09-25 10:37:06 +00:00
Felix Fietkau
cb2642b09b comgt: initialize ifname for directip
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42658
2014-09-24 17:04:20 +00:00
Felix Fietkau
d234ad9dd9 comgt: add no_device=1 for directip proto
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42657
2014-09-24 08:07:45 +00:00
Felix Fietkau
9fa791f62b comgt: fix misplaced : in directip setup script
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42656
2014-09-24 08:07:40 +00:00
Steven Barth
2ccf88744c dnsmasq: fix lockup when interfaces disappear
SVN-Revision: 42648
2014-09-22 12:07:20 +00:00
Jo-Philipp Wich
68147004e2 firewall: allow '*' as synonym for any / all in family and proto options
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42620
2014-09-19 18:18:58 +00:00
Jo-Philipp Wich
36e2179c10 firewall: fix heap corruption in fw3_bitlen2netmask() with IPv6 addresses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42610
2014-09-18 12:05:12 +00:00
Jo-Philipp Wich
cbf50a0ffd firewall: fix invalid memory access when processing /128 IPv6 addresses from ubus, properly emit REDIRECT rules for local port forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42604
2014-09-17 22:09:52 +00:00
Steven Barth
72e6e0b85b nftables: introduce experimental nftables
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42598
2014-09-17 12:11:06 +00:00
John Crispin
ed2fff7452 hostapd: do not remove foreign wpa_supplicant sockets
https://dev.openwrt.org/ticket/17886

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42586
2014-09-17 07:41:31 +00:00
John Crispin
50d313f409 lantiq: revert vr9 driver update as it causes problems
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42556
2014-09-15 16:19:33 +00:00
Felix Fietkau
7ff276afd3 hostapd: remove bogus default setting for wps_pin (#17873)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42553
2014-09-15 16:09:23 +00:00
John Crispin
88cc0ea21d iproute2: update from v3.15.0 to v3.16.0
Signed-off-by: Russell Senior <russell@personaltelco.net>

SVN-Revision: 42546
2014-09-15 10:18:50 +00:00
Hauke Mehrtens
2c605ba1f1 ppp: update to version 2.4.7
This fixes: CVE-2014-3158 and some other bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 42525
2014-09-13 20:56:13 +00:00
Hauke Mehrtens
275ba42c52 curl: 7.36.0 -> 7.38.0
Main changes:
- URL parser: IPv6 zone identifiers are now supported
- cyassl: Use error-ssl.h when available (drop local patch)
- polarssl: support CURLOPT_CAPATH / --capath
- mkhelp: generate code for --disable-manual as well (drop local patch)

Full release notes: http://curl.haxx.se/changes.html

MIPS 34kc binary size:
- 7.36.0 before: 82,539 bytes
- 7.38.0 after: 83,321 bytes

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 42517
2014-09-13 20:26:08 +00:00
Felix Fietkau
8d699086c3 qos-scripts: disable fq_codel ecn by default to improve compatibility
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42479
2014-09-11 23:13:24 +00:00
John Crispin
e9dab2de72 lantiq: update to a newer versions of the vr9 drivers
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42478
2014-09-11 18:22:31 +00:00
John Crispin
5920eac8ee lldp: remove calls to user/group_add/exists
use the new ipkg based mechanism

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42472
2014-09-11 12:28:22 +00:00
John Crispin
e61cd71564 umbim: remove superflous jshn call
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42467
2014-09-11 12:26:52 +00:00
John Crispin
c9d15fbd59 umbim: update to latest git
adds handling for username/password

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42466
2014-09-11 12:26:41 +00:00
John Crispin
7bad68804c comgt: add directip proto
add a proto handler for sierra wireless directip modems

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42465
2014-09-11 12:26:31 +00:00
Felix Fietkau
96b74d4eef hostapd: add ubus bindings for wps
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>

SVN-Revision: 42459
2014-09-10 13:01:53 +00:00
Steven Barth
bd74df01b1 netifd: work-around kernel IPv6 on-link route issue
SVN-Revision: 42439
2014-09-08 14:45:56 +00:00
John Crispin
f769949e72 mdns: update to latest git head
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42407
2014-09-02 21:39:40 +00:00
Felix Fietkau
008c7a9e5a netifd: update to the latest version, adds interface cleanup fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42345
2014-08-31 13:09:01 +00:00
Felix Fietkau
ba62bcbf24 netifd: update to the latest version, fixes proto-shell teardown after renew
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42344
2014-08-31 12:26:26 +00:00
John Crispin
7f260ef6b7 dropbear: add mdns support to the init.d script
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42326
2014-08-29 18:16:41 +00:00
John Crispin
645ee59a2d mdns: update to latest git
* ipv6
* 4 bugs in the dns parser
* service announcement
* tx goodbye support
* proper handling of rx goodbye

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42325
2014-08-29 18:16:32 +00:00
John Crispin
f65ff468f7 dnsmasq: Make the --dhcp-host logic easier to understand
Use an if/else statement to cover the two different syntaxes.  Add
comments explaining what the end results should look like.

This patch should not change the script's output.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

SVN-Revision: 42320
2014-08-28 06:27:57 +00:00
John Crispin
5046209312 dnsmasq: Fix hosts file format when MAC address is not specified
An entry like this in /etc/config/dhcp:

    config 'host'
        option 'name' 'pc2'
        option 'ip' '192.168.100.56'
        option 'dns' '1'

results in a /tmp/hosts/dhcp entry that looks like this:

    192.168.100.56 .lan

Obviously it should say "pc2.lan".

This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199".  Fix this by reordering the
operations.  Also, refuse to add a DNS entry if the hostname or IP is
missing.

Fixes #17683

Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

SVN-Revision: 42319
2014-08-28 06:27:53 +00:00
John Crispin
449994b8c2 dnsmasq: Create rDNS records for LuCI "Hostnames"
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.

Signed-off-by: Tyler Fenby <tylerf@securecominc.com>

SVN-Revision: 42318
2014-08-28 06:27:49 +00:00
John Crispin
8686e23873 umbim: update to latest git
add pincode sanitization and handling for authproto/user/pass

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42299
2014-08-26 09:36:59 +00:00
Jo-Philipp Wich
730589281e uhttpd: do not configure TLS parameters if libustream-ssl is not present
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.

Skip key/cert and ssl listen options when libustream-ssl.so is not present.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42284
2014-08-25 12:39:34 +00:00
John Crispin
2ae05c57f8 package/*: remove useless explicit set of function returncode
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.

myfunction()
{
	fire_command

	return $?
}

a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:

http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42278
2014-08-25 06:35:50 +00:00
Steven Barth
75cbca0a40 odhcp6c: enable softwires support by default
SVN-Revision: 42274
2014-08-25 06:11:53 +00:00
Jo-Philipp Wich
9d2bdd8585 iwinfo: properly decode SSIDs when scanning through wpa_supplicant
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42273
2014-08-24 21:42:26 +00:00
Steven Barth
befad7432b odhcpd: fix static lease behavior with dhcpv4
SVN-Revision: 42270
2014-08-24 08:12:57 +00:00
John Crispin
0aa8214ae9 umbim: add netifd proto handler for mbim style lte modems
tested on vodafone k5105

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42262
2014-08-22 19:02:30 +00:00
Felix Fietkau
53d1cb9409 xtables-addons: update to version 2.5
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42256
2014-08-21 19:12:34 +00:00
Jonas Gorski
bb6905bd23 dropbear: restore performance by disabling mips16
Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.

Fixes #15209.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 42250
2014-08-21 11:29:04 +00:00
Jonas Gorski
932305f854 dropbear: fix keepalive more
Add a further upstream commit to more closely match the keepalive
to OpenSSH.

Should now really fix #17523.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 42249
2014-08-21 11:29:02 +00:00
John Crispin
b9ea44f947 firewall: the firewall did not start properly on boot
https://dev.openwrt.org/ticket/17593

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42233
2014-08-21 09:53:25 +00:00
Steven Barth
0f49b1940e dnsmasq: fix a race condition possibly leading to lockup
SVN-Revision: 42225
2014-08-20 09:52:29 +00:00
Steven Barth
fe3d4f2176 odhcpd: various DHCPv4 and DHCPv6 fixes
SVN-Revision: 42217
2014-08-19 05:58:51 +00:00
Steven Barth
c36e312647 dnsmasq: respect option dhcpv4 disabled in dhcp-config
SVN-Revision: 42216
2014-08-19 05:58:44 +00:00
Jonas Gorski
006cdbfdbc dropbear: fix keepalive with putty
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke
at least putty.

Fixes #17522 / #17523.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 42162
2014-08-13 20:49:56 +00:00
Steven Barth
92ef017054 netifd: assign ipv6-prefixes with length <64 with /64 on-link routes
SVN-Revision: 42161
2014-08-13 14:57:11 +00:00
Steven Barth
a8a07e5156 odhcpd: improve DHCPv6-PD detection
SVN-Revision: 42160
2014-08-13 14:57:07 +00:00
Steven Barth
af964cafc3 ppp: enable IPv6CP by default
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42158
2014-08-13 10:18:20 +00:00
Steven Barth
eba984b94b odhcpd: multiple DHCPv4 improvements (thx Christian Mehlis)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42153
2014-08-12 13:30:04 +00:00
Jo-Philipp Wich
eb02b887ff package: fix segfault of iwinfo.scanlist("radio0").
This is a bug revealed in r41830.

First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like.  This will
happen in the following call stack.

 nl80211_get_scanlist("radio0", buf, len);
   nl80211_phy2ifname("radio0")			// return static var nif with content "wlan0"
   nl80211_get_scanlist(nif, buf, len);		// tail call
     nl80211_get_mode(nif);
        nl80211_phy2ifname(nif);		// zero out nif

Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.

Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42151
2014-08-12 11:14:11 +00:00
Jo-Philipp Wich
aa9e69908e firewall: fix potential NULL pointer access
Properly skip struct ifaddr entries with NULL ifa_addr, thanks Kostas Papadopoulos for reporting.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42138
2014-08-11 17:45:18 +00:00
Steven Barth
ff6363dc19 dropbear: update to 2014.65
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42131
2014-08-11 13:02:43 +00:00
Jo-Philipp Wich
fa37594f50 firewall: implement selective conntrack flushing (#10225)
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42114
2014-08-11 09:41:20 +00:00
Luka Perkov
bc69ee8eab hostapd: fix some whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 42111
2014-08-11 08:44:48 +00:00
Steven Barth
c1d698fce4 odhcpd: avoid logspam in certain corner cases
SVN-Revision: 42067
2014-08-08 08:45:33 +00:00
Steven Barth
74941a0d25 odhcpd: write host-entries for all leased IPv6 addresses
SVN-Revision: 42065
2014-08-08 05:30:59 +00:00
Felix Fietkau
4d39f186bc xtables-addons: remove version 1.x for old kernels
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42047
2014-08-07 19:30:33 +00:00
Steven Barth
28007326d4 odhcpd: update hostfile more often
SVN-Revision: 42042
2014-08-07 18:07:37 +00:00
Steven Barth
ddbd2cf781 iptables: add kmod-ipt-nf* to dependency list of iptables-mod-nf*.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42034
2014-08-07 12:32:33 +00:00
Steven Barth
b95b4ede4c netifd: unblock some proto shell actions in teardown state
SVN-Revision: 42032
2014-08-07 10:21:08 +00:00
Steven Barth
4659a5f920 odhcpd: correct incorrect commit-id in last commit
SVN-Revision: 42026
2014-08-07 05:50:44 +00:00
Steven Barth
7dbe0cb7b1 odhcpd: skip MSRs in RAs for prefixes with same size as DP
SVN-Revision: 42024
2014-08-07 05:34:02 +00:00
Steven Barth
9f2a17103f iptables: NFLOG and NFQUEUE targets' full support
NFLOG and NFQUEUE targets' full support for iptables.

Includes all needed kernel modules (Xtables's and Netlink's)
 and userspace libraries.
All added kernel modules can be individually disabled,
 all other new libraries get their own individual packages.

Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>

SVN-Revision: 42022
2014-08-07 04:42:22 +00:00
Steven Barth
6656292619 netifd: disable ds-lite, map & gre for old kernels
this unbreaks netifd compilation on old kernels

SVN-Revision: 42019
2014-08-06 19:57:19 +00:00
Felix Fietkau
b465cf412f iwinfo: allow scans in AP mode on nl80211
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42014
2014-08-06 17:07:18 +00:00
Steven Barth
1e6ab23098 netifd: minor fixes (thanks Hans Dedecker)
SVN-Revision: 42000
2014-08-05 10:03:10 +00:00
Steven Barth
bc0acb9db9 gre: Change hostdependcy to remote endpoint tunnel address
Depend on the GRE tunnel peeraddr to trigger setup of the tunnel interface.
Addresses the issue reported in https://lists.openwrt.org/pipermail/openwrt-devel/2014-August/027201.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41998
2014-08-05 09:57:55 +00:00
Felix Fietkau
44cb68c038 hostapd: revert bogus version that was added in r41872
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41960
2014-08-03 10:53:40 +00:00
Felix Fietkau
49d00e95db iputils: add missing includes, fix musl support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41958
2014-08-03 10:45:36 +00:00
Felix Fietkau
3e0247b95f igmpproxy: add missing include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41957
2014-08-03 10:45:31 +00:00
Felix Fietkau
34a1ee8410 iwcap: add missing include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41956
2014-08-03 10:45:28 +00:00
Felix Fietkau
5a506ca595 iwinfo: add missing include statement
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41955
2014-08-03 10:45:23 +00:00
Jo-Philipp Wich
baa7c211f5 netfilter: introduce xt_id match
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41945
2014-08-01 22:49:47 +00:00
Steven Barth
7dabdbde78 gre: Generic Routing Encapsulation package support
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
    -gre
    -gretap
    -grev6
    -grev6tap

Following options are valid for gre and gretap kinds:
    -ipaddr
    -peeraddr
    -df
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The gretap kind supports additionally the network option

Following options are valid for grev6 and grev6tap kinds:
    -ip6addr
    -peer6addr
    -weakif
    -mtu
    -ttl
    -tunlink
    -zone
    -ikey
    -okey
    -icsum
    -ocsum
    -iseqno
    -oseqno

The grev6tap kind supports additionally the network option

Typical network config for a GREv4 tunnel :

config interface 'gre'
        option peeraddr '172.16.18.240'
        option mtu '1400'
        option proto 'gre'
        option tunlink 'wan'
        option zone 'tunnel'

Typical network config for a GREv4 tap tunnel :

config interface 'gretap'
        option peeraddr '195.207.5.79'
        option mtu '1400'
        option proto 'gretap'
        option zone 'tunnel'
        option tunlink 'wan'
        option network 'wlan_ap'

I added myself as maintainer for the moment; feel free to change.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41897
2014-07-30 13:22:24 +00:00
Steven Barth
e413bb0e7e netifd: fixes and GRE support (thx Hans Dedecker)
SVN-Revision: 41896
2014-07-30 13:21:52 +00:00
Steven Barth
462023f45a odhcp6c: Fix white space typo in dhcpv6.script
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41893
2014-07-30 13:18:01 +00:00
Steven Barth
86671615de netifd: suppress fw3 warnings in dhcp script
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 41892
2014-07-30 13:17:56 +00:00
Steven Barth
6a50e69b21 netifd: more race condition fixes in proto-shell
SVN-Revision: 41887
2014-07-29 17:24:23 +00:00
John Crispin
8d3f839da7 ppp: fix a buffer overrun in the ms chap code
https://dev.openwrt.org/ticket/17296

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 41882
2014-07-29 12:18:52 +00:00
Jo-Philipp Wich
b6153f92ad hostapd: Reintroduce Full Dynamic VLAN support
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.

Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41872
2014-07-29 09:48:02 +00:00
Felix Fietkau
c6d1992701 hostapd: add more missing ifdefs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41863
2014-07-28 22:52:39 +00:00
Steven Barth
7f17639742 netifd: more dynamic interface improvements
SVN-Revision: 41862
2014-07-28 20:35:53 +00:00
Felix Fietkau
fd619513d1 hostapd: add missing ifdef
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41855
2014-07-28 10:36:51 +00:00
Felix Fietkau
76d7397bc2 netifd: fix a small issue in r41831
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41836
2014-07-26 14:35:15 +00:00
Felix Fietkau
e7ece301fe odhcp6c: suppress fw3 warnings
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41833
2014-07-26 12:23:28 +00:00
Felix Fietkau
ee4f8c8b99 netifd: update to the latest version, fixes a race condition with renew/setup
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41831
2014-07-26 01:46:34 +00:00