Commit Graph

1802 Commits

Author SHA1 Message Date
Felix Fietkau
5368066e9b umdns: update to the latest version
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e1ac00ccb)
2023-10-28 09:19:46 +02:00
Nick Hainke
7fe85ce1f2 hostapd: increase PKG_RELEASE to fix builds
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3)
2023-09-29 11:29:36 +02:00
Felix Fietkau
02ed2b0271 hostapd: fix wpa_supplicant mac address allocation on ap+sta
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d)
2023-09-28 10:32:59 +02:00
Felix Fietkau
782341458c hostapd: fix mac address of interfaces created via wdev.uc
Use the wdev config with the generated MAC address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0c43a48735)
2023-09-27 15:04:36 +02:00
Felix Fietkau
849f0ea65c hostapd: fix rare crash with AP+STA and ACS enabled
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7)
2023-09-27 14:05:40 +02:00
Felix Fietkau
2f30dec3cb hostapd: fix patch rebase after a crash fix
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function

Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d7)
2023-09-22 20:01:43 +02:00
Felix Fietkau
fe1028e89c hostapd: fix wpa_supplicant bringup with non-nl80211 drivers
Needed for wired 802.1x

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fd6d7aafb2)
2023-09-22 08:11:04 +02:00
Felix Fietkau
eda1545e6e hostapd: add missing NULL pointer check in uc_hostapd_iface_stop
Avoid crashing if the interface has already been removed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 4145ff4d8a)
2023-09-20 18:43:35 +02:00
Felix Fietkau
6019945e96 hostapd: fix a crash when disabling an interface during channel list update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e9722aef9e)
2023-09-20 14:11:53 +02:00
Felix Fietkau
09b9d732ec hostapd: use phy name for hostapd interfaces instead of first-bss ifname
Improves reliability in error handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a511480368)
2023-09-19 11:57:18 +02:00
Felix Fietkau
5e3f86a101 hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d582)
2023-09-18 16:52:25 +02:00
Felix Fietkau
90d5961751 hostapd: remove eap-eap192 auth type value
It is no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b0501d380f)
2023-09-18 16:52:25 +02:00
Felix Fietkau
6798f156f9 hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d)
2023-09-18 16:52:25 +02:00
Felix Fietkau
98d0ee9dbf hostapd: fix FILS key mgmt type for WPA3 Enterprise 192 bit
Use the SHA384 variant to account for longer keys with more security

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52)
2023-09-18 16:52:25 +02:00
Felix Fietkau
9720b094ae hostapd: backport from master, including ucode based reload support
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-18 16:52:25 +02:00
Stijn Tintel
5deed175a5 hostapd: revert upstream commit to fix #13156
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.

Fixes: #13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 324673914d)
2023-08-19 16:01:06 +02:00
Felix Fietkau
482c57afea hostapd: add fix for dealing with VHT 160 MHz via ext nss bw
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit adfeda8491)
2023-08-15 16:44:58 +02:00
Etienne Champetier
ee910d1e67 dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead9)
2023-07-26 14:00:52 +02:00
Andre Heider
8d7d9aa4a4 hostapd: update to 2023-06-22
Removed, merged upstream:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Manually refreshed:
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 600-ubus_support.patch
- 761-shared_das_port.patch

Fixes: #12661
Fixes: 304423a4 ("hostapd: update to 2023-03-29")
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit cd804c1ebb)
2023-07-20 08:04:11 +02:00
Hauke Mehrtens
106c83a1ea uhttpd: update to latest git HEAD
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b8126)
2023-06-25 22:50:50 +02:00
Christian Marangi
02a37dee1b
odhcpd: bump to latest git HEAD
5211264 odhcpd: add support for dhcpv6_pd_min_len parameter
c6bff6f router: Add PREF64 (RFC 8781) support

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit acd9981b4e)
2023-06-24 19:09:52 +02:00
Felix Fietkau
bc6bf2a0d0
unetd: update to the latest version
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7b1e898336)
2023-06-12 22:10:17 +02:00
Nick Hainke
60b6220028 lldpd: update to 1.0.17
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 17fbbafdcb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-24 19:26:19 +01:00
Nozomi Miyamori
d728d05c6c dropbear: add ForceCommand uci option
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.

Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 23:24:50 +02:00
Mark Baker
ce81896769 umdns: Update to umdns HEAD
Update to umdns HEAD to include latest enhancements for browse method
filtering, return of TXT records as an array, dumping IPv4/6 as an
array, and including the interface name in a browse reply.

Signed-off-by: Mark Baker <mark@vpost.net>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x, mt7621, x86_64
2023-05-18 18:07:17 +02:00
Tianling Shen
48ed07bc0b treewide: replace AUTORELEASE with real PKG_RELEASE
Based on Paul Fertser <fercerpav@gmail.com>'s guidance:
Change AUTORELEASE in rules.mk to:
```
AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
```

then update all affected packages by:
```
for i in $(git grep -l PKG_RELEASE:=.*AUTORELEASE | sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
	make package/$i/clean
done
```

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-18 11:35:29 +02:00
Felix Fietkau
4e5aac4729 bridger: update to the latest version
d4f56f0e6971 add support for handling traffic to/from the bridge device
3ea579064c00 nl: add separate socket for netlink commands
4ec5a51c6d01 nl: fetch packet stats for offloaded flows
0319fd080bf5 add support for configuring a fixed output port for a bridge member port
5b730f0c2cf5 bridger-bpf: fix build on older kernels
00af6c6e8350 nl: process IFLA_MASTER in any nl events, but skip wireless events
a2794f95756e bridger-bpf: add bpf_skb_pull_data call
6974093eb036 nl: rework vlan code to use the iflink API
d0f79a16c749 nl: do not attempt to enable flow offload on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-05-12 21:18:31 +02:00
Nick Hainke
304423a4ff
hostapd: update to 2023-03-29
Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch

Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch

Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx),
           EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-22 23:18:15 +02:00
Christian Marangi
75f7e2d10b
odhcpd: bump to latest git HEAD
40ab806 config: use dedicated link local function to check interface
a84bff2 netlink: add support for getting interface linklocal
2ea065f Revert "config: recheck have_link_local on interface reload if already init"
4b38e6b config: fix feature for enabling service only when interface RUNNING

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-04 06:43:23 +02:00
Ian Dall
ed86454578 dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4

Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
2023-04-01 22:35:13 +02:00
Ruben Jenster
936df715de dnsmasq: add dhcphostsfile to ujail sandbox
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.

Signed-off-by: Ruben Jenster <rjenster@gmail.com>
2023-04-01 22:22:49 +02:00
Christian Marangi
eeaa71a3de
odhcpd: bump to latest git HEAD
29c934d config: recheck have_link_local on interface reload if already init

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-24 02:01:07 +01:00
Christian Marangi
d2fc620d0a
odhcpd: bump to latest git HEAD
7c0f603 router: skip RA and wait for LINK-LOCAL to be assigned
ba30afc config: skip interface setup if interface not IFF_RUNNING
06b111e Revert "odhcpd: Reduce error messages"
90d6cc9 odhcpd: Reduce error messages

Also drop AUTORELEASE since it got deprecated.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-22 06:39:51 +01:00
Andre Heider
07730ff346
treewide: add support for "lto" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".

Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."

Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
da3700988d
treewide: add support for "gc-sections" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".

Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.

Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
5c545bdb36
treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16
Keep backwards compatibility via PKG_USE_MIPS16 for now, as this is
used in all package feeds.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Felix Fietkau
635d177ac9 hostapd: enable radius server support
This is useful in combination with the built-in eap server support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
cf992ca862 hostapd: add missing return code for the bss_mgmt_enable ubus method
Fixes bogus errors on ubus calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
d10e1b4a71 hostapd: add support for defining multiple acct/auth servers
This allows adding backup servers, in case the primary ones fail.
Assume that port and shared secret are going to be the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Kevin Darbyshire-Bryant
c9df2d5c64 dnsmasq: bump to v2.89
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-02-25 20:49:47 +00:00
Leon M. Busch-George
ae751535de
hostapd: always use sae_password for mesh/SAE auth
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).

The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.

Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
  limitation).

Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.

Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-19 19:43:57 +01:00
Leon M. Busch-George
3c10c42ddd
hostapd: add quotes in assignments
It's generally advised to use quotes for variable assignments in bash.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-02-19 19:43:54 +01:00
Stijn Tintel
65c9b5ffb0 odhcpd: bump to git HEAD
dfab0fa dhcpv4: detect noarp interfaces
  5a17751 router: improve RA logging
  edc5e17 router: always check ra_default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:30:03 +02:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Felix Fietkau
83d3e255f1 bridger: update to the latest version
8be8bb9df789 nl: fix accessing hairpin mode and isolated from the right attribute set

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Andre Heider
9902c8520b uhttpd: clean up Makefile
uhttpd's cmake options all default to ON. Either we set all of them or
none if the defaults need to be changed. Let's go with the latter.

Because support for all modules is always compiled in, remove two unused
and useless config toggles.

uhttpd detects and uses libcrypt itself, no need to add it here again.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Hauke Mehrtens
015c108755 relayd: bump to version 2023-01-28
f646ba4 route: Fix compile warning with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 20:24:22 +01:00
Hauke Mehrtens
d14559e9df uhttpd: update to latest Git HEAD
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:31:42 +01:00
Hannu Nyman
a57796b137
dnsmasq: set an increased cachesize default value
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-21 11:13:44 +01:00
Christian Marangi
d9aa41dcda
lldpd: use release tar instead of codeload
There is currently a problem with making reproducible version of lldpd.
The tool version is generated based on 3 source:
1. .dist-version file in release tar
2. git hash with presence of .git directory
3. current date

Using the codeload tar from github results in getting the repo without
the .git directory and since they are not release tar, we don't have
.dist-version. This results in having lldpd bin with a version set to
the current build time.

Switch to release tar so that we correctly have a .dist-version file and
the version is not based on the build time.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-01-12 14:55:07 +01:00