Commit Graph

3360 Commits

Author SHA1 Message Date
Hauke Mehrtens
741260d281 uhttpd: Execute uci commit and reload_config once
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 501221af54)
2021-03-21 22:39:32 +01:00
Hauke Mehrtens
97a4d27fb5 uhttpd: Reload config after uhttpd-mod-ubus was added
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.

This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d25d281fd6)
2021-03-21 22:39:27 +01:00
Stefan Lippers-Hollmann
7b6ee74ee9 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-01 21:49:55 +01:00
Raphaël Mélotte
60823c67cb hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
2021-02-20 10:39:42 +01:00
Felix Fietkau
268381cc5a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 75455b75a7ee)
2021-02-16 12:27:56 +01:00
Daniel Golle
d79eeba688
odhcpd: setup dhcpv4 server automagically
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-15 00:34:43 +00:00
Hauke Mehrtens
da283a8f2c iw: Update to version 5.9
The nl80211.h file is mostly matching kernel 5.10, so remove most of our
changes from the patch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:32 +01:00
Hauke Mehrtens
12424edff5 mac80211: Update to version 5.10-rc6-1
The removed patches were applied upstream.

This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:29 +01:00
Daniel Golle
11ccf108f2 iwinfo: update to version 2021-01-31
5a2dd18 iwinfo: add hardware description for MediaTek MT7622
 4a32b33 iwinfo: add PCI ID for MediaTek MT7613BE

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-13 19:20:49 +00:00
Raphaël Mélotte
68073e2d46 hostapd: add patch for setting 4addr mode in multi_ap
This patch is required to be able to roam from one backhaul AP to
another one in the same ESS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(daniel@makrotopia.org: PKG_REVISION bump and refreshed patches)
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-13 13:44:22 +00:00
Raphaël Mélotte
14b9100f1c hostapd: reconfigure wps credentials on reload
This patch fixes a bug that prevents updating Multi-AP credentials
after hostapd has started.

It was sent to upstream hostapd here:
https://patchwork.ozlabs.org/bundle/rmelotte/hostapd:%20update%20WPS%20credentials%20on%20SIGHUP/

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-12 08:52:41 +01:00
Raphaël Mélotte
59fa9c28d6 hostapd: add notifications for management frames
This patch allows other applications to get events management
frames (for example: association requests).

This is useful in Multi-AP context to be able to save association
requests from stations.

It has been sent to upstream hostapd in this series:
https://patchwork.ozlabs.org/project/hostap/list/?series=217500

'700-wifi-reload.patch' is updated due to the introduction of
'110-notify-mgmt-frames.patch'.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-12 08:52:41 +01:00
Andre Heider
3e7c7d4446 ltq-dsl-base: remove usused lantiq_dsl.sh
All users have been converted to ubus.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
dea953744d ltq-adsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5e1a929bf2 ltq-vdsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
42fc827b11 ltq-adsl-app: add ubus support to get metrics
As with ltq-vdsl-app, see previous commit.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5372205ca9 ltq-vdsl-app: add ubus support to get metrics
Add a 'dsl' ubus object with a 'metrics' function to replace the
expensive shell parsing done by /etc/init.d/dsl_control [dsl|luci]stat.

All metrics are gathered by using syscalls. An additional thread is started
to handle ubus events.

$ time /etc/init.d/dsl_control dslstat
real	0m 2.66s
user	0m 0.90s
sys	0m 1.76s

$ time ubus call dsl metrics
real	0m 0.02s
user	0m 0.00s
sys	0m 0.01s

Example output:
{
	"api_version": "4.17.18.6",
	"firmware_version": "5.8.1.5.0.7",
	"chipset": "Lantiq-VRX200",
	"driver_version": "1.5.17.6",
	"state": "Showtime with TC-Layer sync",
	"up": true,
	"uptime": 3891,
	"atu_c": {
		"vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			178,
			26
		],
		"vendor": "Broadcom 178.26",
		"system_vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			0,
			0
		],
		"system_vendor": "Broadcom",
		"version": [
			49,
			57,
			46,
			48,
			46,
			51,
			53,
			46,
			50,
			32,
			86,
			69,
			95,
			49,
			49,
			95
		],
		"serial": [
			65,
			65,
			49,
			52,
			52,
			54,
			70,
			69,
			48,
			90,
			87,
			45,
			48,
			56,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0
		]
	},
	"power_state": "L0 - Synchronized",
	"xtse": [
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		2
	],
	"annex": "B",
	"standard": "G.993.2",
	"profile": "17a",
	"mode": "G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)",
	"upstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 0,
		"data_rate": 31999000,
		"latn": 8.500000,
		"satn": 8.400000,
		"snr": 12.700000,
		"actps": -90.100000,
		"actatp": 13.400000,
		"attndr": 37180000
	},
	"downstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 140,
		"data_rate": 89998000,
		"latn": 9.500000,
		"satn": 9.600000,
		"snr": 13.300000,
		"actps": -90.100000,
		"actatp": -1.600000,
		"attndr": 116315372
	},
	"errors": {
		"near": {
			"es": 1,
			"ses": 0,
			"loss": 3,
			"uas": 424,
			"lofs": 0,
			"fecs": 0,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 27740,
			"rx_uncorrected_protected": 27010,
			"rx_retransmitted": 0,
			"rx_corrected": 730,
			"tx_retransmitted": 16222
		},
		"far": {
			"es": 242,
			"ses": 71,
			"loss": 0,
			"uas": 424,
			"lofs": 0,
			"fecs": 22687,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 1383552,
			"rx_uncorrected_protected": 1220215,
			"rx_retransmitted": 0,
			"rx_corrected": 163337,
			"tx_retransmitted": 1574051
		}
	}
}

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
4ba6fad7f7 ltq-vdsl-app: shutdown upon sigterm
procd sends sigterm to stop daemons, hook it up.

This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Kevin Darbyshire-Bryant
db00f312d3 dnsmasq: Bump to v2.84
dnsmasq v2.84rc2 has been promoted to release.

No functional difference between v2.83test3 and v2.84/v2.84rc2

Backport 2 patches to fix the version reporting

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-02-08 13:16:24 +00:00
Daniel Golle
aed95c4cb8 dnsmasq: switch to ubus-based hotplug call
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Paul Spooren
8286f3a3d3 treewide: unify OpenWrt hosted source via @OPENWRT
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.

Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-05 12:00:24 -10:00
Petr Štetiar
43ff6e641e hostapd: add forgotten patch for P2P vulnerability fix
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.

Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-04 09:11:50 +01:00
Daniel Golle
7c8c4f1be6 hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-04 01:05:32 +00:00
Curtis Deptuck
abe348168b iptables: update to 1.8.7
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.7.txt

Refresh patch:
None required

Signed-off-by: Curtis Deptuck <curtdept@me.com>
2021-02-02 21:06:45 +01:00
Hans Dedecker
1b484f1a12 odhcpd: update to latest git HEAD
8d8a8cd dhcpv6-ia: apply prefix_filter on dhcpv6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-30 21:25:09 +01:00
Paul Spooren
7b63d89b52 umdns: bump to 2021-01-26
* i78aa36b umdns: fix 64-bit time format string
* start using $(AUTORELEASE)
* Update Copyright

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-26 13:08:56 -10:00
Tony Ambardar
23be333401 bpftools: update to 5.10.10
Use the latest stable kernel since the previous 5.8.x series is EOL.

Also drop the following patches recently accepted upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-01-25 14:37:41 +01:00
Kevin Darbyshire-Bryant
297f82fc58 dnsmasq: Update to 2.84test3
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket.  This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.

This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

dnsmasq v2.84test3 resolves these issues.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-01-24 15:56:39 +00:00
Adrian Schmutzler
b2bab95116 maccalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

The package does not seem to have a maintainer.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:45 +01:00
Adrian Schmutzler
511d71e689 owipcalc: remove package
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.

Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-23 12:43:29 +01:00
Florian Eckert
e779d30f32 iperf3: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Florian Eckert
ad54af2ae0 iperf: remove
This package is not needed in base. It will be imported in the packages
feed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-22 14:53:50 -10:00
Nick Hainke
0fda8049a7 owipcalc: remove clone in cidr_contains6
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.

I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-19 15:39:36 +01:00
Hauke Mehrtens
e87c0d934c dnsmasq: Update to version 2.83
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
Hans Dedecker
e857b09767 netifd: fix IPv6 routing loop on point-to-point links
c00c833 interface-ip: add unreachable route if address is offlink
e71909c interface-ip: coding style fixes

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Hans Dedecker
4301541351 odhcp6c: fix routing loop on point-to-point links
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Leon M. George
d5bbd4975c hostapd: fix setting wps_state to "not configured"
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-15 18:17:45 +01:00
Nick Hainke
5beea4c3fd owipcalc: use v6 in cidr_parse6 function
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-15 17:40:27 +01:00
Leon M. George
fa02225ee6 hostapd: fix key_mgmt typo
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.

Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-14 03:54:06 +01:00
Leon M. George
f72ce73e36 hostapd: remove trailing whitespaces
Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:50:38 +01:00
Leon M. George
4bde00c2a3 hostapd: remove unused variable
'base' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:48:41 +01:00
Leon M. George
3497b30b9c hostapd: remove unused variable
'enc_str' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:45:17 +01:00
Daniel Golle
1f78538387 hostapd: run as user 'network' if procd-ujail is installed
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00
Daniel Golle
1e2d162092 hostapd: improve error handling when adding supplicant config
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:49 +00:00
Etan Kissling
7babb978ad hostapd: add multicast_to_unicast and per_sta_vif
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
2021-01-14 00:52:49 +00:00
David Bauer
04f4ea5916 iw: enable HE PHY information for iw-tiny
Currently PHY information obtained from "iw phy" lacks information about
a PHYs HE capabilities when using the by default installed iw-tiny.

As there are already 802.11ax supported devices, enabled printing this
information for the by-default installed iw variant.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-14 01:03:34 +01:00
Daniel Golle
2d305ff13a hostapd: return PID on config_add call
To simplify the way netifd acquires the PIDs of wpa_supplicant and
hostapd let the config_add method of both of them return the PID of the
called process. Use the returned PID instead of querying procd when
adding wpa_supplicant configuration.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-10 19:15:51 +00:00
Curtis Deptuck
2e590a6364 iptables: update to 1.8.6
Update iptables to 1.8.6

ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt

Refresh patch:
101-remove-check-already.patch

Signed-off-by: Curtis Deptuck <curtdept@me.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
2021-01-09 10:24:04 +01:00
Jo-Philipp Wich
6e4ce14047 iwinfo: improve ABI version handling and bump to git HEAD
- Encode ABI version in compiled shared object file
 - Only ship versioned shared library

 a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
 ea28dfb iwinfo: export ht and vht operation in scan results
 4e22953 iwinfo: export center_chan info for local wifi
 74d13fb cli: account for additional digit for frequencies above 10GHz
 8bfd8d8 iwinfo: add support for GCMP cipher
 618c1e8 iwinfo: add hardware description for QCA MIPS WiSoCs
 0702f32 iwinfo: improve center channel handling
 51c1336 iwinfo: set center chan unsupported for not-nl80211 driver
 23d2722 build: add ability to specify shared object version

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-07 00:21:23 +00:00
Jo-Philipp Wich
c63bcb53e9 Revert "iwinfo: update to git HEAD"
This reverts commit f1620630e9.

This update introduces potentially remote exploitable buffer overreads
in IE parsing logic.

It also breaks the ABI without introdcing SOVERSION library versioning.

Furthermore, HT information is incorrectly added for non-HT BSSes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-06 13:46:12 +01:00
Daniel Golle
f1620630e9 iwinfo: update to git HEAD
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
 ea28dfb iwinfo: export ht and vht operation in scan results
 4e22953 iwinfo: export center_chan info for local wifi
 74d13fb cli: account for additional digit for frequencies above 10GHz
 8bfd8d8 iwinfo: add support for GCMP cipher

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 22:57:20 +00:00
Robert Marko
f246dfde33 hostapd: wpa_supplicant: Enable proper GCMP cipher support
This patch enables hostapd.sh to properly configure wpa_supplicant
for when GCMP is used as cipher in station mode.
Without this wpa_supplicant will be unable to connect to AP.
This is needed for wil6210 as it does not support CCMP.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-05 02:16:24 +00:00
Daniel Golle
b31ca88de9 netifd: update to git HEAD
0c83439 netifd: wireless: default to GCMP WPA cipher on 802.11ad

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 02:16:24 +00:00
Nick Hainke
6773bee107 odhcpd: bump to latest version
3bda900 odhcpd: add option for setting preferred lifetime

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-04 08:01:16 +01:00
Florian Beverborg
22e568d0fe hostapd: add support for custom per-BSS options
This adds an option "hostapd_bss_options" that does the same as
"hostapd_options" but on a per-BSS level, instead of a per-device level.

This can be used, for example, to configure different per-devce sae_passwords
per BSS or to augment some of the existing per-BSS options.

Signed-off-by: Florian Beverborg <flo@beverb.org>
[remove whitespace errors, bump release]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-03 12:31:42 -10:00
Hauke Mehrtens
7aa8c00e4b ppp: Remove already applied patch
This patch was already applied upstream and not needed here.

Fixes: 06403981e1 ("ppp: update to version 2.4.7.git-2019-05-06")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-01 19:55:59 +01:00
Russell Senior
c22b689cf8 iproute2: update to 5.10.0
c8faeca5 (ss: mptcp: fix add_addr_accepted stat print, 2020-11-18)
0d78e8ea (tc: pedit: fix memory leak in print_pedit, 2020-12-11)
ec1346ac (devlink: fix memory leak in cmd_dev_flash(), 2020-12-11)
309e6027 (man: tc-flower: fix manpage, 2020-12-11)
376367d9 (uapi: merge in change to bpf.h, 2020-12-14)
2e80ae89 (Merge branch 'gcc-10' into main, 2020-12-03)
755b1c58 (tc/mqprio: json-ify output, 2020-12-02)
975c4944 (ip/netns: use flock when setting up /run/netns, 2020-11-27)
fb054cb3 (uapi: update devlink.h, 2020-11-29)
c95d63e4 (uapi: update devlink.h, 2020-11-29)
cae2e929 (f_u32: fix compiler gcc-10 compiler warning, 2020-11-29)
c0149839 (misc: fix compiler warning in ifstat and nstat, 2020-11-29)
2319db90 (tc: fix compiler warnings in ip6 pedit, 2020-11-29)
5bdc4e91 (bridge: fix string length warning, 2020-11-29)
f8176999 (devlink: fix uninitialized warning, 2020-11-29)
7a49ff9d (bridge: report correct version, 2020-11-15)
8682f588 (tc-mpls: fix manpage example and help message string, 2020-11-02)
7c7a0fe0 (tc-vlan: fix help and error message strings, 2020-11-02)
72f88bd4 (uapi: update kernel headers from 5.10-rc2, 2020-11-08)
b90c39be (rdma: fix spelling error in comment, 2020-11-08)
c8424b73 (man: fix spelling errors, 2020-11-08)
cbf64817 (tc/m_gate: fix spelling errors, 2020-11-08)
14b189f0 (uapi: updates from 5.10-rc1, 2020-11-03)
9fc5bf73 (libnetlink: define __aligned conditionally, 2020-10-26)
eb12cc9a (Merge branch 'main' into next, 2020-10-25)
f1298d76 (m_mpls: test the 'mac_push' action after 'modify', 2020-10-22)
2b7a7684 (Merge branch 'tipc-encryption' into next, 2020-10-20)
2bf1ba5a (tipc: add option to set rekeying for encryption, 2020-10-16)
5fb36818 (tipc: add option to set master key for encryption, 2020-10-16)
b4edd6a8 (Merge branch 'tc-mpls-l2-vpn' into next Guillaume Nault  says:, 2020-10-20)
02a261b5 (m_mpls: add mac_push action, 2020-10-19)
d61167dd (m_vlan: add pop_eth and push_eth actions, 2020-10-19)
3342688a (devlink: display elapsed time during flash update, 2020-10-14)
cb7ce51c (v5.9.0, 2020-10-15)
b5a583fb (Merge branch 'main' into next Signed-off-by: David Ahern <dsahern@gmail.com>, 2020-10-11)
78120128 (genl: ctrl: print op -> policy idx mapping, 2020-10-03)
91c54917 (Merge branch 'bridge-igmpv3-mldv2' into next Nikolay Aleksandrov  says:, 2020-10-11)
86588450 (bridge: mdb: print protocol when available, 2020-10-08)
2de81d1e (bridge: mdb: print source list when available, 2020-10-08)
1d28c480 (bridge: mdb: print filter mode when available, 2020-10-08)
e331677e (bridge: mdb: show igmpv3/mldv2 flags, 2020-10-08)
f94e8b07 (bridge: mdb: print fast_leave flag, 2020-10-08)
547b3197 (bridge: mdb: add support for source address, 2020-10-08)
f905191a (Update kernel headers, 2020-10-11)
4322b13c (ip xfrm: support setting XFRMA_SET_MARK_MASK attribute in states, 2020-10-02)
8dc1db80 (devlink: Add health reporter test command support, 2020-10-01)
01216471 (devlink: support setting the overwrite mask attribute, 2020-09-30)
34be2d26 (Update kernel headers, 2020-10-07)
d2be31d9 (ss: add support for xdp statistics, 2020-09-24)
f481515c (Update kernel headers, 2020-09-29)
b8663da0 (ip: promote missed packets to the -s row, 2020-09-16)
cec67df9 (Merge branch 'devlink-controller-external-info' into next Parav Pandit  says:, 2020-09-22)
748cbad3 (devlink: Show controller number of a devlink port, 2020-09-18)
8fadd011 (devlink: Show external port attribute, 2020-09-18)
454429e8 (Update kernel headers, 2020-09-22)
ad34d5fa (iproute2: ss: add support to expose various inet sockopts, 2020-08-19)
c8eb4b52 (Update kernel headers, 2020-09-08)
abee772f (tipc: support 128bit node identity for peer removing, 2020-08-27)
6fd53b2a (iplink: add support for protodown reason, 2020-08-28)
af27494d (ip xfrm: support printing XFRMA_SET_MARK_MASK attribute in states, 2020-08-28)
275eed9b (Merge branch 'main' into next, 2020-09-01)
cc889b82 (genl: ctrl: support dumping netlink policy, 2020-08-24)
d5acae24 (libnetlink: add nl_print_policy() helper, 2020-08-24)
784fa9f6 (libnetlink: add rtattr_for_each_nested() iteration macro, 2020-08-24)

OpenWrt patches unchanged.
Successfully built for ramips/mt7621 and x86/geode with:

CONFIG_PACKAGE_devlink=m
CONFIG_PACKAGE_genl=m
CONFIG_PACKAGE_ip-bridge=m
CONFIG_PACKAGE_ip-full=m
CONFIG_PACKAGE_ip-tiny=m
CONFIG_PACKAGE_nstat=m
CONFIG_PACKAGE_rdma=m
CONFIG_PACKAGE_ss=m
CONFIG_PACKAGE_tc=m

Minimally run-tested ip-tiny on ramips/mt7621 (ubnt-erx).

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-01-01 13:22:58 +01:00
Felix Fietkau
e1851720f1 hostapd: do not restart hostapd instance on wireless restarts
Add the flag that prevents netifd from killing hostapd/wpa_supplicant

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:26:00 +01:00
Felix Fietkau
a7ff013eb6 netifd: update to the latest version
39fb8c3edc74 wireless: add support for not killing processes on teardown

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:25:59 +01:00
Johannes Kimmel
3f5619f259 vxlan: allow for dynamic source ip selection (FS#3426)
By setting 'auto', the zero address or the empty string as source
address (option ipaddr, option ip6addr), vxlan will choose one
dynamically. This helps in setups where a wan ip or prefix changes.

This corresponse to setting up an vxlan tunnel with:

proto vxlan6:
    # ip link add vx0 type vxlan id ID local :: ...
proto vxlan:
    # ip link add vx0 type vxlan id ID local 0.0.0.0 ...

While it is possible to not specify a source ip at all, the kernel will
default to setting up a ipv4 tunnel. The kernel will take any hint from
source and peer ips to figure out, what tunnel type to use. To make sure
we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.

This will not change the behaviour of currently working configurations.
However this will allow former broken configurations, namely those not
specifying both a source address and tunnel interface, to setup a
tunnel interface. Previously those configurations weren't reporting an
error and were stueck in a setup loop like in Bug FS#3426.

This change lifts the currently very strict behaviour and should fix the
following bug:

Fixes: FS#3426
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-12-31 11:53:21 +01:00
Hans Dedecker
23fec971ca odhcp6c: update to git HEAD
eac1961 dhcpv6: fix displaying IA info
0475e18 dhcpv6: display status code as a string

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-30 20:20:06 +01:00
Hans Dedecker
19d7e73ecc ethtool: update to version 5.10
The ipkg sizes changes as follows for mips 24kc :
	5.9  : ethtool_5.9-1_mips_24kc.ipk 35246
	5.10 : ethtool_5.10-1_mips_24kc.ipk 35385

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-26 20:39:25 +01:00
Hans Dedecker
bc99b56d7e odhcpd: update to latest git HEAD
b75bcad dhcpv6-ia: remove assignment equal to 0 checks
d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0
9d5e379 dhcpv6-ia: fix prefix delegation behavior

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24 17:23:41 +01:00
Dobroslaw Kijowski
1a9b896d8b treewide: nuke DRIVER_11W_SUPPORT
As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter"
https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482
802.11w feature is always enabled in the build time.

It doesn't make sense to opt-in 802.11w per driver as hostapd will always
be compiled with this feature enabled.

As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h
for compatibility reasons. This option will be dropped when LuCI is adjusted.

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-12-23 16:36:08 +01:00
Felix Fietkau
3d8d2c3a80 netifd: update to the latest version
88c6003e2b4f netifd: fix a typo in vlandev hotplug support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-23 11:22:23 +01:00
John Crispin
ceb612e463 hostapd: pass respawn settings when registering the service
When hostapd gets restarted to often/quickly will cause procd to not restart it
anymore. it will think that hapd is in a crash loop.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
2020-12-22 19:30:26 +01:00
Nick Lowe
cb41bc5088 hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabled
Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that
are not WPA2 (RSN) capable. These legacy clients are often intolerant to this
EAPOL version and fail to connect.

hostapd.conf upstream documents for eapol_version the following and that this
is a known compatibility issue with version 2:

// IEEE 802.1X/EAPOL version
// hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
// version 2. However, there are many client implementations that do not handle
// the new version number correctly (they seem to drop the frames completely).
// In order to make hostapd interoperate with these clients, the version number
// can be set to the older version (1) with this configuration value.
// Note: When using MACsec, eapol_version shall be set to 3, which is
// defined in IEEE Std 802.1X-2010.
//eapol_version=2

For the wpa parameter, hostapd.conf upstream documents that this is a bitfield,
configured as follows:

// Enable WPA. Setting this variable configures the AP to require WPA (either
// WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
// wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
// Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
// For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
// RADIUS authentication server must be configured, and WPA-EAP must be included
// in wpa_key_mgmt.
// This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
// and/or WPA2 (full IEEE 802.11i/RSN):
// bit0 = WPA
// bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
// Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
// In other words, for WPA3, wpa=2 is used the configuration (and
// wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
//wpa=2

For client compatibility therefore:

EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled.
EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled.

To fix this, we can therefore change in the script:

set_default eapol_version 0

To the following:

set_default eapol_version $((wpa & 1))

This therefore:
1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set.
2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset.

For usual configurations that only have WPA2 enabled, EAPOLv2 is then used.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-22 19:11:50 +01:00
Rosen Penev
6a1ad19cd3 tcpdump: fix pcap-config issues
The patch removes a libpcap check to avoid a problem with libpcap. Fix
libpcap instead.

Modernize Makefile:

Use a normal autoconf bool instead of checking for CONFIG_IPV6.

Remove old configure and MAKE_FLAGS hacks. Removing them results in
compilation continuing to work without a problem.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Nadim Atiya
1302bee12a hostapd: parse skip_inactivity_poll option
hostapd.sh does not parse skip_inactivity_poll boolean from
/etc/config/wireless despite being mentioned in the documentation [1].
This change fixes this, and by default sets its value to 0 [1].

[1] https://openwrt.org/docs/guide-user/network/wifi/basic

Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[fix and reformat commit message, make patch apply]
2020-12-22 15:23:35 +00:00
Petr Štetiar
0cf3c5dd72 uhttpd: don't redirect to HTTPS by default
So we can ship px5g-wolfssl by default in the release image, but still
make the HTTPS for LuCI optional. This small change with addition of
`CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the
next release should provide optional HTTPS in the next release.

Disabling the current default automatic uhttpd's redirect to HTTPS
should make the HTTPS optional. That's it, user would either need to
switch to HTTPS by manually switching to https:// protocol in the URL or
by issuing the following commands to make the HTTPS automatic redirect
permanent:

 $ uci set uhttpd.main.redirect_https=1
 $ uci commit uhttpd
 $ service uhttpd reload

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-20 10:36:51 +01:00
Nick Hainke
05a1b11c71 netifd: update to latest version
458b1a7e9473 netifd: add segment routing support

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-12-14 20:25:21 +01:00
Daniel Golle
b2d48c1dfe odhcpd: remove local mkdir_p implementation
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-13 00:13:18 +00:00
Philip Prindeville
5d2b577a53 xfrm: support 'multicast' attribute on interfaces
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).

Borrowed heavily from:

    b3c9321b9e gre: Support multicast configurable gre interfaces

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-11 20:53:36 +01:00
Konstantin Demin
52aa2017d3 dropbear: bump package version
Bump package version after previous changes.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Konstantin Demin
228298290e dropbear: add ssh-askpass support in configuration
binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215132 (+4b)
  ipk: 111183 -> 111494 (+311b)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
e1bd9645b6 dropbear: roll up recipes into mapping lists
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.

DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
  'header_option|value'

'header_option' is added with value 'value' to 'localoptions.h'.

if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.

in short:
   option|value - add option to localoptions.h
 !!option|value - replace option in sysoptions.h

DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
  'header_option|config_variable|value_enabled|value_disabled'

'header_option' is handled likewise in DB_OPT_COMMON.

if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.

in short:
   option|config|enabled|disabled = add option to localoptions.h
 !!option|config|enabled|disabled = replace option in sysoptions.h

   option := (config) ? enabled : disabled

If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.

PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
79d5c24724 dropbear: rework recipes that configure build
- add two helper functions to avoid mistakes with
  choice of correct header file to work with
- update rules accordingly

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
42eff7c7e6 dropbear: reorder options in Configure recipe
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
7e122c353a dropbear: enable back DROPBEAR_USE_PASSWORD_ENV
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.

binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215128 (no change)
  ipk: 111108 -> 111183 (+75b)

Fixes: 3c801b3dc0 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Paul Spooren
e7e16667ff iftop: remove package
The package has no reason to be in openwrt.git. Move it to packages.git.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 23:24:22 -10:00
Hans Dedecker
dd3464023f odhcp6c: update to latest git HEAD
0ffa3a3 dhcpv6: harden reconfigure logic
3999b6d dhcpv6: rework DHCPv6 message to string implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-09 22:33:34 +01:00
Jo-Philipp Wich
dd5b3b58d8 lldpd: fix autoreconf failure
The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which
conflicts with the official macro shipped by autoconf-archive.

Due to the official macro having the same name and a higher serial
number, autoconf will prefer including that one instead of the local
copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in
templates, ultimately leading to the following build failure when
linking lldpcli:

    ...-gcc: error: READLINE_LIBS@: No such file or directory

Avoid this problem by renaming the locally shipped macro to not clash
with the official implementation anymore.

Ref: https://github.com/lldpd/lldpd/pull/423
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 12:36:40 +01:00
Nick Lowe
ce5bcff304 hostapd: Disable 802.11b data rates by default
Set legacy_rates to 0 by default to disable 802.11b data rates by default.

The time has long come where 802.11b DSSS/CCK data rates should be disabled
by default in OpenWRT. Users in need of 802.11b client support can reasonably
enable these where they are needed.

The balance of equities has significantly, and for a long time, tipped
such that dropping backwards compatibility by default with 802.11b
devices is appropriate, proportionate and justified. By doing so,
management and control traffic is moved by default to a 20
MHz wide 6 Mb/s OFDM data rate instead of a 22 MHz wide 1 Mb/s DSSS data
rate. This is significantly more airtime efficient.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-06 08:51:32 -10:00
Rosen Penev
28a9ac74cc openvpn: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
2020-12-05 10:09:01 -10:00
Rosen Penev
57a8028949 openvpn-easy-rsa: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-05 10:08:49 -10:00
Hans Dedecker
13734075d2 odhcp6c: update to git HEAD
faed29a dhcpv6: only refresh timers when reconfigure is valid
9c50975 dhcpv6: fix printing identity association id
a7b2221 dhcpv6: avoid sending continuous renew/rebind messages
d7afa2b dhcpv6: add extra syslog info traces
f5728e4 odhcp6c_find_entry: exclude priority from the list of fields that must match

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-05 20:48:50 +01:00
Felix Fietkau
36db12b883 netifd: update to the latest version
d6bd1047d004 vlandev: dump vlan id in device status
e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter
574dc4a17105 system-dummy: print configured mac address
14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings
524310276f20 system-linux: move device settings handling to device.c
42c48866f1c1 config: parse default mac address from board.json

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-02 12:08:52 +01:00
Jan Pavlinec
520403cd49 umdns: add check for seccomp list
This should fix an issue when user have a router with enabled seccomp
and tries to run umdns package which was build with SDK with disabled
seccomp support.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-30 10:38:13 +00:00
Nick Lowe
81ff23fc91 hostapd: Add cell_density data rates option
Add a cell_density option to configure data rates for normal, high and
very high cell density wireless deployments.

The purpose of using a minimum basic/mandatory data rate that is higher
than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density
environments is to transmit broadcast/multicast data frames using less
airtime or to reduce management overheads where significant co-channel
interference (CCI) exists and cannot be avoided.

Caution: Without careful design and validation, configuration of a too
high minimum basic/mandatory data rate can sacrifice connection stability
or disrupt the ability to reliably connect and authenticate for little to
no capacity benefit. This is because this configuration affects the
ability of clients to hear and demodulate management, control and
broadcast/multicast data frames.

Deployments that have not been specifically designed and validated are
usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data
rates.

Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b
compatible), minimum basic/mandatory rate in high cell density
deployments that have been designed and validated for this.

For many deployments, the minimum basic/mandatory data rate should not be
configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a
configuration is only appropriate for use in very high cell density
deployment scenarios.

A cell_density of Very High (3) should only be used where a deployment
has a valid use case and has been designed and validated specifically for
this use, nearly always with highly directional antennas - an example
would be stadium deployments. For example, with a 24 Mb/s OFDM minimum
basic/mandatory data rate, approximately a -73 dBm RSSI is required to
decode frames. Many clients will not have roamed elsewhere by the time
that they experience -73 dBm and, where they do, they frequently may not
hear and be able to demodulate beacon, control or broadcast/multicast
data frames causing connectivity issues.

There is a myth that disabling lower basic/mandatory data rates will
improve roaming and avoid sticky clients. For 802.11n, 802.11ac and
802.11ax clients this is not correct as clients will shift to and use
lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are
able to be used as basic/mandatory data rates.

There is a myth that disabling lower basic/mandatory data rates will
ensure that clients only use higher data rates and that better
performance is assured. For 802.11n, 802.11ac and 802.11ax clients this
is not correct as clients will shift around and use MCS rates and not the
802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory
data rates.

Cell Density

0 - Disabled (Default)
Setting cell_density to 0 does not configure data rates. This is the
default.

1 - Normal Cell Density
Setting cell_density to 1 configures the basic/mandatory rates to 6, 12
and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting cell_density to 1 configures the basic/mandatory rates to the 5.5
and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower
than the minimum basic/mandatory rate are not offered.

2 - High Cell Density
Setting the cell_density to 2 configures the basic/mandatory rates to the
12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting the cell_density to 2 configures the basic/mandatory rates to the
11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the
minimum basic/mandatory rate are not offered.

3 - Very High Cell Density
Setting the cell_density to 3 configures the basic/mandatory rates to the
24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the
minimum basic/mandatory rate are not offered.
Setting the cell_density to 3 only has effect where legacy_rates is 0,
else this has the same effect as being configured with a cell_density of 2.

Where specified, the basic_rate and supported_rates options continue to
override both the cell_density and legacy_rates options.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-11-30 09:31:15 +01:00
Daniel Golle
64cbfd1f54 umdns: update seccomp filter rules
Add 'writev' syscall to list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Stijn Tintel
26c26e11a2 hostapd: fix "sh: out of range" errors
Several variables in hostapd.sh can be used uninitialized in numerical
comparisons, causing errors in logread:

netifd: radio24 (1668): sh: out of range

Set defaults for those variables to silence those errors.

Fixes: b518f07d4b ("hostapd: remove ieee80211v option")
Fixes: cc80cf53c5 ("hostapd: add FTM responder support")
Fixes: e66bd0eb04 ("hostapd: make rrm report independent of ieee80211k setting")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 02:25:23 +02:00
Stijn Tintel
c5ea37af7e lldpd: bump to 1.0.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:25:25 +02:00
Jan Pavlinec
5bb3cc749e tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-25 05:49:09 +01:00
Martin Schiller
b4b829fe64 uqmi: set plmn only if necessary
Setting the plmn to '0' (auto) will implicitly lead to a (delayed)
network re-registration, which could further lead to some timing
related issues in the qmi proto handler.

On the other hand, if you switch back from manual plmn selection
to auto mode you have to set it to '0', because this setting is
permanently "saved" in the wwan module.

Conclusion:
If plmn is configured, check if it's already set euqally in the module.
If so, do nothing. Otherwise set it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-24 15:18:16 +00:00
Leon M. George
651f0c0999 hostapd: fix patch offset
Fixes the offset of the patch added in 93bbd998aa
  ("hostapd: enter DFS state if no available channel is found").

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-11-23 22:53:15 +01:00
Felix Fietkau
4799810745 netifd: update to the latest version
213748a9bcd9 system-linux: implement full device present state management for force-external devices
3abe1fc87151 system-linux: add retry for adding member devices to a bridge

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-23 12:52:11 +01:00
Rui Salvaterra
dd4e6a70f2 hostapd: enable the epoll-based event loop
Hostapd supports epoll() since 2014. Let's enable it for better performance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-23 03:02:21 +00:00
Daniel Golle
97ac290090 uhttpd: update to git HEAD
f53a639 ubus: fix uhttpd crash

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 02:06:35 +00:00
Daniel Golle
e065c9184c uqmi: update to git HEAD
65796a6 nas: add --get-plmn
 0a19b5b uqmi: add timeout parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 21:58:22 +00:00
Filip Moc
ce293cd3ac uqmi: set device-operating-mode to online
This is required for LTE module MR400 (in TL-MR6400 v4).
Otherwise LTE module won't register to GSM network.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:14:09 +00:00