Commit Graph

3371 Commits

Author SHA1 Message Date
Leon M. George
f72ce73e36 hostapd: remove trailing whitespaces
Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:50:38 +01:00
Leon M. George
4bde00c2a3 hostapd: remove unused variable
'base' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:48:41 +01:00
Leon M. George
3497b30b9c hostapd: remove unused variable
'enc_str' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:45:17 +01:00
Daniel Golle
1f78538387 hostapd: run as user 'network' if procd-ujail is installed
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00
Daniel Golle
1e2d162092 hostapd: improve error handling when adding supplicant config
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:49 +00:00
Etan Kissling
7babb978ad hostapd: add multicast_to_unicast and per_sta_vif
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
2021-01-14 00:52:49 +00:00
David Bauer
04f4ea5916 iw: enable HE PHY information for iw-tiny
Currently PHY information obtained from "iw phy" lacks information about
a PHYs HE capabilities when using the by default installed iw-tiny.

As there are already 802.11ax supported devices, enabled printing this
information for the by-default installed iw variant.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-14 01:03:34 +01:00
Daniel Golle
2d305ff13a hostapd: return PID on config_add call
To simplify the way netifd acquires the PIDs of wpa_supplicant and
hostapd let the config_add method of both of them return the PID of the
called process. Use the returned PID instead of querying procd when
adding wpa_supplicant configuration.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-10 19:15:51 +00:00
Curtis Deptuck
2e590a6364 iptables: update to 1.8.6
Update iptables to 1.8.6

ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt

Refresh patch:
101-remove-check-already.patch

Signed-off-by: Curtis Deptuck <curtdept@me.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
2021-01-09 10:24:04 +01:00
Jo-Philipp Wich
6e4ce14047 iwinfo: improve ABI version handling and bump to git HEAD
- Encode ABI version in compiled shared object file
 - Only ship versioned shared library

 a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
 ea28dfb iwinfo: export ht and vht operation in scan results
 4e22953 iwinfo: export center_chan info for local wifi
 74d13fb cli: account for additional digit for frequencies above 10GHz
 8bfd8d8 iwinfo: add support for GCMP cipher
 618c1e8 iwinfo: add hardware description for QCA MIPS WiSoCs
 0702f32 iwinfo: improve center channel handling
 51c1336 iwinfo: set center chan unsupported for not-nl80211 driver
 23d2722 build: add ability to specify shared object version

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-07 00:21:23 +00:00
Jo-Philipp Wich
c63bcb53e9 Revert "iwinfo: update to git HEAD"
This reverts commit f1620630e9.

This update introduces potentially remote exploitable buffer overreads
in IE parsing logic.

It also breaks the ABI without introdcing SOVERSION library versioning.

Furthermore, HT information is incorrectly added for non-HT BSSes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-06 13:46:12 +01:00
Daniel Golle
f1620630e9 iwinfo: update to git HEAD
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
 ea28dfb iwinfo: export ht and vht operation in scan results
 4e22953 iwinfo: export center_chan info for local wifi
 74d13fb cli: account for additional digit for frequencies above 10GHz
 8bfd8d8 iwinfo: add support for GCMP cipher

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 22:57:20 +00:00
Robert Marko
f246dfde33 hostapd: wpa_supplicant: Enable proper GCMP cipher support
This patch enables hostapd.sh to properly configure wpa_supplicant
for when GCMP is used as cipher in station mode.
Without this wpa_supplicant will be unable to connect to AP.
This is needed for wil6210 as it does not support CCMP.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-05 02:16:24 +00:00
Daniel Golle
b31ca88de9 netifd: update to git HEAD
0c83439 netifd: wireless: default to GCMP WPA cipher on 802.11ad

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 02:16:24 +00:00
Nick Hainke
6773bee107 odhcpd: bump to latest version
3bda900 odhcpd: add option for setting preferred lifetime

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-04 08:01:16 +01:00
Florian Beverborg
22e568d0fe hostapd: add support for custom per-BSS options
This adds an option "hostapd_bss_options" that does the same as
"hostapd_options" but on a per-BSS level, instead of a per-device level.

This can be used, for example, to configure different per-devce sae_passwords
per BSS or to augment some of the existing per-BSS options.

Signed-off-by: Florian Beverborg <flo@beverb.org>
[remove whitespace errors, bump release]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-03 12:31:42 -10:00
Hauke Mehrtens
7aa8c00e4b ppp: Remove already applied patch
This patch was already applied upstream and not needed here.

Fixes: 06403981e1 ("ppp: update to version 2.4.7.git-2019-05-06")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-01 19:55:59 +01:00
Russell Senior
c22b689cf8 iproute2: update to 5.10.0
c8faeca5 (ss: mptcp: fix add_addr_accepted stat print, 2020-11-18)
0d78e8ea (tc: pedit: fix memory leak in print_pedit, 2020-12-11)
ec1346ac (devlink: fix memory leak in cmd_dev_flash(), 2020-12-11)
309e6027 (man: tc-flower: fix manpage, 2020-12-11)
376367d9 (uapi: merge in change to bpf.h, 2020-12-14)
2e80ae89 (Merge branch 'gcc-10' into main, 2020-12-03)
755b1c58 (tc/mqprio: json-ify output, 2020-12-02)
975c4944 (ip/netns: use flock when setting up /run/netns, 2020-11-27)
fb054cb3 (uapi: update devlink.h, 2020-11-29)
c95d63e4 (uapi: update devlink.h, 2020-11-29)
cae2e929 (f_u32: fix compiler gcc-10 compiler warning, 2020-11-29)
c0149839 (misc: fix compiler warning in ifstat and nstat, 2020-11-29)
2319db90 (tc: fix compiler warnings in ip6 pedit, 2020-11-29)
5bdc4e91 (bridge: fix string length warning, 2020-11-29)
f8176999 (devlink: fix uninitialized warning, 2020-11-29)
7a49ff9d (bridge: report correct version, 2020-11-15)
8682f588 (tc-mpls: fix manpage example and help message string, 2020-11-02)
7c7a0fe0 (tc-vlan: fix help and error message strings, 2020-11-02)
72f88bd4 (uapi: update kernel headers from 5.10-rc2, 2020-11-08)
b90c39be (rdma: fix spelling error in comment, 2020-11-08)
c8424b73 (man: fix spelling errors, 2020-11-08)
cbf64817 (tc/m_gate: fix spelling errors, 2020-11-08)
14b189f0 (uapi: updates from 5.10-rc1, 2020-11-03)
9fc5bf73 (libnetlink: define __aligned conditionally, 2020-10-26)
eb12cc9a (Merge branch 'main' into next, 2020-10-25)
f1298d76 (m_mpls: test the 'mac_push' action after 'modify', 2020-10-22)
2b7a7684 (Merge branch 'tipc-encryption' into next, 2020-10-20)
2bf1ba5a (tipc: add option to set rekeying for encryption, 2020-10-16)
5fb36818 (tipc: add option to set master key for encryption, 2020-10-16)
b4edd6a8 (Merge branch 'tc-mpls-l2-vpn' into next Guillaume Nault  says:, 2020-10-20)
02a261b5 (m_mpls: add mac_push action, 2020-10-19)
d61167dd (m_vlan: add pop_eth and push_eth actions, 2020-10-19)
3342688a (devlink: display elapsed time during flash update, 2020-10-14)
cb7ce51c (v5.9.0, 2020-10-15)
b5a583fb (Merge branch 'main' into next Signed-off-by: David Ahern <dsahern@gmail.com>, 2020-10-11)
78120128 (genl: ctrl: print op -> policy idx mapping, 2020-10-03)
91c54917 (Merge branch 'bridge-igmpv3-mldv2' into next Nikolay Aleksandrov  says:, 2020-10-11)
86588450 (bridge: mdb: print protocol when available, 2020-10-08)
2de81d1e (bridge: mdb: print source list when available, 2020-10-08)
1d28c480 (bridge: mdb: print filter mode when available, 2020-10-08)
e331677e (bridge: mdb: show igmpv3/mldv2 flags, 2020-10-08)
f94e8b07 (bridge: mdb: print fast_leave flag, 2020-10-08)
547b3197 (bridge: mdb: add support for source address, 2020-10-08)
f905191a (Update kernel headers, 2020-10-11)
4322b13c (ip xfrm: support setting XFRMA_SET_MARK_MASK attribute in states, 2020-10-02)
8dc1db80 (devlink: Add health reporter test command support, 2020-10-01)
01216471 (devlink: support setting the overwrite mask attribute, 2020-09-30)
34be2d26 (Update kernel headers, 2020-10-07)
d2be31d9 (ss: add support for xdp statistics, 2020-09-24)
f481515c (Update kernel headers, 2020-09-29)
b8663da0 (ip: promote missed packets to the -s row, 2020-09-16)
cec67df9 (Merge branch 'devlink-controller-external-info' into next Parav Pandit  says:, 2020-09-22)
748cbad3 (devlink: Show controller number of a devlink port, 2020-09-18)
8fadd011 (devlink: Show external port attribute, 2020-09-18)
454429e8 (Update kernel headers, 2020-09-22)
ad34d5fa (iproute2: ss: add support to expose various inet sockopts, 2020-08-19)
c8eb4b52 (Update kernel headers, 2020-09-08)
abee772f (tipc: support 128bit node identity for peer removing, 2020-08-27)
6fd53b2a (iplink: add support for protodown reason, 2020-08-28)
af27494d (ip xfrm: support printing XFRMA_SET_MARK_MASK attribute in states, 2020-08-28)
275eed9b (Merge branch 'main' into next, 2020-09-01)
cc889b82 (genl: ctrl: support dumping netlink policy, 2020-08-24)
d5acae24 (libnetlink: add nl_print_policy() helper, 2020-08-24)
784fa9f6 (libnetlink: add rtattr_for_each_nested() iteration macro, 2020-08-24)

OpenWrt patches unchanged.
Successfully built for ramips/mt7621 and x86/geode with:

CONFIG_PACKAGE_devlink=m
CONFIG_PACKAGE_genl=m
CONFIG_PACKAGE_ip-bridge=m
CONFIG_PACKAGE_ip-full=m
CONFIG_PACKAGE_ip-tiny=m
CONFIG_PACKAGE_nstat=m
CONFIG_PACKAGE_rdma=m
CONFIG_PACKAGE_ss=m
CONFIG_PACKAGE_tc=m

Minimally run-tested ip-tiny on ramips/mt7621 (ubnt-erx).

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-01-01 13:22:58 +01:00
Felix Fietkau
e1851720f1 hostapd: do not restart hostapd instance on wireless restarts
Add the flag that prevents netifd from killing hostapd/wpa_supplicant

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:26:00 +01:00
Felix Fietkau
a7ff013eb6 netifd: update to the latest version
39fb8c3edc74 wireless: add support for not killing processes on teardown

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-31 14:25:59 +01:00
Johannes Kimmel
3f5619f259 vxlan: allow for dynamic source ip selection (FS#3426)
By setting 'auto', the zero address or the empty string as source
address (option ipaddr, option ip6addr), vxlan will choose one
dynamically. This helps in setups where a wan ip or prefix changes.

This corresponse to setting up an vxlan tunnel with:

proto vxlan6:
    # ip link add vx0 type vxlan id ID local :: ...
proto vxlan:
    # ip link add vx0 type vxlan id ID local 0.0.0.0 ...

While it is possible to not specify a source ip at all, the kernel will
default to setting up a ipv4 tunnel. The kernel will take any hint from
source and peer ips to figure out, what tunnel type to use. To make sure
we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.

This will not change the behaviour of currently working configurations.
However this will allow former broken configurations, namely those not
specifying both a source address and tunnel interface, to setup a
tunnel interface. Previously those configurations weren't reporting an
error and were stueck in a setup loop like in Bug FS#3426.

This change lifts the currently very strict behaviour and should fix the
following bug:

Fixes: FS#3426
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-12-31 11:53:21 +01:00
Hans Dedecker
23fec971ca odhcp6c: update to git HEAD
eac1961 dhcpv6: fix displaying IA info
0475e18 dhcpv6: display status code as a string

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-30 20:20:06 +01:00
Hans Dedecker
19d7e73ecc ethtool: update to version 5.10
The ipkg sizes changes as follows for mips 24kc :
	5.9  : ethtool_5.9-1_mips_24kc.ipk 35246
	5.10 : ethtool_5.10-1_mips_24kc.ipk 35385

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-26 20:39:25 +01:00
Hans Dedecker
bc99b56d7e odhcpd: update to latest git HEAD
b75bcad dhcpv6-ia: remove assignment equal to 0 checks
d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0
9d5e379 dhcpv6-ia: fix prefix delegation behavior

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-24 17:23:41 +01:00
Dobroslaw Kijowski
1a9b896d8b treewide: nuke DRIVER_11W_SUPPORT
As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter"
https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482
802.11w feature is always enabled in the build time.

It doesn't make sense to opt-in 802.11w per driver as hostapd will always
be compiled with this feature enabled.

As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h
for compatibility reasons. This option will be dropped when LuCI is adjusted.

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-12-23 16:36:08 +01:00
Felix Fietkau
3d8d2c3a80 netifd: update to the latest version
88c6003e2b4f netifd: fix a typo in vlandev hotplug support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-23 11:22:23 +01:00
John Crispin
ceb612e463 hostapd: pass respawn settings when registering the service
When hostapd gets restarted to often/quickly will cause procd to not restart it
anymore. it will think that hapd is in a crash loop.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
2020-12-22 19:30:26 +01:00
Nick Lowe
cb41bc5088 hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabled
Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that
are not WPA2 (RSN) capable. These legacy clients are often intolerant to this
EAPOL version and fail to connect.

hostapd.conf upstream documents for eapol_version the following and that this
is a known compatibility issue with version 2:

// IEEE 802.1X/EAPOL version
// hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
// version 2. However, there are many client implementations that do not handle
// the new version number correctly (they seem to drop the frames completely).
// In order to make hostapd interoperate with these clients, the version number
// can be set to the older version (1) with this configuration value.
// Note: When using MACsec, eapol_version shall be set to 3, which is
// defined in IEEE Std 802.1X-2010.
//eapol_version=2

For the wpa parameter, hostapd.conf upstream documents that this is a bitfield,
configured as follows:

// Enable WPA. Setting this variable configures the AP to require WPA (either
// WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
// wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
// Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
// For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
// RADIUS authentication server must be configured, and WPA-EAP must be included
// in wpa_key_mgmt.
// This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
// and/or WPA2 (full IEEE 802.11i/RSN):
// bit0 = WPA
// bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
// Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
// In other words, for WPA3, wpa=2 is used the configuration (and
// wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
//wpa=2

For client compatibility therefore:

EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled.
EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled.

To fix this, we can therefore change in the script:

set_default eapol_version 0

To the following:

set_default eapol_version $((wpa & 1))

This therefore:
1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set.
2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset.

For usual configurations that only have WPA2 enabled, EAPOLv2 is then used.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-22 19:11:50 +01:00
Rosen Penev
6a1ad19cd3 tcpdump: fix pcap-config issues
The patch removes a libpcap check to avoid a problem with libpcap. Fix
libpcap instead.

Modernize Makefile:

Use a normal autoconf bool instead of checking for CONFIG_IPV6.

Remove old configure and MAKE_FLAGS hacks. Removing them results in
compilation continuing to work without a problem.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-22 18:59:10 +01:00
Nadim Atiya
1302bee12a hostapd: parse skip_inactivity_poll option
hostapd.sh does not parse skip_inactivity_poll boolean from
/etc/config/wireless despite being mentioned in the documentation [1].
This change fixes this, and by default sets its value to 0 [1].

[1] https://openwrt.org/docs/guide-user/network/wifi/basic

Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[fix and reformat commit message, make patch apply]
2020-12-22 15:23:35 +00:00
Petr Štetiar
0cf3c5dd72 uhttpd: don't redirect to HTTPS by default
So we can ship px5g-wolfssl by default in the release image, but still
make the HTTPS for LuCI optional. This small change with addition of
`CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the
next release should provide optional HTTPS in the next release.

Disabling the current default automatic uhttpd's redirect to HTTPS
should make the HTTPS optional. That's it, user would either need to
switch to HTTPS by manually switching to https:// protocol in the URL or
by issuing the following commands to make the HTTPS automatic redirect
permanent:

 $ uci set uhttpd.main.redirect_https=1
 $ uci commit uhttpd
 $ service uhttpd reload

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-20 10:36:51 +01:00
Nick Hainke
05a1b11c71 netifd: update to latest version
458b1a7e9473 netifd: add segment routing support

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-12-14 20:25:21 +01:00
Daniel Golle
b2d48c1dfe odhcpd: remove local mkdir_p implementation
Replace local mkdir_p implementation in favour of using mkdir_p now
added to libubox.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-13 00:13:18 +00:00
Philip Prindeville
5d2b577a53 xfrm: support 'multicast' attribute on interfaces
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).

Borrowed heavily from:

    b3c9321b9e gre: Support multicast configurable gre interfaces

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-12-11 20:53:36 +01:00
Konstantin Demin
52aa2017d3 dropbear: bump package version
Bump package version after previous changes.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-12-11 13:48:24 +01:00
Konstantin Demin
228298290e dropbear: add ssh-askpass support in configuration
binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215132 (+4b)
  ipk: 111183 -> 111494 (+311b)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
e1bd9645b6 dropbear: roll up recipes into mapping lists
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.

DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
  'header_option|value'

'header_option' is added with value 'value' to 'localoptions.h'.

if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.

in short:
   option|value - add option to localoptions.h
 !!option|value - replace option in sysoptions.h

DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
  'header_option|config_variable|value_enabled|value_disabled'

'header_option' is handled likewise in DB_OPT_COMMON.

if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.

in short:
   option|config|enabled|disabled = add option to localoptions.h
 !!option|config|enabled|disabled = replace option in sysoptions.h

   option := (config) ? enabled : disabled

If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.

PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
79d5c24724 dropbear: rework recipes that configure build
- add two helper functions to avoid mistakes with
  choice of correct header file to work with
- update rules accordingly

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
42eff7c7e6 dropbear: reorder options in Configure recipe
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Konstantin Demin
7e122c353a dropbear: enable back DROPBEAR_USE_PASSWORD_ENV
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.

binary size cost is much less than 1k.

tested on ath79/generic:
  bin: 215128 -> 215128 (no change)
  ipk: 111108 -> 111183 (+75b)

Fixes: 3c801b3dc0 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-12-11 13:48:24 +01:00
Paul Spooren
e7e16667ff iftop: remove package
The package has no reason to be in openwrt.git. Move it to packages.git.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 23:24:22 -10:00
Hans Dedecker
dd3464023f odhcp6c: update to latest git HEAD
0ffa3a3 dhcpv6: harden reconfigure logic
3999b6d dhcpv6: rework DHCPv6 message to string implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-09 22:33:34 +01:00
Jo-Philipp Wich
dd5b3b58d8 lldpd: fix autoreconf failure
The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which
conflicts with the official macro shipped by autoconf-archive.

Due to the official macro having the same name and a higher serial
number, autoconf will prefer including that one instead of the local
copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in
templates, ultimately leading to the following build failure when
linking lldpcli:

    ...-gcc: error: READLINE_LIBS@: No such file or directory

Avoid this problem by renaming the locally shipped macro to not clash
with the official implementation anymore.

Ref: https://github.com/lldpd/lldpd/pull/423
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-12-09 12:36:40 +01:00
Nick Lowe
ce5bcff304 hostapd: Disable 802.11b data rates by default
Set legacy_rates to 0 by default to disable 802.11b data rates by default.

The time has long come where 802.11b DSSS/CCK data rates should be disabled
by default in OpenWRT. Users in need of 802.11b client support can reasonably
enable these where they are needed.

The balance of equities has significantly, and for a long time, tipped
such that dropping backwards compatibility by default with 802.11b
devices is appropriate, proportionate and justified. By doing so,
management and control traffic is moved by default to a 20
MHz wide 6 Mb/s OFDM data rate instead of a 22 MHz wide 1 Mb/s DSSS data
rate. This is significantly more airtime efficient.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-12-06 08:51:32 -10:00
Rosen Penev
28a9ac74cc openvpn: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
2020-12-05 10:09:01 -10:00
Rosen Penev
57a8028949 openvpn-easy-rsa: remove
This will be moved to packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-12-05 10:08:49 -10:00
Hans Dedecker
13734075d2 odhcp6c: update to git HEAD
faed29a dhcpv6: only refresh timers when reconfigure is valid
9c50975 dhcpv6: fix printing identity association id
a7b2221 dhcpv6: avoid sending continuous renew/rebind messages
d7afa2b dhcpv6: add extra syslog info traces
f5728e4 odhcp6c_find_entry: exclude priority from the list of fields that must match

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-12-05 20:48:50 +01:00
Felix Fietkau
36db12b883 netifd: update to the latest version
d6bd1047d004 vlandev: dump vlan id in device status
e0c838bd06a6 vlandev: support bridge-vlan aliases in the vid config parameter
574dc4a17105 system-dummy: print configured mac address
14f0e8ff928f system-linux: simplify mask check in system_if_apply_settings
524310276f20 system-linux: move device settings handling to device.c
42c48866f1c1 config: parse default mac address from board.json

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-12-02 12:08:52 +01:00
Jan Pavlinec
520403cd49 umdns: add check for seccomp list
This should fix an issue when user have a router with enabled seccomp
and tries to run umdns package which was build with SDK with disabled
seccomp support.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-30 10:38:13 +00:00
Nick Lowe
81ff23fc91 hostapd: Add cell_density data rates option
Add a cell_density option to configure data rates for normal, high and
very high cell density wireless deployments.

The purpose of using a minimum basic/mandatory data rate that is higher
than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density
environments is to transmit broadcast/multicast data frames using less
airtime or to reduce management overheads where significant co-channel
interference (CCI) exists and cannot be avoided.

Caution: Without careful design and validation, configuration of a too
high minimum basic/mandatory data rate can sacrifice connection stability
or disrupt the ability to reliably connect and authenticate for little to
no capacity benefit. This is because this configuration affects the
ability of clients to hear and demodulate management, control and
broadcast/multicast data frames.

Deployments that have not been specifically designed and validated are
usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data
rates.

Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b
compatible), minimum basic/mandatory rate in high cell density
deployments that have been designed and validated for this.

For many deployments, the minimum basic/mandatory data rate should not be
configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a
configuration is only appropriate for use in very high cell density
deployment scenarios.

A cell_density of Very High (3) should only be used where a deployment
has a valid use case and has been designed and validated specifically for
this use, nearly always with highly directional antennas - an example
would be stadium deployments. For example, with a 24 Mb/s OFDM minimum
basic/mandatory data rate, approximately a -73 dBm RSSI is required to
decode frames. Many clients will not have roamed elsewhere by the time
that they experience -73 dBm and, where they do, they frequently may not
hear and be able to demodulate beacon, control or broadcast/multicast
data frames causing connectivity issues.

There is a myth that disabling lower basic/mandatory data rates will
improve roaming and avoid sticky clients. For 802.11n, 802.11ac and
802.11ax clients this is not correct as clients will shift to and use
lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are
able to be used as basic/mandatory data rates.

There is a myth that disabling lower basic/mandatory data rates will
ensure that clients only use higher data rates and that better
performance is assured. For 802.11n, 802.11ac and 802.11ax clients this
is not correct as clients will shift around and use MCS rates and not the
802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory
data rates.

Cell Density

0 - Disabled (Default)
Setting cell_density to 0 does not configure data rates. This is the
default.

1 - Normal Cell Density
Setting cell_density to 1 configures the basic/mandatory rates to 6, 12
and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting cell_density to 1 configures the basic/mandatory rates to the 5.5
and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower
than the minimum basic/mandatory rate are not offered.

2 - High Cell Density
Setting the cell_density to 2 configures the basic/mandatory rates to the
12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower
than the minimum basic/mandatory rate are not offered.
Setting the cell_density to 2 configures the basic/mandatory rates to the
11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the
minimum basic/mandatory rate are not offered.

3 - Very High Cell Density
Setting the cell_density to 3 configures the basic/mandatory rates to the
24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the
minimum basic/mandatory rate are not offered.
Setting the cell_density to 3 only has effect where legacy_rates is 0,
else this has the same effect as being configured with a cell_density of 2.

Where specified, the basic_rate and supported_rates options continue to
override both the cell_density and legacy_rates options.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
2020-11-30 09:31:15 +01:00
Daniel Golle
64cbfd1f54 umdns: update seccomp filter rules
Add 'writev' syscall to list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Stijn Tintel
26c26e11a2 hostapd: fix "sh: out of range" errors
Several variables in hostapd.sh can be used uninitialized in numerical
comparisons, causing errors in logread:

netifd: radio24 (1668): sh: out of range

Set defaults for those variables to silence those errors.

Fixes: b518f07d4b ("hostapd: remove ieee80211v option")
Fixes: cc80cf53c5 ("hostapd: add FTM responder support")
Fixes: e66bd0eb04 ("hostapd: make rrm report independent of ieee80211k setting")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 02:25:23 +02:00
Stijn Tintel
c5ea37af7e lldpd: bump to 1.0.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-11-26 00:25:25 +02:00
Jan Pavlinec
5bb3cc749e tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-25 05:49:09 +01:00
Martin Schiller
b4b829fe64 uqmi: set plmn only if necessary
Setting the plmn to '0' (auto) will implicitly lead to a (delayed)
network re-registration, which could further lead to some timing
related issues in the qmi proto handler.

On the other hand, if you switch back from manual plmn selection
to auto mode you have to set it to '0', because this setting is
permanently "saved" in the wwan module.

Conclusion:
If plmn is configured, check if it's already set euqally in the module.
If so, do nothing. Otherwise set it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-24 15:18:16 +00:00
Leon M. George
651f0c0999 hostapd: fix patch offset
Fixes the offset of the patch added in 93bbd998aa
  ("hostapd: enter DFS state if no available channel is found").

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-11-23 22:53:15 +01:00
Felix Fietkau
4799810745 netifd: update to the latest version
213748a9bcd9 system-linux: implement full device present state management for force-external devices
3abe1fc87151 system-linux: add retry for adding member devices to a bridge

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-23 12:52:11 +01:00
Rui Salvaterra
dd4e6a70f2 hostapd: enable the epoll-based event loop
Hostapd supports epoll() since 2014. Let's enable it for better performance.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-23 03:02:21 +00:00
Daniel Golle
97ac290090 uhttpd: update to git HEAD
f53a639 ubus: fix uhttpd crash

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 02:06:35 +00:00
Daniel Golle
e065c9184c uqmi: update to git HEAD
65796a6 nas: add --get-plmn
 0a19b5b uqmi: add timeout parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 21:58:22 +00:00
Filip Moc
ce293cd3ac uqmi: set device-operating-mode to online
This is required for LTE module MR400 (in TL-MR6400 v4).
Otherwise LTE module won't register to GSM network.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:14:09 +00:00
Filip Moc
9ebbb55113 uqmi: add support for IPv4 autoconf from QMI
There already was an option for autoconfiguring IPv4 from QMI but this
was removed by commit 3b9b963e6e ("uqmi: always use DHCP for IPv4").

DHCP does not work on MR400 LTE module (in TL-MR6400 v4) so let's readd
support for IPv4 autoconf from QMI but this time allow to configure this
for IPv4 and IPv6 independently and keep DHCP default on IPv4.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:13:39 +00:00
Thomas Richard
2b3a0cabea uqmi: wait forever registration if timeout set to 0
Give possibility to wait forever the registration by setting timeout
option to 0.

No timeout can be useful if the interface starts whereas no network is
available, because at the end of timeout the interface will be stopped
and never restarted.

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
2020-11-22 21:13:18 +00:00
Felix Fietkau
5242bf7cf7 netifd: update to the latest version
351d690f1a09 wireless: fix passing bridge name for vlan hotplug pass-through
c1c2728946b5 config: initialize bridge and bridge vlans before other devices
5e18d5b9ccb1 interface: do not force link-ext hotplug interfaces to present by default
4544f026bb09 bridge-vlan: add support for defining aliases for vlan ids

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-21 10:24:37 +01:00
Hauke Mehrtens
ad0711559d iperf3: Update to version 3.9
No special changes, just get in sync with recent code.
See here for the changelog:
http://software.es.net/iperf/news.html#iperf-3-9-released

The ipkg sizes changes as follows for mips 24kc :
	3.7 : iperf3_3.7-1_mips_24kc.ipk 39675
	3.9 : iperf3_3.9-1_mips_24kc.ipk 41586

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 18:59:36 +01:00
Hans Dedecker
7330348f2d ethtool: update to version 5.9
The ipkg sizes changes as follows for mips 24kc :
	5.8 : ethtool_5.8-1_mips_24kc.ipk 34930
	5.9 : ethtool_5.9-1_mips_24kc.ipk 35241

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-17 21:31:23 +01:00
David Bauer
21dfdfd78b hostapd: set validity interval for BSS TMRA
This sets the validity interval for the BSS transition candidate
list to the same value as the disassociation timer.

Currently the value is always 0, which is the specification states is a
reserved value. Also, wpa_supplicant and from the looks of it some
Android implementations will outright ignore the candidate list in this
case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:06:39 +01:00
Dobroslaw Kijowski
edb93eda16 hostapd: add support for static airtime policy configuration
* Add support for passing airtime_sta_weight into hostapd configuration.
* Since that commit it is possible to configure station weights. Set higher
  value for larger airtime share, lower for smaller share.

I have tested this functionality by modyfing /etc/config/wireless to:

config wifi-device 'radio0'
	...
        option airtime_mode '1'

config wifi-iface 'default_radio0'
	...
        list airtime_sta_weight '01:02:03:04:05:06 1024'

Now, when the station associates with the access point it has been assigned
a higher weight value.
root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/netdev\:wlan0/stations/01\:02\:03\:04\:05\:06/airtime
RX: 12656 us
TX: 10617 us
Weight: 1024
Deficit: VO: -2075 us VI: 256 us BE: -206 us BK: 256 us

[MAC address has been changed into a dummy one.]

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:06:16 +01:00
Dobroslaw Kijowski
03cdeb5f97 hostapd: fix per-BSS airtime configuration
airtime_mode is always parsed as an empty string since it hasn't been
added into hostapd_common_add_device_config function.

Fixes: e289f183 ("hostapd: add support for per-BSS airtime configuration")
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:05:20 +01:00
David Bauer
0ce5f15f9c hostapd: ubus: add get_status method
This adds a new get_status method to a hostapd interface, which
provides information about the current interface status.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:05:06 +01:00
David Bauer
80b531614b hostapd: ubus: add VHT capabilities to client list
This adds parsed VHT capability information to the hostapd
get_clients method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:40 +01:00
David Bauer
cd8052da49 hostapd: ubus: add driver information to client list
This adds information from mac80211 to hostapd get_client ubus function.
This way, TX as well as RX status information as well as the signal can
be determined.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:33 +01:00
David Bauer
7463a0b5ee hostapd: fix variable shadowing
Fixes commit 838b412cb5 ("hostapd: add interworking support")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:22 +01:00
Daniel Golle
01b83040d3 umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Alberto Bursi
a4d52522c7 wireguard-tools: fix category/description in menuconfig
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-17 13:03:16 +01:00
Hans Dedecker
0f7a3288e1 odhcpd: update to latest git HEAD
fb55e80 dhcpv6-ia : write statefile atomically

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:48:33 +01:00
Hans Dedecker
aaf3443e1a dropbear: update to 2.81
Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:23:47 +01:00
Rui Salvaterra
c63908afd2 wireguard-tools: drop the dependency on ip-{tiny,full}
BusyBox ip already provides the required functionality and is enabled by default
in OpenWrt. This patch drops the ip dependency and makes the BusyBox ip required
dependencies explicit, allowing for a significant image size reduction.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin size:
4588354 bytes (with ip-tiny)
4457282 bytes (with BusyBox ip)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-14 17:46:35 +01:00
Hans Dedecker
ee8ef9b10b iproute2: update to 5.9
Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Hauke Mehrtens <hauke@huake-m.de>
2020-11-14 09:24:48 +01:00
Felix Fietkau
c4600e6261 netifd: update to the latest version
4a41135750d9 system-linux: only overwrite dev->present state on check_state for simple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 12:49:27 +01:00
Yangbo Lu
01aa24f985 layerscape: make restool depend on TARGET_layerscape_armv8_64b
The restool is for Layerscape DPAA2 platforms which are
ARMv8 platforms.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-11-12 17:18:26 +01:00
Jason A. Donenfeld
a0df35e89c wireguard: bump to 1.0.20201112
* noise: take lock when removing handshake entry from table

This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.

* netns: check that route_me_harder packets use the right sk

A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.

* qemu: drop build support for rhel 8.2

We now test 8.3+.

* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version

The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-12 13:28:38 +01:00
Felix Fietkau
a0be58576c netifd: update to the latest version
3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops
a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
dd5e61153636 bridge: show vlans in device status
a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged
d1e8884f8911 bridge: fix use-after-free bug on bridge member free
3a2b21001c3c system-dummy: set present state only for simple devices
ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Aleksandr Mezin
acb336235c dnsmasq: 'ipset' config sections
Allow configuring ipsets with dedicated config sections:

    config ipset
        list name 'ss_rules_dst_forward'
        list name 'ss_rules6_dst_forward'
        list domain 't.me'
        list domain 'telegram.org'

instead of current, rather inconvenient syntax:

    config dnsmasq
        ...
        list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'

Current syntax will still continue to work though.

With this change, a LuCI GUI for DNS ipsets should be easy to implement.

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-11-11 20:47:34 +01:00
Jan Pavlinec
a86c0d97b5 dnsmasq: explictly set ednspacket_max value
This is related to DNS Flag Day 2020. It sets default
ends buffer size value to 1232.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-09 20:44:46 +01:00
Paul Spooren
753309c7dd uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-09 10:54:29 +00:00
Rui Salvaterra
682843adad hostapd: add a hostapd-basic-wolfssl variant
If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:

4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-08 20:25:59 +00:00
Florian Eckert
42675aa30c dropbear: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
ba9b8da466 ltq-vdsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
00e87255f2 ltq-adsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Hans Dedecker
cafa3dc7c7 odhcpd: fix compile problem on 64-bit systems
735c783 dhcpv6: fix size_t fields in syslog format

Fixes 5cdc65f6d1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-01 20:44:54 +01:00
Hans Dedecker
5cdc65f6d1 odhcpd: update to latest git HEAD
5700919 dhcpv6: add explicit dhcpv4o6 server address
e4f4e62 dhcpv6: add DHCPv4-over-DHCPv6 support
aff290b dhcpv6: check message type
2677fa1 router: fix advertisement interval option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-31 21:27:47 +01:00
Rui Salvaterra
f8c88a8775 hostapd: enable OWE for the basic-{openssl, wolfssl} variants
Opportunistic Wireless Encryption is needed to create/access encrypted networks
which don't require authentication.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-31 13:02:28 +00:00
Daniel Golle
c3a4cddaaf hostapd: remove hostapd-hs20 variant
Hotspot 2.0 AP features have been made available in the -full variants
of hostapd and wpad. Hence we no longer need a seperate package for
that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
Rui Salvaterra
10e73b1e9e hostapd: add {hostapd,wpad}-basic-openssl variants
Add OpenSSL-linked basic variants (which provides WPA-PSK only, 802.11r and
802.11w) of both hostapd and wpad. For people who don't need the full hostapd
but are stuck with libopenssl for other reasons, this saves space by avoiding
the need of an additional library (or a larger hostapd with built-in crypto).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-30 00:39:09 +00:00
David Bauer
9f1927173a hostapd: wpas: add missing config symbols
This adds missing config symbols for interworking as well as Hotspot 2.0
to the wpa_supplicant-full configuration.

These symbols were added to the hostapd-full configuration prior to this
commit. Without adding them to the wpa_supplicant configuration,
building of wpad-full fails.

Thanks to Rene for reaching out on IRC.

Fixes: commit be9694aaa2 ("hostapd: add UCI support for Hotspot 2.0")
Fixes: commit 838b412cb5 ("hostapd: add interworking support")
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 03:25:25 +01:00
Daniel Golle
256fa157a9 dnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable
/etc/hotplug.d/ntp/25-dnsmasqsec is being sourced by /sbin/hotplug-call
running as ntpd user. For that to work the file needs to be readable by
that user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-28 02:01:04 +00:00
David Bauer
83d40aef13 hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:34 +01:00
David Bauer
838b412cb5 hostapd: add interworking support
This adds configuration options to enable interworking for hostapd.
All options require iw_enabled to be set to 1 for a given VAP.

All IEEE802.11u related settings are supported with exception of the
venue information which will be added as separate UCI sections at a
later point.

The options use the same name as the ones from the hostapd.conf file
with a "iw_" prefix added.

All UCI configuration options are passed without further modifications
to hostapd with exceptions of the following options, whose elements can
be provided using UCI lis elements:

 - iw_roaming_consortium
 - iw_anqp_elem
 - iw_nai_realm
 - iw_domain_name
 - iw_anqp_3gpp_cell_net

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:04 +01:00
David Bauer
cc80cf53c5 hostapd: add FTM responder support
This adds support for enabling the FTM responder flag for the APs
extended capabilities. On supported hardware, enabling the ftm_responder
config key for a given AP will enable the FTM responder bit.

FTM support itself is unconditionally implemented in the devices
firmware (ath10k 2nd generation with 3.2.1.1 firmware). There's
currently no softmac implementation.

Also allow to configure LCI and civic location information which can be
transmitted to a FTM initiator.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:56 +01:00
David Bauer
b518f07d4b hostapd: remove ieee80211v option
Remove the ieee80211v option. It previously was required to be enabled
in order to use time_advertisement, time_zone, wnm_sleep_mode and
bss_transition, however it didn't enable any of these options by default.

Remove it, as configuring these options independently is enough.

This change does not influence the behavior of any already configured
setting.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:29 +01:00
David Bauer
e66bd0eb04 hostapd: make rrm report independent of ieee80211k setting
Allow to configure both RRM beacon as well as neighbor reports
independently and only enable them by default in case the ieee80211k
config option is set.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:22 +01:00
Petr Štetiar
f9005d4f80 umdns: update to version 2020-10-26
59e4fc98162d cache: cache_answer: fix off by one
4cece9cc7db4 cache: cache_record_find: fix buffer overflow
be687257ee0b cmake: tests: provide umdns-san binary
bf01f2dd0089 tests: add dns_handle_packet_file tool
134afc728846 tests: add libFuzzer based fuzzing
de08a2c71ca8 cmake: create static library
cdc18fbb3ea8 interface: fix possible null pointer dereference
1fa034c65cb6 interface: fix value stored to 'fd' is never read
3a67ebe3fc66 Add initial GitLab CI support
50caea125517 cmake: fix include dirs and libs lookup

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Joel Johnson
d7db32440f dnsmasq: include IPv6 local nameserver entry
For IPv6 native connections when using IPv6 DNS lookups, there is no
valid default resolver if ignoring WAN DHCP provided nameservers.

This uses a runtime check to determine if IPv6 is supported on the host.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
2020-10-26 18:51:35 +01:00
Daniel Golle
2e746b4d29 busybox: make username consistent
ntpd in packages feed had already a user 'ntp' with UID 123 declared.
Rename the username of busybox-ntpd to be 'ntp' instead of 'ntpd' so
it doesn't clash.

Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 17:26:30 +00:00
Daniel Golle
70c17268a8 dnsmasq: adapt to non-root ntpd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Yousong Zhou
d23443f4d9 netifd: bump to version 2020-10-22
Changelog follows

  ced0d535 build: find and use libnl header dirs
  5722218e proto: rework parse_addr to return struct device_addr
  3d7bf604 device_addr: record address index as in the blob
  24ce1eab interface: proto_ip: order by address index first

This bump mainly affects order of interface addresses in ubus output.  At the
moment dnsmasq uses first address of an interface for setting dhcp-range option
in its config

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-10-24 18:35:27 +08:00
Daniel Golle
061904d7e3 uhttpd: adapt defaults for changes ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
63e2e086be hostapd: ubus: add handler for wps_status and guard WPS calls
Expose WPS ubus API only if compiled with WPS support and add new
handler for wps_status call.
Also add '-v wps' option to check whether WPS support is present in
hostapd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 00:38:06 +01:00
Hans Dedecker
156b72b9aa netifd: update to latest git HEAD
64ff909 system-linux: initialize ifreq struct before using it

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-10 21:15:38 +02:00
Hans Dedecker
e5f7a9889c ppp: update to version 2.4.8.git-2020-10-03
2937722 Enable IPv6 by default (#171)
6d39c65 pppd: Fix blank password usage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-05 21:29:01 +02:00
Jo-Philipp Wich
2a90d308c7 uhttpd: update to latest Git HEAD
14a3cb4 ubus: fix legacy empty reply format
0f38b03 client: fix spurious keepalive connection timeouts
88ba2fa client: really close connection on timeout
c186212 ubus: support GET method with CORS requests

Fixes: FS#3369
Fixes: https://github.com/openwrt/luci/issues/4467
Fixes: https://github.com/openwrt/luci/issues/4470
Fixes: https://github.com/openwrt/luci/issues/4479
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-04 23:09:59 +02:00
Felix Fietkau
cba4120768 mac80211: add support for specifying a per-device scan list
This is useful to bring up multiple client mode interfaces on a single
channel much faster without having to scan through a lot of channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-09-29 17:32:26 +02:00
Yousong Zhou
7dc78d1d28 dnsmasq: fix handling ignore condition for dnssec
It should return false to indicate that the option should not be ignored

Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not
available")

Reported-by: Sami Olmari <sami@olmari.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-09-25 10:31:36 +08:00
W. Michael Petullo
d20007ce91 dnsmasq: support tftp_unique_root in /etc/config/dhcp
The TFTP server provided by dnsmasq supports serving a select boot image
based on the client's MAC or IP address. This allows an administrator
to activate this feature in /etc/config/dhcp. Here is an example
/etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac:

...

config dnsmasq
	option enable_tftp 1
	option tftp_root /usr/libexec/tftpboot
	option tftp_unique_root mac

config boot router
	option serveraddress 192.168.1.1
	option servername tftp.example.com
	option filename openwrt-initramfs-kernel.bin

...

With this configuration, dnsmasq will serve
/usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to
the client with MAC address 00:11:22:33:44:55.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-09-24 22:38:37 +02:00
Hans Dedecker
ad3044c424 vxlan: fix rsc config option
Fix route short circuit config option; fixes commit 036221ce5a

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-24 22:14:36 +02:00
Hans Dedecker
036221ce5a vxlan: add extra config options
Add config options:
  srcportmin/srcportmax : range of port numbers to use as  UDP source ports
                          to communicate to the remote VXLAN tunnel endpoint
  ageing                : lifetime in seconds of FDB entries learnt by the kernel
  maxaddress            : maximum number of FDB entries
  learning              : enable/disable entering unknown source link layer addresses
                          and IP addresses into the VXLAN device FDB.
  rsc                   : enable/disable route short circuit
  proxy                 : enable/disable ARP proxy
  l2miss                : enable/disable netlink LLADDR miss notifications
  l3miss                : enable/disable netlink IP ADDR miss notifications
  gbp                   : enable/disable the Group Policy extension

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-23 21:45:15 +02:00
David Bauer
c5eea362f3 hostapd: ubus: make (B)SSID optional for neighbor report
Make the BSSID and SSID fields optional when configuring a neighbor
report into hostapd.

Both options can now be an empty string. For the BSSID, the first 6 byte
are copied from the neighbor report. For the SSID, the SSID for the
affected hostapd BSS is used.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:41:10 +02:00
David Bauer
560e54c69e hostapd: ubus: send notification instead of event
Rafal Milecki pointed out that ubus events are meant for low-level ubus
events only (e.g. addition or removal of an object). Higher level
events should happen as notifications on the ubus object itself.

Dispatch BSS events on the main hostapd ubus object instead of
publishing them as ubus events.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-22 17:40:08 +02:00
David Bauer
d643b10a76 hostapd: ubus: fix infinite loop when configuring RRM NR
The return-code was set, however it was never returned, nor was
the loop interrupted.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:27:56 +02:00
David Bauer
8e7aa739fb hostapd: send procd event on BSS update
Dispatch ubus events also to procd in order to trigger service reloads
on hostapd updates.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:27 +02:00
David Bauer
6254af0c37 hostapd: send ubus event on BSS update
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.

This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-21 21:26:12 +02:00
Stijn Segers
ec80139629 odhcpd: number UCI defaults script
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-09-21 20:59:40 +02:00
Tony Ambardar
5582fbd613 bpftools: support NLS, fix ppc build and update to 5.8.9
With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so
and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper
to set library prefixes and flags accordingly, and also conditionally add
"-lintl" as link-time library.

Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h.

Use upstream stable kernel 5.8.9, and fix overriding of feature detection
to only allow/hide detected features. Also refresh existing patches.

Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting
eBPF usage")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-09-18 21:42:05 +02:00
Rafał Miłecki
c57b907f86 uhttpd: update to the latest master
47c34bd ubus: add ACL support for "subscribe" request

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:16:06 +02:00
Rafał Miłecki
4a3230683b uhttpd: update to the latest master
1172357 ubus: add new RESTful API
fe1888f ubus: fix blob_buf initialization

Fixes: 3d167ed805 ("uhttpd: update to the latest master")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-15 13:45:33 +02:00
Hans Dedecker
96586ad8ca netifd: update to latest git HEAD
55a7b6b netifd: vxlan: add aging and maxaddress options
11223f5 netifd: vxlan: add most missing boolean options
226566b netifd: vxlan: refactor mapping of boolean attrs
a3c033e netifd: vxlan: handle srcport range

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-12 21:29:20 +02:00
David Bauer
e289f18347 hostapd: add support for per-BSS airtime configuration
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.

Support for this feature is only enabled in the full flavors of hostapd.

Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-11 17:35:48 +02:00
Daniel Golle
fb22f4ae3a rssileds: update maintainer email address
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-10 02:58:30 +01:00
Jason A. Donenfeld
bf0881dc72 wireguard-tools: bump to 1.0.20200827
* ipc: split into separate files per-platform

This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.

* man: wg-quick: use syncconf instead of addconf for strip example

Simple documentation fix.

* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h

In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 20:47:19 +02:00
Martin Schiller
d6235f48f8 openvpn: fix shell compare operator in openvpn.init
Don't use bash syntax, because /bin/sh is used here.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-09 14:02:21 +02:00
Jason A. Donenfeld
d8104c8353 wireguard: bump to 1.0.20200908
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros

Backports from upstream changes.

* peerlookup: take lock before checking hash in replace operation

A fix for a race condition caught by syzkaller.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-09-09 07:54:20 +02:00
Daniel Golle
be9694aaa2 hostapd: add UCI support for Hotspot 2.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Daniel Golle
7ed34f65d0 netifd: update to git HEAD
3d9bd73 utils: fix check_pid_path to work with deleted file as well
 330f403 vlan: initialize device ifname earlier at creation time
 c057e71 device: do not check state from within device_init
 cb0c07b system-dummy: fix resolving ifindex
 ccd9ddc bridge: add support for turning on vlan_filtering
 82bcb64 bridge: add support for adding vlans to a bridge
 0e8cea0 bridge: add support for VLAN filtering
 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
 ac0710b device: look up full device name before traversing vlan chain
 e32e21e bridge: flush vlan list on bridge free
 645ceed interface-ip: clear host bits of the device prefix
 d7b614a netifd-wireless: parse 'osen' encryption

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-08 20:04:14 +01:00
Paul Spooren
d0f295837a dropbear: Enable Ed25519 for normal devices
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-06 23:19:20 +02:00
Hauke Mehrtens
b71433f42d iw: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
iw_5.4-1_mips_24kc.ipk		35.767
iw-full_5.4-1_mips_24kc.ipk	68.423

new:
iw_5.8-1_mips_24kc.ipk		36.883
iw-full_5.8-1_mips_24kc.ipk	71.992

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:51 +02:00
Hauke Mehrtens
103225b412 nftables: Activate link time optimization (LTO)
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

new:
nftables-json_0.9.6-2_mips_24kc.ipk	221.894
nftables-nojson_0.9.6-2_mips_24kc.ipk	193.932

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hauke Mehrtens
13b4ed4cf4 nftables: Update to version 0.9.6
The ipk sizes for mips_24Kc change like this:
old:
nftables-json_0.9.3-1_mips_24kc.ipk	220.262
nftables-nojson_0.9.3-1_mips_24kc.ipk	192.937

new:
nftables-json_0.9.6-1_mips_24kc.ipk	231.968
nftables-nojson_0.9.6-1_mips_24kc.ipk	204.731

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-06 20:30:18 +02:00
Hans Dedecker
04e0e4167e ppp: update to latest git HEAD
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-09-05 20:13:40 +02:00
David Bauer
7f676b5ed6 firewall: bump to latest HEAD
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-05 15:43:16 +02:00
Daniel Golle
80a194b100 hostapd: add hs20 variant
Add hostapd variant compiled with support for Hotspot 2.0 AP features.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 21:37:35 +01:00
Tony Ambardar
2f0d672088 bpftools: add utility and library packages supporting eBPF usage
Add support for building bpftool and libbpf from the latest 5.8.3 kernel
sources, ensuring up-to-date functionality and fixes. Both are written to
be backwards compatible, which simplfies build and usage across different
OpenWRT image kernels.

'bpftool' is the primary userspace tool widely used for introspection and
manipulation of eBPF programs and maps. Two variants are built: a 'full'
version which supports object disassembly and depends on libbfd/libopcodes
(total ~500KB); and a 'minimal' version without disassembly functions and
dependencies. The default 'minimal' variant is otherwise fully functional,
and both are compiled using LTO for further (~30KB) size reductions.

'libbpf' provides shared/static libraries and dev files needed for building
userspace programs that perform eBPF interaction.

Several cross-compilation and build-failure problems are addressed by new
patches and ones backported from farther upstream:

  * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
  * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
  * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
  * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-08-31 12:23:59 +01:00
Hauke Mehrtens
4e2a994d2d ethtool: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ethtool_5.4-1_mips_24kc.ipk	101.909

new:
ethtool_5.8-1_mips_24kc.ipk	109.699

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2020-08-30 22:21:34 +02:00
Hauke Mehrtens
0b2f97beed iproute2: Update to version 5.8
The ipk sizes for mips_24Kc change like this:
old:
ip-full_5.7.0-2_mips_24kc.ipk	165.786
ip-tiny_5.7.0-2_mips_24kc.ipk	117.730
tc_5.7.0-2_mips_24kc.ipk	144.405

new:
ip-full_5.8.0-1_mips_24kc.ipk	169.775
ip-tiny_5.8.0-1_mips_24kc.ipk	119.808
tc_5.8.0-1_mips_24kc.ipk	149.053

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-30 22:21:34 +02:00
Aaron Goodman
47b2ee2d9a wireguard-tools: add tunlink option for hostroute
In a multi-wan setup, netifd may need guidance on which wan device to
use to create the route to the remote peer.

This commit adds a 'tunlink' option similar to other tunneling interfaces
such as 6in4, 6rd, gre, etc.

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-08-30 21:47:13 +02:00
Paul Spooren
a5d030a54f curl: move package to packages.git
curl is replaced by uclient-fetch within the OpenWrt build system and we
can therefore move curl to packages.git. This is based on the Hamburg
2019 decision that non essential packages should move outside base.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-27 21:18:21 +02:00
Hauke Mehrtens
bc19481826 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-27 12:11:47 +02:00
Hauke Mehrtens
2745f6afe6 curl: Use wolfssl by default
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:43 +02:00
Hauke Mehrtens
b5191f3366 curl: Fix build with wolfssl
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.

checking size of time_t... configure: error: cannot determine a size for time_t

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-26 21:00:42 +02:00
Hauke Mehrtens
a69949a13f firewall: Fix PKG_MIRROR_HASH
Fixes: 6c57fb7aa9 ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-08-24 18:54:00 +02:00