If the first resolveip call will fail, peeraddr will be now empty, and
the subsequent resolveip call will try to resolve an empty string.
Fix this by storing the result in a temporary variable.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 45712
Bump dnsmasq to v2.73rc8
Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
SVN-Revision: 45693
hand over parameters to user-script e.g. $1=deconfig
Signed-off-by: Leon George <leon@georgemail.de>
Signed-off-by: Christian Mehlis <christian@m3hlis.de>
SVN-Revision: 45626
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45602
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished. That section of the patch was removed.
Built and lightly tested on ar71xx against uClibc and musl.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 45512
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh
The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.
Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.
root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf /var/run/hostapd-phy1.conf
/var/run/hostapd:
wlan0 wlan1
The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/
The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
[-G<ping interval>] [command..]
...
-p<path> path to find control sockets (default: /var/run/hostapd)
...
-i<ifname> Interface to listen on (default: first interface found in the
socket path)
Below is a run with the default script and with my proposed solution.
Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh
if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
for dir in /var/run/hostapd*; do
[ -d "$dir" ] || continue
logger "WPS activated for: $dir"
hostapd_cli -p "$dir" wps_pbc
done
fi
>>>> WPS BUTTON PRESSED <<<<<
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd
wlan0 got WPS activated, while wlan1 remained inactive.
I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.
Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh
if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
cd /var/run/hostapd
for dir in *; do
[ -S "$socket" ] || continue
logger "WPS activated for: $socket"
hostapd_cli -i "$socket" wps_pbc
done
fi
>>>> WPS BUTTON PRESSED <<<<<
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1
Both radios got their WPS activated properly.
I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.
The modified script has been in a slightly different format in my community
build since r42420 in September 2014.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 45492
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.
The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.
https://dev.openwrt.org/ticket/19345
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 45380
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45351
it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45350
This patch adds the wpan-tools (iwpan) utility to OpenWRT
build system. This utility required to manage IEE-802.15.4
devices.
Signed-off-by: Varka Bhadram <varkab@cdac.in>
SVN-Revision: 45349
Enables last error support for the PPP protocol handlers.
In generic teardown the PPP daemon exit code is translated into
a self explaining error string which is set as interface error
by proto_notify_error in case of failure.
Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45333
The arg argument is missing to the printer call in the print_option
utility when the option flag OPT_A2STRVAL is set.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45264
PPPD crashes (SEGV) when the dump or dryrun options are specified and an option
is internally defined as "o_special" with an option flag of "OPT_A2STRVAL".
As the option value is not saved when the parameter is processed, a reference
to the option will result into a crash (e.g. when printing).
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45263
User might have modified/extended template direct or by LuCI application.
So do not overwrite on update/upgrade.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 45258
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 45213
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 45050
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 45049
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 45048
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45047
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45045
Helpful to disable when debugging lldpd crashes (when working on it).
When privilege separation is on, some crashes are stack-traced to
some privilege separation code.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 44967
from Erik Tews <erik@datenzone.de>
This patch has two effects. First, the quickleave feature/behaviour is
disabled for all groups that are used on more than one interface. The
idea of quickleave is to leave a group fast and later figure out whether
there is still somebody interested in that group. For groups used on
more than one interface, it is already known that there is still
somebody interested in that group.
Second, when a leave is received for a group that is used on more than
one interface, igmpproxy sends queries on all interface to discover
remeining listeners for that group. Previously these queries were only
send on the interface the leave was received on, so that listeners on
the other interfaces were not discovered and the group might be left on
the upstream router incorrectly.
This patch can be improved by sending the queries only on the interface
the leave was received on and adapting the algorithm in
internAgeRoute(...) in rttable.c in a way that only one interface is
actually processed and all other interfaces of the route are silently
assumed to be still active.
Signed-off-by: Erik Tews <erik@datenzone.de>
SVN-Revision: 44859
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations install a host route towards the gateway.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44789
DNSMASQ has the ability to provide a menu to a pxeboot system, using
the --pxe-prompt and --pxe-service configuration options. The current
init.d script converting the "dhcp" file to "dnsmasq.conf" does not
find these options, but they are supported. This patch thus enables
the options.
Signed-off-by: Derek LaHousse <dlahouss@mtu.edu>
SVN-Revision: 44747
The --dhcp-boot option of dnsmasq does not require servername and serveraddress
arguments if the builtin tftp server is used.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 44744
The names for the config options were taken from lldpd's
configure.ac file.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 44743
Below you'll find a patch to add ipmark module support to ipset.
Changeset 44671 already bumped ipset to version 6.24, but it's still
compiled without ipmark support. This is a requirement for mwan3 v1.6.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
SVN-Revision: 44742
Included you'll find a patch to bump ipset to version 6.24. This
version supports the ip,fwmark set, which is needed for mwan3 1.6.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
SVN-Revision: 44671
The wwan package holds the hotplug script to set mobile broadband
interfaces (un)available. Add it as a dependency to comgt-ncm,
uqmi and umbim.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44631
Interface should not be set unavailable in all error cases,
returning 1 is enough.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44630
Adds ncm proto to the list of checked protocols, sets interfaces
unavailable on device removal and removes the unnecessary ifup
command.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44629
USB modem data files should be a part of the wwan package, which
actually uses them unlike comgt.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44628
In a dual-WAN setup, it's useful to specify an interface over which to
have PPTP.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
SVN-Revision: 44507
When passing struct termios to ioctl TCGETS and TCSETS should be
used instead of TCGETA and TCSETA, which are meant for the older
struct termio. Should fix https://dev.openwrt.org/ticket/19012
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44506
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':
config wifi-iface
option device 'radio2'
option network 'uplink'
option mode 'sta'
option ssid 'MyNetwork'
option encryption 'none'
list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'
This change consists of the following cherry-picked upstream commits:
b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)
0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 44438
The recent rework of the 6in4 endpoint update broke the retry mechanism.
Rework the timeout handling and make the update status more verbose.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44327
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.
Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44310
Busybox ash does not implement /dev/stdout, therfore any wget output
is written into a file /dev/stdout instead of onto the standard output.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44301
remove obsolete configuration settings
--disable-thread
--enable-nonblocking
--without-krb4
remove SSPI support
only supported on windows
correct --with/without-ca-path handling
only supported with OpenSSL and PolarSSL
correct LDAP/LDAPS protocol
add dependency libopenldap
added SCP/SFTP protocol
default "No"
depends on libssh2
added IDN support
default "No"
depends on libidn
added SMB protocol (new in 7.40)
default "No"
require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected
added Unix sockets support (new in 7.40)
default "No"
added error verbose messages
default "No"
changes to Makefile
Increase PKG_RELEASE
PKG_CONFIG_DEPENDS and CONFIGURE_ARGS
extended for new functionality
use "autoconf_bool" for all --enable/--disable options
restructure for easier reading
changes to Config.in
extended for new functionality
implement dependencies
restructure and grouping for easier reading
build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44243
This patch fixes the NCM protocol by adding the missing ifname
to the netifd script and changing one unintended "send" statement to
"print" in runcommand.gcom. It also cleans up logging and makes the
manufacturer names case-insensitive. Furthermore, comgt-ncm should
not depend on the USB-serial-related kernel modules, as the cdc-wdm
control device works without them. There is also no need to depend on
kmod-huawei-cdc-ncm, since other manufacturers (like Sony-Ericsson
and Samsung) which use other kernel modules should also be supported.
I'd appreciate if someone with Samsung or Sony-Ericsson modems could
test this, I was only able to test it with Huawei E3276, E3372 and
E353.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44182
* Update to version 7.40.0
* remove non existing config options around enable/disable HTTPS protocoll
* remove --with-ca-path if ssl support disabled
* set proxy support as default like all versions before CC did
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44176
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.
Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44138
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
constant as uhttpd needs to modify its list_head member
* Make sure that uhttpd supports large files by using 64bit ints
where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
* Plug a possible memleak in the directory listing code
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44135
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.
Switch the format to a hex encoded string to support binary data.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44094
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44092
Some Huawei mobile broadband sticks utilizing the NCM protocol expose
the control channel as a cdc-wdm device node instead of a virtual TTY.
This device node does not support the terminal ioctls. This patch
adds a check whether the provided device is a TTY or not and does not
attempt to use the terminal ioctls if they are not supported.
v2: reduce diffstat by simplifying code a little
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44054
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.
Without this patch igmpproxy floods openwrt syslog with messages such as:
user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
239.255.250.250, is not in any valid net for upstream VIF.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
SVN-Revision: 44020
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
SVN-Revision: 44006
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
iproute2 includes "sanitized" linux kernel headers, which work fine for uClibc, however
with musl there is some header conflict, principally some ipv6 structure redefinition. This
patch removes <linux/in6.h> from include/linux/if_bridge.h to solve the problem.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 43992
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 43951
Makes sure that the openvpn instance gets restarted in case of a crash.
Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.
Signed-off-by: Lars Gierth <larsg@systemli.org>
SVN-Revision: 43886
This patch tries to
- Let the DHCPv6 feature depend on CONFIG_IPV6.
- Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
corresponding features are enabled.
- Install `trust-anchors.conf` only if DNSSEC is selected.
- Add PKG_CONFIG_DEPENDS for the configurable options.
- Add a patch to let the Makefile of dnsmasq be aware of changes in
COPTS variable.
Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43851
Target pxcab and ps3 were removed from maintaince in r34764 and r34765
respectively.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43850
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.
The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e
So this can be safely set to 1 as default.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43846
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 43645
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.
Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>
SVN-Revision: 43582
Added complementary blobmsg_close_table() before returning from function
on error.
Signed-off-by: Sławomir Demeszko <s.demeszko@wireless-instruments.com>
SVN-Revision: 43477
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.
Signed-off-by: Ben Franske <ben.mm@franske.com>
SVN-Revision: 43473
Thanks to Dave Taht for debugging and thanks to Comcast for
shipping strangely behaving software so I can fix some corner cases.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43415
Update nf_conntrack_rtsp to latest version based on http://mike.it-loops.com/rtsp/ (rtsp-module-3.7-v2.tar.gz).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 43311
* fixes a bug in multipart sms
* adds a new call to read the sim phone number (partially functioanl)
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43310
b52053b 6in4: https support for he.net tunnel api
introduced HTTPS support using wget.
The busybox version of wget, however, doesn't support the -V option,
thus poluting logfiles with a full invalid-parameter-output.
Redirect stderr to fix that.
As libcurl and curl support selecting the SSL library of your choice,
also add support for curl which is more commonly used on OpenWrt than
"real" wget which needs libopenssl.
Also make sure to respect SSL_CERT_DIR and increase timeouts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43228
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.
When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.
Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43143
HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed. Certificate validation is
conditionally enabled if the CA certs are available.
Signed-off-by: Andrew Skalski <askalski@gmail.com>
SVN-Revision: 43124
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43114
* Fixes sending an extraneous message body for 204 and 304 resoponses which
breaks Chrome in keep-alive mode.
* Adds mimetypes for JSON and JSONP.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43078
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:
mac_address wpa_passphrase_or_hex_key
Example:
00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43001
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42944
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42871
This is not needed after all:
Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).
Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42859
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.
Use the returned ip-address(es) to construct the dropbear listen address.
Signed-off-by: Mathias Kresin <openwrt@kresin.me>
SVN-Revision: 42857
this proto handler will detect which of 3g, qmi, mbim, ncm or directip you need
for a stick and setup uci automagically
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42837
Some ISP seem to only do stateful DHCPv6 and not sending RAs.
This is technically broken because plain DHCPv6 doesn't carry routes.
We work around here by faking a default route to the DHCPv6 server
if we do not receive a useful RA from the ISP.
This workaround can be turned off with: option fakeroutes 0
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42803
The AR9580 with the new ID can be found in the EnGenius ESR900 and the
QCA9880 without any subsystem IDs can be found in the EnGenius ESR1750.
Signed-off-by: Forest Crossman <cyrozap@gmail.com>
SVN-Revision: 42793
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 42787
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42750
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42749
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42748
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42747
The package supports IP in IP by registering the ipip protocol handler
Following options are configurable
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-ttl (time to live of encapsulating packet)
-tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packet)
-mtu (IPIP tunnel mtu)
-tunlink (bind tunnel to this interface)
-zone (firewall zone to which the IPIP tunnel will be added)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42746
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42745
Instead of connecting once and saving the packet data handle, let the
firmware handle connecting/reconnecting automatically. This is more
reliable and reduces reliance on potentially stale data.
Use the global packet data handle to attempt to disable autoconnect
before restarting the connection. This ensures that the firmware will
take the new APN/auth settings.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42721
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42700
Main changes:
- URL parser: IPv6 zone identifiers are now supported
- cyassl: Use error-ssl.h when available (drop local patch)
- polarssl: support CURLOPT_CAPATH / --capath
- mkhelp: generate code for --disable-manual as well (drop local patch)
Full release notes: http://curl.haxx.se/changes.html
MIPS 34kc binary size:
- 7.36.0 before: 82,539 bytes
- 7.38.0 after: 83,321 bytes
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 42517
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
SVN-Revision: 42459
* ipv6
* 4 bugs in the dns parser
* service announcement
* tx goodbye support
* proper handling of rx goodbye
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42325
Use an if/else statement to cover the two different syntaxes. Add
comments explaining what the end results should look like.
This patch should not change the script's output.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42320
An entry like this in /etc/config/dhcp:
config 'host'
option 'name' 'pc2'
option 'ip' '192.168.100.56'
option 'dns' '1'
results in a /tmp/hosts/dhcp entry that looks like this:
192.168.100.56 .lan
Obviously it should say "pc2.lan".
This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199". Fix this by reordering the
operations. Also, refuse to add a DNS entry if the hostname or IP is
missing.
Fixes#17683
Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42319
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.
Signed-off-by: Tyler Fenby <tylerf@securecominc.com>
SVN-Revision: 42318
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.
Skip key/cert and ssl listen options when libustream-ssl.so is not present.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42284
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.
Fixes#15209.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42250
Add a further upstream commit to more closely match the keepalive
to OpenSSH.
Should now really fix#17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42249
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke
at least putty.
Fixes#17522 / #17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42162
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42114
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
-gre
-gretap
-grev6
-grev6tap
Following options are valid for gre and gretap kinds:
-ipaddr
-peeraddr
-df
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The gretap kind supports additionally the network option
Following options are valid for grev6 and grev6tap kinds:
-ip6addr
-peer6addr
-weakif
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The grev6tap kind supports additionally the network option
Typical network config for a GREv4 tunnel :
config interface 'gre'
option peeraddr '172.16.18.240'
option mtu '1400'
option proto 'gre'
option tunlink 'wan'
option zone 'tunnel'
Typical network config for a GREv4 tap tunnel :
config interface 'gretap'
option peeraddr '195.207.5.79'
option mtu '1400'
option proto 'gretap'
option zone 'tunnel'
option tunlink 'wan'
option network 'wlan_ap'
I added myself as maintainer for the moment; feel free to change.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 41897
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.
Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41872
If the iface to scan on already is in ad-hoc, station or monitor mode
then do not spawn a temporary iface.
Also preventively disable IPv6 on temporary ifaces before bringing them
up to avoid potential security issues.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41830
So far iwinfo aborted a wifi scan attempt if the mac of the spawned
interface could not be changed. Change the code to try anyway - this
should fix wifi scanning on RaLink devices.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41826
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41787
Properly parse and pass arbritary netmasks to iptables, this allows
specifying ranges like '::c23f:eff:fe7a:a094/::ffff:ffff:ffff:ffff' to
match the host part of an IPv6 address regardless of the currently active
IPv6 prefix.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41760
Split connection mark into two parts:
The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.
For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41682