Commit Graph

3936 Commits

Author SHA1 Message Date
Felix Fietkau
9d8374cadc qosify: update to the latest version
ca4509cf84d2 bpf: switch to using bpf_skb_utils.h
d064439009d0 qosify-bpf: skip unnecessary flow lookups
9c625ae96f2d map: fix deleting port based rules
9a47ea4b683d map: fix return code check for bpf_map_get_next_key calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 21:53:37 +01:00
Felix Fietkau
635d177ac9 hostapd: enable radius server support
This is useful in combination with the built-in eap server support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
cf992ca862 hostapd: add missing return code for the bss_mgmt_enable ubus method
Fixes bogus errors on ubus calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
d10e1b4a71 hostapd: add support for defining multiple acct/auth servers
This allows adding backup servers, in case the primary ones fail.
Assume that port and shared secret are going to be the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Hauke Mehrtens
a03076cc39 binutils: Update to version 2.40
binutils 2.39: https://lists.gnu.org/archive/html/info-gnu/2022-08/msg00002.html
binutils 2.40: https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html

This version includes a new libsframe.so library, pack it into the
libbfd package as it is used by this library. Also deactivate some
optional configuration options for now.

An extra patch to fix compile problem in AARCH64 is added.
gprofng needs a C++ standard library, deactivate it for now.

Activate feature-disassembler-init-styled in bpftools too to fix
compilation with the updated binutils.

An bpftool version 7.0 or later is needed for binutils 2.39 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Hauke Mehrtens
26a65e852c bpftool: Update to version 7.1.0
bpftool changelog: https://github.com/libbpf/bpftool/releases
libbpf changelog: https://github.com/libbpf/libbpf/releases

This updates the bfptool to version 7.1.0. This also includes an update
of the libbpf to version 1.1.

This also adds some new feature options and removes some old ones which
were also removed form the source code. zlib for example is now
mandatory.

Add -flto also to LD flags to make it really work.

Before this change bpftool was on a git commit between version 6.7 and
6.8 and libbpf was on a commit between version 0.7 and 0.8.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Kevin Darbyshire-Bryant
c9df2d5c64 dnsmasq: bump to v2.89
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-02-25 20:49:47 +00:00
Hauke Mehrtens
2a104365dc netifd: update to the latest version
ed65a00 netifd: bridge: Fix format string position
19372d8 netifd: Fix multiple -Wsign-compare warnings
8ebf033 netifd: Do not return values in void function
c77417a netifd: Explicitly zero initialize variables
463a120 netifd: Activate -Wextra compile warnings

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 19:57:47 +01:00
Nick Hainke
638ebd3067 iproute2: update to 6.2
Release Notes:
https://lwn.net/Articles/923952/

Refresh patches:
- 110-darwin_fixes.patch
- 115-add-config-xtlibdir.patch
- 140-allow_pfifo_fast.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 175-reduce-dynamic-syms.patch
- 180-drop_FAILED_POLICY.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Remove upstreamed:
- 320-configure-Remove-include-sys-stat.h.patch

While working on it remove AUTORELEASE.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:32:35 +01:00
Nick Hainke
c98a202446 ethtool: update to 6.2
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings

Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:29:07 +01:00
Leon M. Busch-George
ae751535de
hostapd: always use sae_password for mesh/SAE auth
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).

The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.

Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
  limitation).

Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.

Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-19 19:43:57 +01:00
Leon M. Busch-George
3c10c42ddd
hostapd: add quotes in assignments
It's generally advised to use quotes for variable assignments in bash.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-02-19 19:43:54 +01:00
Andre Heider
78dc8e2b13 wireguard-tools: remove unnecessary .mk includes
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.

package-defaults.mk is already included my package.mk.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:59:12 +01:00
Stijn Tintel
65c9b5ffb0 odhcpd: bump to git HEAD
dfab0fa dhcpv4: detect noarp interfaces
  5a17751 router: improve RA logging
  edc5e17 router: always check ra_default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:30:03 +02:00
Rafał Miłecki
3c66ac7e22 iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:28:08 +01:00
Rafał Miłecki
601257e388 netifd: refactor packet steering init
1. Move setup code to independent script file
2. Add init.d script to allow automatic updates
3. Support platform specific /usr/libexec/platform/packet-steering.sh

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:25:38 +01:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Jan Hoffmann
b91d7d9d78 ltq-*-app: extend ubus metrics/statistics
Expose a few additional useful values via ubus:

- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:40:47 +01:00
Felix Fietkau
83d3e255f1 bridger: update to the latest version
8be8bb9df789 nl: fix accessing hairpin mode and isolated from the right attribute set

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-29 10:08:21 +01:00
Andre Heider
9902c8520b uhttpd: clean up Makefile
uhttpd's cmake options all default to ON. Either we set all of them or
none if the defaults need to be changed. Let's go with the latter.

Because support for all modules is always compiled in, remove two unused
and useless config toggles.

uhttpd detects and uses libcrypt itself, no need to add it here again.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-28 22:37:35 +01:00
Nick Hainke
364a9be338 ethtool: update to 6.1
Release notes:
https://lore.kernel.org/netdev/20221219225600.r54vejiqapn266cm@lion.mk-sys.cz/T/

Add patches fixing compilation:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-28 20:26:22 +01:00
Hauke Mehrtens
015c108755 relayd: bump to version 2023-01-28
f646ba4 route: Fix compile warning with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 20:24:22 +01:00
Hauke Mehrtens
d14559e9df uhttpd: update to latest Git HEAD
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:31:42 +01:00
Nick Hainke
d68a73a025 tcpdump: update to 4.99.3
Changes:
https://git.tcpdump.org/tcpdump/blob/032e4923e5202ea4d5a6d1cead83ed1927135874:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 00:17:59 +01:00
Christian Marangi
b61404a6ad
rssileds: bump PKG_RELEASE due to libiwinfo ABI change
Bump PKG_RELEASE due to libiwinfo ABI change to trigger a package
rebuild.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
57586ddd71
iwinfo: update to latest Git HEAD
1e4e709 iwinfo: readd missing define for IWINFO_AUTH in header

Fixes: #11860
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:54:13 +01:00
Hannu Nyman
a57796b137
dnsmasq: set an increased cachesize default value
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-21 11:13:44 +01:00
Christian Marangi
f3d8de7398
iwinfo: update to latest Git HEAD
Bump ABI to 20230121 due to struct changes

f766138 cli: print the flags on the frequency list
8ee7971 lib: add IWINFO_FREQ_FLAG_NAMES
81184d2 nl80211: fix some comments
2c4ee84 nl80211: prefer non-supplicant-based devices
6194aaf nl80211: simplify iterating over phy's devices
acbf4fe nl80211: remove redundant check in nl80211_phy2ifname()
0172c97 cli: print the frequency and band on the scan list
bbe424f cli: print the band on the frequency list
afa147c nl80211: add "mhz" and "band" to iwinfo_scanlist_entry
0d5ea34 nl80211: add "band" to iwinfo_freqlist_entry
dba0f06 nl80211: add support for radiation and indoor chan restriction
7e3d7de iwinfo: reorganize iwinfo header to enum and defines
9b47b03 devices: add USB devices supported by the mt76 driver
c0fda7c utils: skip comment lines when parsing devices.txt
dbc0ee7 cli: describe USB devices as such
891acee devices: add MediaTek MT7628 card
fac0787 devices: add support for declaring compatible matched devices

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:23:22 +01:00
Nick Hainke
a04bbbbea4 ipset: update to 7.17
Release notes:
https://lwn.net/Articles/918784/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-17 23:14:46 +01:00
Martin Schiller
6e4c9738be ltq-vdsl-vr11-app: add version 4.23.1 for vr11 targets
This uses version 4.23.1 of the dsl_cpe_control package from the Intel
UGW 8.5.2.10 for the VRX518.

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, added Jan's vector mac patch, fix warnings,
 switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add missing nLine in autoboot script, fix disconnect on termination,
 remove unneeded VR9 leftovers in init script]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Andre Heider
6361eb47cd ltq-dsl-base: enable for ipq40xx
This is required by the DSL userland tool for hotplug support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Christian Marangi
d9aa41dcda
lldpd: use release tar instead of codeload
There is currently a problem with making reproducible version of lldpd.
The tool version is generated based on 3 source:
1. .dist-version file in release tar
2. git hash with presence of .git directory
3. current date

Using the codeload tar from github results in getting the repo without
the .git directory and since they are not release tar, we don't have
.dist-version. This results in having lldpd bin with a version set to
the current build time.

Switch to release tar so that we correctly have a .dist-version file and
the version is not based on the build time.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-01-12 14:55:07 +01:00
Christian Marangi
ee397759b6
iwinfo: update to latest Git HEAD
c7b420a devices: add Qualcomm Atheros QCN6024/9024/9074 cards
5914d71 iwinfo: devices: add Qualcomm Atheros IPQ8074 WiSoC

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-10 00:54:31 +01:00
Hauke Mehrtens
dc12c76dc5 uqmi: Ignore wrong maybe-uninitialized and dangling-pointer error
GCC 12.2.0 shows this false positive error message:
````
uqmi-2022-05-04-56cb2d40/dev.c: In function 'qmi_request_wait':
uqmi-2022-05-04-56cb2d40/dev.c:217:23: error: storing the address of local variable 'complete' in '*req.complete' [-Werror=dangling-pointer=]
  217 |         req->complete = &complete;
      |         ~~~~~~~~~~~~~~^~~~~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'complete' declared here
  208 |         bool complete = false;
      |              ^~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'req' declared here
cc1: all warnings being treated as errors
````

and this one:
````
In file included from uqmi-2022-05-04-56cb2d40/commands.c:28:
In function 'blobmsg_close_table',
    inlined from 'cmd_nas_get_cell_location_info_cb' at /home/haukeuqmi-2022-05-04-56cb2d40/commands-nas.c:897:4:
/usr/include/libubox/blobmsg.h:256:9: error: 'c' may be used uninitialized [-Werror=maybe-uninitialized]
  256 |         blob_nest_end(buf, cookie);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from uqmi-2022-05-04-56cb2d40/commands.c:169:
uqmi-2022-05-04-56cb2d40/commands-nas.c: In function 'cmd_nas_get_cell_location_info_cb':
uqmi-2022-05-04-56cb2d40/commands-nas.c:713:15: note: 'c' was declared here
  713 |         void *c, *t, *cell, *freq;
      |               ^
cc1: all warnings being treated as errors
````

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-09 00:10:52 +01:00
Nick Hainke
5809fb4546 tcpdump: update to 4.99.2
Update to latest version. For release information look into CHANGES
file [0].

Automatically refreshed:
- 001-remove_pcap_debug.patch

Manually refreshed:
- 100-tcpdump_mini.patch

old ipkg sizes:
316554 bin/packages/mips_24kc/base/tcpdump_4.99.1-1_mips_24kc.ipk
141457 bin/packages/mips_24kc/base/tcpdump-mini_4.99.1-1_mips_24kc.ipk

new ipkg sizes:
318089 bin/packages/mips_24kc/base/tcpdump_4.99.2-1_mips_24kc.ipk
141941 bin/packages/mips_24kc/base/tcpdump-mini_4.99.2-1_mips_24kc.ipk

[0] - https://github.com/the-tcpdump-group/tcpdump/blob/master/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:22:28 +01:00
Nick Hainke
b331ffe807 nftables: update to 1.0.6
Remove upstreamed patches:
- 0001-fix-nft.patch

Upstream switched to "tar.xz" archives.

old ipkg size:
273678 bin/packages/mips_24kc/base/nftables-json_1.0.5-2_mips_24kc.ipk

new ipkg size:
271624 bin/packages/mips_24kc/base/nftables-json_1.0.6-1_mips_24kc.ipk

Release Information:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:14:45 +01:00
Felix Fietkau
4455ed65c6 bridger: update to the latest version
def7755c459d add missing copyright headers
f68307fd96d7 add hairpin mode support
9ee8f433ba4e nl: do not pass NDA_VLAN with vid=0
978c1f9eed07 add support for the bridge port isolated flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-01-03 13:28:47 +01:00
Hauke Mehrtens
ee47a28cec treewide: Trigger reinstall of all wolfssl dependencies
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-01 21:06:54 +01:00
Felix Fietkau
2e61469a6c netifd: update to the latest version
2cffe0c44e62 treewide: correctly apply IFNAMSIZ limit
96bcbb2e4eb6 wireless: allow set_retry ubus notify command to trigger a wdev restart
a2e8cd75dbf6 wireless: add support for disabling multicast-to-unicast per virtual interface
e9f44189ade7 system: move netdev types to system-linux.c where they are used
a3fab0119ef1 utils: include utils.h last
7ce73fc16765 vlandev: propagate topology changes
81c1fbcba2f2 device: fix vlan device issues with disappearing lower devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-30 16:42:57 +01:00
Hauke Mehrtens
f12bad6c19 tree-wide: Do not use package librt and libpthread
The libraries libpthread, libdl, libutil, libanl have been integrated
into the libc library in version 2.34. it is not needed to explicitly
link them any more.

Most of the functions have been moved from the librt.so into libc.so
some time ago already.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-29 18:50:24 +01:00
Felix Fietkau
090ad03343 hostapd: allow sharing the incoming DAS port across multiple interfaces
Use the NAS identifier to find the right receiver context on incoming messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-27 19:10:04 +01:00
Hauke Mehrtens
fb15cb4ce9 iproute2: Fix build with GCC 12 and glibc 2.36
This fixes the detection of name_to_handle_at() when GCC 12 and glibc
2.36 are used.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-26 15:18:08 +01:00
Hauke Mehrtens
73dca49f35 uhttpd: update to latest Git HEAD
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-26 15:18:08 +01:00
Kevin Darbyshire-Bryant
5c7e4a9d2e dnsmasq: bump to v2.88
Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-12-25 15:07:36 +00:00
Daniel Golle
6675a9aaf4 xdp-tools: update to version 1.2.9
Changes since v1.2.8:
 32aaf32 libxdp: Fix incorrect rx_ring_setup_done
 6049671 headers: add bpf_endian.h for parsing_helpers.h
 2682c1c export-man: Ignore errors when executing git shell command
 8afda7a xdp-loader/README: Mention lack of support for HW mode in most cards
 dc69919 libxdp: fix prog_fd checks for fd >= 0
 3d7c22a libxdp: Allow falling back to single-program attachment for loaded programs
 af00429 libxdp: Fix check in xdp_program__attach_single()
 41703d2 libxdp: Make sure to set the the program autoload when loading a program
 b1fd2e5 test-xdpdump: Only run tshark attribute test on newer versions of tshark
 5dfe342 libxdp: Convert xdp-dispatcher to use strict section names
 929a22e configure: Try to auto-detect versioned clang binaries
 074fcfb libxdp: Check program name when determining if a program is a dispatcher
 e13a191 Bump TOOLS_VERSION to 1.2.9

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-12-20 13:57:34 +00:00
Rosen Penev
6d1df35747 hostapd: add mbedtls variant
This adds the current WIP mbedtls patches for hostapd. The motivation
here is to reduce size.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-12-19 12:27:35 +00:00
Nick Hainke
8ed53e0928 iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t

Refresh patch:
- 170-ip_tiny.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-18 16:33:16 +01:00
Felix Fietkau
581f2b15b2 hostapd: enable coredumps
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
c2fde432b3 hostapd: always set a default for the nas identifier
It is used for both 802.11r and WPA enterprise.
Setting it when not needed is harmless

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Felix Fietkau
2fb38b77a2 hostapd: add support for automatically setting RADIUS own-ip dynamically
Some servers use the NAS-IP-Address attribute as a destination address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-16 14:32:47 +01:00
Jo-Philipp Wich
4a4d0bf78d iwinfo: update to latest Git HEAD
8d15809 cli: print current HT mode
8f86dd6 cli: use IWINFO_HTMODE_COUNT
f36b72b cli: use IWINFO_KMGMT_NAMES
91be7e0 cli: use IWINFO_CIPHER_NAMES
49b6ec9 cli: fix printing the scan channel width
b1c8873 cli: fix marking the active channel
9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers
e084781 utils: add helper functions to get names by values
d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers
8752977 utils: add and use iwinfo_format_hwmodes()
02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES
1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES
aefd0ef lib: use common IWINFO_CIPHER_NAMES strings
a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES
9f29e79 lib: constify and fixup the string array definitions
fddc015 nl80211: mark frequencies where HE operation in not allowed
6d50a7c nl80211: add support for HE htmodes
4ba5713 nl80211: properly get available bands for the hwmode
91b2ada nl80211: update the kernel header nl80211.h
3f619a5 nl80211: fix frequency/channel conversion for the 6G band
a77d915 nl80211: don't guess if a name is an ifname
c27ce71 devices: add usb device MediaTek MT7921AU
14f864e nl80211: add ability to describe USB devices
a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path
dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions
d638163 fix -Wdangling-else warnings
4aa6c5a fix -Wreturn-type warning
3112726 fix -Wpointer-sign warning
ebd5f84 fix -Wmaybe-uninitialized warning
5469898 fix -Wunused-variable warnings
462b679 fix -Wduplicate-decl-specifier warnings
ccaabb4 fix -Wformat-truncation warnings
50380db enable useful compiler warnings via -Wall

Fixes: https://github.com/openwrt/openwrt/issues/10158
Fixes: https://github.com/openwrt/openwrt/issues/10687
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-16 00:55:51 +01:00
Andre Heider
7c63295bf4 treewide: remove DRIVER_11N_SUPPORT
hostapd's compile time option CONFIG_IEEE80211N was removed almost 3 years
ago, 80.211n/HT is always included since then.

Noticed because `hostapd -v11n` confusingly returned an error.

See hostapd's commit:
f3bcd69603 "Remove CONFIG_IEEE80211N build option"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Andre Heider
2d36f60d88 hostapd: fix 350-nl80211_del_beacon_bss.patch
Pass the expected struct:

../src/drivers/driver_nl80211.c: In function 'wpa_driver_nl80211_del_beacon':
../src/drivers/driver_nl80211.c:2945:31: warning: passing argument 1 of 'nl80211_bss_msg' from incompatible pointer type [-Wincompatible-pointer-types]
 2945 |         msg = nl80211_bss_msg(drv, 0, NL80211_CMD_DEL_BEACON);
      |                               ^~~
      |                               |
      |                               struct wpa_driver_nl80211_data *
../src/drivers/driver_nl80211.c:695:50: note: expected 'struct i802_bss *' but argument is of type 'struct wpa_driver_nl80211_data *'
  695 | struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
      |                                 ~~~~~~~~~~~~~~~~~^~~

Fixes: 35ff1affe8 "hostapd: update to 2022-05-08"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Andre Heider
3bc060440a hostapd: remove an unused function from ubus.c
eee80211_frequency_to_channel() isn't used anymore, which is a leftover from:
2a31e9ca97 "hostapd: add op-class to get_status output"

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-12-13 10:54:50 +01:00
Julio Gonzalez Gil
840ce0a65b umbim: Allow roaming and partner connections
Allow registration if the SIM is roaming or partner mode, by adding two
new options to the protocol.

Until now, such registration failed because umbim returns exit codes 4 and
5 for such situations.

Signed-off-by: Julio Gonzalez Gil <git@juliogonzalez.es>
2022-12-11 03:24:45 +01:00
Felix Fietkau
8d90b9fef1 mac80211: update to linux 6.1-rc8
This should help stay in sync with upstream development

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 15:15:19 +01:00
Felix Fietkau
a797f0e82a hostapd: use wpa_supplicant for unencrypted mesh connections
It's more reliable than using iw

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 12:38:46 +01:00
Jan-Niklas Burfeind
13f82ce264 comgt-ncm: add support for quectel modem EC200T-EU
context_type is an integer mapping of pdptype:
1: IPV4
2: IPV6
3: IPV4V6

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-07 12:30:39 +01:00
Jo-Philipp Wich
f1f3d19387 firewall4: add missing PKG_MIRROR_HASH
Fixes: 84183f0d98 ("firewall4: update to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-07 08:54:56 +01:00
Jo-Philipp Wich
84183f0d98 firewall4: update to latest Git HEAD
700a925 fw4: prevent null access when no ipsets are defined
6443ec7 config: drop input traffic by default
119ee1a ruleset: drop ctstate invalid traffic for masq-enabled zones

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-06 11:43:06 +01:00
Daniel Golle
aa12a0fdd1
dnsmasq: add option to expose additional paths to jail
Add new UCI list 'addn_mount' allowing the expose additional filesystem
paths to the jailed dnsmasq process. This is useful e.g. in case of
manually configured includes to the configuration file or symlinks
pointing outside of the exposed paths as used by e.g. the safe-search
package in the packages feed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-27 14:06:08 +00:00
Nick Hainke
68714f2135 ipset: update to 7.16
Release Notes:
https://lore.kernel.org/netfilter-devel/d65fe5d8-d5ea-ef7-102d-aa1d15bb4d69@netfilter.org/T/#u

Patch "0001-lib-ipset-fix-printf-warning.patch" replaced upstream by:
http://git.netfilter.org/ipset/commit/?id=e39e3466d2d38cdfe83447f391b550e607bc3ce8

Remove upstreamed:
- 0002-Fix-IPv6-sets-nftables-translation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-27 12:58:33 +01:00
Nick Hainke
c17b6343f3 lldpd: update to 1.0.16
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.16

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-18 20:27:52 +01:00
Chen Minqiang
4979d16fb1 dnsmasq: add support for filter-AAAA/A
This add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers. these options is supported since version 2.87.

Co-authored-by: NueXini <nuexini@alumni.tongji.edu.cn>
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2022-11-12 17:05:13 +01:00
Felix Fietkau
ddf736e543 hostapd: remove invalid dtim_period option processing
dtim_period is a bss property, not a device one.
It is already handled properly in mac80211.sh

Fixes: 30c64825c7 ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-11-10 13:09:18 +01:00
Kevin Darbyshire-Bryant
41691ce9ac dnsmasq: remove backported CVE patch
Patch no longer applies/required since bump to v2.87

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 23:04:27 +00:00
Kevin Darbyshire-Bryant
d7f378796f dnsmasq: Support nftables nftsets
Add build option for nftables sets. By default disable iptables ipset
support.  By default enable nftable nftset support since this is what
fw4 uses.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: nftset: serve from ipset config

Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.

dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.

Signed-off-by: Mathias Kresin <dev@kresin.me>

dnsmasq: support populating nftsets in addition to ipsets

Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.

Huge thanks to Jo-Philipp Wich for basically writing the function.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

dnsmasq: obtain nftset ip family from nft

Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.

Heuristic to guess which ip family a nft set might belong by inferring
from the set name.

In order of preference:

If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.

By standalone I mean not as part of a larger number eg. 24

If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!

With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: specify firewall table for nftset

Permit ipsets to specify an nftables table for the set.  New config
parameter is 'table'.  If not specified the default of 'fw4' is used.

config ipset
	list name 'BK_4,BK_6'
	option table 'dscpclassify'
	option table_family 'ip'
	option family '4'
	list domain 'ms-acdc.office.com'
	list domain 'windowsupdate.com'
	list domain 'update.microsoft.com'
	list domain 'graph.microsoft.com'
	list domain '1drv.ms'
	list domain '1drv.com'

The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.

If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.

This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Mathias Kresin
7cdf74e163 dnsmasq: add uci-defaults script for ipset migration
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2022-11-06 19:47:13 +00:00
Kevin Darbyshire-Bryant
bf27d977f0 dnsmasq: bump to 2.87
Bump dnsmasq to 2.87 & refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Hauke Mehrtens
002a99eccd dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.

CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:05:47 +01:00
Glen Huang
46fbe55971 uhttpd: use procd to reload on acme renew
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.

Signed-off-by: Glen Huang <i@glenhuang.com>
2022-11-04 16:21:00 +01:00
Baptiste Jonglez
ef597b026b firewall: config: drop input traffic by default
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.

The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.

This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest.  Thus, in normal operations, the
default policy is not used.

Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2022-11-01 23:25:39 +01:00
Hauke Mehrtens
5c70b19c42 iwinfo: update to the latest version
00aab87 Correctly identify key management algorithms starting with "FT-"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Hans Dedecker
63db906516 odhcpd: update to git HEAD
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-10-31 17:56:10 +01:00
Roland Barenbrug
cc5d8ae427 ltq-vdsl-vr9-app: extend ubus call to provide DSL statistics
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)

Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-10-30 23:14:45 +01:00
Roland Barenbrug
5787e0c9fe ltq-vdsl-vr9-app: skip invalid line status values
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.

Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-10-30 23:14:45 +01:00
Nick Hainke
0dfe1d2175 iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/

Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch

Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:36 +02:00
Nick Hainke
5479281c72 thc-ipv6: update to 3.8
Remove upstreamed patches:
- 000-cflags_override.patch

Manually refresh patches:
- 100-no-ssl.patch

Add patches:
- 101-remove-march-native.patch

Add THC_APPLETS:
- toobigsniff6
- flood_unreach6
- connect6

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 21:10:34 +02:00
Petr Štetiar
a80e198cd3 wireless-tools: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Nick Hainke
7129d1e9c9 ethtool: update to 6.0
Release Notes:
https://lwn.net/Articles/910841/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-18 15:09:23 +02:00
Jo-Philipp Wich
5e2e048c0e firewall4: update to latest Git HEAD
7ae5e14 fw4: gracefully handle `null` return values from `fd.read("line")`

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-18 09:50:05 +02:00
Glen Huang
1bd63df263 uhttpd: use acme hotplug
Reload uhttpd after certificates are renewed with acme.

Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Glen Huang <i@glenhuang.com>
2022-10-18 08:38:07 +02:00
Jo-Philipp Wich
cb24be47ff firewall4: update to latest Git HEAD
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus

Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-15 00:39:48 +02:00
Felix Fietkau
735f5f18dd iwinfo: update to the latest version
0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:07 +02:00
Nick Hainke
e5cab973a4
hostapd: add measurement report value for beacon reports
Add the measurement report value to the beacon reports send via ubus. It
is possible to derive from the measurement report if a station refused to
do a beacon report and why. It is important to know why a station refuses
to do a beacon-report. In particular, we should not request a beacon
report from a station again that refused a beacon-report before.

The rejection reasons can be found by looking at the bits defined by:
- MEASUREMENT_REPORT_MODE_ACCEPT
- MEASUREMENT_REPORT_MODE_REJECT_LATE
- MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE
- MEASUREMENT_REPORT_MODE_REJECT_REFUSED

Suggested-by: Ian Clowes <clowes_ian@hotmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-13 16:53:37 +02:00
Lech Perczak
df08849c00 odhcp6c: respect 'delegate' option for 464XLAT sub-interface
dhcpv6.script contained support for disabling prefix delegation of 464XLAT
sub-interface, but netifd protocol handler was missing the required
export to disable this. Add missing export, akin to DS-Lite and MAP.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2022-10-09 19:08:36 +02:00
Daniel Cousens
3bd04767ba
build: prefer HTTPS if available (for packages)
Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq,
fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl,
lua, lua5.3, tcpdump and valgrind, to HTTPS

Signed-off-by: Daniel Cousens <github@dcousens.com>
2022-10-05 17:37:07 +02:00
Petr Štetiar
f1b7e1434f treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-03 17:52:06 +02:00
Manas Sambhus
3e2ea10e5e
qos-scripts: fix trailing whitespace in config files
Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:46 +02:00
Manas Sambhus
0ca634e9ef
qos-scripts: replace modprobe by rmmod
modprobe -r is not available on all platforms, hence use rmmod

Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:45 +02:00
Manas Sambhus
db0c0a31d8
ppp: use modprobe in place of insmod
This will prevent `module is already loaded` lines from
appearing in the logs when a PPP connection is reconnecting

Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
2022-09-27 17:16:42 +02:00
Kevin Darbyshire-Bryant
582c098c09 nftables: backport fix to interval based rules
'rule inet dscpclassify dscp_match  meta l4proto { udp }  th dport { 3478 }
 th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-09-26 18:02:15 +01:00
Felix Fietkau
c787962e1d iwinfo: update to the latest version
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
8cb995445a hostapd: add ubus notification on sta authorized
Also include the station auth_type in the ubus and log message in order
to detect, if clients used FT or FILS to associate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
6eeb5d4564 kernel: disable wireless extensions only when needed
They are only needed by a few very old drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Daniel Golle
3cee396bf8 xdp-tools: update to version 1.2.8
82628d8 libxdp: Fix resource leaks
 7fb0af0 libxdp: always clone program fd before taking ownership of it
 d8cd007 headers: Update kernel btf.h header file
 2265125 (tag: v1.2.7) xdp-filter: Update examples in documentation
 2b65008 libxdp: Fix libxdp compilation error
 2387514 xsk: remove unused variable outstanding_tx
 00b5a95 Fix section names in xsk programs
 d4ff1f9 (tag: v1.2.8) Bump TOOLS_VERSION to 1.2.8

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-20 04:33:12 +01:00
David Bauer
94037ab6b0 hostapd: update to 2022-07-29
b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures
89de431f2 DPP: Add config response status value to DPP-CONF-SENT
10104915a tests: sigma_dut and DPP PB session overlap
80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation
662249306 Update copyright notices for the QCA vendor definitions
8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g
ddcd15c2d tests: Fix fuzzing/sae build
7fa67861a tests: Fix p2p_channel_avoid3
ee3567d65 tests: Add more time for scan/connection
1d08b238c nl80211: Allow more time for the initial scan with 6 GHz
ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks
faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6
93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves
5565fbee2 DPP: Check Enrollee supported curves when building Config Response
ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd
4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs
c97000933 Fix ifdef condition for imsi_privacy_cert
2a9a61d6c tests: SAE with extended key AKM
e35f6ed1d tests: More detailed report on SAE PMKSA caching error case
f70db167a SAE: Derive a variable length PMK with the new AKM suites
91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites
e81ec0962 SAE: Use H2E unconditionally with the new AKM suites
f8eed2e8b SAE: Store PMK length and AKM in SAE data
9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites
a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites
91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper
5456b0f26 Define new RSN AKM suite selector values
def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH
35587fa8f tests: DPP Controller/Relay with need to discover Controller
d22dfe918 DPP: Event message for indicating when Relay would need a Controller
ca7892e98 tests: DPP Relay and adding/removing connection to a Controller
bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed
808834b18 Add a comparison function for hostapd_ip_addr
f7763880b DPP: Advertise Configurator connectivity on Relay automatically
ff7cc1d49 tests: DPP Relay and dynamic Controller addition
ca682f80a DPP: Dynamic Controller initiated connection on Relay
d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth
a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX
69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case
b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant
1ff9251a8 DPP3: Push button Configurator in wpa_supplicant
b94e46bc7 tests: PB Configurator in wpa_supplicant
ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi
e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received
692956446 DPP: Note PKEX code/identifier deletion in debug log
dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay
ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller
17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay
fb2937b85 DPP: Allow Controller to initiate PKEX through Relay
15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX
d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
0a4f391b1 tests: sigma_dut and DPP Connector Privacy
479e412a6 DPP3: Default value for dpp_connector_privacy
7d12871ba test: DPP Private Peer Introduction protocol
148de3e0d DPP3: Private Peer Introduction protocol
786ea402b HPKE base mode with single-shot API
f0273bc81 OpenSSL: Remove a forgotten debug print
f2bb0839f test: DPP 3rd party config information
68209ddbe DPP: Allow 3rd party information to be added into config object
0e2217c95 DPP: Allow 3rd party information to be added into config request obj
3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration
16b62ddfa QCA vendor attribute for DBAM configuration
004b1ff47 tests: DPP Controller initiating through Relay
451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections
248654d36 tests: sigma_dut DPP PB test cases
697b7d7ec tests: DPP push button
7bbe85987 DPP3: Allow external configuration to be specified on AP for PB
8db786a43 DPP3: Testing functionality for push button announcements
37bccfcab DPP3: Push button bootstrap mechanism
a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command)
159e63613 QCA vendor command for CoAP offload processing
3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics
09a281e52 Add QCA vendor interface for PASN offload to userspace
809fb96fa Add a vendor attribute to configure concurrency policy for AP interface
a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
085a3fc76 EHT: Add 320 channel width support
bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch
c580c2aec tests: Make OCV negative test error cases more robust
3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures
6b461f68c Set current_ssid before changing state to ASSOCIATING
8dd826741 QCA vendor attribute to configure direct data path for audio traffic
504be2f9d QCA vendor command support to get WLAN radio combinations
d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-20 01:15:36 +02:00
David Bauer
5110cf7ebd hostapd: don't select indoor channel on outdoor operation
Don't select channels designated for exclusive-indoor use when the
country3 element is set on outdoor operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-18 03:58:54 +02:00
Andre Heider
1afd0fefd2 ltq-[a|v]dsl-app: provide ltq-dsl-app
This makes it easier for packages to depend on any
lantiq/intel/maxlinear compatible dsl daemon.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00