remove obsolete configuration settings
--disable-thread
--enable-nonblocking
--without-krb4
remove SSPI support
only supported on windows
correct --with/without-ca-path handling
only supported with OpenSSL and PolarSSL
correct LDAP/LDAPS protocol
add dependency libopenldap
added SCP/SFTP protocol
default "No"
depends on libssh2
added IDN support
default "No"
depends on libidn
added SMB protocol (new in 7.40)
default "No"
require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected
added Unix sockets support (new in 7.40)
default "No"
added error verbose messages
default "No"
changes to Makefile
Increase PKG_RELEASE
PKG_CONFIG_DEPENDS and CONFIGURE_ARGS
extended for new functionality
use "autoconf_bool" for all --enable/--disable options
restructure for easier reading
changes to Config.in
extended for new functionality
implement dependencies
restructure and grouping for easier reading
build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44243
This patch fixes the NCM protocol by adding the missing ifname
to the netifd script and changing one unintended "send" statement to
"print" in runcommand.gcom. It also cleans up logging and makes the
manufacturer names case-insensitive. Furthermore, comgt-ncm should
not depend on the USB-serial-related kernel modules, as the cdc-wdm
control device works without them. There is also no need to depend on
kmod-huawei-cdc-ncm, since other manufacturers (like Sony-Ericsson
and Samsung) which use other kernel modules should also be supported.
I'd appreciate if someone with Samsung or Sony-Ericsson modems could
test this, I was only able to test it with Huawei E3276, E3372 and
E353.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44182
* Update to version 7.40.0
* remove non existing config options around enable/disable HTTPS protocoll
* remove --with-ca-path if ssl support disabled
* set proxy support as default like all versions before CC did
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 44176
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.
Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44138
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
constant as uhttpd needs to modify its list_head member
* Make sure that uhttpd supports large files by using 64bit ints
where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
* Plug a possible memleak in the directory listing code
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44135
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.
Switch the format to a hex encoded string to support binary data.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44094
Extend the DHCPv4 handler script to store additional information from the
DHCP lease in the per-interface data object.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44092
Some Huawei mobile broadband sticks utilizing the NCM protocol expose
the control channel as a cdc-wdm device node instead of a virtual TTY.
This device node does not support the terminal ioctls. This patch
adds a check whether the provided device is a TTY or not and does not
attempt to use the terminal ioctls if they are not supported.
v2: reduce diffstat by simplifying code a little
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 44054
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.
Without this patch igmpproxy floods openwrt syslog with messages such as:
user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
239.255.250.250, is not in any valid net for upstream VIF.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
SVN-Revision: 44020
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
SVN-Revision: 44006
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
iproute2 includes "sanitized" linux kernel headers, which work fine for uClibc, however
with musl there is some header conflict, principally some ipv6 structure redefinition. This
patch removes <linux/in6.h> from include/linux/if_bridge.h to solve the problem.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 43992
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 43951
Makes sure that the openvpn instance gets restarted in case of a crash.
Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.
Signed-off-by: Lars Gierth <larsg@systemli.org>
SVN-Revision: 43886
This patch tries to
- Let the DHCPv6 feature depend on CONFIG_IPV6.
- Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
corresponding features are enabled.
- Install `trust-anchors.conf` only if DNSSEC is selected.
- Add PKG_CONFIG_DEPENDS for the configurable options.
- Add a patch to let the Makefile of dnsmasq be aware of changes in
COPTS variable.
Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43851
Target pxcab and ps3 were removed from maintaince in r34764 and r34765
respectively.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43850
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.
The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e
So this can be safely set to 1 as default.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43846
Commit ce92f6650bd8a86db04c7a6cbb58e7fdb200a7e6 added source IP support
for DHCP default routes. As a side effect of this change the default route
could be present twice in netifd (once with source IP set and once with
source IP unset) if it was sent by the server in both the router and static
route options. Therefore add source IP support as well for static routes as this
case was not considered. Additional remove unused parameter type.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 43645
I have not found a scenario that would break by setting the source address on
default, but please let me know if any special considerations should be taken.
Signed-off-by: Kristian Evensen <kristian.evensen at gmail.com>
SVN-Revision: 43582
Added complementary blobmsg_close_table() before returning from function
on error.
Signed-off-by: Sławomir Demeszko <s.demeszko@wireless-instruments.com>
SVN-Revision: 43477
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.
Signed-off-by: Ben Franske <ben.mm@franske.com>
SVN-Revision: 43473
Thanks to Dave Taht for debugging and thanks to Comcast for
shipping strangely behaving software so I can fix some corner cases.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43415
Update nf_conntrack_rtsp to latest version based on http://mike.it-loops.com/rtsp/ (rtsp-module-3.7-v2.tar.gz).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 43311
* fixes a bug in multipart sms
* adds a new call to read the sim phone number (partially functioanl)
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43310
b52053b 6in4: https support for he.net tunnel api
introduced HTTPS support using wget.
The busybox version of wget, however, doesn't support the -V option,
thus poluting logfiles with a full invalid-parameter-output.
Redirect stderr to fix that.
As libcurl and curl support selecting the SSL library of your choice,
also add support for curl which is more commonly used on OpenWrt than
"real" wget which needs libopenssl.
Also make sure to respect SSL_CERT_DIR and increase timeouts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43228
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.
When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.
Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43143
HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed. Certificate validation is
conditionally enabled if the CA certs are available.
Signed-off-by: Andrew Skalski <askalski@gmail.com>
SVN-Revision: 43124
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43114
* Fixes sending an extraneous message body for 204 and 304 resoponses which
breaks Chrome in keep-alive mode.
* Adds mimetypes for JSON and JSONP.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43078
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:
mac_address wpa_passphrase_or_hex_key
Example:
00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43001
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42944
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42871
This is not needed after all:
Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).
Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42859
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.
Use the returned ip-address(es) to construct the dropbear listen address.
Signed-off-by: Mathias Kresin <openwrt@kresin.me>
SVN-Revision: 42857
this proto handler will detect which of 3g, qmi, mbim, ncm or directip you need
for a stick and setup uci automagically
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42837
Some ISP seem to only do stateful DHCPv6 and not sending RAs.
This is technically broken because plain DHCPv6 doesn't carry routes.
We work around here by faking a default route to the DHCPv6 server
if we do not receive a useful RA from the ISP.
This workaround can be turned off with: option fakeroutes 0
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42803
The AR9580 with the new ID can be found in the EnGenius ESR900 and the
QCA9880 without any subsystem IDs can be found in the EnGenius ESR1750.
Signed-off-by: Forest Crossman <cyrozap@gmail.com>
SVN-Revision: 42793
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 42787
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42750
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42749
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42748
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42747
The package supports IP in IP by registering the ipip protocol handler
Following options are configurable
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-ttl (time to live of encapsulating packet)
-tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packet)
-mtu (IPIP tunnel mtu)
-tunlink (bind tunnel to this interface)
-zone (firewall zone to which the IPIP tunnel will be added)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42746
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42745
Instead of connecting once and saving the packet data handle, let the
firmware handle connecting/reconnecting automatically. This is more
reliable and reduces reliance on potentially stale data.
Use the global packet data handle to attempt to disable autoconnect
before restarting the connection. This ensures that the firmware will
take the new APN/auth settings.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42721
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42700
Main changes:
- URL parser: IPv6 zone identifiers are now supported
- cyassl: Use error-ssl.h when available (drop local patch)
- polarssl: support CURLOPT_CAPATH / --capath
- mkhelp: generate code for --disable-manual as well (drop local patch)
Full release notes: http://curl.haxx.se/changes.html
MIPS 34kc binary size:
- 7.36.0 before: 82,539 bytes
- 7.38.0 after: 83,321 bytes
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 42517
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
SVN-Revision: 42459
* ipv6
* 4 bugs in the dns parser
* service announcement
* tx goodbye support
* proper handling of rx goodbye
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42325
Use an if/else statement to cover the two different syntaxes. Add
comments explaining what the end results should look like.
This patch should not change the script's output.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42320
An entry like this in /etc/config/dhcp:
config 'host'
option 'name' 'pc2'
option 'ip' '192.168.100.56'
option 'dns' '1'
results in a /tmp/hosts/dhcp entry that looks like this:
192.168.100.56 .lan
Obviously it should say "pc2.lan".
This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199". Fix this by reordering the
operations. Also, refuse to add a DNS entry if the hostname or IP is
missing.
Fixes#17683
Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42319
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.
Signed-off-by: Tyler Fenby <tylerf@securecominc.com>
SVN-Revision: 42318
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.
Skip key/cert and ssl listen options when libustream-ssl.so is not present.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42284
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.
Fixes#15209.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42250
Add a further upstream commit to more closely match the keepalive
to OpenSSH.
Should now really fix#17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42249
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke
at least putty.
Fixes#17522 / #17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42162
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42114
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
-gre
-gretap
-grev6
-grev6tap
Following options are valid for gre and gretap kinds:
-ipaddr
-peeraddr
-df
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The gretap kind supports additionally the network option
Following options are valid for grev6 and grev6tap kinds:
-ip6addr
-peer6addr
-weakif
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The grev6tap kind supports additionally the network option
Typical network config for a GREv4 tunnel :
config interface 'gre'
option peeraddr '172.16.18.240'
option mtu '1400'
option proto 'gre'
option tunlink 'wan'
option zone 'tunnel'
Typical network config for a GREv4 tap tunnel :
config interface 'gretap'
option peeraddr '195.207.5.79'
option mtu '1400'
option proto 'gretap'
option zone 'tunnel'
option tunlink 'wan'
option network 'wlan_ap'
I added myself as maintainer for the moment; feel free to change.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 41897
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.
Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41872
If the iface to scan on already is in ad-hoc, station or monitor mode
then do not spawn a temporary iface.
Also preventively disable IPv6 on temporary ifaces before bringing them
up to avoid potential security issues.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41830
So far iwinfo aborted a wifi scan attempt if the mac of the spawned
interface could not be changed. Change the code to try anyway - this
should fix wifi scanning on RaLink devices.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41826
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41787
Properly parse and pass arbritary netmasks to iptables, this allows
specifying ranges like '::c23f:eff:fe7a:a094/::ffff:ffff:ffff:ffff' to
match the host part of an IPv6 address regardless of the currently active
IPv6 prefix.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41760
Split connection mark into two parts:
The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.
For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41682
The commit 92281eb747b56e748b7c3d754055919c23befdd4 broke fw3_ubus_addresses() so that
no addresses where returned at all, this caused fw3 to not emit NAT reflection rules
anymore.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41556
They should be unnecessary with fq_codel, and simplifying rules helps
with performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41549
currently the keepalive option needs to be removed to fully disable it. this patch allows us to set it to 0.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41438
The preferred he.net /nic/update endpoint expects the password or updatekey in
plain text and not as md5 sum, therfore remove the hashing operation from the
script.
This effectively renders the "updatekey" option redundant but we keep it around
for backwards compatibility. Both "option password" and "option updatekey" will
have end up in the "&password=" parameter of the update url and are passed through
unmodified.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41358
this is still wip, you can use the following ubus calls.
ubus call mdns scan # triggers a scan
ubus call mdns browse # look at the currenlty cached records
ubus call mdns hosts # look at the currenlty cached hosts
TODO
- ipv6, currenlty AAAA records are handled but only on v4 sockets
- finish the service announce code
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41345
Reworks the handling of RT_TABLE_MAIN in system-linux.c so that ip rules
with lookup main can be properly setup.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41282
* Add Authoritative DNS and IPSET to full variant
* Remove some bloat from IPSET support
* Reintroduce "DHCP no address warning"-patch
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 41246
Ship keys for the root zone and add two uci options to enable
DNSSEC checks:
Option 'dnssec': Activate DNSSEC validation
Option 'dnsseccheckunsigned': Ensure answers without DNSSEC are in
unsigned zones.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41245
This variant includes support for DHCPv6 and DNSSEC.
DNSSEC adds a dependency on libnettle.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41244
As documented in config.h.
Doing otherwise will break dnsmasq's pkg-wrapper script to find its
libs to link to.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41241
Fixed wpa_supplicant when the radio is in 40MHz mode so that it no
longer restarts hostapd with the second channel disabled.
Signed-off-by: Lance Chaney <furryfur1@gmail.com>
SVN-Revision: 41019
rsn_preauth is used outside of "case $auth_type", so if it is set
for an EAP-enabled SSID, it would also be set for the following
non-EAP-enabled SSIDs, because it would not be read again.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 41012
Let the first parameter of function config_get be local, because there
is a chance that config_get won't export the variable.
Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
SVN-Revision: 41000
In case of .11ac device the hwmode was not properly displayed.
This patch fixes it.
Signed-off-by: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
SVN-Revision: 40953
- The package does not compile at the moment. Since there is a new
upstream version avaiable, use this new source instead.
- Upstream has already included our both patches.
- This is only compile tested, since I do not own any test hardware.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 40940
It's quite unconveniet to remember which ports are used by which applications, especially for not so advanced users.
Together with luci patch (discussed on IRC) this improves qos-scripts usability.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
SVN-Revision: 40935
`own_ip_addr` is used by hostapd as NAS-IP-Address.
This is used to identify the AP that is requesting the authentication of the
user and could be used to define which AP's can authenticate users.
Some vendors implement only NAS-Identifier or NAS-IP-Address and not both.
This patch adds ownip as an optional parameter in /etc/config/wireless.
Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>
SVN-Revision: 40934
allows to set PPP interface name manually via new
network interface option pppname.
If not set, default naming will be used (e.g. pppoe-eth0)
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 40933
when disabling ipv6, the iptables build breaks without a manul clean or this patch
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 40916
Many of the 4G/LTE and 3G modems utilize the QMI-protocol to control the
modem. At the moment there is no support for them in OpenWrt. This
patch adds support for them in the form of a netifd script and a
control utility. Tested with Huawei E398 and ZTE MF820D (which requires
a delay of ~30 s before responding to QMI commands). I put myself up as
the maintainer, feel free to change this if you desire.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 40868
DHCP entries in /etc/config/dhcp will not automatically create A or PTR
records. Add an "option dns" directive which appends an entry to
/tmp/hosts/dhcp to facilitate forward and reverse DNS lookups. For
instance, this item:
config host
option ip '192.168.0.10'
option mac '00:13:57:9b:df:02'
option name 'winpc'
option dns '1'
will add a corresponding entry to /tmp/hosts/dhcp:
192.168.0.10 winpc.lan
This keeps the hostname/IP/MAC in a single place, for easy maintenance.
Related: ticket #13854 reports an regression involving missing PTR
records when using "config domain" to define static DNS entries for
individual hosts. However, per Simon Kelley[1], the --address feature
used by "config domain" was never intended to generate DNS A records for
hosts. It would probably be better for the reporter to apply this patch,
and then use "config host" sections instead of "config domain" sections.
[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q4/002498.html
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 40799
This updates samba to the most recent minor version.
This patch is based on a patch by Anton van Bohemen <avbohemen@ziggo.nl>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 40618
This patch fixes compilation failure for hostapd when using eglibc 2.15.
Signed-off-by: Zachery Stoddard <zacherystoddard@gmail.com>
SVN-Revision: 40575
Gives the user the control to select the correct WAN IPv4 address to be used by the 6rd tunnel when mutiple WAN interfaces are configured
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 40566
This patch implements support for 802.11s protected mesh wireless networks (using authsae) in the netifd framework.
Until meshd-nl80211 implements a proper -P option for the PID file, this uses shell backgrounding in order to be able to get the PID for the process.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 40497
r39995 introduced a new parameter wps_pbc_in_m1 to wifi wps config, but
apparently did not provide a default value 0.
When that option's non-existing value is later evaluated in
/lib/netifd/hostapd.sh, it causes the "bad number" error to be logged in
syslog if user has not set the wps_pbc_in_m1 option. The error materialises
only if user has enabled wps.
Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio1 (1254): sh: bad number
Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio0 (1253): sh: bad number
Discussion in bug 15508: https://dev.openwrt.org/ticket/15508#comment:3
Error is caused by line 282:
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/netifd.sh#L282
My patch sets the parameter's default value to 0, which does nothing. The
default might also be set a bit later in the function, but this felt like the
most clear place to do that.
Signed-off-by hnyman <hannu.nyman@iki.fi>
SVN-Revision: 40469
* atm module needs to be loaded before linux-atm
* use absolute firmware paths
* extended validation
* add a script for mounting an optional firmware partition
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 40460
fixes incremental build with change to CONFIG_DROPBEAR_ECC
drop --with-shared which is unknown to configure
Patch by Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 40300
Without timeout mechanism, if ssh client disconnected without sending
FIN or RST, forked dropbear servers would hang there for
KEX_RETRY_TIMEOUT seconds (8 hours).
TCP keepalive is not implemented in dropbear yet, thus the name
SSHKeepAlive.
300 seconds in this patch is selected from the default value of
ServerAliveInterval for Debian ssh client (See man ssh_config).
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 40299
Option pbc_in_m1 is being used as a WPS capability discovery
workaround for PBC with Windows 7.
Add possibility to enable this workaround from UCI.
To enable it, turn on wps and set wps_pbc_in_m1 parameter to 1.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
SVN-Revision: 39995
This patch removes dependancy of PPP from chat application as chat application can be used for other serial communication as well that is not dependant on PPP and therefore one should be able to install chat without PPP. There also are no dependencies within chat application for PPP.
Signed-off-by: Oskari Rauta <oskari.rauta at gmail.com>
SVN-Revision: 39992
This change creates a new ip-full variant for the ip package.
It disables IP_CONFIG_TINY to make some iproute2 features available like xfrm, gretap, ...
Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>
SVN-Revision: 39854
* Reduce RA/DHCPv6 spam filter to 30s by default and make it configurable
* Don't set nd_ra_{reachable,retransmit] to 0 when received in RAs
SVN-Revision: 39775
Similarly to the previously broken address pools, DNS-servers and some
MSRs could be advertised incorrectly as well. This is now fixed.
SVN-Revision: 39739