aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: let instances drop to nobody in default config.Felix Fietkau2015-06-141-0/+2
| | | | | | | | | This is for security precautions. As persist_tun and persist_key are already there, this should not cause compatibility issue. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45961
* openvpn: fix handling option auth_retry.Felix Fietkau2015-06-141-2/+2
| | | | | | | | | As reported in ticket #19104, auth_retry takes a <type> argument with 3 choices: none, nointeract, interact. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45960
* samba36: remove host build pathsFelix Fietkau2015-06-141-3/+6
| | | | | | | | | | | | | - fix iconv detection because it adds host paths - disable python detection (host python-config is found) iconv issue is reported by buildbot config.log + replicated locally see config.log in logs.tar.gz python issue observed locally on Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 45953
* ppp: bump PKG_RELEASESteven Barth2015-06-121-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45949
* ppp : Unnumbered supportSteven Barth2015-06-121-1/+39
| | | | | | | | | | | | | | | | | Adds PPP unnumbered support via the parameter unnumbered which points to a logical OpenWRT interface. The PPP proto shell handler will "borrow" an IP address from the unnumbered interface (if multiple IP addresses are present the longest prefix different from 32 will be "borrowed") for which a host interface dependency will be created. Due to the host interface dependency the PPP unnumbered interface will only "borrow" an IP address from an interface which is up. The borrowed IP address will be shared as local IP address by the PPP daemon and no other local IP will be accepted from the peer in the IPCP negotiation. A typical use case is the usage of a public IP subnet on the Lan interface which will be shared by the PPP interface as local IP address. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45948
* dnsmasq: bump to 2.73rc9Steven Barth2015-06-081-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45924
* dnsmasq: fix config file typoSteven Barth2015-06-081-1/+1
| | | | | | | | s/loclal/local/ Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> SVN-Revision: 45923
* hostapd: move ht_coex variable to mac80211.sh, guarded by 802.11n supportFelix Fietkau2015-06-061-4/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45917
* ppp: fix download URLHauke Mehrtens2015-06-061-1/+1
| | | | | | | | The file is not available at the older path any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 45910
* lldpd: add option to disable custom TLVsJohn Crispin2015-06-032-0/+6
| | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> SVN-Revision: 45884
* hostapd: add a new option to control HT coexistance separate from noscanFelix Fietkau2015-06-022-6/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45873
* lldpd: disable xml explicitlyJohn Crispin2015-05-311-0/+1
| | | | | | | | | | | | | | This prevents auto-detection of libxml2 and thus the error: Package lldpd is missing dependencies for the following libraries: libxml2.so.2 Preventing a dependency to libxml2 is preferred, since libxml2 would be a out-of-(core-)tree dependency. Reported-by: Buildbot Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 45859
* uhttpd: use 307 for HTTPS redirections to retain request methodJo-Philipp Wich2015-05-301-1/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45853
* uhttpd: add support for enforcing httpsJo-Philipp Wich2015-05-303-2/+7
| | | | | | | | Also set HTTPS environment variable for CGI programs on SSL connections. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45852
* uhttpd: inhibit chunked transfer encoding for static file responsesJo-Philipp Wich2015-05-301-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45850
* lldpd: update to v0.7.15 and add support for parsing /etc/openwrt_releaseJo-Philipp Wich2015-05-284-88/+44
| | | | | | | | Also drop superseded patches. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45810
* ppp: do not warn if connect() before close() on pppoe terminate fails (fixes ↵Felix Fietkau2015-05-261-0/+14
| | | | | | | | #19651) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45755
* odhcpd: fix DHCPv6 downstream PDSteven Barth2015-05-211-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45707
* dnsmasq: bump to dnsmasq2.73rc8 Important.Steven Barth2015-05-171-2/+2
| | | | | | | | | | Bump dnsmasq to v2.73rc8 Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> SVN-Revision: 45693
* odhcpd: ignore /64 on interface when doing PDSteven Barth2015-05-131-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45679
* odhcpd: remove invalid call to free()Steven Barth2015-05-111-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45675
* ppp: remove the persist option, netifd handles reconnectsFelix Fietkau2015-05-091-1/+1
| | | | | | | | Significantly reduces reconnect delay Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45654
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-061-0/+36
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45619
* hostapd: enable 802.11w only for the full variantsFelix Fietkau2015-05-061-1/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45616
* openvpn: replace polarssl run-time version check with a compile-time oneFelix Fietkau2015-05-051-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45608
* openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)Jo-Philipp Wich2015-05-042-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
* dnsmasq: bump to 2.73rc7Steven Barth2015-04-291-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45587
* odhcpd: Remove prefix class config option as not supported anymore by odhcpdSteven Barth2015-04-281-8/+0
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45586
* dnsmasq: bump to 2.73rc6Steven Barth2015-04-234-161/+5
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45572
* hostapd: backport fix for CVE-2015-1863, refresh patchesFelix Fietkau2015-04-235-5/+42
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45567
* hostapd: mark wpa-supplicant & wpad-mesh as broken on umlNicolas Thill2015-04-221-2/+2
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45561
* odhcpd: minor fixesSteven Barth2015-04-211-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45539
* hostapd/netifd: encrypted mesh with wpa_supplicantFelix Fietkau2015-04-201-18/+29
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 45519
* dropbear: update to 2015.67Steven Barth2015-04-187-414/+16
| | | | | | | | | | | fixes dbclient login into OpenSSH 6.8p1 error: "Bad hostkey signature" reported on irc, replicated with Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 45493
* hostapd: Fix wps button hotplug script to handle multiple radiosJohn Crispin2015-04-181-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hostapd's control file location was changed in 2013, and that has apparently broken the wps button hotplug script in cases where there are multiple radios and wps is possibly configured also for the second radio. The current wps button hotplug script always handles only the first radio. https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh The reason is that the button hotplug script seeks directories like /var/run/hostapd*, as the hostapd-phy0.conf files were earlier in per-interface subdirectories. Currently the *.conf files are directly in /var/run and the control sockets are in /var/run/hostapd, but there is no subdirectory for each radio. root@OpenWrt:/# ls /var/run/hostapd* /var/run/hostapd-phy0.conf /var/run/hostapd-phy1.conf /var/run/hostapd: wlan0 wlan1 The hotplug script was attempted to be fixed after the hostapd change by r38986 in Dec2013, but that change only unbroke the script for the first radio, but left it broken for multiple radios. https://dev.openwrt.org/changeset/38986/ The script fails to find subdirectories with [ -d "$dir" ], and passes just the only found directory /var/run/hostapd, leading into activating only the first radio, as hostapd_cli defaults to first socket found inthe passed directory: root@OpenWrt:/# hostapd_cli -? ... usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \ [-G<ping interval>] [command..] ... -p<path> path to find control sockets (default: /var/run/hostapd) ... -i<ifname> Interface to listen on (default: first interface found in the socket path) Below is a run with the default script and with my proposed solution. Default script (with logging added): ================================== root@OpenWrt:/# cat /etc/rc.button/wps #!/bin/sh if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then for dir in /var/run/hostapd*; do [ -d "$dir" ] || continue logger "WPS activated for: $dir" hostapd_cli -p "$dir" wps_pbc done fi >>>> WPS BUTTON PRESSED <<<<< root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status PBC Status: Timed-out Last WPS result: None root@OpenWrt:/# logread | grep WPS Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd wlan0 got WPS activated, while wlan1 remained inactive. I have modified the script to search for sockets instead of directories and to use the "-i" option with hostapd_cli, and now the script properly activates wps for both radios. As "-i" needs the interface name instead of the full path, the script first changes dir to /var/run/hostapd to get simply the interface names. Modified script (with logging): =============================== root@OpenWrt:/# cat /etc/rc.button/wps #!/bin/sh if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then cd /var/run/hostapd for dir in *; do [ -S "$socket" ] || continue logger "WPS activated for: $socket" hostapd_cli -i "$socket" wps_pbc done fi >>>> WPS BUTTON PRESSED <<<<< root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# logread | grep WPS Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0 Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1 Both radios got their WPS activated properly. I am not sure if my solution is optimal, but it seems to work. WPS button is maybe not that often used functionality, but it might be fixed in any case. Routers with multiple radios are common now, so the bug is maybe more prominent than earlier. The modified script has been in a slightly different format in my community build since r42420 in September 2014. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 45492
* network: also shorten virtual interface names of ppp and 3g/4g connectionsSteven Barth2015-04-171-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45479
* odhcpd: fix accidental logic inversionSteven Barth2015-04-141-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45435
* odhcpd: avoid illegal memory access in some corner casesSteven Barth2015-04-141-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45428
* dnsmasq: fix dnssec timestamp logic, backport crashfixSteven Barth2015-04-134-6/+174
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45410
* netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)Felix Fietkau2015-04-111-0/+1
| | | | | | | | | | | | | | | | | | | Two errors "netifd: radio0: sh: bad number" have recently surfaced in system log in trunk when wifi interfaces come up. I tracked the errors to checking numerical values of some config options without ensuring that the option has any value. The errors I see have apparently been introduced by r45051 (ieee80211r in hostapd) and r45326 (start_disabled in mac80211). My patches fix two instances of "bad number", but there may be a third one, as the original report in bug 19345 pre-dates r45326 and already has two "bad number" errors for radio0. https://dev.openwrt.org/ticket/19345 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 45380
* odhcpd: send current hop-limit by default in RAsSteven Barth2015-04-101-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45359
* dnsmasq: bump to 2.73rc4Steven Barth2015-04-107-351/+49
| | | | | | | | | Fix crash caused by malformed DNS requests Improved DNSSEC handling Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45354
* hostapd: remove unused asprintf parameterJohn Crispin2015-04-101-1/+1
| | | | | | | | | | r45270 removed ieee80211n=%d from the format string but didn't remove the parameter itself. Though this probably doesn't cause any harm, it's quite confusing and unneeded. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 45351
* ppp: Detailed last error supportJohn Crispin2015-04-091-4/+47
| | | | | | | | | | | | Enables last error support for the PPP protocol handlers. In generic teardown the PPP daemon exit code is translated into a self explaining error string which is set as interface error by proto_notify_error in case of failure. Signed-off-by: Johan Peeters <johan.peeters111@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45333
* dnsmasq: Add option '--servers-file'John Crispin2015-04-091-0/+1
| | | | | | | | The option '--servers-file' is available since dnsmasq v2.69. Signed-off-by: Lars Kruse <lists@sumpfralle.de> SVN-Revision: 45332
* hostapd: add update_beacon to ubus bindingJohn Crispin2015-04-091-3/+20
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45325
* odhcpd: fix infinite lifetime handling in dhcpv6Steven Barth2015-04-061-2/+2
| | | | | | | | thanks to Arjen de Korte Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45279
* hostapd: when running AP+STA, preserve the AP 802.11n-enabled settingFelix Fietkau2015-04-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45270
* ppp: Fix missing arg argument when using option flag OPT_A2STRVALJohn Crispin2015-04-031-0/+11
| | | | | | | | | The arg argument is missing to the printer call in the print_option utility when the option flag OPT_A2STRVAL is set. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45264
* ppp: Fix seg fault when using pppol2tpJohn Crispin2015-04-031-0/+13
| | | | | | | | | | | PPPD crashes (SEGV) when the dump or dryrun options are specified and an option is internally defined as "o_special" with an option flag of "OPT_A2STRVAL". As the option value is not saved when the parameter is processed, a reference to the option will result into a crash (e.g. when printing). Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45263