aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
...
* hostapd: remove unused variableLeon M. George2021-01-141-1/+0
| | | | | | | | | 'base' was never used. Fixes: 498d84fc4e00 ("netifd: add wireless configuration support and port mac80211 to the new framework") Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: remove unused variableLeon M. George2021-01-141-1/+0
| | | | | | | | | 'enc_str' was never used. Fixes: 498d84fc4e00 ("netifd: add wireless configuration support and port mac80211 to the new framework") Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: run as user 'network' if procd-ujail is installedDaniel Golle2021-01-144-2/+55
| | | | | | | Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running hostapd and wpa_supplicant without root priviledges. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: improve error handling when adding supplicant configDaniel Golle2021-01-142-5/+5
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: add multicast_to_unicast and per_sta_vifEtan Kissling2021-01-142-2/+15
| | | | | | | | This allows configuration of multicast_to_unicast and per_sta_vif options. - multicast_to_unicast requests multicast-to-unicast conversion. - per_sta_vif assigns each station its own AP_VLAN interface. Signed-off-by: Etan Kissling <etan_kissling@apple.com>
* hostapd: return PID on config_add callDaniel Golle2021-01-104-4/+11
| | | | | | | | | To simplify the way netifd acquires the PIDs of wpa_supplicant and hostapd let the config_add method of both of them return the PID of the called process. Use the returned PID instead of querying procd when adding wpa_supplicant configuration. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: wpa_supplicant: Enable proper GCMP cipher supportRobert Marko2021-01-052-1/+6
| | | | | | | | | This patch enables hostapd.sh to properly configure wpa_supplicant for when GCMP is used as cipher in station mode. Without this wpa_supplicant will be unable to connect to AP. This is needed for wil6210 as it does not support CCMP. Signed-off-by: Robert Marko <robimarko@gmail.com>
* odhcpd: bump to latest versionNick Hainke2021-01-041-3/+3
| | | | | | 3bda900 odhcpd: add option for setting preferred lifetime Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: add support for custom per-BSS optionsFlorian Beverborg2021-01-032-1/+8
| | | | | | | | | | | | This adds an option "hostapd_bss_options" that does the same as "hostapd_options" but on a per-BSS level, instead of a per-device level. This can be used, for example, to configure different per-devce sae_passwords per BSS or to augment some of the existing per-BSS options. Signed-off-by: Florian Beverborg <flo@beverb.org> [remove whitespace errors, bump release] Signed-off-by: Paul Spooren <mail@aparcar.org>
* ppp: Remove already applied patchHauke Mehrtens2021-01-012-14/+1
| | | | | | | This patch was already applied upstream and not needed here. Fixes: 06403981e1f2 ("ppp: update to version 2.4.7.git-2019-05-06") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: do not restart hostapd instance on wireless restartsFelix Fietkau2020-12-311-1/+1
| | | | | | Add the flag that prevents netifd from killing hostapd/wpa_supplicant Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to latest git HEADHans Dedecker2020-12-241-3/+3
| | | | | | | | b75bcad dhcpv6-ia: remove assignment equal to 0 checks d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0 9d5e379 dhcpv6-ia: fix prefix delegation behavior Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: nuke DRIVER_11W_SUPPORTDobroslaw Kijowski2020-12-233-11/+1
| | | | | | | | | | | | | | As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter" https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482 802.11w feature is always enabled in the build time. It doesn't make sense to opt-in 802.11w per driver as hostapd will always be compiled with this feature enabled. As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h for compatibility reasons. This option will be dropped when LuCI is adjusted. Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* hostapd: pass respawn settings when registering the serviceJohn Crispin2020-12-221-2/+2
| | | | | | | | When hostapd gets restarted to often/quickly will cause procd to not restart it anymore. it will think that hapd is in a crash loop. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
* hostapd: Use EAPOLv1 (802.1X-2001) if WPA enabledNick Lowe2020-12-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that are not WPA2 (RSN) capable. These legacy clients are often intolerant to this EAPOL version and fail to connect. hostapd.conf upstream documents for eapol_version the following and that this is a known compatibility issue with version 2: // IEEE 802.1X/EAPOL version // hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL // version 2. However, there are many client implementations that do not handle // the new version number correctly (they seem to drop the frames completely). // In order to make hostapd interoperate with these clients, the version number // can be set to the older version (1) with this configuration value. // Note: When using MACsec, eapol_version shall be set to 3, which is // defined in IEEE Std 802.1X-2010. //eapol_version=2 For the wpa parameter, hostapd.conf upstream documents that this is a bitfield, configured as follows: // Enable WPA. Setting this variable configures the AP to require WPA (either // WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either // wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. // Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice. // For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), // RADIUS authentication server must be configured, and WPA-EAP must be included // in wpa_key_mgmt. // This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) // and/or WPA2 (full IEEE 802.11i/RSN): // bit0 = WPA // bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) // Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2. // In other words, for WPA3, wpa=2 is used the configuration (and // wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK). //wpa=2 For client compatibility therefore: EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled. EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled. To fix this, we can therefore change in the script: set_default eapol_version 0 To the following: set_default eapol_version $((wpa & 1)) This therefore: 1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set. 2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset. For usual configurations that only have WPA2 enabled, EAPOLv2 is then used. Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
* hostapd: parse skip_inactivity_poll optionNadim Atiya2020-12-222-3/+5
| | | | | | | | | | | | hostapd.sh does not parse skip_inactivity_poll boolean from /etc/config/wireless despite being mentioned in the documentation [1]. This change fixes this, and by default sets its value to 0 [1]. [1] https://openwrt.org/docs/guide-user/network/wifi/basic Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [fix and reformat commit message, make patch apply]
* uhttpd: don't redirect to HTTPS by defaultPetr Štetiar2020-12-201-1/+1
| | | | | | | | | | | | | | | | | | | So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: remove local mkdir_p implementationDaniel Golle2020-12-131-3/+3
| | | | | | | Replace local mkdir_p implementation in favour of using mkdir_p now added to libubox. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dropbear: bump package versionKonstantin Demin2020-12-111-1/+1
| | | | | | | | Bump package version after previous changes. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dropbear: add ssh-askpass support in configurationKonstantin Demin2020-12-112-1/+12
| | | | | | | | | | binary size cost is much less than 1k. tested on ath79/generic: bin: 215128 -> 215132 (+4b) ipk: 111183 -> 111494 (+311b) Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: roll up recipes into mapping listsKonstantin Demin2020-12-111-24/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this commit removes manual recipes for options and introduces mapping lists: - DB_OPT_COMMON holds option mappings which are common for all builds; - DB_OPT_CONFIG holds option mappings which are depend on config settings. DB_OPT_COMMON is space-separated list of 'words', each of them is in format: 'header_option|value' 'header_option' is added with value 'value' to 'localoptions.h'. if 'header_option' is preceded by two exclamation marks ('!!') then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'. in short: option|value - add option to localoptions.h !!option|value - replace option in sysoptions.h DB_OPT_CONFIG is space-separated list of 'words', each of them is in format: 'header_option|config_variable|value_enabled|value_disabled' 'header_option' is handled likewise in DB_OPT_COMMON. if 'config_variable' is enabled (technically: not disabled) then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise. in short: option|config|enabled|disabled = add option to localoptions.h !!option|config|enabled|disabled = replace option in sysoptions.h option := (config) ? enabled : disabled If you're not sure that option's value doesn't have '|' within - add your recipe manually right after '$(Build/Configure/dropbear_headers)' and write some words about your decision. PS about two exclamation marks: early idea was to use one exclamation mark to denote such header options but then i thought single exclamation mark may be overlooked by mistake. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: rework recipes that configure buildKonstantin Demin2020-12-111-22/+17
| | | | | | | | - add two helper functions to avoid mistakes with choice of correct header file to work with - update rules accordingly Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: reorder options in Configure recipeKonstantin Demin2020-12-111-11/+11
| | | | | | | put static options at first place, then place configurable options. also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: enable back DROPBEAR_USE_PASSWORD_ENVKonstantin Demin2020-12-111-2/+1
| | | | | | | | | | | | | this option was disabled in 2011 and these long nine years showed us that change was definitely wrong. binary size cost is much less than 1k. tested on ath79/generic: bin: 215128 -> 215128 (no change) ipk: 111108 -> 111183 (+75b) Fixes: 3c801b3dc0359 ("tune some more options by default to decrease size") Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* lldpd: fix autoreconf failureJo-Philipp Wich2020-12-091-0/+61
| | | | | | | | | | | | | | | | | | | | | The lldpd sources ship a modified local AX_LIB_READLINE M4 macro which conflicts with the official macro shipped by autoconf-archive. Due to the official macro having the same name and a higher serial number, autoconf will prefer including that one instead of the local copy, preventing the substitution of @READLINE_LIBS@ in Makefile.in templates, ultimately leading to the following build failure when linking lldpcli: ...-gcc: error: READLINE_LIBS@: No such file or directory Avoid this problem by renaming the locally shipped macro to not clash with the official implementation anymore. Ref: https://github.com/lldpd/lldpd/pull/423 Acked-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: Disable 802.11b data rates by defaultNick Lowe2020-12-062-2/+2
| | | | | | | | | | | | | | | | | Set legacy_rates to 0 by default to disable 802.11b data rates by default. The time has long come where 802.11b DSSS/CCK data rates should be disabled by default in OpenWRT. Users in need of 802.11b client support can reasonably enable these where they are needed. The balance of equities has significantly, and for a long time, tipped such that dropping backwards compatibility by default with 802.11b devices is appropriate, proportionate and justified. By doing so, management and control traffic is moved by default to a 20 MHz wide 6 Mb/s OFDM data rate instead of a 22 MHz wide 1 Mb/s DSSS data rate. This is significantly more airtime efficient. Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
* openvpn: removeRosen Penev2020-12-0518-1564/+0
| | | | | | | This will be moved to packages. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Paul Spooren <mail@aparcar.org>
* openvpn-easy-rsa: removeRosen Penev2020-12-053-92/+0
| | | | | | This will be moved to packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* umdns: add check for seccomp listJan Pavlinec2020-11-302-2/+2
| | | | | | | | This should fix an issue when user have a router with enabled seccomp and tries to run umdns package which was build with SDK with disabled seccomp support. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* hostapd: Add cell_density data rates optionNick Lowe2020-11-301-13/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a cell_density option to configure data rates for normal, high and very high cell density wireless deployments. The purpose of using a minimum basic/mandatory data rate that is higher than 6 Mb/s, or 5.5 Mb/s (802.11b compatible), in high cell density environments is to transmit broadcast/multicast data frames using less airtime or to reduce management overheads where significant co-channel interference (CCI) exists and cannot be avoided. Caution: Without careful design and validation, configuration of a too high minimum basic/mandatory data rate can sacrifice connection stability or disrupt the ability to reliably connect and authenticate for little to no capacity benefit. This is because this configuration affects the ability of clients to hear and demodulate management, control and broadcast/multicast data frames. Deployments that have not been specifically designed and validated are usually best suited to use 6, 12 and 24 Mb/s as basic/mandatory data rates. Only usually seek to configure a 12 Mb/s, or 11 Mb/s (802.11b compatible), minimum basic/mandatory rate in high cell density deployments that have been designed and validated for this. For many deployments, the minimum basic/mandatory data rate should not be configured above 12 Mb/s to 18 Mb/s, 24 Mb/s or higher. Such a configuration is only appropriate for use in very high cell density deployment scenarios. A cell_density of Very High (3) should only be used where a deployment has a valid use case and has been designed and validated specifically for this use, nearly always with highly directional antennas - an example would be stadium deployments. For example, with a 24 Mb/s OFDM minimum basic/mandatory data rate, approximately a -73 dBm RSSI is required to decode frames. Many clients will not have roamed elsewhere by the time that they experience -73 dBm and, where they do, they frequently may not hear and be able to demodulate beacon, control or broadcast/multicast data frames causing connectivity issues. There is a myth that disabling lower basic/mandatory data rates will improve roaming and avoid sticky clients. For 802.11n, 802.11ac and 802.11ax clients this is not correct as clients will shift to and use lower MCS rates and not to the 802.11b or 802.11g/802.11a rates that are able to be used as basic/mandatory data rates. There is a myth that disabling lower basic/mandatory data rates will ensure that clients only use higher data rates and that better performance is assured. For 802.11n, 802.11ac and 802.11ax clients this is not correct as clients will shift around and use MCS rates and not the 802.11b or 802.11g/802.11a rates that able to be used as basic/mandatory data rates. Cell Density 0 - Disabled (Default) Setting cell_density to 0 does not configure data rates. This is the default. 1 - Normal Cell Density Setting cell_density to 1 configures the basic/mandatory rates to 6, 12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower than the minimum basic/mandatory rate are not offered. Setting cell_density to 1 configures the basic/mandatory rates to the 5.5 and 11 Mb/s DSSS rates where legacy_rates is 1. Supported rates lower than the minimum basic/mandatory rate are not offered. 2 - High Cell Density Setting the cell_density to 2 configures the basic/mandatory rates to the 12 and 24 Mb/s OFDM rates where legacy_rates is 0. Supported rates lower than the minimum basic/mandatory rate are not offered. Setting the cell_density to 2 configures the basic/mandatory rates to the 11 Mb/s DSSS rate where legacy_rates is 1. Supported rates lower than the minimum basic/mandatory rate are not offered. 3 - Very High Cell Density Setting the cell_density to 3 configures the basic/mandatory rates to the 24 Mb/s OFDM rate where legacy_rates is 0. Supported rates lower than the minimum basic/mandatory rate are not offered. Setting the cell_density to 3 only has effect where legacy_rates is 0, else this has the same effect as being configured with a cell_density of 2. Where specified, the basic_rate and supported_rates options continue to override both the cell_density and legacy_rates options. Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
* umdns: update seccomp filter rulesDaniel Golle2020-11-272-1/+2
| | | | | | Add 'writev' syscall to list of allowed syscalls. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: fix "sh: out of range" errorsStijn Tintel2020-11-261-0/+7
| | | | | | | | | | | | | | Several variables in hostapd.sh can be used uninitialized in numerical comparisons, causing errors in logread: netifd: radio24 (1668): sh: out of range Set defaults for those variables to silence those errors. Fixes: b518f07d4b8a ("hostapd: remove ieee80211v option") Fixes: cc80cf53c50d ("hostapd: add FTM responder support") Fixes: e66bd0eb0469 ("hostapd: make rrm report independent of ieee80211k setting") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 1.0.7Stijn Tintel2020-11-261-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix patch offsetLeon M. George2020-11-231-1/+1
| | | | | | | Fixes the offset of the patch added in 93bbd998aa696a ("hostapd: enter DFS state if no available channel is found"). Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: enable the epoll-based event loopRui Salvaterra2020-11-238-8/+8
| | | | | | Hostapd supports epoll() since 2014. Let's enable it for better performance. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* uhttpd: update to git HEADDaniel Golle2020-11-231-4/+4
| | | | | | f53a639 ubus: fix uhttpd crash Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: set validity interval for BSS TMRADavid Bauer2020-11-171-1/+1
| | | | | | | | | | | | This sets the validity interval for the BSS transition candidate list to the same value as the disassociation timer. Currently the value is always 0, which is the specification states is a reserved value. Also, wpa_supplicant and from the looks of it some Android implementations will outright ignore the candidate list in this case. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add support for static airtime policy configurationDobroslaw Kijowski2020-11-172-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add support for passing airtime_sta_weight into hostapd configuration. * Since that commit it is possible to configure station weights. Set higher value for larger airtime share, lower for smaller share. I have tested this functionality by modyfing /etc/config/wireless to: config wifi-device 'radio0' ... option airtime_mode '1' config wifi-iface 'default_radio0' ... list airtime_sta_weight '01:02:03:04:05:06 1024' Now, when the station associates with the access point it has been assigned a higher weight value. root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/netdev\:wlan0/stations/01\:02\:03\:04\:05\:06/airtime RX: 12656 us TX: 10617 us Weight: 1024 Deficit: VO: -2075 us VI: 256 us BE: -206 us BK: 256 us [MAC address has been changed into a dummy one.] Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* hostapd: fix per-BSS airtime configurationDobroslaw Kijowski2020-11-172-1/+3
| | | | | | | | airtime_mode is always parsed as an empty string since it hasn't been added into hostapd_common_add_device_config function. Fixes: e289f183 ("hostapd: add support for per-BSS airtime configuration") Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* hostapd: ubus: add get_status methodDavid Bauer2020-11-171-0/+40
| | | | | | | This adds a new get_status method to a hostapd interface, which provides information about the current interface status. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add VHT capabilities to client listDavid Bauer2020-11-171-0/+71
| | | | | | | This adds parsed VHT capability information to the hostapd get_clients method. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add driver information to client listDavid Bauer2020-11-171-0/+24
| | | | | | | | This adds information from mac80211 to hostapd get_client ubus function. This way, TX as well as RX status information as well as the signal can be determined. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix variable shadowingDavid Bauer2020-11-171-0/+2
| | | | | | Fixes commit 838b412cb527 ("hostapd: add interworking support") Signed-off-by: David Bauer <mail@david-bauer.net>
* umdns: convert seccomp filter rules to OCI formatDaniel Golle2020-11-172-31/+42
| | | | | | | procd-seccomp switched to OCI-compliant seccomp parser instead of our (legacy, OpenWrt-specific) format. Convert ruleset to new format. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to latest git HEADHans Dedecker2020-11-151-4/+4
| | | | | | fb55e80 dhcpv6-ia : write statefile atomically Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: update to 2.81Hans Dedecker2020-11-154-9/+7
| | | | | | | | Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 1.0.20201112Jason A. Donenfeld2020-11-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * noise: take lock when removing handshake entry from table This is a defense in depth patch backported from upstream to account for any future issues with list node lifecycles. * netns: check that route_me_harder packets use the right sk A test for an issue that goes back to before Linux's git history began. I've fixed this upstream, but it doesn't look possible to put it into the compat layer, as it's a core networking problem. But we still test for it in the netns test and warn on broken kernels. * qemu: drop build support for rhel 8.2 We now test 8.3+. * compat: SYM_FUNC_{START,END} were backported to 5.4 * qemu: bump default testing version The real motivation for this version bump: 5.4.76 made a change that broke our compat layer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: 'ipset' config sectionsAleksandr Mezin2020-11-112-1/+28
| | | | | | | | | | | | | | | | | | | | | | | Allow configuring ipsets with dedicated config sections: config ipset list name 'ss_rules_dst_forward' list name 'ss_rules6_dst_forward' list domain 't.me' list domain 'telegram.org' instead of current, rather inconvenient syntax: config dnsmasq ... list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward' Current syntax will still continue to work though. With this change, a LuCI GUI for DNS ipsets should be easy to implement. Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: explictly set ednspacket_max valueJan Pavlinec2020-11-092-1/+2
| | | | | | | This is related to DNS Flag Day 2020. It sets default ends buffer size value to 1232. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* uhttpd: use P-256 for certsPaul Spooren2020-11-091-2/+2
| | | | | | | | | | | | The uhttpd package takes care of creating self-signed certificates if px5g is installed. This improves the security of router management as it encrypts the LuCI connection. The EC P-256 curve is faster than RSA which which improves the user experience on embedded devices. EC P-256 is support for as old devices as Android 4.4. Signed-off-by: Paul Spooren <mail@aparcar.org>