| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
ce1814b iwinfo: Add device ID for Wilocity Wil6210
a8e8275 iwinfo: Add support for 802.11ad
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
6d23385 dhcpv6: extra syslog tracing
b076916 dhcpv6/router: add support for mutiple master interfaces
e4a24dc ndp: fix adding proxy neighbor entries
4ca7f7e router: add extra syslog tracing
8318e93 netlink: fix neighbor event handling (FS#2160)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
| |
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
| |
|
|
|
|
|
|
|
|
|
| |
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction
MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add build and runtime dependencies on libelf, allowing tc and ip-full
to load BPF and XDP object files respectively.
Define package 'tc' as a singleton package variant, which can be used to
enable additional functionality limited only to tc. Also set ip-tiny
as the default 'ip' variant.
Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
| |
81ac3bc interface-ip: fix delegate config update on reload (FS#2087)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following compile problem with kernel 4.20:
In file included from arp.c:20:0:
include/linux/if_arp.h:121:16: error: 'IFNAMSIZ' undeclared here (not in a function)
char arp_dev[IFNAMSIZ];
^~~~~~~~
make[7]: *** [Makefile:459: arp.o] Error 1
This is caused by commit 6a12709da354 ("net: if_arp: use define instead
of hard-coded value") in the upstream Linux kernel which is integrated
in Linux 4.20.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Vieno Hakkerinen <txt.file@txtfile.eu>
|
| |
|
|
|
|
|
|
|
| |
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
| |
b514490 iwinfo: add device id for MediaTek MT7603E
e9e1400 iwinfo: more Ralink and MediaTek WiSoC and PCIe chips
cb108c5 iwinfo: fix capitalization of vendor name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* wg-quick: freebsd: allow loopback to work
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.
* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention
Usual nits.
* systemd: wg-quick should depend on nss-lookup.target
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.
* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp
This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.
* hashtables: decouple hashtable allocations from the main device allocation
The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.
* chacha20poly1305: permit unaligned strides on certain platforms
The map allocations required to fix this are mostly slower than unaligned
paths.
* noise: store clamped key instead of raw key
This causes `wg show` to now show the right thing. Useful for doing
comparisons.
* compat: ipv6_stub is sometimes null
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.
* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable
* queueing: net-next has changed signature of skb_probe_transport_header
A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.
* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips
This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
16c5b6c ubus: always trigger an update if interface is not found
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
omcproxy's configuration is lost on every update or installation.
Avoid it by defining the configuration file.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
After update to 5.0.1 iw-full package failed to display command list on
ipq40xx arch. Root cause was found to be LTO reordering causing
incorrect detection of command struct size in:
iw.c:552
cmd_size = labs((long)&__section_set - (long)&__section_get);
This reverts commit ef16a394d2b24a363b50b5b4720cb23fe156c9da.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
|
| |
|
|
|
|
|
|
| |
9e9389c dhcpv4: fix adding assignment in list (FS#2142)
e69265b dhcpv4: fix static lease lookup
afbd7dd dhcp: rework assignment free logic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
max_ttl - limit the ttl in the dns answer if greater as $max_ttl
min_cache_ttl - force caching of dns answers even the ttl in the answer
is lower than the $min_cache_ttl
max_cache_ttl - cache only dns answer for $max_cache_ttl.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
| |
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.
Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick Multi-AP commits from uptream:
9c06f0f6a hostapd: Add Multi-AP protocol support
5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
a1debd338 tests: Refactor test_multi_ap
bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
8682f384c hostapd: Add README-MULTI-AP
b1daf498a tests: Multi-AP WPS provisioning
Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).
Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
| |
This reverts commit e6d84fa8864e7bbbcec139dd09a2922a06f5b2a0 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
This reverts commit 26681fa6a6fcbec0024906eb8367e9a3160521fb as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
This reverts commit fc80ef3613465e60257a5ddf0674debe45b09180 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
This reverts commit 248797834bf21916ddf663edc96d86ee5377850e as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case
- run dnsmasq with no-resolv
- re-generate /etc/resolv.conf with "nameserver 127.0.0.1"
Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.
A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver. It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1f01299 config: fix build failure in case DHCPv4 support is disabled
67b3a14 dhcpv4: fix assignment of requested IP address
ca8ba91 dhcp: rework static lease logic
36833ea dhcpv6: rapid commit support
1ae316e dhcpv6: fix parsing of DHCPv6 relay messages
80157e1 dhcpv4: fix compile issue
671ccaa dhcpv6-ia: move function definitions to odhcpd.h
0db69b0 dhcpv6: improve code readibility
7847b27 treewide: unify dhcpv6 and dhcpv4 assignments
a54cee0 netlink: rework handling of netlink messages
9f25dd8 treewide: use avl tree to store interfaces
f21a0a7 treewide: align syslog tracing
edc5fb0 dhcpv6-ia: add full CONFIRM support
9d6eadf dhcpv6-ia: rework append_reply()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rosy Song <rosysong@rosinson.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches
MIPS IPK size increases:
iw-tiny: +3k
iw-full: +10k
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
[Remove sha256, nan, bloom, measurements and ftm from tiny version]
[sync nl80211 between backports and iw]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Opkg treats text after a version number as higher than without:
~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $?
1
~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $?
0
This causes opkg not offering final release as upgradable version, and
even refusing to update, since it thinks the installed version is
higher.
This can be mitigated by adding ~ between the version and the text, as ~
will order as less than everything except itself. Since 'r' < 't', to
make sure that test will be treated as lower than rc we add a second ~
before the test tag. That way, the ordering becomes
2.80~~test < 2.80~rc < 2.80
which then makes opkg properly treat prerelease versions as lower.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
|
|
|
| |
Prevent the mesh authentication state machine from getting reset on bogus
new peer discovery
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
It was already enabled for wpad builds and since commit 6a15077e2d7fa
the script relies on it. Size impact is minimal (2 kb on MIPS .ipk).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Add config option rapidcommit to enable support for DHCPv4 rapid
commit (RFC4039)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Avoid trying to add the same station to the driver multiple times
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Helpful for debugging network connectivity issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
| |
Simplify build and runtime dependencies on libelf, which allows tc and ip
to load BPF and XDP object files respectively.
Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the old 'tc' with a singleton package variant which will be used
to enable additional functionality and limit it only to tc. Non-variant
packages will only be installed during 'tiny' variant builds, hence will
be configured without extra features, thus preserving previously limited
functionality and reduced package sizes.
Also set ip-tiny as the default variant, and install 'tiny' versions of
development libraries.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compile-based feature detection (e.g. xtables, ipset support) was broken
due to silent compilation errors in the configure script, caused by a
Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use
userspace headers by setting the same "user_headers" kernel include path
as used for the iptables build.
Remove redundant or unused Build/Configure definitions from package
Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes.
Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in
tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead,
use standard TARGET_LDFLAGS.
Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also
drop now unneeded patch 150-extra-ccopts.patch.
Enable defining XT_LIB_DIR from Makefile, needed to set the iptables
modules directory to something other than /lib/xtables, and also add
libxtables dependency. Both are needed with working xtables detection.
Note that libxtables is also pulled in by iptables, firewall or luci, so
this change has no size impact in most cases.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since v4.13, iproute2 switched to a config.mk file with greater use of
pkg-config for library/feature detection. Replace the old Config patch
with one modifying the configure script but enabling the same changes:
- explicitly disable TC_CONFIG_ATM
- rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
|
|
|
|
|
| |
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the vti interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the vti interface.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the ipip interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the ipip interface.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixed CVEs:
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823
For other changes in version 7.64.0 see https://curl.haxx.se/changes.html#7_64_0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two problems with this behaviour that the zone is set to wan
if no zone config option is defined in the interface section.
* The zone for the interface is "normally" specified in the firewall
config file. So if we have defined "no" zone for this interface zone
option is set now to "wan" additonaly if we add the interface in the firewall
config section to the "lan" zone, the interface is added to lan and wan at once.
iptables-save | grep <iface>
This is not what I expect.
* If I do not want to set a zone to this interface it is not possible.
Remove the default assigment to wan if no zone option is defined.
If some one need the option it stil possible to define this option.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
|
| |
|
|
|
|
| |
5cd7215 system-linux: handle hotplug event socket ENOBUFS errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
