aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
...
* dnsmasq: bump to latest patches on 2.80rc2Kevin Darbyshire-Bryant2018-07-0319-11/+406
| | | | | | | | | | | | | | | Refresh patches and backport upstream to current HEAD: a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled. 51e4eee Fix address-dependent domains for IPv6. 05ff659 Fix stupid infinite loop introduced by preceding commit. db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface. 7dcca6c Warn about the impact of cache-size on performance. 090856c Allow zone transfer in authoritative mode whenever auth-peer is specified. cc5cc8f Sane error message when pcap file header is wrong. c488b68 Handle standard and contructed dhcp-ranges on the same interface. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: tc: update support for cakeKevin Darbyshire-Bryant2018-07-031-28/+83
| | | | | | | | | Bump iproute2/tc support of cake. Add support for cake's change to u64 attribute passing for certain attributes (rate & byte counts) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uhttpd: update to latest Git headJo-Philipp Wich2018-07-031-3/+3
| | | | | | | | | | db86175 lua: honour size argument in recv() function d3b9560 utils: add uh_htmlescape() helper 8109b95 file: escape strings in HTML output 393b59e proc: expose HTTP Origin header in process environment 796d42b client: flush buffered SSL output when tearing down client ustream Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ebtables: update to latest git 2018-06-27Hans Dedecker2018-07-023-5/+5
| | | | | | | 48cff25 build: drop install -o/-g root 53d7e7a extensions: ebt_string: take action if snprintf discards data Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fw3: update to latest git HEADJohn Crispin2018-07-021-3/+3
| | | | | | 72684e5 firewall3: Fix GCC8 warnings by replacing sprintf with snprintf Signed-off-by: John Crispin <john@phrozen.org>
* samba36: Disable external libtdb and libteventRosen Penev2018-07-021-1/+3
| | | | | | | This was causing issues recently as samba36 is not API compatible with the libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* swconfig: swlib_map_settings(): change return type to voidAlexander Couzens2018-06-291-1/+1
| | | | | | | | The return value of the function isn't used anywhere. Fixes missing return value, CID 1329717. Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* swconfig: fix un-initialized return valueAlexander Couzens2018-06-291-2/+3
| | | | | | | Fix CID 1330844 Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* qos-scripts: fix uci callback handlingTony Ambardar2018-06-283-29/+29
| | | | | | | | | | | | | | | | | The previous callback code was fragile, dependent on some UCI callback bugs and side-effects now fixed in master commit 73d8a6ab. Update scripts to use callbacks where appropriate and necessary, while using normal UCI config parsing for all else. This results in smaller, simpler, more robust code. Use callbacks in generate.sh to only process 'interface' defaults and the varying entries for 'reclassify', 'default' and 'classify' sections. Also switch qos-stat to use non-callback UCI handling. The current changes work independently of 73d8a6ab (i.e. both before and after), and are consistent with UCI config parsing documentation. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* wireguard: bump to 0.0.20180625Kevin Darbyshire-Bryant2018-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | dfd9827 version: bump snapshot 88729f0 wg-quick: android: prevent outgoing handshake packets from being dropped 1bb9daf compat: more robust ktime backport 68441fb global: use fast boottime instead of normal boottime d0bd6dc global: use ktime boottime instead of jiffies 18822b8 tools: fix misspelling of strchrnul in comment 0f8718b manpages: eliminate whitespace at the end of the line 590c410 global: fix a few typos bb76804 simd: add missing header 7e88174 poly1305: give linker the correct constant data section size fd8dfd3 main: test poly1305 before chacha20poly1305 c754c59 receive: don't toggle bh Compile-tested-for: ath79 Archer C7 v2 Run-tested-on: ath79 Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcpd: update to latest git HEADHans Dedecker2018-06-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | 81a281e dhcpv6-ia: fix border assignment size setting a2ffc59 dhcpv6-ia: fix status code for not on link IAs 5b087a6 dhcpv6-ia: improve error checking in assign_pd() c9114a1 config: fix wrong assignment bb8470f dhcpv4: delay forced renew transaction start 62a1b09 dhcpv4: fix DHCP address space logic d5726ff dhcpv4: improve logging when sending DHCP messages 9484351 odhcpd: call handle_error when socket error can be retrieved c45e2eb dhcpv6: fix out of bounds write in handle_nested_message() c2ff5af dhcpv6-ia: log renew messages as well 676eb38 router: fix possible segfault in send_router_advert() 392701f odhcpd: fix passing possible negative parameter 029123b treewide: switch to C-code style comments 6b79748 router: improve error checking 12e21bc netlink: fix incorrect sizeof argument d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface() 373495a ubus: fix invalid ipv6-prefix json 79d5e6f ndp: improve error checking d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface() f2aa383 dhcpv4: fix out of bound access in dhcpv4_put 4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface() 4983ee5 odhcpd: fix strncpy bounds Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iperf3: update to 3.6Philip Prindeville2018-06-261-3/+3
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netfilter: add bpf match supportAlin Nastac2018-06-261-0/+1
| | | | | | | | | Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* dropbear: let opkg manage symlinks of ssh, scpYousong Zhou2018-06-251-3/+5
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: set nonshared flagJohn Crispin2018-06-221-0/+1
| | | | | | this makes sure that offloading support is properly included for v4.14 targets. Signed-off-by: John Crispin <john@phrozen.org>
* wwan: Add support for Gemalto Cinterion cellular modulesDavid Thornley2018-06-224-1/+17
| | | | | | | | | | | | | Includes specific support for PH8(1e2d-0053) / ELS61(1e2d-005b) modules. Note for ELS61, the serial driver changes from serial option(ttyUSB) to usb-cdc (ttyACM). Two additional fixes in this commit resolve issues with ttyACM devices: - * wwan.sh - sys-fs has a subdirectory indirection (*/tty/ttyACMx) which was not handled properly * wwan.usb - dependent scripts were not included, so this never actually called proto_set_available for example (and relied on inadvertent call for ttyUSB case) Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
* wireguard: bump to 0.0.20180620Kevin Darbyshire-Bryant2018-06-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | 0bc4230 version: bump snapshot ed04799 poly1305: add missing string.h header cbd4e34 compat: use stabler lkml links caa718c ratelimiter: do not allow concurrent init and uninit 894ddae ratelimiter: mitigate reference underflow 0a8a62c receive: drop handshake packets if rng is not initialized cad9e52 noise: wait for crng before taking locks 83c0690 netlink: maintain static_identity lock over entire private key update 0913f1c noise: take locks for ss precomputation 073f31a qemu: bump default kernel bec4c48 wg-quick: android: don't forget to free compiled regexes 7ce2ef3 wg-quick: android: disable roaming to v6 networks when v4 is specified 9132be4 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf 41a5747 simd: no need to restore fpu state when no preemption 6d7f0b0 simd: encapsulate fpu amortization into nice functions f8b57d5 queueing: re-enable preemption periodically to lower latency b7b193f queueing: remove useless spinlocks on sc 5bb62fe tools: getentropy requires 10.12 4e9f120 chacha20poly1305: use slow crypto on -rt kernels on arm too Compiled-for: ar71xx, lantiq Run-tested-on: ar71xx Archer C7 v2 & lantiq HH5a Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcp6c: update to latest git HEADHans Dedecker2018-06-201-4/+4
| | | | | | b99c1f6 odhcp6c: remove len check in option parsing handle Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ethtool: Update to 4.17Robert Marko2018-06-201-2/+2
| | | | | | | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes * Fix: In ethtool.8, remove superfluous and incorrect \ * Fix: fix uninitialized return value * Fix: fix RING_VF assignment * Fix: remove unused global variable * Fix: several fixes in do_gregs() * Fix: correctly free hkey when get_stringset() fails * Fix: remove unreachable code * Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable * Feature: Add register dump support for MICROCHIP LAN78xx Signed-off-by: Robert Marko <robimarko@gmail.com>
* dnsmasq: fix dnsmasq startup issueHans Dedecker2018-06-202-9/+1
| | | | | | | | | | | Commit ecd954d530 installs specific interface triggers which rewrites the dnsmasq config file and restarts dnsmasq if the network interface becomes active for which a trigger has been installed. In case no dhcp sections are specified or ignore is set to 1 dnsmasq will not be started at startup which breaks DNS resolving. Fix this by ditching the BOOT check in start_service and always start dnsmasq at startup. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nftables: bump to version 0.9.0Rosy Song2018-06-181-2/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* iptables: increment PKG_RELEASE to force updateMirko Parthey2018-06-181-1/+2
| | | | | | | | | | | While support for the FLOWOFFLOAD target is available in the firmware images, it is still missing in some of the binary packages on downloads.openwrt.org, e.g. for the mipsel_mips32 architecture. Increment PKG_RELEASE to force an update of these packages. Also adjust the package description to include the FLOWOFFLOAD target. Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
* ltq-vdsl-app: use downloaded vectoring firmwareDaniel Golle2018-06-151-1/+3
| | | | | | | Use vectoring firmware downloaded via vdsl_fw_install.sh from ltq-vdsl-fw package for annex B and annex J. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcp6c: user string option supportHans Dedecker2018-06-111-3/+3
| | | | | | ca8822b odhcp6c: add support for user string options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix confdir option processing (FS#1572)Hans Dedecker2018-06-112-2/+3
| | | | | | | | Fix condir option processing allowing to use the format "<directory>[,<file-extension>......]," as documented on the dnsmasq man page which previously resulted into bogus dir being created. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: make cli treat UNKNOWN COMMAND as failingDenton Gentry2018-06-071-0/+13
| | | | | | | | | | | Avoid infinite loop at 100% CPU when running hostapd_cli if CONFIG_CTRL_IFACE_MIB is not defined. _newselect(4, [3], NULL, NULL, ...) recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16 sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24 Signed-off-by: Denton Gentry <denny@geekhold.com>
* ethtool: Update to 4.16Rosen Penev2018-06-071-2/+2
| | | | | | Tested on Turris Omnia (mvebu). Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iperf: Update to 2.0.11Rosen Penev2018-06-071-2/+2
| | | | | | Tested on Turris Omnia (mvebu). Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ebtables: update to latest git 2018-06-06Hans Dedecker2018-06-061-3/+3
| | | | | | | 5699354 extensions: fix build failure on fc28 e6359ee build: update ebtables.h from kernel and drop local unused copy Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: properly build hostapd-only SSL variantsDaniel Golle2018-06-051-11/+11
| | | | | | | Make sure hostapd-openssl is actually build against OpenSSL, same for wolfSSL. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: expose device taxonomy signature via ubusFelix Fietkau2018-06-051-0/+6
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for client taxonomy in the full configFelix Fietkau2018-06-052-5/+29
| | | | | | | This can be used to fingerprint clients to try to identify the exact model Signed-off-by: Felix Fietkau <nbd@nbd.name>
* map: make tunnel encapsulation limit support configurable (FS#1501)Hans Dedecker2018-06-042-8/+10
| | | | | | | | | | | | Be compatible with ISPs which don't support the destination option header containing the tunnel encapsulation limit as reported in FS#1501. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the map-e packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. If no encaplimit value is specified the default value is 4 as before. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEAD (FS#1501)Hans Dedecker2018-06-041-4/+4
| | | | | | a580028 system-linux: make encaplimit configurable for ip6 tunnels (FS#1501) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: make ds-lite/map tunnel encapsulation limit support configurable ↵Hans Dedecker2018-06-043-3/+9
| | | | | | | | | | | | | | (FS#1501) Be compatible with ISPs which don't support the destination option header containing the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map interfaces. Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion of the destination option header for the dynamic created ds-lite/map interface. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit_dslite/map uci parameter accordingly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ds-lite: make tunnel encapsulation limit support configurable (FS#1501)Hans Dedecker2018-06-042-3/+7
| | | | | | | | | | | | Be compatible with ISPs which don't support the destination option header containing the tunnel encapsulation limit as reported in FS#1501. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the ds-lite packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. If no encaplimit value is specified the default value is 4 as before. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: drop conflicting 'device' interface propertyIvan Shapovalov2018-06-013-5/+1
| | | | | | | | | | Do not set device runtime property on interfaces in the hotplug handler and in fixup_interfaces(). This property conflicts with device option in several proto handlers (mainly QMI and other WWAN/3G protos) and does not seem to be used anywhere. Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* wireguard: bump to 0.0.20180531 to fix flow offloadingJason A. Donenfeld2018-05-311-6/+5
| | | | | | | | | | This version bump was made upstream mostly for OpenWRT, and should fix an issue with a null dst when on the flow offloading path. While we're at it, Kevin and I are the only people actually taking care of this package, so trim the maintainer list a bit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: update packaging and patchesDaniel Golle2018-05-3137-496/+417
| | | | | | | | | | Clean up conflicts/provides/depends hell and add PROVIDES for eapol-test variants while at it. Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which allows to drop two revert-patches for upstream commits which previously were necessary to un-break mesh-DFS support. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* curl: Add ca-bundle dependencyRosen Penev2018-05-301-2/+2
| | | | | | | | While building, curl complains that the path specified is missing. Also, without ca-bundle, something like 'curl https://www.google.com' does not work due to a certificate verify error. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* curl: Use ca-bundle for all TLS libraries.Rosen Penev2018-05-301-4/+6
| | | | | | | | | | | | | | | | It simplifies the Makefile a bit. In addition, using ca-bundle saves some space as well. It also fixes an issue with at least transmission, which has a dependency on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not to work. This has been tested on mt7621 with OpenSSL and GnuTLS just by running 'curl https://www.google.com' and seeing if there's a verify error. The rest are already using ca-bundle and therefore work fine. Signed-off-by: Rosen Penev <rosenp@gmail.com> Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: convert ssl provider build options to variantsDaniel Golle2018-05-252-85/+285
| | | | | | | | | | | Instead of selecting the SSL provider at compile time, build package variants for each option so users can select the binary package without having to build it themselves. Most likely not all variants have actually ever been user by anyone. We should reduce the selection to the reasonable and most used combinations at some point in future. For now, build them all. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall: update to latest git HEADHans Dedecker2018-05-251-3/+3
| | | | | | | 30463d0 zones: add interface/subnet bound LOG rules 0e77bf2 options: treat time strings as UTC times Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: update to git HEAD of 2018-05-21, allow build against wolfsslDaniel Golle2018-05-2437-296/+603
| | | | | | | Support for building wpa_supplicant/hostapd against wolfssl has been added upstream recently, add build option to allow users using it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "dnsmasq: use "hostsdir" instead of "addn-hosts""Hans Dedecker2018-05-241-1/+1
| | | | | | | | | This reverts commit a03035dad198cd4b51645ceb43c1170f9cf95f16 as it has several issues: -Host file is located in a directory which is not unique per dnsmasq instance -odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: use "hostsdir" instead of "addn-hosts"Christian Schoenebeck2018-05-231-1/+1
| | | | | | | 1.) "addn-hosts" per default point to a file (but it supports directory) 2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* mbedtls: update to version 2.9.0Hauke Mehrtens2018-05-222-2/+2
| | | | | | | | The soversion was changed in this version again and is now aligned with the 2.7.2 version. The size of the ipkg file stayed mostly the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nftables: bump to 0.8.5 versionRosy Song2018-05-218-1594/+8
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* wireguard: bump to 20180519Jason A. Donenfeld2018-05-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * chacha20poly1305: add mips32 implementation "The OpenWRT Commit" - this significantly speeds up performance on cheap plastic MIPS routers, and presumably the remaining MIPS32r2 super computers out there. * timers: reinitialize state on init * timers: round up instead of down in slack_time * timers: remove slack_time * timers: clear send_keepalive timer on sending handshake response * timers: no need to clear keepalive in persistent keepalive Andrew He and I have helped simplify the timers and remove some old warts, making the whole system a bit easier to analyze. * tools: fix errno propagation and messages Error messages are now more coherent. * device: remove allowedips before individual peers This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with many peers would grind when deleting the interface. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: fix IEEE 802.11r (fast roaming) defaultsGospod Nassa2018-05-181-21/+27
| | | | | | | | | | | | | | | | | | | | | | | Use ft_psk_generate_local=1 by default, as it makes everything else fairly trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd fairly much does it all for us. We do need to provide nas_identifier, which can be derived from the BSSID, and we need to generate a mobility_domain, for which we default to the first four chars of the md5sum of the SSID. The complex manual setup should also still work, but the defaults also now work easily out of the box. Verified by manually running hostapd (with the autogenerated config) and watching the debug output: wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake This was previous submitted to LEDE in https://github.com/lede-project/source/pull/1382 [dwmw2: Rewrote commit message] Signed-off-by: Gospod Nassa <devianca@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>