aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: enable PMKSA and OK caching for WPA3-PersonalDavid Bauer2019-11-041-1/+8
| | | | | | | | | | | | | This enables PMKSA and opportunistic key caching by default for WPA2/WPA3-Personal, WPA3-Personal and OWE auth types. Otherwise, Apple devices won't connect to the WPA3 network. This should not degrade security, as there's no external authentication provider. Tested with OCEDO Koala and iPhone 7 (iOS 13.1). Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add IEEE 802.11k supportKyle Copperfield2019-11-021-0/+13
| | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Enables radio resource management to be reported by hostapd to clients. Ref: https://github.com/lede-project/source/pull/1430 Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* lantiq: Allow PKG_ASLR_PIE for DSL and voice driversHauke Mehrtens2019-11-011-1/+0
| | | | | | | | | | | When ASLR_PIE was activated globally these drivers failed to build because the user space LDFLAGS leaked into the kernel build process. This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild: clear LDFLAGS in the top Makefile") which went into Linux 4.17. The lantiq target is now on Linux 4.19 only and these exceptions are not needed any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dropbear: rebuild libs on config changeYousong Zhou2019-11-011-0/+4
| | | | | | | | | Required as dependency on dropbear config headers is not tracked in dropbear build system Fixes FS#2275 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* mac80211: Update to version 5.4-rc2Hauke Mehrtens2019-10-192-50/+89
| | | | | | | | | This updates mac80211 to backports based on kernel 5.4-rc2 ath10k-ct was updated to match the API changes and iw now uses the new nl80211.h header file. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wwan: Double quote to prevent globbing and word splittingFlorian Eckert2019-10-182-9/+9
| | | | | | | | Fix some shellcheck warnings. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: add ec25 to databaseFlorian Eckert2019-10-182-1/+5
| | | | | | | | Add ec25 to database. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: add mc7304 to databaseFlorian Eckert2019-10-182-1/+5
| | | | | | | | Add mc7304 to database. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: check new uci bus option on proto setup eventFlorian Eckert2019-10-182-13/+40
| | | | | | | | | | | | | | | If system has more then one and different wwan interface (modem). Then the wwan protohandler will always take the modem which is discovered first. The protohandler will always setup the same interface. To fix this add a new usb "bus" option which is associated with wwan device and so will set the specified interface up. With this change more then one interface could be mananged by the wwan protohandler. If the "bus" option is not set in the uci network config then the protohandler behaves as before the change. The protohanldler will take the first interface which he founds. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* 6in4: add rfc1918 check functionSean Kenny2019-10-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | This is a precursor to adding proper support for multiple 6in4 tunnels with the already programmed tunlink parameter. This is an essential sanity check so as to not break existing and working behind NAT setups. Signed-off-by: Sean Kenny <skenny@wfap.ca> 6in4: add myip he.net api parameter logic This is to add proper support for multiple 6in4 tunnels with the already programmed tunlink parameter. As it stands before this commit, if there is a multi wan setup that consists of dynamic ips, there is no way to use the dynamic update feature as the he.net api is implicitly using the ip address of the caller. This will explicitly use the ipaddr specified in the interface config OR the ip of the tunlink interface specified in the dynamic update api call instead ONLY if the final resolved ipaddr variable is not an rfc1918 address. Signed-off-by: Sean Kenny <skenny@wfap.ca>
* wireguard: bump to latest snapshot 20191012Kevin Darbyshire-Bryant2019-10-161-2/+2
| | | | | | | | | | | 8eb8443 version: bump snapshot be09cf5 wg-quick: android: use Binder for setting DNS on Android 10 4716f85 noise: recompare stamps after taking write lock 54db197 netlink: allow preventing creation of new peers when updating f1b87d1 netns: add test for failing 5.3 FIB changes a3539c4 qemu: bump default version Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-161-3/+3
| | | | | | | 07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results 3ac846e lua: fix string description of mixed WPA3 modes Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lantiq: fix dsl_control status handling.Martin Schiller2019-10-154-8/+8
| | | | | | | | | | Commit 7519a36774ca ("base-files,procd: add generic service status") introduced the generic 'status' command which broke the previous dsl_control status output. To fix this, let's rename the "old" command to "dslstat". Fixes: 7519a36774ca ("base-files,procd: add generic service status") Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-151-3/+3
| | | | | | a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: update to latest git HEADHans Dedecker2019-10-141-3/+3
| | | | | | 9a4531a ndp: fix endian issue Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: adjust to removal of WOLFSSL_HAS_AES_GCMEneas U de Queiroz2019-10-121-1/+0
| | | | | | WolfSSL is always built with AES-GCM support now. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-124-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ppp: update to version 2.4.7.git-2019-10-04Hans Dedecker2019-10-1026-164/+104
| | | | | | | | | | | | | | | | | | | | 0d004db Revert "pppd: Include time.h before using time_t" e400854 pppdump: Eliminate printf format warning by using %zd 7f2f0de pppd: Refactor setjmp/longjmp with pipe pair in event wait loop 4e71317 make: Avoid using host include for cross-compiling 3202f89 pppoe: Remove the use of cdefs d8e8d7a pppd: Remove unused rcsid variables 486f854 pppd: Fix GLIBC version test for non-glibc toolchains b6cd558 pppd: Include time.h before using time_t ef8ec11 radius: Fix compiler warning f6330ec magic: Remove K&R style of arguments 347904e Add Submitting-patches.md Remove patches 130-no_cdefs_h.patch, 131-missing_prototype_macro.patch, 132-fix_linux_includes.patch as fixed upstream Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest git HEADHans Dedecker2019-10-041-3/+3
| | | | | | daed0cf utils: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2019-10-041-3/+3
| | | | | | e76ad06 netlink: fix potential infinite loops Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iw: Update to version 5.3Hauke Mehrtens2019-10-034-356/+97
| | | | | | | | | | | | | | | | | Wifi HE (ieee80211ax) parsing is currently only activated in the full version because it increases the compressed size by 2.5KBytes. This also activates link time optimization (LTO) again, the problem was fixed upstream This increases the uncompressed binary size of iw-tiny by about 1.7% old: 34446 iw_5.0.1-1_mipsel_24kc.ipk new: 35064 iw_5.3-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ethtool: bump to 5.3Hans Dedecker2019-09-301-2/+2
| | | | | | | | | 76c4682 Release version 5.3. 3870efc ethtool: dump nested registers 7c06fa8 gitignore: ignore vim swapfiles and patches 49d1401 ethtool: igb: dump RR2DCDELAY register Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-09-301-3/+3
| | | | | | 2a95086 nl80211: recognize SAE encrypted mesh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iw: add patch to include local BSS rx time in survey informationFelix Fietkau2019-09-292-8/+37
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: update to 5.3.0DENG Qingfang2019-09-285-26/+31
| | | | | | Update iproute2 to 5.3.0 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* wireguard: bump to 0.0.20190913Brandy Krueger2019-09-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Changes since 0.0.20190702: define conversion constants for ancient kernels android: refactor and add incoming allow rules enforce that unused bits of flags are zero immediately rekey all peers after changing device private key support running in OpenVZ environments do not run bc on clean target skip peers with invalid keys account for upstream configuration maze changes openbsd: fix alternate routing table syntax account for android-4.9 backport of addr_gen_mode don't fail down when using systemd-resolved allow specifying kernel release enforce named pipe ownership and use protected prefix work around ubuntu breakage support newer PaX don't rewrite siphash when it's from compat squelch warnings for stack limit on broken kernel configs support rhel/centos 7.7 Signed-off-by: Brandy Krueger <krueger.brandy24@gmail.com>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-09-221-3/+3
| | | | | | | | 313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results f096bfd utils: support parsing SAE and OWE key management suites from IEs Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: Add mesh support for wpad fullHauke Mehrtens2019-09-221-2/+2
| | | | | | | | | | | | | | This increases the size of the binary slightly: old: 427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk new: 442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: use getrandom syscallHauke Mehrtens2019-09-227-7/+7
| | | | | | | | hostapd will not use the getrandom() syscall and as a fallback use /dev/random, the syscall is supported since Linux 3.17 and in the musl, glibc and uclibc version used by OpenWrt. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Remove unneeded patchHauke Mehrtens2019-09-228-28/+14
| | | | | | | All the content of this function is proceeded by IEEE8021X_EAPOL no code accesses the ssid variable outside of this ifdef. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WARHauke Mehrtens2019-09-225-16/+4
| | | | | | Instead of patching the workaround away, just use the config option. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Update to version 2.9 (2019-08-08)Hauke Mehrtens2019-09-2247-639/+272
| | | | | | | | | | | | | | | | | | The size of the ipkgs increase a bit (between 0.7% and 1.1%): old 2019-04-21 (2.8): 288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk 256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk 427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk 423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk new 2019-08-08 (2.9): 290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk 427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Update to version 2.8 (2019-04-21)Hauke Mehrtens2019-09-2289-5673/+532
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also syncs the configuration files with the default configuration files, but no extra options are activated or deactivated. The mesh patches were partially merged into hostapd 2.8, the remaining patches were extracted from patchwork and are now applied by OpenWrt. The patches still have open questions which are not fixed by the author. They were taken from this page: https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=* The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch where first applied to hostapd, but later reverted in hostapd commit 3e949655ccc5 because they caused memory leaks. The size of the ipkgs increase a bit (between 1.3% and 2.3%): old 2018-12-02 (2.7): 283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk 252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk 417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk 415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk new 2019-04-21 (2.8): 288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk 256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk 427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk 423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-09-201-3/+3
| | | | | | | | | 02112f9 cli: fix reporting of mixed WPA2/WPA3 versions 7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results 629b5ff nl80211: do not confuse open connections with WEP ones 3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: mirror ieee80211w ap mode defaults in station modeJo-Philipp Wich2019-09-202-1/+10
| | | | | | | | | | | For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b. Mirror the same defaults for client mode connections, in order to allow an OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption without the need to manually specify "option ieee80211w" on the station. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix OWE settings in client modeJo-Philipp Wich2019-09-202-1/+2
| | | | | | | | This changes fixes the generation of the wpa_supplicant client configuration in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use the proper key_mgmt=OWE setting instead. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: declare struct wpa_bss earlyLeon M. George2019-09-191-0/+19
| | | | | | | | | | | | | | | | wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if CONFIG_WPS is not defined. With the later inclusion of 600-ubus_support, the issue manifests in warnings like these: wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration struct wpa_bss *bss) ^~~~~~~ This patch forward declares 'struct wpa_bss' regardless. Signed-off-by: Leon M. George <leon@georgemail.eu> [commit message facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: revert signature change in patchLeon M. George2019-09-191-1/+1
| | | | | | | | | | | | The original wpa_hexdump uses a 'void *' for the payload. With patch 410-limit_debug_messages, the signature changes and compiler warnings occur at various places. One such warning is: wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *' Signed-off-by: Leon M. George <leon@georgemail.eu> [commit message facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* curl: bump to 7.66.0Hans Dedecker2019-09-192-4/+4
| | | | | | | | | | Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0 Fixes CVEs: CVE-2019-5481 CVE-2019-5482 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | 383eb58 ubus: do not overwrite ipset name attribute Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: update to latest git HEADPetr Štetiar2019-09-151-3/+3
| | | | | | c26f8907d1d2 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type Signed-off-by: Petr Štetiar <ynezz@true.cz>
* netifd,lldpd,rpcd,log: use generic service_runningPetr Štetiar2019-09-152-9/+0
| | | | | | | | | | | | | | | | | | commit eb204d14f75c ("base-files: implement generic service_running") introduced generic service_running so it's not needed to copy&paste same 3 lines over and over again. I've removed service_running from netifd/network init script as well, because it was not working properly, looked quite strange and I didn't understand the intention: $ /etc/init.d/network stop $ service network running && echo "yes" || echo "nope" ( have to wait for 30s ) Command failed: Request timed out yes Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: update to latest git HEADHans Dedecker2019-09-151-3/+3
| | | | | | | | 1d24009 netlink: rename netlink callback handlers 91a28e4 ndp: answer global-addressed NS manually fd93e36 dhcpv6: retry failed PD assignments on addrlist change Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: fix update to git HEADHans Dedecker2019-09-121-2/+2
| | | | | | | | | | | | | | | | Fixes commit 7ff5b12e90 e73bf11 config: ra_management compatibility support d818380 odhcpd: router: Fix out of scope memory access 94a1c94 dhcpv6-ia: free assignment when validity timer expires 752fc2c router: speed up initial router advertisements 09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed 79eb160 router: fix previous commit 6034b5c router: close socket upon NETEV_IFINDEX_CHANGE 000182f router: fix lingering uloop socket descriptor f6c2242 router: support ra_lifetime being 0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* umbim: update to latest git HEADIngo Feinerer2019-09-121-3/+3
| | | | | | 184b707 umbim: add home provider query support Signed-off-by: Ingo Feinerer <feinerer@logic.at>
* odhcpd: update to latest git HEAD (FS#2019)Hans Dedecker2019-09-122-2/+5
| | | | | | | | | | | | | | | | | e73bf11 config: ra_management compatibility support d818380 odhcpd: router: Fix out of scope memory access 94a1c94 dhcpv6-ia: free assignment when validity timer expires 752fc2c router: speed up initial router advertisements 09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed 79eb160 router: fix previous commit 6034b5c router: close socket upon NETEV_IFINDEX_CHANGE 000182f router: fix lingering uloop socket descriptor f6c2242 router: support ra_lifetime being 0 d111809 router: make RA flags configurable (FS#2019) Update odhcpd defaults according to the new RA flags implementation Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADDavid Bauer2019-09-121-3/+3
| | | | | | | a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886 1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887 Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Fix security problemHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This shouöld not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>