aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* uhttpd: fix typo in default config for px5gFelix Fietkau2016-01-191-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48385 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48345 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48344 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add option for mbedtlsFelix Fietkau2016-01-191-0/+4
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48343 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48309 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option --min-portFelix Fietkau2016-01-152-1/+2
| | | | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the minport UCI option is specified the ports used will always be larger than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48244 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48243 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: add local hostname record for own lan ula address as wellJo-Philipp Wich2016-01-122-4/+18
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48214 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48202 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: update to version 2.3.10Felix Fietkau2016-01-115-276/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48201 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48196 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48195 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48185 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: added service_triggers() to init scriptFelix Fietkau2016-01-071-0/+4
| | | | | | | | | Follow up of #21469 This patch enables autoreloading openvpn via procd. Signed-off-by: Federico Capoano <nemesis@ninux.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48150 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48133 3c298f89-4303-0410-b956-a3cf2f4a3e73
* relayd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48129 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48122 3c298f89-4303-0410-b956-a3cf2f4a3e73
* packages: use OPENWRT_GIT to point at the main openwrt git repoFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48118 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48099 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: fix configure optionsJohn Crispin2015-12-231-2/+1
| | | | | | | | | | | | | | | - eurephia: commit: Remove the --disable-eurephia configure option - fix option name: http proxy option is now called http-proxy (see configure.ac) fixes: configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47979 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/lldpd: Remove extraneous selectJohn Crispin2015-12-231-1/+0
| | | | | | | | | | Only the conditional dependency ought to be required; if build fails with JSON there is some other problem at work. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47976 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option --no-pingJohn Crispin2015-12-231-0/+1
| | | | | | | | | | By default dnsmasq sends an ICMP echo request before allocating an IP address to a host; the uci option noping allows to disable this check. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47974 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: changed option nonwildcard to --bind-dynamicFelix Fietkau2015-12-191-1/+1
| | | | | | | | | | | | | | | | Changed option nonwildcard from --bind-interfaces into --bind-dynamic. With this, Dnsmasq binds the address of individual interfaces, allowing multiple dnsmasq instances, but if new interfaces or addresses appear, it automatically listens on those. This makes dynamically created interfaces work in the same way as the default, but allows also use of other DNS-servers (like Named) at the same time on diffirent interfaces where Dnsmasq is NOT configured, whereas with --bind-interfaces will still reserve every interface even if not used and thus disallowing use of any other DNS-program even on unused interfaces. Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi> Signed-off-by: Sami Olmari <sami@olmari.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47953 3c298f89-4303-0410-b956-a3cf2f4a3e73
* network/services/lldpd: Fix missing dependency when using JSONJohn Crispin2015-12-171-0/+1
| | | | | | | | | Using the JSON output option depends on json library so add select json-c library when JSON output is selected. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47928 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option "--all-servers"John Crispin2015-12-111-0/+1
| | | | | | | | | Add the option "--all-servers" which forces dnsmasq to send all queries to all servers and then take the first answer. Signed-off-by: Andréas Gustafsson <gurgalof@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47857 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: add STOP=01 param in init scriptFelix Fietkau2015-12-051-1/+2
| | | | | | | | | | This should ensure that lldpd is among the first processes to stop, so that it has time to send the shutdown LLDPU to the other side, before the network goes down. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47786 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa-supplicant: Get 802.11s ssid information from option mesh_idJohn Crispin2015-11-241-0/+3
| | | | | | | | | | | | The scripts for authsae and iw use the option mesh_id to get set the "meshid" during a mesh join. But the script for wpad-mesh ignores the option mesh_id and instead uses the option ssid. Unify the mesh configuration and let the wpa_supplicant script also use the mesh_id from the configuration. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47615 3c298f89-4303-0410-b956-a3cf2f4a3e73
* authsae: Use kbit/s as mcast_rate unit like wpadJohn Crispin2015-11-241-2/+10
| | | | | | | | | | | | | | | The OpenWrt wireless configuration for mcast_rate is defined as Kbit/s when using wpa_supplicant for IBSS/802.11s and iw for unencrypted IBSS/802.11s. But when using authsae, the unit for the same option is redefined as Mbit/s. Better use the same unit for this option independent of the backend which is used. Old values for mcast_rate (< 1000) are still interpreted Mbit/s to avoid problems during upgrades from older versions. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47614 3c298f89-4303-0410-b956-a3cf2f4a3e73
* authsae: Fix meshid in authsae configJohn Crispin2015-11-241-1/+1
| | | | | | | | | The variable $mesh_id was never defined in authsae_start_interface and thus the option meshid in $authsae_conf_file was always set to "". Signed-off-by: Sven Eckelmann <sven@open-mesh.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47613 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: correctly handle netlink congestion caseSteven Barth2015-11-191-3/+3
| | | | | | | | Thanks to @ktgeek and @willmo for diagnosing Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47514 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: Use network_get_device instead of uci_get_stateFelix Fietkau2015-11-113-5/+13
| | | | | | | | This fixes the IAPP functionality. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47455 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add support for configuration option ubus_corsLuka Perkov2015-11-101-0/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47448 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: enable options consistency check even in the small buildFelix Fietkau2015-11-101-0/+12
| | | | | | | | | Only costs about 3k compressed, but significantly improves handling of configuration mismatch Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47439 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to the latest version, adds support for redirect helper scriptsFelix Fietkau2015-11-082-3/+7
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47419 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: implement a reload hookFelix Fietkau2015-11-031-1/+18
| | | | | | | | | | | | | | | | | | | Seems the default one is not working as expected. The way that reload should work is that the 'start' service call should return 1 (if lldpd is running) and then a normal restart would be called. However, for lldpd a reload would mean just clearing all custom TLVs (if they're configured) and reloading the configuration. So, this patch adds a reload hook, which would: - 'start' lldpd if it's not running (because we return 1 if not running) - reload configuration if it is running (also previously clearing custom TLVs if present) Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47367 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: add default value to eapol_version (#20641)Felix Fietkau2015-11-021-0/+1
| | | | | | | | | | | | | | r46861 introduced a new option eapol_version to hostapd, but did not provide a default value. When the option value is evaluated, the non-existing value causes errors to the systen log: "netifd: radio0: sh: out of range" Add a no-op default value 0 for eapol_version. Only values 1 or 2 are actually passed on, so 0 will not change the default action in hostapd. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47361 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba: convert init script to procd, add reload supportFelix Fietkau2015-10-301-6/+24
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47292 3c298f89-4303-0410-b956-a3cf2f4a3e73
* relayd: update to the latest version, fixes some issues found by CoverityFelix Fietkau2015-10-301-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47285 3c298f89-4303-0410-b956-a3cf2f4a3e73
* omcproxy: fix PKG_LICENSE stringJohn Crispin2015-10-261-1/+1
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47264 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git HEADJohn Crispin2015-10-201-2/+2
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47240 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git revisionJohn Crispin2015-10-192-2/+7
| | | | | | | | adds URL alias support Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47206 3c298f89-4303-0410-b956-a3cf2f4a3e73
* cosmetic: remove trailing whitespacesLuka Perkov2015-10-151-1/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47197 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: fix keep-alive bug (#20607, #20661)Jo-Philipp Wich2015-10-072-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47161 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: wait longer for inactive client probe (empty data frame)Felix Fietkau2015-10-061-0/+11
| | | | | | | | | | | One second is not enough for some devices to ackowledge null data frame which is sent at the end of ap_max_inactivity interval. In particular, this causes severe Wi-Fi instability with Apple iPhone which may take up to 3 seconds to respond. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47149 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: wrap procd command args in separate quotesJohn Crispin2015-10-051-3/+3
| | | | | | | | | | | | Seems the match pattern was being adapted from 'eth0' to ' eth0' because of the way I added the procd command args. This did not seem to be a problem when there were multiple interfaces, just on devices with single interfaces for lldpd to listen on. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47136 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: add handling for route-pre-down optionJohn Crispin2015-10-051-1/+1
| | | | | | | | | OpenVPN 2.3 added a route-pre-down option, to run a command before routes are removed upon disconnection. Signed-off-by: Jeffery To <jeffery.to@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47134 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47064 3c298f89-4303-0410-b956-a3cf2f4a3e73
* igmpproxy: fix spurious restarts on interface events, pass used netdevs to ↵Felix Fietkau2015-09-261-1/+5
| | | | | | | | procd instead Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47055 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: add respawn param in case dropbear crashesFelix Fietkau2015-09-241-0/+1
| | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47033 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package: Remove dependencies to kmod-ipv6Steven Barth2015-09-211-1/+1
| | | | | | | | | Since r46834, IPv6 support is builtin if selected. Therefor, dependencies on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore. Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47022 3c298f89-4303-0410-b956-a3cf2f4a3e73