aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* treewide: fix replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-1916-17/+17
| | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49379 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: Make utmp and putuline support configurable via seperate config ↵Luka Perkov2016-06-192-3/+17
| | | | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49333 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: Add ppp-mod-passwordfd subpackage to pppJohn Crispin2016-06-191-1/+19
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49274 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add conntrack support in the full variantJohn Crispin2016-06-191-6/+12
| | | | | | | | | | | | Conntrack support reads the connection track mark associated with incoming DNS queries and sets the same mark value on the upstream forwarded DNS query. This can be usefull to track traffic generated by dnsmasq to associate it with the clients who generate the queries, usefull for bandwidth accouting and firewall. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49273 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: Add procd interface triggers when interface config is specifiedJohn Crispin2016-06-192-2/+22
| | | | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49272 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: run as dedicated UID/GIDJohn Crispin2016-04-262-2/+5
| | | | | | | | | | | Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49252 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add enable parameter in the UCI DHCP host sectionHauke Mehrtens2016-04-171-0/+3
| | | | | | | | | | | Parameter allows to enable/disable static leases; by default the value is 1 to keep backwards compatibility Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49187 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49181 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49175 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48969 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: add host-specific lease time option for static hostsJohn Crispin2016-02-262-3/+5
| | | | | | | | | | | | | | | | | | | | | | | Enable setting a host-specific lease time for static hosts. The new option is called "leasetime" and the format is similar as for the default lease time: e.g. 12h, 3d, infinite Default lease time is used for all hosts for which there is no host-specific definition. The option is added to /etc/config/dhcp for the selected hosts: config host option name 'Nexus' option mac 'd8:50:66:55:59:7c' option ip '192.168.1.245' option leasetime '2h' It gets appended to /var/etc/dnsmasq.conf like this: dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48801 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: add dhcp relay optionJohn Crispin2016-02-261-0/+19
| | | | | | Signed-off-by: dbugnar <dnbugnar@ocedo.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48800 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: export tftp root to the procd jailFelix Fietkau2016-02-251-11/+17
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48761 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: only enable tftp if the tftp root existsFelix Fietkau2016-02-251-1/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48760 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldp: Upgrade to 0.9.0John Crispin2016-02-181-2/+2
| | | | | | Signed-off-by: Ben Kelly <ben@benjii.net> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48738 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48679 3c298f89-4303-0410-b956-a3cf2f4a3e73
* relayd: update to the latest version, fixes some more connectivity issues ↵Felix Fietkau2016-02-081-2/+2
| | | | | | | | (#21817) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48655 3c298f89-4303-0410-b956-a3cf2f4a3e73
* relayd: update to the latest version, fixes route table issues when ↵Felix Fietkau2016-02-051-2/+2
| | | | | | | | connecting to the router Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48635 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: remove useless TLS provider selection override for ↵Felix Fietkau2016-01-281-2/+1
| | | | | | | | wpad-mesh/wpa_supplicant-mesh Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48537 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix mesh interface bridge handlingFelix Fietkau2016-01-285-10/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48529 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-282-417/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48528 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-2842-945/+243
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48527 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Don't add local hostname if ula prefix is not specifiedJo-Philipp Wich2016-01-252-3/+3
| | | | | | | | | | | | Commit 6a7e56b adds support for adding local hostname for own lan ula adress but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1) causing dnsmasq not to start up. Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48495 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/uhttpd: generate 2048 bit RSA keyFelix Fietkau2016-01-252-2/+2
| | | | | | | | | | RSA keys should be generated with sufficient length. Using 1024 bits is considered unsafe. In other packages the used key length is 2048 bits. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48494 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: fix typo in default config for px5gFelix Fietkau2016-01-191-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48385 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48345 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48344 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add option for mbedtlsFelix Fietkau2016-01-191-0/+4
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48343 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48309 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option --min-portFelix Fietkau2016-01-152-1/+2
| | | | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the minport UCI option is specified the ports used will always be larger than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48244 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48243 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: add local hostname record for own lan ula address as wellJo-Philipp Wich2016-01-122-4/+18
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48214 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48202 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: update to version 2.3.10Felix Fietkau2016-01-115-276/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48201 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48196 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48195 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48185 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: added service_triggers() to init scriptFelix Fietkau2016-01-071-0/+4
| | | | | | | | | Follow up of #21469 This patch enables autoreloading openvpn via procd. Signed-off-by: Federico Capoano <nemesis@ninux.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48150 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48133 3c298f89-4303-0410-b956-a3cf2f4a3e73
* relayd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48129 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48122 3c298f89-4303-0410-b956-a3cf2f4a3e73
* packages: use OPENWRT_GIT to point at the main openwrt git repoFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48118 3c298f89-4303-0410-b956-a3cf2f4a3e73
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48099 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: fix configure optionsJohn Crispin2015-12-231-2/+1
| | | | | | | | | | | | | | | - eurephia: commit: Remove the --disable-eurephia configure option - fix option name: http proxy option is now called http-proxy (see configure.ac) fixes: configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47979 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/lldpd: Remove extraneous selectJohn Crispin2015-12-231-1/+0
| | | | | | | | | | Only the conditional dependency ought to be required; if build fails with JSON there is some other problem at work. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47976 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option --no-pingJohn Crispin2015-12-231-0/+1
| | | | | | | | | | By default dnsmasq sends an ICMP echo request before allocating an IP address to a host; the uci option noping allows to disable this check. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47974 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: changed option nonwildcard to --bind-dynamicFelix Fietkau2015-12-191-1/+1
| | | | | | | | | | | | | | | | Changed option nonwildcard from --bind-interfaces into --bind-dynamic. With this, Dnsmasq binds the address of individual interfaces, allowing multiple dnsmasq instances, but if new interfaces or addresses appear, it automatically listens on those. This makes dynamically created interfaces work in the same way as the default, but allows also use of other DNS-servers (like Named) at the same time on diffirent interfaces where Dnsmasq is NOT configured, whereas with --bind-interfaces will still reserve every interface even if not used and thus disallowing use of any other DNS-program even on unused interfaces. Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi> Signed-off-by: Sami Olmari <sami@olmari.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47953 3c298f89-4303-0410-b956-a3cf2f4a3e73
* network/services/lldpd: Fix missing dependency when using JSONJohn Crispin2015-12-171-0/+1
| | | | | | | | | Using the JSON output option depends on json library so add select json-c library when JSON output is selected. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47928 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add option "--all-servers"John Crispin2015-12-111-0/+1
| | | | | | | | | Add the option "--all-servers" which forces dnsmasq to send all queries to all servers and then take the first answer. Signed-off-by: Andréas Gustafsson <gurgalof@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47857 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: add STOP=01 param in init scriptFelix Fietkau2015-12-051-1/+2
| | | | | | | | | | This should ensure that lldpd is among the first processes to stop, so that it has time to send the shutdown LLDPU to the other side, before the network goes down. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47786 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-01 00:10:36 +0000