aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* wireguard: bump to 0.0.20180531 to fix flow offloadingJason A. Donenfeld2018-05-311-6/+5
| | | | | | | | | | This version bump was made upstream mostly for OpenWRT, and should fix an issue with a null dst when on the flow offloading path. While we're at it, Kevin and I are the only people actually taking care of this package, so trim the maintainer list a bit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: update packaging and patchesDaniel Golle2018-05-3137-496/+417
| | | | | | | | | | Clean up conflicts/provides/depends hell and add PROVIDES for eapol-test variants while at it. Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which allows to drop two revert-patches for upstream commits which previously were necessary to un-break mesh-DFS support. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: convert ssl provider build options to variantsDaniel Golle2018-05-252-85/+285
| | | | | | | | | | | Instead of selecting the SSL provider at compile time, build package variants for each option so users can select the binary package without having to build it themselves. Most likely not all variants have actually ever been user by anyone. We should reduce the selection to the reasonable and most used combinations at some point in future. For now, build them all. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git HEAD of 2018-05-21, allow build against wolfsslDaniel Golle2018-05-2437-296/+603
| | | | | | | Support for building wpa_supplicant/hostapd against wolfssl has been added upstream recently, add build option to allow users using it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "dnsmasq: use "hostsdir" instead of "addn-hosts""Hans Dedecker2018-05-241-1/+1
| | | | | | | | | This reverts commit a03035dad198cd4b51645ceb43c1170f9cf95f16 as it has several issues: -Host file is located in a directory which is not unique per dnsmasq instance -odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: use "hostsdir" instead of "addn-hosts"Christian Schoenebeck2018-05-231-1/+1
| | | | | | | 1.) "addn-hosts" per default point to a file (but it supports directory) 2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* mbedtls: update to version 2.9.0Hauke Mehrtens2018-05-221-1/+1
| | | | | | | | The soversion was changed in this version again and is now aligned with the 2.7.2 version. The size of the ipkg file stayed mostly the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: bump to 20180519Jason A. Donenfeld2018-05-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * chacha20poly1305: add mips32 implementation "The OpenWRT Commit" - this significantly speeds up performance on cheap plastic MIPS routers, and presumably the remaining MIPS32r2 super computers out there. * timers: reinitialize state on init * timers: round up instead of down in slack_time * timers: remove slack_time * timers: clear send_keepalive timer on sending handshake response * timers: no need to clear keepalive in persistent keepalive Andrew He and I have helped simplify the timers and remove some old warts, making the whole system a bit easier to analyze. * tools: fix errno propagation and messages Error messages are now more coherent. * device: remove allowedips before individual peers This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with many peers would grind when deleting the interface. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: fix IEEE 802.11r (fast roaming) defaultsGospod Nassa2018-05-181-21/+27
| | | | | | | | | | | | | | | | | | | | | | | Use ft_psk_generate_local=1 by default, as it makes everything else fairly trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd fairly much does it all for us. We do need to provide nas_identifier, which can be derived from the BSSID, and we need to generate a mobility_domain, for which we default to the first four chars of the md5sum of the SSID. The complex manual setup should also still work, but the defaults also now work easily out of the box. Verified by manually running hostapd (with the autogenerated config) and watching the debug output: wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake This was previous submitted to LEDE in https://github.com/lede-project/source/pull/1382 [dwmw2: Rewrote commit message] Signed-off-by: Gospod Nassa <devianca@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* wireguard: no longer need portability patchKevin Darbyshire-Bryant2018-05-182-19/+1
| | | | | | | | | Drop package/network/services/wireguard/patches/100-portability.patch Instead pass 'PLATFORM=linux' to make since we are always building FOR linux. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20180514Kevin Darbyshire-Bryant2018-05-172-9/+10
| | | | | | | | | | | | | | | 52be69b version: bump snapshot 4884b45 ncat-client-server: add wg-quick variant a333551 wg-quick: add darwin implementation f5bf84d compat: backport for OpenSUSE 15 fe1ae1b wg-quick: add wg symlink ecc1c5f wg-quick: add android implementation 3e6bb79 tools: reorganize for multiplatform wg-quick b289d12 allowedips: Fix graphviz output after endianness patch Refresh cross compile compatibility patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: Add support for ip6prefix config optionToke Høiland-Jørgensen2018-05-151-0/+6
| | | | | | | | | | | | This makes it easier to distribute prefixes over a wireguard tunnel interface, by simply setting the ip6prefix option in uci (just like with other protocols). Obviously, routing etc needs to be setup properly for things to work; this just adds the config option so the prefix can be assigned to other interfaces. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* hostapd: fix VHT80 for encrypted mesh channel settingsSven Eckelmann2018-05-142-1/+46
| | | | | | | | | | | | | | | | | | | The max_oper_chwidth settings was parsed incorrectly for big endian system. This prevented the system to switch to VHT80 (or VHT160). Instead they were mapped to: * HT20: 20MHz * VHT20: 20MHz * HT40: 40MHz * VHT40: 40MHz * VHT80: 40MHz * VHT160: 40MHz This happened because each max_oper_chwidth setting in the config file was parsed as "0" instead of the actual value. Fixes: a4322eba2b12 ("hostapd: fix encrypted mesh channel settings") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* hostapd: fix mesh+APDaniel Golle2018-05-1415-220/+171
| | | | | | | | Fix encrypted (or DFS) AP+MESH interface combination in a way similar to how it's done for AP+STA and fix netifd shell script. Refresh patches while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: bump to 0.0.20180513Kevin Darbyshire-Bryant2018-05-141-2/+2
| | | | | | | | | | | | | | | | | | | 6b4a340 version: bump snapshot faa2103 compat: don't clear header bits on RHEL 4014532 compat: handle RHEL 7.5's recent backports 66589bc queueing: preserve pfmemalloc header bit 37f114a chacha20poly1305: make gcc 8.1 happy 926caae socket: use skb_put_data 724d979 wg-quick: preliminary support for go implementation c454c26 allowedips: simplify arithmetic 71d44be allowedips: produce better assembly with unsigned arithmetic 5e3532e allowedips: use native endian on lookup 856f105 allowedips: add selftest for allowedips_walk_by_peer 41df6d2 embeddable-wg-library: zero attribute padding 9a1bea6 keygen-html: add zip file example f182b1a qemu: retry on 404 in wget for kernel.org race Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to 2.80test2Kevin Darbyshire-Bryant2018-05-1212-8/+1172
| | | | | | | | | | | | | | | | | | | Refresh patches and backport upstream to current HEAD: 1f1873a Log warning on very large cachesize config, instead of truncating it. 0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup. e27825b Fix logging in previous. 1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible. a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries. 34e26e1 Retry query to other servers on receipt of SERVFAIL rcode. 6b17335 Add packet-dump debugging facility. 07ed585 Add logging for DNS error returns from upstream and local configuration. 0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set. f84e674 Be persistent with broken-upstream-DNSSEC warnings. Compile & run tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add specific interface procd triggershux2018-05-112-2/+14
| | | | | | | | | | | | | | | | | | Right now interface.update events are sent out by netifd upon interface state, route, address (lifetime), prefix lifetime changes. Dnsmasq is only interested in interface state changes and currently adds an interface trigger for all the "interface.*" events. In combination with commit 23bba9cb330, which triggers a SIGHUP signal to dnsmasq, IPv6 address/prefix lifetime changes on the wan will trigger dnsmasq reloads which can become frequent in case of shorter lifetimes. To avoid frequent dnsmasq reload, this patch adds specific interface triggers. During dnsmasq init it loops dhcp uci section; if the value of the ignore option is set to 0, then the corresponding interface trigger is not installed. Otherwise, if the ignore option value is 1, then procd_add_interface_trigger is called which adds the interface trigger. Signed-off-by: hux <xinxing.huchn@gmail.com>
* igmpproxy: bump to 0.2.1Kevin Darbyshire-Bryant2018-05-0710-679/+4
| | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Point at github which is new, maintained location for igmpproxy. Remove all patches as all have been upstreamed. Closes FS#1456 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* igmpproxy: fix creation of firewall rulesJaap Buurman2018-05-073-9/+14
| | | | | | | | The init sccript for igmpproxy uses the option 'network' both as an interface name for fetching the l3_device name and for creating the firewall rules. This only works if the name of the network and firewall zone are identical. This commit introduces a new option 'zone' for configuring the upstream and downstream firewall zones in order for the init script to create the required firewall rules automatically. When no such options are given, the init script falls back to not creating the firewall rules and the user can opt to create these manually. Signed-off-by: Jaap Buurman <jaapbuurman@gmail.com>
* hostapd: add channel utilization as config optionNick Hainke2018-05-071-2/+7
| | | | | | Add the channel utilization as hostapd configuration option. Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: fix a mesh mode crash with CONFIG_TAXONOMY enabledFelix Fietkau2018-05-031-0/+23
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: add hotplug supportRosy Song2018-05-023-0/+114
| | | | | | | | Add hotplug handle script for storage devices, this will add corresponding option in the /etc/config/samba file automatically. Signed-off-by: Rosy Song <rosysong@rosinson.com>
* odhcpd: update to latest git HEADHans Dedecker2018-04-231-4/+4
| | | | | | | 4136529 dhcpv6-ia: keep tentative assignments alive for a short time 200cc8f dhcpv6-ia: make assignment lookup more strict Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 20180420Kevin Darbyshire-Bryant2018-04-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | 7cc2668 version: bump snapshot 860c7c7 poly1305: do not place constants in different sections 5f1e4ca compat: remove unused dev_recursion_level backport 7e4b991 blake2s: remove unused helper 13225fc send: simplify skb_padding with nice macro a1525bf send: account for route-based MTU bbb2fde wg-quick: account for specified fwmark in auto routing mode c452105 qemu: bump default version dbe5223 version: bump snapshot 1d3ef31 chacha20poly1305: put magic constant behind macro cdc164c chacha20poly1305: add self tests from wycheproof 1060e54 curve25519: add self tests from wycheproof 0e1e127 wg-quick.8: fix typo 2b06b8e curve25519: precomp const correctness 8102664 curve25519: memzero in batches 1f54c43 curve25519: use cmov instead of xor for cswap fa5326f curve25519: use precomp implementation instead of sandy2x 9b19328 compat: support OpenSUSE 15 3102d28 compat: silence warning on frankenkernels 8f64c61 compat: stable kernels are now receiving b87b619 62127f9 wg-quick: hide errors on save Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: fix encrypted mesh channel settingsDaniel Golle2018-04-205-1/+226
| | | | | | | | | | | | | | | Import two patches from Peter Oh to allow setting channel bandwidth in the way it already works for managed interfaces. This fixes mesh interfaces on 802.11ac devices always coming up in VHT80 mode. Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which also skips secondary channel scan just like noscan works in AP mode. This time also make sure to add all files to the patch before committing it... Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "hostapd: fix encrypted mesh channel settings"Felix Fietkau2018-04-205-213/+1
| | | | | | | This reverts commit 7f52919a2f2894125b4dca611eb2d30181af7e0b, which is currently breaking the builds and needs to be reworked Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix encrypted mesh channel settingsDaniel Golle2018-04-205-1/+213
| | | | | | | | | | | | Import two patches from Peter Oh to allow setting channel bandwidth in the way it already works for managed interfaces. This fixes mesh interfaces on 802.11ac devices always coming up in VHT80 mode. Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which also skips secondary channel scan just like noscan works in AP mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to latest git HEAD (FS#1457)Hans Dedecker2018-04-191-4/+4
| | | | | | dcfc06a router: fix managed address configuration setting Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: mesh: make forwarding configurableDaniel Golle2018-04-183-2/+245
| | | | | | | | | | | For unencrypted mesh networks our scripts take care of setting the various mesh_param values. wpa_supplicant changes somes of them when being used for SAE encrypted mesh and previously didn't allow configuring any of them. Add support for setting mesh_fwding (which has to be set to 0 when using other routing protocols on top of 802.11s) and update our script to pass the value to wpa_supplicant. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: bump to 1.0.1Stijn Tintel2018-04-151-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix compile of -mini variantsDaniel Golle2018-04-131-0/+23
| | | | | | Fixes commit d88934aa5a (hostapd: update to git snapshot of 2018-04-09) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git snapshot of 2018-04-09Daniel Golle2018-04-1332-76/+1085
| | | | | | | | | And import patchset to allow 802.11s mesh on DFS channels, see also http://lists.infradead.org/pipermail/hostap/2018-April/038418.html Fix sae_password for encryption mesh (sent upstream as well). Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: remove example domains from rfc6761.conf (FS#1447)Hans Dedecker2018-04-092-5/+1
| | | | | | | | | | | | RFC6771 does not exclude the forwarding of the example domain as it states : "Caching DNS servers SHOULD NOT recognize example names as special and SHOULD resolve them normally." Example domains cannot be assigned to any user or person by DNS registrars as they're registered in perpetuity to IANA meaning they can be resolved; therefore let's remove the example domains from the rfc6761.conf file. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2018-04-091-4/+4
| | | | | | 31f217f router: improve RFC7084 compliancy Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba36: fix some security problemsHauke Mehrtens2018-04-038-3/+322
| | | | | | | | | | This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "ppp: make ppp-multilink provide ppp"Felix Fietkau2018-03-291-10/+9
| | | | | | | | | | opkg currently has some issues with Provides and this change makes the image builder fail because of that. Revert the change for now until opkg is fixed This reverts commit 092d75aa3e86db8331fffdbd0a99987df9dc438b. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-2735-1530/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: improve init script portability (FS#1446)Hans Dedecker2018-03-242-2/+2
| | | | | | | | | | | | | Improve portability of init script by declaring resolvfile as local in dnsmasq_stop function. Fixes resolvfile being set for older busybox versions in dnsmasq_start in a multi dnsmasq instance config when doing restart; this happens when the last instance has a resolvfile configured while the first instance being started has noresolv set to 1. Base on a patch by "Phil" Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: remove deprecated config optionsHans Dedecker2018-03-202-8/+1
| | | | | | | | Remove deprecated config options in 2.5 as described in [0] [0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to 2.79 releaseKevin Darbyshire-Bryant2018-03-191-3/+3
| | | | | | | 94b6878 Tidy crypto.c of old library compat. Now need libnettle 3. 8b96552 Fix compiler warning. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openvpn: add config param verify_client_certChristian Bayer2018-03-172-1/+2
| | | | | | | | | Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5. Replaced by param --verify-client-cert none|optional|require in v2.4 see https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required Signed-off-by: Christian Bayer <cave@cavebeat.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
* dnsmasq: bump to 2.79rc2Hans Dedecker2018-03-131-2/+2
| | | | | | | | | | | | | | | | | | ae29065 Fix debian/changelog syntax. 6b2b564 Enhance --synth-domain to allow names with sequential integers. 4f7bb57 Fix deletion of dhcp-options from inotify dynamic files. 56f0623 Allow trailing dot in CNAME. f3223fb Fix nettle_hash() function to avoid ABI incompatibilities. 4c4f4c2 Debian dependency tweaking for new dnsmasq-base-lua package. 773af30 Man page typo fix. 4cc944b Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq 87e00fe Compiler warning fixes. e7a4af8 Compiler warning fixes. 2d69d61 Add liblua-dev to Debian build-depends. 30e4a94 Debian package: add dnsmasq-base-lua binary package. 232a8f3 Merge messages for release. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: make ppp-multilink provide pppFelix Fietkau2018-03-121-9/+10
| | | | | | Fixes dependencies on ppp from other packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to 2.4.5Magnus Kroken2018-03-094-24/+19
| | | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wireguard: bump to 20180304Jason A. Donenfeld2018-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7c0d711 version: bump snapshot b6a5cc0 contrib: add extract-handshakes kprobe example 37dc953 wg-quick: if resolvconf/run/iface exists, use it 1f9be19 wg-quick: if resolvconf/interface-order exists, use it 4d2d395 noise: align static_identity keys 14395d2 compat: use correct -include path 38c6d8f noise: fix function prototype 302d0c0 global: in gnu code, use un-underscored asm ff4e06b messages: MESSAGE_TOTAL is unused ea81962 crypto: read only after init e35f409 Kconfig: require DST_CACHE explicitly 9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript" 6e09a46 contrib: keygen-html: rewrite in pure javascript e0af0f4 compat: workaround netlink refcount bug ec65415 contrib: embedded-wg-library: add key generation functions 06099b8 allowedips: fix comment style ce04251 contrib: embedded-wg-library: add ability to add and del interfaces 7403191 queueing: skb_reset: mark as xnet Changes: * queueing: skb_reset: mark as xnet This allows cgroups to classify packets. * contrib: embedded-wg-library: add ability to add and del interfaces * contrib: embedded-wg-library: add key generation functions The embeddable library gains a few extra tricks, for people implementing plugins for various network managers. * crypto: read only after init * allowedips: fix comment style * messages: MESSAGE_TOTAL is unused * global: in gnu code, use un-underscored asm * noise: fix function prototype Small cleanups. * compat: workaround netlink refcount bug An upstream refcounting bug meant that in certain situations it became impossible to unload the module. So, we work around it in the compat code. The problem has been fixed in 4.16. * contrib: keygen-html: rewrite in pure javascript * Revert "contrib: keygen-html: rewrite in pure javascript" We nearly moved away from emscripten'ing the fiat32 code, but the resultant floating point javascript was just too terrifying. * Kconfig: require DST_CACHE explicitly Required for certain frankenkernels. * compat: use correct -include path Fixes certain out-of-tree build systems. * noise: align static_identity keys Gives us better alignment of private keys. * wg-quick: if resolvconf/interface-order exists, use it * wg-quick: if resolvconf/run/iface exists, use it Better compatibility with Debian's resolvconf. * contrib: add extract-handshakes kprobe example Small utility for extracting ephemeral key data from the kernel's memory. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
* hostapd: do not register ubus objects for mesh interfacesFelix Fietkau2018-02-241-0/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: fix build (issue #5574)Jakub Tymejczyk2018-02-241-0/+1
| | | | | | | | | | | | As indicated in #5574 samba fails to build with linker error due to lack of talloc_* functions when the packet libtalloc also gets build. According to Makefile it is compiled with "--without-libtalloc" option. Running ./configure --help shows that there is another option connected to libtalloc: --enable/disable-external-libtalloc. Adding this option fixes build. Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
* hostapd: add support for sending 802.11v disassoc imminent notifications to ↵Felix Fietkau2018-02-211-0/+97
| | | | | | clients via ubus Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for issuing 802.11k beacon measurement requests via ubusFelix Fietkau2018-02-211-0/+90
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: expose client 802.11k capabilities via ubusFelix Fietkau2018-02-211-0/+6
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>