aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: reorganize config selection hierarchy for WPA3Adrian Schmutzler2020-07-311-16/+18
| | | | | | | | | | | | | | | | | | The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is exceptionally hard to read. This tries to make things a little easier by inverting the hierarchy of the conditions, so SSL_VARIANT is checked first and LOCAL_VARIANT is checked second. This exploits the fact that some of the previous conditions were unnecessary, e.g. there is no hostapd-mesh*, so we don't need to exclude this combination. It also should make it a little easier to see which options are actually switched by SSL_VARIANT and which by LOCAL_VARIANT. The patch is supposed to be cosmetic. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: improve TITLE for packagesAdrian Schmutzler2020-07-301-27/+33
| | | | | | | | | | | | | | For a few packages, the current TITLE is too long, so it is not displayed at all when running make menuconfig. Despite, there is no indication of OpenSSL vs. wolfSSL in the titles. Thus, this patch adjusts titles to be generally shorter, and adds the SSL variant to it. While at it, make things easier by creating a shared definition for eapol-test like it's done already for all the other flavors. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: update mesh DFS patches and add mesh HE supportDaniel Golle2020-07-3034-190/+1440
| | | | | | | | | | | | | | | | Drop outdated and by now broken patchset originally supplied by Peter Oh in August 2018 but never merged upstream. Instead add the more promissing rework recently submitted by Markus Theil who picked up Peter's patchset, fixed and completed it and added support for HE (802.11ax) in mesh mode. This is only compile tested and needs some real-life testing. Fixes: FS#3214 Fixes: 167028b750 ("hostapd: Update to version 2.9 (2019-08-08)") Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Fixes: 017320ead3 ("hostapd: bring back mesh patches") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openvpn: Allow override of interface nameMichal Hrusecky2020-07-232-2/+37
| | | | | | | | | | | If using a configuration file for OpenVPN, allow overriding name of the interface. The reason is that then people could use configuration file provided by VPN provider directly and override the name of the interface to include it in correct firewall zone without need to alter the configuration file. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
* openpvn: Split out config parsing code for reuseMichal Hrusecky2020-07-233-13/+23
| | | | | | | | Split out code that parses openvpn configuration file into separate file that can be later included in various scripts and reused. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit 86d8467c8ab792c79809a08c223dd9d40da6da2e)
* umdns: fix compiling using gcc 10Kevin Darbyshire-Bryant2020-07-221-3/+3
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: enter DFS state if no available channel is foundDavid Bauer2020-07-201-0/+37
| | | | | | | | | | | Previously hostapd would not stop transmitting when a DFS event was detected and no available channel to switch to was available. Disable and re-enable the interface to enter DFS state. This way, TX does not happen until the kernel notifies hostapd about the NOP expiring. Signed-off-by: David Bauer <mail@david-bauer.net>
* dnsmasq: bump to 2.82Kevin Darbyshire-Bryant2020-07-202-13/+13
| | | | | | | | | This fixes a nasty problem introduced in 2.81 which causes random crashes on systems where there's significant DNS activity over TCP. It also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS records. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 1.0.20200712Jason A. Donenfeld2020-07-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release brings parity with the commits Linus released a few hours ago into 5.8-rc5. * receive: account for napi_gro_receive never returning GRO_DROP The napi_gro_receive function no longer returns GRO_DROP ever, making handling GRO_DROP dead code. This commit removes that dead code. Further, it's not even clear that device drivers have any business in taking action after passing off received packets; that's arguably out of their hands. * device: implement header_ops->parse_protocol for AF_PACKET WireGuard uses skb->protocol to determine packet type, and bails out if it's not set or set to something it's not expecting. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and wireguard then rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. * queueing: make use of ip_tunnel_parse_protocol Now that wg_examine_packet_protocol has been added for general consumption as ip_tunnel_parse_protocol, it's possible to remove wg_examine_packet_protocol and simply use the new ip_tunnel_parse_protocol function directly. * compat: backport ip_tunnel_parse_protocol and ip_tunnel_header_ops These are required for moving wg_examine_packet_protocol out of wireguard and into upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dropbear: make rsa-sha2-256 pubkeys usable againPetr Štetiar2020-07-071-0/+40
| | | | | | | | | | | | | Upstream in commit 972d723484d8 ("split signkey_type and signature_type for RSA sha1 vs sha256") has added strict checking of pubkey algorithms which made keys with SHA-256 hashing algorithm unusable as they still reuse the `ssh-rsa` public key format. So fix this by disabling the check for `rsa-sha2-256` pubkeys. Ref: https://tools.ietf.org/html/rfc8332#section-3 Fixes: d4c80f5b172e ("dropbear: bump to 2020.80") Tested-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: bump to latest git HEADHans Dedecker2020-07-021-3/+3
| | | | | | 5da5299 odhcpd: fix compilation with GCC10 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: bump to 2020.80Hans Dedecker2020-06-304-78/+2
| | | | | | | | | - drop patches (applied upstream) * 001-backport_GNU_SOURCE-for-random.patch * 002-backport-move-GNU_SOURCE-earlier.patch * 010-backport-disable-toom-and-karatsuba.patch Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: init: replace backticks with $()Rui Salvaterra2020-06-301-3/+3
| | | | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> [add commit description] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dropbear: fix compilation for uClibcHans Dedecker2020-06-242-0/+59
| | | | | | | | | | | | | | | Backport patches which fix compile issue for uClibc-ng : dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration] ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK); ^~~~~~~~~ genrandom dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'? ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK); ^~~~~~~~~~~~~ SOCK_NONBLOCK Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 1.0.20200623Jason A. Donenfeld2020-06-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * compat: drop centos 8.1 support as 8.2 is now out Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at <https://www.wireguard.com/build-status/>. * Kbuild: remove -fvisibility=hidden from cflags This fixes an issue when compiling wireguard as a module for ARM kernels in THUMB2 mode without the JUMP11 workaround. * noise: do not assign initiation time in if condition Style fix. * device: avoid circular netns references Fixes a circular reference issue with network namespaces. * netns: workaround bad 5.2.y backport This works around a back backport in the 5.2.y series. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* igmpproxy: remove some bashismSven Roederer2020-06-231-3/+5
| | | | | | | | | | | | "[[" is a bash extension for test. As the ash-implementation is not fully compatible we drop its usage. This follows up 3519bf4976b41c As a result, we also need to move the and/or out of the test brackets. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> [squash from two patches, adjust commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dropbear: bump to 2020.79Konstantin Demin2020-06-219-3722/+36
| | | | | | | | | | | | | | | | | | | | | - drop patches (applied upstream): * 010-backport-change-address-logging.patch * 020-backport-ed25519-support.patch * 021-backport-chacha20-poly1305-support.patch - backport patches: * 010-backport-disable-toom-and-karatsuba.patch: reduce dropbear binary size (about ~8Kb). - refresh patches. - don't bother anymore with following config options because they are disabled in upstream too: * DROPBEAR_3DES * DROPBEAR_ENABLE_CBC_MODE * DROPBEAR_SHA1_96_HMAC - explicitly disable DO_MOTD as it was before commit a1099ed: upstream has (accidentally) switched it to 0 in release 2019.77, but reverted back in release 2020.79. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* hostapd: fix compilation of wpa_supplicantKarel Kočí2020-06-181-4/+4
| | | | | | | | | | | | | Ubus patch as it seems have been broken by some rebase in the past as the location of line that adds ubus object file was in condition for CONFIG_MACSEC. That condition was adding object files that are not touched by ubus patch. This means ubus.o does not have to be included in that case. When it has to be and when build fails is when CONFIG_AP is set. All files included in wpa_supplicant that are touched by this patch are in this condition. This means that this is for sure the original place for it. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* openvpn: add generic hotplug mechanismFlorian Eckert2020-06-176-8/+81
| | | | | | | | | | | | | | | | | | | Pass a default --up and --down executable to each started OpenVPN instance which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance goes up or down. User-configured up and down scripts are invoked by the default shipped 01-user hotplug handler to ensure that existing setups continue to work as before. As a consequence of this change, the up, down and script_security OpenVPN options are removed from the option file, since we're always passing them via the command line, they do not need to get included into the generated configuration. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [reword commit message, move hotplug executable to /usr/libexec] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: hostapd_set_psk_file: fix defaut value for macJohann Neuhauser2020-06-131-1/+1
| | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Bringing up of station vlan fails if the optional mac entry isn't set. The default mac "00:00:00:00:00:00", which should match all stations, is mistakenly set to the non used variable "isolate". This results in a wrong formatted .psk file which has to be "vlan_id mac key". fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
* odhcpd: remove bogus IPKG_INSTROOT referenceKevin Darbyshire-Bryant2020-06-112-2/+2
| | | | | | | | | IPKG_INSTROOT is only set under image builder and we won't be running this script at build time either, so remove the reference before it gets cargo-culted into other scripts. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add config symbol for allowing drivers to enable 802.11ax supportFelix Fietkau2020-06-103-0/+14
| | | | | | Also expose a build feature for it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5Petr Štetiar2020-06-0923-113/+113
| | | | | | | | | | | | | Bump to latest Git and refresh all patches in order to get fix for "UPnP SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695). General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Ref: https://w1.fi/security/2020-1/ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* umdnsd: update to latest git HEADKevin Darbyshire-Bryant2020-06-081-3/+3
| | | | | | | | d13290b Fix advertised IPv6 addresses Don't just serve link-local addresses via mdns, offer all. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: silence rmStijn Tintel2020-06-081-2/+2
| | | | | | | | | | | | When bringing up wifi the first time after boot, these warnings appear: netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory Silence them by adding the "-f" option to rm. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: John Crispin <john@phrozen.org>
* hostapd: add support for wifi-station and wifi-vlan sectionsJohn Crispin2020-06-041-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for 2 new uci sections. config wifi-vlan # iface is optional. if it is not defined the vlan will apply # to all interfaces option iface default_radio0 option name guest option vid 100 option network guest config wifi-station # iface is optional. if it is not defined the station will apply # to all interfaces option iface default_radio0 # mac is optional. if it is not defined it will be a catch all # for any sta using this key option mac '00:11:22:33:44:55' # vid is optional. if it is not defined, the sta will be part of # the primary iface. option vid 100 option key testtest With this patch applied it is possible to use multiple PSKs on a single BSS. Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: add /etc/dnsmasq.d/ to conffilesSven Roederer2020-06-031-1/+2
| | | | | | This directory can hold configuration-snippets which should also included in the backup. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* uhttpd: fix script timeoutDaniel Golle2020-06-031-3/+3
| | | | | | 939c281 proc: do not cancel script killing after writing headers Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ppp: update to version 2.4.8.git-2020-05-25Hans Dedecker2020-05-3111-170/+20
| | | | | | | | | | | | | | ddd57c2 pppd: Add lcp-echo-adaptive option c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148) 0bc11fb Added missing options to manual pages. (#149) b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp c78e312 pppd: linux: use monotonic time if possible Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted Remove patch 206-compensate_time_change.patch as timewrap issues are solved by a patch making use of monotonic time Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add ed25519 and chacha20-poly1305Vladislav Grishenko2020-05-305-3/+3613
| | | | | | | | | | | | - add Ed25519 support (backport): * DROPBEAR_ED25519 option for ssh-ed25519, * disabled by default - add Chacha20-Poly1305 support (backport): * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com, * enabled by default - update feature costs in binary size Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
* hostapd: Add disable_vht when using NOHT/HT* modesEnrique Rodríguez Valencia2020-05-281-1/+2
| | | | | | disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes. Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
* hostapd: add WEP as queryable build featureDavid Bauer2020-05-221-0/+4
| | | | | | | | | | | Commit 472fd98c5b12 ("hostapd: disable support for Wired Equivalent Privacy by default") made support for WEP optional. Expose the WEP support to LuCi or other userspace tools using the existing interface. This way they are able to remove WEP from the available ciphers if hostapd is built without WEP support. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: bring back mesh patchesDaniel Golle2020-05-2128-108/+792
| | | | | | | | | | | | | Bring back 802.11s mesh features to the level previously available before the recent hostapd version bump. This is mostly to support use of 802.11s on DFS channels, but also making mesh forwarding configurable which is crucial for use of 802.11s MAC with other routing protocols, such as batman-adv, on top. While at it, fix new compiler warning by adapting 700-wifi-reload.patch to upstream changes, now building without any warnings again. Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: bump to 1.0.20200520Jason A. Donenfeld2020-05-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version has the various slew of bug fixes and compat fixes and such, but the most interesting thing from an OpenWRT perspective is that WireGuard now plays nicely with cake and fq_codel. I'll be very interested to hear from OpenWRT users whether this makes a measurable difference. Usual set of full changes follows. This release aligns with the changes I sent to DaveM for 5.7-rc7 and were pushed to net.git about 45 minutes ago. * qemu: use newer iproute2 for gcc-10 * qemu: add -fcommon for compiling ping with gcc-10 These enable the test suite to compile with gcc-10. * noise: read preshared key while taking lock Matt noticed a benign data race when porting the Linux code to OpenBSD. * queueing: preserve flow hash across packet scrubbing * noise: separate receive counter from send counter WireGuard now works with fq_codel, cake, and other qdiscs that make use of skb->hash. This should significantly improve latency spikes related to buffer bloat. Here's a before and after graph from some data Toke measured: https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png * compat: support RHEL 8 as 8.2, drop 8.1 support * compat: support CentOS 8 explicitly * compat: RHEL7 backported the skb hash renamings The usual RHEL churn. * compat: backport renamed/missing skb hash members The new support for fq_codel and friends meant more backporting work. * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4 The main motivation for releasing this now: three stable kernels were released at the same time, with a patch that necessitated updating in our compat layer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: disable support for Wired Equivalent Privacy by defaultPetr Štetiar2020-05-212-0/+14
| | | | | | | | | | | | | | | | | | | Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional build parameter") has made WEP functionality an optional build parameter disabled as default, because WEP should not be used for anything anymore. As a step towards removing it completely, they moved all WEP related functionality behind CONFIG_WEP blocks and disabled it by default. This functionality is subject to be completely removed in a future release. So follow this good security advice, deprecation notice and disable WEP by default, but still allow custom builds with WEP support via CONFIG_WPA_ENABLE_WEP config option till upstream removes support for WEP completely. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848edPetr Štetiar2020-05-2147-1327/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump package to latest upstream Git HEAD which is commit dd2daf0848ed ("HE: Process HE 6 GHz band capab from associating HE STA"). Since last update there was 1238 commits done in the upstream tree with 618 files changed, 53399 insertions, 24928 deletions. I didn't bothered to rebase mesh patches as the changes seems not trivial and I don't have enough knowledge of those parts to do/test that properly, so someone else has to forward port them, ideally upstream them so we don't need to bother anymore. I've just deleted them for now: 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch 007-mesh-apply-channel-attributes-before-running-Mesh.patch 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch 013-mesh-do-not-allow-pri-sec-channel-switch.patch 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch 016-mesh-fix-channel-switch-error-during-CAC.patch 018-mesh-make-forwarding-configurable.patch Refreshed all other patches, removed upstreamed patches: 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch 090-wolfssl-fix-crypto_bignum_sum.patch 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch 800-usleep.patch Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: backport wolfssl bignum fixesDaniel Golle2020-05-164-1/+107
| | | | | | | | crypto_bignum_rand() use needless time-consuming filtering which resulted in SAE no longer connecting within time limits. Import fixes from hostap upstream to fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* umdns: re-enable address-of-packed-member warningKevin Darbyshire-Bryant2020-05-101-1/+1
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: hotplug script tidyupKevin Darbyshire-Bryant2020-05-102-6/+3
| | | | | | | | Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive. Re-arrange script to only source 'procd' if we get to the stage of needing to signal the process, reduce hotplug processing load a little. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* lldpd: add management IP settingDaniel A. Maierhofer2020-05-083-2/+10
| | | | | | | | | | | | | add option to set management IP pattern also add missing 'unconfigure system hostname' for example pattern '!192.168.1.1' makes it possible that WAN IP is selected instead of LAN IP Signed-off-by: Daniel A. Maierhofer <git@damadmai.at> [grammar and spelling fixes in commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: RemoveRosen Penev2020-05-0841-32012/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Samba 3.6 is completely unsupported, in addition to having tons of patches It also causes kernel panics on some platforms when sendfile is enabled. Example: https://github.com/gnubee-git/GnuBee_Docs/issues/45 I have reproduced on ramips as well as mvebu in the past. Samba 4 is an alternative available in the packages repo. cifsd is a lightweight alternative available in the packages repo. It is also a faster alternative to both Samba versions (lower CPU usage). It was renamed to ksmbd. To summarize, here are the alternatives: - ksmbd + luci-app-cifsd - samba4 + luci-app-samba4 Signed-off-by: Rosen Penev <rosenp@gmail.com> [drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: bump to 1.0.20200506Jason A. Donenfeld2020-05-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * compat: timeconst.h is a generated artifact Before we were trying to check for timeconst.h by looking in the kernel source directory. This isn't quite correct on configurations in which the object directory is separate from the kernel source directory, for example when using O="elsewhere" as a make option when building the kernel. The correct fix is to use $(CURDIR), which should point to where we want. * compat: use bash instead of bc for HZ-->USEC calculation This should make packaging somewhat easier, as bash is generally already available (at least for dkms), whereas bc isn't provided by distros by default in their build meta packages. * socket: remove errant restriction on looping to self It's already possible to create two different interfaces and loop packets between them. This has always been possible with tunnels in the kernel, and isn't specific to wireguard. Therefore, the networking stack already needs to deal with that. At the very least, the packet winds up exceeding the MTU and is discarded at that point. So, since this is already something that happens, there's no need to forbid the not very exceptional case of routing a packet back to the same interface; this loop is no different than others, and we shouldn't special case it, but rather rely on generic handling of loops in general. This also makes it easier to do interesting things with wireguard such as onion routing. At the same time, we add a selftest for this, ensuring that both onion routing works and infinite routing loops do not crash the kernel. We also add a test case for wireguard interfaces nesting packets and sending traffic between each other, as well as the loop in this case too. We make sure to send some throughput-heavy traffic for this use case, to stress out any possible recursion issues with the locks around workqueues. * send: cond_resched() when processing tx ringbuffers Users with pathological hardware reported CPU stalls on CONFIG_ PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning these workers would never terminate. That turned out not to be okay on systems without forced preemption. This commit adds a cond_resched() to the bottom of each loop iteration, so that these workers don't hog the core. We don't do this on encryption/decryption because the compat module here uses simd_relax, which already includes a call to schedule in preempt_enable. * selftests: initalize ipv6 members to NULL to squelch clang warning This fixes a worthless warning from clang. * send/receive: use explicit unlikely branch instead of implicit coalescing Some code readibility cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ppp: Fix mirror hashHauke Mehrtens2020-05-061-1/+1
| | | | | Fixes: ae06a650d680 ("ppp: update to version 2.4.8.git-2020-03-21") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* odhcpd: update to latest git HEAD (FS#3056)Hans Dedecker2020-05-041-3/+3
| | | | | | 5ce0770 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 1.0.20200429Jason A. Donenfeld2020-04-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * compat: support latest suse 15.1 and 15.2 * compat: support RHEL 7.8's faulty siphash backport * compat: error out if bc is missing * compat: backport hsiphash_1u32 for tests We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04. * compat: include sch_generic.h header for skb_reset_tc A fix for a compiler error on kernels with weird configs. * compat: import latest fixes for ptr_ring * compat: don't assume READ_ONCE barriers on old kernels * compat: kvmalloc_array is not required anyway ptr_ring.h from upstream was imported, with compat modifications, to our compat layer, to receive the latest fixes. * compat: prefix icmp[v6]_ndo_send with __compat Some distros that backported icmp[v6]_ndo_send still try to build the compat module in some corner case circumstances, resulting in errors. Work around this with the usual __compat games. * compat: ip6_dst_lookup_flow was backported to 3.16.83 * compat: ip6_dst_lookup_flow was backported to 4.19.119 Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels, causing breaking in our compat module, which these changes fix. * git: add gitattributes so tarball doesn't have gitignore files Distros won't need to clean this up manually now. * crypto: do not export symbols These don't do anything and only increased file size. * queueing: cleanup ptr_ring in error path of packet_queue_init Sultan Alsawaf reported a memory leak on an error path. * main: mark as in-tree Now that we're upstream, there's no need to set the taint flag. * receive: use tunnel helpers for decapsulating ECN markings ECN markings are now decapsulated using RFC6040 instead of the old RFC3168. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: always inform about disabled dhcp servicePetr Štetiar2020-04-301-6/+6
| | | | | | | | | | | | | | | | | Init script checks for an already active DHCP server on the interface and if such DHCP server is found, then it logs "refusing to start DHCP" message, starts dnsmasq without DHCP service unless `option force 1` is set and caches the DHCP server check result. Each consecutive service start then uses this cached DHCP server check result, but doesn't provide log feedback about disabled DHCP service anymore. So this patch ensures, that the log message about disabled DHCP service on particular interface is always provided. Acked-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wpad-wolfssl: fix crypto_bignum_sub()Antonio Quartulli2020-04-281-0/+26
| | | | | | | | | | | | | | Backport patch from hostapd.git master that fixes copy/paste error in crypto_bignum_sub() in crypto_wolfssl.c. This missing fix was discovered while testing SAE over a mesh interface. With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with wpad-mesh-wolfssl. Cc: Sean Parkinson <sean@wolfssl.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* relayd: bump to version 2020-04-25Kevin Darbyshire-Bryant2020-04-261-3/+3
| | | | | | | | f4d759b dhcp.c: further improve validation Further improve input validation for CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* umdns: update to version 2020-04-25Kevin Darbyshire-Bryant2020-04-261-3/+3
| | | | | | | | | | | cdac046 dns.c: fix input validation fix Due to a slight foobar typo, failing to de-reference a pointer, previous fix not quite as complete as it should have been. Improve CVE-2020-11750 fix Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* relayd: bump to version 2020-04-20Kevin Darbyshire-Bryant2020-04-201-3/+3
| | | | | | | | 796da66 dhcp.c: improve input validation & length checks Addresses CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>