aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
...
* wireguard: version bump to 0.0.20171101Kevin Darbyshire-Bryant2017-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update wireguard to latest snapshot: 9fc5daf version: bump snapshot 748ca6b compat: unbreak unloading on kernels 4.6 through 4.9 7be9894 timers: switch to kees' new timer_list functions 6be9a66 wg-quick: save all hooks on save 752e7af version: bump snapshot 2cd9642 wg-quick: fsync the temporary file before renaming b139499 wg-quick: allow for saving existing interface 582c201 contrib: add reresolve-dns 8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID c138276 wg-quick: allow for the hatchet, but not by default d03f2a0 global: use fewer BUG_ONs 6d681ce timers: guard entire setting in block 4bf32ca curve25519: only enable int128 if compiler support is sound 86e06a3 device: expand scope of destruct lock e3661ab global: get rid of useless forward declarations bedc77a device: only take reference if netns is different 7c07e22 wg-quick: remember to rewind DNS settings on failure 2352ec0 wg-quick: allow specifiying multiple hooks 573cb19 qemu: test using four cores e09ec4d global: style nits 4d3deae qemu: work around ccache bugs 7491cd4 global: infuriating kernel iterator style 78e079c peer: store total number of peers instead of iterating d4e2752 peer: get rid of peer_for_each magic 6cf12d1 compat: be sure to include header before testing 3ea08d8 qemu: allow for cross compilation d467551 crypto/avx: make sure we can actually use ymm registers c786c46 blake2: include headers for macros 328e386 global: accept decent check_patch.pl suggestions a473592 compat: fix up stat calculation for udp tunnel 9d930f5 stats: more robust accounting 311ca62 selftest: initialize mutex in routingtable selftest 8a9a6d3 netns: use time-based test instead of quantity-based e480068 netns: use read built-in instead of ncat hack for dmesg Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "wpa_supplicant: log to syslog instead of stdout"Jo-Philipp Wich2017-10-272-2/+2
| | | | | | | | | | | | | | This reverts commit e7373e489d8a215402d6b0c408a26188342c7c17. Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which is not enabled for all build variants. Revert the change for now until we can properly examine the size impact of CONFIG_DEBUG_SYSLOG. Fixes FS#1117. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix up ubus supportJohn Crispin2017-10-252-23/+45
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: add listen_address parameterChristian Lamparter2017-10-132-1/+6
| | | | | | | | | | | | | | | | | | | | | | | This patch adds a parser for the uci representation of dnsmasq's "-a | --listen-address" option. In summary, this option forces dnsmasq to listen on the given IP address(es). Both interface and listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no interface option is given, but listen_address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1 must be explicitly added. This option is useful for ujailed dnsmasq instances, that would otherwise fail to work properly, because listening to the "This host on this network" address (aka 0.0.0.0 see rfc1700 page 4) may not be allowed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* ipset-dns: bump to git HEADStijn Tintel2017-10-082-60/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: escape double quoutes in wpad CFLAGSStijn Tintel2017-10-071-0/+1
| | | | | | | | | | | | | | | | | | A recent commit in hostapd added a build option to specify the default TLS ciphers. This build option is passed via CFLAGS. Due to the way CFLAGS are handled when building wpad, the compiler tries to recursively expand TLS_DEFAULT_CIPHERS, resulting in the following error: ../src/crypto/tls_openssl.c: In function 'tls_init': <command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function) ../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS' ciphers = TLS_DEFAULT_CIPHERS; ^ Escape double quotes in the .cflags file to avoid this. Fixes: 2f78034c3ef ("hostapd: update to version 2017-08-24") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to version 2017-08-24Koen Vandeputte2017-10-0725-478/+145
| | | | | | | | | | | | - Deleted upstreamed patches & parts - Refreshed all Compile tested: full-option package + tools (hostapd + wpa_supplicant) Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link Targets: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dropbear: fix PKG_CONFIG_DEPENDSHans Dedecker2017-10-061-1/+4
| | | | | | Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.78Kevin Darbyshire-Bryant2017-10-028-248/+18
| | | | | | Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: add support for accessing 802.11k neighbor report elements via ubusFelix Fietkau2017-09-281-0/+169
| | | | | | | This API can be used to distribute neighbor report entries across multiple APs on the same LAN. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for specifying device config options directly in uciFelix Fietkau2017-09-281-0/+6
| | | | | | | This is useful for tuning some more exotic parameters where it doesn't make sense to attempt to cover everything in uci directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: make ssh compression support configurableMarcin Jurkowski2017-09-282-3/+13
| | | | | | | | | Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* umdns: update to latest git HEADJohn Crispin2017-09-281-3/+3
| | | | | | | | b84fdac Add debug output for service_timeout 8f7e3bc Remove incorrect comma in http service json config 9f40133 Remove ttl==255 restriction for queries Signed-off-by: John Crispin <john@phrozen.org>
* openvpn: update to 2.4.4Magnus Kroken2017-09-282-34/+58
| | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: update wpa_supplicant p2p configLorenzo Santina2017-09-281-91/+278
| | | | | | | | | | | | | | | | Update the config file to the latest version. Added CONFIG_EAP_FAST=y because it was the only missing flag about EAP compared to full config. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Other flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant mini configLorenzo Santina2017-09-281-100/+292
| | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant full configLorenzo Santina2017-09-281-93/+280
| | | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Commented CONFIG_IEEE80211W=y flag because it is set in the Makefile, only if the driver supports it. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd mini configLorenzo Santina2017-09-281-19/+237
| | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd full configLorenzo Santina2017-09-281-27/+235
| | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed flag CONFIG_WPS2 because it is no more needed due to this changelog (2014-06-04 - v2.2): "remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set". Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: add Package/samba/DefaultStijn Tintel2017-09-251-12/+12
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uhttp: update to latest versionAdrian Panella2017-09-211-4/+4
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* openvpn: add "extra-certs" optionSven Roederer2017-09-192-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* hostapd: ft_over_ds supportLorenzo Santina2017-09-181-2/+4
| | | | | | Add support for ft_over_ds flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: ft_psk_generate_local supportLorenzo Santina2017-09-181-2/+4
| | | | | | | | Add support for ft_psk_generate_local flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [original author] Signed-off-by: Sergio <mailbox@sergio.spb.ru>
* dnsmasq: fix dhcp "ignore" option on wwan interfacesMarcin Jurkowski2017-09-182-3/+4
| | | | | | | | | | | | | | Init script won't append --no-dhcp-interface option if interface protocol is one of: ncm, directip, qmi, mbim. This is caused by IP address assigned to dynamically created netifd interfaces. As a result there's no netmask assigned to the main interface and dhcp_add() function returns prematurely. By moving network subnet check we can ensure that --no-dhcp-interface is properly generated for wwan interfaces. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
* dnsmasq: Pass TARGET_CPPFLAGS to MakefileFlorian Fainelli2017-09-161-1/+1
| | | | | | | | | With the introduction of the ubus notifications, we would now fail building dnsmasq with external toolchains that don't automatically search for headers. Pass TARGET_CPPFLAGS to the Makefile to resolve that. Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-09-162-4/+19
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-09-131-3/+3
| | | | | | | | | | | | | | | | f0bce9c dhcpv4: fix memset compile issue 0ba3278 dhcpv4: rework assignment lookup e3b49f3 dhcpv4: cleanup dhcpv4_test usage 47fe122 dhcpv4: rework lease expire handling logic 028ab85 dhcpv4: force renew nonce authentication support a827fca dhcpv4: avoid segfault when there's no IPv4 prefix bea088b ndp: detect ifindex changes via interface netlink events f66103e ubus: display accept reconf status for DHCPv6 assignments f0e354b treewide: replace RELAYD prefix naming in macros 1a313f9 dhcpv4: fix possible segfault when lease is not created e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-132-2/+2
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* lldpd: bump to 0.9.8Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* dnsmasq: backport arcount edns0 fixKevin Darbyshire-Bryant2017-09-082-1/+45
| | | | | | | | | Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport official fix for CVE-2017-13704Kevin Darbyshire-Bryant2017-09-073-38/+95
| | | | | | | | | Remove LEDE partial fix for CVE-2017-13704. Backport official fix from upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"John Crispin2017-08-311-3/+3
| | | | | | This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418. Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Link ssh and scp command to /bin instead of /usr/binRosen Penev2017-08-311-3/+3
| | | | | | | | ssh and scp commands interfere with OpenSSH when installed in /usr/bin . One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Remove syslog and load printers lines.Rosen Penev2017-08-301-2/+0
| | | | | | printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Don't resolve interfaces.Rosen Penev2017-08-302-7/+2
| | | | | | | It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba36: Remove guest ok since LuCI configures it.Rosen Penev2017-08-301-2/+1
| | | | | | guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: forward.c: fix CVE-2017-13704Kevin Darbyshire-Bryant2017-08-302-1/+38
| | | | | | | | | | | | | | | | Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix indentationHans Dedecker2017-08-251-3/+3
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add support for multiple tags for each host.Kuang Rufan2017-08-252-2/+7
| | | | | | | | | | | | | | | | | | | | | | | Currently, dnsmasq support assigning multiple tags to a host record (--dhcp-host), but we only support only 1 tag for a host. The commit makes the following config to be valid: config host option name 'computer' option mac '00:11:22:33:44:55' option ip '192.168.1.100' list tag 'vendor_class' list tag 'vendor_id' config tag 'vendor_class' list dhcp_option 'option:vendor-class,00:...<omitted>' config tag 'vendor_id' option force '1' list dhcp_option 'option:vendor-id-encap,00:...<omitted>' Signed-off-by: Kuang Rufan <kuangrufan@pset.suntec.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>